another sync with SAMBA_2_2. Regenerated docs after vl new strip-links.pl

change
author: Gerald Carter <jerry@samba.org> 2002-08-28 23:13:32 +0000
committer: Gerald Carter <jerry@samba.org> 2002-08-28 23:13:32 +0000
commit: f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1 (patch)
tree: 6a82f5d6ae181cc7b009b9d9238a9ec3075073d7 /docs/htmldocs
parent: eb7ce6ae02a5eea505a9c971c47e3048a6bfe171 (diff)
download: samba-f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1.tar.gz
samba-f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1.tar.xz
samba-f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1.zip
9 files changed, 682 insertions, 478 deletions
diff --git a/docs/htmldocs/Integrating-with-Windows.html b/docs/htmldocs/Integrating-with-Windows.html
index 7c5fe316272..fd2bd7fdaf6 100644
--- a/docs/htmldocs/Integrating-with-Windows.html
+++ b/docs/htmldocs/Integrating-with-Windows.html
@@ -191,7 +191,7 @@ CLASS="FILENAME"
 > is one such file.</P
 ><P
 >When the IP address of the destination interface has been 
-determined a protocol called ARP/RARP isused to identify 
+determined a protocol called ARP/RARP is used to identify 
 the MAC address of the target interface. ARP stands for Address 
 Resolution Protocol, and is a broadcast oriented method that 
 uses UDP (User Datagram Protocol) to send a request to all 
@@ -414,7 +414,7 @@ architecture of the MS Windows network. The term "workgroup" indicates
 that the primary nature of the network environment is that of a 
 peer-to-peer design. In a WORKGROUP all machines are responsible for 
 their own security, and generally such security is limited to use of 
-just a password (known as SHARE MORE security). In most situations 
+just a password (known as SHARE MODE security). In most situations 
 with peer-to-peer networking the users who control their own machines 
 will simply opt to have no security at all. It is possible to have 
 USER MODE security in a WORKGROUP environment, thus requiring use 
@@ -444,8 +444,8 @@ NAME="AEN100"
 ></H2
 ><P
 >All MS Windows machines employ an in memory buffer in which is 
-stored the NetBIOS names and their IP addresses for all external 
-machines that that the local machine has communicated with over the 
+stored the NetBIOS names and IP addresses for all external 
+machines that that machine has communicated with over the 
 past 10-15 minutes. It is more efficient to obtain an IP address 
 for a machine from the local cache than it is to go through all the 
 configured name resolution mechanisms.</P
@@ -453,7 +453,7 @@ configured name resolution mechanisms.</P
 >If a machine whose name is in the local name cache has been shut 
 down before the name had been expired and flushed from the cache, then 
 an attempt to exchange a message with that machine will be subject 
-to time-out delays. ie: It's name is in the cache, so a name resolution 
+to time-out delays. i.e.: Its name is in the cache, so a name resolution 
 lookup will succeed, but the machine can not respond. This can be 
 frustrating for users - but it is a characteristic of the protocol.</P
 ><P
@@ -660,7 +660,7 @@ dependable browsing using Samba</A
 ></H1
 ><P
 >As stated above, MS Windows machines register their NetBIOS names 
-(ie: the machine name for each service type in operation) on start 
+(i.e.: the machine name for each service type in operation) on start 
 up. Also, as stated above, the exact method by which this name registration 
 takes place is determined by whether or not the MS Windows client/server 
 has been given a WINS server address, whether or not LMHOSTS lookup 
@@ -685,7 +685,7 @@ Instead, the domain master browser serves the role of contacting each local
 master browser (found by asking WINS or from LMHOSTS) and exchanging browse 
 list contents. This way every master browser will eventually obtain a complete 
 list of all machines that are on the network. Every 11-15 minutes an election 
-is held to determine which machine will be the master browser. By nature of 
+is held to determine which machine will be the master browser. By the nature of 
 the election criteria used, the machine with the highest uptime, or the 
 most senior protocol version, or other criteria, will win the election 
 as domain master browser.</P
@@ -770,8 +770,8 @@ these versions no longer support plain text passwords by default.</P
 ><P
 >MS Windows clients have a habit of dropping network mappings that 
 have been idle for 10 minutes or longer. When the user attempts to 
-use the mapped drive connection that has been dropped the SMB protocol 
-has a mechanism by which the connection can be re-established using 
+use the mapped drive connection that has been dropped, the client
+re-establishes the connection using 
 a cached copy of the password.</P
 ><P
 >When Microsoft changed the default password mode, they dropped support for 
@@ -959,7 +959,7 @@ NAME="AEN196"
 ></H2
 ><P
 >This mode of authentication demands that there be on the 
-Unix/Linux system both a Unix style account as well as and 
+Unix/Linux system both a Unix style account as well as an 
 smbpasswd entry for the user. The Unix system account can be 
 locked if required as only the encrypted password will be 
 used for SMB client authentication.</P
diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html
index fd83c4e09a3..ffd5c3cf241 100644
--- a/docs/htmldocs/Samba-BDC-HOWTO.html
+++ b/docs/htmldocs/Samba-BDC-HOWTO.html
@@ -76,9 +76,13 @@ parameters in the [global]-section of the smb.conf have to be set:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->workgroup = SAMBA
-domain master = yes
-domain logons = yes</PRE
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
 ></P
 ><P
 >Several other things like a [homes] and a [netlogon] share also may be
@@ -171,33 +175,93 @@ NAME="AEN28"
 ><UL
 ><LI
 ><P
->The file private/MACHINE.SID identifies the domain. When a samba
-server is first started, it is created on the fly and must never be
-changed again. This file has to be the same on the PDC and the BDC,
-so the MACHINE.SID has to be copied from the PDC to the BDC.</P
+>	The file <TT
+CLASS="FILENAME"
+>private/MACHINE.SID</TT
+> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> database.  This file cannot just
+	be copied because Samba looks under the key <TT
+CLASS="CONSTANT"
+>SECRETS/SID/<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+></TT
+>.
+	where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </P
+><P
+>	A new option has been added to the <B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+>
+	command to help ease this problem.  When running <B
+CLASS="COMMAND"
+>smbpasswd -S</B
+> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and stored as the
+	new Samba server's machine SID.  See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>
+	man page for more details on this functionality.
