syncing up with SAMBA_2_2

(This used to be commit 1bc58c21b15fcdb0a504d051f60e20c4e24441e6)

8 files changed, 498 insertions, 303 deletions

diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1
index eb1fe84a74..fec52adee5 100644
--- a/docs/manpages/make_smbcodepage.1
+++ b/docs/manpages/make_smbcodepage.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "MAKE_SMBCODEPAGE" "1" "24 April 2001" "" ""
+.TH "MAKE_SMBCODEPAGE" "1" "01 June 2001" "" ""
 .SH NAME
 make_smbcodepage \- construct a codepage file for Samba
 .SH SYNOPSIS
@@ -29,11 +29,11 @@ This is the codepage we are processing (a
 number, e.g. 850). 
 .TP
 \fBinputfile\fR
-This is the input file to process. In t
-he '\fIc\fR' case this will be a text 
+This is the input file to process. In 
+the \fIc\fR case this will be a text 
 codepage definition file such as the ones found in the Samba 
 \fIsource/codepages\fR directory. In
-the '\fId\fR' case this will be the 
+the \fId\fR case this will be the 
 binary format codepage definition file normally found in 
 the \fIlib/codepages\fR directory in the 
 Samba install directory path.
diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1
index 6ecd538cbe..805bc2d6c7 100644
--- a/docs/manpages/make_unicodemap.1
+++ b/docs/manpages/make_unicodemap.1
@@ -1,100 +1,97 @@
-.TH MAKE_UNICODEMAP 1 "24 Mar 2001" "make_unicodemap 2.2.0-alpha3"
-.PP 
-.SH "NAME" 
-make_unicodemap \- Construct a unicode map file for Samba
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBmake_unicodemap\fP codepage inputfile outputfile
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This program is part of the \fBSamba\fP suite\&.
-.PP 
-\fBmake_unicodemap\fP compiles text unicode map files into binary unicode
-map files for use with the internationalization features of Samba 2\&.0
-.PP 
-.SH "OPTIONS" 
-.PP 
-.IP 
-.IP "codepage" 
-This is the codepage or UNIX character set we are processing (a number, e\&.g\&. 850)\&.
-.IP 
-.IP "inputfile" 
-This is the input file to process\&. This is a text unicode map file
-such as the ones found in the Samba \fIsource/codepages\fP directory\&.
-.IP 
-.IP "outputfile" 
-This is the binary output file to produce\&.
-.IP 
-.PP 
-.SH "Samba Unicode Map Files" 
-.PP 
-A text Samba unicode map file is a description that tells
-Samba how to map characters from a specified DOS code page or UNIX character
-set to 16 bit unicode\&.
-.PP 
-A binary Samba unicode map file is a binary representation of
-the same information, including a value that specifies what codepage
-or UNIX character set this file is describing\&.
-.PP 
-.SH "FILES" 
-.PP 
-\fBCP<codepage>\&.TXT\fP
-.PP 
-These are the input (text) unicode map files provided in the Samba
-\fIsource/codepages\fP directory\&.
-.PP 
-A text unicode map file consists of multiple lines
-containing two fields\&. These fields are : 
-.PP 
-.IP 
-.IP o 
-\fBcharacter\fP: which is the (hex) character mapped on this
-line\&.
-.IP 
-.IP o 
-\fBunicode\fP: which is the (hex) 16 bit unicode character that the
-character will map to\&.
-.IP 
-.PP 
-\fBunicode_map\&.<codepage>\fP These are the output (binary) unicode map files
-produced and placed in the Samba destination \fIlib/codepage\fP
-directory\&.
-.PP 
-.SH "INSTALLATION" 
-.PP 
-The location of the server and its support files is a matter for
-individual system administrators\&. The following are thus suggestions
-only\&.
-.PP 
-It is recommended that the \fBmake_unicodemap\fP program be installed
-under the \fI/usr/local/samba\fP hierarchy, in a directory readable by
-all, writeable only by root\&. The program itself should be executable
-by all\&.  The program should NOT be setuid or setgid!
-.PP 
-.SH "VERSION" 
-.PP 
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP 
-.SH "SEE ALSO" 
-.PP 
-\fBsmb\&.conf(5)\fP, \fBsmbd (8)\fP
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba\&.org\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP 
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&.
-samba@samba\&.org\&.
-.PP 
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "MAKE_UNICODEMAP" "1" "01 June 2001" "" ""
+.SH NAME
+make_unicodemap \- construct a unicode map file for Samba
+.SH SYNOPSIS
+.sp
+\fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Sambasuite.
