338 files changed, 32183 insertions, 17373 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b2bb4efdd3e..80a319d1cdf 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,5 +1,5 @@
-              WHATS NEW IN Samba 2.2.0a:  23rd June 2001
-              ==========================================
+              WHATS NEW IN Samba 2.2.1:  8th July 2001
+              ========================================
 
 SECURITY FIX
 ============
diff --git a/docs/NT4-Locking.reg b/docs/NT4-Locking.reg
index a550d52a725..6175fd51459 100644
--- a/docs/NT4-Locking.reg
+++ b/docs/NT4-Locking.reg
@@ -1,7 +1,8 @@
 REGEDIT4

 

 ;Contributor:   John H Terpstra <jht@samba.org>

-;Updated:	Feb 15, 1999

+;Corrected: Stefan Kanthak <skanthak@nexgo.de>

+;Updated: Jun 25, 2001

 ;

 ;Subject:	Registry Entries That Affect Locking and Caching

 

@@ -15,9 +16,9 @@ REGEDIT4
 "UtilizeNtCaching"=dword:00000000

 

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem]

-"Win95TruncateExtensions"=dword:00000000

+"Win95TruncatedExtensions"=dword:00000000

+"NTFSDisable8dot3NameCreation"=dword:00000001

 

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters]

 "EnableOpLockForceClose"=dword:00000001

 "EnableOpLocks"=dword:00000000

-

diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf
index bcd4cb2df40..a68a19f3b4c 100644
--- a/docs/Samba-HOWTO-Collection.pdf
+++ b/docs/Samba-HOWTO-Collection.pdf
@@ -1,6 +1,6 @@
 %PDF-1.2
 %âãÏÓ
-1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20010415041942Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj
+1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20010622202415Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj
 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj
 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj
 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj
@@ -9,492 +9,487 @@
 7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Roman/Encoding 2 0 R>>endobj
 8 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Bold/Encoding 2 0 R>>endobj
 9 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Italic/Encoding 2 0 R>>endobj
-10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-BoldItalic/Encoding 2 0 R>>endobj
-11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
-12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
-13 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
-14 0 obj<</Subtype/Link/Rect[83.0 625.4 223.9 638.4]/Border[0 0 0]/Dest[486 0 R/XYZ null 798 0]>>endobj
-15 0 obj<</Subtype/Link/Rect[108.0 612.2 230.5 625.2]/Border[0 0 0]/Dest[489 0 R/XYZ null 798 0]>>endobj
-16 0 obj<</Subtype/Link/Rect[108.0 599.0 235.7 612.0]/Border[0 0 0]/Dest[492 0 R/XYZ null 798 0]>>endobj
-17 0 obj<</Subtype/Link/Rect[108.0 585.8 239.1 598.8]/Border[0 0 0]/Dest[495 0 R/XYZ null 798 0]>>endobj
-18 0 obj<</Subtype/Link/Rect[108.0 572.6 290.4 585.6]/Border[0 0 0]/Dest[498 0 R/XYZ null 798 0]>>endobj
-19 0 obj<</Subtype/Link/Rect[108.0 559.4 296.2 572.4]/Border[0 0 0]/Dest[501 0 R/XYZ null 798 0]>>endobj
-20 0 obj<</Subtype/Link/Rect[108.0 546.2 265.7 559.2]/Border[0 0 0]/Dest[504 0 R/XYZ null 798 0]>>endobj
-21 0 obj<</Subtype/Link/Rect[144.0 533.0 288.5 546.0]/Border[0 0 0]/Dest[504 0 R/XYZ null 611 0]>>endobj
-22 0 obj<</Subtype/Link/Rect[144.0 519.8 338.9 532.8]/Border[0 0 0]/Dest[507 0 R/XYZ null 783 0]>>endobj
-23 0 obj<</Subtype/Link/Rect[108.0 506.6 348.2 519.6]/Border[0 0 0]/Dest[510 0 R/XYZ null 798 0]>>endobj
-24 0 obj<</Subtype/Link/Rect[108.0 493.4 294.7 506.4]/Border[0 0 0]/Dest[513 0 R/XYZ null 798 0]>>endobj
-25 0 obj<</Subtype/Link/Rect[108.0 480.2 484.1 493.2]/Border[0 0 0]/Dest[516 0 R/XYZ null 798 0]>>endobj
-26 0 obj<</Subtype/Link/Rect[108.0 467.0 232.6 480.0]/Border[0 0 0]/Dest[519 0 R/XYZ null 798 0]>>endobj
-27 0 obj<</Subtype/Link/Rect[144.0 453.8 240.3 466.8]/Border[0 0 0]/Dest[519 0 R/XYZ null 585 0]>>endobj
-28 0 obj<</Subtype/Link/Rect[144.0 440.6 188.9 453.6]/Border[0 0 0]/Dest[519 0 R/XYZ null 510 0]>>endobj
-29 0 obj<</Subtype/Link/Rect[144.0 427.4 270.2 440.4]/Border[0 0 0]/Dest[519 0 R/XYZ null 395 0]>>endobj
-30 0 obj<</Subtype/Link/Rect[144.0 414.2 298.6 427.2]/Border[0 0 0]/Dest[522 0 R/XYZ null 741 0]>>endobj
-31 0 obj<</Subtype/Link/Rect[144.0 401.0 179.4 414.0]/Border[0 0 0]/Dest[522 0 R/XYZ null 613 0]>>endobj
-32 0 obj<</Subtype/Link/Rect[144.0 387.8 236.0 400.8]/Border[0 0 0]/Dest[525 0 R/XYZ null 783 0]>>endobj
-33 0 obj<</Subtype/Link/Rect[144.0 374.6 238.1 387.6]/Border[0 0 0]/Dest[525 0 R/XYZ null 694 0]>>endobj
-34 0 obj<</Subtype/Link/Rect[83.0 361.4 313.4 374.4]/Border[0 0 0]/Dest[528 0 R/XYZ null 798 0]>>endobj
-35 0 obj<</Subtype/Link/Rect[108.0 348.2 163.0 361.2]/Border[0 0 0]/Dest[531 0 R/XYZ null 798 0]>>endobj
-36 0 obj<</Subtype/Link/Rect[108.0 335.0 190.8 348.0]/Border[0 0 0]/Dest[534 0 R/XYZ null 798 0]>>endobj
-37 0 obj<</Subtype/Link/Rect[108.0 321.8 247.6 334.8]/Border[0 0 0]/Dest[537 0 R/XYZ null 798 0]>>endobj
-38 0 obj<</Subtype/Link/Rect[144.0 308.6 282.4 321.6]/Border[0 0 0]/Dest[537 0 R/XYZ null 203 0]>>endobj
-39 0 obj<</Subtype/Link/Rect[144.0 295.4 325.9 308.4]/Border[0 0 0]/Dest[540 0 R/XYZ null 701 0]>>endobj
-40 0 obj<</Subtype/Link/Rect[108.0 282.2 194.2 295.2]/Border[0 0 0]/Dest[543 0 R/XYZ null 798 0]>>endobj
-41 0 obj<</Subtype/Link/Rect[108.0 269.0 225.3 282.0]/Border[0 0 0]/Dest[549 0 R/XYZ null 798 0]>>endobj
-42 0 obj<</Subtype/Link/Rect[108.0 255.8 344.5 268.8]/Border[0 0 0]/Dest[552 0 R/XYZ null 798 0]>>endobj
-43 0 obj<</Subtype/Link/Rect[83.0 242.6 344.5 255.6]/Border[0 0 0]/Dest[555 0 R/XYZ null 798 0]>>endobj
-44 0 obj<</Subtype/Link/Rect[108.0 229.4 160.6 242.4]/Border[0 0 0]/Dest[558 0 R/XYZ null 798 0]>>endobj
-45 0 obj<</Subtype/Link/Rect[144.0 216.2 169.1 229.2]/Border[0 0 0]/Dest[561 0 R/XYZ null 754 0]>>endobj
-46 0 obj<</Subtype/Link/Rect[83.0 203.0 225.4 216.0]/Border[0 0 0]/Dest[564 0 R/XYZ null 798 0]>>endobj
-47 0 obj<</Subtype/Link/Rect[108.0 189.8 163.0 202.8]/Border[0 0 0]/Dest[567 0 R/XYZ null 798 0]>>endobj
-48 0 obj<</Subtype/Link/Rect[108.0 176.6 170.3 189.6]/Border[0 0 0]/Dest[570 0 R/XYZ null 798 0]>>endobj
-49 0 obj<</Subtype/Link/Rect[144.0 163.4 298.3 176.4]/Border[0 0 0]/Dest[576 0 R/XYZ null 741 0]>>endobj
-50 0 obj<</Subtype/Link/Rect[108.0 150.2 199.7 163.2]/Border[0 0 0]/Dest[579 0 R/XYZ null 798 0]>>endobj
-51 0 obj<</Subtype/Link/Rect[144.0 137.0 222.8 150.0]/Border[0 0 0]/Dest[579 0 R/XYZ null 664 0]>>endobj
-52 0 obj<</Subtype/Link/Rect[144.0 123.8 294.6 136.8]/Border[0 0 0]/Dest[579 0 R/XYZ null 457 0]>>endobj
-53 0 obj<</Subtype/Link/Rect[144.0 110.6 230.8 123.6]/Border[0 0 0]/Dest[579 0 R/XYZ null 355 0]>>endobj
-54 0 obj<</Subtype/Link/Rect[144.0 97.4 243.6 110.4]/Border[0 0 0]/Dest[579 0 R/XYZ null 240 0]>>endobj
-55 0 obj<</Subtype/Link/Rect[108.0 84.2 282.5 97.2]/Border[0 0 0]/Dest[585 0 R/XYZ null 798 0]>>endobj
-56 0 obj<</Subtype/Link/Rect[83.0 71.0 223.6 84.0]/Border[0 0 0]/Dest[588 0 R/XYZ null 798 0]>>endobj
-57 0 obj[14 0 R
-15 0 R
+10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
+11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
+12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
+13 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+14 0 obj<</Subtype/Link/Rect[188.4 476.2 289.8 489.2]/Border[0 0 0]/A 13 0 R>>endobj
+15 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
+16 0 obj<</Subtype/Link/Rect[72.0 463.0 148.4 476.0]/Border[0 0 0]/A 15 0 R>>endobj
+17 0 obj[14 0 R
 16 0 R
-17 0 R
-18 0 R
-19 0 R
-20 0 R
-21 0 R
-22 0 R
-23 0 R
+]endobj
+18 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+19 0 obj<</Subtype/Link/Rect[369.9 587.8 471.0 600.8]/Border[0 0 0]/A 18 0 R>>endobj
+20 0 obj[19 0 R
+]endobj
+21 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+22 0 obj<</Subtype/Link/Rect[176.8 381.8 270.6 394.8]/Border[0 0 0]/A 21 0 R>>endobj
+23 0 obj<</S/URI/URI(#PASSWORDLEVEL)>>endobj
+24 0 obj<</Subtype/Link/Rect[73.0 118.8 154.0 129.8]/Border[0 0 0]/A 23 0 R>>endobj
+25 0 obj<</S/URI/URI(#USERNAMELEVEL)>>endobj
+26 0 obj<</Subtype/Link/Rect[73.0 108.0 148.6 119.0]/Border[0 0 0]/A 25 0 R>>endobj
+27 0 obj[22 0 R
 24 0 R
-25 0 R
 26 0 R
-27 0 R
-28 0 R
-29 0 R
-30 0 R
+]endobj
+28 0 obj<</S/URI/URI(winbind.html)>>endobj
+29 0 obj<</Subtype/Link/Rect[508.9 602.2 547.4 615.2]/Border[0 0 0]/A 28 0 R>>endobj
+30 0 obj<</S/URI/URI(winbind.html)>>endobj
+31 0 obj<</Subtype/Link/Rect[72.0 589.0 115.4 602.0]/Border[0 0 0]/A 30 0 R>>endobj
+32 0 obj[29 0 R
 31 0 R
-32 0 R
-33 0 R
-34 0 R
-35 0 R
-36 0 R
-37 0 R
-38 0 R
+]endobj
+33 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj
+34 0 obj<</Subtype/Link/Rect[120.9 102.2 222.3 115.2]/Border[0 0 0]/A 33 0 R>>endobj
+35 0 obj[34 0 R
+]endobj
+36 0 obj<</S/URI/URI(#OBEYPAMRESTRICTIONS)>>endobj
+37 0 obj<</Subtype/Link/Rect[238.2 662.6 332.9 675.6]/Border[0 0 0]/A 36 0 R>>endobj
+38 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+39 0 obj<</Subtype/Link/Rect[344.2 583.4 454.9 596.4]/Border[0 0 0]/A 38 0 R>>endobj
+40 0 obj[37 0 R
 39 0 R
-40 0 R
-41 0 R
-42 0 R
-43 0 R
+]endobj
+41 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
+42 0 obj<</Subtype/Link/Rect[72.0 590.2 183.5 603.2]/Border[0 0 0]/A 41 0 R>>endobj
+43 0 obj<</S/URI/URI(#HOSTMSDFS)>>endobj
+44 0 obj<</Subtype/Link/Rect[347.8 511.0 420.4 524.0]/Border[0 0 0]/A 43 0 R>>endobj
+45 0 obj<</S/URI/URI(#MSDFSROOT)>>endobj
+46 0 obj<</Subtype/Link/Rect[383.6 497.8 456.2 510.8]/Border[0 0 0]/A 45 0 R>>endobj
+47 0 obj[42 0 R
 44 0 R
-45 0 R
 46 0 R
-47 0 R
-48 0 R
-49 0 R
-50 0 R
-51 0 R
-52 0 R
-53 0 R
+]endobj
+48 0 obj<</S/URI/URI(#NTACLSUPPORT)>>endobj
+49 0 obj<</Subtype/Link/Rect[342.7 533.8 441.7 546.8]/Border[0 0 0]/A 48 0 R>>endobj
+50 0 obj[49 0 R
+]endobj
+51 0 obj<</S/URI/URI(#SECURITYMASK)>>endobj
+52 0 obj<</Subtype/Link/Rect[88.2 668.2 180.6 681.2]/Border[0 0 0]/A 51 0 R>>endobj
+53 0 obj<</S/URI/URI(#CREATEMASK)>>endobj
+54 0 obj<</Subtype/Link/Rect[358.9 589.0 438.1 602.0]/Border[0 0 0]/A 53 0 R>>endobj
+55 0 obj<</S/URI/URI(#FORCESECURITYMODE)>>endobj
+56 0 obj<</Subtype/Link/Rect[427.0 536.2 526.0 549.2]/Border[0 0 0]/A 55 0 R>>endobj
+57 0 obj<</S/URI/URI(#FORCESECURITYMODE)>>endobj
+58 0 obj<</Subtype/Link/Rect[72.0 523.0 98.4 536.0]/Border[0 0 0]/A 57 0 R>>endobj
+59 0 obj<</S/URI/URI(#FORCECREATEMODE)>>endobj
+60 0 obj<</Subtype/Link/Rect[358.9 443.8 477.7 456.8]/Border[0 0 0]/A 59 0 R>>endobj
+61 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+62 0 obj<</Subtype/Link/Rect[72.0 166.6 151.2 179.6]/Border[0 0 0]/A 61 0 R>>endobj
+63 0 obj[52 0 R
 54 0 R
-55 0 R
 56 0 R
-]endobj
-58 0 obj<</Subtype/Link/Rect[108.0 721.0 280.0 734.0]/Border[0 0 0]/Dest[591 0 R/XYZ null 798 0]>>endobj
-59 0 obj<</Subtype/Link/Rect[108.0 707.8 267.5 720.8]/Border[0 0 0]/Dest[597 0 R/XYZ null 798 0]>>endobj
-60 0 obj<</Subtype/Link/Rect[108.0 694.6 290.5 707.6]/Border[0 0 0]/Dest[600 0 R/XYZ null 798 0]>>endobj
-61 0 obj<</Subtype/Link/Rect[83.0 681.4 366.9 694.4]/Border[0 0 0]/Dest[603 0 R/XYZ null 798 0]>>endobj
-62 0 obj<</Subtype/Link/Rect[108.0 668.2 161.8 681.2]/Border[0 0 0]/Dest[606 0 R/XYZ null 798 0]>>endobj
-63 0 obj<</Subtype/Link/Rect[108.0 655.0 298.1 668.0]/Border[0 0 0]/Dest[612 0 R/XYZ null 798 0]>>endobj
-64 0 obj<</Subtype/Link/Rect[108.0 641.8 414.8 654.8]/Border[0 0 0]/Dest[618 0 R/XYZ null 798 0]>>endobj
-65 0 obj<</Subtype/Link/Rect[108.0 628.6 244.0 641.6]/Border[0 0 0]/Dest[624 0 R/XYZ null 798 0]>>endobj
-66 0 obj<</Subtype/Link/Rect[108.0 615.4 233.6 628.4]/Border[0 0 0]/Dest[630 0 R/XYZ null 798 0]>>endobj
-67 0 obj<</Subtype/Link/Rect[108.0 602.2 228.4 615.2]/Border[0 0 0]/Dest[636 0 R/XYZ null 798 0]>>endobj
-68 0 obj<</Subtype/Link/Rect[144.0 589.0 222.2 602.0]/Border[0 0 0]/Dest[639 0 R/XYZ null 266 0]>>endobj
-69 0 obj<</Subtype/Link/Rect[144.0 575.8 202.4 588.8]/Border[0 0 0]/Dest[642 0 R/XYZ null 609 0]>>endobj
-70 0 obj<</Subtype/Link/Rect[108.0 562.6 404.4 575.6]/Border[0 0 0]/Dest[648 0 R/XYZ null 798 0]>>endobj
-71 0 obj<</Subtype/Link/Rect[83.0 549.4 360.5 562.4]/Border[0 0 0]/Dest[654 0 R/XYZ null 798 0]>>endobj
-72 0 obj<</Subtype/Link/Rect[108.0 536.2 145.3 549.2]/Border[0 0 0]/Dest[657 0 R/XYZ null 798 0]>>endobj
-73 0 obj<</Subtype/Link/Rect[108.0 523.0 163.0 536.0]/Border[0 0 0]/Dest[660 0 R/XYZ null 798 0]>>endobj
-74 0 obj<</Subtype/Link/Rect[108.0 509.8 213.1 522.8]/Border[0 0 0]/Dest[663 0 R/XYZ null 798 0]>>endobj
-75 0 obj<</Subtype/Link/Rect[144.0 496.6 197.5 509.6]/Border[0 0 0]/Dest[663 0 R/XYZ null 426 0]>>endobj
-76 0 obj<</Subtype/Link/Rect[108.0 483.4 199.7 496.4]/Border[0 0 0]/Dest[666 0 R/XYZ null 798 0]>>endobj
-77 0 obj<</Subtype/Link/Rect[144.0 470.2 297.7 483.2]/Border[0 0 0]/Dest[666 0 R/XYZ null 651 0]>>endobj
-78 0 obj<</Subtype/Link/Rect[144.0 457.0 236.9 470.0]/Border[0 0 0]/Dest[666 0 R/XYZ null 444 0]>>endobj
-79 0 obj<</Subtype/Link/Rect[144.0 443.8 297.4 456.8]/Border[0 0 0]/Dest[669 0 R/XYZ null 662 0]>>endobj
-80 0 obj<</Subtype/Link/Rect[144.0 430.6 279.0 443.6]/Border[0 0 0]/Dest[669 0 R/XYZ null 349 0]>>endobj
-81 0 obj<</Subtype/Link/Rect[144.0 417.4 211.5 430.4]/Border[0 0 0]/Dest[672 0 R/XYZ null 783 0]>>endobj
-82 0 obj<</Subtype/Link/Rect[108.0 404.2 243.1 417.2]/Border[0 0 0]/Dest[675 0 R/XYZ null 798 0]>>endobj
-83 0 obj<</Subtype/Link/Rect[108.0 391.0 158.1 404.0]/Border[0 0 0]/Dest[678 0 R/XYZ null 798 0]>>endobj
-84 0 obj<</Subtype/Link/Rect[108.0 377.8 158.1 390.8]/Border[0 0 0]/Dest[681 0 R/XYZ null 798 0]>>endobj
-85 0 obj<</Subtype/Link/Rect[83.0 364.6 353.1 377.6]/Border[0 0 0]/Dest[684 0 R/XYZ null 798 0]>>endobj
-86 0 obj<</Subtype/Link/Rect[108.0 351.4 425.2 364.4]/Border[0 0 0]/Dest[687 0 R/XYZ null 798 0]>>endobj
-87 0 obj<</Subtype/Link/Rect[108.0 338.2 299.3 351.2]/Border[0 0 0]/Dest[690 0 R/XYZ null 798 0]>>endobj
-88 0 obj<</Subtype/Link/Rect[108.0 325.0 209.5 338.0]/Border[0 0 0]/Dest[693 0 R/XYZ null 798 0]>>endobj
-89 0 obj<</Subtype/Link/Rect[108.0 311.8 271.8 324.8]/Border[0 0 0]/Dest[696 0 R/XYZ null 798 0]>>endobj
-90 0 obj<</Subtype/Link/Rect[144.0 298.6 218.2 311.6]/Border[0 0 0]/Dest[696 0 R/XYZ null 532 0]>>endobj
-91 0 obj<</Subtype/Link/Rect[144.0 285.4 243.3 298.4]/Border[0 0 0]/Dest[696 0 R/XYZ null 272 0]>>endobj
-92 0 obj<</Subtype/Link/Rect[108.0 272.2 280.9 285.2]/Border[0 0 0]/Dest[702 0 R/XYZ null 798 0]>>endobj
-93 0 obj<</Subtype/Link/Rect[108.0 259.0 380.5 272.0]/Border[0 0 0]/Dest[705 0 R/XYZ null 798 0]>>endobj
-94 0 obj<</Subtype/Link/Rect[108.0 245.8 370.8 258.8]/Border[0 0 0]/Dest[711 0 R/XYZ null 798 0]>>endobj
-95 0 obj<</Subtype/Link/Rect[83.0 232.6 173.4 245.6]/Border[0 0 0]/Dest[714 0 R/XYZ null 798 0]>>endobj
-96 0 obj<</Subtype/Link/Rect[108.0 219.4 133.7 232.4]/Border[0 0 0]/Dest[717 0 R/XYZ null 798 0]>>endobj
-97 0 obj<</Subtype/Link/Rect[144.0 206.2 503.3 219.2]/Border[0 0 0]/Dest[717 0 R/XYZ null 745 0]>>endobj
-98 0 obj<</Subtype/Link/Rect[144.0 193.0 506.7 206.0]/Border[0 0 0]/Dest[717 0 R/XYZ null 320 0]>>endobj
-99 0 obj<</Subtype/Link/Rect[144.0 179.8 459.9 192.8]/Border[0 0 0]/Dest[720 0 R/XYZ null 754 0]>>endobj
-100 0 obj<</Subtype/Link/Rect[144.0 166.6 429.1 179.6]/Border[0 0 0]/Dest[720 0 R/XYZ null 619 0]>>endobj
-101 0 obj[58 0 R
-59 0 R
+58 0 R
 60 0 R
-61 0 R
 62 0 R
-63 0 R
-64 0 R
-65 0 R
-66 0 R
+]endobj
+64 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
+65 0 obj<</Subtype/Link/Rect[146.5 548.2 280.3 561.2]/Border[0 0 0]/A 64 0 R>>endobj
+66 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
+67 0 obj<</Subtype/Link/Rect[221.4 521.8 341.1 534.8]/Border[0 0 0]/A 66 0 R>>endobj
+68 0 obj<</S/URI/URI(http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP)>>endobj
+69 0 obj<</Subtype/Link/Rect[72.0 297.4 355.9 310.4]/Border[0 0 0]/A 68 0 R>>endobj
+70 0 obj[65 0 R
 67 0 R
-68 0 R
 69 0 R
-70 0 R
-71 0 R
-72 0 R
+]endobj
+71 0 obj<</Subtype/Link/Rect[462.9 705.8 540.9 718.8]/Border[0 0 0]/Dest[603 0 R/XYZ null 768 0]>>endobj
+72 0 obj<</S/URI/URI(#WRITELIST)>>endobj
+73 0 obj<</Subtype/Link/Rect[91.9 313.4 157.9 326.4]/Border[0 0 0]/A 72 0 R>>endobj
+74 0 obj<</S/URI/URI(conf.5.html)>>endobj
+75 0 obj<</Subtype/Link/Rect[192.7 300.2 294.1 313.2]/Border[0 0 0]/A 74 0 R>>endobj
+76 0 obj<</S/URI/URI(#GUESTOK)>>endobj
+77 0 obj<</Subtype/Link/Rect[163.3 273.8 231.3 286.8]/Border[0 0 0]/A 76 0 R>>endobj
+78 0 obj<</S/URI/URI(#MAPTOGUEST)>>endobj
+79 0 obj<</Subtype/Link/Rect[401.4 168.2 492.0 181.2]/Border[0 0 0]/A 78 0 R>>endobj
+80 0 obj<</S/URI/URI(#MAPTOGUEST)>>endobj
+81 0 obj<</Subtype/Link/Rect[108.0 155.0 130.0 168.0]/Border[0 0 0]/A 80 0 R>>endobj
+82 0 obj[71 0 R
 73 0 R
-74 0 R
 75 0 R
-76 0 R
 77 0 R
-78 0 R
 79 0 R
-80 0 R
 81 0 R
-82 0 R
-83 0 R
-84 0 R
-85 0 R
-86 0 R
-87 0 R
-88 0 R
+]endobj
+83 0 obj<</S/URI/URI(#PRINTERADMIN)>>endobj
+84 0 obj<</Subtype/Link/Rect[433.8 567.8 526.2 580.8]/Border[0 0 0]/A 83 0 R>>endobj
+85 0 obj[84 0 R
+]endobj
+86 0 obj<</S/URI/URI(rpcclient.1.html)>>endobj
+87 0 obj<</Subtype/Link/Rect[239.1 583.4 382.1 596.4]/Border[0 0 0]/A 86 0 R>>endobj
+88 0 obj<</S/URI/URI(#SHOWADDPRINTERWIZARD)>>endobj
+89 0 obj<</Subtype/Link/Rect[108.0 159.0 306.0 172.0]/Border[0 0 0]/A 88 0 R>>endobj
+90 0 obj<</S/URI/URI(#ADDPRINTERCOMMAND)>>endobj
+91 0 obj<</Subtype/Link/Rect[456.6 132.6 535.8 145.6]/Border[0 0 0]/A 90 0 R>>endobj
+92 0 obj<</S/URI/URI(#ADDPRINTERCOMMAND)>>endobj
+93 0 obj<</Subtype/Link/Rect[72.0 119.4 118.2 132.4]/Border[0 0 0]/A 92 0 R>>endobj
+94 0 obj[87 0 R
 89 0 R
-90 0 R
 91 0 R
-92 0 R
 93 0 R
-94 0 R
-95 0 R
-96 0 R
-97 0 R
+]endobj
+95 0 obj<</S/URI/URI(#DELETEPRINTERCOMMAND)>>endobj
+96 0 obj<</Subtype/Link/Rect[189.3 681.4 334.5 694.4]/Border[0 0 0]/A 95 0 R>>endobj
+97 0 obj<</S/URI/URI(#ENUMPORTSCOMMAND)>>endobj
+98 0 obj<</Subtype/Link/Rect[451.4 504.2 510.8 517.2]/Border[0 0 0]/A 97 0 R>>endobj
+99 0 obj<</S/URI/URI(#ENUMPORTSCOMMAND)>>endobj
+100 0 obj<</Subtype/Link/Rect[72.0 491.0 118.2 504.0]/Border[0 0 0]/A 99 0 R>>endobj
+101 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+102 0 obj<</Subtype/Link/Rect[303.3 406.2 442.9 419.2]/Border[0 0 0]/A 101 0 R>>endobj
+103 0 obj[96 0 R
 98 0 R
-99 0 R
 100 0 R
+102 0 R
 ]endobj
-102 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
-103 0 obj<</Subtype/Link/Rect[369.9 617.8 471.0 630.8]/Border[0 0 0]/A 102 0 R>>endobj
-104 0 obj[103 0 R
-]endobj
-105 0 obj<</Subtype/Link/Rect[295.1 514.6 385.6 527.6]/Border[0 0 0]/Dest[543 0 R/XYZ null 798 0]>>endobj
+104 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+105 0 obj<</Subtype/Link/Rect[108.0 58.6 244.9 71.6]/Border[0 0 0]/A 104 0 R>>endobj
 106 0 obj[105 0 R
 ]endobj
-107 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
-108 0 obj<</Subtype/Link/Rect[72.0 644.2 183.5 657.2]/Border[0 0 0]/A 107 0 R>>endobj
-109 0 obj<</S/URI/URI(#HOSTMSDFS)>>endobj
-110 0 obj<</Subtype/Link/Rect[347.8 565.0 420.4 578.0]/Border[0 0 0]/A 109 0 R>>endobj
-111 0 obj<</S/URI/URI(#MSDFSROOT)>>endobj
-112 0 obj<</Subtype/Link/Rect[383.6 551.8 456.2 564.8]/Border[0 0 0]/A 111 0 R>>endobj
+107 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj
+108 0 obj<</Subtype/Link/Rect[221.4 416.2 287.7 429.2]/Border[0 0 0]/A 107 0 R>>endobj
+109 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+110 0 obj<</Subtype/Link/Rect[353.1 99.4 425.7 112.4]/Border[0 0 0]/A 109 0 R>>endobj
+111 0 obj<</S/URI/URI(#SECURITY)>>endobj
+112 0 obj<</Subtype/Link/Rect[169.1 59.8 241.7 72.8]/Border[0 0 0]/A 111 0 R>>endobj
 113 0 obj[108 0 R
 110 0 R
 112 0 R
 ]endobj
-114 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
-115 0 obj<</Subtype/Link/Rect[484.1 551.8 558.9 564.8]/Border[0 0 0]/A 114 0 R>>endobj
-116 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
-117 0 obj<</Subtype/Link/Rect[108.0 499.0 210.7 512.0]/Border[0 0 0]/A 116 0 R>>endobj
-118 0 obj[115 0 R
+114 0 obj<</S/URI/URI(#WORKGROUP)>>endobj
+115 0 obj<</Subtype/Link/Rect[146.2 694.6 225.4 707.6]/Border[0 0 0]/A 114 0 R>>endobj
+116 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+117 0 obj<</Subtype/Link/Rect[224.7 615.4 343.5 628.4]/Border[0 0 0]/A 116 0 R>>endobj
+118 0 obj<</S/URI/URI(#PASSWORDSERVER)>>endobj
+119 0 obj<</Subtype/Link/Rect[188.7 575.8 307.5 588.8]/Border[0 0 0]/A 118 0 R>>endobj
+120 0 obj[115 0 R
 117 0 R
+119 0 R
 ]endobj
-119 0 obj<</Subtype/Link/Rect[462.9 451.4 543.6 464.4]/Border[0 0 0]/Dest[585 0 R/XYZ null 798 0]>>endobj
-120 0 obj<</S/URI/URI(#WRITELIST)>>endobj
-121 0 obj<</Subtype/Link/Rect[91.9 281.2 164.5 294.2]/Border[0 0 0]/A 120 0 R>>endobj
-122 0 obj<</S/URI/URI(conf.5.html)>>endobj
-123 0 obj<</Subtype/Link/Rect[192.7 268.0 294.1 281.0]/Border[0 0 0]/A 122 0 R>>endobj
-124 0 obj<</S/URI/URI(#GUESTOK)>>endobj
-125 0 obj<</Subtype/Link/Rect[163.3 241.6 231.3 254.6]/Border[0 0 0]/A 124 0 R>>endobj
-126 0 obj<</S/URI/URI(#MAPTOGUEST)>>endobj
-127 0 obj<</Subtype/Link/Rect[427.4 149.2 545.5 162.2]/Border[0 0 0]/A 126 0 R>>endobj
-128 0 obj[119 0 R
-121 0 R
-123 0 R
-125 0 R
-127 0 R
+121 0 obj<</S/URI/URI(#SECURITYEQUALSSERVER)>>endobj
+122 0 obj<</Subtype/Link/Rect[277.9 651.4 354.1 664.4]/Border[0 0 0]/A 121 0 R>>endobj
+123 0 obj<</S/URI/URI(winbind.html)>>endobj
+124 0 obj<</Subtype/Link/Rect[153.9 598.6 222.3 611.6]/Border[0 0 0]/A 123 0 R>>endobj
+125 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
+126 0 obj<</Subtype/Link/Rect[443.5 281.8 500.6 294.8]/Border[0 0 0]/A 125 0 R>>endobj
+127 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
+128 0 obj<</Subtype/Link/Rect[72.0 268.6 189.3 281.6]/Border[0 0 0]/A 127 0 R>>endobj
+129 0 obj[122 0 R
+124 0 R
+126 0 R
+128 0 R
 ]endobj
-129 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
-130 0 obj<</Subtype/Link/Rect[433.8 467.6 526.2 480.6]/Border[0 0 0]/A 129 0 R>>endobj
-131 0 obj[130 0 R
+130 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+131 0 obj<</Subtype/Link/Rect[182.3 603.4 254.9 616.4]/Border[0 0 0]/A 130 0 R>>endobj
+132 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+133 0 obj<</Subtype/Link/Rect[334.9 603.4 418.9 616.4]/Border[0 0 0]/A 132 0 R>>endobj
+134 0 obj<</S/URI/URI(UNIX_INSTALL.html)>>endobj
+135 0 obj<</Subtype/Link/Rect[72.0 426.2 173.7 439.2]/Border[0 0 0]/A 134 0 R>>endobj
+136 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+137 0 obj<</Subtype/Link/Rect[167.0 413.0 268.4 426.0]/Border[0 0 0]/A 136 0 R>>endobj
+138 0 obj[131 0 R
+133 0 R
+135 0 R
+137 0 R
 ]endobj
-132 0 obj<</S/URI/URI(rpcclient.1.html)>>endobj
-133 0 obj<</Subtype/Link/Rect[239.1 619.4 384.8 632.4]/Border[0 0 0]/A 132 0 R>>endobj
-134 0 obj[133 0 R
-]endobj
-135 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
-136 0 obj<</Subtype/Link/Rect[303.3 670.6 442.9 683.6]/Border[0 0 0]/A 135 0 R>>endobj
-137 0 obj[136 0 R
-]endobj
-138 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
-139 0 obj<</Subtype/Link/Rect[283.1 170.2 402.5 183.2]/Border[0 0 0]/A 138 0 R>>endobj
-140 0 obj[139 0 R
-]endobj
-141 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj
-142 0 obj<</Subtype/Link/Rect[221.4 446.2 287.7 459.2]/Border[0 0 0]/A 141 0 R>>endobj
-143 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
-144 0 obj<</Subtype/Link/Rect[353.1 129.4 425.7 142.4]/Border[0 0 0]/A 143 0 R>>endobj
-145 0 obj<</S/URI/URI(#SECURITY)>>endobj
-146 0 obj<</Subtype/Link/Rect[169.1 89.8 241.7 102.8]/Border[0 0 0]/A 145 0 R>>endobj
-147 0 obj[142 0 R
+139 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+140 0 obj<</Subtype/Link/Rect[468.3 570.2 549.6 583.2]/Border[0 0 0]/A 139 0 R>>endobj
+141 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+142 0 obj<</Subtype/Link/Rect[72.0 557.0 92.8 570.0]/Border[0 0 0]/A 141 0 R>>endobj
+143 0 obj<</S/URI/URI(#NETBIOSNAME)>>endobj
+144 0 obj<</Subtype/Link/Rect[94.6 483.6 159.4 494.6]/Border[0 0 0]/A 143 0 R>>endobj
+145 0 obj<</S/URI/URI(#WORKGROUP)>>endobj
+146 0 obj<</Subtype/Link/Rect[94.6 472.8 143.2 483.8]/Border[0 0 0]/A 145 0 R>>endobj
+147 0 obj<</S/URI/URI(#OSLEVEL)>>endobj
+148 0 obj<</Subtype/Link/Rect[94.6 440.4 137.8 451.4]/Border[0 0 0]/A 147 0 R>>endobj
+149 0 obj<</S/URI/URI(#PERFERREDMASTER)>>endobj
+150 0 obj<</Subtype/Link/Rect[94.6 429.6 181.0 440.6]/Border[0 0 0]/A 149 0 R>>endobj
+151 0 obj<</S/URI/URI(#DOMAINMASTER)>>endobj
+152 0 obj<</Subtype/Link/Rect[94.6 418.8 164.8 429.8]/Border[0 0 0]/A 151 0 R>>endobj
+153 0 obj<</S/URI/URI(#LOCALMASTER)>>endobj
+154 0 obj<</Subtype/Link/Rect[94.6 408.0 159.4 419.0]/Border[0 0 0]/A 153 0 R>>endobj
+155 0 obj<</S/URI/URI(#SECURITYEQUALSUSER)>>endobj
+156 0 obj<</Subtype/Link/Rect[94.6 375.6 137.8 386.6]/Border[0 0 0]/A 155 0 R>>endobj
+157 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+158 0 obj<</Subtype/Link/Rect[94.6 343.2 186.4 354.2]/Border[0 0 0]/A 157 0 R>>endobj
+159 0 obj<</S/URI/URI(#DOMAINLOGONS)>>endobj
+160 0 obj<</Subtype/Link/Rect[94.6 310.8 164.8 321.8]/Border[0 0 0]/A 159 0 R>>endobj
+161 0 obj<</S/URI/URI(#LOGONPATH)>>endobj
+162 0 obj<</Subtype/Link/Rect[94.6 278.4 148.6 289.4]/Border[0 0 0]/A 161 0 R>>endobj
+163 0 obj<</S/URI/URI(#LOGONDRIVE)>>endobj
+164 0 obj<</Subtype/Link/Rect[94.6 235.2 154.0 246.2]/Border[0 0 0]/A 163 0 R>>endobj
+165 0 obj<</S/URI/URI(#LOGONHOME)>>endobj
+166 0 obj<</Subtype/Link/Rect[94.6 224.4 148.6 235.4]/Border[0 0 0]/A 165 0 R>>endobj
+167 0 obj<</S/URI/URI(#LOGONSCRIPT)>>endobj
+168 0 obj<</Subtype/Link/Rect[94.6 181.2 159.4 192.2]/Border[0 0 0]/A 167 0 R>>endobj
+169 0 obj<</S/URI/URI(#PATH)>>endobj
+170 0 obj<</Subtype/Link/Rect[94.6 138.0 116.2 149.0]/Border[0 0 0]/A 169 0 R>>endobj
+171 0 obj<</S/URI/URI(#WRITEABLE)>>endobj
+172 0 obj<</Subtype/Link/Rect[94.6 127.2 143.2 138.2]/Border[0 0 0]/A 171 0 R>>endobj
+173 0 obj<</S/URI/URI(#WRITELIST)>>endobj
+174 0 obj<</Subtype/Link/Rect[94.6 116.4 148.6 127.4]/Border[0 0 0]/A 173 0 R>>endobj
+175 0 obj<</S/URI/URI(#PATH)>>endobj
+176 0 obj<</Subtype/Link/Rect[94.6 73.2 116.2 84.2]/Border[0 0 0]/A 175 0 R>>endobj
+177 0 obj<</S/URI/URI(#WRITEABLE)>>endobj
+178 0 obj<</Subtype/Link/Rect[94.6 62.4 143.2 73.4]/Border[0 0 0]/A 177 0 R>>endobj
+179 0 obj[140 0 R
+142 0 R
 144 0 R
 146 0 R
-]endobj
-148 0 obj<</S/URI/URI(#WORKGROUP)>>endobj
-149 0 obj<</Subtype/Link/Rect[146.2 721.0 225.4 734.0]/Border[0 0 0]/A 148 0 R>>endobj
-150 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
-151 0 obj<</Subtype/Link/Rect[224.7 641.8 343.5 654.8]/Border[0 0 0]/A 150 0 R>>endobj
-152 0 obj<</S/URI/URI(#PASSWORDSERVER)>>endobj
-153 0 obj<</Subtype/Link/Rect[188.7 602.2 307.5 615.2]/Border[0 0 0]/A 152 0 R>>endobj
-154 0 obj[149 0 R
-151 0 R
-153 0 R
-]endobj
-155 0 obj<</S/URI/URI(#SECURITYEQUALSSERVER)>>endobj
-156 0 obj<</Subtype/Link/Rect[277.9 644.2 354.1 657.2]/Border[0 0 0]/A 155 0 R>>endobj
-157 0 obj<</S/URI/URI(winbind.html)>>endobj
-158 0 obj<</Subtype/Link/Rect[153.9 591.4 222.3 604.4]/Border[0 0 0]/A 157 0 R>>endobj
-159 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
-160 0 obj<</Subtype/Link/Rect[443.5 274.6 500.6 287.6]/Border[0 0 0]/A 159 0 R>>endobj
-161 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
-162 0 obj<</Subtype/Link/Rect[72.0 261.4 189.3 274.4]/Border[0 0 0]/A 161 0 R>>endobj
-163 0 obj[156 0 R
+148 0 R
+150 0 R
+152 0 R
+154 0 R
+156 0 R
 158 0 R
 160 0 R
 162 0 R
-]endobj
-164 0 obj<</S/URI/URI(UNIX_INSTALL.html)>>endobj
-165 0 obj<</Subtype/Link/Rect[446.0 116.2 547.7 129.2]/Border[0 0 0]/A 164 0 R>>endobj
-166 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
-167 0 obj<</Subtype/Link/Rect[72.0 89.8 173.4 102.8]/Border[0 0 0]/A 166 0 R>>endobj
-168 0 obj[165 0 R
-167 0 R
-]endobj
-169 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
-170 0 obj<</Subtype/Link/Rect[468.3 670.6 549.6 683.6]/Border[0 0 0]/A 169 0 R>>endobj
-171 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
-172 0 obj<</Subtype/Link/Rect[72.0 657.4 92.8 670.4]/Border[0 0 0]/A 171 0 R>>endobj
-173 0 obj<</S/URI/URI(#NETBIOSNAME)>>endobj
-174 0 obj<</Subtype/Link/Rect[93.6 585.0 158.4 596.0]/Border[0 0 0]/A 173 0 R>>endobj
-175 0 obj<</S/URI/URI(#WORKGROUP)>>endobj
-176 0 obj<</Subtype/Link/Rect[93.6 574.2 142.2 585.2]/Border[0 0 0]/A 175 0 R>>endobj
-177 0 obj<</S/URI/URI(#OSLEVEL)>>endobj
-178 0 obj<</Subtype/Link/Rect[93.6 541.8 136.8 552.8]/Border[0 0 0]/A 177 0 R>>endobj
-179 0 obj<</S/URI/URI(#PERFERREDMASTER)>>endobj
-180 0 obj<</Subtype/Link/Rect[93.6 531.0 180.0 542.0]/Border[0 0 0]/A 179 0 R>>endobj
-181 0 obj<</S/URI/URI(#DOMAINMASTER)>>endobj
-182 0 obj<</Subtype/Link/Rect[93.6 520.2 163.8 531.2]/Border[0 0 0]/A 181 0 R>>endobj
-183 0 obj<</S/URI/URI(#LOCALMASTER)>>endobj
-184 0 obj<</Subtype/Link/Rect[93.6 509.4 158.4 520.4]/Border[0 0 0]/A 183 0 R>>endobj
-185 0 obj<</S/URI/URI(#SECURITYEQUALSUSER)>>endobj
-186 0 obj<</Subtype/Link/Rect[93.6 477.0 136.8 488.0]/Border[0 0 0]/A 185 0 R>>endobj
-187 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
-188 0 obj<</Subtype/Link/Rect[93.6 444.6 185.4 455.6]/Border[0 0 0]/A 187 0 R>>endobj
-189 0 obj<</S/URI/URI(#DOMAINLOGONS)>>endobj
-190 0 obj<</Subtype/Link/Rect[93.6 412.2 163.8 423.2]/Border[0 0 0]/A 189 0 R>>endobj
-191 0 obj<</S/URI/URI(#LOGONPATH)>>endobj
-192 0 obj<</Subtype/Link/Rect[93.6 379.8 147.6 390.8]/Border[0 0 0]/A 191 0 R>>endobj
-193 0 obj<</S/URI/URI(#LOGONDRIVE)>>endobj
-194 0 obj<</Subtype/Link/Rect[93.6 336.6 153.0 347.6]/Border[0 0 0]/A 193 0 R>>endobj
-195 0 obj<</S/URI/URI(#LOGONHOME)>>endobj
-196 0 obj<</Subtype/Link/Rect[93.6 325.8 147.6 336.8]/Border[0 0 0]/A 195 0 R>>endobj
-197 0 obj<</S/URI/URI(#LOGONSCRIPT)>>endobj
-198 0 obj<</Subtype/Link/Rect[93.6 282.6 158.4 293.6]/Border[0 0 0]/A 197 0 R>>endobj
-199 0 obj<</S/URI/URI(#PATH)>>endobj
-200 0 obj<</Subtype/Link/Rect[93.6 239.4 115.2 250.4]/Border[0 0 0]/A 199 0 R>>endobj
-201 0 obj<</S/URI/URI(#WRITEABLE)>>endobj
-202 0 obj<</Subtype/Link/Rect[93.6 228.6 142.2 239.6]/Border[0 0 0]/A 201 0 R>>endobj
-203 0 obj<</S/URI/URI(#WRITELIST)>>endobj
-204 0 obj<</Subtype/Link/Rect[93.6 217.8 147.6 228.8]/Border[0 0 0]/A 203 0 R>>endobj
-205 0 obj<</S/URI/URI(#PATH)>>endobj
-206 0 obj<</Subtype/Link/Rect[93.6 174.6 115.2 185.6]/Border[0 0 0]/A 205 0 R>>endobj
-207 0 obj<</S/URI/URI(#WRITEABLE)>>endobj
-208 0 obj<</Subtype/Link/Rect[93.6 163.8 142.2 174.8]/Border[0 0 0]/A 207 0 R>>endobj
-209 0 obj<</S/URI/URI(#CREATEMASK)>>endobj
-210 0 obj<</Subtype/Link/Rect[93.6 153.0 153.0 164.0]/Border[0 0 0]/A 209 0 R>>endobj
-211 0 obj<</S/URI/URI(#DIRECTORYMASK)>>endobj
-212 0 obj<</Subtype/Link/Rect[93.6 142.2 169.2 153.2]/Border[0 0 0]/A 211 0 R>>endobj
-213 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
-214 0 obj<</Subtype/Link/Rect[108.0 65.2 200.6 78.2]/Border[0 0 0]/A 213 0 R>>endobj
-215 0 obj[170 0 R
+164 0 R
+166 0 R
+168 0 R
+170 0 R
 172 0 R
 174 0 R
 176 0 R
 178 0 R
-180 0 R
-182 0 R
-184 0 R
-186 0 R
-188 0 R
-190 0 R
-192 0 R
-194 0 R
+]endobj
+180 0 obj<</S/URI/URI(#CREATEMASK)>>endobj
+181 0 obj<</Subtype/Link/Rect[94.6 722.0 154.0 733.0]/Border[0 0 0]/A 180 0 R>>endobj
+182 0 obj<</S/URI/URI(#DIRECTORYMASK)>>endobj
+183 0 obj<</Subtype/Link/Rect[94.6 711.2 170.2 722.2]/Border[0 0 0]/A 182 0 R>>endobj
+184 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+185 0 obj<</Subtype/Link/Rect[108.0 645.4 200.6 658.4]/Border[0 0 0]/A 184 0 R>>endobj
+186 0 obj<</S/URI/URI(#DOMAINADMINUSERS)>>endobj
+187 0 obj<</Subtype/Link/Rect[505.2 553.0 538.2 566.0]/Border[0 0 0]/A 186 0 R>>endobj
+188 0 obj<</S/URI/URI(#DOMAINADMINUSERS)>>endobj
+189 0 obj<</Subtype/Link/Rect[72.0 539.8 124.9 552.8]/Border[0 0 0]/A 188 0 R>>endobj
+190 0 obj<</S/URI/URI(#DOMAINADMINGROUP)>>endobj
+191 0 obj<</Subtype/Link/Rect[146.2 539.8 240.7 552.8]/Border[0 0 0]/A 190 0 R>>endobj
+192 0 obj[181 0 R
+183 0 R
+185 0 R
+187 0 R
+189 0 R
+191 0 R
+]endobj
+193 0 obj<</S/URI/URI(smbpasswd.6.html)>>endobj
+194 0 obj<</Subtype/Link/Rect[72.0 524.2 138.6 537.2]/Border[0 0 0]/A 193 0 R>>endobj
+195 0 obj<</S/URI/URI(#ADDUSERSCRIPT)>>endobj
+196 0 obj<</Subtype/Link/Rect[427.0 269.0 491.2 282.0]/Border[0 0 0]/A 195 0 R>>endobj
+197 0 obj[194 0 R
 196 0 R
-198 0 R
-200 0 R
-202 0 R
-204 0 R
-206 0 R
-208 0 R
-210 0 R
-212 0 R
-214 0 R
 ]endobj
-216 0 obj<</S/URI/URI(#DOMAINADMONUSERS)>>endobj
-217 0 obj<</Subtype/Link/Rect[505.2 628.6 538.2 641.6]/Border[0 0 0]/A 216 0 R>>endobj
-218 0 obj<</S/URI/URI(#DOMAINADMONUSERS)>>endobj
-219 0 obj<</Subtype/Link/Rect[72.0 615.4 124.9 628.4]/Border[0 0 0]/A 218 0 R>>endobj
-220 0 obj<</S/URI/URI(#DOMAINADMINGROUP)>>endobj
-221 0 obj<</Subtype/Link/Rect[146.2 615.4 240.7 628.4]/Border[0 0 0]/A 220 0 R>>endobj
-222 0 obj[217 0 R
-219 0 R
-221 0 R
+198 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
+199 0 obj<</Subtype/Link/Rect[164.2 441.8 409.3 454.8]/Border[0 0 0]/A 198 0 R>>endobj
+200 0 obj[199 0 R
 ]endobj
-223 0 obj<</S/URI/URI(#ADDUSERSCRIPT)>>endobj
-224 0 obj<</Subtype/Link/Rect[304.2 83.2 371.1 96.2]/Border[0 0 0]/A 223 0 R>>endobj
-225 0 obj[224 0 R
+201 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
+202 0 obj<</Subtype/Link/Rect[287.9 523.0 540.0 536.0]/Border[0 0 0]/A 201 0 R>>endobj
+203 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
+204 0 obj<</Subtype/Link/Rect[236.3 483.4 508.6 496.4]/Border[0 0 0]/A 203 0 R>>endobj
+205 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
+206 0 obj<</Subtype/Link/Rect[352.1 68.6 458.1 81.6]/Border[0 0 0]/A 205 0 R>>endobj
+207 0 obj[202 0 R
+204 0 R
+206 0 R
 ]endobj
-226 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
-227 0 obj<</Subtype/Link/Rect[164.2 657.4 409.3 670.4]/Border[0 0 0]/A 226 0 R>>endobj
-228 0 obj[227 0 R
+208 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
+209 0 obj<</Subtype/Link/Rect[435.5 721.0 544.9 734.0]/Border[0 0 0]/A 208 0 R>>endobj
+210 0 obj<</S/URI/URI(http://samba.org)>>endobj
+211 0 obj<</Subtype/Link/Rect[236.3 127.0 310.8 140.0]/Border[0 0 0]/A 210 0 R>>endobj
+212 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
+213 0 obj<</Subtype/Link/Rect[144.0 74.2 346.1 87.2]/Border[0 0 0]/A 212 0 R>>endobj
+214 0 obj[209 0 R
+211 0 R
+213 0 R
 ]endobj
-229 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
-230 0 obj<</Subtype/Link/Rect[251.9 694.6 504.0 707.6]/Border[0 0 0]/A 229 0 R>>endobj
-231 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
-232 0 obj<</Subtype/Link/Rect[176.2 655.0 448.5 668.0]/Border[0 0 0]/A 231 0 R>>endobj
-233 0 obj[230 0 R
-232 0 R
+215 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
+216 0 obj<</Subtype/Link/Rect[182.5 707.8 345.0 720.8]/Border[0 0 0]/A 215 0 R>>endobj
+217 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
+218 0 obj<</Subtype/Link/Rect[284.9 694.6 381.4 707.6]/Border[0 0 0]/A 217 0 R>>endobj
+219 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
+220 0 obj<</Subtype/Link/Rect[244.2 681.4 411.2 694.4]/Border[0 0 0]/A 219 0 R>>endobj
+221 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
+222 0 obj<</Subtype/Link/Rect[280.3 668.2 471.9 681.2]/Border[0 0 0]/A 221 0 R>>endobj
+223 0 obj<</S/URI/URI(http://samba.org)>>endobj
+224 0 obj<</Subtype/Link/Rect[361.0 615.4 432.8 628.4]/Border[0 0 0]/A 223 0 R>>endobj
+225 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
+226 0 obj<</Subtype/Link/Rect[301.1 575.8 425.6 588.8]/Border[0 0 0]/A 225 0 R>>endobj
+227 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
+228 0 obj<</Subtype/Link/Rect[135.5 140.2 227.8 153.2]/Border[0 0 0]/A 227 0 R>>endobj
+229 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
+230 0 obj<</Subtype/Link/Rect[309.0 127.0 330.7 140.0]/Border[0 0 0]/A 229 0 R>>endobj
+231 0 obj[216 0 R
+218 0 R
+220 0 R
+222 0 R
+224 0 R
+226 0 R
+228 0 R
+230 0 R
 ]endobj
-234 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
-235 0 obj<</Subtype/Link/Rect[316.1 314.2 422.1 327.2]/Border[0 0 0]/A 234 0 R>>endobj
-236 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
-237 0 obj<</Subtype/Link/Rect[343.3 301.0 452.6 314.0]/Border[0 0 0]/A 236 0 R>>endobj
-238 0 obj[235 0 R
+232 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
+233 0 obj<</Subtype/Link/Rect[331.1 607.0 550.0 620.0]/Border[0 0 0]/A 232 0 R>>endobj
+234 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
+235 0 obj<</Subtype/Link/Rect[72.0 241.4 319.2 254.4]/Border[0 0 0]/A 234 0 R>>endobj
+236 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
+237 0 obj<</Subtype/Link/Rect[346.1 241.4 544.2 254.4]/Border[0 0 0]/A 236 0 R>>endobj
+238 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
+239 0 obj<</Subtype/Link/Rect[175.9 117.8 366.2 130.8]/Border[0 0 0]/A 238 0 R>>endobj
+240 0 obj[233 0 R
+235 0 R
 237 0 R
+239 0 R
 ]endobj
-239 0 obj<</S/URI/URI(http://samba.org)>>endobj
-240 0 obj<</Subtype/Link/Rect[200.3 157.4 274.8 170.4]/Border[0 0 0]/A 239 0 R>>endobj
-241 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
-242 0 obj<</Subtype/Link/Rect[336.8 65.0 541.7 78.0]/Border[0 0 0]/A 241 0 R>>endobj
-243 0 obj[240 0 R
-242 0 R
+241 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
+242 0 obj<</Subtype/Link/Rect[225.7 661.0 434.8 674.0]/Border[0 0 0]/A 241 0 R>>endobj
+243 0 obj[242 0 R
 ]endobj
-244 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
-245 0 obj<</Subtype/Link/Rect[108.0 707.8 267.8 720.8]/Border[0 0 0]/A 244 0 R>>endobj
-246 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
-247 0 obj<</Subtype/Link/Rect[248.9 668.2 345.4 681.2]/Border[0 0 0]/A 246 0 R>>endobj
-248 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
-249 0 obj<</Subtype/Link/Rect[208.2 628.6 375.2 641.6]/Border[0 0 0]/A 248 0 R>>endobj
-250 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
-251 0 obj<</Subtype/Link/Rect[244.3 589.0 435.9 602.0]/Border[0 0 0]/A 250 0 R>>endobj
-252 0 obj<</S/URI/URI(http://samba.org)>>endobj
-253 0 obj<</Subtype/Link/Rect[325.0 487.4 396.8 500.4]/Border[0 0 0]/A 252 0 R>>endobj
-254 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
-255 0 obj<</Subtype/Link/Rect[265.1 447.8 386.8 460.8]/Border[0 0 0]/A 254 0 R>>endobj
-256 0 obj[245 0 R
+244 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj
+245 0 obj<</Subtype/Link/Rect[357.1 577.0 500.7 590.0]/Border[0 0 0]/A 244 0 R>>endobj
+246 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj
+247 0 obj<</Subtype/Link/Rect[138.6 354.6 283.2 367.6]/Border[0 0 0]/A 246 0 R>>endobj
+248 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj
+249 0 obj<</Subtype/Link/Rect[394.3 230.2 498.2 243.2]/Border[0 0 0]/A 248 0 R>>endobj
+250 0 obj[245 0 R
 247 0 R
 249 0 R
-251 0 R
+]endobj
+251 0 obj<</Subtype/Link/Rect[72.0 684.0 277.3 697.0]/Border[0 0 0]/Dest[501 0 R/XYZ null 798 0]>>endobj
+252 0 obj<</Subtype/Link/Rect[108.0 670.8 249.2 683.8]/Border[0 0 0]/Dest[501 0 R/XYZ null 730 0]>>endobj
+253 0 obj<</Subtype/Link/Rect[108.0 657.6 255.0 670.6]/Border[0 0 0]/Dest[501 0 R/XYZ null 593 0]>>endobj
+254 0 obj<</Subtype/Link/Rect[108.0 644.4 257.7 657.4]/Border[0 0 0]/Dest[501 0 R/XYZ null 178 0]>>endobj
+255 0 obj<</Subtype/Link/Rect[108.0 631.2 309.0 644.2]/Border[0 0 0]/Dest[504 0 R/XYZ null 739 0]>>endobj
+256 0 obj<</Subtype/Link/Rect[108.0 618.0 316.7 631.0]/Border[0 0 0]/Dest[504 0 R/XYZ null 379 0]>>endobj
+257 0 obj<</Subtype/Link/Rect[108.0 604.8 284.9 617.8]/Border[0 0 0]/Dest[504 0 R/XYZ null 268 0]>>endobj
+258 0 obj<</Subtype/Link/Rect[108.0 591.6 280.0 604.6]/Border[0 0 0]/Dest[507 0 R/XYZ null 768 0]>>endobj
+259 0 obj<</Subtype/Link/Rect[108.0 578.4 328.6 591.4]/Border[0 0 0]/Dest[507 0 R/XYZ null 266 0]>>endobj
+260 0 obj<</Subtype/Link/Rect[108.0 565.2 364.9 578.2]/Border[0 0 0]/Dest[510 0 R/XYZ null 686 0]>>endobj
+261 0 obj<</Subtype/Link/Rect[108.0 552.0 315.8 565.0]/Border[0 0 0]/Dest[510 0 R/XYZ null 509 0]>>endobj
+262 0 obj<</Subtype/Link/Rect[108.0 538.8 514.3 551.8]/Border[0 0 0]/Dest[510 0 R/XYZ null 332 0]>>endobj
+263 0 obj<</Subtype/Link/Rect[108.0 525.6 259.4 538.6]/Border[0 0 0]/Dest[513 0 R/XYZ null 768 0]>>endobj
+264 0 obj<</Subtype/Link/Rect[108.0 512.4 236.0 525.4]/Border[0 0 0]/Dest[513 0 R/XYZ null 577 0]>>endobj
+265 0 obj<</Subtype/Link/Rect[108.0 499.2 186.5 512.2]/Border[0 0 0]/Dest[513 0 R/XYZ null 505 0]>>endobj
+266 0 obj<</Subtype/Link/Rect[108.0 486.0 267.2 499.0]/Border[0 0 0]/Dest[513 0 R/XYZ null 394 0]>>endobj
+267 0 obj<</Subtype/Link/Rect[108.0 472.8 295.6 485.8]/Border[0 0 0]/Dest[516 0 R/XYZ null 739 0]>>endobj
+268 0 obj<</Subtype/Link/Rect[108.0 459.6 177.7 472.6]/Border[0 0 0]/Dest[516 0 R/XYZ null 615 0]>>endobj
+269 0 obj<</Subtype/Link/Rect[108.0 446.4 232.3 459.4]/Border[0 0 0]/Dest[519 0 R/XYZ null 768 0]>>endobj
+270 0 obj<</Subtype/Link/Rect[108.0 433.2 232.6 446.2]/Border[0 0 0]/Dest[519 0 R/XYZ null 683 0]>>endobj
+271 0 obj<</Subtype/Link/Rect[72.0 406.8 348.8 419.8]/Border[0 0 0]/Dest[522 0 R/XYZ null 798 0]>>endobj
+272 0 obj<</Subtype/Link/Rect[108.0 393.6 161.5 406.6]/Border[0 0 0]/Dest[522 0 R/XYZ null 706 0]>>endobj
+273 0 obj<</Subtype/Link/Rect[108.0 380.4 327.7 393.4]/Border[0 0 0]/Dest[522 0 R/XYZ null 463 0]>>endobj
+274 0 obj<</Subtype/Link/Rect[108.0 367.2 177.1 380.2]/Border[0 0 0]/Dest[522 0 R/XYZ null 325 0]>>endobj
+275 0 obj<</Subtype/Link/Rect[108.0 354.0 203.6 367.0]/Border[0 0 0]/Dest[525 0 R/XYZ null 435 0]>>endobj
+276 0 obj<</Subtype/Link/Rect[108.0 340.8 195.1 353.8]/Border[0 0 0]/Dest[525 0 R/XYZ null 285 0]>>endobj
+277 0 obj<</Subtype/Link/Rect[108.0 327.6 215.2 340.6]/Border[0 0 0]/Dest[528 0 R/XYZ null 768 0]>>endobj
+278 0 obj<</Subtype/Link/Rect[108.0 314.4 382.4 327.4]/Border[0 0 0]/Dest[528 0 R/XYZ null 268 0]>>endobj
+279 0 obj<</Subtype/Link/Rect[108.0 301.2 255.6 314.2]/Border[0 0 0]/Dest[531 0 R/XYZ null 210 0]>>endobj
+280 0 obj<</Subtype/Link/Rect[108.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[534 0 R/XYZ null 660 0]>>endobj
+281 0 obj<</Subtype/Link/Rect[108.0 274.8 187.8 287.8]/Border[0 0 0]/Dest[537 0 R/XYZ null 371 0]>>endobj
+282 0 obj<</Subtype/Link/Rect[108.0 261.6 194.5 274.6]/Border[0 0 0]/Dest[537 0 R/XYZ null 260 0]>>endobj
+283 0 obj<</Subtype/Link/Rect[108.0 248.4 200.6 261.4]/Border[0 0 0]/Dest[540 0 R/XYZ null 768 0]>>endobj
+284 0 obj<</Subtype/Link/Rect[108.0 235.2 526.0 248.2]/Border[0 0 0]/Dest[540 0 R/XYZ null 529 0]>>endobj
+285 0 obj<</Subtype/Link/Rect[108.0 222.0 500.6 235.0]/Border[0 0 0]/Dest[543 0 R/XYZ null 633 0]>>endobj
+286 0 obj<</Subtype/Link/Rect[108.0 208.8 353.3 221.8]/Border[0 0 0]/Dest[546 0 R/XYZ null 581 0]>>endobj
+287 0 obj<</Subtype/Link/Rect[108.0 195.6 419.0 208.6]/Border[0 0 0]/Dest[546 0 R/XYZ null 304 0]>>endobj
+288 0 obj<</Subtype/Link/Rect[108.0 182.4 332.5 195.4]/Border[0 0 0]/Dest[549 0 R/XYZ null 594 0]>>endobj
+289 0 obj<</Subtype/Link/Rect[108.0 169.2 181.6 182.2]/Border[0 0 0]/Dest[552 0 R/XYZ null 639 0]>>endobj
+290 0 obj<</Subtype/Link/Rect[72.0 142.8 463.4 155.8]/Border[0 0 0]/Dest[555 0 R/XYZ null 798 0]>>endobj
+291 0 obj<</Subtype/Link/Rect[108.0 129.6 202.4 142.6]/Border[0 0 0]/Dest[555 0 R/XYZ null 706 0]>>endobj
+292 0 obj<</Subtype/Link/Rect[108.0 116.4 244.9 129.4]/Border[0 0 0]/Dest[558 0 R/XYZ null 192 0]>>endobj
+293 0 obj<</Subtype/Link/Rect[108.0 103.2 270.3 116.2]/Border[0 0 0]/Dest[561 0 R/XYZ null 739 0]>>endobj
+294 0 obj<</Subtype/Link/Rect[72.0 76.8 402.3 89.8]/Border[0 0 0]/Dest[564 0 R/XYZ null 798 0]>>endobj
+295 0 obj<</Subtype/Link/Rect[108.0 63.6 179.2 76.6]/Border[0 0 0]/Dest[564 0 R/XYZ null 706 0]>>endobj
+296 0 obj[251 0 R
+252 0 R
 253 0 R
+254 0 R
 255 0 R
-]endobj
-257 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
-258 0 obj<</Subtype/Link/Rect[72.0 470.2 164.3 483.2]/Border[0 0 0]/A 257 0 R>>endobj
-259 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
-260 0 obj<</Subtype/Link/Rect[237.9 457.0 259.6 470.0]/Border[0 0 0]/A 259 0 R>>endobj
-261 0 obj[258 0 R
+256 0 R
+257 0 R
+258 0 R
+259 0 R
 260 0 R
-]endobj
-262 0 obj<</S/URI/URI(#NTACLSUPPOR)>>endobj
-263 0 obj<</Subtype/Link/Rect[342.7 580.6 441.7 593.6]/Border[0 0 0]/A 262 0 R>>endobj
-264 0 obj[263 0 R
-]endobj
-265 0 obj<</S/URI/URI(#SECURITYMASK)>>endobj
-266 0 obj<</Subtype/Link/Rect[88.2 501.4 180.6 514.4]/Border[0 0 0]/A 265 0 R>>endobj
-267 0 obj<</S/URI/URI(#CREATEMASK)>>endobj
-268 0 obj<</Subtype/Link/Rect[358.9 422.2 438.1 435.2]/Border[0 0 0]/A 267 0 R>>endobj
-269 0 obj<</S/URI/URI(#FORCESECURITYMODE)>>endobj
-270 0 obj<</Subtype/Link/Rect[427.0 369.4 526.0 382.4]/Border[0 0 0]/A 269 0 R>>endobj
-271 0 obj<</S/URI/URI(#FORCESECURITYMODE)>>endobj
-272 0 obj<</Subtype/Link/Rect[72.0 356.2 98.4 369.2]/Border[0 0 0]/A 271 0 R>>endobj
-273 0 obj<</S/URI/URI(#FORCECREATEMODE)>>endobj
-274 0 obj<</Subtype/Link/Rect[358.9 277.0 477.7 290.0]/Border[0 0 0]/A 273 0 R>>endobj
-275 0 obj[266 0 R
+261 0 R
+262 0 R
+263 0 R
+264 0 R
+265 0 R
+266 0 R
+267 0 R
 268 0 R
+269 0 R
 270 0 R
+271 0 R
 272 0 R
+273 0 R
 274 0 R
-]endobj
-276 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
-277 0 obj<</Subtype/Link/Rect[72.0 655.0 151.2 668.0]/Border[0 0 0]/A 276 0 R>>endobj
-278 0 obj[277 0 R
-]endobj
-279 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
-280 0 obj<</Subtype/Link/Rect[331.1 629.8 550.0 642.8]/Border[0 0 0]/A 279 0 R>>endobj
-281 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
-282 0 obj<</Subtype/Link/Rect[72.0 191.0 319.2 204.0]/Border[0 0 0]/A 281 0 R>>endobj
-283 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
-284 0 obj<</Subtype/Link/Rect[346.1 191.0 544.2 204.0]/Border[0 0 0]/A 283 0 R>>endobj
-285 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
-286 0 obj<</Subtype/Link/Rect[175.9 70.4 366.2 83.4]/Border[0 0 0]/A 285 0 R>>endobj
-287 0 obj[280 0 R
+275 0 R
+276 0 R
+277 0 R
+278 0 R
+279 0 R
+280 0 R
+281 0 R
 282 0 R
+283 0 R
 284 0 R
+285 0 R
 286 0 R
-]endobj
-288 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
-289 0 obj<</Subtype/Link/Rect[225.7 625.4 434.8 638.4]/Border[0 0 0]/A 288 0 R>>endobj
-290 0 obj[289 0 R
-]endobj
-291 0 obj<</Subtype/Link/Rect[72.0 684.0 223.5 697.0]/Border[0 0 0]/Dest[480 0 R/XYZ null 798 0]>>endobj
-292 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[480 0 R/XYZ null 730 0]>>endobj
-293 0 obj<</Subtype/Link/Rect[72.0 644.4 277.3 657.4]/Border[0 0 0]/Dest[486 0 R/XYZ null 798 0]>>endobj
-294 0 obj<</Subtype/Link/Rect[72.0 618.0 201.9 631.0]/Border[0 0 0]/Dest[489 0 R/XYZ null 798 0]>>endobj
-295 0 obj<</Subtype/Link/Rect[72.0 591.6 207.1 604.6]/Border[0 0 0]/Dest[492 0 R/XYZ null 798 0]>>endobj
-296 0 obj<</Subtype/Link/Rect[72.0 565.2 212.2 578.2]/Border[0 0 0]/Dest[495 0 R/XYZ null 798 0]>>endobj
-297 0 obj<</Subtype/Link/Rect[72.0 538.8 265.4 551.8]/Border[0 0 0]/Dest[498 0 R/XYZ null 798 0]>>endobj
-298 0 obj<</Subtype/Link/Rect[72.0 512.4 272.4 525.4]/Border[0 0 0]/Dest[501 0 R/XYZ null 798 0]>>endobj
-299 0 obj<</Subtype/Link/Rect[72.0 486.0 242.5 499.0]/Border[0 0 0]/Dest[504 0 R/XYZ null 798 0]>>endobj
-300 0 obj<</Subtype/Link/Rect[108.0 472.8 252.5 485.8]/Border[0 0 0]/Dest[504 0 R/XYZ null 611 0]>>endobj
-301 0 obj<</Subtype/Link/Rect[108.0 459.6 301.1 472.6]/Border[0 0 0]/Dest[507 0 R/XYZ null 783 0]>>endobj
-302 0 obj<</Subtype/Link/Rect[72.0 433.2 325.6 446.2]/Border[0 0 0]/Dest[510 0 R/XYZ null 798 0]>>endobj
-303 0 obj<</Subtype/Link/Rect[72.0 406.8 271.5 419.8]/Border[0 0 0]/Dest[513 0 R/XYZ null 798 0]>>endobj
-304 0 obj<</Subtype/Link/Rect[72.0 380.4 476.9 393.4]/Border[0 0 0]/Dest[516 0 R/XYZ null 798 0]>>endobj
-305 0 obj<</Subtype/Link/Rect[72.0 354.0 208.9 367.0]/Border[0 0 0]/Dest[519 0 R/XYZ null 798 0]>>endobj
-306 0 obj<</Subtype/Link/Rect[108.0 340.8 203.0 353.8]/Border[0 0 0]/Dest[519 0 R/XYZ null 585 0]>>endobj
-307 0 obj<</Subtype/Link/Rect[108.0 327.6 153.5 340.6]/Border[0 0 0]/Dest[519 0 R/XYZ null 510 0]>>endobj
-308 0 obj<</Subtype/Link/Rect[108.0 314.4 234.2 327.4]/Border[0 0 0]/Dest[519 0 R/XYZ null 395 0]>>endobj
-309 0 obj<</Subtype/Link/Rect[108.0 301.2 262.6 314.2]/Border[0 0 0]/Dest[522 0 R/XYZ null 741 0]>>endobj
-310 0 obj<</Subtype/Link/Rect[108.0 288.0 144.7 301.0]/Border[0 0 0]/Dest[522 0 R/XYZ null 613 0]>>endobj
-311 0 obj<</Subtype/Link/Rect[108.0 274.8 199.3 287.8]/Border[0 0 0]/Dest[525 0 R/XYZ null 783 0]>>endobj
-312 0 obj<</Subtype/Link/Rect[108.0 261.6 199.6 274.6]/Border[0 0 0]/Dest[525 0 R/XYZ null 694 0]>>endobj
-313 0 obj<</Subtype/Link/Rect[72.0 235.2 371.8 248.2]/Border[0 0 0]/Dest[528 0 R/XYZ null 798 0]>>endobj
-314 0 obj<</Subtype/Link/Rect[72.0 208.8 131.9 221.8]/Border[0 0 0]/Dest[531 0 R/XYZ null 798 0]>>endobj
-315 0 obj<</Subtype/Link/Rect[72.0 182.4 159.7 195.4]/Border[0 0 0]/Dest[534 0 R/XYZ null 798 0]>>endobj
-316 0 obj<</Subtype/Link/Rect[72.0 156.0 223.8 169.0]/Border[0 0 0]/Dest[537 0 R/XYZ null 798 0]>>endobj
-317 0 obj<</Subtype/Link/Rect[108.0 142.8 249.5 155.8]/Border[0 0 0]/Dest[537 0 R/XYZ null 203 0]>>endobj
-318 0 obj<</Subtype/Link/Rect[108.0 129.6 289.2 142.6]/Border[0 0 0]/Dest[540 0 R/XYZ null 701 0]>>endobj
-319 0 obj<</Subtype/Link/Rect[72.0 103.2 164.3 116.2]/Border[0 0 0]/Dest[543 0 R/XYZ null 798 0]>>endobj
-320 0 obj<</Subtype/Link/Rect[72.0 76.8 199.1 89.8]/Border[0 0 0]/Dest[549 0 R/XYZ null 798 0]>>endobj
-321 0 obj[291 0 R
+287 0 R
+288 0 R
+289 0 R
+290 0 R
+291 0 R
 292 0 R
 293 0 R
 294 0 R
 295 0 R
-296 0 R
-297 0 R
+]endobj
+297 0 obj<</Subtype/Link/Rect[108.0 684.0 161.2 697.0]/Border[0 0 0]/Dest[567 0 R/XYZ null 673 0]>>endobj
+298 0 obj<</Subtype/Link/Rect[72.0 657.6 412.7 670.6]/Border[0 0 0]/Dest[570 0 R/XYZ null 798 0]>>endobj
+299 0 obj<</Subtype/Link/Rect[108.0 644.4 447.4 657.4]/Border[0 0 0]/Dest[570 0 R/XYZ null 706 0]>>endobj
+300 0 obj<</Subtype/Link/Rect[108.0 631.2 319.1 644.2]/Border[0 0 0]/Dest[570 0 R/XYZ null 525 0]>>endobj
+301 0 obj<</Subtype/Link/Rect[108.0 618.0 231.1 631.0]/Border[0 0 0]/Dest[570 0 R/XYZ null 348 0]>>endobj
+302 0 obj<</Subtype/Link/Rect[108.0 604.8 292.2 617.8]/Border[0 0 0]/Dest[573 0 R/XYZ null 686 0]>>endobj
+303 0 obj<</Subtype/Link/Rect[108.0 591.6 208.5 604.6]/Border[0 0 0]/Dest[573 0 R/XYZ null 443 0]>>endobj
+304 0 obj<</Subtype/Link/Rect[108.0 578.4 233.6 591.4]/Border[0 0 0]/Dest[573 0 R/XYZ null 187 0]>>endobj
+305 0 obj<</Subtype/Link/Rect[108.0 565.2 301.4 578.2]/Border[0 0 0]/Dest[576 0 R/XYZ null 673 0]>>endobj
+306 0 obj<</Subtype/Link/Rect[108.0 552.0 394.8 565.0]/Border[0 0 0]/Dest[576 0 R/XYZ null 232 0]>>endobj
+307 0 obj<</Subtype/Link/Rect[108.0 538.8 386.9 551.8]/Border[0 0 0]/Dest[582 0 R/XYZ null 594 0]>>endobj
+308 0 obj<</Subtype/Link/Rect[72.0 512.4 277.1 525.4]/Border[0 0 0]/Dest[585 0 R/XYZ null 798 0]>>endobj
+309 0 obj<</Subtype/Link/Rect[108.0 499.2 181.6 512.2]/Border[0 0 0]/Dest[585 0 R/XYZ null 730 0]>>endobj
+310 0 obj<</Subtype/Link/Rect[108.0 486.0 189.0 499.0]/Border[0 0 0]/Dest[585 0 R/XYZ null 302 0]>>endobj
+311 0 obj<</Subtype/Link/Rect[108.0 472.8 209.7 485.8]/Border[0 0 0]/Dest[588 0 R/XYZ null 693 0]>>endobj
+312 0 obj<</Subtype/Link/Rect[108.0 459.6 294.4 472.6]/Border[0 0 0]/Dest[591 0 R/XYZ null 463 0]>>endobj
+313 0 obj<</Subtype/Link/Rect[108.0 446.4 287.3 459.4]/Border[0 0 0]/Dest[594 0 R/XYZ null 686 0]>>endobj
+314 0 obj<</Subtype/Link/Rect[108.0 433.2 350.9 446.2]/Border[0 0 0]/Dest[594 0 R/XYZ null 302 0]>>endobj
+315 0 obj<</Subtype/Link/Rect[108.0 420.0 242.1 433.0]/Border[0 0 0]/Dest[597 0 R/XYZ null 686 0]>>endobj
+316 0 obj<</Subtype/Link/Rect[108.0 406.8 220.1 419.8]/Border[0 0 0]/Dest[597 0 R/XYZ null 496 0]>>endobj
+317 0 obj<</Subtype/Link/Rect[108.0 393.6 214.3 406.6]/Border[0 0 0]/Dest[597 0 R/XYZ null 385 0]>>endobj
+318 0 obj<</Subtype/Link/Rect[108.0 380.4 281.2 393.4]/Border[0 0 0]/Dest[597 0 R/XYZ null 247 0]>>endobj
+319 0 obj<</Subtype/Link/Rect[108.0 367.2 222.3 380.2]/Border[0 0 0]/Dest[597 0 R/XYZ null 149 0]>>endobj
+320 0 obj<</Subtype/Link/Rect[108.0 354.0 234.5 367.0]/Border[0 0 0]/Dest[600 0 R/XYZ null 713 0]>>endobj
+321 0 obj<</Subtype/Link/Rect[108.0 340.8 300.2 353.8]/Border[0 0 0]/Dest[603 0 R/XYZ null 768 0]>>endobj
+322 0 obj<</Subtype/Link/Rect[72.0 314.4 272.9 327.4]/Border[0 0 0]/Dest[609 0 R/XYZ null 798 0]>>endobj
+323 0 obj<</Subtype/Link/Rect[108.0 301.2 299.9 314.2]/Border[0 0 0]/Dest[609 0 R/XYZ null 730 0]>>endobj
+324 0 obj<</Subtype/Link/Rect[108.0 288.0 288.0 301.0]/Border[0 0 0]/Dest[612 0 R/XYZ null 356 0]>>endobj
+325 0 obj<</Subtype/Link/Rect[108.0 274.8 307.9 287.8]/Border[0 0 0]/Dest[615 0 R/XYZ null 768 0]>>endobj
+326 0 obj<</Subtype/Link/Rect[72.0 248.4 416.3 261.4]/Border[0 0 0]/Dest[618 0 R/XYZ null 798 0]>>endobj
+327 0 obj<</Subtype/Link/Rect[108.0 235.2 219.2 248.2]/Border[0 0 0]/Dest[618 0 R/XYZ null 706 0]>>endobj
+328 0 obj<</Subtype/Link/Rect[108.0 222.0 181.0 235.0]/Border[0 0 0]/Dest[618 0 R/XYZ null 608 0]>>endobj
+329 0 obj<</Subtype/Link/Rect[108.0 208.8 316.1 221.8]/Border[0 0 0]/Dest[621 0 R/XYZ null 660 0]>>endobj
+330 0 obj<</Subtype/Link/Rect[108.0 195.6 432.8 208.6]/Border[0 0 0]/Dest[624 0 R/XYZ null 531 0]>>endobj
+331 0 obj<</Subtype/Link/Rect[108.0 182.4 319.4 195.4]/Border[0 0 0]/Dest[624 0 R/XYZ null 196 0]>>endobj
+332 0 obj<</Subtype/Link/Rect[108.0 169.2 330.8 182.2]/Border[0 0 0]/Dest[627 0 R/XYZ null 359 0]>>endobj
+333 0 obj<</Subtype/Link/Rect[108.0 156.0 261.4 169.0]/Border[0 0 0]/Dest[627 0 R/XYZ null 183 0]>>endobj
+334 0 obj<</Subtype/Link/Rect[108.0 142.8 252.8 155.8]/Border[0 0 0]/Dest[633 0 R/XYZ null 545 0]>>endobj
+335 0 obj<</Subtype/Link/Rect[108.0 129.6 246.4 142.6]/Border[0 0 0]/Dest[636 0 R/XYZ null 488 0]>>endobj
+336 0 obj<</Subtype/Link/Rect[108.0 116.4 292.9 129.4]/Border[0 0 0]/Dest[645 0 R/XYZ null 768 0]>>endobj
+337 0 obj<</Subtype/Link/Rect[108.0 103.2 332.0 116.2]/Border[0 0 0]/Dest[648 0 R/XYZ null 435 0]>>endobj
+338 0 obj<</Subtype/Link/Rect[108.0 90.0 406.2 103.0]/Border[0 0 0]/Dest[651 0 R/XYZ null 189 0]>>endobj
+339 0 obj<</Subtype/Link/Rect[108.0 76.8 431.0 89.8]/Border[0 0 0]/Dest[666 0 R/XYZ null 686 0]>>endobj
+340 0 obj[297 0 R
 298 0 R
 299 0 R
 300 0 R
@@ -518,36 +513,8 @@
 318 0 R
 319 0 R
 320 0 R
-]endobj
-322 0 obj<</Subtype/Link/Rect[72.0 684.0 326.9 697.0]/Border[0 0 0]/Dest[552 0 R/XYZ null 798 0]>>endobj
-323 0 obj<</Subtype/Link/Rect[72.0 657.6 402.3 670.6]/Border[0 0 0]/Dest[555 0 R/XYZ null 798 0]>>endobj
-324 0 obj<</Subtype/Link/Rect[72.0 631.2 128.8 644.2]/Border[0 0 0]/Dest[558 0 R/XYZ null 798 0]>>endobj
-325 0 obj<</Subtype/Link/Rect[108.0 618.0 133.7 631.0]/Border[0 0 0]/Dest[561 0 R/XYZ null 754 0]>>endobj
-326 0 obj<</Subtype/Link/Rect[72.0 591.6 277.1 604.6]/Border[0 0 0]/Dest[564 0 R/XYZ null 798 0]>>endobj
-327 0 obj<</Subtype/Link/Rect[72.0 565.2 131.9 578.2]/Border[0 0 0]/Dest[567 0 R/XYZ null 798 0]>>endobj
-328 0 obj<</Subtype/Link/Rect[72.0 538.8 138.6 551.8]/Border[0 0 0]/Dest[570 0 R/XYZ null 798 0]>>endobj
-329 0 obj<</Subtype/Link/Rect[108.0 525.6 259.8 538.6]/Border[0 0 0]/Dest[576 0 R/XYZ null 741 0]>>endobj
-330 0 obj<</Subtype/Link/Rect[72.0 499.2 171.6 512.2]/Border[0 0 0]/Dest[579 0 R/XYZ null 798 0]>>endobj
-331 0 obj<</Subtype/Link/Rect[108.0 486.0 186.8 499.0]/Border[0 0 0]/Dest[579 0 R/XYZ null 664 0]>>endobj
-332 0 obj<</Subtype/Link/Rect[108.0 472.8 253.7 485.8]/Border[0 0 0]/Dest[579 0 R/XYZ null 457 0]>>endobj
-333 0 obj<</Subtype/Link/Rect[108.0 459.6 194.8 472.6]/Border[0 0 0]/Dest[579 0 R/XYZ null 355 0]>>endobj
-334 0 obj<</Subtype/Link/Rect[108.0 446.4 207.0 459.4]/Border[0 0 0]/Dest[579 0 R/XYZ null 240 0]>>endobj
-335 0 obj<</Subtype/Link/Rect[72.0 420.0 256.8 433.0]/Border[0 0 0]/Dest[585 0 R/XYZ null 798 0]>>endobj
-336 0 obj<</Subtype/Link/Rect[72.0 393.6 272.9 406.6]/Border[0 0 0]/Dest[588 0 R/XYZ null 798 0]>>endobj
-337 0 obj<</Subtype/Link/Rect[72.0 367.2 254.4 380.2]/Border[0 0 0]/Dest[591 0 R/XYZ null 798 0]>>endobj
-338 0 obj<</Subtype/Link/Rect[72.0 340.8 240.7 353.8]/Border[0 0 0]/Dest[597 0 R/XYZ null 798 0]>>endobj
-339 0 obj<</Subtype/Link/Rect[72.0 314.4 266.2 327.4]/Border[0 0 0]/Dest[600 0 R/XYZ null 798 0]>>endobj
-340 0 obj<</Subtype/Link/Rect[72.0 288.0 424.6 301.0]/Border[0 0 0]/Dest[603 0 R/XYZ null 798 0]>>endobj
-341 0 obj<</Subtype/Link/Rect[72.0 261.6 130.1 274.6]/Border[0 0 0]/Dest[606 0 R/XYZ null 798 0]>>endobj
-342 0 obj<</Subtype/Link/Rect[72.0 235.2 274.3 248.2]/Border[0 0 0]/Dest[612 0 R/XYZ null 798 0]>>endobj
-343 0 obj<</Subtype/Link/Rect[72.0 208.8 398.3 221.8]/Border[0 0 0]/Dest[618 0 R/XYZ null 798 0]>>endobj
-344 0 obj<</Subtype/Link/Rect[72.0 182.4 217.7 195.4]/Border[0 0 0]/Dest[624 0 R/XYZ null 798 0]>>endobj
-345 0 obj<</Subtype/Link/Rect[72.0 156.0 203.1 169.0]/Border[0 0 0]/Dest[630 0 R/XYZ null 798 0]>>endobj
-346 0 obj<</Subtype/Link/Rect[72.0 129.6 200.3 142.6]/Border[0 0 0]/Dest[636 0 R/XYZ null 798 0]>>endobj
-347 0 obj<</Subtype/Link/Rect[108.0 116.4 186.2 129.4]/Border[0 0 0]/Dest[639 0 R/XYZ null 266 0]>>endobj
-348 0 obj<</Subtype/Link/Rect[108.0 103.2 167.0 116.2]/Border[0 0 0]/Dest[642 0 R/XYZ null 609 0]>>endobj
-349 0 obj<</Subtype/Link/Rect[72.0 76.8 393.4 89.8]/Border[0 0 0]/Dest[648 0 R/XYZ null 798 0]>>endobj
-350 0 obj[322 0 R
+321 0 R
+322 0 R
 323 0 R
 324 0 R
 325 0 R
@@ -565,8 +532,33 @@
 337 0 R
 338 0 R
 339 0 R
-340 0 R
-341 0 R
+]endobj
+341 0 obj<</Subtype/Link/Rect[72.0 684.0 426.2 697.0]/Border[0 0 0]/Dest[672 0 R/XYZ null 798 0]>>endobj
+342 0 obj<</Subtype/Link/Rect[108.0 670.8 164.5 683.8]/Border[0 0 0]/Dest[672 0 R/XYZ null 706 0]>>endobj
+343 0 obj<</Subtype/Link/Rect[108.0 657.6 181.6 670.6]/Border[0 0 0]/Dest[672 0 R/XYZ null 569 0]>>endobj
+344 0 obj<</Subtype/Link/Rect[108.0 644.4 233.6 657.4]/Border[0 0 0]/Dest[672 0 R/XYZ null 246 0]>>endobj
+345 0 obj<</Subtype/Link/Rect[108.0 631.2 188.3 644.2]/Border[0 0 0]/Dest[675 0 R/XYZ null 581 0]>>endobj
+346 0 obj<</Subtype/Link/Rect[108.0 618.0 222.0 631.0]/Border[0 0 0]/Dest[675 0 R/XYZ null 417 0]>>endobj
+347 0 obj<</Subtype/Link/Rect[108.0 604.8 288.6 617.8]/Border[0 0 0]/Dest[675 0 R/XYZ null 292 0]>>endobj
+348 0 obj<</Subtype/Link/Rect[108.0 591.6 230.8 604.6]/Border[0 0 0]/Dest[678 0 R/XYZ null 768 0]>>endobj
+349 0 obj<</Subtype/Link/Rect[108.0 578.4 288.9 591.4]/Border[0 0 0]/Dest[678 0 R/XYZ null 326 0]>>endobj
+350 0 obj<</Subtype/Link/Rect[108.0 565.2 269.3 578.2]/Border[0 0 0]/Dest[681 0 R/XYZ null 686 0]>>endobj
+351 0 obj<</Subtype/Link/Rect[108.0 552.0 203.0 565.0]/Border[0 0 0]/Dest[681 0 R/XYZ null 496 0]>>endobj
+352 0 obj<</Subtype/Link/Rect[108.0 538.8 259.9 551.8]/Border[0 0 0]/Dest[681 0 R/XYZ null 345 0]>>endobj
+353 0 obj<</Subtype/Link/Rect[108.0 525.6 178.0 538.6]/Border[0 0 0]/Dest[681 0 R/XYZ null 155 0]>>endobj
+354 0 obj<</Subtype/Link/Rect[108.0 512.4 177.4 525.4]/Border[0 0 0]/Dest[684 0 R/XYZ null 581 0]>>endobj
+355 0 obj<</Subtype/Link/Rect[72.0 486.0 228.8 499.0]/Border[0 0 0]/Dest[687 0 R/XYZ null 798 0]>>endobj
+356 0 obj<</Subtype/Link/Rect[108.0 472.8 159.0 485.8]/Border[0 0 0]/Dest[687 0 R/XYZ null 730 0]>>endobj
+357 0 obj<</Subtype/Link/Rect[108.0 459.6 499.0 472.6]/Border[0 0 0]/Dest[687 0 R/XYZ null 700 0]>>endobj
+358 0 obj<</Subtype/Link/Rect[108.0 446.4 504.2 459.4]/Border[0 0 0]/Dest[687 0 R/XYZ null 348 0]>>endobj
+359 0 obj<</Subtype/Link/Rect[108.0 433.2 455.7 446.2]/Border[0 0 0]/Dest[690 0 R/XYZ null 768 0]>>endobj
+360 0 obj<</Subtype/Link/Rect[108.0 420.0 425.4 433.0]/Border[0 0 0]/Dest[690 0 R/XYZ null 639 0]>>endobj
+361 0 obj<</Subtype/Link/Rect[72.0 393.6 342.4 406.6]/Border[0 0 0]/Dest[693 0 R/XYZ null 798 0]>>endobj
+362 0 obj<</Subtype/Link/Rect[108.0 380.4 187.1 393.4]/Border[0 0 0]/Dest[693 0 R/XYZ null 706 0]>>endobj
+363 0 obj<</Subtype/Link/Rect[108.0 367.2 247.6 380.2]/Border[0 0 0]/Dest[693 0 R/XYZ null 582 0]>>endobj
+364 0 obj<</Subtype/Link/Rect[108.0 354.0 230.8 367.0]/Border[0 0 0]/Dest[693 0 R/XYZ null 484 0]>>endobj
+365 0 obj<</Subtype/Link/Rect[108.0 340.8 205.8 353.8]/Border[0 0 0]/Dest[693 0 R/XYZ null 359 0]>>endobj
+366 0 obj[341 0 R
 342 0 R
 343 0 R
 344 0 R
@@ -575,38 +567,8 @@
 347 0 R
 348 0 R
 349 0 R
-]endobj
-351 0 obj<</Subtype/Link/Rect[72.0 684.0 423.1 697.0]/Border[0 0 0]/Dest[654 0 R/XYZ null 798 0]>>endobj
-352 0 obj<</Subtype/Link/Rect[72.0 657.6 112.9 670.6]/Border[0 0 0]/Dest[657 0 R/XYZ null 798 0]>>endobj
-353 0 obj<</Subtype/Link/Rect[72.0 631.2 131.9 644.2]/Border[0 0 0]/Dest[660 0 R/XYZ null 798 0]>>endobj
-354 0 obj<</Subtype/Link/Rect[72.0 604.8 186.3 617.8]/Border[0 0 0]/Dest[663 0 R/XYZ null 798 0]>>endobj
-355 0 obj<</Subtype/Link/Rect[108.0 591.6 160.8 604.6]/Border[0 0 0]/Dest[663 0 R/XYZ null 426 0]>>endobj
-356 0 obj<</Subtype/Link/Rect[72.0 565.2 172.9 578.2]/Border[0 0 0]/Dest[666 0 R/XYZ null 798 0]>>endobj
-357 0 obj<</Subtype/Link/Rect[108.0 552.0 261.1 565.0]/Border[0 0 0]/Dest[666 0 R/XYZ null 651 0]>>endobj
-358 0 obj<</Subtype/Link/Rect[108.0 538.8 203.3 551.8]/Border[0 0 0]/Dest[666 0 R/XYZ null 444 0]>>endobj
-359 0 obj<</Subtype/Link/Rect[108.0 525.6 261.4 538.6]/Border[0 0 0]/Dest[669 0 R/XYZ null 662 0]>>endobj
-360 0 obj<</Subtype/Link/Rect[108.0 512.4 241.8 525.4]/Border[0 0 0]/Dest[669 0 R/XYZ null 349 0]>>endobj
-361 0 obj<</Subtype/Link/Rect[108.0 499.2 175.5 512.2]/Border[0 0 0]/Dest[672 0 R/XYZ null 783 0]>>endobj
-362 0 obj<</Subtype/Link/Rect[72.0 472.8 215.6 485.8]/Border[0 0 0]/Dest[675 0 R/XYZ null 798 0]>>endobj
-363 0 obj<</Subtype/Link/Rect[72.0 446.4 126.4 459.4]/Border[0 0 0]/Dest[678 0 R/XYZ null 798 0]>>endobj
-364 0 obj<</Subtype/Link/Rect[72.0 420.0 124.6 433.0]/Border[0 0 0]/Dest[681 0 R/XYZ null 798 0]>>endobj
-365 0 obj<</Subtype/Link/Rect[72.0 393.6 413.9 406.6]/Border[0 0 0]/Dest[684 0 R/XYZ null 798 0]>>endobj
-366 0 obj<</Subtype/Link/Rect[72.0 367.2 407.5 380.2]/Border[0 0 0]/Dest[687 0 R/XYZ null 798 0]>>endobj
-367 0 obj<</Subtype/Link/Rect[72.0 340.8 273.7 353.8]/Border[0 0 0]/Dest[690 0 R/XYZ null 798 0]>>endobj
-368 0 obj<</Subtype/Link/Rect[72.0 314.4 179.6 327.4]/Border[0 0 0]/Dest[693 0 R/XYZ null 798 0]>>endobj
-369 0 obj<</Subtype/Link/Rect[72.0 288.0 245.5 301.0]/Border[0 0 0]/Dest[696 0 R/XYZ null 798 0]>>endobj
-370 0 obj<</Subtype/Link/Rect[108.0 274.8 181.0 287.8]/Border[0 0 0]/Dest[696 0 R/XYZ null 532 0]>>endobj
-371 0 obj<</Subtype/Link/Rect[108.0 261.6 206.1 274.6]/Border[0 0 0]/Dest[696 0 R/XYZ null 272 0]>>endobj
-372 0 obj<</Subtype/Link/Rect[72.0 235.2 255.9 248.2]/Border[0 0 0]/Dest[702 0 R/XYZ null 798 0]>>endobj
-373 0 obj<</Subtype/Link/Rect[72.0 208.8 364.1 221.8]/Border[0 0 0]/Dest[705 0 R/XYZ null 798 0]>>endobj
-374 0 obj<</Subtype/Link/Rect[72.0 182.4 354.3 195.4]/Border[0 0 0]/Dest[711 0 R/XYZ null 798 0]>>endobj
-375 0 obj<</Subtype/Link/Rect[72.0 156.0 223.3 169.0]/Border[0 0 0]/Dest[714 0 R/XYZ null 798 0]>>endobj
-376 0 obj<</Subtype/Link/Rect[72.0 129.6 99.5 142.6]/Border[0 0 0]/Dest[717 0 R/XYZ null 798 0]>>endobj
-377 0 obj<</Subtype/Link/Rect[108.0 116.4 466.0 129.4]/Border[0 0 0]/Dest[717 0 R/XYZ null 745 0]>>endobj
-378 0 obj<</Subtype/Link/Rect[108.0 103.2 471.2 116.2]/Border[0 0 0]/Dest[717 0 R/XYZ null 320 0]>>endobj
-379 0 obj<</Subtype/Link/Rect[108.0 90.0 422.7 103.0]/Border[0 0 0]/Dest[720 0 R/XYZ null 754 0]>>endobj
-380 0 obj<</Subtype/Link/Rect[108.0 76.8 392.4 89.8]/Border[0 0 0]/Dest[720 0 R/XYZ null 619 0]>>endobj
-381 0 obj[351 0 R
+350 0 R
+351 0 R
 352 0 R
 353 0 R
 354 0 R
@@ -621,127 +583,141 @@
 363 0 R
 364 0 R
 365 0 R
-366 0 R
-367 0 R
-368 0 R
-369 0 R
-370 0 R
-371 0 R
-372 0 R
-373 0 R
-374 0 R
-375 0 R
-376 0 R
-377 0 R
-378 0 R
-379 0 R
-380 0 R
 ]endobj
-382 0 obj<</Dests 383 0 R>>endobj
-383 0 obj<</Kids[384 0 R]>>endobj
-384 0 obj<</Limits[(aen10)(smbpasswdfileformat)]/Names[(aen10)385 0 R(aen1005)386 0 R(aen1029)387 0 R(aen1047)388 0 R(aen1051)389 0 R(aen1064)390 0 R(aen1071)391 0 R(aen1075)392 0 R(aen1080)393 0 R(aen1084)394 0 R(aen1100)395 0 R(aen1108)396 0 R(aen111)397 0 R(aen1112)398 0 R(aen1115)399 0 R(aen1121)400 0 R(aen1133)401 0 R(aen1136)402 0 R(aen1147)403 0 R(aen1156)404 0 R(aen1167)405 0 R(aen1187)406 0 R(aen12)407 0 R(aen1202)408 0 R(aen1216)409 0 R(aen1223)410 0 R(aen1245)411 0 R(aen127)412 0 R(aen1309)413 0 R(aen1319)414 0 R(aen1330)415 0 R(aen1332)416 0 R(aen1347)417 0 R(aen1356)418 0 R(aen136)419 0 R(aen1360)420 0 R(aen152)421 0 R(aen166)422 0 R(aen171)423 0 R(aen175)424 0 R(aen178)425 0 R(aen187)426 0 R(aen191)427 0 R(aen20)428 0 R(aen201)429 0 R(aen204)430 0 R(aen207)431 0 R(aen218)432 0 R(aen222)433 0 R(aen233)434 0 R(aen252)435 0 R(aen259)436 0 R(aen268)437 0 R(aen320)438 0 R(aen359)439 0 R(aen374)440 0 R(aen385)441 0 R(aen4)442 0 R(aen420)443 0 R(aen429)444 0 R(aen440)445 0 R(aen457)446 0 R(aen48)447 0 R(aen511)448 0 R(aen52)449 0 R(aen522)450 0 R(aen526)451 0 R(aen536)452 0 R(aen539)453 0 R(aen543)454 0 R(aen565)455 0 R(aen594)456 0 R(aen612)457 0 R(aen66)458 0 R(aen676)459 0 R(aen681)460 0 R(aen697)461 0 R(aen708)462 0 R(aen72)463 0 R(aen745)464 0 R(aen788)465 0 R(aen82)466 0 R(aen827)467 0 R(aen855)468 0 R(aen895)469 0 R(aen942)470 0 R(aen966)471 0 R(migration)472 0 R(samba-doc.html)473 0 R(samba-project-documentation)474 0 R(smbpasswdfileformat)475 0 R]>>endobj
-385 0 obj<</D[483 0 R/XYZ null 798 null]>>endobj
-386 0 obj<</D[645 0 R/XYZ null 798 null]>>endobj
-387 0 obj<</D[651 0 R/XYZ null 798 null]>>endobj
-388 0 obj<</D[654 0 R/XYZ null 798 null]>>endobj
-389 0 obj<</D[657 0 R/XYZ null 798 null]>>endobj
-390 0 obj<</D[660 0 R/XYZ null 798 null]>>endobj
-391 0 obj<</D[660 0 R/XYZ null 426 null]>>endobj
-392 0 obj<</D[663 0 R/XYZ null 798 null]>>endobj
-393 0 obj<</D[663 0 R/XYZ null 651 null]>>endobj
-394 0 obj<</D[663 0 R/XYZ null 444 null]>>endobj
-395 0 obj<</D[666 0 R/XYZ null 662 null]>>endobj
-396 0 obj<</D[666 0 R/XYZ null 349 null]>>endobj
-397 0 obj<</D[504 0 R/XYZ null 783 null]>>endobj
-398 0 obj<</D[669 0 R/XYZ null 783 null]>>endobj
-399 0 obj<</D[672 0 R/XYZ null 798 null]>>endobj
-400 0 obj<</D[675 0 R/XYZ null 798 null]>>endobj
-401 0 obj<</D[678 0 R/XYZ null 798 null]>>endobj
-402 0 obj<</D[681 0 R/XYZ null 798 null]>>endobj
-403 0 obj<</D[684 0 R/XYZ null 798 null]>>endobj
-404 0 obj<</D[687 0 R/XYZ null 798 null]>>endobj
-405 0 obj<</D[690 0 R/XYZ null 798 null]>>endobj
-406 0 obj<</D[693 0 R/XYZ null 798 null]>>endobj
-407 0 obj<</D[486 0 R/XYZ null 798 null]>>endobj
-408 0 obj<</D[693 0 R/XYZ null 532 null]>>endobj
-409 0 obj<</D[693 0 R/XYZ null 272 null]>>endobj
-410 0 obj<</D[699 0 R/XYZ null 798 null]>>endobj
-411 0 obj<</D[702 0 R/XYZ null 798 null]>>endobj
-412 0 obj<</D[507 0 R/XYZ null 798 null]>>endobj
-413 0 obj<</D[708 0 R/XYZ null 798 null]>>endobj
-414 0 obj<</D[711 0 R/XYZ null 798 null]>>endobj
-415 0 obj<</D[714 0 R/XYZ null 798 null]>>endobj
-416 0 obj<</D[714 0 R/XYZ null 745 null]>>endobj
-417 0 obj<</D[714 0 R/XYZ null 320 null]>>endobj
-418 0 obj<</D[717 0 R/XYZ null 754 null]>>endobj
-419 0 obj<</D[510 0 R/XYZ null 798 null]>>endobj
-420 0 obj<</D[717 0 R/XYZ null 619 null]>>endobj
-421 0 obj<</D[513 0 R/XYZ null 798 null]>>endobj
-422 0 obj<</D[516 0 R/XYZ null 798 null]>>endobj
-423 0 obj<</D[516 0 R/XYZ null 585 null]>>endobj
-424 0 obj<</D[516 0 R/XYZ null 510 null]>>endobj
-425 0 obj<</D[516 0 R/XYZ null 395 null]>>endobj
-426 0 obj<</D[519 0 R/XYZ null 741 null]>>endobj
-427 0 obj<</D[519 0 R/XYZ null 613 null]>>endobj
-428 0 obj<</D[489 0 R/XYZ null 798 null]>>endobj
-429 0 obj<</D[522 0 R/XYZ null 783 null]>>endobj
-430 0 obj<</D[522 0 R/XYZ null 694 null]>>endobj
-431 0 obj<</D[525 0 R/XYZ null 798 null]>>endobj
-432 0 obj<</D[528 0 R/XYZ null 798 null]>>endobj
-433 0 obj<</D[531 0 R/XYZ null 798 null]>>endobj
-434 0 obj<</D[534 0 R/XYZ null 798 null]>>endobj
-435 0 obj<</D[534 0 R/XYZ null 203 null]>>endobj
-436 0 obj<</D[537 0 R/XYZ null 701 null]>>endobj
-437 0 obj<</D[540 0 R/XYZ null 798 null]>>endobj
-438 0 obj<</D[546 0 R/XYZ null 798 null]>>endobj
-439 0 obj<</D[549 0 R/XYZ null 798 null]>>endobj
-440 0 obj<</D[552 0 R/XYZ null 798 null]>>endobj
-441 0 obj<</D[555 0 R/XYZ null 798 null]>>endobj
-442 0 obj<</D[477 0 R/XYZ null 730 null]>>endobj
-443 0 obj<</D[558 0 R/XYZ null 754 null]>>endobj
-444 0 obj<</D[561 0 R/XYZ null 798 null]>>endobj
-445 0 obj<</D[564 0 R/XYZ null 798 null]>>endobj
-446 0 obj<</D[567 0 R/XYZ null 798 null]>>endobj
-447 0 obj<</D[492 0 R/XYZ null 798 null]>>endobj
-448 0 obj<</D[573 0 R/XYZ null 741 null]>>endobj
-449 0 obj<</D[495 0 R/XYZ null 798 null]>>endobj
-450 0 obj<</D[576 0 R/XYZ null 798 null]>>endobj
-451 0 obj<</D[576 0 R/XYZ null 664 null]>>endobj
-452 0 obj<</D[576 0 R/XYZ null 457 null]>>endobj
-453 0 obj<</D[576 0 R/XYZ null 355 null]>>endobj
-454 0 obj<</D[576 0 R/XYZ null 240 null]>>endobj
-455 0 obj<</D[582 0 R/XYZ null 798 null]>>endobj
-456 0 obj<</D[585 0 R/XYZ null 798 null]>>endobj
-457 0 obj<</D[588 0 R/XYZ null 798 null]>>endobj
-458 0 obj<</D[498 0 R/XYZ null 798 null]>>endobj
-459 0 obj<</D[594 0 R/XYZ null 798 null]>>endobj
-460 0 obj<</D[597 0 R/XYZ null 798 null]>>endobj
-461 0 obj<</D[600 0 R/XYZ null 798 null]>>endobj
-462 0 obj<</D[603 0 R/XYZ null 798 null]>>endobj
-463 0 obj<</D[501 0 R/XYZ null 798 null]>>endobj
-464 0 obj<</D[609 0 R/XYZ null 798 null]>>endobj
-465 0 obj<</D[615 0 R/XYZ null 798 null]>>endobj
-466 0 obj<</D[501 0 R/XYZ null 611 null]>>endobj
-467 0 obj<</D[621 0 R/XYZ null 798 null]>>endobj
-468 0 obj<</D[627 0 R/XYZ null 798 null]>>endobj
-469 0 obj<</D[633 0 R/XYZ null 798 null]>>endobj
-470 0 obj<</D[636 0 R/XYZ null 266 null]>>endobj
-471 0 obj<</D[639 0 R/XYZ null 609 null]>>endobj
-472 0 obj<</D[582 0 R/XYZ null 798 null]>>endobj
-473 0 obj<</D[480 0 R/XYZ null 698 null]>>endobj
-474 0 obj<</D[477 0 R/XYZ null 798 null]>>endobj
-475 0 obj<</D[540 0 R/XYZ null 798 null]>>endobj
-476 0 obj<</Type/Pages/MediaBox[0 0 595 792]/Count 85/Kids[477 0 R
-723 0 R
-726 0 R
-729 0 R
-480 0 R
-483 0 R
-486 0 R
-489 0 R
-492 0 R
-495 0 R
-498 0 R
+367 0 obj<</Dests 368 0 R>>endobj
+368 0 obj<</Kids[369 0 R]>>endobj
+369 0 obj<</Limits[(aen1059)(samba-project-documentation)]/Names[(aen1059)370 0 R(aen1064)371 0 R(aen1080)372 0 R(aen1097)373 0 R(aen1103)374 0 R(aen1143)375 0 R(aen116)376 0 R(aen1186)377 0 R(aen1200)378 0 R(aen1228)379 0 R(aen1239)380 0 R(aen1287)381 0 R(aen132)382 0 R(aen1331)383 0 R(aen141)384 0 R(aen1445)385 0 R(aen1475)386 0 R(aen15)387 0 R(aen1509)388 0 R(aen1517)389 0 R(aen1525)390 0 R(aen1533)391 0 R(aen1540)392 0 R(aen157)393 0 R(aen1576)394 0 R(aen1589)395 0 R(aen1592)396 0 R(aen1602)397 0 R(aen1627)398 0 R(aen1645)399 0 R(aen1649)400 0 R(aen1662)401 0 R(aen1669)402 0 R(aen1673)403 0 R(aen1678)404 0 R(aen1682)405 0 R(aen1698)406 0 R(aen17)407 0 R(aen1706)408 0 R(aen171)409 0 R(aen1710)410 0 R(aen1713)411 0 R(aen1719)412 0 R(aen1731)413 0 R(aen1734)414 0 R(aen1745)415 0 R(aen1747)416 0 R(aen176)417 0 R(aen1762)418 0 R(aen1771)419 0 R(aen1775)420 0 R(aen1784)421 0 R(aen1791)422 0 R(aen1796)423 0 R(aen1799)424 0 R(aen180)425 0 R(aen1804)426 0 R(aen183)427 0 R(aen192)428 0 R(aen196)429 0 R(aen206)430 0 R(aen209)431 0 R(aen212)432 0 R(aen223)433 0 R(aen245)434 0 R(aen25)435 0 R(aen261)436 0 R(aen277)437 0 R(aen288)438 0 R(aen296)439 0 R(aen308)440 0 R(aen320)441 0 R(aen325)442 0 R(aen333)443 0 R(aen338)444 0 R(aen341)445 0 R(aen353)446 0 R(aen363)447 0 R(aen391)448 0 R(aen399)449 0 R(aen4)450 0 R(aen416)451 0 R(aen423)452 0 R(aen428)453 0 R(aen433)454 0 R(aen443)455 0 R(aen454)456 0 R(aen496)457 0 R(aen503)458 0 R(aen512)459 0 R(aen523)460 0 R(aen53)461 0 R(aen558)462 0 R(aen567)463 0 R(aen57)464 0 R(aen578)465 0 R(aen587)466 0 R(aen598)467 0 R(aen618)468 0 R(aen633)469 0 R(aen647)470 0 R(aen654)471 0 R(aen676)472 0 R(aen71)473 0 R(aen740)474 0 R(aen750)475 0 R(aen761)476 0 R(aen77)477 0 R(aen783)478 0 R(aen794)479 0 R(aen829)480 0 R(aen846)481 0 R(aen857)482 0 R(aen87)483 0 R(aen882)484 0 R(aen890)485 0 R(aen894)486 0 R(aen9)487 0 R(aen904)488 0 R(aen907)489 0 R(aen911)490 0 R(aen933)491 0 R(aen977)492 0 R(aen995)493 0 R(body.html)494 0 R(migration)495 0 R(samba-project-documentation)496 0 R]>>endobj
+370 0 obj<</D[609 0 R/XYZ null 356 null]>>endobj
+371 0 obj<</D[612 0 R/XYZ null 768 null]>>endobj
+372 0 obj<</D[615 0 R/XYZ null 798 null]>>endobj
+373 0 obj<</D[615 0 R/XYZ null 706 null]>>endobj
+374 0 obj<</D[615 0 R/XYZ null 608 null]>>endobj
+375 0 obj<</D[618 0 R/XYZ null 660 null]>>endobj
+376 0 obj<</D[504 0 R/XYZ null 266 null]>>endobj
+377 0 obj<</D[621 0 R/XYZ null 531 null]>>endobj
+378 0 obj<</D[621 0 R/XYZ null 196 null]>>endobj
+379 0 obj<</D[624 0 R/XYZ null 359 null]>>endobj
+380 0 obj<</D[624 0 R/XYZ null 183 null]>>endobj
+381 0 obj<</D[630 0 R/XYZ null 545 null]>>endobj
+382 0 obj<</D[507 0 R/XYZ null 686 null]>>endobj
+383 0 obj<</D[633 0 R/XYZ null 488 null]>>endobj
+384 0 obj<</D[507 0 R/XYZ null 509 null]>>endobj
+385 0 obj<</D[642 0 R/XYZ null 768 null]>>endobj
+386 0 obj<</D[645 0 R/XYZ null 435 null]>>endobj
+387 0 obj<</D[498 0 R/XYZ null 798 null]>>endobj
+388 0 obj<</D[648 0 R/XYZ null 189 null]>>endobj
+389 0 obj<</D[651 0 R/XYZ null 605 null]>>endobj
+390 0 obj<</D[651 0 R/XYZ null 406 null]>>endobj
+391 0 obj<</D[651 0 R/XYZ null 168 null]>>endobj
+392 0 obj<</D[654 0 R/XYZ null 698 null]>>endobj
+393 0 obj<</D[507 0 R/XYZ null 332 null]>>endobj
+394 0 obj<</D[657 0 R/XYZ null 341 null]>>endobj
+395 0 obj<</D[660 0 R/XYZ null 434 null]>>endobj
+396 0 obj<</D[660 0 R/XYZ null 339 null]>>endobj
+397 0 obj<</D[663 0 R/XYZ null 686 null]>>endobj
+398 0 obj<</D[669 0 R/XYZ null 798 null]>>endobj
+399 0 obj<</D[669 0 R/XYZ null 706 null]>>endobj
+400 0 obj<</D[669 0 R/XYZ null 569 null]>>endobj
+401 0 obj<</D[669 0 R/XYZ null 246 null]>>endobj
+402 0 obj<</D[672 0 R/XYZ null 581 null]>>endobj
+403 0 obj<</D[672 0 R/XYZ null 417 null]>>endobj
+404 0 obj<</D[672 0 R/XYZ null 292 null]>>endobj
+405 0 obj<</D[675 0 R/XYZ null 768 null]>>endobj
+406 0 obj<</D[675 0 R/XYZ null 326 null]>>endobj
+407 0 obj<</D[498 0 R/XYZ null 730 null]>>endobj
+408 0 obj<</D[678 0 R/XYZ null 686 null]>>endobj
+409 0 obj<</D[510 0 R/XYZ null 768 null]>>endobj
+410 0 obj<</D[678 0 R/XYZ null 496 null]>>endobj
+411 0 obj<</D[678 0 R/XYZ null 345 null]>>endobj
+412 0 obj<</D[678 0 R/XYZ null 155 null]>>endobj
+413 0 obj<</D[681 0 R/XYZ null 581 null]>>endobj
+414 0 obj<</D[684 0 R/XYZ null 798 null]>>endobj
+415 0 obj<</D[684 0 R/XYZ null 730 null]>>endobj
+416 0 obj<</D[684 0 R/XYZ null 700 null]>>endobj
+417 0 obj<</D[510 0 R/XYZ null 577 null]>>endobj
+418 0 obj<</D[684 0 R/XYZ null 348 null]>>endobj
+419 0 obj<</D[687 0 R/XYZ null 768 null]>>endobj
+420 0 obj<</D[687 0 R/XYZ null 639 null]>>endobj
+421 0 obj<</D[690 0 R/XYZ null 798 null]>>endobj
+422 0 obj<</D[690 0 R/XYZ null 706 null]>>endobj
+423 0 obj<</D[690 0 R/XYZ null 582 null]>>endobj
+424 0 obj<</D[690 0 R/XYZ null 484 null]>>endobj
+425 0 obj<</D[510 0 R/XYZ null 505 null]>>endobj
+426 0 obj<</D[690 0 R/XYZ null 359 null]>>endobj
+427 0 obj<</D[510 0 R/XYZ null 394 null]>>endobj
+428 0 obj<</D[513 0 R/XYZ null 739 null]>>endobj
+429 0 obj<</D[513 0 R/XYZ null 615 null]>>endobj
+430 0 obj<</D[516 0 R/XYZ null 768 null]>>endobj
+431 0 obj<</D[516 0 R/XYZ null 683 null]>>endobj
+432 0 obj<</D[519 0 R/XYZ null 798 null]>>endobj
+433 0 obj<</D[519 0 R/XYZ null 706 null]>>endobj
+434 0 obj<</D[519 0 R/XYZ null 463 null]>>endobj
+435 0 obj<</D[498 0 R/XYZ null 593 null]>>endobj
+436 0 obj<</D[519 0 R/XYZ null 325 null]>>endobj
+437 0 obj<</D[522 0 R/XYZ null 435 null]>>endobj
+438 0 obj<</D[522 0 R/XYZ null 285 null]>>endobj
+439 0 obj<</D[525 0 R/XYZ null 768 null]>>endobj
+440 0 obj<</D[525 0 R/XYZ null 268 null]>>endobj
+441 0 obj<</D[528 0 R/XYZ null 210 null]>>endobj
+442 0 obj<</D[531 0 R/XYZ null 660 null]>>endobj
+443 0 obj<</D[534 0 R/XYZ null 371 null]>>endobj
+444 0 obj<</D[534 0 R/XYZ null 260 null]>>endobj
+445 0 obj<</D[537 0 R/XYZ null 768 null]>>endobj
+446 0 obj<</D[537 0 R/XYZ null 529 null]>>endobj
+447 0 obj<</D[540 0 R/XYZ null 633 null]>>endobj
+448 0 obj<</D[543 0 R/XYZ null 581 null]>>endobj
+449 0 obj<</D[543 0 R/XYZ null 304 null]>>endobj
+450 0 obj<</D[495 0 R/XYZ null 647 null]>>endobj
+451 0 obj<</D[546 0 R/XYZ null 594 null]>>endobj
+452 0 obj<</D[546 0 R/XYZ null 271 null]>>endobj
+453 0 obj<</D[549 0 R/XYZ null 753 null]>>endobj
+454 0 obj<</D[549 0 R/XYZ null 639 null]>>endobj
+455 0 obj<</D[552 0 R/XYZ null 798 null]>>endobj
+456 0 obj<</D[552 0 R/XYZ null 706 null]>>endobj
+457 0 obj<</D[555 0 R/XYZ null 192 null]>>endobj
+458 0 obj<</D[558 0 R/XYZ null 739 null]>>endobj
+459 0 obj<</D[561 0 R/XYZ null 798 null]>>endobj
+460 0 obj<</D[561 0 R/XYZ null 706 null]>>endobj
+461 0 obj<</D[498 0 R/XYZ null 178 null]>>endobj
+462 0 obj<</D[564 0 R/XYZ null 673 null]>>endobj
+463 0 obj<</D[567 0 R/XYZ null 798 null]>>endobj
+464 0 obj<</D[501 0 R/XYZ null 739 null]>>endobj
+465 0 obj<</D[567 0 R/XYZ null 706 null]>>endobj
+466 0 obj<</D[567 0 R/XYZ null 525 null]>>endobj
+467 0 obj<</D[567 0 R/XYZ null 348 null]>>endobj
+468 0 obj<</D[570 0 R/XYZ null 686 null]>>endobj
+469 0 obj<</D[570 0 R/XYZ null 443 null]>>endobj
+470 0 obj<</D[570 0 R/XYZ null 187 null]>>endobj
+471 0 obj<</D[573 0 R/XYZ null 673 null]>>endobj
+472 0 obj<</D[573 0 R/XYZ null 232 null]>>endobj
+473 0 obj<</D[501 0 R/XYZ null 379 null]>>endobj
+474 0 obj<</D[579 0 R/XYZ null 594 null]>>endobj
+475 0 obj<</D[582 0 R/XYZ null 798 null]>>endobj
+476 0 obj<</D[582 0 R/XYZ null 730 null]>>endobj
+477 0 obj<</D[501 0 R/XYZ null 268 null]>>endobj
+478 0 obj<</D[582 0 R/XYZ null 302 null]>>endobj
+479 0 obj<</D[585 0 R/XYZ null 693 null]>>endobj
+480 0 obj<</D[588 0 R/XYZ null 463 null]>>endobj
+481 0 obj<</D[591 0 R/XYZ null 686 null]>>endobj
+482 0 obj<</D[591 0 R/XYZ null 302 null]>>endobj
+483 0 obj<</D[504 0 R/XYZ null 768 null]>>endobj
+484 0 obj<</D[594 0 R/XYZ null 686 null]>>endobj
+485 0 obj<</D[594 0 R/XYZ null 496 null]>>endobj
+486 0 obj<</D[594 0 R/XYZ null 385 null]>>endobj
+487 0 obj<</D[495 0 R/XYZ null 616 null]>>endobj
+488 0 obj<</D[594 0 R/XYZ null 247 null]>>endobj
+489 0 obj<</D[594 0 R/XYZ null 149 null]>>endobj
+490 0 obj<</D[597 0 R/XYZ null 713 null]>>endobj
+491 0 obj<</D[600 0 R/XYZ null 768 null]>>endobj
+492 0 obj<</D[606 0 R/XYZ null 798 null]>>endobj
+493 0 obj<</D[606 0 R/XYZ null 730 null]>>endobj
+494 0 obj<</D[501 0 R/XYZ null 698 null]>>endobj
+495 0 obj<</D[600 0 R/XYZ null 768 null]>>endobj
+496 0 obj<</D[495 0 R/XYZ null 753 null]>>endobj
+497 0 obj<</Type/Pages/MediaBox[0 0 595 792]/Count 70/Kids[498 0 R
+699 0 R
+702 0 R
+705 0 R
 501 0 R
 504 0 R
 507 0 R
@@ -808,1129 +784,1096 @@
 690 0 R
 693 0 R
 696 0 R
-699 0 R
-702 0 R
-705 0 R
-708 0 R
-711 0 R
-714 0 R
-717 0 R
-720 0 R
 ]>>endobj
-477 0 obj<</Type/Page/Parent 476 0 R/Contents 478 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
-478 0 obj<</Length 479 0 R/Filter/FlateDecode>>stream
-x
+ä2T0
-ä
-endobj
-479 0 obj
-94
-endobj
-480 0 obj<</Type/Page/Parent 476 0 R/Contents 481 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 57 0 R>>endobj
-481 0 obj<</Length 482 0 R/Filter/FlateDecode>>stream
-x
…ZÛnG}×WôÛf
›æ\È!,¶oXŽ7bà}‘#™19£}ùûœSÝÓ}FrvÄÖñqwWU×­küß‹ÌÍñ_æªÜK·=^¼Ú\¼x³vùÜmîÀ,«•ÛìÜ|6ŸãO¶?ݼ¼~õÒ}è»?šíà^wÛó±i‡zØwíß7ØÒ¬ôKŸÙ,Çâ°fÓÔGþ•Ÿ7ØÍ-‹Å¬tåªÂÏ9þïwç¯\–…Ãçål99~Sß×ݹ«®pð)í= ¤ËøËoÿºÈðƒ[¬ç8äèŠr¶àànü1ËxÌb�áo©–ÙÌ…�eåÑ•‹ÙJ¶xtÕrV	'ðèÖË(�x„´€”¤b°‹l¶·cZ&Uû{êñT…_º¯nèÜÛö4Ô‡ƒ«Û�Û4§ÁÙŽÊ™\U…k:ºEEP�G·\ã'Ê-(\'�ÊÑ©l‘Óžq©bª¾â¥EªÃCÕÊœJ<rhÜüÒýÖÔ;7|jܱnÝC}ߌ¾Q˜–ËbŽZHZΫ9�Ôd>+Ü"’ÄÐ,¬Ìò%<HXÁX»,hÚ¸6h²\L|î†zd—îÕyØíÛ{ÓåÕ¾­ûý#Us˜mTÅ@R%p^öÈ	<ºÕŠ.9�u^P­H*[®©fbSÍjOŒlPü(…PÑüÒmpWtÍýñ¡ë‡ºÜ	ÌÄ5‹
-~7jj i8¯ZäR›œ—IÅ`3s°Ä
-[¬é׉|DzÌ‘U;ÁN‘
–(V�²™]yqé®ú¦»ðÓñÖm»önî-«º»ý¡™M¬’—Ø}´Š�d•Ày3DN vNoŒœ@Ú¤ ^‘T¶,è:‰v9ÝX1ØUN›¤µ‚a1ü9ü.²Áb9k„&f³X	ßa*ûÞ�û`,³’ûº>Yâ~ñf,"?¹
õ¡îÇÚã³�å¥Ñ„’	çm9�Pf^1sER1X¨
×I¬`°�	+,Î�!ÒZÁ`×–I"3½x32fÇ,Çê'[\º›¡î‡1«ÀÉvVZü\«b.×+ü
-á1Ð.!NÏ„T)¡PV0Xœ²RV0Ãf‰ŒŸŽ…vhKÊõúÕ¢Ò]ßݾm†ÝŒ¡3QhUZ®ôH
-Χò2’Š!òrA¡+˜y Ÿ°Š©PFcĵŠéóŒ&aƒEq„™ÓZÁ`—ËÉÚ`ª”§×;s/CÓ·È(_šKäÙàûÁÕ'W»]Ý}‡îÌ"¤¬˜àB„x#dä,$'E†™;qéA…·¸©b°h¹ xbûëÐ�y=#†Yææ}q­bopøxbaðƒE;§R)‹†¾×úU§
ª%¨%TÿÝö§rŸê¾�©¿Ôûƒïa[Ÿ¿Ü©é¿4½&ø�OLð$ÛÎÛ
-‹�ABŠkƒŠb¢ÿÇOõàÞÞ¡†wŸðŽnÿ6¸�]ÿùŸ“ê…>’�>Ÿ�ÇQÌW¼ÍÈâD–Ílý¨¼Þ×÷mwb8áýŽwôq|!ùÚ?g&Åvhma5Cv˜`°¨ÑÈ’‘
‡Í—�óà¶{hÜÛד#Š5{Àq�ìÛ4²E
m…Œµ»_aƒµ¤“X/^�ò?M3WŸ:o	æXcè¶ÝÁ½k¾4½€¢b7F�é-y�‹QÆ\YÁ`N“µ‚ÁBüJ×
-‹&y­¬`¤
-¦ Œ¼ÄAJƸ
-ò+ü¨wW(òõ�–»iâh
-®ç°�
-¦×1¥�ƒ--nâ¹0gÒ¦ÁÐÆYO
ð®n¯1×áëýÆ}¨O§¯]¿s?·Ûþû§�x
-†L–8óÈ*‹‡Ù{dƒÄÐjš¦·]û¼ñ�Ðì0úô±1V^ïeò.àv¹
ó^vÍB­ùŠIÅTš}nbƒ [Nã‡S=ÌLŠ��e4s<ælkrHr.œIÅ�&‚
-‘
rÓaêTŠ«îˆ¡ð8éðÉý¯
-k€°‚áx•"Ò¢HŠÁ¢´Áã#ÔÏŸY›ÁŠúù!dEÔôÓù�“Vçs)ü½êèV­è”M\.$1@ãଔ­SµÊá7Ó€*bµ’�:™¢ÒvaR«ñ,Å`樉¹©Òµ‚qä¦�ÓÚœ†+lÉ:)¬àxQª‰}¤š=5Ð/�ŸÔîz¿í»Sw‡oi˜ôûÛó€~ƒ™¯»ùŽyøÑ
}ƒ/^¡¸i,ek?Æ
-CÜ(»` ·RV0XLù'¬`°ö ��ƒEŸ³Ð�3ø8‡Hkqô9Ì=¦®;š½v‡º¿o\{>Þ"y¡X?ðñÒô£C[jg*¶YkŒTÙRÆÈ!:”™‘¬ùù€»ˆÑñF�FkÚJpr›®;œšq&å)���;„+àvq–ÕÜD*kßÒì3ÿÁ,aŠ²LFˆÿÜbcaÀ®mp€8Å^<‰Kns!ëäí19Æu^¸Õ㩃}Ûò3»*÷ºÇºG¿ý,iÍbÖcÂ`ì�íg³ÓS`8zJ �EUã2/&”ÓÒ4¹´ÉèÕ$ÀĈábØÏQ‚Àd%ßë‘	l:9/�Õv�U“À•÷øüC[3;¾™Ð�Ñp`DÅŸ)EB��BD&!È€§†?ã"�´Ð·ž¸);g‰KÞ0Å=„ Çæ7› $tæg¨Ç3†ëý}øš‰6ÄæãSm>ûÆqm)‘ú³4XaaM`ûu Åtì°ˆ5%­F÷A÷ˆ;%dÖÄ“ŽçÙmÛ bs0aG*ÃØ+@X“tY&�–fúŽë&bKcðHîSx%¹à�w¬Qd¤ÎØ›ö©ò/Þ 5Û?—yŽßžÛŽÿï锈â5Æø§9Yp»_ü	peÙendstream
-endobj
-482 0 obj
-3042
-endobj
-483 0 obj<</Type/Page/Parent 476 0 R/Contents 484 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>>>/Annots 101 0 R>>endobj
-484 0 obj<</Length 485 0 R/Filter/FlateDecode>>stream
-x
�ZÛnÇ|çWôS özw.{	”dÙ$Q–¨0‚Ñî�{w‡žšÖߧêtOwµi'�
ZÅbßνOÏ/g7Ç·*\¹tÛÃÙó«³ï®Îæ³9~ÏþxÿýY¹œÍÝrÍŸ·ZÌÖ
ì݇3�·®gµpn1_ÌVB*[nfeƒ].fKeƒÝT³RYÁWÌ×q÷Ü0ù»·îÛWK·X¸«Jb¹^¹«�‰`ÏþÑwÇîx뚣{{å^ö‡¦;ºÇn¼sšÃçƳ⫫Ÿ(:/¨U
	0
Ïk€ë
-„ V<mäR�»�ŠÁÖ5å‡*¦(L‘Åay U‰1z$¿ñæ¸s×Ýq×?ž &èÚŸí”�¦Þ@ôW¯)c<�@;i%N:A;)Çá¤ÄnuüKNª˜rXñ¤q¨b°«:Û�b°ÞôÒXÁ0‰ÅšvÙ ¥å'U)]ß}qÝÉ�wøñ¹ÇvÀ¿a§vû0tã÷7üsøµþ$¶0ÍUKœêàÊŠ‹xbwf�°;È¢Zá¯uÕåÌM
-H3\ez�Ó	<¸M9+d)�EQÓÖâ@Å`klEYÁ`—ý.�v5§‚+˜Bžg›R¶2#‰cƒ…ëžÿÐgá¯O…÷CÿèÆÞ½è�7ÝíÃÐ&�ýæš“kÜ»¡;4×É�ñ—ãÐï÷í0	Ý‚]I‰Âz7<¡� Cº4[d*{Þl¾ú‡ã.›¤ l¡�‚†`€“„�%"©lµ ƒ$V0åO×V0dX,g�PŒ¼@”“Ø6	Šñm¼›ÄbÜŸÈf¾„P�,†à±bk‹
�¤b«ÎYÁ`×kN+ÇšÓ_«˜fežÇ*‹=ꮃÝ,rV0¼ë"
-‹ƒ“ÆEƒE�Þ(+˜,óO䀬œ­ë»ft=,kpwíþÞm‘Ù.Üm;º)�yõו�b…µ
Ša“ –4wO¤b¿ÝB†bC(9ëºÎÔòñýk¯‹SwèöÍŽý*fÌäEjÈ›‡‰xbKXÙ°bfî„ošnO|Ý�Æ\ãÅÊü‰ò…nÙ2‚½|¡aÍ*§±^0‰Œ³`vIcƒ…t!˜8V±�O‹ø4aÆ'f™4V1ز hâÌÁ&`s¹'¿¼|s~ñöß/.ß^½¿|=Ý_c‰˜Šß�Ü_|z
1ɪŸzQa%”+%
Ø
-†B
-ÂÄ*¦2M=q¬b°HjPWd3ùؽÕ!*œ§úxìnÚ�{ÝßöG+KÛö¨:bùøöâ_îáD+G�ÿ5~–7pcuƒk
ÌÜ@Ъ›†”Šóϧqh¶£NQaÿVÛ°âõ MQ­7™k_°ÄÚ=lÇ®?f“¬*sk‹°•
N"*Àv°B$ƒ…s/„õv]án�»¼Åº 	æ©_»]öa*K\®â„†¸Å`QK×Âb9D²Êªb5â«f`ýxŠ‹ØÍ°²¢w©
g1À5¢XdDKœ@.¿‚)'2œ¶ÚÀãtyÁÓa¯ûáç)Èù“–µ)Ÿ^‚]²“
-ÆR5mCXÁ°^(¥V1ý¢æ6ãÌAJAnWoºíПú›Ñ½oýØR1ÛvǪýE³ßç».hÔc|eÈë'a°XgJ¬`°KÞ*öU”™ðÞ6”Á¸Öu[ü×üí]°Y/>ì–Š¬°®ÙFc)TØHb{
á‘
ArË­öÝþáö¶AMåÎ�§�c·EõˆJë
¼)U+¶¯7Ö‚ˆPç
·%»²h›HÅ`qÛÈPÅc†ŒLƒà½>±þD%VÏó<b°"÷{Ü–îÝÅKw¾ß÷þT*årMê0´ÒyäÕÍàY4‰jaêkV¼êïÛÓÃ~„Q±æ¾ÕT¢ú÷<Ld€ËàÚ7Aî�W´D*‹‡b¢%®Â¹±_O#ŒÚë�!zºyÙo²=¡~£©£ß†‰
pOaâ:ïM½F±4Ú“»X¤ñ÷‘i»œÈȬ¹¡a/Û=ÒEÏ–ÊË‚±Åã‹a’?Jå%ª¯\Ùë˜ÊeX(û€i:��&†äma®¥,–X++˜š`»DÆ
-»a ¬`z$m&±ŠÁ¢„€Æ])‹Y(*ÉGRùS
Y–~ׇîDÙ»ç]¸^_ø¦*.\
ÛÓ‰ÖÂ6ÅÓšµDEIO±é
'gNKœ@Ê”wÔD*»dÐV0¥fÚ²pQÅ`‘àtYÅ”)kÝ4³bÊtN]¦™à kuÏŠÁ"UéÌÁq�Þò¨ðÏ®}d�DgÜ¢­wK`*¹�*9…"Š÷o(#uþv]³ïosŸ›ûž‘¥óÒ
-l_ýã±NwÝ}¶\¬ßÅbµ0�ö8¿päbVR¦�ŠÁ¢ÿ[È´ŠÁÚí1�
g@+àù)·ë†v;öhsŠ-‡CY¹P,}ëÈš‘˜
-k½aÓ[Öð´Äm•¿ï¼ |ën¾0Üx«ûïúòÃ]ÓŠ^uyÑô�²r‚<;k‰TÖî.Â
-‹VS¥có`i¬b°Hú®b°x°ZéXÁÖ,.(ˆ¬È{C¸@¶¼�2IÚÃã1ê©ã®v!~lÙZmÝ¡9ýìÜ}3 ŒÇ É½EéÉ^jÌ:Lˆ�B‹¤â(ÄÄz!Nc½Ð+8
-1²Aˆa,;A°�Ä
-¦-–%V0Ø
ï$il"j©<Jü?b4‹lÆqè>?@œ�çý}*š­.\l(0¦a(ÖƒRÝcÿ²®6—Ç‹MªÓè³ÔOÓ	¤i3$'LkI�õt±Ë…ó�t÷ÃåõÕ¥Föâƒ"b %<ŸóèóêüÇÉœ,¶1j1ØØ›«.G‡§°øVX†RLsbZOCƒ]ò6+¬`°ÈzÙÌ‚aVŠiNLiÂ
-‹Ë„m§ã�ÓØh¨Â
-¦M°ÖL¬b°0è8άlÅ+¬`°(ë²™ƒE�˜Í,,t¢{VÌV%³OZÆ…<ÇÇ�§eŒo’oãóâå‡owÝ÷¬Ð�ȹ®œK¿­ü£ãÖÞrÜ
H{zÏ:ì<¦3¶{Ã1�ì(pÁn"©8ÚQb½]Mc½Ý$Vp´£Äz;
-cƒÝDV1lÁ:=~ÿf)‚Á¢~€ÓXÁ´#vt„�áE
¶Ç*‹”
-�M¬`°È0º®b°Ê°²4V0X4à‘‰åX6³`ÚmÒØ`GuÞe1üçVTºOÏŽ=zÞš>}õu°&„š¯ñANIû*ð–ý'¦d.S²¸bÀL)A(™‚�¤b°8�XÁ`í	aƒEß$+
-G÷IYÅ4sฮb°ÖbMë*†Z|vˆcƒE†{'V0X«…½U¨4�ÖÌDXÁ`Qf èıÁìÃ
íN�£ßÉW¸7Ñ/áA
�<M>¢éçƒÉ§g$ñ©	Ÿ¾rü.åá„w
-H�i',Ü„L;á­RXÁ´sÁ4³`°è@À+˜–À7…Ä*‹�t¬b°(6�$âÌŠ¡4†uÏŠ©M~�Æ}!eååxׇ§Òû¡cmêvCåà÷�Ç}ßìÜ#Úî,ðÍO-x�&%¥ò%–J<5:*k¼§°›Êð£¸á½ëÛW8³}ŸÆB�ŸìáË4ùŒãÃù›ççìŸÿÄô²ß>Ð.Ž­Åoü¨oü°gÿã¯+äÎ
>MºÚ=›>lûñì?lé
-endobj
-485 0 obj
-3339
-endobj
-486 0 obj<</Type/Page/Parent 476 0 R/Contents 487 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
-487 0 obj<</Length 488 0 R/Filter/FlateDecode>>stream
-x
+ä2T0
-/:endstream
-endobj
-488 0 obj
-129
-endobj
-489 0 obj<</Type/Page/Parent 476 0 R/Contents 490 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 104 0 R>>endobj
-490 0 obj<</Length 491 0 R/Filter/FlateDecode>>stream
-x
�RÍŽ›0¼ós¨T*5ŽùI€Üv¥mÕCUuØ`À»`Sc„"õáû¢ìî­B6`Ïø›™Ï‚œžYŒäˆË<–Áþ[�˜£lhç˜å(kpÆ9­\³“#ø	ÏRÔp�Ä 4FÑÊéKùBÌQ´1wqÎbâ†å{j59«ªÙÉ‹rÎ?p1Ú	¥�Þ¸	¦Á<Éfî¡tc¨Žpî{t²áZép53&',�Ä€�_ð"8vQ²•®�þìðªÍ‚Ž­×}×ìh8{&3H×)Ý¢W¯ò´¹¡dînŽ,õn>aÛŠn[¡¶¦i°ógNCU³1+WÜSøèÖüù¯çïA\d¬À!�	; )
-Æo=Î[Þb<ä	ÁÞ·à‰¶¤w¶¹Få3²ƒpÊh*<¥}¼dÕuíÒY•À"+LÊɯkLuÙ!:çÆÓ~¿,›<ƒÛzì«!‚Ó‡,¡9Í3šcT½Ùä÷èèÞü÷JsNÑxF˜Þ
-ÿþ
‹Ã¼”endstream
-endobj
-491 0 obj
-399
-endobj
-492 0 obj<</Type/Page/Parent 476 0 R/Contents 493 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
-493 0 obj<</Length 494 0 R/Filter/FlateDecode>>stream
-x
�TMoÓ@¼çWå@�ˆ§i›r¬j.=nìçx©½kö£!ÿžYÛ‰Z ­¢HQìyoÞ̼÷s’cÎOŽë.®P´“Ûõäüó
s¬+>¹º^a]bžÍçü§˜Þé�ÄmÔM©Í¡Üj£œÿ~ýƒà%ò|
-ð�š”l´5¾§S(1jÓHjB’ò‹Å4×˸µêAÄAý'dvºiP8QAz'7c2|3ôE‡w4#…x_ÅÑ„¶Ó�”G–ÑÜý_µ#ÀÚz’_yFÊ”h•Ivj+>Ã=­MrQÐNÑyaVNAÏ¢(¢•š‡êë´ÍäùrŸ•Å“Ê|µ½YŽr­¸_±ãö»œö@¡sò¨môxç™*ÀV%­B«·u@£i…~0vG•Y1ËÍQý1x²i¬ñÜ�>?�cV[†b§CÍîg‹œ1²ALê>˜Ô»´µØ¨â!µMÍþâ™*¼B8Ž+.œm”ªÒŒO:a‡	I¶Ô^ñN¸7©í§õ„g‹›Ël…åê:ýæ—
-WÃU]OOéKnêr5ÏnxŒyC.ÇNß'¿
q¸¤endstream
-endobj
-494 0 obj
-621
-endobj
-495 0 obj<</Type/Page/Parent 476 0 R/Contents 496 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
-496 0 obj<</Length 497 0 R/Filter/FlateDecode>>stream
-x
•‘ÍNÃ0„ïyŠ9‚Dƒã†4á Žˆ¼€“¬kÓĶêÛ³IwYòÏÌ7›ÝϬ€à¯ÀNb[¡Ÿ²Ç6»}n ZÍ/Õ®F;@äBðMõžh†¼Gkja§Ù‡¤\Bä—ëöƒÝ%ŠâìÞÈ:—ì¿zHHÆF©=áä�˜Ž1ASêÍr‘F
ô^k"ø
-endobj
-497 0 obj
-307
-endobj
-498 0 obj<</Type/Page/Parent 476 0 R/Contents 499 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+498 0 obj<</Type/Page/Parent 497 0 R/Contents 499 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 17 0 R>>endobj
 499 0 obj<</Length 500 0 R/Filter/FlateDecode>>stream
-x
�T]oÓ@|ϯXñ”Jà8mÓJ¼€(êšTPQ„ÎÎÚ>z¾3wgBþ=sgŠUx Qœ(·7;»;³ß&sJñžÓé‚–'”דÛÉìâŒ)mœœœ®i»£4ISü“O7žZžÓKËÂ3ùŠÉÕåF²l­ðÒh*¤âähûH+šÏ;¤g‹u²
-Ü?Ð
-1y[³+ãæêòã—Í«—7×—ÛÛ œÈçÕv‚ULËãž«õ)ž|
+x
u’OsÚ0ÅïþorJgcÇ@O%ýè$-žéY¶6µ-*Éeøö}¤”d2l¤ÕîþÞ[ýŽ>³ÓUÝÑäÓi‚bÍH>ÍPÔHâ$áNu½Z~»_âÑè­ª>èjìÕà¤kõð¦Ø†TÁŸz;Kâ9“O9…’½?ò±ˆX
ww‚Ñl>ãÿ”?£°>¦yœ?<£Êy(}æZ–ÖY¹#D!Né<N=DÑ´¥Ö¿À¯D¥»Ž
+ˆ
½Æ—‡ŸÅ·ëZÕp+Ù—õÿê ÿ(×(”46ÆW8sð‡Õ`GÒ»F:È®ó/¦Ç¾’¡j4†.Ý ¬î•k{eC±
+;e,á*.{ÙÒâvˆ�‚ý{míªXd²'
ŽÏþrª„ýø	‘DzLªG*fÞû°ê°ò3O¸LñÙÓ'ý
¢ä|ô8Ô Ê ÑW>÷0\7ÎíÞN&ûý>¶ÞÀX›ÍäòlHðg©1迺¸BWØÉ�¢ÎÇNI«`Ž»Z:o—>ËCƹ&”2ºÂâIÉ0jK·x«Œ9¼ûù
+cöq›ú¼BïE»o²O,ߣ¿"çRendstream
 endobj
 500 0 obj
-789
+461
 endobj
-501 0 obj<</Type/Page/Parent 476 0 R/Contents 502 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+501 0 obj<</Type/Page/Parent 497 0 R/Contents 502 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 20 0 R>>endobj
 502 0 obj<</Length 503 0 R/Filter/FlateDecode>>stream
-x
¥’QOƒ0…ßùçM|X†øh¢ÉbŒ1ò:¸°:h±-3û÷ÞÂ\â³!M€ö~çœ{û¥HøI±Í°Þ ¢Ç*º{.‘%¨ZÞÙlT
‘$ü§Ž?<�ÈP‘ó8›É¢6ºUZÕ¾•?
-5”ç0}�^qÎ`©7²¡ŽìIÕäD
-øSñpp_–¬�[~ÏxñÉv™eqí?ð“Ì‹D”|#8Eq~�~
+x
�V]sÛ6|ׯ¸¦�‰:cS¢>,Éov§NóÐfë¥�	Š¨H€À(šé�ïÞ‘´å4êÔ�eK{»{þ5JiŠŸ”V3šßPV�î·£ÉÆfSÚøæfµ¦mNÓd:Å'Ùø§R5Q{JúÅ):zoCTUEÊæ´Õ!Òãݯ÷w?nÿ”:颫s=O“*�Ó[£nhzKµÊ)–šje©Q{º}JÓ~ßlÅ»¶çk(7!z³k£ÎéhbÙI™³QKT¹ÈÔ]´[8œ¢"h©«†�ïu¤“k	ð=*%Dïþ€!Lé:�w€sgßF:Xt[v{Fý„˜ñ[ŠþD\­ciìž*sз]/`÷©—›täã¨û*í¿[®¹f¨wy²¦¿©v^˺Ÿ·#¦_4
+&ê+¡é%.¿§1•16·“ÉñxLïHœßóÚmHCXŽ¿´\ÌñºX¯ð:Ã/N/öYN7¢Æ³a§ÞGé-Ý·¦Ê™wöÒ½±Ê›ËVr”³L¸¢ÂxÖ·Ðïö^Õ½8ËAœdcfßözLfÇ°–ì숄/½Î¢ó§„¶¨O¡tm•“j£cj3Œ	\òTM|6ZÇ/d`zr�öØ„¦Â)D]'½=©TŸ4µ¶
­ªˆ¬Öy`VÌ\«\J}u>ûŠ½sñû/mxÞéõµÌIW`hc1ë=ÜQ‡S‚Ötäá
+�Î ¹†]NGk«v•Æxm¤þ¬³–Ûz´ZôE,2ÖÆ2j‘c×; ¡6Ódâ[hÑf°z@tÔ�©ào
+w¢BLøïøØ.k)�­‘šÿ�¬›…ÜIçÁ:ïƒuvË#K|¹›ºq>*‹)ÇÕýoQå’¾‹(ŒÄ^wiÔ"^³’ßú «P‘€E�Ô€Äìyʽ±Ù �…h궒ìKè�Ž‚L³çǶ
 endobj
 503 0 obj
-334
+1091
 endobj
-504 0 obj<</Type/Page/Parent 476 0 R/Contents 505 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+504 0 obj<</Type/Page/Parent 497 0 R/Contents 505 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 505 0 obj<</Length 506 0 R/Filter/FlateDecode>>stream
-x
•WkoÛ6ýž_q“/s±T~ÄΣû´aí`K»ÄCQ À@I”ÍZ$U’Šã¿sIÉIUm$1ò>Î=÷Ü«ÏGSšà{J3:;§Bý¶<¿¹¢Ù„–þs~qIË’&Ùd‚'Åè.Ȇ¯è.”YQXKò:/I˜’>¼X~‚…9M§ÉÂËÙe6ƒ�ÑÛ’n} bm­—,y¶òåu’
-&‘ðT
-©­ñdUÎjJ¦�é‘22Ü�2úÝšŸ·#öPZÊmX½Nvw¶e3z9=KqÂPÓâÊZjR¦óPb#<‚›¬°¦ú2µQLy-î‘
-_�ÉÈ’¬¡Rj†ƒòÝ÷Ä|Ê	".âH$Ñ è!„ÜaAÁQ*¬ŽkÄÊÆd1–¡»"«m!êA"ÝɘÁ
-5b%=U0SÊ T�(�ÒÐÍ "Û…Re´	 GÑÖÂ!'Kí¤
-mŒ,j¶ò¹•>
-h–²BJµ@�…DMϮơh2º®È@O8ø'Ǹ¸Ì*\ Øƒ?["3¸ä_%�Ó'âØQ“+ë_z�ÊvÞ¾�¡ì{¥zõå.�ž]ŒÛ²‰°ùµmë’¢(�6@:ÈÁ|Û3t¶³ô¬ßùH–èßg¡}Ž©u¡°µ#OÞj™ ä�á 	]õÃcžZ—_Oñ-¤Ð„ú 6[�ð¸ùiÜz7Žr7ö,ã\™qUñW_žIdøh`j”
-XÊ•ƒy†øÆY
-âìX×ëJw¶èH>ˆ3oýy`ùIhïÇM$èó(Þ§@û\†­åZ£$T·§<xH '”“KÏ'¡v�Ö(Fô©wpÕªR›ˆÛ]ŽuNHÔ¬á»D®Þ|¬\‡ÕÀŠ>ŽÐi˜´îhÛÇÇ¡LŸoÅ_
ê(íÝè‹,ü
ƒ,$ƒãô
¨¡�š‡àÔ,¼úƒ©q¨·i,¡®>HÝ�"±Û5Ö3.�(¤«Äë„ÒÔdl@ɸbĉ×ÈBUoœ¿~Dz‚�áE‹ë–Zø
³(6ä£éŒnÛðý@S/1j•pèɧUlh/Ì`eâjƒVJšÃÈ�%†lG�è�›$Â1~Ó;y"x‡câ$�Åj!�3‰·
t,Â¥ ´<%(<UqïÀ”ƒFôïwß
@ü÷$`
-‚9´D@ƒ‚k)Ð_\ $ò\$f•o˜K{EàjuËXÜOáªÕhWì©nÝýxY�/œjÂi<»ß=®ÓÀû½Kxw¿ŸW·¨/ú)Ïž*÷÷Sj¤[c¨Ó'~Uð’×h¦ýùï»8~�8ß”�Õºæ)�I‡q¨ {X<oG{aÝ{;ðr2â3SÝõê s0uÃ+[Tvlu[Yב(Ý5ŸczÚ¡.÷#¯M?üþ4¿œdWxûÂÚtÅÁÛ?GÿTË#²endstream
+x
�WÛnÛ8}ÏWÌö¥.ÐÈ—ØŽ`Ún[E/Û8Ø
šÅ‚’h™�Dº$•Ô¿gH*vÕ¤› Žc
çræÌæÛјFøÓé„NæT4G/WG¯WG£l± ý‹­ðLj¦Ëy¶ éâïOù­•´†í>î_’í|±Ì¦Évû`
+çÃ7KOiµFØùl–ÍiU†Ó#Zƒq6ÍèÂË-�œÑ++…—ä7’\“SaôZU­^MkUËìÙê+Ni<Ž�'§p7Xm$Â	ü8ÑlkùÀQGJÏò{0qD®ÍKeeá�ÝuOKå¼UyË!3:‡MUIçigZT$JvÑp#:ŸdŽ^ ðº­ë9¡ÉIIsBš-»sTò¦’pa9m­(¼*$€5—ÝàäVT@ÙXu}x<�°“9pŽE“S\.òk§ð@ÝtgÚº¤\¢^Ó ¶ÒÕê†ã)w
Ñ’ñÃù,:§ôõ¥ªM.꺒AŽÝ=Æï;co*kÚ-ýNï¯Þ~þxù)OÆ¡Ù‡Æ_6ÈÁýÂV-dnàO›ÇãÂ24Äh
+ê–Ýa˜^Fé“ÑŠå™·‘*ÚZ`ÜY†Ðˆ°ŽWr�9ÊØÓ—“X}·pAþÆ–Q²"Gâ¦ã‰Ô|ÚõÂP90ƒkLT°ƒÕ±T�€sQÞBJø*É
˜È•ûV1-{@Š÷Ì~fü€¹+Rë¾H㺋*
,ÜÖ€®VÕÆã†dþ[«Š›º_ ?•V^‰p…K—öo|丫!Ìs¾RÊxÑ|‰ƒcœ‚e
 endobj
 506 0 obj
-1465
+1450
 endobj
-507 0 obj<</Type/Page/Parent 476 0 R/Contents 508 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+507 0 obj<</Type/Page/Parent 497 0 R/Contents 508 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 508 0 obj<</Length 509 0 R/Filter/FlateDecode>>stream
-x
�TËnÛ0¼û+¦èEEk=ù‘Ü$
zè3B�)y)I•¤Üøï³åÂvÛC+A$rggggùc’!å;Ãr†‹*9¹)&Éý%²%Š
¯,VŠ5Ò8MSUôà¨Ã¼ŒqÝ:2J¸fGW°NרG4ÂB`-Hjõ¦xb°cx°él/.*t�«	–ÌŽÌqöº‡­uß®QŽÀ˜¶2Mç`µ$Wûdm³%Fh,´¢wèÈÔ¢³¨DÛúe&p}ÙE<óÂV–§£øpy œÇ¹ß�³ëõ«¤lTbkÀ…ei¼úÓ¾¤·&i5SJ¬�¥Q²\cz‹ÿ‰UG±'Ò^Ì}~ÖSA
-Ö…;AÏTõN”-ágãê!_r?ÕˆªZê5ðö9ôâ75|¿¡üïÜ�J(ß.Ó«s¨¿È‰rÔB­¡ÍÈf ¶1ZŽ‡ÞD	¹*1U<ˆuÚ–#"lœmÓ¶¾:KŒ+§m•háô`¨Î芬%{N^½Sìž^ø÷K–â|ÛàŒ#"?wWx¿¬Ú[ïCÂ÷¯9‹¹gÁå)î­#T6J±]«Ñj½…p~5¤?Háí4Ú”ž…ìZ²‰Ý™|:¨ÜwçŒsÁÅ�ð>ÆÓ7j„s"C
wÅ„‡ù|áß«%¿güÂ&ÌþjôG¶XÆþ\à±?žÿë7×ølôU·ºê%)ÇÇ@˜öiˆš†°?-òe΃äSFYêeº_&/ˆQfendstream
+x
•WaOã8ýί¸×ÕÒ´iK[¸O¬v¹Cºe9èiµÒJ'7qZC÷l‡¶ÿþÞØM[²ôX@
+E±Çã÷Þ¼™þ{S¿1�zÔRR}˜}šu£ñ˜v3Ã?]÷¢1
Æ#|¢
I–â¿áîM¿
ÄÂKÄß>§suNñ€&ŽŽñ!õï»4IZq4Œâˆî�\Й¸Àaœ*g”]�*¥K£D—Ù»ÉÃQçj@qâ´{#ÄiÝ|™|ú�&sd¥ó\/yçRå9M%¥*ˤ‘¥#•­uE••ts}OÚðŸ÷ä4YgÔ´r2%+Í“J¤¥B,lÄ'v©ÝâÖ8éO­I8Žc(d}6­ŽtI§Þý<ÓVDôuŽ}ÊR*3\(å(mÅýóŽK]gTj7çä÷–‘›Ë’DŠ
”c#�r“UÜ�zœ6Ù‹pb¼‡Í&g 7UÚ¶­-©>íyz{´ªP¹0ùP¬uªtáa³s]å)ÍÅ“$Q5kŸÌë'—¶Žtðܹr$Sõ?Ð’Aé
+á…)‚³Y®ý2P_J,.×à‹
+뫱kè6‚HlhŒ	�¨ÒI“	¸×	é…Sš	bMz÷äµv!•­ýúë[®#­m€ÁõÜaYEÞìv¡#º«jÀÏjóSû³šj‡FiÚP10_öÞT—¿:zD-Ñ’ý�Óž-ÒD
+¢a7—@¡`¯�8Ä ]rª�§‹§L¨Ü a“تü^­L<nxâ¤õ]ˆO;yYßl3:e”àê©÷îpÓšœTã’ê‡Fr||üõòîæúæw|¢ÏLo¨7$óI"HÞh�ΈFÁ÷ò™3l‰. ŠÔÞpP{hE$Ô ¼�ÆŸgšXWvÁjÚz„e½ë"ÃYU@¹ö”«`·ßod£îÔ¯µÜÔ™ñÆÑa
àå^H­où[4ˆnÉXâÈ?±õ”ÒÌÑ×é�ëÝJàçEBü}ë;0ßÀ·8U"jžs£F³CGT0¾'àÏEµµÖm¢Þ›‰ò]K�I]­¼`OÅÐê#�)Þ×Q)K™çþv~ëR/b¤
+sWÓ–»0\í�R±ŸÍšÃT¯¦¦]æ�M)œz’ä¡ò2…ºÀ!¥Bº|ž9Ï¡§À0jÖü`övíó�ÀÀá͈¸áó…m£k
+Ð=1Ð̘€p|íÞ{ùÓá_ÏókmŒáõ^þËqhÍóù-ùpCoôÂâœÞ²×SºÙ»›XwÝÚK÷
 endobj
 509 0 obj
-567
+1365
 endobj
-510 0 obj<</Type/Page/Parent 476 0 R/Contents 511 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+510 0 obj<</Type/Page/Parent 497 0 R/Contents 511 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 511 0 obj<</Length 512 0 R/Filter/FlateDecode>>stream
-x
¥SM‹Û0½ûW¼CK³‡8¶“M²=(l%^–B.Š<ŽÕµ¥¬$'äßwd9K7ôVŒÁÒxæ}ÌÌk’#ã'ǪÀ|	Ù%_Êd¶y@‘¡¬9²\­QVÈÒ,ã9Ùz:bù¥½ UÎ+}€o®–ÄI¨Vì[‚Ѹ˜ÞÞ•¿“ÓbÁU&Žì‰†«Ù†Aó1-ÖiÂþžmò14qÝ^¶Š´ÇôqŒÍ¯±¡zcœ×¢£˜·ø«ä21æfú¶Â�<öB¾@Ìaê²
-#RMñ­gTFòA¨†3ù&èVJKc-Iß^F¥ù<Šqäûc
-ü0ž8Q„lN¹¦‚¢u{B拓7I8‡G/ÁŽ¾7Ô0
‹G¡¿-üÝq7л‰ëeáð\?vwé/FSFM²1Æ
ð-�¨e²·Ê_¢Ð »ÔJWˆ¶¢ÛXzíÉyî6ŽÂ¹³±ë¨
ÓUgÕ¶Ñ`f{Ã,*cW¶¬5ŒMˆÏ6÷צ¾5<Þ_:aš±FAEž§Ì¥ØMÇÁL¾—<ær¨>yVìyïßѽm—¨ªë(›£W<½Ó§�¡+�¥4¨¸°¦eèã R–kìøèh£§Ñ¡8=nwt|-^Üg<“‹õŠ¿~Ù­:nÛúmnyÅþc×0Nm
+x
­V]OëF}çWL¥V
q’�‡J÷SºÒ½Ð6iQÕôaco’%ö®ïîÈ¿¿gvíKH€>´ ÀÁöÌ™3çÌìד
õñ= qJç#ÊÊ“·ó“ÞÇ!
4_áÎh2¦yNý¤ßïÓ<ëÌ
mUQ�òä¤ÎIÄ�N­µ(ÈòI•5™tN::�ß"ÜE®Cº\æñmŠ	„9xÎ?–ð#}ꦣdD�«ëù‡)}ZÑÎÔT;Ïþü}HÎï
+IJ3Ä�ó²ä[šÂƒ¥ØQ¡¶xÚPaÌ–„ç»1=xhªîΓ”³ÈQV…t=wg‡]ç…õuuX€Ë¬ªÇP)z&Ê¥ Ò+AŽ$Ôða~6it>JF4œŒq�âÇJZEò/i€
+ùý4™<¡�ŒšyYÑhJsËÅ8¯ô:Tï6‚sq'T!–àÀh.ÚZeï¤=ª2åÞv~lØ´]ûY¡¤öÔýÜÜ;oï…€ã¼eC[ÛɽæüÅYÝÆÔENkéi)2PÀ’YáÎ1Ј4MÚ¾æFÿ¤É™Rú
—ªˆÍŒµ2óÅ®‘EÛ0'Ñ „èÊx–Dh/^àwMN™Ð$
+gh)Y39÷ÌII÷ü`ƒŠ€í)‡
+±ôYè/B‹5.#;î õ¢ãêlCÂÑÍêf½8=Tl£ÕlcäŠô–
+y' Èj«ü.ê”õÌ2])ø"–eå×Z:�S%œ»76G+¸ÐÚ=»’ÕÀQ�ÅÊÀÊµâö3v‹%E…´
í
 endobj
 512 0 obj
-533
+1189
 endobj
-513 0 obj<</Type/Page/Parent 476 0 R/Contents 514 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+513 0 obj<</Type/Page/Parent 497 0 R/Contents 514 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 514 0 obj<</Length 515 0 R/Filter/FlateDecode>>stream
-x
�“KO¬@…÷üŠ³p�y; KÝÙÝÜEÒºGŽü{«»áfîøX˜É$„¢¿sNUõ«#â_Œ<AºCÕ{w¥>Ü ‰P6\ÙåÊQEü¦òŸ&: ¿E9,¨´RTMR=ã(§SK˜•|GÕIRÓeùÂ(†Çu•AÂ0ÿ®¯%ì÷îÈZH·ÂpÑóÐêqR¢§PŒ4¼ÉŠÜùì½2ƒ.—ƒ¬D×-ÖŒû,Ùh§¨ÿ	>ŽzîjìÉž3ZÐ�}6Ú8¶4ø<¤'æS½Z½Þààõ5@É-9sñur4F¸ŠS×&¡¬y­t+Þ55R±ºT'	·›F<•æÌٛᙙ`f,lHÙXôËÌ!-_àO«{ÿ²4�V+°”Ãm*'¿ÑÖ$É:•=€ÞEèN‘=˜E±Í•#ö¢ßKU;�~æ|«ÃÍÀ�MóÝ�¦å@·Ÿ,mZ?,WZ�Ðòà¾ôx±q�¦¼=Y‘ósÂuãîAñoÃxù²<
-¾L¼ q²
-?zе
+x
�WÙnã8|ÏW4ò²`+¶ã\ƒ=à\‰'3öÂX /´DÙœP¤G¤âøï·š”r(³‚ŠE²««««é{êãg@§C::¡´Ø»˜ïÞœÓ`DóoNÎð�Q?é÷û4O;ƒdÐOh±ž&9Í×ʬ]Y󋧅-ÿ8˜Çþ
qoxŠý¬5ÖójÚb™#a2ÚÙŠœ¥'o‰_>Òþvmi[Z/‰?q´QZ’Íɗ­÷ñ™44!W­VÒùpBfqˆÜÐ�ÄJ(CœÍ0úÔ%CÞ<�WZ‡M©Ðevk’zåð$áD;sÀÀ
+µZ{*¥È8(åŒãj2þ<ý2›ÌÿìC
+üŠnÆ_fƒ·‰R‡q¾J#`_îÂ!…Pš)Ð
+ØmÙiäÖ­J[m�‚¶ö‘�Ÿÿíz|uwM¹-)“G¸‡ƒ„f¢X
+ZGK	È $M¥sy¥õ;Á«Ö2#ÔɯmåÀ‰c�òÒµ£":ÛªLvÉY*Än‰¤œ-¤5’¤v2„Y«ÀwI›Ò.µ,Bþß>É2ÅjR>¡¿ÀAj+�	�Ó*ìæ$‹E+*#á»TZ
+p¥œ«d@É;'Ø˺]¥ES¥\=‡ãL÷·×ãÙ59	y
'AÕ&H:Š™e6­
+i¼ðʲ\À«³U™J
+Êg†Ѯ耶K6lº·Å=� ÐWñfÂÙÇò%t¹¶QÃ:ö6µšnå“ÔïųŽ“bŽ…³»ÖY\ÌS(¡eêN­Ê¬ *µ(\µÙØÒ;:î¬��ïòË·ënø{ûç¬K·ãéÝx:h³?Æì@O烶Ñ;ƒ?¥œ‡¤-ÛB!žUQ¯Áp
€ώɽ´
+™¤Öäïsî„©ÂÚ•/"GÁG=\�+øÁ‡–<ü¸ÄLë“À?…ønKåw/ßÎdbÈêL–·v0¾à³qˆ°háúÑAr[Õ–f$
€eÌ”2™±V…ŠÊ�”Y÷¶¥æ Á ÑÂ:®X˜V°m™A‘!=c·ØëÆâ£ÄŠpcŠ:ÛxaÞ›¦œŠ5z׊[J[Ã� ²'´®XÁ»0ÿš"¯@Í,†1a—.­àÑèw¶÷E¾X¡ÄÒÉò	æ˜NXÀ!áz*kÒ0°Q°F»]FòyNA}£AªŸ†¸„jc‚@Á£
+I[vÜ’Œ(�ÃVùu#8˜Ã •«O¯–ÖnÄEíÕÓ9êTþ=?æ{N�ps?›ÉxŸh:ꡃU€k*Á¤¡ÊŒ¦`ÆêËR;½).—ŸhþÚ³›RÁÚT²ââ³�4TrS„	ÿªÉè¶ÑÖç—÷‡“{By¹
›1Õ¿U©¨€ «„n€1 ›Š—G-y†O¥_ÊJµÏåkZbO¸WBf?nM+räv¸$ðκéXÙU!–è7µ¾¬V�ªÃ›³úv089Mønð³ñÝŘ-ü;<7þ7w(Ž×‹‹{§C|MÈþ×ׄÑY?9ÇW,?æ#p›øº÷7¡‚ñ¡endstream
 endobj
 515 0 obj
-417
+1513
 endobj
-516 0 obj<</Type/Page/Parent 476 0 R/Contents 517 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+516 0 obj<</Type/Page/Parent 497 0 R/Contents 517 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 517 0 obj<</Length 518 0 R/Filter/FlateDecode>>stream
-x
­’Ákƒ0ÆïþßnØTS©ÖÃkWØ¥eTðâÅêS\5º˜Ží¿_¢Rc0ÊòÉ÷ò~�|o–GO>Çr…¬±#k±[ƒ;ˆ
-}³òD9æ8ú$›uBDòY+eª%
-Ù6H±=mÄE\êX‰õ‡}½ZæÜÓ�ÌôÑ>²a®øÙÆá¸à6HeŒ1duEBùbçÁuÇês0nRM¹¦½ˆ¡X^õçž�ÊpÔkþ«~ņR›0Iâçýö“ä
£Î�t3A
-—ž�‡HôèI¾“iCã¾ÊhÊøN2½lH:Y
$ÿÁPwÊ
ñ“£kÛÚ€i˜»(QT5™Ö~ïhC5�dªÈF+Ñ“È¡å)N—’ºVª;CðYÚð‚å}¹^’PŒ¦	®ß �r»eŒ=þ`Ï÷X 
ªÍá.'¾ë´–Ç)endstream
+x
•W]oÛ6}ϯ¸ðËR Ñl'qÒ‡>8‰‹Kâ,v·Pб‘H•¤âêßï\Rr\µ0‹¼çž{îÕ׃	�ñoBçS:™QZ\®ëƒq2¦ÙÅÛä”N/Îñ<Å+)ç׿¾K“SZç¸8;;Kf´ÎÆcZ§‡“d2NNº·J{¥Ÿ(·¦¢�wþ&oHÐU©¤ötõfý¦Ni2‰¦Ž§ç0t¸6Ô8‰ƒ5�–|!<)GâE¨RlJI/Jཫ6ÇádFä¤}ÁÉàIP£Õ7*ŒóÔš†¶ª,IKƒûÔTµ‚_Hv?¦ãÉI2e·°–ÆÈjkž¬¨ú„Û8¨w·•v^À~$—ZU{¢.†HG	=H
/xÉm“ze4ž9Òp„rc©2vè;“©¹„º˜¦3àÎP˜sê¥cèVŸV’ó-èÜl2#UMZPŒLTœ CŸ"Z$ÞûO\ë^úà�ƒ†Kíö#u	»ïj6;CÅÿ»ög'“€Ý ög	ݘôþÿ¥ÂK�òZ)h[(íL%½ª�C*PyGÞš†ËŒÄËh(D†b}l�ßòm�[&ïOwvûšo$Q--°¯€Å¦e o/;Î$�)Wl�¿‘•©±Yoi4 I š-ŠBaÀ+Ž?X¡Ÿ$G²i=BBé™ÊAº„‚/:cgÌ”Q&uNdÒ�ð˜ÎY¹Z¦*W2ûÁ?l‰`�ØÛb³ÕÍÑÔµ±þÇŒÐ\Ìö�§Ú—�‡�obÇ€^VHðÀ>»È=|ªª.e…¾‚Ñ€­ÓpÒ
B=Ž—	C’¡‰M*�#²�ÖìÁ¾;g!c³C@@)¾Hè£FÁ|£…—%
+xì/ÌB¾6
+±»&e®æM9,ÚÊ[•z$¿/ä
+Ó”¥…Dó3˜òöð.È@Aè\Æ1ÑÖ²Æ�{ 6ñ|jP¸@«­h÷ºuk,Ü@áY15Çï HÁI…ƒHjf¹ë¾çdOä8MÊ@Q¶´äÜ…mþ�U”9ôp�&º@NéLB� aŒM%že/œQz(¾Þ£€Õ-ç¤^5[
Iƒ¦†
+ð„Dª„.[Êd.šì‰T1ºs¼�çÐåòsX…¹ç¾Ü\ŘÒ­�óž0H›:Š(û.§wÔF•fAôq±xÍ:ò€Û—káÔ?eÀCž·.c¨J¦\ØpУq–t0,.¥ZØ	ð¨õÊ„å£l´"ÜI*š¢nÌ1Ô¯Ìè_ü®­z{ r|(}<Dgܯi†]Î=¾
“4·a` \Äbä @䜕¾±Ac¬í
æ
Æ'T—�W¹£Y˜	¡yà
 endobj
 518 0 obj
-332
+1666
 endobj
-519 0 obj<</Type/Page/Parent 476 0 R/Contents 520 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+519 0 obj<</Type/Page/Parent 497 0 R/Contents 520 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 520 0 obj<</Length 521 0 R/Filter/FlateDecode>>stream
-x
…VÛn"9}ÏW”ò²D" ä2£½ˆÜVH&3°B+åÅtðÄm3¶;„¿ßSvwHzvwA·í:uêÔ)?èS}ºÐé9ååÁÕìàäî
z4[âÍùÅ%Í
-êe½žä�ùZ/i¶VfåéÆš_Í­{úãhö
;‡Ôï§�ǃËl€½¬66ðzÚb¡'a
-ÚÙŠ|.P°Ä/Ÿèp»¶´u6Hâ'ž6JK²K
-Nøõ!žICcòÕj%}ˆ'‡È