+	</P
 ></LI
 ><LI
 ><P
->The Unix user database has to be synchronized from the PDC to the
-BDC. This means that both the /etc/passwd and /etc/group have to be
-replicated from the PDC to the BDC. This can be done manually
-whenever changes are made, or the PDC is set up as a NIS master
-server and the BDC as a NIS slave server. To set up the BDC as a
-mere NIS client would not be enough, as the BDC would not be able to
-access its user database in case of a PDC failure.</P
+>	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</P
 ></LI
 ><LI
 ><P
->The Samba password database in the file private/smbpasswd has to be
-replicated from the PDC to the BDC. This is a bit tricky, see the
-next section.</P
+>	The Samba password database in the file <TT
+CLASS="FILENAME"
+>private/smbpasswd</TT
+>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</P
 ></LI
 ><LI
 ><P
->Any netlogon share has to be replicated from the PDC to the
-BDC. This can be done manually whenever login scripts are changed,
-or it can be done automatically together with the smbpasswd
-synchronization.</P
+>	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</P
 ></LI
 ></UL
 ><P
@@ -206,9 +270,13 @@ by setting</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->workgroup = samba
-domain master = no
-domain logons = yes</PRE
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
 ></P
 ><P
 >in the [global]-section of the smb.conf of the BDC. This makes the BDC
@@ -222,21 +290,58 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN44"
+NAME="AEN57"
 >How do I replicate the smbpasswd file?</A
 ></H2
 ><P
 >Replication of the smbpasswd file is sensitive. It has to be done
-whenever changes to the SAM are made. Every user's password change is
-done in the smbpasswd file and has to be replicated to the BDC. So
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
 replicating the smbpasswd file very often is necessary.</P
 ><P
 >As the smbpasswd file contains plain text password equivalents, it
 must not be sent unencrypted over the wire. The best way to set up
 smbpasswd replication from the PDC to the BDC is to use the utility
-rsync. rsync can use ssh as a transport. ssh itself can be set up to
-accept *only* rsync transfer without requiring the user to type a
-password.</P
+<B
+CLASS="COMMAND"
+>rsync(1)</B
+>. <B
+CLASS="COMMAND"
+>rsync</B
+> can use
+<B
+CLASS="COMMAND"
+>ssh(1)</B
+> as a transport. <B
+CLASS="COMMAND"
+>ssh</B
+> itself
+can be set up to accept <I
+CLASS="EMPHASIS"
+>only</I
+> <B
+CLASS="COMMAND"
+>rsync</B
+> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.</P
+><P
+>Another solution with high potential is to use Samba's <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+for sharing and/or replicating the list of <TT
+CLASS="CONSTANT"
+>sambaAccount</TT
+> entries.
+This can all be done over SSL to ensure security.  See the <A
+HREF="Samba-LDAP-HOWTO.html"
+TARGET="_top"
+>Samba-LDAP-HOWTO</A
+>
+for more details.</P
 ></DIV
 ></DIV
 ></DIV
diff --git a/docs/htmldocs/Samba-LDAP-HOWTO.html b/docs/htmldocs/Samba-LDAP-HOWTO.html
index 9c223c0084f..7fbfbf5247b 100644
--- a/docs/htmldocs/Samba-LDAP-HOWTO.html
+++ b/docs/htmldocs/Samba-LDAP-HOWTO.html
@@ -64,7 +64,7 @@ TARGET="_top"
 >O'Reilly Publishing</A
 > is working on
 a guide to LDAP for System Administrators which has a planned release date of
-early summer, 2002.</P
+late 2002.</P
 ><P
 >Two additional Samba resources which may prove to be helpful are</P
 ><P
@@ -86,7 +86,11 @@ HREF="http://samba.idealx.org/"
 TARGET="_top"
 >IDEALX</A
 > that are
-	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <TT
+CLASS="FILENAME"
+>examples/LDAP/smbldap-tools/</TT
+> directory.
 	</P
 ></LI
 ></UL
@@ -96,7 +100,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN23"
+NAME="AEN24"
 >Introduction</A
 ></H1
 ><P
@@ -124,7 +128,7 @@ in the thousands).</P
 >The first is that all lookups must be performed sequentially.  Given that
 there are approximately two lookups per domain logon (one for a normal
 session connection such as when mapping a network drive or printer), this
-is a performance bottleneck for lareg sites.  What is needed is an indexed approach
+is a performance bottleneck for large sites.  What is needed is an indexed approach
 such as is used in databases.</P
 ></LI
 ><LI
@@ -150,7 +154,10 @@ Identified (RID).</P
 ></UL
 ><P
 >As a result of these defeciencies, a more robust means of storing user attributes
-used by smbd was developed.  The API which defines access to user accounts
+used by <B
+CLASS="COMMAND"
+>smbd</B
+> was developed.  The API which defines access to user accounts
 is commonly referred to as the samdb interface (previously this was called the passdb
 API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
 for a samdb backend (e.g. <TT
@@ -172,7 +179,10 @@ CLASS="PARAMETER"
 >--with-ldapsam</I
 ></TT
 > autoconf
-option, smbd (and associated tools) will store and lookup user accounts in
+option, <B
+CLASS="COMMAND"
+>smbd</B
+> (and associated tools) will store and lookup user accounts in
 an LDAP directory.  In reality, this is very easy to understand.  If you are
 comfortable with using an smbpasswd file, simply replace "smbpasswd" with
 "LDAP directory" in all the documentation.</P
@@ -213,7 +223,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN52"
+NAME="AEN55"
 >Supported LDAP Servers</A
 ></H1
 ><P
@@ -238,7 +248,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN57"
+NAME="AEN60"
 >Schema and Relationship to the RFC 2307 posixAccount</A
 ></H1
 ><P
@@ -252,7 +262,7 @@ in 2.2.2).  The sambaAccount objectclass is given here:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
      DESC 'Samba Account'
      MUST ( uid $ rid )
      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
@@ -261,7 +271,10 @@ CLASS="PROGRAMLISTING"
             description $ userWorkstations $ primaryGroupID $ domain ))</PRE
 ></P
 ><P
->The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
+>The <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file has been formatted for OpenLDAP 2.0 &#38; 2.1.  The OID's are
 owned by the Samba Team and as such is legal to be openly published.
 If you translate the schema to be used with Netscape DS, please
 submit the modified schema file as a patch to <A
@@ -270,22 +283,47 @@ TARGET="_top"
 >jerry@samba.org</A
 ></P
 ><P
+>Since the original release, schema files for</P
+><P
+></P
+><UL
+><LI
+><P
+>IBM's SecureWay Server</P
+></LI
+><LI
+><P
+>Netscape Directory Server version 4.x and 5.x</P
+></LI
+></UL
+><P
+>have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.</P
+><P
 >Just as the smbpasswd file is mean to store information which supplements a
 user's <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
 > entry, so is the sambaAccount object
-meant to supplement the UNIX user account information.  A sambaAccount is a
+meant to supplement the UNIX user account information.  A sambaAccount is now an
 <TT
 CLASS="CONSTANT"
->STRUCTURAL</TT
-> objectclass so it can be stored individually
-in the directory.  However, there are several fields (e.g. uid) which overlap
-with the posixAccount objectclass outlined in RFC2307.  This is by design.</P
+>AUXILARY</TT
+> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.</P
 ><P
 >In order to store all user account information (UNIX and Samba) in the directory,
 it is necessary to use the sambaAccount and posixAccount objectclasses in
-combination.  However, smbd will still obtain the user's UNIX account
+combination.  However, <B
+CLASS="COMMAND"
+>smbd</B
+> will still obtain the user's UNIX account
 information via the standard C library calls (e.g. getpwnam(), et. al.).