+.PP
+\fBmake_unicodemap\fR compiles text unicode map 
+files into binary unicodef map files for use with the 
+internationalization features of Samba 2.2.
+.SH "OPTIONS"
+.TP
+\fBcodepage\fR
+This is the codepage or UNIX character 
+set we are processing (a number, e.g. 850).
+.TP
+\fBinputfile\fR
+This is the input file to process. This is a 
+text unicode map file such as the ones found in the Samba
+\fIsource/codepages\fR directory. 
+.TP
+\fBoutputfile\fR
+This is the binary output file to produce. 
+.SH "SAMBA UNICODE MAP FILES"
+.PP
+A text Samba unicode map file is a description that tells Samba 
+how to map characters from a specified DOS code page or UNIX character 
+set to 16 bit unicode.
+.PP
+A binary Samba unicode map file is a binary representation 
+of the same information, including a value that specifies what 
+codepage or UNIX character set this file is describing. 
+.SH "FILES"
+.PP
+\fICP<codepage>.TXT\fR
+.PP
+These are the input (text) unicode map files provided 
+in the Samba \fIsource/codepages\fR 
+directory. 
+.PP
+A text unicode map file consists of multiple lines 
+containing two fields. These fields are : 
+.TP 0.2i
+\(bu
+\fIcharacter\fR - which is 
+the (hex) character mapped on this line.
+.TP 0.2i
+\(bu
+\fIunicode\fR - which 
+is the (hex) 16 bit unicode character that the character
+will map to. 
+.PP
+\fIunicode_map.<codepage>\fR - These are 
+the output (binary) unicode map files produced and placed in 
+the Samba destination \fIlib/codepage\fR 
+directory.
+.PP
+.SH "INSTALLATION"
+.PP
+The location of the server and its support files is a matter
+for individual system administrators. The following are thus 
+suggestions only. 
+.PP
+It is recommended that the \fBmake_unicodemap\fR 
+program be installed under the 
+\fI$prefix/samba\fR hierarchy, 
+in a directory readable by all, writeable only by root. The 
+program itself should be executable by all. The program
+should NOT be setuid or setgid! 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR, 
+smb.conf(5).SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
index f45ebdee50..d046ec3709 100644
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "RPCCLIENT" "1" "24 April 2001" "" ""
+.TH "RPCCLIENT" "1" "01 June 2001" "" ""
 .SH NAME
 rpcclient \- tool for executing client side  MS-RPC functions
 .SH SYNOPSIS
@@ -56,8 +56,9 @@ planning on submitting a bug report to the Samba team (see BUGS.txt).
 Print a summary of command line options.
 .TP
 \fB-l logbasename\fR
-File name for log/debug files. .client will be 
-appended. The log file is never removed by the client.
+File name for log/debug files. The extension 
+\&'.client' will be appended. The log file is never removed 
+by the client.
 .TP
 \fB-N\fR
 instruct \fBrpcclient\fR not to ask 
@@ -93,9 +94,8 @@ it in directly.
 .TP
 \fB-W domain\fR
 Set the SMB domain of the username. This 
-overrides the default domain which is the domain of the 
-server specified with the \fI-S\fR option. 
-If the domain specified is the same as the server's NetBIOS name, 
+overrides the default domain which is the domain defined in 
+smb.conf. If the domain specified is the same as the server's NetBIOS name, 
 it causes the client to log on using the server's local SAM (as 
 opposed to the Domain SAM). 
 .SH "COMMANDS"
@@ -106,10 +106,12 @@ opposed to the Domain SAM).
 \fBlsaquery\fR
 .TP 0.2i
 \(bu
-\fBlookupsids\fR
+\fBlookupsids\fR - Resolve a list 
+of SIDs to usernames.
 .TP 0.2i
 \(bu
-\fBlookupnames\fR
+\fBlookupnames\fR - Resolve s list 
+of usernames to SIDs.
 .TP 0.2i
 \(bu
 \fBenumtrusts\fR
@@ -130,6 +132,18 @@ opposed to the Domain SAM).
 .TP 0.2i
 \(bu
 \fBquerygroupmem\fR
+.TP 0.2i
+\(bu
+\fBqueryaliasmem\fR
+.TP 0.2i
+\(bu
+\fBquerydispinfo\fR
+.TP 0.2i
+\(bu
+\fBquerydominfo\fR
+.TP 0.2i
+\(bu
+\fBenumdomgroups\fR
 .PP
 .PP
 .PP
@@ -180,6 +194,12 @@ and the \fIport\fRmust be a valid port name (see
 \fBenumports\fR.
 .TP 0.2i
 \(bu
+\fBdeldriver\fR - Delete the 
+specified printer driver for all architectures. This
+does not delete the actual driver files from the server,
+only the entry from the server's list of drivers.
+.TP 0.2i
+\(bu
 \fBenumdata\fR - Enumerate all 