H¬„2ôØÁÙ¤GÇýÓ>¾y<¢ ´Ž›r¡K*ìÖdõÊÁy6d 3ÀÀJµZrR”–Œãf<úsòy:žfá%ÄøÝ�¾dÌoN‡ñ¡ÊŸààvñ�R(ÍhìÖµ@¹õ+g«
RÐÖ>’áó¿ÞŽn>ÝÒÒ:*dÀþñ(£©(‚ÖÂÓB2(Éséý²Òz‡�àUkY*Ö¶òàÄ3�^é[�Q]lU!»ä-•b·@RÞ–ÒIR{ìUäÛÑÆÙ…–eÌŸãÛgér¬&2úä¶Ò‘Ð8­ÂnNb>Ÿ·¢2.¼Ï…¡…
-­•YzwF«¸ã›Œš6Fßsm…‰æÄ*p0süB"˜kÕ@F¢åÀZ£úcE¿F¸¿“ÝD¹á¥)E·Ûó³ØQ„¯¹VÐgF£&§‡kŸ"4
b2u—@æ2[ �„aŸ…-Aîl½Pz²o[cæ[ØÓÓŸKwð¡-ÝëµMÂe`o°¹Õt/Ÿ¥~/08ó –ðK§Ÿ®X]i9;J) „–yð]WÎ�Ô£–ƒ¯6낧³.ÁÉÙç®?½íÆÿ÷M»t?š|MúmžÓcŒ
-´ídÖoûJt/ØQΙHÚ²”âE•U¹Gnk
-%–^ºgØFd:`
‡l„÷覢=7ã|FÁív!Éç8õ�©þ6ÀÌ�ÕÆÀ€‚15
-ë:Fô.�¹*W÷fÖnÄyíÒ“êä??œñµ¦N¸¹ŽMeº>4õØÁ*À5•`ÒPeFS2cõݨ�ÞwÉ�4Û÷ìÆ)˜ú÷JV\|ö‘†JnŠ8Ð÷šL>›}výp2~ ”—Û°PMñ[•J
-ˆ²Êèc
j±©tWÔ’÷D†…¬Tû\¾U0 öÄk$döoÀ­áÈ'w—?^ºÿÿž>¼f—¸ÝãÒÛòê_þ
¼CÌAendstream
+x
�“_OÛ0Åßû)ŽúT¤ÕKš6i��‰4¦fo¼熘&vf»|û]'tƒJC(Še+÷�ïïœüš¤HøIQ,�åPÝ䢜|¾Ú ]¢¬ùK¾æM…D$I‚RÍR‘&"¸‘}¯Í~zrFväÏÊGN\"MÇÄù¢àÄÙu�g»G#„J×592
ûc¬Ah·—ÒT{£ŸÀrñÌrG�h­ÝA†!fz,�NöÓØ<Á<ÍÄ"6µ}ÐÖ`K4Dûî^(kj6è塶©[/bö×rÂ3"Ï2^—ë‚׿Ž#O‘¬6›¡Í	”Bà;ßÖᲑNªÀ»-…�pé�½o©óŒ%"­uKRüÖ¡�TŠ‘³QÇÂzÀÖánÖjf~#ÇÓ}ÂV
¬;�²UXyÐÌà_-üÝÙúšV¶ëˆ¥ˆ²½!~�­®†D?FÆñ"áF
eëí ×I÷·ê
¥â8,‡ÚEEÆ‘@O²ë[òì¾K°îùµ>«lõ}Ö/ÎKóBD;³[_Ùv{~sqŽ[g¹&¾XµçƒŒ6‰��Yó1í}“/׉ØðŸÁ>+^œócòp›ûendstream
 endobj
 521 0 obj
-1448
+452
 endobj
-522 0 obj<</Type/Page/Parent 476 0 R/Contents 523 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+522 0 obj<</Type/Page/Parent 497 0 R/Contents 523 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 523 0 obj<</Length 524 0 R/Filter/FlateDecode>>stream
-x
�WÛnÛ8}ÏWü².�hc'�Ó‡>äâb‹Ímcw»´DYl$R%©¸úûž!%ÛU»ØEQ@±È¹žsfôõ`BÇø7¡Ù”NÎ(­.—¿¿;¥É„–9Þœ�Ïh™Ñqr||LËtìL%ɵÎËÊ%Dï=)Gµ•®©ÄªlIÐÇüãšVÍ:yµür0_à*�ÍÎ’)�žÏð<Å+)�žÞЂ§“7É龬Ò^é5åÖTôáîý?ä
<\•JjOWìa?Ø£é,9ƒ‰ñÒPã$ŽÖlBZò…‘Š¡J*éE	¼wÕêh%œÌˆœ´/8|	j´úF…qžZÓÐF•%i‰c 5U­`Á’8¦£É	²ƒ[XKclµ5k+ª„>á6êím¥�°†É¥VÕžh„‹!ÒQB�RÀ^òAÛ¤^�gŽ4¡ÜXªŒúΤGjèIÓô,Ts¼,$ª�&‰ÒqñŸ“ó-è܇ÚdF:ªš´ ™@›}ÁÅO-ïý'hþKÂ�O�†Kíö#uû]}zþŸ]=™º~cÒgøý×ÞÞk4ÖJA›B!\¤W¢OzîÈ[Ópƒ‘rM…˜Ð¦Kä7†|[ã–ÉûÓ�ݾÛ+ITK‹ªW¨ÂŠ¾¸½ìÐ’ÊK¹²À	ü�¬L�ÍzK£
<bÀ(§Ù ÔAˆâ8ñƒz-9’Uëš.ÈÔÀN¸�lìËÁƒÎØcd”IÝ
™t#ü
-WÛ³°Ö+€^hW"�®9'SZ)�µýÚH‡n®¥–%	8~¸êˆê:™„ýÑA¨p‘P±,²@Jd÷‹Jò¨ëR¥]AŸÆàþ*Q?º¿™OxÍ
-.T¢. …xò%bWx̦Ùnk 1=¦ƒ¾Áß–öû¡’ÐCÖpgöMðŒ²¿p1`úðµQˆÝ5)c5oÊaÓުԇḓr…iÊŒÒB‚ü
†¼ƒ=<2@:—qL´±ìƒkȈ$Ÿ5h\€ÕF´{lÝ7ÐvVLÍñ;RpRá ƒša GRí0Ù9Α2€@”°í€-9waÛ�Ô*Ê8¤‰……Ç-*§t&¡@�0®M%že/œQúRp
øz_0T·œ“Úi¶‚¤†
-HÒLÀ@¸ˆÍÈ
€ˆ9+}c5‚ÆXÛ̃Ç:¡»„¼Ê-ÌÂLä�”Nîÿ22ÚOÒ´€úÞøÇfÍþh
c�F£·¼ æ;‘‹s
ÙòLåáÎ#ÐÄŒ%MÚJaƒÁLë�íè5
œ[0çTÀ
--Mã
+x
¥V]sê6}çWì#™)66ÞhÚLïL“¹í¥s_ò"l
jlɵdÿ¾gå0é�¶sÃLléh÷œÝ³úkÑŸˆ1Í攣7£Ÿ7£i°\Òå_µÇ,[̃%%˾Ç1¾V’v¼/
ÓÿÃòðé�â)mv@Ÿ/–´Éü{<IÇ�Q:YQÐ'íä¾Né==¡¯JgæÝ’–îÝTo–Þ•;ÜmþMi'
+8]|ßX,µQŒ‘‡OÔþÎM*ræ“úo�ÿÖ4ËÄþ�
ÊÚ£<`>Í—˜Q
ÎVí·æ
+ùÀ#r©÷ý½¥¿ â8Mw.9/l)Q‹Ø*1Aw¦®èuœ¼ÞaÎ¥ª@æ¤köã
E¥Àm	;¶g¨–AŠ×1‚,e¥Lözç‹™|�q­Q›w%àd.=
 endobj
 524 0 obj
-1689
+1213
 endobj
-525 0 obj<</Type/Page/Parent 476 0 R/Contents 526 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+525 0 obj<</Type/Page/Parent 497 0 R/Contents 526 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 526 0 obj<</Length 527 0 R/Filter/FlateDecode>>stream
-x
�’_OÛ0Åßó)ŽúT¤5KBIÚG`câ
�©Ù/ƹ!¦±�Ùnß~×	¬êÃEŠ•ûÇçwί$GÆOŽªÀy	©“«:ù|³F^¡nùO¹ÊQ7ÈÒ,ËPËù�ežðÓ“3B“?«Ÿ¹a‰œëbâ¨Ò’[æ·-^í�ØÕ¶äÈì}°¡#Ü_{Ó`<ìŒz
WìÉÅ3Wˆ-A ·vÆšÙa´fq=/ÍÏÓ".µCPÖ¤À†h¬öú1•Ö´\l0ˆ'Bk
-Bõ>�Ý_ë„Õ¡,ÖéËUÅß¿Ž+�a\¬‹QÛ;Žï|K‡ëN8!m(ü‘ÁÙÇž´g g«zqâ·
-„”‹˜Š<ŒöP#0�‡y¯˜J„÷�ëú„f+;Xw„c#­2b¯Xýû,FüÃÙ„ø–¥J«µ&v!:öì½èU3vú0á�7ùË5z'zo�6Ÿ0nõx°r͘4�^„zò¾L°îõ£5©ÕIkVo±ËË*�æˆ~Èêæòîê÷Î>óL|±rǃˆ	‰·]L]‹©ít²—Õ’WDZó¼|KË�äCøAendstream
+x
�WÉrÛ8½û+ºr¥Ê¢Û’œ99[Uª&‰'Qj.¾@$("&

+ñ$Ihúx÷†D–Yé\BwΙT	/3:*_‰ásò…„+•8ÑN’Ñø±/·ß/æ4]\%KŸT>Ü·'Jœ¹
›”£OŸ	‘”Â+£]¡8Ä¥ÔìE¿WÙ¹ÙKeI®NΩ½®¤öndXÀ®°;åb6–2åR+ÙßPš´ðµ•ÑsTä`'œJ©”O²6ºd¥¦ªj­Òè+yñ(JN^í”Þ�Œrˆ‡	}U+ùnŸˆ˜uäm_š:ü¨%¢CÀ{©¥
w­¬„ÒŽrõr„‚§‘Áƒ°^¥u)lƒ+<»qõ"“�2[…0œÔNåÖTÈsK�Jh±—œY:Hë2õêI&#»^_
+f „sH¬€q“‚øt`yC=ð2V€ÐGZ�>-B°Í›Ô”¤ªC’ˆBÈ,86¦fð•ýzÑ¢E%_°/
+¦!¸É×›Mù„HàÊyU 4
'4hÂ
+ i¬‚p­’¾0ð�‘b¾9úööž&ߘzo…{+*jO~xÉ€£09j+¡
+8‹)
+íbY£.Íc�’ø?14]^Ý€–ÿMÐå|FísŠ^ýš¢œÞ
AÛæ4"A;A,jéú|(ãfB«$‚cÉðÏI�~¾çÉk\àfxOyŽaRf	}S˸{¦V&�Æ”0X¦™[b›¡‘ö¾Œ«Šm£—¥2C�gnûÓ�éÊ`¸è¼­S~/€v‡úc±¿e%X E7qj¤æ+ÚÑåNé¬=ïo\aí²ª.½B?Œ¸·Ùœò�«ø’„¤jÚAËÚvÁê««�fº/¥À¨neÎC_(âýqé¸Òá®òÚâh¼ûH4ŽÒ…†Ö0k}Ý¿Qž)ߦQŠÅj�ðë)‹EO­¯w_ßñ˜ò¢\Òš‡‹Ð¶8¼iÜ5�Û&�VŽ‰À+¯7óä6*Ñ-_í¿/þ0WÈendstream
 endobj
 527 0 obj
-445
+1684
 endobj
-528 0 obj<</Type/Page/Parent 476 0 R/Contents 529 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+528 0 obj<</Type/Page/Parent 497 0 R/Contents 529 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 529 0 obj<</Length 530 0 R/Filter/FlateDecode>>stream
-x
•ŽA‚0E÷=Å_âhk¥¸ÕÀJ�Æ^`�˜P°�¨·wÐ�;3»ùÞ›»P�<
-Vcž¡jÅʉ´\BK¸'™ÍájÈDJÞTÑúJýxÐ	6ä·äA¾ÆÎaOÃðèB�ÂWáÕ�Mçgî&$bm˜5GjOÄ—Ï)HËJ}%q¶øtþ�ãh¬Irþ˜]ÊN†Â‰ƒxÐv>�endstream
+x
�WÛnã6}ÏW܇zÑD¶¼Þ8»oIÛè^ŠèK€‚’h‹‰TIÊŽÿ¾gHÉV”¸ÛHli8sævføÏEJsü¦´ZÐÛkÊë‹»õÅïë‹yrsC§?v‹/sZ¦i² åÍ
+Ÿé
+Ÿ­¤
Á[è9þ�üìã{J—´Þ@ýõ
>áýœÖùt‘,’eBoÖß/fÓNl:“>ŸiçöÊçe’½‰KJÓ¨çj±‚žéºTŽ6ª’!oMåÈ—’Dî[Q‘µ.gªÖ+£É»•Þ%´†L<æ�ÊEU¨.Êî¤%“}—¹'×È\m ÀÇ	Ç0æt•¾…Ã0¿1UeöîCD7§÷.¥«Å»„ÝœR÷ó½î«BhŸ‰ö&ÆÏé{s/íNåøBÃ^oÔ¶µ
`ð(9w¾{¾H“롽F ÌŇ)4Ö�ðç”Ðmå¥Õ0·“$q%c)¨1¶ Ñ"
Úw1#aeˆÎkžÆCGÛÑrp‘F^«B4´W:Sº8È•¢0ûÿ‰~kMÛœdŸ»:ŽKiœwa.²«ÐÇ2x‘£sáam/Êñ?cóÜ~´Ë!0Î/T¢®UAEÖùq×9tZú½±�G§8ÄG½gªC"™öx‚‚õpæL>k¼Éц]äŽ6ÎÈÛ&ÄøÇú],ÿ^ýs<³�=?\q^ÇýºA€Zëä%I‘—d6LNR-óR
+´Mî
´1òàË„qLFXa1¾0;PD§¡<¸ôc&‘ò&À§LÔ
ž0ü`3˜Æ!H·ÜÆ ¸Æ(íIyNê1Ç°1Ω®VŽÐ‡a}Ô †“ äçS½ cñî%×feø42ÊÒ¿N¾Ò£ppΙŒÃH
+M°/È)3¨~éBGõj8¶ütP¸ý«L²áÐ�aY‹ëØM¿š¡ûÅl¸†¥/Ö°·I\0ëœiò=ïè	ñz^˜òq/
+9�9îvL­­/#ÚôÚ—#W�Â\(R,l…0Jñ Ô)âä@E Ì,nYÌî�¨ZN
zŒ*ÏõÓ&w²"¼À[w+tŒàÈøÐ�NƒØr‘¡ áìq�ôÑ8–,Bd%p€ûq
+ò6Ò�<ÜC"Ì‘eø†Ed§˜'ÁA!»qØÍBìx¯‘‘x-	l³Ýçˆ�3ó="Ø�Àâ%¢¿ÌÜt¬Ÿ^¯’׶4^Sîo?ßÝÒ7kÂýè7“‡9bÇȯ¢øÕj�Û]Ñßî^¿ü,WKèr霃¿þ¼ø&wÂendstream
 endobj
 530 0 obj
-154
+1574
 endobj
-531 0 obj<</Type/Page/Parent 476 0 R/Contents 532 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+531 0 obj<</Type/Page/Parent 497 0 R/Contents 532 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 532 0 obj<</Length 533 0 R/Filter/FlateDecode>>stream
-x
}R]oÓ0}ï¯8ÚÓ�¶�¤¥Í^‡@BbÐHÓoí›Æ�ØÁvòï¹N'T!„"[‘ïõ=>?Wrù
-ìJ¬·Pýê¾^½ýx‡2GÝHe»«PkäYžË‰ºþd£wzTÑ8û¦þ.½Ź÷¶¬²Rº¯ŸMl[†æwnèÙF¸ŸÉ>�¥#{�Õx6V»)à±”ëŠæÐ1
-ar^ƒ­òó��Ð8�=õº�‰0!Aç¸-Ög@ë&Pº‹èp¢ÎhŠŒ1�rÖòB7ÀXð/R±›v�zÆD3(
-¨;:/õ•?ÂbÅÔR’F —=ƒd™Åâ�ªu.{ÄÔrjf7Š±W„‹^q'Ëœ…Ö��†gÒÉ1%ãš±ëæpX’qKx䣘çƈÀjfbˆ¼ŽÔþrùêË·§ýR{ÿô¸¿Jíéqc>Ô+ÉÞíÖ²oª�ì¥,Ñœ#Uý‰‰äè?�Úì6Y%Á‡‹*�É_W¿
ÂÖ.endstream
+x
¥X]S7}çWÜÉéÔÆëP �´3@œÔS›Ix‘we[aWÚHZÿ¾çJ«µ³™iši°¥ûqî¹çÞåËAF#üÏètLoN(¯.“ÅÁhxvF»»Æ/#úåô¯Çg§xÍÆüŽ•´â+øvºœ?ú0¢·´XÁö	l-Šðñˆù!µÿîµúÒHº–þbz3§kQI÷ëëÅçƒ
28Ç¥îlº3;¿ücz=¹>ŸMÞ�F¿Óo4—öIÚðMå’”#Ûh­ôšŒ¦½ã?bø
þ(µ´*§™È7J#NÄG‡)\�_^ÿ€Õq÷Jè™Ð)j‡àÿOÔŸnîþüxwsû.[rÌïM%ÒΓk¶ðÐÆ8Ά'û�~´¦©ÿê;7£¯ 	�X¹VìN´|!Q–TÉj)­#³¢îæw€êνËò½D.�öÖ”%[;b¦”f�²Æš»ÿn³`›W&e›°!ÙÆT#S-}dÃ�t¦û‚•£Ç”eLùAFƒñÉpÌhO=¹�iJ€#I”üFø€S¢Ræ¶PâˆT–ÌV1Ï	G5*Š÷I,Í“Òbªó—¦'”;añ&ºÍ8¼MÞÐâòöhzK8é<Ê#¼2ÚÑvƒ’ŠßÀ/Á¼{A1+E¥4êj…7–¶
+e¥B"y¼�.Óáì‘ôùÑÆ8ßÁغǕöÈûë9‹¥p>‘yLˆ¼çL®ƒ²U~C@BEa¥sÃÄÜ“á1cyÏ«ÆKµQÚ3ÃòRXµRyH«�õÏ!L6Ãz«søuÔ»²ÒJ•Js‰$qäVæÆŽ
+õ£Úš'UÈÖ|8•’“#ÿR3D+c«ì!ñÙœ>)] '´’Úî¬%Ü�Ò¨S	~z܆¹`
É%}àû=¯•x¡À))Yé\“|U�pÑ·ìˆoD
7¡äé}ÑVp8» Rf)é9�íÇQI;$p{…„¢³j‚�×Ö‘!—@a@Ñ	öz
P›ÁbÑ€Á<B˜Ÿ” Ñ á¼´F9þðšp•¤n*	®‚ÉÁ«Pêª
+tÝã+>En<�¤o Ej‚Þ)ÑSáŽåÒ
éÓF�ù$
kÏw›€¶¸he
æ´a€9Ž€T“ÁcêìJ„ÁòM-p"dýjkìãšGÀ+~¯b¹_ÁCP‚4�`AFV�cÓxÁt…´10Ù
+ŒœœZëЂ|Ĭz€!¡;a$°1¢óÆ*‹
ëeÌZîÊ}ŠBm9VV<
+œ
+4ΣæÉ�‘1ÿãünB³¼$“¯CDuóM;
¢þ~•r‹PâœÇ9ÇÛY+óÛ�aŠðˆÞK­ƒ Ž
§ J/dêÐ3�:ÚtñðFâAL�mm\„éÆ–½ŸOî�ÂûIè”÷Ø~Iö
+Êêßp7~i”å<ÀX]Î&6ë•€XxÞòÖ”`ìÏž=ñÞ&0.jl?i8v¥J­Û<&
+hÆP²åKÏõ5‚ó#ª
†b«¿ì1ºl—¸„‰£>(ßäï÷bÁºÏ@-â–Ä?òsXÈ0ºû—&èši¡rüz†–[ì%©0dP#S6a(W’AQ®Â´£y&[\„HF}VeKλv»¶
 endobj
 533 0 obj
-420
+1999
 endobj
-534 0 obj<</Type/Page/Parent 476 0 R/Contents 535 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+534 0 obj<</Type/Page/Parent 497 0 R/Contents 535 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 535 0 obj<</Length 536 0 R/Filter/FlateDecode>>stream
-x
…WËnÛ8Ýç+.²I8nì:¯Õ`Š63Ú
--6Ò’Ô•}Ýye4)GÎtrh„'§:Õ
-KÞзÇÏ?ˆvÂ98­¦´l$9i_à§w,h­ZI•Ñ^(­ô†3¸¢ËÙûW5Â5²¦Ñö’Ì&°´gn0%¸E*øWY)<¯^É‹-ÜyDÌ-bxùÛ�¦ªÄNyÑ*LJ•Ÿ”ñ5òWðaáÉöºž¢ÈÙQ<J0îêº|<ÀŠt߶ñXN2™¥r�2r«I8òƒ¡ë›"ü
-À|üôD[ùŠ&·’Є³NlTu†ì6�1¢Ï	­�í8A³›ƒ/hhTÕp—ÈycS—öx]Ñ«VIí§ôEz´†ƒ•¤­6ƒæ¬C{ODñÓir4¿™.˜=ß•®Íàèq™+HìÔ }4÷Wü+u²j„V®›“Â)ú
ØkjÒôõã"p‚@@Aß´ªL-‹ÌÁ/Ç!`w€ÿ;óåˆÖÚYS÷U bn—“jõLmn™6úÒÊàwÕÊ76’“‰
£çƒq™P.°ÐwÙ_Öô;·N÷×Ì¡|ìqù|Aƒçâ�éµ'QÔ÷$º• Úª‰h°‹?>&+�ém%Ÿ/&<Ùke�ÇÃ_½tžG�Õ²
-ÐIË�ñ
-sƒ€ wěʴø„âñ¨žªdÓ4ʃ͑”>ëàÃÊ]‹4øÀÍK±ÃW1Çd¸‘ZÚ™½‰ÝNêjºÄ-§Ñâ”é(as½#@ⳊÁ�"ˆµ½¸®˜Ÿ©1Aˆ#“ùÈ)È׶Roäi˜×7•ç¯Ù²Vëµ´ì‹‘%æÆkfÀ¾Ã%S–“ˆˆš»Û^Ì`ÍtS‡.ÖÒUV­X.Væ% ;†'Am®ôf‚é,pó�•C¬*£¬LH
-È&eÔ‡ Ijí;“ I ªÍ<*bD§ˆ}Üft‡áF—Ó±,‰>O_?@˜Á)üýáQvÒ÷»èÊ�ºf©EË[ Yõ–¥ƒ1q²±e�&!ïäÆ’ÑÜ5–ØÞàìÀÛ$øÊæô9¢E^VïÅ4cËÔÇ,r”zØzÑ Hã8w!•ÈŠ€4÷¢ê[¬HZ žÑX…šV;&kèH겚‡c9iŒ×›ÚÇ"ò¥þOh£^ÂbÃrÊÕG:–È-Qía±\¾æ™ËòÊíxSÍügÿ�)T€•’&y\öl•ç NHÑ·±ÐçsìþšÖÁV|îÝnCá*sN®[…³aÉíï8çñry0]h´´`+{ÚSÿh)xlå†?,òEuk HdÐT
·²Ú‚e4‡¹T¿£.³zgì!�ð0ŠÄ8:WÄá„kÖÿÜ’È͹Ï!0öGÒ™…äoQùö5?ÊjböVË!r»2ÖbÚÆ­7Ñ[ÄF¹F™E¦ãðjã1-+Ùš!u³å›ž—4ž±æUXÒí[cû·yÕ
-›Ì@ØXj"ne~
+x
•WïOã8ýÎ_1*Ž•hi»,¿´:©”rW	ºÍÞj¥J'7q[‰�� ÷×ß;i§À-H¥$¶gæÍ{3ã{=êâ·G§}úxBq¶wí�¢½nç쌶Åÿt©ßÇÇñÙ)~:ïô©�´àx‰c6X~t}L½Eœ~rvJQâßw)Š„Nh‘–v%ñ·0¹•¤XÄ+yÈ_5‘Ð$œ“YîÈ’ÏñJè¥$A™´VàÛ“r+¬Ž2ìSšŸ¤)Í%Ùrþ·Œaã‡èï½.µ{ái”8•É¶)%2kÛ!%/hì~±¤E&IYRz×k`п*¤5ié”�k©1eÌÙ2Ž¥LiŽS9ˆÚ™XèWƵq@ËæF'ŠV0†5ì/(­+„SzISPiea©íÏTŽÝ„ø;Y(ëTLfá­å…q&6i§²Õ?és <¹�Ò7¥ód	Ž§Ê­\"Mù™|™Ò0Š�ªÓ&Ò]Ž¿L)„ìÓÁÆcì@žZzÅÞKšŠl.^…(”êQ¤R»p$6¿8 ›ìZÞ_O2p£×Ev§˜]5£Ž®Ï©‡h˜?ŸNC`[õ;Èiðäæö÷/ÓhJ•Jvh—xí>xÀ~ÏDDkä1�!ç;XM":†Hõ»à´òy<º†D*2oè4¼˜Í¾�'“h6›~ŸF£Û�ýÙìê~üçè~:›�¢áKo@ê„b£�PÈ0]Æw4HÐ9ÆË]Jj0ÊAÉ+¨s¡
+˜3¬ÔþP…Çkã>ü\`Xf©Îµ·Âƒ'¢ò$yÎ\4…B*eòš]cP}�+æ£h,¥êA^ÔŽœsÒzÔî
+l¤êgŸ†&_j¹r4;ˆg¨w~~F·*.Œ5‡×E^+Î8u›Í5
+Ë	båÊm4zŒX@攬a³�7¶3�-„JíÏ‹d´*¾
N­ý]†µP–
)a­‰ª‡ÝˆX@ksZ *ÊŒŒÕB…T³—ë
÷.()v–VæéÍ“çf7`Á%05Koü÷¨b`<—+ñˆ
G×:–úQFsÝáIÁÔ(7ºÍ™dé„7¡&¡n0$
§C
+S©–°kz
+h Rž–“„6CákÕ3Ž—²ße|7©‘ðsnú„¹¼vH‰Ô¡]-WlÑÏ÷`K£ÿ<û@MO|…xÉK>ýQIt¡ŸgÊÔ'nÍÅ­µÿßzR‰sº[½¿næ+4ã˨YÒÄsÏó¸ 5<ø¶LÙV-Ÿr/
+ÆBલð È7¤ÅnÚÙ)}ŒÂ¶e	ú:¶ç‚uÆ¢:Üè8gsc&·HÕ?ØTuŠ0Y#
+/=¿­yüOqéã‘°5)Ót
+Í¡»NÙ–õFL‘ HF'mu	屑
]ŸU——ÞÉI§G'ç½Î	ÏÖÓÁíå€î
+ãïËW&.¹Xø;!ïk÷NN±¼}ÚÇ¥=9xãÊu|zŒiݯêõy+îvìýÌ£Åîendstream
 endobj
 536 0 obj
-1404
+1741
 endobj
-537 0 obj<</Type/Page/Parent 476 0 R/Contents 538 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>>>endobj
+537 0 obj<</Type/Page/Parent 497 0 R/Contents 538 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 538 0 obj<</Length 539 0 R/Filter/FlateDecode>>stream
-x
­WMo7½ûWz©X²´V$¹—"Iã‡8h¤Â(š(.WËh—Ü�\)ú÷}C®>¼I‘¢(lÒ~pfÞ¼÷füùjBcüLhžÑíŒd}õzuusGÙ˜VîÌæZå4�Ǹ"uc]&У
ÊÓ«µm-•l�‡«Ox{J“Iz{˜-FÞ¬JE­Ñ_H˜œ–ï^S#¼ß[—“2Òš ­¡ diôçÇz¥jòºÖ•pD|øÖBª­J�GÒ]D%í¯©´{µSîšSÓpr›[SÈoµ¡\©†_í!/KU+
-‡FKQñSÊäžd¥2¨/ᔣ'‹“c
-בö–ö¥2D•Ýl´Ù�6£^ܘ"²\‹<å¢/jí¢ι‹Ì%¦ðÏ¢_O±×@\Ê­ò½¨>X‡’pÐdFëCÀ�¥ð¥Êi'*ÆHæÚo;‘Ÿ¨¼MI>•‡Ÿéµ’¢õÏ�èN8!AôâþpnççV#–2á‡ýa[’‹d•Ó»t.Îw?z:ÁK…³5']_—†O’¶­rjÀ1tlÏ�ó*ïEFcÕ6×…F•€Oã
-–6‚oI©¼ç¯ ;`ÝU¾�Ç;…lQŽ´Ækd(ÖK4'hkì¾RùF1nkUŠªè…·ED[„ ä�Œ­ñÔ(W(@ªÆz¯qìˆ"¾Œ�CÙ"+§D¬–|½Ž
-òã‹qv7÷/;/̲ø°F”ž„3ˆÈϼ]]±»F‹M>üÊWhúr6ZÐt1ÇçÉìL]&>:lFÓÛñhöÌ¡Ù—Q=¨…tr»÷ô¸¢)ÎXB
-™¼µN¬%Ñ
(Ph
-ôc6›w�9važ�&æ»%ýò~I�*
›ÎQoA cDn-¼–ozÄ
Q›ˆ	ø
-§°Š`ÃÑéL˜ÑÍ›‡ûe7êàbmÃ+Y_ª;-b«xÛê1ô
&ôFÝ|P¾ÁìSTcõFû„õÒé5Œ
¾ÌZ|ËZ`^®F=_àU$-–‹¨´¬T¬uÅ»—Ã
=OêF8Œ—[y–s¯ (—ä•4™ÎÁè䌷ã;`´F6ÍÉí_Ó­ßq£8î´“yÚJ'ã	¹Õ¾ÊwXiņ7¤"î§oOkiêБ
-q¡fóhºƒïié›ÃŒ�‘‡`,x˜ÔËá1¶VÖðÆÃÈ‹ý½ÑE�yÙmUŸ0Ì9¿áÅÆ%ò^}¶¿�å3à<!β´	=/ì9¾è\$íòÃlÒÍùïþ#0�O
3þkÈYº÷ÛÕß½Ûïêendstream
+x
•W]OÛH}çW\%›• $!å£o@Ân$HYânµ’¥jb�É´öŒ;cù÷{îØqZïBiil�ïç¹çžü8Ò
+;Í/œ?¾Ð	lŸÂVûÇ
+¢Õº´”$–©¤ÂÀ’ˆ©XIJ³•q…£Dá�+£H:—”iºîS°RŽ¾Ë5á¿RÇÒþ|;ÐÑ‘ÂÃŽá0ÌD´RZ†¡[»Bfa•ÖJ]DFÖ¤Nx$í“‚ý0L…΄ækiÃ0Vd²�O4\;„ Œv+a¥kõ©´�ßÊGå
+‹p*ËÓ5‰8¦N^.Su8SŸ$ŽPb�_ZÙo³Úvµ�Ô½šþ1›%
3Ýé|òõò6˜>Ì/ƒ)WéÙØØ‘HSóLY™*GA»³ùõíçÉ´Õ®+Ê…B9Ž
z´¦Ì%â4�’cíÓ¥^“Súq¯?¤t”–±l5ü¬Ò”"Q:´±{³ì·XÆï¯À�ÒHn}HÚè£Ü*] &ŠÐ$qïàLs2[Ê8FhP&ò§-×­�&Ê¢9páþ°MŽw.‹«Ù§i ƒ-ý(
*Ũ8äçšJ.	l5†ƒ­nõ¢O>—‘J€ZÉzi‰�2׿NêýU
+{bž|À$HÓ E«=BÈ$9Z#_
+©=Ø?¶åÑvŸ†ƒQÿø�¿g~Ä-&Ðl¦�º÷SêN>Ý}Ô²
+
+ÃÉÃìïéÃ"§�çÿm0=?ÍÄú.Îîé2Ž!Ä0^•|"Üb͸YÍ™(¢Õv6j×¹À^ïÓ¬™lld²\WØൣ&-y©#‡Ä
+lÈ2*Jn¯ÞÉ÷�b™£1~áì
+‹Ç7¸¾?žÝoZY»•úIY£¸Œä’¨G˜Œk9»©0<�„ú\Ó³¨B’?JEÀ/Vë™>kõr|«tùBûîË":öºy¿›½Ÿ@3\@,ÿ7h†g§?AfܧÉ|A·~äö�@�ï@&¹XªT^¦oóån«6.Êœ	RlÔª€šyyE‰ˆ¼5´.!©y²btþu™A@†õL%Ðv:éPG‰)&.¥„`€#
G
+šGßcùy¥@+ÊUý\y�›5=Õð•ç¹‰Ñúu{›¯
û�†Îƒf¦í98P&ñ}ƒ!H�´\Z샨£°
+²ôyòMÍ‘ðwŸŽ—ªÇ5uWŠÈ3*Òå,]¹ü&#�!¨J†yE›ü>óUõ-¤nN�¢?÷*ÏŒ+}¼õœïhÆÅaÍ'<‘·w· ·Pã2úÎXGïÐq–¼;…8¯¥³Ø”à•KàýU9xøV•¾ãÙ¨”´² …—a|Ï,yÁ�Ýël—Ooc=ÜÚì�zbAcM™ió:ŠÅeÞ¥ß-ì{^óÞðô¬Ï߬ñ¥wçÛïâòîê’î­ñ]™˜¨dnðXçô�ª·Žª×z¿dëñÙ3Ìf{Ã~	ᯃ
§Ç•Ìendstream
 endobj
 539 0 obj
-1450
+1654
 endobj
-540 0 obj<</Type/Page/Parent 476 0 R/Contents 541 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>>>endobj
+540 0 obj<</Type/Page/Parent 497 0 R/Contents 541 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 541 0 obj<</Length 542 0 R/Filter/FlateDecode>>stream
-x
•TMoâ0½ó+Þm©TR �#h·ÒºÚU#õÂÅ$p1vÖv ù÷;æÔCWRðxæ½™÷&;1úüÄÈR›Î,ï<=ÇÈ«p”Ž3ä%úQ¿ßG^tߤþ•£4äô7%×/ÔZê%¼�€#»%ø•ð�ûK�Ñ×—H¶­=•¨…s;cKá§ÇN*KUãˆ3ÍCþÞ飢„±»kvð+:U—ÕÍ?¡œ�ÔàŠ¶¤Àw‹ÆJßbcJºÀHí¤ó0µ5›Úï™sé�z\»Ç9³
Y$Š
-£5^ýˆÝJò‰tà¾[­MË5#ä\”TË5øÀ¡5

-¡yxaTΛ:DÜ(âh˜ÄÕÄ(B¸ø#ï°Hi”b8Îø=áŸ%Té&ˆY°ŠEM&ÑøF»i¹Ú‹%9˜
-ÚèÞ'‚”§çâè€dÌô’ŒÑX‰y’f{‹dŒqVªV‚EðôáÏ#cm˜œ6kª}JéÖ‡n.8½}�$�†_Ááé88±¡3*©‚c›X4Z~Ø­,ÂÕ†â 2Kæ't‰Ê×·�þ� eè‹-´–X(K¢lY·à§‰þ¼{bàIiò'
-ó‡£{1§«é�ûºw‡	Ë6�«<‚M2�Þ 6¸æ°wǶ±�K”$Tte áhÄÂ}f ñQù8Í¢ð]à­¿Zÿ×éËlŠßÖ¼³ýñÝ͆ØRaBõÞ!«wHë~ÙpÃlÈtT7‰�4ÿtþ
N gendstream
+x
�WËnÛ8Ýç+.ºr�D¶\ÇNt‘ô�hÓìA1@6´DGlhR©8þû9—¤YM�Á4¨a‹ä}žs.õë$§	þrZLéÍœŠíÉÕêäÓêd’]\ÐóGs�:ÏgÙŒf|ŸN³j$m°+‹9~Æ•|Ša¶°‡~KùŒVø�_àKÖ'´*FÓìMvžÑ�ë›%}µö¡­_¯~žŒ?Ï(Ï㉳é'F—qÏÝè‡2¥Ý9º6^6Fzº[IKÙ<Êæî59|Q…$åÈW’ä¯V=
+i<ÙMx@ͦÈ'“|Œ�)¹Zj£dI7W7Kv=¡³üM6e—w£鯮¿/�]d”baW²!çm#ë±8¦¤ë[e‰‡¾ž*ÔÈ{å7®÷$(%3p\hÅ“Š!¯>ÜŽaÎIßÖT	Gk)
Ý«G|®–Â!=#c…b%ØÿeôŸ%ëÓ9Z‰´V–
+k6ê¾E@K±]ò69nCJ‹«·±ZÛ�2÷T‹©!r2R–œm<R–Hßywì°:7rÛuÆŽâ㮡#Ú(-ßu{ßr“s:›žÇà(ýƒSG®­kÛxzOÿHwlæŒÏÌcŸ^N¨uÿ1#ô…y!eB.]ðÿ+ÚËÁ2’@(.ùqV6ïééé)ëýÿs‚»
+ˆIå�våí�d+ǧGþŸaHzMÐäŸÐlñö™ê=>÷Ù;›�gs$Ôçï,£/vGë¤d¤lZSxeÑ>¦A…%À£”µ¶{PE¬5Ú‚~$MÉ¿»b±  XKm°zœ*›D
ñ£mbmå)}[v”¢­(*e@¾ŽsÜWÕPÇéHUº)ù.´< ^
+ÿýñv�0(Jxõ­¸+
+
eÉF?�¤|ÚBC®Ö˜G§Ô
Ù§®<0
+*©!þ!ÖMdÈõÐûald˜q0
+l8åÛ
+$„*†ˆ1:²ÞZ/ûC²;Û<€B‘©ŒíWi›0ÆBä«çÉq÷zØß¡›Çc'UëôeøÒN¡›,íèˆf·‰æÀò�òL¦8
yÆŠd´ä¢Ö¢x�ÞQ!—¦±-W ˆ“¯Zñ`ñe#ñò
+zJë–™éÂM×\ÆbâQ(-ÖJ3ðL›R0HõùaŸ˜¤xñxàë~÷¾1î
�d§»ú_šýáîæ	J�7ˆ5ãáw‘ÆǨí�ºÐ0§
+žª\Kù='Ûð;I!8mĵ«ƒ*�(Aø…€öÒs×�’eWáæ«€MÉP‡ÞðJ‚—º(ªãÏéœÏYNóyß–—ß®.鶱<Ìè£-Ú-Øòä`Îâö³ÅožåÞ<g‹n¡aC>ãS¸ÿuò/9šë©endstream
 endobj
 542 0 obj
-582
+1693
 endobj
-543 0 obj<</Type/Page/Parent 476 0 R/Contents 544 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+543 0 obj<</Type/Page/Parent 497 0 R/Contents 544 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 27 0 R>>endobj
 544 0 obj<</Length 545 0 R/Filter/FlateDecode>>stream
-x
­W]OÜF}çW\E•0Ò~CAU$Ò6JÚ²i¨B{vwŠ=ãÌŒwc©?¾çÎØÞ]%R/`ß™{ιŸþz0¥	~§ôjFǧ”oçãw¯i6¡ùoN_�Ñ<£Éh2Á“4™¯$¹â®Îm2Z¨\Íÿ‰šNã‰áìl4ÙäR“±™´´0–®Eq'È*…õ*U¥ð’”&�ûÄ�YK*­ñ&59‘òTTÎÓ¿Ê%ŸÊ�¹§ªæÓSº«qz%ÜJf´y%£˜Ðpz}/ÕZjT9ø×¢�#¢�@|¥á9¯$\¸íãûË€€�—‘r$rgpÞhIQ_D‹J§^M·‰Â�À©úŽUQçTÛJo•9¦™æÜå7Of0¸CG[ï5ÛTL�m•¿=^râ±nÜVÿæ©Ñ^(­ô>@¤U+ÈÔéz/K?¢¹¡¦…rA~€.m”_ãÃC¿á€5Ú°37 ¥ôžo7•ï‰¨®Öé �bn ¿Bn$4–>‡³ý´IHè,œëér­oÏhÄ!ö*W
�/[gÅ}wväV½ãŽ12n­2¤�7üzGÄ¥Ô2(ͪïe;-¬)ðô1zÿÂŽÑŽBx™�ŽN¸@ 爃þ˜§ÚT¶aÖɸã§yÕV_*’³>h¹0yn6¬Ô+|uh¯Ú
óCsÕ´Õ/~7^ô7í+Jô†Æ•³ãܤ";.ðqiÕ:î¨ìë¾ãïrAàFÂJ²•ùŠÂ‚ܵó²
-ƒ<0PicEY‚ÌJZô³Ë.üTXž©<1¥ö¶&Ä1WºqßNçÐÔö=Žn�"ê	½n÷ˆ“Ø&yLò?¯Tv~óÌÏó-–Ɉ7›„šŸÏiŠúD>Ö¥ür~õÓ|øc.œ¦+¡—rèU!ßœ_4SÁ¶}Ò¿äÛ.r�ä^blë¼™
gmWmÉìŸOÚéÕÙÈ>kóŒ7. Ï=8»¤{Ö_økƒÆåÙ;M}�zW ¾Ã¾„u
-mÞ©¥V•
-ˆª€òb‡|B"6Ë`l‹©Éä¨
ÐŽKdšhtqÚêùÇåüâêêϾc^ìgOa�xÎW®ÀãÑáÍ!!¨V¤^ZNl¿á܆MØwÏ÷^7° õ–Í°AÖJÃG·éÌBmY`ŸÊsZ•s§Ã¦2^á„®C™(L¸
-:ª‹Ûå‚EØÕîlìa
-«n¦\0fVW¤©t¸4ìù@ÁžGP6ßÜÖÄV
£(ƾWŽ
+x
¥XÛnãF}÷WæI
,Ú”us€}¯g’
Æž$V0»À¼´È¦Ô1ÉVºIy”¯Ï©ê&E3Ùd±‚l6ëzΩjÿz‘Ò5~RZÍèfIYuq·¹x·¹¸NÖk:¸~¹Æ!|Ì×+|ÎfÉšœ¦‚_À3Xé?púêýœÒ”6Œ/×+Úäòüš6ÙäIU[E¾=¬k<)*´jZØjöª!U–öÅSa]¦sò§:ÛÛÚxÕ[Ù‚¶Ï5•ÆóË™³Þ“³mƒÓµn^¬{öÔzSï`O³ùå⚦éM2C“7NW¶ÑÔaóoè œªt£™š_"_m“ÌÖ¦Ô	möÆS¦Z¯=…ੱ„�Êy¡´™*©Rž�„
+³cˆC¡»ô–ðòz­«’dêFï
+äÌÖú’¿f¥VŽýÐo0""GÞT‡��ÁD‚�&ôaH§Ui~Óù(
Ó+šôôpG˜Æf–�6ð
²?ÔÀÁn~ÖIR$<ÿP*ÖCáë®n�ÀàìÈûDé”õa” •k¼ Š;µL€›|ò…=[ï
t
+HÑá·F-S°\³
Í"¼ÊÉ?þüñ#óÀaÀiˆê%ä>X+)ëbI[üíþÝ=ëja»Ò“¹zS©�Á¬]‹:ª²Åd•
’µ%ôxG)ìqô¢²Ü��ª~Põ.n‡¡¾¾A­â2’òFòÓwéõž™³ŽT(Ñm²Š¿•ôÄûËp[¹™sg†2öoÛvÃÊé‚ùb¥ëœ!ü
íÁúí:Y¾¶~^Œ$ lG]@cO?t"ð.�-
+ÜÙ€|ƒ�	7"7àñûOŸ7Ÿ0i \aèð ª,(”ëF™ÒCÏ%jS×Z”u¢è1È›«Rl\WÚ�”Þ. 'z
+’MÆr’=Sz9Tx
¸õ"î7É×
+¡Þ¡ q/ª_'P�ÊY(Àu¬b¯ÝÄÙ«#ÀËA`¹³‡üÓÚ
+ü“9 qâ ΋®™�˜^Sejì¶h_?ã¼	ñ&$úÉdõSM£«æ•ëÈOØXž;,Ž¼·Ö#¯ÕTâcÁ<<ºÙ1ª«¯®%'zÙ›,��ñÄÅÊÀ`µU[,µ{›9d*ãß3{À>Ô·«ó¸¶’áƒáµË
C�
+qÆnœÑÁx¹äÐ)®7Îuå‚Š[îA粟q£,ûX‚ŽVZa_‘z½°úr�œÞa�t'Æf�ÀE¡�×ê©®‘ºô†]Fjç
 endobj
 545 0 obj
-1512
+2036
 endobj
-546 0 obj<</Type/Page/Parent 476 0 R/Contents 547 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R>>>>>>endobj
+546 0 obj<</Type/Page/Parent 497 0 R/Contents 547 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 547 0 obj<</Length 548 0 R/Filter/FlateDecode>>stream
-x
m•AoÛF…ïús+
H4%Ë’* »I€
-2ÌdêMÛ‹ô'r'ôû˜z¶XÆK$�èð Þvž$ÛÏ_èîæþþŸ/_ßýûÖ³}ëåé»í÷oÏ1‰~lÿú3�¡¼ðlo9ûÍQÙCV5z{‰¬>¸J3Ê|A4»º•K¸#ÕjRÆp_Û}ÀàxH/$rne9tÚ“œÖ-qo� Ý4lP)ëåæ¾~Ò’>¡Ùü*^HZ!íè	Õ¶ö5$DŽ%î@“eO•z‚þh�¢ÇV?ÕܹcJê+m)¯”Ý‹|\e‘ÕýYÞc»w‘„nµ¤m¡‹ÝEL-Á
-H"f,¨  !~1^œ½˜ä5ß*yߪ†šÎyÊ@7ƒ‡/gkuîÏt�šßŠ^œ.”nØ’=Ê�žík_�Õ‘HLïí˜PtS6�*ŠÀ%˜Úmû\Z³X�¾µb¢gNŽþ A»×N.tßΔù
S來:.-'FÁå8A»(`„¢¾B›§ÊÍu¹¶ª­™pôF[îZ]êõÓ3lÒœ\y-Íjé`\E….Ugü±
-áži˜ƒÔT&Ý=õ—\�ˆÐ$a†BLøôI·ñ`u\0GZŸÙ·‡Æ=OW”Jˆ°5\ö
-¥QŠ>„4Ðì+ÌUÃØ8¶#)³‡ÉÂÜYnöÈé Ûúסz,ä°~£KíóËqu¾6Nò˜ïÓ	¶3-¯7pÝr³Æçþ‘¸—ùæm¾ZDzè±ÇOúýͧÛºkù'�Ò;Î;L±Wâ=I9¿5¿†vÀc¯¶¹\Z®—ñ?XG‹+y
MOþiûUendstream
+x
½WMoÛ8½çW|r‹F±ÇNÈ¡Ý6ØštÝ´DÙLDQ%©8þ÷û†”äXM�Ŷ-RÙ"çãÍ›7“G)Mð7¥Å”Nç”é£Ë£OË£Ir~Nûv�8vzšÌiv¾Àól–ÌÈJ*pŸ¦i2mß„Cá
lá%ô?`èäjJiJË~ççZæáý„–Ù¸qÒVBK*å“,ß,ŽN®fíé1ÕÂâ�—–”#+¬,w„sURæ2Oøü„Ž§sD¶Ìǘ-ÞÚw¸çÜÖØœLEwןÿ"·s^jG¦ð¸­Å£$xÆGÒêYæ”	|Ê6p—Á›Kˆ–¸ÔRTŽüFxRÁ ")Œmݦ§@
+Ö—.ÑV®@+kŒU�¬h&umÍ|£«`�ƒí±óåE/;�¶F]¬Éð!j´	�²7¢]ŽPZûSÏe&—¯5¦FuìAô‹ÞÐ8äï€ÿÜsH À ÂSl�®hV
+g0³â”	ÚYËùÎ
+¯è(öÔǵ5M
Áq¿
@¼ôó•[}÷´ÝwIo!(-s$*‹¤ÑÛ†íºÑíz:Efg‚︰®2câ"cãÉì-æhƒî¬áâ	¬s d¸8ÒvÈšóÞ²U î
å®—ÃîùübùŽ<Ço<Ca•ñ¦#©Z<ø„àôÁÀ8{~IêŸùÅKˆNŠ.DL„H"×ÎÚóv'Nç‹$¥ùü4ÜÛ÷_>¼§¯Öýûh²
 endobj
 548 0 obj
-838
+1525
 endobj
-549 0 obj<</Type/Page/Parent 476 0 R/Contents 550 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>>>endobj
+549 0 obj<</Type/Page/Parent 497 0 R/Contents 550 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 32 0 R>>endobj
 550 0 obj<</Length 551 0 R/Filter/FlateDecode>>stream
-x
�VïoÛ6ýž¿â>˜Ä?ãÙn1XÖ(кÝâbû�/´DYl$Ò%©hþï÷Ž”dEˆ±¡ÐDäÝ»÷ÞÝñÇÕœfø7§õ‚nV””W·»«éý[ZÌh—áËj½¡]J³Él†¿$£].É•û£p®NéwS–B§ovßqiIóy¼4^l&\œNâi*…Ò?Ž<¢ùÚÐÍ‚ö'/)„56¥LÉ"uDJ‡3猙*ä„>ft2ÕÊåä
§ŸÑx~“–âI’òäT©
-aq Ĩ´ú‡"Ò_¤£˜p€DÆžŽ±â—•â¾5+JwÍP�EÁ™�:³�’Ñ´rvZ˜DS'ʽ˜î•žƒ=ŽŒå¿õjA•–aôÀ÷÷„=Qª¬L¼±§Ç7“æÊb5Y2ç["}.<	G&kîÍ'o'óÍq‰/ʵ°”«åço;Ú~ÙÝÞÑÇíÃî·OŸî>a:é+•’5ÆÓãˆ%Ô²Ž‡Zb{tÒ
Ã$&•$ufl"Ù	€e¥óV%^MÎ0“‰Ðiö’lÅVÀ¡Zœ`"‘$*•Ú7Lï{É[..&צ¦ÚØ'ÇZ	J
-…Hc'í³´T22ªsiƒ�·&>º5hÈ�²¯’\è³-©ÂåŸ]£EkÅÎÏ(H!
-ÉE‘MhÇ•äHjcKS9|Ñ2ã3cÖ-3Eaj´�Þ'�@¡­Æmq�‹ÕºQ°m½õdsxÒ†
- 6¤nðÙWq6õŠ
EÁ:GXI{%
-œN*«ü‰�³/d	Þ†µÊý¦…—é
-É5"�•?*˜Uâ¶öíA°¯V•Ü��1L@í-Ä·*%°M0†Òæ—âáaºh™nè5FcwïL0þYJ  §-!
-ߧï`úÓQÒ»ÈX;sPWËùO�Mæm£wñ.^ùR¤ôðù¶÷nâ×�Óàس(*I¡[`$ÌÎ�k1$,LŸ1� ¤p=œÔ|»íýE([Y(_yç`9\€‚!¡¼o ¾BÄŸò(1ÿ;¢•ãP_tÐh=r±‹Ø1g&RƒyÆS«>Á~b¿VÖ²�"Uƒ[bÇ�*|òš™ã³¼»´ŽRüÖÅ’"É™§žg
ó{Í7ãªìÅvÄ6j¦gT±3_bWúÙ<

F*¼
-zã‚	Þ‚Ž!Hèì6t #ßz}dzŒe‡M­›…Óê:\O ‹G9Òq¨°DB¼Î’ 
ßx‡3ž#/x]u¨JpxMî(•�¸»:4Z”ðXnœd«(j¡ôßÔÌî	Ѷ[˜¡ÿÌ��Au¢b
-:±Âë\¡WƒÛE�'/äPaŠ­¬•WÐ!\•:‘�÷»Ý^Å´YNV´Ü¬ñß~
+x
�VïoÛ6ýî¿âÐ|ñ€Z²äŸí–
I“´»›C7´DÛl%Ñi;þï÷Ž”,ÇHö¡	àXy¼{÷Þ;þhEÔÅoD£˜zCJòÖõ¼u;ouƒñ˜š�r…‡.�ûAŸú㾇ø(%-±´KñÉ›¨‡}þbá-8~ Pxק(¢ù’ŽG4OÝ‚.Í“ö´ »–t?£/ªHõÞÐdN©Î…*(Ñ…-u–É’¶F+rKg²Üá?÷¢+üiJ‚r‘¬U!I$‰Þ––ºäÅ¿Ì¿µºÔ‰zAŒSÛ3‘/  ~Þ%Un�Š¨þGÕû:w~݉‡À�&òѾ&ísÿ¤Ší#™ƒ±2'ù(“­•o«Ýƒ*z›L¾Øcö)uJú|óîßÉÕý-u¾ÑÍôþêãÄ=>“@JÛϤӉǨé˜Ðƒ‘¤—(YÊuêÄV%Â*¤šjiÐ¥[….â
jZH|ÆŠ"eJ…z<àgôC—)¾X}†*ªR«Q¶*&‰‹~²‡H¼oÒ‘)-®™¥Ìµ•ÇÞß¼ˆæ\DÝÈDØ~vâ"ÓÉwAþ›RîP$ez¥œt Ò\¢cç	­’La�[
”Š•!³Mք쌴–Ù…õªØ‰U˜µÌ2.¹âPxÉ8
+Ÿ°)”6	}O}ãjª´	'•‡€ÿë¤U+"bYüù¾Õï
ƒ74ŽÐÂœú£
XåŸ2š± »xäþž*å
+fV–Ú¹s½óÀsêo£Qkˆ;f˜Ÿ‚È“>—ù¨xî
+�Îå~-Jª"ä.†~f¾P^)��ó’ªæ&Ñáž�C¶�“É}ê0Ñ`ˆ{]~?
+í©*
+)¡X^J'8�¹Î!$î÷×,�Zõ›:ÛêJq2a&ó0îÂàëˈdCjcËmbÙ‚æn§§c,¼hpÕô‰»žéçôÀ¦Ïé50�(ðÊ•tœ«Î©rqÀÐ;…ƒ 5úC)n‰Õå
3Po3jè½Bç¼ '–Æb<Ãí&{ØàâˆçÔˆ#™2ª^Íßʱ(<sÏå]óñÂÃW¿Ž¡ó)\³¦NJ!W¾bÙ¨ôuò:Ÿ3FÃ'üm¬^úÂ:¢[IÜØx5Lð-ý¶Ùÿ^-®%ФurËôÓ¡ý¥�p/?;ïpQutˆpƒà›<_B̮ès©¿¡“t£“-´mÝ%�óîø]¿­ýsó±?ê#7w9�F)ÿÑúÕa¢Åendstream
 endobj
 551 0 obj
-1284
+1421
 endobj
-552 0 obj<</Type/Page/Parent 476 0 R/Contents 553 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 106 0 R>>endobj
+552 0 obj<</Type/Page/Parent 497 0 R/Contents 553 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 553 0 obj<</Length 554 0 R/Filter/FlateDecode>>stream
-x
•TËr›0Ýógé, ¼âÇLÓEgânšÎ´f×t!‹‹£•ä¦þû^	pgÕ1ž
Á=�{�ô+Ê�ò/Ã*G±„ì¢Ut»Ý OQ5üf¹Z£ª‘&iÊ+r±#ç”>à8`'º½€ëa�ÃЇOB?
--dnªQŠ8/¹vñ ¥9
NõÚ/ßnKdÙçë$÷ŸTÏÊ‚/�ßdNØE
j²Ò¨Pˆ^ã¹	dä˜ÛÎÜgòAXûÒ›t¦Kà	ó;²L‚”l\bþ8+FjÙwƒj	B×PÚ:Ѷº°8Ú£h=HìKf”ü-
-i±g�‰›jÌrØ–2n·Üæà{
ÛíÙëæu?ØŸ êÚ·×=Z¥i*½›K'\àßãDö‰I¯òf«ßm¿íwX’ó8^+Þ“†„£ Giå”h¯Ý°™`¶¾Ö0·
-§ÏçÞ‡�•I&Ó.”�#AY¤¼qJ¦I‘óßšñÐXŸ÷5Ÿÿ}dàõ1Q®ÊdÍçùÝ4–/Ñ_ØßT5endstream
+x
•Tßo›0~Ï_qêöÐIÃByLÛU{é�-H}©49Æ$nÁN±IÖÿ~w’(ê4
$ØwßÝ÷Ýç·Qc¼#˜Å0IAÔ£«|ô-�Y–ÁñѬñcÓyÆH²¾O&,…FBI¸ˆiÜÞÎ!Š /1{šÍ /ºõ1äâ2fS6a1ƒ»%<)]˜½…ûî¸Ø(-a!„iµ³_ò—Qx›ÒqŠèyq™o¤•À¼‘o­jd
FWï°ßH
K^¯8(­Åÿ܇ÂÔ\i
 endobj
 554 0 obj
-585
+736
 endobj
-555 0 obj<</Type/Page/Parent 476 0 R/Contents 556 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+555 0 obj<</Type/Page/Parent 497 0 R/Contents 556 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 556 0 obj<</Length 557 0 R/Filter/FlateDecode>>stream
-x
•�½‚0
+x
�W[oÛ6~ϯ8@6ÌùçÒ{h»õi:Ä{�Ñmq•H—¤â¸¿~ß!EKV4,›
+(5ÅsûÎw¿�Íi†sº]ÐÕ
åõÙ‡ÕÙ¯«³YvwGÝËnñcF7¼–w·xÏ—ó솬¤
öÎh±¼ÊéÓõ"[ÆOP†¯°p|AÓôÓ[ZÌhµ�á›Û;Zá;VòÉÇRì¼´t•ÑG£7jÛX¥·ôåýgÚK…rÞªuãeAx¿Yýu6£ËÅ:&¹ÔÞŠª:ÕB‹-¶ˆÆ—XU¹ðÊhÞͶçØζ/¯æð’WÙ<£{Q¯	]°±¸uIóy»uqËß“nê5Ü3úC«grçeíèa"·ïè¾Ñto*a•{xsAÂÑ^Vÿ…DÏx>ÜÿBQ+xɦ~Sºy¾ möÔxU©ï’·¶aÍRXýR5Û­XW’ÞŸÄCôÙM%Ù<|~xÍ9”øyC;kžT!	ˆp¸ °`¬úp	žXéLcó¡íÜ
+˜fíÒâÌÌCÙ…(
+�LP-óRhåꈊôÐ2÷�àHT‚«‹‹6ÖðvI�.¤­¨æ�ÝÓ"�òÏŽšJo¬@̓a�•`<RŽ`7ôÔ¸TÐB–Ö4Û’ŒFKRUàñôSbŠ=USË�:cò#¼`Z¯~	<_HÊsRºP¨¨FTÁ@K
ŠU
®(ݦ'™MD­³a††H¯€ÐÆT•ÙS@[“|õU�Ñ9£È›XÛŒEF´*�ZRX
+´F�Þì¸l­¥äè¡ÔèÜÔ5z'‡å8Ÿkt :•GA‡fÄ}Myr^ä_·Ü›f°¢NôëÐ}bH ;Ú‡Û4vqX¡c eØÀT	a±M–ÈèW縉‡ÖÎn÷¬ä€i-ùX`—
+â|µŽ3ŽPV“i<"ÏåÎæP�Ü™ST{¡ïDý¸Ûë̵{ŽôIcR½åSaŽƒç:ÖÉù�àåå<›¥`prrýœw8›Û%%´ŽöÏîO©ÅU~syPïiÛB�{ÊPzhCààZ�^#®Mðè¥ðy87’%J-öÄv�<5»—�ÜC-õü®…ª^J¾Æå6_ä@mœ¥uq=€
®ç¹i´oÍØœò8–ÃðyUËó'rãA÷èÒÃÚ�½|¦g,Uã’ç C_v¬
+myzéðùñ<�†ÇÌæE[)æ8²èíáç«
`éL~…óÔ»Óø’Kä¦bиQyfïÂ@€sØÊ]%òÐJê8Çd(ÃÓˆ>
 endobj
 557 0 obj
-161
+1567
 endobj
-558 0 obj<</Type/Page/Parent 476 0 R/Contents 559 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 113 0 R>>endobj
+558 0 obj<</Type/Page/Parent 497 0 R/Contents 559 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 35 0 R>>endobj
 559 0 obj<</Length 560 0 R/Filter/FlateDecode>>stream
-x
¥WMoÛF½ûWÐC@’EYòG€°›ºÍ!(Z;Š¨‡%¹7!¹,w%Eÿ¾of¹¢Ä4EƒÚ›är>Þ̼yüë"¡~º™ÓÕ5eÕÅÃóÅåãÍgô¼Æ“ë›[zÎi6�Íp'½©�o·™7¶v/ž?âì‚’$œ�Ìo§sœ=š^4éÖëœM©éé༮h5²-½^»ÕjZ»3¹v¤¨Òªvd×DN7ªUÞÔò0SÚ�ÉTI;£÷ü|
Sx¡Î)7­Î¼m�–@f4I®‚{_(O[§[Çæ4­[[‰1•ù-l5ÅÁ‰ÑÒfð„LØ2¼9M­vvÛfðaky‡jí÷¶ý4¥7žTYÚ½£5R(̦Ð-CpâYí”)UjJãcr•µ°Ú’C˜j£In�&Ž	‰©œRUª:ã\µÏ¦ô»•m5™.*‰�Tj·ž#¸5¬yË^z¾à¢He(áÿ~ÿ™ïÐõì0T´¸ž&ÝEIO'—*–L—'Qô�±vÃÅOf‚h_þ·&k­³kO¹Í¶•®½)0£S00šR‡Ïüzº�aÜñM†£Tèv�¬ðÇ
bN•|‹º¡ŠÞÕæ3Q¥²ÂÔÝÃØãÄDí€ÊJƒpÞRÚ¢4mµu
-§6ÖÔžxØ:^“.t�¸ôgU5¥FwKà=ŸY’Ö»|<–˜>nkÙ&“$ó—W&«•`Ÿ°±¾®#ó¤2}bàvÔLÀ»…ŒvãÐÇåð¾Ð5èäÈ Êc;5ž“Sø?XŠV…1?÷K«ƒg0¿ÁN#ÉÇ¥®’®6Ãõ”�hÆ´ÂÏ0×Õ‹m$L΄¹PÖ‘pñ2
-T„mt’I¤ÂVÕÞ(aí½7uÎ+ënÉqαŇ.~Ñ­þžW*øX*(ÕïÈcÛtsÑrˆôÂ$ƸœwQ,ÓGÏŒI7À²¶_ƾ˜É`Ž>Vúsp›ºìÝÔXG5(‚^ÑÓýÛ‡û¯•Å‡pôpTs&’ùÚ}ÍO£Àê¯èÛȶþ'™¾â©ŸÎÞOß�PWKö÷&ÐÙÀæQ²hl4ˆ¦!¨
‚Ï8f–Îg+Ê�¨B8®~|à0v
-ý]7]I$Ð,ÿ§¼¾á}læ:pâ —oŒ£¨lN7Ëåÿ§¬iâCFž¸—9b¿…|þ{‚g¥£ŽÇ¡Å<ÞiÈüTõvâ†7‹+ì¶Ìcm™ÝVƱè²€B˜•‡ÚågÆ“{Âb²ŽÜ6cÝ
Qkëò;³»Ç]&
-š—EAÖj¬·16]‰ýJ¢+s³>ˆÃÐÄÂëX¥³T[
-.ÀÖüDÆÎÅ| 1@6Ï�ºe2›bÖ¡ëJS™ Á$PÿPß œBí ¯X~‘ÚY“ƒÎ’$È‹³g�YUj°�%¼´Ál ]9pŒ&WdòG¼Q–"tx�ØØÙªUVVGÑQˇ¥ï耊íUÍŠΫևP£«8\ïÐ
-BÁàã�òd´kè× ?%
-
-6oH¿“fÈK:Š!Y­0ú¨�,!m©ÊhÔCq
ùaŠ½²/:B5�V-wKì |
-Åm¶
Ô0yõ	·Ck„ƒÀ¬&ZÛ´†¥�¬ÛøÙ3ˆàœ}n;z9aŸágáâf
’Çc>šß°1¨Íß.þ/©aýendstream
+x
ÕXmoÛ6þî_qÀ0ÌbÉvœØ)°)²–¢[¼o6Z¢,6’¨’’ï×ï9R²d¹)‚6l‹¼×çîžóçÑŒ¦ø›ÑrN—×å£7ëÑOëÑ4X­¨ûg¶ø0¥ùÕu° Åj‰÷Ëë`EFR‚³Sº¼¹	æ_|r5_áàð´àTÿAEø–Ìh�À¢ëÕ’Ö±{>¥u4.Eþ‡Í7¥°6°úÕúÓ(|»hN�iŸª(¥ÚJKU*éAäA‹Jl„•ÍãH•P…?r¯"£­N*º¿[�,"s(++Øk³†)Mf—pk�SaSiZ§ÊvrñÞVÚàš*H*¨6äMkSX[f:YhÙ¬°4j'*6Þì�ªž3§zF„²Š!Ï^&mؘS°âx5ˆŸ×L±,e«bKºp‘ô¡Cåe&s‰hV
+ç¨<èÚÐï…z
+QEýDö`+™s¼ä™-_Oe®ã:“„ЖFïTŒànÔ¤t'�…Ê�=ó`ÌØñq5
½«(m$E:/UºÈ¤çÓ06“É©›À,êÞ¶`ó‡;¤é’}¶$
+QÓYL"³š[¬Óʹ\0D}#QÄ´w§ñ´FÓä‚ვ�¡m QPNz”Šb‹®S[®³žŠVÇÿï�£(Ûg
+ð·Ïƒÿ½®äk×Rj˜i‰èÑQ“�¡�QÊ%ãDÙ
ÃíØóÔ.í 	f¤æ~8ê
³A9dzÌ@ 0p¸�7l¤J�®·ˆÍX/äSÕ>ÃaÆ%Ÿv&ô!“Ì:�LÀ›±ŽêÊ4(
G z3Â(úÕŠ%ìÎ,Äo…q\�ÕÛå™ ¤A}J±Q¦Ø°NœaÎFåæI�OÊb§Œ.Ø,”¹Îe3˜XéÑV®ZÀµecÎWŸµ#Çu\€³s>ŽÚ U©¨|ù».0p~�Φô[–äص î
+¿|ÎY¥:&î™–¡< ³í
+8®§¤ôTùø¢9}¤áÐV@X|¶€ñÜò—Û³½¢1öPDüÔÇ­YaÁɧôÛÏ£Å*¸¡ë%"™Óìj\ú=ðbÝqI0ú%v\G&»hÒDZ•~aêc'Ûñ8­ªòu:7¹m¶!ÛÒ�vïøôÇW>šÇ™Kíi“)›rmsgm1a7ÊE!0h/(î’É’y÷Xv{0¸…
só;rG+\MðÎÕ²œs{CßáòãXn_ûþËÄž÷§†& #€'ˆ²ÌÎÑìÙαNµ0†¹€3Þíw©Ø1ãhi5œ(QÆpMÄ;Ôܱn
„*Ð.D!¦Gp¾û
à6ª$Ýa½‰°Í—˜†=ø}	¹¹½{€í(aTa�&°Æ5îc\@æë*o†‚
+YáW„Çá B)'hÒ
iY5á€™ÑõÍÌoy·÷onéƒÑŸ`Ýõ‡Ëˆ?>YÎñÃH<~A.–ì‰îôÜ­Ž€î¯£¿
|[’“endstream
 endobj
 560 0 obj
-1588
+1691
 endobj
-561 0 obj<</Type/Page/Parent 476 0 R/Contents 562 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>>>endobj
+561 0 obj<</Type/Page/Parent 497 0 R/Contents 562 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 40 0 R>>endobj
 562 0 obj<</Length 563 0 R/Filter/FlateDecode>>stream
-x
¥SÁnÔ0½ïW¼‹DB’¦IöØRz�ˆÔ¯=éºMìÅãìjÿžqvQ)•HVòæÍ{oÆ?V%
-yJ´®èiuÛ¯>ö«"/Ðt›¼Fݵr®ä
„!ý~¿AÙ¢¤°¹®ò½�z½þì#ñÛþI`e™`U—WȪvA®¿WM‹3 ¾
-Ùéß–ûÛͧÛ|	þIìãÎëy’y©4œd%;Weç²—«P·µlx¢ZW]ŠŒ¯«Ÿºì>endstream
+x
�TMsÚ0¼ó+Þ­d¦VlÚé�4MOé¤Å3¹ä"l�•‘%W²Cù÷]ù#¸43í0a�i÷íÛ}?'…øD´Œi–PVNnÒÉ—t²�’ÕšÍi¾ZâwŒ?+hï�¯ïÖÍ)Ýãb²X°„Òœp!)ͦ36cô°¹§ÏFï塱¼–F“ÔäÊË°y•>÷€Æ5Šü×�¯“(IXLI¼Ä“%Eë�Íú•¢m‡<§(ê‘ãÕrZP”Ž¸&S]¢RÆ•9õèã×KŠ#_`‡ì±Ækœ&![�N¡AËûLÞh ÉÊìĉ*^B>W[™y^Γ8?ÑþÂSF„"ho”2G©¾˜½5%ÕØ5:PR*„ªð/›²}(è ƒhõÒ|z®}û¸I?¶XÄ	š‰ÓÇBhÚòrÇÑÔØ#øžøF	ª
	ÍwJ´
tMU[ÓÓT2ÁZá®ïЭ¶
S
+‚£¬‹
+Ù²_õö±ô‘Ç©ëWG~r¸kÛã9_EȼS2Ž²Ì~°ú	¸‹5bÕ±ð¸ã5N“Õ+Çöt´Æé*FÎwßÂPæe%°VfOU
[8w46wô‰NâY°‚;?>Ю^É xµ»Ÿ5¥É%`e®½‡ç¶b>÷ú ®À
+ٰПý-EVp-]IZˆ3¢×±Â
�öZ^¸g{C¯u…Á�]JÂsÚn;~èÓ³ÒóæT€ÚôfÁLÀè]°Õ›xÕ¿%Kæg7&ïho7÷7z°æ‰ [“5>!­—ýë˜þVÐ]ûÏ�=_ÎÁÅãLã¨çø}òšAÂáendstream
 endobj
 563 0 obj
-488
+766
 endobj
-564 0 obj<</Type/Page/Parent 476 0 R/Contents 565 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+564 0 obj<</Type/Page/Parent 497 0 R/Contents 565 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 47 0 R>>endobj
 565 0 obj<</Length 566 0 R/Filter/FlateDecode>>stream
-x
•ÎA Ð=§˜e]ˆð%…n5ºÖô_
+x
¥WÛnÛF}÷WЇ*€D‹º;@
+ØIÕä!(Z«ŠªKr%nBrU.)Eß3C.))M‹ à˜ÜÙ¹ž93üë.¤1þ…´œÐtAq~÷´¹ûqs7V+ê•{<Œi2›3š­–øûa…?KM;¾�C¨é~Aü~ý@“1mvоX®h“È9Þăש:Tº¤Y@o­«L±'EïM\Zgw½1®*MTW:¡µÉô‹ÍÇ»1�&3(<Ÿ]¥sªJ­Éô¬òH±
+ó™(Wqj
+MÛ
ç#uRHTœø
+†gLA׆»šzPôa{¯¯kŠØe¢ç0Šûµ§‹
q§çš©Ë4ÍÖ$ü)|2pypøµ¸àz‚lÁÝù’³&OmžzÝÈØbŠãËœ1uô»­	œcö…ª8i.e)&!^‰–m$•nN)ÓG�}‘½àÎj†^¹r§þËìMÑ�Ë­“$©7­]
þ5
=vÞó506«ïÑså™Y­ÁžÊÉ­ÌŸœ/
Ó¡;ç‘ÍLLÍ©pêÁš¢"n¶–×…®!.ýYå‡LÝâxoüJ“@ï~Ý•˜>Ö…Ì’ÑùË–+ÃíVr²²¾®vó¢2}`àvÔLÀ³…ôz}Ó{Šþ�ê‚ZéDU˜ƒ‡ŠƒS1ø¿ÑäµH†¬üLŒ—R7–Á|ƒ�z’÷C\%¨6·ã)Ñi‹ŸÛX·/¼·ž09žÍ2Ž„“ˆ‡QCE˜F‘x*,U±ç‰ÒŒ½¦Hxd=ÌÙÏÉx<¾5ñV—ú{©àc© T¿%�úÐö…_T‹Ð3�(ãr>ðb«`òÓGÎIÛÀ2¶_z\`b‘?Vúóæ5µ?˜»‘±Ž
+P½¢çÇ÷O�_•ÁÑ4AôÜmî6•ìÜ×ìXýÝcÙ²º‡$sÀW,õÝÙÛéÑ9B¦²
½køìFi·³œé„äh0Í�°nŒú>³tÝ\~ñk;Ö÷ïqíle¯¿kÛ+ô'ÿØ7ÜÇh.R¼‰åýHs›Ðr>ÿîd�\C‘ž(¥‘˜Ä%…íöê	æ¿t¥Q ýÔ)6ݽQ¹Ÿbx´¸ÔÖYâk˼pÐeno}ÍÞŠ„b3M
*�u—%®HL¶÷žÆd¹:æÅ[­-²³‡f»ívÃTÔ,½¼Ä¥Æ|bÔe°$‹ebvg1Ø Xˆ“#s–
+¡ÆèšO¤ïœ�KØæÆ2va]2›hv,v™ÉM³‚JðÑ�õœ“ª#,þ® u´&
Ÿ�%H°GÏ
+°gå‘ÁD–,áÒ½�pE ó¦%›Und~Ú²Í7~
ùoOjâ7[ÎÀMø¨J“	¿ÀÖñËÝßgc!uendstream
 endobj
 566 0 obj
-130
+1534
 endobj
-567 0 obj<</Type/Page/Parent 476 0 R/Contents 568 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 118 0 R>>endobj
+567 0 obj<</Type/Page/Parent 497 0 R/Contents 568 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 568 0 obj<</Length 569 0 R/Filter/FlateDecode>>stream
-x
¥•Ko£0ÇïùsL¤Æá {ësÕUÚf«^rqÀI\�M±IÕýô;6�Їö°«Hàa¿ùÏð2rÁÁŸ‘~Y9ºHG³›x¤[<	£Òâ8ø$ß
-]˼É4—b’>£m
-UÍ…6nJ–í©àªTÀ˪`%šå&¾S×o£8¸K¦�«KX�9aĺMVË$
AK–CÅ+¶ž€UÍ\6
-¬VXŒ¹…./)Š·>9|gIÅÇl>„ÍhQ(Ò=ôB)–LóœL´€m#,1Zpý†Žä�çèxóÖÎ^1r—fǸȊ&gê[K9ë([ÄÓ>ÌÚ#h
ú6D$>!IZÀ°•5 TQHšž,Ãg5¯
¶¼`
-´<Â_Ìg‹xvŸÎ<Ó÷¬à\ASI
9+©ÈI¶Ïkjã~Êë:éXý€k®¿�×#.ÌÝS-!˜Ÿî
-HZ
öÕ &ç®q=Ô௪¯[ö¾l'ªÀîX
-êè<ϱߨ%¬õ‰ÿ¦uŽ9_=­'€`Œµaˆ¹sÁÌ"£Ù6O“ÙðOã�,§88J­wЗú±„ÛÒæm˜ËÓ6ƒÓûö
-ߟÝ
û±�ñþ©õ¦Ânººù°Ñ�ÀÊÅží�*H4­õ•Ì:Zgp-šò‡Ü¨õx=9¦3BpxÖã„!bôÛ�óC$„
þ—9dÞÝlƒÛ\?&ÑàðKjØõ œ¿ëù]ru�Î3ú¸(Pˆ&ôgbc+öRÖGu_¶Æho(àrñ½ã$Ãùê5ÐÐô×J>-:{Þ/�á„¥eS
-.¥Y“,¹Â±A­].1`<ÊPnžY¦Õÿ„6’\#ýÊ0SÞûiXÃ
+x
uTËnÛ0¼û+æVˆUKvý8&MskÑ¢.zñ…&鈉Eª$eAß¡$'¨‘Z0 ˆ\ÎÎcùg’cÎ'ǺÀbYMîw“��Kä9vG®¬6kìæÙ|>ÇNN�§S‡ #š±Ô]up'#q2ö% :ÔÎؘ^Ò2¬Ž­ó/¥ð: s
Zaã-„UQøˆŸ¢:ˆìf÷<™cV¬²%1§¿‚ö
Îâáf¢e1äÉh¤°°®ÅÁ»6膛½&+n&ûôgí!"öü…„³ß«cÈp'¥ÁØ'��èù"+z"#à|¿xÀ~Ú–F–u­ÏPÆk�7ä4RÚÛß
+qáúªÅ˜íåvËD¿—mZÙßFùj�¥›*Iùv#ý¼ûz‡ïÞ=sñàdSÑM‘¬K\gCÕl(›^ÏÂr½dzsŠEÚÏn~Lþ©p�endstream
 endobj
 569 0 obj
-810
+687
 endobj
-570 0 obj<</Type/Page/Parent 476 0 R/Contents 571 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 128 0 R>>endobj
+570 0 obj<</Type/Page/Parent 497 0 R/Contents 571 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 50 0 R>>endobj
 571 0 obj<</Length 572 0 R/Filter/FlateDecode>>stream
-x
•X]¯Û¸}¿¿bÄ
âÉ_×ä¡Ûö¶yØv·q±(öæ�–h›‰$z)éºþ÷=3$%Y7MÑHL‹"çãÌ93þý!¡þ&´Mi¹¡¬|øqÿ0ÚQº ýO6ÛGÚç´˜-ø&›üÑVGsj�jŒ­Þí¿`óŠ’Äož¦�³Û'+².׎Ku{¹X×PsÖÔ^
-«rS�ÈéâLÕ`OîÌþ££)týžn¶¥²­¬þÍÂ…š”ì ú¬œ¦J•:§ßäŒ7ŸglÉ‚¦ÉÒß¿Ç]¼ƒ¯iΦ/á^ÎqfŽ—MEŸTyPok|„!•*°Ñ’X*oc?,»‘)ÙU5ô<ñ7±Cµv/&Ó£ëÛÇnD¿š*·×šþ¶÷ÞÊ~íð®ÅöÅä8"ÄçhÝ«�àåŠ#öüN<œ?­C¬Ó4�­ˆã½âxÿª\…¨²Þ?p²$cþŸü…¿¡õããì‘V�[|Nvˆ¢øɧ;f0¥õ&�mîþ³Ó/ƶ‰9¯9¦7�Ù²Ô³­9«ÈÑëôh‡í9Ö«B
-ß8J|<ŠûÚ+lö�‚ž0Lãä¸-ü‚|ºªæ‚@±_tfŽ714Ê€‘/‚›Rç„(ÙÌHV¯¦9cƒjbБ¶?T¸p£@ý_^y—#¶'1u9g·ÔÊ#9×GÐåjŽ
-X%
-OêpÄÔÈÕ WZ˜e* ¯ôxB„y³³ªNú=	¯�>:'�]…�C;`Õ6
yƒU=«‰#îDÑ‘±­?™“×'¤-c�’;ú÷åÞŸ
-n˜®<ÀHëØ·[¹Õ5ðªÇo2!àÅßžÎqbˆ¿YL§_4ðô9`5Î~ãÉz¡ºqèÁ*!ˆ?$@â,ÉðD�x7z�ʶhæÇ0C�êC¹ìúÌøÉÍ"Œ–_dB?Z·‡J’5ÖøÇm!ŠL'6½áÀÉï"„¨ðÔœ¡Rt
‚fš%­ðŒÂ£‹ƒ`?U�×– üž®|/Œö‚R@'�¾#fˆœ?1êBï‰_µÐb‚pî¶ZmWÀ&~ÒÊ'Ë„_B™þòð5Æ©aendstream
+x
•XMoÛF½ûWrb
+Ñr®eÿªÅ?ÆÇLy½íJ²÷e®ª½Cç4‰�X5r[¹–"®i)Ô|g-Çàì)GëÛçÑ´¦,Émônñ‰Û±5¥¦C§`¡Ô\I„§z»¤òÊX Á«UÍ”åBIZ·'Œ:�ÍùÓ×'‹õ,]ÓòêºZÑâj�Îû«’î»3\^I˘ýh{o¡«Qµqh™ë­êÊ–žUÙé˜>ÕÊ«J3Ð9O„2vUÑÅâ"½9_ãîêj2†uœ‰¢ó»E�˜Ó4l²¨SVRÓÕµó­|0#¥3Ì	ª¡�Ö–„+:§-Z̯�ß�â‚ø³àl€ßV•��ì
+É*²ÐµVm 
.ˆ5§1ÒÁÖÕŒ&ÿp™dx?Rôó»
¦)ÝH]¤,ˆ\¬ƒÚ{ׂëF3Å=þ‡ž5§SÓ_cä'É‹GéºË
+ø‹YO&!ÞYí›ÂÔ“‡_–üE?â&ÂNËQž@£X{ U¯êIÓ5xô£Ó
 G5Àˆâ[”ˆÅ¿ÐeŽÎ…Ñ`&qœ£n¨ºÖÊ“	Ã
+~Þ
+2ä§
¦$àîq‹ÐP
+{¶ílÆÂ¥ÊIúBüHbQ‘@#¼ØšJcþ7Ζ{â(x²Œ�ŠÿÐöËÈÑë�á¼Gíä¶`iñÈ’íõ¥¢c„�ÄÆ9ûƒÒ3ÀíXN˜‹«ÿ�ÓÅj9�—éÅaÕ
+zö:|ñâ…]àµtßð
+1p6¦=’™
6²é²d»Ìá]áÈíl¨ô$ÓJ󹕀 îh?)�ÅÈÌGmúE»ZE¿÷ƒóè¦7÷·_ÿ¸ýúø(PzL~cub;�o'±�^‚LcP›qˆ'ÁÐ4_FãQ·ï?~¾˃½D;Ÿµ�r3˜ãx~bLB•\£šË¶&_£hüÖˆÊC	¹³²¹M#?Êú'>sÝdÞÔa¥myF�É�Wì¨ü™sì+Fp¼ÅðËû­zÓ‡ÛckXŠú>…­^5ÍÎùœr5ÇæýøöHåcÑbÝ”B8�¹ŸÐà¤#ìyèC Tà€�AâŽ÷½Ãn–¼ÜÁÆ,†Y¬«ÌÆC\³’×÷ª8Þ$p.èTè×

 endobj
 572 0 obj
-2080
+1797
 endobj
-573 0 obj<</Type/Page/Parent 476 0 R/Contents 574 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>>>/Annots 131 0 R>>endobj
+573 0 obj<</Type/Page/Parent 497 0 R/Contents 574 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 574 0 obj<</Length 575 0 R/Filter/FlateDecode>>stream
-x
�WïoÛ6ýž¿â˜ÄŽÅv¶OnšnšÔ�]´Ã2´D[Ü$Ñ©¸öÇï)ʲÓmE$–EêîÝÝ»ÇÓ§³uñÛ£qŸ#Š²³—˳Ë×Cêõh¹ÆÊh2¦eLÝN·Û¥eÔº—Ÿ-E…V’M$Ū�‘ÕÅžl!%­dªwná·m¡rûýïdQH¢µ.HŠ(!QD‰²x¨Äí½.i§LBV“)·[]Ø΋埀Хk� Ýv†ÀТê'XnóoîR»×íLš{ÂÞ¿Ûý�“Qø>¢ó*�õÎÐý’>OFçÿohv?ì†çëφ¡ë«ËëÉWØô§oæ¿Lkî¢a€¦é6L?οÊÜÝl¾8¶FÇ憨ÞW™šÏoN,�˜šë�,æ7ÎØåë«Š'ý~5j˜+­¢ÈU¾á„Þ.Ϙ9Ž>þßÃÏ|‡®FWx`8ãºwÝ鸰ðÜ›t5à•&û¦Ëåíýrööþ;¢‡Ûwïg·¯h~ûp7[,pwá©s`o»?òܙ夋X̳¨,
-™ÛtO"ŽIP.wêɯ2#"[	J´±D:—¤×dwxRç±²J熲ÒXìHcð¾”?zÇQ€>
îÚ÷c4¦cdc°µÝ¸èZK´‘ˆ"]æ–J#aÑyÊÑ"|É]v
-­m°öøâVÛ¹
)©a©ÇåB‘£0ýΈ2ö{Àê¿¥¡P!ÍÞ7À¾f¥¾%¨‡”Él…JpÆ8
-_"ÎTΞVÜ•³¢lQªŒ§öàêš2ùv
f”…‘3XµC!CUYŒUiJ[mŒ4†—øƒÌ,\«TšPmS®‚¬*Ü]Ér›PÐ='�GEsh«Îv‘�ÐY#–ÎÐZ]ŒGN&rþ6�¼'L(¯ë  2_ÈO%´=®Ý’‘Å“Âv‘ÇDÂ)œ1t»	÷‚ŒÊ¶h®ToÐ;M»xÏö�ýÒ@,`ÐS÷±…sÂÓ6Ô¯õ¬N‡ªõø¢Î2­�ÁNC؇HE”*t{‡è^<©�;·|S�Ïù„’…©•±jÈ5ÚÀ€¾Ñ|-Ìü
-�0‰.Ñú'žÈIå‘:‚p,àn™œK™°QÂFbC4î\4˵Êe|’¸†�ÆwUÇIHÇ
ö_ŽU<KÙ
-Y”ÙÖî]
Ú˜ÒjÌÖGTí8&ãF/ßÈ:ò/,³Ôì�•™!Í9gšæÏf¢‹Ê<@äòG‘LW®®çy0zNV¬N+»==F›èM`R òÔ˜
-¼qÞ¼Õº%�Ïæ±æQù܈ÔhN�X¥’2«õ¾
-($¡áÝ”QrÒgDœÞ¼�ƒ~±túf¤å™J™\5<pZéÏÏÀÓ4ŠRíd,ÒYµñ9wOÃ)K(+ë¿b°¬.GZå
-ÌGê+	D¾é0º×Ž™lÕÁ9ºö÷ë3øYò³×é¸äÀk»¸!�,¸PßÆ�àÛ
-ª–B«°ùHä_
-¾zùAÇr½D¾¯Mpm+h
ç¬Â©îí‡ù
r½äôsÇø	‚Õ´ÌÜI
àpþ%¿eÕÏ	²ˆ]hO'^Ãæ‰
Œ°âa±�™Æëšsïq<Ï÷«
-:x““kQ¦d‘)°c®Oÿ¤*Ko4îôðFXÍÔ‹éÝË)KúŸ¬y¯tๅ¸h—­¶ßÞ÷ñâ·nPMµ)Y|üúp<Ä0âÖ}v„‘æÝÙ?_]xendstream
+x
•XÁrÛ6½û+vx3£Ð’lËN/Û±;î$N«I¾@$h¡&	€,«_ß·
+ÚhóŒOnE¢\
+ÂöŒDQè
	Z[iÂâeVªJYg„Ó†j£^T!Ÿä›ÅßGz;=If¸<NuUÉÔÉŒÈi|?9K&É)᨜&,­¯§+Q=IÄ"	±IcWª&�å8Û’®h©— B§¢@·aik�,I›ÁíF–ÚI*õºâü~ìj¢È³Lh±$ŒÊ‹P…X’#ª…q|3‡Â‡ßÎ\ã™jÙü¶E;fD­L×F¹-aݳ¥
~rQo�ýŽJ”[º,
+e‘§È7tR”ãN8¹Ñ¥_.…ªš=¹«É*'>øfq„"ÓüdžÌéôâŸ�0¡ØyàÄ;šž6œ˜Ì’‹+Î’Ó„¾*¹QÕ““
Ê”AÕ4R¨¥)•µJW6àÐfŒ"Ϙ_L+D§LF˵sÈXîa;ka‹>ïOŠúGÅÍ7º.TúÌ�àœiiið“¥u�¢gJú	xÅØjA`ì`Fð…ˆ;�{sHÞßý˜ÕÖ–‰ÕK8!¢¡g’)[bö
+½¾Òü­NK£3C�;ðê0ˆ¼—õî̤M�ªZ� "\s•ÉÊ©|ËŸéÁ
+€C~¶@~�»B1ývs
0r%‹¬­¬O¡ÖBÏ2Ê„KaQß1ìïB“£á
€ƒ
’©‰´ »®kmÜw²±ÒkWX�{õ�sQXOɽ"ÇœUC"O;–¸ ¹´
+^�¡=œ;Ôd_°ÍZ]�n �[]É
©â×»�.éÞ�ó£Û5ÔþZWÎè"²@Ý
+Øö"Sy«œ¯�iDÚÐꇒvLVÓÝW…’#
+Np#PPF¡sÉ ¨¶o¿\ëºrwòî-÷s¹;9{IìA–»iB·|uG‘úuezì´Í:P\€C»¦8~2z]ƒX ¸[óÌ
+½ôCš<\
áïP¹er¿ñýΦƒ­²ç¬0,ýPî]Ýì�,‡ùè:Ñ6zÏ8ìâè¨Yï¬áЉÁ(õ#�;�ÙΘŒŽÇú»_	veWü7™1¸CßKMNÝ´!kƒrõ"ï ÀHí¨êcòyü’éPmÃÖýY01 J¦«‘cº@nÙ—Á$"?¦�	5LaÃl£•mQãÀöƒB
Œ‚Ï;�.”p°5Ê¡Qƒ¼�´W¬Á5Ì„¸¶k?,…}Vv§€µ‘¹z
Å{x:äAÑÊ
»A—i*­=ˆ´ñÀ£(ÏÍ!ÄWkXjv*+nbLMf�×½à«t/Fo²™ïLfá=¨J×…h˜í硯%;ÏóhJ+¯t[i26Ö��úF¼ÄSA9n�RCÓ"ðX6ö_cÒZ
+)Œwž
+¢!–èÔ0ð{6­É¯½À3èøö¢1ªÓùy2ÅŸ
+ØKáùòpùñê’>ý7ƽ×éš
†pà&‡ò6l{>Ã_²øÿ½OÏOñöô_œ�ñix·þqô©B6¦endstream
 endobj
 575 0 obj
-1624
+1783
 endobj
-576 0 obj<</Type/Page/Parent 476 0 R/Contents 577 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 134 0 R>>endobj
+576 0 obj<</Type/Page/Parent 497 0 R/Contents 577 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 577 0 obj<</Length 578 0 R/Filter/FlateDecode>>stream
-x
µVïoÚHýÎ_1Bw:*Ç6RN"
-i¹K�ÃN{äÃb/àÖÞuwí�ü÷}ë„¢æt'å@ ÌîμyoÞØßÙx;Ôw©Ó£ i\û�óÛ.9ù¬ô}òC²-Û¶ÉZLëh+xHëgú‰Pî5M}Ê$1JU$2®h=rMÙŽSsnþj¥\%ŽJ�Y®�¹z–‚7iÏã¸ýUȽ ­’yj½ó¿4Æ~Y©×ïY.u}üvñQœ6%ÈKr€­
-Ô(k"–,,@ØÔv:8‚Ô©ˆÛþM#µˆîu�øˆóÑü³É£eÂ÷)±ý×=SeBö\
-éš¹P&ÎÜ«“ÔÞ(‰OþïIº^tŽÏÇ¿RÇÒ´²ã›Šz*È&f[=\ÚOðoÛ5ï§Û„l¹Âk>{?[­vi»@÷Úþ�ë@Ei†ûÄpY9=z6�ÑÍbòi¼ Ñ§Ñänt}7¦ÛÙ‚ü�æ‹ÉÔ/Î^K`�10\ÖêNùg†×1gZèÖÕêÄ)¿—n+õ2Xê:±¿ùz·bñ-�W“ïåAÀõ&�ãg3ëè
+x
•WÁrÛ6½û+vtRfÙRlÉéÍ©›i&�Ý6ê´_ ”“�¦õ÷}»€$
+r:ÓñØÖˆÀâí¾·ËïgSºÄÏ”3z7§¬:û°<»øxEÓ)-<™ß,h™Óåäòò’–Ùx¹ÑäufëÿZ²åÆ鬵nK�v•ñÞØÚÓFyª-9­Jª´ªM½&25µØÿ×ý§Ž÷Ö•9)ÄtºqÚëºõo–ßÎ.éíôÝd
+SjÊ
+�Ò(§*
”±ïf»¾«!Ƭ$ß5�umZ9V!Œ
áØ‹Xɸ
+¯+mï»8_~|¯Tö$ß¿ryÙ:ƒbxãF¡ß¸q˜Gଙ*97ª"³Uck$™ªèÖ‡
'ú£jä¼GntN£~$ý7zÑÊ´x\pCF¸sAd|ØáÀæ}—ÁïÒit§Kø5¢‰íáôƒÇwÏ;ˆ'lGJpG™umžˆÖ@‘È’’㨣n¿4ÿ9\ºewª
›Õàbçœã¬ÈË9Óáj8]Ðßñ<‰{Uå†öè-¨TBA®Õ•¸†"h¹ìp3`¾ór—J`Xõ~ÈeˈÄÙ�{¶r¦½W0*þPu°å®Î6šÕì©HÿÔ˜>²ôB¦„è¸;FÐœÈZ¢ÃãØöøôÂÞù4&F8õnPI�?mý”˜Ð½¨€ß°Üƒ–¹7Žê.¥èÔœi¯é )ŠÚR´¿�YoJüÊ
˜0rØÉŠ¤ðƒr{�T%\•çpn'JáÊB"¾rBƒò#ßè·Å	AKÌ6	°‡¾Æ%»1ÍÉ™Þàð‡ÉŽsRøÓÑ
ÊÜ—CçÂCœ±§73¼±ü÷Œ=½º‘ŠÃkÕõd‰fBQ±T0™Ãë‹LƒDûM¬à0Wíçî{äò“é0g\slˆ�-¢°¯ý <À‚
+N"“:G–¿]Ìð&›�ÿïkÍÕâ
+ÇÈÖÙœã�ð?Îþ²ãÓcendstream
 endobj
 578 0 obj
-945
+1613
 endobj
-579 0 obj<</Type/Page/Parent 476 0 R/Contents 580 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 137 0 R>>endobj
+579 0 obj<</Type/Page/Parent 497 0 R/Contents 580 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>/Annots 63 0 R>>endobj
 580 0 obj<</Length 581 0 R/Filter/FlateDecode>>stream
-x
�VMsÛ6½ûWìQ™±¨ï¯^:m;ži5aÆ=ø‘�„†h´ªüú¾‰Rk§éx<6I
-OR•™R‹Ä—hôØ9ÚSl‡ÄýåM¹$oNNq²Š
-óR:6d<a­
-Y]ƒ\È«ïîo¨yÅràþf*üKÒR²ç­›(–¶®ÚL}8ÆëL'#tx{0aÓF?¡+_ ÷b-C
­°VA¹pbÅÓ$èYÃäh'à˜žj	ÇÍéY	Bè~AïÓtI;™m…VÕ®
ïD¶½€6j‡ØƒØw<Ç`[p%ªÊdÊ£úù㯞a6‘¹¾-íua„·(vNÖis4>^gª�â†>`n4Jð5ÜêzyÛôu†ø(±®ðc=¨ÖLÊo‚ãóvœÒ‘œˆÑ—ãÏËÝbmSìõX5KÕ�@Ö´1øisqWé€Ü#0LYK>'×ÇÚ*w l+³/Äù£EĪ�y[UƒÙŠy]UƒÑ⟚j›à[o‚/êê·‹NDÆqš0<ÇâÿÍX=˜ÏBœyW„+_¼¬Å[E<©ê¾ÿð�~HÊfEÅwB÷}ûÎÔH&N®ô[9ƒÜ'˜Ú½a¡Bø!å8|¾oN£Ÿpåd·Íl#…Ò’–Òâ.šYUºÿ:gç
bárÛeâ/o¸­ëðx6ÆܘóÎhÌùãBôûÕ߸}‡
-endstream
+x
¥XM�Û6½ï¯ä²°«•ü½zHФŠ4mãc.\™^3+‰Ž$¯×ùõ}3¤$Jv�¢E€$’Èá|¼yóèoW	Åø“ÐbL“9¥ùÕÛÕÕÝû1%	­6ø2_.hµ¦8Šã˜VéhcËTÓÚ”:­my¤J§ûÒÔGÊíZ¿^}Åæi»ùv<�¦Ø>úT`“¢}¥KJ3“>UäÖÎüÚÑ«O¿½êoQmIívÙ‘ê­&Úé27UelQÑg•?(ÊÕ®’o�æY½¦àÍl0¦Ûd�Ù>þî±´ûÝÝÁ–Ùš¨¼;ܽP]š]¦J}CªX³É‚&Ë(ÝêôIŽH·ªxÔëÞ!È‚¢�Áfõ¨LQÕ²öÁÔ[#S°ïVWœ>É!%ü¿¿~½Jæði>aÏrZŽÛ‡Œ>s	�øÉT¼îRÏYðö‚
9%ñ2š{[Íöþyå#u5õ'­•TÕ“d®5"î‹‘¦¶#Ú©RåºÖeDoŠ#IÌõVÕD]jdÎåK^)¼(l-9A]®“k¤©2Ug†xQ¦75}+N¶…S™-€
+IYká"*Ù×]iŸ�c¥[g¼ETjó�ªÍƒÉ˜»¦ÞzNG1(‹[±ChË;>Û´Q©ß‡ðÁ4¥]ïS½ŽhÎáú6TwRd�¤ÙyQ[Ð!¨&[ÀsË�Ë}¿[8¾x±Xø9ó³j>‹!”©ü랺ÊÇL3!™ÿ®_j·0�cÓ¦uCgÕõ˜N"¨.ÄAx~NSÁcß›¶Š§8@(dè+¹ÉÓô«0@ÓåRà.ÃÆ=´1O—÷½ˆ›)ÕòE܆ð@n§Ü–Ú²ÔÕÎòÜðLã[å<Í	ÏI,gH
+"S¸SŠ7Ìd2]gW[ð�S“UC‚¨j¾oŠzä¾å«*Kë–Y)�¢8'r«�0	\ãòh÷¾ÏNíw|‰awÀØ-çVþÔÍžo¾–um&—.GîžNN¼@€pΔ¢UÁNÅzP‘ÑFËW�—ÕUq]{E§p{DçÔ&Ýgªôw*()‘B"nø
 endobj
 581 0 obj
-1210
+1658
 endobj
-582 0 obj<</Type/Page/Parent 476 0 R/Contents 583 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>>>>>endobj
+582 0 obj<</Type/Page/Parent 497 0 R/Contents 583 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 583 0 obj<</Length 584 0 R/Filter/FlateDecode>>stream
-x
�VMS9¼ûW¼âdj±±�
&—-B ¡v³‹·²‡¹È3²­ 
’ÆŽ+µÿ}ûI0&)BÙÌHÕO�!
ð3¤³�œR^vÞÎ:Ç×ci¶àG§Ó3š4èšå]Aïg£¹p² ¥õJåB“ª¼´‘Kò†È¯$å¦,EU�V•¤ZZM.·ªöîpöµÓCäÞè´?Fìî«Uå¼ÐZxe*ʵ’•§¬«*š¿¢…±¥Ë©¶f­
-éHP)EåˆÌ‚i·ªZ†¬7emQ‹£BxÁE’“v--‡ Á©ÔžôGœ¸>_ñNé<Ǻ¯Ì¦BšÐ•¦�š*QrFG©5¶É¹Óëµq«©‰PHaÒ:B;V–Æ˽Üw¢œ‹°ë‹ª½ü1‹™SÉ®Ÿ¶ìâ„–TÞ&Šh
”\:G
-ÿ+ôÙXr^Ö¨%Eäs4Âï7à«oš/9þñõ$‘Ýuå<"Ÿ·"è†@{km�ÿpm¨ùøz@ç¬`=G’iïø�"_�d×Ôµ±>”:¼Ì}ce$Œ–@±¢fv˜
-)yCÿÄj8b„ƒJËpš~¡¦“—-ß8×°°+º(ŠÏQòï‚j³.ÎÚí]ïïÏ—¯Ôû_z?öOÄÈø'iŸg½ú¶“‘
D@pƒí+Ù[ sH	|14éèòÆ'>'.ïOXNy\hæZ–Žd•ã0À½ ÀÍ
-bSe�0 à¼öÑT¼1°1Heà7ì
äjö=àl+N3—~#“ÖÂ*Ó8z{29aŸ4ï€Ö5|J~\ÃíZƒªrÝDïKüsò‚.j¬ÝËû	Îg¿X&K77p–i=ö§s÷|B0oí“ÝŠÍ7à¯HIbx¢—RÎ]{ÂáaTÙkVfÃT²£Wá[W�qñ^¬%ќщ
½“n9컾
·`¸@/¥õ^«8^²œãAf¥m†št�Oƒä_(¡ÍƬ·0Ìj"‘0<¯ÒØAšËÙKýШüž´1÷켜y7õ¸? ·…—¨~‰
žC°?Æ
Ë™¦à‡�Ÿn³ì.lȲËÆZHðÒTÞ}'=ÅïYzʲ«j­¬©X©ÉÉ[Çމʀ!ýZbF|v°z#¶ŽP¸xÀ•ú
ºFÃ3<•èz¹ÓJ `ÃîØQR>¨ÐäÅËÀÎÞg:{�4²Õˆˆž�þƒÙ r{DqX©*ã£tPñ©œ
+x
­•MSÛ0†ïù;œÂqãHÚôc¦Óii3í�‹"+X`K©$“É¿ï»ò®n.1’vß}ö]é÷$¥9þRZ-èü’d5¹Î&o>-)M)Ûbår½¢,§y2ŸÏ)“Ó+O¹òÒé�ÊÏHºÕFÐ"™'K
+…¢�p¢RA9OïN³G[ôÁf‹KìÊò©tJE•ðO¼gNýÊÖ:©¨[·¹­çÚ)¬;¼~x°¥=?,¨Ï´WNQíUŽ*|P"'»W�k/kÏ{
+ìNXËÇlt±\&Z®Wø�â	±¶
»·”¢Ffw‘2”!½‹d•Ðg:Bm
íu(bR„É…Ë[ž[]*!€s
P(v·Óæ¡
úÒ�Ù‚»3mz€=ž¼­TWȇ›ÛAŒ�žî§¾–	O'hANdMy8¹?ƒ`£�»oŸÑN¹J{…žƒ	b=	e…öm?Òs”�Ô•؃Æ€†hÝ$­Ù–Z|…½R¦áÚ¥¨Å«@ÏZ4å+Y;D¹¥} Ð8vh”�ClqãˆX,¡öDç¼£h/øˆöQ°/ìžêáSw•R
@ÆRd9	)•÷D°gÌf÷F9Ò