 This means that the Samba server must also have the LDAP NSS library installed
 and functioning correctly.  This division of information makes it possible to
@@ -297,7 +335,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN69"
+NAME="AEN81"
 >Configuring Samba with LDAP</A
 ></H1
 ><DIV
@@ -305,7 +343,7 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN71"
+NAME="AEN83"
 >OpenLDAP configuration</A
 ></H2
 ><P
@@ -369,9 +407,9 @@ CLASS="PROGRAMLISTING"
 ## required by OpenLDAP 2.0
 index objectclass   eq
 
-## support pb_getsampwnam()
+## support pbb_getsampwnam()
 index uid           pres,eq
-## support pdb_getsambapwrid()
+## support pdb_getsampwrid()
 index rid           eq
 
 ## uncomment these if you are storing posixAccount and
@@ -387,7 +425,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN88"
+NAME="AEN100"
 >Configuring Samba</A
 ></H2
 ><P
@@ -501,13 +539,69 @@ CLASS="REPLACEABLE"
      # ldap filter = "(&#38;(uid=%u)(objectclass=sambaAccount))"</PRE
 ></P
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN128"
+>Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></H2
+><P
+>Import existing user entries from an <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> can be trivially done using
+a Perl script named <TT
+CLASS="FILENAME"
+>import_smbpasswd.pl</TT
+> included in the
+<TT
+CLASS="FILENAME"
+>examples/LDAP/</TT
+> directory of the Samba source distribution.  There are
+two main requirements of this script:</P
+><P
+></P
+><UL
+><LI
+><P
+>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</P
+></LI
+><LI
+><P
+>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <A
+HREF="http://search.cpan.org/"
+TARGET="_top"
+>http://search.cpan.org/</A
+>
+	by searching for <TT
+CLASS="FILENAME"
+>perl-ldap</TT
+> or directly from <A
+HREF="http://perl-ldap.sf.net/"
+TARGET="_top"
+>http://perl-ldap.sf.net/</A
+>.
+	</P
+></LI
+></UL
+><P
+>Please refer to the documentation in the same directory as the script for more details.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN116"
+NAME="AEN144"
 >Accounts and Groups management</A
 ></H1
 ><P
@@ -532,7 +626,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN121"
+NAME="AEN149"
 >Security and sambaAccount</A
 ></H1
 ><P
@@ -605,7 +699,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN141"
+NAME="AEN169"
 >LDAP specials attributes for sambaAccounts</A
 ></H1
 ><P
@@ -816,7 +910,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN211"
+NAME="AEN239"
 >Example LDIF Entries for a sambaAccount</A
 ></H1
 ><P
@@ -874,7 +968,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN219"
+NAME="AEN247"
 >Comments</A
 ></H1
 ><P
@@ -883,7 +977,7 @@ HREF="mailto:jerry@samba.org"
 TARGET="_top"
 >jerry@samba.org</A
 >.  This documents was
-last updated to reflect the Samba 2.2.3 release.&#13;</P
+last updated to reflect the Samba 2.2.5 release.&#13;</P
 ></DIV
 ></DIV
 ></BODY
diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html
index 707fd87245b..e3c1934adaa 100644
--- a/docs/htmldocs/UNIX_INSTALL.html
+++ b/docs/htmldocs/UNIX_INSTALL.html
@@ -656,8 +656,8 @@ NAME="AEN166"
 >By default Samba uses a blank scope ID. This means 
 		all your windows boxes must also have a blank scope ID. 
 		If you really want to use a non-blank scope ID then you will 
-		need to use the -i &lt;scope&gt; option to nmbd, smbd, and 
-		smbclient. All your PCs will need to have the same setting for 
+		need to use the 'netbios scope' smb.conf option.
+                All your PCs will need to have the same setting for 
 		this to work. I do not recommend scope IDs.</P
 ></DIV
 ><DIV
@@ -778,19 +778,13 @@ NAME="AEN182"
 		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
 		or DENY_ALL. There are also special compatibility modes called 
 		DENY_FCB and  DENY_DOS.</P
-><P
->You can disable share modes using "share modes = no". 
-		This may be useful on a heavily loaded server as the share 
-		modes code is very slow. See also the FAST_SHARE_MODES 
-		option in the Makefile for a way to do full share modes 
-		very fast using shared memory (if your OS supports it).</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN192"
+NAME="AEN191"
 >Mapping Usernames</A
 ></H2
 ><P
@@ -803,7 +797,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN195"
+NAME="AEN194"
 >Other Character Sets</A
 ></H2
 ><P
diff --git a/docs/htmldocs/cups.html b/docs/htmldocs/cups.html
index 4c07986acaa..c4191e25524 100644
--- a/docs/htmldocs/cups.html
+++ b/docs/htmldocs/cups.html
@@ -94,11 +94,12 @@ CLASS="PARAMETER"
 >-oraw</I
 ></TT
 >
-option for printing. You can use the <B
+option for printing. On a Linux system, you can use the <B
 CLASS="COMMAND"
 >ldd</B
 > command to
-find out details:</P
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
@@ -176,7 +177,7 @@ try if you have <B
 CLASS="COMMAND"
 >lphelp</B
 > on your system) plus some different GUI frontends on Linux
-UNIX, which can present PPD options to the users. PPD optons are normally
+UNIX, which can present PPD options to the users. PPD options are normally
 meant to become evaluated by the PostScript RIP on the real PostScript
 printer.</P
 ><P
@@ -194,8 +195,8 @@ CLASS="PARAMETER"
 ><I
 >*cupsFilter</I
 ></TT
->
-this line
+>.