 printer setting data stored on the server. On Windows NT clients, 
 these values are stored in the registry, while Samba servers 
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index 56c04c035c..efd36946ab 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMB.CONF" "5" "24 April 2001" "" ""
+.TH "SMB.CONF" "5" "01 June 2001" "" ""
 .SH NAME
 smb.conf \- The configuration file for the Samba suite
 .SH "SYNOPSIS"
@@ -503,10 +503,13 @@ Here is a list of all global parameters. See the section of
 each parameter for details. Note that some are synonyms.
 .TP 0.2i
 \(bu
-\fIadd user script\fR
+\fIadd printer command\fR
+.TP 0.2i
+\(bu
+\fIadd share command\fR
 .TP 0.2i
 \(bu
-\fIaddprinter command\fR
+\fIadd user script\fR
 .TP 0.2i
 \(bu
 \fIallow trusted domains\fR
@@ -530,6 +533,9 @@ each parameter for details. Note that some are synonyms.
 \fIchange notify timeout\fR
 .TP 0.2i
 \(bu
+\fIchange share command\fR
+.TP 0.2i
+\(bu
 \fIcharacter set\fR
 .TP 0.2i
 \(bu
@@ -569,10 +575,13 @@ each parameter for details. Note that some are synonyms.
 \fIdefault service\fR
 .TP 0.2i
 \(bu
-\fIdelete user script\fR
+\fIdelete printer command\fR
+.TP 0.2i
+\(bu
+\fIdelete share command\fR
 .TP 0.2i
 \(bu
-\fIdeleteprinter command\fR
+\fIdelete user script\fR
 .TP 0.2i
 \(bu
 \fIdfree command\fR
@@ -584,18 +593,9 @@ each parameter for details. Note that some are synonyms.
 \fIdomain admin group\fR
 .TP 0.2i
 \(bu
-\fIdomain admin users\fR
-.TP 0.2i
-\(bu
-\fIdomain groups\fR
-.TP 0.2i
-\(bu
 \fIdomain guest group\fR
 .TP 0.2i
 \(bu
-\fIdomain guest users\fR
-.TP 0.2i
-\(bu
 \fIdomain logons\fR
 .TP 0.2i
 \(bu
@@ -755,6 +755,9 @@ each parameter for details. Note that some are synonyms.
 \fInull passwords\fR
 .TP 0.2i
 \(bu
+\fIobey pam restrictions\fR
+.TP 0.2i
+\(bu
 \fIoplock break wait time\fR
 .TP 0.2i
 \(bu
@@ -764,6 +767,9 @@ each parameter for details. Note that some are synonyms.
 \fIos2 driver map\fR
 .TP 0.2i
 \(bu
+\fIpam password change\fR
+.TP 0.2i
+\(bu
 \fIpanic action\fR
 .TP 0.2i
 \(bu
@@ -1332,48 +1338,7 @@ each parameter for details. Note that some are synonyms.
 \fIwriteable\fR
 .SH "EXPLANATION OF EACH PARAMETER"
 .TP
-\fBadd user script (G)\fR
-This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by smbd(8)
-under special circumstances described below.
-
-Normally, a Samba server requires that UNIX users are 
-created for all users accessing files on this server. For sites 
-that use Windows NT account databases as their primary user database 
-creating these users and keeping the user list in sync with the 
-Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users 
-\fBON DEMAND\fR when a user accesses the Samba server.
-
-In order to use this option, smbdmust be set to \fIsecurity=server\fR or \fI security=domain\fR and \fIadd user script\fR
-must be set to a full pathname for a script that will create a UNIX 
-user given one argument of \fI%u\fR, which expands into 
-the UNIX user name to create.
-
-When the Windows user attempts to access the Samba server, 
-at login (session setup in the SMB protocol) time,  smbdcontacts the \fIpassword server\fR and 
-attempts to authenticate the given user with the given password. If the 
-authentication succeeds then \fBsmbd\fR 
-attempts to find a UNIX user in the UNIX password database to map the 
-Windows user into. If this lookup fails, and \fIadd user script
-\fRis set then \fBsmbd\fR will
-call the specified script \fBAS ROOT\fR, expanding 
-any \fI%u\fR argument to be the user name to create.
-
-If this script successfully creates the user then \fBsmbd
-\fRwill continue on as though the UNIX user
-already existed. In this way, UNIX users are dynamically created to
-match existing Windows NT accounts.
-
-See also \fI security\fR,  \fIpassword server\fR, 
-\fIdelete user 
-script\fR.
-
-Default: \fBadd user script = <empty string>
-\fR
-Example: \fBadd user script = /usr/local/samba/bin/add_user 
-%u\fR
-.TP
-\fBaddprinter command (G)\fR
+\fBadd printer command (G)\fR
 With the introduction of MS-RPC based printing
 support for Windows NT/2000 clients in Samba 2.2, The MS Add
 Printer Wizard (APW) icon is now also available in the 
@@ -1382,14 +1347,15 @@ allows for printers to be add remotely to a Samba or Windows
 NT/2000 print server.
 