,KêbôX#U0Éåù虾ôÅCÕHèÎ Y¨
¥lõ¶l 5Šð44PáCf¬Ü,µ<G4bòÐ
+c¹eœ2šz0€?9VO‡ÛËhbðá
+šÚe!̃j²
íBð‘(K@ÅÞÊ«ò›†k#óâH›ï,ÐTyFzò±�o>]´—È”Nn¾œðÑ—¡žrζ‚�Oü›Uöœû)Š„;ƒ�u3¯ä9–Ë FÂ;½È
+ÿËZO@눾êD2“C	ã4„=í™<9îC´|‹æý‹®QpÚL(u3‰@b‹»†0&�¡ÿ5×<a1¯4@{ÈÇŠ?ÂxèÞÖ›[�ð`8ê2‡'0vž
+ÌÌ8Ù{a¤*ÿiª¨”Ç
9î
e|�{(¢„G�IIàßð<ÙgåœÎse†—ùyúÚe¾nm—^®~$ñÃÛ«¯×WôÝÙG¼IôÁʺRB¾ÙYð¬95kŽMÿÇå¿\-“5žܼ‹5çÀsôcòY.jµendstream
 endobj
 584 0 obj
-1239
+853
 endobj
-585 0 obj<</Type/Page/Parent 476 0 R/Contents 586 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 140 0 R>>endobj
+585 0 obj<</Type/Page/Parent 497 0 R/Contents 586 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 70 0 R>>endobj
 586 0 obj<</Length 587 0 R/Filter/FlateDecode>>stream
-x
­V]oÛ6}ϯ¸è“$š$%}kÑ-ëÆm1�-щÔH:Nþ}Ï%)[öº
ÛŠILY—çžsîÇŸWåøWв¤é‚ªîêãêê»î©ÌiµÅ“ÅòŽV5åYžã¤šü¤vVxe4yC[k:zÝFP™åÙ+Ÿá¯2{½^ý�03*Š涼ËJš<¨‰wá©·J{i©¶8³Ô	-v²“ÚS#U�Ð;Y­'I�é%©®·ægï×ׄÿJ‡Ër¡åpÆ’•­NºF�Óm1�÷vGÜ
´Ð$_•óJïÈI¿ï:#ϩ³­i[s <BdÑR/|㲘Ô<%U–e6#NlƉ=	«�¿óýêŠù
-¤Å¿=ð	-r¾`v·ÄÏâÀ¬¤ÇÈø@UIóå<;ç|ÕÈ„(Àí6Yeô ¬è$t$gNÕÒ‚䲑Dµì­¬”ð8º¦ƒj[~`ehtÆèŒè“!m<í�¼àÌ7²#fYË~9/Ú6hï"ÕÀk{[."ër±¤ø…2}a‰„ŽJ\ȾU­„Æëëó ·á¥ÿt=yü¦ñZSEÓG�i6]f‹AÑÅüUR(²INeô#t
-ª�cê�sj\%µ€�ä¶äö}ol°èѽïÏI
-Uõ5æ;�1ÿyKofOuÔ»–N
`}Ÿ”®ÍÁÑÏ+Š•9Ôe‚qÃ&iØ€ZÊÚ%�ÕFKXèŒ5Ô#ÞÈ¥cŸÃ}¾MÕ4xèoåþ§LÍf÷âlÖ/øˆBfËY>»Èƒ6{?P0¼é�\Ðýkz#¸üv”
-ß”Ø
-=ã&|D¿y‰¯$Q˜Y-·ÄGO
Ÿë6¨Eïe×ûÀapÀÓé^ŸI<»šm’ú%
-’a¬>}U½ªu¤<Åú®­é‘ß!4è½cÁ‚ÇâËÑzÂí
-¼ƒ™=Äçß@fZ´7ñÆÒ׆sVþd`æ#¬ÿå³Ôû ÒP%G“„|ÄQÂ`D�Ù4ã<š[R,PÅà ÝúšÝ£‚ÇFi*
~ºØk"ÁÛÜÇe-u§@9ÎØ7VƼ�aOŠ%/ ×«�6<DÕîk\Ï„Œ½ÞªdètÐüwY`ã±Ãc†a2PŸ�¬†¶…¯`µ·–·£Û7ŒlÓîy?ácbCµaÆòÑ&>üòÄ-d�˜©ÅiÜIê#Ñ
Á‡ÃPð/
-`ØUVõ±|áÙä/xÀä/‹"+¨˜Î1%;*çSLÃø©�Ó‹W1]„=å4!bé¢_T­âìÙ¾Š�áò3Útï8nGÓ|q¼“oÆÓiž¡Š¢„á´°ØvGìK`ôk´@ÏÑËQ\	(â
-¬Ÿï>5‰UÂ;—èzî†'²¨(çŽq)âõ3iw"ДÖG¬ž£áù/vÐÙr¶ùõÉt‘.ýõê_‰;§endstream
+x
•WËvÚHÝû+j‘9Ç$0†ìœ‡g2c;N '‹q�Ô@g$µ¢–ÀÎ×Ï­~ð2™™ÛÇ GwÕ­[÷V?‹©�Ÿ˜.Œ(-Î^ÏÎz×Jú4[àÎèrL³ŒúQ¿�+içÍJT�¬iÑ}­ÊF•Kš¶U¥ë†TISQÌ%Q=¾œ}³+ÅC·RwG	Öꌢ8¢÷eSë¬M¥K÷ä�âØ?™\òs¯åR•%o°QÍŠš•´÷©–¹FžûÝŒÛÞ�}¤�ZKú¢ÊLoÝͨ
+q2]‰R™Â�*ª\²ldÆ»÷©\tk%ˆn§ÝO÷oè¡£"Ùe§÷>ÜL§TŠBfT©J>¼Œȵҭ¡µ¬
R1¤äãÒeþD>8¼s#Ê[Qn£9Ú6yn"1E
+Ü
K‡š-tM
+ w-IvíðЩå» [»ÃUë%uVMS½êõ@8¦¡‰ŒnëTö¥ŒJÎ.û‰ßbr�€1�ôgHžª.Ãà›ÂÓÚFÂÅ&Ë:p4]‘04mDݼÕé=G*ëszW¶ÅznÏ9É&�"pþ¡3•¨ÖõXÆÃ	ø:�PL@7šD±ÿ¶ƒn8æRï+Éíôí¨—¶Ü†hZH4ÿ�ba²2*TZk£M”ê¢wû@bbº–h
|,Ü؃á€8’ŸuâÕý{ðçø
ÜŸ�?˜D#¦ù~k1IÓTCo4+^N7Ê _@Ó77؆‘-8¤çßdŠ{'¶þ_íÃT×kBh~† ,þ½•­$ô§ªÚÜ�
(jÝ.�²¶F²tA líYn2ш9tÖX,M…z¦–ßôœ>ü¿�¶›ŒÑPÝ€Ül%Q°¨8—²$£.äѤº\´,±$æºmh³[ šÈB*¤€öB}p]¢Ä@³¦RÓð‹ðŒï­ª­äs:–5;å	(9Õ³z7ÅUil
Hy[/ë+m¬Õé:s�උp[-j]le*H$çŠæíòhgù>`ƒïì#…ž,D¶ïd‡’R
+:‘ÖR°ºv^h=ÖjÖUÿš]߆�rË$tj¸ï”Í0X{»Èш®�©·Ø.'¥~Z6
 endobj
 587 0 obj
-1179
+1754
 endobj
-588 0 obj<</Type/Page/Parent 476 0 R/Contents 589 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+588 0 obj<</Type/Page/Parent 497 0 R/Contents 589 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 82 0 R>>endobj
 589 0 obj<</Length 590 0 R/Filter/FlateDecode>>stream
-x
+ä2T0
-ä
+x
�XÛŽÛF}Ÿ¯¨##�Hê#ÀÚÎÎÂv6™Y,™<´È–D›d+Ýä(úû=UݼH#g7
<ÓÓ·ªS§ªNó�›ˆ¦ø?¢eLÉ‚ÒòæÃÓÍߟn¦“ÕŠúìƒ)%Ód² Ùj‰ß£Õl²"«iË[0‹sº°þþaFQDO[Ši±šÓS&óSzJGO{í4”U¥®µuw”WiÑdyµ£·O_oîâ°wt°y…%”Ùü?¶y¡ýŠöôQÎ)سÑ|L¦V§¹ªuFªÊÈíMSdT™š°‚�/[«#6ý×Ü$ëédM‹%\§’fÉr²£‚ÙQ8³Œ09t§q¸$¯¨ÒGüpµ*
+Uç¦r¢c©40+¯¶Æ–òw2ÕûÜQºWÕNß�LÓZhõ~Ö+´€
;‡vÀªÅª³1XÕ#/Ž
+FÙñ“óx2ÚÌæ`
 x¼ñÔ¹6ÓB0¿Š”¹YÔýLŒÓ[âÝ?¬)š1Ípcv
h¶˜Ä“hB­†ÇàÄoB¦7¿³Ù==§4Ž—ìÛ§ŠŒÍ<ø®9Œ­%Í¡0J¸i¶tÁG!$øË
,Wclñojªm¾k`¤’.S³ß³Î�··Ø"+d ÷ôð›ÀlÎpfæiö¨Ê�ºu`£R…#gH,åó	ë‘)'ÊKö@U5=û,zÃSÌ*§íKžJ®oNDÿΫÌ}yòÞÊzd)“ò`ÍKžáˆ€8ý
+l®±ç·­‡ñL
+tÕ4vP× s
µÂÁÁ·¼nYˆúdHÿ	7®ž\þêô` -oîøb>õj+�Öh\ñr…l*i¾žÌà ´Ìaˆ—kɹ3…Ò6ßÁÖ’VóîÐï¶Þ^½.ï�H:Õ$ÝóL:�8ˤ03Ø\ßP‘è@“»ø‹&*ô‹.x�¥‰æ^aÒ_„?kÇí¢ooÍ!CE
+ÐEñ*'^ÌÑâKŠ–vQF­‹¢—"7{€˜…Ž¼’
oµ/ÆíɃ³JŠ§Ñ$œ<c6F³Ìž‰ÊVÕ´¦^ZÓvŽçÑüù-!*4‹�Ï…WðŽ¤_em¾¶MÄûåZ�³û“•hÃ(Z1¥dÔ㔬/´!7u«ÿhr«Y2ÉÕ-:ƒ€{Â*©?o8ÆìlÆ1ênŽ1ŽÙnö*v÷ó ªƒ—¦úJy^*_�ק͈5¶®2ô
+�fð„°éJ0­á()©ýC3<}\³ÉÐ[ÒÚX¨uÉŠ8É“7¿K
Ás äxÓ¤ÈíP±¹ð’Vø“D\\@	ñVá	4°c
+˜tAq°îÅ›R¤�O8¯­¼_ôŸP�ý{­µåÐB5l4‹	xg·¼™¥cŠ™C$àÇÜíX‡²¿
+].Z,‘´y{>¾ÿüá=ýÓš¯
+Ÿ0äSˆ„Ù//cþ†0ú«O³%ù’eÉ”÷"	~¹ù/)¹¦endstream
 endobj
 590 0 obj
-130
+2102
 endobj
-591 0 obj<</Type/Page/Parent 476 0 R/Contents 592 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 147 0 R>>endobj
+591 0 obj<</Type/Page/Parent 497 0 R/Contents 592 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 85 0 R>>endobj
 592 0 obj<</Length 593 0 R/Filter/FlateDecode>>stream
-x
�W]oÛF|÷¯X¤/`Q¢,Ùr�°ã¸p
Ëi,4UŽäÉdLòÔ;Ò²þ}gDÙ@áÀ±ø±»73;»ú÷$¢~"ºÓÙ9%åÉõâdx{Iã-V¸s~1£EJ£p4•$øCåU^=‘¨h¾ UŠ¼¢M^gô(ÊXÐ8\üDˆ	E‘1ÏÂ1‚w)�JM+¥I¸c2R¿àb­è'‚ûÈ©�|J´U
•�©i•küiJu&i.ë뻇GªD)I­ì5[
gÑ :s9wÁù-®ÙE&UÙw¾Ý|¡Æð‰]÷¢O¾Fw<-²ÜP¢¥¨¥!ûb)’,¯$‰$QMUS^õ2s>Ÿk Íò#=^݇4WµDQÛ£™L5EJݹŠ¾ja
-½E$ŠEòܬÛzUÕZ…Ô¡Ï1>'Lá•1

-Û†m/	Zü´ªŠ-µíhï3å�£ÏÐ�ÒxK��½,hJJE-ba$z”Ðè®ê�îØWðÿLc#­šÂŠ“A#¹‘%�ZÏx®™OÄþ)Ó¶Ñ�ÈRøuqÂkm–"þëûï'ÑäM7‰"8YIãh^øO Ïùt«„nÀyœVŠ6bR—y%
-È“}$„ѹ²-$‡YõÔU»fË�‡OÙ*íS­qjËJ©À`*k‘¦¯ÉE&qÊ×ÜÔÜש|‘…Z—¶™¨Õ´Ößâb[I55›¿�œù:¼½õÖšçBkÀªzƒc–
ÅÊ‘¤Ô99gµfj-A*C-/8€ˆIFÁaáé¤e!!Šµ¨’=l[ǧÄ	}ßГƒu¦Uó”TÜÖjû³�(AY
-ü@®q}Ô[*öøeh]ÅüpWËWQ®Á¢ˆÕ‹ÜÁB+n^¾Ï[��ÂÇ•íùóücÎAYñ°ÃÆJÕr]ˆôûẸ¹&èu
ZsxÎÍÎXí{L[ÚÇÆH4wmÂ:�!
Bûè^=vsòm÷1ì]jöo‰G“½‚R+ü‰
-Ej{7E…mª×Øù°ÜÐö6×fÏrË.Ãá¦Ë `—âz�~·M&
Zskɲîj¶¦–å©Íèw9´Dm7ET†"1ÜœÁ¸¥Ëd.Ü#–Ó`ŒgQÑå¶_ÒÙô†o?x¿ÑåÔ®a»u|®6§ÞßpP(I[‡åc8
·ó½[£I¦¹]=µÃöh
-€‚Öï¡
+x
�WÛnÛF}÷WL…Q
+äZdaj�;âŠ)/´þhTŠi§Ó
[ŠJƒÄêÐßǾ$.�-“؇=F�cJä×1ep*yTX.â
+‹ð+Cå™°dQÝsIY²Å®·’\ÊA,µ
&„<Õp
€RpYVÂ)üÉQâèÚ€X™¢'Ä"’´¦(&Õ ×¢&Mïi6ŸL—7sºžO>àcüa<¹_ÞÝÐíýœ–o&¶¥ñ‘3#_ŒOÓ£;Ð*!�ÙØãoE¼±eoX/húþîŽL
+Âmì…0Ô{Ëô\pjpŒ!.y"@å¿DÂPbºluÑîsn�Æi*£�M"ì=*tÆ*Ûv‰ÞÉ$emâ„‹óýVù[¤ƒÉÉÈ9�),RQ³nS¥‚1þÖ’LA ÅÆuÕÖm
5(o¯×Ò*ä�}5ä‹8F�D¿	”Ù…âIH0-gƒõ—C1;髵ª_à/ïU±I!¡28µB‰…Z‡2©ù\AÀº_³x­­îÚ>
+É3‹�mÛ,Qî! ÐPT¾‰/\R,¡¶—Z7±Ìµ*Û4Ùmæ9Os5àJÇ@|§Èîx'ölšÿStTô³Ò�ƒ r‹s£#bp…Goû×4ÑÊÃt»v—ËÚߺåË:ƒ¡‡ê!öÍÅøíå-HæB½Ö~ÆY
+ƒì»“
 endobj
 593 0 obj
-1546
+1803
 endobj
-594 0 obj<</Type/Page/Parent 476 0 R/Contents 595 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>>>/Annots 154 0 R>>endobj
+594 0 obj<</Type/Page/Parent 497 0 R/Contents 595 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 94 0 R>>endobj
 595 0 obj<</Length 596 0 R/Filter/FlateDecode>>stream
-x
�V]oã6|÷¯Ø¾ùŠX±ü!ûèCriŠ¸ÜµP½>Ðm3'‰.IÅçßY’Rd7è
EÈâìpvv¨¿G)Mñ—ÒjFóŒŠzt›�~ÌGÓdŠëü’òËo?�V‹dFÙ:K¦TSºÈ’uüVÑ#/º¾_PšR¾\¶^Q^úõSÊ‹ñƒüê¨Ø‹f'Éí%½ÉŸ¸È˜Ëy²8Ǽ`avt}?‹U"ŸóBtÔæËÎèö@?p‘
-Ñß',ª(Køg
QKÒ[ÿ¹Ôµ
-Ž¥P‹ïb焯z9 ïÈ
--:"cÛ£lY²ÜÁ!³dšdWP°ªô±³MÜ‹ü
-«@–Ýr&×’�)ek\îbŸHŽRK›PÎ{ŠåI*¬6´1èS!¬³ðe‘¿ÿüðH¥pb# \ç
-î~ÅÖ!ȨoìpVXwÙõ>�Œ´N’1ì¿Þ
ÔÛ¡!쵓�O**…täðDgv ×Zœ=+œ„­QîôËž	h>Ÿã
`±^áÂŒ¶áô_ÇÔN¥ü8�ƒððxóáö†>ý„ãæ*Ú•aBÝ0ú$¬š„eã_Â!ÊÍ£�йo©�’Îâ57ôó·‘䯣
+x
µXïoÛ6ýž¿âl˜ÄŠ$;¶ œ5m3´I»í
+³gÐÒE!cº{l”=wgÑ"½·à%Þp4Ûçq�ØðáŽÔ�ª�‡´–YÖýZ¨uA­V¥Ç6-ipÕ½�7p
MAŽ_ŸRÐoèà‡Þh‡/ôzMVe©th™Ðh•ß�&tã¶õ®Í¬nÈÌê\L³bZ€9`¡S#ŠWð¨],ïe¦ÊL¢K$<ù� ü°´ãKA°à³i°ÄÑÑ`޺Ȕˆ÷ã›(M�ïÿféàPâv>XÂpàZTß|b3FårÍ8I¬¿®…®í‰Gç,5ö_&”+þà„¥Tâ&ÏN¶Û7Á`ètÒ!3s
+ƒ‘7lFMljbxŠÉv6@$ÙP›‘’98e>²`š‹mŸ
+ƒ®¸¶È6Úãœz�¿ÁãltÁ‚¶âpÒˆƒƒ¿�P—Q�-ˆ¬‘Us‘ÊsQÄ–ã›C­ìì(N‡�ûtǾ5—)+ëOs’BE©¨¤=©[cبÄ:­–¨“©D–á„z[“s‰Ê2µfRá*åƒÈËÌ2i©Ö°�ï 
+ò
²
o‰]ÊøŒ1¿öé”s  nxbï¤óñLgã/•j¡¨û�´RÕ¯FFØ»JdC
ÄÚ
+\Sj¢3Z¯§(”Ø…Þ
åƒÚX8‡"`»†ÖªŒVèâPL®KY4N]<Ì;œrØ
+mž¿€Y.8qžðÍ+ŽKw·su
⼓zÒ³å�Ð|Ô]`mú“=n/ºó^³<j–w‡à‘ëŽçá`hçÑg ‹Ã]…}|æ48Ý¸¢·†9zŸpg²=ÆìIŸ
Øsxk{ŒFÂG?Кm�¹•é£+Ûîm�1ÛclÛÙ�7ȶÍpqÁ
áÉNBØKFœâ
k×5)^Ò£¬Û¼ÿm1æfjÓ�?Z¼vâÎN\G}”ÛÓ!>rêì¿4�R;ßNG¶0o_M—h5�yÆÝEC9÷bï3�½Ûöù˜MÎB˜|;]^°¡Éí`Û¾îžoíÖ>b6ï¢Ë\lÞX̽j’Dö÷Æ{ŸFuS´õù›¾|…WÚRÜ#.Ù¹Ù
+™‚׿›ÔB‹*õ•ìbÓ–cFÊ×éÒ¡â¡y4•Ì©N¹:›œ„µ’óXVѱ݉r/ç8EE	ë˜GÃI	žy9�.v_éYQL¶OE[`ÛÉѧ%9õë”
3	­rD¡nŸ� aÖ.õ[ªÛ×25èÄì‹ÚŠêQƒÈõæ¬Ò¶CÞÒ²Sk¤66Y;ì­ƒHò7­ð¸˜B67Ý{ûD…–¥à—t÷ÝP?[-˜Ð.¨Dw¯(SG˜1(oάu,À‹Ê^)ÿ�
 endobj
 596 0 obj
-1007
+1839
 endobj
-597 0 obj<</Type/Page/Parent 476 0 R/Contents 598 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+597 0 obj<</Type/Page/Parent 497 0 R/Contents 598 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 103 0 R>>endobj
 598 0 obj<</Length 599 0 R/Filter/FlateDecode>>stream
-x
•T]oÚ0}çW\ñ2*­,¤Q¡�6iÒè45Ó^úbœâ5±SÛ)ðïwì„nE¼LZ‚}¾î±_F3JðšÑ<¥›[’Íh™�>}¹£4¡¼Ä/·óå%Ó$Á9yÍV�ÐýRº0{‡•øem¡´»ÊcwF³Y¿û:]LSìŸl„>R˦­™*ñÊ$Ü3dy'l¡ôŽ|Åä¼ðL¦¤HòÁ‘تZù#yC­°^IÕ†J“¸D?
ô	]ÏnzÒ^kŠ/*`�@Bz� áfË–ÛWü
ëf-‘iÙ
-$‚¶Q¨6–4ÁEc
->±¦·Ó,XÍ+¶Ðè¨édEÒè²sÊhÚ²ß3ëèT*+»~µd‡'Â#Š—Na£ qdGð`3}¦õ*F.h_E“þÇjeœ')¹½ò²‚N¸÷B{°)Ñý%ôÁ)¤zkêi@½Ñõ‘4s
 Užâ>Kø!§åz¬‚ž
-ŸH)ÎR4L=0h—G*¸]í?ö1÷ž°ö�@Ú«ºF
âg׶ÆúsBö˯ßcù·ÍëŒJŒCtàÔ(Æ‚¨1ÌÍ’G’µÂsG.Ìc?•öî!²i…}W*,
Ò©^†ù4.è„Õc¼ïÓ…RÀ·®—[Ä΋�5440Ôs˜ø0�F¼ÅÅÇ—0†{s¦ýo©™§™ä8pqÆ|�ÜÆØ0õXÅÈ8~ìN®Ø±SiMóÂ
vèŠh¹­…DA¶Ç3Ú y|/ã!Y£ÖÒ{¤ŸP‰£‡ËƒV¦i;�¯cÚlVô4Ù(i�3¥§ž1�UÚ™šŸ®¨­»�Ò1ÖÏù×ew7Óe‹9þOñFRe{-Þî\Yÿuweó˜a×$K‚%pýý
À˜Ÿendstream
+x
¥WMsÛ6½ûWìø¤ÌØ´(Ê”•KÇùpë™ÄueÒC.	IHHB
@Ûʯï[€ h%v;ÓIb‡Âî¾÷öíêûQJcüIi6¡,§¢>zµ8:»šRšÒb…'ùÅŒ%�“ñxL‹bd�ª*j´£R®T#Ë
Ic´!½¢ãË¢�ÖÒÙ(Y“²d¤k
^$§Ém$•’�Kˆn´“¸#œ¿ýbñ�']à‰²¤­Q�“†�é4Í’	rm�^Q‡ÄLGJ>È¢uÕ6¥4!šÆ	ŽsóÁuÓÈ¿b¥9ñ…àRFU;d4jE¡[$É1Þ.Ž¸z
¥ü¿¿¥é,É(ŸæÉ”jJó,9ï®*úȹé‡Ø-6ÒHÎSP¡ëm%k
+qâË)ãëêÝí"}yâ1Û‹ôõŸïq“®®ß½Å/é
+@A]îuk!±Êj²íÖ‡í¤YÈ­W*ß$W†´�b€½Úqÿ‰¶r'¤›jw]7{Nù0]Ôè‹ã
+lâ€)ãvi{gùöY<�WÔ” +(¾Ã¾Ñø”I‚Sè�‰DïáïýFr©•^«BT¿*€S÷¨uç\5 VhY/~D8!* Ò¢¤¥¨DSp? 7VBU¤¡1/ûAi×+Úépz@ #ØßÁÙK½•�Õµdø­nN<PgW0loÏ#[/“B7+®
>•Íæ
+âÒK'08—îÕdüæ­
+½¿Ì(�ô7€xˆëÌ/눲íA
û,¥sÞŸ—$/¤ùO’œ$ô:âýçM ö¶£ö	….@<ÎC€({–žà……¼”;
À<�¶Ð[É-æx�Çî§/£Þ—"Ó‰{ðÎ;€Íï[½Eì=¢Û0ÎàTk^Õ÷"ÿò†qÝ�ÝøuŠ‡Nv 'ß~À øú‡Únyh	ƒ5¡‚CõT›0ž°R•´Xž$D„·¯o®¨»Å¢áo
ì=•¿I�”lvKl¤€5Jj¨¾¡Íýfð¬
åç¿ ûp¬…Íù~{T›ŒF¿;–‰%O’î™ß~¨;žêß[	·-éNau(–B,·TËb#eklŠôËù
ºQ>þ‹[“G¤¶Áð
 endobj
 599 0 obj
-670
+1730
 endobj
-600 0 obj<</Type/Page/Parent 476 0 R/Contents 601 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 163 0 R>>endobj
+600 0 obj<</Type/Page/Parent 497 0 R/Contents 601 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 601 0 obj<</Length 602 0 R/Filter/FlateDecode>>stream
-x
�WÛnÛF}÷WÌ[U@¦u·\ (’8)4N+pò²"WÒ6$—á.m+_ß3³KŠ¦Ó>AlÒ{™3gÎ\øílJü›ÒåŒæ+J‹³×›³‹wW4›Ðf‡•Õåš6M’ÉIG÷‡#Gþ€[í½®ñ¬Jr:mjã�ô+ë]ÿöóæoÜ´ é4Üt>['3Ü5zÓÔµ.}~Sfez‡ñ|§Š­Â‚våOžvµÖt´
lAtP¦Ü“·”ÖZyM¹MUNŸKóD
옥ZWµv°
-M�êHÊõö]-ÉÖÝ©«u<4�‹`KZ*×SÄl¹\%Äl:›ƒ«ðÖÅl¹¼Äb?�?æZ9
¬;Î೨Šþ
¸o9Iæƒû:îD6à."�ó[øO`±Òõ¿ÐN;8lJü, PQ¬pØxT	f7Ï�¶œÙ—ôùöæ/jDÁÀž¼•à–.6-ÿ ÿ:›Xø¢Z¹„BÒ§,N$¿zPò6ÇKI™~й­
-®&ÛZ•é
)mK
-É�1ÒºÁ¥ygw½>Y
-Màtb‹z_î9-Ƥ}šÐ+”q,#`}SRÝÁêVÀ
-ïQìõ“×e†âùÛ5¾Á(+ËÀºŒCìWì2<¿bR
-Ã1q¿#UU¹AÛá6’é„P
-¿!⥎…®ë;�¼DEÓ
³8±×.×\™¢=UŠCìûkÞV¥_CÕã
,6ŒOœ¼1N2eökÞiLÒÙ˜
-õ•U£žÇå-¦Ê¬@–UŽ
‰ÉÊ‹µR—¦¶%w^dµòˆ:ç—0Ãm|àl×g/Þ­zŸ#±ãÞ~ؼý…O`(�_N“%ÍæWÉ
-£Ô_,«øG©Sq�O“5ä	vôç*zÏr'9„g¨'³i#s†>‡|«!ȪÙB˜‡“^îõÄìÕwS†Iy0¢óœJ˜²yº·uÚY7�u“l›ÒPs¡#Lû4“9£ 9uá…=ë½ÂmþOk½×‚Ö<â�Öz¯˜§—Ï.寅[;)Npz8&^[‚¤àíÍÝ’Rä)Qì.蜓êÕº3]�ÿ`à^üGªíÂìº4>[ÿ÷÷ëâr�(ó
£Å4jäϳ
+x
�W]s7}÷¯¸“'2
0œ—Žãĉ'qãÖtÒ‡}»/ÒFÒB˜Nÿ{Ï•´|¬=Ó™ÚÖê~œs
¨�ï
M†t1¦|}önvöavÖïM§tx±K|èÓÅàª7¤Ñt‚÷ƒ>¿·’|§°³Áóç·#h¶€ùñtB³"œ÷i–w”£B-•e¹#§–ZD%裮>Òv¥òåBÓ\Rípè
m¤U‹ù•ðT‰üI,%f«K#
+¾›"÷u0éW’Œ–¯gßÏúÔ\ ÐYѱr!­Å³JÃŒ¤»ue•öˆEx1Nöˆî<â‹ç·ã‡´ññOMJ$ž›õZjöbò+\t2¯­ò;ÊW2"Ž¿PNÌKYôØB@xŒ/€`Äqˆw
Šç·W4%̆Œï1jãÞEoÔ£‡®ƒ'¼2šnJ%u+@¤=dÌ;÷Æ•^»ŽO[¹¶PzyŠ�:¶˜‹Ó�P%'�P‹8€þDíÝÍn§ûéë·Ù×^åÚÀ-T°•—5C·U~Q
ÎÔ6—
Å
5NfÜ.E'$ß<úRÌ`EºëÖgí‚	h{oC€&OfA̠ЕJKz�¶$—[UA1è<eÙ�ôPì>Ž'é°‘ŸíA€‚gŸ!SAK+*(Y”ÇK»HB鞸®þ§ëîp
+‰ìóbl^‚$ë@ðs Ùkª¬Ù¨8	ZK¡1?jiwÏtÑÔ0³(A6A‚á9*,(+_ñM é²O•	7!qZ›B–¤3#meYòïÆ9cÒT21)‰
+rùm=§�£
+\¢Aâ
 endobj
 602 0 obj
-1634
+1527
 endobj
-603 0 obj<</Type/Page/Parent 476 0 R/Contents 604 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+603 0 obj<</Type/Page/Parent 497 0 R/Contents 604 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 106 0 R>>endobj
 604 0 obj<</Length 605 0 R/Filter/FlateDecode>>stream
-x
•�Á Dï|Åë¡i½Zm<jä°R­)E±Fý{©ÞMÌÞvvæÍ^	‹Ã‘LjGšdÕ‚A7QQy
}
+x
­X]oÛ8}ϯ¸Û'ˆåXq줤é;):cŠÁj± %ÚæD"5$'ÿ~Ï%EÛQ;À<,
+Ô¶H^Þ{ιÊŸgSºÄ¿)-rºšSÙœ½[�Mîoi:£Õ+ó|©è2»¼¼¤U9šg³ŒÎWœ�ÔÖ
+¯Œ&ohcMCKѬåÙeöÌÏò,Ïžyëä~FÓi´7ΰ7ú¤ž$Ö*í¥¥Ê♥Fh±•�ÔžvÂQ¹z++*F{I;ÓJRMkÍ“¬ŠsRšøÂOËvŒ%+k)œtÔ$ÿØ…KO¯°WW…&ù¬œWzKNú®í¦+´1umöX€]QS+üÎe½™°™oJWfk_œ}’$ÈK]I]¾°=‹0š5\ó;Üã`ÖÒŸ�ò¼o¿SµÌè�ä³hÚZ^�Ú`!Ùý²êMÜgP„÷¢Ü
\"Ž°Ãa�aÈÓ^Õõ©²_$>N?ý€@ôñ\Fô[N+>ËÁÍ‘Þ�q>�ÕˆGéÈumk¬á=,ýú>Úe+­qN­9¶uçƒM:Ä]G·¶V>)Óáé™®!Ÿ5[1Ȇ¶P!®ã!Böä�h´tJ¼�’Œ®_HËR:'ìÃþb:¢½€æ`¥s’£ÇŽ=̆ˆ¾ó	’e«›N—œ¢V†tä¢8¿ 
+:ÑÁ�•[H
7=Ê ïœ)•ð o¯ü.ìn&†J£½PëJóÅ“{$hJŸ¤âÿô¯ŸŠbùûrõŸï;k!Ã÷8jM½”�â÷¢øÊ	öŸh)%âd¯#¹Ö˜a²T)‰ÓÏ£ªÉíLWWƒè×Ð’7má7Ì*Ãp@çîíw.§Œyÿ¶(¾}þòeUôϸkÚ6Ø>XMÅõù1ðdår	ìÛ 7+åÊZ¨FZ »6P™¬Tà†7�ߢ�´2¨çX�Fô±
++7]}
åTô¨‘ø{®K¬	¬ÄІªcì†ÐE°ðXé¼°Ì°ØpicS¡>l”VŽ—SÓ<EÌ Ù%
XBG—A§UH¯õË
+7—±C&pÑ6§·¯:$K#6Þ5ë
+¨7Ê,¥„‚fcËLDô¦/˜iBV8Î/ŠÑˆë`aJ8‘ÚÞØÇ„ƒøâà6¹Åkj('Ô&mj“VúHR“ôhý$ª'ôLŒkœ”ˆ"Ñ?ˆ#4ÿ‚t>B
&T”(AÇ‘ŒO!3ŒVÓ.ÂOŒx¨c¼�è
Dve•Ü+}ÛaÈD¢òy/›c%Áy:Þ˳ËwW3õýlŠ´âÛVÞ…&±
+
SVÌÒ
+Å´ìÃ$Ü9&,è&Ž£P€AÚÉ
++š‰0˜­Eù¸¶ÂÀj´j­ÂÌÂsY*5líûXvzÞpo�öù`˜EJ„z»¿òo@C@>úõJg×9ñu	I~�Í9G½Êúúu2$¢f¸î£½Ú¾©„é´õ| ˜ÇCÇ0Rin,ñ=&â”͵Xò � s¼~geŒú`öÈW¯¤§ÚjÃU��(뎇i¾òTÔá|Ê‘TטñÀ–Òï¯Òóê6”®Ü0½Nßs¢õ4KŽzyÆ¥ÄÇ(äšÈ�³¯Œ³&�ÇíLÝñÌN´´r˜¤S¡ãq÷õ'ab˜‘ÅÓ>ý`ƒîô,$ìñ›ðu¥U-F+¾ðÔ˜w1�ÔóGÈý8ÉdR{m[þp/î_‚xv”>ãÝ° ÷Ol–…g‹¯†‰)�&®æ˜ ò+PÕÐt‘g·ñG§‰ãðöÛ-¿Šç³AOÚyß¾�Løõ—]ÈT_J¨w+3LϾüh)|ƒ%p‰	=È ¼eþPdID'"»é{ÿôêÞί¯cö.ïÞÝÑWkþ�¥Ç,Rvü¦Ò‡ïOç‹lJãEÆ…ðÇ‚¿ÿw‚Ùb†[ÂÉ«ëË_Îþ^#Eendstream
 endobj
 605 0 obj
-162
+1870
 endobj
-606 0 obj<</Type/Page/Parent 476 0 R/Contents 607 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 168 0 R>>endobj
+606 0 obj<</Type/Page/Parent 497 0 R/Contents 607 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 10 0 R>>>>>>endobj
 607 0 obj<</Length 608 0 R/Filter/FlateDecode>>stream
-x
¥VMsâF½ó+ú\µÈ€ùrn°Î&®lXo¬Íæ@Uj�˜x4£ŒFxù÷y=’à¤*ÊM÷{ý^wÿÕPšénBIÖYÄ�Û÷4ìS¼Á“ÉtFqJý¨ßÇ/Iw!’—­³¥Ioâ?qrBƒAu²7œECœíÎK¿³î»‚–ÖKú¾:7ªÏu)Þ©‚R›”™4žðYPb³µ2Â+kÈnèAìUJaŒ5¸æYdkAC\þôðž~úô5þD¤äw²zÆúÔÜUñ—1=ØL(CæŸ#ZX¿;ÆC4'©(sé)S™Òú€‹�…52ª/N¢ùMº¢N©Ê!wÊ:ò–œÔR2$µ)eÂm
@S"r±VZy%>(O‚!~U&µ¯à$¦QÔ§'§ðΡNôÀ{k¼³ZKG«.0¯n"m’6øѾ*³%Ú”&a¾b¨ØÙR§ôjÝ
7¸Šú5ñIM|¨N¯�¶N¦t^™i4k9L+µÝZS ®»
-n¬ÛE뻂à<ÉèL,‘V§Ë8ðxÒx�
-œ²W‰¤=4%V7Wicž¦¬ÔJŸ{%Û_Ø¿#¶øÏƬ’¿J4s´öài£
-CLCËÏÒ­¥³à‰Iá÷÷’”“‰·î°ºy#±§ªaB?0„?–àh÷ª5³ÀPtI™Ì!ÈP4j`¸�—{’-½V¦Q!�çU¢�M¼™ж“x‘ÃJ‚żM¬ÌaäÖ�¥Rù¥_Ýýp7T®¥—ú@©Úlp#FWhËxÄXOTpþ2Ó³±k)y¶m`@¡qMù3¨Âf’È«ì˜~Ó?ƒÅpu‚p�³0ê¿£W¦0•˜†6˜ò‡š0ÿÐÁéꄦís¼°
-ãi~
-�OB?àŸŸ�|=ÂÌjëBMÅ0Q4¤<hö„9Ã}§à±Èœ$ÖlÔ-Ÿ/+@Ð'úqTmAF*¬í› a' E†aû.\K¢þÕgÀ?Ä^kÂnCþôë��»)�çÙ
+x
%ŽÁ
+ƒ0DïùŠ9ÚƒÛ$†Ä•¶7¡Åü€�Z44Xðó›T–…av3&Àã‰BÃ-¬¶ìf']^HA•&j7Óù|/!ì¡
%”Ãöˆ�ÂemÕÔÁσÛpõî»ëÖm“_OvfùAå–iR„fz‡ÿ6�1øm·¼ºK{ò$IÚ­Œ¢26¶}VèdIJOö�ò1ðendstream
 endobj
 608 0 obj
-1233
+162
 endobj
-609 0 obj<</Type/Page/Parent 476 0 R/Contents 610 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>>>>>endobj
+609 0 obj<</Type/Page/Parent 497 0 R/Contents 610 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 113 0 R>>endobj
 610 0 obj<</Length 611 0 R/Filter/FlateDecode>>stream
-x
]RÑŽ›0|ç+æ1•.
¼^r=õ¥ÕU‡ÔgÇ,‰sÆ›³M#þ¾kµ§
-Y ÙõÌìïY‰BžM…ÍzÌv]öù¹FY¢´mt=Š¼(
-tzµg7˜ãä�;"ž¯j<(<ñ¨Œƒ£gkÉãSwÎÖ²®¶y-«*_°•›¼JÐÞ“Š‰hTúd!ú)D(­yr1
+x
•WMoÛF½ûWÒH”HÙ–¤ì8.\ÀrÍ¡êaE®LÆ$WÝ%-ëß÷Íî’’(ûPĈMr9oÞ¼þ{Ñÿ"šÆ49§¤<¹žŸŒn/)Ó|…'çÓš§4ÇcÜI‚/™X×RÓ4$#“Fçõ–~¥T•"¯?�¢\
+ŠÃ×�óŸÖPtê
'QÃT0
£�þPy•WO$*šÍéƽ¾Éë¬3;§EÞ@<å×ï*R:E+¥I¸ãÃÁèܬý„io×…5 Úª†ÊÆÔ´Ê5þiJu&i&ë뻇GªD)I­ì=›
+§{Ö@Ko£ÞE
+´°ö=1ùõ½ð˜¦æ
G×7_Þ„á8$œŒ½�]ûåé:¬m¦	¾�L­Ö,}·¦B–ªBðœŸn\S$ª,qýé0
+¤ÓÒ@+Uÿ⣉ڢšr¹ÆlRþ$€HCÍ¿ùC0÷¡6°h¯è»ˆ­
;:‰­°lØÆñ” EÀ§UUl©mGûœK¾�¾Ùî”Æ@[zõØ󂦤TÔb)ŒD�ÝEÒë
+®ñcš$�¥USXòor h$7²$”Ö@3Þ‡«Cæ“UO™¶�G¶„_ç',ÓV«)⿾ÿ~�^¢é&,¾%ÅÑY8õW(žû–	c<ˆ­àíäRŠ6bR—y%
+Гu$„й°-$‡^õÔE».OÙ(í)„ÖÈÚV¥T¨`*k‘¦ÏÉy&ñÊ×ÜÔÜש|‘…Z—²™¨Ñ´Òßâb[I55‹¿�N|Þ^zkÍs¡`U½Qc¦
-%˜#3P©Sröjk˜©µDQÁ %Øò‚IJ�d–‡¢–…1h©E•dèaËØ¢8Îú¾¡'…ƒu¦Uó”DÜÆjû³�(AX
+b>‚㥭uþ‚¡Ê¶G·;:wJs·ÛKÆá«…Çcç~¡Ô³¡"fBçÆ»�÷ö?¶>ó¦òpu7£ÙÕý×ßœ»nÙbŽnۃϴv%˜
¢£W
 endobj
 611 0 obj
-401
+1557
 endobj
-612 0 obj<</Type/Page/Parent 476 0 R/Contents 613 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 215 0 R>>endobj
+612 0 obj<</Type/Page/Parent 497 0 R/Contents 613 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 120 0 R>>endobj
 613 0 obj<</Length 614 0 R/Filter/FlateDecode>>stream
-x
•XÉrÛF½ë+ú’Š\e’ظÅåJy“í‹ìغ¤,†À�DŒÍÀP´òõyÝ
-tVJè3s
-ÃAÛ‚QY¡¡í'·Ôp6:'+Ófçˆh„¶@8,;0JÏ%R&7žýñÃÛ=þ�œÒÜÁe*ÂY
-,š€—tñðaÜ”ù®øU0·/>ݾÁO¶ÉÞöÿ�Ê=ü³ÍwIÄž©�	E6ƒð	OòžODI«2߃õž‘ÎžIià2ᬑÖ6g.®l³hNôƒ–üp"rÁó,èª�.ع®³ÀÕJ—uËy�Í¢Ôk]òq·†�'õQ÷â*XpnJiéÂ+hFö=YsûÏù\Ô
ˆ0 x>•ƒÔÒÜõä Á'c¥Ò!j�y<9º¿Nw¨;~¬ï>ùþIÏg�'>“0	DÀø=—5»ŸGÎ øîIèHxåcaàñBUNS„Äu
…ãû..uª3C’ 8-õ ;Kd„›Ëé6i
-˜PÿY8Ë4Þ‡ø®`j[•7·¯>ýýñîý‡ÛñÖ¤çæ‡qm_CÀHlæÕ
‹š!ûzdÄ­	xõëïX¸/_à5
VÓÚο®þ)*•¼endstream
+x
�W]oÛF|ׯØê¥ja3"­/ȃ?ê"@夵Š húp"OÒÅ$�¹;ZÖ¿ïì)Q²‘…
H”ÈÝÙÙÙ¹Õ×^LCüÅ4MèbBiÑ»^ôÞÜ�)Ži±Â7“Ù”
£ápH‹t`eZåvôŽ2]Uþ´øÒûeÑãü]ó»?~íMGQB“ñe4¡‚âÑ$š5W9=„,£C–É·uóÜËgGéF”kIn#©IÓ�ƒ¨ã‹htõ‡YÓ›»¤É½HE[m×F×½ã4‡þ�ÑBP®JIªô þ^çz)ò¬8¥ñ¡&#EöÖÃ=Ðxî3Ÿ' ]dƒN>ºý0çœoîÚCÚß',²(Køg
+JQHÒ+ÿ>pO[IÂHú¢U©Êu´giœDSφÈWP'QÜ\5Üq{0‡Îþ¥k*jëHäVÓF<â+a�×IÓï†Cði�O‚Ká¨qƒì49É25»ÊQ%¬?™ý~'¬tLx öŠì¤m>jp»%¬´¡�®
ÕV°ªùáó
+gžmuàwãË®¢ïT)ò|wF"Ëèó
+�©ÕîóO$Zn»¡Àm2‹.›4¸{�o/ÆÌüQÚo1ß`>…µg"6OàèÿÎÀw‡ °¶WwÛé}^ž�Ì/×·7qóš„þ¶ÍìŒÇb#mÐ?OGeT!ÌŽD™ÑR¤�˜æfHR]:£óœ;þ Š¥ Úª<'áœ, 9´˜o©;ŸueÀ�¹UˆWOÔó±È!u'�香U`Ìb�ž&:¤Bìh+J���ØÆð0ò¹Â,¶Oœ
+
^Ç&¯rÌw)œz’,Pµòà<0[,3.ña÷<Ð0el;¡Oî¡Â™ný‰àÙl	Ç£`‹滑cÀg{:@Wä	@|<¿”ô6ˆàp,}CE?‡{_¢ÂË6:;£íF¡E[x¬bydu*3¦;($‰p ��Á<×ÛV6M-òR
	L»eO.$TÊøH¸“:á™–6¢×Ô¤'©ð´¡¥AŸRa�…A1Q^ðéýýe‰¥
+C`¤½fZ‰:w8k5�Ñ#€á°Ž�[W•6/FWºë÷<÷‹ßæO±Ÿ€Îl1Õhfe¥»ýdXîÚÞªæòÙ‡ XÁ¾B�Çlü~'OªôŽÒô§ðƒæÔÆ
+1ŽõôŠ(È:YÙ
+8VÖ[È:u§ñŸ@‰Ñƒ’éFU�Ëöi>¿Áò5W©ÑV¯…ŒL4î*­Î%ö±*¯alžÖÆÂf—p§×lÖì�ñdŠ%{šàGRç×ÒÃÕüúŠ>ý àZ˜Cd„ë’k8O�‡ÇÿÑñFø51ÃO38ÝÅŒÃ
 endobj
 614 0 obj
-1569
+1534
 endobj
-615 0 obj<</Type/Page/Parent 476 0 R/Contents 616 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/Fc 13 0 R>>>>/Annots 222 0 R>>endobj
+615 0 obj<</Type/Page/Parent 497 0 R/Contents 616 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 129 0 R>>endobj
 616 0 obj<</Length 617 0 R/Filter/FlateDecode>>stream
-x
uTÁr›0½û+Þ‘ÌÔ0rt’¶ÓC3mC§�iz�A8d"’h›¿ï®ÀÄñLÇöiÑÛ·ûžöi#¢OŒ<Á&C¥VWåêíûqŒ²á­¬ÈQÖˆÂ(ŠPVAù a¥ù-
Ôhì8Ú8ÔZ‰¶G§º·€èk\”�„Fø-øÙKç_ø5ŽiØaä´YÍo¯ó°À:É”ò÷I–ÏpÇS>o„ãç´öŽ˜Î¬”°Žï�þCÜ
"ªMMO�6øÞö5í£êZÙ;8METÂM
-RŽÕ·ƒ¨äýÅ<ë‘·Æ®&.›°¾y¯›‚IŸ—Š°-"\a1y¿`ò'K…m^žÄ¦ÂŠØåŨ¢VDp$
팟§¦"“QÏP~¾·ÄoÎtíÝ=ƒžâjºy…zº¦hV„ùÿrz)çÌò<çìdLey¿¼îé‘3]&µ+Ý7„Šg¬7zÛ“ÝÕ⹊Dvl7�›éòî¸e¾[kÏbñºuÏ�„¨*=öÎzßOÄv›SßÓ"§²ú‰fš!Å|�ã,y¾Ðô8#w»OW;|6úQVŽòWãr¸¬õtj=®©šö0fËnš.ÙÌš‚Î讓†O¦Ä¼ ‘F3!Íf�¾¬þ
IXZÅendstream
+x
�W]oÛ6}ϯ¸oó
+Q­lB!é3'’_<	y[àAS.Ÿdaª’«É¶:; ¥�¤§Xixo<ˆÏ¶qô¬Šo<µ‰8ïî±Æè$žœrÆ¡@mp§ÈŸ„vb/ÙýP7Îr’²/À
ôÇ°½«?8ÄrHR ³3½‹ð}¼KJ»†e\*_D†ªíÝîÄë‹$ªÿIÞ!orCÊÅzë©O«�ÕPñ,ió‘Ôˆ²ª¸®w>�«äR-/{P•åÝ£éPX¸HŸG*‘ÉØ÷�Ež̇LoA(
¾¡=t´„LF½ÂÐyŽ×q²GB±òªw¸=}ý6J³×‡M–™²Š�
¯
µpã!+.*cÈÉb—Y´íç»–Ëî�:îˆ ”æà%åB–ÀÒËwhôSß ¾JYÁïÌ Ô™¯a¦’h!¾,(ëi„hàÎç0î*þÄwrëŒö
+a’Ì7VŽB^sË÷\ö¶œsv
Ê­ÊjcÍÎ
¬w
öAÉ’:c¤uƒK
òÎìz)|²
+Màtb‹z¯÷œc’.Kè
+eÛXß”¯î`u+`…÷(öòÅI�£xFþv�k0ÊÅÊ2°îÇ!ö+vž_1)…ᘸߑ¨ªB¡ípÉeB(	
+?!âÚÇBÛõ�N^^EÓ
³wb/\®¹~ŠôT_Ôbß÷Xó¶"ûª¿ÀbÃøÄÉãä§Ì~Í;�I2S)¾²jÄëX£Ü£ÅTEƒȲ*0 1™Ay±VJý¤j£¹ó"«…CÔ9¿<3ÜÆÎv}öâý²÷1;î݇ͻ_ø†ÒÙ*M~ì]c”šOטšxP]S¥NÅu–â¯Óù
+¿ý¹ŠnYƒAîä ‡°†zr“5~ŽÀÐg‘o5Y5[ópÒˣ܂˜½ø[é0)FtžS饛—GS¡�uÓX7ɶ)àjáéÓ>MgaJœñPسÞ#ܾÄ(~Úë=–´æéú´×{Ĥˆƒþ¥üµÐak'Å	NÇÄkÃBð)xwóp�¤ôòôQì.èœóÕ«uÃîšæ€�{ñ©¶±ëèt¹Â8¼šâûµ÷!ûpuûæŠîkóýƒaˆŒŸ0Øêy8uŽýŸÏÞùj`lt4»Œâúóì–¸Ânendstream
 endobj
 617 0 obj
-637
+1671
 endobj
-618 0 obj<</Type/Page/Parent 476 0 R/Contents 619 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 225 0 R>>endobj
+618 0 obj<</Type/Page/Parent 497 0 R/Contents 619 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 138 0 R>>endobj
 619 0 obj<</Length 620 0 R/Filter/FlateDecode>>stream
-x
�Wio7ýî_1@X
¬ÓŠ||sœªq»m¬¢-`  v)‹ñ.©,¹–õïû†‡´Ú:J$Ñ^s¼yóføõhHüÒÙˆN'”•GïgGýé�4[àÉäìœf9
zƒ
îd�ëJ
-§ô#ÝŠl©´¤YU[GWYfjí,	�Ó¯Fi¼òvöåh@ÝÑ:×…’üœœ!·”ôÁ”Bi~¥?Óp¼uG罿>U¬nLM%›¯u.qƒ�¯—‘ 2ºwÞ½îI…
-®õVúÓ,&à»±›L>Œ&g1ÃÔ±g½sꦀQ-ŠèäœKÐ\Ò— ¾@™W�­ö¡Z7\?4k&¬ôåß¡Œ»Ùô¤Ñ‹­r>‹œîv½ý0VÞ
-'Ë”ˆyƒ£ÒÍ•Áÿ¨q+Ï®ÏãGóˆ£‹¤Ð%öè8„G{‰ÈMf¹óŸä&Zä»PάÈK*ˆ�Ò=o9”
¸0ÀÞsD7*llm/I¬I`0ä£Ú¬¼Î°· BÎË9"o
»å¹‡¾ûMIm�^ãbK�÷Q?BÏUòk­*´F"Ù¶Ë`*‘XПw7S­ Î,¯—*[r�
1¸¿ù€b2“Z±=J-�†ÌOHE„­ÙÎk…ÛKÁhqÚÐîp¶ÒhϾtYÿÕõ½¾í^tZ;ëJ^dÆö[1!ù¬”¯…–�%¤ëN¶=Ó
×­’¡y|îºmå;F6>J*Àœf+ø 0h½!±ZIŒW@¹6úØEÔBòÍ’­„u
Œ!�ø—¥3
-bK‡Œ¡Êé87«Õænë"ß«U£ï!µiU¨'.
-ê–ñù(MÙ¨2ÿ²°ïgÑ°¼öó0<þ�/;¼:6jøúü˜4×ئ‘û„h’?".”¥ÌY/@›ƒáÚ•æ
-£=›x…jdœ¦x‡+íÃæÇ+4“á‹7òåÞ®«4†BVQ¼…¼Š;¢�¢
èŒ×%™&ƒð“kËý$û{»9V,ï.ò½ÄJã
^ ýæädÐã ÃŒR®Üϳ#>‡øÃ
ù×ç_ŽF§#´ã˜Ï
%�Þ�ö&ᢠ{>Ëh|áÛuw„aiÿƒ†çrÒk¥³HA­ÂbÁ3’?ˆþàílÜôָij‹‹Þp?’ýЫGŠ¡·ãó’à«b³J­»ÞåíáãÚ¿ãÃiä½ôeS>
-î
—0ó÷Ýàk·RÐg™î€óIéú…ìÆ:YF²�ï˜�9Ïç·´8F©<pî£oŸõÆ@ì§JŸEHÿ8úN†Qendstream
+x
�WÛnÛF}÷WÌ[e ¦Dêž7_¢Æhã8±ÒôA@±"WÒ6$—Y’Võ÷=³Ë•H9)ÒÀ€MšÜ¹œ9sføõ"¤
~BšF4œPœ]Ü,/ú‹9EZnðd2�Ñ2¡A0à?qïv'ŠJšôVï©Òt«ó�ÚÖFÒ“ÈÖ‚¢ "Q’¸\þ}1 «h„ó½G£2at§3¡r>S�¦Òð[ì/Äkìïjâ<NÌ‚0 G#�üZ«RU’>J‘¨|ëNŒ(›є߿‘�º¦ÖU^K2îÁcµS%Å.øWT¤R”’2ñERɡ㹨ìa�»Xg0V‰u*i¯ª[´9Â=­E©â&¹pè‚ݨT–TJó¬b\À_™­>E"Ohç�’¹µÈÿI¦rU2’…(˽6	‘Ìcs(*¥s¶`Ñˆ–;YÂfµ×ìôÍò‚kaB!_}üõ"Á�Æ“Y0¢ŒÂYÌ›»”ž¸¢ÜÎñ°]ÉJ*F�l¾ÏÀ9q8I²Éu�˜-õà‰Å¼ç“[õÆ«Ë&ªhròšÑ0㳎mÖ¢¯¢ù<FT(/ÄVZ«�
´ÍÃÙhò"á£3‹œùøÎ]¼9�ÞУ›¾¶GzãXôöýçå{Pô�¹XÁ©.4Ï‚	�fÓ`€F€�´ñ-å)>ŽFA·©fAÐ�ˆ¿l�®ó„íõãm´å•£øƒ®äk[�þbâkq]W;m~)‰ŸÒkwÖãÚ{ÀûDÇu&óŠp-˜Ýk•Ë3NêN<«îó\ç°sêâÇ»[‹]yž»Ô™À\÷æÃÒwõâúøz£Ñ0Þ£ãWYÒ”2
Å֢ΥÅíʦ7±Üìý�·˜ýÊÙ.ŒÒ†EÆH×±,.;‘€f‹RŠE!Ö*U•âÑ$âʪ}Vy¢÷€eI#¢+@gi�äˆV=d½ºä<$<äÜñVN¸ƒW´%QÛõpðê<–}£b…À�s

!I+–3Ç•Õ
:“8eLõVç%mŒÎZÇl
+«^µƒ¿íŽž'«KÛ>ˈåùôÞñFœ*T½´"¢Ê3ßÂT*†c]W©Ê=”ŠT””K¨XÉzÍÑ·ÅÏ•Å! `ùÞ²êt`ìÄ3à!ˆÚ†Ïž9sÎRÉÚçë«2H2S”p ë´
¤LS�úØ×ÆJ´µŸkÆ6Mõ¬:…ÞdÃZÆ.�\ÒpÎSÒ8ƒisç¥ñ…Rðó¬-–ŸîÿüëþáiyýûïÁ®ÊR›ÏñèQ$þk´; �5O"?4\!I´v#¤Š¥äQ‡”¯‘çÎ�Iä2ƒ0Ãé¿‘̘“rw>ÜÎ;�oµÆd1²Ôµ
=í$<ÊhÛìMYÁOöÚ÷x:ç&==å©rÌß‹ì|ü"€Î¬`='L¼­ü~
�»¦®L….¨Üé:M,³8TÉ
+ÞÕx�lD䬑:íÇ}Ô·½rl
¤¿ˆ9½šBš±è$½U4™6ZëÕ”Ÿ¥°HEÌŠc›ÎÿiŽC«ÁpJ峄ȸ6 pcíÿ»2²2J>;o)¶Hv
+TÝ-*v·ý "/>&JÂT�ЕyÆØîÛG@–Œ>4üNsƒWP
ÞÜ	3© ô7Xæ_ÿž.xù¹NX¹›ö|VÂΦO¬ïDá3¶ö.ôŸ‡çs‘Ň÷9�Š%öL<"¿I³–F;É >�!}§xôhsøvÎßBî©è¤¸�n7k$²Åw”�計n
dZ�øî’b±äž/Üø^+yûi
qä¥Õí*vcl•Œ6nfbFò2VéX§`¿~µBùÖžeG1ï•Ä
 endobj
 620 0 obj
-1510
+1732
 endobj
-621 0 obj<</Type/Page/Parent 476 0 R/Contents 622 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R>>>>>>endobj
+621 0 obj<</Type/Page/Parent 497 0 R/Contents 622 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 179 0 R>>endobj
 622 0 obj<</Length 623 0 R/Filter/FlateDecode>>stream
-x
]RÛnÔ0}ÏWœ¤ 5Î¥QxØvA€X
Úð
^Ûéº$vk; ý{Æ›Ñ(/yÎefÎsR¢ ¯D[á¶�˜’»>É?x‡~ ‡¦£B¢`EQ )—³W^8ýðùì]îOÚP¡\|Ï$r©~çfGd(	šyä±gà£WÈx3ãmÿHR5ÊrÑʪšU¤–~68òéÄQ±Š7kc³6¦ÖŒ„³‚³6€ag^“¥ÜढW‰`!œâAaââ¬�z
yXseˆqÔ¿ýhÏ€þ¬œ¬S7‘—ì—·‹5 =œzžµ{ÅLrÊw�6ðÓé‰{ÿG‚(¶î£é�Yõp…X'·€ã§o?¿î7�8›W!Žæ!õ0�_þql\‡3§VÒ WVhÚÄ‹
-�þºý4WAä‹ë­Ô2WÅ+1;.´
+x
•XÛrÓH}ÏWôËÖ†±u³e/Em²
,qÕ>ÆòØH!É1þû=Ý#Y²ñBa{,Ít÷9§/ò÷—üs)ôÈR”^¼š\ü3¹pz£µ/Ň</Á(ä×Á¸çQ¡iÎ;pÇl_p{ÿ. ץɜ�ŽBšÌä‡&Ñåk“ÍãŪˆ³UKM*�*úxûšžM¾^\cn›]º=Ycyíú°†¯^ZU¼-UÑ2Î4UŪ¬HE‘YeUI*›ÑWg|K”Äš¿£Êˆ•™IUœíšð¬‰ko@×Þ°°�ÉR#.…ÿΔƙ)h¦+'%•«hIª¤U‰Kyaæq¢ËçTnÊJ§”›$ŽbþBWQ¯×#zkÖúIÏÙ…Ò›™Š2é²TEœl8f§
±ÌuÏãˆÝVh`3­mã¨�8XèDUzÆ·þg3³.é~‚³«µ)¾	&‹t^•pamh'	MõžÉ8Å&ÃA&K64-b=Ç;ãÐã[E
],XþY	
ûý»1¹€nÚ¡E±%{Ôó{t˜ñ[Ë.V…I]°±V9
+³ÊÕ™û›O÷ïnøîíÑמ‹(íëÌ5ZšU2cn˜Ξº¢s†'&÷©B�(PÀP	m5A‚XW¦,¥á
 endobj
 623 0 obj
-444
+1633
 endobj
-624 0 obj<</Type/Page/Parent 476 0 R/Contents 625 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+624 0 obj<</Type/Page/Parent 497 0 R/Contents 625 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 192 0 R>>endobj
 625 0 obj<</Length 626 0 R/Filter/FlateDecode>>stream
-x
…WYoÛF~÷¯˜
¬
-aYì^: 7£¸Ð;�iiâ¢ÍJÕµ¶….FtãµþpEÓ
jä[Æôæèm*Éá
-Oü-…UˆÜˆwÈbéìA¤Ük¹Ê&àÐÖݨÏ¿©W·5N�T�ºJ&�³åŠ[Ĺâã¹WßWPtÈýAËÚF¿âl®	ŸzH&"ÿ¨Ö~¦óX®Ftïvsêú&Ê�CʱڦþÚ5õÑÔË~7‘�.“Ól³QEaì¼»mDŸ}]>[.\ÙžM½ákÉÌhå*̓öÒ“jC㵜à¼Ò³æ{£©1ý’rÚ&^ÛÒ[šk¤æÊ‚öÿÁíª2ÅŠê‘/É�µè�
�QWpå*eìö‰–mSæ\Άª*Ï]cãËl�,€ßBˆºÂ€YS££s{ͼ«$…51Mºœ	©fü›˜ƒs*Rát ¨ª×-”�90Çô#"”œAZŠ‚‘�ÂÓLãé v!˜„{T¥)pnkD×?
-M`B.MYR¢£ZéÔ\�ˆ.ÊÎS�ÜI!ÅÌÁU:Â×æ¤Ë�Dù^•Šµ0VCà”9‡ŸÓN—v�õ~_&‹åBŠi<”>€q„	…˜xC2+M¯糤˜9á #ØÏí9¼yƉ…ÛÛ-ÎT0ùÚ¸Ð늣9‹(*s�(~GzOµÇbKážQðþ„¡‡å!Â|§ÒÍÈv:¸ÄX]|˜¾Õ¾˜÷-qgØ>qaK…Ðä9ðœ5!”�ájÆP45ÌV,Œ«Èê%>…Ž;E«‚{Ueì ˜f­ËàÞ–}Û.âÿªÒ]	±‚X?±JR^¡)#×
9·
QEÖ†èUt~_üªGkæVU®(�sO4'€º<o|HŽ·Õ ûÛ+
-¸mC©·ëÌÍ#æðëç/¿üòùï»Îï0`5R.RÁD¥”¢¨
-Î1äZzéz]�1ÑÌ`H°Ò…ëªìÉDWMácÚNÆ/[�Ãldµb±š!|
-K83=Sùƒ„€Wbügð5­m/¥ö@Ç£ñèlH“??&uîO×ï¯(óÊæ‹Ä„é€ùéuŽI–°’ˆ)œÆùR¥!à<Τ™¹™ø½ÀÀËki¾ôÃy37fÚr—t‡Ö=k¿Ê!q7¥ý˜›é5« �\/ÉíÉhB˜Y@�UÝ°B4L?º	DÉ=8œâ`ªAX˜(ºÓö3Vò•çЭÅŠqmqHdÔOŽxÐý<;±¶^wŸKuD_á ìÒ;ðã]ûL7�D)¼ dLÉ‚2`
-„ï®.¥tìL.³5Q¡ë�Þí
D·iÙa66�OóíðfMtlQ2…{‰‡Ü›:Òoét×Õ
¬;œ,‡íŠÁðš"Ã�×H@³t
V!cHª¬î¸6£ÆsŒßkx
RÛƒÄjz©ÈŽÐZ‘\îPK¦¿/Áu>j^h7•KžÒª”¨¬�;M¥lÃ[=' ûïŠÒÔà3H´Ux
BŠ�xÅý+q/¿¶¬J,}Ùù¸$ÙRy&&þ<A‰
^“^!H܈×D<ŸœpCÚ	È^\ ×Ιn¹K c|ñªêÁ°Y?è¿Ý"À&5Ñ”&b³ßì¾Çï.å7&è­œOtÁ¦–lùäö{H÷ŽÃó
øOaÓ0ÉNÞÿòùWÄÞ5Aš¸¯	Üxø^×<4'ÃîØ‹½õÒµöÈMQÜC~A.µv˜
+x
­XËrÛF¼ë+æfºJ¤Š"©Tå ‡+eÉŠÅT’ŠrXK° €(æëÓ3»’å\Rqdá±óèééøÛQD}üÑx@§#Šó£ËéчéQ¿7™Ðö‡]à¢O£ñYo@ÃÉ¿½	YMóæD–zøñ�/?á��äåœ&>/=òyw{
+[!³\
ʬX¦$e
+ùph}ê�×W(ôC¦U©›RÊ‘eÓ¢†Á{]� ÏtÉnS³@4q�ÇPQÄY�€Ië´Z
+'(IËʦ³š©ÇÁµ\z6,^ è
 º Ó€ºg¬ €ò¢¤G•Ï
p7)tI¦¨ÐÌFî”�‚ìSþ{-ZgaÑEèÊÕŠ“™!;­
5
+Í´*¹l)­—p<wÝ
+´8Ä‚UÂ…Ëéo§¤b0–~CË8‹•XôQ3«ÁVéD&EȆŠµ
¯gߌ5à‚Ò°À…“aôàF´	1ö[u5M _
+„@0¨M‰í	ÈClK«<U6àÐ…~Øk¥"G„Gð
+n�è—4ì9F»Yê·þ–gúŽkŽ6Õ¥[JXôü¦<mÖolAè0…�pWäØ{Mã¤|wáÇj•ùÙ
+D=ì
+2Ø/Š5Ç[L WÅß²¥(ú”šú•h†®Mü¼ra?¸Pñ�*ß’ÑhÜ‹h4ÂEÒy¼¸»¼ [|Å¿`ÛùÎâS]÷rw<��Éÿqßb/Å¿ÜpÃ
»û~9úØþa%endstream
 endobj
 626 0 obj
-1699
+1935
 endobj
-627 0 obj<</Type/Page/Parent 476 0 R/Contents 628 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>>>>>endobj
+627 0 obj<</Type/Page/Parent 497 0 R/Contents 628 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 197 0 R>>endobj
 628 0 obj<</Length 629 0 R/Filter/FlateDecode>>stream
-x
M�Ánà Dï|Å݃)Ø®íkÒ¦·T­Ê`‚e§Á´€óý]j*ÄJhvvçñÃ$‰®BÝÂ8vTìñµ�”P#)mßA] ¸ÊŸÚ
ц»
ÐËi²xS€¹ÍvI˜ôÝÂè5Ú,ÍßÁ7ë8pÖ_q
–�²1Zhz¿Ä9¦lÇ蟦}Þƒº2�RÖ¼¢E^¸íæY9)FÁж5Õ¦ï¨Vtiä¸qô;‡l;ž	á?Ëá|<à=ø«5	/Þ¬Ž2è4û%O/7W¹ÙŠgïœ_r{æ‰ð§|ˆ¹¹éÞÓQÈ'±gû`¿sdWendstream
+x
�WioÛFýî_1u]X
¢ƒºm (ì$n\äjì -` X“+‹	¹«ì’–Õ_ß7{P�6iD0ÉÝ™Ù7oÞÌ~>Hh€	͆4šRZœ_¼¸>ôæsÚþ˜;<`Ùɸ7¦ñ|Æñc$-°v@““Qoúèlá#4?0Ô¿Àæ„®ð;�Ïè:sßt�vŒÖÕ÷ôäúãAÿbVuúµ5}{›+ü!�È2êÞQ³ÝŒú™¼ï«º(¨›†}ø¯é2WòO•§Ÿ”(eË,uKêZê³á…(lø·Ã|2ê
^§1ôØÈÅÒáÀ`éõR†0â!;}Y¥ý•°v�µ#�ª2Zç¿ÈmEvgľUKtDbµ’*“ÙSZku\ÑRÜK|ðvñ’møw!¢¼Ç.%¾•‘ÒDK
ÓYndZi³éÑ…6$D¹*Ød E!3:Îôjµ9†ÛºÈ‚Õ>#}í�­ Šü“ÄisK§“
�0# 9ñH:·G§§“Áÿ“°pèns²—Ü`¦sÚðâ´�ßH«.ûšúŸÝê{ùô¿ò'Šn�˜ÚP&mjòU•#).q@ÊÙ\¥”÷d�Î…•%ÒýL—«º’¦G`Š?ú#‰[«˜(6TÖà"pžÞÈêüòí•w¯Ñ{¥]Œ¨Cø›cÊt)rÕ#����V‚<ÝþÍ0hEy+<õ”® ©¾Sù_!³Âî�I¤©®U¼Äjy£×p!<ñ?¼¹ü�Â:ðÌ"n©(5RTL{Ž\ɇŠl%Wæà4þ£?¿-o}1�¯ª˜�@çÖùR­*€�«;gxÍåñIéµ"¼¬rQÀ¨axc@ζ6™ƒ
ÞCò3­$Õ6Øa'N<£æ%,|ïv9žŸ€m%M§N)ù¡ +ÖÛ­<ºõN#'�FŽOŽ¥[•lŽzÓ™ß<q'kÖÙr"Ñ;”ê²äÚ'€j—|È¥4²©¼(Æ�ˆ}Q…©ñJ]ÁÚÉ~û‘½Û‚|$’;ò¸fÇß¾³ãòŒÄ‡$[Ú¥y/XŠX%ãio„ªž{ùEçÊe7-rpbŸþ”—¥Ìrp«Ø<J›1¦m0ìÍcgã¤á
+Is²„„”·ÒXÀßòÚ:’k¿N ÿº†hP!Ì”VÞ‰WàÄq¨R)ª)¡l
�=RYøC×¾¿:á[£dö�£¸×%³fÈšO"AV
Nðë³f.ƒ²ô/N(Á`³ÖpÆ[v9Š:é
{ôŒóÊÆοÇOK‡-�[›C†aK|®làÜØc!ÿ
+BÍJSjH'÷O-´›=ÿƒ«}]‡Ó’5KIÉ6|Ÿà¾¨±£ÉGcü–¨ÈQož¢Ìâq²€ã,-дc:ùV¹CÛ�—e†“—«´
+µié'Dáoˆ�ÕÂ+D¸H@°/7îªg¨y@#%½„ïå~†º:{}ŽîhôG\é¹Nk¾Å¸ÆLê&Ó–wgCàÿl(ãÙ8¦`<b³ ϯ¬Ýàendstream
 endobj
 629 0 obj
-243
+1759
 endobj
-630 0 obj<</Type/Page/Parent 476 0 R/Contents 631 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 228 0 R>>endobj
+630 0 obj<</Type/Page/Parent 497 0 R/Contents 631 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>>>endobj
 631 0 obj<</Length 632 0 R/Filter/FlateDecode>>stream
-x
�WQoÛ6~ϯ¸·¸C¢ØNbÇ}º¶Yƒ­]׸(6è…–h›‹Dj¢Çÿ~ß%‡V3lXywüî»ïŽŸLhŒ¿	ͧt9£¬<ùiyrq» é˜–k|™Íoh™Ó8�ñ&Ýï}£Kúì
-“íIÙœ>×nm
-í_-ÿÂÞ+šLÂÞóéM2ÅîÑÇ6Û’[S³ÕdìÚÕ¥jŒ³du¦½WõžG¦¬
-]jÛÐK>¾¸Gc7ôÕëúà¶Hѽ*WŠ]�é|ræ®Tøh¼¸ôªÔ¤ø·jÞéÙÛDT^“,28›f¿›»�§OKºJÆ,&D¸–üÖµEÎ>ß/OÁ‡&üëËÏ'‹)¢˜M§É•4¹ž%óî© {ƨN/ñ1ƵÖ*—`w[A•ªpÐÎCl—Gãç’¦“ir¹‹Ÿñõj‘,â¯Ñ3¾Î&‡À9Ôø¹¤Ëñ,™D{ãg|ʼn®ã¯Ñ3¾^Î�¢bŽa«7ÔÁ6Dæ®ç窧Zà]OB¤ú8]B‡ƒq#R�ÊjUhZ×®¤�&«�wë&á
çÀùt&©}Ð5Xƒï˜>yn˜³ª \7°â_óž‹ÛYD÷nç7æ™Z¹¶‰Ã’’ÙÓ{Ø
»ãbév/e`H€e«…·¨R©«‘m2g×f“T®8¶2¢=ØY¶¾¡”>�¿÷º~ä²a¸ú
-»QŒÄ¦�±Eßš&dP	hàȱç(ÊwAH×÷
ܶ5´ >#U4¨ðÍV
- '�ZDʦ#ÇÑ©/Dg|ˆ�)
-9ƨà)`ˆ<e]éLqY4k½1¾�N>hh¥Ð‹‰©Zñ3ôBr;ð1«
-ÉÜn§A‚3Y-jJ€7?gNBª[K[UU¦Ø“¶‚g€¶cS¬€V<Ó2:oD¥3Ê\Y:›¨¼
-„E½ú,á»gòò+r
-[¡rª}?5åÞß@þ@9@\ü.s™……ý§®½ÉKcYKÂ÷_ CQSD }È/uÈ»Ý[(HyÌÝó\øïýí.È¥„´©][õyÝ‚ªÎÄp°Á'©q`MX–B¼
Á¯\�&>/¿¡·ïP!å½¢D¹HÓƹ§i­ýƒiÒÔ¢�3iÚ1fÀNrk'½Ò�BˆY!jÎ]œãEöphC/Ä!¶à1ù^€jƒ”¯…ìeÃc,S¡ÅpÌd Æ”ÝØí5zϺ;{¯þ(áã4 ÆWž¾›Ö‚ùP÷f~°”£³BOÁôÜY¸±Ä½bße¡TÙÖàµôt$ß%ãà#Iz7½zÝ­kØð)Zw:vQë
-qxtðÍF{ü
-ãfÏaò¥œÅÀ`®bVÒîùf&L“{‘
eaÀ±ú©õâ½z‚Š`Ã
ùkòrEäåàœ¨ºA\<¹tÍ«›Ã²n•+㡦ÓÙ¼ëý¤<OnžïyÇðô{Kç²²gäYŠsÃû?mÞtá‡+ïùtî/Ýdû+[¾š_á8¸Xç£ë	¿À}ò÷“
+x
�WkoÛFüî_±5X)dÊ’];ɇ~Ä©ÄvcF

ʼn<I“<åîhEÿ¾³{GY¡ó
+o»Á¯÷_gÇ\úx
-Ôr©kßâ	¶p¡‘ÏÃÑÌÙJªÛ$b‚×åLñ5v�®m!9éélžá„.¨pæQO^¢õ
ýB¡�“�½º=�ç=¨s§ª©¢Û‹óŒˆ•0³eiWJn«J¹2eÙ‰ête¹‘eIµÌûo«±þM	bém±ãüÍdru}=žL~�Ho¨Îç‰~¥Aßµ(opÙ8$ï º™TѶÈ«
×íUºšBg@Š:çÎ6Ë=üŠ
+Äbg¼ª4Õü�Š"Û:³*Bæ#£3éMUA¦Ð
+XòKF‰"ë™
+yƒûÚ+¡R!°g ÷>9=µ?¹AL.5gõ|_�ÜZ¿ö
—C|^iç’8ˆ0é�Ã†¯Ï&/Y‚÷¯Ø«,zߣþ“êöJ„‹0’oòXÌš¾:…Ù©—Ñ,á¬bW‘ µ^áé£vžM

ã#"9s[hJ†²xf¥	è>ínÕø³"ût[jCìˆÁcÓ�˜|S†ÅQ«ÓUT €Në’�pcª¥ØZ
+\mj[~‹�Ø‚ÍóÆùè>[Ý]]�Çy@‰Dô[Ùô0œÌ#fÈàþæãûwoþ¾Íð}ü¨•F�ÉL¹0­
+Rq
’ÅÒ`þ`hDôˆ){ä/«'9eýÆyõ‘aûí õ�wgY&¥H¶!9�«�ý†’©ÿ¬Iì�°¥¥ò~UDãÚ^b:ñâJÓvµ€GHG[yÅcòÍòVH„‡GOý
+GM0¥	Xú7[q' ”ÅÕ´!d§@øY+‘kήnîâüOë)ÉêÏû¢$i™
+''ñƒ·ã�¿vþéÏ*þendstream
 endobj
 632 0 obj
-1689
+1867
 endobj
-633 0 obj<</Type/Page/Parent 476 0 R/Contents 634 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>>>/Annots 233 0 R>>endobj
+633 0 obj<</Type/Page/Parent 497 0 R/Contents 634 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 200 0 R>>endobj
 634 0 obj<</Length 635 0 R/Filter/FlateDecode>>stream
-x
¥RËr›0Ýóggwa!avwIK2�±óI³U@ÄJ
-“Ôé¶ÃŒ¸WºÏsÎï@€Ó'�FX&(šà4³B ¯üU²N‘—àŒsŽ¼˜gƒn{Üý¢Ý—ü)ÈòÀ¿�
Þº9Dºa$«
KÐ ^FŒO^
é[�›pz<®ü­6Å3öÚiô¥}ik«Jô{
劽t‰ÊÔ¾í?=Ý#æUÿëkÒÉS8ÛÙªg…mBIFmÂ�ÜžýØf2¼Èîo%Ëî³Ï…Æ’Tˆc%,¦Ùæ9õþiZš¥ÃEŽ˜Ö´ëŒma«q²Ùm§vªU�ô¯¬¾ÛF™¶›Aµ%fR;Jy� KZO
ÊÔê�V©œm&�Y„$¢1³eš°ÕäýÅ,"VŽ¸Ø½ï‰Á(Ðæþ7@òæ.¿¼Ü~`ô‰ã˜<§‚ÓÌñ:%ÛsL»U­'‰$e^]¤�£ÁåÉîôWÎ>é¢'ÀŠ?
©Jõ¬GcqÈZÒæòµëuƒ+K1ºq¥\¯…·ÇiÌÖD¶Š&4¯ƒ7jÇendstream
+x
�WÛnÛH}÷WÔË œ…EÝo~Yx&ñŽ1'k+vA`Ñ"[R�I¶¦»I¿§ºI‰¢`±¹¢š¬Ë©S§ŠÝi€¿Cš�h<£´¸ùeuóau3ˆº|˜-Nã
M§³xB“Á4^Òh/ÈHÚð#ƒx
+^ØÉ%éè–”%ü+µ)DžŸ(Ó¥¼íDxØI�¥F
+'I”T{Ž½Ó²iâ~,I›LŽö Í+	\²àho4Â/ÔQ<Š·”êr£¶>;äÂ54^:QóCÎèœ6¹ØÂV8A|%[Èö¥K¹LqÖ·¢X‹®��–¢2y®ö®ö? %Sbˆ¤¦¡Tÿ©³£þª”‘Yó;`/M¡\lõµ—ÌŒ™XÑ㆙DQ:ÇÈB
+trj­råN|ƒ8
â#û\H3
è…Uî�%‘‡p¸@
ÝöÚZåI¤lö�­ßdÅ´ÚIðPà¿Õ…¤uµyBZÎø ¿g’­Ju|ka†§K)3Æ­'3óöšýŒ‚ç~¡ÑF¦P~“Æ*
ÖmǸ¨�–^"4YN¡
+“ÅŸ@ó,ý‡%
ÑkhËd6ôÍxéþE<‹éådèúYç*Ux‚ÈŸ�föºÌÜ
¾Ê«tb‘ &z¾@Q^‰h­
%UìÑý÷<<ëoªÜz­8{ã–ôÒ°¸…S¦=�Ðì
+ �§´Û	‡Î¾Ø&n
†þ&…ÌP=6ûU•øOO+š
+¤™Q|Ùɽ*ÂØå96Gash D9‚ü®e*¸˜¬Fn•å¡ó*OxË¡×>?¤$Ö'Œ%Üîmà«D‡a…±Àø7}�àï@XYÒÉw
+_^
+èc2UI;±ß+,H²d :.¹,œÙ�
³lò@ë’µE+^|ŠB—±ÈŠì¾ÝÃoÍJTYºïÜÓ£'
+‚ÝœÝìá¥ä‰Ü?vм…†Ä@€SÆ¢NÏ�?¹‰ÝÏî8~çYfí
Ó‰ÌDÐ6ÓV�+TÞȃö#�cX8G¼@èT
\Ö½SÓ'‰<™€ZX HxS	ðàn¬Õ™çˆËS´ƒ¥¯N{ÅþQæZ°‚²Û:ð³Ë¦?QŸO›
�]Î}ŸlÑá½´?5;×UÊ~ÖµJxq
ù`¾Þ�)×iØϘ×üÅÞÿ-�¦û¬P%KL8ÿúÔ©¤	Ù«F'¿Ë´íhn‹Á¿B1@6¨h¦/+æÿ=+K/³>�-Þ¹ö
ˆ;Ô2GÒ5¹—G/
+´Á=áÎp+6\”ëncèÁá-è×÷h¤ÀÐF‘Z˜&‰Ó:·Ib¤}U.IJìŒ]’Ôü
+�6¯ÔÄÚŠ“×k?ÜØç‘ÒÜ«Ùº«í™®ðîÒÃqúzé»&¬(ä¿ñ[
‹‘Ú4Ùxæ°¯-¿€1}*¬ãL rª¨×|+±¿ojöðf
W§Ê×á#¯/¼ð»ªD¿`RøwkÖPe´¿\s–<wNÞö‘
+‘î~öâ‡éfCWžÖ\ ü©)µ¨×©áxˆeu¶ú5;z¹ÿøË=/�BEé½N+~Ñ8ï½álŽÛ{ó‘ßÀþ§×œÉ|Òll“)†EýŸ7ÿç‘;%endstream
 endobj
 635 0 obj
-419
+1963
 endobj
-636 0 obj<</Type/Page/Parent 476 0 R/Contents 637 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 238 0 R>>endobj
+636 0 obj<</Type/Page/Parent 497 0 R/Contents 637 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 207 0 R>>endobj
 637 0 obj<</Length 638 0 R/Filter/FlateDecode>>stream
-x
�W]oÛ6}ϯ¸ov
-ä…–(™­Dª"7Øößw.I[ŽÜC� –Éûqî¹ç^}=™Ñ?3:ŸÓÙ’Òêäíêdr}Ió)­r|³<¿ UFÓd:Å“tøq#·‘
mdYS*4ÝP!ýpºúŒ«šÍÂÕñü"™ãòp…Ó’~+¡ŸÈš¶I¥%““Ò¹i*á”Ñ$…*ź”xJp@üñ©
-_(]P©¬³#úpýn`IèŒ2“¶•ÔÎHˆàˆƒ˜Òxv\ã„…1ÄœšJm•ÛxãVTkA,6jÝú
-m¬c‹Î˜ÒT†¶µŸ)“ë¶ðqghh*M
Ȩn�`l=Ê¡¹:À°úNQ¢ÿ_´dlèµ´î ‚
-sãŒLíek�¥Ž­Ö™¯Ÿæ�ž­eªrõD[®
Bº¥|”å€ðd»Q
-¦’&6:"o‘m»LPßœIE•
ì‡ÔÃuïÒgb·�Nyò±ø,¡p³1ºæaÈqd2méN9ÄÙ´çúa8CëôÐÖnM“Ù‡Ó„âùy,ÌݵWÞ–TI·
Q«.F
®@éZ¡_—[æ›Ç…
N®_EÎ
©HSÞOןCÊKQø,am«Ê�¤e›q>`[/‹C¸b®•�úÜŠ¢,Í–ž@&œ(X‘­ùCÄ•ÓŸ¯ý$Ô)²1ÜhДýåžûh
-÷öÄgXñðnE€ó‹
J0¢\5 4«;?øŠTâKà
-éÅ®\›oÄ
bÛ<W©‚2�!ào)…u#f)‡‚s
-mÏx}†5ÿ<y8íE
-"eÎl#¥8²¨ƒ W–Pÿ�iðˆ;ŸTVö›a1-÷Ý›�‚µt[‰€ëX â’€o�,_>‰ÔµÞ>¹§š£ÀMÄÐ@ B«�|H,�Ì¥ÈÐãÄy(ÝÊ£¶¼g™†sK††CûA�242ÚÀá#tTºx»-�MèGáx×âóåy¯Ï“‹nj9ªE#*úÛ‹gr½³5ögÿ¯- �–žŠãŸi2ùKK·VÆ’È¢beƒ�÷»x¿:á9ï‡=Íø¿?žÌ‹dFóóKÔŠÎ^M÷Ÿ0y[˜Òübê§m·%¼Ñ~DJÍó<ã‰jyÄó¼I묭jî’nà{5õ|î¾)hHçêדÉv»Müå:1M1y~ڇͧ¡%ïÑcÌ5æEPR?Ëk‘~‘.¦9?Ÿ%g4_.“)'…ø—ñS—Jt¸øX­ò
-ÅŠóûÝÍŸÜ4ôQé³9Ñ“‹	“=ÂÂP‘!ñÿJì /(¼#ªz11ÿí9t�8\#ÒÐqøë§ ëË­JcMî8<c!�#ºCA"éÖhåp—•é‹H|¨ŒF¿=«H�ªèr·Lu†¯x4CFš½ÙwW à…§óŠIÍäBk@™1`Þ]yÔ8ÈûÛ{|ìÆlÇ�žÏìBSìFÕ<ªÐl|Ý�&+(Å@„"Û½f𺉴É�ÊÒh‘¶Bsc¯‹ÈIF€‘é9†^Ê&©_G1©*eÓÖ´
™IÛ,¸³ƒ„c§ìµÓhhŸ�|8^tDÏm†KË3kYƒ	*ÅISšû'üð¬a
-bÓYŠù²¯?–C>cÛ5Œ!η�í-ošÄ]{0[{¾Ñ5a/Û6
-³&BÏ
->¸{κ
Ï@t	âÿØÍkÀ€)¾gëå7NîåÍõ&°‰ñ‹!î�rã€yóµxÐT¿­±'y¹s²Þ‘.7¼´°F‡;ÆÍ�9
-ÕCè�*9[\ŽâNÊo6¾VtíqÜ
¸ççÿwÏbÑsˆ{‘i»Uó³-Qv¬}ªÂSP¤ t]ÑM@=‰ÉÀÒ'ŒeÏG-QOÞ͹e{N�ƒä‚Eb#"¬kGý|XÎçGŽ&é
è¯ü¬æ%¡‹‰7´òïDÌ÷7xsÔ²×q^”xƒ’Šî&æ‹Ó÷"Žçðª:ž_¼›u[¸öƒ—ÜÅùÓ¯ÃÙðÕ{Âàüíä_PÝÍendstream
+x
�W]oÛF|÷¯Ø7)€D}Z’ó$©Ü°“6R>
+øåH)&ä{w´l´ýï�=RE§@Z¶%‘Ú›���]þq1¡1~&´œÒlAQqñf{1ºžÓdBÛ„?Z¬–´�iŒÇcÚFý›„R£«’J�gQ&-ÅZõíµùFZI2²ÔÆY²UšJ‹©t.S)¹�¤ªŒ…“1Ñ}ßH¿ô_ÃÅûuT
â<§D›Û¯cNfÁ
+š/øý.§Í³~›¯®Îúí-ºìí¤a!¢½Êµ€„À¨0Ñ.{@m’,—[çp“R?qåËуâP÷ ÒÅh
äY8ºÛÜ^ßÜ®7£wë/7ÁúËÚ×‰@-
q55‡€çÈç\;çíT‹æ ÙïöRA:"ËE˜{EƒÉÉbÌh>_¡_ÁÛl,šw
o�Î|~å»ùäOÞ
+vQÔ�z¤Ÿzùð%â»`&94›©Їë·=ø
,0ÖQU@þ>@@컞ÁS³á‹`@MI¢}æv>¸E(NÃNiDÂÙÐÊ¥ZÇ$Ë–Ë>âን4å½{µ—‚Û*Ú‘°�sCƒY
+évP/Šuˆ* 8š d/®Õ_±B=3kt}Ùì}J£ˆ†igˆõ)ÉEê³D´}†5¨™”�¬êrœñÕ´t˜)ax'ãîňÆ.ñ1
+Î¥°nÀ:šÎ©5R—Á5˜¼¯ˆí1×!k5NÅÇSïÖŠµªŠ­©°üćAç×T,¹‰“Æ/jí¤;Gò:ÇÞÈ…C¯Jo–MêŸ!`	j=MøëåröúUEšÖVE­@á:rb;�Õ›;¯d
+zÁðØayoBf1¤Ì<芛‡6zÀ³#”n/
±lWjƒeùŠÔ€Eä*ŽÈ·-À=•Œ	q€ÁÀ/ê¾x®Ù\Y¢�Z¹´<52UÉg]¹a[‡}sGÖý†îƒÅèä°ÃðÑ,…
 endobj
 638 0 obj
-1775
+1733
 endobj
-639 0 obj<</Type/Page/Parent 476 0 R/Contents 640 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 243 0 R>>endobj
+639 0 obj<</Type/Page/Parent 497 0 R/Contents 640 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>/Annots 214 0 R>>endobj
 640 0 obj<</Length 641 0 R/Filter/FlateDecode>>stream
-x
ÕVËnã6Ýû+nƒx±bÉÛé.±§Ó yLcÁ
-«4¥J•†˜ÌéìžK{ä/)+Eö@JÒÑÍGÑ{|�½%gÆ™s!¬#ØË=zW‚Òp”ÖY¿2W+C×)ꬹ¦~Ô%!�eeIã	Ѫà’j­ªÚòÜçÖ
b›bž9;ÂP­„&p…Ø¢¦PË2'þ$Œ…Ù&l�ÁCߦÓïÓôËÕíÍMúa6›>Ë«^2›Iod6û}
-å\#ÕŽˆÒ•r»ÔYCf–ó\h ¦´€×àŽZñ²<>tZ3�üÍlv`©Š¬ $c¨€¯�äà”aú™&——G†à€û„lÞûdk–=p{T¾¬êcO�àh“uÆj»Ôüç¬ÈkMÕIJç@zXƒÒ�ÂÕØz6â‚I‡à¤
+x
ÕXÛnÛF}÷WL9�EëÉÎKaK¹��4RêÐËŠ\Y“\f¹²ì¿ï™Ý%%Sê}hÀˆdr®çœ™ñ�ƒ.uð¯K£õ‡g糃·³ƒNÔÁ÷ü£Ë?¾¼?èûÑkž£e4õ¢Óð)¥)¿uün@Ý.Í–lhx2¢Yâ,thÞh�P!â[i©ÌÕr)
-µ¡¯W’ȺVy¿G´Ò¥-�(9-$%z“§Z$2¡¥Ñ½œ}oFfnèpemñæøx³ÙDÒ®¤‘"�b�=~Ú%ÃOGÞµ{Ãh€ ß!kD¬ò²+ü,IçøŸ¤K]ê¥åðLIW³#º’v£Í-]ê\Y¼KóCq+"Ê¥Ít>Iª$q'T*©¦\,Ôîö£»ÜžÈ;™êå¨ÌŽ'-TÀùßz¥©4wxHå¥iJ㉫9½œâc«Œˆf+Ùp„wJ…lô’B|0,Ѓ•*JÚ(»rïÃ$gÇIÖYÁ•ðÍ*Ñ»‘2‡»BÞD¨l±¶°‹¼U$£†Ç"­*)Ù£«”ÊñüRÄñS�Nª2^ëuI™Näü¥�œêX}ñ¯fO$½QiÚp¨óô�\0ç:ÂásÆ•{4w¹T1%ÊÈØLV»ò¦:)ZJ}ïʹ0
+
äžix,טFÔç’ÄFékú6`Ï¡ LœÍ�QÖUÁW8–cXªT¢glúøÝ00§³Eå½
þé¢ny«HÀ]‹cOÿ5à\Xî4¡‡¢Æëé='÷«÷/íQtÒ‡óÞpB¨ÈË¿«©qááÆEÆœAí“[ù4òǵì�Žu
ÔsùK+‹€JäÍc;\.ÆY@2¾jTi²£?ž¨?8=¢ÍJÅ+Æ<xÌnù³O¼wÄaî=Óô3£G…Ã{
ˆ@h,Ë$Ñë4a!*U:{ÉÒÜæ-XA¬�Ž™Æ–¾éuÃ#ƒuDó0â ¸$q?Ù…ì~·Û�Ù“¶ðA�ô ×(]娔¤	+ši�¢“Ðä³™ÛzÙ $—I38¡–¥ƒ¿ÆÌ{
ëS+Œ¥62±-.ñ߱έÑ)}¹Lñ¹<~ÊÜ)”ßž%I
+ó3Û½×Ûž±;4¶ÐÐmç9PÒIVÅ
+y¯JËz‚›ý‡ôbúm:{{ùåÓ§Ù‹ù|ú
+C
+=~=‚8aÖÍJ¼rÝ*êKÊ’^]Z3_½	ºlR7E–´’i±\§ôõËG¿|ø5+Uùmù¦¹ìï¯8Y»ÃAÔ§Óž»O{ýì±îÃÞyŠS÷´ÿè:ý€Õ’7Ö©ÈÂ
ÊylÁ|<R¸5K~2ÒÆ/¯õ±¼sd^KZ	@OP¦Œ
Xs‰’ëýK3�g.8\=?tªsá0\�€æSÏTt.^ó÷õúæ“óÁàòbF?À
wD·p°f]`w×8A•3ºCóê%L&wE2à’ê€EÛ
+0ªp"ù¨vwªj¼Ï{OnsT¦õ§±¶–.¥1¼¼b_§`?óà|2ÆjŽ+¾x\¨@
þ.Ñ¡þ)ÎìŒz£AÔõö;
+0:î(ßþ±bçï	å­*Š‡+Á1 ¸¾?.³EqY­læOѧºÿ¬¼OÂÎÔíçp8Œ†|”MÏ.ÏÏè³ÑßyŸ�„>:J±Ùvw8ÂãíQÏmÅ'Ñ(¢k¾é=c˜Hî½ H«;ý(D¸ø#¶�Bý~ð\qÚendstream
 endobj
 641 0 obj
-1189
+1796
 endobj
-642 0 obj<</Type/Page/Parent 476 0 R/Contents 643 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 256 0 R>>endobj
+642 0 obj<</Type/Page/Parent 497 0 R/Contents 643 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>/Annots 231 0 R>>endobj
 643 0 obj<</Length 644 0 R/Filter/FlateDecode>>stream
-x
¥W]oÛ6}ϯ¸{ŠزåϤ/CÒ,]€¥èfoðî�’(‹
Eª"eÏ{Øoß¹”Ç^ÓŠÖ¢Ä�{Ï=ç\öÓYL#ü‰i1¦ÉœÒòìzu6¼�RÓ*çWó‹­2E£ÑˆViïJûÂ6ë‚ÆÑ(ZP!	]Zçñ˜‘òŽ2±#~KïoÞôéFlTF×Âkh«´&z�²"_ÈnL£J¬%–øW«�g?¬Îø´p$ÅüôËÛ³É<Ñ|1Ž.¨¤ør†ßv¤iÉ1Ÿ¬¨×!öÅóžF_x_½e�¬72ÒÂ×6‘‘ÌšH4C'ÊDp‡í¶ëÑÚ*³¦ÜÖHm[(-i'}ij‡·iØ`�ãy4ű½ãù‚º”âÅ<º¤ùd�‘Á‘M»Q—Á1ê“)æ=�ü^¹”´2Ž¼¥7w·KRÁ”Â+ {t@-Ý%‹l½¦*wÃãÙû¿)
bL³ËI4G“§ÓŽ>—ÆìrŠyOÓx·¢[
-e\@òW£þþZ옭,J“8Jm9üW?¤zh|†çd2Mh6›‚XÈd>AyÚÑg3™ÍŽò¸]½'§¼YX�Éš–÷×ä*™º×Ïf”öáߨTim�Í‘²ÈäFj[ÕÃâÚ†¼Ž„°/~i6evL/x†©F­p/)†\sHz6Z”{™Á?)çã6¼�w´�³‹P©Þ�vK™¥;ZKHZêŠòÚ–A®\Þ@óô=o�dz	B˜ÎÆ88Ž§P@;úŽ<�yÿ”«B"|ÁÉ4e mNK"ò‚>eFGGôÖ²Ž+ÿÈøSÂOÛ£ØëSªUú@�ÎÎ65‰`b¥ªkV¸ÉÂBÄÌph~ekøãðvÖÁ×[6Ueëà^÷xîëžO³=aoĽà3@;†òbšÆ­Nâ€vuhc„|ìz·ÈèSƒôà®E•ë[œWïÞÂݾêv»�‚“¼Y7y]ºãvà(‘H¾–álÔÑÂ3Ü ˜9h�x{€+î!‡(EbßÆ7àø,·PÁ�óµe|`c€‡YÜ9ï]Î	{
-*¥sh0¼‡5’ùÅ[µ4®´ï’ЇÜjm·ŒÐºQO4hN¯ÛŠì�~|
^<ž÷èô‡ò‡N°OîJoÅŽ¡/e x@‚ƒè”/kt?h`cuc¼Ä°Ï¡ ‘â%ëÑ!ÑF;Bí@×
„²nD-x:2•x‚fm³&eQU¢ö*m´¨)—Â7¬4OǼ*eDWfGüÔ%ÌGŸ',Š5¸ãÎÃé¥`dJ[cÅ1$Ï4¿/CRJØ–¹�¤w3T(ð,‘ãhÊé‡yd+Y£ñá�Û9/Ëpñ¨cøUc`Ç{Fì+ðhçpsÑUhù"Ñ»À€PqÖ„Ü
--Ü�{0Wà	‰²&5g•2}À*uªNˆñE!¯jpå+ÅîMì¸{©ÃTá½ácR+™÷I[´௭Y÷‰€>Ë‚Á~�Ý)CÑøm"q‚ —0uÐ_¡q/Qo¸FFßn °
-æPøR“4©Í°QçŽ>ô:S
·Á1(^j5‡
+Í-ˆ‚îÿ�dÚ�É~xõ"¬:ó�v…û*•û�ß�—ܶ
-«®ÚÐeP¤k+ù¨
Ãé·p;Ö<ßÌ™Çj�¬øÔ0Øc„q[ØÊI»}‰È[¤ùªãÞýnkt]X;®ÐiA
-×YØ`°6döèPüN8¸[Ð|!ªJø¢‚k
-ˆy	<éTvm›
-wÄvî´/Ó¨Tèˆè^Àî*iAýMÀ„`ÚÆàšÄ¥µJBÛ`»#|¸ƒðŒ–‹î
-ObôåùÅ%ß–W÷×Wô¾¶™876mXvá¢âŒçL,ÆøUÖ»?½—MÜÕ÷ٌ ïÿ|ös˜û—endstream
+x
¥XÛrÜÆ}çWtž¸JíbïúÅEI¡ÂÙL¸vÊæa
+å°¥ØT|ÑuëHÇÃM£jųñUmÓ&á„©TíMÒ䪦L+ßpy°õô�7…Žè¶Üÿj½à­¯c�
¾
•kÞî”÷l,Û²÷…­±
+r*äðéÒŸd«“g,b<!Û^³¸£ágBÝ1a]ƒÔˆ]¡žÑ
±¬v™Ý„ÀÊø6:ëSnQa
+8zêµ(&
+Z‚m¹Äæ0ûb3gfÁ”÷ßµ0�|zóRŸAªKŠV˜À䣡ï¤Òd~O×÷×W¦­Í
:gw
GAxÂxH…Äê°§>íË™ÐfƒgP]+R£J·C‰½¨¨üÙyreÄÈܸ8QÙˆþekTUˆ6úàdKM)H(RÃJ+úÅ{„š&¹¾UU¥Kh£‰ 7R
.¼‘Ú€ïbSÐ��ô{aî^'ÛÒ$*�ˆ>*h^¥-ˆA
+Ùþy/Åš ù®‰]R›˜5õb'–<« W
+1œ‰ÍO-û
+»*ì4	Ý̼Z¡h?õŽí6ª2¶J¬¬LÅd”ßÁ§7—¬a‚Õ:ÿ×èÝ타˘ítîø¿8xžG·“­mᶩuÖäÐÔVn•÷*‘ž
+ˈk¼ôÕ˜<Sœ¼ŒGs‘Çó9ÌWÇÁc<Z\Æ_3®‰"‡©‚'
+!Êáàçdh;Î_ÁÛ0µA’$Ÿƒl~Û”ÆQ?Žw!�ºé¡Ñzu0åox:›.1ßà(ÃÙd¾Â�˜\üaÍÝLÏŽB"ú¹£kTCIú*
+F¡N÷:­	õÍIµAØQgZõ#ø„îSƒ¢eЦP
 endobj
 644 0 obj
-1554
+2311
 endobj
-645 0 obj<</Type/Page/Parent 476 0 R/Contents 646 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>>>/Annots 261 0 R>>endobj
+645 0 obj<</Type/Page/Parent 497 0 R/Contents 646 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 646 0 obj<</Length 647 0 R/Filter/FlateDecode>>stream
-x
¥UMsÛ6½ëWì­LÇ‚õeÊé¥ã¤Mš™fâƺtFˆI8 À‚ Uýû¾H[r¦§Œ5c‚Ä~½}ûöŸÙ’ø[ÒvE뜊vön7»þ°¡å’v¿Êo·´+i!‹íŠLÚ’jHZëNª¤à¨WŠB£¨—­¢Võ½¬ñâèÈyj�dzÆ[Aô¥
-ÊRïZ嬢£6&ÚÊg#8³{œÍ4_®Å
-�³ÐhûMÛšt £LI…_ÊS©¤	G¡!g‘’Cþ*y®œ?J_²¾áD'7vý¡ë›oÅ-ÍW¹Øp¨ý*ßRº0
¿O©üíjuÝÒ¶0C©ÆËùè-ë¤ZšKWS¥�êéè5G¦ÀÙ†šŒzRC`$eOíP4üµ
-d÷g
+x
�W]o9}ﯸâe‹ÔM)ý Oíò±<´°´¨<TZ93NbêÛ“�¿çØž¦¬´B‚�Ø÷ãÜsϽþ¾3‘ü™ÈÉ¡¼<–ºÝ¹¼ÝyñîL&Gr;Ã/ǧøÐÈAupp ·õîiuZÉ×*ÓÉŸ®‹ÞY™9/w¦kÜ:ÈÙ�WoŸß~ƒ‘W2™ÐìîžÀÊúµä_�ʯ»·
Öºµéæt�뤆møÒöõBÜL"Ž9oæ¦SVäÍÇ«‹×Uüef¬–¥×+ãú`7´~ û“—Õ!]š®¶}£Y›¸�ÕNU%rUŒ&«­ŠÚX5A¦*à,ü¯*ÊZwQL]:7uîAn–ºÆYzÙßró¶1{O¾fQüÜï~6õBùFnð÷Rß?O÷ Ç�ݽ�&ƒ©ºF”¬�˜{×/Ey-ú‡ª£Ý$ïAµhÐ#â6–NGÞ‘©úøÉÐÆÌfÚë®ÖÌ*25B¦1!z3í£š@Õà.šZ%ø…¯�o«rŽˆª„¼—
+�‚õÕ:TFT]ë
+.·×ï¥sëûçUñwXªÌ’Ü\]Jm
)…È€Öœ<KP
+,`éëàXÌuH•ÓH`3„˜ÒI`™3wÂÂõ¶åH\—XKâÎXl0Ó¡mA}|®äzÄ"™õ]êCeM„ëYñÄøÐJIQ–0òjšÌ"›N‚=ÈÆ¢0¨%øqùùãÝ͇ë÷lÜJ>DÉ‘³â´¡ÙËTÈœ¸ë"ZÐ/XN|b©²#Ç¥@cä?„УP^ÛD`\N€
+&OÓÙQ¨½YFÒ ’Ö�-Gù
+©“®nU”Šº…2Ïoýzöuä.Ó*Œs¿CG“P[Ìc�¬Y›°€ë
O1‘*¢šš„öú;pCC2•/S$ff<ιªäFñx½DwÎ5®íonšs^�NP85øi	aA’„‚Í@Å%Ó¥ÕÐÌ΄6]Îp«¦5ø*zeä‘�¯¬ÕMb
+¶t!
+Ûý.$NR…Ø/Msÿœ)×^ÃÝèê«Î…ÙÖ?0</ð4®µW;Kêj*]Ñ”‰ê
…C­4°x,fÁ�Ô ¦hRê¸ÒmW
+5ì †#§¹Ëf}ä,…X!9¬;³²H”ÃÃ4Ôº¨J	�3é‰n
ë+ÓL¬œDjì»G%Ï
:ä÷Ÿ
+“–7ì=C(Ûù?Š«á:èCrù‰<“„‡³W{
+?`°Âä…:`Ý\q®³ag)0ÄúeÀX¾¢k¯GQgõæRG°8VRvJ!/ìŒLl…Ý
EIö³ªC.“Ö´�0Г�û‘Gað@°Òè¹×crÜﲔ؞©{âû®#ÿž}�M¹R�šã_y“†wx†×
€`ú%Ù¸>?¶WÚ¬fev0ÔQ¶ª,7iI{ºÞ±¥ˆÁBÛåO@sÂì;‹yÇ•h
+ÙMÑ>”E
+	f‘V‰_×;HÓ;7Þz�'•Å³
zH$~½²‡‚§\ç±óýcÁ`›÷4šÐ�—Gqä‹¿%]~
!Upt†�u	Z2¢Ušÿñe-œÒhwÒÃøB�•Q‰.eëJÀžç«eëayŸ<n¦*BÄÓÓpÍ-&7Å"øDì‡ÕŒŒÂ˵£XÏxL–Ç:¤Ñá!:¼Çp}ƒ'
 endobj
 647 0 obj
-999
+1855
 endobj
-648 0 obj<</Type/Page/Parent 476 0 R/Contents 649 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+648 0 obj<</Type/Page/Parent 497 0 R/Contents 649 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 649 0 obj<</Length 650 0 R/Filter/FlateDecode>>stream
-x
�WaOãFýίUº$.@à€ò¡\�öW⪩ÚØk¼={×·»Np}ßì:‰c¨zâ‰íõ¼yóæÍäÛÎâïˆÎÆt|Jiµó>Ù9øð3�)Éqçô윒ŒG‡‡¸’î^ßß]ÞNþººŸ$÷ŸFþÙÓ=*�™¥£IBצJï%ïÒÛñ	Îî^í­)éGšŠj.øÞÁ‡::ŠÞŽÏGc~.)”#Q×RgꙖ‘±êIiQ–-‰ÆÆÊŒæ-ýf
-M)‘¶vÞ
-29ùBƷ㪨HèŒð2¥Ó²Ép¨�VRnl‡ëè8F¬�óÒ*ߎ"¨Ó¨ÓQ
-±�Tª­ô¢#zµOM‰2WÁ	 
-•ÒÿÄ¥AÒ†ÒR‚hœ!¡ì°”7 §íCu-|¹BÛíDUA“V>±+´½¾gU¬/³ÐÐè
»«w�o&]
-_	ù ¦Ê+QªbW(
6ªø™yaupéP*pœ�üÖÀ
-K`Ý0qt-dGÊÐ,¶ÑAèDï•Wê…²FWxÕ(Ì—u¢›¯æú
	#ê‰0Ù<—p$H‹íÌç˜Íƒ¨Y«E…<WK#21G=K5·KŒ¼JÆÔÔF�è¦"R¿Ï·þ‡cŒ¬
-7Bë‹èáhÐSüV‰–´„(�ø«†ã?|KZDŒ-£ºÀ3ŽJ)écc\‹³4 
àv¬âó•H�Hòfa�/ƒໂÚ3ö†ªf €ÖÖ¸×íØ™ÖûKçÓW³Ùãíd’Ìf¿0ã›%gãËÒ›i�õƒ1þÍl¿�g3nõÔÕhÝm,®�$ˆt¨Sÿ-¸ZÂùºq`æ¬v¤ˆD¾ë©L³…ô\¨‰‚e±†Ù¼%ˆ úÖ40‹K¥Då�\©`Á Y¢|lU"žb�M.š‹ÅÝèv%nÜïv<'Óf½¿õF&´*ºÕ¨Ïâ>­7Œ¾
+x
�WÛnÛF}÷WÌC‹º€Dë.Ùh
+ØNˆ/�•&@”Š\šŒ¥]e—´¢¿ï™YR¤i-ê ALîåÌ™3g†?ŽúÔß>M4œP´9ºX½[õ‚ÙŒêìÞ=ƒ	�zãàÔÿ×*JŽäM|zx5#’W8¬ôpÃáœtr5¢~Ÿ	.žÌ¦´ˆå}�Ññ…Jv®ÃBGi¦(Ó¹¡<U�d…
óÌh<v¹-"þ¿ëP–SæhglžîÒl�ýÆ<òî0§Ôì(¤Ï™>ýBÑ:S:§­²¸eã~_|?êQ·?
+J¤Åúç¥%"–ymáXóqž\¡vkMs
Ýg:R Î/ëSô.ùy
˜èK›¼*ÙÖ…›å¼a•S_�Y].HšžéèúÓý‚qdñ¡¸ù
+� ¤¼#»Ôkt²•a®0ôÀBqˆ”
L³ÌY£Éç
+÷Hªlf£Àþ�ÍrÅ””9ße8+5¸DP
+\é§ÌÍy“"j(ú°��͵t�Z0;”÷×�‰ÙâáØÐË°YN!©Ò#³Ùb±ø–àòÂ+]ÑV~$@Yz��
 endobj
 650 0 obj
-1511
+1624
 endobj
-651 0 obj<</Type/Page/Parent 476 0 R/Contents 652 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>>>>>endobj
+651 0 obj<</Type/Page/Parent 497 0 R/Contents 652 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 652 0 obj<</Length 653 0 R/Filter/FlateDecode>>stream
-x
mU]OÛJ}ϯ˜§Þ ‘�@ )oáãJH%¡ÅWU%¤«õz’l±wÝÝ5iþ}Ï®m’˜
-HðÇÎœ9sæ̯ޘFøÓôœ.®H½›¤wöï„ÆcJVxr5›R’Ñh8�(‘ýdÃô]éÌl-úϱ¥Lx‘
-Ç$rgȲS;Ú*¿Qš<X^+çínHÉF9*…õdVG�Hí…Ò.Þ­öw’üì�h0¾žCß±¬¬ò;BxíÕJ±=¥�)˜2eYzcw§´¶¦*©à"eë6ªt§0¯Þ”TZ³R9Ÿ’Ð
¨ÑÃ&ÃùÕp2Ü¿±Ý–çvÎsA/ý­±¯Î¯Œ&�Ú8ÏÃ7`âÈË	ŠÅ��xcRÞ‘ÙꃚèzŽïwóá#)JªRxÄÐtg
-°AÏmÍ�kšbOy<Žwä6ÂÆ£Ò`ÀdéÜQfh±L:|”B#YÆ%ãC{ZU(£íÖ>IÝ+eCa Ï…xß÷Œ¸Èh™×€#®Ël�ͱV )òœ³Øðçù#X~¯v.%;G�B‹uäw/1ôG!�ŒVÆBry¸°�ÚDN ù¡eñÐñS”§´g;‰‰;Ç_úŠ¯Ébí*�Ü’û¯$w“ËZ'Tá@鯊!¥ˆ½d[(.F$W¸å„©€ê

-SE™s´$f¹Ì[MàaLßi^=òÜ’`éGŸ�¹´÷?_Ö¾Ò^Ã?LH3ý
lwÜEE3þï–×Qlf˜œÚ
Âô¤Ç†ULÝõèG)³Æû68$xÁÉ•ZCÄÙ�澓µ0è	GÌjÿÙûÚrqOOVÙ »mQXÌîÓÝ-4J>Œ',WY‘æͨ°�xFt´±“6â„èsô‹A3Ýù
-ÿ[ž›˜§‰Ðw°
+x
­WÛnÛH}÷WÔz¬X´$˶`°°c{ÆÀÆÎØòfè¥E¶¤ŽI¶¦»iEûõsªšÔ…ɼM.þTÕ©S§Šõ©‡ß}ºÐÙ¥ÅÑõäèvrÔKF#Úýp¬&=º’!
{çɘð8"§iÎGzI÷l`ÿéÝ�ú}šÌùÞ‹Ñ%M2ÙУIÚ™,5¥KkRMvN3Ò%ÍM®Éø~“ÚÊy}BÕŠ‚¥�­â#jfß4­m•gDƒg­p²òÚ‘"¯WÊ© ÷î{?ùvÔ£nÿ,À~Gy
+¸æÝ­MžÓŒ�PåBgl…—Œ“ËJUÀXl¡‚IUžo¢}‹-Ž|Pe¦\Fï¨P©³ÿlHåÞ¶Ìá~¾.Kè«­(U%6¾jqa²G°°6w¶àªYfœNƒušmpÜ”"�-aÉ�¹yÕˆ
�ÞõhÌøö©;8GZ`n¶$Ÿ:³
+ôKýà§Ów/	,ÆSMZº|î9ĹÔiŽÁÙ÷¨ W•´^êR–k˜ñdÊ„îç{gb3«}ù¯@ú»ñ�WK*qÍ6Å-ŒšDÀH"auAš&_gñÞtÏÆÉ{zÝØÝç™Tê˜DN©rz^åœR8K7�ÏÈØÜJÝi>€%Ò¢Ëhz‰€Ïg–}oq å#§w¡UÎc>ÅB#@>Ìf‰%�¤Žm;]Ø ó
ñ+A‰	Øær&|-íš–øÚÜY9›U(�=ÿãùªÌÀÁª4ß#8 ÷à"fÿ~øb–æF—
K±Û}!»
+ĘÃ5¦{ìP6ÒW(ã°TAj€¦ø…õ7í¦Ó‡ÛÉ}| ¿¬(Ï4êM™\ÍrÔj›<¼ŸÞŒ7X%To@™à-È–ñ&8Ÿo~Ìþp—ý&BF[xf¸bÎÉÍðkŽbìþ°x©°
+FÕ¢tZ¡¸¤Â[ ýôy|uzw^«gÿì<
ÿ‡ýÈ�Ëœ	Ä”EXå1svÍY剀òÓ¯,Ñ4QðÃÑ%žûcˆ"\|fýÞ©õ€†ý‘Ø:�kläÔ)šë5+V
ŠídJ²Žy‰xƒAFW`fAJTJ�%W,¡Â3
Y(*hw¦QÊè`'¨E/ã}%-úƒU+P“@¨(ãɾ²=®J³`
+?«b¦×+º�té�¶Îæ9NâØá¸ÜÞ—l•å4ö«½†ñªÄÅF5;1²%Èwp!1MQ$({¹¶î•2À¨ètYr/aö{[BüVÆ£ÝÎóoWO·-s1Ï�¡ä/=½yütuÿÐ>Ìewx¤ÉßÞ(lj¬°kðm�¾UÐ8EoÊ´BHþ<º–’¥\¿é|‚ø¶§FWi¨øV\S‰n”¨Sð7Q¶‘‰-¤ÙHjšlǼì
+ô]öÆôFês,{9«AÄ΀£œ……³ ¤41»Ò¸Ž#Q>"¡_¤¾A*Vúm¦>Ì­¬�v@5Õ2õ’¯ôÌêiG͹(ÿI¬L1ˆldÑsiÔÀ¬
kKz¥)Ó
+0|ÉmÚ7@¹½#³RÊ1ôEeüp‡5+Cí'ØÛ
+S>]'tÇM–i«©Á*²AýAr²ÅÇ"‰=rÔ\SßÞt—4â™JEUxËV}‰‘$în‚
„�„Hõìä„Ž·•ô‹TÊ1€Ä¨¤âÑVLK‹l ’ÆH¬¾]3^ÊW3q#†}½}S¹Éhn£|K‰ñ‘KØüQaFÁH�hÊšBmæÎUÊÄ
 endobj
 653 0 obj
-1001
+1961
 endobj
-654 0 obj<</Type/Page/Parent 476 0 R/Contents 655 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+654 0 obj<</Type/Page/Parent 497 0 R/Contents 655 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 655 0 obj<</Length 656 0 R/Filter/FlateDecode>>stream
-x
•�±‚0E÷~Åq
-½ÒWÆáG1
x•3(‹ý¯±wÝBÕ.H˜+ñµùiò¡ÿ°à÷r,ã@ѤO²EµÓìÈÞGÐFendstream
+x
¥WïoÛ6ýž¿âV h
+8Še;¶S`šnYtY׺؆º(h‰²ÙP¢+Ruóßï©_‘[lØZ °$êx÷øÞ»Ó瓘ÆøÓbBÓ9%ùÉõêäçÕÉ8Z.©ûSnq1¦É,ZÒl¹àŸü,%eXŠ«é,šÕOâ	n´OfË9.Ã;Ýl‚×°sû;\ÜÌ(Ži•!¡ùrA«Ô?Ó*9»–™AÌTÙ¤²V[Ú™9C‰)2µ­ð¬4"çûÒdJK;"åHYª¬Ì*Ík­”þµ?Tqõ'‰"%üº]Q¢•,œ}²út2¦óxM°÷™Ê÷Zæx@n'-*•ÂaÕë&s”Œu!Z{ ¬ [éÞYYþ"ÝË"3€ãs%-"†EåYòÕVúðœdùض¹“6‰pʽ0‰Å#~q�!’Ù›©¥FZ*Œ£�øÂ@˜œ
+Rë‹a-£IG95K€ìy­Ï.®¯¦ó†«+ˆ ÎïvHC+E8¥÷[m6B
+$«¼tIŠ
ÛŠšµe¶˜1C¸˜�t)¨ví×Góp#B·¿­�Ò7Þæ¼çñ<€ãóåÆAÌ°è/­U:]Ä]ßûŽJ§3t®^Ã
+�tEÇù/Åk5bþÐÉׄœý?
+§Étz„´K�ÕÉ2¢·ž<;ÁMá
+hèÌEßô±ŽšJÓɯ+G¡Ü{`ö 2â6uçeGLEjuxlsuû–9B‰%uÉúôÉ<}¼(j”Í°uÎÝw6
 endobj
 656 0 obj
-160
+1500
 endobj
-657 0 obj<</Type/Page/Parent 476 0 R/Contents 658 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+657 0 obj<</Type/Page/Parent 497 0 R/Contents 658 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 658 0 obj<</Length 659 0 R/Filter/FlateDecode>>stream
-x
uSKoÓ@¾çWŒz
-RœI8R�
-uU®›õØ؇Ù]'äßómì)ŠâÃÎÌ÷˜ÇïÉ‚
-ü´]ÒjCÚN>•“÷_?Ò² ²Fd³ÝQYQ1/
-¼èéÝ!¦ tzWþDÞš‹!ïv¹›/‘9½w‰› ’xG¾¦çýýR®¢ÑÁG_'zWùS¤}I©
¾oZ"E½“Z¸"ãT¶*Ò�Ù‘ö.JÅ
E7­7gº˜›,  ÛÅj ÔpâàvìûH¨´]ŸÄ5Äî(Á;Ë.Eª}
+x
�XïoÛÈýî¿b /r
+#Å©ºªÔ>Ðè>*银íh2(yôA‡‡èšÑ„FÈqëUF¤lI£[wΕ£Ñr§
mi¼.¢óÐòHÂx*œ�ÚÆ@O¦ªh­©Ö~Ëm1q'yV®PÕ ì#ò2΢87£Ââíjõ”
+˜hž>Â'ÿå˜[þ
+ošØkê05Œ©Ï'Þ³Fù¬
™IÝ,ÿa¦4Î8H§¾›NVô!(¢èy
+�j0=‡á‘}7ItTxÀæÈUä.B»S´Áv8í%{˜sÐɵ{–¥$z÷kÑ„šN
&h2ó÷+5D­JÎé[â †Ác_™îûF³sÛƒª×¬Š<T4�I¢‡«S›H5nôùÒò—ÒÏ&Ĥk­<D†´ÉÙ÷$P-Ž´Ñ¼å�
+DN@	^2È:Á˜¬BÛG’‡Ï�J¦Øm6´:íÊ2gÇšT1ÃS5ö­*§Î"ÈZ¬‡¥·ÓÕ«{Ãijƒ¶ÈˆtKÕÀ’´ÇÀ“wŽ#.ÖlÊÞŒ…¼Ã3¥>hšT+¦XÊËÞ­ïôÑœöŒé/&ä¡î-øë�kêAûžÉÎ@yd«Ÿ4D9×Á³q(äàšÙð
[ø1é´,†YŠÉ½×Žpîšy¬”ÝÆK«pW©½wðºý¾}zs9€¯óyÌŽ$Pœ4ÿ¯…žAZx×À0×
´
+Ãt
+PRHQ¿‚¸´Apò.E¯YA×Ä B¦yNÒ»¨Äi­yN¯f�öµ	é5‡³À€­ß™†¼Ùî�mQGˆAäèg.LòǘþY—p0¦î^Ù²ŠpvñÀ[îD¡,°aƒŸÇž ëd·`Lkpkl­áisàì7äÕUü»Áa–¬~îß`¥ùû~—EL"¦¹
›a¿Xº9IÚÒ-ù¤—`ö#	øú§›îÅ{~u=›ã;ƒy²v÷ï>½ÇvîÛü®hk¬JÅorì4Ý>½^à«…ò4½¡ó;ÃÆl[/·ÑG8ßòò÷–_Ô£@ÖÐ?;Ãÿ…—1BðŠ|upq}�èrâå9‡Á×ÿ8ù+õ–’endstream
 endobj
 659 0 obj
-521
+1902
 endobj
-660 0 obj<</Type/Page/Parent 476 0 R/Contents 661 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>>>endobj
+660 0 obj<</Type/Page/Parent 497 0 R/Contents 661 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 661 0 obj<</Length 662 0 R/Filter/FlateDecode>>stream
-x
•UËŽÛ8¼û+ú8
ÖŽ­1lonY`Ì!/ÄÁä°ŠlYÜH¤BR#8_ŸjJòÌ8‹`ÃÈÍêêêêæ·Å†Öxmh_ÐíŽt»øë¸xùæO*Öt¬ðÏn £¡õj½Æ}sçRð¦×Éz÷âø/b·´ÙŒ±Ëâ°*}s—ÈF¸iè«óƒ£T«DŸßÝ}!å½µ:øè«D÷Ö?Dzw¤Z=0‘±UÅ�]¢Ön"U>Pà.pÄCëNÔG‚"É×´ÜÜŽ)OÁ÷Y‡øV	¹œI¢Ÿ`&Öµó�?Y‘mÛ5ÜNÈ©ævEÇÔ+¥E¢V&›2ˆÕ}“(ù«ÔÖ%>•eâ=xŠç˜¸� CŠ"èD
ôá,xÎqXMÅnµÁÞ;&íÛ´£oú̇…}òF�3—’JzÒ�%Y#ĵjš39Õ²™´ÑÚ÷.EXéS�YÍÚ_QŸõŸ	gÑrVTòIµ%è÷É|E]ð¨U�~? =U¶á|¦P�К«¡-•œ†LwTd®wîVù±R<P|K‡ŠE|?ð‡?Hš Œ‘Ö‹w`
-¾øà±ÆÈRpyum”=ñ­®*ÖµÐN r§¦s�ŠqðÁà
+x
•WïOãFýÎ_1ŠT5H‰IBH€~â8è¡¥wiQ…ÚØ›x‰íÍíÚÉå¿ï›];?Lû¡wB€Éî̼÷æÍøûQŸzøߧñ€NGeGŸ&G'·Cê÷i2ãG£ó1Mbê½^�&Q[å¶�"&=£TÏç*Ÿ“Ê©Ìci¨H$½”Vš-…µkmâÅ:*¥X	è-�´–¤�ÄRt<y?ê".�Û}ÿ;~íöOƒ
?2eîî5r.cUò‡Ä
znDÖ!‘ÇÈB/�ÂåáMƒÝMƒQ0䛾üvó÷Ûýï×W÷oW×_îoÂðYå±^Û0¼.�‘yñ—4Vé<ŸŒž©TÞ+[¸‹{Ô­ïÙè’Ö*Mi†ÃH�pÎl:4Ó†¤ˆò
+h5qúŸ0	»àË3RŒ>0JÄJ‚Ç
©l©M!òÔ^²È	Ùh§@eP…]zI¦UÎÅî…ÆUøˆ-„)(“y	Æ÷¸hÖ¼+ù€¢°�‰ã$h*¢E¹ä$95§éójÀ7—2–qxì)â~:½F¬úÓ]#ŒÜƒ	Îé×ÕÍ„ÈÙøs#3½ªyJu$RèÒ ß»:‡4ÇÐÙ
hÊ\6á±—Ñç«	ÓæPh$XÉuG3)H´¾shbÕª
+}ß8~öñx”ÈȉôC¯ÔX.á) ÆJI-ƒDùI‹%5…jILõʻ䞋€éÒ¦A”ûËÃÕ£Gd;¸Ë¿³6’]Auý£êÑàŒºµï dP.S•Ú@� .ünE6 (–Ór΃…R¹Â'½k	Õ�:òû=OÆ	7!�Ê£…„emgC£2[B,¶h—Ù’ÏB`™ÎyžøÝᚹݤ1|½d?°AuY=
+9{ò<ü.á›ÉÖ:í�`AÃó1~à§g~½¸Ø�Áø,8‡Míö‹óà<è‰j4s®ÏÚ,`&3
ƒ§¸›2{MÿÌ ×ìöÀÕºÖ?ÿq£ãªfѶí
›dubÁÊ'(¹b®�[—Ë,‚¦°b½&»”‘š)À]$F—óÄ™ÐA£.“ÚøN9¹=Ûí\ÛUƒW¿Øìêm¿¤‹(¥~O”ó‹1F¬ô
+:+jëvö
+Š•�à<ù
+/
+ áåEø
+­LK£,)|¼êëíYt[Xy/sO˶•s¹®c3'­]	µÿÔ·2ý¶»¬èNtdÝ�·író†Ú`¶j"Hd
+ÆĪ*çu‰…Â$À„ÄnQhÔÉø¦VoéqLõÏß`�X©yw¯â0—¸Ïv¦zQéPVÂ’�u¯�¢¼”&S–2¸¾á™òFèY‰ÑU%|Üð幊OVKÈÎóÁ‚ô±cg®sªöªôÆ)TkßÐH`‹©kE‰+ŸàMì m+y‰A»qí½�ThYÀŸo	Kl"Œ'æ0J“¶Ì ›iéái„gÉË9û¥ô‡.´:5x«’Nïï8F/^*À«}q†×ÂãÊ'œC¸hsÐ
 endobj
 662 0 obj
-870
+1861
 endobj
-663 0 obj<</Type/Page/Parent 476 0 R/Contents 664 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+663 0 obj<</Type/Page/Parent 497 0 R/Contents 664 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 664 0 obj<</Length 665 0 R/Filter/FlateDecode>>stream
-x
uVMsâ8½çWt͉ÔNX lÈ3ûQ•C2Ù
-©™aË �,y$‡ýõûZ2”l%T,©»_¿÷Z?/¦4Áß”3º¾¡¢¾øº¼øõ¯/4›Ð²Â››Å--KšŒ'üRŒ¾oE ïʬ•)éÉÙ�*¥¿\þƒMsšNÓ¦«Ùíx†m£ÃÂÖ¨JIO/�÷?H`'^”¶óô¸$Q¶5�jaÄFÖ�ë=‘ÐÚvÊlH¤]kûFÁÒZ¶–ø±jµæ¸ºš^§hµ¬×Ò‘­ð—¶ÊŒé›)$QØ*Oø/­‘ø"�§vJkòRòžÖKçc†gÛ�ØTñn¹§N:IFµ“YäXW¾÷ó±Ž7d„Ó¸ŽU’2T·Å6fä*EÆùñþùΙWf;…‚Å*®¬Ñ{’f§œ5 ÷«g7ã9÷a‰ø°;é[øÈx~·•FîM Þ8»q¢&kb6±¦Z¼ý+ï‘dé€
-taøht‚WaMpVkœVá8~ëY(ìI=FYèÒÆe)³1ÑWY¤30w‹”ÑYƒì?¬
-àÔÕ‘>šh5Ú)—>>?ÇRRÞmPÖd±k[¶dG{øìßI«µn¿ºÄw@��¥r²à­/:’ã¤X¬Ù-ƒD)8a|#œ÷÷%Òö£Æ"fa˜C‚ùM±”Èrd�žØV—qé§ÄóOI&Ü»�T¹-yŸ_lmg¨R\4y.ðÅó�,á]jî±F&†gf
-$ŠªbI|æ	v
-â5ù	¨YgLøãÛÃÝýãj5l¤Ã/QcZö¦dd�À‘è7à›ŸØ
-lJ�ÀÕ,Å”KÆ¡\z½.ÎÉÔ	PkHˆTÑjáè `6æn«Ø�\qòðp²‚ÂOËÛ»²T$2߇¥Ä
�x¢#B&¼
åN%_ð™Ÿt»Ùˆµ–tw¶+ƒ÷¡Újôt÷
-wÄHEqoh¸NDÛÀJxnûpÅËC$/E�©o—Ÿ8
-�?w#
çšÈÈ?%®žJkúeŽËçGÒº®Ã“3aýï
z¾˜C¥¼xt3ãÜ¡Þ¿/þfÝEendstream
+x
…WkoÛ8üž_±0P\Ī‰致iï\|¹ØEQœ
-Ѷj‰TI*ŽÿýÍ’’jÓkPçaš»;;3»ú~Ò¥¾º4ìQ@q~ò~zòöÓu»4]à�ÁÕ�¦	u¢N§CÓøôN‘[I*Œ^¤™¤$52vÚlÏi<¥ØHᤥ\I�%ÒXŠF—Ñ�Û�hÝE–ÆÂ¥ZÑ­p¢EB%¤q·±ç$,md–áûÙôÛI‡ÚÝ~ÔC§­[i×N­sj�¥[i�ð�'Œ£{©ÊpOëÁ襹m!ìô ßÔY™-(µd‘µL(U$È—2ž–Všèöf5‚Ž‘Vª–$ŠB
+®HÓ\\À€D·“C4¸£¢4…¶’#Æ¥1R¹lK¥Z+½QuœÞ ºàâ¾ê’b€…<<È“­u2§Z9£3zJf<ÖÅYg:Ù®8¤ñG+ò9^¥y–†f§VJnÌ2+HWm³×È­Q$™Åå¢stV/
+ž-Ž
+'8:gèS
+	Tÿ[£¦\8Çù{Yiuö,“›ìðövðŠ(ð5I—Ò˜b¶Ð*‘*æ²�E	/)U‚J *�¦0Z¾r“Ë休�ïVMtÖ>ÀzåÎ@ðuuRªLZK-+¡ÑÔmé�[y	r1Û¢©—BX»Ñ&±8¼•¶U‰�Qó$ÿ8þðøõaz÷×8r/nvÆ=<$Z…¨/k”RÉø¥E$’ØØÂŒ ,3žîn
+
+ù8=Áœ¥þh„׋«!^{øϳ4ŒåÑn,÷W~ îóU„¿Dƒˆ¾¤
+Fäµ=ñc€kØÛü¡vÁ)täÍ’âÆBÁ‹;7ÙBÆébë½Lm�¹[¡d!¿™¥kðìY,¬jŽ:.ÈþV£¶òô5GeS§|O¬Ë,©C…ëùÆ
+¡ƒ)‹Ùu<Û¼'
+$Ü`rÿ¾zÞï2�jà{>a¼×hcPÙ²(´
1~Bbï^uC:ÑàÒö£«£M)4dÑd%ü};“EYn#¥¢/£Koi
¾ˆ:¡eõäêö†ˆßî]…5á
ÃÚñ¢
�1ðÀ9ô"UõˆK¥Á
ÞÁ y¿D…Z°ìa“/�¿{ºõú#P)ЭË?‚“ã5°G½nÿ¨¸;@˳a7³à/s½,!þ9¤µÏ’§'%2“œ^ê"äc‹Ä#RÈÙ—YaÜë€_È¢ßC¡uXN¯Àë£èàn^ˆ2ãudÉ‹
ÓCq†oƳÙç7 ^×`‚Uyáüå·Uðj·Ä6hÒâÛ¼ÿµcf3æ7vÉë^‹ÒÅ¡T
 endobj
 665 0 obj
-1340
+1795
 endobj
-666 0 obj<</Type/Page/Parent 476 0 R/Contents 667 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+666 0 obj<</Type/Page/Parent 497 0 R/Contents 667 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 667 0 obj<</Length 668 0 R/Filter/FlateDecode>>stream
-x
…WÁnÛ8½ç+=¹€ë$Ž§½µéÛCÓlí¢{(° %Êæ†"U’Šª¿ß7¤h+j±E$µÅáÌ{oÞŒ¾Ÿ]Òþ]ÒzIW×TÔgo·gçï_Ñò‚¶¾¹^ß椋ÅÅ>)fÚŽ¾*³S¦¤¯Ö=øçÛq`E——éÀ‹åÍb‰#³íAR7<é{dMÊS)½ÚY’p¶EA…VÒ„s/Ý£t„Ï‹ƒ
-²­“zCÚš=¹Ö…ßé²—Ãe³!|ù4‡•BÖÖi…kMLñ‚^\^¥Äð� /wþ¦ÒÖBò¶x��:¡_RYGN~o¥ž(X¤äÔ#’AE^ž¾NÒ^éD@=»ž*¾ÛlH ®û79«Ñµ©N¿mœ-¤÷8æù"”к_'–׋UFHŒÕv¯¤§–O !U7ZÖ8v˜s
´…S;<B(ª”A(M;©mÿ±=‹ôòæ0¬nÖø{‰¬2é—ëÄáËÕ«˜Á‰ö�ªpÖÛ*Ðg@$Ýs%8¢[¤þ¬×\Ã'&•�ÑÂ
-�¥^
-çç$+à€âQ"Kir�®=1–�Â)ÛzÚˆz'h+EMµ¬wÒy ”…-e~h´ð
äãÉV`7ÿ&wú6û¸ù|ûí9%™2ÑPêð?mÄ�eQ[a$Êp“[�ÔQ¶aA(k<ª
-Æ
SÚÎÓÝ–j
yp©L¡Û’õ梵0bY�ó…ŽD‹ì!�"†Cg˜(ô‘¤§ 
ßX«Ý¢ÃÁ¶û‚CÊ,)
-ÚÙ²gf"ÝA¢B`uBÙ"37¹¹i]c½ôÓÉ^Ä|ÖE>ÂdµHÓÖ±KsÃ3¼ ˜ûtjRSâI»CÓäÞA¾Ê€õ:b3ÉGìlð}©UÙ
-M‘3ˆÎ
!ô‰Ëx’˸PÜ6"¬@ƒ¥ô8»`'×aö*G�ðÌ–~Ao{*•ƒêÁ8üÄõ¬+ �…ª¢­%]å²ÇåÍ�VR‹f꘬ÎOL›Ë>ÂBP„Mn:	nD=Ð58ÏÕúüæÿ�çjµŒ&}rž;„¡
†ƒ*ð»S¡80&OGÎ`6[äù‹ççÌ
-ŒšÓTIÁÃú(:h|=–…ö4}ªfècà˜\
(P3ìt
-Ï0ÝžÀâ[(ò?À1"sĆ£KK•Ù�€�±d±¢�ŽÕ��_ål
b¥ãì¼m†Fn€<ÍÞ£6ùCðD˜£8Y`h‚±8ã¸÷ñ!w(2èsð£»�¨Œ×!„t<lØ>+xUJËŸJÖ!AÄdmh‹^#<Ç<OíÁ#ñÈøþ˜@¥LT,
&‚ý]F“HwÅœæÑß
¼ÄøV#&Ý}Ø`ø±Æ'Á�!Z‚ÞÝm¸Ê¸o°­g’ÆfœÇÃ8÷¦ÑÙ’1Æ÷NÔ5wœXºJ@¤I#Ç~â�
-^êŠu
˜#Ÿs‚mRç8és€œø®H,«'*käc‹8kâr†¯a~ìþÇÌ€Ënyrg²¿,¼“} õ¸ZÏ÷'=,p€¢rðÞ�
-Ë~‘
Ì°fù~‰
“j6—XšV;Ç3(:8ºbfëÌa¸u“¦><œ7¾a±¦lÞ'ekcÃËHØàÞÏ
c
+x
¥WïOãFýÎ_1:éZN‚@BH€•øuWÚƒP⪚괱×dÛëÛ]“sÿú¾ÙuÇGÕJÕ‰#ÄöÎÌ{oÞŒ¿îôéÿú4Ðшâ|ç"Ú9xLý>E)5:S”Ðaïðð�¢x÷N;yFï¢/¸mØܶûGög48ÕÓé˜öÉ-¤‘$ðcu.IY[IKN“‘Vg/’–Ê-(ÑË"Ó"QÅé”î"*�NU&íŸHûý£Þ
+g‡A�§Ç{´ô "ÔçDKû™pµ°)2:hJXÃ…g
‡Èê?{|øu´¾ht4ê�hx2Æç
~@Gø=¥þ�ùÅ=‡ƒÞÉÁ'½Ó]MnÏoî>_NÉÇžûæèŒU
Ê,u¥s�œ/9g�Ñ4ù\pì�xúã“Ä08eïµµŠœT.ÀŒÙ&a(*ÿ=|ð%�Æëú§j˜†VâÐñ°ßC9-‘F@™DYÊ"Qßh),i£žT!2d *·ÐÄÍkúE/
+ú™"iJ|Y†žL_¾9	hÉ3gU‚§<+©6œw‹ÄR[®Ç�äMEt<`àÃc”²ÉÔ4.ŸŽ;ÜM¢k:p®êÜ¥*CŒœÞlßIóƧ‰º¬DˆÌë:‚xŒdÉà³.Ð)¥ŒUªbÊ%îE¤
Y8{ÍwŠò=‹‚ÐPÒ0vMo/ЃL?d²%äa¡I¥}¼–Z¦Òpãõú´dc€xô_n®|?´�Œu^ŠBÁ0ú¹°¡WùäFò›“…EƒzGáÖûx~G·¢O2@4žÓ±ÎzmÉ*–jRÅ2éy«b£­NÝþž¥¨!™�U¨yåØ¢8»I2‚œgÙ£©”MçøŽ�H�,¼	Ž†Ó:azº†àRp J.�…'c#ù�
Üvƒ…]À[“J„l¼�9ÇDÊ]�‚Rï{ÔÆfz~ë�,F¾—v¿§�ÓœsvðÇ,ãð–$|œ¡2c?`óö¬�«ÂÀbÞg»�“‡_?<L>Ýoùãw=ãòq¸XàeØBÈûå¶ö$x¤�Ï¥Ù£{£raê•F½½jämpz‡Š?Wå÷wÎÞõ|ÓYᇸâébh2=У0%(ç÷è
+öXè^¸…Ÿ
O
+�,´Œ:Ñ7h#Çet‘㨠‘u"š¯Öø‘¦RÖ˜-pOÝ’·¤0ê�|ŠÛ‰šÔ…Èñ�.Þ–°aÙPsólPâ\�«äy‡Ý@ÙoÐŒ"v{|é_0ƃ
Õ®ó¶TcañÞ‡e
+z
+å¢Æ.@ÆÏ|¿ÑïÒ b³œù¨Xf€3g4Ò•RÔÎÍ/~+qò2Õìh¬âò¹ˆ‘‘äá­Q/''€wµ'lüyɉ"µºÄµf†bÃõûlËß.Ïf³Ç›»»h6û‰om³¼°ÑÛ©—õƒÖîílþ8ÌfÜ6ê©áhe–\HKăÍóÔ>ßfð�¦ýôœÕQÈε›©Œz+ÓWò'
+K1Û§Ÿi[‚ð¢¯u³¨±'¡1@%ú+…ä2ð6ÃåÇV±ûŸA6©¨2H,�ÛÝÙWâÆõf‹²2®ü†ÔÉZÍJÑFq�Ö“¹-€°{„uÙû9vŽíáiä¦ÅýaÀ5AW¯¬‘éõ姇›è÷¦04®Çƒ�ƒ;›­_iƒ`«,ýklÓ�·nRIX¡ø¹ÂLIB¦¯ÉýÕ’€¼e 1*îMT‚
6Êu"³�¢åe�lËSüÒÔ)uí‚y…Žäõ7d‹ís+ñF†åBÂ5ý7µ×h(ˆÉñþÆïC)º‹ŸheÔ,]M¢9êÁû“¦ÕúØÜûx{†78pqŽ™¬¿à=“6®Ø;×;ç~¸}<ÀKf²û?ßA†ã!jÒñˆÓÂÑo;C„ã¾endstream
 endobj
 668 0 obj
-1681
+1764
 endobj
-669 0 obj<</Type/Page/Parent 476 0 R/Contents 670 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+669 0 obj<</Type/Page/Parent 497 0 R/Contents 670 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>>>>>endobj
 670 0 obj<</Length 671 0 R/Filter/FlateDecode>>stream
-x
…WMoÔH½çW”¸l�À™CŽ�,«`ÙÍ ö€„zìö¸‰í6Ýí³¿~_U·='Z„’ ÛÕõõê½ê'ç´À¿sº\Ò«Ê›“·ë“³÷xrNëo.®.i]Ð"[,´ÎOÏj³áŸÖûoú§jºZgÞ>_‡Õ*Y�f´®4Ñ;‡N¹=íL]S±oUcrU×{ª­*H«¼"[R¨´×ÔØ¢¯µ'ÓRè]K¤Ú‚øk>|A/Ï_eK„rê´·õƒvTömŒm=Ž›ÁépJ°àÒ÷$¯�þÑk2ú³Íõô	?|YÈó1øGî9:/ß°E_ö¾U×ÕÈ�cÊ’Õò"[qÐë
-ç¼»CvA»RÁyçìƒ)�°"d³G5<
-¥öTZG_L»1ÈŸ�®¬½g»èÄvÚÁE»%¿÷A7]£¶¡R�Z­&ݘl£©°-ú�pH׊ýº|šú¹‹N÷“{23ÄgcÛ¹-©¢ gé¨g1î¹­ù
-(^�F˜��Š(“6c
‘óÐZê=€ÃÀÚ:Ûw@j/½ú}}ŒÓë7—ø½ºâßKü8Me‰7tŽIà‘x}±$†âSÝo·jSkºîÙH( ÓÇé!­åevÁ°ø•áRµ·tßÚ
-ëéÓõ‡ÒG•º/`QœÂ,
-|é¼jmm·…@ÉB<ÂM$2�aÓYï
ç‡ZúNç¦ÜSaÊR;$‹I=vÚh¸
-ELÁr”ˆM*„¾–}MO¸4LQ
÷„«C�rèN_+‡¤0­qÜŽŠ’Ñ{L`"7”{¬µ*Ó®uÀ
FÕ¶à2`Íîf‰Ô`)
žÛ�Eél#ØóDƺà‘bP×XET˜ë
-*9Ù
ªp89Ù%Ã'|‚úx{G…
-j£¼žyGéà˜]X&JöÓê
-ýÜÓÞ v¨ö'gÖ¨ÛàT˶ÁÙºÖNøÊĤá!EAžÆ¼RíV i
+x
mVÛNãH}ÏWÔÓN�ˆI �0oá²Ò’°ƒW£‘�Vm»÷`w{ºÛdó÷{ºmçbF@À—®ªsêÔ)~
&4Æׄf—tuCi9¸‹Ni2¡x�'7óÅ�£ñxLq:Üæ‘ËyG–éš2�Å?c]ÞDS¼?Œs¦ïRezkiÓ?–
e‰DX&QXM†­ÌØÒVº\*·6Ò:³‹(Î¥¥JdXŸ<¢T+'¤²án�°_l›zr]úÔ–ÓÚH·#„WN®%›sÊuÉ”IéÓfwN£ëŠJ.66—•='óîtE•ÑkYð9	•
+ÕªîñƒÍîžÝYÇ%½
·Ú¼['œÔŠ°qQøß(GÞÎ
+…dWŒåh]F×­C’¦WÒx` ÏúxߌØÀhU4{FlŸY/›S­@©(
+ÎBÃ_Ï`y�v‘¦l-=%6�߃ÄÐ;…@2ZkÉþÂô°‰œ@$駖…C§O
O*Çfä%÷Ž¿
eÄ‘V¶ËëA
+d¼»&²eR	k·�ÖR¸¯ÀÖÇõ¸¼ÿöã%~Z-#÷Ôþ¥Â'^÷ƒ�ïC?dU�\X_âEµ
éñÊN׆C¬ÖQS)�ÑýúèÞ<Z­wÐZ¤
®FP,%0+
+�Â[a!ú)ï,6´à1`ÓÕõ-Vìt>Ãß—ø�ͬ›¥=o—öäfù…Ž}}´¸�án�ÖèŸh0(Kk¯ö0‘¾äQsjÔΣۈVÏ‹§å¿÷«eümõW˜å¯{!C¸§àé�ÃœLgÓhŽÿ°Ž¯g><Šÿ{ð?E
Ìendstream
 endobj
 671 0 obj
-1730
+1019
 endobj
-672 0 obj<</Type/Page/Parent 476 0 R/Contents 673 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+672 0 obj<</Type/Page/Parent 497 0 R/Contents 673 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 673 0 obj<</Length 674 0 R/Filter/FlateDecode>>stream
-x
mSAnÛ0¼ûsL�XµlÇr�NÒ=´H[=Óe1‘H…¤âú÷J2b† @"wgfwvßf)|RdK¬6�Íì>Ÿ}þöi†¼äÍf›"/°H‹ryó[ù®x²Òæð)aô)ƒbô|™%Æßì„ú]ÁŸ|P
¤08(£œ
-µ
°%:¯„)pp¶k
#Å;ûÚµ>AnáTÑI…P)ŽÖ½BZßçòÌ«(€´é*YFÚ1Gmöš°‘À“Nráe¥È°^°¦Çý³û
¯Þ:eHdºfOI¾kÛZ3û~æ(l#´™�Ik‚³u­µâ9–bÝX‰6¥u�š$N…ΙLàéñ
Ú÷’xFü³XQ[sà_¨¨ø¬hÂ9êµ·ø
-å°‹Ûq»ÒM–Ä=å^ì#§÷~‡'g_H€G+»èq?x}>d͇´+Û»ÎÖÉ–›ËåÙÜ�z~ÍþƒPŸendstream
+x
¥WMoÛF½ûWzrP›¶dG²{K‚0Ð8n­ =ä²"—âÖ$—á’bÔ_ß÷v—’B‚¶
+[îÖMùKÌcvB3¸£��ÝèZÛÞ	nVMß1-]oMkëJ×�“ܶ°TZ<ïL¥ù¤¥iµÃK	)-bJ§C€#>3=•3 u[ó’ì
+-OªZ«IP®7�æ�qµªr‚´”ˆ³%"Cš�õw¿Í‡×¥®Yôß;Ík¾P¦jð~Â0>ñyÀù¯Çw’ª²tgòXö›�‚UyÓ#غ3i¸ÿÞf}©q‚%bªÒ"OºÝšI
¦K†	;vK7qù°’ÌV
+%@¤­óÇ›F+
+ç%Ó.mÍy3¨Xˆ‰[·s�®ÎDmJ8g¥y8ïë”àªÒt;1Áß‚BH²@
+x
+$Ô7?\#?63ò"?}’#x#Y ò™¡
+ø*}Woýeïhêc7Z­ÅUдÑíoÓùÀÇuUhdt‘Áø_öï_Ü¥qØœ/“ŒZÐÏóÅr2røî|äÁ±‚£Àg.^ýy»�±œ’ªÞ�;Dóÿ˜?Ÿß@÷
+àóKÅ€!·Õ¥ÈçÓ­Q>®‡§'¿i„¸ýÚ?)
¶6îà,-y'¥Y·ªÝ}~…ÿ
=nf˜¬~y$|<t ÇQ²8ËÞưר¯@xj×`6×�¯ïÅÝÍáËÚÕeøÞô3_ý ‹Ô%ì±[™Îõòzœ_¯oø
 endobj
 674 0 obj
-543
+1669
 endobj
-675 0 obj<</Type/Page/Parent 476 0 R/Contents 676 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+675 0 obj<</Type/Page/Parent 497 0 R/Contents 676 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 676 0 obj<</Length 677 0 R/Filter/FlateDecode>>stream
-x
•TMoÓ@¼çW¼c*QÇqÓ$[ˆ T_*UBÏös¼°fwÝ�ϬWmá‚"G–wß›y3³ûk±¦¿5í
-ºÚRm·åbõá-9•-V¶»=•
åYžãK½üdCd­9*g‰mCïœmÕaðã—‹òª7´^OÕ—Å>+P¿,;!á $D:ò‰¢#5u¢£²•B#¨:Ñ”=PÄöžëŸ|�@Ô{÷¨Á›V&�žAÖWH?T«À¦â÷½VlkY½d´¤Fy©£ó'ÿ“<YaŸhÑ]*%£¼w>#0ÏHœ9P°Ü‡ÎÅ@®M½sºœáé©G@ßZˆj×È(d�ትnN$}RaÛAküÙ:‰ËZÅ
e(Q‚FS%^ø<öG-dœ
-\GRœä}±·UZBFtÎ
g
-wÊLÃbœ…¿¦‚98/„& …\&_‘ݤôsÕ½h,yCaÀˆp5I8íÓÈ[;kiþ	Zàà°î;FÅØfôé}¹Ày§ë"Çòf¿Ã{�øít=ìŸÎî„ÿº6»M¶Çµ‚l·‰°¾-þ
+x
…WMsÔ8½çWtqª3_äãÈn-‡„,™r‘m�-bKF²ÇëýõûZ²�K

f,u÷ë÷^·œ¬h‰_+ºXÓ朒òäÃîäÝŸ[Z­h·Ç7ç—´Ki-—KÚ%‹G'­#£©Î%=Þ}úF¥Hr¥%%¨©q’îvü—%¡Sʬi*"-JéH8>ÙQkš"õ�¾Ñ¢Vù&Ü柊Þ,élµ‰Öˆ¾Øñ	¾?ÉM«i¯
+ÜDÎà*Q‡û„•„ïdJqÇÑSS
+åsát-ɃÔT˜ŸÕ|NÒqöœ¨mô,°};ûªtjZrÒ9…âQ…˜†^ŸGÛ>a`Ttdâƒ2�#W	êôÀ!gÜã3RŽb©tÆHøÿ…’fØèjñ,}æ{cËY¢7Ÿo¯?Ý==�iøÄ£Ñ.G(üÖ2A
Âv\ƒªI…iݘ°Ie-mÉ
¹X™*+“�»!1‹Ü�][Sè9¢´Bר‰§JØZ%M!,¡æd`´Û\%9Õ¶qüh͈‡•{i¥Nd:Çö:M'ƒÌ»Ó1ñÊšƒJ™`$´W#dÀ4<¨d¨&GÜŽž÷E“e".$]�šykÒ†9÷´¸¿¾}zK®CÒ%
+Uw {q@L\DÄù’Ìyè$·F«™C@Ú¹ÖØ”IU·Œ‰zÙ
¯É¬W4`¼jªÃuÀíêA|Zô’Õ¾AìNàô~³ÂÏíå~®ñQöÁR®hi°¥l¯.¼¬_Lå*ÚD+  l&kz„ʈ©
�­Ù†ÙÔþa¤5›	`àûÍá£\$'’ÿ(W3:0…X°Êªé½üKêizJôœ„ÝÌ:Ñ*—‡v7H�m8?»º	ž3Í`�ÑÈÈV
p//î<qž&K­*Lçï›Ç›ÞÞª:7ˆ‹š¸P	¦‹|ÙàC`¢FµIb]£’ia½ô3+E
CrªéØ>‘Ô,¨H!{ …Û`ÈdPO.EÊD™rô×Å{äÙÀÓv¼R¯6“€AX:ÓŠŽIÀo%ZVÁoF ¹ÞXŽé½7�À­`B[´²òÑç5±Æ|�¹ÿÝ[Û ](Þ“*‹¼|+á`’¡[•Xã̾îÉ£!,î
‘ï/òòî�'a½³Ø[ñåÉIQÂH¼ÉŒ�†®�¿¶÷Î5�‘µ¸:UØ朵õÿ
+ÛlÂàœ*lÑ_˜`CN_¹Î÷'*Û!pÛ¨ÞéàË0W•ñ€˜çðoA	ˆ¤ëw�ù°3‹E Fç '€
ó
+ÐPjŸàdÀ7ýDî5ìLòÇh&‚ð¼±òG^1Áa¹Ö‚É,
àø›_&µdÙø…�¡¾{xð€EÏúꄉ¢j4’(Ž9„1ÃshÎrFHäÚðÊ
&�)'Äê“%Ž�
+P“yÚùõv�ÿ¦óëåety´°]E[öÖ
Âp‹{.$eçûˆ
+~E…Ïð
+¨òe†²f°ü9ž ý²ËúMŠ&eÒÙ€g)´È|kO9 Ÿ£…òОí:÷nSSà"H¦`ŸÏr\>3¯
+lÇF:�FroUÉÛÝ�ßgE~|YÒ°ÉÜ0f´o´ßí„_3@?ß²SÞ
s¶Úkv§d‘‚�‚b“b©Ý“ï_0l¿˜þÌ({ƒŸE®[Ìõ¹P;bnàù~âZÐ’Ù"uSz©“›á…¾YŽ~»
ÊÄ“&ö31ùbbUöØÌò1TÞʱ56$¾gþM!\Ñg
+;6:S±ó
+hÄC«¼·^
eOË;ý¤ÕÜ6™)œßdA`Á[
+*ñ3}vùË‹X¿Úm®~1w.{S_a2ñ‹äòÈ®o?\³Û|ç™~c4«KŒÁ9§Î±ÅÏ7ÁíÅ®Æ÷.Þ_ñ)¤ô÷É{£×nendstream
 endobj
 677 0 obj
-608
+1683
 endobj
-678 0 obj<</Type/Page/Parent 476 0 R/Contents 679 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>>>endobj
+678 0 obj<</Type/Page/Parent 497 0 R/Contents 679 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 679 0 obj<</Length 680 0 R/Filter/FlateDecode>>stream
-x
¥UMo1½çW̱HdIÒ(	Ü(R¥R
	*.Þµw×°¶$äßóÆ›¤!	©jÚF»ã™7ï½ÿMi‚Ÿ)-gt½ ÊŒn6£ï_ÒlB›oËm$MŠÉOª«;mtQ;žm¾#tNÓé:ž­Š‚¯´-µ•ÔŠ@‚l2¥òäjêÏ’¶¤c *y¯l$òªS"(I[å²Ó®ÕUK;E­ëEGo*g­SL^1€	�§×CÙCŠðj
-†:NùJ 
-C1´Jj—`ŒG<Ž2³o°G9ÑálåàANÆ.Ÿ�XÜ9ZS
-"¾­Z
-z
+x
…XMsÛ6½ûWìøäÎ8´­¸¶“›ã439Øu+eÒ["A‰1	0
+Ê4ãñX&‰ý|ûöQßO®è?Wt;£·7Tv''ŸÞÑÕ5-jܹ¹Ã‡Š.‹ËËKZ”gïŠëbVГê4͵{mJüÝ4¡\ÿ²ø†“×tuO¾™ÝâäÙb­ôô9YGOóù95žÕZ…Ái
+kø
+õN{mðÙP§Ì–¾<}þ‹l¯�
+�Y‘ßú ;_Ðç@ªmíƳûKzsõ¶˜±Ûø
+€§§ÅX®Á³ÿÇùŸÏDhzœž}m*dŽ¾o&‰©²´FK›¡“y²f,ë8=_Ä`D­C±$µ¶Y:å¶Ñ
æ`.•Ù™ááÕÒÚ8I1w#"�*×H„Ü`ÎÒ;ÃÅðZvl
t
+ÝN½0
Tß�y6´²¸ÛZû2ô2fô@c[ø*Ãêç
ň÷ñðHÂ*·f³nÀ‘àËr-@Õ1&ù°í5ˆð¸o)V]�KUFÚ4œö
+•¨N­ h˜�WA
Hù)Ž)i—e¦ú‚˜¬\Øfƒö½.™cð
“nn6À*Á,ËZanáL<€ÑVLê
”Z¥éÃi¬ë*í°Uøˆ¦ýÿxnüûXÌ_'k/QS<üÌÊÔœ–Áa鱯Fœ	e²Ï}C7MÛ&^n­BœÔÙj
+l(Oã¨:Òº˜€;
+wÈ“ÝÛ)¼˜°áòNÞÝ´œjiq?¥ñ�

+«HÞC¢à…–Z”€i¤ÒxõÃ貨…²›(Q#üD\±y˜�¾å‹
 endobj
 680 0 obj
-830
+1862
 endobj
-681 0 obj<</Type/Page/Parent 476 0 R/Contents 682 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+681 0 obj<</Type/Page/Parent 497 0 R/Contents 682 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
 682 0 obj<</Length 683 0 R/Filter/FlateDecode>>stream
-x
uRËNÃ0¼ç+æX¤’ÚôH¨
-ÁÕµ·‰!±‹
ü=›�„„,Ë+{wgfÇïIŽŒWŽy�ódŸ\ÕÉÙÍE†zË/³y…Z!K³Œoädi�ì¢×֜ԯœY"Ï�™§E•œ;©[ ÍFÿéõS„ÖÙØ´|¢'Øí!\‰žðHn¯%
�ƒ²�bÝŦ›Žp¹À-E`DÜY;òS£Fø§ùùTìvÎîœ�Ýi鬷ۀ‡õRt�G+öŽì@Š) XpÅ^+‚'Ñs[h¨qG0¦øÛç™ÅØÁcUÿÁU¶ÚŒšœSÀÓêöå[xŠqŽ|ì´ç×Æ‘|£¢<HâÚq&BõÚhFlæ	i}‡ä¢1Ú4\Øëú+ú€Ä³`Z0ëÞÒ‘ßu�°a¸X,Òe5ç¸àíÛ£¿Õ�klê¿î–ó2­ø°§³ê»ï}òÚø­¶endstream
+x
�Wïo9ýÞ¿b¾]*•4	iÚÞ·BTé8âNª„œµ7kêµ{7!ÿ=olo³]8tBH�µçÇ›7oÆ_Oæ4ß9].èùŠŠúäÅúäüÕ’æsZ—ø²ºº¤µ¤Ùt6›Ñº˜8/•ŸÒºÒ�´m•/E¡¨*��RÛ-‘ «ö$º¶R¶Õ…hµ³”ßi-�§OÚn´•´Sþ@J„Ã	c¨­D‹«J¢ÖÑF�®¿œÌèÙüùt� &ÒYEðÏÁ8ñ÷óW?;iDýyŸLOƒKûL&T;ÙEl p�V’}Œ,œ½9ªè¼nçc!³[ø!Ø°­w†Jm�:²âÓƒ`½2j'lÛ'x¼¢®‘¢M®‘±Û¬§0í´ >ú Ttøîæ/’®èjà™ÐŒ0ÖÎÿ
+Q�¡Oæ´Ífàññr!Lé®eúåúþè‹ÛphàZ¡%¤vçPµ|Œ½Rì"Vw@µˆx6šèmK½í<R
+9s†S)KÍ
R*¢:„P¨©–¶Ê*A¶ÆEÂGÈ�p“e*纔\; -;4@"R»wþ
-	ö¥f	ãNÏWû>Žj�zÂ{–BQ)x`è%aô±Ý�ð ¾vÊÂQ
+]¤!z{s`!”®ÚŽ—çŒA¥§”ôø¨ªÝR§‰àUÛy‡lLлۗQ
+~ÃO=s…qàÐ^·Nõ�|æø„	Ž;3†Î–“ò>Þîó
Gµ…Ìó˜JN‡-±Ç\PÜXÂ&99ýiVL{ǸŽâ‘Q†uøÀòÀJ®¾5<‹Ñõ
bò;è1†‘k‹ùQ¸"‰ƒb‹B°ü°pŒª–”‹Ý‡�Â@Ø~r8 ¦dÁB©¨Æb‚‰Ù–”“‹'u(ö-ăà0~Ñ|¼>
+Är½Ã�Ú…/ÉE¿î
`ÓakõFœGaè±–·�gБ×yÌÔaѾJµöÞÅÕVA2ƒÈ1P°¢	•‹z<¢�lØEƒH2ÍS¬¹Âó¤ë�<€Mm*do—/—à(;-sVìžÄÚ“
zì6¾	°ÄÈ=ηXlyŒ6êp„b�by098Úts
+ë*i¾ºœÎñ̽æµ+Ò–Þy÷2J·Ã'ßz–?»\à-,'ÿó�´¼\âqo¬ælRü÷Éw=
+ü¡endstream
 endobj
 683 0 obj
-360
+1748
 endobj
-684 0 obj<</Type/Page/Parent 476 0 R/Contents 685 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
+684 0 obj<</Type/Page/Parent 497 0 R/Contents 685 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
 685 0 obj<</Length 686 0 R/Filter/FlateDecode>>stream
-x
•�±
-Â0
-]KZ1bmþ¾©ÎrÛÝq�{Ä�§Xq¨‘”’$u�”B^BÂs
كƔG-ªk÷ðÃãØ6gì‡iÔÎikPjïЙ§ÆôöåÐÊ¥¼Š(ÍÂÆb£Ôà*küdïØiçÝ\Hj
ƾ¸ˆ¯?Ýÿ0ø5�åY,‹@çÅÌÚJr o¤AFxendstream
+x
}UMoÛ8¼ûW¼cˆUÛqíø˜¤ À&È6.º‡^h’’ÙH¤Ê»þ÷;�’œ¬ë.âȆ$òÍ›™7ü1šÒSZÎèjA²Ý®Gîç4�Òºä[‹ë%­MŠÉdBkyñÕØ�±ŠL ™¼×6Ör±¦›ZSé<QÜjúËØô“\«½ˆÆV!êæ’D·.U[j���¢#‡×ýÛ›¬¿�&4ž^3T¿èÖ^“Ô>
+Ã[‚A½‚îQ0$ùn¿
Ph‘_í5yý#,gXwT›�ÀË|#
+_éxRô6ÃD•–1çUO¢Ñô¢ýÎH|ïM
+â*îe/åxY\ÓÕªX0Ÿßf‹eÿ|�š�?ÎpÅó5HjDÛC`Ž ºr{
+Úc�§Ê»ÔvÒ­-m´ï<XЗ=€/R¦,�Lu„ñÄ–n‡}­÷¾+o¿Üw24L¦óDiàd�oÙm,FÌêX˜»éääpÞ§6/�*¢w­Îr?[óÿã~Ðæî8U@?´šo²{H9Ý1Å+‹„”.Ùx	Ú;ÿb‡“E¨]Åü›æT
+7w‘fµÔ!pv”ÉfÚDmâ
2œ8›ÕkxF»ºZWû,w7Gîþ\�ºôñjŠëüz‰ëÿ„²éMa¨ñ=_-sN¾¥ôªXt第S€²]£^fêyÌ	†hŽ[Ì’™áCé!!ÿ“u}Ø]þ>éú CÒ[uÂÆÛ»Ö
]éÑHï‚+#}~¾#ÎŒ@[
ðËís°*�n
ò“CÇF]ñ©W# Þöy3êI]å²}® O©›ü®q_>$GÄÈ�YðZ¥¬2gs"’Ù`fP8áÁ�O6;QPc~êÓ¦sÆð"A­†ýkÁøz‘çÓ‚÷œÈ×}|OË‚OiœÁïã—›ÇÛzöî»–‘>9™7™Þ}Ü­wË.Θb¾œ£0oz±˜õ€þý6+’Uendstream
 endobj
 686 0 obj
-162
+1010
 endobj
-687 0 obj<</Type/Page/Parent 476 0 R/Contents 688 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 264 0 R>>endobj
+687 0 obj<</Type/Page/Parent 497 0 R/Contents 688 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 240 0 R>>endobj
 688 0 obj<</Length 689 0 R/Filter/FlateDecode>>stream
-x
�TÁŽÚ0½ç+Þ‘J»!	�°×J¥ÚR»´Ý«“LÀ•cSÛaËßwì
-	Ù{æ½7oü+É‘ñ/GU`±BÓ'wÉ|ó€"îãȪZc×"K³Œ¿4³ï’^¤ÞCèÍAè}Ø|Û>>ãH¶—ÎI£ÇŸ?ì~&î‹’Ìü�°Ý
ŽšÁJF+…2{Í7%ò|¬w_¬Ó"\ØÒ¤F¸÷$úZ H³´„%E¤‹!QK²uÆâ‡Ô­yqu%I{>c…£ÒB/Oô
-Á‘÷Œ3b` ùb¬<"Cm~‡ë81ãH·7­ìαì [²êü7îé•öŠÑƇúÂóƒ¾æe#,uƒ‚63hL´†%$Ä7¥L÷Qäƒqþ¢g°ƒÖ
Ąw
á¥ò•‡óR)˜šÎ\–WAÊN*štŠ3(
-J2<qÉÑöRKç­ð¬j#4+æ#­O»$!º
yX}ýœU–VX–Ët…ÅC•æ—�ÂS°SÆÛ§6zÔoºÜ$jÃÍ	 [êÄ <NB
„}…=y²<Ê´T�E±H—“ÂÓ=GW7�WXo™Ø=æ›ââÃ+§÷°¡Y§FÁ
Ç£±>
-~K¥‰i®vžá j"=Î
-µè¸ÅáÚ|ÃS=?»Ù¯ÊÑxä5ûãí­™·ÃûSwpì×^hy{Ýè Þt.ÃÔV3ŽÕ<„£Ò“æbYÜ«r]¥Y98t㣰¾
)¿ÿ÷$Äöþë(«2]ó“ÃCSe�-÷øKòë÷[sendstream
+x
¥W]oâF}ϯ¸â%‰6ÈJ«*‰’.j¾v¡ÝVâelà�=ã�‡å¥¿½çŽmHP»«¶‰DbÏ×�sÏ=çòõh@}ühÑðœ’âèj~t3?ê“	í?Ì
+˜
‚ˆF“1þ�‚IK^�Al³ûÀôðö‚¢>Í—Øý|<¡yêÇñ&9¹^‹ÒICƒ~@�³ˆ®óL*G?ÏOç_Žxí`T¯í
ùÈyz‚Ƀ€n/?ZžÒ§Þ{5¯1ðAo(Š¦”hµÌVB{œ…}¦¤k­”LiC¯ÞŽHXÍvƒó€£<Iê`–˜:E,~âq�H{Å
ßóÓÏGÑÙE0 ³q4
+�'ø[?å4cTÂÛ
õ=ÎÆÃ7\R¡b¢‹2—N’PvHœ&·Î,}­¤u™VþN±$ZêJ¥„>ÜÒ>À}BkçÊwa˜£ó`“)T/"Pyøg.eµ	-_&Ü
+X¢‚2c¹
R¯Wom2·öc±°’t)�p<�ìÖ:Y0ŹPÏípF~+s‘)d(S~1S¿Ég‹\!T%ò€¦Ëº0hÍ%�)Ò-ÅR*¬õÁÉ´Kqåꬣ¶6Y;›a¿?耨Í3GÖàߥ
+
ãçvf2G
FjnFÚÍ"ám‚ïÌê«Î¤«Êfç©4‡ô¼LÓÅïfè(í(•61Y„ÚSj<<Q¿TÈB,ŒÌ·í¨VHÒáUR�Tx�ŒhÐÌ	ãˆîŸæ³àæ÷›.A@’gÎÐã/¯:� F–î.Ÿfd=•çv¸,X¯p{¸™{:>þvóiGG DÇOF;�èÜDsÖŽ³¿‚¼¼p­j:¾®Œa}m#ð�cU�Ìί휽»H‚­V’TUÄÒÔ¡g*
i�ëÌÑÒè…‹³ Ä3�{
Û)q�T³{+` “ßk,YiP`‹QhrP 8†r
ý
½b�­!¯‰ºdøY™H¤)A
”($¸ÉÁ#­Å“ö‡ØÃÖÇYâ�9ˆÎƒ_{—Y×é²IØR&Ù[}ž>ÌšøX
+¸×Ê^99첺bð�“¿ôýðš¹|‘9{œ?oÄ÷µI—	eEðDÄ ‹¯®Úê(º`ɪ­ž
®uú×Þ�sðÚÙ½IG?rã!€ärl\yqÚm\V߇†HAbãÊQð̓°·ä×æÚ‹ÆlV
+7QÒš’ßØ÷
+Ld>¸Å Ï.XP4‹È?5Ö¾ïuZîcÂø
+…ÍéÑx„Ö¢>‘[„ûOç·ÖÝyÔ�Óîñüm<ù½–�áãÝ{u;“öýM¦0Zx
`¦®á$ ok"\0u²Pô�ÐÖBh�³k™ç]’)XÎUºä–b±
+@4¡J3ëëc_{-÷O<£ÐÞçMùŽ‡ü5ÅYy«`“]WÎÝæ>æ}/¡*›õ|Ø óñè/‘ëÑëendstream
 endobj
 689 0 obj
-592
+1596
 endobj
-690 0 obj<</Type/Page/Parent 476 0 R/Contents 691 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+690 0 obj<</Type/Page/Parent 497 0 R/Contents 691 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 243 0 R>>endobj
 691 0 obj<</Length 692 0 R/Filter/FlateDecode>>stream
-x
�TMoÚ@¼ó+æH%pÍG=Ò¨QOiªPõ¼Ø¼�½ëì®Cù÷�õ’DõR!!°wßÌ›7óžG3äüÌ°šcqƒ¢}ÙŽ>Þ}Æ<ÇvÏ77«5¶%ò,Ïù¤³G‹-Gìu-ðRtN‡¬�£jv
-¾RN>l³Ò³Yª4�¯³9k�ïœm î·Xf9ŠZ‹	xmµLù·xÂQ‡
-¡8}¨ÐØÎv]„‰Hæ”à­C©�Áºô;^0AÊH"Çt¶HÐ¥Ó/‚ZB^ýy‹V…*ïJL؈éÐÚÖO»vÉ‘MDŒdRK7ç–Æζâ‚ÙëlˆtTèoí,Y7°{¼
d^ÛJ{ìðèÚþ˜±®Quj²}b³ª¶`gÿL¢I©$û<˳%/³ÖQ×5*ÅfGÔ¼h±ö
+x
­VaoÛ6ýî_qÈ'phËqì4H3$­³ºÈÒ,ë0Ðm±£DU¤âùË~ûÞQrb;ë·!ˆ![äÝ»wïù½Ñ
+ú<ïék—_>©Êi[|}CXAµS)IGòMü­3 ãh,Î�¡›­
+ÿÿÚ¿Q5ù�‡~ûÈ17¶¦Ô’¤»iL_fÓG²Çc tt£
ƒIé¾Ò…'zÒƒr¶®Eו];Uõ¨°4—ùB¾28r™]S]
+N>�;\l¨˜"~zø¹�žˆ	�‡c1 D
�¹ùfhΔ�¨
+E o”غÕXÑ´½¬ì¨ÜõÈÕ(
½-+ÅÔêbEÆâ[�*dÞŠã »]|S‰Gdˆ)­äjª?ÜÖG[ýU‰þÍ3…"ÈÛÐîÝŠÀdÓ8:={‹æŒÎ&hÕÿº<õééøµ¨G‚>BØŒVʣȌ¤•)ø}]+SZWFK¨/ȼ‘®û‘votå|�’J�aðç2®4‘Æ Ðßïfwñ‡‡/ ,éÙ!œÁ¤ÇXžJ‹F¾·å†Õßæk1©®1!ÖÜY1èeÅôêÏÐGyí<9ß
+©RV€…ÞÙ௠”B
3½5—­ôJÒ@@Îx«ìVXI
+ú<œÁ-Øiœ]!*š :D
+|ñât^%iÊc(d|éáó€d¶ñL-yŠ­3�ÙŒØÏ¡ê·[Uï0·7XO†œÿ5XÏZEã‰à›.
+;7†ùÕ/×W8”-Oyú`“:ÇA/=®

 endobj
 692 0 obj
-686
+1117
 endobj
-693 0 obj<</Type/Page/Parent 476 0 R/Contents 694 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+693 0 obj<</Type/Page/Parent 497 0 R/Contents 694 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 250 0 R>>endobj
 694 0 obj<</Length 695 0 R/Filter/FlateDecode>>stream
-x
�VÁnã6¼û+rÒYÕöº±Û[6ð)Š,ºQ·=äBI”͆"U’Ž«¿ï<Rrlí(rqlò½y3óFúg¶ 9þ´^Ò‡ªÚÙÇböçŸh9§¢Á/7ë
5ÍóùßTÙW%�Êì¨QZ’=éü^uqkE‹Eºõ~¹É—¸—ÝiU=óyk(ì%¥ƒ?³«Ïc…«Ë•‡p‰J‡ëž	ª•ÐvG¥ý—‚Ôšëöö@ǽe(>vØ©i"¼œ
-tL ¹úœÞ/>$XF´’ŽJk*1E/6Öµôó%@\YÞä+žäêqûåëöËÓÓÁKGOÙoݹÎÓ»	ö³K^ŽC§BÓyU‚ÿ ÃÇûÏ�±2#‹ÐE[
-Bßé®OåÏÅ"Ô8ëXé�‡û¿(~
Ò&¤œ(dm¯I˜zÚêbê7zÖÊWNu
2�,©Zš šž?³	
Z÷ÔØz©è�	¦_¶w £QR×£Nq„Nx´®¦ZQ
-rŠf{ÃiwÚúQ‰Ñ§'“KN¶ˆÃ:$›å”Ñ
-‚à8ay�—ºÁ:U¯AÁ�Î&P!�cuZô—1PÙ_*“¬%@ðè/�å£êàüŸ!;v>2hÍç
-B[üF•0<B…8ë�ÉÖbvœž	A‘|W=㬣¹¡MÊDžV¤QqPPçÔ‹Ò‚�í¤A¡\φ¾ž-^Ζœ±ÈÀI‚›Ñ:ÎÚo|Æ»•Ó­çÉÎ’½*�#žgGQ‚l»hËA°oh£xÌàÀmÚè�^uFïÈo\«“S°¸ÏÐ4ì)[”�ÉT­üŽ-!"h¢^ÑûP½åx
-{\�e§%cz%GŠ!ï¸ßmÝÂ+ˆ% bR„%™ŒXYcdX)&i€¹Ìçx¤æõcúù÷·¬µ÷œG¥Eo
ÿUBcŠOœhZúÞƒ}²1½ÏLÇQ$µHE†ÏãÔ€¢†�$œ0-'£
+x
�WQoÛ6~ϯ8ä¥)P˶ìØNž¶uK[ h·Æm0 /4EÙ¬%R#)kþ÷ûŽ’ÅéТhmYGÞÝwßwwýçbJü™Ò2¥Ù‚dyñÛúb|wCé„Ö9Þ,–+Zg4I&ü"¯^ïD”£é4¡·ÖéW)•÷t/Ê� ok'I›©—ëo¥sœ¿:hA¯¿Üóo|û?òí£Ù4Iù=®Ã…ïLp6«eÐÖ´¦s8êLÓ%¶n´§LTa+•‘6$á«!eÚYS*¢ß;ç©öŠýÓ׫×ÖÈÚ9XÐå<<i³¥û£ªüú’‚íâžÎÚÈ.åNɽ6—8+
+oiol�žèRÚ²ÔáÇŒj†¹Ãyô…§ƒpÚÖ>zß8ap�'‰€7ŠD„)
+<²!£=¸JZÀ_Æã,[m2}ÐY-
+Ê!&Ïý„•6¨!Cµ�;k÷ÌêÖä ¹ƒÁw¬6[¶]
†ÛˆþùýÙA¥Oyss~ß2† 0T®À½\ù�
+�BƒæëÛ	΃í·X$šMoðoI)S¿{:	}–Nðr(�Ïè’œ×çOïéö§u+·z´Ñ†•ÛU÷Iëêv6¹IV?Ðmº|TT-t;à<ýˆDÌv2qFCÍ1“‘±®DÍqÉB·#rh«`
S¨¬åÍšbú8[�eÕð+tð3e–vßçÎ�•q Ø:P³³h]hÁ)x�ªÞ+Uñ5%Õø´”	p�£nC>óÀ õ|§�“¦Ê©\aÖeTª°³7ƒN:�ip¿§YŠNþè[í^HáY½ÆØ3j;KÓdFÓ›kpŠ‡ÈŸíÓ‰[ÓþqÈ­5òÀà,¬Èbp’‚Ž~PœWTY�1ˆ]ï¶WÛÏ°²išDQO™@†ãÕiôôL¼Jbžlµ?³“Ó‹·¶aä·*Fø:4ûvt
+^u»sx�ýƒ™Y�
 endobj
 695 0 obj
-996
+1480
 endobj
-696 0 obj<</Type/Page/Parent 476 0 R/Contents 697 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+696 0 obj<</Type/Page/Parent 497 0 R/Contents 697 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R>>>>>>endobj
 697 0 obj<</Length 698 0 R/Filter/FlateDecode>>stream
-x
�WMsÛ6½ûWìð"eFQ$YµÜ^:‰kw<“8i¬&=ø‘ ‰†"X
-ž¯táŒÎ£1,Üý
-Ø"Qi
-ÞÎ×Æxù°ähDI;#«évW‰ä’#
-.n-PPF¡ç¤©LÛÁ=ѵ_ªŒu>Êëí¤‹Ö´ÜúrƒÏ+üátÚ*ÝrDj}¾˜_´î†}ö¤hXPîÉ�¿áeÍ:(‡
-�­
-ÐLÀ“‘’d.÷€žPÈ·Wï	†2°3™Ñ¤Æ×äiB;ålkÌÛÀ±ÔMä:DÎF{e™{Eô„¼{Ïú�zÛ>†Ç\ïDÎf<\/²¸%ñ°ÓZ=Ïu�ä9{Î*WÖqg\7g È¡@>º^´�Š3Ç8z=4°5àšPþ0òi¯'ÛA8%cX±�g¯ä:�ÿ¾ø›ÌL[è o£&§~ÚÈ{T®Aä=©#U}L>ïqo¿e:‡p´³…É
¢$º˜8¦”|‹õ~�üžBg¬R#hÛO
-9:EQœ‰âñTµPÂÑÑ(…<ño½Š
i/V#7Ì„XÙÊÏ	F¡ËÊů42UO¡£ø†“<(ºG9°iÐÛ8–Öžèk³
-OɇW>"#y࢙ƒMn^å€Ý(ù~µ�m&¾·;ÄiGO¢ƒ@2÷ýê‡	WÃDœid 8±®ŒÅÌÒè	䈣¹ÖßPt|ô·4zFM£¨øY¿Èsú Yf¤*·aÅ寱âÕÈ09€4‡Ð.�Ð~vôgßjñß³o¹Ͼ_Ž{ý§n5må¬7
-pµ�ßmÇm�·†£GLÕ†-2jÚ8,—
ƒçÖ¬Ï_OØJYwÈ%§ß/æ„g1V
+x
�TMsÚ0½ó+ÞôDvlCMÊ©äkré$m<Í%3!ËØ©-9’ÿïJ
+´‡,­ßîûXŒR$ôK1Ë0ÉÁ»Ñu1º¼Ÿ"MQTî(¿š¡(‘ÄI’ àã—ZH4Ìü2ت
•Ò`è™1¥KØm/pQ¼JºCóµ	'{ÜqìKDYO	üc�°µ
+¨¥£@í—[fO%¨“í�‹ô©\c8oJQòD
’uÔ´
‰ ª3–�Ú¡Òì¨Ô@X*ØŽO·}¢4­hÂʳõ®a#–0�
�\H”<ë£ÅÇà\ I§@ïÄžŒT×¢Ìwhf/6WCK2”JŠS9*Õ¶jãÄÙåò<ˆÇ‚ÿ#�çÅ·ëÅ[ö–ý+•G¡tëFÊh¿jæÜVè„&}š Ý.|>o¼frEvDÑsÿ‹
 endobj
 698 0 obj
-1610
+642
 endobj
-699 0 obj<</Type/Page/Parent 476 0 R/Contents 700 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>>>>>endobj
+699 0 obj<</Type/Page/Parent 497 0 R/Contents 700 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 296 0 R>>endobj
 700 0 obj<</Length 701 0 R/Filter/FlateDecode>>stream
-x
M�AkÃ0…ïþï˜ê9™‰smÙzlÔìîÚÊêÒÄ�ã.ôßO!=!轧O?¢†âªa¼´ðƒØYñ¼×¨kØž7mg`”TJÁújH�PN®Àa¤}¼à3¹B
Ç;n8:¤‘EqÂtr™0§Û% “§øKòɞś‰Ö´²�îÏ
7kû• {Ô­‘ÿGqؾï¶øÈéL¾à5ùÛ@cq%¦qI߬®Íj«¾"Íqü^YSFˆŒRR¾ãJyˆÓĶiñi£eÇOÛPýÀü•¢Qçendstream
+x
Íœ[s¹…ßý+æ-›ª„æp8¼ä%åK6ë*_6+m9¯45²ó¢�”7ûïsh
+u„ËátÎí`2ý¨s•ˆââÉ«§O¤»¬Kzù»Ñü¯UËéfb•]?ZÀ*û^Z?\¨U>þ~ª6ˆ
1Cá…1ÃvDVTÄÉŠ˜¤lO¸8·©£¥h]±b&èmOÿ)éI‚>l§þaô¾ü4¬Š�
+Œn<šÚJ$¬‡œo†T
V��á¯Á’
+xÆnµÏR��Gw“°žq»z?4™>¤9‹µ†…ñ<ˆ.Ô°Äœ&n²WkG“│9©>v=ë£9U„Úœ”ûž	ʬêàÌIõÒgèF(ÒžÞm¶W›ýûÜ•¤DWNg☓ÐÄ&E*0�ZÃОñt³_7Ñ"`‚Ó‡s0É"¬=Œ—¨Cr4á‚ì¡•Ñfí¡sö úØw¬�öPj{PBì<&DfE˜8{P};^È$Àˆ¬
+ŒÙBLÁ0"¶blv·‡ãyµ§	«hŨzÿ@€7³Šs‚Ç–É£�¡ö6_©9kê—3¸Eµ¦xQ¬©_ŠÏ´Ö4µÖ”ô¡ç�>XSM¨¬)Bׂ2}:kMIßNÆð
+ HxvVç2Õ�]ˆù¹·”öö-¤£—øÏÔ$a=ã´{—}©û´ËŠ¡<c}Ø_oÞßWçÍ!O~¬­›ÃÄM�R
O»Þl‡Q°Íùמü&?õÁ!'CdˆïÔzg†ªŽ&Ãêh†N_¡ê£Å°^‰öïO�	ªºÅ@Gdz\�VnB^Òˆùub~LHP‹øõp—W.,b6•q`Jµˆh7ÙüHÈ¢…'³-`!b.A"‰Þ§bs¦ZÀ"~Ùœo‚E@L§¾(
+pq^Ï›‘†ƒE †
+€é	•5’P,©b0ZÀƒ®�‡]òB,G&1ž…(×C6ûá|5Ç*¶
+xÄꔬ“E@LZ¯Ü6©@…ÈÒ€†‡%h
O¸Z
»Ã>L³²3ôuV.Ö’±ò/ë“pA–Üa·Ãø$D-Ù†âªú8²^o{Û1‰0d3­g‚Þö„Y6<’ÀîÆsqÍÐûpyü5õ‹€@�¾fD*àÛÍÉLÒ¤”ñB3ÃўÓ4©ÀXˆغôWU—œnVÇ!/ËÄxgâŸME”ë+²ú¸ÚlÃ9�::Ö‚4•�CJ<‰I$ž
ŽŠ+“¨ÁÑ7Ë
+Ø*¬·Ç³þbj"—pamv,õK6.Èf±®´µÄ9 ³ZÕGc}´ÚŠPÛ­¢™1A™¾g¹ªW+c€"= ¶Ý„ˆöňDõŒOZoB-äT¯7(¥{”	‡I&ööÙDxÈ*™kÄ~Ã4f
+õ„ço.þ� ,¤ïdþaH*à!o¯ß¾/Ò�‚Þp-’Àe³_þ«`H¸kºIõD‰|æõeÆ°˜™œ$šgJ<¦y»ÙO>)ÁY†°’Ûh€=åÍÅãIa�JN×ÃúÙ0´€§ç5Æpê&ƒE|cR
�1ÎæÞéÐ8‰)L&¬xÅ#Ç‹â$¦K¬i\dˆ�¶TÇYÑ °›£† ·=âíÍ*Çñ$Ú5ðÎSKÐÛžðâ:Õ€$Ræ ÷=àò;/%˜"(Xæ¸j$°Ç<?ì—…u  êž¢`Oy{8~øs˜dì+Nõt1õäLá•åL<ã&^�-Ì%ºâ�¹ã$²XCQáùÃÑ�aÌ–`zÆóÍêýþp2ar•ª"Û°®.	íQ?ÈÙ…#ç©dÏ<Pþ‚kVÛ¢¨¾¬»b‹†jQdaøuZ”¶B‹*b¹ÀPœ2B´B\¬·y+™4謒ѰLÐû¾/ž‡FDù{ý‡{à‡º´
Û#—)7l¸ †íïiÖr~;C
mÛ!$›2AÚ՞ݬ‘’
+-ÒZFÂÚŠp,J°ê	ZÀ`äçÃú°M�…À,¥+Íäórø8l5 �=ìP±ÝÖËi|„êFBøã£�ÆŽT„DsxvfHGVŒ�›½Y™�Nº²•iŒ)	ì+cb;’
2o!ZÀC~~ýâï¹/I&&!kÑRRØXDñæa”ê%Æ$�Ę²od	ZÀž…ENz²c&𘟉YâÄà!¦Â™™ýpè"¡àuÃÙâDòðªÙ¯œŸF[TD‹”;D"Ì[¬/ë˜ú¤!+ë[ÍY÷ºpÛ8mK¡A¸ ÆAwÝ”SºØ8Šhñ/¬’Ò8ãÕêö–ã’É“å“�$®¯ËÏØ Ú¯v1óhº€ì›5óœí­Ãì›cƒxQš´[Êá]eoe[64iB ûd�åŠð�­o0ÿäãnÒ 9ÃúÂô¾¯Ò}�«5%ü²4öËÌV%ð¤‹!f(c…ô
ÃŒÔ%’ÝÍå@S¢ã…6''@wp¡vZº/:±Bʲa…èRÂ>’ Aql†¾
5ÓÊè}_‹Hú~Ä™
%ü‘(ì�¦‡TT¢{Ö«‹äÈYÄ\–›¦6(€_x
+xÈÅj÷n¼µ¬|¿°Yç€
¥œ®Ú…‹lŠ”ÝáE
+Üó8%î#…Œó^F¨Ñk
_…Û»cn–a`aãŸC¹ò36Ù¿ÜìïÊV;‰�‚­ºÆýžç�³ØÆÙ×üÂ#4Ù¤µÀNί5e¤d�H³Ó¸X`¡! ŠÐèˆÛÆ ô¾‡<Æ^áã›Ã)N ˜P¾Ú£¦GþmÿÚÂ9KXªKNM.¨�ä…&z›Hš§Ñøøª—¥L˜
ñ¾C„ÆÁYéaû1ç�`Ûö+ÙÂoj˜¥qñèn‰6âC„j—±�BÚ…ö0Bc*¡Åò
+†Ã…zH6œÜ2Ø”üâ3Ùoj*lšGŽ€s*V¼(Í3A†ˆŸ÷÷gß?ZœÓM‘ò,9w½ï!¡yö§‚…õMn¢ùüO;f»™ÌéÍ…xA
ƒÕ¹ŸòŠÕ„?éÃìdôñvE¨¦¼D�9Fü$õÑ*Dh…ÃÑMyE+Sžlvà8WòOSòwX
+Te6ˆ�­„vŒã<„ìÂ3�QAlc’�	Ï/ÌåVjηf
+9Ì�­É™”Ä·€„j[¸€À-9;W’º�¤çâ�Šñüu¶Rh³( yÆ+­ƒÞ÷µxy8|¸/Åuÿ'‹wר88GÌ¿NÂ5j8qô΃öØ‹Ùr:iÑž+ÆÛ¥UIkÅ~œ/WBïû„]jUÙ]þv£?›kk’8&cJï�Ôª¢~
Z5Æ|ª‘œÑëmOào.Hô—*W"† LOxwÄö oU†5Læ`R…#	ÕÒ'Ihº¾Û#Óð°Ï[„-ie†
Á˜!i
O2/°¢1Â7†b=ã¦|Œ‚UJ¾‚a¤žQŽóX©]5R
�¸n·‡œþÌB`Ð#{ü4©€Ç s_>)¢«ƒã_%{5,«žbîFÀdª¢XÏhðH²/Iõaµdk…h€Y©€gyÛc)vÿql‡èЀ”íAwlÁ¬%¤y
+
+
+r¼(ƒ¼]ø™¾¸Í0†“z.éF­·­¾,LH ¼œF¹Þ·r·(a ˆp±‡'
nåZÊiXß7çlÇ,Éiø,�Á(Ùb·Ö?�NÆ¥¸NKÑ–ÂFL°
+vMš –À¾�4 „

+S൘$

+XN¬69–
‚ðÏU&°�ëC>Œd
XœºM,á4»ípÊ®Ÿ…2�e~7Íš
+XBâÉY|)»ÞŸÚ.lMöJÛÏÑw¼ N´l0ƒý]!&BX·Bfâq3p˜�Z�4áeACÐû>?´ŒlÖ€€S4zx¤4*ñ®`]?¶I
+ÒË:GѾ"¯/Ó“°œÇÉß•¶MQªGÐn‰€Àa<ŒAh�
+±Ïµ †ü·Gh�
+q‡suä­í§ #TòŠL�Ò_ð8zŸE>ÐòƒÍÖ¤tH
+E^ßIJÞ�jÄ–‡¬L¿ŽOøK<[À)!ZoÅxµú�Í—Dè°0ç„Þ÷Ù²Æñ°�p@` (€ŠyF9ô"…žl–Y½ð„Ý°{WR)X(Æ'¹Ú£d�Á·Ú4¶bÈãƒæM<‚>ÔD"\ا°-à¯ò¢“E2äàÆ R
�p>�•à`è¹vE
€=¥x–`>À³øŠ(Ó#|ÈÀR€¦B™'B�{jruØ­6ñ
My×㿃n¬áçeo.h¬!)Éî5ÉXsû4QÓ@ì�¶cDlä™~Ð$�8–„6Æ TÀWÇŽ9Ò�‚èÑS´€§�³&øp¦iS-P!Š³&,Ǭs‡Ðâ~gM
+ßÇ“D
+›¨úŒJtÏúñÉ«<³�
+œ÷b¤†ð
+ÏY…áR5-C±žq…÷§�›wwçräÆj¹rhX©€g�’ž‰U` ©.?
+àž°F”vÄÌò‚’•˜B–²å(Ú“| Ÿ7Ìçˆ,±f®P*àA+ãŽd€…Ó£Ïð#­9-ÇÆeN?gÃGE—[‘…ùßîYó[þŠÁšz)¬y¿:Þôr3/�xÙ:g@¼ë
´¦&	ôHþ™½Þö
+»L§ß]È̼"ù||¤y~XßíñG:ošôÍç!_ô»�ü
+_ÇÿÛ£Ç)endstream
 endobj
 701 0 obj
-218
+5352
 endobj
-702 0 obj<</Type/Page/Parent 476 0 R/Contents 703 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
+702 0 obj<</Type/Page/Parent 497 0 R/Contents 703 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 340 0 R>>endobj
 703 0 obj<</Length 704 0 R/Filter/FlateDecode>>stream
-x
�VÁrÛ6½û+vx’gYVË9ºu;ͤ�§�:íÁEÔ$À
-])²Žrí”l­ÛS£\­½×ÖøËÍsC××1Ì»ÕÝb…@é~aò·�ö$<y]7HÃ?e)ÌŽ·¥ÂßTb¯òqRÒfX•Ý1„%½»~oíëœ8ÉJËçC ôÃ
-dÔ0+€'€9)dƉH홄ª›°�·#†ìœnÏä…2UBWâC—Cù„2ÛšÝK©¼§e´Ê³aùµÆ¢Ø©”ÿJ+´ó
-9q@yÉ7JÂ@'.²Áå&ŠÇÞà”-u3Éyê>?Ü,a8“ºO¯æ±*møes�û2­n?⿹[óo<hh¯×wÇ{1îÔÿïr}³¾YÜá~Ž[ÚúÃDÒ?/¾F¼endstream
+x
ÍœooÇ‘ÆßëS‚ÃÁy‘õÎÌÎþ9àp�%;Q`ÉŠÅœ‡ÃŠ\‘›p¹ÌîÒ’¿}žª®î~ª†v,Y”c6‡ÝÏ�½ÝÕÕÕÕ=û�Gm3Å¿m³èš~Þœï}qöèó¯VM7mÎÞ4í°š´Í|1kÎ.šéd:ÅoÏ?;[¿¾Þ4û7Í“ýÍiss:þöìo�¾<{$´VÓÊOßþþQ?ŸL›ùl…ÿîšy?ìáºy%(—Íç_Íš¶•?�ÖÌü9ú»³I‹ûk„Û5ËÕ¤óìT/ö§�¶¶›M–øÜgŸMþ�þéúړͼë&stÛ¬�¬ìÁºíó¯ë$tn×£÷Ò“«õíisÈÝDò]3t‘eÅ2”n&	º¹Ÿ,|[¬8êÿüâÙ_rH´kÚ~9™y„•GÄËÍa·=·û›b-H°MØ“ö’uL®Q_lOÇ! KØ`€X…Yß\©vM×Íc¯
+$Xü ŽAÊìaÓÊäé3�‹!ñ®Y
2w˜”ŠG„ÿÝnÞno.s§�öÖÎÄh™’ÊG67‰Ý/0ã¨#ÆùÕúæ’šÂR±ý…X·Å*Œ@<�Y&fÛ‹±8H⎠·eBWÃ#5Xó•³?bÝéc±”åh ¬ÂˆrºÚäQbLwÚOúÐ’„1êdd‘X¿úJþ0Va„hŽ›ó»ÃöôCnkAZâ2)ÁG¤‹íúz©+\?…•üì™ä'Ï°šcÖØäI6y°*«
+ý”éêr!ó-ë2�^§Ì˜ð‡ýÛüÙIƒ9'Ä
¬86á´Ïz’¤é¶ô
+D'‰€Xµ£d"b]>
i0Å°´­B#¬B$¼Zï^
+ëÄu,à:ÜGÉ"åxµ>l¤c;D€?ߪß3´“
+‘¦áâ�ͤ›;çÕ.(ªÐ²†6®có°Ž™ZƾŸåÉàòs‡õù‰“($[X¢9”Ù¾)o·§«’x¬ÜPñ ½+ _Žõ†ô„ã	{âõ�²0Uh瓺fÙc|DJ*‰Heëèëç‡ÍúTB}–
²hŬ¹!¹‚‡ìÖÇ¿ç.ev|˜IaT�hnׇõnƒAN‹Šxš_²[Å.xY"`} [�Ê&É{®E°VÓ›E1 YëñãöšQÉô•é±9÷Xl†$ór±ØQsÆ6›	ɲÁ ±?bµ2ór cGÐ}v›)p›Ø!0%ƒ#…=zG2±[IXxˆUˆ�õétؾ¾£@Z˜/¶Ç˜F®9V!’šÝúö+•“Ó_¾·ë–æl%­;[,4 Ñwz0ûåúÉOÙÜ—AÏ,Íw;–Ñ#„<·$ݳ~5C';½£þåa{s¢5œ„ð™;Œ•GÌ«»ÛÛýá”ýÅu/JÓ¬gP
Í‹”íM
�D|·dÿ\;23"œù²–§‘�§8R�Š™¼“!Æ–å¡îÛu+^ÁgsYvl/šŠUQfy6—à�ýã<f–3©Ej½®\C©#àû‹;]Ð¥M°�_æðËgü(?„ŽBpU(3}°O'66ÄΩ{‰ôáMÝêBêäVî
8Šx³½¼;¬%Ø‘¾™Oåþ’Åð£tI‚„Žé%ñn­™>PÇà€Ì¯«ÈÅ’åèF*‰0ÿ°daþ1ÂÊ#ä‰D,äNX)þDr	Ž“+DÐ_oÅ1ýÇÿI#à^ýê]ÜOÝìÄÉnIÌô�úù¿+—¾­†—úÎHsÏG°âÈxµ9qÏ’N:¶Çu+�”§‡í÷㊟%!039Ùs˜LŽœ7´Ý"ËelJÆFÆ—ïpÇÆBR¸kD§¡g2;‚t³àéî‡KÝ–¹Ú·ÎÚV#€4rú@ÖÐÊçðº›Ô<.‰Ð{SÉ<ÏaåW\
+F’1™9%kÎ`ƒoH®	×ëÃeÙ¤°Mö¹�“+DÊÍÝîu½NÀB`–²ö#G®‹ØÈ°ÖÔˆ]=¨¡ž'[Ó'Éîô[S¿’d~;=TkêWr%ZSÍC«µd‚Öu+ŽŒÇ4I†¾×M¢ƒXy„¼ £-
�s�Eã™y&—A$)@8¢\�Uˆ ï·Õ°IÆJ„oŒUˆÞ—‘
+Æ„ulV!2âeR‚3Hv˵hü"Rêé/K
+‘“vÅ
’ëR°‡±
+ór}þ÷õeº>‹=ê§Ê;„
ÕK39ÓPÝ3EïWý_0#è1mÏ+–
3Èÿ‘#€1¬<ò)C@Jp™5Ž“ÑtÜ°GÔhAìúcFã™ô“¿	£ÒÒ
ï^hTä*9ÝâßÃbÓ§þc}“@�ˆÉÛ^öŸîï'bÐ?»ARþúZ3EeLH+³KŽHÉà
õäz‹ð:"rüôëŒHïn¾öȦ–S›ô@ƒ1÷㇣FŠ
+ãÎéI«Bª ¶Å*Dˆ³MÖ‰§”CN×”\!Rà)ÅN`›ï'½Et׸Ó³#•!qäVl´:X¡©1%ñAY�Œ4è]_‘F,PnV:‚•ûpn†$b=­˜07!3=!dßX
+înaò8Š�=ngZÜ+‰ÄtäÍC�°
+‘ŒX<ØÔ|’OŸï($gÔËZËçtú@C_îõP¤Ñ5½.µNŸŠG„ï®Ê5`Òè+”:n@*
jÖ
+#BÚ"j6—"vGÒç{ë!Ê—TKŠÆôÁšêb=¸t?
ï�õŒ•b=f=B–Õ!j0gzÜÿ�°ÞˆQÏïUMž0dÔ0=Ù¼5 Å Ãž`å�¯/Ðy]•Â5µê@™Iν³NLZV6O1p¤ÈÅ‹™XU¬™?R®ë’^4kµ^éôàÕ5#W!r#XƒFà|fé?H®	È¢íÖõÍV‚ƒ]Wä:r|´ÃBy×Oîßùd䈱7f¯SoÆXmæ.=Hø]®$¥‡2÷8 ÅÄ´ðØu樻3R‹WáÚõÉPi9!^6‡Í?î¶Çm½ÈjX^àH™•+Äö|»YËy§\Þ'Y�óaôßŲ�)—™Òƒõ"4\p¶æ¾[³ZnzáÛ”ÅÝ
_ ×zyØßÝ\HWÀi}˜•Œ>ÓGùEèÜì,ñK«Ô1‹xáYëÐ5¦ou/áç„æºf„È®’öQ,†Áé%a‡Êbsø$™T`àúØÂ7Gnµ·£ÖxwK*q·rìÛab;¼wa!œ¼K0FŽ˜à]dE~°”äÌÝ´‘þ’{Wê%Ò™�¾ÆÃYGÜëf`z}“Îé�(+â1	ÑóÈì¡Ë”iÍ°òˆy¾>¿ÚÞЪ[…br½Õa29rÎwÇrÇ:Y1%é)Ž|-&}ý²
+–„/š€÷àO•+DíÐX†¢Œl4B!SÁ:PЛ¡cr…Ø’”!¯‘
+ðò°Çw‘íÊòÂ*±=9¥qŒ\Á·ƒ–KÖ€€í:+�\Á¾<öé%<XÂF]÷Eða
+y»3ñJv ,V»Éýî·ŠÄnät„	©46À6¾eäªL,G<23Œ!îÕ™¢

 endobj
 704 0 obj
-1267
+5099
 endobj
-705 0 obj<</Type/Page/Parent 476 0 R/Contents 706 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 275 0 R>>endobj
+705 0 obj<</Type/Page/Parent 497 0 R/Contents 706 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 366 0 R>>endobj
 706 0 obj<</Length 707 0 R/Filter/FlateDecode>>stream
-x
¥XÛŽÛ6}÷Wò².°+˲|Ù¾µ@¶
-$hâ %z­®$*½^÷ë;CR$E;^¤E� ºpæÌÌ™3#ŸÌ!Å?sXg°XAÑL~ßNfO��¥°Ýã“ÕzÛÒ$MñN1ýÔ*.Y¡*Ñ©RP½bmÉd	ßX³cPH·†õ/¿lÿž¤ð�åhdÚ1ÉŽç{º={Êa>7^²M’Ñ+ŸT¦Œqc/KÒdIŽ$†÷â(¡å'ð
”€B´JŠ߬z¨<Ð`{à½9ü«ñ�¾W‰†×óâ(+u
·ÏöB§{C”|;QV’JÈsðV�€‘�kïZ‹ã¬ØS_ZtÎàØs	E]/=˜(–6Šé‡/~'uJa]WŸu‰ ã²©úëÖÛ25¬ëõ³çê•·£0yxØF8_˜Ú�ûÙ³Çnv².
äì4{%«®¦ä¨{@�IâF]CqàÅ‹vQXûÌË‘Ì)û
-³gVµ½Òïî*Õ“5,!!ø¸�û4aNÿûúÇd¾BLùŠòÓÀ&s5|#§øl­«ê™KDµö‚
ÌÓM²²¶†ãcòfOa¬çØú•ª;#¾620~ê©›ÀoítÌš÷p"šùÒ·ˆó­P:'X—»ù¦S…,w £æ{E!>h�CáX-Zævå;`CbËœY²}ì{ÞªŠÕõùþáRpڣɠOÆÔw„åºçïT÷þƒÑaOkM(�õXs*®ØAsClŒ†�ÌžV©1fsǧ
Q‰òH	‹zˆÑ$Ì�¢Õ	¥Ä©ƒÀΧâëöA/Þ†Ms2ð"Û¬’GXlÖȧ‹E2·W1ðÒ(•çÕ§½+ë°;+¥{nT¼  ±z„¤G„WV‘ø=J—gfè ÁcŽUºFÔàÇ=Ö‘úvºÉLBÛIñZ­C�¦ì8V¢é˜ªvUMš©g�—ëà¤õÚ°Ôi�Í8ìYaÏaPm¤(�/Ø¢îP�¹»(t#Êj¦—\QG¢0pF1Í÷{“ýqÇP|éz½Ö
€*³X.“«žkQÉÓ9²À\ùê/–‘ª|æoj{¤vFQ‡ö
Á¹©�Ž �»�	¡ÿòeî°
hn0
CAè1Vœá£2â
-‹Œ‚m@k€¹¼à3’×pÀ˜éçÜäQ p �ö…+„”¼ïM«7¶]®‹�]0š+R€jƒ‡oÊÚµœª6ÎP¼V›¼yå}_áNFl=Îp4ËP¹jŸ¯]=Æ:É:�fÖ'vv‚Þ‰ön ®iÌ,Ç=‰d‹¸s劘å‹Q	ÿŸh‘j…¢xDÿëÇdø¯‘Èé2YOiX;ýHÒbô¦>nÏü9:"Èù±œY¥Ã%2”µK]d-œ¡ïªZ,kÑðBÎÿGY3øZ
Ø>¸‡é½ÜÒd,v¤ui7ÅÖNž€ûŽŠÃúNtZï{ð¾­…?v±ÈËG2m¥•î\Í"#–¸MòïGŒÂì)L�þ Y„,¹Œñ?éÒ¯Óf
-Þ)ܨ5‘çQµ|çG©
+x
Í›[sÛÈ…ßõ+ðhW%4q%ù”Òjã]W­í]KŽóàŠ¢dlHÂáÅJþ}NÏô
+‰ròT¸PO‰Š7¹Ž,&…ó�êó©„­a@tÐñlwÜw7§Õ±ívâ$”‹âr’s«êÝ.È=¹Ô>ëžÒ¹Gõó\¦#ë£wF„7ï–Ç4—H$E²”Õ„ñþçR¢°Pêd.qbŒq~ßwÚ›uX 0Qfß+H6"õ¢A¾l11!ãÅ‘z1ÃM‘aJ“SºF¥0½íWËýݺ�
+Éàμ™”²³<âõ!ú±˜þ8¡^pɬçeØi„¼Œä×¹ÏóÊæyRÏdºµò¬þ×î>¥')$ɧÈN£×ûV¯ËEb°�ZvN’8J·ÿWÈîbŽ©õë´‹D³@’¤‰™d�ÍðŠ­˜ÂJˆE¹fD¼?‚<oWûîÐÝöYÎR¸´j$.Ò
#Ò«õ¶;®ûÈ�˜…ìk,&aP|Vë›Ó~ ‘V6jcƒâ€éb¹ÙÄ(£¹ç¢Y‹¥)šá‚¢YÏpÓGsXbc´”¶ 5ô¶g¼Xn{·‘H¦×\ª#ô¾G\®÷ÚUOa¡L°9rÐ`Ò€ç¾=®ÞI�ÁO·dÒLM©«Ê°¨G÷…
+IU�õj2,ë$‚'°h¡ŒÐûòûætwŽ~j‰H•4›KádPàIç§ã;œÛÕRvPýD#@œ˜h§<î9öb›~‘¯¾EtÑ(Åi‚„ŠF™�t<A¿øDo+a>“ºÏ½íX�û£0‰†i�,5ˆ¹\{
+V0„ÏPt€§<û¹G�lA�™¡<â|³éb2Ij"ý¿âøõ5‘ ir33s	aÊ…pA¹��¾Úe‚ê’å5ëc&8«õá´é—<I ц±½o�¸X®Þáø+�ÃáwÝEhœG§eØLÄmX¸ �N¥K`—ŸÁ£$�?¦3Ilè}�x¶;±äÚêDj°Šž2¬„÷0žh¤óS„íIXÏ@£í¶½;íƒE(�¾q lL*t·ú3w¼bR-ä€fcÒôY|žôùTz ÷=â·vÛÃó‡�šŠõ·(ôŸ[œ{fÒÔ–D.È=a³î™9÷¨^
+o•@tÏ�YmÐÆŠ
‰Î;…–H9ÖTµÔ%mÇu·«Úž‚jÿ&6sðRÀ*)´=Û•´Ò�b›¡	QZ¹Þ¶¼¼,’œ˜Çè2έ^ï[ýŦŦ'!X6´Ž‘Xȯ/ß\½gâ	¿ãhJ
(ÖtD´œ…
+ÝÈñ$^ô¥^eUʦ›¡ÎÆ FLd5(…{ÄÓó?âÑHjæw<
+Yˆ­!
+öö	˲ÀNÇ@Ò
+T¦°ÜÙ&d(SÔñ	eJ±¨0BÊÔ1*S*ׂÂz%z#ÆeªG„ŠÂˆDõ_¦!–KˆPOøX™J¤XNIážÄSRË”B´Þˆr=„§$ËPð.†!¡L�"S¦¹À
+èј™9½"½oíº¡Ì‘”¹¼r³Vè
+–ÂÞ–
‚×Ô¨4¢Ü1¤÷/«ÀhjŸ4À3¨F�ˆðrÍš¡<¢˜ü'y•U` ãE±žajÕ B­*C½3îP¬g˜ZõpÇVªr1��7©9ñ"…­Á5ÞõŽ÷›ÔTØq
+É P©Æˆó¡ŸO
+Ù
ÉË'£×ûÞô>Ë
+éd;%ÛzkG={ÀŽöp8­û—e˜Ü¨%þaæEåÍàd‹€ÀÁB‚@þHüÓp½d 89¸È¦
òö9–u  ™œKÒ
+õ„¸¥
+¼ˆùÜï-šŠªå\vøº±‰T.�œ£Ã)õéCü6! ÅÂ
ü¦&ýº4½d´Ø¢?¯<kÀM—œÆŠXjàvÖ§
@ûYíûßÇv¼vzT/`õôÉ@NX>Á°è
+l Ý‹	M®AGDÇ2C‚1b<5C=ÇŒ„õ¦Œ’˜ÍˆaÄ(�LY}ït°)ýÜ}þ'òüÿ¹3ü±Jøá�UæHSùc•p«‚µøæÿòüùOç¾þûSÚû?w«ÓïýúW÷ñ¯þ:Yø¨m[]yþ8ûÌ…Ð^endstream
 endobj
 707 0 obj
-1412
-endobj
-708 0 obj<</Type/Page/Parent 476 0 R/Contents 709 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R>>>>/Annots 278 0 R>>endobj
-709 0 obj<</Length 710 0 R/Filter/FlateDecode>>stream
-x
�TËnÛ0¼û+æˆIq-·@	Ú9hs¡I*f*‰.IÁðßw—”AH�"@ “û˜ÎîŸE�œþ
-T%n6�íân·¸¾_£(°«éf³­°Sȳ<ϱ“ˇá`<NâŒGÑîtW['µ§s�£v­ñÞØNûàŒôÍw"
-¡¹õ×Ý‚ß4>,
-þúõ�O°)ù‹ê#iž~4xd[ÌâÝ3®ïÉ:£QJú˜Å·ûŒô©Ÿ–ž.Ù¾ö‹•bþh´e&ᣇJªû£–¦6’8Fá—¹¾/_›®Æ磈ޙpF+üo|F^UÕ ð’„|´Jsà,j|‡37ý¿’ï¥LŠO§éï­‡Ò^:³×êŠi§Y*³œì
ôöhÿf-�AGÎ3‰ìxOhf÷o˜Y°ÙeJž„ùï29i§y&±ðA[Ï(ãeï9æ@Ñqô’ÿp³Þ�ÍÖÛŠ<GäiBQ§´¹ØT¯'Ú>w=Þ~¿»Åg_Èøbeßê.^6Lf•²V)�–¹_$ñ>ˆø| )N
Ò�Z±&#ÃÕÖÕ:ÛÒ.¤5‘\Eà.þŠ!•Èendstream
-endobj
-710 0 obj
-628
-endobj
-711 0 obj<</Type/Page/Parent 476 0 R/Contents 712 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>>>endobj
-712 0 obj<</Length 713 0 R/Filter/FlateDecode>>stream
-x
¥•OoÚ@Åï|Š'NDJ èµ"E•U!j¹,öoc¯©wķ
Á¡§
-!aïîÌÛß¼þ&ó3ÁbŠ›9âbðy5¸¾û„é«”+óÅ«ãh<æ›xto½®TìMi±3>ƒÏ4œW6QU‚'U¬R“k(ï+³®½¾XýŒq5�1ΨPÛ­±yw}7ÃdÒd¹š.£©¬7
¸ËÁ•…F™†_ŸŽ
±6Þáeäê8ƒrVZ%@ióýðåÆú2z~¸ÿ…­®
-ãå:	Öˆ‹°ÊŒk…MnšÔ…VÜÃëT±²Àš—@\Ú47±ç“ßimCäcÐF‹ÓoF…5§ãº2~$FååDsîP/»„XïÃÆS|h‘Eè@Σ€òÑjì”1.vY¹C½MwSddK�“Šcí�–UÈV`<«™çèb°ªdÚ“{Rõ^Á	Q­×:i
Dx¶Læk«¼Î[½-J
"œ’ZóB>S^˜{ešb ãÙ`“²H·”’Iʨè§Ä:Бò
-š��|äÍÝãLÙ�¥?±è#•ç„ʽ…Óù7½gX;ZY{Ú:É-€KÄtЫ¼¾»m]?ÂðñûPŽ;a$97b¿ÊoQyè®CKÂ�Á.;‡Ùä9—†Ý+ z›ª\JVúÿaÕz‚zDGðåÑúî R˜\‰QØ”4NCØa'üÃÉwÂ�6£oY¼�è/M‡¢ëIR)Ýà½@?)”tX@,+
Ðäs—?Ãø8]\×·û²îáasÔyBO°í2öL?Ùec�(j¥xSi7Z°ä¼´u5çP@I!:“Bñ5=�òMW•Imƒï¿­œÑ˜ÝΣ9fËOùåæ´éËðåÿ¯�Žn$ÉUf‹Y´äÿg÷b)/(äÇà/£_
endstream
-endobj
-713 0 obj
-710
-endobj
-714 0 obj<</Type/Page/Parent 476 0 R/Contents 715 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>>>>>endobj
-715 0 obj<</Length 716 0 R/Filter/FlateDecode>>stream
-x
+ä2T0
-endobj
-716 0 obj
-116
-endobj
-717 0 obj<</Type/Page/Parent 476 0 R/Contents 718 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>>>/Annots 287 0 R>>endobj
-718 0 obj<</Length 719 0 R/Filter/FlateDecode>>stream
-x
¥WMoÛF½ûWt±
ȤDI– (lÃn�Ʋ©Mè²$WrWÙ]ZÑ¥¿½o–\ÙV[·@ÄÉÝùx3óÞøÛQŸzøÛ§qBƒsʪ£«ùQ|{AI�æK|9OhžS/êõð&;¹½ühOç_ü™þ¸9s6F	N�ü¤·”	Ew”iµ,Vµ‘ô0‹ú,̆®µR2s¤
½x;$á
öè,éEC6#(+©-qt&ªTüÀ.oæG†�…úü¿O?%£‹¨O£‹a4¡Š†ãIÔkŸJš5É©ßo]Œpìe:—Ti™éjSJ'I(»•†œ&·.,}«¥u…V>«T"ªUNxÁ
DcVtBkç6ïâ8F—ѶP6ªŸD¤Êø�RÊz'Þ�híªòµo�ÍDþ=9o¹¶ÈDYÓ5))shd¹V
-w}p2ïRZ»¦
0h[�"¡QÛÏÞ>:Q›¯Ym—jŒüvf²Ä4j³÷ã["�~á�mƒïÌšTgÒÕ›N—¹4‡�z™ç
Å7t”v”K›™"BÁKƒ‡ïÃ/5ª�
-#Ë]øªŠt˜J®³ºÂ "ZE4sÂ8¢ûÇù,ºùí¦Ël’}å
-=üüâ¡>j9êÃåã¬ã]6Gùl‡»žÉë
-´äƒŽD¦÷Ef´ÕKG.§t/Rf‹IÔÆ›ö+·0׭;?:GÎ%Ã12lžZ…ÿ«c¡a7y±¶,½*ãgT…"ˆ~|U[°ZÜh��Öýå4z˜%që;±_ïÃ1‚ý'ïA½Cˆ¯#
-_+?öÜŸkèZ6H�IS(Œ:HMAB0Œ³kY–]’9z›gsÉ{Âb
�˜[q0Z;ŸÛóN‘ê¡ÍŽ‡Þßô…Mq’6 èÂoV-=øïÌ—a�éÑE»]&Ãf	¢ƒ?Iï½e)Šä÷ýœõü~wrpÛì{VƯÒ‚}óôSž‡³¯:|0âþN%
-endobj
-719 0 obj
-1531
-endobj
-720 0 obj<</Type/Page/Parent 476 0 R/Contents 721 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 290 0 R>>endobj
-721 0 obj<</Length 722 0 R/Filter/FlateDecode>>stream
-x
¥VïoâFýÎ_1Ê'Nƒ	¿åR%wÐã”æÒ`]Tõªj±ØëÚëó®CùÒ¿½oÖv€œ®_ª(ðì›7oÞÌò­R!Mt>¦8mÝF­YÔê}O/‚!
§¼à¿�´æǽù…ŠÖ88
‚1E	á@¿OQܾA˜ÛJ¼ŠlO†ß’²¶”–v[™Ñ§eo@_ÚüðYV™ìËB•V&o¢¯­>u}$Ž’¶°$(ÖJfî'~Ô›)«ÌÝÁÄgn?1êÞ””DßÏ"ú¼˜=‘)‘©ÐÙ\i¦“ÐC¡2GôÎCÒ£´¦,bI·…ÙYYœu(3´éJ>2=²[³£28}¥ôB­òËãÏ­ptLhtÁ”Sh8¦õ'MK–«��¡¯ç R´EÁ±ÈˆVUý-ZíÁ>.ÞÒº0)y)8Ç![±¡6m�Ë/{½XF;•Ù |A¦{ÿh)Ë]Ï2ý0ƒ­Kõ)Š‡b”€(‚0Uº�Òšy¨,ÖeòÒ„ð<pTbZ8ô±n™u¥R@GB[C¾ß-SæUëó¬´Lm‡l‰ÒÐѼ�,®Ê6¤
^pTËL¤µA<cê6ÙÍê«Œ�a¨¤›
¤òúpcŸLñW®:¸ÜJAÎø†·0ðJÖ–�†(ê¿-=
-'¯ºõ
€¹´‘ôa!h‘
-ràû]¦�Hh.\­á<6y]HãåÊÆöÇ>ž«ÂºÅ…„Ö�Ün¹æXh�’x\ÜGï?ÿ�…ãyáŒ:é"<�-}gò=OB•¿aÈòÚj$so
-	}¼Hu«*³g"‘$L×KdÓU›lí§®)¼CgÆ´Täô–Uê͇µÓ³qmÐì¥öÙK6Ì
³ã8"›ËX­U5秘í uˆ	0ñtðH�Vë¿­d¸†`-¦�ÂØA­±æ.ë¾7J^a!…^Ó[º:Áç¾®ù¬0gŒvÝ!l‚K¢t'0Ì1£;œ¼»YÎ?΢àôÉ«”¿aYóòÛŠg	£i§xeT$à<‘çÐÉË›³:ßuíMh2½¯•Ý{m¼aŽŠ98ÏËxTC§î
ûE8,w쌗iæø
-¨æÞ¨ê�O"v%ü½?=ÀT±èV%°pÞ³©Æžü1çw_Uxžd
ñ,”®çøSå+áÏæJlò×d;¤p�yT^<Þt@òzñmbUšƒ_*IÂkÉg<ôðeU²Úx¥Ö¼Õv[…-
ìèWõ›ÆÕGÊU+¶7ŸÖSŽ'AHÃá´º —7¿ÜÞàê5¼É齉˺p¸ú¼[…w'ü~Hþßï¾_N~1'CÜÇxr6\¿¶þ—ûÁ•endstream
-endobj
-722 0 obj
-1125
-endobj
-723 0 obj<</Type/Page/Parent 476 0 R/Contents 724 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 321 0 R>>endobj
-724 0 obj<</Length 725 0 R/Filter/FlateDecode>>stream
-x
Í›ÛrÛȆïõ¸‹S•¥q$Èܤ$y�¨Ê§¬¸åÜÂ$aM
-HÉöÛçï™ »aÙ¹X‹Nª¶ÏüÝ==Gþ÷$‰bü?‰Ê4ʖѶ=9Ûœ<¹ŽÒ8Ú\GI±^$Ѳ̣ÍU/âÿº}¶©>ì꨿ŽÎûîPw‡ý_7œüº9¡
-®V”Ð_¿ý“þ%Zækü·�òtQðÃ.º¤÷˜úÃMôüe%	½º/o½<}}vñ«¬�Êõ"×d_l
-QCŸ-Žó¿„-’-ÉÖY±XÁÖe¹XóÛúùËœ-7/Qyõ¸q…–‰SËârËØÔUK�Ió#›dîˆ`$�1…â1¡ïr£�Dô%1jÉø;¿­îõÂGÈÛ¨p6’,_<ƒ$‹ ç/xEê}ñLÿ¯þS
-špWÝÔn¸JŽ™·C’ÊeKX
ÑëâÀ=LqPP—	i	,÷ž“rZBbb�õåŠ|!õL´ú³ûfwÕt7Á)BØFk�…‹-EÄ„ÐÀ©xk¢	kj—ÕŸ5]54Þ­ÙÏàÔBº4‹‘XƒKÝÃäÒ,AÙ·]Êrï
-Áåáã`
-,¨™æÆBDÑAH�à
-QíÇ
-䆬9a9Æ‘� OP)=Ûl†/ÁîBÃópàbØ5{9ì¹¹vøŠÄÍq…Ë-EŒ|R„
-–±¿­†zŠC!¤PN1÷Q-	d‹©ªfçÎ$ØÁRKM;ÕšÄpKê§ý%!¢�¦ã
�à
-!§¦RHA{\
-*XH´¯‡‡z ÏÁ
-¿ü1#‘»âY™ÀH<móÜâ(Ã!Çロs–û˜u,çbK(M/`½Y©g¢ÕÏz
hÙ‡°‘fZÆÇAb(µÇ´©¯H¡‚E©¼�
RÐf…†p‘J¨À(³YC¸‚eÜwÍç�¤Œ:
�è†0×B¶»'\{žpß$Ie~Îi;;Ä£{˜â1§ýœoî›e,÷Ñ#å>g„•‰GÖûØ‘z&ÚÌâ‘
2’ÀLKx4	oF(IR€[”ž>N2„
VÈA
-Â\©Æ@ŠFJHšÀ,áÅÛË¿�!ƒWcZ¿jW°�÷×ïoFŠÔ�‚Ï@v’*Ì(M·þ<a„Lo,&G_™ÅÈû¦{³™ B†Ó—tY‘¥mK"PÒ�#Eêè‡f©ê‹Pá+”·—ÏÓ‰!T`àà‡ùÒ*
kÛR¶˜¤I!ŽG1@úS&[ŒHkßžÅ%òà+KüÝ
-†ñ¾>þƒ'ǽu@k»$]¹…{†Wš@¸ccÿÀæP÷,¶×^4ÕM×ïÅ8,dÚOR@.· ÜïÀ½”Öïåt«åx—2ÜÒ×(]Ó+NZiäØ@¸‘‘bËÙ,~·ýݸ³(4°0ÍE€‹-ââ…³¶6Ÿp÷ŸþýWPê.Üàóè¤É?ûà_õ�~Ûë ™dؽ+±UO�QĤKh(êf_># êý¶ß…ô"•àà<Õ-á
-3Ыú¡Þ¹YÅÉ‘¢×¸dI;V.Kâ#܃pɲ4kãwCÓÉù4ò`�Á%´¡§\l)rò"D°eJçÒ
-Áåñû›‹ÿŒþ*ò+�x)FÀZÈtSFŠ€Èi}«Lµ1…š4 à¼&†í –pîæâã·!0ëØÚ#�-æÝ9ö1Ÿv0	'án„ õ/�`5YºÅpvï(
º{¿ê·1$¸ÁŽ–#õ‡ïå1ó…ˆwýnEâDÁ¹µ^E¿®îîÄ°‡ƒ¡ ‚sÓ’ú‹døòåwìtUëï?äÔË~[%á°Û{“c7ôÑ¡wê„]ð¥zè{‹¬<ï-'
¬‚Õ=¬"	\n¸­7T[q_OJ½yt*XÒeí/¸&tÈú3™–n\Ñ	!ehwÝÐ?°eåUÚ4¶7#¾v™1°ÜÕCÅbº…¤ãÒAHÜŘÖ5ŒÛÂÅVÿªê^O7º°Ÿd𬾎!\n!òøKˆ€Àº“
-*|ÔL
-ö“.«öÃ8~ù%²×�‚½$ôcÕ¬uçß“.>»q‡ØJÏIäµÚà¢l‹;êk·I¶
-FÁ…vL.t²½èCu�
?àPü´cŠsy¦N³·FåØýøR¤|=tŠ;ÂØÀ䔚‹-ટ6å…–¦³YEàbK˜Î§„ÄQ”ZÏÅV�¾äº~Ðî÷÷Föo–'áX“r0Ý>£y
û—ü0y'Õ‡íön›¹¥ìãpLàb
yÓã²GÈXG
¥Mš[)—kÂé‡þ~ÚŒ" ðJ8Y6"P5ã²ÞÞÍá‹›¢ÑÙóŸÒÿiöÇ
-Óp²çfIì¯`z[¸¶¦Ú‰H°©SÄéÕnÒ
á`\�€eðK8X¹Ü‚ðÓ²
-~#5 ¸µˆ"„
-qùúldXà€R¶"`-cN¨5È!GèJÚ58'¦y 3›û›ƒÀÚž
?â
Fx»I†‡ZŠuE�c·9§K>ã
Z}×w¿Ô~X®§á}Rc4Ĭ#Õ(_lQw<IðTÙÓLÔSyÈ·ä3ï#÷÷Ø/¦#o\ÞÔý|3ÝFR`!Vq4O–_hÕ¸àä¾{´Ý¤C¤0‚døBË ;vnA×2�—e¾ž}Ryj…‰²;D%;¹¿ÙÀ¸ÈeOÙ¬YYê, ¥Î¬3õ×ÍÊZ;ê÷{ªmÂyßâîò~£wü
e8u{ÊUù‡„î/÷Ã@ŒIî‡�îö÷DQúÌýx'
-¿ì›ý:/Cß,¢_J·�þ¬á¤üï“ÿ
Tõendstream
-endobj
-725 0 obj
-3185
-endobj
-726 0 obj<</Type/Page/Parent 476 0 R/Contents 727 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 350 0 R>>endobj
-727 0 obj<</Length 728 0 R/Filter/FlateDecode>>stream
-x
Í[ßo¹~÷_±OEúpÊþ–¶@Q$qÒK'i¬"�…"Ëö^%­»Z]’ÿ¾ß�CrfäErçøD‘ß'rf8œÒÿ>+²ÿŠl^fU›­wgÏ—gO_uY™gËë¬hºY‘µó:[^eù,ÏñíúÉrõi»É†ëìÅ°Ÿ6ûéðÇå/g/—g4À�Ê
-úôá¯ôMÖÖþ¿Ëªf¶àÆ6»¤ß1ãÇ›ìé«&+
-úeàü˜øÕËÍ4õû›ŒLÐí²&ŸÍ5·ï6Ç»€€]¶hf�Fûnƒ¾\í>­�Àì²nn—æ»
Á4´
-TŸç³F³p¿e‰†'! Àæ•‚,ÃE¿‡Ãp�H`É€HO3ñ
-,׫®„,a iËY­'X’˯‡i³‹4šEeE˜-Í4nÒ\$Ø�ÆÞ¯%öq÷WåÖ`«¥pŽ†dR‘¾yS•­Ø8M×ÂÉÀì[¸*߈§ÁDKµq^ï¡áãš6·sîMƒ
ß<‘ßØ!ÜKWÎy±U‹Ó¦�öèÌiÉ)ú¯öé«šOwÍBlo‡iãÖ[Ö�Ò#^o¹�ª…N£Ol\#.6§M3ÿ?¼£‡³wT\Î;ž’ÔÚ;|W“àå\œw<Å¿û½r�	H'£S¦¤ab»–K{6& 9IÚ½j6`Æ–¥�{WB@
-$Hœ<¬eabËRÎÊÙRqI�ÍbÙI£‚»rþ¢#ѹFòUqâ/¦q¸òƒHšG½{fU.WšWØìð´‹×H+Íɨ�bØ_÷7ÇqÀ±k¬
-^©ÛIu—;O1§Ç7¢§n±î(˜“«6ÛKà=“1(2î¶$1„ì­œ¶ªÂs¿ÅoWãM<Ÿ%Œv8EcŠð…åØwŸR@(a AäkVXä>,W	"GA™€ž³ZŠ;r|›Ñ7UõP{ÜŸ�U%ì¿niÙpO¼“oD£HÇGÝR mby•! ØG
‚ÅÃÝ–àõÎÉàD)€¯;2Q75ž
w[–å0l›‰TUðUä,ï
BN¾¬jµý�$¹¨„r˜Ú5¢¤åök´ ?Þ®bÌŽÐ6@wÈÙq8(îÖø>JX
-¥;rÒ(
Ö܈N:‡ÕB[îEãC 
Ç‘Hщ'f.îÖ$©>(
-÷k�º(jò%j�Us”³|ö%È@¢ÀÑæ°5ÍÁ´š#‰AB@° K0§&ÈRúTcåë+Yu©š…ó.yö
6
-è9’
-Í|ýóð9ø�€)vdÙn%<yîÖðé
-
-‹ä§5ÓjŽUôÐÜ‚m„
† L@"€oéÌT4ÅœÝjLþMàààp5`Yx€fÑ�‡„‘—¤žšJ IèiÍ8l·¾�‹øo(åÔ.`ðsÜ�¼+ÅPÆOé1ÀžÃY¦S‘ç¨#ÝŒÃqE1Ç#¿Î©e9›br
-s‘Âó¹FòH_t˜¶�uÅDç$w[¢)UÃÆ�
$¸ß2è](` �Õ’ÀkY´ñI ö
&œ'r.a€¥1æ÷�•ÄZ¾÷)p—DÁf]cæ¾µYÌO.çLMW \ÝSp·e¹X­oû}tª¨•©s[̲X€Õr,Çã!í%p¥žÜÃñl½Æœ¢S”@Ðàê¸54Ìl'#h‰"ÇJzW2	,‡É%<¸I2b©„
–Ç—þâš$<sº%SóÁ€{D“¥“SbÀ€ƒ²0Ljg"v¬DÁGÃ9c,‡ßmä"¬~×E}-Suz}@yMϨ|#Y=jfö¨ØíÒ«#�AáœÞ>)î¶ïÇ
o:wQ/HF_“zݤxÜoi¤¥	(j’�¢
-¡êq «ÌÉÊÇ?>¼‰û1AXTpm’¦m²°ØŒi<„	/Y*°ïµ7f‡~×ãý‹»2ûá~QȶQP¹¤ÐÛ½ÿqŸ£‹ËZÊ`¤4/VýVDÝ	ÃþMâ}§exƒgÈÎ=!=ü†ìH¬âwøØÈ(•
-b
=]_$ƒKWŠx¤K§çï.ž½~ûÏïÞ.?¼{3›¾ˆý‰ÀŠª:.×+ÿŽåûSô	
8üH¸ï¶p[DM8�à±!ñÝ–$Õô^ï-^§7FÁ#ÕqåB¸Ûrpn¤!p>~¤Kì¤"î¶$ˆpDœŒ Ð‘¼‰‚/èáƒÑ¬Kõ\ÔøÝ–Û¸¸…3þË÷Éý%
Ò÷—4?QŽ‡¿/�xh>¹|vñüY†ãý—ÍzÊ·õq‡Ëøøž±*šì§9ýùÏÕ“¾§I¢€ð÷³ÿ
-endobj
-728 0 obj
-2978
-endobj
-729 0 obj<</Type/Page/Parent 476 0 R/Contents 730 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>>>/Annots 381 0 R>>endobj
-730 0 obj<</Length 731 0 R/Filter/FlateDecode>>stream
-x
Õ[MsÛH½ûWðèTí(â7uÚr’ÍŒ«ò5±³™C.´DÛœ‘D/%Å;ÿ~ºÑ$
-ß‘b΄à¬é?·Ë�ƒŒ<À@C
-/°t¯‘S¬y•#yT-™YI{—å‘
--+¥�bñ6FH¡iB…©ð,¶"2tÊSË-ÃÏ}w¸æ@À@‚„sàÆÄÃ
-�Sò�3“¢�ŽcM¨J‘¹Ö0ôã
-R¯¯ÚM»wCqK6j!ùe<S£*J1Ø´¢µÝÕ„ŠÈ?ƒM+½oÆÄ-×Øýó6òÿ`¤•i^¹U×ÕºR÷0ŽqÞŒõŽú™qýL10§%©t-à«I‰Â»
-Z:é„,Ö\
N•i
-–Û.¼kúM»£9Ö
-�“[áTg¹¥zÖ„�¤¢È¤I˜×’ˆà!QØ^!U³}a>žêRœÀÑ&�¶¶ª' ¾ƒE”â%ÕT4AϘtãd¹lvƒ>$e0ì:RC¼v4Tî»u˜‰ÏÔVCËóªÝùÊrò�¡´�õ´4MÜ
-Œ÷cîaô•45ð?ÛæV”[ªK*[aÛš—¶,·Ëëz{%ú!‘ÞebÝ“ÐÀI·#g0� Ö–n`InÇŒD¢Éà© ¤TX.Uq•82ø‰‚CË‚ì?˜™D�Æ
‘ÓXá6DÅcZ
47°Ñ®YúvÿgèŒÄ‚	é—a
-
,Óª­×ÝU(n|û²[ÊÚj:Ï]~åŠ2þa4ýya²*[ä	hTØ`öŽŠÑÌg	öÝ †·¡�¯Â3£Å†ï
⽌b`±e¸lq<Åë¤Û¬„1Ä1m‡Ë-…�Q‰$Ï£â¼â	
,‘\¥F(PØ7ú¬–¢c‘0”na�3X†³zs1²<eî¼M±”46˱»®û†”š|»YN3·¿þ¦”…sZ�hK좭Ì8Ár­wÄwEðÀ€L©tËb<ç„D’
-0™;�•—O(ÆäÜï©Äöøú¸/ª=%þ¸>=¹ÖjÁIbx^X“8¨(Í�U)–[ž©ŠÒﯢA3. Jíciö÷0Ðx>D+‡.[¡~Ú^þ)òUœ�>%Rl,¶424¸# ÂY¥ðŠ�Å–a‚9ÂÆ*Õ,·Óð   ÂÖ”®È�šX3�Û2Ù
-MXšM½û#hVÂ@² sGÕ—ÐÀ’D7u�£.L¶ÛX¾,e!2ÎøXÑ{`]Ãú�éÅõ^ëco)’Å[ß„hj}Ìà-E20§íÊÄú˜€mH20§e¸Çú�·>ɨ-Ñ]ÖXT‡óJ6ÌÄ–EÙXÀÈö¨l¥I¸�%©÷û¾½8+X0!ºÂ5ä @~ÇDG›úæ†Ï*²CxÀYÊŠiœàf¢OrXèa´?Ô™d6t×}ÀwÕM…G¨ FM±ÐÕÒ€.i?®Ð̧ÑoÏ’àØ�HåêG
-Ïr�¾nq8($
-X{15R¡�&ùåíÇó·nï##~Ày¹/G»ïûRVót¬£‹>îó0‹
-œr_žüêbÚ#n[ï—~_…ê�»Õ„+�´íE­#ŽÜg«Jæái:vŠ2ΈäŠdñB‹^ÖCq
1ñïEFj—h/´èÓ`sc{X®¯å
-쥼䳴¡‚#€d·´tÉ.°ØÒ¼={:x�
-ÜlÓ“ÉbK!õ @`ÀJ·Ðƒðœ–!t0"¨ÀJy Ò�[x=”›ø˜îhH<‹'øðz�
-£„Ù9Ø)Yl9.Çy xicd±%p‹þß)cŸù%ûEC
-rbŽ!îsè..œÓdÀ´‘ƒ±ÎÕ%ÖEŽ	ÚFF;_—hOgß­#c½‡K°g³à{"G`q^.Y˜×ÒH�ñ‘#0¸  <§e�ãÃM`À5©4Rˆ¦Á`ã±=Ü-ž#3R`/¶¯ÿt¼íÆ°3¢@á.ÈJ
-&µ»>=ù[芀RìÈLWXlytøQ°|ÜcÁÏAÈ.Ù™ÔR`w7tB€À€»„øÙ†``ñ”aP¨À€
-% ÀãÄBwb‹¿Å
Æáí#
-gdn³€m¨»ÞL›÷yôUl¬õý9»Ð3BÜQ$ƺ…~‚^
Ǽ#À¹zªÀ^h_=®ó´ ò‹‘ýáþŸx1¢
- X��êd±e¹Å�!DÅ]àÈ�i— »ÂbK‰F€ÀPÑ1°bðœ–AE¡DND«´bðbËà=açs\Jÿ§Zƒ÷
-¬;üƒT÷ÉýÀ•÷ÓŸb]°xâ’(å¿Çg'¯Ÿ�DøÁÃï´i{Ñ-TO†�)®IÑO%ý.vuܶ-åâøÍë¯Gÿ
†K‘üendstream
-endobj
-731 0 obj
-3419
-endobj
-732 0 obj<</Count 57/First 733 0 R/Last 817 0 R>>endobj
-733 0 obj<</Parent 732 0 R/Title(Table of Contents)/Dest[723 0 R/XYZ null 756 null]/Next 734 0 R>>endobj
-734 0 obj<</Parent 732 0 R/Count -1/First 735 0 R/Last 735 0 R/Title(SAMBA Project Documentation)/Dest[480 0 R/XYZ null 750 null]/Prev 733 0 R/Next 736 0 R>>endobj
-735 0 obj<</Parent 734 0 R/Title(SAMBA Team)/Dest[480 0 R/XYZ null 726 null]>>endobj
-736 0 obj<</Parent 732 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[486 0 R/XYZ null 750 null]/Prev 734 0 R/Next 737 0 R>>endobj
-737 0 obj<</Parent 732 0 R/Title(Step 0: Read the man pages)/Dest[489 0 R/XYZ null 750 null]/Prev 736 0 R/Next 738 0 R>>endobj
-738 0 obj<</Parent 732 0 R/Title(Step 1: Building the Binaries)/Dest[492 0 R/XYZ null 750 null]/Prev 737 0 R/Next 739 0 R>>endobj
-739 0 obj<</Parent 732 0 R/Title(Step 2: The all important step)/Dest[495 0 R/XYZ null 750 null]/Prev 738 0 R/Next 740 0 R>>endobj
-740 0 obj<</Parent 732 0 R/Title(Step 3: Create the smb configuration file.)/Dest[498 0 R/XYZ null 750 null]/Prev 739 0 R/Next 741 0 R>>endobj
-741 0 obj<</Parent 732 0 R/Title(Step 4: Test your config file with  testparm)/Dest[501 0 R/XYZ null 750 null]/Prev 740 0 R/Next 742 0 R>>endobj
-742 0 obj<</Parent 732 0 R/Count -2/First 743 0 R/Last 744 0 R/Title(Step 5: Starting the smbd and nmbd)/Dest[504 0 R/XYZ null 750 null]/Prev 741 0 R/Next 745 0 R>>endobj
-743 0 obj<</Parent 742 0 R/Title(Step 5a: Starting from inetd.conf)/Dest[504 0 R/XYZ null 592 null]/Next 744 0 R>>endobj
-744 0 obj<</Parent 742 0 R/Title(Step 5b. Alternative: starting it as a daemon)/Dest[507 0 R/XYZ null 750 null]/Prev 743 0 R>>endobj
-745 0 obj<</Parent 732 0 R/Title(Step 6: Try listing the shares available on your  server)/Dest[510 0 R/XYZ null 750 null]/Prev 742 0 R/Next 746 0 R>>endobj
-746 0 obj<</Parent 732 0 R/Title(Step 7: Try connecting with the unix client)/Dest[513 0 R/XYZ null 750 null]/Prev 745 0 R/Next 747 0 R>>endobj
-747 0 obj<</Parent 732 0 R/Title(Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,  Win2k, OS/2, etc... client)/Dest[516 0 R/XYZ null 750 null]/Prev 746 0 R/Next 748 0 R>>endobj
-748 0 obj<</Parent 732 0 R/Count -7/First 749 0 R/Last 755 0 R/Title(What If Things Don't Work?)/Dest[519 0 R/XYZ null 750 null]/Prev 747 0 R/Next 756 0 R>>endobj
-749 0 obj<</Parent 748 0 R/Title(Diagnosing Problems)/Dest[519 0 R/XYZ null 566 null]/Next 750 0 R>>endobj
-750 0 obj<</Parent 748 0 R/Title(Scope IDs)/Dest[519 0 R/XYZ null 491 null]/Prev 749 0 R/Next 751 0 R>>endobj
-751 0 obj<</Parent 748 0 R/Title(Choosing the Protocol Level)/Dest[519 0 R/XYZ null 376 null]/Prev 750 0 R/Next 752 0 R>>endobj
-752 0 obj<</Parent 748 0 R/Title(Printing from UNIX to a Client PC)/Dest[522 0 R/XYZ null 722 null]/Prev 751 0 R/Next 753 0 R>>endobj
-753 0 obj<</Parent 748 0 R/Title(Locking)/Dest[522 0 R/XYZ null 594 null]/Prev 752 0 R/Next 754 0 R>>endobj
-754 0 obj<</Parent 748 0 R/Title(Mapping Usernames)/Dest[525 0 R/XYZ null 750 null]/Prev 753 0 R/Next 755 0 R>>endobj
-755 0 obj<</Parent 748 0 R/Title(Other Character Sets)/Dest[525 0 R/XYZ null 675 null]/Prev 754 0 R>>endobj
-756 0 obj<</Parent 732 0 R/Title(Chapter 2. LanMan and NT Password Encryption in Samba 2.x)/Dest[528 0 R/XYZ null 750 null]/Prev 748 0 R/Next 757 0 R>>endobj
-757 0 obj<</Parent 732 0 R/Title(Introduction)/Dest[531 0 R/XYZ null 750 null]/Prev 756 0 R/Next 758 0 R>>endobj
-758 0 obj<</Parent 732 0 R/Title(How does it work?)/Dest[534 0 R/XYZ null 750 null]/Prev 757 0 R/Next 759 0 R>>endobj
-759 0 obj<</Parent 732 0 R/Count -2/First 760 0 R/Last 761 0 R/Title(Important Notes About Security)/Dest[537 0 R/XYZ null 750 null]/Prev 758 0 R/Next 762 0 R>>endobj
-760 0 obj<</Parent 759 0 R/Title(Advantages of SMB Encryption)/Dest[537 0 R/XYZ null 184 null]/Next 761 0 R>>endobj
-761 0 obj<</Parent 759 0 R/Title(Advantages of non-encrypted passwords)/Dest[540 0 R/XYZ null 682 null]/Prev 760 0 R>>endobj
-762 0 obj<</Parent 732 0 R/Title(The smbpasswd file)/Dest[543 0 R/XYZ null 750 null]/Prev 759 0 R/Next 763 0 R>>endobj
-763 0 obj<</Parent 732 0 R/Title(The smbpasswd Command)/Dest[549 0 R/XYZ null 750 null]/Prev 762 0 R/Next 764 0 R>>endobj
-764 0 obj<</Parent 732 0 R/Title(Setting up Samba to support LanManager Encryption)/Dest[552 0 R/XYZ null 750 null]/Prev 763 0 R/Next 765 0 R>>endobj
-765 0 obj<</Parent 732 0 R/Title(Chapter 3. Hosting a Microsoft Distributed File System tree on Samba)/Dest[555 0 R/XYZ null 750 null]/Prev 764 0 R/Next 766 0 R>>endobj
-766 0 obj<</Parent 732 0 R/Count -1/First 767 0 R/Last 767 0 R/Title(Instructions)/Dest[558 0 R/XYZ null 750 null]/Prev 765 0 R/Next 768 0 R>>endobj
-767 0 obj<</Parent 766 0 R/Title(Notes)/Dest[561 0 R/XYZ null 735 null]>>endobj
-768 0 obj<</Parent 732 0 R/Title(Chapter 4. Printing Support in Samba 2.2.x)/Dest[564 0 R/XYZ null 750 null]/Prev 766 0 R/Next 769 0 R>>endobj
-769 0 obj<</Parent 732 0 R/Title(Introduction)/Dest[567 0 R/XYZ null 750 null]/Prev 768 0 R/Next 770 0 R>>endobj
-770 0 obj<</Parent 732 0 R/Count -1/First 771 0 R/Last 771 0 R/Title(Configuration)/Dest[570 0 R/XYZ null 750 null]/Prev 769 0 R/Next 772 0 R>>endobj
-771 0 obj<</Parent 770 0 R/Title(Support a large number of printers)/Dest[576 0 R/XYZ null 722 null]>>endobj
-772 0 obj<</Parent 732 0 R/Count -4/First 773 0 R/Last 776 0 R/Title(The Imprints Toolset)/Dest[579 0 R/XYZ null 750 null]/Prev 770 0 R/Next 777 0 R>>endobj
-773 0 obj<</Parent 772 0 R/Title(What is Imprints?)/Dest[579 0 R/XYZ null 645 null]/Next 774 0 R>>endobj
-774 0 obj<</Parent 772 0 R/Title(Creating Printer Driver Packages)/Dest[579 0 R/XYZ null 438 null]/Prev 773 0 R/Next 775 0 R>>endobj
-775 0 obj<</Parent 772 0 R/Title(The Imprints server)/Dest[579 0 R/XYZ null 336 null]/Prev 774 0 R/Next 776 0 R>>endobj
-776 0 obj<</Parent 772 0 R/Title(The Installation Client)/Dest[579 0 R/XYZ null 221 null]/Prev 775 0 R>>endobj
-777 0 obj<</Parent 732 0 R/Title(Migration to from Samba 2.0.x to  2.2.x)/Dest[585 0 R/XYZ null 750 null]/Prev 772 0 R/Next 778 0 R>>endobj
-778 0 obj<</Parent 732 0 R/Title(Chapter 5. security = domain in Samba 2.x)/Dest[588 0 R/XYZ null 750 null]/Prev 777 0 R/Next 779 0 R>>endobj
-779 0 obj<</Parent 732 0 R/Title(Joining an NT Domain with Samba 2.2)/Dest[591 0 R/XYZ null 750 null]/Prev 778 0 R/Next 780 0 R>>endobj
-780 0 obj<</Parent 732 0 R/Title(Samba and Windows 2000 Domains)/Dest[597 0 R/XYZ null 750 null]/Prev 779 0 R/Next 781 0 R>>endobj
-781 0 obj<</Parent 732 0 R/Title(Why is this better than security = server?)/Dest[600 0 R/XYZ null 750 null]/Prev 780 0 R/Next 782 0 R>>endobj
-782 0 obj<</Parent 732 0 R/Title(Chapter 6. How to Configure Samba 2.2.x as a Primary Domain Controller)/Dest[603 0 R/XYZ null 750 null]/Prev 781 0 R/Next 783 0 R>>endobj
-783 0 obj<</Parent 732 0 R/Title(Background)/Dest[606 0 R/XYZ null 750 null]/Prev 782 0 R/Next 784 0 R>>endobj
-784 0 obj<</Parent 732 0 R/Title(Configuring the Samba Domain Controller)/Dest[612 0 R/XYZ null 750 null]/Prev 783 0 R/Next 785 0 R>>endobj
-785 0 obj<</Parent 732 0 R/Title(Creating Machine Trust Accounts and Joining Clients  to the Domain)/Dest[618 0 R/XYZ null 750 null]/Prev 784 0 R/Next 786 0 R>>endobj
-786 0 obj<</Parent 732 0 R/Title(Common Problems and Errors)/Dest[624 0 R/XYZ null 750 null]/Prev 785 0 R/Next 787 0 R>>endobj
-787 0 obj<</Parent 732 0 R/Title(System Policies and Profiles)/Dest[630 0 R/XYZ null 750 null]/Prev 786 0 R/Next 788 0 R>>endobj
-788 0 obj<</Parent 732 0 R/Count -2/First 789 0 R/Last 790 0 R/Title(What other help can I get ?)/Dest[636 0 R/XYZ null 750 null]/Prev 787 0 R/Next 791 0 R>>endobj
-789 0 obj<</Parent 788 0 R/Title(URLs and similar)/Dest[639 0 R/XYZ null 247 null]/Next 790 0 R>>endobj
-790 0 obj<</Parent 788 0 R/Title(Mailing Lists)/Dest[642 0 R/XYZ null 590 null]/Prev 789 0 R>>endobj
-791 0 obj<</Parent 732 0 R/Title(DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[648 0 R/XYZ null 750 null]/Prev 788 0 R/Next 792 0 R>>endobj
-792 0 obj<</Parent 732 0 R/Title(Chapter 7. Unifed Logons between Windows NT and UNIX using Winbind)/Dest[654 0 R/XYZ null 750 null]/Prev 791 0 R/Next 793 0 R>>endobj
-793 0 obj<</Parent 732 0 R/Title(Abstract)/Dest[657 0 R/XYZ null 750 null]/Prev 792 0 R/Next 794 0 R>>endobj
-794 0 obj<</Parent 732 0 R/Title(Introduction)/Dest[660 0 R/XYZ null 750 null]/Prev 793 0 R/Next 795 0 R>>endobj
-795 0 obj<</Parent 732 0 R/Count -1/First 796 0 R/Last 796 0 R/Title(What Winbind Provides)/Dest[663 0 R/XYZ null 750 null]/Prev 794 0 R/Next 797 0 R>>endobj
-796 0 obj<</Parent 795 0 R/Title(Target Uses)/Dest[663 0 R/XYZ null 407 null]>>endobj
-797 0 obj<</Parent 732 0 R/Count -5/First 798 0 R/Last 802 0 R/Title(How Winbind Works)/Dest[666 0 R/XYZ null 750 null]/Prev 795 0 R/Next 803 0 R>>endobj
-798 0 obj<</Parent 797 0 R/Title(Microsoft Remote Procedure Calls)/Dest[666 0 R/XYZ null 632 null]/Next 799 0 R>>endobj
-799 0 obj<</Parent 797 0 R/Title(Name Service Switch)/Dest[666 0 R/XYZ null 425 null]/Prev 798 0 R/Next 800 0 R>>endobj
-800 0 obj<</Parent 797 0 R/Title(Pluggable Authentication Modules)/Dest[669 0 R/XYZ null 643 null]/Prev 799 0 R/Next 801 0 R>>endobj
-801 0 obj<</Parent 797 0 R/Title(User and Group ID Allocation)/Dest[669 0 R/XYZ null 330 null]/Prev 800 0 R/Next 802 0 R>>endobj
-802 0 obj<</Parent 797 0 R/Title(Result Caching)/Dest[672 0 R/XYZ null 750 null]/Prev 801 0 R>>endobj
-803 0 obj<</Parent 732 0 R/Title(Installation and Configuration)/Dest[675 0 R/XYZ null 750 null]/Prev 797 0 R/Next 804 0 R>>endobj
-804 0 obj<</Parent 732 0 R/Title(Limitations)/Dest[678 0 R/XYZ null 750 null]/Prev 803 0 R/Next 805 0 R>>endobj
-805 0 obj<</Parent 732 0 R/Title(Conclusion)/Dest[681 0 R/XYZ null 750 null]/Prev 804 0 R/Next 806 0 R>>endobj
-806 0 obj<</Parent 732 0 R/Title(Chapter 8. UNIX Permission Bits and WIndows NT Access Control Lists)/Dest[684 0 R/XYZ null 750 null]/Prev 805 0 R/Next 807 0 R>>endobj
-807 0 obj<</Parent 732 0 R/Title(Viewing and changing UNIX permissions using the NT  security dialogs)/Dest[687 0 R/XYZ null 750 null]/Prev 806 0 R/Next 808 0 R>>endobj
-808 0 obj<</Parent 732 0 R/Title(How to view file security on a Samba share)/Dest[690 0 R/XYZ null 750 null]/Prev 807 0 R/Next 809 0 R>>endobj
-809 0 obj<</Parent 732 0 R/Title(Viewing file ownership)/Dest[693 0 R/XYZ null 750 null]/Prev 808 0 R/Next 810 0 R>>endobj
-810 0 obj<</Parent 732 0 R/Count -2/First 811 0 R/Last 812 0 R/Title(Viewing file or directory permissions)/Dest[696 0 R/XYZ null 750 null]/Prev 809 0 R/Next 813 0 R>>endobj
-811 0 obj<</Parent 810 0 R/Title(File Permissions)/Dest[696 0 R/XYZ null 513 null]/Next 812 0 R>>endobj
-812 0 obj<</Parent 810 0 R/Title(Directory Permissions)/Dest[696 0 R/XYZ null 253 null]/Prev 811 0 R>>endobj
-813 0 obj<</Parent 732 0 R/Title(Modifying file or directory permissions)/Dest[702 0 R/XYZ null 750 null]/Prev 810 0 R/Next 814 0 R>>endobj
-814 0 obj<</Parent 732 0 R/Title(Interaction with the standard Samba create mask  parameters)/Dest[705 0 R/XYZ null 750 null]/Prev 813 0 R/Next 815 0 R>>endobj
-815 0 obj<</Parent 732 0 R/Title(Interaction with the standard Samba file attribute  mapping)/Dest[711 0 R/XYZ null 750 null]/Prev 814 0 R/Next 816 0 R>>endobj
-816 0 obj<</Parent 732 0 R/Title(Chapter 9. OS2 Client HOWTO)/Dest[714 0 R/XYZ null 750 null]/Prev 815 0 R/Next 817 0 R>>endobj
-817 0 obj<</Parent 732 0 R/Count -4/First 818 0 R/Last 821 0 R/Title(FAQs)/Dest[717 0 R/XYZ null 750 null]/Prev 816 0 R>>endobj
-818 0 obj<</Parent 817 0 R/Title(How can I configure OS/2 Warp Connect or  OS/2 Warp 4 as a client for Samba?)/Dest[717 0 R/XYZ null 726 null]/Next 819 0 R>>endobj
-819 0 obj<</Parent 817 0 R/Title(How can I configure OS/2 Warp 3 \(not Connect\),  OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[717 0 R/XYZ null 301 null]/Prev 818 0 R/Next 820 0 R>>endobj
-820 0 obj<</Parent 817 0 R/Title(Are there any other issues when OS/2 \(any version\)  is used as a client?)/Dest[720 0 R/XYZ null 735 null]/Prev 819 0 R/Next 821 0 R>>endobj
-821 0 obj<</Parent 817 0 R/Title(How do I get printer driver download working  for OS/2 clients?)/Dest[720 0 R/XYZ null 600 null]/Prev 820 0 R>>endobj
-822 0 obj<</Type/Catalog/Pages 476 0 R/Names 382 0 R/PageLayout/SinglePage/Outlines 732 0 R/OpenAction[480 0 R/XYZ null null null]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>4<</S/D>>]>>>>endobj
+2938
+endobj
+708 0 obj<</Count 12/First 709 0 R/Last 818 0 R>>endobj
+709 0 obj<</Parent 708 0 R/Title(Table of Contents)/Dest[699 0 R/XYZ null 756 null]/Next 710 0 R>>endobj
+710 0 obj<</Parent 708 0 R/Count -19/First 711 0 R/Last 729 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[501 0 R/XYZ null 750 null]/Prev 709 0 R/Next 730 0 R>>endobj
+711 0 obj<</Parent 710 0 R/Title(1.1. Step 0: Read the man pages)/Dest[501 0 R/XYZ null 726 null]/Next 712 0 R>>endobj
+712 0 obj<</Parent 710 0 R/Title(1.2. Step 1: Building the Binaries)/Dest[501 0 R/XYZ null 589 null]/Prev 711 0 R/Next 713 0 R>>endobj
+713 0 obj<</Parent 710 0 R/Title(1.3. Step 2: The all important step)/Dest[501 0 R/XYZ null 174 null]/Prev 712 0 R/Next 714 0 R>>endobj
+714 0 obj<</Parent 710 0 R/Title(1.4. Step 3: Create the smb configuration file.)/Dest[504 0 R/XYZ null 735 null]/Prev 713 0 R/Next 715 0 R>>endobj
+715 0 obj<</Parent 710 0 R/Title(1.5. Step 4: Test your config file with  testparm)/Dest[504 0 R/XYZ null 375 null]/Prev 714 0 R/Next 716 0 R>>endobj
+716 0 obj<</Parent 710 0 R/Title(1.6. Step 5: Starting the smbd and nmbd)/Dest[504 0 R/XYZ null 264 null]/Prev 715 0 R/Next 717 0 R>>endobj
+717 0 obj<</Parent 710 0 R/Title(1.6.1. Step 5a: Starting from inetd.conf)/Dest[507 0 R/XYZ null 750 null]/Prev 716 0 R/Next 718 0 R>>endobj
+718 0 obj<</Parent 710 0 R/Title(1.6.2. Step 5b. Alternative: starting it as a daemon)/Dest[507 0 R/XYZ null 262 null]/Prev 717 0 R/Next 719 0 R>>endobj
+719 0 obj<</Parent 710 0 R/Title(1.7. Step 6: Try listing the shares available on your  server)/Dest[510 0 R/XYZ null 682 null]/Prev 718 0 R/Next 720 0 R>>endobj
+720 0 obj<</Parent 710 0 R/Title(1.8. Step 7: Try connecting with the unix client)/Dest[510 0 R/XYZ null 505 null]/Prev 719 0 R/Next 721 0 R>>endobj
+721 0 obj<</Parent 710 0 R/Title(1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,  Win2k, OS/2, etc... client)/Dest[510 0 R/XYZ null 328 null]/Prev 720 0 R/Next 722 0 R>>endobj
+722 0 obj<</Parent 710 0 R/Title(1.10. What If Things Don't Work?)/Dest[513 0 R/XYZ null 750 null]/Prev 721 0 R/Next 723 0 R>>endobj
+723 0 obj<</Parent 710 0 R/Title(1.10.1. Diagnosing Problems)/Dest[513 0 R/XYZ null 573 null]/Prev 722 0 R/Next 724 0 R>>endobj
+724 0 obj<</Parent 710 0 R/Title(1.10.2. Scope IDs)/Dest[513 0 R/XYZ null 501 null]/Prev 723 0 R/Next 725 0 R>>endobj
+725 0 obj<</Parent 710 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[513 0 R/XYZ null 390 null]/Prev 724 0 R/Next 726 0 R>>endobj
+726 0 obj<</Parent 710 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[516 0 R/XYZ null 735 null]/Prev 725 0 R/Next 727 0 R>>endobj
+727 0 obj<</Parent 710 0 R/Title(1.10.5. Locking)/Dest[516 0 R/XYZ null 611 null]/Prev 726 0 R/Next 728 0 R>>endobj
+728 0 obj<</Parent 710 0 R/Title(1.10.6. Mapping Usernames)/Dest[519 0 R/XYZ null 750 null]/Prev 727 0 R/Next 729 0 R>>endobj
+729 0 obj<</Parent 710 0 R/Title(1.10.7. Other Character Sets)/Dest[519 0 R/XYZ null 679 null]/Prev 728 0 R>>endobj
+730 0 obj<</Parent 708 0 R/Count -18/First 731 0 R/Last 748 0 R/Title(Chapter 2. Integrating MS Windows networks with Samba)/Dest[522 0 R/XYZ null 750 null]/Prev 710 0 R/Next 749 0 R>>endobj
+731 0 obj<</Parent 730 0 R/Title(2.1. Agenda)/Dest[522 0 R/XYZ null 702 null]/Next 732 0 R>>endobj
+732 0 obj<</Parent 730 0 R/Title(2.2. Name Resolution in a pure Unix/Linux world)/Dest[522 0 R/XYZ null 459 null]/Prev 731 0 R/Next 733 0 R>>endobj
+733 0 obj<</Parent 730 0 R/Title(2.2.1. /etc/hosts)/Dest[522 0 R/XYZ null 321 null]/Prev 732 0 R/Next 734 0 R>>endobj
+734 0 obj<</Parent 730 0 R/Title(2.2.2. /etc/resolv.conf)/Dest[525 0 R/XYZ null 431 null]/Prev 733 0 R/Next 735 0 R>>endobj
+735 0 obj<</Parent 730 0 R/Title(2.2.3. /etc/host.conf)/Dest[525 0 R/XYZ null 281 null]/Prev 734 0 R/Next 736 0 R>>endobj
+736 0 obj<</Parent 730 0 R/Title(2.2.4. /etc/nsswitch.conf)/Dest[528 0 R/XYZ null 750 null]/Prev 735 0 R/Next 737 0 R>>endobj
+737 0 obj<</Parent 730 0 R/Title(2.3. Name resolution as used within MS Windows networking)/Dest[528 0 R/XYZ null 264 null]/Prev 736 0 R/Next 738 0 R>>endobj
+738 0 obj<</Parent 730 0 R/Title(2.3.1. The NetBIOS Name Cache)/Dest[531 0 R/XYZ null 206 null]/Prev 737 0 R/Next 739 0 R>>endobj
+739 0 obj<</Parent 730 0 R/Title(2.3.2. The LMHOSTS file)/Dest[534 0 R/XYZ null 656 null]/Prev 738 0 R/Next 740 0 R>>endobj
+740 0 obj<</Parent 730 0 R/Title(2.3.3. HOSTS file)/Dest[537 0 R/XYZ null 367 null]/Prev 739 0 R/Next 741 0 R>>endobj
+741 0 obj<</Parent 730 0 R/Title(2.3.4. DNS Lookup)/Dest[537 0 R/XYZ null 256 null]/Prev 740 0 R/Next 742 0 R>>endobj
+742 0 obj<</Parent 730 0 R/Title(2.3.5. WINS Lookup)/Dest[540 0 R/XYZ null 750 null]/Prev 741 0 R/Next 743 0 R>>endobj
+743 0 obj<</Parent 730 0 R/Title(2.4. How browsing functions and how to deploy stable and  dependable browsing using Samba)/Dest[540 0 R/XYZ null 525 null]/Prev 742 0 R/Next 744 0 R>>endobj
+744 0 obj<</Parent 730 0 R/Title(2.5. MS Windows security options and how to configure  Samba for seemless integration)/Dest[543 0 R/XYZ null 629 null]/Prev 743 0 R/Next 745 0 R>>endobj
+745 0 obj<</Parent 730 0 R/Title(2.5.1. Use MS Windows NT as an authentication server)/Dest[546 0 R/XYZ null 577 null]/Prev 744 0 R/Next 746 0 R>>endobj
+746 0 obj<</Parent 730 0 R/Title(2.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[546 0 R/XYZ null 300 null]/Prev 745 0 R/Next 747 0 R>>endobj
+747 0 obj<</Parent 730 0 R/Title(2.5.3. Configure Samba as an authentication server)/Dest[549 0 R/XYZ null 590 null]/Prev 746 0 R/Next 748 0 R>>endobj
+748 0 obj<</Parent 730 0 R/Title(2.6. Conclusions)/Dest[552 0 R/XYZ null 635 null]/Prev 747 0 R>>endobj
+749 0 obj<</Parent 708 0 R/Count -3/First 750 0 R/Last 752 0 R/Title(Chapter 3. Configuring PAM for distributed but centrally  managed authentication)/Dest[555 0 R/XYZ null 750 null]/Prev 730 0 R/Next 753 0 R>>endobj
+750 0 obj<</Parent 749 0 R/Title(3.1. Samba and PAM)/Dest[555 0 R/XYZ null 702 null]/Next 751 0 R>>endobj
+751 0 obj<</Parent 749 0 R/Title(3.2. Distributed Authentication)/Dest[558 0 R/XYZ null 188 null]/Prev 750 0 R/Next 752 0 R>>endobj
+752 0 obj<</Parent 749 0 R/Title(3.3. PAM Configuration in smb.conf)/Dest[561 0 R/XYZ null 735 null]/Prev 751 0 R>>endobj
+753 0 obj<</Parent 708 0 R/Count -2/First 754 0 R/Last 755 0 R/Title(Chapter 4. Hosting a Microsoft Distributed File System tree on Samba)/Dest[564 0 R/XYZ null 750 null]/Prev 749 0 R/Next 756 0 R>>endobj
+754 0 obj<</Parent 753 0 R/Title(4.1. Instructions)/Dest[564 0 R/XYZ null 702 null]/Next 755 0 R>>endobj
+755 0 obj<</Parent 753 0 R/Title(4.1.1. Notes)/Dest[567 0 R/XYZ null 669 null]/Prev 754 0 R>>endobj
+756 0 obj<</Parent 708 0 R/Count -9/First 757 0 R/Last 765 0 R/Title(Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[570 0 R/XYZ null 750 null]/Prev 753 0 R/Next 766 0 R>>endobj
+757 0 obj<</Parent 756 0 R/Title(5.1. Viewing and changing UNIX permissions using the NT  security dialogs)/Dest[570 0 R/XYZ null 702 null]/Next 758 0 R>>endobj
+758 0 obj<</Parent 756 0 R/Title(5.2. How to view file security on a Samba share)/Dest[570 0 R/XYZ null 521 null]/Prev 757 0 R/Next 759 0 R>>endobj
+759 0 obj<</Parent 756 0 R/Title(5.3. Viewing file ownership)/Dest[570 0 R/XYZ null 344 null]/Prev 758 0 R/Next 760 0 R>>endobj
+760 0 obj<</Parent 756 0 R/Title(5.4. Viewing file or directory permissions)/Dest[573 0 R/XYZ null 682 null]/Prev 759 0 R/Next 761 0 R>>endobj
+761 0 obj<</Parent 756 0 R/Title(5.4.1. File Permissions)/Dest[573 0 R/XYZ null 439 null]/Prev 760 0 R/Next 762 0 R>>endobj
+762 0 obj<</Parent 756 0 R/Title(5.4.2. Directory Permissions)/Dest[573 0 R/XYZ null 183 null]/Prev 761 0 R/Next 763 0 R>>endobj
+763 0 obj<</Parent 756 0 R/Title(5.5. Modifying file or directory permissions)/Dest[576 0 R/XYZ null 669 null]/Prev 762 0 R/Next 764 0 R>>endobj
+764 0 obj<</Parent 756 0 R/Title(5.6. Interaction with the standard Samba create mask  parameters)/Dest[576 0 R/XYZ null 228 null]/Prev 763 0 R/Next 765 0 R>>endobj
+765 0 obj<</Parent 756 0 R/Title(5.7. Interaction with the standard Samba file attribute  mapping)/Dest[582 0 R/XYZ null 590 null]/Prev 764 0 R>>endobj
+766 0 obj<</Parent 708 0 R/Count -13/First 767 0 R/Last 779 0 R/Title(Chapter 6. Printing Support in Samba 2.2.x)/Dest[585 0 R/XYZ null 750 null]/Prev 756 0 R/Next 780 0 R>>endobj
+767 0 obj<</Parent 766 0 R/Title(6.1. Introduction)/Dest[585 0 R/XYZ null 726 null]/Next 768 0 R>>endobj
+768 0 obj<</Parent 766 0 R/Title(6.2. Configuration)/Dest[585 0 R/XYZ null 298 null]/Prev 767 0 R/Next 769 0 R>>endobj
+769 0 obj<</Parent 766 0 R/Title(6.2.1. Creating [print$])/Dest[588 0 R/XYZ null 689 null]/Prev 768 0 R/Next 770 0 R>>endobj
+770 0 obj<</Parent 766 0 R/Title(6.2.2. Setting Drivers for Existing Printers)/Dest[591 0 R/XYZ null 459 null]/Prev 769 0 R/Next 771 0 R>>endobj
+771 0 obj<</Parent 766 0 R/Title(6.2.3. Support a large number of printers)/Dest[594 0 R/XYZ null 682 null]/Prev 770 0 R/Next 772 0 R>>endobj
+772 0 obj<</Parent 766 0 R/Title(6.2.4. Adding New Printers via the Windows NT APW)/Dest[594 0 R/XYZ null 298 null]/Prev 771 0 R/Next 773 0 R>>endobj
+773 0 obj<</Parent 766 0 R/Title(6.2.5. Samba and Printer Ports)/Dest[597 0 R/XYZ null 682 null]/Prev 772 0 R/Next 774 0 R>>endobj
+774 0 obj<</Parent 766 0 R/Title(6.3. The Imprints Toolset)/Dest[597 0 R/XYZ null 492 null]/Prev 773 0 R/Next 775 0 R>>endobj
+775 0 obj<</Parent 766 0 R/Title(6.3.1. What is Imprints?)/Dest[597 0 R/XYZ null 381 null]/Prev 774 0 R/Next 776 0 R>>endobj
+776 0 obj<</Parent 766 0 R/Title(6.3.2. Creating Printer Driver Packages)/Dest[597 0 R/XYZ null 243 null]/Prev 775 0 R/Next 777 0 R>>endobj
+777 0 obj<</Parent 766 0 R/Title(6.3.3. The Imprints server)/Dest[597 0 R/XYZ null 145 null]/Prev 776 0 R/Next 778 0 R>>endobj
+778 0 obj<</Parent 766 0 R/Title(6.3.4. The Installation Client)/Dest[600 0 R/XYZ null 709 null]/Prev 777 0 R/Next 779 0 R>>endobj
+779 0 obj<</Parent 766 0 R/Title(6.4. Migration to from Samba 2.0.x to 2.2.x)/Dest[603 0 R/XYZ null 750 null]/Prev 778 0 R>>endobj
+780 0 obj<</Parent 708 0 R/Count -3/First 781 0 R/Last 783 0 R/Title(Chapter 7. security = domain in Samba 2.x)/Dest[609 0 R/XYZ null 750 null]/Prev 766 0 R/Next 784 0 R>>endobj
+781 0 obj<</Parent 780 0 R/Title(7.1. Joining an NT Domain with Samba 2.2)/Dest[609 0 R/XYZ null 726 null]/Next 782 0 R>>endobj
+782 0 obj<</Parent 780 0 R/Title(7.2. Samba and Windows 2000 Domains)/Dest[612 0 R/XYZ null 352 null]/Prev 781 0 R/Next 783 0 R>>endobj
+783 0 obj<</Parent 780 0 R/Title(7.3. Why is this better than security = server?)/Dest[615 0 R/XYZ null 750 null]/Prev 782 0 R>>endobj
+784 0 obj<</Parent 708 0 R/Count -13/First 785 0 R/Last 797 0 R/Title(Chapter 8. How to Configure Samba 2.2 as a Primary Domain Controller)/Dest[618 0 R/XYZ null 750 null]/Prev 780 0 R/Next 798 0 R>>endobj
+785 0 obj<</Parent 784 0 R/Title(8.1. Prerequisite Reading)/Dest[618 0 R/XYZ null 702 null]/Next 786 0 R>>endobj
+786 0 obj<</Parent 784 0 R/Title(8.2. Background)/Dest[618 0 R/XYZ null 604 null]/Prev 785 0 R/Next 787 0 R>>endobj
+787 0 obj<</Parent 784 0 R/Title(8.3. Configuring the Samba Domain Controller)/Dest[621 0 R/XYZ null 656 null]/Prev 786 0 R/Next 788 0 R>>endobj
+788 0 obj<</Parent 784 0 R/Title(8.4. Creating Machine Trust Accounts and Joining Clients  to the Domain)/Dest[624 0 R/XYZ null 527 null]/Prev 787 0 R/Next 789 0 R>>endobj
+789 0 obj<</Parent 784 0 R/Title(8.4.1. Manually creating machine trust accounts)/Dest[624 0 R/XYZ null 192 null]/Prev 788 0 R/Next 790 0 R>>endobj
+790 0 obj<</Parent 784 0 R/Title(8.4.2. Creating machine trust accounts "on the fly")/Dest[627 0 R/XYZ null 355 null]/Prev 789 0 R/Next 791 0 R>>endobj
+791 0 obj<</Parent 784 0 R/Title(8.5. Common Problems and Errors)/Dest[627 0 R/XYZ null 179 null]/Prev 790 0 R/Next 792 0 R>>endobj
+792 0 obj<</Parent 784 0 R/Title(8.6. System Policies and Profiles)/Dest[633 0 R/XYZ null 541 null]/Prev 791 0 R/Next 793 0 R>>endobj
+793 0 obj<</Parent 784 0 R/Title(8.7. What other help can I get ?)/Dest[636 0 R/XYZ null 484 null]/Prev 792 0 R/Next 794 0 R>>endobj
+794 0 obj<</Parent 784 0 R/Title(8.8. Domain Control for Windows 9x/ME)/Dest[645 0 R/XYZ null 750 null]/Prev 793 0 R/Next 795 0 R>>endobj
+795 0 obj<</Parent 784 0 R/Title(8.8.1. Configuration Instructions: Network Logons)/Dest[648 0 R/XYZ null 431 null]/Prev 794 0 R/Next 796 0 R>>endobj
+796 0 obj<</Parent 784 0 R/Title(8.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[651 0 R/XYZ null 185 null]/Prev 795 0 R/Next 797 0 R>>endobj
+797 0 obj<</Parent 784 0 R/Title(8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[666 0 R/XYZ null 682 null]/Prev 796 0 R>>endobj
+798 0 obj<</Parent 708 0 R/Count -13/First 799 0 R/Last 811 0 R/Title(Chapter 9. Unified Logons between Windows NT and UNIX using Winbind)/Dest[672 0 R/XYZ null 750 null]/Prev 784 0 R/Next 812 0 R>>endobj
+799 0 obj<</Parent 798 0 R/Title(9.1. Abstract)/Dest[672 0 R/XYZ null 702 null]/Next 800 0 R>>endobj
+800 0 obj<</Parent 798 0 R/Title(9.2. Introduction)/Dest[672 0 R/XYZ null 565 null]/Prev 799 0 R/Next 801 0 R>>endobj
+801 0 obj<</Parent 798 0 R/Title(9.3. What Winbind Provides)/Dest[672 0 R/XYZ null 242 null]/Prev 800 0 R/Next 802 0 R>>endobj
+802 0 obj<</Parent 798 0 R/Title(9.3.1. Target Uses)/Dest[675 0 R/XYZ null 577 null]/Prev 801 0 R/Next 803 0 R>>endobj
+803 0 obj<</Parent 798 0 R/Title(9.4. How Winbind Works)/Dest[675 0 R/XYZ null 413 null]/Prev 802 0 R/Next 804 0 R>>endobj
+804 0 obj<</Parent 798 0 R/Title(9.4.1. Microsoft Remote Procedure Calls)/Dest[675 0 R/XYZ null 288 null]/Prev 803 0 R/Next 805 0 R>>endobj
+805 0 obj<</Parent 798 0 R/Title(9.4.2. Name Service Switch)/Dest[678 0 R/XYZ null 750 null]/Prev 804 0 R/Next 806 0 R>>endobj
+806 0 obj<</Parent 798 0 R/Title(9.4.3. Pluggable Authentication Modules)/Dest[678 0 R/XYZ null 322 null]/Prev 805 0 R/Next 807 0 R>>endobj
+807 0 obj<</Parent 798 0 R/Title(9.4.4. User and Group ID Allocation)/Dest[681 0 R/XYZ null 682 null]/Prev 806 0 R/Next 808 0 R>>endobj
+808 0 obj<</Parent 798 0 R/Title(9.4.5. Result Caching)/Dest[681 0 R/XYZ null 492 null]/Prev 807 0 R/Next 809 0 R>>endobj
+809 0 obj<</Parent 798 0 R/Title(9.5. Installation and Configuration)/Dest[681 0 R/XYZ null 341 null]/Prev 808 0 R/Next 810 0 R>>endobj
+810 0 obj<</Parent 798 0 R/Title(9.6. Limitations)/Dest[681 0 R/XYZ null 151 null]/Prev 809 0 R/Next 811 0 R>>endobj
+811 0 obj<</Parent 798 0 R/Title(9.7. Conclusion)/Dest[684 0 R/XYZ null 577 null]/Prev 810 0 R>>endobj
+812 0 obj<</Parent 708 0 R/Count -5/First 813 0 R/Last 817 0 R/Title(Chapter 10. OS2 Client HOWTO)/Dest[687 0 R/XYZ null 750 null]/Prev 798 0 R/Next 818 0 R>>endobj
+813 0 obj<</Parent 812 0 R/Title(10.1. FAQs)/Dest[687 0 R/XYZ null 726 null]/Next 814 0 R>>endobj
+814 0 obj<</Parent 812 0 R/Title(10.1.1. How can I configure OS/2 Warp Connect or  OS/2 Warp 4 as a client for Samba?)/Dest[687 0 R/XYZ null 696 null]/Prev 813 0 R/Next 815 0 R>>endobj
+815 0 obj<</Parent 812 0 R/Title(10.1.2. How can I configure OS/2 Warp 3 \(not Connect\),  OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[687 0 R/XYZ null 344 null]/Prev 814 0 R/Next 816 0 R>>endobj
+816 0 obj<</Parent 812 0 R/Title(10.1.3. Are there any other issues when OS/2 \(any version\)  is used as a client?)/Dest[690 0 R/XYZ null 750 null]/Prev 815 0 R/Next 817 0 R>>endobj
+817 0 obj<</Parent 812 0 R/Title(10.1.4. How do I get printer driver download working  for OS/2 clients?)/Dest[690 0 R/XYZ null 635 null]/Prev 816 0 R>>endobj
+818 0 obj<</Parent 708 0 R/Count -4/First 819 0 R/Last 822 0 R/Title(Chapter 11. HOWTO Access Samba source code via CVS)/Dest[693 0 R/XYZ null 750 null]/Prev 812 0 R>>endobj
+819 0 obj<</Parent 818 0 R/Title(11.1. Introduction)/Dest[693 0 R/XYZ null 702 null]/Next 820 0 R>>endobj
+820 0 obj<</Parent 818 0 R/Title(11.2. CVS Access to samba.org)/Dest[693 0 R/XYZ null 578 null]/Prev 819 0 R/Next 821 0 R>>endobj
+821 0 obj<</Parent 818 0 R/Title(11.2.1. Access via CVSweb)/Dest[693 0 R/XYZ null 480 null]/Prev 820 0 R/Next 822 0 R>>endobj
+822 0 obj<</Parent 818 0 R/Title(11.2.2. Access via cvs)/Dest[693 0 R/XYZ null 355 null]/Prev 821 0 R>>endobj
+823 0 obj<</Type/Catalog/Pages 497 0 R/Names 367 0 R/PageLayout/SinglePage/Outlines 708 0 R/OpenAction[498 0 R/XYZ null null null]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>4<</S/D>>]>>>>endobj
 xref
-0 823 
+0 824 
 0000000000 65535 f 
 0000000015 00000 n 
 0000000244 00000 n 
@@ -1942,820 +1885,821 @@ xref
 0000002209 00000 n 
 0000002286 00000 n 
 0000002365 00000 n 
-0000002449 00000 n 
-0000002526 00000 n 
-0000002608 00000 n 
-0000002667 00000 n 
-0000002771 00000 n 
-0000002876 00000 n 
-0000002981 00000 n 
-0000003086 00000 n 
-0000003191 00000 n 
-0000003296 00000 n 
-0000003401 00000 n 
-0000003506 00000 n 
-0000003611 00000 n 
-0000003716 00000 n 
-0000003821 00000 n 
-0000003926 00000 n 
-0000004031 00000 n 
-0000004136 00000 n 
-0000004241 00000 n 
-0000004346 00000 n 
-0000004451 00000 n 
-0000004556 00000 n 
-0000004661 00000 n 
-0000004766 00000 n 
+0000002442 00000 n 
+0000002524 00000 n 
+0000002583 00000 n 
+0000002635 00000 n 
+0000002720 00000 n 
+0000002773 00000 n 
+0000002857 00000 n 
+0000002888 00000 n 
+0000002940 00000 n 
+0000003025 00000 n 
+0000003049 00000 n 
+0000003095 00000 n 
+0000003180 00000 n 
+0000003225 00000 n 
+0000003309 00000 n 
+0000003354 00000 n 
+0000003438 00000 n 
+0000003476 00000 n 
+0000003519 00000 n 
+0000003604 00000 n 
+0000003647 00000 n 
+0000003731 00000 n 
+0000003762 00000 n 
+0000003816 00000 n 
+0000003901 00000 n 
+0000003925 00000 n 
+0000003976 00000 n 
+0000004061 00000 n 
+0000004109 00000 n 
+0000004194 00000 n 
+0000004225 00000 n 
+0000004343 00000 n 
+0000004427 00000 n 
+0000004468 00000 n 
+0000004553 00000 n 
+0000004594 00000 n 
+0000004679 00000 n 
+0000004717 00000 n 
+0000004761 00000 n 
+0000004846 00000 n 
 0000004870 00000 n 
-0000004975 00000 n 
-0000005080 00000 n 
-0000005185 00000 n 
-0000005290 00000 n 
-0000005395 00000 n 
-0000005500 00000 n 
-0000005605 00000 n 
-0000005710 00000 n 
-0000005814 00000 n 
-0000005919 00000 n 
-0000006024 00000 n 
-0000006128 00000 n 
-0000006233 00000 n 
-0000006338 00000 n 
-0000006443 00000 n 
-0000006548 00000 n 
-0000006653 00000 n 
-0000006758 00000 n 
-0000006863 00000 n 
-0000006967 00000 n 
-0000007070 00000 n 
-0000007172 00000 n 
-0000007490 00000 n 
-0000007595 00000 n 
-0000007700 00000 n 
-0000007805 00000 n 
-0000007909 00000 n 
+0000004914 00000 n 
+0000004998 00000 n 
+0000005040 00000 n 
+0000005125 00000 n 
+0000005174 00000 n 
+0000005259 00000 n 
+0000005308 00000 n 
+0000005391 00000 n 
+0000005438 00000 n 
+0000005523 00000 n 
+0000005569 00000 n 
+0000005653 00000 n 
+0000005712 00000 n 
+0000005774 00000 n 
+0000005859 00000 n 
+0000005916 00000 n 
+0000006001 00000 n 
+0000006094 00000 n 
+0000006178 00000 n 
+0000006216 00000 n 
+0000006321 00000 n 
+0000006362 00000 n 
+0000006446 00000 n 
+0000006488 00000 n 
+0000006573 00000 n 
+0000006612 00000 n 
+0000006697 00000 n 
+0000006739 00000 n 
+0000006824 00000 n 
+0000006866 00000 n 
+0000006951 00000 n 
+0000007010 00000 n 
+0000007054 00000 n 
+0000007139 00000 n 
+0000007163 00000 n 
+0000007210 00000 n 
+0000007295 00000 n 
+0000007347 00000 n 
+0000007432 00000 n 
+0000007481 00000 n 
+0000007566 00000 n 
+0000007615 00000 n 
+0000007699 00000 n 
+0000007744 00000 n 
+0000007796 00000 n 
+0000007881 00000 n 
+0000007929 00000 n 
 0000008014 00000 n 
-0000008119 00000 n 
-0000008224 00000 n 
-0000008329 00000 n 
-0000008434 00000 n 
-0000008539 00000 n 
-0000008644 00000 n 
-0000008749 00000 n 
-0000008854 00000 n 
-0000008958 00000 n 
-0000009063 00000 n 
-0000009168 00000 n 
-0000009273 00000 n 
-0000009378 00000 n 
-0000009483 00000 n 
-0000009588 00000 n 
-0000009693 00000 n 
-0000009798 00000 n 
-0000009903 00000 n 
-0000010008 00000 n 
-0000010113 00000 n 
-0000010218 00000 n 
-0000010323 00000 n 
-0000010427 00000 n 
-0000010532 00000 n 
-0000010637 00000 n 
-0000010742 00000 n 
-0000010847 00000 n 
-0000010952 00000 n 
-0000011057 00000 n 
-0000011162 00000 n 
-0000011267 00000 n 
-0000011372 00000 n 
-0000011476 00000 n 
-0000011581 00000 n 
-0000011686 00000 n 
-0000011791 00000 n 
-0000011896 00000 n 
-0000012002 00000 n 
-0000012322 00000 n 
-0000012375 00000 n 
-0000012462 00000 n 
-0000012488 00000 n 
-0000012594 00000 n 
-0000012620 00000 n 
-0000012739 00000 n 
-0000012825 00000 n 
-0000012867 00000 n 
-0000012954 00000 n 
-0000012996 00000 n 
-0000013083 00000 n 
-0000013125 00000 n 
-0000013188 00000 n 
-0000013275 00000 n 
-0000013333 00000 n 
-0000013420 00000 n 
-0000013454 00000 n 
-0000013560 00000 n 
-0000013602 00000 n 
-0000013688 00000 n 
-0000013731 00000 n 
-0000013818 00000 n 
-0000013858 00000 n 
-0000013945 00000 n 
-0000013988 00000 n 
-0000014075 00000 n 
-0000014133 00000 n 
-0000014180 00000 n 
+0000008062 00000 n 
+0000008147 00000 n 
+0000008211 00000 n 
+0000008298 00000 n 
+0000008346 00000 n 
+0000008410 00000 n 
+0000008495 00000 n 
+0000008521 00000 n 
+0000008569 00000 n 
+0000008656 00000 n 
+0000008703 00000 n 
+0000008789 00000 n 
+0000008830 00000 n 
+0000008915 00000 n 
+0000008957 00000 n 
+0000008999 00000 n 
+0000009086 00000 n 
+0000009135 00000 n 
+0000009222 00000 n 
+0000009269 00000 n 
+0000009356 00000 n 
+0000009398 00000 n 
+0000009451 00000 n 
+0000009538 00000 n 
+0000009582 00000 n 
+0000009669 00000 n 
+0000009726 00000 n 
+0000009813 00000 n 
+0000009909 00000 n 
+0000009995 00000 n 
+0000010045 00000 n 
+0000010092 00000 n 
+0000010179 00000 n 
+0000010226 00000 n 
+0000010313 00000 n 
+0000010362 00000 n 
+0000010448 00000 n 
+0000010495 00000 n 
+0000010582 00000 n 
+0000010632 00000 n 
+0000010679 00000 n 
+0000010766 00000 n 
+0000010813 00000 n 
+0000010898 00000 n 
+0000010942 00000 n 
+0000011028 00000 n 
+0000011070 00000 n 
+0000011156 00000 n 
+0000011196 00000 n 
+0000011282 00000 n 
+0000011330 00000 n 
+0000011416 00000 n 
+0000011461 00000 n 
+0000011547 00000 n 
+0000011591 00000 n 
+0000011677 00000 n 
+0000011728 00000 n 
+0000011814 00000 n 
+0000011863 00000 n 
+0000011949 00000 n 
+0000011994 00000 n 
+0000012080 00000 n 
+0000012122 00000 n 
+0000012208 00000 n 
+0000012251 00000 n 
+0000012337 00000 n 
+0000012379 00000 n 
+0000012465 00000 n 
+0000012509 00000 n 
+0000012595 00000 n 
+0000012632 00000 n 
+0000012718 00000 n 
+0000012760 00000 n 
+0000012846 00000 n 
+0000012888 00000 n 
+0000012974 00000 n 
+0000013011 00000 n 
+0000013095 00000 n 
+0000013137 00000 n 
+0000013221 00000 n 
+0000013399 00000 n 
+0000013442 00000 n 
+0000013528 00000 n 
+0000013574 00000 n 
+0000013660 00000 n 
+0000013707 00000 n 
+0000013794 00000 n 
+0000013843 00000 n 
+0000013930 00000 n 
+0000013979 00000 n 
+0000014065 00000 n 
+0000014114 00000 n 
+0000014201 00000 n 
 0000014267 00000 n 
-0000014293 00000 n 
-0000014341 00000 n 
-0000014428 00000 n 
-0000014454 00000 n 
-0000014518 00000 n 
-0000014605 00000 n 
-0000014631 00000 n 
-0000014695 00000 n 
-0000014782 00000 n 
-0000014808 00000 n 
-0000014856 00000 n 
-0000014943 00000 n 
-0000014990 00000 n 
-0000015077 00000 n 
-0000015118 00000 n 
-0000015204 00000 n 
-0000015246 00000 n 
-0000015288 00000 n 
+0000014315 00000 n 
+0000014401 00000 n 
+0000014447 00000 n 
+0000014534 00000 n 
+0000014568 00000 n 
+0000014683 00000 n 
+0000014770 00000 n 
+0000014796 00000 n 
+0000014878 00000 n 
+0000014965 00000 n 
+0000015050 00000 n 
+0000015137 00000 n 
+0000015192 00000 n 
+0000015277 00000 n 
+0000015319 00000 n 
 0000015375 00000 n 
-0000015424 00000 n 
-0000015511 00000 n 
-0000015558 00000 n 
-0000015645 00000 n 
-0000015687 00000 n 
-0000015740 00000 n 
-0000015827 00000 n 
-0000015871 00000 n 
-0000015958 00000 n 
-0000016015 00000 n 
-0000016102 00000 n 
-0000016198 00000 n 
-0000016284 00000 n 
-0000016334 00000 n 
-0000016383 00000 n 
-0000016470 00000 n 
-0000016517 00000 n 
+0000015462 00000 n 
+0000015510 00000 n 
+0000015597 00000 n 
+0000015671 00000 n 
+0000015756 00000 n 
+0000015798 00000 n 
+0000015866 00000 n 
+0000015953 00000 n 
+0000016007 00000 n 
+0000016094 00000 n 
+0000016162 00000 n 
+0000016249 00000 n 
+0000016323 00000 n 
+0000016410 00000 n 
+0000016458 00000 n 
+0000016545 00000 n 
 0000016602 00000 n 
-0000016636 00000 n 
-0000016683 00000 n 
-0000016770 00000 n 
-0000016817 00000 n 
-0000016902 00000 n 
-0000016946 00000 n 
-0000017032 00000 n 
-0000017074 00000 n 
+0000016689 00000 n 
+0000016744 00000 n 
+0000016831 00000 n 
+0000016912 00000 n 
+0000016999 00000 n 
+0000017081 00000 n 
 0000017160 00000 n 
-0000017200 00000 n 
-0000017286 00000 n 
-0000017334 00000 n 
-0000017420 00000 n 
-0000017465 00000 n 
-0000017551 00000 n 
-0000017595 00000 n 
-0000017681 00000 n 
-0000017732 00000 n 
-0000017818 00000 n 
-0000017867 00000 n 
-0000017953 00000 n 
-0000017998 00000 n 
-0000018084 00000 n 
-0000018126 00000 n 
-0000018212 00000 n 
-0000018255 00000 n 
-0000018341 00000 n 
-0000018383 00000 n 
-0000018469 00000 n 
-0000018513 00000 n 
-0000018599 00000 n 
-0000018636 00000 n 
-0000018722 00000 n 
-0000018764 00000 n 
-0000018850 00000 n 
-0000018892 00000 n 
-0000018978 00000 n 
-0000019015 00000 n 
-0000019101 00000 n 
-0000019143 00000 n 
-0000019229 00000 n 
-0000019272 00000 n 
-0000019358 00000 n 
-0000019404 00000 n 
-0000019490 00000 n 
-0000019537 00000 n 
-0000019622 00000 n 
-0000019824 00000 n 
-0000019873 00000 n 
-0000019960 00000 n 
-0000020009 00000 n 
-0000020095 00000 n 
-0000020144 00000 n 
-0000020231 00000 n 
-0000020273 00000 n 
-0000020319 00000 n 
-0000020404 00000 n 
-0000020430 00000 n 
-0000020545 00000 n 
-0000020632 00000 n 
-0000020658 00000 n 
-0000020740 00000 n 
-0000020827 00000 n 
-0000020912 00000 n 
-0000020999 00000 n 
-0000021033 00000 n 
-0000021088 00000 n 
-0000021175 00000 n 
-0000021231 00000 n 
-0000021318 00000 n 
-0000021352 00000 n 
-0000021400 00000 n 
-0000021487 00000 n 
-0000021561 00000 n 
-0000021646 00000 n 
-0000021680 00000 n 
-0000021748 00000 n 
-0000021835 00000 n 
-0000021889 00000 n 
-0000021976 00000 n 
-0000022044 00000 n 
-0000022131 00000 n 
-0000022205 00000 n 
-0000022292 00000 n 
-0000022340 00000 n 
-0000022427 00000 n 
-0000022484 00000 n 
-0000022571 00000 n 
-0000022637 00000 n 
-0000022692 00000 n 
-0000022778 00000 n 
-0000022859 00000 n 
-0000022946 00000 n 
-0000022980 00000 n 
-0000023024 00000 n 
-0000023111 00000 n 
-0000023137 00000 n 
-0000023182 00000 n 
-0000023268 00000 n 
-0000023311 00000 n 
-0000023398 00000 n 
-0000023448 00000 n 
-0000023535 00000 n 
-0000023585 00000 n 
-0000023670 00000 n 
-0000023718 00000 n 
-0000023805 00000 n 
-0000023863 00000 n 
-0000023910 00000 n 
-0000023996 00000 n 
-0000024022 00000 n 
-0000024101 00000 n 
-0000024188 00000 n 
-0000024270 00000 n 
-0000024356 00000 n 
-0000024431 00000 n 
-0000024518 00000 n 
-0000024591 00000 n 
-0000024676 00000 n 
-0000024726 00000 n 
-0000024804 00000 n 
-0000024891 00000 n 
-0000024917 00000 n 
-0000025022 00000 n 
-0000025128 00000 n 
-0000025233 00000 n 
-0000025338 00000 n 
-0000025443 00000 n 
-0000025548 00000 n 
-0000025653 00000 n 
-0000025758 00000 n 
-0000025863 00000 n 
-0000025969 00000 n 
-0000026075 00000 n 
-0000026180 00000 n 
-0000026285 00000 n 
-0000026390 00000 n 
-0000026495 00000 n 
-0000026601 00000 n 
-0000026707 00000 n 
-0000026813 00000 n 
-0000026919 00000 n 
-0000027025 00000 n 
-0000027131 00000 n 
-0000027237 00000 n 
-0000027342 00000 n 
-0000027447 00000 n 
-0000027552 00000 n 
-0000027657 00000 n 
-0000027763 00000 n 
-0000027869 00000 n 
-0000027974 00000 n 
-0000028077 00000 n 
-0000028335 00000 n 
-0000028440 00000 n 
-0000028545 00000 n 
-0000028650 00000 n 
-0000028756 00000 n 
-0000028861 00000 n 
-0000028966 00000 n 
-0000029071 00000 n 
-0000029177 00000 n 
-0000029282 00000 n 
-0000029388 00000 n 
-0000029494 00000 n 
-0000029600 00000 n 
-0000029706 00000 n 
-0000029811 00000 n 
-0000029916 00000 n 
-0000030021 00000 n 
-0000030126 00000 n 
-0000030231 00000 n 
-0000030336 00000 n 
-0000030441 00000 n 
-0000030546 00000 n 
-0000030651 00000 n 
-0000030756 00000 n 
-0000030861 00000 n 
-0000030966 00000 n 
-0000031072 00000 n 
-0000031178 00000 n 
-0000031281 00000 n 
-0000031523 00000 n 
-0000031628 00000 n 
-0000031733 00000 n 
-0000031838 00000 n 
-0000031943 00000 n 
-0000032049 00000 n 
-0000032154 00000 n 
-0000032260 00000 n 
-0000032366 00000 n 
-0000032472 00000 n 
-0000032578 00000 n 
-0000032684 00000 n 
-0000032789 00000 n 
-0000032894 00000 n 
-0000032999 00000 n 
-0000033104 00000 n 
-0000033209 00000 n 
-0000033314 00000 n 
-0000033419 00000 n 
-0000033524 00000 n 
-0000033630 00000 n 
-0000033736 00000 n 
-0000033841 00000 n 
-0000033946 00000 n 
-0000034051 00000 n 
-0000034156 00000 n 
-0000034260 00000 n 
-0000034366 00000 n 
-0000034472 00000 n 
-0000034577 00000 n 
-0000034681 00000 n 
-0000034939 00000 n 
-0000034973 00000 n 
-0000035007 00000 n 
-0000036503 00000 n 
-0000036552 00000 n 
-0000036601 00000 n 
-0000036650 00000 n 
-0000036699 00000 n 
-0000036748 00000 n 
-0000036797 00000 n 
-0000036846 00000 n 
-0000036895 00000 n 
-0000036944 00000 n 
-0000036993 00000 n 
-0000037042 00000 n 
-0000037091 00000 n 
-0000037140 00000 n 
-0000037189 00000 n 
-0000037238 00000 n 
-0000037287 00000 n 
-0000037336 00000 n 
-0000037385 00000 n 
-0000037434 00000 n 
-0000037483 00000 n 
-0000037532 00000 n 
-0000037581 00000 n 
-0000037630 00000 n 
-0000037679 00000 n 
-0000037728 00000 n 
-0000037777 00000 n 
-0000037826 00000 n 
-0000037875 00000 n 
-0000037924 00000 n 
-0000037973 00000 n 
-0000038022 00000 n 
-0000038071 00000 n 
-0000038120 00000 n 
-0000038169 00000 n 
-0000038218 00000 n 
-0000038267 00000 n 
-0000038316 00000 n 
-0000038365 00000 n 
-0000038414 00000 n 
-0000038463 00000 n 
-0000038512 00000 n 
-0000038561 00000 n 
-0000038610 00000 n 
-0000038659 00000 n 
-0000038708 00000 n 
-0000038757 00000 n 
-0000038806 00000 n 
-0000038855 00000 n 
-0000038904 00000 n 
-0000038953 00000 n 
-0000039002 00000 n 
-0000039051 00000 n 
-0000039100 00000 n 
-0000039149 00000 n 
-0000039198 00000 n 
-0000039247 00000 n 
-0000039296 00000 n 
-0000039345 00000 n 
-0000039394 00000 n 
-0000039443 00000 n 
-0000039492 00000 n 
-0000039541 00000 n 
-0000039590 00000 n 
-0000039639 00000 n 
-0000039688 00000 n 
-0000039737 00000 n 
-0000039786 00000 n 
-0000039835 00000 n 
-0000039884 00000 n 
-0000039933 00000 n 
-0000039982 00000 n 
-0000040031 00000 n 
-0000040080 00000 n 
-0000040129 00000 n 
-0000040178 00000 n 
-0000040227 00000 n 
-0000040276 00000 n 
-0000040325 00000 n 
-0000040374 00000 n 
-0000040423 00000 n 
-0000040472 00000 n 
-0000040521 00000 n 
-0000040570 00000 n 
-0000040619 00000 n 
-0000040668 00000 n 
-0000040717 00000 n 
-0000040766 00000 n 
-0000040815 00000 n 
-0000040864 00000 n 
-0000040913 00000 n 
-0000040962 00000 n 
-0000041711 00000 n 
-0000041835 00000 n 
-0000042000 00000 n 
-0000042020 00000 n 
-0000042177 00000 n 
-0000045290 00000 n 
-0000045312 00000 n 
-0000045450 00000 n 
-0000048860 00000 n 
-0000048882 00000 n 
-0000049006 00000 n 
-0000049206 00000 n 
-0000049227 00000 n 
-0000049393 00000 n 
-0000049863 00000 n 
-0000049884 00000 n 
-0000050044 00000 n 
-0000050736 00000 n 
-0000050757 00000 n 
-0000050890 00000 n 
-0000051268 00000 n 
-0000051289 00000 n 
-0000051440 00000 n 
-0000052300 00000 n 
-0000052321 00000 n 
-0000052463 00000 n 
-0000052868 00000 n 
-0000052889 00000 n 
-0000053049 00000 n 
-0000054585 00000 n 
-0000054607 00000 n 
-0000054758 00000 n 
-0000055396 00000 n 
-0000055417 00000 n 
-0000055586 00000 n 
-0000056190 00000 n 
-0000056211 00000 n 
-0000056389 00000 n 
-0000056877 00000 n 
-0000056898 00000 n 
-0000057049 00000 n 
-0000057452 00000 n 
-0000057473 00000 n 
-0000057615 00000 n 
-0000059134 00000 n 
-0000059156 00000 n 
-0000059289 00000 n 
-0000061049 00000 n 
-0000061071 00000 n 
-0000061204 00000 n 
-0000061720 00000 n 
-0000061741 00000 n 
-0000061865 00000 n 
-0000062090 00000 n 
-0000062111 00000 n 
-0000062244 00000 n 
-0000062735 00000 n 
-0000062756 00000 n 
-0000062898 00000 n 
-0000064373 00000 n 
-0000064395 00000 n 
-0000064556 00000 n 
-0000066077 00000 n 
-0000066099 00000 n 
-0000066242 00000 n 
-0000066895 00000 n 
-0000066916 00000 n 
-0000067094 00000 n 
-0000068677 00000 n 
-0000068699 00000 n 
-0000068849 00000 n 
-0000069758 00000 n 
-0000069779 00000 n 
-0000069958 00000 n 
-0000071313 00000 n 
-0000071335 00000 n 
-0000071501 00000 n 
-0000072157 00000 n 
-0000072178 00000 n 
-0000072302 00000 n 
-0000072534 00000 n 
-0000072555 00000 n 
-0000072730 00000 n 
-0000074389 00000 n 
-0000074411 00000 n 
-0000074554 00000 n 
-0000075113 00000 n 
-0000075134 00000 n 
-0000075258 00000 n 
-0000075459 00000 n 
-0000075480 00000 n 
-0000075638 00000 n 
-0000076519 00000 n 
-0000076540 00000 n 
-0000076724 00000 n 
-0000078875 00000 n 
-0000078897 00000 n 
-0000079081 00000 n 
-0000080776 00000 n 
-0000080798 00000 n 
-0000080964 00000 n 
-0000081980 00000 n 
-0000082001 00000 n 
-0000082177 00000 n 
-0000083458 00000 n 
-0000083480 00000 n 
-0000083621 00000 n 
-0000084931 00000 n 
-0000084953 00000 n 
-0000085138 00000 n 
-0000086388 00000 n 
-0000086410 00000 n 
-0000086534 00000 n 
-0000086735 00000 n 
-0000086756 00000 n 
-0000086949 00000 n 
-0000088566 00000 n 
-0000088588 00000 n 
-0000088753 00000 n 
-0000089831 00000 n 
-0000089853 00000 n 
-0000089986 00000 n 
-0000090727 00000 n 
-0000090748 00000 n 
-0000090923 00000 n 
-0000092628 00000 n 
-0000092650 00000 n 
-0000092774 00000 n 
-0000093007 00000 n 
-0000093028 00000 n 
-0000093195 00000 n 
-0000094499 00000 n 
-0000094521 00000 n 
-0000094644 00000 n 
-0000095116 00000 n 
-0000095137 00000 n 
-0000095313 00000 n 
-0000096953 00000 n 
-0000096975 00000 n 
-0000097132 00000 n 
-0000097840 00000 n 
-0000097861 00000 n 
-0000098046 00000 n 
-0000099627 00000 n 
-0000099649 00000 n 
-0000099790 00000 n 
-0000100305 00000 n 
-0000100326 00000 n 
-0000100486 00000 n 
-0000102256 00000 n 
-0000102278 00000 n 
-0000102401 00000 n 
-0000102715 00000 n 
-0000102736 00000 n 
-0000102921 00000 n 
-0000104681 00000 n 
-0000104703 00000 n 
-0000104841 00000 n 
-0000105331 00000 n 
-0000105352 00000 n 
-0000105528 00000 n 
-0000107374 00000 n 
-0000107396 00000 n 
-0000107572 00000 n 
-0000108832 00000 n 
-0000108854 00000 n 
-0000109030 00000 n 
-0000110655 00000 n 
-0000110677 00000 n 
-0000110843 00000 n 
-0000111913 00000 n 
-0000111934 00000 n 
-0000112085 00000 n 
-0000113667 00000 n 
-0000113689 00000 n 
-0000113812 00000 n 
-0000114884 00000 n 
-0000114906 00000 n 
-0000115030 00000 n 
-0000115261 00000 n 
-0000115282 00000 n 
-0000115424 00000 n 
-0000116016 00000 n 
-0000116037 00000 n 
-0000116180 00000 n 
-0000117121 00000 n 
-0000117142 00000 n 
-0000117275 00000 n 
-0000118686 00000 n 
-0000118708 00000 n 
-0000118859 00000 n 
-0000120611 00000 n 
-0000120633 00000 n 
-0000120775 00000 n 
-0000122576 00000 n 
-0000122598 00000 n 
-0000122731 00000 n 
-0000123345 00000 n 
-0000123366 00000 n 
-0000123517 00000 n 
-0000124196 00000 n 
-0000124217 00000 n 
-0000124360 00000 n 
-0000125261 00000 n 
-0000125282 00000 n 
-0000125415 00000 n 
-0000125846 00000 n 
-0000125867 00000 n 
-0000125991 00000 n 
-0000126224 00000 n 
-0000126245 00000 n 
-0000126411 00000 n 
-0000127074 00000 n 
-0000127095 00000 n 
-0000127246 00000 n 
-0000128003 00000 n 
-0000128024 00000 n 
-0000128193 00000 n 
-0000129260 00000 n 
-0000129281 00000 n 
-0000129441 00000 n 
-0000131122 00000 n 
-0000131144 00000 n 
-0000131267 00000 n 
-0000131556 00000 n 
-0000131577 00000 n 
-0000131737 00000 n 
-0000133075 00000 n 
-0000133097 00000 n 
-0000133272 00000 n 
-0000134755 00000 n 
-0000134777 00000 n 
-0000134933 00000 n 
-0000135632 00000 n 
-0000135653 00000 n 
-0000135795 00000 n 
-0000136576 00000 n 
-0000136597 00000 n 
-0000136721 00000 n 
-0000136908 00000 n 
-0000136929 00000 n 
-0000137096 00000 n 
-0000138698 00000 n 
-0000138720 00000 n 
-0000138877 00000 n 
-0000140073 00000 n 
-0000140095 00000 n 
-0000140252 00000 n 
-0000143508 00000 n 
-0000143530 00000 n 
-0000143687 00000 n 
-0000146736 00000 n 
-0000146758 00000 n 
-0000146915 00000 n 
-0000150405 00000 n 
-0000150427 00000 n 
-0000150483 00000 n 
-0000150588 00000 n 
-0000150752 00000 n 
-0000150837 00000 n 
-0000150978 00000 n 
-0000151105 00000 n 
-0000151235 00000 n 
-0000151366 00000 n 
-0000151509 00000 n 
-0000151654 00000 n 
-0000151825 00000 n 
-0000151946 00000 n 
-0000152079 00000 n 
-0000152236 00000 n 
-0000152380 00000 n 
-0000152563 00000 n 
-0000152726 00000 n 
-0000152833 00000 n 
-0000152943 00000 n 
-0000153071 00000 n 
-0000153205 00000 n 
-0000153313 00000 n 
-0000153431 00000 n 
-0000153539 00000 n 
-0000153697 00000 n 
-0000153810 00000 n 
-0000153928 00000 n 
-0000154095 00000 n 
-0000154211 00000 n 
-0000154336 00000 n 
-0000154455 00000 n 
-0000154577 00000 n 
-0000154727 00000 n 
-0000154896 00000 n 
-0000155045 00000 n 
-0000155125 00000 n 
-0000155268 00000 n 
-0000155381 00000 n 
-0000155531 00000 n 
-0000155640 00000 n 
-0000155797 00000 n 
-0000155902 00000 n 
-0000156035 00000 n 
-0000156155 00000 n 
-0000156266 00000 n 
-0000156406 00000 n 
-0000156548 00000 n 
-0000156684 00000 n 
-0000156815 00000 n 
-0000156958 00000 n 
-0000157129 00000 n 
-0000157240 00000 n 
-0000157380 00000 n 
-0000157547 00000 n 
-0000157674 00000 n 
-0000157803 00000 n 
-0000157967 00000 n 
-0000158071 00000 n 
-0000158172 00000 n 
-0000158327 00000 n 
-0000158494 00000 n 
-0000158603 00000 n 
-0000158716 00000 n 
-0000158874 00000 n 
-0000158960 00000 n 
-0000159114 00000 n 
-0000159234 00000 n 
-0000159354 00000 n 
-0000159487 00000 n 
-0000159616 00000 n 
-0000159718 00000 n 
-0000159849 00000 n 
-0000159961 00000 n 
-0000160072 00000 n 
-0000160240 00000 n 
-0000160409 00000 n 
-0000160552 00000 n 
-0000160675 00000 n 
-0000160849 00000 n 
-0000160953 00000 n 
-0000161062 00000 n 
-0000161202 00000 n 
-0000161362 00000 n 
-0000161522 00000 n 
-0000161650 00000 n 
-0000161778 00000 n 
-0000161942 00000 n 
-0000162124 00000 n 
-0000162299 00000 n 
-0000162450 00000 n 
+0000017247 00000 n 
+0000017329 00000 n 
+0000017415 00000 n 
+0000017490 00000 n 
+0000017577 00000 n 
+0000017650 00000 n 
+0000017737 00000 n 
+0000017787 00000 n 
+0000017865 00000 n 
+0000017952 00000 n 
+0000017978 00000 n 
+0000018041 00000 n 
+0000018128 00000 n 
+0000018191 00000 n 
+0000018278 00000 n 
+0000018332 00000 n 
+0000018419 00000 n 
+0000018461 00000 n 
+0000018566 00000 n 
+0000018672 00000 n 
+0000018778 00000 n 
+0000018884 00000 n 
+0000018990 00000 n 
+0000019096 00000 n 
+0000019202 00000 n 
+0000019308 00000 n 
+0000019414 00000 n 
+0000019520 00000 n 
+0000019626 00000 n 
+0000019732 00000 n 
+0000019838 00000 n 
+0000019944 00000 n 
+0000020050 00000 n 
+0000020156 00000 n 
+0000020262 00000 n 
+0000020368 00000 n 
+0000020474 00000 n 
+0000020580 00000 n 
+0000020685 00000 n 
+0000020791 00000 n 
+0000020897 00000 n 
+0000021003 00000 n 
+0000021109 00000 n 
+0000021215 00000 n 
+0000021321 00000 n 
+0000021427 00000 n 
+0000021533 00000 n 
+0000021639 00000 n 
+0000021745 00000 n 
+0000021851 00000 n 
+0000021957 00000 n 
+0000022063 00000 n 
+0000022169 00000 n 
+0000022275 00000 n 
+0000022381 00000 n 
+0000022487 00000 n 
+0000022593 00000 n 
+0000022698 00000 n 
+0000022804 00000 n 
+0000022910 00000 n 
+0000023016 00000 n 
+0000023119 00000 n 
+0000023223 00000 n 
+0000023601 00000 n 
+0000023707 00000 n 
+0000023812 00000 n 
+0000023918 00000 n 
+0000024024 00000 n 
+0000024130 00000 n 
+0000024236 00000 n 
+0000024342 00000 n 
+0000024448 00000 n 
+0000024554 00000 n 
+0000024660 00000 n 
+0000024766 00000 n 
+0000024871 00000 n 
+0000024977 00000 n 
+0000025083 00000 n 
+0000025189 00000 n 
+0000025295 00000 n 
+0000025401 00000 n 
+0000025507 00000 n 
+0000025613 00000 n 
+0000025719 00000 n 
+0000025825 00000 n 
+0000025931 00000 n 
+0000026037 00000 n 
+0000026143 00000 n 
+0000026249 00000 n 
+0000026354 00000 n 
+0000026460 00000 n 
+0000026566 00000 n 
+0000026672 00000 n 
+0000026777 00000 n 
+0000026883 00000 n 
+0000026989 00000 n 
+0000027095 00000 n 
+0000027201 00000 n 
+0000027307 00000 n 
+0000027413 00000 n 
+0000027519 00000 n 
+0000027625 00000 n 
+0000027731 00000 n 
+0000027837 00000 n 
+0000027943 00000 n 
+0000028048 00000 n 
+0000028152 00000 n 
+0000028514 00000 n 
+0000028619 00000 n 
+0000028725 00000 n 
+0000028831 00000 n 
+0000028937 00000 n 
+0000029043 00000 n 
+0000029149 00000 n 
+0000029255 00000 n 
+0000029361 00000 n 
+0000029467 00000 n 
+0000029573 00000 n 
+0000029679 00000 n 
+0000029785 00000 n 
+0000029891 00000 n 
+0000029997 00000 n 
+0000030102 00000 n 
+0000030208 00000 n 
+0000030314 00000 n 
+0000030420 00000 n 
+0000030526 00000 n 
+0000030632 00000 n 
+0000030737 00000 n 
+0000030843 00000 n 
+0000030949 00000 n 
+0000031055 00000 n 
+0000031161 00000 n 
+0000031379 00000 n 
+0000031413 00000 n 
+0000031447 00000 n 
+0000033490 00000 n 
+0000033539 00000 n 
+0000033588 00000 n 
+0000033637 00000 n 
+0000033686 00000 n 
+0000033735 00000 n 
+0000033784 00000 n 
+0000033833 00000 n 
+0000033882 00000 n 
+0000033931 00000 n 
+0000033980 00000 n 
+0000034029 00000 n 
+0000034078 00000 n 
+0000034127 00000 n 
+0000034176 00000 n 
+0000034225 00000 n 
+0000034274 00000 n 
+0000034323 00000 n 
+0000034372 00000 n 
+0000034421 00000 n 
+0000034470 00000 n 
+0000034519 00000 n 
+0000034568 00000 n 
+0000034617 00000 n 
+0000034666 00000 n 
+0000034715 00000 n 
+0000034764 00000 n 
+0000034813 00000 n 
+0000034862 00000 n 
+0000034911 00000 n 
+0000034960 00000 n 
+0000035009 00000 n 
+0000035058 00000 n 
+0000035107 00000 n 
+0000035156 00000 n 
+0000035205 00000 n 
+0000035254 00000 n 
+0000035303 00000 n 
+0000035352 00000 n 
+0000035401 00000 n 
+0000035450 00000 n 
+0000035499 00000 n 
+0000035548 00000 n 
+0000035597 00000 n 
+0000035646 00000 n 
+0000035695 00000 n 
+0000035744 00000 n 
+0000035793 00000 n 
+0000035842 00000 n 
+0000035891 00000 n 
+0000035940 00000 n 
+0000035989 00000 n 
+0000036038 00000 n 
+0000036087 00000 n 
+0000036136 00000 n 
+0000036185 00000 n 
+0000036234 00000 n 
+0000036283 00000 n 
+0000036332 00000 n 
+0000036381 00000 n 
+0000036430 00000 n 
+0000036479 00000 n 
+0000036528 00000 n 
+0000036577 00000 n 
+0000036626 00000 n 
+0000036675 00000 n 
+0000036724 00000 n 
+0000036773 00000 n 
+0000036822 00000 n 
+0000036871 00000 n 
+0000036920 00000 n 
+0000036969 00000 n 
+0000037018 00000 n 
+0000037067 00000 n 
+0000037116 00000 n 
+0000037165 00000 n 
+0000037214 00000 n 
+0000037263 00000 n 
+0000037312 00000 n 
+0000037361 00000 n 
+0000037410 00000 n 
+0000037459 00000 n 
+0000037508 00000 n 
+0000037557 00000 n 
+0000037606 00000 n 
+0000037655 00000 n 
+0000037704 00000 n 
+0000037753 00000 n 
+0000037802 00000 n 
+0000037851 00000 n 
+0000037900 00000 n 
+0000037949 00000 n 
+0000037998 00000 n 
+0000038047 00000 n 
+0000038096 00000 n 
+0000038145 00000 n 
+0000038194 00000 n 
+0000038243 00000 n 
+0000038292 00000 n 
+0000038341 00000 n 
+0000038390 00000 n 
+0000038439 00000 n 
+0000038488 00000 n 
+0000038537 00000 n 
+0000038586 00000 n 
+0000038635 00000 n 
+0000038684 00000 n 
+0000038733 00000 n 
+0000038782 00000 n 
+0000038831 00000 n 
+0000038880 00000 n 
+0000038929 00000 n 
+0000038978 00000 n 
+0000039027 00000 n 
+0000039076 00000 n 
+0000039125 00000 n 
+0000039174 00000 n 
+0000039223 00000 n 
+0000039272 00000 n 
+0000039321 00000 n 
+0000039370 00000 n 
+0000039419 00000 n 
+0000039468 00000 n 
+0000039517 00000 n 
+0000039566 00000 n 
+0000039615 00000 n 
+0000039664 00000 n 
+0000039713 00000 n 
+0000040342 00000 n 
+0000040489 00000 n 
+0000041021 00000 n 
+0000041042 00000 n 
+0000041216 00000 n 
+0000042378 00000 n 
+0000042400 00000 n 
+0000042551 00000 n 
+0000044072 00000 n 
+0000044094 00000 n 
+0000044254 00000 n 
+0000045690 00000 n 
+0000045712 00000 n 
+0000045890 00000 n 
+0000047150 00000 n 
+0000047172 00000 n 
+0000047314 00000 n 
+0000048898 00000 n 
+0000048920 00000 n 
+0000049053 00000 n 
+0000050790 00000 n 
+0000050812 00000 n 
+0000050945 00000 n 
+0000051468 00000 n 
+0000051489 00000 n 
+0000051650 00000 n 
+0000052934 00000 n 
+0000052956 00000 n 
+0000053117 00000 n 
+0000054872 00000 n 
+0000054894 00000 n 
+0000055054 00000 n 
+0000056699 00000 n 
+0000056721 00000 n 
+0000056863 00000 n 
+0000058933 00000 n 
+0000058955 00000 n 
+0000059097 00000 n 
+0000060909 00000 n 
+0000060931 00000 n 
+0000061073 00000 n 
+0000062798 00000 n 
+0000062820 00000 n 
+0000062971 00000 n 
+0000064735 00000 n 
+0000064757 00000 n 
+0000064932 00000 n 
+0000067039 00000 n 
+0000067061 00000 n 
+0000067221 00000 n 
+0000068817 00000 n 
+0000068839 00000 n 
+0000069014 00000 n 
+0000070506 00000 n 
+0000070528 00000 n 
+0000070680 00000 n 
+0000071487 00000 n 
+0000071508 00000 n 
+0000071659 00000 n 
+0000073297 00000 n 
+0000073319 00000 n 
+0000073484 00000 n 
+0000075246 00000 n 
+0000075268 00000 n 
+0000075433 00000 n 
+0000076270 00000 n 
+0000076291 00000 n 
+0000076465 00000 n 
+0000078070 00000 n 
+0000078092 00000 n 
+0000078235 00000 n 
+0000078993 00000 n 
+0000079014 00000 n 
+0000079197 00000 n 
+0000081065 00000 n 
+0000081087 00000 n 
+0000081256 00000 n 
+0000083110 00000 n 
+0000083132 00000 n 
+0000083292 00000 n 
+0000084976 00000 n 
+0000084998 00000 n 
+0000085171 00000 n 
+0000086900 00000 n 
+0000086922 00000 n 
+0000087073 00000 n 
+0000087997 00000 n 
+0000088018 00000 n 
+0000088202 00000 n 
+0000090027 00000 n 
+0000090049 00000 n 
+0000090223 00000 n 
+0000092396 00000 n 
+0000092418 00000 n 
+0000092611 00000 n 
+0000094485 00000 n 
+0000094507 00000 n 
+0000094691 00000 n 
+0000096601 00000 n 
+0000096623 00000 n 
+0000096799 00000 n 
+0000098600 00000 n 
+0000098622 00000 n 
+0000098792 00000 n 
+0000100390 00000 n 
+0000100412 00000 n 
+0000100615 00000 n 
+0000102556 00000 n 
+0000102578 00000 n 
+0000102692 00000 n 
+0000102925 00000 n 
+0000102946 00000 n 
+0000103130 00000 n 
+0000104758 00000 n 
+0000104780 00000 n 
+0000104955 00000 n 
+0000106560 00000 n 
+0000106582 00000 n 
+0000106757 00000 n 
+0000108499 00000 n 
+0000108521 00000 n 
+0000108706 00000 n 
+0000110509 00000 n 
+0000110531 00000 n 
+0000110697 00000 n 
+0000112401 00000 n 
+0000112423 00000 n 
+0000112599 00000 n 
+0000114605 00000 n 
+0000114627 00000 n 
+0000114821 00000 n 
+0000116651 00000 n 
+0000116673 00000 n 
+0000116842 00000 n 
+0000118780 00000 n 
+0000118802 00000 n 
+0000118996 00000 n 
+0000121030 00000 n 
+0000121052 00000 n 
+0000121228 00000 n 
+0000123032 00000 n 
+0000123054 00000 n 
+0000123220 00000 n 
+0000125087 00000 n 
+0000125109 00000 n 
+0000125275 00000 n 
+0000127657 00000 n 
+0000127679 00000 n 
+0000127821 00000 n 
+0000129747 00000 n 
+0000129769 00000 n 
+0000129911 00000 n 
+0000131606 00000 n 
+0000131628 00000 n 
+0000131788 00000 n 
+0000133820 00000 n 
+0000133842 00000 n 
+0000133993 00000 n 
+0000135564 00000 n 
+0000135586 00000 n 
+0000135728 00000 n 
+0000137701 00000 n 
+0000137723 00000 n 
+0000137874 00000 n 
+0000139806 00000 n 
+0000139828 00000 n 
+0000139970 00000 n 
+0000141836 00000 n 
+0000141858 00000 n 
+0000142018 00000 n 
+0000143853 00000 n 
+0000143875 00000 n 
+0000143998 00000 n 
+0000145088 00000 n 
+0000145110 00000 n 
+0000145262 00000 n 
+0000147002 00000 n 
+0000147024 00000 n 
+0000147166 00000 n 
+0000148920 00000 n 
+0000148942 00000 n 
+0000149093 00000 n 
+0000151026 00000 n 
+0000151048 00000 n 
+0000151199 00000 n 
+0000153018 00000 n 
+0000153040 00000 n 
+0000153183 00000 n 
+0000154264 00000 n 
+0000154286 00000 n 
+0000154453 00000 n 
+0000156120 00000 n 
+0000156142 00000 n 
+0000156299 00000 n 
+0000157487 00000 n 
+0000157509 00000 n 
+0000157666 00000 n 
+0000159217 00000 n 
+0000159239 00000 n 
+0000159389 00000 n 
+0000160102 00000 n 
+0000160123 00000 n 
+0000160280 00000 n 
+0000165703 00000 n 
+0000165725 00000 n 
+0000165882 00000 n 
+0000171052 00000 n 
+0000171074 00000 n 
+0000171231 00000 n 
+0000174240 00000 n 
+0000174262 00000 n 
+0000174318 00000 n 
+0000174423 00000 n 
+0000174601 00000 n 
+0000174720 00000 n 
+0000174855 00000 n 
+0000174991 00000 n 
+0000175139 00000 n 
+0000175289 00000 n 
+0000175429 00000 n 
+0000175570 00000 n 
+0000175723 00000 n 
+0000175885 00000 n 
+0000176034 00000 n 
+0000176222 00000 n 
+0000176355 00000 n 
+0000176483 00000 n 
+0000176601 00000 n 
+0000176737 00000 n 
+0000176879 00000 n 
+0000176995 00000 n 
+0000177121 00000 n 
+0000177237 00000 n 
+0000177428 00000 n 
+0000177527 00000 n 
+0000177675 00000 n 
+0000177793 00000 n 
+0000177917 00000 n 
+0000178039 00000 n 
+0000178165 00000 n 
+0000178323 00000 n 
+0000178453 00000 n 
+0000178577 00000 n 
+0000178695 00000 n 
+0000178813 00000 n 
+0000178932 00000 n 
+0000179122 00000 n 
+0000179308 00000 n 
+0000179461 00000 n 
+0000179624 00000 n 
+0000179775 00000 n 
+0000179879 00000 n 
+0000180096 00000 n 
+0000180202 00000 n 
+0000180334 00000 n 
+0000180456 00000 n 
+0000180661 00000 n 
+0000180766 00000 n 
+0000180866 00000 n 
+0000181070 00000 n 
+0000181231 00000 n 
+0000181379 00000 n 
+0000181507 00000 n 
+0000181650 00000 n 
+0000181774 00000 n 
+0000181903 00000 n 
+0000182048 00000 n 
+0000182213 00000 n 
+0000182365 00000 n 
+0000182545 00000 n 
+0000182650 00000 n 
+0000182769 00000 n 
+0000182894 00000 n 
+0000183039 00000 n 
+0000183181 00000 n 
+0000183331 00000 n 
+0000183462 00000 n 
+0000183588 00000 n 
+0000183713 00000 n 
+0000183853 00000 n 
+0000183980 00000 n 
+0000184111 00000 n 
+0000184242 00000 n 
+0000184420 00000 n 
+0000184548 00000 n 
+0000184684 00000 n 
+0000184819 00000 n 
+0000185025 00000 n 
+0000185138 00000 n 
+0000185254 00000 n 
+0000185399 00000 n 
+0000185571 00000 n 
+0000185719 00000 n 
+0000185871 00000 n 
+0000186003 00000 n 
+0000186137 00000 n 
+0000186270 00000 n 
+0000186408 00000 n 
+0000186558 00000 n 
+0000186726 00000 n 
+0000186873 00000 n 
+0000187078 00000 n 
+0000187179 00000 n 
+0000187297 00000 n 
+0000187424 00000 n 
+0000187543 00000 n 
+0000187666 00000 n 
+0000187806 00000 n 
+0000187933 00000 n 
+0000188073 00000 n 
+0000188209 00000 n 
+0000188331 00000 n 
+0000188467 00000 n 
+0000188584 00000 n 
+0000188687 00000 n 
+0000188852 00000 n 
+0000188950 00000 n 
+0000189135 00000 n 
+0000189325 00000 n 
+0000189508 00000 n 
+0000189667 00000 n 
+0000189841 00000 n 
+0000189947 00000 n 
+0000190077 00000 n 
+0000190203 00000 n 
+0000190313 00000 n 
 trailer
-<</Size 823/Root 822 0 R/Info 1 0 R/ID[<e5ac86ee058631f96c14cf1f85636840><e5ac86ee058631f96c14cf1f85636840>]>>
+<</Size 824/Root 823 0 R/Info 1 0 R/ID[<c95d38276e1add79c959618b3b974053><c95d38276e1add79c959618b3b974053>]>>
 startxref
-162664
+190527
 %%EOF
diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in
index bfde74ecde9..77b1e30a746 100644
--- a/docs/docbook/Makefile.in
+++ b/docs/docbook/Makefile.in
@@ -5,7 +5,7 @@
 #
 # Please see http://www.samba.org/samba/cvs.html
 # for information on getting the latest  
-# source and doucmentation source files.  
+# source and documentation source files.  
 #
 