+This line
 tells the CUPS print system which printer-specific filter to use for the
 interpretation of the accompanying PostScript. Thus CUPS lets all its
 printers appear as PostScript devices to its clients, because it can act as a
@@ -224,8 +225,8 @@ CLASS="COMMAND"
 > Filter and are therefor logged in
     the CUPS <TT
 CLASS="FILENAME"
->page&lowbar;log  </TT
-> <I
+>page&lowbar;log</TT
+>. - <I
 CLASS="EMPHASIS"
 >NOTE: </I
 >this
@@ -250,7 +251,7 @@ NAME="AEN50"
 ><P
 >This setup may be of special interest to people
 experiencing major problems in WTS environments. WTS need often a multitude
-of non-PostScript drivers installed to run their clients' multitude of
+of non-PostScript drivers installed to run their clients' variety of
 different printer models. This often imposes the price of much increased
 instability. In many cases, in an attempt to overcome this problem, site
 administrators have resorted to restrict the allowed drivers installed on
@@ -337,7 +338,7 @@ CLASS="PROGRAMLISTING"
         ICONLIB.DLL</PRE
 ></P
 ><P
->Users of the ESP Print Pro software are able to isntall
+>Users of the ESP Print Pro software are able to install
 their "Samba Drivers" package for this purpose with no problem.</P
 ></DIV
 ><DIV
@@ -433,10 +434,17 @@ CLASS="EMPHASIS"
 >the cupsomatic trick from Linuxprinting.org is
 working different from the other drivers. While the other drivers take the
 generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
-their input, cupsomatic "kidmaps" the PostScript inside CUPS, before
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
 RIP-ping, deviates it to an external Ghostscript installation (which now
 becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
-finished.</P
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...</P
 ><P
 >Once you installed a printer inside CUPS with one of the
 recommended methods (the lpadmin command, the web browser interface or one of
@@ -580,6 +588,22 @@ share, right-click on this printer and select "Install..." or
 "Connect..." (depending on the Windows version you use). Now their
 should be a new printer in your client's local "Printers" folder,
 named (in my case) "infotec_IS2027 on kdebitshop"</P
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE: </I
+>
+<B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.</P
 ></DIV
 ></DIV
 ></DIV
diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html
index b94d0fbbfd4..38a7e280668 100644
--- a/docs/htmldocs/printer_driver2.html
+++ b/docs/htmldocs/printer_driver2.html
@@ -165,7 +165,7 @@ CLASS="PARAMETER"
 >printer driver
 file</I
 ></TT
-> parameter, are being deprecated and should not 
+> parameter, are being deprecated and should not
 be used in new installations.  For more information on this change, 
 you should refer to the <A
 HREF="#MIGRATION"
@@ -391,33 +391,36 @@ properties will be displayed.  Do you want to install the
 driver now?</I
 ></P
 ><P
->Click "No" in the error dialog and you will be presented with
-the printer properties window.  The way assign a driver to a 
+>Click <I
+CLASS="EMPHASIS"
+>No</I
+> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
 printer is to either</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->Use the "New Driver..." button to install 
+>Use the "New Driver..." button to install
 	a new printer driver, or</P
 ></LI
 ><LI
 ><P
->Select a driver from the popup list of 
+>Select a driver from the popup list of
 	installed drivers.  Initially this list will be empty.</P
 ></LI
 ></UL
 ><P
->If you wish to install printer drivers for client 
-operating systems other than "Windows NT x86", you will need 
+>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
 to use the "Sharing" tab of the printer properties dialog.</P
 ><P
->Assuming you have connected with a root account, you 
-will also be able modify other printer properties such as 
+>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
 ACLs and device settings using this dialog box.</P
 ><P
->A few closing comments for this section, it is possible 
+>A few closing comments for this section, it is possible
 on a Windows NT print server to have printers
 listed in the Printers folder which are not shared.  Samba does
 not make this distinction.  By definition, the only printers of
@@ -428,7 +431,7 @@ CLASS="FILENAME"
 >.</P
 ><P
 >Another interesting side note is that Windows NT clients do
-not use the SMB printer share, but rather can print directly 
+not use the SMB printer share, but rather can print directly
 to any printer on another Windows NT host using MS-RPC.  This
 of course assumes that the printing client has the necessary
 privileges on the remote host serving the printer.  The default
@@ -440,45 +443,88 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN88"
+NAME="AEN89"
+>DeviceModes and New Printers</A
+></H2
+><P
+>In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:</P
+><P
+></P
+><UL
+><LI
+><P
+>a valid Device Mode generated by the driver for the printer, and</P
+></LI
+><LI
+><P
+>a complete set of PrinterDriverData generated by the driver.</P
+></LI
+></UL
+><P
+>If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).</P
+><P
+>Samba also includes a service level parameter name <A
+HREF="smb.conf.5.html#DEFAULTDEVMODE"
+TARGET="_top"
+>default
+devmode</A
+> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN100"
 >Support a large number of printers</A
 ></H2
 ><P
 >One issue that has arisen during the development
 phase of Samba 2.2 is the need to support driver downloads for
-100's of printers.  Using the Windows NT APW is somewhat 
-awkward to say the list.  If more than one printer are using the 
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
 same driver, the <A
 HREF="rpcclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >rpcclient's
-setdriver command</B
+setdriver</B
 ></A
-> can be used to set the driver
+> command can be used to set the driver
 associated with an installed driver.  The following is example
 of how this could be accomplished:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
-> 
-<TT
+><TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumdrivers"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
- 
+
 [Windows NT x86]
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4000 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 2100 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4Si/4SiMX PS]
-				  
+
 <TT
 CLASS="PROMPT"
 >$ </TT
@@ -488,7 +534,7 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
      name:[\\POGO\hp-print]
      description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
      comment:[]
-				  
+
 <TT
 CLASS="PROMPT"
 >$ </TT
@@ -506,7 +552,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN99"
+NAME="AEN111"
 >Adding New Printers via the Windows NT APW</A
 ></H2
 ><P
@@ -514,7 +560,7 @@ NAME="AEN99"
 CLASS="FILENAME"
 >smb.conf</TT
 >
-in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
 Add Printer Wizard icon.  The APW will be show only if</P
 ><P
 ></P
@@ -539,7 +585,7 @@ TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->show 
+>show
 	add printer wizard = yes</I
 ></TT
 ></A
@@ -548,36 +594,36 @@ CLASS="PARAMETER"
 ></LI
 ></UL
 ><P
->In order to be able to use the APW to successfully add a printer to a Samba 
+>In order to be able to use the APW to successfully add a printer to a Samba
 server, the <A
 HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->add 
+>add
 printer command</I
 ></TT
 ></A
 > must have a defined value.  The program
-hook must successfully add the printer to the system (i.e. 
+hook must successfully add the printer to the system (i.e.