 For a Samba host this means that the printer must be 
-physically added to underlying printing system. The \fI addprinter command\fR defines a script to be run which 
+physically added to underlying printing system. The \fIadd 
+printer command\fR defines a script to be run which 
 will perform the necessary operations for adding the printer
 to the print system and to add the appropriate service definition 
 to the \fIsmb.conf\fR file in order that it can be 
 shared by \fBsmbd(8)\fR
 .
 
-The \fIaddprinter command\fR is
+The \fIadd printer command\fR is
 automatically invoked with the following parameter (in 
 order:
 .RS
@@ -1420,13 +1386,13 @@ only. The remaining fields in the structure are generated from answers
 to the APW questions.
 .PP
 .PP
-Once the \fIaddprinter command\fR has 
+Once the \fIadd printer command\fR has 
 been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to determine if the share defined by the APW
 exists. If the sharename is still invalid, then \fBsmbd
 \fRwill return an ACCESS_DENIED error to the client.
 .PP
 .PP
-See also \fI deleteprinter command\fR, \fIprinting\fR,
+See also \fI delete printer command\fR, \fIprinting\fR,
 \fIshow add
 printer wizard\fR
 .PP
@@ -1437,6 +1403,94 @@ Default: \fBnone\fR
 Example: \fBaddprinter command = /usr/bin/addprinter
 \fR.PP
 .TP
+\fBadd share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIadd share command\fR is used to define an 
+external program or script which will add a new service definition 
+to \fIsmb.conf\fR. In order to successfully 
+execute the \fIadd share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIadd share command\fR with four parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of the new 
+share.
+.TP 0.2i
+\(bu
+\fIpathName\fR - path to an **existing**
+directory on disk.
+.TP 0.2i
+\(bu
+\fIcomment\fR - comment string to associate 
+with the new share.
+.RE
+.PP
+This parameter is only used for add file shares. To add printer shares, 
+see the \fIadd printer 
+command\fR.
+.PP
+.PP
+See also \fIchange share 
+command\fR, \fIdelete share
+command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBadd share command = /usr/local/bin/addshare\fR
+.PP
+.TP
+\fBadd user script (G)\fR
+This is the full pathname to a script that will 
+be run \fBAS ROOT\fR by smbd(8)
+under special circumstances described below.
+
+Normally, a Samba server requires that UNIX users are 
+created for all users accessing files on this server. For sites 
+that use Windows NT account databases as their primary user database 
+creating these users and keeping the user list in sync with the 
+Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users 
+\fBON DEMAND\fR when a user accesses the Samba server.
+
+In order to use this option, smbdmust be set to \fIsecurity=server\fR or \fI security=domain\fR and \fIadd user script\fR
+must be set to a full pathname for a script that will create a UNIX 
+user given one argument of \fI%u\fR, which expands into 
+the UNIX user name to create.
+
+When the Windows user attempts to access the Samba server, 
+at login (session setup in the SMB protocol) time,  smbdcontacts the \fIpassword server\fR and 
+attempts to authenticate the given user with the given password. If the 
+authentication succeeds then \fBsmbd\fR 
+attempts to find a UNIX user in the UNIX password database to map the 
+Windows user into. If this lookup fails, and \fIadd user script
+\fRis set then \fBsmbd\fR will
+call the specified script \fBAS ROOT\fR, expanding 
+any \fI%u\fR argument to be the user name to create.
+
+If this script successfully creates the user then \fBsmbd
+\fRwill continue on as though the UNIX user
+already existed. In this way, UNIX users are dynamically created to
+match existing Windows NT accounts.
+
+See also \fI security\fR,  \fIpassword server\fR, 
+\fIdelete user 
+script\fR.
+
+Default: \fBadd user script = <empty string>
+\fR
+Example: \fBadd user script = /usr/local/samba/bin/add_user 
+%u\fR
+.TP
 \fBadmin users (S)\fR
 This is a list of users who will be granted 
 administrative privileges on the share. This means that they 
@@ -1621,6 +1675,52 @@ Example: \fBchange notify timeout = 300\fR
 
 Would change the scan time to every 5 minutes.
 .TP
+\fBchange share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIchange share command\fR is used to define an 
+external program or script which will modify an existing service definition 
+in \fIsmb.conf\fR. In order to successfully 
+execute the \fIchange share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIchange share command\fR with four parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of the new 
+share.
+.TP 0.2i
+\(bu
+\fIpathName\fR - path to an **existing**
+directory on disk.
+.TP 0.2i
+\(bu
+\fIcomment\fR - comment string to associate 
+with the new share.
+.RE
+.PP
+This parameter is only used modify existing file shares definitions. To modify 
+printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+.PP
+.PP
+See also \fIadd share
+command\fR, \fIdelete 
+share command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBchange share command = /usr/local/bin/addshare\fR
+.PP
+.TP
 \fBcharacter set (G)\fR
 This allows a smbd to map incoming filenames 
 from a DOS Code page (see the client 
@@ -1898,6 +1998,10 @@ create mode\fR parameter for forcing particular mode
 bits to be set on created files. See also the  \fIdirectory mode"\fR parameter for masking 
 mode bits on created directories. See also the  \fIinherit permissions\fR parameter.
 