 # Autoconf Variables
@@ -36,7 +36,8 @@ MANPAGES=$(MANDIR)/findsmb.1 $(MANDIR)/smbclient.1 \
 	$(MANDIR)/smbpasswd.5 $(MANDIR)/testparm.1 $(MANDIR)/samba.7 \
 	$(MANDIR)/smbpasswd.8 $(MANDIR)/testprns.1 \
 	$(MANDIR)/smb.conf.5 $(MANDIR)/wbinfo.1 \
-	$(MANDIR)/smbcacls.1 $(MANDIR)/smbsh.1 $(MANDIR)/winbindd.8 
+	$(MANDIR)/smbcacls.1 $(MANDIR)/smbsh.1 $(MANDIR)/winbindd.8 \
+	$(MANDIR)/make_unicodemap.1
 
 SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \
 	manpages/smbspool.8.sgml manpages/lmhosts.5.sgml \
@@ -50,12 +51,15 @@ SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \
 	manpages/smbpasswd.8.sgml manpages/testprns.1.sgml \
 	manpages/smb.conf.5.sgml \
 	manpages/wbinfo.1.sgml manpages/smbcacls.1.sgml \
-	manpages/smbsh.1.sgml manpages/winbindd.8.sgml
+	manpages/smbsh.1.sgml manpages/winbindd.8.sgml \
+	manpages/make_unicodemap.1.sgml
 
 HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \
 	projdoc/msdfs_setup.sgml projdoc/printer_driver2.sgml \
 	projdoc/UNIX_INSTALL.sgml projdoc/winbind.sgml projdoc/OS2-Client-HOWTO.sgml \
-	projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml
+	projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \
+	projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \
+	projdoc/PAM-Authentication-And-Samba.sgml
 
 FAQSRC=faq/samba-pdc-faq.sgml
 
@@ -71,7 +75,7 @@ man: $(MANPAGES)
 FAQ: $(FAQSRC)
 	@echo Building SAMBA PDC FAQ...
 	@(for i in $?; do \
-	   htmlfile=`basename $$i | sed "s/\.sgml/\.html/g"`; \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
 	   echo "Making $$htmlfile"; \
 	   $(JADE) -t sgml -V nochunks -d  $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \
 	      -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \
@@ -82,13 +86,13 @@ FAQ: $(FAQSRC)
 HOWTO: $(HOWTOSRC)
 	@echo Building HOWTO pages...
 	@(for i in $?; do \
-	   htmlfile=`basename $$i | sed "s/\.sgml/\.html/g"`; \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
 	   echo "Making $$htmlfile"; \
-	   cat $$i | $(PERL) scripts/make-article.pl > /tmp/`basename $$i`; \
+	   cat $$i | $(PERL) scripts/make-article.pl > /tmp/`echo $$i | sed 's,.*/,,'`; \
 	   $(JADE) -t sgml -V nochunks -d  $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \
-	      -f /tmp/jade.log /tmp/`basename $$i` > ../htmldocs/$$htmlfile; \
+	      -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'` > ../htmldocs/$$htmlfile; \
 	   cat /tmp/jade.log | grep -v DTDDECL; \
-	   /bin/rm -f /tmp/jade.log /tmp/`basename $$i`; \
+	   /bin/rm -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'`; \
 	done)
 
 
@@ -99,8 +103,13 @@ HOWTO: $(HOWTOSRC)
 ##
 proj-doc: 
 	echo Building Samba-HOWTO-Collections...
-	@(cd projdoc; $(JADE) -t sgml -V nochunks -d  $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl samba-doc.sgml > ../samba-doc.html)
-	@$(HTMLDOC) -f ../Samba-HOWTO-Collection.pdf samba-doc.html
+	@$(PERL) scripts/collateindex.pl -N -o projdoc/index.sgml
+	@$(JADE) -t sgml -V html-index -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl projdoc/samba-doc.sgml
+	@$(PERL) scripts/collateindex.pl -o projdoc/index.sgml HTML.index
+	@/bin/rm HTML.index *.htm
+	@$(JADE) -t sgml -i html -V nochunks -d stylesheets/ldp.dsl\#html projdoc/samba-doc.sgml > samba-doc.html
+	@(cd scripts; ./ldp_print ../samba-doc.html)
+	@mv -f samba-doc.pdf ../Samba-HOWTO-Collection.pdf
 	@/bin/mv -f samba-doc.html ../htmldocs/Samba-HOWTO-Collection.html
 
 
@@ -111,10 +120,9 @@ proj-doc:
 man-html-all: $(SGMLMANSRC)
 	@echo Building HTML formatted man pages...
 	@(for i in $?; do \
-	   htmlfile=`basename $$i | sed "s/\.sgml/\.html/g"`; \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
 	   echo "Making $$htmlfile"; \
-	   $(JADE) -t sgml -V nochunks -d  $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \
-	      -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \
+	   $(JADE) -t sgml -i html -V nochunks -d  ./stylesheets/ldp.dsl\#html -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \
 	   cat /tmp/jade.log | grep -v DTDDECL; \
 	   /bin/rm -f /tmp/jade.log; \
 	done)
@@ -123,7 +131,7 @@ man-html-all: $(SGMLMANSRC)
 man-all: $(SGMLMANSRC)
 	@echo Building man pages...
 	@(for i in $?; do \
-		manfile=`basename $$i | sed "s/\.sgml//g"`; \
+		manfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml//g"`; \
 		echo "Making $$manfile"; \
 		$(ONSGMLS) -f /tmp/docbook2x.log $$i | $(SGMLSPL) \
 	           $(SGML_SHARE)/docbook2X/docbook2man-spec.pl; \
@@ -142,210 +150,218 @@ man-all: $(SGMLMANSRC)
 $(MANDIR)/findsmb.1:  manpages/findsmb.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbclient.1: manpages/smbclient.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbspool.8: manpages/smbspool.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/lmhosts.5: manpages/lmhosts.5.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbcontrol.1: manpages/smbcontrol.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbstatus.1: manpages/smbstatus.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/make_smbcodepage.1: manpages/make_smbcodepage.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/make_unicodemap.1: manpages/make_unicodemap.1.sgml
+	@echo "Making $@"
+	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbd.8: manpages/smbd.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbtar.1: manpages/smbtar.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/nmbd.8: manpages/nmbd.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbmnt.8: manpages/smbmnt.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbumount.8: manpages/smbumount.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/nmblookup.1: manpages/nmblookup.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbmount.8: manpages/smbmount.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/swat.8: manpages/swat.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/rpcclient.1: manpages/rpcclient.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbpasswd.5: manpages/smbpasswd.5.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/testparm.1: manpages/testparm.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/samba.7: manpages/samba.7.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbpasswd.8: manpages/smbpasswd.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/testprns.1: manpages/testprns.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smb.conf.5: manpages/smb.conf.5.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/wbinfo.1: manpages/wbinfo.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbcacls.1: manpages/smbcacls.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/smbsh.1 : manpages/smbsh.1.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 $(MANDIR)/winbindd.8: manpages/winbindd.8.sgml
 	@echo "Making $@"
 	@$(ONSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
-	@cat `basename $@` | $(PERL) scripts/strip-links.pl > $@
-	@/bin/rm -f `basename $@`
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
 	@echo "Making HTML version of $@"
-	@$(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl $< > $(HTMLDIR)/`basename $< | sed "s/\.sgml/\.html/g"`
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
 
 
 ## Clean Rule
diff --git a/docs/docbook/configure b/docs/docbook/configure
index b2403428a23..23232148ce2 100755
--- a/docs/docbook/configure
+++ b/docs/docbook/configure
@@ -777,9 +777,9 @@ fi
 
 SGML_SHARE="/usr/local/share/sgml"
 
-# Check whether --with-SGML_SHARE or --without-SGML_SHARE was given.
-if test "${with_SGML_SHARE+set}" = set; then
-  withval="$with_SGML_SHARE"
+# Check whether --with-sgml-share or --without-sgml-share was given.
+if test "${with_sgml_share+set}" = set; then
+  withval="$with_sgml_share"
   case "$withval" in
         no) SGML_SHARE=""
                 ;;
@@ -795,7 +795,10 @@ esac
 
 fi
 
-
+# The Makefile requires docbook2X in the share/sgml directory
+if  ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ; then
+	{ echo "configure: error: "Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct."" 1>&2; exit 1; }
+fi
 
 
 DOC_BUILD_DATE=`date '+%d-%m-%Y'`
@@ -913,7 +916,7 @@ done
 
 ac_given_srcdir=$srcdir
 
-trap 'rm -fr `echo "Makefile " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+trap 'rm -fr `echo "Makefile stylesheets/ldp.dsl " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
 EOF
 cat >> $CONFIG_STATUS <<EOF
 
@@ -994,7 +997,7 @@ EOF
 
 cat >> $CONFIG_STATUS <<EOF
 
-CONFIG_FILES=\${CONFIG_FILES-"Makefile "}
+CONFIG_FILES=\${CONFIG_FILES-"Makefile stylesheets/ldp.dsl "}
 EOF
 cat >> $CONFIG_STATUS <<\EOF
 for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in
index 92e98d3e82b..5aec3058da5 100644
--- a/docs/docbook/configure.in
+++ b/docs/docbook/configure.in
@@ -43,4 +43,4 @@ AC_SUBST(SGML_SHARE)dnl
 DOC_BUILD_DATE=`date '+%d-%m-%Y'`
 AC_SUBST(DOC_BUILD_DATE)
 
-AC_OUTPUT( Makefile )
+AC_OUTPUT( Makefile stylesheets/ldp.dsl )
diff --git a/docs/docbook/faq/samba-pdc-faq.sgml b/docs/docbook/faq/samba-pdc-faq.sgml
index d3021b7a337..d27bdb63f42 100644
--- a/docs/docbook/faq/samba-pdc-faq.sgml
+++ b/docs/docbook/faq/samba-pdc-faq.sgml
@@ -17,9 +17,9 @@
 
 	<para>
 	This is the FAQ for Samba 2.2 as an NTDomain controller. 
-	This document is derived from the origional FAQ that was built and 
+	This document is derived from the original FAQ that was built and 
 	maintained by Gerald Carter from the early days of Samba NTDomain development 
-	up until recently.  It is now being updated as significent changes are 
+	up until recently.  It is now being updated as significant changes are 
 	made to 2.2.0.
 	</para> 
 
@@ -48,13 +48,13 @@
 <title id=stateofplay>State of Play</title>
 
 	<para>Much of the related code does work. For example, if an NT is removed from the 
-	domain and then rejoins, the <filename>Create a Computer Account in the Domain</> dialog
+	domain and then rejoins, the <filename>Create a Computer Account in the Domain</filename> dialog
 	will let you reset the smbpasswd. That is you don't need to do it from
 	the unix box. However, at the present, you do need to have root as an 
-	administrator and use the root user name and password.</para> 
+	administrator and use the root username and password.</para> 
 
     <para><command>Policies</command> do work on a W2K machine. MS says that recent 
-	builds of W2K dont observe an NT policy but it appears it does in 'legacy' 
+	builds of W2K don't observe an NT policy but it appears it does in 'legacy' 
 	mode.</para>
   
 </sect1>
@@ -63,7 +63,7 @@
 <title>Introduction</title>
 
 	<para>
-	This FAQ was origionally compiled by Jerry Carter (gc) chiefly dealing 
+	This FAQ was originally compiled by Jerry Carter (gc) chiefly dealing 
 	with the 'old HEAD' version of Samba and its NTDomain facilities. It is 
 	being rewritten by David Bannon (drb) so that it addresses more 
 	accurately the Samba 2.2.x release. 
@@ -78,7 +78,7 @@
 	</para> 
 
 	<para>Hopefully, as we all become familiar with the Samba 2.2 as a 
-	PDC this document will become much more usefull.</para>
+	PDC this document will become much more useful.</para>
 
 </sect1>
 
@@ -133,7 +133,7 @@
 
 
 	<para>
-	These things are note expected to work in the forseeable future:
+	These things are not expected to work in the foreseeable future:
 	</para>
 	
 	<itemizedlist>
@@ -148,7 +148,7 @@ controlled domain?</title>
 
 	<para>
 	The 2.2 release branch of Samba  supports Windows 2000 domain 
-	clients in legacy mode, ie as if the PDC is a NTServer, not a
+	clients in legacy mode, i.e. as if the PDC is a NTServer, not a
 	W2K server.
 	</para>
 </sect2>
@@ -159,7 +159,7 @@ controlled domain?</title>
 <title>CVS</title>
 
 	<para>
-	CVS is a programme (publically available) that the Samba developers 
+	CVS is a program (publicly available) that the Samba developers 
 	use to maintain the central source code. Non developers can get 
 	access to the source in a read only capacity. Many flavours of unix 
 	now arrive with cvs installed.</>
@@ -181,7 +181,7 @@ controlled domain?</title>
 		<term>HEAD</term> 
 		<listitem><para>Samba 3.0 ? This code boasts all the main 
 		development work in Samba. Due to its developmental
-		nature, its not really suitable for production work.
+		nature, it's not really suitable for production work.
 		</para></listitem></varlistentry>
 		
 		<varlistentry>
@@ -235,7 +235,7 @@ controlled Domain?</>
 
 	<para>
 	There is a comprehensive Samba PDC <ulink
-	url="samba-pdc-howto.html">HOWTO</ulink> accessable from the samba web 
+	url="samba-pdc-howto.html">HOWTO</ulink> accessible from the samba web 
 	site under 'Documentation'. Read it.
 	</para>
 </sect2>
@@ -257,11 +257,11 @@ controlled Domain?</>
 
 <sect2>
 <title>"The machine account for this computer either does not 
-exist or is not accessable."</>
+exist or is not accessible."</>
 
 	<para>
 	When I try to join the domain I get the message "The machine account 
-	for this computer either does not exist or is not accessable". Whats 
+	for this computer either does not exist or is not accessible". Whats 
 	wrong ?
 	</para>
 
@@ -315,7 +315,7 @@ exist or is not accessable."</>
 
 	<para>
 	Then you need to add that entry to smbpasswd, assuming you have a suitable
-	path to the <command>smbpasswd</> programme, do this :
+	path to the <command>smbpasswd</> program, do this :
 	</para>
 
 	<para>
@@ -324,7 +324,7 @@ exist or is not accessable."</>
 
 	<para>
 	The entry will be created with a well known password, so any machine that 
-	says its doppy could join the domain as long as it gets in first. So 
+	says it's doppy could join the domain as long as it gets in first. So 
 	don't create the accounts any earlier than you need them.
 	</para>
 </sect2> 
@@ -353,7 +353,7 @@ when creating a machine account.</title>
 	<para>
 	This happens if you try to create a machine account from the 
 	machine itself and use a user	name that does not work (for whatever 
-	reason) and then try another (possibly valid) user name.
+	reason) and then try another (possibly valid) username.
 	Exit out of the network applet to close the initial connection 
 	and try again.
 	</para>
@@ -380,7 +380,7 @@ conflict with an existing set.."</title>
 
 	<para>I joined the domain successfully but after upgrading 
 	to a newer version of the Samba code I get the message, "The system 
-	can not log you on (C000019B), Please try a gain or consult your 
+	can not log you on (C000019B), Please try again or consult your 
 	system administrator" when attempting to logon.
 	</para>
 
@@ -483,15 +483,15 @@ server.</title>
 	</para>
 
 	<para>
-	Make sure that the "logon path" is writeable by the user and make sure 
+	Make sure that the "logon path" is writable by the user and make sure 
 	that the connection to the logon path location is by the current user.   
-	Sometimes Windows client do not drop the connection immediately upon 
+	Sometimes Windows clients do not drop the connection immediately upon 
 	logoff.
 	</para> 
 
     <para>
 	Some people have reported that the logon path location should 
-	also be browseable.  I (GC) have yet to emperically verify this, 
+	also be browseable.  I (GC) have yet to empirically verify this, 
 	but you can try.</para> 
 </sect2>
 </sect1>
@@ -499,13 +499,13 @@ server.</title>
 <sect1><title>Policies</title>
 
 <sect2>
-<title>What are 'Policies' ?.</title>
+<title>What are 'Policies' ?</title>
 
     <para>
 	When a user logs onto the domain via a client machine, the PDC 
 	sends the client machine a list of things contained in the 
 	'policy' (if it exists).  This list may do things like suppress 
-	a splach screen, format the dates the way you like them or perhaps 
+	a splash screen, format the dates the way you like them or perhaps 
 	remove locally stored profiles.
 	</para>
 
@@ -513,7 +513,7 @@ server.</title>
 	On a samba PDC this list is obtained from a file called 
 	<filename>ntconfig.pol</filename> and located in the [netlogon] 
 	share. The file is created with a policy editor and must be readable 
-	by anyone and writeable by only root. See <link linkend=policyeditor>
+	by anyone and writable by only root. See <link linkend=policyeditor>
     below</link> for how  to get a suitable editor.
 	</para>  
 </sect2>
@@ -538,7 +538,7 @@ server.</title>
 
     <para>
 	A policy file must be in the [netlogon] share and must be 
-    readable by everyone and writeable by only root. The file 
+    readable by everyone and writable by only root. The file 
 	must be created by an NTServer <link linkend=policyeditor>Policy 
 	Editor</link>.
 	</para>
@@ -572,7 +572,7 @@ server.</title>
     but it is not suitable for creating <emphasis>Domain Policies</emphasis>. 
     Further, although the Windows 95 
 	Policy Editor can be installed on an NT Workstation/Server, it will not
-	work with NT policies because the registry key that are set by the policy templates. 
+	work with NT policies because of the registry keys that are set by the policy templates. 
 	However, the files from the NT Server will run happily enough on an NTws. 
 	You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient
     to put the two *.adm files in <filename>c:\winnt\inf</> which is where
@@ -582,10 +582,10 @@ server.</title>
 
 	<para>The Windows NT policy editor is also included with the 
 	Service Pack 3 (and later) for Windows NT 4.0. Extract the files using 
-    <command>servicepackname /x</command>, ie thats <command>Nt4sp6ai.exe 
+    <command>servicepackname /x</command>, i.e. that's <command>Nt4sp6ai.exe 
 	/x</command> for service pack 6a.  The policy editor, <command>poledt.exe</command> and the 
 	associated template files (*.adm) should
-	be extracted as well.  It is also possible to downloaded the policy template 
+	be extracted as well.  It is also possible to download the policy template 
 	files for Office97 and get a copy of the policy editor.  Another possible 
 	location is with the Zero Administration Kit available for download from Microsoft.
     </para>
@@ -624,7 +624,7 @@ server.</title>
 	NTws users can change their domain password by pressing Ctrl-Alt-Del 
 	and choosing 'Change Password'. By default however, this does not change the unix password 
     (typically in <filename>/etc/passwd</filename> or <filename>/etc/shadow</filename>). 
-	In lots of situations thats OK, for example :
+	In lots of situations that's OK, for example :
 	</para>
 
 	<itemizedlist>
@@ -636,10 +636,10 @@ server.</title>
     </itemizedlist>
 
     <para>
-	But sometimes you really do need to maintain two seperate password 
+	But sometimes you really do need to maintain two separate password 
 	databases and there are good reasons to keep then in sync.  Trying 
 	to explain to users that they need to change their passwords in two 
-	seperate places or use two seperate passwords is not fun.
+	separate places or use two separate passwords is not fun.
 	</para>
 
     <para>
@@ -699,10 +699,10 @@ server.</title>
 
 <sect2>
 <title>What editor can I use in DOS/Windows that won't 
-mess with my unix EOF</title>
+mess with my unix EOF ?</title>
 
     <para>There are a number of Windows or DOS based editors that will 
-	understand, and leave intact, the unix eof (as opposed to a DOS CL/LF). 
+	understand, and leave intact, the unix eof (as opposed to a DOS CR/LF). 
 	List members suggested :
 	</para>
 
@@ -713,7 +713,7 @@ mess with my unix EOF</title>
         home.snafu.de/ramo/WinViEn.htm</ulink></para></listitem>
 
 		<listitem><para>The author prefers PFE at <ulink url="http://www.lancs.ac.uk/people/cpaap/pfe/">
-		www.lancs.ac.uk/people/cpaap/pfe/</ulink> but its no longer being developed...</para></listitem>
+		www.lancs.ac.uk/people/cpaap/pfe/</ulink> but it's no longer being developed...</para></listitem>
     </itemizedlist>
 </sect2>
 
@@ -721,7 +721,7 @@ mess with my unix EOF</title>
 
 
 <sect2>
-<title>How do I get 'User Manager' and 'Server Manager'</title>
+<title>How do I get 'User Manager' and 'Server Manager' ?</title>
 
 	<para>
 	Since I don't need to buy an NT Server CD now, how do I get 
@@ -731,7 +731,7 @@ mess with my unix EOF</title>
 	<para>
 	Microsoft distributes a version of 
 	these tools called nexus for installation on Windows 95 systems.  The 
-	tools set includes
+	tool set includes
 	</para>
 	
 	<itemizedlist>
@@ -774,7 +774,7 @@ mess with my unix EOF</title>
 
 </sect2>
 
-<sect2><title>How do I get my samba server to become a member ( not PDC ) of an NT domain?</title>
+<sect2><title>How do I get my samba server to become a member ( not PDC ) of an NT domain ?</title>
 
 
 	<para>
@@ -796,11 +796,11 @@ mess with my unix EOF</title>
 <sect1><title>Diagnostic tools</title>
 
 <sect2><title>What are some diagnostics tools I can use to debug the domain logon process and where can I
-	find them? </title>
+	find them ?</title>
 
     <para>
 	One of the best diagnostic tools for debugging problems is Samba itself.  
-	You can use the -d option for both smbd and nmbd to specifiy what 
+	You can use the -d option for both smbd and nmbd to specify what 
 	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
 	smb.conf for more information on debugging options.  The debug 
 	level can range from 1 (the default) to 10 (100 for debugging passwords).
@@ -809,20 +809,20 @@ mess with my unix EOF</title>
 	<para>
 	Another helpful method of debugging is to compile samba using the 
 	<command>gcc -g </command> flag.   This will include debug 
-	information in the binaries and allow you to attch gdb to the 
+	information in the binaries and allow you to attach gdb to the 
 	running smbd / nmbd process.  In order to attach gdb to an smbd 
 	process for an NT workstation, first get the workstation to make the 
-	connection. Pressing ctrl-alt-delete and going down to the domain box 
+	connection. Pressing Ctrl-Alt-Del and going down to the domain box 
 	is sufficient (at least, on the first time you join the domain) to 
 	generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation 
 	maintains an open connection, and therefore there will be an smbd 
 	process running (assuming that you haven't set a really short smbd 
-	idle timeout)  So, in between pressing ctrl alt delete, and actually 
+	idle timeout)  So, in between pressing Ctrl-Alt-Del, and actually 
 	typing in your password, you can gdb attach and continue.
 	</para>
 
 	<para>
-	Some usefull samba commands worth investigating:
+	Some useful samba commands worth investigating:
 	</para>
 	
 	<itemizedlist>
@@ -832,18 +832,18 @@ mess with my unix EOF</title>
     
     <para>
 	An SMB enabled version of tcpdump is available from 
-    <ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>.
+    <ulink url="http://www.tcpdump.org/">http://www.tcpdump.org/</ulink>.
 	Ethereal, another good packet sniffer for UNIX and Win32
 	hosts, can be downloaded from <ulink 
 	url="http://www.ethereal.com/">http://www.ethereal.com</ulink>.
 	</para>
 	
 	<para>
-	For tracing things on the Microsoft Windows NT, Network Monitor 
+	For tracing things on Microsoft Windows NT, Network Monitor 
 	(aka. netmon) is available on the Microsoft Developer Network CD's, 
 	the Windows NT Server install CD and the SMS CD's.  The version of 
 	netmon that ships with SMS allows for dumping packets between any two 
-	computers (ie. placing the network interface in promiscuous mode).  
+	computers (i.e. placing the network interface in promiscuous mode).  
 	The version on the NT Server install CD will only allow monitoring 
 	of network traffic directed to the local NT box and broadcasts on the 
 	local subnet.  Be aware that Ethereal can read and write netmon 
@@ -854,7 +854,7 @@ mess with my unix EOF</title>
 
 <sect2>
 <title>How do I install 'Network Monitor' on an NT Workstation 
-or a Windows 9x box?</title>
+or a Windows 9x box ?</title>
 
 	<para>
 	Installing netmon on an NT workstation requires a couple 
@@ -953,10 +953,10 @@ or a Windows 9x box?</title>
 		on the Samba mirrors might mention your problem. If so,
 		it might mean that the developers are working on it.</para></listitem>
  
-	<listitem><para> Ignacio Coupeau has a very comprehesive look at LDAP with Samba at 
+	<listitem><para> Ignacio Coupeau has a very comprehensive look at LDAP with Samba at 
 		<ulink url="http://www.unav.es/cti/ldap-smb-howto.html">
 		http://www.unav.es/cti/ldap-smb-howto.html</ulink> 
-		Be a little carefull however, I suspect that it does not specificly 
+		Be a little careful however, I suspect that it does not specifically 
 		address samba 2.2.x. The HEAD pre-2.1 may possibly be the best
 		stream to look at.</para></listitem>
 
@@ -964,7 +964,7 @@ or a Windows 9x box?</title>
         Samba-TNG</ulink> at 
 		<ulink url="http://www.kneschke.de/projekte/samba_tng">
 		http://www.kneschke.de/projekte/samba_tng</ulink>, but again, a 
-		lot of it does not apply to the main stream Samba.</para></listitem>
+		lot of it does not apply to the mainstream Samba.</para></listitem>
 
     <listitem><para>See how Scott Merrill simulates a BDC behaviour at 
         <ulink url="http://www.skippy.net/linux/smb-howto.html">
@@ -1006,7 +1006,7 @@ or a Windows 9x box?</title>
     <para>For questions relating to Samba TNG go to
         <ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> 
 	    It has been requested that you don't post questions about Samba-TNG to the
-        main stream Samba lists.</para>
+        mainstream Samba lists.</para>
 	 
 <itemizedlist><title>If you post a message to one of the lists please
 	 observe the following guide lines :</title>
@@ -1027,14 +1027,14 @@ or a Windows 9x box?</title>
 	<listitem><para> Try and make your question clear and brief, lots of long, 
 		convoluted questions get deleted before	they are completely read ! 
 		Don't post html encoded messages (if you can select colour or font 
-		size its html).</para></listitem>
+		size it's html).</para></listitem>
 
-	<listitem><para> If you run one of those niffy 'I'm on holidays' things when 
+	<listitem><para> If you run one of those nifty 'I'm on holidays' things when 
 		you are away, make sure its configured	to not answer mailing lists.
 		</para></listitem> 
 
 	<listitem><para> Don't cross post. Work out which is the best list to post to 
-		and see what happens, ie don't post to both samba-ntdom and samba-technical.
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
         Many people active on the lists subscribe to more 
 		than one list and get annoyed to see the same message two or more times. 
 		Often someone will see a message and thinking it would be better dealt 
@@ -1069,7 +1069,7 @@ or a Windows 9x box?</title>
 
     <para>
 	Please don't post messages to the list asking to be removed, you will just
-        be refered to the above address (unless that process failed in some way...)
+        be referred to the above address (unless that process failed in some way...)
     </para>
 </sect2>
       
diff --git a/docs/docbook/howto/samba-pdc-howto.sgml b/docs/docbook/howto/samba-pdc-howto.sgml
index 4b8380dd9e5..c707b542017 100644
--- a/docs/docbook/howto/samba-pdc-howto.sgml
+++ b/docs/docbook/howto/samba-pdc-howto.sgml
@@ -1,4 +1,3 @@
-	
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
 <book id="samba-pdc-howto">
 
@@ -74,7 +73,7 @@ developmental versions of Samba, particularly
 
 
 <para>Note that <ulink url="http://bioserve.latrobe.edu.au/samba">Samba 2.0.7</>
-    supports significently less of the NT Domain facilities compared with 2.2.0
+    supports significantly less of the NT Domain facilities compared with 2.2.0
     </para>
 
 <para>
@@ -130,7 +129,7 @@ developmental versions of Samba, particularly
 
 <sect1><title>Start Up Script</title>
 	<para>Skip this section if you have a working Samba already. 
-	Everyone has their own favourite startup script. Here is mine, offered with no warrantee
+	Everyone has their own favourite startup script. Here is mine, offered with no warranty
 	at all !</para>
 
 <programlisting> 
@@ -221,7 +220,7 @@ developmental versions of Samba, particularly
     
 </programlisting>
 
-<para>	Use this script, or some other one, you will need to ensure its used while the machine
+<para>	Use this script, or some other one, you will need to ensure it's used while the machine
 	is booting. (This typically involves <filename>/etc/rc.d</filename>, we'll be 
 	assuming that there is a script called
 	samba in <filename>/etc/rc.d/init.d</filename> further down in this document.)
@@ -288,7 +287,7 @@ developmental versions of Samba, particularly
 	This is probably not very nice and may change. But it does work !</para>
 
     <para>For this example, I have a group called 'machines', entries can be added to
-    <filename>/etc/passwd</> using a programme called <filename>/usr/adduser</> and 
+    <filename>/etc/passwd</> using a program called <filename>/usr/adduser</> and 
     the other parameters are chosen as suitable for a machine account. Works for
     RH Linux, your system may require changes.</para>
 	</listitem>
@@ -303,9 +302,9 @@ developmental versions of Samba, particularly
 	</listitem>
 </varlistentry>
 
-<varlistentry><term>domain admin users = user1 users2</term>
-	<listitem><para>It appears that this parameter does not funtion correctly at present.
-    Use the 'domain admin group' instread. This parameter specifies a unix user who will 
+<varlistentry><term>domain admin users = user1 user2</term>
+	<listitem><para>It appears that this parameter does not function correctly at present.
+    Use the 'domain admin group' instead. This parameter specifies a unix user who will 
     be granted admin privileges 
 	on a NT workstation when
 	logged onto that workstation. See the section called <link linkend=domainadmin>
@@ -330,7 +329,7 @@ developmental versions of Samba, particularly
 </varlistentry>
 
 <varlistentry><term>logon path</term>
-	<listitem><para>Lets you specify where you would like users profiles kept. The default, that is in the users
+	<listitem><para>Lets you specify where you would like users' profiles kept. The default, that is in the user's
 	home directory, does encourage a bit of fiddling.</para>
 	</listitem>
 </varlistentry>
@@ -343,7 +342,7 @@ developmental versions of Samba, particularly
 </sect1>
 
 <sect1><title>Special directories</title>
-	<para>You need to create a couple of special files and directories. Its nice 
+	<para>You need to create a couple of special files and directories. It's nice 
 	to have some of the binaries handy too, so I create links to them. Assuming 
 	you have used the default samba location and have not
 	changed the locations mentioned in the sample config file, do the following :</para>
@@ -369,10 +368,10 @@ developmental versions of Samba, particularly
 	<para><command>samba start</command></para>
 
 	<para>Instead, you might like to reboot the machine to make sure that you 
-	got the init stuff right. Any way, a quick look in the logs 
+	got the init stuff right. Anyway, a quick look in the logs 
 	<filename>/usr/local/samba/var/log.smbd</filename> and <filename>
 	/usr/local/samba/var/log/nmbd</filename>
-	will give you an idea of what's happening. Assuming all is well, lets create 
+	will give you an idea of what's happening. Assuming all is well, let's create 
 	some accounts...</para> 
 </sect1>
 </chapter>
@@ -398,7 +397,7 @@ developmental versions of Samba, particularly
 	(Note that win95/98 machines don't need an account as they don't do 
 	any security aware things.)</para>
 
-	<para>Samba 2.2 will now create these entries for us. Carefull set up is required
+	<para>Samba 2.2 will now create these entries for us. Careful set up is required
 	and there may well be some changes to this system before its released. 
 	</para>
 </sect1>
@@ -479,7 +478,7 @@ developmental versions of Samba, particularly
     <listitem><para>Wait for the confirmation, reboot when prompted.</para></listitem>
 </itemizedlist>
     <para>To remove a W2K machine from the domain, follow the first two steps then 
-    choose <command>Workgroup</>, enter a work group name (or just WORKGROUP) and follow 
+    choose <command>Workgroup</>, enter a workgroup name (or just WORKGROUP) and follow 
     the prompts.</para>
 </listitem></varlistentry>
 
@@ -522,7 +521,7 @@ developmental versions of Samba, particularly
 	domain admins and tells the NTws when it thinks that it has got one logged on. 
 	In the smb.conf file we declare
 	that the <filename>Domain Admin group = @adm</filename>. 
-	Any user who is a menber of the unix group 'adm' is treated as a Domain Admin by a NTws when 
+	Any user who is a member of the unix group 'adm' is treated as a Domain Admin by a NTws when 
 	logged onto the Domain. They will have full Administrator rights 
 	including the rights to change permissions on files and run the system 
 	utilities such as Disk Administrator. Add users to the group by editing <filename>
@@ -530,7 +529,7 @@ developmental versions of Samba, particularly
 
 	<para>Further, and this is very new, they will be allowed to create a 
 	new machine account when first connecting a new NT or W2K machine to 
-	the domain. <emphasis>However, at present, ie pre-release, only a Domain Admin who
+	the domain. <emphasis>However, at present, i.e. pre-release, only a Domain Admin who
 	also happens to be root can do so. </emphasis></para>
 </sect1>
 </chapter>
@@ -549,7 +548,7 @@ developmental versions of Samba, particularly
 	on the server and is downloaded again when they logon on again, possibly 
 	on another client machine.</para> 
 
-	<para>Sounds great but can be a bit of a bug bear sometimes. Users let 
+	<para>Sounds great but can be a bit of a bugbear sometimes. Users let 
 	their profiles get too big and then complain about how long it takes 
 	to log on each time. This sample setup only supports NT profiles, 
 	rumor has it that it is also possible to do the same on Win95, my 
@@ -564,7 +563,7 @@ developmental versions of Samba, particularly
 	<para>Policies are an easy way to make or enforce specific characteristics across your network. You create a ntconfig.pol
 	file and every time someone logs on with their NTws, the settings you put in ntconfig.pol are applied to the NTws.
 	Typical setting are things like making the date appear the way you want it (none of these 2 figure years here) or
-	maybe suppressing one of the splash screens. Perhaps you want to set the NTws so it does not keep users profiles
+	maybe suppressing one of the splash screens. Perhaps you want to set the NTws so it does not keep users' profiles
 	on the local machine. Cool. The only problem is making the ntconfig.pol file itself. You cannot use the policy editor
 	that comes with NTws.</para> 
 
@@ -602,25 +601,25 @@ developmental versions of Samba, particularly
 
     <para>You could use a line like this <filename>logon script = default.bat</> and samba
     will supply <filename>/usr/local/samba/netlogon/default.bat</> for any client and every
-    user. Maybe you could use %m and get a client machine dependant logon script.
+    user. Maybe you could use %m and get a client machine dependent logon script.
     You get the idea...</para>
 
 	<para>Note that the file is a dos batch file not a Unix script. It runs dos commands on the client 
 	computer with the logon	user's permissions. It must be a dos file with each line ending with 
 	the dos cr/lf not a nice clean newline. Generally,
-	its best to create the initial file on a DOS system and copy it across.</para>
+	it's best to create the initial file on a DOS system and copy it across.</para>
 
-	<para>There is lots of very clever uses of the Samba replaceable variables such 
+	<para>There are lots of very clever uses of the Samba replaceable variables such 
 	( %U = user, %G = primary group, %H = client machine, see the 'man 5 smb.conf') to 
 	give you control over which script runs when a particular person logs
 	on. (Gee, it would be nice to have a default.bat run when nothing else is available.)</para>
 
 	<para>Again, it is vitally important that ordinary users don't have write 
-	permission to other peoples, or even probably their own, logon script files.</para>
+	permission to other people's, or even probably their own, logon script files.</para>
 
 	<para>A typical logon script is reproduced below. Note that it runs separate 
 	commands for win95 and NT, that's because NT has slightly different behaviour 
-	when using the <filename>net use ..</filename> command. Its useful for lots of 
+	when using the <filename>net use ..</filename> command. It's useful for lots of 
 	other situations too. I	don't know what syntax to use for win98, I don't use it 
 	here.</para>
 
@@ -652,7 +651,7 @@ developmental versions of Samba, particularly
 	to the <link linkend=useraccount><filename>adduser</></> line above would allow unix logon 
 	but it would be with passwords that may 
 	be different from the NT logon. Clearly that won't suit everyone. Trying to explain to users
-	that they need to change their passwords in two seperate places is not fun. 
+	that they need to change their passwords in two separate places is not fun. 
 	Further, even if they cannot do a unix logon there are other processes that 
 	might require authentication. We have a nice securely encrypted password in 
 	<filename>/usr/local/samba/private/smbpasswd</filename>, why not use it ?</para>
@@ -703,30 +702,30 @@ developmental versions of Samba, particularly
 	<para>For many years the Samba team have been developing Samba, some time ago 
 	a number of people, possibly lead by Luke Leighton started contributing NT 
 	PDC stuff. This was added to the 'head' stream (that would eventually
-	become the next version) and later to a seperate stream (NTDom). They did so 
+	become the next version) and later to a separate stream (NTDom). They did so 
 	much that eventually this development stream was so mutated that it could not 
 	be merged back into the main stream and was abandoned towards the end of 1999. 
 	And that was very sad because many users, myself include had become heavily
-	dependant on the NTController facilities it offered. Oh well...</para>
+	dependent on the NTController facilities it offered. Oh well...</para>
 
 	<para>The NTDom team continued on with their new found knowledge however and 
 	built the TNG stream. Intended to be carefully controlled so that it can be 
 	merged back into the main stream and benefiting from what they learnt, it is 
-	a very different product to the origional NTDom product. However, for a 
+	a very different product to the original NTDom product. However, for a 
     number of reasons, the merge did not take place and now TNG is being developed 
     at <ulink url="http://www.samba-tng.org">http://www.samba-tng.org</>.</para>
 
-	<para>Now, the NTDom things that the main strean 2.0.x version does is based more 
+	<para>Now, the NTDom things that the main stream 2.0.x version does is based more 
 	on the old (initial version) abandoned code than on the TNG ideas. It appears 
 	that version 2.2.0 will also include an improved version of the 2.0.7 domain 
-	controller charactistics, not the TNG ways. The developers have indicated 
+	controller characteristics, not the TNG ways. The developers have indicated 
 	that 2.2.0 will be further developed incrementally and the ideas from TNG 
 	incorporated into it.</para>
 
 	<para>One more little wriggle is worth mentioning. At one stage the NTDom 
 	stream was called Samba 2.1.0-prealpha and similar names. This is most 
 	unfortunate because at least one book published advises people who want to 
-	use NTDom Samba to get version 2.1.0 or later. As main stream Samba will soon 
+	use NTDom Samba to get version 2.1.0 or later. As mainstream Samba will soon 
 	be called 2.2.0  and NOT officially supporting NTDom Controlling functions, 
 	the potential for confusion is certainly there.</para>
 </sect2>
@@ -737,8 +736,8 @@ developmental versions of Samba, particularly
 	</emphasis>. It offers the 'best guess'	of what is planned for future releases 
 	of Samba.</para>
 
-	<para>The future of Samba as a Primary Domain Controller appears rosie, however 
-	be aware that its the future, not the present. The developers are strongly committed 
+	<para>The future of Samba as a Primary Domain Controller appears rosy, however 
+	be aware that it's the future, not the present. The developers are strongly committed 
 	to building a full featured PDC into Samba but it will	take time. If this 
 	version does not meet your requirements then you should consider (in no particular 
 	order) :</para>
@@ -755,8 +754,8 @@ developmental versions of Samba, particularly
 
 <sect2><title>Getting further help</title>
 
-	<para>This document cannot possibly answer all your questions. Please understand that its very
-	likely that someone has been confrounted by the same problem that you have. The 
+	<para>This document cannot possibly answer all your questions. Please understand that it's very
+	likely that someone has been confronted by the same problem that you have. The 
     <ulink url="samba-pdc-faq.html">FAQ</>
     discusses a number of possible paths to take to get further help :</para>
 
diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.sgml
index 32ed13f043b..7934c18e8ec 100644
--- a/docs/docbook/manpages/lmhosts.5.sgml
+++ b/docs/docbook/manpages/lmhosts.5.sgml
@@ -20,7 +20,7 @@
 <refsect1>
 	<title>DESCRIPTION</title>
 	
-	<para>This file is part of the <<ulink url="samba.7.html">
+	<para>This file is part of the <ulink url="samba.7.html">
 	Samba</ulink> suite.</para>
 
 	<para><filename>lmhosts</filename> is the <emphasis>Samba
diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml
index 8a58b8614dd..a36f9b968c1 100644
--- a/docs/docbook/manpages/make_smbcodepage.1.sgml
+++ b/docs/docbook/manpages/make_smbcodepage.1.sgml
@@ -1,5 +1,5 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="findsmb">
+<refentry id="make-smbcodepage">
 
 <refmeta>
 	<refentrytitle>make_smbcodepage</refentrytitle>
@@ -56,11 +56,11 @@
 		
 		<varlistentry>
 		<term>inputfile</term>
-		<listitem><para>This is the input file to process. In t
-		he '<parameter>c</parameter>' case this will be a text 
+		<listitem><para>This is the input file to process. In 
+		the <parameter>c</parameter> case this will be a text 
 		codepage definition file such as the ones found in the Samba 	
 		<filename>source/codepages</filename> directory. In
-		the '<parameter>d</parameter>' case this will be the 
+		the <parameter>d</parameter> case this will be the 
 		binary format codepage definition file normally found in 
 		the <filename>lib/codepages</filename> directory in the 
 		Samba install directory path.</para></listitem>
diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml
index 5194b1072b0..f52e38bb776 100644
--- a/docs/docbook/manpages/nmbd.8.sgml
+++ b/docs/docbook/manpages/nmbd.8.sgml
@@ -37,7 +37,7 @@
 
 	<para><command>nmbd</command> is a server that understands 
 	and can reply to NetBIOS over IP name service requests, like 
-	those produced by SMBD/CIFS clients such as Windows 95/98/ME, 
+	those produced by SMB/CIFS clients such as Windows 95/98/ME, 
 	Windows NT, Windows 2000, and LanManager clients. It also
 	participates in the browsing protocols which make up the 
 	Windows "Network Neighborhood" view.</para>
@@ -287,11 +287,11 @@
 	a SIGTERM (-15) signal and wait for it to die on its own.</para>
 
 	<para><command>nmbd</command> will accept SIGHUP, which will cause 
-	it to dump out it's namelists into the file <filename>namelist.debug
+	it to dump out its namelists into the file <filename>namelist.debug
 	</filename> in the <filename>/usr/local/samba/var/locks</filename> 
 	directory (or the <filename>var/locks</filename> directory configured 
 	under wherever Samba was configured to install itself). This will also 
-	cause <command>nmbd</command> to dump out it's server database in
+	cause <command>nmbd</command> to dump out its server database in
 	the <filename>log.nmb</filename> file. In addition, the debug log level 
 	of nmbd may be raised by sending it a SIGUSR1 (<command>kill -USR1
 	&lt;nmbd-pid&gt;</command>) and lowered by sending it a
diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml
index ee81d2b4e8f..67efac56343 100644
--- a/docs/docbook/manpages/nmblookup.1.sgml
+++ b/docs/docbook/manpages/nmblookup.1.sgml
@@ -84,7 +84,7 @@
 		datagrams. The reason for this option is a bug in Windows 95 
 		where it ignores the source port of the requesting packet 
 	 	and only replies to UDP port 137. Unfortunately, on most UNIX 
-		systems root privilage is needed to bind to this port, and 
+		systems root privilege is needed to bind to this port, and 
 		in addition, if the <ulink url="nmbd.8.html">nmbd(8)</ulink> 
 		daemon is running on this machine it also binds to this port.
 		</para></listitem>
@@ -208,7 +208,7 @@
 
 		<para>For example, running :</para>
 
-		<para><command>nmblookup -U samba.org -R IRIX#1B'</command></para>
+		<para><command>nmblookup -U samba.org -R 'IRIX#1B'</command></para>
 
 		<para>would query the WINS server samba.org for the domain 
 		master browser (1B name type) for the IRIX workgroup.</para>
diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml
index c02f935d823..6093d6dc42e 100644
--- a/docs/docbook/manpages/rpcclient.1.sgml
+++ b/docs/docbook/manpages/rpcclient.1.sgml
@@ -89,7 +89,7 @@
 		<term>-d debuglevel</term>
 		<listitem><para>set the debuglevel. Debug level 0 is the lowest 
 		and 100 being the highest. This should be set to 100 if you are
-		planning on submitting a bug report to the Samba team (see BUGS.txt). 
+		planning on submitting a bug report to the Samba team (see <filename>BUGS.txt</filename>). 
 		</para></listitem>
 		</varlistentry>
 		
@@ -107,8 +107,9 @@
 		
 		<varlistentry>
 		<term>-l logbasename</term>
-		<listitem><para>File name for log/debug files. .client will be 
-		appended. The log file is never removed  by the client.
+		<listitem><para>File name for log/debug files. The extension 
+		<constant>'.client'</constant> will be appended. The log file is never removed  
+		by the client.
 		</para></listitem>
 		</varlistentry>
 
@@ -136,7 +137,7 @@
 		
 		<para>If %password is not specified, The user will be prompted. The 
 		client will first check the <envar>USER</envar> environment variable, then the 
-		<envar>LOGNAME</envar> variable and if either exist, the 
+		<envar>LOGNAME</envar> variable and if either exists, the 
 		string is uppercased. If these environmental variables are not 
 		found, the username <constant>GUEST</constant> is used. </para>
 
@@ -161,9 +162,8 @@
 		<varlistentry>
 		<term>-W domain</term>
 		<listitem><para>Set the SMB domain of the username.   This 
-		overrides the default  domain which is the domain of the 
-		server specified with the  <parameter>-S</parameter> option.  
-		If the domain specified is the same as the server's NetBIOS name, 
+		overrides the default domain which is the domain defined in 
+		smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
 		it causes the client to log on using the  server's local SAM (as 
 		opposed to the Domain SAM). </para></listitem>
 		</varlistentry>
@@ -179,8 +179,15 @@
 	<para><emphasis>LSARPC</emphasis></para>
 	<itemizedlist>
 		<listitem><para><command>lsaquery</command></para></listitem>
-		<listitem><para><command>lookupsids</command></para></listitem>
-		<listitem><para><command>lookupnames</command></para></listitem>
+		
+		<listitem><para><command>lookupsids</command> - Resolve a list 
+		of SIDs to usernames.
+		</para></listitem>
+		
+		<listitem><para><command>lookupnames</command> - Resolve s list 
+		of usernames to SIDs.
+		</para></listitem>
+		
 		<listitem><para><command>enumtrusts</command></para></listitem>
 	</itemizedlist>	
 	<para> </para>
@@ -193,6 +200,10 @@
 		<listitem><para><command>querygroup</command></para></listitem>
 		<listitem><para><command>queryusergroups</command></para></listitem>
 		<listitem><para><command>querygroupmem</command></para></listitem>
+		<listitem><para><command>queryaliasmem</command></para></listitem>
+		<listitem><para><command>querydispinfo</command></para></listitem>
+		<listitem><para><command>querydominfo</command></para></listitem>
+		<listitem><para><command>enumdomgroups</command></para></listitem>
 	</itemizedlist>
 	<para> </para>
 
@@ -244,6 +255,12 @@
 		</listitem>
 
 
+		<listitem><para><command>deldriver</command> - Delete the 
+		specified printer driver for all architectures.  This
+		does not delete the actual driver files from the server,
+		only the entry from the server's list of drivers.
+		</para></listitem>
+
 		<listitem><para><command>enumdata</command> - Enumerate all 
 		printer setting data stored on the server. On Windows NT  clients, 
 		these values are stored  in the registry, while Samba servers 
@@ -367,7 +384,7 @@
 	available from the original creators  (Microsoft) on how MSRPC over 
 	SMB works, or how the individual MSRPC services  work. Microsoft's 
 	implementation of these services has been demonstrated  (and reported) 
-	to be... a bit flakey in places. </para>
+	to be... a bit flaky in places. </para>
 
 	<para>The development of Samba's implementation is also a bit rough, 
 	and as more  of the services are understood, it can even result in 
@@ -395,7 +412,7 @@
 	to the way the Linux kernel is developed.</para>
 	
 	<para>The original rpcclient man page was written by Matthew 
-	Geddes, Luke Kenneth Casson, and rewriten by Gerald Carter.  
+	Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
 	The conversion to DocBook for Samba 2.2 was done by Gerald 
 	Carter.</para>
 </refsect1>
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 8829688c193..ffc426aebfa 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -519,7 +519,7 @@
 		upper case, or if they are forced to be the "default" 
 		case. This option can be use with "preserve case = yes" 
 		to permit long filenames to retain their case, while short names 
-		are lowered. Default <emphasis>yes</emphasis>.</para></listitem>
+		are lowercased. Default <emphasis>yes</emphasis>.</para></listitem>
 		</varlistentry> 
 	</variablelist>
 	
@@ -552,7 +552,7 @@
 		with the system and now supplies a correct password for that 
 		username then the connection is allowed.</para></listitem>
 		
-		<listitem><para>The client's netbios name and any previously 
+		<listitem><para>The client's NetBIOS name and any previously 
 		used user names are checked against the supplied password, if 
 		they match then the connection is allowed as the corresponding 
 		user.</para></listitem>
@@ -586,8 +586,9 @@
 	each parameter for details.  Note that some are synonyms.</para>
 
 	<itemizedlist>
+		<listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>add printer command</parameter></link></para></listitem>
+		<listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem>
 		<listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem>
-		<listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>addprinter command</parameter></link></para></listitem>
 		<listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem>
 		<listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem>
 		<listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem>
@@ -595,6 +596,7 @@
 		<listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem>
 		<listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem>
 		<listitem><para><link linkend="CHANGENOTIFYTIMEOUT"><parameter>change notify timeout</parameter></link></para></listitem>
+		<listitem><para><link linkend="CHANGESHARECOMMAND"><parameter>change share command</parameter></link></para></listitem>
 		<listitem><para><link linkend="CHARACTERSET"><parameter>character set</parameter></link></para></listitem>
 		<listitem><para><link linkend="CLIENTCODEPAGE"><parameter>client code page</parameter></link></para></listitem>
 		<listitem><para><link linkend="CODEPAGEDIRECTORY"><parameter>code page directory</parameter></link></para></listitem>
@@ -608,15 +610,13 @@
 		<listitem><para><link linkend="DEBUGLEVEL"><parameter>debuglevel</parameter></link></para></listitem>
 		<listitem><para><link linkend="DEFAULT"><parameter>default</parameter></link></para></listitem>
 		<listitem><para><link linkend="DEFAULTSERVICE"><parameter>default service</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer command</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETESHARECOMMAND"><parameter>delete share command</parameter></link></para></listitem>
 		<listitem><para><link linkend="DELETEUSERSCRIPT"><parameter>delete user script</parameter></link></para></listitem>
-		<listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>deleteprinter command</parameter></link></para></listitem>
 		<listitem><para><link linkend="DFREECOMMAND"><parameter>dfree command</parameter></link></para></listitem>
 		<listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINADMINGROUP"><parameter>domain admin group</parameter></link></para></listitem>
-		<listitem><para><link linkend="DOMAINADMINUSERS"><parameter>domain admin users</parameter></link></para></listitem>
-		<listitem><para><link linkend="DOMAINGROUPS"><parameter>domain groups</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINGUESTGROUP"><parameter>domain guest group</parameter></link></para></listitem>
-		<listitem><para><link linkend="DOMAINGUESTUSERS"><parameter>domain guest users</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem>
 		<listitem><para><link linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter></link></para></listitem>
@@ -670,9 +670,11 @@
 		<listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem>
 		<listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem>
 		<listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem>
+		<listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem>
 		<listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem>
 		<listitem><para><link linkend="OSLEVEL"><parameter>os level</parameter></link></para></listitem>
 		<listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem>
+		<listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem>
 		<listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem>
 		<listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem>
 		<listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem>
@@ -728,7 +730,6 @@
 		<listitem><para><link linkend="TIMESTAMPLOGS"><parameter>timestamp logs</parameter></link></para></listitem>
 		<listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem>
 		<listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem>
-		<listitem><para><link linkend="UNIXREALNAME"><parameter>unix realname</parameter></link></para></listitem>
 		<listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem>
 		<listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem>
 		<listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem>
@@ -882,6 +883,119 @@
 	
 	<variablelist>
 	
+
+		<varlistentry>
+		<term><anchor id="ADDPRINTERCOMMAND">add printer command (G)</term>
+		<listitem><para>With the introduction of MS-RPC based printing
+		support for Windows NT/2000 clients in Samba 2.2, The MS Add
+		Printer Wizard (APW) icon is now also available in the 
+		"Printers..." folder displayed a share listing.  The APW
+		allows for printers to be add remotely to a Samba or Windows 
+		NT/2000 print server.</para>
+		
+		<para>For a Samba host this means that the printer must be 
+		physically added to the underlying printing system.  The <parameter>add 
+		printer command</parameter> defines a script to be run which 
+		will perform the necessary operations for adding the printer
+		to the print system and to add the appropriate service definition 
+		to the  <filename>smb.conf</filename> file in order that it can be 
+		shared by <ulink url="smbd.8.html"><command>smbd(8)</command>
+		</ulink>.</para>
+		
+		<para>The <parameter>add printer command</parameter> is
+		automatically invoked with the following parameter (in 
+		order:</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>printer name</parameter></para></listitem>
+			<listitem><para><parameter>share name</parameter></para></listitem>
+			<listitem><para><parameter>port name</parameter></para></listitem>
+			<listitem><para><parameter>driver name</parameter></para></listitem>
+			<listitem><para><parameter>location</parameter></para></listitem>
+			<listitem><para><parameter>Windows 9x driver location</parameter>
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>All parameters are filled in from the PRINTER_INFO_2 structure sent 
+		by the Windows NT/2000 client with one exception.  The "Windows 9x
+		driver location" parameter is included for backwards compatibility
+		only.  The remaining fields in the structure are generated from answers
+		to the APW questions.</para>
+		
+		<para>Once the <parameter>add printer command</parameter> has 
+		been executed, <command>smbd</command> will reparse the <filename>
+		smb.conf</filename> to determine if the share defined by the APW
+		exists.  If the sharename is still invalid, then <command>smbd
+		</command> will return an ACCESS_DENIED error to the client.</para>
+		
+		<para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter>
+		delete printer command</parameter></link>, <link 
+		linkend="printing"><parameter>printing</parameter></link>,
+		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
+		printer wizard</parameter></link></para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>addprinter command = /usr/bin/addprinter
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="ADDSHARECOMMAND">add share command (G)</term>
+		<listitem><para>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<parameter>add share command</parameter> is used to define an 
+		external program or script which will add a new service definition 
+		to <filename>smb.conf</filename>.  In order to successfully 
+		execute the <parameter>add share command</parameter>, <command>smbd</command>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</para>
+		
+		<para>
+		When executed, <command>smbd</command> will automatically invoke the 
+		<parameter>add share command</parameter> with four parameters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>configFile</parameter> - the location 
+			of the global <filename>smb.conf</filename> file. 
+			</para></listitem>
+			
+			<listitem><para><parameter>shareName</parameter> - the name of the new 
+			share.
+			</para></listitem>
+			
+			<listitem><para><parameter>pathName</parameter> - path to an **existing**
+			directory on disk.
+			</para></listitem>
+			
+			<listitem><para><parameter>comment</parameter> - comment string to associate 
+			with the new share.
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>
+		This parameter is only used for add file shares.  To add printer shares, 
+		see the <link linkend="ADDPRINTERCOMMAND"><parameter>add printer 
+		command</parameter></link>.
+		</para>
+		
+		<para>
+		See also <link linkend="CHANGESHARECOMMAND"><parameter>change share 
+		command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete share
+		command</parameter></link>.
+		</para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>add share command = /usr/local/bin/addshare</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
 		<varlistentry>
 		<term><anchor id="ADDUSERSCRIPT">add user script (G)</term>
 		<listitem><para>This is the full pathname to a script that will 
@@ -936,63 +1050,6 @@
 
 
 		<varlistentry>
-		<term><anchor id="ADDPRINTERCOMMAND">addprinter command (G)</term>
-		<listitem><para>With the introduction of MS-RPC based printing
-		support for Windows NT/2000 clients in Samba 2.2, The MS Add
-		Printer Wizard (APW) icon is now also available in the 
-		"Printers..." folder displayed a share listing.  The APW
-		allows for printers to be add remotely to a Samba or Windows 
-		NT/2000 print server.</para>
-		
-		<para>For a Samba host this means that the printer must be 
-		physically added to underlying printing system.  The <parameter>
-		addprinter command</parameter> defines a script to be run which 
-		will perform the necessary operations for adding the printer
-		to the print system and to add the appropriate service definition 
-		to the  <filename>smb.conf</filename> file in order that it can be 
-		shared by <ulink url="smbd.8.html"><command>smbd(8)</command>
-		</ulink>.</para>
-		
-		<para>The <parameter>addprinter command</parameter> is
-		automatically invoked with the following parameter (in 
-		order:</para>
-		
-		<itemizedlist>
-			<listitem><para><parameter>printer name</parameter></para></listitem>
-			<listitem><para><parameter>share name</parameter></para></listitem>
-			<listitem><para><parameter>port name</parameter></para></listitem>
-			<listitem><para><parameter>driver name</parameter></para></listitem>
-			<listitem><para><parameter>location</parameter></para></listitem>
-			<listitem><para><parameter>Windows 9x driver location</parameter>
-			</para></listitem>
-		</itemizedlist>
-		
-		<para>All parameters are filled in from the PRINTER_INFO_2 structure sent 
-		by the Windows NT/2000 client with one exception.  The "Windows 9x
-		driver location" parameter is included for backwards compatibility
-		only.  The remaining fields in the structure are generated from answers
-		to the APW questions.</para>
-		
-		<para>Once the <parameter>addprinter command</parameter> has 
-		been executed, <command>smbd</command> will reparse the <filename>
-		smb.conf</filename> to determine if the share defined by the APW
-		exists.  If the sharename is still invalid, then <command>smbd
-		</command> will return an ACCESS_DENIED error to the client.</para>
-		
-		<para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter>
-		deleteprinter command</parameter></link>, <link 
-		linkend="printing"><parameter>printing</parameter></link>,
-		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
-		printer wizard</parameter></link></para>
-		
-		<para>Default: <emphasis>none</emphasis></para>
-		<para>Example: <command>addprinter command = /usr/bin/addprinter
-		</command></para>
-		</listitem>
-		</varlistentry>
-
-
-		<varlistentry>
 		<term><anchor id="ADMINUSERS">admin users (S)</term>
 		<listitem><para>This is a list of users who will be granted 
 		administrative privileges on the share. This means that they 
@@ -1024,7 +1081,7 @@
 		linkend="SECURITY"><parameter>security</parameter></link> option is set to 
 		<constant>server</constant> or <constant>domain</constant>.  
 		If it is set to no, then attempts to connect to a resource from 
-		a domain or workgroup other than the one which smbd is running 
+		a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running 
 		in will fail, even if that domain is trusted by the remote server 
 		doing the authentication.</para>
 		
@@ -1067,7 +1124,7 @@
 
 
 		<varlistentry>
-		<term><anchor id="ANNOUNCEVERSION">annouce version (G)</term>
+		<term><anchor id="ANNOUNCEVERSION">announce version (G)</term>
 		<listitem><para>This specifies the major and minor version numbers 
 		that nmbd will use when announcing itself as a server. The default 
 		is 4.2.  Do not change this parameter unless you have a specific 
@@ -1107,7 +1164,7 @@
 		<varlistentry>
 		<term><anchor id="BINDINTERFACESONLY">bind interfaces only (G)</term>
 		<listitem><para>This global parameter allows the Samba admin 
-		to limit what interfaces on a machine will serve smb requests. If 
+		to limit what interfaces on a machine will serve SMB requests. If 
 		affects file service <ulink url="smbd.8.html">smbd(8)</ulink> and 
 		name service <ulink url="nmbd.8.html">nmbd(8)</ulink> in slightly 
 		different ways.</para>
@@ -1186,7 +1243,7 @@
 		queue the lock request, and periodically attempt to obtain 
 		the lock until the timeout period expires.</para>
 
-		<para>If this parameter is set to <constant>False</constant>, then 
+		<para>If this parameter is set to <constant>false</constant>, then 
 		Samba 2.2 will behave as previous versions of Samba would and 
 		will fail the lock request immediately if the lock range 
 		cannot be obtained.</para>
@@ -1265,11 +1322,64 @@
 		<para>Would change the scan time to every 5 minutes.</para></listitem>
 		</varlistentry>
 		
+
+
+		<varlistentry>
+		<term><anchor id="CHANGESHARECOMMAND">change share command (G)</term>
+		<listitem><para>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<parameter>change share command</parameter> is used to define an 
+		external program or script which will modify an existing service definition 
+		in <filename>smb.conf</filename>.  In order to successfully 
+		execute the <parameter>change share command</parameter>, <command>smbd</command>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</para>
+		
+		<para>
+		When executed, <command>smbd</command> will automatically invoke the 
+		<parameter>change share command</parameter> with four parameters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>configFile</parameter> - the location 
+			of the global <filename>smb.conf</filename> file. 
+			</para></listitem>
+			
+			<listitem><para><parameter>shareName</parameter> - the name of the new 
+			share.
+			</para></listitem>
+			
+			<listitem><para><parameter>pathName</parameter> - path to an **existing**
+			directory on disk.
+			</para></listitem>
+			
+			<listitem><para><parameter>comment</parameter> - comment string to associate 
+			with the new share.
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>
+		This parameter is only used modify existing file shares definitions.  To modify 
+		printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+		</para>
+		
+		<para>
+		See also <link linkend="ADDSHARECOMMAND"><parameter>add share
+		command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete 
+		share command</parameter></link>.
+		</para>
 		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>change share command = /usr/local/bin/addshare</command></para>
+		</listitem>
+		</varlistentry>
+
+
 		
 		<varlistentry>
 		<term><anchor id="CHARACTERSET">character set (G)</term>
-		<listitem><para>This allows a smbd to map incoming filenames 
+		<listitem><para>This allows <ulink url="smbd.8.html">smbd</ulink> to map incoming filenames 
 		from a DOS Code page (see the <link linkend="CLIENTCODEPAGE">client 
 		code page</link> parameter) to several built in UNIX character sets. 
 		The built in code page translations are:</para>
@@ -1546,6 +1656,11 @@
 		mode bits on created directories.  See also the <link linkend="INHERITPERMISSIONS">
 		<parameter>inherit permissions</parameter></link> parameter.</para>
 
+		<para>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <link 
+		linkend="SECURITYMASK"><parameter>security mask</parameter></link>.</para>
+
 		<para>Default: <command>create mask = 0744</command></para>
 		<para>Example: <command>create mask = 0775</command></para></listitem>
 		</varlistentry>
@@ -1606,7 +1721,7 @@
 		<varlistentry>
 		<term><anchor id="DEBUGPID">debug pid (G)</term>
 		<listitem><para>When using only one log file for more then one 
-		forked smbd-process there may be hard to follow which process 
+		forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process 
 		outputs which message. This boolean parameter is adds the process-id 
 		to the timestamp message headers in the logfile when turned on.</para>
 
@@ -1649,15 +1764,9 @@
 
 		<varlistentry>
 		<term><anchor id="DEBUGLEVEL">debuglevel (G)</term>
-		<listitem><para>The value of the parameter (an integer) allows 
-		the debug level (logging level) to be specified in the 
-		<filename>smb.conf</filename> file. This is to give greater 
-		flexibility in the configuration of the system.</para>
-
-		<para>The default will be the debug level specified on 
-		the command line or level zero if none was specified.</para>
-
-		<para>Example: <command>debug level = 3</command></para></listitem>
+		<listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter>
+		log level</parameter></link>.</para>
+		</listitem>
 		</varlistentry>
 
 
@@ -1722,6 +1831,48 @@
 
 
 		<varlistentry>
+		<term><anchor id="DELETEPRINTERCOMMAND">delete printer command (G)</term>
+		<listitem><para>With the introduction of MS-RPC based printer
+		support for Windows NT/2000 clients in Samba 2.2, it is now 
+		possible to delete printer at run time by issuing the 
+		DeletePrinter() RPC call.</para>
+		
+		<para>For a Samba host this means that the printer must be 
+		physically deleted from underlying printing system.  The <parameter>
+		deleteprinter command</parameter> defines a script to be run which 
+		will perform the necessary operations for removing the printer
+		from the print system and from <filename>smb.conf</filename>.
+		</para>
+		
+		<para>The <parameter>delete printer command</parameter> is 
+		automatically called with only one parameter: <parameter>
+		"printer name"</parameter>.</para>
+		
+				
+		<para>Once the <parameter>delete printer command</parameter> has 
+		been executed, <command>smbd</command> will reparse the <filename>
+		smb.conf</filename> to associated printer no longer exists.  
+		If the sharename is still valid, then <command>smbd
+		</command> will return an ACCESS_DENIED error to the client.</para>
+		
+		<para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>
+		add printer command</parameter></link>, <link 
+		linkend="printing"><parameter>printing</parameter></link>,
+		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
+		printer wizard</parameter></link></para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>deleteprinter command = /usr/bin/removeprinter
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
+
+		<varlistentry>
 		<term><anchor id="DELETEREADONLY">delete readonly (S)</term>
 		<listitem><para>This parameter allows readonly files to be deleted.  
 		This is not normal DOS semantics, but is allowed by UNIX.</para>
@@ -1734,6 +1885,53 @@
 		</varlistentry>
 
 
+
+		<varlistentry>
+		<term><anchor id="DELETESHARECOMMAND">delete share command (G)</term>
+		<listitem><para>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<parameter>delete share command</parameter> is used to define an 
+		external program or script which will remove an existing service 
+		definition from <filename>smb.conf</filename>.  In order to successfully 
+		execute the <parameter>delete share command</parameter>, <command>smbd</command>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</para>
+		
+		<para>
+		When executed, <command>smbd</command> will automatically invoke the 
+		<parameter>delete share command</parameter> with two parameters.
+		</para>
+		
+		<itemizedlist>
+			<listitem><para><parameter>configFile</parameter> - the location 
+			of the global <filename>smb.conf</filename> file. 
+			</para></listitem>
+			
+			<listitem><para><parameter>shareName</parameter> - the name of 
+			the existing service.
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>
+		This parameter is only used to remove file shares.  To delete printer shares, 
+		see the <link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer 
+		command</parameter></link>.
+		</para>
+		
+		<para>
+		See also <link linkend="ADDSHARECOMMAND"><parameter>delete share
+		command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter>change 
+		share</parameter></link>.
+		</para>
+		
+		<para>Default: <emphasis>none</emphasis></para>
+		<para>Example: <command>delete share command = /usr/local/bin/delshare</command></para>
+		
+		</listitem>
+		</varlistentry>
+
+
 		
 		
 		<varlistentry>
@@ -1798,57 +1996,17 @@
 
 
 
-		<varlistentry>
-		<term><anchor id="DELETEPRINTERCOMMAND">deleteprinter command (G)</term>
-		<listitem><para>With the introduction of MS-RPC based printer
-		support for Windows NT/2000 clients in Samba 2.2, it is now 
-		possible to delete printer at run time by issuing the 
-		DeletePrinter() RPC call.</para>
-		
-		<para>For a Samba host this means that the printer must be 
-		physically deleted from underlying printing system.  The <parameter>
-		deleteprinter command</parameter> defines a script to be run which 
-		will perform the necessary operations for removing the printer
-		from the print system and from <filename>smb.conf</filename>.
-		</para>
-		
-		<para>The <parameter>deleteprinter command</parameter> is 
-		automatically called with only one parameter: <parameter>
-		"printer name"</parameter>.</para>
-		
-				
-		<para>Once the <parameter>deleteprinter command</parameter> has 
-		been executed, <command>smbd</command> will reparse the <filename>
-		smb.conf</filename> to associated printer no longer exists.  
-		If the sharename is still valid, then <command>smbd
-		</command> will return an ACCESS_DENIED error to the client.</para>
-		
-		<para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>
-		addprinter command</parameter></link>, <link 
-		linkend="printing"><parameter>printing</parameter></link>,
-		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
-		printer wizard</parameter></link></para>
-		
-		<para>Default: <emphasis>none</emphasis></para>
-		<para>Example: <command>deleteprinter command = /usr/bin/removeprinter
-		</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
-
 
 		<varlistentry>
 		<term><anchor id="DELETEVETOFILES">delete veto files (S)</term>
 		<listitem><para>This option is used when Samba is attempting to 
 		delete a directory that contains one or more vetoed directories 
 		(see the <link linkend="VETOFILES"><parameter>veto files</parameter></link>
-		option).  If this option is set to False (the default) then if a vetoed 
+		option).  If this option is set to <constant>false</constant> (the default) then if a vetoed 
 		directory contains any non-vetoed files or directories then the 
 		directory delete will fail. This is usually what you want.</para>
 
-		<para>If this option is set to <constant>True</constant>, then Samba 
+		<para>If this option is set to <constant>true</constant>, then Samba 
 		will attempt to recursively delete any files and directories within 
 		the vetoed directory. This can be useful for integration with file 
 		serving systems such as NetAtalk which create meta-files within 
@@ -1963,6 +2121,11 @@
 		</parameter></link> parameter. This parameter is set to 000 by 
 		default (i.e. no extra mode bits are added).</para>
 
+		<para>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <link 
+		linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link>.</para>
+
 		<para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force 
 		directory mode</parameter></link> parameter to cause particular mode 
 		bits to always be set on created directories.</para>
@@ -2003,17 +2166,15 @@
 		mask may be treated as a set of bits the user is not allowed 
 		to change.</para>
 
-		<para>If not set explicitly this parameter is set to the same 
-		value as the <link linkend="DIRECTORYMASK"><parameter>directory 
-		mask</parameter></link> parameter. To allow a user to
-		modify all the user/group/world permissions on a directory, set 
-		this parameter to 0777.</para>
+		<para>If not set explicitly this parameter is set to 0777
+		meaning a user is allowed to modify all the user/group/world
+		permissions on a directory.</para>
 
 		<para><emphasis>Note</emphasis> that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
-		Administrators of most normal systems will probably want to set 
-		it to 0777.</para>
+		Administrators of most normal systems will probably want to leave
+		it as the default of <constant>0777</constant>.</para>
 
 		<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>
 		force directory security mode</parameter></link>, <link
@@ -2021,9 +2182,8 @@
 		<link linkend="FORCESECURITYMODE"><parameter>force security mode
 		</parameter></link> parameters.</para>
 
-		<para>Default: <command>directory security mask = &lt;same as 
-		directory mask&gt;</command></para>
-		<para>Example: <command>directory security mask = 0777</command></para>
+		<para>Default: <command>directory security mask = 0777</command></para>
+		<para>Example: <command>directory security mask = 0700</command></para>
 		</listitem>
 		</varlistentry>
 		
@@ -2055,73 +2215,53 @@
 
 		<varlistentry>
 		<term><anchor id="DOMAINADMINGROUP">domain admin group (G)</term>
-		<listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <ulink
-		url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by 
-		visiting the web page at <ulink url="http://lists.samba.org/">
-		http://lists.samba.org/</ulink>.</para></listitem>
-		</varlistentry>
-
-
-		<varlistentry>
-		<term><anchor id="DOMAINADMINUSERS">domain admin users (G)</term>
-		<listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <ulink
-		url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by 
-		visiting the web page at <ulink url="http://lists.samba.org/">
-		http://lists.samba.org/</ulink>.</para></listitem>
+		<listitem><para>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Admins" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<filename>smb.conf</filename>	notation.
+		</para>
+		
+		<para>See also <link linkend="DOMAINGUESTGROUP"><parameter>domain
+		guest group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain
+		logons</parameter></link>
+		</para>
+		
+		<para>Default: <emphasis>no domain administrators</emphasis></para>
+		<para>Example: <command>domain admin group = root @wheel</command></para>
+		</listitem>
 		</varlistentry>
 
 
-		<varlistentry>
-		<term><anchor id="DOMAINGROUPS">domain groups (G)</term>
-		<listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <ulink
-		url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by 
-		visiting the web page at <ulink url="http://lists.samba.org/">
-		http://lists.samba.org/</ulink>.</para></listitem>
-		</varlistentry>
-
 
 
 		<varlistentry>
 		<term><anchor id="DOMAINGUESTGROUP">domain guest group (G)</term>
-		<listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <ulink
-		url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by 
-		visiting the web page at <ulink url="http://lists.samba.org/">
-		http://lists.samba.org/</ulink>.</para></listitem>
-		</varlistentry>
-
-
-		<varlistentry>
-		<term><anchor id="DOMAINGUESTUSERS">domain guest users (G)</term>
-		<listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <ulink
-		url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by 
-		visiting the web page at <ulink url="http://lists.samba.org/">
-		http://lists.samba.org/</ulink>.</para></listitem>
+		<listitem><para>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Guests" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<filename>smb.conf</filename>	notation.
+		</para>
+		
+		<para>See also <link linkend="DOMAINADMINGROUP"><parameter>domain
+		admin group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain
+		logons</parameter></link>
+		</para>		
+		
+		<para>Default: <emphasis>no domain guests</emphasis></para>
+		<para>Example: <command>domain guest group = nobody @guest</command></para>
+		</listitem>
 		</varlistentry>
 
 
 		<varlistentry>
 		<term><anchor id="DOMAINLOGONS">domain logons (G)</term>
-		<listitem><para>If set to true, the Samba server will serve 
+		<listitem><para>If set to <constant>true</constant>, the Samba server will serve 
 		Windows 95/98 Domain logons for the <link linkend="WORKGROUP">
 		<parameter>workgroup</parameter></link> it is in. Samba 2.2 also 
 		has limited capability to act as a domain controller for Windows 
@@ -2196,7 +2336,7 @@
 		<varlistentry>
 		<term><anchor id="DOSFILEMODE">dos filemode (S)</term>
 		<listitem><para> The default behavior in Samba is to provide 
-		UNIX-like behavor where only the owner of a file/directory is 
+		UNIX-like behavior where only the owner of a file/directory is 
 		able to change the permissions on it.  However, this behavior
 		is often confusing to  DOS/Windows users.  Enabling this parameter 
 		allows a user who has write access to the file (by whatever 
@@ -2246,7 +2386,7 @@
 		default, Samba runs with POSIX semantics and refuses to change the 
 		timestamp on a file if the user <command>smbd</command> is acting 
 		on behalf of is not the file owner. Setting this option to <constant>
-		True</constant> allows DOS semantics and smbd will change the file 
+		true</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file 
 		timestamp as DOS requires.</para>
 
 		<para>Default: <command>dos filetimes = no</command></para></listitem>
@@ -2269,7 +2409,7 @@
 		</filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command>
 		smbpasswd(8)</command></ulink> program for information on how to set up 
  		and maintain this file), or set the <link
-		linkend="SECURITY">security=[serve|domain]</link> parameter which 
+		linkend="SECURITY">security=[server|domain]</link> parameter which 
 		causes <command>smbd</command> to authenticate against another 
 		server.</para>
 		
@@ -2280,16 +2420,16 @@
 		<varlistentry>
 		<term><anchor id="ENHANCEDBROWSING">enhanced browsing (G)</term>
 		<listitem><para>This option enables a couple of enhancements to 
-		cross-subnet browse propogation that have been added in Samba 
+		cross-subnet browse propagation that have been added in Samba 
 		but which are not standard in Microsoft implementations.  
 		<emphasis>These enhancements are currently only available in
 		the HEAD Samba CVS tree (not Samba 2.2.x).</emphasis></para>
 
-		<para>The first enhancement to browse propogation consists of a regular
+		<para>The first enhancement to browse propagation consists of a regular
 		wildcard query to a Samba WINS server for all Domain Master Browsers,
-		followed by a browse synchronisation with each of the returned
+		followed by a browse synchronization with each of the returned
 		DMBs. The second enhancement consists of a regular randomised browse
-		synchronisation with all currently known DMBs.</para>
+		synchronization with all currently known DMBs.</para>
 
 		<para>You may wish to disable this option if you have a problem with empty
 		workgroups not disappearing from browse lists. Due to the restrictions
@@ -2297,7 +2437,7 @@
 		to stay around forever which can be annoying.</para>
 
 		<para>In general you should leave this option enabled as it makes
-		cross-subnet browse propogation much more reliable.</para>
+		cross-subnet browse propagation much more reliable.</para>
 
 		<para>Default: <command>enhanced browsing = yes</command></para>
 		</listitem>
@@ -2357,7 +2497,7 @@
 		reported by Samba will be updated whenever a file is created or 
 		or deleted in the directory.  NMAKE finds all object files in 
 		the object directory.  The timestamp of the last one built is then 
-		compared to the timestamp of the object dircetory.  If the 
+		compared to the timestamp of the object directory.  If the 
 		directory's timestamp if newer, then all object files
 		will be rebuilt.  Enabling this option 
 		ensures directories always predate their contents and an NMAKE build 
@@ -2432,6 +2572,12 @@
 		mode after the mask set in the <parameter>create mask</parameter> 
 		parameter is applied.</para>
 		
+		<para>Note that by default this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		this mask on access control lists also, they need to set the <link 
+		linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with 
+		mask</parameter></link> to <constant>true</constant>.</para>
+
 		<para>See also the parameter <link linkend="CREATEMASK"><parameter>create 
 		mask</parameter></link> for details on masking mode bits on files.</para>
 
@@ -2460,6 +2606,12 @@
 		mask in the parameter <parameter>directory mask</parameter> is 
 		applied.</para>
 
+		<para>Note that by default this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		this mask on access control lists also, they need to set the <link 
+		linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with 
+		mask</parameter></link> to <constant>true</constant>.</para>
+
 		<para>See also the parameter <link linkend="DIRECTORYMASK"><parameter>
 		directory mask</parameter></link> for details on masking mode bits 
 		on created directories.</para>
@@ -2491,17 +2643,15 @@
 		mask may be treated as a set of bits that, when modifying security 
 		on a directory, the user has always set to be 'on'.</para>
 
-		<para>If not set explicitly this parameter is set to the same 
-		value as the <link linkend="FORCEDIRECTORYMODE"><parameter>force 
-		directory mode</parameter></link> parameter. To allow
-		a user to modify all the user/group/world permissions on a 
-		directory without restrictions, set this parameter to 000.</para>
+		<para>If not set explicitly this parameter is 000, which 
+		allows a user to modify all the user/group/world permissions on a 
+		directory without restrictions.</para>
 
 		<para><emphasis>Note</emphasis> that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
-		Administrators of most normal systems will probably want to set 
-		it to 0000.</para>
+		Administrators of most normal systems will probably want to leave
+		it set as 0000.</para>
 
 		<para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter>
 		directory security mask</parameter></link>, <link linkend="SECURITYMASK">
@@ -2509,9 +2659,8 @@
 		<link linkend="FORCESECURITYMODE"><parameter>force security mode
 		</parameter></link> parameters.</para>
 
-		<para>Default: <command>force directory security mode = &lt;same as 
-		force directory mode&gt;</command></para>
-		<para>Example: <command>force directory security mode = 0</command></para>
+		<para>Default: <command>force directory security mode = 0</command></para>
+		<para>Example: <command>force directory security mode = 700</command></para>
 		</listitem>
 		</varlistentry>
 
@@ -2569,17 +2718,15 @@
 		mask may be treated as a set of bits that, when modifying security 
 		on a file, the user has always set to be 'on'.</para>
 
-		<para>If not set explicitly this parameter is set to the same 
-		value as the <link linkend="FORCECREATEMODE"><parameter>force 
-		create mode</parameter></link> parameter. To allow a user to 
-		modify all the user/group/world permissions on a file, with no 
-		restrictions set this parameter to 000.</para>
+		<para>If not set explicitly this parameter is set to 0,
+		and allows a user to modify all the user/group/world permissions on a file,
+		with no restrictions.</para>
 		
 		<para><emphasis>Note</emphasis> that users who can access 
 		the Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
-		Administrators of most normal systems will probably want to set 
-		it to 0000.</para>
+		Administrators of most normal systems will probably want to leave
+		this set to 0000.</para>
 
 		<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>
 		force directory security mode</parameter></link>,
@@ -2587,9 +2734,8 @@
 		mask</parameter></link>, <link linkend="SECURITYMASK"><parameter>
 		security mask</parameter></link> parameters.</para>
 
-		<para>Default: <command>force security mode = &lt;same as force 
-		create mode&gt;</command></para>
-		<para>Example: <command>force security mode = 0</command></para>
+		<para>Default: <command>force security mode = 0</command></para>
+		<para>Example: <command>force security mode = 700</command></para>
 		</listitem>
 		</varlistentry>
 		
@@ -2646,7 +2792,7 @@
 		caching algorithm will be used to reduce the time taken for getwd() 
 		calls. This can have a significant impact on performance, especially 
 		when the <link linkend="WIDELINKS"><parameter>wide links</parameter>
-		</link>parameter is set to <constant>False</constant>.</para>
+		</link>parameter is set to <constant>false</constant>.</para>
 
 		<para>Default: <command>getwd cache = yes</command></para>
 		</listitem>
@@ -2781,7 +2927,7 @@
 		<varlistentry>
 		<term><anchor id="HOMEDIRMAP">homedir map (G)</term>
 		<listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir
-		</parameter></link> is <constant>True</constant>, and <ulink 
+		</parameter></link> is <constant>true</constant>, and <ulink 
 		url="smbd.8.html"><command>smbd(8)</command></ulink> is also acting 
 		as a Win95/98 <parameter>logon server</parameter> then this parameter 
 		specifies the NIS (or YP) map from which the server for the user's 
@@ -2922,7 +3068,7 @@
 		<parameter>hosts allow</parameter></link> which is about hosts 
 		access to services and is more useful for guest services. <parameter>
 		hosts equiv</parameter> may be useful for NT clients which will 
-		not supply passwords to samba.</para>
+		not supply passwords to Samba.</para>
 
 		<para><emphasis>NOTE :</emphasis> The use of <parameter>hosts equiv
 		</parameter> can be a major security hole. This is because you are 
@@ -2982,7 +3128,7 @@
 		inheritance (the code explicitly prohibits this).</para>
 
 		<para>This can be particularly useful on large systems with 
-		many users, perhaps several thousand,to allow a single [homes] 
+		many users, perhaps several thousand, to allow a single [homes] 
 		share to be used flexibly by each user.</para>
 		
 		<para>See also <link linkend="CREATEMASK"><parameter>create mask
@@ -3137,8 +3283,8 @@
 
 		<varlistentry>
 		<term><anchor id="LANMANAUTH">lanman auth (G)</term>
-		<listitem><para>This parameter determines whether or not smbd will
-		attempt to authentication users using the LANMAN password hash.
+		<listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will
+		attempt to authenticate users using the LANMAN password hash.
 		If disabled, only clients which support NT password hashes (e.g. Windows 
 		NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
 		network client) will be able to connect to the Samba host.</para>
@@ -3179,7 +3325,7 @@
 		oplocks</parameter></link> are supported then level2 oplocks are 
 		not granted (even if this parameter is set to <constant>yes</constant>). 
 		Note also, the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
-		</link> parameter must be set to "true" on this share in order for 
+		</link> parameter must be set to <constant>true</constant> on this share in order for 
 		this parameter to have any effect.</para>
 
 		<para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter>
@@ -3258,15 +3404,15 @@
 		<term><anchor id="LOCALMASTER">local master (G)</term>
 		<listitem><para>This option allows <ulink url="nmbd.8.html"><command>
 		nmbd(8)</command></ulink> to try and become a local master browser 
-		on a subnet. If set to <constant>False</constant> then <command>
+		on a subnet. If set to <constant>false</constant> then <command>
 		nmbd</command> will not attempt to become a local master browser 
 		on a subnet and will also lose in all browsing elections. By
-		default this value is set to true. Setting this value to true doesn't
+		default this value is set to <constant>true</constant>. Setting this value to <constant>true</constant> doesn't
 		mean that Samba will <emphasis>become</emphasis> the local master 
 		browser on a subnet, just that <command>nmbd</command> will <emphasis>
 		participate</emphasis> in elections for local master browser.</para>
 
-		<para>Setting this value to False will cause <command>nmbd</command>
+		<para>Setting this value to <constant>false</constant> will cause <command>nmbd</command>
 		<emphasis>never</emphasis> to become a local master browser.</para>
 
   		<para>Default: <command>local master = yes</command></para>
@@ -3312,7 +3458,7 @@
 
 		<para>This option <emphasis>may</emphasis> be useful for read-only 
 		filesystems which <emphasis>may</emphasis> not need locking (such as 
-		cdrom drives), although setting this parameter of <constant>no</constant> 
+		CDROM drives), although setting this parameter of <constant>no</constant> 
 		is not really recommended even in this case.</para>
 
 		<para>Be careful about disabling locking either globally or in a 
@@ -3341,9 +3487,15 @@
 
 		<varlistentry>
 		<term><anchor id="LOGLEVEL">log level (G)</term>
-		<listitem><para>Synonym for <link linkend="DEBUGLEVEL"><parameter>
-		debug level</parameter></link>.</para>
-		</listitem>
+		<listitem><para>The value of the parameter (an integer) allows 
+		the debug level (logging level) to be specified in the 
+		<filename>smb.conf</filename> file. This is to give greater 
+		flexibility in the configuration of the system.</para>
+
+		<para>The default will be the log level specified on 
+		the command line or level zero if none was specified.</para>
+
+		<para>Example: <command>log level = 3</command></para></listitem>
 		</varlistentry>
 
 
@@ -3426,7 +3578,7 @@
 		
 		<para>The share and the path must be readable by the user for 
 		the preferences and directories to be loaded onto the Windows NT
-		client.  The share must be writeable when the logs in for the first
+		client.  The share must be writeable when the user logs in for the first
 		time, in order that the Windows NT client can create the NTuser.dat
 		and other directories.</para>
 
@@ -3460,7 +3612,7 @@
 		<listitem><para>This parameter specifies the batch file (.bat) or 
 		NT command file (.cmd) to be downloaded and run on a machine when 
 		a user successfully logs in.  The file must contain the DOS 
-		style cr/lf line endings. Using a DOS-style editor to create the 
+		style CR/LF line endings. Using a DOS-style editor to create the 
 		file is recommended.</para>
 		
 		<para>The script must be a relative path to the [netlogon] 
@@ -3471,7 +3623,7 @@
 
 		<para><filename>/usr/local/samba/netlogon/STARTUP.BAT</filename></para>
 
-		<para>The contents of the batch file is entirely your choice.  A 
+		<para>The contents of the batch file are entirely your choice.  A 
 		suggested command would be to add <command>NET TIME \\SERVER /SET 
 		/YES</command>, to force every machine to synchronize clocks with 
 		the same time server.  Another use would be to add <command>NET USE 
@@ -3508,7 +3660,7 @@
 		of implementing this is by using job priorities, where jobs 
 		having a too low priority won't be sent to the printer.</para>
 
-		<para>If a <parameter>%p</parameter> is given then the printername 
+		<para>If a <parameter>%p</parameter> is given then the printer name 
 		is put in its place. A <parameter>%j</parameter> is replaced with 
 		the job number (an integer).  On HPUX (see <parameter>printing=hpux
 		</parameter>), if the <parameter>-p%p</parameter> option is added 
@@ -3591,7 +3743,7 @@
 		server reports on the first printer service connected to by the 
 		client. This only happens if the connection number sent is invalid.</para>
 
-		<para>If a <parameter>%p</parameter> is given then the printername 
+		<para>If a <parameter>%p</parameter> is given then the printer name 
 		is put in its place. Otherwise it is placed at the end of the 
 		command.</para>
 
@@ -3622,7 +3774,7 @@
 		also the <link linkend="LPPAUSECOMMAND"><parameter>lppause command
 		</parameter></link> parameter.</para>
 
-		<para>If a <parameter>%p</parameter> is given then the printername 
+		<para>If a <parameter>%p</parameter> is given then the printer name 
 		is put in its place. A <parameter>%j</parameter> is replaced with 
 		the job number (an integer).</para>
 		
@@ -3659,7 +3811,7 @@
 		<para>This command should be a program or script which takes 
 		a printer name and job number, and deletes the print job.</para>
 
-		<para>If a <parameter>%p</parameter> is given then the printername 
+		<para>If a <parameter>%p</parameter> is given then the printer name 
 		is put in its place. A <parameter>%j</parameter> is replaced with 
 		the job number (an integer).</para>
 
@@ -3683,7 +3835,7 @@
 
 		<varlistentry>
 		<term><anchor id="MACHINEPASSWORDTIMEOUT">machine password timeout (G)</term>
-		<listitem><para>If a Samba server is a member of an Windows 
+		<listitem><para>If a Samba server is a member of a Windows 
 		NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security=domain</link>) 
 		parameter) then periodically a running <ulink url="smbd.8.html">
 		smbd(8)</ulink> process will try and change the MACHINE ACCOUNT 
@@ -3729,8 +3881,8 @@
 		executed on behalf of the connected user.</para>
 
 		<para>Scripts executed in this way will be deleted upon 
-		completion assuming that the user has the appripriate level 
-		of priviledge and the ile permissions allow the deletion.</para>
+		completion assuming that the user has the appropriate level 
+		of privilege and the file permissions allow the deletion.</para>
 
 		<para>If the script generates output, output will be sent to 
 		the file specified by the <link linkend="MAGICOUTPUT"><parameter>
@@ -3765,7 +3917,7 @@
 		<varlistentry>
 		<term><anchor id="MANGLEDMAP">mangled map (S)</term>
 		<listitem><para>This is for those who want to directly map UNIX 
-		file names which can not be represented on Windows/DOS.  The mangling 
+		file names which cannot be represented on Windows/DOS.  The mangling 
 		of names is not always what is needed.  In particular you may have 
 		documents with file extensions that differ between DOS and UNIX. 
 		For example, under UNIX it is common to use <filename>.html</filename> 
@@ -3778,7 +3930,7 @@
 		<para><command>mangled map = (*.html *.htm)</command></para>
 
 		<para>One very useful case is to remove the annoying <filename>;1
-		</filename> off the ends of filenames on some CDROMS (only visible 
+		</filename> off the ends of filenames on some CDROMs (only visible 
 		under some UNIXes). To do this use a map of (*;1 *;).</para>
 
 		<para>Default: <emphasis>no mangled map</emphasis></para>
@@ -3860,12 +4012,12 @@
 
 		<para>The larger this value, the more likely it is that mangled 
 		names can be successfully converted to correct long UNIX names. 
-		However, large stack sizes will slow most directory access. Smaller 
+		However, large stack sizes will slow most directory accesses. Smaller 
 		stacks save memory in the server (each stack element costs 256 bytes).
 		</para>
 
 		<para>It is not possible to absolutely guarantee correct long 
-		file names, so be prepared for some surprises!</para>
+		filenames, so be prepared for some surprises!</para>
 
 		<para>Default: <command>mangled stack = 50</command></para>
   		<para>Example: <command>mangled stack = 100</command></para>
@@ -4063,7 +4215,7 @@
 		<varlistentry>
 		<term><anchor id="MAXMUX">max mux (G)</term>
 		<listitem><para>This option controls the maximum number of 
-		outstanding simultaneous SMB operations that samba tells the client 
+		outstanding simultaneous SMB operations that Samba tells the client 
 		it will allow. You should never need to set this parameter.</para>
 
 		<para>Default: <command>max mux = 50</command></para>
@@ -4149,10 +4301,10 @@
 		<listitem><para>This parameter limits the maximum number of 
 		<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>
 		processes concurrently running on a system and is intended
-		as a stop gap to prevent degrading service to clients in the event
+		as a stopgap to prevent degrading service to clients in the event
 		that the server has insufficient resources to handle more than this
 		number of connections.  Remember that under normal operating
-		conditions, each user will have an smbd associated with him or her
+		conditions, each user will have an <ulink url="smbd.8.html">smbd</ulink> associated with him or her
 		to handle connections to all shares from a given host.
 		</para>
 
@@ -4230,7 +4382,7 @@
 		THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I 
 		have the '&' on the end. If it doesn't return immediately then 
 		your PCs may freeze when sending messages (they should recover 
-		after 30secs, hopefully).</para>
+		after 30 seconds, hopefully).</para>
 
 		<para>All messages are delivered as the global guest user. 
 		The command takes the standard substitutions, although <parameter>
@@ -4581,6 +4733,28 @@
 
 
 
+
+		<varlistentry>
+		<term><anchor id="OBEYPAMRESTRICTIONS">obey pam restrictions (G)</term>
+		<listitem><para>When Samba 2.2 is configured to enable PAM support
+		(i.e. --with-pam), this parameter will control whether or not Samba
+		should obey PAM's account and session management directives.  The 
+		default behavior is to use PAM for clear text authentication only
+		and to ignore any account or session management.  Note that Samba
+		always ignores PAM for authentication in the case of <link
+		linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords = yes</parameter>
+		</link>.  The reason is that PAM modules cannot support the challenge/response
+		authentication mechanism needed in the presence of SMB password encryption.
+		</para>
+
+		<para>Default: <command>obey pam restrictions = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+
 		<varlistentry>
 		<term><anchor id="ONLYUSER">only user (S)</term>
 		<listitem><para>This is a boolean option that controls whether 
@@ -4609,24 +4783,6 @@
 
 
 
-
-		<varlistentry>
-		<term><anchor id="OLELOCKINGCOMPATIBILITY">ole locking compatibility (G)</term>
-		<listitem><para>This parameter allows an administrator to turn 
- 		off the byte range lock manipulation that is done within Samba to 
-		give compatibility for OLE applications. Windows OLE applications 
-		use byte range locking as a form of inter-process communication, by 
-		locking ranges of bytes around the 2^32 region of a file range. This 
-		can cause certain UNIX lock managers to crash or otherwise cause 
-		problems. Setting this parameter to <constant>no</constant> means you 
-		trust your UNIX lock manager to handle such cases correctly.</para>
-
-		<para>Default: <command>ole locking compatibility = yes</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
 		<varlistentry>
 		<term><anchor id="ONLYGUEST">only guest (S)</term>
 		<listitem><para>A synonym for <link linkend="GUESTONLY"><parameter>
@@ -4661,7 +4817,7 @@
 		improve the efficiency of the granting of oplocks under multiple 
 		client contention for the same file.</para>
 		
-		<para>In brief it specifies a number, which causes smbd not to 
+		<para>In brief it specifies a number, which causes <ulink url="smbd.8.html">smbd</ulink> not to 
 		grant an oplock even when requested if the approximate number of 
 		clients contending for an oplock on the same file goes over this 
 		limit. This causes <command>smbd</command> to behave in a similar 
@@ -4680,7 +4836,7 @@
 
 		<varlistentry>
 		<term><anchor id="OPLOCKS">oplocks (S)</term>
-		<listitem><para>This boolean option tells smbd whether to 
+		<listitem><para>This boolean option tells <command>smbd</command> whether to 
 		issue oplocks (opportunistic locks) to file open requests on this 
 		share. The oplock code can dramatically (approx. 30% or more) improve 
 	 	the speed of access to files on Samba servers. It allows the clients 
@@ -4741,7 +4897,7 @@
 		name&gt;.&lt;device name&gt;</para>
 		
 		<para>For example, a valid entry using the HP LaserJet 5
-		printer driver woudl appear as <command>HP LaserJet 5L = LASERJET.HP 
+		printer driver would appear as <command>HP LaserJet 5L = LASERJET.HP 
 		LaserJet 5L</command>.</para>
 		
 		<para>The need for the file is due to the printer driver namespace 
@@ -4756,6 +4912,23 @@
 		</varlistentry>
 
 
+		<varlistentry>
+		<term><anchor id="PAMPASSWORDCHANGE">pam password change (G)</term>
+  		<listitem><para>With the addition of better PAM support in Samba 2.2, 
+  		this parameter, it is possible to use PAM's password change control 
+  		flag for Samba.  If enabled, then PAM will be used for password
+ 		changes when requested by an SMB client insted of the program listed in 
+                <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link>. 
+                It should be possible to enable this without changing your 
+                <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link>
+                paramater for most setups.
+  		</para>
+		
+		<para>Default: <command>pam password change = no</command></para>
+		
+		</listitem>
+		</varlistentry>
+
 
 		<varlistentry>
 		<term><anchor id="PANICACTION">panic action (G)</term>
@@ -4776,7 +4949,7 @@
 		<listitem><para>This string controls the <emphasis>"chat"</emphasis> 
 		conversation that takes places between <ulink 
 		url="smbd.8.html">smbd</ulink> and the local password changing
-		program to change the users password. The string describes a 
+		program to change the user's password. The string describes a 
 		sequence of response-receive pairs that <ulink url="smbd.8.html">
 		smbd(8)</ulink> uses to determine what to send to the 
 		<link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter>
@@ -4801,20 +4974,27 @@
 		in them into a single string.</para>
 