 <TT
 CLASS="FILENAME"
 >/etc/printcap</TT
-> or appropriate files) and 
+> or appropriate files) and
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > if necessary.</P
 ><P
->When using the APW from a client, if the named printer share does 
+>When using the APW from a client, if the named printer share does
 not exist, <B
 CLASS="COMMAND"
 >smbd</B
 > will execute the <TT
 CLASS="PARAMETER"
 ><I
->add printer 
+>add printer
 command</I
 ></TT
 > and reparse to the <TT
@@ -612,7 +658,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN124"
+NAME="AEN136"
 >Samba and Printer Ports</A
 ></H2
 ><P
@@ -649,7 +695,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN132"
+NAME="AEN144"
 >The Imprints Toolset</A
 ></H1
 ><P
@@ -662,12 +708,19 @@ TARGET="_top"
 > as well as the documentation 
 	included with the imprints source distribution.  This section will 
 	only provide a brief introduction to the features of Imprints.</P
+><P
+>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</P
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN136"
+NAME="AEN149"
 >What is Imprints?</A
 ></H2
 ><P
@@ -699,7 +752,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN146"
+NAME="AEN159"
 >Creating Printer Driver Packages</A
 ></H2
 ><P
@@ -715,7 +768,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN149"
+NAME="AEN162"
 >The Imprints server</A
 ></H2
 ><P
@@ -736,7 +789,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN153"
+NAME="AEN166"
 >The Installation Client</A
 ></H2
 ><P
@@ -830,7 +883,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN175"
+NAME="AEN188"
 ><A
 NAME="MIGRATION"
 ></A
@@ -963,6 +1016,17 @@ CLASS="PARAMETER"
 ></TR
 ></TABLE
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN221"
+>Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
+></H2
 ><P
 >The have been two new parameters add in Samba 2.2.2 to for 
 better support of Samba 2.0.x backwards capability (<TT
@@ -979,9 +1043,10 @@ CLASS="PARAMETER"
 ></TT
 >). Both of 
 these options are described in the smb.coinf(5) man page and are 
-disabled by default.</P
+disabled by default.  Use them with caution.</P
+></DIV
 ></DIV
 ></DIV
 ></BODY
 ></HTML
->
+>
+\ No newline at end of file
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html
index 90f9ca076c5..7c0699c535b 100644
--- a/docs/htmldocs/smbpasswd.8.html
+++ b/docs/htmldocs/smbpasswd.8.html
@@ -286,6 +286,31 @@ CLASS="PARAMETER"
 		</P
 ></DD
 ><DT
+>-t</DT
+><DD
+><P
+>This option is used to force smbpasswd to 
+		change the current password assigned to the machine trust account
+		when operating in domain security mode.  This is really meant to 
+		be used on systems that only run <A
+HREF="winbindd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>winbindd</B
+></A
+>.
+		Under server installations, <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd</B
+></A
+>
+		handle the password updates automatically.</P
+></DD
+><DT
 >-U username[%pass]</DT
 ><DD
 ><P
@@ -660,7 +685,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN205"
+NAME="AEN213"
 ></A
 ><H2
 >NOTES</H2
@@ -703,7 +728,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN215"
+NAME="AEN223"
 ></A
 ><H2
 >VERSION</H2
@@ -714,7 +739,7 @@ NAME="AEN215"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN218"
+NAME="AEN226"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -737,7 +762,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN224"
+NAME="AEN232"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html
index bae907c687a..3ed7e6d8238 100644
--- a/docs/htmldocs/testparm.1.html
+++ b/docs/htmldocs/testparm.1.html
@@ -37,12 +37,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >testparm</B
->  [-s] [-h] [-L &#60;servername&#62;] {config filename} [hostname  hostIP]</P
+>  [-s] [-h] [-x] [-L &#60;servername&#62;] {config filename} [hostname  hostIP]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN16"
+NAME="AEN17"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -95,7 +95,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN31"
+NAME="AEN32"
 ></A
 ><H2
 >OPTIONS</H2
@@ -122,6 +122,12 @@ CLASS="COMMAND"
 >Print usage message </P
 ></DD
 ><DT
+>-x</DT
+><DD
+><P
+>Print only parameters that have non-default values</P
+></DD
+><DT
 >-L servername</DT
 ><DD
 ><P
@@ -192,7 +198,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN66"
+NAME="AEN71"
 ></A
 ><H2
 >FILES</H2
@@ -221,7 +227,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN75"
+NAME="AEN80"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -235,7 +241,7 @@ NAME="AEN75"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN78"
+NAME="AEN83"
 ></A
 ><H2
 >VERSION</H2
@@ -246,7 +252,7 @@ NAME="AEN78"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN81"
+NAME="AEN86"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -272,7 +278,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN88"
+NAME="AEN93"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 8a41808700b..bb18545c5b8 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -161,7 +161,7 @@ NAME="AEN27"
 		workstations into a NT based organization.</P
 ><P
 >Another interesting way in which we expect Winbind to 
-		be used is as a central part of UNIX based appliances. Appliances 
+		be used is as a central part of UNIX based appliances. Appliances
 		that provide file and print services to Microsoft based networks 
 		will be able to use Winbind to provide seamless integration of 
 		the appliance into the domain.</P
@@ -405,37 +405,29 @@ HREF="mailto:jtrostel@snapserver.com"
 TARGET="_top"
 >jtrostel@snapserver.com</A
 >
-for providing the HOWTO for this section.</P
-><P
->This HOWTO describes how to get winbind services up and running 
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
 to control access and authenticate users on your Linux box using 
-the winbind services which come with SAMBA 2.2.2.</P
-><P
->There is also some Solaris specific information in 
-<TT
-CLASS="FILENAME"
->docs/textdocs/Solaris-Winbind-HOWTO.txt</TT
->.
-Future revisions of this document will incorporate that
-information.</P
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.</P
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN78"
+NAME="AEN75"
 >Introduction</A
 ></H2
 ><P
 >This HOWTO describes the procedures used to get winbind up and 
-running on my RedHat 7.1 system.  Winbind is capable of providing access 
-and authentication control for Windows Domain users through an NT 
-or Win2K PDC for 'regular' services, such as telnet a nd ftp, as
-well for SAMBA services.</P
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.</P
 ><P
->This HOWTO has been written from a 'RedHat-centric' perspective, so if 
-you are using another distribution, you may have to modify the instructions 
-somewhat to fit the way your distribution works.</P
+>This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.</P
 ><P
 ></P
 ><UL
@@ -447,9 +439,9 @@ CLASS="EMPHASIS"
 >
 	</P
 ><P
->This allows the SAMBA administrator to rely on the 
-	authentication mechanisms on the NT/Win2K PDC for the authentication 
-	of domain members.  NT/Win2K users no longer need to have separate 
+>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
 	accounts on the SAMBA server.
 	</P
 ></LI
@@ -461,12 +453,10 @@ CLASS="EMPHASIS"
 >
 	</P
 ><P
->	This HOWTO is designed for system administrators.  If you are 
-	implementing SAMBA on a file server and wish to (fairly easily) 
+>	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
 	integrate existing NT/Win2K users from your PDC onto the
-	SAMBA server, this HOWTO is for you.  That said, I am no NT or PAM 
-	expert, so you may find a better or easier way to accomplish 
-	these tasks.