+Note that this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+a mask on access control lists also, they need to set the \fIsecurity mask\fR.
+
 Default: \fBcreate mask = 0744\fR
 
 Example: \fBcreate mask = 0775\fR
@@ -1970,15 +2074,7 @@ effect.
 Default: \fBdebug uid = no\fR
 .TP
 \fBdebuglevel (G)\fR
-The value of the parameter (an integer) allows 
-the debug level (logging level) to be specified in the 
-\fIsmb.conf\fR file. This is to give greater 
-flexibility in the configuration of the system.
-
-The default will be the debug level specified on 
-the command line or level zero if none was specified.
-
-Example: \fBdebug level = 3\fR
+Synonym for \fI log level\fR.
 .TP
 \fBdefault (G)\fR
 A synonym for \fI default service\fR.
@@ -2022,6 +2118,33 @@ Example:
 .sp
 .fi
 .TP
+\fBdelete printer command (G)\fR
+With the introduction of MS-RPC based printer
+support for Windows NT/2000 clients in Samba 2.2, it is now 
+possible to delete printer at run time by issuing the 
+DeletePrinter() RPC call.
+
+For a Samba host this means that the printer must be 
+physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which 
+will perform the necessary operations for removing the printer
+from the print system and from \fIsmb.conf\fR.
+
+The \fIdelete printer command\fR is 
+automatically called with only one parameter: \fI "printer name"\fR.
+
+Once the \fIdelete printer command\fR has 
+been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. 
+If the sharename is still valid, then \fBsmbd
+\fRwill return an ACCESS_DENIED error to the client.
+
+See also \fI add printer command\fR, \fIprinting\fR,
+\fIshow add
+printer wizard\fR
+
+Default: \fBnone\fR
+
+Example: \fBdeleteprinter command = /usr/bin/removeprinter
+\fR.TP
 \fBdelete readonly (S)\fR
 This parameter allows readonly files to be deleted. 
 This is not normal DOS semantics, but is allowed by UNIX.
@@ -2032,6 +2155,45 @@ permissions, and DOS semantics prevent deletion of a read only file.
 
 Default: \fBdelete readonly = no\fR
 .TP
+\fBdelete share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIdelete share command\fR is used to define an 
+external program or script which will remove an existing service 
+definition from \fIsmb.conf\fR. In order to successfully 
+execute the \fIdelete share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIdelete share command\fR with two parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of 
+the existing service.
+.RE
+.PP
+This parameter is only used to remove file shares. To delete printer shares, 
+see the \fIdelete printer 
+command\fR.
+.PP
+.PP
+See also \fIdelete share
+command\fR, \fIchange 
+share\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBdelete share command = /usr/local/bin/delshare\fR
+.PP
+.TP
 \fBdelete user script (G)\fR
 This is the full pathname to a script that will 
 be run \fBAS ROOT\fR by  \fBsmbd(8)\fRunder special circumstances 
@@ -2085,33 +2247,6 @@ Default: \fBdelete user script = <empty string>
 Example: \fBdelete user script = /usr/local/samba/bin/del_user 
 %u\fR
 .TP
-\fBdeleteprinter command (G)\fR
-With the introduction of MS-RPC based printer
-support for Windows NT/2000 clients in Samba 2.2, it is now 
-possible to delete printer at run time by issuing the 
-DeletePrinter() RPC call.
-
-For a Samba host this means that the printer must be 
-physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which 
-will perform the necessary operations for removing the printer
-from the print system and from \fIsmb.conf\fR.
-
-The \fIdeleteprinter command\fR is 
-automatically called with only one parameter: \fI "printer name"\fR.
-
-Once the \fIdeleteprinter command\fR has 
-been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. 
-If the sharename is still valid, then \fBsmbd
-\fRwill return an ACCESS_DENIED error to the client.
-
-See also \fI addprinter command\fR, \fIprinting\fR,
-\fIshow add
-printer wizard\fR
-
-Default: \fBnone\fR
-
-Example: \fBdeleteprinter command = /usr/bin/removeprinter
-\fR.TP
 \fBdelete veto files (S)\fR
 This option is used when Samba is attempting to 
 delete a directory that contains one or more vetoed directories 
@@ -2220,6 +2355,10 @@ created from this parameter with the value of the \fIforce directory mode
 \fRparameter. This parameter is set to 000 by 
 default (i.e. no extra mode bits are added).
 