 		<para>If the send string in any part of the chat sequence 
-		is a fullstop ".",  then no string is sent. Similarly, 
-		if the expect string is a fullstop then no string is expected.</para>
+		is a full stop ".",  then no string is sent. Similarly, 
+		if the expect string is a full stop then no string is expected.</para>
 
 		<para>Note that if the <link linkend="UNIXPASSWORDSYNC"><parameter>unix 
-		password sync</parameter></link> parameter is set to true, then this 
+		password sync</parameter></link> parameter is set to <constant>true</constant>, then this 
 		sequence is called <emphasis>AS ROOT</emphasis> when the SMB password 
 		in the smbpasswd file is being changed, without access to the old 
 		password cleartext. In this case the old password cleartext is set 
 		to "" (the empty string).</para>
 
+  		<para>Also, if the <link linkend="PAMPASSWORDCHANGE"><parameter>pam
+ 		password change</parameter></link> parameter is set to true, the chat pairs
+                may be matched in any order, and sucess is determined by the PAM result, 
+                not any particular output. The \n macro is ignored for PAM conversions.
+  		</para>
+
 		<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix password 
 		sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter>
-		passwd program</parameter></link> and <link linkend="PASSWDCHATDEBUG">
-		<parameter>passwd chat debug</parameter></link>.</para>
+		passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG">
+		<parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE">
+		<parameter>pam password change</parameter></link>.</para>
 
 		<para>Default: <command>passwd chat = *new*password* %n\n 
 		*new*password* %n\n *changed*</command></para>
@@ -4837,12 +5017,15 @@
 		to be seen in the <command>smbd</command> log. It is available to help 
 		Samba admins debug their <parameter>passwd chat</parameter> scripts 
 		when calling the <parameter>passwd program</parameter> and should 
-		be turned off after this has been done. This parameter is off by
-		default.</para>
+ 		be turned off after this has been done. This option has no effect if the 
+                <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link>
+                paramter is set. This parameter is off by default.</para>
+  
 
-		<para>See also <<link linkend="PASSWDCHAT"><parameter>passwd chat</parameter>
-		</link>, <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter>
-		</link>.</para>
+ 		<para>See also <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter>
+ 		</link>, <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter>
+                </link>, <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter>
+  		</link>.</para>
 
 		<para>Default: <command>passwd chat debug = no</command></para>
 		</listitem>
@@ -4864,7 +5047,7 @@
 		it.</para>
 
 		<para><emphasis>Note</emphasis> that if the <parameter>unix 
-		password sync</parameter> parameter is set to <constant>True
+		password sync</parameter> parameter is set to <constant>true
 		</constant> then this program is called <emphasis>AS ROOT</emphasis> 
 		before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5)
 		</ulink> file is changed. If this UNIX password change fails, then 
@@ -4875,7 +5058,7 @@
 		is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> 
 		for <emphasis>ALL</emphasis> programs called, and must be examined 
 		for security implications. Note that by default <parameter>unix 
-		password sync</parameter> is set to <constant>False</constant>.</para>
+		password sync</parameter> is set to <constant>false</constant>.</para>
 
 		<para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix 
 		password sync</parameter></link>.</para>
@@ -5004,7 +5187,7 @@
 			password server then you will have to ensure that your users 
 			are able to login from the Samba server, as when in <command>
 			security=server</command>  mode the network logon will appear to 
-			come from there rather than from the users workstation.</para></listitem>
+			come from there rather than from the user's workstation.</para></listitem>
 		</itemizedlist>
 
 		<para>See also the <link linkend="SECURITY"><parameter>security
@@ -5075,7 +5258,7 @@
 		substitutions. The command may be run as the root on some 
 		systems.</para>
 
-		<para>An interesting example may be do unmount server 
+		<para>An interesting example may be to unmount server 
 		resources:</para>
 
 		<para><command>postexec = /etc/umount /cdrom</command></para>
@@ -5096,7 +5279,7 @@
 		<varlistentry>
 		<term><anchor id="POSTSCRIPT">postscript (S)</term>
 		<listitem><para>This parameter forces a printer to interpret 
-		the print files as postscript. This is done by adding a <constant>%!
+		the print files as PostScript. This is done by adding a <constant>%!
 		</constant> to the start of print output.</para>
 
 		<para>This is most useful when you have lots of PCs that persist 
@@ -5152,7 +5335,7 @@
 		url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser 
 		for its workgroup.</para>
 
-		<para>If this is set to true, on startup, <command>nmbd</command> 
+		<para>If this is set to <constant>true</constant>, on startup, <command>nmbd</command> 
 		will force an election, and it will have a slight advantage in 
 		winning the election.  It is recommended that this parameter is 
 		used in conjunction with <command><link linkend="DOMAINMASTER"><parameter>
@@ -5389,11 +5572,11 @@
 		
 		<varlistentry>
 		<term><anchor id="PRINTERDRIVER">printer driver (S)</term>
-		<listitem><para><emphasis>Note :</emphasis>This is a depreciated 
+		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
-		<filename>PRINTER_DRIVER2.txt</filename> in the <filename>docs
-		</filename> of the Samba distribution for more information
+		the <ulink url="printer_driver2.html">Samba 2.2. Printing
+		HOWTO</ulink> for more information
 		on the new method of loading printer drivers onto a Samba server.
 		</para>
 		
@@ -5422,11 +5605,11 @@
 
 		<varlistentry>
 		<term><anchor id="PRINTERDRIVERFILE">printer driver file (G)</term>
-		<listitem><para><emphasis>Note :</emphasis>This is a depreciated 
+		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
-		<filename>PRINTER_DRIVER2.txt</filename> in the <filename>docs
-		</filename> of the Samba distribution for more information
+		the <ulink url="printer_driver2.html">Samba 2.2. Printing
+		HOWTO</ulink> for more information
 		on the new method of loading printer drivers onto a Samba server.
 		</para>
 
@@ -5440,7 +5623,7 @@
 		<para>This file is created from Windows 95 <filename>msprint.inf
 		</filename> files found on the Windows 95 client system. For more 
 		details on setting up serving of printer drivers to Windows 95 
-		clients, see the documentation file in the <filename>docs/</filename> 
+		clients, see the outdated documentation file in the <filename>docs/</filename> 
 		directory, <filename>PRINTER_DRIVER.txt</filename>.</para>
 
 		<para>See also <link linkend="PRINTERDRIVERLOCATION"><parameter>
@@ -5458,11 +5641,11 @@
 
 		<varlistentry>
 		<term><anchor id="PRINTERDRIVERLOCATION">printer driver location (S)</term>
-		<listitem><para><emphasis>Note :</emphasis>This is a depreciated 
+		<listitem><para><emphasis>Note :</emphasis>This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
-		<filename>PRINTER_DRIVER2.txt</filename> in the <filename>docs
-		</filename> of the Samba distribution for more information
+		the <ulink url="printer_driver2.html">Samba 2.2. Printing
+		HOWTO</ulink> for more information
 		on the new method of loading printer drivers onto a Samba server.
 		</para>
 
@@ -5475,7 +5658,7 @@
 
 		<para>Where MACHINE is the NetBIOS name of your Samba server, 
 		and PRINTER$ is a share you set up for serving printer driver 
-		files. For more details on setting this up see the documentation 
+		files. For more details on setting this up see the outdated documentation 
 		file in the <filename>docs/</filename> directory, <filename>
 		PRINTER_DRIVER.txt</filename>.</para>
 
@@ -5524,7 +5707,7 @@
 		<parameter>lpq command</parameter>, <parameter>lppause command
 		</parameter>, <parameter>lpresume command</parameter>, and 
 		<parameter>lprm command</parameter> if specified in the 
-		[global]f> section.</para>
+		[global] section.</para>
 
 		<para>Currently eight printing styles are supported. They are
 		<constant>BSD</constant>, <constant>AIX</constant>, 
@@ -5568,17 +5751,17 @@
 		<varlistentry>
 		<term><anchor id="QUEUEPAUSECOMMAND">queuepause command (S)</term>
 		<listitem><para>This parameter specifies the command to be 
-		executed on the server host in order to pause the printerqueue.</para>
+		executed on the server host in order to pause the printer queue.</para>
 
 		<para>This command should be a program or script which takes 
-		a printer name as its only parameter and stops the printerqueue, 
+		a printer name as its only parameter and stops the printer queue, 
 		such that no longer jobs are submitted to the printer.</para>
 
 		<para>This command is not supported by Windows for Workgroups, 
-		but can be issued from the Printer's window under Windows 95 
+		but can be issued from the Printers window under Windows 95 
 		and NT.</para>
 		
-		<para>If a <parameter>%p</parameter> is given then the printername 
+		<para>If a <parameter>%p</parameter> is given then the printer name 
 		is put in its place. Otherwise it is placed at the end of the command.
 		</para>
 
@@ -5597,20 +5780,20 @@
 		<varlistentry>
 		<term><anchor id="QUEUERESUMECOMMAND">queueresume command (S)</term>
 		<listitem><para>This parameter specifies the command to be 
-		executed on the server host in order to resume the printerqueue. It 
+		executed on the server host in order to resume the printer queue. It 
  		is the command to undo the behavior that is caused by the 
 		previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter>
 		queuepause command</parameter></link>).</para>
  
 		<para>This command should be a program or script which takes 
-		a printer name as its only parameter and resumes the printerqueue, 
+		a printer name as its only parameter and resumes the printer queue, 
 		such that queued jobs are resubmitted to the printer.</para>
 
 		<para>This command is not supported by Windows for Workgroups, 
-		but can be issued from the Printer's window under Windows 95 
+		but can be issued from the Printers window under Windows 95 
 		and NT.</para>
 
-		<para>If a <parameter>%p</parameter> is given then the printername 
+		<para>If a <parameter>%p</parameter> is given then the printer name 
 		is put in its place. Otherwise it is placed at the end of the 
 		command.</para>
 
@@ -5742,7 +5925,7 @@
 		<para><command>remote announce = 192.168.2.255/SERVERS 
 		192.168.4.255/STAFF</command></para>
 
-		<para>the above line would cause nmbd to announce itself 
+		<para>the above line would cause <command>nmbd</command> to announce itself 
 		to the two given IP addresses using the given workgroup names. 
 		If you leave out the workgroup name then the one given in 
 		the <link linkend="WORKGROUP"><parameter>workgroup</parameter></link> 
@@ -5766,10 +5949,10 @@
 		<term><anchor id="REMOTEBROWSESYNC">remote browse sync (G)</term>
 		<listitem><para>This option allows you to setup <ulink 
 		url="nmbd.8.html">nmbd(8)</ulink> to periodically request 
-		synchronization of browse lists with the master browser of a samba 
+		synchronization of browse lists with the master browser of a Samba 
 		server that is on a remote segment. This option will allow you to 
 		gain browse lists for multiple workgroups across routed networks. This 
-		is done in a manner that does not work with any non-samba servers.</para>
+		is done in a manner that does not work with any non-Samba servers.</para>
 
 		<para>This is useful if you want your Samba server and all local 
 		clients to appear in a remote workgroup for which the normal browse 
@@ -5790,7 +5973,7 @@
 		of known browse masters if your network config is that stable. If 
 		a machine IP address is given Samba makes NO attempt to validate 
 		that the remote machine is available, is listening, nor that it 
-		is in fact the browse master on it's segment.</para>
+		is in fact the browse master on its segment.</para>
 
 		<para>Default: <command>remote browse sync = &lt;empty string&gt;
 		</command></para>
@@ -5800,11 +5983,40 @@
 
 
 		<varlistentry>
+		<term><anchor id="RESTRICTACLWITHMASK">restrict acl with mask (S)</term>
+		<listitem><para>This is a boolean parameter.  If set to <constant>false</constant> (default), then 
+		creation of files with access control lists (ACLS) and modification of ACLs
+		using the Windows NT/2000 ACL editor will be applied directly to the file
+		or directory.</para>
+
+		<para>If set to <constant>true</constant>, then all requests to set an ACL on a file will have the
+		parameters <link linkend="CREATEMASK"><parameter>create mask</parameter></link>,
+		<link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>
+		applied before setting the ACL, and all requests to set an ACL on a directory will
+		have the parameters <link linkend="DIRECTORYMASK"><parameter>directory 
+		mask</parameter></link>, <link linkend="FORCEDIRECTORYMODE"><parameter>force 
+		directory mode</parameter></link> applied before setting the ACL.
+		</para>
+
+		<para>See also <link linkend="CREATEMASK"><parameter>create mask</parameter></link>,
+		<link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>,
+		<link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link>,
+		<link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link>
+		</para>
+
+		<para>Default: <command>restrict acl with mask = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		<varlistentry>
 		<term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term>
-		<listitem><para>This is a boolean parameter.  If it is true, then 
+		<listitem><para>This is a boolean parameter.  If it is <constant>true</constant>, then 
 		anonymous access to the server will be restricted, namely in the 
 		case where the server is expecting the client to send a username, 
-		but it doesn't.  Setting it to true will force these anonymous 
+		but it doesn't.  Setting it to <constant>true</constant> will force these anonymous 
  		connections to be denied, and the client will be required to always 
 		supply a username and password when connecting. Use of this parameter 
 		is only recommended for homogeneous NT client environments.</para>
@@ -5814,10 +6026,10 @@
 		likes to use anonymous connections when refreshing the share list, 
 		and this is a way to work around that.</para>
 
-		<para>When restrict anonymous is true, all anonymous connections 
+		<para>When restrict anonymous is <constant>true</constant>, all anonymous connections 
 		are denied no matter what they are for.  This can effect the ability 
-		of a machine to access the samba Primary Domain Controller to revalidate 
-		it's machine account after someone else has logged on the client 
+		of a machine to access the Samba Primary Domain Controller to revalidate 
+		its machine account after someone else has logged on the client 
 		interactively.  The NT client will display a message saying that 
 		the machine's account in  the domain doesn't exist or the password is 
 		bad.  The best way to deal  with this is to reboot NT client machines 
@@ -5850,7 +6062,7 @@
 		<varlistentry>
 		<term><anchor id="ROOTDIRECTORY">root directory (G)</term>
 		<listitem><para>The server will <command>chroot()</command> (i.e. 
-		Change it's root directory) to this directory on startup. This is 
+		Change its root directory) to this directory on startup. This is 
 		not strictly necessary for secure operation. Even without it the 
 		server will deny access to files not in one of the service entries. 
 		It may also check for, and deny access to, soft links to other 
@@ -5884,7 +6096,7 @@
 		<listitem><para>This is the same as the <parameter>postexec</parameter>
 		parameter except that the command is run as root. This 
 		is useful for unmounting filesystems 
-		(such as cdroms) after a connection is closed.</para>
+		(such as CDROMs) after a connection is closed.</para>
 
 		<para>See also <link linkend="POSTEXEC"><parameter>
 		postexec</parameter></link>.</para>
@@ -5898,8 +6110,8 @@
 		<term><anchor id="ROOTPREEXEC">root preexec (S)</term>
 		<listitem><para>This is the same as the <parameter>preexec</parameter>
 		parameter except that the command is run as root. This 
-		is useful for mounting filesystems (such as cdroms) after a 
-		connection is closed.</para>
+		is useful for mounting filesystems (such as CDROMs) when a 
+		connection is opened.</para>
 
 		<para>See also <link linkend="PREEXEC"><parameter>
 		preexec</parameter></link> and <link linkend="PREEXECCLOSE">
@@ -5982,7 +6194,7 @@
 		<para><anchor id="SECURITYEQUALSSHARE"><emphasis>SECURITY = SHARE
 		</emphasis></para> 
 		
-		<para>When clients connect to a share level security server then 
+		<para>When clients connect to a share level security server they 
 		need not log onto the server with a valid username and password before 
 		attempting to connect to a shared resource (although modern clients 
 		such as Windows 95/98 and Windows NT will send a logon request with 
@@ -6048,7 +6260,7 @@
 		<para>See also the section <link linkend="VALIDATIONSECT">
 		NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
 
-		<para><anchor id="SECURITYEQUALSUSER"><emphasis>SECURIYT = USER
+		<para><anchor id="SECURITYEQUALSUSER"><emphasis>SECURITY = USER
 		</emphasis></para>
 
 		<para>This is the default security setting in Samba 2.2. 
@@ -6088,7 +6300,7 @@
 		<filename>ENCRYPTION.txt</filename> for details on how to set this 
 		up.</para>
 
-		<para><emphasis>Note</emphasis> that from the clients point of 
+		<para><emphasis>Note</emphasis> that from the client's point of 
 		view <command>security = server</command> is the same as <command>
 		security = user</command>.  It only affects how the server deals 
 		with the authentication, it does not in any way affect what the 
@@ -6127,7 +6339,7 @@
 		exist as well as the account on the Domain Controller to allow 
 		Samba to have a valid UNIX account to map file access to.</para>
 
-		<para><emphasis>Note</emphasis> that from the clients point 
+		<para><emphasis>Note</emphasis> that from the client's point 
 		of view <command>security = domain</command> is the same as <command>security = user
 		</command>. It only affects how the server deals with the authentication, 
 		it does not in any way affect what the client sees.</para>
@@ -6177,17 +6389,15 @@
 		mask may be treated as a set of bits the user is not allowed 
 		to change.</para>
 
-		<para>If not set explicitly this parameter is set to the same
-		value as the <link linkend="CREATEMASK"><parameter>create mask
-		</parameter></link> parameter. To allow a user to modify all the 
-		user/group/world permissions on a file, set this parameter to 
-		0777.</para>
+		<para>If not set explicitly this parameter is 0777, allowing
+		a user to modify all the user/group/world permissions on a file.
+		</para>
 
 		<para><emphasis>Note</emphasis> that users who can access the 
 		Samba server through other means can easily bypass this 
 		restriction, so it is primarily useful for standalone 
 		"appliance" systems.  Administrators of most normal systems will 
-		probably want to set it to 0777.</para>
+		probably want to leave it set to <constant>0777</constant>.</para>
 		
 		<para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE">
 		<parameter>force directory security mode</parameter></link>, 
@@ -6195,9 +6405,8 @@
 		security mask</parameter></link>, <link linkend="FORCESECURITYMODE">
 		<parameter>force security mode</parameter></link> parameters.</para>
 
-		<para>Default: <command>security mask = &lt;same as create mask&gt;
-		</command></para>
-		<para>Example: <command>security mask = 0777</command></para>
+		<para>Default: <command>security mask = 0777</command></para>
+		<para>Example: <command>security mask = 0770</command></para>
 		</listitem>
 		</varlistentry>
 
@@ -6206,7 +6415,7 @@
 		<term><anchor id="SERVERSTRING">server string (G)</term>
 		<listitem><para>This controls what string will show up in the 
 		printer comment box in print manager and next to the IPC connection 
-		in <command>net view"</command>. It can be any string that you wish 
+		in <command>net view</command>. It can be any string that you wish 
 		to show to your users.</para>
 		
 		<para>It also sets what will appear in browse lists next 
@@ -6273,7 +6482,6 @@
 
 
 
-
 		<varlistentry>
 		<term><anchor id="SHORTPRESERVECASE">short preserve case (S)</term>
 		<listitem><para>This boolean parameter controls if new files 
@@ -6308,7 +6516,7 @@
 		Administrator privileges.  If the user does not have administrative
 		access on the print server (i.e is not root or a member of the 
 		<parameter>printer admin</parameter> group), the OpenPrinterEx() 
-		call fails and the clients another open call with a request for 
+		call fails and the client makes another open call with a request for 
 		a lower privilege level.  This should succeed, however the APW 
 		icon will not be displayed.</para>
 		
@@ -6354,7 +6562,7 @@
 		support multiple virtual interfaces on the one server, each 
 		with a different configuration.</para>
 		
-		<para>By default samba will accept connections on any 
+		<para>By default Samba will accept connections on any 
 		address.</para>
 
 		<para>Example: <command>socket address = 192.168.2.20</command>
@@ -6475,8 +6683,8 @@
 		current binary version of Samba.</para>
 
 		<para>This variable enables or disables the entire SSL mode. If 
-		it is set to <constant>no</constant>, the SSL enabled samba behaves 
-		exactly like the non-SSL samba. If set to <constant>yes</constant>, 
+		it is set to <constant>no</constant>, the SSL-enabled Samba behaves 
+		exactly like the non-SSL Samba. If set to <constant>yes</constant>, 
 		it depends on the variables <link linkend="SSLHOSTS"><parameter>
 		ssl hosts</parameter></link> and <link linkend="SSLHOSTSRESIGN">
 		<parameter>ssl hosts resign</parameter></link> whether an SSL 
@@ -6501,7 +6709,7 @@
 
 		<para>This variable defines where to look up the Certification
 		Authorities. The given directory should contain one file for 
-		each CA that samba will trust.  The file name must be the hash 
+		each CA that Samba will trust.  The file name must be the hash 
 		value over the "Distinguished Name" of the CA. How this directory 
 		is set up is explained later in this document. All files within the 
 		directory that don't fit into this naming scheme are ignored. You 
@@ -6643,14 +6851,14 @@
 		this code is <emphasis>NOT</emphasis> enabled by default in any 
 		current binary version of Samba.</para>
 
-		<para>These two variables define whether samba will go 
-		into SSL mode or not. If none of them is defined, samba will 
+		<para>These two variables define whether Samba will go 
+		into SSL mode or not. If none of them is defined, Samba will 
 		allow only SSL connections. If the <link linkend="SSLHOSTS">
 		<parameter>ssl hosts</parameter></link> variable lists
 		hosts (by IP-address, IP-address range, net group or name), 
 		only these hosts will be forced into SSL mode. If the <parameter>
 		ssl hosts resign</parameter> variable lists hosts, only these 
-		hosts will NOT be forced into SSL mode. The syntax for these two 
+		hosts will <emphasis>NOT</emphasis> be forced into SSL mode. The syntax for these two 
 		variables is the same as for the <link linkend="HOSTSALLOW"><parameter>
 		hosts allow</parameter></link> and <link linkend="HOSTSDENY">
 		<parameter>hosts deny</parameter></link> pair of variables, only 
@@ -6842,7 +7050,7 @@
 		<para>When strict locking is <constant>no</constant> the server does file 
 		lock checks only when the client explicitly asks for them.</para>
 
-		<para>Well behaved clients always ask for lock checks when it 
+		<para>Well-behaved clients always ask for lock checks when it 
 		is important, so in the vast majority of cases <command>strict 
 		locking = no</command> is preferable.</para>
 
@@ -6861,7 +7069,7 @@
 		all outstanding data in kernel disk buffers has been safely stored 
 		onto stable storage. This is very slow and should only be done 
 		rarely. Setting this parameter to <constant>no</constant> (the 
-		default) means that smbd ignores the Windows applications requests for
+		default) means that <ulink url="smbd.8.html">smbd</ulink> ignores the Windows applications requests for
 		a sync call. There is only a possibility of losing data if the
 		operating system itself that Samba is running on crashes, so there is
 		little danger in this default setting. In addition, this fixes many
@@ -6892,10 +7100,10 @@
 		<term><anchor id="SYNCALWAYS">sync always (S)</term>
 		<listitem><para>This is a boolean parameter that controls 
 		whether writes will always be written to stable storage before 
-		the write call returns. If this is false then the server will be 
+		the write call returns. If this is <constant>false</constant> then the server will be 
 		guided by the client's request in each write call (clients can 
 		set a bit indicating that a particular write should be synchronous). 
-		If this is true then every write will be followed by a <command>fsync()
+		If this is <constant>true</constant> then every write will be followed by a <command>fsync()
 		</command> call to ensure the data is written to disk. Note that 
 		the <parameter>strict sync</parameter> parameter must be set to
 		<constant>yes</constant> in order for this parameter to have 
@@ -7017,7 +7225,7 @@
 		<listitem><para>This parameter accepts an integer value which defines
 		a limit on the maximum number of print jobs that will be accepted 
 		system wide at any given time.  If a print job is submitted
-		by a client which will exceed this number, then smbd will return an 
+		by a client which will exceed this number, then <ulink url="smbd.8.html">smbd</ulink> will return an 
 		error indicating that no space is available on the server.  The 
 		default value of 0 means that no such limit exists.  This parameter
 		can be used to prevent a server from exceeding its capacity and is
@@ -7038,10 +7246,10 @@
 		<listitem><para>This boolean parameter controls whether Samba 
 		attempts to synchronize the UNIX password with the SMB password 
 		when the encrypted SMB password in the smbpasswd file is changed. 
-		If this is set to true the program specified in the <parameter>passwd
+		If this is set to <constant>true</constant> the program specified in the <parameter>passwd
 		program</parameter>parameter is called <emphasis>AS ROOT</emphasis> - 
 		to allow the new UNIX password to be set without access to the 
-		old UNIX password (as the SMB password has change code has no 
+		old UNIX password (as the SMB password change code has no 
 		access to the old password cleartext, only the new).</para>
 
 		<para>See also <link linkend="PASSWDPROGRAM"><parameter>passwd 
@@ -7055,19 +7263,6 @@
 
 
 		<varlistentry>
-		<term><anchor id="UNIXREALNAME">unix realname (G)</term>
-		<listitem><para>This boolean parameter when set causes samba 
-		to supply the real name field from the unix password file to 
-		the client. This is useful for setting up mail clients and WWW 
-		browsers on systems used by more than one person.</para>
-
-		<para>Default: <command>unix realname = yes</command></para>
-		</listitem>
-		</varlistentry>
-
-	
-	
-		<varlistentry>
 		<term><anchor id="UPDATEENCRYPTED">update encrypted (G)</term>
 		<listitem><para>This boolean parameter allows a user logging 
 		on with a plaintext password to have their encrypted (hashed) 
@@ -7101,8 +7296,8 @@
 
 		<varlistentry>
 		<term><anchor id="USERHOSTS">use rhosts (G)</term>
-		<listitem><para>If this global parameter is a true, it specifies 
-		that the UNIX users <filename>.rhosts</filename> file in their home directory 
+		<listitem><para>If this global parameter is <constant>true</constant>, it specifies 
+		that the UNIX user's <filename>.rhosts</filename> file in their home directory 
 		will be read to find the names of hosts and users who will be allowed 
 		access without specifying a password.</para>
 
@@ -7169,7 +7364,7 @@
 		</parameter></link> parameter.</para>
 
 		<para>If any of the usernames begin with a '@' then the name 
-		will be looked up first in the yp netgroups list (if Samba 
+		will be looked up first in the NIS netgroups list (if Samba 
 		is compiled with netgroup support), followed by a lookup in 
 		the UNIX groups database and will expand to a list of all users 
 		in the group of that name.</para>
@@ -7179,7 +7374,7 @@
 		expand to a list of all users in the group of that name.</para>
 
 		<para>If any of the usernames begin with a '&'then the name 
-		will be looked up only in the yp netgroups database (if Samba 
+		will be looked up only in the NIS netgroups database (if Samba 
 		is compiled with netgroup support) and will expand to a list 
 		of all users in the netgroup group of that name.</para>
 
@@ -7321,7 +7516,7 @@
 		<term><anchor id="UTMP">utmp (S)</term>
 		<listitem><para>This boolean parameter is only available if 
 		Samba has been configured and compiled  with the option <command>
-		--with-utmp</command>. If set to True then Samba will attempt
+		--with-utmp</command>. If set to <constant>true</constant> then Samba will attempt
 		to add utmp or utmpx records (depending on the UNIX system) whenever a
 		connection is made to a Samba server. Sites may use this to record the
 		user connecting to a Samba share.</para>
@@ -7535,7 +7730,7 @@
 		<varlistentry>
 		<term><anchor id="VFSOPTIONS">vfs options (S)</term>
 		<listitem><para>This parameter allows parameters to be passed 
-		to the vfs layer at initialisation time.  The Samba VFS layer 
+		to the vfs layer at initialization time.  The Samba VFS layer 
 		is new to Samba 2.2 and must be enabled at compile time 
 		with --with-vfs.  See also <link linkend="VFSOBJECT"><parameter>
 		vfs object</parameter></link>.</para>
@@ -7602,7 +7797,7 @@
 		<para>The winbind gid parameter specifies the range of group 
 		ids that are allocated by the <ulink url="winbindd.8.html">
 		winbindd(8)</ulink> daemon.  This range of group ids should have no 
-		existing local or nis groups within it as strange conflicts can 
+		existing local or NIS groups within it as strange conflicts can 
 		occur otherwise.</para>
 
 		<para>Default: <command>winbind gid = &lt;empty string&gt;
@@ -7641,7 +7836,7 @@
 		<para>The winbind gid parameter specifies the range of group 
 		ids that are allocated by the <ulink url="winbindd.8.html">
 		winbindd(8)</ulink> daemon.  This range of ids should have no 
-		existing local or nis users within it as strange conflicts can 
+		existing local or NIS users within it as strange conflicts can 
 		occur otherwise.</para>
 
 		<para>Default: <command>winbind uid = &lt;empty string&gt;
@@ -7677,12 +7872,12 @@
 			name has not previously been added, in that case it should be treated 
 			as an add.</para></listitem>
 
-			<listitem><para>The second argument is the netbios name. If the 
+			<listitem><para>The second argument is the NetBIOS name. If the 
 			name is not a legal name then the wins hook is not called. 
 			Legal names contain only  letters, digits, hyphens, underscores 
 			and periods.</para></listitem>
 
-			<listitem><para>The third argument is the netbios name 
+			<listitem><para>The third argument is the NetBIOS name 
 			type as a 2 digit hexadecimal number. </para></listitem>
 
 			<listitem><para>The fourth argument is the TTL (time to live) 
@@ -7745,9 +7940,9 @@
 		<term><anchor id="WINSSUPPORT">wins support (G)</term>
 		<listitem><para>This boolean controls if the <ulink url="nmbd.8.html"> 		
 		nmbd(8)</ulink> process in Samba will act as a WINS server. You should 
-		not set this to true unless you have a multi-subnetted network and 
+		not set this to <constant>true</constant> unless you have a multi-subnetted network and 
 		you wish a particular <command>nmbd</command> to be your WINS server. 
-		Note that you should <emphasis>NEVER</emphasis> set this to true 
+		Note that you should <emphasis>NEVER</emphasis> set this to <constant>true</constant>
 		on more than one machine in your network.</para>
 
 		<para>Default: <command>wins support = no</command></para>
@@ -7794,7 +7989,7 @@
 		within it.</para>
 
 		<para>This cache allows Samba to batch client writes into a more 
-		efficient write size for RAID disks (ie. writes may be tuned to 
+		efficient write size for RAID disks (i.e. writes may be tuned to 
 		be the RAID stripe size) and can improve performance on systems 
 		where the disk subsystem is a bottleneck but there is free 
 		memory for userspace programs.</para>
@@ -7852,7 +8047,7 @@
 		<varlistentry>
 		<term><anchor id="WRITERAW">write raw (G)</term>
 		<listitem><para>This parameter controls whether or not the server 
-		will support raw writes SMB's when transferring data from clients. 
+		will support raw write SMB's when transferring data from clients. 
 		You should never need to change this parameter.</para>
 
 		<para>Default: <command>write raw = yes</command></para>
diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml
index 9561099851e..69aa9674928 100644
--- a/docs/docbook/manpages/smbcacls.1.sgml
+++ b/docs/docbook/manpages/smbcacls.1.sgml
@@ -14,7 +14,7 @@
 
 <refsynopsisdiv>
 	<cmdsynopsis>
-		<command>nmblookup</command>
+		<command>smbcacls</command>
 		<arg choice="req">//server/share</arg>
 		<arg choice="req">filename</arg>
 		<arg choice="opt">-U username</arg>
@@ -35,7 +35,7 @@
 	<para>This tool is part of the <ulink url="samba.7.html">
 	Samba</ulink> suite.</para>
 	
-	<para>The smbcacls program manipulates NT Access Control Lists 
+	<para>The <command>smbcacls</command> program manipulates NT Access Control Lists 
 	(ACLs) on SMB file shares. </para>
 </refsect1>
 
@@ -43,7 +43,7 @@
 <refsect1>
 	<title>OPTIONS</title>
 
-	<para>The following options are available to the smbcacls program.  
+	<para>The following options are available to the <command>smbcacls</command> program.  
 	The format of ACLs is described in the section ACL FORMAT </para>
 
 
@@ -68,7 +68,7 @@
 		
 		<varlistentry>
 		<term>-D acls</term>
-		<listitem><para>Delete any ACLs specfied on the command line.  
+		<listitem><para>Delete any ACLs specified on the command line.  
 		An error will be printed for each ACL specified that was not 
 		already present in the ACL list. </para></listitem>
 		</varlistentry>
@@ -223,8 +223,8 @@ ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
 	depending on the success or otherwise of the operations performed.  
 	The exit status may be one of the following values. </para>
 
-	<para>If the operation succeded, smbcacls returns and exit 
-	status of 0.  If smbcacls couldn't connect to the specified server, 
+	<para>If the operation succeeded, smbcacls returns and exit 
+	status of 0.  If <command>smbcacls</command> couldn't connect to the specified server, 
 	or there was an error getting or setting the ACLs, an exit status 
 	of 1 is returned.  If there was an error parsing any command line 
 	arguments, an exit status of 2 is returned. </para>
diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml
index f82d59d29c1..54c42fcaa1e 100644
--- a/docs/docbook/manpages/smbclient.1.sgml
+++ b/docs/docbook/manpages/smbclient.1.sgml
@@ -81,8 +81,8 @@
 		</para>
 
 		<para>The server name is looked up according to either 
-		the <parameter>-R</parameter> parameter to smbclient or 
-		using the name resolve order parameter in the smb.conf file, 
+		the <parameter>-R</parameter> parameter to <command>smbclient</command> or 
+		using the name resolve order parameter in the <filename>smb.conf</filename> file, 
 		allowing an administrator to change the order and methods 
 		by which server names are looked up. </para></listitem>
 		</varlistentry>
@@ -131,7 +131,7 @@
 		<term>-R &lt;name resolve order&gt;</term> 
 		<listitem><para>This option is used by the programs in the Samba 
 		suite to determine what naming services and in what order to resolve 
-		host names to IP addresses. The option takes a space separated 
+		host names to IP addresses. The option takes a space-separated 
 		string of different name resolution options.</para>
 
 		<para>The options are :"lmhosts", "host", "wins" and "bcast". They 
@@ -147,7 +147,7 @@
 			<listitem><para><constant>host</constant> : Do a standard host 
 			name to IP address resolution, using the system <filename>/etc/hosts
 			</filename>, NIS, or DNS lookups. This method of name resolution 
-			is operating system depended for instance on IRIX or Solaris this 
+			is operating system dependent, for instance on IRIX or Solaris this 
 			may be controlled by the <filename>/etc/nsswitch.conf</filename> 
 			file).  Note that this method is only used if the NetBIOS name 
 			type being queried is the 0x20 (server) name type, otherwise 
@@ -172,7 +172,7 @@
 
 		<para>The default order is lmhosts, host, wins, bcast and without 
 		this parameter or any entry in the <parameter>name resolve order
-		</parameter> parameter of the smb.conf file the name resolution
+		</parameter> parameter of the <filename>smb.conf</filename> file the name resolution
 		methods will be attempted in this order. </para></listitem>
 		</varlistentry>
 		
@@ -216,7 +216,7 @@
 		<term>-i scope</term>
 		<listitem><para>This specifies a NetBIOS scope that smbclient will 
 		use to communicate with when generating NetBIOS names. For details 
-		on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt.
+		on the use of NetBIOS scopes, see <filename>rfc1001.txt</filename> and <filename>rfc1002.txt</filename>.
 		NetBIOS scopes are <emphasis>very</emphasis> rarely used, only set 
 		this parameter if you are the system administrator in charge of all 
 		the NetBIOS systems you communicate with. </para></listitem>
@@ -247,7 +247,7 @@
 		
 		<varlistentry>
 		<term>-d debuglevel</term>
-		<listitem><para>debuglevel is an integer from 0 to 10, or 
+		<listitem><para><replaceable>debuglevel</replaceable> is an integer from 0 to 10, or 
 		the letter 'A'. </para>
 		
 		<para>The default value if this parameter is not specified 
@@ -264,13 +264,13 @@
 		data, and should only be used when investigating a problem.
 		Levels above 3 are designed for use only by developers and 
 		generate HUGE amounts of log data, most of which is extremely 
-		cryptic. If debuglevel is set to the letter 'A', then <emphasis>all
+		cryptic. If <replaceable>debuglevel</replaceable> is set to the letter 'A', then <emphasis>all
 		</emphasis>  debug messages will be printed. This setting
 		is for developers only (and people who <emphasis>really</emphasis> want 
 		to know how the code works internally). </para>
 
 		<para>Note that specifying this parameter here will override
-		the log level parameter in the <command>smb.conf (5)</command> 
+		the log level parameter in the <filename>smb.conf (5)</filename> 
 		file. </para></listitem>
 		</varlistentry>
 		
@@ -286,7 +286,7 @@
 		
 		<varlistentry>
 		<term>-l logfilename</term>
-		<listitem><para>If specified, logfilename specifies a base filename 
+		<listitem><para>If specified, <replaceable>logfilename</replaceable> specifies a base filename 
 		into which operational data from the running client will be 
 		logged. </para>
 
@@ -311,7 +311,7 @@
 		
 		<varlistentry>
 		<term>-I IP-address</term>
-		<listitem><para>IP address is the address of the server to connect to. 
+		<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. 
 		It should be specified in standard "a.b.c.d" notation. </para>
 
 		<para>Normally the client would attempt to locate a named 
@@ -344,28 +344,28 @@
 		<term>-U username[%pass]</term>
 		<listitem><para>Sets the SMB username or username and password. 
 		If %pass is not specified, The user will be prompted. The client 
-		will first check the USER environment variable, then the 
-		<parameter>$LOGNAME</parameter> variable and if either exist, the 
+		will first check the <envar>USER</envar> environment variable, then the 
+		<envar>LOGNAME</envar> variable and if either exists, the 
 		string is uppercased. Anything in these variables following a '%' 
-		sign will be treated as the password. If these environmental 
+		sign will be treated as the password. If these environment 
 		variables are not found, the username <constant>GUEST</constant> 
 		is used. </para>
 
-		<para>If the password is not included in these environment 
-		variables (using the %pass syntax), rpcclient will look for 
-		a <parameter>$PASSWD</parameter> environment variable from which 
+		<para>If the password is not included in these environment
+		variables (using the %pass syntax), <command>rpcclient</command> will look for 
+		a <envar>PASSWD</envar> environment variable from which 
 		to read the password. </para>
 		
 		<para>A third option is to use a credentials file which 
 		contains the plaintext of the username and password.  This 
 		option is mainly provided for scripts where the admin doesn't 
-		desire to pass the credentials on the command line or via environment 
+		wish to pass the credentials on the command line or via environment 
 		variables. If this method is used, make certain that the permissions 
 		on the file restrict access from unwanted users.  See the 
 		<parameter>-A</parameter> for more details. </para>
 		
 		<para>Be cautious about including passwords in scripts or in 
-		the <parameter>$PASSWD</parameter> environment variable. Also, on 
+		the <envar>PASSWD</envar> environment variable. Also, on 
 		many systems the command line of a running process may be seen 
 		via the <command>ps</command> command to be safe always allow 
 		<command>rpcclient</command> to prompt for a password and type 
@@ -397,14 +397,14 @@ password = &lt;value&gt;
 		are available on a server. You use it as <command>smbclient -L 
 		host</command> and a list should appear.  The <parameter>-I
 		</parameter> option may be useful if your NetBIOS names don't 
-		match your tcp/ip dns host names or if you are trying to reach a 
+		match your TCP/IP DNS host names or if you are trying to reach a 
 		host on another network. </para></listitem>
 		</varlistentry>
 		
 		
 		<varlistentry>
 		<term>-t terminal code</term>
-		<listitem><para>This option tells smbclient how to interpret 
+		<listitem><para>This option tells <command>smbclient</command> how to interpret 
 		filenames coming from the remote server. Usually Asian language 
 		multibyte UNIX implementations use different character sets than 
 		SMB/CIFS servers (<emphasis>EUC</emphasis> instead of <emphasis>
@@ -488,7 +488,7 @@ password = &lt;value&gt;
 			</para></listitem>
 			
 			<listitem><para><parameter>r</parameter> - Regular expression include
-			or exclude.  Uses regular  regular expression matching for 
+			or exclude.  Uses regular  expression matching for 
 			excluding or excluding files if  compiled with HAVE_REGEX_H. 
 			However this mode can be very slow. If  not compiled with 
 			HAVE_REGEX_H, does a limited wildcard match on '*' and  '?'. 
@@ -511,7 +511,7 @@ password = &lt;value&gt;
 		<para><command>smbclient</command>'s tar option now supports long 
 		file names both on backup and restore. However, the full path 
 		name of the file must be less than 1024 bytes.  Also, when
-		a tar archive is created, smbclient's tar option places all 
+		a tar archive is created, <command>smbclient</command>'s tar option places all 
 		files in the archive with relative names, not absolute names. 
 		</para>
 			
@@ -523,10 +523,10 @@ password = &lt;value&gt;
 			
 		<para><emphasis>Examples</emphasis></para>
 		
-		<para>Restore from tar file backup.tar into myshare on mypc 
+		<para>Restore from tar file <filename>backup.tar</filename> into myshare on mypc 
 		(no password on share). </para>
 		
-		<para><command>smbclient //mypc/myshare "" -N -Tx backup.tar
+		<para><command>smbclient //mypc/yshare "" -N -Tx backup.tar
 		</command></para>
 		
 		<para>Restore everything except <filename>users/docs</filename>
@@ -566,7 +566,7 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>-c command string</term>
-		<listitem><para>command string is a semicolon separated list of 
+		<listitem><para>command string is a semicolon-separated list of 
 		commands to be executed instead of prompting from stdin. <parameter>
 		-N</parameter> is implied by <parameter>-c</parameter>.</para>
 
@@ -616,7 +616,7 @@ password = &lt;value&gt;
 	<variablelist>
 		<varlistentry>
 		<term>? [command]</term>
-		<listitem><para>If "command" is specified, the ? command will display 
+		<listitem><para>If <replaceable>command</replaceable> is specified, the ? command will display 
 		a brief informative message about the specified command.  If no 
 		command is specified, a list of available commands will
 		be displayed. </para></listitem>
@@ -625,7 +625,7 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>! [shell command]</term>
-		<listitem><para>If "shell command" is specified, the !  
+		<listitem><para>If <replaceable>shell command</replaceable> is specified, the !  
 		command will execute a shell locally and run the specified shell 
 		command. If no command is specified, a local shell will be run. 
 		</para></listitem>
@@ -648,14 +648,14 @@ password = &lt;value&gt;
 		<varlistentry>
 		<term>del &lt;mask&gt;</term>
 		<listitem><para>The client will request that the server attempt 
-		to delete all files matching "mask" from the current working 
+		to delete all files matching <replaceable>mask</replaceable> from the current working 
 		directory on the server. </para></listitem>
 		</varlistentry>
 		
 		
 		<varlistentry>
 		<term>dir &lt;mask&gt;</term>
-		<listitem><para>A list of the files matching "mask" in the current 
+		<listitem><para>A list of the files matching <replaceable>mask</replaceable> in the current 
 		working directory on the server will be retrieved from the server 
 		and displayed. </para></listitem>
 		</varlistentry>
@@ -670,9 +670,9 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>get &lt;remote file name&gt; [local file name]</term>
-		<listitem><para>Copy the file called "remote file name" from 
+		<listitem><para>Copy the file called <filename>remote file name</filename> from 
 		the server to the machine running the client. If specified, name 
-		the local copy "local file name".  Note that all transfers in 
+		the local copy <filename>local file name</filename>.  Note that all transfers in 
 		<command>smbclient</command> are binary. See also the 
 		lowercase command. </para></listitem>
 		</varlistentry>
@@ -687,7 +687,7 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>lcd [directory name]</term>
-		<listitem><para>If "directory name" is specified, the current 
+		<listitem><para>If <replaceable>directory name</replaceable> is specified, the current 
 		working directory on the local machine will be changed to 
 		the directory specified. This operation will fail if for any 
 		reason the specified directory is inaccessible. </para>
@@ -751,13 +751,13 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>mget &lt;mask&gt;</term>
-		<listitem><para>Copy all files matching mask from the server to 
+		<listitem><para>Copy all files matching <replaceable>mask</replaceable> from the server to 
 		the machine running the client. </para>
 
-		<para>Note that mask is interpreted differently during recursive 
+		<para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive 
 		operation and non-recursive operation - refer to the recurse and 
 		mask commands for more information. Note that all transfers in 
-		smbclient are binary. See also the lowercase command. </para></listitem>
+		<command>smbclient</command> are binary. See also the lowercase command. </para></listitem>
 		</varlistentry>
 		
 		
@@ -770,13 +770,13 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>mput &lt;mask&gt;</term>
-		<listitem><para>Copy all files matching mask in the current working 
+		<listitem><para>Copy all files matching <replaceable>mask</replaceable> in the current working 
 		directory on the local machine to the current working directory on 
 		the server. </para>
 		
-		<para>Note that mask is interpreted differently during recursive 
+		<para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive 
 		operation and non-recursive operation - refer to the recurse and mask 
-		commands for more information. Note that all transfers in smbclient 
+		commands for more information. Note that all transfers in <command>smbclient</command> 
 		are binary. </para></listitem>
 		</varlistentry>
 		
@@ -813,10 +813,10 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>put &lt;local file name&gt; [remote file name]</term>
-		<listitem><para>Copy the file called "local file name" from the 
+		<listitem><para>Copy the file called <filename>local file name</filename> from the 
 		machine running the client to the server. If specified,
-		name the remote copy "remote file name". Note that all transfers 
-		in smbclient are binary. See also the lowercase command. 
+		name the remote copy <filename>remote file name</filename>. Note that all transfers 
+		in <command>smbclient</command> are binary. See also the lowercase command. 
 		</para></listitem>
 		</varlistentry>
 		
@@ -863,7 +863,7 @@ password = &lt;value&gt;
 		
 		<varlistentry>
 		<term>rm &lt;mask&gt;</term>
-		<listitem><para>Remove all files matching mask from the current 
+		<listitem><para>Remove all files matching <replaceable>mask</replaceable> from the current 
 		working directory on the server. </para></listitem>
 		</varlistentry>
 		
@@ -890,7 +890,7 @@ password = &lt;value&gt;
 		<term>blocksize &lt;blocksize&gt;</term>
 		<listitem><para>Blocksize. Must be followed by a valid (greater 
 		than zero) blocksize. Causes tar file to be written out in 
-		blocksize*TBLOCK (usually 512 byte) blocks. </para></listitem>
+		<replaceable>blocksize</replaceable>*TBLOCK (usually 512 byte) blocks. </para></listitem>
 		</varlistentry>
 		
 		
@@ -938,13 +938,13 @@ password = &lt;value&gt;
 <refsect1>
 	<title>ENVIRONMENT VARIABLES</title>
 
-	<para>The variable <parameter>$USER</parameter> may contain the 
+	<para>The variable <envar>USER</envar> may contain the 
 	username of the person  using the client. This information is 
 	used only if the protocol  level is high enough to support 
 	session-level passwords.</para>
 
 
-	<para>The variable <parameter>$PASSWD</parameter> may contain 
+	<para>The variable <envar>PASSWD</envar> may contain 
 	the password of the person using the client.  This information is 
 	used only if the protocol level is high enough to support 
 	session-level passwords. </para>
@@ -970,7 +970,7 @@ password = &lt;value&gt;
 
 	<para>To test the client, you will need to know the name of a 
 	running SMB/CIFS server. It is possible to run <command>smbd(8)
-	</command> an ordinary user - running that server as a daemon 
+	</command> as an ordinary user - running that server as a daemon 
 	on a user-accessible port (typically any port number over 1024)
 	would provide a suitable test server. </para>
 </refsect1>
diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml
index 44418ea85fe..8e529d8b712 100644
--- a/docs/docbook/manpages/smbcontrol.1.sgml
+++ b/docs/docbook/manpages/smbcontrol.1.sgml
@@ -1,5 +1,5 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="findsmb">
+<refentry id="smbcontrol">
 
 <refmeta>
 	<refentrytitle>smbcontrol</refentrytitle>
diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml
index 2d01fd7d496..7ad6a114283 100644
--- a/docs/docbook/manpages/smbd.8.sgml
+++ b/docs/docbook/manpages/smbd.8.sgml
@@ -67,7 +67,7 @@
 	can force a reload by sending a SIGHUP to the server.  Reloading 
 	the configuration file will not affect connections to any service 
 	that is already established.  Either the user will have to 
-	disconnect from the service, or smbd killed and restarted.</para>
+	disconnect from the service, or <command>smbd</command> killed and restarted.</para>
 </refsect1>
 
 <refsect1>
@@ -80,9 +80,9 @@
 		the server to operate as a daemon. That is, it detaches 
 		itself and runs in the background, fielding requests 
 		on the appropriate port. Operating the server as a
-		daemon is the recommended way of running smbd for 
+		daemon is the recommended way of running <command>smbd</command> for 
 		servers that provide more than casual use file and 
-		print services.  This switch is assumed is <command>smbd
+		print services.  This switch is assumed if <command>smbd
 		</command> is executed on the command line of a shell.
 		</para></listitem>
 		</varlistentry>
@@ -104,7 +104,7 @@
 		
 		<varlistentry>
 		<term>-P</term>
-		<listitem><para>Passive option. Causes smbd not to 
+		<listitem><para>Passive option. Causes <command>smbd</command> not to 
 		send any network traffic out. Used for debugging by 
 		the developers only.</para></listitem>
 		</varlistentry>
@@ -123,7 +123,7 @@
 		
 		<varlistentry>
 		<term>-d &lt;debug level&gt;</term>
-		<listitem><para>debuglevel is an integer 
+		<listitem><para><replaceable>debuglevel</replaceable> is an integer 
 		from 0 to 10.  The default value if this parameter is 
 		not specified is zero.</para>
 		
@@ -149,7 +149,7 @@
 		
 		<varlistentry>
 		<term>-l &lt;log file&gt;</term>
-		<listitem><para>If specified, <emphasis>log file</emphasis> 
+		<listitem><para>If specified, <replaceable>log file</replaceable> 
 		specifies a log filename into which informational and debug 
 		messages from the running server will be logged. The log 
 		file generated is never removed by the server although 
@@ -170,7 +170,7 @@
 		
 		<varlistentry>
 		<term>-p &lt;port number&gt;</term>
-		<listitem><para>port number is a positive integer 
+		<listitem><para><replaceable>port number</replaceable> is a positive integer 
 		value.  The default value if this parameter is not 
 		specified is 139.</para>
 		
@@ -273,10 +273,10 @@
 
 	<variablelist>
 		<varlistentry>
-		<term>PRINTER</term>
+		<term><envar>PRINTER</envar></term>
 		<listitem><para>If no printer name is specified to 
 		printable services, most systems will use the value of 
-		this variable (or lp if this variable is 
+		this variable (or <constant>lp</constant> if this variable is 
 		not defined) as the name of the printer to use. This 
 		is not specific to the server, however.</para></listitem>
 		</varlistentry>
@@ -296,10 +296,10 @@
 	program itself should be executable by all, as users may wish to 
 	run the server themselves (in which case it will of course run 
 	with their privileges).  The server should NOT be setuid. On some 
-	systems it may be worthwhile to make smbd setgid to an empty group. 
+	systems it may be worthwhile to make <command>smbd</command> setgid to an empty group. 
 	This is because some systems may have a security hole where daemon 
 	processes that become a user can be attached to with a debugger. 
-	Making the smbd file setgid to an empty group may prevent
+	Making the <command>smbd</command> file setgid to an empty group may prevent
 	this hole from being exploited. This security hole and the suggested
 	fix has only been confirmed on old versions (pre-kernel 2.0) of Linux
 	at the time this was written. It is possible that this hole only
@@ -395,7 +395,7 @@
 	<title>RUNNING THE SERVER ON REQUEST</title>
 
 	<para>If your system uses a meta-daemon such as <command>inetd
-	</command>, you can arrange to have the smbd server started 
+	</command>, you can arrange to have the <command>smbd</command> server started 
 	whenever a process attempts to connect to it. This requires several 
 	changes to the startup files on the host machine. If you are 
 	experimenting as an ordinary user rather than as root, you will 
@@ -463,6 +463,32 @@
 </refsect1>
 
 <refsect1>
+        <title>PAM INTERACTION</title>
+	<para>Samba uses PAM for authentication (when presented with a plaintext 
+	password), for account checking (is this account disabled?) and for
+	session management.  The degree too which samba supports PAM is restricted
+	by the limitations of the SMB protocol and the 
+	<ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS">obey pam restricions</ulink>
+	smb.conf paramater.  When this is set, the following restrictions apply:
+	</para>
+
+	<itemizedlist>
+	<listitem><para><emphasis>Account Validation</emphasis>:  All acccesses to a 
+	samba server are checked 
+	against PAM to see if the account is vaild, not disabled and is permitted to 
+	login at this time.  This also applies to encrypted logins.
+	</para></listitem>
+
+	<listitem><para><emphasis>Session Management</emphasis>:  When not using share 
+	level secuirty, users must pass PAM's session checks before access 
+	is granted.  Note however, that this is bypassed in share level secuirty.  
+	Note also that some older pam configuration files may need a line 
+	added for session support. 
+	</para></listitem>
+	</itemizedlist>
+</refsect1>
+
+<refsect1>
 	<title>TESTING THE INSTALLATION</title>
 
 	<para>If running the server as a daemon, execute it before 
@@ -471,8 +497,8 @@
 	<command>inetd</command> will reread their configuration
 	tables if they receive a HUP signal.</para>
 
-	<para>If your machine's name is fred and your 
-	name is mary, you should now be able to connect 
+	<para>If your machine's name is <replaceable>fred</replaceable> and your 
+	name is <replaceable>mary</replaceable>, you should now be able to connect 
 	to the service <filename>\\fred\mary</filename>.
 	</para>
 
@@ -513,26 +539,26 @@
 <refsect1>
 	<title>SIGNALS</title>
 
-	<para>Sending the smbd a SIGHUP will cause it to 
-	re-load its <filename>smb.conf</filename> configuration 
+	<para>Sending the <command>smbd</command> a SIGHUP will cause it to 
+	reload its <filename>smb.conf</filename> configuration 
 	file within a short period of time.</para>
 
-	<para>To shut down a users smbd process it is recommended 
+	<para>To shut down a user's <command>smbd</command> process it is recommended 
 	that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis> 
 	be used, except as a last resort, as this may leave the shared
 	memory area in an inconsistent state. The safe way to terminate 
-	an smbd is to send it a SIGTERM (-15) signal and wait for 
+	an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for 
 	it to die on its own.</para>
 
-	<para>The debug log level of smbd may be raised by sending 
+	<para>The debug log level of <command>smbd</command> may be raised by sending 
 	it a SIGUSR1 (<command>kill -USR1 &lt;smbd-pid&gt;</command>)
 	and lowered by sending it a SIGUSR2 (<command>kill -USR2 &lt;smbd-pid&gt;
 	</command>). This is to allow transient problems to be diagnosed, 
 	whilst still running at a normally low log level.</para>
 
 	<para>Note that as the signal handlers send a debug write, 
-	they are not re-entrant in smbd. This you should wait until 
-	smbd is in a state of waiting for an incoming smb before 
+	they are not re-entrant in <command>smbd</command>. This you should wait until 
+	<command>smbd</command> is in a state of waiting for an incoming SMB before 
 	issuing them. It is possible to make the signal handlers safe 
 	by un-blocking the signals before the select call and re-blocking 
 	them after, however this would affect performance.</para>
diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml
index 9527a191440..859f8f441c2 100644
--- a/docs/docbook/manpages/smbmnt.8.sgml
+++ b/docs/docbook/manpages/smbmnt.8.sgml
@@ -32,7 +32,7 @@
 	<para><command>smbmnt</command> is a helper application used 
 	by the smbmount program to do the actual mounting of SMB shares. 
 	<command>smbmnt</command> is meant to be installed setuid root 
-	so that normal users can mount their smb shares. It checks 
+	so that normal users can mount their SMB shares. It checks 
 	whether the user has write permissions on the mount point and 
 	then mounts the directory.</para>
 
@@ -79,7 +79,7 @@
 		<term>-o options</term>
 		<listitem><para>
 		list of options that are passed as-is to smbfs, if this
-		command is run on a 2.4 or higher linux kernel.
+		command is run on a 2.4 or higher Linux kernel.
 		</para></listitem>
 		</varlistentry>
 
diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml
index 391d7d68820..462512185d7 100644
--- a/docs/docbook/manpages/smbmount.8.sgml
+++ b/docs/docbook/manpages/smbmount.8.sgml
@@ -29,17 +29,17 @@
 	the <command>mount(8)</command> command when using the 
 	"-t smb" option. The kernel must support the smbfs filesystem. </para>
 
-	<para>Options to smbmount are specified as a comma separated
+	<para>Options to <command>smbmount</command> are specified as a comma-separated
 	list of key=value pairs. It is possible to send options other
 	than those listed here, assuming that smbfs supports them. If
 	you get mount failures, check your kernel log for errors on
 	unknown options.</para>
 
-	<para>smbmount is a daemon. After mounting it keeps running until
+	<para><command>smbmount</command> is a daemon. After mounting it keeps running until
 	the mounted smbfs is umounted. It will log things that happen
 	when in daemon mode using the "machine name" smbmount, so
-	typically this output will end up in log.smbmount. The
-	smbmount process may also be called mount.smbfs.</para>
+	typically this output will end up in <filename>log.smbmount</filename>. The
+	<command>smbmount</command> process may also be called mount.smbfs.</para>
 
 	<para><emphasis>NOTE:</emphasis> <command>smbmount</command> 
 	calls <command>smbmnt(8)</command> to do the actual mount. You 
@@ -69,7 +69,16 @@
 		<envar>PASSWD</envar> is used. If it can find
 		no password <command>smbmount</command> will prompt
 		for a passeword, unless the guest option is
-		given. </para></listitem>
+		given. </para>
+
+		<para>
+		Note that password which contain the arguement delimiter
+		character (i.e. a comma ',') will failed to be parsed correctly
+		on the command line.  However, the same password defined
+		in the PASSWD environment variable or a credentials file (see
+		below) will be read correctly.
+		</para>
+		</listitem>
 		</varlistentry>
 
 		<varlistentry>
@@ -85,7 +94,7 @@
 		</para>
 
 		<para>This is preferred over having passwords in plaintext in a
-		shared file, such as /etc/fstab. Be sure to protect any
+		shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any
 		credentials file properly.
 		</para></listitem>
 		</varlistentry>
@@ -131,7 +140,7 @@
 
 		<varlistentry>
 		<term>dmask=&lt;arg&gt;</term>
-		<listitem><para>sets the directory mask. This deterines the 
+		<listitem><para>sets the directory mask. This determines the 
 		permissions that remote directories have in the local filesystem. 
 		The default is based on the current umask. </para></listitem>
 		</varlistentry>
@@ -191,7 +200,7 @@
 		<varlistentry>
 		<term>iocharset=&lt;arg&gt;</term>
 		<listitem><para>
-		sets the charset used by the linux side for codepage
+		sets the charset used by the Linux side for codepage
 		to charset translations (NLS). Argument should be the
 		name of a charset, like iso8859-1. (Note: only kernel
 		2.4.0 or later)
@@ -243,7 +252,7 @@
 
 	<para>The variable <envar>PASSWD_FILE</envar> may contain the pathname of
 	a file to read the password from. A single line of input is
-	read and used as password.</para>
+	read and used as the password.</para>
 </refsect1>
 
 
@@ -263,7 +272,7 @@
 
 	</itemizedlist>
 
-	<para>Note that the typical response to a bugreport is suggestion
+	<para>Note that the typical response to a bug report is suggestion
 	to try the latest version first. So please try doing that first,
 	and always include which versions you use of relevant software
 	when reporting bugs (minimum: samba, kernel, distribution)</para>
diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml
index 0e8a704c503..be751078192 100644
--- a/docs/docbook/manpages/smbpasswd.5.sgml
+++ b/docs/docbook/manpages/smbpasswd.5.sgml
@@ -59,9 +59,9 @@
 		 
 		<varlistentry>
 		<term>Lanman Password Hash</term>
-		<listitem><para>This is the LANMAN hash of the users password, 
+		<listitem><para>This is the LANMAN hash of the user's password, 
 		encoded as 32 hex digits.  The LANMAN hash is created by DES 
-		encrypting a well known string with the users password as the 
+		encrypting a well known string with the user's password as the 
 		DES key. This is the same password used by Windows 95/98 machines. 
 		Note that this password hash is regarded as weak as it is
 		vulnerable to dictionary attacks and if two users choose the 
@@ -69,7 +69,7 @@
 		is not "salted" as the UNIX password is). If the user has a 
 		null password this field will contain the characters "NO PASSWORD" 
 		as the start of the hex string. If the hex string is equal to 
-		32 'X' characters then the users account is marked as 
+		32 'X' characters then the user's account is marked as 
 		<constant>disabled</constant> and the user will not be able to 
 		log onto the Samba server. </para>
 		
@@ -89,14 +89,14 @@
 		
 		<varlistentry>
 		<term>NT Password Hash</term>
-		<listitem><para>This is the Windows NT hash of the users 
+		<listitem><para>This is the Windows NT hash of the user's 
 		password, encoded as 32 hex digits.  The Windows NT hash is 
-		created by taking the users password as represented in 
+		created by taking the user's password as represented in 
 		16-bit, little-endian UNICODE and then applying the MD4 
 		(internet rfc1321) hashing algorithm to it. </para>
 		
 		<para>This password hash is considered more secure than
-		the Lanman Password Hash as it preserves the case of the 
+		the LANMAN Password Hash as it preserves the case of the 
 		password and uses a much higher quality hashing algorithm. 
 		However, it is still the case that if two users choose the same 
 		password this entry will be identical (i.e. the password is 
@@ -132,7 +132,7 @@
 			in the smbpasswd file. </para></listitem>
 			
 			<listitem><para><emphasis>N</emphasis> - This means the
-			account has no password (the passwords in the fields Lanman 
+			account has no password (the passwords in the fields LANMAN 
 			Password Hash and NT Password Hash are ignored). Note that this 
 			will only allow users to log on with no password if the <parameter>
 			null passwords</parameter> parameter is set in the <ulink
diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml
index 8233234d352..c07b329c5e1 100644
--- a/docs/docbook/manpages/smbpasswd.8.sgml
+++ b/docs/docbook/manpages/smbpasswd.8.sgml
@@ -9,7 +9,7 @@
 
 <refnamediv>
 	<refname>smbpasswd</refname>
-	<refpurpose>change a users SMB password</refpurpose>
+	<refpurpose>change a user's SMB password</refpurpose>
 </refnamediv>
 
 <refsynopsisdiv>
@@ -45,7 +45,7 @@
 	SMB passwords. </para>
 
 	<para>By default (when run with no arguments) it will attempt to 
-	change the current users SMB password on the local machine. This is 
+	change the current user's SMB password on the local machine. This is 
 	similar to the way the <command>passwd(1)</command> program works. 
 	<command>smbpasswd</command> differs from how the passwd program works 
 	however in that it is not <emphasis>setuid root</emphasis> but works in 
@@ -56,10 +56,10 @@
 	the <filename>smbpasswd(5)</filename> file. </para>
 
 	<para>When run by an ordinary user with no options. smbpasswd 
-	will prompt them for their old smb password and then ask them 
+	will prompt them for their old SMB password and then ask them 
 	for their new password twice, to ensure that the new password
 	was typed correctly. No passwords will be echoed on the screen 
-	whilst being typed. If you have a blank smb password (specified by 
+	whilst being typed. If you have a blank SMB password (specified by 
 	the string "NO PASSWORD" in the smbpasswd file) then just press 
 	the &lt;Enter&gt; key when asked for your old password. </para>
 
@@ -117,7 +117,7 @@
 		will fail. </para>
 		
 		<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
-		format) there is no space in the users password entry to write
+		format) there is no space in the user's password entry to write
 		this information and so the user is disabled by writing 'X' characters 
 		into the password space in the smbpasswd file. See <command>smbpasswd(5)
 		</command> for details on the 'old' and new password file formats.
@@ -151,7 +151,7 @@
 
 		<varlistentry>
 		<term>-D debuglevel</term>
-		<listitem><para><parameter>debuglevel</parameter> is an integer 
+		<listitem><para><replaceable>debuglevel</replaceable> is an integer 
 		from 0 to 10.  The default value if this parameter is not specified 
 		is zero. </para>
 
@@ -335,7 +335,7 @@
 		<varlistentry>
 		<term>-s</term>
 		<listitem><para>This option causes smbpasswd to be silent (i.e. 
-		not issue prompts) and to read it's old and new passwords from 
+		not issue prompts) and to read its old and new passwords from 
 		standard  input, rather than from <filename>/dev/tty</filename> 
 		(like the <command>passwd(1)</command> program does). This option 
 		is to aid people writing scripts to drive smbpasswd</para>
diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml
index 3a95f116d92..7bec3c2cb2e 100644
--- a/docs/docbook/manpages/smbsh.1.sgml
+++ b/docs/docbook/manpages/smbsh.1.sgml
@@ -28,7 +28,7 @@
 	<para><command>smbsh</command> allows you to access an NT filesystem 
 	using UNIX commands such as <command>ls</command>, <command>
 	egrep</command>, and <command>rcp</command>. You must use a 
-	shell that is dynmanically linked in order for <command>smbsh</command> 
+	shell that is dynamically linked in order for <command>smbsh</command> 
 	to work correctly.</para>
 
 	<para>To use the <command>smbsh</command> command, execute <command>
diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml
index b847aadd059..d5c9c0a1148 100644
--- a/docs/docbook/manpages/smbspool.8.sgml
+++ b/docs/docbook/manpages/smbspool.8.sgml
@@ -1,5 +1,5 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="findsmb">
+<refentry id="smbspool">
 
 <refmeta>
 	<refentrytitle>smbspool</refentrytitle>
@@ -8,7 +8,7 @@
 
 
 <refnamediv>
-	<refname>nmblookup</refname>
+	<refname>smbspool</refname>
 	<refpurpose>send print file to an SMB printer</refpurpose>
 </refnamediv>
 
@@ -52,12 +52,12 @@
 	</itemizedlist>
 
 	<para>smbspool tries to get the URI from argv[0]. If argv[0] 
-	contains the name of the program then it looks in the <parameter>
-	DEVICE_URI</parameter> environment variable.</para>
+	contains the name of the program then it looks in the <envar>
+	DEVICE_URI</envar> environment variable.</para>
 
 	<para>Programs using the <command>exec(2)</command> functions can 
 	pass the URI in argv[0], while shell scripts must set the 
-	<parameter>DEVICE_URI</parameter> environment variable prior to
+	<envar>DEVICE_URI</envar> environment variable prior to
 	running smbspool.</para>
 </refsect1>
 
diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml
index 6f2361d0215..c2f638b88ef 100644
--- a/docs/docbook/manpages/smbstatus.1.sgml
+++ b/docs/docbook/manpages/smbstatus.1.sgml
@@ -1,5 +1,5 @@
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="findsmb">
+<refentry id="smbstatus">
 
 <refmeta>
 	<refentrytitle>smbstatus</refentrytitle>
diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.sgml
index 15e20a2e709..d6a1b65b578 100644
--- a/docs/docbook/manpages/smbumount.8.sgml
+++ b/docs/docbook/manpages/smbumount.8.sgml
@@ -24,7 +24,7 @@
 
 	<para>With this program, normal users can unmount smb-filesystems, 
 	provided that it is suid root.  <command>smbumount</command> has 
-	been written to give normal linux-users more control over their 
+	been written to give normal Linux users more control over their 
 	resources. It is safe to install this program suid root, because only 
 	the user who has mounted a filesystem is allowed to unmount it again.  
 	For root it is not necessary to use smbumount. The normal umount 
diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml
index aeff886de81..dc6989d5663 100644
--- a/docs/docbook/manpages/swat.8.sgml
+++ b/docs/docbook/manpages/swat.8.sgml
@@ -14,7 +14,7 @@
 
 <refsynopsisdiv>
 	<cmdsynopsis>
-		<command>nmblookup</command>
+		<command>swat</command>
 		<arg choice="opt">-s &lt;smb config file&gt;</arg>
 		<arg choice="opt">-a</arg>
 	</cmdsynopsis>
@@ -31,10 +31,10 @@
 	configure the complex <ulink url="smb.conf.5.html"><filename>
 	smb.conf(5)</filename></ulink> file via a Web browser. In addition, 
 	a <command>swat</command> configuration page has help links 
-	to all the configurable options in the smb.conf file allowing an 
+	to all the configurable options in the <filename>smb.conf</filename> file allowing an 
 	administrator to easily look up the effects of any change. </para>
 
-	<para>swat is run from inetd </para>
+	<para><command>swat</command> is run from <command>inetd</command> </para>
 </refsect1>
 
 
@@ -47,7 +47,7 @@
 		<listitem><para>The default configuration file path is 
 		determined at compile time.  The file specified contains 
 		the configuration details required by the <command>smbd
-		</command> server. This is the file that swat will modify. 
+		</command> server. This is the file that <command>swat</command> will modify. 
 		The information in this file includes server-specific 
 		information such as what printcap file to use, as well as 
 		descriptions of all the services that the server is to provide.
@@ -59,8 +59,8 @@
 		<varlistentry>
 		<term>-a</term>
 		<listitem><para>This option disables authentication and puts 
-		swat in demo mode. In that mode anyone will be able to modify 
-		the smb.conf file. </para>
+		<command>swat</command> in demo mode. In that mode anyone will be able to modify 
+		the <filename>smb.conf</filename> file. </para>
 		
 		<para><emphasis>Do NOT enable this option on a production 
 		server. </emphasis></para></listitem>
@@ -89,7 +89,7 @@
 
 		<para>You need to edit your <filename>/etc/inetd.conf
 		</filename> and <filename>/etc/services</filename>
-		to enable SWAT to be launched via inetd.</para>
+		to enable SWAT to be launched via <command>inetd</command>.</para>
 
 		<para>In <filename>/etc/services</filename> you need to 
 		add a line like this: </para>
@@ -123,10 +123,10 @@
 	<refsect2>
 		<title>Launching</title>
 
-		<para>To launch swat just run your favorite web browser and 
+		<para>To launch SWAT just run your favorite web browser and 
 		point it at "http://localhost:901/".</para>
 
-		<para>Note that you can attach to swat from any IP connected 
+		<para>Note that you can attach to SWAT from any IP connected 
 		machine but connecting from a remote machine leaves your 
 		connection open to password sniffing as passwords will be sent 
 		in the clear over the wire. </para>
diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml
index da90dc6e6c6..320e39e6f58 100644
--- a/docs/docbook/manpages/testparm.1.sgml
+++ b/docs/docbook/manpages/testparm.1.sgml
@@ -72,7 +72,7 @@
 		
 		<varlistentry>
 		<term>-L servername</term>
-		<listitem><para>Sets the value of the %L macro to servername.
+		<listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>.
 		This is useful for testing include files specified with the 
 		%L macro. </para></listitem>
 		</varlistentry>
@@ -90,7 +90,7 @@
 		<varlistentry>
 		<term>hostname</term>
 		<listitem><para>If this parameter and the following are 
-		specified, then testparm will examine the <parameter>hosts
+		specified, then <command>testparm</command> will examine the <parameter>hosts
 		allow</parameter> and <parameter>hosts deny</parameter> 
 		parameters in the <filename>smb.conf</filename> file to 
 		determine if the hostname with this IP address would be
@@ -126,7 +126,7 @@
 	<title>DIAGNOSTICS</title>
 
 	<para>The program will issue a message saying whether the 
-	configuration file loaded OK or not. This message may be preceeded by 
+	configuration file loaded OK or not. This message may be preceded by 
 	errors and warnings if the file did not load. If the file was 
 	loaded OK, the program then dumps all known service details 
 	to stdout. </para>
diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml
index 3a2e6c31859..7a1e738401d 100644
--- a/docs/docbook/manpages/wbinfo.1.sgml
+++ b/docs/docbook/manpages/wbinfo.1.sgml
@@ -149,7 +149,7 @@
 
 	<para>The wbinfo program returns 0 if the operation 
 	succeeded, or 1 if the operation failed.  If the <command>winbindd(8)
-	</command> daemon is not working wbinfo will always return 
+	</command> daemon is not working <command>wbinfo</command> will always return 
 	failure. </para>
 </refsect1>
 
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml
index 5b53e504cdb..a215c3d1af2 100644
--- a/docs/docbook/manpages/winbindd.8.sgml
+++ b/docs/docbook/manpages/winbindd.8.sgml
@@ -49,7 +49,7 @@
 	of user and group ids specified by the administrator of the 
 	Samba system.</para>
 
-	<para>The service provided by winbindd is called `winbind' and 
+	<para>The service provided by <command>winbindd</command> is called `winbind' and 
 	can be used to resolve user and group information from a 
 	Windows NT server. The service can also provide authentication
 	services via an associated PAM module. </para>
@@ -154,7 +154,7 @@ group:          files winbind
 		DOMAIN\username. In some cases this separator character may 
 		cause problems as the '\' character has special meaning in 
 		unix shells.  In that case you can use the winbind separator 
-		option to specify an alternative sepataror character. Good 
+		option to specify an alternative separator character. Good 
 		alternatives may be '/' (although that conflicts
 		with the unix directory separator) or a '+ 'character. 
 		The '+' character appears to be the best choice for 100% 
@@ -171,7 +171,7 @@ group:          files winbind
 		<term>winbind uid</term>
 		<listitem><para>The winbind uid parameter specifies the 
 		range of user ids that are allocated by the winbindd daemon.  
-		This range of ids should have no existing local or nis users 
+		This range of ids should have no existing local or NIS users 
 		within it as strange conflicts can occur otherwise. </para>
 
 		<para>Default: <command>winbind uid = &lt;empty string&gt; 
@@ -185,7 +185,7 @@ group:          files winbind
 		<term>winbind gid</term>
 		<listitem><para>The winbind gid parameter specifies the 
 		range of group ids that are allocated by the winbindd daemon.  
-		This range of group ids should have no existing local or nis 
+		This range of group ids should have no existing local or NIS 
 		groups within it as strange conflicts can occur otherwise.</para> 
 
 		<para>Default: <command>winbind gid = &lt;empty string&gt;
@@ -201,7 +201,7 @@ group:          files winbind
 		seconds the winbindd daemon will cache user and group information 
 		before querying a Windows NT server again. When a item in the 
 		cache is older than this time winbindd will ask the domain 
-		controller for the sequence number of the servers account database. 
+		controller for the sequence number of the server's account database. 
 		If the sequence number has not changed then the cached item is 
 		marked as valid for a further <parameter>winbind cache time
 		</parameter> seconds.  Otherwise the item is fetched from the 
@@ -225,7 +225,7 @@ group:          files winbind
 		return any data. </para>
 
 		<para><emphasis>Warning:</emphasis> Turning off user enumeration 
-		may cause some programs to behave oddly.  For example, the finger 
+		may cause some programs to behave oddly.  For example, the <command>finger</command> 
 		program relies on having access to the full user list when 
 		searching  for matching usernames. </para>
 
@@ -323,7 +323,7 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	<para><command>samedit -S '*' -W DOMAIN -UAdministrator</command></para>
  
 	<para>The username after the <parameter>-U</parameter> can be any Domain 
-	user that has administrator priviliges on the machine. Next from 
+	user that has administrator privileges on the machine. Next from 
 	within <command>samedit</command>, run the command: </para>
 
 	<para><command>createuser MACHINE$ -j DOMAIN -L</command></para>
@@ -331,11 +331,15 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	<para>This assumes your domain is called "DOMAIN" and your Samba 
 	workstation is called "MACHINE". </para>
 
-	<para>Next copy <filename>libnss_winbind.so.2</filename> to 
+	<para>Next copy <filename>libnss_winbind.so</filename> to 
 	<filename>/lib</filename> and <filename>pam_winbind.so</filename>
-	to <filename>/lib/security</filename>.</para>
+	to <filename>/lib/security</filename>.  A symbolic link needs to be
+	made from <filename>/lib/libnss_winbind.so</filename> to
+	<filename>/lib/libnss_winbind.so.2</filename>.  If you are using an
+	older version of glibc then the target of the link should be
+	<filename>/lib/libnss_winbind.so.1</filename>.</para>
 
-	<para>Finally, setup a smb.conf containing directives like the 
+	<para>Finally, setup a <filename>smb.conf</filename> containing directives like the 
 	following:  </para> 
 
 	<para><programlisting>
@@ -472,7 +476,7 @@ auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 
 	<para>This man page is correct for version 2.2 of 
 	the Samba suite.  winbindd is however not available in
-	stable release of Samba as of yet.</para>
+	the stable release of Samba as of yet.</para>
 </refsect1>
 
 <refsect1>
diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
index c6dbda15a35..0b1db84b204 100644
--- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
+++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="domain-security">
 
 <chapterinfo>
 	<author>
diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml
index 8b624bad1a5..6a26dbeffac 100644
--- a/docs/docbook/projdoc/ENCRYPTION.sgml
+++ b/docs/docbook/projdoc/ENCRYPTION.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="pwencrypt">
 
 
 <chapterinfo>
@@ -96,7 +96,7 @@
 	
 	<para>The unix and SMB password encryption techniques seem similar 
 	on the surface. This similarity is, however, only skin deep. The unix 
-	scheme typically sends clear text passwords over the nextwork when 
+	scheme typically sends clear text passwords over the network when 
 	logging in. This is bad. The SMB encryption scheme never sends the 
 	cleartext password over the network but it does store the 16 byte 
 	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
@@ -141,7 +141,7 @@
 		Microsoft SMB/CIFS clients support authentication via the
 		SMB Challenge/Response mechanism described here.  Enabling
 		clear text authentication does not disable the ability
-		of the client to particpate in encrypted authentication.</para>
+		of the client to participate in encrypted authentication.</para>
 	</warning>
 
 	<sect2>
diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml
index a6be4a0ffd5..2259dae029e 100644
--- a/docs/docbook/projdoc/NT_Security.sgml
+++ b/docs/docbook/projdoc/NT_Security.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="unix-permissions">
 
 <chapterinfo>
 	<author>
@@ -16,7 +16,7 @@
 </chapterinfo>
 
 
-<title>UNIX Permission Bits and WIndows NT Access Control Lists</title>
+<title>UNIX Permission Bits and Windows NT Access Control Lists</title>
 
 <sect1>
 	<title>Viewing and changing UNIX permissions using the NT 
@@ -33,7 +33,7 @@
 	administrator can set.</para>
 
 	<para>In Samba 2.0.4 and above the default value of the 
-	parameter <ulink url="smb.conf.5.html#NTACLSUPPOR"><parameter>
+	parameter <ulink url="smb.conf.5.html#NTACLSUPPORT"><parameter>
 	nt acl support</parameter></ulink> has been changed from 
 	<constant>false</constant> to <constant>true</constant>, so 
  	manipulation of permissions is turned on by default.</para>
@@ -75,7 +75,7 @@
 	<para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of 
 	the Samba server, <replaceable>user</replaceable> is the user name of 
 	the UNIX user who owns the file, and <replaceable>(Long name)</replaceable>
-	is the discriptive string identifying the user (normally found in the
+	is the descriptive string identifying the user (normally found in the
 	GECOS field of the UNIX password database). Click on the <command>Close
 	</command> button to remove this dialog.</para>
 
@@ -87,14 +87,14 @@
 	you to change the ownership of this file to yourself (clicking on 
 	it will display a dialog box complaining that the user you are 
 	currently logged onto the NT client cannot be found). The reason 
-	for this is that changing the ownership of a file is a privilaged 
+	for this is that changing the ownership of a file is a privileged 
 	operation in UNIX, available only to the <emphasis>root</emphasis> 
 	user. As clicking on this button causes NT to attempt to change 
 	the ownership of a file to the current user logged into the NT 
 	client this will not work with Samba at this time.</para>
 
 	<para>There is an NT chown command that will work with Samba 
-	and allow a user with Administrator privillage connected 
+	and allow a user with Administrator privilege connected 
 	to a Samba 2.0.4 server as root to change the ownership of 
 	files on both a local NTFS filesystem or remote mounted NTFS 
 	or Samba drive. This is available as part of the <emphasis>Seclib
@@ -116,7 +116,7 @@
 	<para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of 
 	the Samba server, <replaceable>user</replaceable> is the user name of 
 	the UNIX user who owns the file, and <replaceable>(Long name)</replaceable>
-	is the discriptive string identifying the user (normally found in the
+	is the descriptive string identifying the user (normally found in the
 	GECOS field of the UNIX password database).</para>
 
 	<para>If the parameter <parameter>nt acl support</parameter>
@@ -133,7 +133,7 @@
 		<title>File Permissions</title>
 
 		<para>The standard UNIX user/group/world triple and 
-		the correspinding "read", "write", "execute" permissions 
+		the corresponding "read", "write", "execute" permissions 
 		triples are mapped by Samba into a three element NT ACL 
 		with the 'r', 'w', and 'x' bits mapped into the corresponding 
 		NT permissions. The UNIX world permissions are mapped into 
@@ -200,7 +200,7 @@
 
 	<para>The first thing to note is that the <command>"Add"</command> 
 	button will not return a list of users in Samba 2.0.4 (it will give 
-	an error message of <command>"The remote proceedure call failed 
+	an error message of <command>"The remote procedure call failed 
 	and did not execute"</command>). This means that you can only 
 	manipulate the current user/group/world permissions listed in 
 	the dialog box. This actually works quite well as these are the 
@@ -231,7 +231,7 @@
 	user/group/world  component then you may either highlight the 
 	component and click the <command>"Remove"</command> button, 
 	or set the component to only have the special <command>"Take
-	Ownership"</command> permission (dsplayed as <command>"O"
+	Ownership"</command> permission (displayed as <command>"O"
 	</command>) highlighted.</para>
 </sect1>
 
@@ -281,7 +281,7 @@
 	as the <ulink url="smb.conf.5.html#FORCECREATEMODE"><parameter>force 
 	create mode</parameter></ulink> parameter to provide compatibility
 	with Samba 2.0.4 where the permission change facility was introduced.
-	To allow a user to modify all the user/group/world permissions on a file,
+	To allow a user to modify all the user/group/world permissions on a file
 	with no restrictions set this parameter to 000.</para>
 
 	<para>The <parameter>security mask</parameter> and <parameter>force 
diff --git a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
index 5db80cda3d7..ca7ad6a754e 100644
--- a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
+++ b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="os2">
 
 
 <chapterinfo>
@@ -116,7 +116,7 @@
 		driver from an OS/2 system.</para>
 		
 		<para>Install the NT driver first for that printer.  Then, 
-		add to your smb.conf a paramater, "os2 driver map = 
+		add to your smb.conf a parameter, "os2 driver map = 
 		<replaceable>filename</replaceable>".  Then, in the file 
 		specified by <replaceable>filename</replaceable>, map the 
 		name of the NT driver name to the OS/2 driver name as 
diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
index 8135492951c..bbed6c4e104 100644
--- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="samba-pdc">
 
 
 <chapterinfo>
@@ -8,17 +8,46 @@
 			<orgname>VA Linux Systems/Samba Team</orgname>
 			<address><email>jerry@samba.org</email></address>
 		</affiliation>
+		<firstname>David</firstname><surname>Bannon</surname>
+		<affiliation>
+			<orgname>Samba Team</orgname>
+			<address><email>dbannon@samba.org</email></address>
+		</affiliation>
+		
 	</author>
-	<pubdate>15 Apr 2001</pubdate>
+	<pubdate> (26 Apr 2001) </pubdate>
 </chapterinfo>
 
 <title>
-How to Configure Samba 2.2.x as a Primary Domain Controller
+How to Configure Samba 2.2 as a Primary Domain Controller
 </title>
 
 
 <!-- **********************************************************
 
+     Prerequisite Reading
+
+*************************************************************** -->
+<sect1>
+<title>Prerequisite Reading</title>
+
+<para>
+Before you continue reading in this chapter, please make sure 
+that you are comfortable with configuring basic files services
+in smb.conf and how to enable and administer password 
+encryption in Samba.  Theses two topics are covered in the
+<ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> 
+manpage and the <ulink url="ENCRYPTION.html">Encryption chapter</ulink> 
+of this HOWTO Collection.
+</para>
+
+
+</sect1>
+
+
+
+<!-- **********************************************************
+
      Background Information
 
 *************************************************************** -->
@@ -27,44 +56,83 @@ How to Configure Samba 2.2.x as a Primary Domain Controller
 Background
 </title>
 
-<para><emphasis>Author's Note :</emphasis> This document
-is a combination of David Bannon's Samba 2.2 PDC HOWTO
-and the Samba NT Domain FAQ. Both documents are superceeded by this one.
+<note>
+<para>
+<emphasis>Author's Note :</emphasis> This document is a combination 
+of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. 
+Both documents are superseded by this one.
 </para>
+</note>
 
 <para>
 Version of Samba prior to release 2.2 had marginal capabilities to
-act as a Windows NT 4.0 Primary Domain Controller (PDC).  The following 
-functionality should work in 2.2.0:
+act as a Windows NT 4.0 Primary DOmain Controller <indexterm><primary>Primary 
+Domain Controller</primary></indexterm> (PDC).  Beginning with 
+Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 
+style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through 
+SP1) clients.  This article outlines the steps necessary for configuring Samba 
+as a PDC.  It is necessary to have a working Samba server prior to implementing the 
+PDC functionality.  If you have not followed the steps outlined in 
+<ulink url="UNIX_INSTALL.html"> UNIX_INSTALL.html</ulink>, please make sure 
+that your server is configured correctly before proceeding.  Another good 
+resource in the <ulink url="smb.conf.5.html">smb.conf(5) man 
+page</ulink>. The following  functionality should work in 2.2:
 </para>
 
 <itemizedlist>
-	<listitem><para>domain logons for Windows NT 4.0/2000 clients</para></listitem>
+	<listitem><para>
+	domain logons for Windows NT 4.0/2000 clients.
+	</para></listitem>
 	
-	<listitem><para>placing a Windows 9x client in user level security</para></listitem>
+	<listitem><para>
+	placing a Windows 9x client in user level security
+	</para></listitem>
 	
-	<listitem><para>retrieving a list of users and groups from a Samba PDC to
-	Windows 9x/NT/2000 clients </para></listitem>
+	<listitem><para>
+	retrieving a list of users and groups from a Samba PDC to
+	Windows 9x/NT/2000 clients
+	</para></listitem>
 	
-	<listitem><para>roving user profiles</para></listitem>
+	<listitem><para>
+	roving (roaming) user profiles
+	</para></listitem>
 	
-	<listitem><para>Windows NT 4.0 style system policies</para></listitem>
+	<listitem><para>
+	Windows NT 4.0 style system policies
+	</para></listitem>
 </itemizedlist>
 
+<warning>
+	<title>Windows 2000 Service Pack 2 Clients</title>
+	<para>
+	Samba 2.2.1 is required for PDC functionality when using Windows 2000 
+	SP2 clients. 
+	</para>
+</warning>
+
+
 <para>
 The following pieces of functionality are not included in the 2.2 release:
 </para>
 
 <itemizedlist>
-	<listitem><para>Windows NT 4 domain trusts</para></listitem>
+	<listitem><para>
+	Windows NT 4 domain trusts
+	</para></listitem>
 	
-	<listitem><para>Sam replication with Windows NT 4.0 Domain Controllers
-	(i.e. a Samba PDC and a Windows NT BDC or vice versa) </para></listitem>
+	<listitem><para>
+	SAM replication with Windows NT 4.0 Domain Controllers
+	(i.e. a Samba PDC and a Windows NT BDC or vice versa) 
+	</para></listitem>
 	
-	<listitem><para>Adding users via the User Manager for Domains</para></listitem>
+	<listitem><para>
+	Adding users via the User Manager for Domains
+	</para></listitem>
 
-	<listitem><para>Acting as a Windows 2000 Domain Controller (i.e. Kerberos
-	and Active Directory)</para></listitem>
+	<listitem><para>
+	Acting as a Windows 2000 Domain Controller (i.e. Kerberos and 
+	Active Directory)
+	</para></listitem>
 </itemizedlist>
 
 <para>
@@ -75,19 +143,6 @@ from NT4 domain logons and has been officially supported for some
 time.
 </para>
 
-<para>
-Beginning with Samba 2.2.0, we are proud to announce official 
-support for Windows NT 4.0 style domain logons from Windows NT
-4.0 and Windows 2000 (including SP1) clients.  This article 
-outlines the steps necessary for configuring Samba as a PDC.
-Note that it is necessary to have a working Samba server
-prior to implementing the PDC functionality.  If you have not 
-followed the steps outlined in <ulink url="UNIX_INSTALL.html">
-UNIX_INSTALL.html</ulink>, please make sure that your server 
-is configured correctly before proceeding.  Another good 
-resource in the <ulink url="smb.conf.5.html">smb.conf(5) man 
-page</ulink>.
-</para>
 
 <para>
 Implementing a Samba PDC can basically be divided into 2 broad
@@ -95,11 +150,14 @@ steps.
 </para>
 
 <orderedlist numeration="Arabic">
-	<listitem><para>Configuring the Samba Domain Controller
+	<listitem><para>
+	Configuring the Samba PDC
 	</para></listitem>
 	
-	<listitem><para>Creating machine trust accounts
-	and joining clients to the domain</para></listitem>
+	<listitem><para>
+	Creating machine trust accounts	and joining clients 
+	to the domain
+	</para></listitem>
 </orderedlist>
 
 <para>
@@ -164,7 +222,7 @@ Here is an example smb.conf for acting as a PDC:
     <ulink url="smb.conf.5.html#LOGONHOME">logon home</ulink> = \\homeserver\%u
     
     ; specify a generic logon script for all users
-    ; this is a relative path to the [netlogon] share
+    ; this is a relative **DOS** path to the [netlogon] share
     <ulink url="smb.conf.5.html#LOGONSCRIPT">logon script</ulink> = logon.cmd
 
 ; necessary share for domain controller
@@ -182,28 +240,32 @@ Here is an example smb.conf for acting as a PDC:
 </programlisting></para>
 
 <para>
-There are a couple of points to emphasize in the above
-configuration.
+There are a couple of points to emphasize in the above configuration.
 </para>
 
 <itemizedlist>
-	<listitem><para>encrypted passwords must be enabled.
-	For more details on how to do this, refer to 
-	<ulink url="ENCRYPTION.html">ENCRYPTION.html</ulink>.
+	<listitem><para>
+	Encrypted passwords must be enabled.  For more details on how 
+	to do this, refer to <ulink url="ENCRYPTION.html">ENCRYPTION.html</ulink>.
 	</para></listitem>
 	
-	<listitem><para>The server must support domain logons
-	and a <filename>[netlogon]</filename> share</para></listitem>
+	<listitem><para>
+	The server must support domain logons and a
+	<filename>[netlogon]</filename> share
+	</para></listitem>
 	
-	<listitem><para>The server must be the domain master browser
-	in order for Windows client to locate the server as a DC.</para>
-	</listitem>
+	<listitem><para>
+	The server must be the domain master browser in order for Windows 
+	client to locate the server as a DC.  Please refer to the various 
+	Network Browsing documentation included with this distribution for 
+	details.
+	</para></listitem>
 </itemizedlist>    
 
 <para>
 As Samba 2.2 does not offer a complete implementation of group mapping between 
 Windows NT groups and UNIX groups (this is really quite complicated to explain 
-in a short space), you should refer to the <ulink url="smb.conf.5.html#DOMAINADMONUSERS">domain 
+in a short space), you should refer to the <ulink url="smb.conf.5.html#DOMAINADMINUSERS">domain 
 admin users</ulink> and <ulink url="smb.conf.5.html#DOMAINADMINGROUP">domain 
 admin group</ulink> smb.conf parameters for information of creating a Domain Admins 
 style accounts.
@@ -217,24 +279,28 @@ style accounts.
 to the Domain</title>
 
 <para>
-First you must understand what a machine trust account is and what 
-it is used for.
-</para>
-
-<para>
-A machine trust account is a user account owned by a computer.  
+A machine trust account is a samba user account owned by a computer.  
 The account password acts as the shared secret for secure 
-communication with the Domain Controller.  Hence the reason that
-a Windows 9x host is never a true member of a domain because
-it does not posses a machine trust account and thus has no shared
-secret with the DC.
+communication with the Domain Controller.  This is a security feature
+to prevent an unauthorized machine with the same NetBIOS name from 
+joining the domain and gaining access to domain user/group accounts.  
+Hence a Windows 9x host is never a true member of a domain because it does 
+not posses a machine trust account, and thus has no shared secret with the DC.
 </para>
 
 <para>
 On a Windows NT PDC, these machine trust account passwords are stored
-in the registry.  A Samba PDC stores these accounts in he same location
+in the registry.  A Samba PDC stores these accounts in the same location
 as user LanMan and NT password hashes (currently <filename>smbpasswd</filename>).
-However, machine trust accounts only possess the NT password hash.
+However, machine trust accounts only possess and use the NT password hash.
+</para>
+
+<para>
+Because Samba requires machine accounts to possess a UNIX uid from
+which an Windows NT SID can be generated, all of these accounts
+must have an entry in <filename>/etc/passwd</filename> and smbpasswd.  
+Future releases will alleviate the need to create 
+<filename>/etc/passwd</filename> entries.  
 </para>
 
 <para>
@@ -242,25 +308,35 @@ There are two means of creating machine trust accounts.
 </para>
 
 <itemizedlist>
-	<listitem><para>Manual creation before joining the client
-	to the domain.  In this case, the password is set to a known
-	value -- the lower case of the machine's netbios name.</para></listitem>
+	<listitem><para>
+	Manual creation before joining the client to the domain.  In this case, 
+	the password is set to a known value -- the lower case of the 
+	machine's NetBIOS name.
+	</para></listitem>
 	
-	<listitem><para>Creation of the account at the time of 
-	joining the domain.  In this case, the session key of the 
-	administrative account used to join the client to the domain acts
-	as an encryption key for setting the password to a random value.</para>
-	</listitem>
+	<listitem><para>
+	Creation of the account at the time of joining the domain.  In 
+	this case, the session key of the administrative account used to join 
+	the client to the domain acts as an encryption key for setting the 
+	password to a random value (This is the recommended method).
+	</para></listitem>
 </itemizedlist>
 
+<sect2>
+<title>Manually creating machine trust accounts</title>
+
 <para>
-Because Samba requires machine accounts to possess a UNIX uid from
-which an Windows NT SID can be generated, all of these accounts
-will have an entry in <filename>/etc/passwd</filename> and smbpasswd.  
-Future releases will alleviate the need to create 
-<filename>/etc/passwd</filename> entries.
+The first step in creating a machine trust account by hand is to 
+create an entry for the machine in /etc/passwd.  This can be done 
+using <command>vipw</command> or any 'add userr' command which is normally 
+used to create new UNIX accounts.  The following is an example for a Linux 
+based Samba server:
 </para>
 
+<para>
+<prompt>root# </prompt>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>
+machine_nickname</replaceable> -m -s /bin/false <replaceable>machine_name</replaceable>$
+</para>
 
 <para>
 The <filename>/etc/passwd</filename> entry will list the machine name 
@@ -270,39 +346,60 @@ home directory. For example a machine called 'doppy' would have an
 </para>
 
 <para><programlisting>
-doppy$:x:505:501:NTMachine:/dev/null:/bin/false
+doppy$:x:505:501:<replaceable>machine_nickname</replaceable>:/dev/null:/bin/false
 </programlisting></para>
 
 <para>
-If you are manually creating the machine accounts, it is necessary
-to add the <filename>/etc/passwd</filename> (or NIS passwd
-map) entry prior to adding the <filename>smbpasswd</filename>
-entry.  The following command will create a new machine account
-ready for use.
+Above, <replaceable>machine_nickname</replaceable> can be any descriptive name for the
+pc i.e. BasementComputer. The <replaceable>machine_name</replaceable> absolutely must be 
+the NetBIOS name of the pc to be added to the domain.  The "$" must append the NetBIOS
+name of the pc or samba will not recognize this as a machine account
 </para>
 
+
 <para>
-<prompt>root# </prompt> smbpasswd -a -m <replaceable>machine_name</replaceable>
+Now that the UNIX account has been created, the next step is to create 
+the smbpasswd entry for the machine containing the well known initial 
+trust account password.  This can be done using the <ulink 
+url="smbpasswd.6.html"><command>smbpasswd(8)</command></ulink> command 
+as shown here:
 </para>
 
 <para>
-where <replaceable>machine_name</replaceable> is the machine's netbios
-name.
+<prompt>root# </prompt> smbpasswd -a -m <replaceable>machine_name</replaceable>
 </para>
 
 <para>
-<emphasis>If you manually create a machine account, immediately join
-the client to the domain.</emphasis>  An open account like this
-can allow intruders to gain access to user account information
-in your domain.
+where <replaceable>machine_name</replaceable> is the machine's NetBIOS
+name. 
 </para>
 
+<warning>
+	<title>Join the client to the domain immediately</title>
+
+	<para>
+	Manually creating a machine trust account using this method is the 
+	equivalent of creating a machine account on a Windows NT PDC using 
+	the "Server Manager".  From the time at which the account is created
+	to the time which th client joins the domain and changes the password,
+	your domain is vulnerable to an intruder joining your domain using a
+	a machine with the same NetBIOS name.  A PDC inherently trusts
+	members of the domain and will serve out a large degree of user 
+	information to such clients.  You have been warned!
+	</para>
+</warning>
+</sect2>
+
+
+<sect2>
+<title>Creating machine trust accounts "on the fly"</title>
+
 <para>
-The second way of creating machine trust accounts is to add
-them on the fly at the time the client is joined to the domain.
-You will need to include a value for the 
-<ulink url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink>
-parameter.  Below is an example I use on a RedHat 6.2 Linux system.
+The second, and most recommended way of creating machine trust accounts 
+is to create them as needed at the time the client is joined to 
+the domain.  You will need to include a value for the <ulink 
+url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink>
+parameter.  Below is an example from a RedHat 6.2 Linux system.
 </para>
 
 <para><programlisting>
@@ -310,13 +407,13 @@ add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
 </programlisting></para>
 
 <para>
-In Samba 2.2.0, <emphasis>only the root account</emphasis> can be used to create
-machine accounts on the fly like this.  Therefore, it is required
-to create an entry in smbpasswd for <emphasis>root</emphasis>.
-The password <emphasis>SHOULD</emphasis> be set to s different
-password that the associated <filename>/etc/passwd</filename>
-entry for security reasons.
+In Samba 2.2.1, <emphasis>only the root account</emphasis> can be used to create
+machine accounts like this.  Therefore, it is required to create 
+an entry in smbpasswd for <emphasis>root</emphasis>.  The password 
+<emphasis>SHOULD</emphasis> be set to s different password that the 
+associated <filename>/etc/passwd</filename> entry for security reasons.
 </para>
+</sect2>
 </sect1>
 
 <!-- **********************************************************
@@ -330,108 +427,145 @@ entry for security reasons.
 
 <para>
 </para>
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>I cannot include a '$' in a machine name.</emphasis>
+	</para>
+    
+	<para>
+	A 'machine name' in (typically) <filename>/etc/passwd</> 	
+	of the machine name with a '$' appended. FreeBSD (and other BSD 
+	systems ?) won't create a user with a '$' in their name.
+	</para>
 
-<para>
-<emphasis>I cannot include a '$' in a machine name.</emphasis>
-</para>
-
-<para>
-A 'machine name' in (typically) <filename>/etc/passwd</> 	
-of the machine name with a '$' appended. FreeBSD (and other BSD 
-systems ?) won't create a user with a '$' in their name.
-</para>
+	<para>
+	The problem is only in the program used to make the entry, once 
+	made, it works perfectly. So create a user without the '$' and 
+	use <command>vipw</> to edit the entry, adding the '$'. Or create 
+	the whole entry with vipw if you like, make sure you use a 
+	unique uid !
+	</para>
+</listitem>
+  
+<listitem>
+	<para>
+	<emphasis>I get told "You already have a connection to the Domain...." 
+	or "Cannot join domain, the credentials supplied conflict with an 
+	existing set.." when creating a machine account.</emphasis>
+	</para>
 
-<para>
-The problem is only in the program used to make the entry, once 
-made, it works perfectly. So create a user without the '$' and 
-use <command>vipw</> to edit the entry, adding the '$'. Or create 
-the whole entry with vipw if you like, make sure you use a 
-unique uid !
-</para>
+	<para>
+	This happens if you try to create a machine account from the 
+	machine itself and already have a connection (e.g. mapped drive) 
+	to a share (or IPC$) on the Samba PDC.  The following command
+	will remove all network drive connections:
+	</para>
 
+	<para>
+	<prompt>C:\WINNT\></prompt> <command>net use * /d</command>
+	</para>
 
-<para>
-<emphasis>I get told "You already have a connection to the Domain...." 
-when creating a machine account.</emphasis>
-</para>
+	<para>
+	Further, if the machine is a already a 'member of a workgroup' that 
+	is the same name as the domain you are joining (bad idea) you will 
+	get this message.  Change the workgroup name to something else, it 
+	does not matter what, reboot, and try again.
+	</para>
+</listitem>
 
-<para>
-This happens if you try to create a machine account from the 
-machine itself and use a user name that does not work (for whatever 
-reason) and then try another (possibly valid) user name.
-Exit out of the network applet to close the initial connection 
-and try again.
-</para>
+<listitem>
+	<para>
+	<emphasis>The system can not log you on (C000019B)....</emphasis>
+	</para>
 
-<para>
-Further, if the machine is a already a 'member of a workgroup' that 
-is the same name as the domain you are joining (bad idea) you will 
-get this message.  Change the workgroup name to something else, it 
-does not matter what, reboot, and try again.
-</para>
+	<para>I joined the domain successfully but after upgrading 
+	to a newer version of the Samba code I get the message, "The system 
+	can not log you on (C000019B), Please try a gain or consult your 
+	system administrator" when attempting to logon.
+	</para>
 
-<para>
-<emphasis>I get told "Cannot join domain, the credentials supplied 
-conflict with an existing set.."</emphasis>
-</para>
+	<para>
+	This occurs when the domain SID stored in 
+	<filename>private/WORKGROUP.SID</filename> is 
+	changed.  For example, you remove the file and <command>smbd</command> automatically 
+	creates a new one.  Or you are swapping back and forth between 
+	versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
+	only way to correct the problem is to restore the original domain 
+	SID or remove the domain client from the domain and rejoin.
+	</para>
+</listitem>
 
-<para>
-This is the same basic problem as mentioned above, "You already 
-have a connection..."
-</para>
+<listitem>
+	<para>
+	<emphasis>The machine account for this computer either does not 
+	exist or is not accessible.</emphasis>
+	</para>
 
-<para>
-<emphasis>
-"The system can not log you on (C000019B)...."</emphasis>
-</para>
+	<para>
+	When I try to join the domain I get the message "The machine account 
+	for this computer either does not exist or is not accessible". Whats 
+	wrong?
+	</para>
 
-<para>I joined the domain successfully but after upgrading 
-to a newer version of the Samba code I get the message, "The system 
-can not log you on (C000019B), Please try a gain or consult your 
-system administrator" when attempting to logon.
-</para>
+	<para>
+	This problem is caused by the PDC not having a suitable machine account. 
+	If you are using the <parameter>add user script</parameter> method to create 
+	accounts then this would indicate that it has not worked. Ensure the domain 
+	admin user system is working.
+	</para>
 
-<para>
-This occurs when the domain SID stored in 
-<filename>private/WORKGROUP.SID</filename> is 
-changed.  For example, you remove the file and <command>smbd</command> automatically 
-creates a new one.  Or you are swapping back and forth between 
-versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
-only way to correct the problem is to restore the original domain 
-SID or 	remove the domain client from the domain and rejoin.
-</para> 
+	<para>
+	Alternatively if you are creating account entries manually then they 
+	have not been created correctly. Make sure that you have the entry 
+	correct for the machine account in smbpasswd file on the Samba PDC. 
+	If you added the account using an editor rather than using the smbpasswd 
+	utility, make sure that the account name is the machine NetBIOS name 
+	with a '$' appended to it ( i.e. computer_name$ ). There must be an entry 
+	in both /etc/passwd and the smbpasswd file. Some people have reported 
+	that inconsistent subnet masks between the Samba server and the NT 
+	client have caused this problem.   Make sure that these are consistent 
+	for both client and server.
+	</para>
+</listitem>
 
+<listitem>
+	<para>
+	<emphasis>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
+	I get a message about my account being disabled.</emphasis>
+	</para>
 
-<para>
-<emphasis>"The machine account for this computer either does not 
-exist or is not accessible."</emphasis>
-</para>
+	<para>
+	This problem is caused by a PAM related bug in Samba 2.2.0.  This bug is 
+	fixed in 2.2.1.  Other symptoms could be unaccessible shares on 
+	NT/W2K member servers in the domain or the following error in your smbd.log:
+	passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%
+	</para>
+ 
+	<para>
+	At first be ensure to enable the useraccounts with <command>smbpasswd -e 
+	%user%</command>, this is normally done, when you create an account.
+	</para>
 
-<para>
-When I try to join the domain I get the message "The machine account 
-for this computer either does not exist or is not accessible". Whats 
-wrong ?
-</para>
+	<para>
+	In order to work around this problem in 2.2.0, configure the 
+	<parameter>account</parameter> control flag in 
+	<filename>/etc/pam.d/samba</filename> file as follows:
+	</para> 
 
-<para>
-This problem is caused by the PDC not having a suitable machine account. 
-If you are using the <command>add user script =</> method to create 
-accounts then this would indicate that it has not worked. Ensure the domain 
-admin user system is working.
-</para>
+	<para><programlisting>
+	account required        pam_permit.so
+	</programlisting></para>
 
-<para>
-Alternatively if you are creating account entries manually then they 
-have not been created correctly. Make sure that you have the entry 
-correct for the machine account in smbpasswd file on the Samba PDC. 
-If you added the account using an editor rather than using the smbpasswd 
-utility, make sure that the account name is the machine netbios name 
-with a '$' appended to it ( ie. computer_name$ ). There must be an entry 
-in both /etc/passwd and the smbpasswd file. Some people have reported 
-that inconsistent subnet masks between the Samba server and the NT 
-client have caused this problem.   Make sure that these are consistent 
-for both client and server.
-</para>
+	<para>
+	If you want to remain backward compatibility to samba 2.0.x use
+	<filename>pam_permit.so</filename>, it's also possible to use 
+	<filename>pam_pwdb.so</filename>. There are some bugs if you try to 
+	use <filename>pam_unix.so</filename>, if you need this, be ensure to use
+	the most recent version of this file.
+	</para>
+</listitem>
+</itemizedlist>
 
 </sect1>
 
@@ -460,89 +594,98 @@ Profiles and Policies in Windows NT 4.0</ulink> available from Microsoft.
 Here are some additional details:
 </para>
 
-<para>
-<emphasis>What about Windows NT Policy Editor ?</emphasis>
-</para>
+<itemizedlist>
 
-<para>
-To create or edit <filename>ntconfig.pol</filename> you must use 
-the NT Server Policy Editor, <command>poledit.exe</command>	which 
-is included with NT Server but <emphasis>not NT Workstation</emphasis>. 
-There is a Policy Editor on a NTws 
-but it is not suitable for creating <emphasis>Domain Policies</emphasis>. 
-Further, although the Windows 95 
-Policy Editor can be installed on an NT Workstation/Server, it will not
-work with NT policies because the registry key that are set by the policy templates. 
-However, the files from the NT Server will run happily enough on an NTws. 
-You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient
-to put the two *.adm files in <filename>c:\winnt\inf</> which is where
-the binary will look for them unless told otherwise. Note also that that 
-directory is 'hidden'.
-</para>
+<listitem>
+	<para>
+	<emphasis>What about Windows NT Policy Editor ?</emphasis>
+	</para>
 
-<para>The Windows NT policy editor is also included with the 
-Service Pack 3 (and later) for Windows NT 4.0. Extract the files using 
-<command>servicepackname /x</command>, ie thats <command>Nt4sp6ai.exe 
-/x</command> for service pack 6a.  The policy editor, <command>poledit.exe</command> and the 
-associated template files (*.adm) should
-be extracted as well.  It is also possible to downloaded the policy template 
-files for Office97 and get a copy of the policy editor.  Another possible 
-location is with the Zero Administration Kit available for download from Microsoft.
-</para>
+	<para>
+	To create or edit <filename>ntconfig.pol</filename> you must use 
+	the NT Server Policy Editor, <command>poledit.exe</command>	which 
+	is included with NT Server but <emphasis>not NT Workstation</emphasis>. 
+	There is a Policy Editor on a NTws 
+	but it is not suitable for creating <emphasis>Domain Policies</emphasis>. 
+	Further, although the Windows 95 
+	Policy Editor can be installed on an NT Workstation/Server, it will not
+	work with NT policies because the registry key that are set by the policy templates. 
+	However, the files from the NT Server will run happily enough on an NTws. 	
+	You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient
+	to put the two *.adm files in <filename>c:\winnt\inf</> which is where
+	the binary will look for them unless told otherwise. Note also that that 
+	directory is 'hidden'.
+	</para>
 
+	<para>
+	The Windows NT policy editor is also included with the Service Pack 3 (and 
+	later) for Windows NT 4.0. Extract the files using <command>servicepackname /x</command>, 
+	i.e. that's <command>Nt4sp6ai.exe /x</command> for service pack 6a.  The policy editor, 
+	<command>poledit.exe</command> and the associated template files (*.adm) should
+	be extracted as well.  It is also possible to downloaded the policy template 
+	files for Office97 and get a copy of the policy editor.  Another possible 
+	location is with the Zero Administration Kit available for download from Microsoft.
+	</para>
+</listitem>
 
-<para>
-<emphasis>Can Win95 do Policies ?</emphasis>
-</para>
 
-<para>
-Install the group policy handler for Win9x to pick up group 
-policies.   Look on the Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. 
-Install group policies on a Win9x client by double-clicking 
-<filename>grouppol.inf</filename>. Log off and on again a couple of 
-times and see if Win98 picks up group policies.  Unfortunately this needs 
-to be done on every Win9x machine that uses group policies....
-</para> 
+<listitem>
+	<para>
+	<emphasis>Can Win95 do Policies ?</emphasis>
+	</para>
 
-<para>
-If group policies don't work one reports suggests getting the updated 
-(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
-from /etc/group.
-</para>
+	<para>
+	Install the group policy handler for Win9x to pick up group 
+	policies.   Look on the Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. 
+	Install group policies on a Win9x client by double-clicking 
+	<filename>grouppol.inf</filename>. Log off and on again a couple of 
+	times and see if Win98 picks up group policies.  Unfortunately this needs 
+	to be done on every Win9x machine that uses group policies....
+	</para> 
 
-<para>
-<emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis>
-</para>
+	<para>
+	If group policies don't work one reports suggests getting the updated 
+	(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
+	from /etc/group.
+	</para>
+</listitem>
 
-<para>
-Since I don't need to buy an NT Server CD now, how do I get 
-the 'User Manager for Domains', the 'Server Manager' ?
-</para>
 
-<para>
-Microsoft distributes a version of 
-these tools called nexus for installation on Windows 95 systems.  The 
-tools set includes
-</para>
+<listitem>
+	<para>
+	<emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis>
+	</para>
+
+	<para>
+	Since I don't need to buy an NT Server CD now, how do I get 
+	the 'User Manager for Domains', the 'Server Manager' ?
+	</para>
+
+	<para>
+	Microsoft distributes a version of these tools called nexus for 
+	installation on Windows 95 systems.  The tools set includes
+	</para>
 	
-<itemizedlist>
-	<listitem><para>Server Manager</para></listitem> 
+	<itemizedlist>
+		<listitem><para>Server Manager</para></listitem> 
 		
-	<listitem><para>User Manager for Domains</para></listitem> 
+		<listitem><para>User Manager for Domains</para></listitem> 
 
-	<listitem><para>Event Viewer</para></listitem> 
-</itemizedlist>
+		<listitem><para>Event Viewer</para></listitem> 
+	</itemizedlist>
 
-<para>
-Click here to download the archived file <ulink 
-url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink>
-</para>
+	<para>
+	Click here to download the archived file <ulink 
+	url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink>
+	</para>
 
-<para>
-The Windows NT 4.0 version of the 'User Manager for 
-Domains' and 'Server Manager' are available from Microsoft via ftp 
-from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink>
-</para>
+	<para>
+	The Windows NT 4.0 version of the 'User Manager for 
+	Domains' and 'Server Manager' are available from Microsoft via ftp 
+	from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink>
+	</para>
+</listitem>
+</itemizedlist>
 
 </sect1>
 
@@ -564,14 +707,16 @@ of mailing lists, RFC's and documentation.  The docs that come
 with the samba distribution contain very good explanations of 
 general SMB topics such as browsing.</para> 
 
-<para>
-<emphasis>What are some diagnostics tools I can use to debug the domain logon 
-process and where can I	find them?</emphasis>
-</para>
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>What are some diagnostics tools I can use to debug the domain logon 
+	process and where can I	find them?</emphasis>
+	</para>
 
-    <para>
+   <para>
 	One of the best diagnostic tools for debugging problems is Samba itself.  
-	You can use the -d option for both smbd and nmbd to specifiy what 
+	You can use the -d option for both smbd and nmbd to specify what 
 	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
 	smb.conf for more information on debugging options.  The debug 
 	level can range from 1 (the default) to 10 (100 for debugging passwords).
@@ -601,9 +746,9 @@ process and where can I	find them?</emphasis>
 		<listitem><para>smbclient -L //{netbios name of server}</para></listitem>
 	</itemizedlist>
     
-    <para>
+	<para>
 	An SMB enabled version of tcpdump is available from 
-    <ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>.
+	<ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>.
 	Ethereal, another good packet sniffer for UNIX and Win32
 	hosts, can be downloaded from <ulink 
 	url="http://www.ethereal.com/">http://www.ethereal.com</ulink>.
@@ -614,17 +759,21 @@ process and where can I	find them?</emphasis>
 	(aka. netmon) is available on the Microsoft Developer Network CD's, 
 	the Windows NT Server install CD and the SMS CD's.  The version of 
 	netmon that ships with SMS allows for dumping packets between any two 
-	computers (ie. placing the network interface in promiscuous mode).  
+	computers (i.e. placing the network interface in promiscuous mode).  
 	The version on the NT Server install CD will only allow monitoring 
 	of network traffic directed to the local NT box and broadcasts on the 
 	local subnet.  Be aware that Ethereal can read and write netmon 
 	formatted files.
 	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	<emphasis>How do I install 'Network Monitor' on an NT Workstation 
+	or a Windows 9x box?</emphasis>
+	</para>
 
-<para>
-<emphasis>How do I install 'Network Monitor' on an NT Workstation 
-or a Windows 9x box?</emphasis>
-</para>
 	<para>
 	Installing netmon on an NT workstation requires a couple 
 	of steps.  The following are for installing Netmon V4.00.349, which comes 
@@ -696,12 +845,17 @@ or a Windows 9x box?</emphasis>
 	information on how to do this.  Copy the files from a working 
 	Netmon installation.
 	</para> 
+</listitem>
 
-<sect2>
-<title>URLs and similar</title>
 
 
-<itemizedlist>
+
+<listitem>
+	<para>
+	The following is a list if helpful URLs and other links:
+	</para>
+
+	<itemizedlist>
 
  	<listitem><para>Home of Samba site <ulink url="http://samba.org">
         http://samba.org</ulink>. We have a mirror near you !</para></listitem>
@@ -728,36 +882,35 @@ or a Windows 9x box?</emphasis>
         <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/">
         ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem>
 
+	</itemizedlist>
+</listitem>
 </itemizedlist>
 
-</sect2>
-
-
-<sect2>
-<title>Mailing Lists</title>
 
-<para>
-<emphasis>How do I get help from the mailing lists ?</emphasis>
-</para>
+<itemizedlist>
+<listitem>
+	<para>
+	<emphasis>How do I get help from the mailing lists ?</emphasis>
+	</para>
 
-<para>
-There are a number of Samba related mailing lists. Go to <ulink 
-url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror
-and then click on <command>Support</> and then click on <command>
-Samba related mailing lists</>.
-</para>
+	<para>
+	There are a number of Samba related mailing lists. Go to <ulink 
+	url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror
+	and then click on <command>Support</> and then click on <command>
+	Samba related mailing lists</>.
+	</para>
 
-<para>
-For questions relating to Samba TNG go to
-<ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> 
-It has been requested that you don't post questions about Samba-TNG to the
-main stream Samba lists.</para>
+	<para>
+	For questions relating to Samba TNG go to
+	<ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> 
+	It has been requested that you don't post questions about Samba-TNG to the
+	main stream Samba lists.</para>
 	 
-<para>
-If you post a message to one of the lists please observe the following guide lines :
-</para>
+	<para>
+	If you post a message to one of the lists please observe the following guide lines :
+	</para>
 
-<itemizedlist>
+	<itemizedlist>
 
 	<listitem><para> Always remember that the developers are volunteers, they are 
 		not paid and they never guarantee to produce a particular feature at 
@@ -782,7 +935,7 @@ If you post a message to one of the lists please observe the following guide lin
 		</para></listitem> 
 
 	<listitem><para> Don't cross post. Work out which is the best list to post to 
-		and see what happens, ie don't post to both samba-ntdom and samba-technical.
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
         Many people active on the lists subscribe to more 
 		than one list and get annoyed to see the same message two or more times. 
 		Often someone will see a message and thinking it would be better dealt 
@@ -801,29 +954,788 @@ If you post a message to one of the lists please observe the following guide lin
         mailing lists go to a huge number of people, do they all need a copy of your 
         smb.conf in their attach directory ?</para></listitem>
 
+	</itemizedlist>
+</listitem>
+
+
+<listitem>
+	<para>
+	<emphasis>How do I get off the mailing lists ?</emphasis>
+	</para>
+
+	<para>To have your name removed from a samba mailing list, go to the
+	same place you went to to get on it. Go to <ulink 
+	url="http://lists.samba.org/">http://lists.samba.org</ulink>, 
+	click on your nearest mirror and then click on <command>Support</> and 
+	then click on <command> Samba related mailing lists</>. Or perhaps see 
+	<ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink>
+	</para>
+
+	<para>
+	Please don't post messages to the list asking to be removed, you will just
+	be referred to the above address (unless that process failed in some way...)
+	</para>
+</listitem>
 </itemizedlist>
 
+</sect1>
+
+
+<!-- **********************************************************
+
+     Windows 9x domain control
 
+*************************************************************** -->
+<sect1>
+<title>Domain Control for Windows 9x/ME</title>
+
+<note>
 <para>
-<emphasis>How do I get off the mailing lists ?</emphasis>
+The following section contains much of the original 
+DOMAIN.txt file previously included with Samba.  Much of 
+the material is based on what went into the book Special 
+Edition, Using Samba. (Richard Sharpe)
 </para>
+</note>
+
+<para>
+A domain and a workgroup are exactly the same thing in terms of network
+browsing.  The difference is that a distributable authentication
+database is associated with a domain, for secure login access to a
+network.  Also, different access rights can be granted to users if they
+successfully authenticate against a domain logon server (NT server and 
+other systems based on NT server support this, as does at least Samba TNG now).
+</para>
+
+<para>
+The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+Network browsing functionality of domains and workgroups is
+identical and is explained in BROWSING.txt. It should be noted, that browsing
+is total orthogonal to logon support.
+</para>
+
+<para>
+Issues related to the single-logon network model are discussed in this
+document.  Samba supports domain logons, network logon scripts, and user
+profiles for MS Windows for workgroups and MS Windows 9X clients.
+</para>
+
+
+<para>
+When an SMB client in a domain wishes to logon it broadcast requests for a
+logon server.  The first one to reply gets the job, and validates its
+password using whatever mechanism the Samba administrator has installed.
+It is possible (but very stupid) to create a domain where the user
+database is not shared between servers, i.e. they are effectively workgroup
+servers advertising themselves as participating in a domain.  This
+demonstrates how authentication is quite different from but closely
+involved with domains.
+</para>
+
+<para>
+Another thing commonly associated with single-logon domains is remote
+administration over the SMB protocol.  Again, there is no reason why this
+cannot be implemented with an underlying username database which is
+different from the Windows NT SAM.  Support for the Remote Administration
+Protocol is planned for a future release of Samba.
+</para>
+
+<para>
+Network logon support as discussed in this section is aimed at Window for
+Workgroups, and Windows 9X clients. 
+</para>
+
+<para>
+Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51.
+It is possible to specify: the profile location; script file to be loaded
+on login; the user's home directory; and for NT a kick-off time could also
+now easily be supported. However, there are some differences between Win9X
+profile support and WinNT profile support. These are discussed below.
+</para>
+
+<para>
+With NT Workstations, all this does not require the use or intervention of
+an NT 4.0 or NT 3.51 server: Samba can now replace the logon services
+provided by an NT server, to a limited and experimental degree (for example,
+running "User Manager for Domains" will not provide you with access to
+a domain created by a Samba Server).
+</para>
+
+<para>
+With Win95, the help of an NT server can be enlisted, both for profile storage
+and for user authentication.  For details on user authentication, see
+security_level.txt.  For details on profile storage, see below.
+</para>
+
+<para>
+Using these features you can make your clients verify their logon via
+the Samba server; make clients run a batch file when they logon to
+the network and download their preferences, desktop and start menu.
+</para>
+
+<para>
+Before launching into the configuration instructions, it is worthwhile looking
+at how a Win9X client performs a logon:
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	The client broadcasts (to the IP broadcast address of the subnet it is in)
+	a NetLogon request. This is sent to the NetBIOS address DOMAIN<00> at the
+	NetBIOS layer.  The client chooses the first response it receives, which
+	contains the NetBIOS name of the logon server to use in the format of 
+	\\SERVER.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then connects to that server, logs on (does an SMBsessetupX) and
+	then connects to the IPC$ share (using an SMBtconX).
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then does a NetWkstaUserLogon request, which retrieves the name
+	of the user's logon script. 
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then connects to the NetLogon share and searches for this 	
+	and if it is found and can be read, is retrieved and executed by the client.
+	After this, the client disconnects from the NetLogon share.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then sends a NetUserGetInfo request to the server, to retrieve
+	the user's home share, which is used to search for profiles. Since the
+	response to the NetUserGetInfo request does not contain much more 	
+	the user's home share, profiles for Win9X clients MUST reside in the user
+	home directory.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then connects to the user's home share and searches for the 
+	user's profile. As it turns out, you can specify the user's home share as
+	a sharename and path. For example, \\server\fred\.profile.
+	If the profiles are found, they are implemented.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	The client then disconnects from the user's home share, and reconnects to
+	the NetLogon share and looks for CONFIG.POL, the policies file. If this is
+	found, it is read and implemented.
+	</para>
+</listitem>
+</orderedlist>
+
+
+<sect2>
+<title>Configuration Instructions:	Network Logons</title>
+
+<para>
+To use domain logons and profiles you need to do the following:
+</para>
+
+
+<orderedlist>
+<listitem>
+	<para>
+	Create a share called [netlogon] in your smb.conf. This share should
+	be readable by all users, and probably should not be writeable. This
+	share will hold your network logon scripts, and the CONFIG.POL file
+	(Note: for details on the CONFIG.POL file, how to use it, what it is,
+	refer to the Microsoft Windows NT Administration documentation.
+	The format of these files is not known, so you will need to use
+	Microsoft tools).
+	</para>
+
+	<para>
+	For example I have used:
+	</para>
+	
+	<para><programlisting>
+[netlogon]
+     path = /data/dos/netlogon
+     writeable = no
+     guest ok = no
+</programlisting></para>
+
+	<para>
+	Note that it is important that this share is not writeable by ordinary
+	users, in a secure environment: ordinary users should not be allowed
+	to modify or add files that another user's computer would then download
+	when they log in.
+	</para>
+</listitem>
+
+
+
+<listitem>
+	<para>
+	in the [global] section of smb.conf set the following:
+	</para>
+	
+	<para><programlisting>
+domain logons = yes
+logon script = %U.bat
+	</programlisting></para>
+
+	<para>
+	The choice of batch file is, of course, up to you. The above would
+	give each user a separate batch file as the %U will be changed to
+	their username automatically. The other standard % macros may also be
+	used. You can make the batch files come from a subdirectory by using
+	something like:
+	</para>
+
+	<para><programlisting>
+logon script = scripts\%U.bat
+	</programlisting></para>
+</listitem>
+
+<listitem>
+	<para>
+	create the batch files to be run when the user logs in. If the batch
+	file doesn't exist then no batch file will be run. 
+	</para>
+
+	<para>
+	In the batch files you need to be careful to use DOS style cr/lf line
+	endings. If you don't then DOS may get confused. I suggest you use a
+	DOS editor to remotely edit the files if you don't know how to produce
+	DOS style files under unix.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	Use smbclient with the -U option for some users to make sure that
+	the \\server\NETLOGON share is available, the batch files are
+	visible and they are readable by the users.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	you will probably find that your clients automatically mount the
+	\\SERVER\NETLOGON share as drive z: while logging in. You can put
+	some useful programs there to execute from the batch files.
+	</para>
+</listitem>
+</orderedlist>
+
+<warning>
+<title>security mode and master browsers</title>
+
+<para>
+There are a few comments to make in order to tie up some 
+loose ends.  There has been much debate over the issue of whether
+or not it is ok to configure Samba as a Domain Controller in security
+modes other than <constant>USER</constant>.  The only security mode 
+which  will not work due to technical reasons is <constant>SHARE</constant>
+mode security.  <constant>DOMAIN</constant> and <constant>SERVER</constant>
+mode security is really just a variation on SMB user level security.
+</para>
+
+<para>
+Actually, this issue is also closer tied to the debate on whether 
+or not Samba must be the domain master browser for its workgroup
+when operating as a DC.  While it may technically be possible
+to configure a server as such (after all, browsing and domain logons
+are two distinctly different functions), it is not a good idea to
+so.  You should remember that the DC must register the DOMAIN#1b NetBIOS 
+name.  This is the name used by Windows clients to locate the DC.
+Windows clients do not distinguish between the DC and the DMB.
+For this reason, it is very wise to configure the Samba DC as the DMB.
+</para>
+
+<para>
+Now back to the issue of configuring a Samba DC to use a mode other
+than "security = user".  If a Samba host is configured to use 
+another SMB server or DC in order to validate user connection 
+requests, then it is a fact that some other machine on the network 
+(the "password server") knows more about user than the Samba host.
+99% of the time, this other host is a domain controller.  Now 
+in order to operate in domain mode security, the "workgroup" parameter
+must be set to the name of the Windows NT domain (which already 
+has a domain controller, right?)
+</para>
+
+<para>
+Therefore configuring a Samba box as a DC for a domain that 
+already by definition has a PDC is asking for trouble.
+Therefore, you should always configure the Samba DC to be the DMB
+for its domain.
+</para>
+</warning>
+
+</sect2>
+
+
+<sect2>
+<title>Configuration Instructions:	Setting up Roaming User Profiles</title>
+
+<warning>
+<para>
+<emphasis>NOTE!</emphasis> Roaming profiles support is different 
+for Win9X and WinNT.
+</para>
+</warning>
+
+<para>
+Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.
+</para>
+
+<para>
+Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate 
+profiles location field, only the user's home share. This means that Win9X 
+profiles are restricted to being in the user's home directory.
+</para>
+
+
+<para>
+WinNT clients send a NetSAMLogon RPC request, which contains many fields, 
+including a separate field for the location of the user's profiles. 
+This means that support for profiles is different for Win9X and WinNT.
+</para>
+
+
+
+<sect3>
+<title>Windows NT Configuration</title>
+
+<para>
+To support WinNT clients, inn the [global] section of smb.conf set the
+following (for example):
+</para>
+
+<para><programlisting>
+logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath
+</programlisting></para>
+
+<para>
+The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile.  The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable. 
+</para>
+
+<note>
+<para>
+[lkcl 26aug96 - we have discovered a problem where Windows clients can
+maintain a connection to the [homes] share in between logins.  The
+[homes] share must NOT therefore be used in a profile path.]
+</para>
+</note>
+
+</sect3>
+
+
+<sect3>
+<title>Windows 9X Configuration</title>
+
+<para>
+To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use/home" now works as well, and it, too, relies
+on the "logon home" parameter.
+</para>
+
+<para>
+By using the logon home parameter, you are restricted to putting Win9X 
+profiles in the user's home directory.   But wait! There is a trick you 
+can use. If you set the following in the [global] section of your 
+smb.conf file:
+</para>
+
+<para><programlisting>
+logon home = \\%L\%U\.profiles
+</programlisting></para>
+
+<para>
+then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).
+</para>
+
+<para>
+Not only that, but 'net use/home' will also work, because of a feature in 
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".
+</para>
+
+
+</sect3>
+
+
+<sect3>
+<title>Win9X and WinNT Configuration</title>
+
+<para>
+You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:
+</para>
+
+<para><programlisting>
+logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U
+</programlisting></para>
+
+<note>
+<para>
+I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.
+</para>
+</note>
+</sect3>
 
-    <para>To have your name removed from a samba mailing list, go to the
-        same place you went to to get on it. Go to <ulink url=
-        "http://lists.samba.org/">http://lists.samba.org</ulink>, click 
-		on your nearest mirror and then click on <command>Support</> and 
-		then click on <command> Samba related mailing lists</>. Or perhaps see 
-        <ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink></para>
 
-    <para>
-	Please don't post messages to the list asking to be removed, you will just
-        be referred to the above address (unless that process failed in some way...)
-    </para>
-</sect2>      
-</sect1>
 
+<sect3>
+<title>Windows 9X Profile Setup</title>
+
+<para>
+When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each.  You will need to use the [global]
+options "preserve case = yes", "short case preserve = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.
+</para>
+
+
+<para>
+The user.DAT file contains all the user's preferences.  If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	On the Windows 95 machine, go to Control Panel | Passwords and
+	select the User Profiles tab.  Select the required level of
+	roaming preferences.  Press OK, but do _not_ allow the computer
+	to reboot.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	On the Windows 95 machine, go to Control Panel | Network |
+	Client for Microsoft Networks | Preferences.  Select 'Log on to
+	NT Domain'.  Then, ensure that the Primary Logon is 'Client for
+	Microsoft Networks'.  Press OK, and this time allow the computer
+	to reboot.
+	</para>
+</listitem>
+
+</orderedlist>
+
+<para>
+Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server.  If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.
+</para>
+
+<para>
+You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password].  Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.
+</para>
+
+<para>
+Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences?  Select 'yes'.
+</para>
+
+<para>
+Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.
+</para>
+
+<para>
+These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.
+</para>
+
+<para>
+If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile.  Basically, if
+you have any errors reported by the w95 machine, check the unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.
+</para>
+
+<para>
+If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below.  When this user then next logs in,
+they will be told that they are logging in "for the first time".
+</para>
+
+<orderedlist>
+<listitem>
+	<para>
+	instead of logging in under the [user, password, domain] dialog,
+	press escape.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	run the regedit.exe program, and look in:
+	</para>
+	
+	<para>
+	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+	</para>
+
+	<para>
+	you will find an entry, for each user, of ProfilePath.  Note the
+	contents of this key (likely to be c:\windows\profiles\username),
+	then delete the key ProfilePath for the required user.
+	</para>
+
+	<para>
+	[Exit the registry editor].
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	<emphasis>WARNING</emphasis> - before deleting the contents of the 
+	directory listed in
+   the ProfilePath (this is likely to be c:\windows\profiles\username),
+   ask them if they have any important files stored on their desktop
+   or in their start menu.  delete the contents of the directory
+   ProfilePath (making a backup if any of the files are needed).
+	</para>
+
+	<para>
+   This will have the effect of removing the local (read-only hidden
+   system file) user.DAT in their profile directory, as well as the
+   local "desktop", "nethood", "start menu" and "programs" folders.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	search for the user's .PWL password-caching file in the c:\windows
+	directory, and delete it.
+	</para>
+</listitem>
+
+
+<listitem>
+	<para>
+	log off the windows 95 client.
+	</para>
+</listitem>
+
+<listitem>
+	<para>
+	check the contents of the profile path (see "logon path" described
+	above), and delete the user.DAT or user.MAN file for the user,
+	making a backup if required.  
+	</para>
+</listitem>
+
+</orderedlist>
+
+<para>
+If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.
+</para>
+
+<para>
+If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server.  Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.
+</para>
+
+</sect3>
+
+
+<sect3>
+<title>Windows NT Workstation 4.0</title>
+
+<para>
+When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created.  The profile location can be now specified
+through the "logon path" parameter.  
+</para>
+
+<note>
+<para>
+[lkcl 10aug97 - i tried setting the path to
+\\samba-server\homes\profile, and discovered that this fails because
+a background process maintains the connection to the [homes] share
+which does _not_ close down in between user logins.  you have to
+have \\samba-server\%L\profile, where user is the username created
+from the [homes] share].
+</para>
+</note>
+
+<para>
+There is a parameter that is now available for use with NT Profiles:
+"logon drive".  This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.
+</para>
+
+<para>
+The entry for the NT 4.0 profile is a _directory_ not a file.  The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension.  The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension)
+[lkcl 10aug97 - i found that the creation of the .PDS directory failed,
+and had to create these manually for each user, with a shell script.
+also, i presume, but have not tested, that the full profile path must
+be browseable just as it is for w95, due to the manner in which they
+attempt to create the full profile path: test existence of each path
+component; create path component].
+</para>
+
+<para>
+In the profile directory, NT creates more folders than 95.  It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs".  The profile itself is stored in a file
+NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.
+</para>
+
+<para>
+You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you).  The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.
+</para>
+
+<note>
+<para>
+[lkcl 10aug97 - i notice that NT Workstation tells me that it is
+downloading a profile from a slow link.  whether this is actually the
+case, or whether there is some configuration issue, as yet unknown,
+that makes NT Workstation _think_ that the link is a slow one is a
+matter to be resolved].
+</para>
+
+<para>
+[lkcl 20aug97 - after samba digest correspondence, one user found, and
+another confirmed, that profiles cannot be loaded from a samba server
+unless "security = user" and "encrypt passwords = yes" (see the file
+ENCRYPTION.txt) or "security = server" and "password server = ip.address.
+of.yourNTserver" are used.  Either of these options will allow the NT
+workstation to access the samba server using LAN manager encrypted
+passwords, without the user intervention normally required by NT
+workstation for clear-text passwords].
+</para>
+
+<para>
+[lkcl 25aug97 - more comments received about NT profiles: the case of
+the profile _matters_.  the file _must_ be called NTuser.DAT or, for
+a mandatory profile, NTuser.MAN].
+</para>
+</note>
+
+</sect3>
 
 
+<sect3>
+<title>Windows NT Server</title>
+
+<para>
+There is nothing to stop you specifying any path that you like for the
+location of users' profiles.  Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.
+</para>
+
+</sect3>
+
+
+<sect3>
+<title>Sharing Profiles between W95 and NT Workstation 4.0</title>
+
+<warning>
+<title>Potentially outdated or incorrect material follows</title>
+<para>
+I think this is all bogus, but have not deleted it. (Richard Sharpe)
+</para>
+</warning>
+
+<para>
+The default logon path is \\%N\U%.  NT Workstation will attempt to create
+a directory "\\samba-server\username.PDS" if you specify the logon path
+as "\\samba-server\username" with the NT User Manager.  Therefore, you
+will need to specify (for example) "\\samba-server\username\profile".
+NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which
+is more likely to succeed.
+</para>
+
+<para>
+If you then want to share the same Start Menu / Desktop with W95, you will
+need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97
+this has its drawbacks: i created a shortcut to telnet.exe, which attempts
+to run from the c:\winnt\system32 directory.  this directory is obviously
+unlikely to exist on a Win95-only host].
+</para>
+
+<para>
+
+If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.
+</para>
+
+<note>
+<para>
+[lkcl 25aug97 - there are some issues to resolve with downloading of
+NT profiles, probably to do with time/date stamps.  i have found that
+NTuser.DAT is never updated on the workstation after the first time that
+it is copied to the local workstation profile directory.  this is in
+contrast to w95, where it _does_ transfer / update profiles correctly].
+</para>
+</note>
+
+</sect3>
+
+</sect2>
+</sect1>
+
 
 <!-- **********************************************************
 
@@ -836,10 +1748,14 @@ If you post a message to one of the lists please observe the following guide lin
 DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
 </title>
 
-<para>
-This appendix was originally authored by John H Terpstra of the Samba Team
-and is included here for posterity.
-</para>
+<warning>
+	<title>Possibly Outdated Material</title>
+
+	<para>
+	This appendix was originally authored by John H Terpstra of 
+	the Samba Team and is included here for posterity.
+	</para>
+</warning>
 
 
 <para>
@@ -858,13 +1774,8 @@ Windows NT SAM.
 Windows NT Server can be installed as either a plain file and print server
 (WORKGROUP workstation or server) or as a server that participates in Domain
 Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
-</para>
-
-<para>
 The same is true for OS/2 Warp Server, Digital Pathworks and other similar
 products, all of which can participate in Domain Control along with Windows NT.
-However only those servers which have licensed Windows NT code in them can be
-a primary Domain Controller (eg Windows NT Server, Advanced Server for Unix.)
 </para>
 
 <para>
@@ -933,7 +1844,7 @@ plain Servers.
 <para>
 The User database is called the SAM (Security Access Manager) database and
 is used for all user authentication as well as for authentication of inter-
-process authentication (ie: to ensure that the service action a user has
+process authentication (i.e. to ensure that the service action a user has
 requested is permitted within the limits of that user's privileges).
 </para>
 
@@ -948,7 +1859,7 @@ to Samba systems.
 <para>
 Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
 can participate in a Domain security system that is controlled by Windows NT
-servers that have been correctly configured. At most every domain will have
+servers that have been correctly configured. Almost every domain will have
 ONE Primary Domain Controller (PDC). It is desirable that each domain will
 have at least one Backup Domain Controller (BDC).
 </para>
diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml
index 41eb7a478cc..a92f2f59784 100644
--- a/docs/docbook/projdoc/UNIX_INSTALL.sgml
+++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="install">
 
 <title>How to Install and Test SAMBA</title>
 
@@ -30,7 +30,7 @@
 	</userinput></para>
 	
 	<para>first to see what special options you can enable.
-	Then exectuting</para>
+	Then executing</para>
 	
 	<para><prompt>root# </prompt><userinput>make</userinput></para>
 	
@@ -96,7 +96,7 @@
 	<para>which would allow connections by anyone with an 
 	account on the server, using either their login name or 
 	"homes" as the service name. (Note that I also set the 
-	workgroup that Samba is part of. See BROWSING.txt for defails)</para>
+	workgroup that Samba is part of. See BROWSING.txt for details)</para>
 	
 	<para>Note that <command>make install</command> will not install 
 	a <filename>smb.conf</filename> file. You need to create it 
@@ -120,7 +120,7 @@
 	not it will give an error message.</para>
 