+	SAMBA server, this HOWTO is for you.
 	</P
 ></LI
 ></UL
@@ -476,119 +466,130 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN91"
+NAME="AEN88"
 >Requirements</A
 ></H2
 ><P
->If you have a samba configuration file that you are currently 
+>If you have a samba configuration file that you are currently
 using... <I
 CLASS="EMPHASIS"
 >BACK IT UP!</I
->  If your system already uses PAM, 
+>  If your system already uses PAM,
 <I
 CLASS="EMPHASIS"
 >back up the <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
-> directory 
-contents!</I
-> If you haven't already made a boot disk, 
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>)
+directory contents!</I
+> If you haven't already made a boot disk,
 <I
 CLASS="EMPHASIS"
 >MAKE ONE NOW!</I
 ></P
 ><P
->Messing with the pam configuration files can make it nearly impossible 
-to log in to yourmachine. That's why you want to be able to boot back 
-into your machine in single user mode and restore your 
+>Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
 <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
-> back to the original state they were in if 
-you get frustrated with the way things are going.  ;-)</P
+> (or <TT
+CLASS="FILENAME"
+>pam.conmf</TT
+>) back to
+the original state they were in if
+you get frustrated with the way things are going.</P
 ><P
->The latest version of SAMBA (version 2.2.2 as of this writing), now 
-includes a functioning winbindd daemon.  Please refer to the 
+>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
 <A
 HREF="http://samba.org/"
 TARGET="_top"
 >main SAMBA web page</A
-> or, 
-better yet, your closest SAMBA mirror site for instructions on 
-downloading the source code.</P
+> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.</P
 ><P
->To allow Domain users the ability to access SAMBA shares and 
-files, as well as potentially other services provided by your 
+>To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
 SAMBA machine, PAM (pluggable authentication modules) must
-be setup properly on your machine.  In order to compile the 
-winbind modules, you should have at least the pam libraries resident 
-on your system.  For recent RedHat systems (7.1, for instance), that 
-means <TT
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <TT
 CLASS="FILENAME"
->pam-0.74-22</TT
->.  For best results, it is helpful to also
-install the development packages in <TT
+>pam</TT
+> and <TT
 CLASS="FILENAME"
->pam-devel-0.74-22</TT
->.</P
+>pam-devel</TT
+> RPM.
+The former is installed by default on all Linux systems of which the author is aware.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN105"
+NAME="AEN104"
 >Testing Things Out</A
 ></H2
 ><P
->Before starting, it is probably best to kill off all the SAMBA 
-related daemons running on your server.  Kill off all <B
+>Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <B
 CLASS="COMMAND"
 >smbd</B
->, 
-<B
+>, <B
 CLASS="COMMAND"
 >nmbd</B
 >, and <B
 CLASS="COMMAND"
 >winbindd</B
-> processes that may 
-be running.  To use PAM, you will want to make sure that you have the 
-standard PAM package (for RedHat) which supplies the <TT
+> processes that may
+be running (<B
+CLASS="COMMAND"
+>winbindd</B
+> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
-> 
-directory structure, including the pam modules are used by pam-aware 
+>
+directory structure, including the pam modules are used by pam-aware
 services, several pam libraries, and the <TT
 CLASS="FILENAME"
 >/usr/doc</TT
-> 
+>
 and <TT
 CLASS="FILENAME"
 >/usr/man</TT
-> entries for pam.  Winbind built better 
-in SAMBA if the pam-devel package was also installed.  This package includes 
-the header files needed to compile pam-aware applications. For instance, 
-my RedHat system has both <TT
+> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <TT
 CLASS="FILENAME"
->pam-0.74-22</TT
-> and
-<TT
-CLASS="FILENAME"
->pam-devel-0.74-22</TT
-> RPMs installed.</P
+>pam_winbind.so</TT
+> library or
+include the <B
+CLASS="COMMAND"
+>--with-pam</B
+> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.</P
+><P
+>[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]</P
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN116"
->Configure and compile SAMBA</A
+NAME="AEN117"
+>Configure and Compile SAMBA</A
 ></H3
 ><P
->The configuration and compilation of SAMBA is pretty straightforward.
-The first three steps may not be necessary depending upon
-whether or not you have previously built the Samba binaries.</P
+>The configuration and compilation of SAMBA is straightforward.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
@@ -597,27 +598,6 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->autoconf</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->make clean</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->rm config.cache</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
 >./configure --with-winbind</B
 >
 <TT
@@ -641,36 +621,43 @@ CLASS="FILENAME"
 >/usr/local/samba</TT
 >.
 See the main SAMBA documentation if you want to install SAMBA somewhere else.