+Note that this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+a mask on access control lists also, they need to set the \fIdirectory security mask\fR.
+
 See the \fIforce 
 directory mode\fR parameter to cause particular mode 
 bits to always be set on created directories.
@@ -2250,26 +2389,23 @@ this mask from being modified. Essentially, zero bits in this
 mask may be treated as a set of bits the user is not allowed 
 to change.
 
-If not set explicitly this parameter is set to the same 
-value as the \fIdirectory 
-mask\fR parameter. To allow a user to
-modify all the user/group/world permissions on a directory, set 
-this parameter to 0777.
+If not set explicitly this parameter is set to 0777
+meaning a user is allowed to modify all the user/group/world
+permissions on a directory.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this restriction, 
 so it is primarily useful for standalone "appliance" systems. 
-Administrators of most normal systems will probably want to set 
-it to 0777.
+Administrators of most normal systems will probably want to leave
+it as the default of 0777.
 
 See also the \fI force directory security mode\fR, \fIsecurity mask\fR, 
 \fIforce security mode
 \fRparameters.
 
-Default: \fBdirectory security mask = <same as 
-directory mask>\fR
+Default: \fBdirectory security mask = 0777\fR
 
-Example: \fBdirectory security mask = 0777\fR
+Example: \fBdirectory security mask = 0700\fR
 .TP
 \fBdns proxy (G)\fR
 Specifies that nmbd(8)when acting as a WINS server and finding that a NetBIOS name has not 
@@ -2290,44 +2426,38 @@ See also the parameter \fI wins support\fR.
 Default: \fBdns proxy = yes\fR
 .TP
 \fBdomain admin group (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
-.TP
-\fBdomain admin users (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
-.TP
-\fBdomain groups (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
+This parameter is intended as a temporary solution
+to enable users to be a member of the "Domain Admins" group when 
+a Samba host is acting as a PDC. A complete solution will be provided
+by a system for mapping Windows NT/2000 groups onto UNIX groups.
+Please note that this parameter has a somewhat confusing name. It 
+accepts a list of usernames and of group names in standard 
+\fIsmb.conf\fR notation.
+
+See also \fIdomain
+guest group\fR, \fIdomain
+logons\fR
+
+Default: \fBno domain administrators\fR
+
+Example: \fBdomain admin group = root @wheel\fR
 .TP
 \fBdomain guest group (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
-.TP
-\fBdomain guest users (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
+This parameter is intended as a temporary solution
+to enable users to be a member of the "Domain Guests" group when 
+a Samba host is acting as a PDC. A complete solution will be provided
+by a system for mapping Windows NT/2000 groups onto UNIX groups.
+Please note that this parameter has a somewhat confusing name. It 
+accepts a list of usernames and of group names in standard 
+\fIsmb.conf\fR notation.
+
+See also \fIdomain
+admin group\fR, \fIdomain
+logons\fR
+
+Default: \fBno domain guests\fR
+
+Example: \fBdomain guest group = nobody @guest\fR
 .TP
 \fBdomain logons (G)\fR
 If set to true, the Samba server will serve 
@@ -2574,6 +2704,11 @@ permissions changed. The default for this parameter is (in octal)
 mode after the mask set in the \fIcreate mask\fR 
 parameter is applied.
 
+Note that by default this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+this mask on access control lists also, they need to set the \fIrestrict acl with 
+mask\fR to true.
+
 See also the parameter \fIcreate 
 mask\fR for details on masking mode bits on files.
 
@@ -2598,6 +2733,11 @@ bits to a created directory. This operation is done after the mode
 mask in the parameter \fIdirectory mask\fR is 
 applied.
 
+Note that by default this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+this mask on access control lists also, they need to set the \fIrestrict acl with 
+mask\fR to true.
+
 See also the parameter \fI directory mask\fR for details on masking mode bits 
 on created directories.
 
@@ -2622,26 +2762,23 @@ the user may have modified to be on. Essentially, one bits in this
 mask may be treated as a set of bits that, when modifying security 
 on a directory, the user has always set to be 'on'.
 
-If not set explicitly this parameter is set to the same 
-value as the \fIforce 
-directory mode\fR parameter. To allow
-a user to modify all the user/group/world permissions on a 
-directory without restrictions, set this parameter to 000.
+If not set explicitly this parameter is 000, which 
+allows a user to modify all the user/group/world permissions on a 
+directory without restrictions.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this restriction, 
 so it is primarily useful for standalone "appliance" systems. 
-Administrators of most normal systems will probably want to set 
-it to 0000.
+Administrators of most normal systems will probably want to leave
+it set as 0000.
 