 	<para>Make sure it runs OK and that the services look 
-	resonable before proceeding. </para>
+	reasonable before proceeding. </para>
 
 </sect1>
 
@@ -174,14 +174,14 @@
 		<para>NOTE: Some unixes already have entries like netbios_ns 
 		(note the underscore) in <filename>/etc/services</filename>. 
 		You must either edit <filename>/etc/services</filename> or
-		<filename>/etc/inetd.conf</filename> to make them consistant.</para>
+		<filename>/etc/inetd.conf</filename> to make them consistent.</para>
 
 		<para>NOTE: On many systems you may need to use the 
 		"interfaces" option in smb.conf to specify the IP address 
 		and netmask of your interfaces. Run <command>ifconfig</command> 
 		as root if you don't know what the broadcast is for your
 		net. <command>nmbd</command> tries to determine it at run 
-		time, but fails on somunixes. See the section on "testing nmbd" 
+		time, but fails on some unixes. See the section on "testing nmbd" 
 		for a method of finding if you need to do this.</para>
 
 		<para>!!!WARNING!!! Many unixes only accept around 5 
@@ -305,7 +305,7 @@
 	<sect2>
 		<title>Diagnosing Problems</title>
 
-		<para>If you have instalation problems then go to 
+		<para>If you have installation problems then go to 
 		<filename>DIAGNOSIS.txt</filename> to try to find the 
 		problem.</para>
 	</sect2>
@@ -414,7 +414,7 @@
 		are set by an application when it opens a file to determine 
 		what types of access should be allowed simultaneously with 
 		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
-		or DENY_ALL. There are also special compatability modes called 
+		or DENY_ALL. There are also special compatibility modes called 
 		DENY_FCB and  DENY_DOS.</para>
 
 		<para>You can disable share modes using "share modes = no". 
@@ -437,7 +437,7 @@
 
 		<para>If you have problems using filenames with accented 
 		characters in them (like the German, French or Scandinavian 
-		character sets) then I recommmend you look at the "valid chars" 
+		character sets) then I recommend you look at the "valid chars" 
 		option in smb.conf and also take a look at the validchars 
 		package in the examples directory.</para>
 	</sect2>
diff --git a/docs/docbook/projdoc/msdfs_setup.sgml b/docs/docbook/projdoc/msdfs_setup.sgml
index 5853049d79c..35c9d40840a 100644
--- a/docs/docbook/projdoc/msdfs_setup.sgml
+++ b/docs/docbook/projdoc/msdfs_setup.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="msdfs">
 
 <chapterinfo>
 	<author>
diff --git a/docs/docbook/projdoc/printer_driver2.sgml b/docs/docbook/projdoc/printer_driver2.sgml
index 7cdbcd8d4ee..3aa9b92b5a2 100644
--- a/docs/docbook/projdoc/printer_driver2.sgml
+++ b/docs/docbook/projdoc/printer_driver2.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="printing">
 
 
 <chapterinfo>
@@ -13,244 +13,408 @@
 	</author>
 	
 		
-	<pubdate>5 Mar 2001</pubdate>
+	<pubdate> (3 May 2001) </pubdate>
 </chapterinfo>
 
 <title>Printing Support in Samba 2.2.x</title>
 
 <sect1>
-	<title>Introduction</title>
+<title>Introduction</title>
 	
-	<para>Beginning with the 2.2.0 release, Samba supports 
-	the native Windows NT printing mechanisms implemented via 
-	MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
-	Samba only supported LanMan printing calls.</para>
+<para>Beginning with the 2.2.0 release, Samba supports 
+the native Windows NT printing mechanisms implemented via 
+MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
+Samba only supported LanMan printing calls.</para>
 
-	<para>The additional functionality provided by the new 
-	SPOOLSS support includes:</para>
+<para>The additional functionality provided by the new 
+SPOOLSS support includes:</para>
 	
-	<itemizedlist>
-		<listitem><para>Support for downloading printer driver 
-		files to Windows 95/98/NT/2000 clients upon demand.
-		</para></listitem>
-		
-		<listitem><para>Uploading of printer drivers via the 
-		Windows NT Add Printer Wizard (APW) or the <ulink
-		url="http://imprints.sourceforge.net">Imprints tool set
-		</ulink></para></listitem>
-		
-		<listitem><para>Support for the native MS-RPC printing 
-		calls such as StartDocPrinter, EnumJobs(), etc...  (See 
-		the <ulink url="http://msdn.microsoft.com/">MSDN documentation
-		</ulink> for more information on the Win32 printing API)
-		</para></listitem>
+<itemizedlist>
+	<listitem><para>Support for downloading printer driver 
+	files to Windows 95/98/NT/2000 clients upon demand.
+	</para></listitem>
+	
+	<listitem><para>Uploading of printer drivers via the 
+	Windows NT Add Printer Wizard (APW) or the 
+	Imprints tool set (refer to <ulink 
+	url="http://imprints.sourceforge.net">http://imprints.sourceforge.net</ulink>). 
+	</para></listitem>
 		
-		<listitem><para>Support for NT Access Control Lists (ACL) 
-		on printer objects</para></listitem>
+	<listitem><para>Support for the native MS-RPC printing 
+	calls such as StartDocPrinter, EnumJobs(), etc...  (See 
+	the MSDN documentation at <ulink 
+	url="http://msdn.microsoft.com/">http://msdn.microsoft.com/</ulink> 
+	for more information on the Win32 printing API)
+	</para></listitem>
 		
-		<listitem><para>Improved support for printer queue manipulation 
-		through the use of an internal databases for spooled job 
-		information</para></listitem>
-	</itemizedlist>
+	<listitem><para>Support for NT Access Control Lists (ACL) 
+	on printer objects</para></listitem>
+	
+	<listitem><para>Improved support for printer queue manipulation 
+	through the use of an internal databases for spooled job 
+	information</para></listitem>
+</itemizedlist>
+
+<para>
+There has been some initial confusion about what all this means
+and whether or not it is a requirement for printer drivers to be 
+installed on a Samba host in order to support printing from Windows 
+clients.  A bug existed in Samba 2.2.0 which made Windows NT/2000 clients 
+require that the Samba server possess a valid driver for the printer.  
+This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
+can use the local APW for installing drivers to be used with a Samba 
+served printer.  This is the same behavior exhibited by Windows 9x clients.
+As a side note, Samba does not use these drivers in any way to process 
+spooled files.  They are utilized entirely by the clients.
+</para>
+
+<para>
+The following MS KB article, may be of some help if you are dealing with
+Windows 2000 clients:  <emphasis>How to Add Printers with No User 
+Interaction in Windows 2000</emphasis>
+</para>
+
+<para>
+<ulink url="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP">http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</ulink>
+</para>
 
 </sect1>
 
 
 <sect1>
-	<title>Configuration</title>
-
-	<para>In order to support the uploading of printer driver 
-	files, you must first configure a file share named [print$].  
-	The name of this share is hard coded in Samba's internals so 
-	the name is very important (print$ is the service used by 
-	Windows NT print servers to provide support for printer driver 
-	download).</para>
-
-	<warning>
-		<para>Previous versions of Samba recommended using 
-		a share named [printer$].  This name was taken from the 
-		printer$ service created by Windows 9x clients when a 
-		printer was shared.  Windows 9x printer servers always have 
-		a printer$ service which provides read-only access via no 
-		password in order to support printer driver downloads.</para>
+<title>Configuration</title>
+
+<warning>
+<title>[print$] vs. [printer$]</title>
+
+<para>
+Previous versions of Samba recommended using a share named [printer$].  
+This name was taken from the printer$ service created by Windows 9x 
+clients when a printer was shared.  Windows 9x printer servers always have 
+a printer$ service which provides read-only access via no 
+password in order to support printer driver downloads.
+</para>
 	
-		<para>However, the initial implementation allowed for a 
-		parameter named <parameter>printer driver location</parameter> 
-		to be used on a per share basis to specify the location of 
-		the driver files associated with that printer.  Another 
-		parameter named <parameter>printer driver</parameter> provided 
-		a means of defining the printer driver name to be sent to 
-		the client.</para>
-  
-		<para>These parameters, including <parameter>printer driver 
-		file</parameter> parameter, are being depreciated and should not 
-		be used in new installations.  For more information on this change, 
-		you should refer to the <link linkend="MIGRATION">Migration section 
-		</link>of this document.</para>
-	</warning>
-	
-	<para>You should modify the server's smb.conf file to create the 
-	following file share (of course, some of the parameter values,
-	such as 'path' are arbitrary and should be replaced with
-	appropriate values for your site):</para>
+<para>
+However, the initial implementation allowed for a 
+parameter named <parameter>printer driver location</parameter> 
+to be used on a per share basis to specify the location of 
+the driver files associated with that printer.  Another 
+parameter named <parameter>printer driver</parameter> provided 
+a means of defining the printer driver name to be sent to 
+the client.
+</para>
+ 
+<para>
+These parameters, including <parameter>printer driver
+file</parameter> parameter, are being depreciated and should not 
+be used in new installations.  For more information on this change, 
+you should refer to the <link linkend="MIGRATION">Migration section</link>
+of this document.
+</para>
+</warning>
+
+<sect2>
+<title>Creating [print$]</title>	
+
+<para>
+In order to support the uploading of printer driver 
+files, you must first configure a file share named [print$].  
+The name of this share is hard coded in Samba's internals so 
+the name is very important (print$ is the service used by 
+Windows NT print servers to provide support for printer driver 
+download).
+</para>
+
+<para>You should modify the server's smb.conf file to add the global
+parameters and to create the 
+following file share (of course, some of the parameter values,
+such as 'path' are arbitrary and should be replaced with
+appropriate values for your site):</para>
+
+<para><programlisting>
+[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
 
-	<para><programlisting>
 [print$]
-	path = /usr/local/samba/printers
-	guest ok = yes
-	browseable = yes
-	read only = yes
-	write list = ntadmin
-	</programlisting></para>
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root
+</programlisting></para>
 	
-	<para>The <ulink url="smb.conf.5.html#WRITELIST"><parameter>
-	write list</parameter></ulink> is used to allow administrative 
-	level user accounts to have write access in order to update files 
-	on the share.  See the <ulink url="smb./conf.5.html">
-	smb.conf(5) man page</ulink> for more information on 
-	configuring file shares.</para>
+<para>The <ulink url="smb.conf.5.html#WRITELIST"><parameter>
+write list</parameter></ulink> is used to allow administrative 
+level user accounts to have write access in order to update files 
+on the share.  See the <ulink url="smb./conf.5.html">smb.conf(5) 
+man page</ulink> for more information on configuring file shares.</para>
 	
-	<para>The requirement for <ulink url="smb.conf.5.html#GUESTOK"><command>
-	guest ok = yes</command></ulink> depends upon how your
-	site is configured.  If users will be guaranteed to have 
-	an account on the Samba host, then this is a non-issue.</para>
+<para>The requirement for <ulink url="smb.conf.5.html#GUESTOK"><command>guest 
+ok = yes</command></ulink> depends upon how your
+site is configured.  If users will be guaranteed to have 
+an account on the Samba host, then this is a non-issue.</para>
+
+<note>	
+<title>Author's Note</title>
+
+<para>
+The non-issue is that if all your Windows NT users are guaranteed to be 
+authenticated by the Samba server (such as a domain member server and the NT 
+user has already been validated by the Domain Controller in 
+order to logon to the Windows NT console), then guest access 
+is not necessary.  Of course, in a workgroup environment where 
+you just want to be able to print without worrying about 
+silly accounts and security, then configure the share for 
+guest access.  You'll probably want to add <ulink 
+url="smb.conf.5.html#MAPTOGUEST"><command>map to guest = Bad User
+</command></ulink> in the [global] section as well.  Make sure 
+you understand what this parameter does before using it 
+though. --jerry
+</para>
+</note>
+
+<para>In order for a Windows NT print server to support 
+the downloading of driver files by multiple client architectures,
+it must create subdirectories within the [print$] service
+which correspond to each of the supported client architectures.
+Samba follows this model as well.</para>
+
+<para>Next create the directory tree below the [print$] share 
+for each architecture you wish to support.</para>
+
+<para><programlisting>
+[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"
+</programlisting></para>
+
+<warning>
+<title>ATTENTION!  REQUIRED PERMISSIONS</title>
 	
-	<para><emphasis>author's note: </emphasis>The non-issue is that 
-	if all your Windows NT users are guarenteed to be authenticated 
-	by the Samba server (such as a domain member server and the NT 
-	user has already been validated by the Domain Controller in 
-	order to logon to the Windows NT console), then guest access 
-	is not necessary.  Of course, in a workgroup environment where 
-	you just want to be able to print without worrying about 
-	silly accounts and security, then configure the share for 
-	guest access.  You'll probably want to add <ulink 
-	url="smb.conf.5.html#MAPTOGUEST"><command>map to guest = Bad User
-	</command></ulink> in the [global] section as well.  Make sure 
-	you understand what this parameter does before using it 
-	though. --jerry]</para>
-
-	<para>In order for a Windows NT print server to support 
-	the downloading of driver files by multiple client architectures,
-	it must create subdirectories within the [print$] service
-	which correspond to each of the supported client architectures.
-	Samba follows this model as well.</para>
-
-	<para>Next create the directory tree below the [print$] share 
-	for each architecture you wish to support.</para>
-
-	<para><programlisting>
-	[print$]-----
-		|-W32X86		; "Windows NT x86"
-		|-WIN40			; "Windows 95/98"
-		|-W32ALPHA		; "Windows NT Alpha_AXP"
-		|-W32MIPS		; "Windows NT R4000"
-		|-W32PPC		; "Windows NT PowerPC"
-	</programlisting></para>
-
-	<warning>
-		<para><emphasis>ATTENTION!  REQUIRED PERMISSIONS</emphasis></para>
-
-		<para>In order to currently add a new driver to you Samba host, 
-		one of two conditions must hold true:</para>
+<para>
+In order to currently add a new driver to you Samba host, 
+one of two conditions must hold true:
+</para>
 		
-		<itemizedlist>
-			<listitem><para>The account used to connect to the Samba host 
-			must have a uid of 0 (i.e. a root account)</para></listitem>
-			
-			<listitem><para>The account used to connect to the Samba host
-			must be a member of the <ulink url="smb.conf.5.html"><parameter>
-			printer admin</parameter></ulink> list.</para></listitem>
-		</itemizedlist>
-
-		<para>Of course, the connected account must still possess access
-		to add files to the subdirectories beneath [print$].</para>
-	</warning>
-
-
-	<para>Once you have created the required [print$] service and 
-	associated subdirectories, simply log onto the Samba server using 
-	a root (or <parameter>printer admin</parameter>) account
-	from a Windows NT 4.0 client.  Navigate to the "Printers" folder
-	on the Samba server.  You should see an initial listing of printers
-	that matches the printer shares defined on your Samba host.</para>
-
-	<para>The initial listing of printers in the Samba host's 
-	Printers folder will have no printer driver assigned to them.  
-	The way assign a driver to a printer is to view the Properties 
-	of the printer and either</para>
-	
-	<itemizedlist>
-		<listitem><para>Use the "New Driver..." button to install 
-		a new printer driver, or</para></listitem>
+<itemizedlist>
+	<listitem><para>The account used to connect to the Samba host 
+	must have a uid of 0 (i.e. a root account)</para></listitem>
 		
-		<listitem><para>Select a driver from the popup list of 
-		installed drivers.  Initially this list will be empty.</para>
-		</listitem>
-	</itemizedlist>
+	<listitem><para>The account used to connect to the Samba host
+	must be a member of the <ulink 
+	url="smb.conf.5.html#PRINTERADMIN"><parameter>printer 
+	admin</parameter></ulink> list.</para></listitem>
+</itemizedlist>
+
+<para>
+Of course, the connected account must still possess access
+to add files to the subdirectories beneath [print$]. Remember
+that all file shares are set to 'read only' by default.
+</para>
+</warning>
+
+
+<para>
+Once you have created the required [print$] service and 
+associated subdirectories, simply log onto the Samba server using 
+a root (or <parameter>printer admin</parameter>) account
+from a Windows NT 4.0 client.  Navigate to the "Printers" folder
+on the Samba server.  You should see an initial listing of printers
+that matches the printer shares defined on your Samba host.
+</para>
+</sect2>
+
+<sect2>
+<title>Setting Drivers for Existing Printers</title>
+
+<para>The initial listing of printers in the Samba host's 
+Printers folder will have no real printer driver assigned 
+to them.  By default, in Samba 2.2.0 this driver name was set to 
+<emphasis>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</emphasis>.
+Later versions changed this to a NULL string to allow the use
+tof the local Add Printer Wizard on NT/2000 clients.
+Attempting to view the printer properties for a printer
+which has this default driver assigned will result in 
+the error message:</para>
+
+<para>
+<emphasis>Device settings cannot be displayed.  The driver 
+for the specified printer is not installed, only spooler 
+properties will be displayed.  Do you want to install the 
+driver now?</emphasis>
+</para>
+
+<para>
+Click "No" in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a 
+printer is to either
+</para>
 	
-	<para>If you wish to install printer drivers for client 
-	operating systems other than "Windows NT x86", you will need 
-	to use the "Sharing" tab of the printer properties dialog.</para>
-
-	<para>Assuming you have connected with a root account, you 
-	will also be able modify other printer properties such as 
-	ACLs and device settings using this dialog box.</para>
+<itemizedlist>
+	<listitem><para>Use the "New Driver..." button to install 
+	a new printer driver, or</para></listitem>
 	
-	<para>A few closing comments for this section, it is possible 
-	on a Windows NT print server to have printers
-	listed in the Printers folder which are not shared.  Samba does
-	not make this distinction.  By definition, the only printers of
-	which Samba is aware are those which are specified as shares in
-	<filename>smb.conf</filename>.</para>
-  
-	<para>Another interesting side note is that Windows NT clients do
-	not use the SMB printer share, but rather can print directly 
-	to any printer on another Windows NT host using MS-RPC.  This
-	of course assumes that the printing client has the necessary
-	privileges on the remote host serving the printer.  The default
-	permissions assigned by Windows NT to a printer gives the "Print"
-	permissions to the "Everyone" well-known group.</para>
+	<listitem><para>Select a driver from the popup list of 
+	installed drivers.  Initially this list will be empty.</para>
+	</listitem>
+</itemizedlist>
 	
-	<sect2>
-		<title>Support a large number of printers</title>
+<para>If you wish to install printer drivers for client 
+operating systems other than "Windows NT x86", you will need 
+to use the "Sharing" tab of the printer properties dialog.</para>
+
+<para>Assuming you have connected with a root account, you 
+will also be able modify other printer properties such as 
+ACLs and device settings using this dialog box.</para>
+
+<para>A few closing comments for this section, it is possible 
+on a Windows NT print server to have printers
+listed in the Printers folder which are not shared.  Samba does
+not make this distinction.  By definition, the only printers of
+which Samba is aware are those which are specified as shares in
+<filename>smb.conf</filename>.</para>
+  
+<para>Another interesting side note is that Windows NT clients do
+not use the SMB printer share, but rather can print directly 
+to any printer on another Windows NT host using MS-RPC.  This
+of course assumes that the printing client has the necessary
+privileges on the remote host serving the printer.  The default
+permissions assigned by Windows NT to a printer gives the "Print"
+permissions to the "Everyone" well-known group.
+</para>
+
+</sect2>	
+
+
+<sect2>
+<title>Support a large number of printers</title>
 		
-		<para>One issue that has arisen during the development
-		phase of Samba 2.2 is the need to support driver downloads for
-		100's of printers.  Using the Windows NT APW is somewhat 
-		awkward to say the list.  If more than one printer are using the 
-		same driver, the <ulink url="rpcclient.1.html"><command>rpcclient's
-		setdriver command</command></ulink> can be used to set the driver
-		associated with an installed driver.  The following is example
-		of how this could be accomplished:</para>
+<para>One issue that has arisen during the development
+phase of Samba 2.2 is the need to support driver downloads for
+100's of printers.  Using the Windows NT APW is somewhat 
+awkward to say the list.  If more than one printer are using the 
+same driver, the <ulink url="rpcclient.1.html"><command>rpcclient's
+setdriver command</command></ulink> can be used to set the driver
+associated with an installed driver.  The following is example
+of how this could be accomplished:</para>
 		
-		<para><programlisting> 
-		<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumdrivers"
+<para><programlisting> 
+<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumdrivers"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
  
 [Windows NT x86]
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 4000 Series PS]
+     Driver Name: [HP LaserJet 4000 Series PS]
  
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 2100 Series PS]
+     Driver Name: [HP LaserJet 2100 Series PS]
  
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 4Si/4SiMX PS]
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
 				  
-		<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumprinters"
+<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumprinters"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-	flags:[0x800000]
-	name:[\\POGO\hp-print]
-	description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
-	comment:[]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
 				  
-		<prompt>$ </prompt>rpcclient pogo -U root%bleaK.er \
-		<prompt>&gt; </prompt> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+<prompt>$ </prompt>rpcclient pogo -U root%secret \
+<prompt>&gt; </prompt> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-Succesfully set hp-print to driver HP LaserJet 4000 Series PS.
-		</programlisting></para>
-	</sect2>
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.
+</programlisting></para>
+</sect2>
+
+
+
+<sect2>
+<title>Adding New Printers via the Windows NT APW</title>
 	
+<para>
+By default, Samba offers all printer shares defined in <filename>smb.conf</filename>
+in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+Add Printer Wizard icon.  The APW will be show only if
+</para>
+
+<itemizedlist>
+	<listitem><para>The connected user is able to successfully
+	execute an OpenPrinterEx(\\server) with administrative
+	privileges (i.e. root or <parameter>printer admin</parameter>).
+	</para></listitem>
+	
+	<listitem><para><ulink url="smb.conf.5.html#SHOWADDPRINTERWIZARD"><parameter>show 
+	add printer wizard = yes</parameter></ulink> (the default).
+	</para></listitem>
+</itemizedlist>
+
+<para>
+In order to be able to use the APW to successfully add a printer to a Samba 
+server, the <ulink url="smb.conf.5.html#ADDPRINTERCOMMAND"><parameter>add 
+printer command</parameter></ulink> must have a defined value.  The program
+hook must successfully add the printer to the system (i.e. 
+<filename>/etc/printcap</filename> or appropriate files) and 
+<filename>smb.conf</filename> if necessary.
+</para>
+
+<para>
+When using the APW from a client, if the named printer share does 
+not exist, <command>smbd</command> will execute the <parameter>add printer 
+command</parameter> and reparse to the <filename>smb.conf</filename>
+to attempt to locate the new printer share.  If the share is still not defined,
+an error of "Access Denied" is returned to the client.  Note that the 
+<parameter>add printer program</parameter> is executed under the context
+of the connected user, not necessarily a root account.
+</para>
+
+<para>
+There is a complementing <ulink url="smb.conf.5.html#DELETEPRINTERCOMMAND"><parameter>delete
+printer command</parameter></ulink> for removing entries from the "Printers..."
+folder.
+</para>
+
+</sect2>
+
+
+<sect2>
+<title>Samba and Printer Ports</title>
+
+<para>
+Windows NT/2000 print servers associate a port with each printer.  These normally
+take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
+concept of ports associated with a printer.  By default, only one printer port,
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
+order to print, rather it is a requirement of Windows clients.  
+</para>
+
+<para>
+Note that Samba does not support the concept of "Printer Pooling" internally 
+either.  This is when a logical printer is assigned to multiple ports as 
+a form of load balancing or fail over.
+</para>
+
+<para>
+If you require that multiple ports be defined for some reason,
+<filename>smb.conf</filename> possesses a <ulink 
+url="smb.conf.5.html#ENUMPORTSCOMMAND"><parameter>enumports 
+command</parameter></ulink> which can be used to define an external program 
+that generates a listing of ports on a system.
+</para>
+
+</sect2>
+
 </sect1>
 
 
@@ -339,24 +503,24 @@ Succesfully set hp-print to driver HP LaserJet 4000 Series PS.
 		perl code is wrapped around <command>smbclient</command> 
 		and <command>rpcclient</command>.</para>
 
-		<para><programlisting>	
-		foreach (supported architecture for a given driver)
-		{
-			1.	rpcclient: Get the appropriate upload directory 
-				on the remote server
-			2.	smbclient: Upload the driver files
-			3.	rpcclient: Issues an AddPrinterDriver() MS-RPC
-		}
+<para><programlisting>	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
 	
-		4.	rpcclient: Issue an AddPrinterEx() MS-RPC to actually
-			create the printer
-		</programlisting></para>
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer
+</programlisting></para>
 		
 		<para>One of the problems encountered when implementing 
 		the Imprints tool set was the name space issues between 
 		various supported client architectures.  For example, Windows 
 		NT includes a driver named "Apple LaserWriter II NTX v51.8" 
-		and Windows 95 callsits version of this driver "Apple 
+		and Windows 95 calls its version of this driver "Apple 
 		LaserWriter II NTX"</para>
 		
 		<para>The problem is how to know what client drivers have 
@@ -369,7 +533,7 @@ Succesfully set hp-print to driver HP LaserJet 4000 Series PS.
 		</filename></para>
 		
 		<para>will reveal that Windows NT always uses the NT driver 
-		name.  The is ok as Windows NT always requires that at least 
+		name.  This is ok as Windows NT always requires that at least 
 		the Windows NT version of the printer driver is present.  
 		However, Samba does not have the requirement internally.  
 		Therefore, how can you use the NT driver name if is has not 
@@ -385,64 +549,167 @@ Succesfully set hp-print to driver HP LaserJet 4000 Series PS.
 
 
 <sect1>
-	<title><anchor id="MIGRATION">Migration to from Samba 2.0.x to 
-	2.2.x</title>
+<title><anchor id="MIGRATION">Migration to from Samba 2.0.x to 2.2.x</title>
+
+<para>
+Given that printer driver management has changed (we hope improved) in 
+2.2 over prior releases, migration from an existing setup to 2.2 can 
+follow several paths.
+</para>
+
+<para>
+Windows clients have a tendency to remember things for quite a while.
+For example, if a Windows NT client has attached to a Samba 2.0 server,
+it will remember the server as a LanMan printer server.  Upgrading 
+the Samba host to 2.2 makes support for MSRPC printing possible, but 
+the NT client will still remember the previous setting.
+</para>
+
+<para>
+In order to give an NT client printing "amnesia" (only necessary if you 
+want to use the newer MSRPC printing functionality in Samba), delete 
+the registry keys associated with the print server contained in 
+<constant>[HKLM\SYSTEM\CurrentControlSet\Control\Print]</constant>.  The 
+spooler service on the client should be stopped prior to doing this:
+</para>
+
+<para>
+<prompt>C:\WINNT\ ></prompt> <userinput>net stop spooler</userinput>
+</para>
+
+<para>
+<emphasis>All the normal disclaimers about editing the registry go 
+here.</emphasis>  Be careful, and know what you are doing.
+</para>
+
+<para>
+The spooler service should be restarted after you have finished 
+removing the appropriate registry entries by replacing the 
+<command>stop</command> command above with <command>start</command>.
+</para>
+
+<para>
+Windows 9x clients will continue to use LanMan printing calls
+with a 2.2 Samba server so there is no need to perform any of these
+modifications on non-NT clients.
+</para>
 	
-	<para>Given that printer driver management has changed
-	(we hope improved :) ) in 2.2.0 over prior releases,
-	migration from an existing setup to 2.2.0 can follow
-	several paths.</para>
-	
-	<warning>
-		<para>The following smb.conf parameters are considered to be
-		depreciated and will be removed soon.  Do not use them
-		in new installations</para>
+<warning>
+<title>Achtung!</title>
+
+<para>
+The following smb.conf parameters are considered to be depreciated and will 
+be removed soon.  Do not use them in new installations
+</para>
 		
-		<itemizedlist>
-			<listitem><para><parameter>printer driver file (G)</parameter>
-			</para></listitem>
+<itemizedlist>
+	<listitem><para><parameter>printer driver file (G)</parameter>
+	</para></listitem>
 			
-			<listitem><para><parameter>printer driver (S)</parameter>
-			</para></listitem>
+	<listitem><para><parameter>printer driver (S)</parameter>
+	</para></listitem>
 			
-			<listitem><para><parameter>printer driver location (S)</parameter>
-			</para></listitem>
-		</itemizedlist>
-	</warning>
+	<listitem><para><parameter>printer driver location (S)</parameter>
+	</para></listitem>
+</itemizedlist>
+</warning>
 
 
-	<para>Here are the possible scenarios for supporting migration:</para>
+<para>
+Here are the possible scenarios for supporting migration:
+</para>
 	
-	<itemizedlist>
-		<listitem><para>If you do not desire the new Windows NT 
-		print driver support, nothing needs to be done.  
-		All existing parameters work the same.</para></listitem>
-
-		<listitem><para>If you want to take advantage of NT printer 
-		driver support but do not want to migrate the 
-		9x drivers to the new setup, the leave the existing 
-		printers.def file.  When smbd attempts to locate a 
-		9x driver for the printer in the TDB and fails it 
-		will drop down to using the printers.def (and all 
-		associated parameters).  The <command>make_printerdef</command> 
-		tool will also remain for backwards compatibility but will 
-		be moved to the "this tool is the old way of doing it" 
-		pile.</para></listitem>
-
-		<listitem><para>If you install a Windows 9x driver for a printer 
-		on your Samba host (in the printing TDB), this information will 
-		take precedence and the three old printing parameters
-		will be ignored (including print driver location).</para></listitem>
-
-		<listitem><para>If you want to migrate an existing <filename>
-		printers.def</filename> file into the new setup, the current only 
-		solution is to use the Windows NT APW to install the NT drivers 
-		and the 9x  drivers.  This can be scripted using smbclient and 
-		rpcclient.  See the <ulink url="http://imprints.sourceforge.net/">
-		Imprints insrallation client</ulink> for an example.
-		</para></listitem>
-	</itemizedlist>
+<itemizedlist>
+	<listitem><para>If you do not desire the new Windows NT 
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.</para></listitem>
+
+	<listitem><para>If you want to take advantage of NT printer 
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	printers.def file.  When smbd attempts to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The <command>make_printerdef</command> 
+	tool will also remain for backwards compatibility but will 
+	be moved to the "this tool is the old way of doing it" 
+	pile.</para></listitem>
+
+	<listitem><para>If you install a Windows 9x driver for a printer 
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).</para></listitem>
+
+	<listitem><para>If you want to migrate an existing <filename>printers.def</filename> 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using <command>smbclient</command> and <command>rpcclient</command>.  See the 
+	Imprints installation client at <ulink 
+	url="http://imprints.sourceforge.net/">http://imprints.sourceforge.net/</ulink> 
+	for an example.
+	</para></listitem>
+</itemizedlist>
 
 </sect1>
 
+
+<!--
+
+  This comment from rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex()
+  needs to be added into a section probably.  This is to remind me it needs 
+  to be done.  -jerry
+
+                /*
+                 * If the openprinterex rpc call contains a devmode,
+                 * it's a per-user one. This per-user devmode is derivated
+                 * from the global devmode. Openprinterex() contains a per-user
+                 * devmode for when you do EMF printing and spooling.
+                 * In the EMF case, the NT workstation is only doing half the job
+                 * of rendering the page. The other half is done by running the printer
+                 * driver on the server.
+                 * The EMF file doesn't contain the page description (paper size, orientation, ...).
+                 * The EMF file only contains what is to be printed on the page.
+                 * So in order for the server to know how to print, the NT client sends
+                 * a devicemode attached to the openprinterex call.
+                 * But this devicemode is short lived, it's only valid for the current print job.
+                 *
+                 * If Samba would have supported EMF spooling, this devicemode would
+                 * have been attached to the handle, to sent it to the driver to correctly
+                 * rasterize the EMF file.
+                 *
+                 * As Samba only supports RAW spooling, we only receive a ready-to-print file,
+                 * we just act as a pass-thru between windows and the printer.
+                 *
+                 * In order to know that Samba supports only RAW spooling, NT has to call
+                 * getprinter() at level 2 (attribute field) or NT has to call startdoc()
+                 * and until NT sends a RAW job, we refuse it.
+                 *
+                 * But to call getprinter() or startdoc(), you first need a valid handle,
+                 * and to get an handle you have to call openprintex(). Hence why you have
+                 * a devicemode in the openprinterex() call.
+                 *
+                 *
+                 * Differences between NT4 and NT 2000.
+                 * NT4:
+                 * 
+                 * On NT4, you only have a global devicemode. This global devicemode can be changed
+                 * by the administrator (or by a user with enough privs). Every time a user
+                 * wants to print, the devicemode is reset to the default. In Word, every time
+                 * you print, the printer's characteristics are always reset to the global devicemode.
+                 *
+                 * NT 2000:
+                 * 
+                 * In W2K, there is the notion of per-user devicemode. The first time you use
+                 * a printer, a per-user devicemode is build from the global devicemode.
+                 * If you change your per-user devicemode, it is saved in the registry, under the
+                 * H_KEY_CURRENT_KEY sub_tree. So that every time you print, you have your default
+                 * printer preferences available.
+                 *
+                 * To change the per-user devicemode: it's the "Printing Preferences ..." button
+                 * on the General Tab of the printer properties windows.
+                 *
+                 * To change the global devicemode: it's the "Printing Defaults..." button
+                 * on the Advanced Tab of the printer properties window.
+-->
+
 </chapter>
diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
index 81469df51a0..b923303d358 100644
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -8,6 +8,10 @@
 <!ENTITY NT-Security SYSTEM "NT_Security.sgml">
 <!ENTITY OS2-Client SYSTEM "OS2-Client-HOWTO.sgml">
 <!ENTITY Samba-PDC-HOWTO SYSTEM "Samba-PDC-HOWTO.sgml">
+<!ENTITY CVS-Access SYSTEM "CVS-Access.sgml">
+<!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml">
+<!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml">
+<!ENTITY INDEX-FILE SYSTEM "index.sgml">
 ]>
 
 <book id="Samba-Project-Documentation">
@@ -22,17 +26,38 @@
 	<pubdate>$rcsId</pubdate>
 </bookinfo>
 
-<toc></toc>
+<dedication>
+<title>Abstract</title>
 
+<para>
+This book is a collection of HOWTOs added to Samba documentation over the years.
+I try to ensure that all are current, but sometimes the is a larger job
+than one person can maintain.  The most recent version of this document
+can be found at <ulink url="http://www.samba.org/">http://www.samba.org/</ulink>
+on the "Documentation" page.  Please send updates to <ulink 
+url="mailto:jerry@samba.org">jerry@samba.org</ulink>.
+</para>
 
+<para>
+Cheers, jerry
+</para>
+
+</dedication>
+
+<!-- Chapters -->
 &UNIX-INSTALL;
-&ENCRYPTION;
+&IntegratingWithWindows;
+&Samba-PAM;
 &MS-Dfs-Setup;
+&NT-Security;
 &PRINTER-DRIVER2;
 &DOMAIN-MEMBER;
 &Samba-PDC-HOWTO;
 &WINBIND;
-&NT-Security;
 &OS2-Client;
+&CVS-Access;
+
+<!-- Autogenerated Index -->
+&INDEX-FILE;
 
 </book>
diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml
index 8a380c206db..da7aecdee42 100644
--- a/docs/docbook/projdoc/winbind.sgml
+++ b/docs/docbook/projdoc/winbind.sgml
@@ -1,4 +1,4 @@
-<chapter>
+<chapter id="winbind">
 
 
 <chapterinfo>
@@ -21,7 +21,7 @@
 	<pubdate>16 Oct 2000</pubdate>
 </chapterinfo>
 
-<title>Unifed Logons between Windows NT and UNIX using Winbind</title>
+<title>Unified Logons between Windows NT and UNIX using Winbind</title>
 
 <sect1>
 	<title>Abstract</title>
@@ -30,7 +30,7 @@
 	a unified logon has been considered a "holy grail" in heterogeneous 
 	computing environments for a long time. We present <emphasis>winbind
 	</emphasis>, a component of the Samba suite of programs as a 
-	solution to the unied logon problem. Winbind uses a UNIX implementation 
+	solution to the unified logon problem. Winbind uses a UNIX implementation 
 	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
 	Service Switch to allow Windows NT domain users to appear and operate 
 	as UNIX users on a UNIX machine. This paper describes the winbind 
@@ -57,7 +57,7 @@
 	can lead to synchronization problems between the UNIX and Windows 
 	systems and confusion for users.</para>
 	
-	<para>We divide the unifed logon problem for UNIX machines into 
+	<para>We divide the unified logon problem for UNIX machines into 
 	three smaller problems:</para>
 	
 	<itemizedlist>
@@ -77,7 +77,7 @@
 	information on the UNIX machines and without creating additional 
 	tasks for the system administrator when maintaining users and 
 	groups on either system. The winbind system provides a simple 
-	and elegant solution to all three components of the unifed logon 
+	and elegant solution to all three components of the unified logon 
 	problem.</para>
 </sect1>
 
@@ -179,7 +179,7 @@
 		<para>The Name Service Switch, or NSS, is a feature that is 
 		present in many UNIX operating systems. It allows system 
 		information such as hostnames, mail aliases and user information 
-		to be resolved from dierent sources. For example, a standalone 
+		to be resolved from different sources. For example, a standalone 
 		UNIX workstation may resolve system information from a series of 
 		flat files stored on the local lesystem. A networked workstation 
 		may first attempt to resolve system information from local files, 
@@ -202,7 +202,7 @@
 		for a line which matches the service type being requested, for 
 		example the "passwd" service type is used when user or group names 
 		are looked up. This	config line species which implementations 
-		of that service should be tried andin what order. If the passwd 
+		of that service should be tried and in what order. If the passwd 
 		config line is:</para>
 
 		<para><command>passwd: files example</command></para>
@@ -229,7 +229,7 @@
 		<para>Pluggable Authentication Modules, also known as PAM, 
 		is a system for abstracting authentication and authorization 
 		technologies. With a PAM module it is possible to specify different 
-		authentication methods for dierent system applications without 
+		authentication methods for different system applications without 
 		having to recompile these applications. PAM is also useful
 		for implementing a particular policy for authorization. For example, 
 		a system administrator may only allow console logins from users 
@@ -244,7 +244,7 @@
 		this change take eect directly on the Primary Domain Controller.
 		</para>
 		
-		<para>PAM is congured by providing control files in the directory 
+		<para>PAM is configured by providing control files in the directory 
 		<filename>/etc/pam.d/</filename> for each of the services that 
 		require authentication. When an authentication request is made 
 		by an application the PAM code in the C library looks up this
@@ -263,11 +263,11 @@
 		<title>User and Group ID Allocation</title>
 		
 		<para>When a user or group is created under Windows NT 
-		is it allocated a numerical relative identier (RID). This is 
-		slightly dierent to UNIX which has a range of numbers which are 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers which are 
 		used to identify users, and the same range in which to identify 
 		groups. It is winbind's job to convert RIDs to UNIX id numbers and
-		vice versa.  When winbind is congured it is given part of the UNIX 
+		vice versa.  When winbind is configured it is given part of the UNIX 
 		user id space and a part of the UNIX group id space in which to 
 		store Windows NT users and groups. If a Windows NT user is 
 		resolved for the first time, it is allocated the next UNIX id from 
@@ -290,7 +290,7 @@
 		by NT domain controllers.  User or group information returned 
 		by a PDC is cached by winbind along with a sequence number also 
 		returned by the PDC. This sequence number is incremented by 
-		Windows NT whenever any user or group information is modied. If 
+		Windows NT whenever any user or group information is modified. If 
 		a cached entry has expired, the sequence number is requested from 
 		the PDC and compared against the sequence number of the cached entry. 
 		If the sequence numbers do not match, then the cached information 
@@ -314,7 +314,7 @@
 	
 	<para>Once you have installed the packages you should read 
 	the <command>winbindd(8)</command> man page which will provide you 
-	with conguration information and give you sample conguration files. 
+	with configuration information and give you sample configuration files. 
 	You may also wish to update the main Samba daemons smbd and nmbd) 
 	with a more recent development release, such as the recently
 	announced Samba 2.2 alpha release.</para>
diff --git a/docs/docbook/scripts/strip-links.pl b/docs/docbook/scripts/strip-links.pl
index 495822264ec..dbbdceaabcc 100644
--- a/docs/docbook/scripts/strip-links.pl
+++ b/docs/docbook/scripts/strip-links.pl
@@ -6,8 +6,9 @@
 
 while (<STDIN>) {
 
+	chomp ($_);
 	$_ =~ s/\s*<URL:.*html.*>\s*//g;
-	print "$_";
+	print "$_\n";
 
 }
 exit 0;
diff --git a/docs/htmldocs/ENCRYPTION.html b/docs/htmldocs/ENCRYPTION.html
index f7424be11a4..cff06c4822a 100644
--- a/docs/htmldocs/ENCRYPTION.html
+++ b/docs/htmldocs/ENCRYPTION.html
@@ -118,7 +118,7 @@ NAME="AEN18"
 ><P
 >The unix and SMB password encryption techniques seem similar 
 	on the surface. This similarity is, however, only skin deep. The unix 
-	scheme typically sends clear text passwords over the nextwork when 
+	scheme typically sends clear text passwords over the network when 
 	logging in. This is bad. The SMB encryption scheme never sends the 
 	cleartext password over the network but it does store the 16 byte 
 	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
@@ -196,7 +196,7 @@ CLASS="EMPHASIS"
 		Microsoft SMB/CIFS clients support authentication via the
 		SMB Challenge/Response mechanism described here.  Enabling
 		clear text authentication does not disable the ability
-		of the client to particpate in encrypted authentication.</P
+		of the client to participate in encrypted authentication.</P
 ></TD
 ></TR
 ></TABLE
diff --git a/docs/htmldocs/NT_Security.html b/docs/htmldocs/NT_Security.html
index 081f7fb838a..e7bf9890a9d 100644
--- a/docs/htmldocs/NT_Security.html
+++ b/docs/htmldocs/NT_Security.html
@@ -1,7 +1,7 @@
 <HTML
 ><HEAD
 ><TITLE
->UNIX Permission Bits and WIndows NT Access Control Lists</TITLE
+>UNIX Permission Bits and Windows NT Access Control Lists</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
@@ -20,7 +20,7 @@ CLASS="TITLEPAGE"
 CLASS="TITLE"
 ><A
 NAME="AEN1"
->UNIX Permission Bits and WIndows NT Access Control Lists</A
+>UNIX Permission Bits and Windows NT Access Control Lists</A
 ></H1
 ><HR></DIV
 ><DIV
@@ -44,7 +44,7 @@ NAME="AEN3"
 ><P
 >In Samba 2.0.4 and above the default value of the 
 	parameter <A
-HREF="smb.conf.5.html#NTACLSUPPOR"
+HREF="smb.conf.5.html#NTACLSUPPORT"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
@@ -153,7 +153,7 @@ CLASS="REPLACEABLE"
 >(Long name)</I
 ></TT
 >
-	is the discriptive string identifying the user (normally found in the
+	is the descriptive string identifying the user (normally found in the
 	GECOS field of the UNIX password database). Click on the <B
 CLASS="COMMAND"
 >Close
@@ -182,7 +182,7 @@ CLASS="COMMAND"
 	you to change the ownership of this file to yourself (clicking on 
 	it will display a dialog box complaining that the user you are 
 	currently logged onto the NT client cannot be found). The reason 
-	for this is that changing the ownership of a file is a privilaged 
+	for this is that changing the ownership of a file is a privileged 
 	operation in UNIX, available only to the <I
 CLASS="EMPHASIS"
 >root</I
@@ -192,7 +192,7 @@ CLASS="EMPHASIS"
 	client this will not work with Samba at this time.</P
 ><P
 >There is an NT chown command that will work with Samba 
-	and allow a user with Administrator privillage connected 
+	and allow a user with Administrator privilege connected 
 	to a Samba 2.0.4 server as root to change the ownership of 
 	files on both a local NTFS filesystem or remote mounted NTFS 
 	or Samba drive. This is available as part of the <I
@@ -242,7 +242,7 @@ CLASS="REPLACEABLE"
 >(Long name)</I
 ></TT
 >
-	is the discriptive string identifying the user (normally found in the
+	is the descriptive string identifying the user (normally found in the
 	GECOS field of the UNIX password database).</P
 ><P
 >If the parameter <TT
@@ -274,7 +274,7 @@ NAME="AEN58"
 ></H2
 ><P
 >The standard UNIX user/group/world triple and 
-		the correspinding "read", "write", "execute" permissions 
+		the corresponding "read", "write", "execute" permissions 
 		triples are mapped by Samba into a three element NT ACL 
 		with the 'r', 'w', and 'x' bits mapped into the corresponding 
 		NT permissions. The UNIX world permissions are mapped into 
@@ -400,7 +400,7 @@ CLASS="COMMAND"
 	button will not return a list of users in Samba 2.0.4 (it will give 
 	an error message of <B
 CLASS="COMMAND"
->"The remote proceedure call failed 
+>"The remote procedure call failed 
 	and did not execute"</B
 >). This means that you can only 
 	manipulate the current user/group/world permissions listed in 
@@ -450,7 +450,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >"Take
 	Ownership"</B
-> permission (dsplayed as <B
+> permission (displayed as <B
 CLASS="COMMAND"
 >"O"
 	</B
@@ -582,7 +582,7 @@ CLASS="PARAMETER"
 ></A
 > parameter to provide compatibility
 	with Samba 2.0.4 where the permission change facility was introduced.
-	To allow a user to modify all the user/group/world permissions on a file,
+	To allow a user to modify all the user/group/world permissions on a file
 	with no restrictions set this parameter to 000.</P
 ><P
 >The <TT
diff --git a/docs/htmldocs/OS2-Client-HOWTO.html b/docs/htmldocs/OS2-Client-HOWTO.html
index 84a424c017e..d7a3132d151 100644
--- a/docs/htmldocs/OS2-Client-HOWTO.html
+++ b/docs/htmldocs/OS2-Client-HOWTO.html
@@ -173,7 +173,7 @@ NAME="AEN33"
 		driver from an OS/2 system.</P
 ><P
 >Install the NT driver first for that printer.  Then, 
-		add to your smb.conf a paramater, "os2 driver map = 
+		add to your smb.conf a parameter, "os2 driver map = 
 		<TT
 CLASS="REPLACEABLE"
 ><I
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html
index 346c2bc84d0..42570c2748b 100644
--- a/docs/htmldocs/Samba-HOWTO-Collection.html
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
@@ -32,6 +32,27 @@ NAME="AEN4"
 >SAMBA Team</A
 ></H3
 ><HR></DIV
+><HR><H1
+><A
+NAME="AEN9"
+>Abstract</A
+></H1
+><P
+>This book is a collection of HOWTOs added to Samba documentation over the years.
+I try to ensure that all are current, but sometimes the is a larger job
+than one person can maintain.  The most recent version of this document
+can be found at <A
+HREF="http://www.samba.org/"
+TARGET="_top"
+>http://www.samba.org/</A
+>
+on the "Documentation" page.  Please send updates to <A
+HREF="mailto:jerry@samba.org"
+TARGET="_top"
+>jerry@samba.org</A
+>.</P
+><P
+>Cheers, jerry</P
 ><DIV
 CLASS="TOC"
 ><DL
@@ -41,34 +62,34 @@ CLASS="TOC"
 ></DT
 ><DT
 >1. <A
-HREF="#AEN10"
+HREF="#AEN15"
 >How to Install and Test SAMBA</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN12"
+>1.1. <A
+HREF="#AEN17"
 >Step 0: Read the man pages</A
 ></DT
 ><DT
-><A
-HREF="#AEN20"
+>1.2. <A
+HREF="#AEN25"
 >Step 1: Building the Binaries</A
 ></DT
 ><DT
-><A
-HREF="#AEN48"
+>1.3. <A
+HREF="#AEN53"
 >Step 2: The all important step</A
 ></DT
 ><DT
-><A
-HREF="#AEN52"
+>1.4. <A
+HREF="#AEN57"
 >Step 3: Create the smb configuration file.</A
 ></DT
 ><DT
-><A
-HREF="#AEN66"
+>1.5. <A
+HREF="#AEN71"
 >Step 4: Test your config file with 
 	<B
 CLASS="COMMAND"
@@ -76,81 +97,81 @@ CLASS="COMMAND"
 ></A
 ></DT
 ><DT
-><A
-HREF="#AEN72"
+>1.6. <A
+HREF="#AEN77"
 >Step 5: Starting the smbd and nmbd</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN82"
+>1.6.1. <A
+HREF="#AEN87"
 >Step 5a: Starting from inetd.conf</A
 ></DT
 ><DT
-><A
-HREF="#AEN111"
+>1.6.2. <A
+HREF="#AEN116"
 >Step 5b. Alternative: starting it as a daemon</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN127"
+>1.7. <A
+HREF="#AEN132"
 >Step 6: Try listing the shares available on your 
 	server</A
 ></DT
 ><DT
-><A
-HREF="#AEN136"
+>1.8. <A
+HREF="#AEN141"
 >Step 7: Try connecting with the unix client</A
 ></DT
 ><DT
-><A
-HREF="#AEN152"
+>1.9. <A
+HREF="#AEN157"
 >Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</A
 ></DT
 ><DT
-><A
-HREF="#AEN166"
+>1.10. <A
+HREF="#AEN171"
 >What If Things Don't Work?</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN171"
+>1.10.1. <A
+HREF="#AEN176"
 >Diagnosing Problems</A
 ></DT
 ><DT
-><A
-HREF="#AEN175"
+>1.10.2. <A
+HREF="#AEN180"
 >Scope IDs</A
 ></DT
 ><DT
-><A
-HREF="#AEN178"
+>1.10.3. <A
+HREF="#AEN183"
 >Choosing the Protocol Level</A
 ></DT
 ><DT
-><A
-HREF="#AEN187"
+>1.10.4. <A
+HREF="#AEN192"
 >Printing from UNIX to a Client PC</A
 ></DT
 ><DT
-><A
-HREF="#AEN191"
+>1.10.5. <A
+HREF="#AEN196"
 >Locking</A
 ></DT
 ><DT
-><A
-HREF="#AEN201"
+>1.10.6. <A
+HREF="#AEN206"
 >Mapping Usernames</A
 ></DT
 ><DT
-><A
-HREF="#AEN204"
+>1.10.7. <A
+HREF="#AEN209"
 >Other Character Sets</A
 ></DT
 ></DL
@@ -159,77 +180,185 @@ HREF="#AEN204"
 ></DD
 ><DT
 >2. <A
-HREF="#AEN207"
->LanMan and NT Password Encryption in Samba 2.x</A
+HREF="#AEN212"
+>Integrating MS Windows networks with Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN218"
->Introduction</A
+>2.1. <A
+HREF="#AEN223"
+>Agenda</A
 ></DT
 ><DT
-><A
-HREF="#AEN222"
->How does it work?</A
+>2.2. <A
+HREF="#AEN245"
+>Name Resolution in a pure Unix/Linux world</A
 ></DT
+><DD
+><DL
 ><DT
-><A
-HREF="#AEN233"
->Important Notes About Security</A
+>2.2.1. <A
+HREF="#AEN261"
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></DT
+><DT
+>2.2.2. <A
+HREF="#AEN277"
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
+></DT
+><DT
+>2.2.3. <A
+HREF="#AEN288"
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
+></DT
+><DT
+>2.2.4. <A
+HREF="#AEN296"
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></DT
+></DL
+></DD
+><DT
+>2.3. <A
+HREF="#AEN308"
+>Name resolution as used within MS Windows networking</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN252"
->Advantages of SMB Encryption</A
+>2.3.1. <A
+HREF="#AEN320"
+>The NetBIOS Name Cache</A
 ></DT
 ><DT
-><A
-HREF="#AEN259"
->Advantages of non-encrypted passwords</A
+>2.3.2. <A
+HREF="#AEN325"
+>The LMHOSTS file</A
+></DT
+><DT
+>2.3.3. <A
+HREF="#AEN333"
+>HOSTS file</A
+></DT
+><DT
+>2.3.4. <A
+HREF="#AEN338"
+>DNS Lookup</A
+></DT
+><DT
+>2.3.5. <A
+HREF="#AEN341"
+>WINS Lookup</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN268"
-><A
-NAME="SMBPASSWDFILEFORMAT"
-></A
->The smbpasswd file</A
+>2.4. <A
+HREF="#AEN353"
+>How browsing functions and how to deploy stable and 
+dependable browsing using Samba</A
 ></DT
 ><DT
-><A
-HREF="#AEN320"
->The smbpasswd Command</A
+>2.5. <A
+HREF="#AEN363"
+>MS Windows security options and how to configure 
+Samba for seemless integration</A
+></DT
+><DD
+><DL
+><DT
+>2.5.1. <A
+HREF="#AEN391"
+>Use MS Windows NT as an authentication server</A
 ></DT
 ><DT
-><A
-HREF="#AEN359"
->Setting up Samba to support LanManager Encryption</A
+>2.5.2. <A
+HREF="#AEN399"
+>Make Samba a member of an MS Windows NT security domain</A
+></DT
+><DT
+>2.5.3. <A
+HREF="#AEN416"
+>Configure Samba as an authentication server</A
+></DT
+><DD
+><DL
+><DT
+>2.5.3.1. <A
+HREF="#AEN423"
+>Users</A
+></DT
+><DT
+>2.5.3.2. <A
+HREF="#AEN428"
+>MS Windows NT Machine Accounts</A
+></DT
+></DL
+></DD
+></DL
+></DD
+><DT
+>2.6. <A
+HREF="#AEN433"
+>Conclusions</A
 ></DT
 ></DL
 ></DD
 ><DT
 >3. <A
-HREF="#AEN374"
+HREF="#AEN443"
+>Configuring PAM for distributed but centrally 
+managed authentication</A
+></DT
+><DD
+><DL
+><DT
+>3.1. <A
+HREF="#AEN454"
+>Samba and PAM</A
+></DT
+><DT
+>3.2. <A
+HREF="#AEN496"
+>Distributed Authentication</A
+></DT
+><DT
+>3.3. <A
+HREF="#AEN503"
+>PAM Configuration in smb.conf</A
+></DT
+></DL
+></DD
+><DT
+>4. <A
+HREF="#AEN512"
 >Hosting a Microsoft Distributed File System tree on Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN385"
+>4.1. <A
+HREF="#AEN523"
 >Instructions</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN420"
+>4.1.1. <A
+HREF="#AEN558"
 >Notes</A
 ></DT
 ></DL
@@ -237,334 +366,449 @@ HREF="#AEN420"
 ></DL
 ></DD
 ><DT
->4. <A
-HREF="#AEN429"
+>5. <A
+HREF="#AEN567"
+>UNIX Permission Bits and Windows NT Access Control Lists</A
+></DT
+><DD
+><DL
+><DT
+>5.1. <A
+HREF="#AEN578"
+>Viewing and changing UNIX permissions using the NT 
+	security dialogs</A
+></DT
+><DT
+>5.2. <A
+HREF="#AEN587"
+>How to view file security on a Samba share</A
+></DT
+><DT
+>5.3. <A
+HREF="#AEN598"
+>Viewing file ownership</A
+></DT
+><DT
+>5.4. <A
+HREF="#AEN618"
+>Viewing file or directory permissions</A
+></DT
+><DD
+><DL
+><DT
+>5.4.1. <A
+HREF="#AEN633"
+>File Permissions</A
+></DT
+><DT
+>5.4.2. <A
+HREF="#AEN647"
+>Directory Permissions</A
+></DT
+></DL
+></DD
+><DT
+>5.5. <A
+HREF="#AEN654"
+>Modifying file or directory permissions</A
+></DT
+><DT
+>5.6. <A
+HREF="#AEN676"
+>Interaction with the standard Samba create mask 
+	parameters</A
+></DT
+><DT
+>5.7. <A
+HREF="#AEN740"
+>Interaction with the standard Samba file attribute 
+	mapping</A
+></DT
+></DL
+></DD
+><DT
+>6. <A
+HREF="#AEN750"
 >Printing Support in Samba 2.2.x</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN440"
+>6.1. <A
+HREF="#AEN761"
 >Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN457"
+>6.2. <A
+HREF="#AEN783"
 >Configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN511"
+>6.2.1. <A
+HREF="#AEN794"
+>Creating [print$]</A
+></DT
+><DT
+>6.2.2. <A
+HREF="#AEN829"
+>Setting Drivers for Existing Printers</A
+></DT
+><DT
+>6.2.3. <A
+HREF="#AEN846"
 >Support a large number of printers</A
 ></DT
+><DT
+>6.2.4. <A
+HREF="#AEN857"
+>Adding New Printers via the Windows NT APW</A
+></DT
+><DT
+>6.2.5. <A
+HREF="#AEN882"
+>Samba and Printer Ports</A
+></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN522"
+>6.3. <A
+HREF="#AEN890"
 >The Imprints Toolset</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN526"
+>6.3.1. <A
+HREF="#AEN894"
 >What is Imprints?</A
 ></DT
 ><DT
-><A
-HREF="#AEN536"
+>6.3.2. <A
+HREF="#AEN904"
 >Creating Printer Driver Packages</A
 ></DT
 ><DT
-><A
-HREF="#AEN539"
+>6.3.3. <A
+HREF="#AEN907"
 >The Imprints server</A
 ></DT
 ><DT
-><A
-HREF="#AEN543"
+>6.3.4. <A
+HREF="#AEN911"
 >The Installation Client</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN565"
+>6.4. <A
+HREF="#AEN933"
 ><A
 NAME="MIGRATION"
 ></A
->Migration to from Samba 2.0.x to 
-	2.2.x</A
+>Migration to from Samba 2.0.x to 2.2.x</A
 ></DT
 ></DL
 ></DD
 ><DT
->5. <A
-HREF="#AEN594"
+>7. <A
+HREF="#AEN977"
 >security = domain in Samba 2.x</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN612"
+>7.1. <A
+HREF="#AEN995"
 >Joining an NT Domain with Samba 2.2</A
 ></DT
 ><DT
-><A
-HREF="#AEN676"
+>7.2. <A
+HREF="#AEN1059"
 >Samba and Windows 2000 Domains</A
 ></DT
 ><DT
-><A
-HREF="#AEN681"
+>7.3. <A
+HREF="#AEN1064"
 >Why is this better than security = server?</A
 ></DT
 ></DL
 ></DD
 ><DT
->6. <A
-HREF="#AEN697"
->How to Configure Samba 2.2.x as a Primary Domain Controller</A
+>8. <A
+HREF="#AEN1080"
+>How to Configure Samba 2.2 as a Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN708"
+>8.1. <A
+HREF="#AEN1097"
+>Prerequisite Reading</A
+></DT
+><DT
+>8.2. <A
+HREF="#AEN1103"
 >Background</A
 ></DT
 ><DT
-><A
-HREF="#AEN745"
+>8.3. <A
+HREF="#AEN1143"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
-><A
-HREF="#AEN788"
+>8.4. <A
+HREF="#AEN1186"
 >Creating Machine Trust Accounts and Joining Clients 
 to the Domain</A
 ></DT
+><DD
+><DL
 ><DT
-><A
-HREF="#AEN827"
+>8.4.1. <A
+HREF="#AEN1200"
+>Manually creating machine trust accounts</A
+></DT
+><DT
+>8.4.2. <A
+HREF="#AEN1228"
+>Creating machine trust accounts "on the fly"</A
+></DT
+></DL
+></DD
+><DT
+>8.5. <A
+HREF="#AEN1239"
 >Common Problems and Errors</A
 ></DT
 ><DT
-><A
-HREF="#AEN855"
+>8.6. <A
+HREF="#AEN1287"
 >System Policies and Profiles</A
 ></DT
 ><DT
-><A
-HREF="#AEN895"
+>8.7. <A
+HREF="#AEN1331"
 >What other help can I get ?</A
 ></DT
+><DT
+>8.8. <A
+HREF="#AEN1445"
+>Domain Control for Windows 9x/ME</A
+></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN942"
->URLs and similar</A
+>8.8.1. <A
+HREF="#AEN1475"
+>Configuration Instructions:	Network Logons</A
 ></DT
 ><DT
-><A
-HREF="#AEN966"
->Mailing Lists</A
+>8.8.2. <A
+HREF="#AEN1509"
+>Configuration Instructions:	Setting up Roaming User Profiles</A
+></DT
+><DD
+><DL
+><DT
+>8.8.2.1. <A
+HREF="#AEN1517"
+>Windows NT Configuration</A
+></DT
+><DT
+>8.8.2.2. <A
+HREF="#AEN1525"
+>Windows 9X Configuration</A
+></DT
+><DT
+>8.8.2.3. <A
+HREF="#AEN1533"
+>Win9X and WinNT Configuration</A
+></DT
+><DT
+>8.8.2.4. <A
+HREF="#AEN1540"
+>Windows 9X Profile Setup</A
+></DT
+><DT
+>8.8.2.5. <A
+HREF="#AEN1576"
+>Windows NT Workstation 4.0</A
+></DT
+><DT
+>8.8.2.6. <A
+HREF="#AEN1589"
+>Windows NT Server</A
+></DT
+><DT
+>8.8.2.7. <A
+HREF="#AEN1592"
+>Sharing Profiles between W95 and NT Workstation 4.0</A
 ></DT
 ></DL
 ></DD
+></DL
+></DD
 ><DT
-><A
-HREF="#AEN1005"
+>8.9. <A
+HREF="#AEN1602"
 >DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
->7. <A
-HREF="#AEN1029"
->Unifed Logons between Windows NT and UNIX using Winbind</A
+>9. <A
+HREF="#AEN1627"
+>Unified Logons between Windows NT and UNIX using Winbind</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1047"
+>9.1. <A
+HREF="#AEN1645"
 >Abstract</A
 ></DT
 ><DT
-><A
-HREF="#AEN1051"
+>9.2. <A
+HREF="#AEN1649"
 >Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN1064"
+>9.3. <A
+HREF="#AEN1662"
 >What Winbind Provides</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1071"
+>9.3.1. <A
+HREF="#AEN1669"
 >Target Uses</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN1075"
+>9.4. <A
+HREF="#AEN1673"
 >How Winbind Works</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1080"
+>9.4.1. <A
+HREF="#AEN1678"
 >Microsoft Remote Procedure Calls</A
 ></DT
 ><DT
-><A
-HREF="#AEN1084"
+>9.4.2. <A
+HREF="#AEN1682"
 >Name Service Switch</A
 ></DT
 ><DT
-><A
-HREF="#AEN1100"
+>9.4.3. <A
+HREF="#AEN1698"
 >Pluggable Authentication Modules</A
 ></DT
 ><DT
-><A
-HREF="#AEN1108"
+>9.4.4. <A
+HREF="#AEN1706"
 >User and Group ID Allocation</A
 ></DT
 ><DT
-><A
-HREF="#AEN1112"
+>9.4.5. <A
+HREF="#AEN1710"
 >Result Caching</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN1115"
+>9.5. <A
+HREF="#AEN1713"
 >Installation and Configuration</A
 ></DT
 ><DT
-><A
-HREF="#AEN1121"
+>9.6. <A
+HREF="#AEN1719"
 >Limitations</A
 ></DT
 ><DT
-><A
-HREF="#AEN1133"
+>9.7. <A
+HREF="#AEN1731"
 >Conclusion</A
 ></DT
 ></DL
 ></DD
 ><DT
->8. <A
-HREF="#AEN1136"
->UNIX Permission Bits and WIndows NT Access Control Lists</A
+>10. <A
+HREF="#AEN1734"
+>OS2 Client HOWTO</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1147"
->Viewing and changing UNIX permissions using the NT 
-	security dialogs</A
-></DT
-><DT
-><A
-HREF="#AEN1156"
->How to view file security on a Samba share</A
-></DT
-><DT
-><A
-HREF="#AEN1167"
->Viewing file ownership</A
-></DT
-><DT
-><A
-HREF="#AEN1187"
->Viewing file or directory permissions</A
+>10.1. <A
+HREF="#AEN1745"
+>FAQs</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1202"
->File Permissions</A
-></DT
-><DT
-><A
-HREF="#AEN1216"
->Directory Permissions</A
+>10.1.1. <A
+HREF="#AEN1747"
+>How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</A
 ></DT
-></DL
-></DD
 ><DT
-><A
-HREF="#AEN1223"
->Modifying file or directory permissions</A
+>10.1.2. <A
+HREF="#AEN1762"
+>How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</A
 ></DT
 ><DT
-><A
-HREF="#AEN1245"
->Interaction with the standard Samba create mask 
-	parameters</A
+>10.1.3. <A
+HREF="#AEN1771"
+>Are there any other issues when OS/2 (any version) 
+		is used as a client?</A
 ></DT
 ><DT
-><A
-HREF="#AEN1309"
->Interaction with the standard Samba file attribute 
-	mapping</A
+>10.1.4. <A
+HREF="#AEN1775"
+>How do I get printer driver download working 
+		for OS/2 clients?</A
 ></DT
 ></DL
 ></DD
+></DL
+></DD
 ><DT
->9. <A
-HREF="#AEN1319"
->OS2 Client HOWTO</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN1330"
->FAQs</A
+>11. <A
+HREF="#AEN1784"
+>HOWTO Access Samba source code via CVS</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1332"
->How can I configure OS/2 Warp Connect or 
-		OS/2 Warp 4 as a client for Samba?</A
+>11.1. <A
+HREF="#AEN1791"
+>Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN1347"
->How can I configure OS/2 Warp 3 (not Connect), 
-		OS/2 1.2, 1.3 or 2.x for Samba?</A
+>11.2. <A
+HREF="#AEN1796"
+>CVS Access to samba.org</A
 ></DT
+><DD
+><DL
 ><DT
-><A
-HREF="#AEN1356"
->Are there any other issues when OS/2 (any version) 
-		is used as a client?</A
+>11.2.1. <A
+HREF="#AEN1799"
+>Access via CVSweb</A
 ></DT
 ><DT
-><A
-HREF="#AEN1360"
->How do I get printer driver download working 
-		for OS/2 clients?</A
+>11.2.2. <A
+HREF="#AEN1804"
+>Access via cvs</A
 ></DT
 ></DL
 ></DD
@@ -576,7 +820,7 @@ HREF="#AEN1360"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN10"
+NAME="AEN15"
 >Chapter 1. How to Install and Test SAMBA</A
 ></H1
 ><DIV
@@ -584,8 +828,8 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN12"
->Step 0: Read the man pages</A
+NAME="AEN17"
+>1.1. Step 0: Read the man pages</A
 ></H1
 ><P
 >The man pages distributed with SAMBA contain 
@@ -616,8 +860,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN20"
->Step 1: Building the Binaries</A
+NAME="AEN25"
+>1.2. Step 1: Building the Binaries</A
 ></H1
 ><P
 >To do this, first run the program <B
@@ -640,7 +884,7 @@ CLASS="USERINPUT"
 ></P
 ><P
 >first to see what special options you can enable.
-	Then exectuting</P
+	Then executing</P
 ><P
 ><TT
 CLASS="PROMPT"
@@ -715,8 +959,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN48"
->Step 2: The all important step</A
+NAME="AEN53"
+>1.3. Step 2: The all important step</A
 ></H1
 ><P
 >At this stage you must fetch yourself a 
@@ -732,8 +976,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN52"
->Step 3: Create the smb configuration file.</A
+NAME="AEN57"
+>1.4. Step 3: Create the smb configuration file.</A
 ></H1
 ><P
 >There are sample configuration files in the examples 
@@ -744,6 +988,12 @@ NAME="AEN52"
 >The simplest useful configuration file would be 
 	something like this:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >	[global]
@@ -753,12 +1003,15 @@ CLASS="PROGRAMLISTING"
 	      guest ok = no
 	      read only = no
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >which would allow connections by anyone with an 
 	account on the server, using either their login name or 
 	"homes" as the service name. (Note that I also set the 
-	workgroup that Samba is part of. See BROWSING.txt for defails)</P
+	workgroup that Samba is part of. See BROWSING.txt for details)</P
 ><P
 >Note that <B
 CLASS="COMMAND"
@@ -788,8 +1041,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN66"
->Step 4: Test your config file with 
+NAME="AEN71"
+>1.5. Step 4: Test your config file with 
 	<B
 CLASS="COMMAND"
 >testparm</B
@@ -805,15 +1058,15 @@ CLASS="FILENAME"
 	not it will give an error message.</P
 ><P
 >Make sure it runs OK and that the services look 
-	resonable before proceeding. </P
+	reasonable before proceeding. </P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN72"
->Step 5: Starting the smbd and nmbd</A
+NAME="AEN77"
+>1.6. Step 5: Starting the smbd and nmbd</A
 ></H1
 ><P
 >You must choose to start smbd and nmbd either 
@@ -852,8 +1105,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN82"
->Step 5a: Starting from inetd.conf</A
+NAME="AEN87"
+>1.6.1. Step 5a: Starting from inetd.conf</A
 ></H2
 ><P
 >NOTE; The following will be different if 
@@ -888,11 +1141,20 @@ CLASS="FILENAME"
 > 
 		and add two lines something like this:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
 		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >The exact syntax of <TT
@@ -914,7 +1176,7 @@ CLASS="FILENAME"
 		<TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
-> to make them consistant.</P
+> to make them consistent.</P
 ><P
 >NOTE: On many systems you may need to use the 
 		"interfaces" option in smb.conf to specify the IP address 
@@ -927,7 +1189,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > tries to determine it at run 
-		time, but fails on somunixes. See the section on "testing nmbd" 
+		time, but fails on some unixes. See the section on "testing nmbd" 
 		for a method of finding if you need to do this.</P
 ><P
 >!!!WARNING!!! Many unixes only accept around 5 
@@ -956,8 +1218,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN111"
->Step 5b. Alternative: starting it as a daemon</A
+NAME="AEN116"
+>1.6.2. Step 5b. Alternative: starting it as a daemon</A
 ></H2
 ><P
 >To start the server as a daemon you should create 
@@ -967,12 +1229,21 @@ CLASS="FILENAME"
 >startsmb</TT
 >.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		#!/bin/sh
 		/usr/local/samba/bin/smbd -D 
 		/usr/local/samba/bin/nmbd -D 
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >then make it executable with <B
@@ -1013,8 +1284,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN127"
->Step 6: Try listing the shares available on your 
+NAME="AEN132"
+>1.7. Step 6: Try listing the shares available on your 
 	server</A
 ></H1
 ><P
@@ -1054,8 +1325,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN136"
->Step 7: Try connecting with the unix client</A
+NAME="AEN141"
+>1.8. Step 7: Try connecting with the unix client</A
 ></H1
 ><P
 ><TT
@@ -1117,8 +1388,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN152"
->Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
+NAME="AEN157"
+>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</A
 ></H1
 ><P
@@ -1166,8 +1437,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN166"
->What If Things Don't Work?</A
+NAME="AEN171"
+>1.10. What If Things Don't Work?</A
 ></H1
 ><P
 >If nothing works and you start to think "who wrote 
@@ -1189,11 +1460,11 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN171"
->Diagnosing Problems</A
+NAME="AEN176"
+>1.10.1. Diagnosing Problems</A
 ></H2
 ><P
->If you have instalation problems then go to 
+>If you have installation problems then go to 
 		<TT
 CLASS="FILENAME"
 >DIAGNOSIS.txt</TT
@@ -1205,14 +1476,14 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN175"
->Scope IDs</A
+NAME="AEN180"
+>1.10.2. Scope IDs</A
 ></H2
 ><P
 >By default Samba uses a blank scope ID. This means 
 		all your windows boxes must also have a blank scope ID. 
 		If you really want to use a non-blank scope ID then you will 
-		need to use the -i &lt;scope&gt; option to nmbd, smbd, and 
+		need to use the -i &#60;scope&#62; option to nmbd, smbd, and 
 		smbclient. All your PCs will need to have the same setting for 
 		this to work. I do not recommend scope IDs.</P
 ></DIV
@@ -1221,8 +1492,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN178"
->Choosing the Protocol Level</A
+NAME="AEN183"
+>1.10.3. Choosing the Protocol Level</A
 ></H2
 ><P
 >The SMB protocol has many dialects. Currently 
@@ -1262,8 +1533,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN187"
->Printing from UNIX to a Client PC</A
+NAME="AEN192"
+>1.10.4. Printing from UNIX to a Client PC</A
 ></H2
 ><P
 >To use a printer that is available via a smb-based 
@@ -1280,8 +1551,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN191"
->Locking</A
+NAME="AEN196"
+>1.10.5. Locking</A
 ></H2
 ><P
 >One area which sometimes causes trouble is locking.</P
@@ -1327,7 +1598,7 @@ NAME="AEN191"
 		are set by an application when it opens a file to determine 
 		what types of access should be allowed simultaneously with 
 		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
-		or DENY_ALL. There are also special compatability modes called 
+		or DENY_ALL. There are also special compatibility modes called 
 		DENY_FCB and  DENY_DOS.</P
 ><P
 >You can disable share modes using "share modes = no". 
@@ -1341,8 +1612,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN201"
->Mapping Usernames</A
+NAME="AEN206"
+>1.10.6. Mapping Usernames</A
 ></H2
 ><P
 >If you have different usernames on the PCs and 
@@ -1354,13 +1625,13 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN204"
->Other Character Sets</A
+NAME="AEN209"
+>1.10.7. Other Character Sets</A
 ></H2
 ><P
 >If you have problems using filenames with accented 
 		characters in them (like the German, French or Scandinavian 
-		character sets) then I recommmend you look at the "valid chars" 
+		character sets) then I recommend you look at the "valid chars" 
 		option in smb.conf and also take a look at the validchars 
 		package in the examples directory.</P
 ></DIV
@@ -1370,213 +1641,243 @@ NAME="AEN204"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN207"
->Chapter 2. LanMan and NT Password Encryption in Samba 2.x</A
+NAME="AEN212"
+>Chapter 2. Integrating MS Windows networks with Samba</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN218"
->Introduction</A
+NAME="AEN223"
+>2.1. Agenda</A
 ></H1
 ><P
->With the development of LanManager and Windows NT 
-	compatible password encryption for Samba, it is now able 
-	to validate user connections in exactly the same way as 
-	a LanManager or Windows NT server.</P
+>To identify the key functional mechanisms of MS Windows networking 
+to enable the deployment of Samba as a means of extending and/or 
+replacing MS Windows NT/2000 technology.</P
 ><P
->This document describes how the SMB password encryption 
-	algorithm works and what issues there are in choosing whether 
-	you want to use it. You should read it carefully, especially 
-	the part about security and the "PROS and CONS" section.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN222"
->How does it work?</A
-></H1
+>We will examine:</P
 ><P
->LanManager encryption is somewhat similar to UNIX 
-	password encryption. The server uses a file containing a 
-	hashed value of a user's password.  This is created by taking 
-	the user's plaintext password, capitalising it, and either 
-	truncating to 14 bytes or padding to 14 bytes with null bytes. 
-	This 14 byte value is used as two 56 bit DES keys to encrypt 
-	a 'magic' eight byte value, forming a 16 byte value which is 
-	stored by the server and client. Let this value be known as 
-	the "hashed password".</P
-><P
->Windows NT encryption is a higher quality mechanism, 
-	consisting of doing an MD4 hash on a Unicode version of the user's 
-	password. This also produces a 16 byte hash value that is 
-	non-reversible.</P
-><P
->When a client (LanManager, Windows for WorkGroups, Windows 
-	95 or Windows NT) wishes to mount a Samba drive (or use a Samba 
-	resource), it first requests a connection and negotiates the 
-	protocol that the client and server will use. In the reply to this 
-	request the Samba server generates and appends an 8 byte, random 
-	value - this is stored in the Samba server after the reply is sent 
-	and is known as the "challenge".  The challenge is different for 
-	every client connection.</P
-><P
->The client then uses the hashed password (16 byte values 
-	described above), appended with 5 null bytes, as three 56 bit 
-	DES keys, each of which is used to encrypt the challenge 8 byte 
-	value, forming a 24 byte value known as the "response".</P
-><P
->In the SMB call SMBsessionsetupX (when user level security 
-	is selected) or the call SMBtconX (when share level security is 
-	selected), the 24 byte response is returned by the client to the 
-	Samba server.  For Windows NT protocol levels the above calculation 
-	is done on both hashes of the user's password and both responses are 
-	returned in the SMB call, giving two 24 byte values.</P
-><P
->The Samba server then reproduces the above calculation, using 
-	its own stored value of the 16 byte hashed password (read from the 
-	<TT
-CLASS="FILENAME"
->smbpasswd</TT
-> file - described later) and the challenge 
-	value that it kept from the negotiate protocol reply. It then checks 
-	to see if the 24 byte value it calculates matches the 24 byte value 
-	returned to it from the client.</P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>Name resolution in a pure Unix/Linux TCP/IP 
+	environment
+	</P
+></LI
+><LI
+><P
+>Name resolution as used within MS Windows 
+	networking
+	</P
+></LI
+><LI
+><P
+>How browsing functions and how to deploy stable 
+	and dependable browsing using Samba
+	</P
+></LI
+><LI
+><P
+>MS Windows security options and how to 
+	configure Samba for seemless integration
+	</P
+></LI
+><LI
 ><P
->If these values match exactly, then the client knew the 
-	correct password (or the 16 byte hashed value - see security note 
-	below) and is thus allowed access. If not, then the client did not 
-	know the correct password and is denied access.</P
+>Configuration of Samba as:</P
 ><P
->Note that the Samba server never knows or stores the cleartext 
-	of the user's password - just the 16 byte hashed values derived from 
-	it. Also note that the cleartext password or 16 byte hashed values 
-	are never transmitted over the network - thus increasing security.</P
+></P
+><OL
+TYPE="a"
+><LI
+><P
+>A stand-alone server</P
+></LI
+><LI
+><P
+>An MS Windows NT 3.x/4.0 security domain member
+		</P
+></LI
+><LI
+><P
+>An alternative to an MS Windows NT 3.x/4.0 Domain Controller
+		</P
+></LI
+></OL
+></LI
+></OL
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN233"
->Important Notes About Security</A
+NAME="AEN245"
+>2.2. Name Resolution in a pure Unix/Linux world</A
 ></H1
 ><P
->The unix and SMB password encryption techniques seem similar 
-	on the surface. This similarity is, however, only skin deep. The unix 
-	scheme typically sends clear text passwords over the nextwork when 
-	logging in. This is bad. The SMB encryption scheme never sends the 
-	cleartext password over the network but it does store the 16 byte 
-	hashed values on disk. This is also bad. Why? Because the 16 byte hashed 
-	values are a "password equivalent". You cannot derive the user's 
-	password from them, but they could potentially be used in a modified 
-	client to gain access to a server. This would require considerable 
-	technical knowledge on behalf of the attacker but is perfectly possible. 
-	You should thus treat the smbpasswd file as though it contained the 
-	cleartext passwords of all your users. Its contents must be kept 
-	secret, and the file should be protected accordingly.</P
-><P
->Ideally we would like a password scheme which neither requires 
-	plain text passwords on the net or on disk. Unfortunately this 
-	is not available as Samba is stuck with being compatible with 
-	other SMB systems (WinNT, WfWg, Win95 etc). </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="100%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
->Note that Windows NT 4.0 Service pack 3 changed the 
-		default for permissible authentication so that plaintext 
-		passwords are <I
-CLASS="EMPHASIS"
->never</I
-> sent over the wire. 
-		The solution to this is either to switch to encrypted passwords 
-		with Samba or edit the Windows NT registry to re-enable plaintext 
-		passwords. See the document WinNT.txt for details on how to do 
-		this.</P
-><P
->Other Microsoft operating systems which also exhibit 
-		this behavior includes</P
+>The key configuration files covered in this section are:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->MS DOS Network client 3.0 with 
-			the basic network redirector installed</P
+><TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></P
 ></LI
 ><LI
 ><P
->Windows 95 with the network redirector 
-			update installed</P
+><TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></P
 ></LI
 ><LI
 ><P
->Windows 98 [se]</P
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></P
 ></LI
 ><LI
 ><P
->Windows 2000</P
+><TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></P
 ></LI
 ></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN261"
+>2.2.1. <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+></A
+></H2
 ><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->All current release of 
-		Microsoft SMB/CIFS clients support authentication via the
-		SMB Challenge/Response mechanism described here.  Enabling
-		clear text authentication does not disable the ability
-		of the client to particpate in encrypted authentication.</P
+>Contains a static list of IP Addresses and names.
+eg:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box</PRE
 ></TD
 ></TR
 ></TABLE
+></P
+><P
+>The purpose of <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> is to provide a 
+name resolution mechanism so that uses do not need to remember 
+IP addresses.</P
+><P
+>Network packets that are sent over the physical network transport 
+layer communicate not via IP addresses but rather using the Media 
+Access Control address, or MAC address. IP Addresses are currently 
+32 bits in length and are typically presented as four (4) decimal 
+numbers that are separated by a dot (or period). eg: 168.192.1.1</P
+><P
+>MAC Addresses use 48 bits (or 6 bytes) and are typically represented 
+as two digit hexadecimal numbers separated by colons. eg: 
+40:8e:0a:12:34:56</P
+><P
+>Every network interfrace must have an MAC address. Associated with 
+a MAC address there may be one or more IP addresses. There is NO 
+relationship between an IP address and a MAC address, all such assignments 
+are arbitary or discretionary in nature. At the most basic level all 
+network communications takes place using MAC addressing. Since MAC 
+addresses must be globally unique, and generally remains fixed for 
+any particular interface, the assignment of an IP address makes sense 
+from a network management perspective. More than one IP address can 
+be assigned per MAC address. One address must be the primary IP address, 
+this is the address that will be returned in the ARP reply.</P
+><P
+>When a user or a process wants to communicate with another machine 
+the protocol implementation ensures that the "machine name" or "host 
+name" is resolved to an IP address in a manner that is controlled 
+by the TCP/IP configuration control files. The file 
+<TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> is one such file.</P
+><P
+>When the IP address of the destination interface has been 
+determined a protocol called ARP/RARP isused to identify 
+the MAC address of the target interface. ARP stands for Address 
+Resolution Protocol, and is a broadcast oriented method that 
+uses UDP (User Datagram Protocol) to send a request to all 
+interfaces on the local network segment using the all 1's MAC 
+address. Network interfaces are programmed to respond to two 
+MAC addresses only; their own unique address and the address 
+ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will 
+contain the MAC address and the primary IP address for each 
+interface.</P
+><P
+>The <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file is foundational to all 
+Unix/Linux TCP/IP installations and as a minumum will contain 
+the localhost and local network interface IP addresses and the 
+primary names by which they are known within the local machine. 
+This file helps to prime the pump so that a basic level of name 
+resolution can exist before any other method of name resolution 
+becomes available.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN252"
->Advantages of SMB Encryption</A
+NAME="AEN277"
+>2.2.2. <TT
+CLASS="FILENAME"
+>/etc/resolv.conf</TT
+></A
 ></H2
 ><P
+>This file tells the name resolution libraries:</P
+><P
 ></P
 ><UL
 ><LI
 ><P
->plain text passwords are not passed across 
-			the network. Someone using a network sniffer cannot just 
-			record passwords going to the SMB server.</P
+>The name of the domain to which the machine 
+	belongs
+	</P
 ></LI
 ><LI
 ><P
->WinNT doesn't like talking to a server 
-			that isn't using SMB encrypted passwords. It will refuse 
-			to browse the server if the server is also in user level 
-			security mode. It will insist on prompting the user for the 
-			password on each connection, which is very annoying. The
-			only things you can do to stop this is to use SMB encryption.
-			</P
+>The name(s) of any domains that should be 
+	automatically searched when trying to resolve unqualified 
+	host names to their IP address
+	</P
+></LI
+><LI
+><P
+>The name or IP address of available Domain 
+	Name Servers that may be asked to perform name to address 
+	translation lookups
+	</P
 ></LI
 ></UL
 ></DIV
@@ -1585,30 +1886,115 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN259"
->Advantages of non-encrypted passwords</A
+NAME="AEN288"
+>2.2.3. <TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+></A
 ></H2
 ><P
+><TT
+CLASS="FILENAME"
+>/etc/host.conf</TT
+> is the primary means by 
+which the setting in /etc/resolv.conf may be affected. It is a 
+critical configuration file.  This file controls the order by 
+which name resolution may procede. The typical structure is:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	order hosts,bind
+	multi on</PRE
+></TD
+></TR
+></TABLE
 ></P
-><UL
-><LI
 ><P
->plain text passwords are not kept 
-			on disk. </P
-></LI
-><LI
+>then both addresses should be returned. Please refer to the 
+man page for host.conf for further details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN296"
+>2.2.4. <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+></A
+></H2
 ><P
->uses same password file as other unix 
-			services such as login and ftp</P
-></LI
-><LI
+>This file controls the actual name resolution targets. The 
+file typically has resolver object specifications as follows:</P
 ><P
->you are probably already using other 
-			services (such as telnet and ftp) which send plain text 
-			passwords over the net, so sending them for SMB isn't 
-			such a big deal.</P
-></LI
-></UL
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>Of course, each of these mechanisms requires that the appropriate 
+facilities and/or services are correctly configured.</P
+><P
+>It should be noted that unless a network request/message must be 
+sent, TCP/IP networks are silent. All TCP/IP communications assumes a 
+principal of speaking only when necessary.</P
+><P
+>Samba version 2.2.0 will add Linux support for extensions to 
+the name service switch infrastructure so that linux clients will 
+be able to obtain resolution of MS Windows NetBIOS names to IP 
+Addresses. To gain this functionality Samba needs to be compiled 
+with appropriate arguments to the make command (ie: <B
+CLASS="COMMAND"
+>make 
+nsswitch/libnss_wins.so</B
+>). The resulting library should 
+then be installed in the <TT
+CLASS="FILENAME"
+>/lib</TT
+> directory and 
+the "wins" parameter needs to be added to the "hosts:" line in 
+the <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> file. At this point it 
+will be possible to ping any MS Windows machine by it's NetBIOS 
+machine name, so long as that machine is within the workgroup to 
+which both the samba machine and the MS Windows machine belong.</P
 ></DIV
 ></DIV
 ><DIV
@@ -1616,405 +2002,1154 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN268"
-><A
-NAME="SMBPASSWDFILEFORMAT"
-></A
->The smbpasswd file</A
+NAME="AEN308"
+>2.3. Name resolution as used within MS Windows networking</A
 ></H1
 ><P
->In order for Samba to participate in the above protocol 
-	it must be able to look up the 16 byte hashed values given a user name.
-	Unfortunately, as the UNIX password value is also a one way hash
-	function (ie. it is impossible to retrieve the cleartext of the user's
-	password given the UNIX hash of it), a separate password file
-	containing this 16 byte value must be kept. To minimise problems with
-	these two password files, getting out of sync, the UNIX <TT
+>MS Windows networking is predicated about the name each machine 
+is given. This name is known variously (and inconsistently) as 
+the "computer name", "machine name", "networking name", "netbios name", 
+"SMB name". All terms mean the same thing with the exception of 
+"netbios name" which can apply also to the name of the workgroup or the 
+domain name. The terms "workgroup" and "domain" are really just a 
+simply name with which the machine is associated. All NetBIOS names 
+are exactly 16 characters in length. The 16th character is reserved. 
+It is used to store a one byte value that indicates service level 
+information for the NetBIOS name that is registered. A NetBIOS machine 
+name is therefore registered for each service type that is provided by 
+the client/server.</P
+><P
+>The following are typical NetBIOS name/service type registrations:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	Unique NetBIOS Names:
+		MACHINENAME&#60;00&#62;	= Server Service is running on MACHINENAME
+		MACHINENAME&#60;03&#62; = Generic Machine Name (NetBIOS name)
+		MACHINENAME&#60;20&#62; = LanMan Server service is running on MACHINENAME
+		WORKGROUP&#60;1b&#62; = Domain Master Browser
+
+	Group Names:
+		WORKGROUP&#60;03&#62; = Generic Name registered by all members of WORKGROUP
+		WORKGROUP&#60;1c&#62; = Domain Controllers / Netlogon Servers
+		WORKGROUP&#60;1d&#62; = Local Master Browsers
+		WORKGROUP&#60;1e&#62; = Internet Name Resolvers</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>It should be noted that all NetBIOS machines register their own 
+names as per the above. This is in vast contrast to TCP/IP 
+installations where traditionally the system administrator will 
+determine in the /etc/hosts or in the DNS database what names 
+are associated with each IP address.</P
+><P
+>One further point of clarification should be noted, the <TT
 CLASS="FILENAME"
->	/etc/passwd</TT
-> and the <TT
+>/etc/hosts</TT
+> 
+file and the DNS records do not provide the NetBIOS name type information 
+that MS Windows clients depend on to locate the type of service that may 
+be needed. An example of this is what happens when an MS Windows client 
+wants to locate a domain logon server. It find this service and the IP 
+address of a server that provides it by performing a lookup (via a 
+NetBIOS broadcast) for enumeration of all machines that have 
+registered the name type *&#60;1c&#62;. A logon request is then sent to each 
+IP address that is returned in the enumerated list of IP addresses. Which 
+ever machine first replies then ends up providing the logon services.</P
+><P
+>The name "workgroup" or "domain" really can be confusing since these 
+have the added significance of indicating what is the security 
+architecture of the MS Windows network. The term "workgroup" indicates 
+that the primary nature of the network environment is that of a 
+peer-to-peer design. In a WORKGROUP all machines are responsible for 
+their own security, and generally such security is limited to use of 
+just a password (known as SHARE MORE security). In most situations 
+with peer-to-peer networking the users who control their own machines 
+will simply opt to have no security at all. It is possible to have 
+USER MODE security in a WORKGROUP environment, thus requiring use 
+of a user name and a matching password.</P
+><P
+>MS Windows networking is thus predetermined to use machine names 
+for all local and remote machine message passing. The protocol used is 
+called Server Message Block (SMB) and this is implemented using 
+the NetBIOS protocol (Network Basic Input Output System). NetBIOS can 
+be encapsulated using LLC (Logical Link Control) protocol - in which case 
+the resulting protocol is called NetBEUI (Network Basic Extended User 
+Interface). NetBIOS can also be run over IPX (Internetworking Packet 
+Exchange) protocol as used by Novell NetWare, and it can be run 
+over TCP/IP protocols - in which case the resulting protocol is called 
+NBT or NetBT, the NetBIOS over TCP/IP.</P
+><P
+>MS Windows machines use a complex array of name resolution mechanisms. 
+Since we are primarily concerned with TCP/IP this demonstration is 
+limited to this area.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN320"
+>2.3.1. The NetBIOS Name Cache</A
+></H2
+><P
+>All MS Windows machines employ an in memory buffer in which is 
+stored the NetBIOS names and their IP addresses for all external 
+machines that that the local machine has communicated with over the 
+past 10-15 minutes. It is more efficient to obtain an IP address 
+for a machine from the local cache than it is to go through all the 
+configured name resolution mechanisms.</P
+><P
+>If a machine whose name is in the local name cache has been shut 
+down before the name had been expired and flushed from the cache, then 
+an attempt to exchange a message with that machine will be subject 
+to time-out delays. ie: It's name is in the cache, so a name resolution 
+lookup will succeed, but the machine can not respond. This can be 
+frustrating for users - but it is a characteristic of the protocol.</P
+><P
+>The MS Windows utility that allows examination of the NetBIOS 
+name cache is called "nbtstat". The Samba equivalent of this 
+is called "nmblookup".</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN325"
+>2.3.2. The LMHOSTS file</A
+></H2
+><P
+>This file is usually located in MS Windows NT 4.0 or 
+2000 in <TT
 CLASS="FILENAME"
->smbpasswd</TT
-> file, 
-	a utility, <B
-CLASS="COMMAND"
->mksmbpasswd.sh</B
->, is provided to generate
-	a smbpasswd file from a UNIX <TT
+>C:\WINNT\SYSTEM32\DRIVERS\ETC</TT
+> and contains 
+the IP Address and the machine name in matched pairs. The 
+<TT
 CLASS="FILENAME"
->/etc/passwd</TT
-> file.
-	</P
+>LMHOSTS</TT
+> file performs NetBIOS name 
+to IP address mapping oriented.</P
+><P
+>It typically looks like:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:&#60;domain&#62;
+	#      #INCLUDE &#60;filename&#62;
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:&#60;domain&#62;" tag will associate the
+	# entry with the domain specified by &#60;domain&#62;. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The &#60;domain&#62; is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE &#60;filename&#62;" will force the RFC NetBIOS (NBT)
+	# software to seek the specified &#60;filename&#62; and parse it as if it were
+	# local. &#60;filename&#62; is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN333"
+>2.3.3. HOSTS file</A
+></H2
 ><P
->To generate the smbpasswd file from your <TT
+>This file is usually located in MS Windows NT 4.0 or 2000 in 
+<TT
 CLASS="FILENAME"
->/etc/passwd
-	</TT
-> file use the following command :</P
+>C:\WINNT\SYSTEM32\DRIVERS\ETC</TT
+> and contains 
+the IP Address and the IP hostname in matched pairs. It can be 
+used by the name resolution infrastructure in MS Windows, depending 
+on how the TCP/IP environment is configured. This file is in 
+every way the equivalent of the Unix/Linux <TT
+CLASS="FILENAME"
+>/etc/hosts</TT
+> file.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN338"
+>2.3.4. DNS Lookup</A
+></H2
 ><P
-><TT
-CLASS="PROMPT"
->$ </TT
-><TT
-CLASS="USERINPUT"
-><B
->cat /etc/passwd | mksmbpasswd.sh
-	&gt; /usr/local/samba/private/smbpasswd</B
-></TT
+>This capability is configured in the TCP/IP setup area in the network 
+configuration facility. If enabled an elaborate name resolution sequence 
+is followed the precise nature of which isdependant on what the NetBIOS 
+Node Type parameter is configured to. A Node Type of 0 means use 
+NetBIOS broadcast (over UDP broadcast) is first used if the name 
+that is the subject of a name lookup is not found in the NetBIOS name 
+cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to 
+Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the 
+WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast 
+lookup is used.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN341"
+>2.3.5. WINS Lookup</A
+></H2
+><P
+>A WINS (Windows Internet Name Server) service is the equivaent of the 
+rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
+the names and IP addresses that are registered by a Windows client 
+if the TCP/IP setup has been given at least one WINS Server IP Address.</P
+><P
+>To configure Samba to be a WINS server the following parameter needs 
+to be added to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	wins support = Yes</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->If you are running on a system that uses NIS, use</P
+>To configure Samba to use a WINS server the following parameters are 
+needed in the smb.conf file:</P
 ><P
-><TT
-CLASS="PROMPT"
->$ </TT
-><TT
-CLASS="USERINPUT"
-><B
->ypcat passwd | mksmbpasswd.sh
-	&gt; /usr/local/samba/private/smbpasswd</B
-></TT
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	wins support = No
+	wins server = xxx.xxx.xxx.xxx</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->The <B
-CLASS="COMMAND"
->mksmbpasswd.sh</B
-> program is found in 
-	the Samba source directory. By default, the smbpasswd file is 
-	stored in :</P
+>where <TT
+CLASS="REPLACEABLE"
+><I
+>xxx.xxx.xxx.xxx</I
+></TT
+> is the IP address 
+of the WINS server.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN353"
+>2.4. How browsing functions and how to deploy stable and 
+dependable browsing using Samba</A
+></H1
 ><P
-><TT
+>As stated above, MS Windows machines register their NetBIOS names 
+(ie: the machine name for each service type in operation) on start 
+up. Also, as stated above, the exact method by which this name registration 
+takes place is determined by whether or not the MS Windows client/server 
+has been given a WINS server address, whether or not LMHOSTS lookup 
+is enabled, or if DNS for NetBIOS name resolution is enabled, etc.</P
+><P
+>In the case where there is no WINS server all name registrations as 
+well as name lookups are done by UDP broadcast. This isolates name 
+resolution to the local subnet, unless LMHOSTS is used to list all 
+names and IP addresses. In such situations Samba provides a means by 
+which the samba server name may be forcibly injected into the browse 
+list of a remote MS Windows network (using the "remote announce" parameter).</P
+><P
+>Where a WINS server is used, the MS Windows client will use UDP 
+unicast to register with the WINS server. Such packets can be routed 
+and thus WINS allows name resolution to function across routed networks.</P
+><P
+>During the startup process an election will take place to create a 
+local master browser if one does not already exist. On each NetBIOS network 
+one machine will be elected to function as the domain master browser. This 
+domain browsing has nothing to do with MS security domain control. 
+Instead, the domain master browser serves the role of contacting each local 
+master browser (found by asking WINS or from LMHOSTS) and exchanging browse 
+list contents. This way every master browser will eventually obtain a complete 
+list of all machines that are on the network. Every 11-15 minutes an election 
+is held to determine which machine will be the master browser. By nature of 
+the election criteria used, the machine with the highest uptime, or the 
+most senior protocol version, or other criteria, will win the election 
+as domain master browser.</P
+><P
+>Clients wishing to browse the network make use of this list, but also depend 
+on the availability of correct name resolution to the respective IP 
+address/addresses. </P
+><P
+>Any configuration that breaks name resolution and/or browsing intrinsics 
+will annoy users because they will have to put up with protracted 
+inability to use the network services.</P
+><P
+>Samba supports a feature that allows forced synchonisation 
+of browse lists across routed networks using the "remote 
+browse sync" parameter in the smb.conf file. This causes Samba 
+to contact the local master browser on a remote network and 
+to request browse list synchronisation. This effectively bridges 
+two networks that are separated by routers. The two remote 
+networks may use either broadcast based name resolution or WINS 
+based name resolution, but it should be noted that the "remote 
+browse sync" parameter provides browse list synchronisation - and 
+that is distinct from name to address resolution, in other 
+words, for cross subnet browsing to function correctly it is 
+essential that a name to address resolution mechanism be provided. 
+This mechanism could be via DNS, <TT
 CLASS="FILENAME"
->/usr/local/samba/private/smbpasswd</TT
+>/etc/hosts</TT
+>, 
+and so on.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN363"
+>2.5. MS Windows security options and how to configure 
+Samba for seemless integration</A
+></H1
+><P
+>MS Windows clients may use encrypted passwords as part of a 
+challenege/response authentication model (a.k.a. NTLMv1) or 
+alone, or clear text strings for simple password based 
+authentication. It should be realized that with the SMB 
+protocol the password is passed over the network either 
+in plain text or encrypted, but not both in the same 
+authentication requets.</P
+><P
+>When encrypted passwords are used a password that has been 
+entered by the user is encrypted in two ways:</P
+><P
 ></P
+><UL
+><LI
 ><P
->The owner of the <TT
-CLASS="FILENAME"
->/usr/local/samba/private/</TT
-> 
-	directory should be set to root, and the permissions on it should 
-	be set to 0500 (<B
-CLASS="COMMAND"
->chmod 500 /usr/local/samba/private</B
->).
+>An MD4 hash of the UNICODE of the password
+	string.  This is known as the NT hash.
 	</P
+></LI
+><LI
 ><P
->Likewise, the smbpasswd file inside the private directory should 
-	be owned by root and the permissions on is should be set to 0600
-	(<B
-CLASS="COMMAND"
->chmod 600 smbpasswd</B
->).</P
+>The password is converted to upper case,
+	and then padded or trucated to 14 bytes.  This string is 
+	then appended with 5 bytes of NULL characters and split to
+	form two 56 bit DES keys to encrypt a "magic" 8 byte value.
+	The resulting 16 bytes for the LanMan hash.
+	</P
+></LI
+></UL
 ><P
->The format of the smbpasswd file is (The line has been 
-	wrapped here. It should appear as one entry per line in 
-	your smbpasswd file.)</P
+>You should refer to the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Password Encryption</A
+> chapter in this HOWTO collection
+for more details on the inner workings</P
+><P
+>MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x 
+and version 4.0 pre-service pack 3 will use either mode of 
+password authentication. All versions of MS Windows that follow 
+these versions no longer support plain text passwords by default.</P
+><P
+>MS Windows clients have a habit of dropping network mappings that 
+have been idle for 10 minutes or longer. When the user attempts to 
+use the mapped drive connection that has been dropped the SMB protocol 
+has a mechanism by which the connection can be re-established using 
+a cached copy of the password.</P
+><P
+>When Microsoft changed the default password mode, they dropped support for 
+caching of the plain text password. This means that when the registry 
+parameter is changed to re-enable use of plain text passwords it appears to 
+work, but when a dropped mapping attempts to revalidate it will fail if 
+the remote authentication server does not support encrypted passwords. 
+This means that it is definitely not a good idea to re-enable plain text 
+password support in such clients.</P
+><P
+>The following parameters can be used to work around the 
+issue of Windows 9x client upper casing usernames and
+password before transmitting them to the SMB server
+when using clear text authentication.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
-	[Account type]:LCT-&lt;last-change-time&gt;:Long name
-	</PRE
-></P
-><P
->Although only the <TT
+>	<A
+HREF="smb.conf.5.html#PASSWORDLEVEL"
+TARGET="_top"
+>passsword level</A
+> = <TT
 CLASS="REPLACEABLE"
 ><I
->username</I
+>integer</I
 ></TT
->, 
-	<TT
+>
+	<A
+HREF="smb.conf.5.html#USERNAMELEVEL"
+TARGET="_top"
+>username level</A
+> = <TT
 CLASS="REPLACEABLE"
 ><I
->uid</I
+>integer</I
 ></TT
->, <TT
-CLASS="REPLACEABLE"
+></PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>By default Samba will lower case the username before attempting
+to lookup the user in the database of local system accounts.
+Because UNIX usernames conventionally only contain lower case
+character, the <TT
+CLASS="PARAMETER"
 ><I
->	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</I
+>username level</I
 ></TT
->,
-	[<TT
-CLASS="REPLACEABLE"
+> parameter
+is rarely even needed.</P
+><P
+>However, password on UNIX systems often make use of mixed case
+characters.  This means that in order for a user on a Windows 9x
+client to connect to a Samba server using clear text authentication,
+the <TT
+CLASS="PARAMETER"
 ><I
->Account type</I
+>password level</I
 ></TT
->] and <TT
-CLASS="REPLACEABLE"
+> must be set to the maximum
+number of upper case letter which <EM
+>could</EM
+> appear
+is a password.  Note that is the server OS uses the traditional
+DES version of crypt(), then a <TT
+CLASS="PARAMETER"
 ><I
->	last-change-time</I
+>password level</I
 ></TT
-> sections are significant 
-	and are looked at in the Samba code.</P
-><P
->It is <I
-CLASS="EMPHASIS"
->VITALLY</I
-> important that there by 32 
-	'X' characters between the two ':' characters in the XXX sections - 
-	the smbpasswd and Samba code will fail to validate any entries that 
-	do not have 32 characters  between ':' characters. The first XXX 
-	section is for the Lanman password hash, the second is for the 
-	Windows NT version.</P
-><P
->When the password file is created all users have password entries
-	consisting of 32 'X' characters. By default this disallows any access
-	as this user. When a user has a password set, the 'X' characters change
-	to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii
-	representation of the 16 byte hashed value of a user's password.</P
-><P
->To set a user to have no password (not recommended), edit the file
-	using vi, and replace the first 11 characters with the ascii text
-	<TT
-CLASS="CONSTANT"
->"NO PASSWORD"</TT
-> (minus the quotes).</P
+>
+of 8 will result in case insensitive passwords as seen from Windows
+users.  This will also result in longer login times as Samba
+hash to compute the permutations of the password string and 
+try them one by one until a match is located (or all combinations fail).</P
+><P
+>The best option to adopt is to enable support for encrypted passwords 
+where ever Samba is used. There are three configuration possibilities 
+for support of encrypted passwords:</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN391"
+>2.5.1. Use MS Windows NT as an authentication server</A
+></H2
 ><P
->For example, to clear the password for user bob, his smbpasswd file 
-	entry would look like :</P
+>This method involves the additions of the following parameters 
+in the smb.conf file:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->	bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
-	</PRE
+>	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->If you are allowing users to use the smbpasswd command to set 
-	their own passwords, you may want to give users NO PASSWORD initially 
-	so they do not have to enter a previous password when changing to their 
-	new password (not recommended). In order for you to allow this the
-	<B
-CLASS="COMMAND"
->smbpasswd</B
-> program must be able to connect to the 
-	<B
-CLASS="COMMAND"
->smbd</B
-> daemon as that user with no password. Enable this 
-	by adding the line :</P
+>There are two ways of identifying whether or not a username and 
+password pair was valid or not. One uses the reply information provided 
+as part of the authentication messaging process, the other uses 
+just and error code.</P
+><P
+>The down-side of this mode of configuration is the fact that 
+for security reasons Samba will send the password server a bogus 
+username and a bogus password and if the remote server fails to 
+reject the username and password pair then an alternative mode 
+of identification of validation is used. Where a site uses password 
+lock out after a certain number of failed authentication attempts 
+this will result in user lockouts.</P
+><P
+>Use of this mode of authentication does require there to be 
+a standard Unix account for the user, this account can be blocked 
+to prevent logons by other than MS Windows clients.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN399"
+>2.5.2. Make Samba a member of an MS Windows NT security domain</A
+></H2
 ><P
-><B
-CLASS="COMMAND"
->null passwords = yes</B
+>This method involves additon of the following paramters in the smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->to the [global] section of the smb.conf file (this is why 
-	the above scenario is not recommended). Preferably, allocate your
-	users a default password to begin with, so you do not have
-	to enable this on your server.</P
+>The use of the "*" argument to "password server" will cause samba 
+to locate the domain controller in a way analogous to the way 
+this is done within MS Windows NT.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note : </I
->This file should be protected very 
-	carefully. Anyone with access to this file can (with enough knowledge of 
-	the protocols) gain access to your SMB server. The file is thus more 
-	sensitive than a normal unix <TT
+>In order for this method to work the Samba server needs to join the 
+MS Windows NT security domain. This is done as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>On the MS Windows NT domain controller using 
+	the Server Manager add a machine account for the Samba server.
+	</P
+></LI
+><LI
+><P
+>Next, on the Linux system execute: 
+	<B
+CLASS="COMMAND"
+>smbpasswd -r PDC_NAME -j DOMAIN_NAME</B
+>
+	</P
+></LI
+></UL
+><P
+>Use of this mode of authentication does require there to be 
+a standard Unix account for the user in order to assign
+a uid once the account has been authenticated by the remote
+Windows DC.  This account can be blocked to prevent logons by 
+other than MS Windows clients by things such as setting an invalid
+shell in the <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
-> file.</P
+> entry.</P
+><P
+>An alternative to assigning UIDs to Windows users on a 
+Samba member server is presented in the <A
+HREF="winbind.html"
+TARGET="_top"
+>Winbind Overview</A
+> chapter in
+this HOWTO collection.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN416"
+>2.5.3. Configure Samba as an authentication server</A
+></H2
+><P
+>This mode of authentication demands that there be on the 
+Unix/Linux system both a Unix style account as well as and 
+smbpasswd entry for the user. The Unix system account can be 
+locked if required as only the encrypted password will be 
+used for SMB client authentication.</P
+><P
+>This method involves addition of the following parameters to 
+the smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>in order for this method to work a Unix system account needs 
+to be created for each user, as well as for each MS Windows NT/2000 
+machine. The following structure is required.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN423"
+>2.5.3.1. Users</A
+></H3
+><P
+>A user account that may provide a home directory should be 
+created. The following Linux system commands are typical of 
+the procedure for creating an account.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# useradd -s /bin/bash -d /home/"userid" -m
+	# passwd "userid"
+	  Enter Password: &#60;pw&#62;
+	  
+	# smbpasswd -a "userid"
+	  Enter Password: &#60;pw&#62;</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN428"
+>2.5.3.2. MS Windows NT Machine Accounts</A
+></H3
+><P
+>These are required only when Samba is used as a domain 
+controller.  Refer to the Samba-PDC-HOWTO for more details.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	# useradd -a /bin/false -d /dev/null "machine_name"\$
+	# passwd -l "machine_name"\$
+	# smbpasswd -a -m "machine_name"</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN320"
->The smbpasswd Command</A
+NAME="AEN433"
+>2.6. Conclusions</A
 ></H1
 ><P
->The smbpasswd command maintains the two 32 byte password fields 
-	in the smbpasswd file. If you wish to make it similar to the unix 
-	<B
-CLASS="COMMAND"
->passwd</B
-> or <B
-CLASS="COMMAND"
->yppasswd</B
-> programs, 
-	install it in <TT
-CLASS="FILENAME"
->/usr/local/samba/bin/</TT
-> (or your 
-	main Samba binary directory).</P
-><P
->Note that as of Samba 1.9.18p4 this program <I
-CLASS="EMPHASIS"
->MUST NOT 
-	BE INSTALLED</I
-> setuid root (the new <B
-CLASS="COMMAND"
->smbpasswd</B
-> 
-	code enforces this restriction so it cannot be run this way by 
-	accident).</P
-><P
-><B
-CLASS="COMMAND"
->smbpasswd</B
-> now works in a client-server mode 
-	where it contacts the local smbd to change the user's password on its 
-	behalf. This has enormous benefits - as follows.</P
+>Samba provides a flexible means to operate as...</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->smbpasswd no longer has to be setuid root - 
-		an enormous range of potential security problems is 
-		eliminated.</P
+>A Stand-alone server - No special action is needed 
+	other than to create user accounts. Stand-alone servers do NOT 
+	provide network logon services, meaning that machines that use this 
+	server do NOT perform a domain logon but instead make use only of 
+	the MS Windows logon which is local to the MS Windows 
+	workstation/server.
+	</P
 ></LI
 ><LI
 ><P
-><B
-CLASS="COMMAND"
->smbpasswd</B
-> now has the capability 
-		to change passwords on Windows NT servers (this only works when 
-		the request is sent to the NT Primary Domain Controller if you 
-		are changing an NT Domain user's password).</P
+>An MS Windows NT 3.x/4.0 security domain member.
+	</P
+></LI
+><LI
+><P
+>An alternative to an MS Windows NT 3.x/4.0 
+	Domain Controller.
+	</P
 ></LI
 ></UL
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="AEN443"
+>Chapter 3. Configuring PAM for distributed but centrally 
+managed authentication</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN454"
+>3.1. Samba and PAM</A
+></H1
 ><P
->To run smbpasswd as a normal user just type :</P
+>A number of Unix systems (eg: Sun Solaris), as well as the 
+xxxxBSD family and Linux, now utilize the Pluggable Authentication 
+Modules (PAM) facility to provide all authentication, 
+authorization and resource control services. Prior to the 
+introduction of PAM, a decision to use an alternative to 
+the system password database (<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>) 
+would require the provision of alternatives for all programs that provide 
+security services. Such a choice would involve provision of 
+alternatives to such programs as: <B
+CLASS="COMMAND"
+>login</B
+>, 
+<B
+CLASS="COMMAND"
+>passwd</B
+>, <B
+CLASS="COMMAND"
+>chown</B
+>, etc.</P
 ><P
-><TT
-CLASS="PROMPT"
->$ </TT
-><TT
-CLASS="USERINPUT"
-><B
->smbpasswd</B
-></TT
+>PAM provides a mechanism that disconnects these security programs 
+from the underlying authentication/authorization infrastructure.
+PAM is configured either through one file <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> (Solaris), 
+or by editing individual files that are located in <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+>.</P
+><P
+>The following is an example <TT
+CLASS="FILENAME"
+>/etc/pam.d/login</TT
+> configuration file. 
+This example had all options been uncommented is probably not usable 
+as it stacks many conditions before allowing successful completion 
+of the login process. Essentially all conditions can be disabled 
+by commenting them out except the calls to <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
-><TT
-CLASS="PROMPT"
->Old SMB password: </TT
-><TT
-CLASS="USERINPUT"
-><B
->&lt;type old value here - 
-	or hit return if there was no old password&gt;</B
-></TT
+>PAM allows use of replacable modules. Those available on a 
+sample system include:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
-><TT
-CLASS="PROMPT"
->New SMB Password: </TT
-><TT
-CLASS="USERINPUT"
-><B
->&lt;type new value&gt;
-	</B
-></TT
+>The following example for the login program replaces the use of 
+the <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+> module which uses the system 
+password database (<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>,
+<TT
+CLASS="FILENAME"
+>/etc/shadow</TT
+>, <TT
+CLASS="FILENAME"
+>/etc/group</TT
+>) with 
+the module <TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+> which uses the Samba 
+database which contains the Microsoft MD4 encrypted password 
+hashes. This database is stored in either 
+<TT
+CLASS="FILENAME"
+>/usr/local/samba/private/smbpasswd</TT
+>, 
+<TT
+CLASS="FILENAME"
+>/etc/samba/smbpasswd</TT
+>, or in 
+<TT
+CLASS="FILENAME"
+>/etc/samba.d/smbpasswd</TT
+>, depending on the 
+Samba implementation for your Unix/Linux system. The 
+<TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+> module is provided by 
+Samba version 2.2.1 or later. It can be compiled only if the 
+<TT
+CLASS="CONSTANT"
+>--with-pam --with-pam_smbpass</TT
+> options are both 
+provided to the Samba <B
+CLASS="COMMAND"
+>configure</B
+> program.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
-><TT
-CLASS="PROMPT"
->Repeat New SMB Password: </TT
-><TT
-CLASS="USERINPUT"
-><B
->&lt;re-type new value
-	</B
-></TT
+>The following is the PAM configuration file for a particular 
+Linux system. The default condition uses <TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>.</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->If the old value does not match the current value stored for 
-	that user, or the two new values do not match each other, then the 
-	password will not be changed.</P
+>In the following example the decision has been made to use the 
+smbpasswd database even for basic samba authentication. Such a 
+decision could also be made for the passwd program and would 
+thus allow the smbpasswd passwords to be changed using the passwd 
+program.</P
 ><P
->If invoked by an ordinary user it will only allow the user 
-	to change his or her own Samba password.</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf</PRE
+></TD
+></TR
+></TABLE
+></P
 ><P
->If run by the root user smbpasswd may take an optional 
-	argument, specifying the user name whose SMB password you wish to 
-	change.  Note that when run as root smbpasswd does not prompt for 
-	or check the old password value, thus allowing root to set passwords 
-	for users who have forgotten their passwords.</P
+>Note: PAM allows stacking of authentication mechanisms. It is 
+also possible to pass information obtained within on PAM module through 
+to the next module in the PAM stack. Please refer to the documentation for 
+your particular system implementation for details regarding the specific 
+capabilities of PAM in this environment. Some Linux implmentations also 
+provide the <TT
+CLASS="FILENAME"
+>pam_stack.so</TT
+> module that allows all 
+authentication to be configured in a single central file. The 
+<TT
+CLASS="FILENAME"
+>pam_stack.so</TT
+> method has some very devoted followers 
+on the basis that it allows for easier administration. As with all issues in 
+life though, every decision makes trade-offs, so you may want examine the 
+PAM documentation for further helpful information.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN496"
+>3.2. Distributed Authentication</A
+></H1
 ><P
-><B
-CLASS="COMMAND"
->smbpasswd</B
-> is designed to work in the same way 
-	and be familiar to UNIX users who use the <B
-CLASS="COMMAND"
->passwd</B
-> or 
-	<B
+>The astute administrator will realize from this that the 
+combination of <TT
+CLASS="FILENAME"
+>pam_smbpass.so</TT
+>, 
+<B
 CLASS="COMMAND"
->yppasswd</B
-> commands.</P
-><P
->For more details on using <B
+>winbindd</B
+>, and <B
 CLASS="COMMAND"
->smbpasswd</B
-> refer 
-	to the man page which will always be the definitive reference.</P
+>rsync</B
+> (see
+<A
+HREF="http://rsync.samba.org/"
+TARGET="_top"
+>http://rsync.samba.org/</A
+>)
+will allow the establishment of a centrally managed, distributed 
+user/password database that can also be used by all 
+PAM (eg: Linux) aware programs and applications. This arrangement 
+can have particularly potent advantages compared with the 
+use of Microsoft Active Directory Service (ADS) in so far as 
+reduction of wide area network authentication traffic.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN359"
->Setting up Samba to support LanManager Encryption</A
+NAME="AEN503"
+>3.3. PAM Configuration in smb.conf</A
 ></H1
 ><P
->This is a very brief description on how to setup samba to 
-	support password encryption. </P
-><P
-></P
-><OL
-TYPE="1"
-><LI
+>There is an option in smb.conf called <A
+HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
+TARGET="_top"
+>obey pam restrictions</A
+>. 
+The following is from the on-line help for this option in SWAT;</P
 ><P
->compile and install samba as usual</P
-></LI
-><LI
+>When Samba 2.2 is configure to enable PAM support (i.e. 
+<TT
+CLASS="CONSTANT"
+>--with-pam</TT
+>), this parameter will 
+control whether or not Samba should obey PAM's account 
+and session management directives. The default behavior 
+is to use PAM for clear text authentication only and to 
+ignore any account or session management. Note that Samba always 
+ignores PAM for authentication in the case of 
+<A
+HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
+TARGET="_top"
+>encrypt passwords = yes</A
+>. 
+The reason is that PAM modules cannot support the challenge/response 
+authentication mechanism needed in the presence of SMB 
+password encryption. </P
 ><P
->enable encrypted passwords in <TT
-CLASS="FILENAME"
->		smb.conf</TT
-> by adding the line <B
+>Default: <B
 CLASS="COMMAND"
->encrypt 
-		passwords = yes</B
-> in the [global] section</P
-></LI
-><LI
-><P
->create the initial <TT
-CLASS="FILENAME"
->smbpasswd</TT
->
-		password file in the place you specified in the Makefile 
-		(--prefix=&lt;dir&gt;). See the notes under the <A
-HREF="#SMBPASSWDFILEFORMAT"
->The smbpasswd File</A
->
-		section earlier in the document for details.</P
-></LI
-></OL
-><P
->Note that you can test things using smbclient.</P
+>obey pam restrictions = no</B
+></P
 ></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN374"
->Chapter 3. Hosting a Microsoft Distributed File System tree on Samba</A
+NAME="AEN512"
+>Chapter 4. Hosting a Microsoft Distributed File System tree on Samba</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN385"
->Instructions</A
+NAME="AEN523"
+>4.1. Instructions</A
 ></H1
 ><P
 >The Distributed File System (or Dfs) provides a means of 
@@ -2066,7 +3201,7 @@ CLASS="PARAMETER"
 	to other servers. For example, a symbolic link
 	<TT
 CLASS="FILENAME"
->junction-&gt;msdfs:storage1\share1</TT
+>junction-&#62;msdfs:storage1\share1</TT
 > in 
 	the share directory acts as the Dfs junction. When Dfs-aware 
 	clients attempt to access the junction link, they are redirected 
@@ -2078,6 +3213,12 @@ CLASS="FILENAME"
 >Here's an example of setting up a Dfs tree on a Samba 
 	server.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 ># The smb.conf file:
@@ -2089,6 +3230,9 @@ CLASS="PROGRAMLISTING"
 	path = /export/dfsroot
 	msdfs root = yes
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >In the /export/dfsroot directory we set up our dfs links to 
@@ -2161,8 +3305,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN420"
->Notes</A
+NAME="AEN558"
+>4.1.1. Notes</A
 ></H2
 ><P
 ></P
@@ -2194,84 +3338,854 @@ NAME="AEN420"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN429"
->Chapter 4. Printing Support in Samba 2.2.x</A
+NAME="AEN567"
+>Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN440"
->Introduction</A
+NAME="AEN578"
+>5.1. Viewing and changing UNIX permissions using the NT 
+	security dialogs</A
+></H1
+><P
+>New in the Samba 2.0.4 release is the ability for Windows 
+	NT clients to use their native security settings dialog box to 
+	view and modify the underlying UNIX permissions.</P
+><P
+>Note that this ability is careful not to compromise 
+	the security of the UNIX host Samba is running on, and 
+	still obeys all the file permission rules that a Samba 
+	administrator can set.</P
+><P
+>In Samba 2.0.4 and above the default value of the 
+	parameter <A
+HREF="smb.conf.5.html#NTACLSUPPORT"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>	nt acl support</I
+></TT
+></A
+> has been changed from 
+	<TT
+CLASS="CONSTANT"
+>false</TT
+> to <TT
+CLASS="CONSTANT"
+>true</TT
+>, so 
+ 	manipulation of permissions is turned on by default.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN587"
+>5.2. How to view file security on a Samba share</A
+></H1
+><P
+>From an NT 4.0 client, single-click with the right 
+	mouse button on any file or directory in a Samba mounted 
+	drive letter or UNC path. When the menu pops-up, click 
+	on the <EM
+>Properties</EM
+> entry at the bottom of 
+	the menu. This brings up the normal file properties dialog
+	box, but with Samba 2.0.4 this will have a new tab along the top
+	marked <EM
+>Security</EM
+>. Click on this tab and you 
+	will see three buttons, <EM
+>Permissions</EM
+>, 	
+	<EM
+>Auditing</EM
+>, and <EM
+>Ownership</EM
+>. 
+	The <EM
+>Auditing</EM
+> button will cause either 
+	an error message <SPAN
+CLASS="ERRORNAME"
+>A requested privilege is not held 
+	by the client</SPAN
+> to appear if the user is not the 
+	NT Administrator, or a dialog which is intended to allow an 
+	Administrator to add auditing requirements to a file if the 
+	user is logged on as the NT Administrator. This dialog is 
+	non-functional with a Samba share at this time, as the only 
+	useful button, the <B
+CLASS="COMMAND"
+>Add</B
+> button will not currently 
+	allow a list of users to be seen.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN598"
+>5.3. Viewing file ownership</A
+></H1
+><P
+>Clicking on the <B
+CLASS="COMMAND"
+>"Ownership"</B
+> button 
+	brings up a dialog box telling you who owns the given file. The 
+	owner name will be of the form :</P
+><P
+><B
+CLASS="COMMAND"
+>"SERVER\user (Long name)"</B
+></P
+><P
+>Where <TT
+CLASS="REPLACEABLE"
+><I
+>SERVER</I
+></TT
+> is the NetBIOS name of 
+	the Samba server, <TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+> is the user name of 
+	the UNIX user who owns the file, and <TT
+CLASS="REPLACEABLE"
+><I
+>(Long name)</I
+></TT
+>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database). Click on the <B
+CLASS="COMMAND"
+>Close
+	</B
+> button to remove this dialog.</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then the file owner will 
+	be shown as the NT user <B
+CLASS="COMMAND"
+>"Everyone"</B
+>.</P
+><P
+>The <B
+CLASS="COMMAND"
+>Take Ownership</B
+> button will not allow 
+	you to change the ownership of this file to yourself (clicking on 
+	it will display a dialog box complaining that the user you are 
+	currently logged onto the NT client cannot be found). The reason 
+	for this is that changing the ownership of a file is a privileged 
+	operation in UNIX, available only to the <EM
+>root</EM
+> 
+	user. As clicking on this button causes NT to attempt to change 
+	the ownership of a file to the current user logged into the NT 
+	client this will not work with Samba at this time.</P
+><P
+>There is an NT chown command that will work with Samba 
+	and allow a user with Administrator privilege connected 
+	to a Samba 2.0.4 server as root to change the ownership of 
+	files on both a local NTFS filesystem or remote mounted NTFS 
+	or Samba drive. This is available as part of the <EM
+>Seclib
+	</EM
+> NT security library written by Jeremy Allison of 
+	the Samba Team, available from the main Samba ftp site.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN618"
+>5.4. Viewing file or directory permissions</A
+></H1
+><P
+>The third button is the <B
+CLASS="COMMAND"
+>"Permissions"</B
+> 
+	button. Clicking on this brings up a dialog box that shows both 
+	the permissions and the UNIX owner of the file or directory. 
+	The owner is displayed in the form :</P
+><P
+><B
+CLASS="COMMAND"
+>"SERVER\user (Long name)"</B
+></P
+><P
+>Where <TT
+CLASS="REPLACEABLE"
+><I
+>SERVER</I
+></TT
+> is the NetBIOS name of 
+	the Samba server, <TT
+CLASS="REPLACEABLE"
+><I
+>user</I
+></TT
+> is the user name of 
+	the UNIX user who owns the file, and <TT
+CLASS="REPLACEABLE"
+><I
+>(Long name)</I
+></TT
+>
+	is the descriptive string identifying the user (normally found in the
+	GECOS field of the UNIX password database).</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then the file owner will 
+	be shown as the NT user <B
+CLASS="COMMAND"
+>"Everyone"</B
+> and the 
+	permissions will be shown as NT "Full Control".</P
+><P
+>The permissions field is displayed differently for files 
+	and directories, so I'll describe the way file permissions 
+	are displayed first.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN633"
+>5.4.1. File Permissions</A
+></H2
+><P
+>The standard UNIX user/group/world triple and 
+		the corresponding "read", "write", "execute" permissions 
+		triples are mapped by Samba into a three element NT ACL 
+		with the 'r', 'w', and 'x' bits mapped into the corresponding 
+		NT permissions. The UNIX world permissions are mapped into 
+		the global NT group <B
+CLASS="COMMAND"
+>Everyone</B
+>, followed 
+		by the list of permissions allowed for UNIX world. The UNIX 
+		owner and group permissions are displayed as an NT 
+		<B
+CLASS="COMMAND"
+>user</B
+> icon and an NT <B
+CLASS="COMMAND"
+>local 
+		group</B
+> icon respectively followed by the list 
+	 	of permissions allowed for the UNIX user and group.</P
+><P
+>As many UNIX permission sets don't map into common 
+		NT names such as <B
+CLASS="COMMAND"
+>"read"</B
+>, <B
+CLASS="COMMAND"
+>		"change"</B
+> or <B
+CLASS="COMMAND"
+>"full control"</B
+> then 
+		usually the permissions will be prefixed by the words <B
+CLASS="COMMAND"
+>		"Special Access"</B
+> in the NT display list.</P
+><P
+>But what happens if the file has no permissions allowed 
+		for a particular UNIX user group or world component ? In order 
+		to  allow "no permissions" to be seen and modified then Samba 
+		overloads the NT <B
+CLASS="COMMAND"
+>"Take Ownership"</B
+> ACL attribute 
+		(which has no meaning in UNIX) and reports a component with 
+		no permissions as having the NT <B
+CLASS="COMMAND"
+>"O"</B
+> bit set. 
+		This was chosen of course to make it look like a zero, meaning 
+		zero permissions. More details on the decision behind this will 
+		be given below.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN647"
+>5.4.2. Directory Permissions</A
+></H2
+><P
+>Directories on an NT NTFS file system have two 
+		different sets of permissions. The first set of permissions 
+		is the ACL set on the directory itself, this is usually displayed 
+		in the first set of parentheses in the normal <B
+CLASS="COMMAND"
+>"RW"</B
+> 
+		NT style. This first set of permissions is created by Samba in 
+		exactly the same way as normal file permissions are, described 
+		above, and is displayed in the same way.</P
+><P
+>The second set of directory permissions has no real meaning 
+		in the UNIX permissions world and represents the <B
+CLASS="COMMAND"
+>		"inherited"</B
+> permissions that any file created within 
+		this directory would inherit.</P
+><P
+>Samba synthesises these inherited permissions for NT by 
+		returning as an NT ACL the UNIX permission mode that a new file 
+		created by Samba on this share would receive.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN654"
+>5.5. Modifying file or directory permissions</A
+></H1
+><P
+>Modifying file and directory permissions is as simple 
+	as changing the displayed permissions in the dialog box, and 
+	clicking the <B
+CLASS="COMMAND"
+>OK</B
+> button. However, there are 
+	limitations that a user needs to be aware of, and also interactions 
+	with the standard Samba permission masks and mapping of DOS 
+	attributes that need to also be taken into account.</P
+><P
+>If the parameter <TT
+CLASS="PARAMETER"
+><I
+>nt acl support</I
+></TT
+>
+	is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> then any attempt to set 
+	security permissions will fail with an <B
+CLASS="COMMAND"
+>"Access Denied"
+	</B
+> message.</P
+><P
+>The first thing to note is that the <B
+CLASS="COMMAND"
+>"Add"</B
+> 
+	button will not return a list of users in Samba 2.0.4 (it will give 
+	an error message of <B
+CLASS="COMMAND"
+>"The remote procedure call failed 
+	and did not execute"</B
+>). This means that you can only 
+	manipulate the current user/group/world permissions listed in 
+	the dialog box. This actually works quite well as these are the 
+	only permissions that UNIX actually has.</P
+><P
+>If a permission triple (either user, group, or world) 
+	is removed from the list of permissions in the NT dialog box, 
+	then when the <B
+CLASS="COMMAND"
+>"OK"</B
+> button is pressed it will 
+	be applied as "no permissions" on the UNIX side. If you then 
+	view the permissions again the "no permissions" entry will appear 
+	as the NT <B
+CLASS="COMMAND"
+>"O"</B
+> flag, as described above. This 
+	allows you to add permissions back to a file or directory once 
+	you have removed them from a triple component.</P
+><P
+>As UNIX supports only the "r", "w" and "x" bits of 
+	an NT ACL then if other NT security attributes such as "Delete 
+	access" are selected then they will be ignored when applied on 
+	the Samba server.</P
+><P
+>When setting permissions on a directory the second 
+	set of permissions (in the second set of parentheses) is 
+	by default applied to all files within that directory. If this 
+	is not what you want you must uncheck the <B
+CLASS="COMMAND"
+>"Replace 
+	permissions on existing files"</B
+> checkbox in the NT 
+	dialog before clicking <B
+CLASS="COMMAND"
+>"OK"</B
+>.</P
+><P
+>If you wish to remove all permissions from a 
+	user/group/world  component then you may either highlight the 
+	component and click the <B
+CLASS="COMMAND"
+>"Remove"</B
+> button, 
+	or set the component to only have the special <B
+CLASS="COMMAND"
+>"Take
+	Ownership"</B
+> permission (displayed as <B
+CLASS="COMMAND"
+>"O"
+	</B
+>) highlighted.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN676"
+>5.6. Interaction with the standard Samba create mask 
+	parameters</A
+></H1
+><P
+>Note that with Samba 2.0.5 there are four new parameters 
+	to control this interaction.  These are :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode</I
+></TT
+></P
+><P
+>Once a user clicks <B
+CLASS="COMMAND"
+>"OK"</B
+> to apply the 
+	permissions Samba maps the given permissions into a user/group/world 
+	r/w/x triple set, and then will check the changed permissions for a 
+	file against the bits set in the <A
+HREF="smb.conf.5.html#SECURITYMASK"
+TARGET="_top"
+> 
+	<TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+> parameter. Any bits that 
+	were changed that are not set to '1' in this parameter are left alone 
+	in the file permissions.</P
+><P
+>Essentially, zero bits in the <TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+>
+	mask may be treated as a set of bits the user is <EM
+>not</EM
+> 
+	allowed to change, and one bits are those the user is allowed to change.
+	</P
+><P
+>If not set explicitly this parameter is set to the same value as 
+	the <A
+HREF="smb.conf.5.html#CREATEMASK"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask
+	</I
+></TT
+></A
+> parameter to provide compatibility with Samba 2.0.4 
+	where this permission change facility was introduced. To allow a user to 
+	modify all the user/group/world permissions on a file, set this parameter 
+	to 0777.</P
+><P
+>Next Samba checks the changed permissions for a file against 
+	the bits set in the <A
+HREF="smb.conf.5.html#FORCESECURITYMODE"
+TARGET="_top"
+>	<TT
+CLASS="PARAMETER"
+><I
+>force security mode</I
+></TT
+></A
+> parameter. Any bits 
+	that were changed that correspond to bits set to '1' in this parameter 
+	are forced to be set.</P
+><P
+>Essentially, bits set in the <TT
+CLASS="PARAMETER"
+><I
+>force security mode
+	</I
+></TT
+> parameter may be treated as a set of bits that, when 
+	modifying security on a file, the user has always set to be 'on'.</P
+><P
+>If not set explicitly this parameter is set to the same value 
+	as the <A
+HREF="smb.conf.5.html#FORCECREATEMODE"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+	create mode</I
+></TT
+></A
+> parameter to provide compatibility
+	with Samba 2.0.4 where the permission change facility was introduced.
+	To allow a user to modify all the user/group/world permissions on a file
+	with no restrictions set this parameter to 000.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>force 
+	security mode</I
+></TT
+> parameters are applied to the change 
+	request in that order.</P
+><P
+>For a directory Samba will perform the same operations as 
+	described above for a file except using the parameter <TT
+CLASS="PARAMETER"
+><I
+>	directory security mask</I
+></TT
+> instead of <TT
+CLASS="PARAMETER"
+><I
+>security 
+	mask</I
+></TT
+>, and <TT
+CLASS="PARAMETER"
+><I
+>force directory security mode
+	</I
+></TT
+> parameter instead of <TT
+CLASS="PARAMETER"
+><I
+>force security mode
+	</I
+></TT
+>.</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+> parameter 
+	by default is set to the same value as the <TT
+CLASS="PARAMETER"
+><I
+>directory mask
+	</I
+></TT
+> parameter and the <TT
+CLASS="PARAMETER"
+><I
+>force directory security 
+	mode</I
+></TT
+> parameter by default is set to the same value as 
+ 	the <TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+> parameter to provide 
+	compatibility with Samba 2.0.4 where the permission change facility 
+	was introduced.</P
+><P
+>In this way Samba enforces the permission restrictions that 
+	an administrator can set on a Samba share, whilst still allowing users 
+	to modify the permission bits within that restriction.</P
+><P
+>If you want to set up a share that allows users full control
+	in modifying the permission bits on their files and directories and
+	doesn't force any particular bits to be set 'on', then set the following
+	parameters in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)
+	</TT
+></A
+> file in that share specific section :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>security mask = 0777</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force security mode = 0</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask = 0777</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory security mode = 0</I
+></TT
+></P
+><P
+>As described, in Samba 2.0.4 the parameters :</P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+></P
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+></P
+><P
+>were used instead of the parameters discussed here.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN740"
+>5.7. Interaction with the standard Samba file attribute 
+	mapping</A
+></H1
+><P
+>Samba maps some of the DOS attribute bits (such as "read 
+	only") into the UNIX permissions of a file. This means there can 
+	be a conflict between the permission bits set via the security 
+	dialog and the permission bits set by the file attribute mapping.
+	</P
+><P
+>One way this can show up is if a file has no UNIX read access
+	for the owner it will show up as "read only" in the standard 
+	file attributes tabbed dialog. Unfortunately this dialog is
+	the same one that contains the security info in another tab.</P
+><P
+>What this can mean is that if the owner changes the permissions
+	to allow themselves read access using the security dialog, clicks
+	<B
+CLASS="COMMAND"
+>"OK"</B
+> to get back to the standard attributes tab 
+	dialog, and then clicks <B
+CLASS="COMMAND"
+>"OK"</B
+> on that dialog, then 
+	NT will set the file permissions back to read-only (as that is what 
+	the attributes still say in the dialog). This means that after setting 
+	permissions and clicking <B
+CLASS="COMMAND"
+>"OK"</B
+> to get back to the 
+	attributes dialog you should always hit <B
+CLASS="COMMAND"
+>"Cancel"</B
+> 
+	rather than <B
+CLASS="COMMAND"
+>"OK"</B
+> to ensure that your changes 
+	are not overridden.</P
+></DIV
+></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="AEN750"
+>Chapter 6. Printing Support in Samba 2.2.x</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN761"
+>6.1. Introduction</A
 ></H1
 ><P
 >Beginning with the 2.2.0 release, Samba supports 
-	the native Windows NT printing mechanisms implemented via 
-	MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
-	Samba only supported LanMan printing calls.</P
+the native Windows NT printing mechanisms implemented via 
+MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
+Samba only supported LanMan printing calls.</P
 ><P
 >The additional functionality provided by the new 
-	SPOOLSS support includes:</P
+SPOOLSS support includes:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >Support for downloading printer driver 
-		files to Windows 95/98/NT/2000 clients upon demand.
-		</P
+	files to Windows 95/98/NT/2000 clients upon demand.
+	</P
 ></LI
 ><LI
 ><P
 >Uploading of printer drivers via the 
-		Windows NT Add Printer Wizard (APW) or the <A
+	Windows NT Add Printer Wizard (APW) or the 
+	Imprints tool set (refer to <A
 HREF="http://imprints.sourceforge.net"
 TARGET="_top"
->Imprints tool set
-		</A
-></P
+>http://imprints.sourceforge.net</A
+>). 
+	</P
 ></LI
 ><LI
 ><P
 >Support for the native MS-RPC printing 
-		calls such as StartDocPrinter, EnumJobs(), etc...  (See 
-		the <A
+	calls such as StartDocPrinter, EnumJobs(), etc...  (See 
+	the MSDN documentation at <A
 HREF="http://msdn.microsoft.com/"
 TARGET="_top"
->MSDN documentation
-		</A
-> for more information on the Win32 printing API)
-		</P
+>http://msdn.microsoft.com/</A
+> 
+	for more information on the Win32 printing API)
+	</P
 ></LI
 ><LI
 ><P
 >Support for NT Access Control Lists (ACL) 
-		on printer objects</P
+	on printer objects</P
 ></LI
 ><LI
 ><P
 >Improved support for printer queue manipulation 
-		through the use of an internal databases for spooled job 
-		information</P
+	through the use of an internal databases for spooled job 
+	information</P
 ></LI
 ></UL
+><P
+>There has been some initial confusion about what all this means
+and whether or not it is a requirement for printer drivers to be 
+installed on a Samba host in order to support printing from Windows 
+clients.  A bug existed in Samba 2.2.0 which made Windows NT/2000 clients 
+require that the Samba server possess a valid driver for the printer.  
+This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
+can use the local APW for installing drivers to be used with a Samba 
+served printer.  This is the same behavior exhibited by Windows 9x clients.
+As a side note, Samba does not use these drivers in any way to process 
+spooled files.  They are utilized entirely by the clients.</P
+><P
+>The following MS KB article, may be of some help if you are dealing with
+Windows 2000 clients:  <EM
+>How to Add Printers with No User 
+Interaction in Windows 2000</EM
+></P
+><P
+><A
+HREF="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP"
+TARGET="_top"
+>http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</A
+></P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN457"
->Configuration</A
+NAME="AEN783"
+>6.2. Configuration</A
 ></H1
-><P
->In order to support the uploading of printer driver 
-	files, you must first configure a file share named [print$].  
-	The name of this share is hard coded in Samba's internals so 
-	the name is very important (print$ is the service used by 
-	Windows NT print servers to provide support for printer driver 
-	download).</P
 ><DIV
 CLASS="WARNING"
 ><P
@@ -2284,70 +4198,104 @@ WIDTH="100%"
 ><TD
 ALIGN="CENTER"
 ><B
->Warning</B
+>[print$] vs. [printer$]</B
 ></TD
 ></TR
 ><TR
 ><TD
 ALIGN="LEFT"
 ><P
->Previous versions of Samba recommended using 
-		a share named [printer$].  This name was taken from the 
-		printer$ service created by Windows 9x clients when a 
-		printer was shared.  Windows 9x printer servers always have 
-		a printer$ service which provides read-only access via no 
-		password in order to support printer driver downloads.</P
+>Previous versions of Samba recommended using a share named [printer$].  
+This name was taken from the printer$ service created by Windows 9x 
+clients when a printer was shared.  Windows 9x printer servers always have 
+a printer$ service which provides read-only access via no 
+password in order to support printer driver downloads.</P
 ><P
 >However, the initial implementation allowed for a 
-		parameter named <TT
+parameter named <TT
 CLASS="PARAMETER"
 ><I
 >printer driver location</I
 ></TT
 > 
-		to be used on a per share basis to specify the location of 
-		the driver files associated with that printer.  Another 
-		parameter named <TT
+to be used on a per share basis to specify the location of 
+the driver files associated with that printer.  Another 
+parameter named <TT
 CLASS="PARAMETER"
 ><I
 >printer driver</I
 ></TT
 > provided 
-		a means of defining the printer driver name to be sent to 
-		the client.</P
+a means of defining the printer driver name to be sent to 
+the client.</P
 ><P
 >These parameters, including <TT
 CLASS="PARAMETER"
 ><I
->printer driver 
-		file</I
+>printer driver
+file</I
 ></TT
 > parameter, are being depreciated and should not 
-		be used in new installations.  For more information on this change, 
-		you should refer to the <A
+be used in new installations.  For more information on this change, 
+you should refer to the <A
 HREF="#MIGRATION"
->Migration section 
-		</A
->of this document.</P
+>Migration section</A
+>
+of this document.</P
 ></TD
 ></TR
 ></TABLE
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN794"
+>6.2.1. Creating [print$]</A
+></H2
 ><P
->You should modify the server's smb.conf file to create the 
-	following file share (of course, some of the parameter values,
-	such as 'path' are arbitrary and should be replaced with
-	appropriate values for your site):</P
+>In order to support the uploading of printer driver 
+files, you must first configure a file share named [print$].  
+The name of this share is hard coded in Samba's internals so 
+the name is very important (print$ is the service used by 
+Windows NT print servers to provide support for printer driver 
+download).</P
+><P
+>You should modify the server's smb.conf file to add the global
+parameters and to create the 
+following file share (of course, some of the parameter values,
+such as 'path' are arbitrary and should be replaced with
+appropriate values for your site):</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->[print$]
-	path = /usr/local/samba/printers
-	guest ok = yes
-	browseable = yes
-	read only = yes
-	write list = ntadmin
-	</PRE
+>[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >The <A
@@ -2356,70 +4304,82 @@ TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->	write list</I
+>write list</I
 ></TT
 ></A
 > is used to allow administrative 
-	level user accounts to have write access in order to update files 
-	on the share.  See the <A
+level user accounts to have write access in order to update files 
+on the share.  See the <A
 HREF="smb./conf.5.html"
 TARGET="_top"
->	smb.conf(5) man page</A
-> for more information on 
-	configuring file shares.</P
+>smb.conf(5) 
+man page</A
+> for more information on configuring file shares.</P
 ><P
 >The requirement for <A
 HREF="smb.conf.5.html#GUESTOK"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
->	guest ok = yes</B
+>guest 
+ok = yes</B
 ></A
 > depends upon how your
-	site is configured.  If users will be guaranteed to have 
-	an account on the Samba host, then this is a non-issue.</P
+site is configured.  If users will be guaranteed to have 
+an account on the Samba host, then this is a non-issue.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
 ><P
-><I
-CLASS="EMPHASIS"
->author's note: </I
->The non-issue is that 
-	if all your Windows NT users are guarenteed to be authenticated 
-	by the Samba server (such as a domain member server and the NT 
-	user has already been validated by the Domain Controller in 
-	order to logon to the Windows NT console), then guest access 
-	is not necessary.  Of course, in a workgroup environment where 
-	you just want to be able to print without worrying about 
-	silly accounts and security, then configure the share for 
-	guest access.  You'll probably want to add <A
+><B
+>Author's Note: </B
+>The non-issue is that if all your Windows NT users are guaranteed to be 
+authenticated by the Samba server (such as a domain member server and the NT 
+user has already been validated by the Domain Controller in 
+order to logon to the Windows NT console), then guest access 
+is not necessary.  Of course, in a workgroup environment where 
+you just want to be able to print without worrying about 
+silly accounts and security, then configure the share for 
+guest access.  You'll probably want to add <A
 HREF="smb.conf.5.html#MAPTOGUEST"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
->map to guest = Bad User
-	</B
+>map to guest = Bad User</B
 ></A
 > in the [global] section as well.  Make sure 
-	you understand what this parameter does before using it 
-	though. --jerry]</P
+you understand what this parameter does before using it 
+though. --jerry</P
+></BLOCKQUOTE
+></DIV
 ><P
 >In order for a Windows NT print server to support 
-	the downloading of driver files by multiple client architectures,
-	it must create subdirectories within the [print$] service
-	which correspond to each of the supported client architectures.
-	Samba follows this model as well.</P
+the downloading of driver files by multiple client architectures,
+it must create subdirectories within the [print$] service
+which correspond to each of the supported client architectures.
+Samba follows this model as well.</P
 ><P
 >Next create the directory tree below the [print$] share 
-	for each architecture you wish to support.</P
+for each architecture you wish to support.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->	[print$]-----
-		|-W32X86		; "Windows NT x86"
-		|-WIN40			; "Windows 95/98"
-		|-W32ALPHA		; "Windows NT Alpha_AXP"
-		|-W32MIPS		; "Windows NT R4000"
-		|-W32PPC		; "Windows NT PowerPC"
-	</PRE
+>[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><DIV
 CLASS="WARNING"
@@ -2433,38 +4393,34 @@ WIDTH="100%"
 ><TD
 ALIGN="CENTER"
 ><B
->Warning</B
+>ATTENTION!  REQUIRED PERMISSIONS</B
 ></TD
 ></TR
 ><TR
 ><TD
 ALIGN="LEFT"
 ><P
-><I
-CLASS="EMPHASIS"
->ATTENTION!  REQUIRED PERMISSIONS</I
-></P
-><P
 >In order to currently add a new driver to you Samba host, 
-		one of two conditions must hold true:</P
+one of two conditions must hold true:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >The account used to connect to the Samba host 
-			must have a uid of 0 (i.e. a root account)</P
+	must have a uid of 0 (i.e. a root account)</P
 ></LI
 ><LI
 ><P
 >The account used to connect to the Samba host
-			must be a member of the <A
-HREF="smb.conf.5.html"
+	must be a member of the <A
+HREF="smb.conf.5.html#PRINTERADMIN"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->			printer admin</I
+>printer 
+	admin</I
 ></TT
 ></A
 > list.</P
@@ -2472,97 +4428,132 @@ CLASS="PARAMETER"
 ></UL
 ><P
 >Of course, the connected account must still possess access
-		to add files to the subdirectories beneath [print$].</P
+to add files to the subdirectories beneath [print$]. Remember
+that all file shares are set to 'read only' by default.</P
 ></TD
 ></TR
 ></TABLE
 ></DIV
 ><P
 >Once you have created the required [print$] service and 
-	associated subdirectories, simply log onto the Samba server using 
-	a root (or <TT
+associated subdirectories, simply log onto the Samba server using 
+a root (or <TT
 CLASS="PARAMETER"
 ><I
 >printer admin</I
 ></TT
 >) account
-	from a Windows NT 4.0 client.  Navigate to the "Printers" folder
-	on the Samba server.  You should see an initial listing of printers
-	that matches the printer shares defined on your Samba host.</P
+from a Windows NT 4.0 client.  Navigate to the "Printers" folder
+on the Samba server.  You should see an initial listing of printers
+that matches the printer shares defined on your Samba host.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN829"
+>6.2.2. Setting Drivers for Existing Printers</A
+></H2
 ><P
 >The initial listing of printers in the Samba host's 
-	Printers folder will have no printer driver assigned to them.  
-	The way assign a driver to a printer is to view the Properties 
-	of the printer and either</P
+Printers folder will have no real printer driver assigned 
+to them.  By default, in Samba 2.2.0 this driver name was set to 
+<EM
+>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</EM
+>.
+Later versions changed this to a NULL string to allow the use
+tof the local Add Printer Wizard on NT/2000 clients.
+Attempting to view the printer properties for a printer
+which has this default driver assigned will result in 
+the error message:</P
+><P
+><EM
+>Device settings cannot be displayed.  The driver 
+for the specified printer is not installed, only spooler 
+properties will be displayed.  Do you want to install the 
+driver now?</EM
+></P
+><P
+>Click "No" in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a 
+printer is to either</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >Use the "New Driver..." button to install 
-		a new printer driver, or</P
+	a new printer driver, or</P
 ></LI
 ><LI
 ><P
 >Select a driver from the popup list of 
-		installed drivers.  Initially this list will be empty.</P
+	installed drivers.  Initially this list will be empty.</P
 ></LI
 ></UL
 ><P
 >If you wish to install printer drivers for client 
-	operating systems other than "Windows NT x86", you will need 
-	to use the "Sharing" tab of the printer properties dialog.</P
+operating systems other than "Windows NT x86", you will need 
+to use the "Sharing" tab of the printer properties dialog.</P
 ><P
 >Assuming you have connected with a root account, you 
-	will also be able modify other printer properties such as 
-	ACLs and device settings using this dialog box.</P
+will also be able modify other printer properties such as 
+ACLs and device settings using this dialog box.</P
 ><P
 >A few closing comments for this section, it is possible 
-	on a Windows NT print server to have printers
-	listed in the Printers folder which are not shared.  Samba does
-	not make this distinction.  By definition, the only printers of
-	which Samba is aware are those which are specified as shares in
-	<TT
+on a Windows NT print server to have printers
+listed in the Printers folder which are not shared.  Samba does
+not make this distinction.  By definition, the only printers of
+which Samba is aware are those which are specified as shares in
+<TT
 CLASS="FILENAME"
 >smb.conf</TT
 >.</P
 ><P
 >Another interesting side note is that Windows NT clients do
-	not use the SMB printer share, but rather can print directly 
-	to any printer on another Windows NT host using MS-RPC.  This
-	of course assumes that the printing client has the necessary
-	privileges on the remote host serving the printer.  The default
-	permissions assigned by Windows NT to a printer gives the "Print"
-	permissions to the "Everyone" well-known group.</P
+not use the SMB printer share, but rather can print directly 
+to any printer on another Windows NT host using MS-RPC.  This
+of course assumes that the printing client has the necessary
+privileges on the remote host serving the printer.  The default
+permissions assigned by Windows NT to a printer gives the "Print"
+permissions to the "Everyone" well-known group.</P
+></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN511"
->Support a large number of printers</A
+NAME="AEN846"
+>6.2.3. Support a large number of printers</A
 ></H2
 ><P
 >One issue that has arisen during the development
-		phase of Samba 2.2 is the need to support driver downloads for
-		100's of printers.  Using the Windows NT APW is somewhat 
-		awkward to say the list.  If more than one printer are using the 
-		same driver, the <A
+phase of Samba 2.2 is the need to support driver downloads for
+100's of printers.  Using the Windows NT APW is somewhat 
+awkward to say the list.  If more than one printer are using the 
+same driver, the <A
 HREF="rpcclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >rpcclient's
-		setdriver command</B
+setdriver command</B
 ></A
 > can be used to set the driver
-		associated with an installed driver.  The following is example
-		of how this could be accomplished:</P
+associated with an installed driver.  The following is example
+of how this could be accomplished:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
-		<TT
+<TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumdrivers"
@@ -2570,36 +4561,180 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
  