-It will also build the winbindd executable and libraries. </P
+It will also build the winbindd executable and NSS library.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN135"
+NAME="AEN130"
 >Configure <TT
 CLASS="FILENAME"
 >nsswitch.conf</TT
-> and the 
+> and the
 winbind libraries</A
 ></H3
 ><P
 >The libraries needed to run the <B
 CLASS="COMMAND"
 >winbindd</B
-> daemon 
-through nsswitch need to be copied to their proper locations, so</P
+> daemon
+through nsswitch need to be copied to their proper locations.</P
 ><P
 ><TT
 CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->cp ../samba/source/nsswitch/libnss_winbind.so /lib</B
+>cp nsswitch/libnss_winbind.so /lib</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/libnss_winbind.so</B
 ></P
 ><P
->I also found it necessary to make the following symbolic link:</P
+>It necessary to make the following symbolic link:</P
 ><P
 ><TT
 CLASS="PROMPT"
@@ -680,73 +667,60 @@ CLASS="COMMAND"
 >ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
 ></P
 ><P
->Now, as root you need to edit <TT
+>The <TT
+CLASS="FILENAME"
+>.2</TT
+> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
+<TT
+CLASS="FILENAME"
+>/lib/nss_winbind.so.1</TT
+></P
+><P
+>Now, as root edit <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
-> to 
+> to
 allow user and group entries to be visible from the <B
 CLASS="COMMAND"
 >winbindd</B
-> 
-daemon.  My <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> file look like 
-this after editing:</P
+>
+daemon.  After editing, the file look appear:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >	passwd:     files winbind
-	shadow:     files 
+	shadow:     files
 	group:      files winbind</PRE
 ></P
-><P
->	
-The libraries needed by the winbind daemon will be automatically 
-entered into the <B
-CLASS="COMMAND"
->ldconfig</B
-> cache the next time 
-your system reboots, but it 
-is faster (and you don't need to reboot) if you do it manually:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/sbin/ldconfig -v | grep winbind</B
-></P
-><P
->This makes <TT
-CLASS="FILENAME"
->libnss_winbind</TT
-> available to winbindd 
-and echos back a check to you.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN160"
->Configure smb.conf</A
+NAME="AEN152"
+>Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
 ></H3
 ><P
->Several parameters are needed in the smb.conf file to control 
+>Several parameters are needed in the smb.conf file to control
 the behavior of <B
 CLASS="COMMAND"
 >winbindd</B
->. Configure 
+>. Configure
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> These are described in more detail in 
+> These are described in more detail in
 the <A
 HREF="winbindd.8.html"
 TARGET="_top"
 >winbindd(8)</A
-> man page.  My 
+> man page.  My
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
@@ -776,6 +750,8 @@ TARGET="_top"
 >winbind gid</A
 > = 10000-20000
      # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
      <A
 HREF="winbindd.8.html#WINBINDENUMUSERS"
 TARGET="_top"
@@ -786,7 +762,7 @@ HREF="winbindd.8.html#WINBINDENUMGROUP"
 TARGET="_top"
 >winbind enum groups</A
 > = yes
-     # give winbind users a real shell (only needed if they have telnet access)
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
      <A
 HREF="winbindd.8.html#TEMPLATEHOMEDIR"
 TARGET="_top"
@@ -804,23 +780,23 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN176"
+NAME="AEN169"
 >Join the SAMBA server to the PDC domain</A
 ></H3
 ><P
->Enter the following command to make the SAMBA server join the 
+>Enter the following command to make the SAMBA server join the
 PDC domain, where <TT
 CLASS="REPLACEABLE"
 ><I
 >DOMAIN</I
 ></TT
-> is the name of 
+> is the name of
 your Windows domain and <TT
 CLASS="REPLACEABLE"
 ><I
 >Administrator</I
 ></TT
-> is 
+> is
 a domain user who has administrative privileges in the domain.</P
 ><P
 ><TT
@@ -831,7 +807,7 @@ CLASS="COMMAND"
 >/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B
 ></P
 ><P
->The proper response to the command should be: "Joined the domain 
+>The proper response to the command should be: "Joined the domain
 <TT
 CLASS="REPLACEABLE"
 ><I
@@ -842,7 +818,7 @@ CLASS="REPLACEABLE"
 ><I
 >DOMAIN</I
 ></TT
-> 
+>
 is your DOMAIN name.</P
 ></DIV
 ><DIV
@@ -850,14 +826,14 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN187"
+NAME="AEN180"
 >Start up the winbindd daemon and test it!</A
 ></H3
 ><P
->Eventually, you will want to modify your smb startup script to 
-automatically invoke the winbindd daemon when the other parts of 
+>Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
 SAMBA start, but it is possible to test out just the winbind
-portion first.  To start up winbind services, enter the following 
+portion first.  To start up winbind services, enter the following
 command as root:</P
 ><P
 ><TT
@@ -865,10 +841,17 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/winbindd</B
+>export PATH=$PATH:/usr/local/samba/bin</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>winbindd</B
 ></P
 ><P
->I'm always paranoid and like to make sure the daemon 
+>I'm always paranoid and like to make sure the daemon
 is really running...</P
 ><P
 ><TT
@@ -883,7 +866,13 @@ CLASS="COMMAND"
 ><P
 >3025 ?        00:00:00 winbindd</P
 ><P
->Now... for the real test, try to get some information about the 
+>Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <TT
+CLASS="FILENAME"
+>packaging/RedHat/winbind.init</TT
+>.</P
+><P
+>Now... for the real test, try to get some information about the
 users on your PDC</P
 ><P
 ><TT
@@ -891,11 +880,10 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/wbinfo -u</B
+>wbinfo -u</B
 ></P
 ><P
->	
-This should echo back a list of users on your Windows users on 
+>This should echo back a list of users on your Windows users on
 your PDC.  For example, I get the following response:</P
 ><P
 ><PRE
@@ -916,7 +904,7 @@ separator</I
 ></TT
 > is '+'.</P
 ><P
->You can do the same sort of thing to get group information from 
+>You can do the same sort of thing to get group information from
 the PDC:</P
 ><P
 ><PRE
@@ -939,7 +927,7 @@ CEO+Enterprise Admins
 CEO+Group Policy Creator Owners</PRE
 ></P
 ><P
->The function 'getent' can now be used to get unified 
+>The function 'getent' can now be used to get unified
 lists of both local and PDC users and groups.
 Try the following command:</P
 ><P
@@ -954,9 +942,13 @@ CLASS="COMMAND"
 >You should get a list that looks like your <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
-> 
-list followed by the domain users with their new uids, gids, home 
-directories and default shells.</P
+>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <TT
+CLASS="FILENAME"
+>rwxr-xr-x</TT
+>.</P
 ><P
 >The same thing can be done for groups with the command</P
 ><P
@@ -973,132 +965,32 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN223"
->Fix the <TT
-CLASS="FILENAME"
->/etc/rc.d/init.d/smb</TT
-> startup files</A
+NAME="AEN221"
+>Configure Winbind and PAM</A
 ></H3
 ><P
->The <B
+>At this point we are assured that <B
 CLASS="COMMAND"
 >winbindd</B
-> daemon needs to start up after the 
-<B
-CLASS="COMMAND"
->smbd</B
 > and <B
 CLASS="COMMAND"
->nmbd</B
-> daemons are running.  
-To accomplish this task, you need to modify the <TT
-CLASS="FILENAME"
->/etc/init.d/smb</TT
+>smbd</B
 >
-script to add commands to invoke this daemon in the proper sequence.  My 
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
 <TT
 CLASS="FILENAME"
->/etc/init.d/smb</TT
-> file starts up <B
-CLASS="COMMAND"
->smbd</B
->, 
-<B
-CLASS="COMMAND"
->nmbd</B
->, and <B
-CLASS="COMMAND"
->winbindd</B
-> from the 
-<TT
+>/etc/pam.d</TT
+> (or <TT
 CLASS="FILENAME"
->/usr/local/samba/bin</TT
-> directory directly.  The 'start' 
-function in the script looks like this:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->start() {
-        KIND="SMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/winbindd
-        RETVAL3=$?