 See also the \fI directory security mask\fR,  \fIsecurity mask\fR, 
 \fIforce security mode
 \fRparameters.
 
-Default: \fBforce directory security mode = <same as 
-force directory mode>\fR
+Default: \fBforce directory security mode = 0\fR
 
-Example: \fBforce directory security mode = 0\fR
+Example: \fBforce directory security mode = 700\fR
 .TP
 \fBforce group (S)\fR
 This specifies a UNIX group name that will be 
@@ -2689,26 +2826,23 @@ the user may have modified to be on. Essentially, one bits in this
 mask may be treated as a set of bits that, when modifying security 
 on a file, the user has always set to be 'on'.
 
-If not set explicitly this parameter is set to the same 
-value as the \fIforce 
-create mode\fR parameter. To allow a user to 
-modify all the user/group/world permissions on a file, with no 
-restrictions set this parameter to 000.
+If not set explicitly this parameter is set to 0,
+and allows a user to modify all the user/group/world permissions on a file,
+with no restrictions.
 
 \fBNote\fR that users who can access 
 the Samba server through other means can easily bypass this restriction, 
 so it is primarily useful for standalone "appliance" systems. 
-Administrators of most normal systems will probably want to set 
-it to 0000.
+Administrators of most normal systems will probably want to leave
+this set to 0000.
 
 See also the \fI force directory security mode\fR,
 \fIdirectory security
 mask\fR, \fI security mask\fR parameters.
 
-Default: \fBforce security mode = <same as force 
-create mode>\fR
+Default: \fBforce security mode = 0\fR
 
-Example: \fBforce security mode = 0\fR
+Example: \fBforce security mode = 700\fR
 .TP
 \fBforce user (S)\fR
 This specifies a UNIX user name that will be 
@@ -3287,7 +3421,15 @@ you to have separate log files for each user or machine.
 Example: \fBlog file = /usr/local/samba/var/log.%m
 \fR.TP
 \fBlog level (G)\fR
-Synonym for \fI debug level\fR.
+The value of the parameter (an integer) allows 
+the debug level (logging level) to be specified in the 
+\fIsmb.conf\fR file. This is to give greater 
+flexibility in the configuration of the system.
+
+The default will be the log level specified on 
+the command line or level zero if none was specified.
+
+Example: \fBlog level = 3\fR
 .TP
 \fBlogon drive (G)\fR
 This parameter specifies the local path to 
@@ -4295,6 +4437,18 @@ See also smbpasswd (5).
 
 Default: \fBnull passwords = no\fR
 .TP
+\fBobey pam restrictions (G)\fR
+When Samba 2.2 is configure to enable PAM support
+(i.e. --with-pam), this parameter will control whether or not Samba
+should obey PAM's account and session management directives. The 
+default behavior is to use PAM for clear text authentication only
+and to ignore any account or session management. Note that Samba
+always ignores PAM for authentication in the case of \fIencrypt passwords = yes\fR
+\&. The reason is that PAM modules cannot support the challenge/response
+authentication mechanism needed in the presence of SMB password encryption.
+
+Default: \fBobey pam restrictions = no\fR
+.TP
 \fBonly user (S)\fR
 This is a boolean option that controls whether 
 connections with usernames not in the \fIuser\fR 
@@ -4317,18 +4471,6 @@ parameter.
 
 Default: \fBonly user = no\fR
 .TP
-\fBole locking compatibility (G)\fR
-This parameter allows an administrator to turn 
-off the byte range lock manipulation that is done within Samba to 
-give compatibility for OLE applications. Windows OLE applications 
-use byte range locking as a form of inter-process communication, by 
-locking ranges of bytes around the 2^32 region of a file range. This 
-can cause certain UNIX lock managers to crash or otherwise cause 
-problems. Setting this parameter to no means you 
-trust your UNIX lock manager to handle such cases correctly.
-
-Default: \fBole locking compatibility = yes\fR
-.TP
 \fBonly guest (S)\fR
 A synonym for \fI guest only\fR.
 .TP
@@ -4423,6 +4565,15 @@ containing in the Samba documentation.
 
 Default: \fBos2 driver map = <empty string>
 \fR.TP
+\fBpam password change (G)\fR
+With the addition of better PAM support in Samba 2.2, 
+this parameter, it is possible to use PAM's password change control 
+flag for Samba. If enabled, then PAM will be used for password
+changes when requested by an SMB client, and the \fIpasswd chat\fR must be
+be changed to work with the pam prompts.
+
+Default: \fBpam password change = no\fR
+.TP
 \fBpanic action (G)\fR
 This is a Samba developer option that allows a 
 system command to be called when either  smbd(8)crashes. This is usually used to draw attention to the fact that 
@@ -4468,8 +4619,17 @@ in the smbpasswd file is being changed, without access to the old
 password cleartext. In this case the old password cleartext is set 
 to "" (the empty string).
 