-        echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; touch /var/lock/subsys/smb || \
-           RETVAL=1
-        return $RETVAL
-}</PRE
-></P
-><P
->The 'stop' function has a corresponding entry to shut down the 
-services and look s like this:</P
+>/etc/pam.conf</TT
+>) file[s]? If not, do it now.)</P
 ><P
-><PRE
-CLASS="PROGRAMLISTING"
->stop() {
-        KIND="SMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc smbd
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc nmbd
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Shutting down $KIND services: "
-        killproc winbindd
-        RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; rm -f /var/lock/subsys/smb
-        echo ""
-        return $RETVAL
-}</PRE
-></P
-><P
->If you restart the <B
-CLASS="COMMAND"
->smbd</B
->, <B
-CLASS="COMMAND"
->nmbd</B
->, 
-and <B
+>You will need a PAM module to use <B
 CLASS="COMMAND"
 >winbindd</B
-> daemons at this point, you
-should be able to connect to the samba server as a domain member just as
-if you were a local user.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H3
-CLASS="SECT3"
-><A
-NAME="AEN245"
->Configure Winbind and PAM</A
-></H3
-><P
->If you have made it this far, you know that winbindd and samba are working
-together.  If you want to use winbind to provide authentication for other 
-services, keep reading.  The pam configuration files need to be altered in
-this step.  (Did you remember to make backups of your original 
-<TT
-CLASS="FILENAME"
->/etc/pam.d</TT
-> files? If not, do it now.)</P
-><P
->You will need a pam module to use winbindd with these other services.  This 
+> with these other services.  This
 module will be compiled in the <TT
 CLASS="FILENAME"
 >../source/nsswitch</TT
@@ -1121,7 +1013,7 @@ CLASS="FILENAME"
 CLASS="FILENAME"
 >pam_winbind.so</TT
 > file should be copied to the location of
-your other pam security modules.  On my RedHat system, this was the
+your other pam security modules.  On Linux and Solaris systems, this is the
 <TT
 CLASS="FILENAME"
 >/lib/security</TT
@@ -1132,41 +1024,36 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B
-></P
-><P
->The <TT
-CLASS="FILENAME"
->/etc/pam.d/samba</TT
-> file does not need to be changed. I 
-just left this fileas it was:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->auth    required        /lib/security/pam_stack.so service=system-auth
-account required        /lib/security/pam_stack.so service=system-auth</PRE
+>cp nsswitch/pam_winbind.so /lib/security</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/security/pam_winbind.so</B
 ></P
 ><P
->The other services that I modified to allow the use of winbind 
-as an authentication service were the normal login on the console (or a terminal 
-session), telnet logins, and ftp service.  In order to enable these 
-services, you may first need to change the entries in 
+>Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
 <TT
 CLASS="FILENAME"
 >/etc/xinetd.d</TT
 > (or <TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
->).  
-RedHat 7.1 uses the new xinetd.d structure, in this case you need 
+>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
 to change the lines in <TT
 CLASS="FILENAME"
 >/etc/xinetd.d/telnet</TT
-> 
+>
 and <TT
 CLASS="FILENAME"
 >/etc/xinetd.d/wu-ftp</TT
-> from </P
+> from</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
@@ -1180,15 +1067,14 @@ CLASS="PROGRAMLISTING"
 >enable = yes</PRE
 ></P
 ><P
->	
-For ftp services to work properly, you will also need to either 
-have individual directories for the domain users already present on 
+>For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
 the server, or change the home directory template to a general
-directory for all domain users.  These can be easily set using 
+directory for all domain users.  These can be easily set using
 the <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> global entry 
+> global entry
 <B
 CLASS="COMMAND"
 >template homedir</B
@@ -1197,12 +1083,12 @@ CLASS="COMMAND"
 >The <TT
 CLASS="FILENAME"
 >/etc/pam.d/ftp</TT
-> file can be changed 
+> file can be changed
 to allow winbind ftp access in a manner similar to the
 samba file.  My <TT
 CLASS="FILENAME"
 >/etc/pam.d/ftp</TT
-> file was 
+> file was
 changed to look like this:</P
 ><P
 ><PRE
@@ -1219,7 +1105,7 @@ session    required     /lib/security/pam_stack.so service=system-auth</PRE
 >The <TT
 CLASS="FILENAME"
 >/etc/pam.d/login</TT
-> file can be changed nearly the 
+> file can be changed nearly the
 same way.  It now looks like this:</P
 ><P
 ><PRE
@@ -1239,12 +1125,12 @@ session    optional     /lib/security/pam_console.so</PRE
 >In this case, I added the <B
 CLASS="COMMAND"
 >auth sufficient /lib/security/pam_winbind.so</B
-> 
+>
 lines as before, but also added the <B
 CLASS="COMMAND"
 >required pam_securetty.so</B
-> 
-above it, to disallow root logins over the network.  I also added a 
+>
+above it, to disallow root logins over the network.  I also added a
 <B
 CLASS="COMMAND"
 >sufficient /lib/security/pam_unix.so use_first_pass</B
@@ -1252,8 +1138,23 @@ CLASS="COMMAND"
 line after the <B
 CLASS="COMMAND"
 >winbind.so</B
-> line to get rid of annoying 
+> line to get rid of annoying
 double prompts for passwords.</P
+><P
+>Note that a Solaris <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass</PRE
+></P
 ></DIV
 ></DIV
 ></DIV
@@ -1262,38 +1163,28 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN292"
+NAME="AEN274"
 >Limitations</A
 ></H1
 ><P
->Winbind has a number of limitations in its current 
-	released version that we hope to overcome in future 
+>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
 	releases:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->Winbind is currently only available for 
-		the Linux operating system, although ports to other operating 
-		systems are certainly possible. For such ports to be feasible, 
-		we require the C library of the target operating system to 
-		support the Name Service Switch and Pluggable Authentication
-		Modules systems. This is becoming more common as NSS and 
-		PAM gain	support among UNIX vendors.</P
-></LI
-><LI
-><P
->The mappings of Windows NT RIDs to UNIX ids 
-		is not made algorithmically and depends on the order in which 
-		unmapped users or groups are seen by winbind. It may be difficult 
-		to recover the mappings of rid to UNIX id mapping if the file 
+>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
 		containing this information is corrupted or destroyed.</P
 ></LI
 ><LI
 ><P
->Currently the winbind PAM module does not take 
-		into account possible workstation and logon time restrictions 
+>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
 		that may be been set for Windows NT users.</P
 ></LI
 ></UL
@@ -1303,7 +1194,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN302"
+NAME="AEN282"
 >Conclusion</A
 ></H1
 ><P
author	Gerald Carter <jerry@samba.org>	2002-08-28 23:13:32 +0000
committer	Gerald Carter <jerry@samba.org>	2002-08-28 23:13:32 +0000
commit	f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1 (patch)
tree	6a82f5d6ae181cc7b009b9d9238a9ec3075073d7 /docs/htmldocs
parent	eb7ce6ae02a5eea505a9c971c47e3048a6bfe171 (diff)
download	samba-f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1.tar.gz samba-f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1.tar.xz samba-f0a44a06d0640383cdafd7c6bcfbb2d71d91fcb1.zip