+Also, if the \fIpam
+password change\fR parameter is set to true, then the
+chat sequence should consist of three elements. The first element should
+match the pam prompt for the old password, the second element should match
+the pam prompt for the first request for the new password, and the final
+element should match the pam prompt for the second request for the new password.
+These matches are done case insentively. Under most conditions this change
+is done as root so the prompt for the old password will never be matched.
+
 See also \fIunix password 
-sync\fR, \fI passwd program\fR and  \fIpasswd chat debug\fR.
+sync\fR, \fI passwd program\fR , \fIpasswd chat debug\fR and  \fIpam password change\fR.
 
 Default: \fBpasswd chat = *new*password* %n\\n 
 *new*password* %n\\n *changed*\fR
@@ -5230,6 +5390,27 @@ is in fact the browse master on it's segment.
 
 Default: \fBremote browse sync = <empty string>
 \fR.TP
+\fBrestrict acl with mask (S)\fR
+This is a boolean parameter. If set to false (default), then 
+Creation of files with access control lists (ACLS) and modification of ACLs
+using the Windows NT/2000 ACL editor will be applied directly to the file
+or directory.
+
+If set to True, then all requests to set an ACL on a file will have the
+parameters \fIcreate mask\fR,
+\fIforce create mode\fR
+applied before setting the ACL, and all requests to set an ACL on a directory will
+have the parameters \fIdirectory 
+mask\fR, \fIforce 
+directory mode\fR applied before setting the ACL.
+
+See also \fIcreate mask\fR,
+\fIforce create mode\fR,
+\fIdirectory mask\fR,
+\fIforce directory mode\fR
+
+Default: \fBrestrict acl with mask = no\fR
+.TP
 \fBrestrict anonymous (G)\fR
 This is a boolean parameter. If it is true, then 
 anonymous access to the server will be restricted, namely in the 
@@ -5562,25 +5743,22 @@ this mask from being modified. Essentially, zero bits in this
 mask may be treated as a set of bits the user is not allowed 
 to change.
 
-If not set explicitly this parameter is set to the same
-value as the \fIcreate mask
-\fRparameter. To allow a user to modify all the 
-user/group/world permissions on a file, set this parameter to 
-0777.
+If not set explicitly this parameter is 0777, allowing
+a user to modify all the user/group/world permissions on a file.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this 
 restriction, so it is primarily useful for standalone 
 "appliance" systems. Administrators of most normal systems will 
-probably want to set it to 0777.
+probably want to leave it set to 0777.
 
 See also the  \fIforce directory security mode\fR, 
 \fIdirectory 
 security mask\fR,  \fIforce security mode\fR parameters.
 
-Default: \fBsecurity mask = <same as create mask>
-\fR
-Example: \fBsecurity mask = 0777\fR
+Default: \fBsecurity mask = 0777\fR
+
+Example: \fBsecurity mask = 0770\fR
 .TP
 \fBserver string (G)\fR
 This controls what string will show up in the 
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
index 20e08dd832..0c894aa959 100644
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCONTROL" "1" "24 April 2001" "" ""
+.TH "SMBCONTROL" "1" "01 June 2001" "" ""
 .SH NAME
 smbcontrol \- send messages to smbd or nmbd processes
 .SH SYNOPSIS
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
index 6bdfeb6adb..e30755c4b2 100644
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@@ -3,9 +3,9 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSPOOL" "8" "24 April 2001" "" ""
+.TH "SMBSPOOL" "8" "01 June 2001" "" ""
 .SH NAME
-nmblookup \- send print file to an SMB printer
+smbspool \- send print file to an SMB printer
 .SH SYNOPSIS
 .sp
 \fBsmbspool\fR [ \fBjob\fR ]  [ \fBuser\fR ]  [ \fBtitle\fR ]  [ \fBcopies\fR ]  [ \fBoptions\fR ]  [ \fBfilename\fR ] 
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
index 21ece4b02a..d2e3c97e79 100644
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSTATUS" "1" "24 April 2001" "" ""
+.TH "SMBSTATUS" "1" "01 June 2001" "" ""
 .SH NAME
 smbstatus \- report on current Samba connections
 .SH SYNOPSIS
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index 4ec6bfba5d..b53e057430 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -3,12 +3,12 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SWAT" "8" "24 April 2001" "" ""
+.TH "SWAT" "8" "01 June 2001" "" ""
 .SH NAME
 swat \- Samba Web Administration Tool
 .SH SYNOPSIS
 .sp
-\fBnmblookup\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
+\fBswat\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
 .SH "DESCRIPTION"
 .PP
 This tool is part of the  Sambasuite.