 [Windows NT x86]
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 4000 Series PS]
+     Driver Name: [HP LaserJet 4000 Series PS]
  
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 2100 Series PS]
+     Driver Name: [HP LaserJet 2100 Series PS]
  
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 4Si/4SiMX PS]
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
 				  
-		<TT
+<TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumprinters"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-	flags:[0x800000]
-	name:[\\POGO\hp-print]
-	description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
-	comment:[]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
 				  
-		<TT
+<TT
 CLASS="PROMPT"
 >$ </TT
->rpcclient pogo -U root%bleaK.er \
-		<TT
+>rpcclient pogo -U root%secret \
+<TT
 CLASS="PROMPT"
->&gt; </TT
+>&#62; </TT
 > -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-Succesfully set hp-print to driver HP LaserJet 4000 Series PS.
-		</PRE
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN857"
+>6.2.4. Adding New Printers via the Windows NT APW</A
+></H2
+><P
+>By default, Samba offers all printer shares defined in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+Add Printer Wizard icon.  The APW will be show only if</P
+><P
 ></P
+><UL
+><LI
+><P
+>The connected user is able to successfully
+	execute an OpenPrinterEx(\\server) with administrative
+	privileges (i.e. root or <TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+>).
+	</P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>show 
+	add printer wizard = yes</I
+></TT
+></A
+> (the default).
+	</P
+></LI
+></UL
+><P
+>In order to be able to use the APW to successfully add a printer to a Samba 
+server, the <A
+HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>add 
+printer command</I
+></TT
+></A
+> must have a defined value.  The program
+hook must successfully add the printer to the system (i.e. 
+<TT
+CLASS="FILENAME"
+>/etc/printcap</TT
+> or appropriate files) and 
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> if necessary.</P
+><P
+>When using the APW from a client, if the named printer share does 
+not exist, <B
+CLASS="COMMAND"
+>smbd</B
+> will execute the <TT
+CLASS="PARAMETER"
+><I
+>add printer 
+command</I
+></TT
+> and reparse to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+to attempt to locate the new printer share.  If the share is still not defined,
+an error of "Access Denied" is returned to the client.  Note that the 
+<TT
+CLASS="PARAMETER"
+><I
+>add printer program</I
+></TT
+> is executed under the context
+of the connected user, not necessarily a root account.</P
+><P
+>There is a complementing <A
+HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>delete
+printer command</I
+></TT
+></A
+> for removing entries from the "Printers..."
+folder.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN882"
+>6.2.5. Samba and Printer Ports</A
+></H2
+><P
+>Windows NT/2000 print servers associate a port with each printer.  These normally
+take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
+concept of ports associated with a printer.  By default, only one printer port,
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
+order to print, rather it is a requirement of Windows clients.  </P
+><P
+>Note that Samba does not support the concept of "Printer Pooling" internally 
+either.  This is when a logical printer is assigned to multiple ports as 
+a form of load balancing or fail over.</P
+><P
+>If you require that multiple ports be defined for some reason,
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> possesses a <A
+HREF="smb.conf.5.html#ENUMPORTSCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>enumports 
+command</I
+></TT
+></A
+> which can be used to define an external program 
+that generates a listing of ports on a system.</P
 ></DIV
 ></DIV
 ><DIV
@@ -2607,8 +4742,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN522"
->The Imprints Toolset</A
+NAME="AEN890"
+>6.3. The Imprints Toolset</A
 ></H1
 ><P
 >The Imprints tool set provides a UNIX equivalent of the 
@@ -2625,8 +4760,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN526"
->What is Imprints?</A
+NAME="AEN894"
+>6.3.1. What is Imprints?</A
 ></H2
 ><P
 >Imprints is a collection of tools for supporting the goals 
@@ -2657,8 +4792,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN536"
->Creating Printer Driver Packages</A
+NAME="AEN904"
+>6.3.2. Creating Printer Driver Packages</A
 ></H2
 ><P
 >The process of creating printer driver packages is beyond
@@ -2673,8 +4808,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN539"
->The Imprints server</A
+NAME="AEN907"
+>6.3.3. The Imprints server</A
 ></H2
 ><P
 >The Imprints server is really a database server that 
@@ -2683,9 +4818,8 @@ NAME="AEN539"
 		downloading of the package.  Each package is digitally signed
 		via GnuPG which can be used to verify that package downloaded
 		is actually the one referred in the Imprints database.  It is 
-		<I
-CLASS="EMPHASIS"
->not</I
+		<EM
+>not</EM
 > recommended that this security check 
 		be disabled.</P
 ></DIV
@@ -2694,8 +4828,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN543"
->The Installation Client</A
+NAME="AEN911"
+>6.3.4. The Installation Client</A
 ></H2
 ><P
 >More information regarding the Imprints installation client 
@@ -2736,27 +4870,35 @@ CLASS="COMMAND"
 >rpcclient</B
 >.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >	
-		foreach (supported architecture for a given driver)
-		{
-			1.	rpcclient: Get the appropriate upload directory 
-				on the remote server
-			2.	smbclient: Upload the driver files
-			3.	rpcclient: Issues an AddPrinterDriver() MS-RPC
-		}
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
 	
-		4.	rpcclient: Issue an AddPrinterEx() MS-RPC to actually
-			create the printer
-		</PRE
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >One of the problems encountered when implementing 
 		the Imprints tool set was the name space issues between 
 		various supported client architectures.  For example, Windows 
 		NT includes a driver named "Apple LaserWriter II NTX v51.8" 
-		and Windows 95 callsits version of this driver "Apple 
+		and Windows 95 calls its version of this driver "Apple 
 		LaserWriter II NTX"</P
 ><P
 >The problem is how to know what client drivers have 
@@ -2772,7 +4914,7 @@ CLASS="FILENAME"
 ></P
 ><P
 >will reveal that Windows NT always uses the NT driver 
-		name.  The is ok as Windows NT always requires that at least 
+		name.  This is ok as Windows NT always requires that at least 
 		the Windows NT version of the printer driver is present.  
 		However, Samba does not have the requirement internally.  
 		Therefore, how can you use the NT driver name if is has not 
@@ -2789,18 +4931,60 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN565"
-><A
+NAME="AEN933"
+>6.4. <A
 NAME="MIGRATION"
 ></A
->Migration to from Samba 2.0.x to 
-	2.2.x</A
+>Migration to from Samba 2.0.x to 2.2.x</A
 ></H1
 ><P
->Given that printer driver management has changed
-	(we hope improved :) ) in 2.2.0 over prior releases,
-	migration from an existing setup to 2.2.0 can follow
-	several paths.</P
+>Given that printer driver management has changed (we hope improved) in 
+2.2 over prior releases, migration from an existing setup to 2.2 can 
+follow several paths.</P
+><P
+>Windows clients have a tendency to remember things for quite a while.
+For example, if a Windows NT client has attached to a Samba 2.0 server,
+it will remember the server as a LanMan printer server.  Upgrading 
+the Samba host to 2.2 makes support for MSRPC printing possible, but 
+the NT client will still remember the previous setting.</P
+><P
+>In order to give an NT client printing "amnesia" (only necessary if you 
+want to use the newer MSRPC printing functionality in Samba), delete 
+the registry keys associated with the print server contained in 
+<TT
+CLASS="CONSTANT"
+>[HKLM\SYSTEM\CurrentControlSet\Control\Print]</TT
+>.  The 
+spooler service on the client should be stopped prior to doing this:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINNT\ &#62;</TT
+> <TT
+CLASS="USERINPUT"
+><B
+>net stop spooler</B
+></TT
+></P
+><P
+><EM
+>All the normal disclaimers about editing the registry go 
+here.</EM
+>  Be careful, and know what you are doing.</P
+><P
+>The spooler service should be restarted after you have finished 
+removing the appropriate registry entries by replacing the 
+<B
+CLASS="COMMAND"
+>stop</B
+> command above with <B
+CLASS="COMMAND"
+>start</B
+>.</P
+><P
+>Windows 9x clients will continue to use LanMan printing calls
+with a 2.2 Samba server so there is no need to perform any of these
+modifications on non-NT clients.</P
 ><DIV
 CLASS="WARNING"
 ><P
@@ -2813,16 +4997,15 @@ WIDTH="100%"
 ><TD
 ALIGN="CENTER"
 ><B
->Warning</B
+>Achtung!</B
 ></TD
 ></TR
 ><TR
 ><TD
 ALIGN="LEFT"
 ><P
->The following smb.conf parameters are considered to be
-		depreciated and will be removed soon.  Do not use them
-		in new installations</P
+>The following smb.conf parameters are considered to be depreciated and will 
+be removed soon.  Do not use them in new installations</P
 ><P
 ></P
 ><UL
@@ -2834,7 +5017,7 @@ CLASS="PARAMETER"
 >printer driver file (G)</I
 ></TT
 >
-			</P
+	</P
 ></LI
 ><LI
 ><P
@@ -2844,7 +5027,7 @@ CLASS="PARAMETER"
 >printer driver (S)</I
 ></TT
 >
-			</P
+	</P
 ></LI
 ><LI
 ><P
@@ -2854,7 +5037,7 @@ CLASS="PARAMETER"
 >printer driver location (S)</I
 ></TT
 >
-			</P
+	</P
 ></LI
 ></UL
 ></TD
@@ -2869,46 +5052,54 @@ CLASS="PARAMETER"
 ><LI
 ><P
 >If you do not desire the new Windows NT 
-		print driver support, nothing needs to be done.  
-		All existing parameters work the same.</P
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.</P
 ></LI
 ><LI
 ><P
 >If you want to take advantage of NT printer 
-		driver support but do not want to migrate the 
-		9x drivers to the new setup, the leave the existing 
-		printers.def file.  When smbd attempts to locate a 
-		9x driver for the printer in the TDB and fails it 
-		will drop down to using the printers.def (and all 
-		associated parameters).  The <B
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	printers.def file.  When smbd attempts to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The <B
 CLASS="COMMAND"
 >make_printerdef</B
 > 
-		tool will also remain for backwards compatibility but will 
-		be moved to the "this tool is the old way of doing it" 
-		pile.</P
+	tool will also remain for backwards compatibility but will 
+	be moved to the "this tool is the old way of doing it" 
+	pile.</P
 ></LI
 ><LI
 ><P
 >If you install a Windows 9x driver for a printer 
-		on your Samba host (in the printing TDB), this information will 
-		take precedence and the three old printing parameters
-		will be ignored (including print driver location).</P
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).</P
 ></LI
 ><LI
 ><P
 >If you want to migrate an existing <TT
 CLASS="FILENAME"
->		printers.def</TT
-> file into the new setup, the current only 
-		solution is to use the Windows NT APW to install the NT drivers 
-		and the 9x  drivers.  This can be scripted using smbclient and 
-		rpcclient.  See the <A
+>printers.def</TT
+> 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using <B
+CLASS="COMMAND"
+>smbclient</B
+> and <B
+CLASS="COMMAND"
+>rpcclient</B
+>.  See the 
+	Imprints installation client at <A
 HREF="http://imprints.sourceforge.net/"
 TARGET="_top"
->		Imprints insrallation client</A
-> for an example.
-		</P
+>http://imprints.sourceforge.net/</A
+> 
+	for an example.
+	</P
 ></LI
 ></UL
 ></DIV
@@ -2917,16 +5108,16 @@ TARGET="_top"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN594"
->Chapter 5. security = domain in Samba 2.x</A
+NAME="AEN977"
+>Chapter 7. security = domain in Samba 2.x</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN612"
->Joining an NT Domain with Samba 2.2</A
+NAME="AEN995"
+>7.1. Joining an NT Domain with Samba 2.2</A
 ></H1
 ><P
 >In order for a Samba-2 server to join an NT domain, 
@@ -2934,9 +5125,8 @@ NAME="AEN612"
 	NT domain on the PDC using Server Manager for Domains.  This creates 
 	the machine account in the domain (PDC) SAM. Note that you should 
 	add the Samba server as a "Windows NT Workstation or Server", 
-	<I
-CLASS="EMPHASIS"
->NOT</I
+	<EM
+>NOT</EM
 > as a Primary or backup domain controller.</P
 ><P
 >Assume you have a Samba-2 server with a NetBIOS name of 
@@ -3013,13 +5203,13 @@ CLASS="FILENAME"
 ><TT
 CLASS="REPLACEABLE"
 ><I
->&lt;NT DOMAIN NAME&gt;</I
+>&#60;NT DOMAIN NAME&#62;</I
 ></TT
 >.<TT
 CLASS="REPLACEABLE"
 ><I
->&lt;Samba 
-	Server Name&gt;</I
+>&#60;Samba 
+	Server Name&#62;</I
 ></TT
 >.mac</TT
 ></P
@@ -3153,8 +5343,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN676"
->Samba and Windows 2000 Domains</A
+NAME="AEN1059"
+>7.2. Samba and Windows 2000 Domains</A
 ></H1
 ><P
 >Many people have asked regarding the state of Samba's ability to participate in
@@ -3178,8 +5368,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN681"
->Why is this better than security = server?</A
+NAME="AEN1064"
+>7.3. Why is this better than security = server?</A
 ></H1
 ><P
 >Currently, domain security in Samba doesn't free you from 
@@ -3244,9 +5434,8 @@ CLASS="COMMAND"
 	user is authenticated, making a Samba server truly plug and play 
 	in an NT domain environment. Watch for this code soon.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > Much of the text of this document 
 	was first published in the Web magazine <A
 HREF="http://www.linuxworld.com"
@@ -3265,53 +5454,135 @@ TARGET="_top"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN697"
->Chapter 6. How to Configure Samba 2.2.x as a Primary Domain Controller</A
+NAME="AEN1080"
+>Chapter 8. How to Configure Samba 2.2 as a Primary Domain Controller</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN708"
->Background</A
+NAME="AEN1097"
+>8.1. Prerequisite Reading</A
 ></H1
 ><P
-><I
-CLASS="EMPHASIS"
->Author's Note :</I
-> This document
-is a combination of David Bannon's Samba 2.2 PDC HOWTO
-and the Samba NT Domain FAQ. Both documents are superceeded by this one.</P
+>Before you continue reading in this chapter, please make sure 
+that you are comfortable with configuring basic files services
+in smb.conf and how to enable and administer password 
+encryption in Samba.  Theses two topics are covered in the
+<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> 
+manpage and the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Encryption chapter</A
+> 
+of this HOWTO Collection.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1103"
+>8.2. Background</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+><EM
+>Author's Note :</EM
+> This document is a combination 
+of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. 
+Both documents are superseded by this one.</P
+></BLOCKQUOTE
+></DIV
 ><P
 >Version of Samba prior to release 2.2 had marginal capabilities to
-act as a Windows NT 4.0 Primary Domain Controller (PDC).  The following 
-functionality should work in 2.2.0:</P
+act as a Windows NT 4.0 Primary Domain Controller (PDC).  Beginning with 
+Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 
+style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through 
+SP1) clients.  This article outlines the steps necessary for configuring Samba 
+as a PDC.  It is necessary to have a working Samba server prior to implementing the 
+PDC functionality.  If you have not followed the steps outlined in 
+<A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+> UNIX_INSTALL.html</A
+>, please make sure 
+that your server is configured correctly before proceeding.  Another good 
+resource in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) man 
+page</A
+>. The following  functionality should work in 2.2:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->domain logons for Windows NT 4.0/2000 clients</P
+>	domain logons for Windows NT 4.0/2000 clients.
+	</P
 ></LI
 ><LI
 ><P
->placing a Windows 9x client in user level security</P
+>	placing a Windows 9x client in user level security
+	</P
 ></LI
 ><LI
 ><P
->retrieving a list of users and groups from a Samba PDC to
-	Windows 9x/NT/2000 clients </P
+>	retrieving a list of users and groups from a Samba PDC to
+	Windows 9x/NT/2000 clients
+	</P
 ></LI
 ><LI
 ><P
->roving user profiles</P
+>	roving (roaming) user profiles
+	</P
 ></LI
 ><LI
 ><P
->Windows NT 4.0 style system policies</P
+>	Windows NT 4.0 style system policies
+	</P
 ></LI
 ></UL
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Windows 2000 Service Pack 2 Clients</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	Samba 2.2.1 is required for PDC functionality when using Windows 2000 
+	SP2 clients. 
+	</P
+></TD
+></TR
+></TABLE
+></DIV
 ><P
 >The following pieces of functionality are not included in the 2.2 release:</P
 ><P
@@ -3319,21 +5590,25 @@ functionality should work in 2.2.0:</P
 ><UL
 ><LI
 ><P
->Windows NT 4 domain trusts</P
+>	Windows NT 4 domain trusts
+	</P
 ></LI
 ><LI
 ><P
->Sam replication with Windows NT 4.0 Domain Controllers
-	(i.e. a Samba PDC and a Windows NT BDC or vice versa) </P
+>	SAM replication with Windows NT 4.0 Domain Controllers
+	(i.e. a Samba PDC and a Windows NT BDC or vice versa) 
+	</P
 ></LI
 ><LI
 ><P
->Adding users via the User Manager for Domains</P
+>	Adding users via the User Manager for Domains
+	</P
 ></LI
 ><LI
 ><P
->Acting as a Windows 2000 Domain Controller (i.e. Kerberos
-	and Active Directory)</P
+>	Acting as a Windows 2000 Domain Controller (i.e. Kerberos and 
+	Active Directory)
+	</P
 ></LI
 ></UL
 ><P
@@ -3343,25 +5618,6 @@ support Windows 9x style domain logons is completely different
 from NT4 domain logons and has been officially supported for some 
 time.</P
 ><P
->Beginning with Samba 2.2.0, we are proud to announce official 
-support for Windows NT 4.0 style domain logons from Windows NT
-4.0 and Windows 2000 (including SP1) clients.  This article 
-outlines the steps necessary for configuring Samba as a PDC.
-Note that it is necessary to have a working Samba server
-prior to implementing the PDC functionality.  If you have not 
-followed the steps outlined in <A
-HREF="UNIX_INSTALL.html"
-TARGET="_top"
->UNIX_INSTALL.html</A
->, please make sure that your server 
-is configured correctly before proceeding.  Another good 
-resource in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5) man 
-page</A
->.</P
-><P
 >Implementing a Samba PDC can basically be divided into 2 broad
 steps.</P
 ><P
@@ -3370,13 +5626,14 @@ steps.</P
 TYPE="1"
 ><LI
 ><P
->Configuring the Samba Domain Controller
+>	Configuring the Samba PDC
 	</P
 ></LI
 ><LI
 ><P
->Creating machine trust accounts
-	and joining clients to the domain</P
+>	Creating machine trust accounts	and joining clients 
+	to the domain
+	</P
 ></LI
 ></OL
 ><P
@@ -3390,8 +5647,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN745"
->Configuring the Samba Domain Controller</A
+NAME="AEN1143"
+>8.3. Configuring the Samba Domain Controller</A
 ></H1
 ><P
 >The first step in creating a working Samba PDC is to 
@@ -3407,6 +5664,12 @@ linked with the actual smb.conf description.</P
 ><P
 >Here is an example smb.conf for acting as a PDC:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
@@ -3496,7 +5759,7 @@ TARGET="_top"
 > = \\homeserver\%u
     
     ; specify a generic logon script for all users
-    ; this is a relative path to the [netlogon] share
+    ; this is a relative **DOS** path to the [netlogon] share
     <A
 HREF="smb.conf.5.html#LOGONSCRIPT"
 TARGET="_top"
@@ -3548,18 +5811,19 @@ HREF="smb.conf.5.html#DIRECTORYMASK"
 TARGET="_top"
 >directory mask</A
 > = 0700</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->There are a couple of points to emphasize in the above
-configuration.</P
+>There are a couple of points to emphasize in the above configuration.</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->encrypted passwords must be enabled.
-	For more details on how to do this, refer to 
-	<A
+>	Encrypted passwords must be enabled.  For more details on how 
+	to do this, refer to <A
 HREF="ENCRYPTION.html"
 TARGET="_top"
 >ENCRYPTION.html</A
@@ -3568,23 +5832,27 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->The server must support domain logons
-	and a <TT
+>	The server must support domain logons and a
+	<TT
 CLASS="FILENAME"
 >[netlogon]</TT
-> share</P
+> share
+	</P
 ></LI
 ><LI
 ><P
->The server must be the domain master browser
-	in order for Windows client to locate the server as a DC.</P
+>	The server must be the domain master browser in order for Windows 
+	client to locate the server as a DC.  Please refer to the various 
+	Network Browsing documentation included with this distribution for 
+	details.
+	</P
 ></LI
 ></UL
 ><P
 >As Samba 2.2 does not offer a complete implementation of group mapping between 
 Windows NT groups and UNIX groups (this is really quite complicated to explain 
 in a short space), you should refer to the <A
-HREF="smb.conf.5.html#DOMAINADMONUSERS"
+HREF="smb.conf.5.html#DOMAINADMINUSERS"
 TARGET="_top"
 >domain 
 admin users</A
@@ -3601,28 +5869,38 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN788"
->Creating Machine Trust Accounts and Joining Clients 
+NAME="AEN1186"
+>8.4. Creating Machine Trust Accounts and Joining Clients 
 to the Domain</A
 ></H1
 ><P
->First you must understand what a machine trust account is and what 
-it is used for.</P
-><P
->A machine trust account is a user account owned by a computer.  
+>A machine trust account is a samba user account owned by a computer.  
 The account password acts as the shared secret for secure 
-communication with the Domain Controller.  Hence the reason that
-a Windows 9x host is never a true member of a domain because
-it does not posses a machine trust account and thus has no shared
-secret with the DC.</P
+communication with the Domain Controller.  This is a security feature
+to prevent an unauthorized machine with the same NetBIOS name from 
+joining the domain and gaining access to domain user/group accounts.  
+Hence a Windows 9x host is never a true member of a domain because it does 
+not posses a machine trust account, and thus has no shared secret with the DC.</P
 ><P
 >On a Windows NT PDC, these machine trust account passwords are stored
-in the registry.  A Samba PDC stores these accounts in he same location
+in the registry.  A Samba PDC stores these accounts in the same location
 as user LanMan and NT password hashes (currently <TT
 CLASS="FILENAME"
 >smbpasswd</TT
 >).
-However, machine trust accounts only possess the NT password hash.</P
+However, machine trust accounts only possess and use the NT password hash.</P
+><P
+>Because Samba requires machine accounts to possess a UNIX uid from
+which an Windows NT SID can be generated, all of these accounts
+must have an entry in <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> and smbpasswd.  
+Future releases will alleviate the need to create 
+<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entries.  </P
 ><P
 >There are two means of creating machine trust accounts.</P
 ><P
@@ -3630,30 +5908,52 @@ However, machine trust accounts only possess the NT password hash.</P
 ><UL
 ><LI
 ><P
->Manual creation before joining the client
-	to the domain.  In this case, the password is set to a known
-	value -- the lower case of the machine's netbios name.</P
+>	Manual creation before joining the client to the domain.  In this case, 
+	the password is set to a known value -- the lower case of the 
+	machine's NetBIOS name.
+	</P
 ></LI
 ><LI
 ><P
->Creation of the account at the time of 
-	joining the domain.  In this case, the session key of the 
-	administrative account used to join the client to the domain acts
-	as an encryption key for setting the password to a random value.</P
+>	Creation of the account at the time of joining the domain.  In 
+	this case, the session key of the administrative account used to join 
+	the client to the domain acts as an encryption key for setting the 
+	password to a random value (This is the recommended method).
+	</P
 ></LI
 ></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1200"
+>8.4.1. Manually creating machine trust accounts</A
+></H2
 ><P
->Because Samba requires machine accounts to possess a UNIX uid from
-which an Windows NT SID can be generated, all of these accounts
-will have an entry in <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> and smbpasswd.  
-Future releases will alleviate the need to create 
-<TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> entries.</P
+>The first step in creating a machine trust account by hand is to 
+create an entry for the machine in /etc/passwd.  This can be done 
+using <B
+CLASS="COMMAND"
+>vipw</B
+> or any 'add userr' command which is normally 
+used to create new UNIX accounts.  The following is an example for a Linux 
+based Samba server:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+>/usr/sbin/useradd -g 100 -d /dev/null -c <TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+> -m -s /bin/false <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+>$</P
 ><P
 >The <TT
 CLASS="FILENAME"
@@ -3666,22 +5966,51 @@ CLASS="FILENAME"
 >/etc/passwd</TT
 > entry like this :</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->doppy$:x:505:501:NTMachine:/dev/null:/bin/false</PRE
+>doppy$:x:505:501:<TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+>:/dev/null:/bin/false</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->If you are manually creating the machine accounts, it is necessary
-to add the <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> (or NIS passwd
-map) entry prior to adding the <TT
-CLASS="FILENAME"
->smbpasswd</TT
->
-entry.  The following command will create a new machine account
-ready for use.</P
+>Above, <TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+> can be any descriptive name for the
+pc i.e. BasementComputer. The <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+> absolutely must be 
+the NetBIOS name of the pc to be added to the domain.  The "$" must append the NetBIOS
+name of the pc or samba will not recognize this as a machine account</P
+><P
+>Now that the UNIX account has been created, the next step is to create 
+the smbpasswd entry for the machine containing the well known initial 
+trust account password.  This can be done using the <A
+HREF="smbpasswd.6.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+> command 
+as shown here:</P
 ><P
 ><TT
 CLASS="PROMPT"
@@ -3698,169 +6027,295 @@ CLASS="REPLACEABLE"
 ><I
 >machine_name</I
 ></TT
-> is the machine's netbios
-name.</P
+> is the machine's NetBIOS
+name. </P
+><DIV
+CLASS="WARNING"
 ><P
-><I
-CLASS="EMPHASIS"
->If you manually create a machine account, immediately join
-the client to the domain.</I
->  An open account like this
-can allow intruders to gain access to user account information
-in your domain.</P
-><P
->The second way of creating machine trust accounts is to add
-them on the fly at the time the client is joined to the domain.
-You will need to include a value for the 
-<A
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Join the client to the domain immediately</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	Manually creating a machine trust account using this method is the 
+	equivalent of creating a machine account on a Windows NT PDC using 
+	the "Server Manager".  From the time at which the account is created
+	to the time which th client joins the domain and changes the password,
+	your domain is vulnerable to an intruder joining your domain using a
+	a machine with the same NetBIOS name.  A PDC inherently trusts
+	members of the domain and will serve out a large degree of user 
+	information to such clients.  You have been warned!
+	</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1228"
+>8.4.2. Creating machine trust accounts "on the fly"</A
+></H2
+><P
+>The second, and most recommended way of creating machine trust accounts 
+is to create them as needed at the time the client is joined to 
+the domain.  You will need to include a value for the <A
 HREF="smb.conf.5.html#ADDUSERSCRIPT"
 TARGET="_top"
 >add user script</A
 >
-parameter.  Below is an example I use on a RedHat 6.2 Linux system.</P
+parameter.  Below is an example from a RedHat 6.2 Linux system.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
->In Samba 2.2.0, <I
-CLASS="EMPHASIS"
->only the root account</I
+>In Samba 2.2.1, <EM
+>only the root account</EM
 > can be used to create
-machine accounts on the fly like this.  Therefore, it is required
-to create an entry in smbpasswd for <I
-CLASS="EMPHASIS"
->root</I
->.
-The password <I
-CLASS="EMPHASIS"
->SHOULD</I
-> be set to s different
-password that the associated <TT
+machine accounts like this.  Therefore, it is required to create 
+an entry in smbpasswd for <EM
+>root</EM
+>.  The password 
+<EM
+>SHOULD</EM
+> be set to s different password that the 
+associated <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
->
-entry for security reasons.</P
+> entry for security reasons.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN827"
->Common Problems and Errors</A
+NAME="AEN1239"
+>8.5. Common Problems and Errors</A
 ></H1
 ><P
 ></P
 ><P
-><I
-CLASS="EMPHASIS"
->I cannot include a '$' in a machine name.</I
 ></P
+><UL
+><LI
+><P
+>	<EM
+>I cannot include a '$' in a machine name.</EM
+>
+	</P
 ><P
->A 'machine name' in (typically) <TT
+>	A 'machine name' in (typically) <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
 > 	
-of the machine name with a '$' appended. FreeBSD (and other BSD 
-systems ?) won't create a user with a '$' in their name.</P
+	of the machine name with a '$' appended. FreeBSD (and other BSD 
+	systems ?) won't create a user with a '$' in their name.
+	</P
 ><P
->The problem is only in the program used to make the entry, once 
-made, it works perfectly. So create a user without the '$' and 
-use <B
+>	The problem is only in the program used to make the entry, once 
+	made, it works perfectly. So create a user without the '$' and 
+	use <B
 CLASS="COMMAND"
 >vipw</B
 > to edit the entry, adding the '$'. Or create 
-the whole entry with vipw if you like, make sure you use a 
-unique uid !</P
+	the whole entry with vipw if you like, make sure you use a 
+	unique uid !
+	</P
+></LI
+><LI
 ><P
-><I
-CLASS="EMPHASIS"
+>	<EM
 >I get told "You already have a connection to the Domain...." 
-when creating a machine account.</I
-></P
-><P
->This happens if you try to create a machine account from the 
-machine itself and use a user name that does not work (for whatever 
-reason) and then try another (possibly valid) user name.
-Exit out of the network applet to close the initial connection 
-and try again.</P
+	or "Cannot join domain, the credentials supplied conflict with an 
+	existing set.." when creating a machine account.</EM
+>
+	</P
 ><P
->Further, if the machine is a already a 'member of a workgroup' that 
-is the same name as the domain you are joining (bad idea) you will 
-get this message.  Change the workgroup name to something else, it 
-does not matter what, reboot, and try again.</P
+>	This happens if you try to create a machine account from the 
+	machine itself and already have a connection (e.g. mapped drive) 
+	to a share (or IPC$) on the Samba PDC.  The following command
+	will remove all network drive connections:
+	</P
 ><P
-><I
-CLASS="EMPHASIS"
->I get told "Cannot join domain, the credentials supplied 
-conflict with an existing set.."</I
-></P
+>	<TT
+CLASS="PROMPT"
+>C:\WINNT\&#62;</TT
+> <B
+CLASS="COMMAND"
+>net use * /d</B
+>
+	</P
 ><P
->This is the same basic problem as mentioned above, "You already 
-have a connection..."</P
+>	Further, if the machine is a already a 'member of a workgroup' that 
+	is the same name as the domain you are joining (bad idea) you will 
+	get this message.  Change the workgroup name to something else, it 
+	does not matter what, reboot, and try again.
+	</P
+></LI
+><LI
 ><P
-><I
-CLASS="EMPHASIS"
->"The system can not log you on (C000019B)...."</I
-></P
+>	<EM
+>The system can not log you on (C000019B)....</EM
+>
+	</P
 ><P
 >I joined the domain successfully but after upgrading 
-to a newer version of the Samba code I get the message, "The system 
-can not log you on (C000019B), Please try a gain or consult your 
-system administrator" when attempting to logon.</P
+	to a newer version of the Samba code I get the message, "The system 
+	can not log you on (C000019B), Please try a gain or consult your 
+	system administrator" when attempting to logon.
+	</P
 ><P
->This occurs when the domain SID stored in 
-<TT
+>	This occurs when the domain SID stored in 
+	<TT
 CLASS="FILENAME"
 >private/WORKGROUP.SID</TT
 > is 
-changed.  For example, you remove the file and <B
+	changed.  For example, you remove the file and <B
 CLASS="COMMAND"
 >smbd</B
 > automatically 
-creates a new one.  Or you are swapping back and forth between 
-versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
-only way to correct the problem is to restore the original domain 
-SID or 	remove the domain client from the domain and rejoin.</P
+	creates a new one.  Or you are swapping back and forth between 
+	versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
+	only way to correct the problem is to restore the original domain 
+	SID or remove the domain client from the domain and rejoin.
+	</P
+></LI
+><LI
 ><P
+>	<EM
+>The machine account for this computer either does not 
+	exist or is not accessible.</EM
+>
+	</P
+><P
+>	When I try to join the domain I get the message "The machine account 
+	for this computer either does not exist or is not accessible". Whats 
+	wrong?
+	</P
+><P
+>	This problem is caused by the PDC not having a suitable machine account. 
+	If you are using the <TT
+CLASS="PARAMETER"
 ><I
-CLASS="EMPHASIS"
->"The machine account for this computer either does not 
-exist or is not accessible."</I
-></P
+>add user script</I
+></TT
+> method to create 
+	accounts then this would indicate that it has not worked. Ensure the domain 
+	admin user system is working.
+	</P
+><P
+>	Alternatively if you are creating account entries manually then they 
+	have not been created correctly. Make sure that you have the entry 
+	correct for the machine account in smbpasswd file on the Samba PDC. 
+	If you added the account using an editor rather than using the smbpasswd 
+	utility, make sure that the account name is the machine NetBIOS name 
+	with a '$' appended to it ( i.e. computer_name$ ). There must be an entry 
+	in both /etc/passwd and the smbpasswd file. Some people have reported 
+	that inconsistent subnet masks between the Samba server and the NT 
+	client have caused this problem.   Make sure that these are consistent 
+	for both client and server.
+	</P
+></LI
+><LI
 ><P
->When I try to join the domain I get the message "The machine account 
-for this computer either does not exist or is not accessible". Whats 
-wrong ?</P
+>	<EM
+>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
+	I get a message about my account being disabled.</EM
+>
+	</P
+><P
+>	This problem is caused by a PAM related bug in Samba 2.2.0.  This bug is 
+	fixed in 2.2.1.  Other symptoms could be unaccessible shares on 
+	NT/W2K member servers in the domain or the following error in your smbd.log:
+	passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%
+	</P
 ><P
->This problem is caused by the PDC not having a suitable machine account. 
-If you are using the <B
+>	At first be ensure to enable the useraccounts with <B
 CLASS="COMMAND"
->add user script =</B
-> method to create 
-accounts then this would indicate that it has not worked. Ensure the domain 
-admin user system is working.</P
+>smbpasswd -e 
+	%user%</B
+>, this is normally done, when you create an account.
+	</P
+><P
+>	In order to work around this problem in 2.2.0, configure the 
+	<TT
+CLASS="PARAMETER"
+><I
+>account</I
+></TT
+> control flag in 
+	<TT
+CLASS="FILENAME"
+>/etc/pam.d/samba</TT
+> file as follows:
+	</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>	account required        pam_permit.so
+	</PRE
+></TD
+></TR
+></TABLE
+></P
 ><P
->Alternatively if you are creating account entries manually then they 
-have not been created correctly. Make sure that you have the entry 
-correct for the machine account in smbpasswd file on the Samba PDC. 
-If you added the account using an editor rather than using the smbpasswd 
-utility, make sure that the account name is the machine netbios name 
-with a '$' appended to it ( ie. computer_name$ ). There must be an entry 
-in both /etc/passwd and the smbpasswd file. Some people have reported 
-that inconsistent subnet masks between the Samba server and the NT 
-client have caused this problem.   Make sure that these are consistent 
-for both client and server.</P
+>	If you want to remain backward compatibility to samba 2.0.x use
+	<TT
+CLASS="FILENAME"
+>pam_permit.so</TT
+>, it's also possible to use 
+	<TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>. There are some bugs if you try to 
+	use <TT
+CLASS="FILENAME"
+>pam_unix.so</TT
+>, if you need this, be ensure to use
+	the most recent version of this file.
+	</P
+></LI
+></UL
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN855"
->System Policies and Profiles</A
+NAME="AEN1287"
+>8.6. System Policies and Profiles</A
 ></H1
 ><P
 >Much of the information necessary to implement System Policies and
@@ -3875,97 +6330,107 @@ Profiles and Policies in Windows NT 4.0</A
 ><P
 >Here are some additional details:</P
 ><P
-><I
-CLASS="EMPHASIS"
->What about Windows NT Policy Editor ?</I
 ></P
+><UL
+><LI
 ><P
->To create or edit <TT
+>	<EM
+>What about Windows NT Policy Editor ?</EM
+>
+	</P
+><P
+>	To create or edit <TT
 CLASS="FILENAME"
 >ntconfig.pol</TT
 > you must use 
-the NT Server Policy Editor, <B
+	the NT Server Policy Editor, <B
 CLASS="COMMAND"
 >poledit.exe</B
 >	which 
-is included with NT Server but <I
-CLASS="EMPHASIS"
->not NT Workstation</I
+	is included with NT Server but <EM
+>not NT Workstation</EM
 >. 
-There is a Policy Editor on a NTws 
-but it is not suitable for creating <I
-CLASS="EMPHASIS"
->Domain Policies</I
+	There is a Policy Editor on a NTws 
+	but it is not suitable for creating <EM
+>Domain Policies</EM
 >. 
-Further, although the Windows 95 
-Policy Editor can be installed on an NT Workstation/Server, it will not
-work with NT policies because the registry key that are set by the policy templates. 
-However, the files from the NT Server will run happily enough on an NTws. 
-You need <TT
+	Further, although the Windows 95 
+	Policy Editor can be installed on an NT Workstation/Server, it will not
+	work with NT policies because the registry key that are set by the policy templates. 
+	However, the files from the NT Server will run happily enough on an NTws. 	
+	You need <TT
 CLASS="FILENAME"
 >poledit.exe, common.adm</TT
 > and <TT
 CLASS="FILENAME"
 >winnt.adm</TT
 >. It is convenient
-to put the two *.adm files in <TT
+	to put the two *.adm files in <TT
 CLASS="FILENAME"
 >c:\winnt\inf</TT
 > which is where
-the binary will look for them unless told otherwise. Note also that that 
-directory is 'hidden'.</P
+	the binary will look for them unless told otherwise. Note also that that 
+	directory is 'hidden'.
+	</P
 ><P
->The Windows NT policy editor is also included with the 
-Service Pack 3 (and later) for Windows NT 4.0. Extract the files using 
-<B
+>	The Windows NT policy editor is also included with the Service Pack 3 (and 
+	later) for Windows NT 4.0. Extract the files using <B
 CLASS="COMMAND"
 >servicepackname /x</B
->, ie thats <B
+>, 
+	i.e. that's <B
 CLASS="COMMAND"
->Nt4sp6ai.exe 
-/x</B
-> for service pack 6a.  The policy editor, <B
+>Nt4sp6ai.exe /x</B
+> for service pack 6a.  The policy editor, 
+	<B
 CLASS="COMMAND"
 >poledit.exe</B
-> and the 
-associated template files (*.adm) should
-be extracted as well.  It is also possible to downloaded the policy template 
-files for Office97 and get a copy of the policy editor.  Another possible 
-location is with the Zero Administration Kit available for download from Microsoft.</P
+> and the associated template files (*.adm) should
+	be extracted as well.  It is also possible to downloaded the policy template 
+	files for Office97 and get a copy of the policy editor.  Another possible 
+	location is with the Zero Administration Kit available for download from Microsoft.
+	</P
+></LI
+><LI
 ><P
-><I
-CLASS="EMPHASIS"
->Can Win95 do Policies ?</I
-></P
+>	<EM
+>Can Win95 do Policies ?</EM
+>
+	</P
 ><P
->Install the group policy handler for Win9x to pick up group 
-policies.   Look on the Win98 CD in <TT
+>	Install the group policy handler for Win9x to pick up group 
+	policies.   Look on the Win98 CD in <TT
 CLASS="FILENAME"
 >\tools\reskit\netadmin\poledit</TT
 >. 
-Install group policies on a Win9x client by double-clicking 
-<TT
+	Install group policies on a Win9x client by double-clicking 
+	<TT
 CLASS="FILENAME"
 >grouppol.inf</TT
 >. Log off and on again a couple of 
-times and see if Win98 picks up group policies.  Unfortunately this needs 
-to be done on every Win9x machine that uses group policies....</P
+	times and see if Win98 picks up group policies.  Unfortunately this needs 
+	to be done on every Win9x machine that uses group policies....
+	</P
 ><P
->If group policies don't work one reports suggests getting the updated 
-(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
-from /etc/group.</P
+>	If group policies don't work one reports suggests getting the updated 
+	(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
+	from /etc/group.
+	</P
+></LI
+><LI
 ><P
-><I
-CLASS="EMPHASIS"
->How do I get 'User Manager' and 'Server Manager'</I
-></P
+>	<EM
+>How do I get 'User Manager' and 'Server Manager'</EM
+>
+	</P
 ><P
->Since I don't need to buy an NT Server CD now, how do I get 
-the 'User Manager for Domains', the 'Server Manager' ?</P
+>	Since I don't need to buy an NT Server CD now, how do I get 
+	the 'User Manager for Domains', the 'Server Manager' ?
+	</P
 ><P
->Microsoft distributes a version of 
-these tools called nexus for installation on Windows 95 systems.  The 
-tools set includes</P
+>	Microsoft distributes a version of these tools called nexus for 
+	installation on Windows 95 systems.  The tools set includes
+	</P
 ><P
 ></P
 ><UL
@@ -3983,27 +6448,31 @@ tools set includes</P
 ></LI
 ></UL
 ><P
->Click here to download the archived file <A
+>	Click here to download the archived file <A
 HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"
 TARGET="_top"
 >ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A
-></P
+>
+	</P
 ><P
->The Windows NT 4.0 version of the 'User Manager for 
-Domains' and 'Server Manager' are available from Microsoft via ftp 
-from <A
+>	The Windows NT 4.0 version of the 'User Manager for 
+	Domains' and 'Server Manager' are available from Microsoft via ftp 
+	from <A
 HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"
 TARGET="_top"
 >ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A
-></P
+>
+	</P
+></LI
+></UL
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN895"
->What other help can I get ?</A
+NAME="AEN1331"
+>8.7. What other help can I get ?</A
 ></H1
 ><P
 >There are many sources of information available in the form 
@@ -4011,14 +6480,18 @@ of mailing lists, RFC's and documentation.  The docs that come
 with the samba distribution contain very good explanations of 
 general SMB topics such as browsing.</P
 ><P
-><I
-CLASS="EMPHASIS"
->What are some diagnostics tools I can use to debug the domain logon 
-process and where can I	find them?</I
 ></P
+><UL
+><LI
+><P
+>	<EM
+>What are some diagnostics tools I can use to debug the domain logon 
+	process and where can I	find them?</EM
+>
+	</P
 ><P
 >	One of the best diagnostic tools for debugging problems is Samba itself.  
-	You can use the -d option for both smbd and nmbd to specifiy what 
+	You can use the -d option for both smbd and nmbd to specify what 
 	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
 	smb.conf for more information on debugging options.  The debug 
 	level can range from 1 (the default) to 10 (100 for debugging passwords).
@@ -4057,7 +6530,7 @@ CLASS="COMMAND"
 ></UL
 ><P
 >	An SMB enabled version of tcpdump is available from 
-    <A
+	<A
 HREF="http://www.tcpdump.org/"
 TARGET="_top"
 >http://www.tcpdup.org/</A
@@ -4074,18 +6547,20 @@ TARGET="_top"
 	(aka. netmon) is available on the Microsoft Developer Network CD's, 
 	the Windows NT Server install CD and the SMS CD's.  The version of 
 	netmon that ships with SMS allows for dumping packets between any two 
-	computers (ie. placing the network interface in promiscuous mode).  
+	computers (i.e. placing the network interface in promiscuous mode).  
 	The version on the NT Server install CD will only allow monitoring 
 	of network traffic directed to the local NT box and broadcasts on the 
 	local subnet.  Be aware that Ethereal can read and write netmon 
 	formatted files.
 	</P
+></LI
+><LI
 ><P
-><I
-CLASS="EMPHASIS"
+>	<EM
 >How do I install 'Network Monitor' on an NT Workstation 
-or a Windows 9x box?</I
-></P
+	or a Windows 9x box?</EM
+>
+	</P
 ><P
 >	Installing netmon on an NT workstation requires a couple 
 	of steps.  The following are for installing Netmon V4.00.349, which comes 
@@ -4180,14 +6655,11 @@ CLASS="FILENAME"
 	information on how to do this.  Copy the files from a working 
 	Netmon installation.
 	</P
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN942"
->URLs and similar</A
-></H2
+></LI
+><LI
+><P
+>	The following is a list if helpful URLs and other links:
+	</P
 ><P
 ></P
 ><UL
@@ -4201,9 +6673,8 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
-> The <I
-CLASS="EMPHASIS"
->Development</I
+> The <EM
+>Development</EM
 > document 
 	on the Samba mirrors might mention your problem. If so,
 	it might mean that the developers are working on it.</P
@@ -4253,44 +6724,43 @@ TARGET="_top"
 ></P
 ></LI
 ></UL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN966"
->Mailing Lists</A
-></H2
+></LI
+></UL
 ><P
-><I
-CLASS="EMPHASIS"
->How do I get help from the mailing lists ?</I
 ></P
+><UL
+><LI
 ><P
->There are a number of Samba related mailing lists. Go to <A
+>	<EM
+>How do I get help from the mailing lists ?</EM
+>
+	</P
+><P
+>	There are a number of Samba related mailing lists. Go to <A
 HREF="http://samba.org"
 TARGET="_top"
 >http://samba.org</A
 >, click on your nearest mirror
-and then click on <B
+	and then click on <B
 CLASS="COMMAND"
 >Support</B
 > and then click on <B
 CLASS="COMMAND"
->Samba related mailing lists</B
->.</P
+>	Samba related mailing lists</B
+>.
+	</P
 ><P
->For questions relating to Samba TNG go to
-<A
+>	For questions relating to Samba TNG go to
+	<A
 HREF="http://www.samba-tng.org/"
 TARGET="_top"
 >http://www.samba-tng.org/</A
 > 
-It has been requested that you don't post questions about Samba-TNG to the
-main stream Samba lists.</P
+	It has been requested that you don't post questions about Samba-TNG to the
+	main stream Samba lists.</P
 ><P
->If you post a message to one of the lists please observe the following guide lines :</P
+>	If you post a message to one of the lists please observe the following guide lines :
+	</P
 ><P
 ></P
 ><UL
@@ -4329,7 +6799,7 @@ main stream Samba lists.</P
 ><LI
 ><P
 > Don't cross post. Work out which is the best list to post to 
-		and see what happens, ie don't post to both samba-ntdom and samba-technical.
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
         Many people active on the lists subscribe to more 
 		than one list and get annoyed to see the same message two or more times. 
 		Often someone will see a message and thinking it would be better dealt 
@@ -4337,9 +6807,8 @@ main stream Samba lists.</P
 ></LI
 ><LI
 ><P
->You might include <I
-CLASS="EMPHASIS"
->partial</I
+>You might include <EM
+>partial</EM
 >
         log files written at a debug level set to as much as 20.  
         Please don't send the entire log but enough to give the context of the 
@@ -4358,35 +6827,850 @@ CLASS="EMPHASIS"
         smb.conf in their attach directory ?</P
 ></LI
 ></UL
+></LI
+><LI
 ><P
-><I
-CLASS="EMPHASIS"
->How do I get off the mailing lists ?</I
-></P
+>	<EM
+>How do I get off the mailing lists ?</EM
+>
+	</P
 ><P
 >To have your name removed from a samba mailing list, go to the
-        same place you went to to get on it. Go to <A
+	same place you went to to get on it. Go to <A
 HREF="http://lists.samba.org/"
 TARGET="_top"
 >http://lists.samba.org</A
->, click 
-		on your nearest mirror and then click on <B
+>, 
+	click on your nearest mirror and then click on <B
 CLASS="COMMAND"
 >Support</B
 > and 
-		then click on <B
+	then click on <B
 CLASS="COMMAND"
 > Samba related mailing lists</B
 >. Or perhaps see 
-        <A
+	<A
 HREF="http://lists.samba.org/mailman/roster/samba-ntdom"
 TARGET="_top"
 >here</A
-></P
+>
+	</P
 ><P
 >	Please don't post messages to the list asking to be removed, you will just
-        be referred to the above address (unless that process failed in some way...)
-    </P
+	be referred to the above address (unless that process failed in some way...)
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1445"
+>8.8. Domain Control for Windows 9x/ME</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>The following section contains much of the original 
+DOMAIN.txt file previously included with Samba.  Much of 
+the material is based on what went into the book Special 
+Edition, Using Samba. (Richard Sharpe)</P
+></BLOCKQUOTE
+></DIV
+><P
+>A domain and a workgroup are exactly the same thing in terms of network
+browsing.  The difference is that a distributable authentication
+database is associated with a domain, for secure login access to a
+network.  Also, different access rights can be granted to users if they
+successfully authenticate against a domain logon server (NT server and 
+other systems based on NT server support this, as does at least Samba TNG now).</P
+><P
+>The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+Network browsing functionality of domains and workgroups is
+identical and is explained in BROWSING.txt. It should be noted, that browsing
+is total orthogonal to logon support.</P
+><P
+>Issues related to the single-logon network model are discussed in this
+document.  Samba supports domain logons, network logon scripts, and user
+profiles for MS Windows for workgroups and MS Windows 9X clients.</P
+><P
+>When an SMB client in a domain wishes to logon it broadcast requests for a
+logon server.  The first one to reply gets the job, and validates its
+password using whatever mechanism the Samba administrator has installed.
+It is possible (but very stupid) to create a domain where the user
+database is not shared between servers, i.e. they are effectively workgroup
+servers advertising themselves as participating in a domain.  This
+demonstrates how authentication is quite different from but closely
+involved with domains.</P
+><P
+>Another thing commonly associated with single-logon domains is remote
+administration over the SMB protocol.  Again, there is no reason why this
+cannot be implemented with an underlying username database which is
+different from the Windows NT SAM.  Support for the Remote Administration
+Protocol is planned for a future release of Samba.</P
+><P
+>Network logon support as discussed in this section is aimed at Window for
+Workgroups, and Windows 9X clients. </P
+><P
+>Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51.
+It is possible to specify: the profile location; script file to be loaded
+on login; the user's home directory; and for NT a kick-off time could also
+now easily be supported. However, there are some differences between Win9X
+profile support and WinNT profile support. These are discussed below.</P
+><P
+>With NT Workstations, all this does not require the use or intervention of
+an NT 4.0 or NT 3.51 server: Samba can now replace the logon services
+provided by an NT server, to a limited and experimental degree (for example,
+running "User Manager for Domains" will not provide you with access to
+a domain created by a Samba Server).</P
+><P
+>With Win95, the help of an NT server can be enlisted, both for profile storage
+and for user authentication.  For details on user authentication, see
+security_level.txt.  For details on profile storage, see below.</P
+><P
+>Using these features you can make your clients verify their logon via
+the Samba server; make clients run a batch file when they logon to
+the network and download their preferences, desktop and start menu.</P
+><P
+>Before launching into the configuration instructions, it is worthwhile looking
+at how a Win9X client performs a logon:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	The client broadcasts (to the IP broadcast address of the subnet it is in)
+	a NetLogon request. This is sent to the NetBIOS address DOMAIN&#60;00&#62; at the
+	NetBIOS layer.  The client chooses the first response it receives, which
+	contains the NetBIOS name of the logon server to use in the format of 
+	\\SERVER.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to that server, logs on (does an SMBsessetupX) and
+	then connects to the IPC$ share (using an SMBtconX).
+	</P
+></LI
+><LI
+><P
+>	The client then does a NetWkstaUserLogon request, which retrieves the name
+	of the user's logon script. 
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the NetLogon share and searches for this 	
+	and if it is found and can be read, is retrieved and executed by the client.
+	After this, the client disconnects from the NetLogon share.
+	</P
+></LI
+><LI
+><P
+>	The client then sends a NetUserGetInfo request to the server, to retrieve
+	the user's home share, which is used to search for profiles. Since the
+	response to the NetUserGetInfo request does not contain much more 	
+	the user's home share, profiles for Win9X clients MUST reside in the user
+	home directory.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the user's home share and searches for the 
+	user's profile. As it turns out, you can specify the user's home share as
+	a sharename and path. For example, \\server\fred\.profile.
+	If the profiles are found, they are implemented.
+	</P
+></LI
+><LI
+><P
+>	The client then disconnects from the user's home share, and reconnects to
+	the NetLogon share and looks for CONFIG.POL, the policies file. If this is
+	found, it is read and implemented.
+	</P
+></LI
+></OL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1475"
+>8.8.1. Configuration Instructions:	Network Logons</A
+></H2
+><P
+>To use domain logons and profiles you need to do the following:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Create a share called [netlogon] in your smb.conf. This share should
+	be readable by all users, and probably should not be writeable. This
+	share will hold your network logon scripts, and the CONFIG.POL file
+	(Note: for details on the CONFIG.POL file, how to use it, what it is,
+	refer to the Microsoft Windows NT Administration documentation.
+	The format of these files is not known, so you will need to use
+	Microsoft tools).
+	</P
+><P
+>	For example I have used:
+	</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>[netlogon]
+     path = /data/dos/netlogon
+     writeable = no
+     guest ok = no</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>	Note that it is important that this share is not writeable by ordinary
+	users, in a secure environment: ordinary users should not be allowed
+	to modify or add files that another user's computer would then download
+	when they log in.
+	</P
+></LI
+><LI
+><P
+>	in the [global] section of smb.conf set the following:
+	</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>domain logons = yes
+logon script = %U.bat
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>	The choice of batch file is, of course, up to you. The above would
+	give each user a separate batch file as the %U will be changed to
+	their username automatically. The other standard % macros may also be
+	used. You can make the batch files come from a subdirectory by using
+	something like:
+	</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon script = scripts\%U.bat
+	</PRE
+></TD
+></TR
+></TABLE
+></P
+></LI
+><LI
+><P
+>	create the batch files to be run when the user logs in. If the batch
+	file doesn't exist then no batch file will be run. 
+	</P
+><P
+>	In the batch files you need to be careful to use DOS style cr/lf line
+	endings. If you don't then DOS may get confused. I suggest you use a
+	DOS editor to remotely edit the files if you don't know how to produce
+	DOS style files under unix.
+	</P
+></LI
+><LI
+><P
+>	Use smbclient with the -U option for some users to make sure that
+	the \\server\NETLOGON share is available, the batch files are
+	visible and they are readable by the users.
+	</P
+></LI
+><LI
+><P
+>	you will probably find that your clients automatically mount the
+	\\SERVER\NETLOGON share as drive z: while logging in. You can put
+	some useful programs there to execute from the batch files.
+	</P
+></LI
+></OL
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>security mode and master browsers</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>There are a few comments to make in order to tie up some 
+loose ends.  There has been much debate over the issue of whether
+or not it is ok to configure Samba as a Domain Controller in security
+modes other than <TT
+CLASS="CONSTANT"
+>USER</TT
+>.  The only security mode 
+which  will not work due to technical reasons is <TT
+CLASS="CONSTANT"
+>SHARE</TT
+>
+mode security.  <TT
+CLASS="CONSTANT"
+>DOMAIN</TT
+> and <TT
+CLASS="CONSTANT"
+>SERVER</TT
+>
+mode security is really just a variation on SMB user level security.</P
+><P
+>Actually, this issue is also closer tied to the debate on whether 
+or not Samba must be the domain master browser for its workgroup
+when operating as a DC.  While it may technically be possible
+to configure a server as such (after all, browsing and domain logons
+are two distinctly different functions), it is not a good idea to
+so.  You should remember that the DC must register the DOMAIN#1b NetBIOS 
+name.  This is the name used by Windows clients to locate the DC.
+Windows clients do not distinguish between the DC and the DMB.
+For this reason, it is very wise to configure the Samba DC as the DMB.</P
+><P
+>Now back to the issue of configuring a Samba DC to use a mode other
+than "security = user".  If a Samba host is configured to use 
+another SMB server or DC in order to validate user connection 
+requests, then it is a fact that some other machine on the network 
+(the "password server") knows more about user than the Samba host.
+99% of the time, this other host is a domain controller.  Now 
+in order to operate in domain mode security, the "workgroup" parameter
+must be set to the name of the Windows NT domain (which already 
+has a domain controller, right?)</P
+><P
+>Therefore configuring a Samba box as a DC for a domain that 
+already by definition has a PDC is asking for trouble.
+Therefore, you should always configure the Samba DC to be the DMB
+for its domain.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1509"
+>8.8.2. Configuration Instructions:	Setting up Roaming User Profiles</A
+></H2
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+><EM
+>NOTE!</EM
+> Roaming profiles support is different 
+for Win9X and WinNT.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.</P
+><P
+>Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate 
+profiles location field, only the user's home share. This means that Win9X 
+profiles are restricted to being in the user's home directory.</P
+><P
+>WinNT clients send a NetSAMLogon RPC request, which contains many fields, 
+including a separate field for the location of the user's profiles. 
+This means that support for profiles is different for Win9X and WinNT.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1517"
+>8.8.2.1. Windows NT Configuration</A
+></H3
+><P
+>To support WinNT clients, inn the [global] section of smb.conf set the
+following (for example):</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile.  The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable. </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 26aug96 - we have discovered a problem where Windows clients can
+maintain a connection to the [homes] share in between logins.  The
+[homes] share must NOT therefore be used in a profile path.]</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1525"
+>8.8.2.2. Windows 9X Configuration</A
+></H3
+><P
+>To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use/home" now works as well, and it, too, relies
+on the "logon home" parameter.</P
+><P
+>By using the logon home parameter, you are restricted to putting Win9X 
+profiles in the user's home directory.   But wait! There is a trick you 
+can use. If you set the following in the [global] section of your 
+smb.conf file:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).</P
+><P
+>Not only that, but 'net use/home' will also work, because of a feature in 
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1533"
+>8.8.2.3. Win9X and WinNT Configuration</A
+></H3
+><P
+>You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U</PRE
+></TD
+></TR
+></TABLE
+></P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1540"
+>8.8.2.4. Windows 9X Profile Setup</A
+></H3
+><P
+>When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each.  You will need to use the [global]
+options "preserve case = yes", "short case preserve = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.</P
+><P
+>The user.DAT file contains all the user's preferences.  If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Passwords and
+	select the User Profiles tab.  Select the required level of
+	roaming preferences.  Press OK, but do _not_ allow the computer
+	to reboot.
+	</P
+></LI
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Network |
+	Client for Microsoft Networks | Preferences.  Select 'Log on to
+	NT Domain'.  Then, ensure that the Primary Logon is 'Client for
+	Microsoft Networks'.  Press OK, and this time allow the computer
+	to reboot.
+	</P
+></LI
+></OL
+><P
+>Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server.  If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.</P
+><P
+>You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password].  Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.</P
+><P
+>Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences?  Select 'yes'.</P
+><P
+>Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.</P
+><P
+>These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.</P
+><P
+>If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile.  Basically, if
+you have any errors reported by the w95 machine, check the unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.</P
+><P
+>If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below.  When this user then next logs in,
+they will be told that they are logging in "for the first time".</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	instead of logging in under the [user, password, domain] dialog,
+	press escape.
+	</P
+></LI
+><LI
+><P
+>	run the regedit.exe program, and look in:
+	</P
+><P
+>	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+	</P
+><P
+>	you will find an entry, for each user, of ProfilePath.  Note the
+	contents of this key (likely to be c:\windows\profiles\username),
+	then delete the key ProfilePath for the required user.
+	</P
+><P
+>	[Exit the registry editor].
+	</P
+></LI
+><LI
+><P
+>	<EM
+>WARNING</EM
+> - before deleting the contents of the 
+	directory listed in
+   the ProfilePath (this is likely to be c:\windows\profiles\username),
+   ask them if they have any important files stored on their desktop
+   or in their start menu.  delete the contents of the directory
+   ProfilePath (making a backup if any of the files are needed).
+	</P
+><P
+>   This will have the effect of removing the local (read-only hidden
+   system file) user.DAT in their profile directory, as well as the
+   local "desktop", "nethood", "start menu" and "programs" folders.
+	</P
+></LI
+><LI
+><P
+>	search for the user's .PWL password-caching file in the c:\windows
+	directory, and delete it.
+	</P
+></LI
+><LI
+><P
+>	log off the windows 95 client.
+	</P
+></LI
+><LI
+><P
+>	check the contents of the profile path (see "logon path" described
+	above), and delete the user.DAT or user.MAN file for the user,
+	making a backup if required.  
+	</P
+></LI
+></OL
+><P
+>If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.</P
+><P
+>If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server.  Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1576"
+>8.8.2.5. Windows NT Workstation 4.0</A
+></H3
+><P
+>When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created.  The profile location can be now specified
+through the "logon path" parameter.  </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i tried setting the path to
+\\samba-server\homes\profile, and discovered that this fails because
+a background process maintains the connection to the [homes] share
+which does _not_ close down in between user logins.  you have to
+have \\samba-server\%L\profile, where user is the username created
+from the [homes] share].</P
+></BLOCKQUOTE
+></DIV
+><P
+>There is a parameter that is now available for use with NT Profiles:
+"logon drive".  This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.</P
+><P
+>The entry for the NT 4.0 profile is a _directory_ not a file.  The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension.  The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension)
+[lkcl 10aug97 - i found that the creation of the .PDS directory failed,
+and had to create these manually for each user, with a shell script.
+also, i presume, but have not tested, that the full profile path must
+be browseable just as it is for w95, due to the manner in which they
+attempt to create the full profile path: test existence of each path
+component; create path component].</P
+><P
+>In the profile directory, NT creates more folders than 95.  It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs".  The profile itself is stored in a file
+NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.</P
+><P
+>You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you).  The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i notice that NT Workstation tells me that it is
+downloading a profile from a slow link.  whether this is actually the
+case, or whether there is some configuration issue, as yet unknown,
+that makes NT Workstation _think_ that the link is a slow one is a
+matter to be resolved].</P
+><P
+>[lkcl 20aug97 - after samba digest correspondence, one user found, and
+another confirmed, that profiles cannot be loaded from a samba server
+unless "security = user" and "encrypt passwords = yes" (see the file
+ENCRYPTION.txt) or "security = server" and "password server = ip.address.
+of.yourNTserver" are used.  Either of these options will allow the NT
+workstation to access the samba server using LAN manager encrypted
+passwords, without the user intervention normally required by NT
+workstation for clear-text passwords].</P
+><P
+>[lkcl 25aug97 - more comments received about NT profiles: the case of
+the profile _matters_.  the file _must_ be called NTuser.DAT or, for
+a mandatory profile, NTuser.MAN].</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1589"
+>8.8.2.6. Windows NT Server</A
+></H3
+><P
+>There is nothing to stop you specifying any path that you like for the
+location of users' profiles.  Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN1592"
+>8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</A
+></H3
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Potentially outdated or incorrect material follows</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>I think this is all bogus, but have not deleted it. (Richard Sharpe)</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>The default logon path is \\%N\U%.  NT Workstation will attempt to create
+a directory "\\samba-server\username.PDS" if you specify the logon path
+as "\\samba-server\username" with the NT User Manager.  Therefore, you
+will need to specify (for example) "\\samba-server\username\profile".
+NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which
+is more likely to succeed.</P
+><P
+>If you then want to share the same Start Menu / Desktop with W95, you will
+need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97
+this has its drawbacks: i created a shortcut to telnet.exe, which attempts
+to run from the c:\winnt\system32 directory.  this directory is obviously
+unlikely to exist on a Win95-only host].</P
+><P
+>&#13;If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 25aug97 - there are some issues to resolve with downloading of
+NT profiles, probably to do with time/date stamps.  i have found that
+NTuser.DAT is never updated on the workstation after the first time that
+it is copied to the local workstation profile directory.  this is in
+contrast to w95, where it _does_ transfer / update profiles correctly].</P
+></BLOCKQUOTE
+></DIV
+></DIV
 ></DIV
 ></DIV
 ><DIV
@@ -4394,16 +7678,38 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1005"
->DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+NAME="AEN1602"
+>8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
 ></H1
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Possibly Outdated Material</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
 ><P
->This appendix was originally authored by John H Terpstra of the Samba Team
-and is included here for posterity.</P
+>	This appendix was originally authored by John H Terpstra of 
+	the Samba Team and is included here for posterity.
+	</P
+></TD
+></TR
+></TABLE
+></DIV
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE :</I
+><EM
+>NOTE :</EM
 > 
 The term "Domain Controller" and those related to it refer to one specific
 method of authentication that can underly an SMB domain. Domain Controllers
@@ -4416,12 +7722,9 @@ Windows NT SAM.</P
 ><P
 >Windows NT Server can be installed as either a plain file and print server
 (WORKGROUP workstation or server) or as a server that participates in Domain
-Control (DOMAIN member, Primary Domain controller or Backup Domain controller).</P
-><P
->The same is true for OS/2 Warp Server, Digital Pathworks and other similar
-products, all of which can participate in Domain Control along with Windows NT.
-However only those servers which have licensed Windows NT code in them can be
-a primary Domain Controller (eg Windows NT Server, Advanced Server for Unix.)</P
+Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
+The same is true for OS/2 Warp Server, Digital Pathworks and other similar
+products, all of which can participate in Domain Control along with Windows NT.</P
 ><P
 >To many people these terms can be confusing, so let's try to clear the air.</P
 ><P
@@ -4472,7 +7775,7 @@ plain Servers.</P
 ><P
 >The User database is called the SAM (Security Access Manager) database and
 is used for all user authentication as well as for authentication of inter-
-process authentication (ie: to ensure that the service action a user has
+process authentication (i.e. to ensure that the service action a user has
 requested is permitted within the limits of that user's privileges).</P
 ><P
 >The Samba team have produced a utility that can dump the Windows NT SAM into 
@@ -4483,7 +7786,7 @@ to Samba systems.</P
 ><P
 >Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
 can participate in a Domain security system that is controlled by Windows NT
-servers that have been correctly configured. At most every domain will have
+servers that have been correctly configured. Almost every domain will have
 ONE Primary Domain Controller (PDC). It is desirable that each domain will
 have at least one Backup Domain Controller (BDC).</P
 ><P
@@ -4496,26 +7799,25 @@ within its registry.</P
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN1029"
->Chapter 7. Unifed Logons between Windows NT and UNIX using Winbind</A
+NAME="AEN1627"
+>Chapter 9. Unified Logons between Windows NT and UNIX using Winbind</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1047"
->Abstract</A
+NAME="AEN1645"
+>9.1. Abstract</A
 ></H1
 ><P
 >Integration of UNIX and Microsoft Windows NT through 
 	a unified logon has been considered a "holy grail" in heterogeneous 
-	computing environments for a long time. We present <I
-CLASS="EMPHASIS"
+	computing environments for a long time. We present <EM
 >winbind
-	</I
+	</EM
 >, a component of the Samba suite of programs as a 
-	solution to the unied logon problem. Winbind uses a UNIX implementation 
+	solution to the unified logon problem. Winbind uses a UNIX implementation 
 	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
 	Service Switch to allow Windows NT domain users to appear and operate 
 	as UNIX users on a UNIX machine. This paper describes the winbind 
@@ -4527,8 +7829,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1051"
->Introduction</A
+NAME="AEN1649"
+>9.2. Introduction</A
 ></H1
 ><P
 >It is well known that UNIX and Microsoft Windows NT have 
@@ -4546,7 +7848,7 @@ NAME="AEN1051"
 	can lead to synchronization problems between the UNIX and Windows 
 	systems and confusion for users.</P
 ><P
->We divide the unifed logon problem for UNIX machines into 
+>We divide the unified logon problem for UNIX machines into 
 	three smaller problems:</P
 ><P
 ></P
@@ -4573,7 +7875,7 @@ NAME="AEN1051"
 	information on the UNIX machines and without creating additional 
 	tasks for the system administrator when maintaining users and 
 	groups on either system. The winbind system provides a simple 
-	and elegant solution to all three components of the unifed logon 
+	and elegant solution to all three components of the unified logon 
 	problem.</P
 ></DIV
 ><DIV
@@ -4581,8 +7883,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1064"
->What Winbind Provides</A
+NAME="AEN1662"
+>9.3. What Winbind Provides</A
 ></H1
 ><P
 >Winbind unifies UNIX and Windows NT account management by 
@@ -4623,8 +7925,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1071"
->Target Uses</A
+NAME="AEN1669"
+>9.3.1. Target Uses</A
 ></H2
 ><P
 >Winbind is targeted at organizations that have an 
@@ -4647,8 +7949,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1075"
->How Winbind Works</A
+NAME="AEN1673"
+>9.4. How Winbind Works</A
 ></H1
 ><P
 >The winbind system is designed around a client/server 
@@ -4667,8 +7969,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1080"
->Microsoft Remote Procedure Calls</A
+NAME="AEN1678"
+>9.4.1. Microsoft Remote Procedure Calls</A
 ></H2
 ><P
 >Over the last two years, efforts have been underway 
@@ -4693,14 +7995,14 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1084"
->Name Service Switch</A
+NAME="AEN1682"
+>9.4.2. Name Service Switch</A
 ></H2
 ><P
 >The Name Service Switch, or NSS, is a feature that is 
 		present in many UNIX operating systems. It allows system 
 		information such as hostnames, mail aliases and user information 
-		to be resolved from dierent sources. For example, a standalone 
+		to be resolved from different sources. For example, a standalone 
 		UNIX workstation may resolve system information from a series of 
 		flat files stored on the local lesystem. A networked workstation 
 		may first attempt to resolve system information from local files, 
@@ -4729,7 +8031,7 @@ CLASS="FILENAME"
 		for a line which matches the service type being requested, for 
 		example the "passwd" service type is used when user or group names 
 		are looked up. This	config line species which implementations 
-		of that service should be tried andin what order. If the passwd 
+		of that service should be tried and in what order. If the passwd 
 		config line is:</P
 ><P
 ><B
@@ -4772,14 +8074,14 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1100"
->Pluggable Authentication Modules</A
+NAME="AEN1698"
+>9.4.3. Pluggable Authentication Modules</A
 ></H2
 ><P
 >Pluggable Authentication Modules, also known as PAM, 
 		is a system for abstracting authentication and authorization 
 		technologies. With a PAM module it is possible to specify different 
-		authentication methods for dierent system applications without 
+		authentication methods for different system applications without 
 		having to recompile these applications. PAM is also useful
 		for implementing a particular policy for authorization. For example, 
 		a system administrator may only allow console logins from users 
@@ -4794,7 +8096,7 @@ NAME="AEN1100"
 		this change take eect directly on the Primary Domain Controller.
 		</P
 ><P
->PAM is congured by providing control files in the directory 
+>PAM is configured by providing control files in the directory 
 		<TT
 CLASS="FILENAME"
 >/etc/pam.d/</TT
@@ -4821,16 +8123,16 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1108"
->User and Group ID Allocation</A
+NAME="AEN1706"
+>9.4.4. User and Group ID Allocation</A
 ></H2
 ><P
 >When a user or group is created under Windows NT 
-		is it allocated a numerical relative identier (RID). This is 
-		slightly dierent to UNIX which has a range of numbers which are 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers which are 
 		used to identify users, and the same range in which to identify 
 		groups. It is winbind's job to convert RIDs to UNIX id numbers and
-		vice versa.  When winbind is congured it is given part of the UNIX 
+		vice versa.  When winbind is configured it is given part of the UNIX 
 		user id space and a part of the UNIX group id space in which to 
 		store Windows NT users and groups. If a Windows NT user is 
 		resolved for the first time, it is allocated the next UNIX id from 
@@ -4847,8 +8149,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1112"
->Result Caching</A
+NAME="AEN1710"
+>9.4.5. Result Caching</A
 ></H2
 ><P
 >An active system can generate a lot of user and group 
@@ -4857,7 +8159,7 @@ NAME="AEN1112"
 		by NT domain controllers.  User or group information returned 
 		by a PDC is cached by winbind along with a sequence number also 
 		returned by the PDC. This sequence number is incremented by 
-		Windows NT whenever any user or group information is modied. If 
+		Windows NT whenever any user or group information is modified. If 
 		a cached entry has expired, the sequence number is requested from 
 		the PDC and compared against the sequence number of the cached entry. 
 		If the sequence numbers do not match, then the cached information 
@@ -4870,8 +8172,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1115"
->Installation and Configuration</A
+NAME="AEN1713"
+>9.5. Installation and Configuration</A
 ></H1
 ><P
 >The easiest way to install winbind is by using the packages 
@@ -4891,7 +8193,7 @@ CLASS="FILENAME"
 CLASS="COMMAND"
 >winbindd(8)</B
 > man page which will provide you 
-	with conguration information and give you sample conguration files. 
+	with configuration information and give you sample configuration files. 
 	You may also wish to update the main Samba daemons smbd and nmbd) 
 	with a more recent development release, such as the recently
 	announced Samba 2.2 alpha release.</P
@@ -4901,8 +8203,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1121"
->Limitations</A
+NAME="AEN1719"
+>9.6. Limitations</A
 ></H1
 ><P
 >Winbind has a number of limitations in its current 
@@ -4949,8 +8251,8 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1133"
->Conclusion</A
+NAME="AEN1731"
+>9.7. Conclusion</A
 ></H1
 ><P
 >The winbind system, through the use of the Name Service 
@@ -4965,786 +8267,24 @@ NAME="AEN1133"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="AEN1136"
->Chapter 8. UNIX Permission Bits and WIndows NT Access Control Lists</A
-></H1
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN1147"
->Viewing and changing UNIX permissions using the NT 
-	security dialogs</A
-></H1
-><P
->New in the Samba 2.0.4 release is the ability for Windows 
-	NT clients to use their native security settings dialog box to 
-	view and modify the underlying UNIX permissions.</P
-><P
->Note that this ability is careful not to compromise 
-	the security of the UNIX host Samba is running on, and 
-	still obeys all the file permission rules that a Samba 
-	administrator can set.</P
-><P
->In Samba 2.0.4 and above the default value of the 
-	parameter <A
-HREF="smb.conf.5.html#NTACLSUPPOR"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->	nt acl support</I
-></TT
-></A
-> has been changed from 
-	<TT
-CLASS="CONSTANT"
->false</TT
-> to <TT
-CLASS="CONSTANT"
->true</TT
->, so 
- 	manipulation of permissions is turned on by default.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN1156"
->How to view file security on a Samba share</A
-></H1
-><P
->From an NT 4.0 client, single-click with the right 
-	mouse button on any file or directory in a Samba mounted 
-	drive letter or UNC path. When the menu pops-up, click 
-	on the <I
-CLASS="EMPHASIS"
->Properties</I
-> entry at the bottom of 
-	the menu. This brings up the normal file properties dialog
-	box, but with Samba 2.0.4 this will have a new tab along the top
-	marked <I
-CLASS="EMPHASIS"
->Security</I
->. Click on this tab and you 
-	will see three buttons, <I
-CLASS="EMPHASIS"
->Permissions</I
->, 	
-	<I
-CLASS="EMPHASIS"
->Auditing</I
->, and <I
-CLASS="EMPHASIS"
->Ownership</I
->. 
-	The <I
-CLASS="EMPHASIS"
->Auditing</I
-> button will cause either 
-	an error message <SPAN
-CLASS="ERRORNAME"
->A requested privilege is not held 
-	by the client</SPAN
-> to appear if the user is not the 
-	NT Administrator, or a dialog which is intended to allow an 
-	Administrator to add auditing requirements to a file if the 
-	user is logged on as the NT Administrator. This dialog is 
-	non-functional with a Samba share at this time, as the only 
-	useful button, the <B
-CLASS="COMMAND"
->Add</B
-> button will not currently 
-	allow a list of users to be seen.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN1167"
->Viewing file ownership</A
-></H1
-><P
->Clicking on the <B
-CLASS="COMMAND"
->"Ownership"</B
-> button 
-	brings up a dialog box telling you who owns the given file. The 
-	owner name will be of the form :</P
-><P
-><B
-CLASS="COMMAND"
->"SERVER\user (Long name)"</B
-></P
-><P
->Where <TT
-CLASS="REPLACEABLE"
-><I
->SERVER</I
-></TT
-> is the NetBIOS name of 
-	the Samba server, <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-> is the user name of 
-	the UNIX user who owns the file, and <TT
-CLASS="REPLACEABLE"
-><I
->(Long name)</I
-></TT
->
-	is the discriptive string identifying the user (normally found in the
-	GECOS field of the UNIX password database). Click on the <B
-CLASS="COMMAND"
->Close
-	</B
-> button to remove this dialog.</P
-><P
->If the parameter <TT
-CLASS="PARAMETER"
-><I
->nt acl support</I
-></TT
->
-	is set to <TT
-CLASS="CONSTANT"
->false</TT
-> then the file owner will 
-	be shown as the NT user <B
-CLASS="COMMAND"
->"Everyone"</B
->.</P
-><P
->The <B
-CLASS="COMMAND"
->Take Ownership</B
-> button will not allow 
-	you to change the ownership of this file to yourself (clicking on 
-	it will display a dialog box complaining that the user you are 
-	currently logged onto the NT client cannot be found). The reason 
-	for this is that changing the ownership of a file is a privilaged 
-	operation in UNIX, available only to the <I
-CLASS="EMPHASIS"
->root</I
-> 
-	user. As clicking on this button causes NT to attempt to change 
-	the ownership of a file to the current user logged into the NT 
-	client this will not work with Samba at this time.</P
-><P
->There is an NT chown command that will work with Samba 
-	and allow a user with Administrator privillage connected 
-	to a Samba 2.0.4 server as root to change the ownership of 
-	files on both a local NTFS filesystem or remote mounted NTFS 
-	or Samba drive. This is available as part of the <I
-CLASS="EMPHASIS"
->Seclib
-	</I
-> NT security library written by Jeremy Allison of 
-	the Samba Team, available from the main Samba ftp site.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN1187"
->Viewing file or directory permissions</A
-></H1
-><P
->The third button is the <B
-CLASS="COMMAND"
->"Permissions"</B
-> 
-	button. Clicking on this brings up a dialog box that shows both 
-	the permissions and the UNIX owner of the file or directory. 
-	The owner is displayed in the form :</P
-><P
-><B
-CLASS="COMMAND"
->"SERVER\user (Long name)"</B
-></P
-><P
->Where <TT
-CLASS="REPLACEABLE"
-><I
->SERVER</I
-></TT
-> is the NetBIOS name of 
-	the Samba server, <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-> is the user name of 
-	the UNIX user who owns the file, and <TT
-CLASS="REPLACEABLE"
-><I
->(Long name)</I
-></TT
->
-	is the discriptive string identifying the user (normally found in the
-	GECOS field of the UNIX password database).</P
-><P
->If the parameter <TT
-CLASS="PARAMETER"
-><I
->nt acl support</I
-></TT
->
-	is set to <TT
-CLASS="CONSTANT"
->false</TT
-> then the file owner will 
-	be shown as the NT user <B
-CLASS="COMMAND"
->"Everyone"</B
-> and the 
-	permissions will be shown as NT "Full Control".</P
-><P
->The permissions field is displayed differently for files 
-	and directories, so I'll describe the way file permissions 
-	are displayed first.</P
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN1202"
->File Permissions</A
-></H2
-><P
->The standard UNIX user/group/world triple and 
-		the correspinding "read", "write", "execute" permissions 
-		triples are mapped by Samba into a three element NT ACL 
-		with the 'r', 'w', and 'x' bits mapped into the corresponding 
-		NT permissions. The UNIX world permissions are mapped into 
-		the global NT group <B
-CLASS="COMMAND"
->Everyone</B
->, followed 
-		by the list of permissions allowed for UNIX world. The UNIX 
-		owner and group permissions are displayed as an NT 
-		<B
-CLASS="COMMAND"
->user</B
-> icon and an NT <B
-CLASS="COMMAND"
->local 
-		group</B
-> icon respectively followed by the list 
-	 	of permissions allowed for the UNIX user and group.</P
-><P
->As many UNIX permission sets don't map into common 
-		NT names such as <B
-CLASS="COMMAND"
->"read"</B
->, <B
-CLASS="COMMAND"
->		"change"</B
-> or <B
-CLASS="COMMAND"
->"full control"</B
-> then 
-		usually the permissions will be prefixed by the words <B
-CLASS="COMMAND"
->		"Special Access"</B
-> in the NT display list.</P
-><P
->But what happens if the file has no permissions allowed 
-		for a particular UNIX user group or world component ? In order 
-		to  allow "no permissions" to be seen and modified then Samba 
-		overloads the NT <B
-CLASS="COMMAND"
->"Take Ownership"</B
-> ACL attribute 
-		(which has no meaning in UNIX) and reports a component with 
-		no permissions as having the NT <B
-CLASS="COMMAND"
->"O"</B
-> bit set. 
-		This was chosen of course to make it look like a zero, meaning 
-		zero permissions. More details on the decision behind this will 
-		be given below.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN1216"
->Directory Permissions</A
-></H2
-><P
->Directories on an NT NTFS file system have two 
-		different sets of permissions. The first set of permissions 
-		is the ACL set on the directory itself, this is usually displayed 
-		in the first set of parentheses in the normal <B
-CLASS="COMMAND"
->"RW"</B
-> 
-		NT style. This first set of permissions is created by Samba in 
-		exactly the same way as normal file permissions are, described 
-		above, and is displayed in the same way.</P
-><P
->The second set of directory permissions has no real meaning 
-		in the UNIX permissions world and represents the <B
-CLASS="COMMAND"
->		"inherited"</B
-> permissions that any file created within 
-		this directory would inherit.</P
-><P
->Samba synthesises these inherited permissions for NT by 
-		returning as an NT ACL the UNIX permission mode that a new file 
-		created by Samba on this share would receive.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN1223"
->Modifying file or directory permissions</A
-></H1
-><P
->Modifying file and directory permissions is as simple 
-	as changing the displayed permissions in the dialog box, and 
-	clicking the <B
-CLASS="COMMAND"
->OK</B
-> button. However, there are 
-	limitations that a user needs to be aware of, and also interactions 
-	with the standard Samba permission masks and mapping of DOS 
-	attributes that need to also be taken into account.</P
-><P
->If the parameter <TT
-CLASS="PARAMETER"
-><I
->nt acl support</I
-></TT
->
-	is set to <TT
-CLASS="CONSTANT"
->false</TT
-> then any attempt to set 
-	security permissions will fail with an <B
-CLASS="COMMAND"
->"Access Denied"
-	</B
-> message.</P
-><P
->The first thing to note is that the <B
-CLASS="COMMAND"
->"Add"</B
-> 
-	button will not return a list of users in Samba 2.0.4 (it will give 
-	an error message of <B
-CLASS="COMMAND"
->"The remote proceedure call failed 
-	and did not execute"</B
->). This means that you can only 
-	manipulate the current user/group/world permissions listed in 
-	the dialog box. This actually works quite well as these are the 
-	only permissions that UNIX actually has.</P
-><P
->If a permission triple (either user, group, or world) 
-	is removed from the list of permissions in the NT dialog box, 
-	then when the <B
-CLASS="COMMAND"
->"OK"</B
-> button is pressed it will 
-	be applied as "no permissions" on the UNIX side. If you then 
-	view the permissions again the "no permissions" entry will appear 
-	as the NT <B
-CLASS="COMMAND"
->"O"</B
-> flag, as described above. This 
-	allows you to add permissions back to a file or directory once 
-	you have removed them from a triple component.</P
-><P
->As UNIX supports only the "r", "w" and "x" bits of 
-	an NT ACL then if other NT security attributes such as "Delete 
-	access" are selected then they will be ignored when applied on 
-	the Samba server.</P
-><P
->When setting permissions on a directory the second 
-	set of permissions (in the second set of parentheses) is 
-	by default applied to all files within that directory. If this 
-	is not what you want you must uncheck the <B
-CLASS="COMMAND"
->"Replace 
-	permissions on existing files"</B
-> checkbox in the NT 
-	dialog before clicking <B
-CLASS="COMMAND"
->"OK"</B
->.</P
-><P
->If you wish to remove all permissions from a 
-	user/group/world  component then you may either highlight the 
-	component and click the <B
-CLASS="COMMAND"
->"Remove"</B
-> button, 
-	or set the component to only have the special <B
-CLASS="COMMAND"
->"Take
-	Ownership"</B
-> permission (dsplayed as <B
-CLASS="COMMAND"
->"O"
-	</B
->) highlighted.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN1245"
->Interaction with the standard Samba create mask 
-	parameters</A
-></H1
-><P
->Note that with Samba 2.0.5 there are four new parameters 
-	to control this interaction.  These are :</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->force security mode</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->directory security mask</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->force directory security mode</I
-></TT
-></P
-><P
->Once a user clicks <B
-CLASS="COMMAND"
->"OK"</B
-> to apply the 
-	permissions Samba maps the given permissions into a user/group/world 
-	r/w/x triple set, and then will check the changed permissions for a 
-	file against the bits set in the <A
-HREF="smb.conf.5.html#SECURITYMASK"
-TARGET="_top"
-> 
-	<TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
-></A
-> parameter. Any bits that 
-	were changed that are not set to '1' in this parameter are left alone 
-	in the file permissions.</P
-><P
->Essentially, zero bits in the <TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
->
-	mask may be treated as a set of bits the user is <I
-CLASS="EMPHASIS"
->not</I
-> 
-	allowed to change, and one bits are those the user is allowed to change.
-	</P
-><P
->If not set explicitly this parameter is set to the same value as 
-	the <A
-HREF="smb.conf.5.html#CREATEMASK"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->create mask
-	</I
-></TT
-></A
-> parameter to provide compatibility with Samba 2.0.4 
-	where this permission change facility was introduced. To allow a user to 
-	modify all the user/group/world permissions on a file, set this parameter 
-	to 0777.</P
-><P
->Next Samba checks the changed permissions for a file against 
-	the bits set in the <A
-HREF="smb.conf.5.html#FORCESECURITYMODE"
-TARGET="_top"
->	<TT
-CLASS="PARAMETER"
-><I
->force security mode</I
-></TT
-></A
-> parameter. Any bits 
-	that were changed that correspond to bits set to '1' in this parameter 
-	are forced to be set.</P
-><P
->Essentially, bits set in the <TT
-CLASS="PARAMETER"
-><I
->force security mode
-	</I
-></TT
-> parameter may be treated as a set of bits that, when 
-	modifying security on a file, the user has always set to be 'on'.</P
-><P
->If not set explicitly this parameter is set to the same value 
-	as the <A
-HREF="smb.conf.5.html#FORCECREATEMODE"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->force 
-	create mode</I
-></TT
-></A
-> parameter to provide compatibility
-	with Samba 2.0.4 where the permission change facility was introduced.
-	To allow a user to modify all the user/group/world permissions on a file,
-	with no restrictions set this parameter to 000.</P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->security mask</I
-></TT
-> and <TT
-CLASS="PARAMETER"
-><I
->force 
-	security mode</I
-></TT
-> parameters are applied to the change 
-	request in that order.</P
-><P
->For a directory Samba will perform the same operations as 
-	described above for a file except using the parameter <TT
-CLASS="PARAMETER"
-><I
->	directory security mask</I
-></TT
-> instead of <TT
-CLASS="PARAMETER"
-><I
->security 
-	mask</I
-></TT
->, and <TT
-CLASS="PARAMETER"
-><I
->force directory security mode
-	</I
-></TT
-> parameter instead of <TT
-CLASS="PARAMETER"
-><I
->force security mode
-	</I
-></TT
->.</P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->directory security mask</I
-></TT
-> parameter 
-	by default is set to the same value as the <TT
-CLASS="PARAMETER"
-><I
->directory mask
-	</I
-></TT
-> parameter and the <TT
-CLASS="PARAMETER"
-><I
->force directory security 
-	mode</I
-></TT
-> parameter by default is set to the same value as 
- 	the <TT
-CLASS="PARAMETER"
-><I
->force directory mode</I
-></TT
-> parameter to provide 
-	compatibility with Samba 2.0.4 where the permission change facility 
-	was introduced.</P
-><P
->In this way Samba enforces the permission restrictions that 
-	an administrator can set on a Samba share, whilst still allowing users 
-	to modify the permission bits within that restriction.</P
-><P
->If you want to set up a share that allows users full control
-	in modifying the permission bits on their files and directories and
-	doesn't force any particular bits to be set 'on', then set the following
-	parameters in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
-><TT
-CLASS="FILENAME"
->smb.conf(5)
-	</TT
-></A
-> file in that share specific section :</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->security mask = 0777</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->force security mode = 0</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->directory security mask = 0777</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->force directory security mode = 0</I
-></TT
-></P
-><P
->As described, in Samba 2.0.4 the parameters :</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->create mask</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->force create mode</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->directory mask</I
-></TT
-></P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->force directory mode</I
-></TT
-></P
-><P
->were used instead of the parameters discussed here.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN1309"
->Interaction with the standard Samba file attribute 
-	mapping</A
-></H1
-><P
->Samba maps some of the DOS attribute bits (such as "read 
-	only") into the UNIX permissions of a file. This means there can 
-	be a conflict between the permission bits set via the security 
-	dialog and the permission bits set by the file attribute mapping.
-	</P
-><P
->One way this can show up is if a file has no UNIX read access
-	for the owner it will show up as "read only" in the standard 
-	file attributes tabbed dialog. Unfortunately this dialog is
-	the same one that contains the security info in another tab.</P
-><P
->What this can mean is that if the owner changes the permissions
-	to allow themselves read access using the security dialog, clicks
-	<B
-CLASS="COMMAND"
->"OK"</B
-> to get back to the standard attributes tab 
-	dialog, and then clicks <B
-CLASS="COMMAND"
->"OK"</B
-> on that dialog, then 
-	NT will set the file permissions back to read-only (as that is what 
-	the attributes still say in the dialog). This means that after setting 
-	permissions and clicking <B
-CLASS="COMMAND"
->"OK"</B
-> to get back to the 
-	attributes dialog you should always hit <B
-CLASS="COMMAND"
->"Cancel"</B
-> 
-	rather than <B
-CLASS="COMMAND"
->"OK"</B
-> to ensure that your changes 
-	are not overridden.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="AEN1319"
->Chapter 9. OS2 Client HOWTO</A
+NAME="AEN1734"
+>Chapter 10. OS2 Client HOWTO</A
 ></H1
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1330"
->FAQs</A
+NAME="AEN1745"
+>10.1. FAQs</A
 ></H1
 ><DIV
 CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1332"
->How can I configure OS/2 Warp Connect or 
+NAME="AEN1747"
+>10.1.1. How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?</A
 ></H2
 ><P
@@ -5802,8 +8342,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1347"
->How can I configure OS/2 Warp 3 (not Connect), 
+NAME="AEN1762"
+>10.1.2. How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?</A
 ></H2
 ><P
@@ -5823,12 +8363,21 @@ TARGET="_top"
 		a nutshell, edit the file \OS2VER in the root directory of 
 		the OS/2 boot partition and add the lines:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		20=setup.exe
 		20=netwksta.sys
 		20=netvdd.sys
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >before you install the client. Also, don't use the 
@@ -5846,8 +8395,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1356"
->Are there any other issues when OS/2 (any version) 
+NAME="AEN1771"
+>10.1.3. Are there any other issues when OS/2 (any version) 
 		is used as a client?</A
 ></H2
 ><P
@@ -5868,8 +8417,8 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1360"
->How do I get printer driver download working 
+NAME="AEN1775"
+>10.1.4. How do I get printer driver download working 
 		for OS/2 clients?</A
 ></H2
 ><P
@@ -5880,7 +8429,7 @@ NAME="AEN1360"
 		driver from an OS/2 system.</P
 ><P
 >Install the NT driver first for that printer.  Then, 
-		add to your smb.conf a paramater, "os2 driver map = 
+		add to your smb.conf a parameter, "os2 driver map = 
 		<TT
 CLASS="REPLACEABLE"
 ><I
@@ -5896,8 +8445,8 @@ CLASS="REPLACEABLE"
 		name of the NT driver name to the OS/2 driver name as 
 		follows:</P
 ><P
->&lt;nt driver name&gt; = &lt;os2 driver 
-		name&gt;.&lt;device name&gt;, e.g.:
+>&#60;nt driver name&#62; = &#60;os2 driver 
+		name&#62;.&#60;device name&#62;, e.g.:
 		HP LaserJet 5L = LASERJET.HP LaserJet 5L</P
 ><P
 >You can have multiple drivers mapped in this file.</P
@@ -5912,6 +8461,178 @@ CLASS="REPLACEABLE"
 ></DIV
 ></DIV
 ></DIV
+><DIV
+CLASS="CHAPTER"
+><HR><H1
+><A
+NAME="AEN1784"
+>Chapter 11. HOWTO Access Samba source code via CVS</A
+></H1
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN1791"
+>11.1. Introduction</A
+></H1
+><P
+>Samba is developed in an open environment.  Developers use CVS
+(Concurrent Versioning System) to "checkin" (also known as 
+"commit") new source code.  Samba's various CVS branches can
+be accessed via anonymous CVS using the instructions
+detailed in this chapter.</P
+><P
+>This document is a modified version of the instructions found at
+<A
+HREF="http://samba.org/samba/cvs.html"
+TARGET="_top"
+>http://samba.org/samba/cvs.html</A
+></P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1796"
+>11.2. CVS Access to samba.org</A
+></H1
+><P
+>The machine samba.org runs a publicly accessible CVS 
+repository for access to the source code of several packages, 
+including samba, rsync and jitterbug. There are two main ways of 
+accessing the CVS server on this host.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1799"
+>11.2.1. Access via CVSweb</A
+></H2
+><P
+>You can access the source code via your 
+favourite WWW browser. This allows you to access the contents of 
+individual files in the repository and also to look at the revision 
+history and commit logs of individual files. You can also ask for a diff 
+listing between any two versions on the repository.</P
+><P
+>Use the URL : <A
+HREF="http://samba.org/cgi-bin/cvsweb"
+TARGET="_top"
+>http://samba.org/cgi-bin/cvsweb</A
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1804"
+>11.2.2. Access via cvs</A
+></H2
+><P
+>You can also access the source code via a 
+normal cvs client.  This gives you much more control over you can 
+do with the repository and allows you to checkout whole source trees 
+and keep them up to date via normal cvs commands. This is the 
+preferred method of access if you are a developer and not
+just a casual browser.</P
+><P
+>To download the latest cvs source code, point your
+browser at the URL : <A
+HREF="http://www.cyclic.com/"
+TARGET="_top"
+>http://www.cyclic.com/</A
+>.
+and click on the 'How to get cvs' link. CVS is free software under 
+the GNU GPL (as is Samba).  Note that there are several graphical CVS clients
+which provide a graphical interface to the sometimes mundane CVS commands.
+Links to theses clients are also available from http://www.cyclic.com.</P
+><P
+>To gain access via anonymous cvs use the following steps. 
+For this example it is assumed that you want a copy of the 
+samba source code. For the other source code repositories 
+on this system just substitute the correct package name</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Install a recent copy of cvs. All you really need is a 
+	copy of the cvs client binary. 
+	</P
+></LI
+><LI
+><P
+>	Run the command 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot login</B
+>
+	</P
+><P
+>	When it asks you for a password type <TT
+CLASS="USERINPUT"
+><B
+>cvs</B
+></TT
+>.
+	</P
+></LI
+><LI
+><P
+>	Run the command 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</B
+>
+	</P
+><P
+>	This will create a directory called samba containing the 
+	latest samba source code (i.e. the HEAD tagged cvs branch). This 
+	currently corresponds to the 3.0 development tree. 
+	</P
+><P
+>	CVS branches other HEAD can be obtained by using the <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+>
+	and defining a tag name.  A list of branch tag names can be found on the
+	"Development" page of the samba web site.  A common request is to obtain the
+	latest 2.2 release code.  This could be done by using the following command.
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</B
+>
+	</P
+></LI
+><LI
+><P
+>	Whenever you want to merge in the latest code changes use 
+	the following command from within the samba directory: 
+	</P
+><P
+>	<B
+CLASS="COMMAND"
+>cvs update -d -P</B
+>
+	</P
+></LI
+></OL
+></DIV
+></DIV
+></DIV
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html
index 668f7f9aff3..1c67649f4ca 100644
--- a/docs/htmldocs/Samba-PDC-HOWTO.html
+++ b/docs/htmldocs/Samba-PDC-HOWTO.html
@@ -1,7 +1,7 @@
 <HTML
 ><HEAD
 ><TITLE
->How to Configure Samba 2.2.x as a Primary Domain Controller</TITLE
+>How to Configure Samba 2.2 as a Primary Domain Controller</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
@@ -20,7 +20,7 @@ CLASS="TITLEPAGE"
 CLASS="TITLE"
 ><A
 NAME="AEN1"
->How to Configure Samba 2.2.x as a Primary Domain Controller</A
+>How to Configure Samba 2.2 as a Primary Domain Controller</A
 ></H1
 ><HR></DIV
 ><DIV
@@ -29,44 +29,127 @@ CLASS="SECT1"
 CLASS="SECT1"
 ><A
 NAME="AEN3"
+>Prerequisite Reading</A
+></H1
+><P
+>Before you continue reading in this chapter, please make sure 
+that you are comfortable with configuring basic files services
+in smb.conf and how to enable and administer password 
+encryption in Samba.  Theses two topics are covered in the
+<A
+HREF="smb.conf.5.html"
+TARGET="_top"
+><TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+></A
+> 
+manpage and the <A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>Encryption chapter</A
+> 
+of this HOWTO Collection.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN9"
 >Background</A
 ></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
 ><P
+><B
+>Note: </B
 ><I
 CLASS="EMPHASIS"
 >Author's Note :</I
-> This document
-is a combination of David Bannon's Samba 2.2 PDC HOWTO
-and the Samba NT Domain FAQ. Both documents are superceeded by this one.</P
+> This document is a combination 
+of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. 
+Both documents are superseded by this one.</P
+></BLOCKQUOTE
+></DIV
 ><P
 >Version of Samba prior to release 2.2 had marginal capabilities to
-act as a Windows NT 4.0 Primary Domain Controller (PDC).  The following 
-functionality should work in 2.2.0:</P
+act as a Windows NT 4.0 Primary Domain Controller (PDC).  Beginning with 
+Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 
+style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through 
+SP1) clients.  This article outlines the steps necessary for configuring Samba 
+as a PDC.  It is necessary to have a working Samba server prior to implementing the 
+PDC functionality.  If you have not followed the steps outlined in 
+<A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+> UNIX_INSTALL.html</A
+>, please make sure 
+that your server is configured correctly before proceeding.  Another good 
+resource in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) man 
+page</A
+>. The following  functionality should work in 2.2:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->domain logons for Windows NT 4.0/2000 clients</P
+>	domain logons for Windows NT 4.0/2000 clients.
+	</P
 ></LI
 ><LI
 ><P
->placing a Windows 9x client in user level security</P
+>	placing a Windows 9x client in user level security
+	</P
 ></LI
 ><LI
 ><P
->retrieving a list of users and groups from a Samba PDC to
-	Windows 9x/NT/2000 clients </P
+>	retrieving a list of users and groups from a Samba PDC to
+	Windows 9x/NT/2000 clients
+	</P
 ></LI
 ><LI
 ><P
->roving user profiles</P
+>	roving (roaming) user profiles
+	</P
 ></LI
 ><LI
 ><P
->Windows NT 4.0 style system policies</P
+>	Windows NT 4.0 style system policies
+	</P
 ></LI
 ></UL
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Windows 2000 Service Pack 2 Clients</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	Samba 2.2.1 is required for PDC functionality when using Windows 2000 
+	SP2 clients. 
+	</P
+></TD
+></TR
+></TABLE
+></DIV
 ><P
 >The following pieces of functionality are not included in the 2.2 release:</P
 ><P
@@ -74,21 +157,25 @@ functionality should work in 2.2.0:</P
 ><UL
 ><LI
 ><P
->Windows NT 4 domain trusts</P
+>	Windows NT 4 domain trusts
+	</P
 ></LI
 ><LI
 ><P
->Sam replication with Windows NT 4.0 Domain Controllers
-	(i.e. a Samba PDC and a Windows NT BDC or vice versa) </P
+>	SAM replication with Windows NT 4.0 Domain Controllers
+	(i.e. a Samba PDC and a Windows NT BDC or vice versa) 
+	</P
 ></LI
 ><LI
 ><P
->Adding users via the User Manager for Domains</P
+>	Adding users via the User Manager for Domains
+	</P
 ></LI
 ><LI
 ><P
->Acting as a Windows 2000 Domain Controller (i.e. Kerberos
-	and Active Directory)</P
+>	Acting as a Windows 2000 Domain Controller (i.e. Kerberos and 
+	Active Directory)
+	</P
 ></LI
 ></UL
 ><P
@@ -98,25 +185,6 @@ support Windows 9x style domain logons is completely different
 from NT4 domain logons and has been officially supported for some 
 time.</P
 ><P
->Beginning with Samba 2.2.0, we are proud to announce official 
-support for Windows NT 4.0 style domain logons from Windows NT
-4.0 and Windows 2000 (including SP1) clients.  This article 
-outlines the steps necessary for configuring Samba as a PDC.
-Note that it is necessary to have a working Samba server
-prior to implementing the PDC functionality.  If you have not 
-followed the steps outlined in <A
-HREF="UNIX_INSTALL.html"
-TARGET="_top"
->UNIX_INSTALL.html</A
->, please make sure that your server 
-is configured correctly before proceeding.  Another good 
-resource in the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5) man 
-page</A
->.</P
-><P
 >Implementing a Samba PDC can basically be divided into 2 broad
 steps.</P
 ><P
@@ -125,13 +193,14 @@ steps.</P
 TYPE="1"
 ><LI
 ><P
->Configuring the Samba Domain Controller
+>	Configuring the Samba PDC
 	</P
 ></LI
 ><LI
 ><P
->Creating machine trust accounts
-	and joining clients to the domain</P
+>	Creating machine trust accounts	and joining clients 
+	to the domain
+	</P
 ></LI
 ></OL
 ><P
@@ -145,7 +214,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN40"
+NAME="AEN49"
 >Configuring the Samba Domain Controller</A
 ></H1
 ><P
@@ -251,7 +320,7 @@ TARGET="_top"
 > = \\homeserver\%u
     
     ; specify a generic logon script for all users
-    ; this is a relative path to the [netlogon] share
+    ; this is a relative **DOS** path to the [netlogon] share
     <A
 HREF="smb.conf.5.html#LOGONSCRIPT"
 TARGET="_top"
@@ -305,16 +374,14 @@ TARGET="_top"
 > = 0700</PRE
 ></P
 ><P
->There are a couple of points to emphasize in the above
-configuration.</P
+>There are a couple of points to emphasize in the above configuration.</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->encrypted passwords must be enabled.
-	For more details on how to do this, refer to 
-	<A
+>	Encrypted passwords must be enabled.  For more details on how 
+	to do this, refer to <A
 HREF="ENCRYPTION.html"
 TARGET="_top"
 >ENCRYPTION.html</A
@@ -323,23 +390,27 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->The server must support domain logons
-	and a <TT
+>	The server must support domain logons and a
+	<TT
 CLASS="FILENAME"
 >[netlogon]</TT
-> share</P
+> share
+	</P
 ></LI
 ><LI
 ><P
->The server must be the domain master browser
-	in order for Windows client to locate the server as a DC.</P
+>	The server must be the domain master browser in order for Windows 
+	client to locate the server as a DC.  Please refer to the various 
+	Network Browsing documentation included with this distribution for 
+	details.
+	</P
 ></LI
 ></UL
 ><P
 >As Samba 2.2 does not offer a complete implementation of group mapping between 
 Windows NT groups and UNIX groups (this is really quite complicated to explain 
 in a short space), you should refer to the <A
-HREF="smb.conf.5.html#DOMAINADMONUSERS"
+HREF="smb.conf.5.html#DOMAINADMINUSERS"
 TARGET="_top"
 >domain 
 admin users</A
@@ -356,28 +427,38 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN83"
+NAME="AEN92"
 >Creating Machine Trust Accounts and Joining Clients 
 to the Domain</A
 ></H1
 ><P
->First you must understand what a machine trust account is and what 
-it is used for.</P
-><P
->A machine trust account is a user account owned by a computer.  
+>A machine trust account is a samba user account owned by a computer.  
 The account password acts as the shared secret for secure 
-communication with the Domain Controller.  Hence the reason that
-a Windows 9x host is never a true member of a domain because
-it does not posses a machine trust account and thus has no shared
-secret with the DC.</P
+communication with the Domain Controller.  This is a security feature
+to prevent an unauthorized machine with the same NetBIOS name from 
+joining the domain and gaining access to domain user/group accounts.  
+Hence a Windows 9x host is never a true member of a domain because it does 
+not posses a machine trust account, and thus has no shared secret with the DC.</P
 ><P
 >On a Windows NT PDC, these machine trust account passwords are stored
-in the registry.  A Samba PDC stores these accounts in he same location
+in the registry.  A Samba PDC stores these accounts in the same location
 as user LanMan and NT password hashes (currently <TT
 CLASS="FILENAME"
 >smbpasswd</TT
 >).
-However, machine trust accounts only possess the NT password hash.</P
+However, machine trust accounts only possess and use the NT password hash.</P
+><P
+>Because Samba requires machine accounts to possess a UNIX uid from
+which an Windows NT SID can be generated, all of these accounts
+must have an entry in <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> and smbpasswd.  
+Future releases will alleviate the need to create 
+<TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+> entries.  </P
 ><P
 >There are two means of creating machine trust accounts.</P
 ><P
@@ -385,30 +466,52 @@ However, machine trust accounts only possess the NT password hash.</P
 ><UL
 ><LI
 ><P
->Manual creation before joining the client
-	to the domain.  In this case, the password is set to a known
-	value -- the lower case of the machine's netbios name.</P
+>	Manual creation before joining the client to the domain.  In this case, 
+	the password is set to a known value -- the lower case of the 
+	machine's NetBIOS name.
+	</P
 ></LI
 ><LI
 ><P
->Creation of the account at the time of 
-	joining the domain.  In this case, the session key of the 
-	administrative account used to join the client to the domain acts
-	as an encryption key for setting the password to a random value.</P
+>	Creation of the account at the time of joining the domain.  In 
+	this case, the session key of the administrative account used to join 
+	the client to the domain acts as an encryption key for setting the 
+	password to a random value (This is the recommended method).
+	</P
 ></LI
 ></UL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN106"
+>Manually creating machine trust accounts</A
+></H2
 ><P
->Because Samba requires machine accounts to possess a UNIX uid from
-which an Windows NT SID can be generated, all of these accounts
-will have an entry in <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> and smbpasswd.  
-Future releases will alleviate the need to create 
-<TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> entries.</P
+>The first step in creating a machine trust account by hand is to 
+create an entry for the machine in /etc/passwd.  This can be done 
+using <B
+CLASS="COMMAND"
+>vipw</B
+> or any 'add userr' command which is normally 
+used to create new UNIX accounts.  The following is an example for a Linux 
+based Samba server:</P
+><P
+><TT
+CLASS="PROMPT"
+>root# </TT
+>/usr/sbin/useradd -g 100 -d /dev/null -c <TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+> -m -s /bin/false <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+>$</P
 ><P
 >The <TT
 CLASS="FILENAME"
@@ -423,20 +526,40 @@ CLASS="FILENAME"
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->doppy$:x:505:501:NTMachine:/dev/null:/bin/false</PRE
+>doppy$:x:505:501:<TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+>:/dev/null:/bin/false</PRE
 ></P
 ><P
->If you are manually creating the machine accounts, it is necessary
-to add the <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> (or NIS passwd
-map) entry prior to adding the <TT
-CLASS="FILENAME"
->smbpasswd</TT
->
-entry.  The following command will create a new machine account
-ready for use.</P
+>Above, <TT
+CLASS="REPLACEABLE"
+><I
+>machine_nickname</I
+></TT
+> can be any descriptive name for the
+pc i.e. BasementComputer. The <TT
+CLASS="REPLACEABLE"
+><I
+>machine_name</I
+></TT
+> absolutely must be 
+the NetBIOS name of the pc to be added to the domain.  The "$" must append the NetBIOS
+name of the pc or samba will not recognize this as a machine account</P
+><P
+>Now that the UNIX account has been created, the next step is to create 
+the smbpasswd entry for the machine containing the well known initial 
+trust account password.  This can be done using the <A
+HREF="smbpasswd.6.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+> command 
+as shown here:</P
 ><P
 ><TT
 CLASS="PROMPT"
@@ -453,168 +576,284 @@ CLASS="REPLACEABLE"
 ><I
 >machine_name</I
 ></TT
-> is the machine's netbios
-name.</P
+> is the machine's NetBIOS
+name. </P
+><DIV
+CLASS="WARNING"
 ><P
-><I
-CLASS="EMPHASIS"
->If you manually create a machine account, immediately join
-the client to the domain.</I
->  An open account like this
-can allow intruders to gain access to user account information
-in your domain.</P
-><P
->The second way of creating machine trust accounts is to add
-them on the fly at the time the client is joined to the domain.
-You will need to include a value for the 
-<A
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Join the client to the domain immediately</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	Manually creating a machine trust account using this method is the 
+	equivalent of creating a machine account on a Windows NT PDC using 
+	the "Server Manager".  From the time at which the account is created
+	to the time which th client joins the domain and changes the password,
+	your domain is vulnerable to an intruder joining your domain using a
+	a machine with the same NetBIOS name.  A PDC inherently trusts
+	members of the domain and will serve out a large degree of user 
+	information to such clients.  You have been warned!
+	</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN134"
+>Creating machine trust accounts "on the fly"</A
+></H2
+><P
+>The second, and most recommended way of creating machine trust accounts 
+is to create them as needed at the time the client is joined to 
+the domain.  You will need to include a value for the <A
 HREF="smb.conf.5.html#ADDUSERSCRIPT"
 TARGET="_top"
 >add user script</A
 >
-parameter.  Below is an example I use on a RedHat 6.2 Linux system.</P
+parameter.  Below is an example from a RedHat 6.2 Linux system.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE
 ></P
 ><P
->In Samba 2.2.0, <I
+>In Samba 2.2.1, <I
 CLASS="EMPHASIS"
 >only the root account</I
 > can be used to create
-machine accounts on the fly like this.  Therefore, it is required
-to create an entry in smbpasswd for <I
+machine accounts like this.  Therefore, it is required to create 
+an entry in smbpasswd for <I
 CLASS="EMPHASIS"
 >root</I
->.
-The password <I
+>.  The password 
+<I
 CLASS="EMPHASIS"
 >SHOULD</I
-> be set to s different
-password that the associated <TT
+> be set to s different password that the 
+associated <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
->
-entry for security reasons.</P
+> entry for security reasons.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN122"
+NAME="AEN145"
 >Common Problems and Errors</A
 ></H1
 ><P
 ></P
 ><P
-><I
+></P
+><UL
+><LI
+><P
+>	<I
 CLASS="EMPHASIS"
 >I cannot include a '$' in a machine name.</I
-></P
+>
+	</P
 ><P
->A 'machine name' in (typically) <TT
+>	A 'machine name' in (typically) <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
 > 	
-of the machine name with a '$' appended. FreeBSD (and other BSD 
-systems ?) won't create a user with a '$' in their name.</P
+	of the machine name with a '$' appended. FreeBSD (and other BSD 
+	systems ?) won't create a user with a '$' in their name.
+	</P
 ><P
->The problem is only in the program used to make the entry, once 
-made, it works perfectly. So create a user without the '$' and 
-use <B
+>	The problem is only in the program used to make the entry, once 
+	made, it works perfectly. So create a user without the '$' and 
+	use <B
 CLASS="COMMAND"
 >vipw</B
 > to edit the entry, adding the '$'. Or create 
-the whole entry with vipw if you like, make sure you use a 
-unique uid !</P
+	the whole entry with vipw if you like, make sure you use a 
+	unique uid !
+	</P
+></LI
+><LI
 ><P
-><I
+>	<I
 CLASS="EMPHASIS"
 >I get told "You already have a connection to the Domain...." 
-when creating a machine account.</I
-></P
-><P
->This happens if you try to create a machine account from the 
-machine itself and use a user name that does not work (for whatever 
-reason) and then try another (possibly valid) user name.
-Exit out of the network applet to close the initial connection 
-and try again.</P
+	or "Cannot join domain, the credentials supplied conflict with an 
+	existing set.." when creating a machine account.</I
+>
+	</P
 ><P
->Further, if the machine is a already a 'member of a workgroup' that 
-is the same name as the domain you are joining (bad idea) you will 
-get this message.  Change the workgroup name to something else, it 
-does not matter what, reboot, and try again.</P
+>	This happens if you try to create a machine account from the 
+	machine itself and already have a connection (e.g. mapped drive) 
+	to a share (or IPC$) on the Samba PDC.  The following command
+	will remove all network drive connections:
+	</P
 ><P
-><I
-CLASS="EMPHASIS"
->I get told "Cannot join domain, the credentials supplied 
-conflict with an existing set.."</I
-></P
+>	<TT
+CLASS="PROMPT"
+>C:\WINNT\&#62;</TT
+> <B
+CLASS="COMMAND"
+>net use * /d</B
+>
+	</P
 ><P
->This is the same basic problem as mentioned above, "You already 
-have a connection..."</P
+>	Further, if the machine is a already a 'member of a workgroup' that 
+	is the same name as the domain you are joining (bad idea) you will 
+	get this message.  Change the workgroup name to something else, it 
+	does not matter what, reboot, and try again.
+	</P
+></LI
+><LI
 ><P
-><I
+>	<I
 CLASS="EMPHASIS"
->"The system can not log you on (C000019B)...."</I
-></P
+>The system can not log you on (C000019B)....</I
+>
+	</P
 ><P
 >I joined the domain successfully but after upgrading 
-to a newer version of the Samba code I get the message, "The system 
-can not log you on (C000019B), Please try a gain or consult your 
-system administrator" when attempting to logon.</P
+	to a newer version of the Samba code I get the message, "The system 
+	can not log you on (C000019B), Please try a gain or consult your 
+	system administrator" when attempting to logon.
+	</P
 ><P
->This occurs when the domain SID stored in 
-<TT
+>	This occurs when the domain SID stored in 
+	<TT
 CLASS="FILENAME"
 >private/WORKGROUP.SID</TT
 > is 
-changed.  For example, you remove the file and <B
+	changed.  For example, you remove the file and <B
 CLASS="COMMAND"
 >smbd</B
 > automatically 
-creates a new one.  Or you are swapping back and forth between 
-versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
-only way to correct the problem is to restore the original domain 
-SID or 	remove the domain client from the domain and rejoin.</P
+	creates a new one.  Or you are swapping back and forth between 
+	versions 2.0.7, TNG and the HEAD branch code (not recommended).  The 
+	only way to correct the problem is to restore the original domain 
+	SID or remove the domain client from the domain and rejoin.
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>The machine account for this computer either does not 
+	exist or is not accessible.</I
+>
+	</P
 ><P
+>	When I try to join the domain I get the message "The machine account 
+	for this computer either does not exist or is not accessible". Whats 
+	wrong?
+	</P
+><P
+>	This problem is caused by the PDC not having a suitable machine account. 
+	If you are using the <TT
+CLASS="PARAMETER"
 ><I
+>add user script</I
+></TT
+> method to create 
+	accounts then this would indicate that it has not worked. Ensure the domain 
+	admin user system is working.
+	</P
+><P
+>	Alternatively if you are creating account entries manually then they 
+	have not been created correctly. Make sure that you have the entry 
+	correct for the machine account in smbpasswd file on the Samba PDC. 
+	If you added the account using an editor rather than using the smbpasswd 
+	utility, make sure that the account name is the machine NetBIOS name 
+	with a '$' appended to it ( i.e. computer_name$ ). There must be an entry 
+	in both /etc/passwd and the smbpasswd file. Some people have reported 
+	that inconsistent subnet masks between the Samba server and the NT 
+	client have caused this problem.   Make sure that these are consistent 
+	for both client and server.
+	</P
+></LI
+><LI
+><P
+>	<I
 CLASS="EMPHASIS"
->"The machine account for this computer either does not 
-exist or is not accessible."</I
-></P
+>When I attempt to login to a Samba Domain from a NT4/W2K workstation,
+	I get a message about my account being disabled.</I
+>
+	</P
 ><P
->When I try to join the domain I get the message "The machine account 
-for this computer either does not exist or is not accessible". Whats 
-wrong ?</P
+>	This problem is caused by a PAM related bug in Samba 2.2.0.  This bug is 
+	fixed in 2.2.1.  Other symptoms could be unaccessible shares on 
+	NT/W2K member servers in the domain or the following error in your smbd.log:
+	passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%
+	</P
 ><P
->This problem is caused by the PDC not having a suitable machine account. 
-If you are using the <B
+>	At first be ensure to enable the useraccounts with <B
 CLASS="COMMAND"
->add user script =</B
-> method to create 
-accounts then this would indicate that it has not worked. Ensure the domain 
-admin user system is working.</P
-><P
->Alternatively if you are creating account entries manually then they 
-have not been created correctly. Make sure that you have the entry 
-correct for the machine account in smbpasswd file on the Samba PDC. 
-If you added the account using an editor rather than using the smbpasswd 
-utility, make sure that the account name is the machine netbios name 
-with a '$' appended to it ( ie. computer_name$ ). There must be an entry 
-in both /etc/passwd and the smbpasswd file. Some people have reported 
-that inconsistent subnet masks between the Samba server and the NT 
-client have caused this problem.   Make sure that these are consistent 
-for both client and server.</P
+>smbpasswd -e 
+	%user%</B
+>, this is normally done, when you create an account.
+	</P
+><P
+>	In order to work around this problem in 2.2.0, configure the 
+	<TT
+CLASS="PARAMETER"
+><I
+>account</I
+></TT
+> control flag in 
+	<TT
+CLASS="FILENAME"
+>/etc/pam.d/samba</TT
+> file as follows:
+	</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>	account required        pam_permit.so
+	</PRE
+></P
+><P
+>	If you want to remain backward compatibility to samba 2.0.x use
+	<TT
+CLASS="FILENAME"
+>pam_permit.so</TT
+>, it's also possible to use 
+	<TT
+CLASS="FILENAME"
+>pam_pwdb.so</TT
+>. There are some bugs if you try to 
+	use <TT
+CLASS="FILENAME"
+>pam_unix.so</TT
+>, if you need this, be ensure to use
+	the most recent version of this file.
+	</P
+></LI
+></UL
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN150"
+NAME="AEN193"
 >System Policies and Profiles</A
 ></H1
 ><P
@@ -630,97 +869,112 @@ Profiles and Policies in Windows NT 4.0</A
 ><P
 >Here are some additional details:</P
 ><P
-><I
+></P
+><UL
+><LI
+><P
+>	<I
 CLASS="EMPHASIS"
 >What about Windows NT Policy Editor ?</I
-></P
+>
+	</P
 ><P
->To create or edit <TT
+>	To create or edit <TT
 CLASS="FILENAME"
 >ntconfig.pol</TT
 > you must use 
-the NT Server Policy Editor, <B
+	the NT Server Policy Editor, <B
 CLASS="COMMAND"
 >poledit.exe</B
 >	which 
-is included with NT Server but <I
+	is included with NT Server but <I
 CLASS="EMPHASIS"
 >not NT Workstation</I
 >. 
-There is a Policy Editor on a NTws 
-but it is not suitable for creating <I
+	There is a Policy Editor on a NTws 
+	but it is not suitable for creating <I
 CLASS="EMPHASIS"
 >Domain Policies</I
 >. 
-Further, although the Windows 95 
-Policy Editor can be installed on an NT Workstation/Server, it will not
-work with NT policies because the registry key that are set by the policy templates. 
-However, the files from the NT Server will run happily enough on an NTws. 
-You need <TT
+	Further, although the Windows 95 
+	Policy Editor can be installed on an NT Workstation/Server, it will not
+	work with NT policies because the registry key that are set by the policy templates. 
+	However, the files from the NT Server will run happily enough on an NTws. 	
+	You need <TT
 CLASS="FILENAME"
 >poledit.exe, common.adm</TT
 > and <TT
 CLASS="FILENAME"
 >winnt.adm</TT
 >. It is convenient
-to put the two *.adm files in <TT
+	to put the two *.adm files in <TT
 CLASS="FILENAME"
 >c:\winnt\inf</TT
 > which is where
-the binary will look for them unless told otherwise. Note also that that 
-directory is 'hidden'.</P
+	the binary will look for them unless told otherwise. Note also that that 
+	directory is 'hidden'.
+	</P
 ><P
->The Windows NT policy editor is also included with the 
-Service Pack 3 (and later) for Windows NT 4.0. Extract the files using 
-<B
+>	The Windows NT policy editor is also included with the Service Pack 3 (and 
+	later) for Windows NT 4.0. Extract the files using <B
 CLASS="COMMAND"
 >servicepackname /x</B
->, ie thats <B
+>, 
+	i.e. that's <B
 CLASS="COMMAND"
->Nt4sp6ai.exe 
-/x</B
-> for service pack 6a.  The policy editor, <B
+>Nt4sp6ai.exe /x</B
+> for service pack 6a.  The policy editor, 
+	<B
 CLASS="COMMAND"
 >poledit.exe</B
-> and the 
-associated template files (*.adm) should
-be extracted as well.  It is also possible to downloaded the policy template 
-files for Office97 and get a copy of the policy editor.  Another possible 
-location is with the Zero Administration Kit available for download from Microsoft.</P
+> and the associated template files (*.adm) should
+	be extracted as well.  It is also possible to downloaded the policy template 
+	files for Office97 and get a copy of the policy editor.  Another possible 
+	location is with the Zero Administration Kit available for download from Microsoft.
+	</P
+></LI
+><LI
 ><P
-><I
+>	<I
 CLASS="EMPHASIS"
 >Can Win95 do Policies ?</I
-></P
+>
+	</P
 ><P
->Install the group policy handler for Win9x to pick up group 
-policies.   Look on the Win98 CD in <TT
+>	Install the group policy handler for Win9x to pick up group 
+	policies.   Look on the Win98 CD in <TT
 CLASS="FILENAME"
 >\tools\reskit\netadmin\poledit</TT
 >. 
-Install group policies on a Win9x client by double-clicking 
-<TT
+	Install group policies on a Win9x client by double-clicking 
+	<TT
 CLASS="FILENAME"
 >grouppol.inf</TT
 >. Log off and on again a couple of 
-times and see if Win98 picks up group policies.  Unfortunately this needs 
-to be done on every Win9x machine that uses group policies....</P
+	times and see if Win98 picks up group policies.  Unfortunately this needs 
+	to be done on every Win9x machine that uses group policies....
+	</P
 ><P
->If group policies don't work one reports suggests getting the updated 
-(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
-from /etc/group.</P
+>	If group policies don't work one reports suggests getting the updated 
+	(read: working) grouppol.dll for Windows 9x. The group list is grabbed 
+	from /etc/group.
+	</P
+></LI
+><LI
 ><P
-><I
+>	<I
 CLASS="EMPHASIS"
 >How do I get 'User Manager' and 'Server Manager'</I
-></P
+>
+	</P
 ><P
->Since I don't need to buy an NT Server CD now, how do I get 
-the 'User Manager for Domains', the 'Server Manager' ?</P
+>	Since I don't need to buy an NT Server CD now, how do I get 
+	the 'User Manager for Domains', the 'Server Manager' ?
+	</P
 ><P
->Microsoft distributes a version of 
-these tools called nexus for installation on Windows 95 systems.  The 
-tools set includes</P
+>	Microsoft distributes a version of these tools called nexus for 
+	installation on Windows 95 systems.  The tools set includes
+	</P
 ><P
 ></P
 ><UL
@@ -738,26 +992,30 @@ tools set includes</P
 ></LI
 ></UL
 ><P
->Click here to download the archived file <A
+>	Click here to download the archived file <A
 HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE"
 TARGET="_top"
 >ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A
-></P
+>
+	</P
 ><P
->The Windows NT 4.0 version of the 'User Manager for 
-Domains' and 'Server Manager' are available from Microsoft via ftp 
-from <A
+>	The Windows NT 4.0 version of the 'User Manager for 
+	Domains' and 'Server Manager' are available from Microsoft via ftp 
+	from <A
 HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE"
 TARGET="_top"
 >ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A
-></P
+>
+	</P
+></LI
+></UL
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN190"
+NAME="AEN237"
 >What other help can I get ?</A
 ></H1
 ><P
@@ -766,14 +1024,19 @@ of mailing lists, RFC's and documentation.  The docs that come
 with the samba distribution contain very good explanations of 
 general SMB topics such as browsing.</P
 ><P
-><I
+></P
+><UL
+><LI
+><P
+>	<I
 CLASS="EMPHASIS"
 >What are some diagnostics tools I can use to debug the domain logon 
-process and where can I	find them?</I
-></P
+	process and where can I	find them?</I
+>
+	</P
 ><P
 >	One of the best diagnostic tools for debugging problems is Samba itself.  
-	You can use the -d option for both smbd and nmbd to specifiy what 
+	You can use the -d option for both smbd and nmbd to specify what 
 	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
 	smb.conf for more information on debugging options.  The debug 
 	level can range from 1 (the default) to 10 (100 for debugging passwords).
@@ -812,7 +1075,7 @@ CLASS="COMMAND"
 ></UL
 ><P
 >	An SMB enabled version of tcpdump is available from 
-    <A
+	<A
 HREF="http://www.tcpdump.org/"
 TARGET="_top"
 >http://www.tcpdup.org/</A
@@ -829,18 +1092,21 @@ TARGET="_top"
 	(aka. netmon) is available on the Microsoft Developer Network CD's, 
 	the Windows NT Server install CD and the SMS CD's.  The version of 
 	netmon that ships with SMS allows for dumping packets between any two 
-	computers (ie. placing the network interface in promiscuous mode).  
+	computers (i.e. placing the network interface in promiscuous mode).  
 	The version on the NT Server install CD will only allow monitoring 
 	of network traffic directed to the local NT box and broadcasts on the 
 	local subnet.  Be aware that Ethereal can read and write netmon 
 	formatted files.
 	</P
+></LI
+><LI
 ><P
-><I
+>	<I
 CLASS="EMPHASIS"
 >How do I install 'Network Monitor' on an NT Workstation 
-or a Windows 9x box?</I
-></P
+	or a Windows 9x box?</I
+>
+	</P
 ><P
 >	Installing netmon on an NT workstation requires a couple 
 	of steps.  The following are for installing Netmon V4.00.349, which comes 
@@ -935,14 +1201,11 @@ CLASS="FILENAME"
 	information on how to do this.  Copy the files from a working 
 	Netmon installation.
 	</P
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN237"
->URLs and similar</A
-></H2
+></LI
+><LI
+><P
+>	The following is a list if helpful URLs and other links:
+	</P
 ><P
 ></P
 ><UL
@@ -1008,44 +1271,44 @@ TARGET="_top"
 ></P
 ></LI
 ></UL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN261"
->Mailing Lists</A
-></H2
+></LI
+></UL
 ><P
-><I
+></P
+><UL
+><LI
+><P
+>	<I
 CLASS="EMPHASIS"
 >How do I get help from the mailing lists ?</I
-></P
+>
+	</P
 ><P
->There are a number of Samba related mailing lists. Go to <A
+>	There are a number of Samba related mailing lists. Go to <A
 HREF="http://samba.org"
 TARGET="_top"
 >http://samba.org</A
 >, click on your nearest mirror
-and then click on <B
+	and then click on <B
 CLASS="COMMAND"
 >Support</B
 > and then click on <B
 CLASS="COMMAND"
->Samba related mailing lists</B
->.</P
+>	Samba related mailing lists</B
+>.
+	</P
 ><P
->For questions relating to Samba TNG go to
-<A
+>	For questions relating to Samba TNG go to
+	<A
 HREF="http://www.samba-tng.org/"
 TARGET="_top"
 >http://www.samba-tng.org/</A
 > 
-It has been requested that you don't post questions about Samba-TNG to the
-main stream Samba lists.</P
+	It has been requested that you don't post questions about Samba-TNG to the
+	main stream Samba lists.</P
 ><P
->If you post a message to one of the lists please observe the following guide lines :</P
+>	If you post a message to one of the lists please observe the following guide lines :
+	</P
 ><P
 ></P
 ><UL
@@ -1084,7 +1347,7 @@ main stream Samba lists.</P
 ><LI
 ><P
 > Don't cross post. Work out which is the best list to post to 
-		and see what happens, ie don't post to both samba-ntdom and samba-technical.
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
         Many people active on the lists subscribe to more 
 		than one list and get annoyed to see the same message two or more times. 
 		Often someone will see a message and thinking it would be better dealt 
@@ -1113,35 +1376,799 @@ CLASS="EMPHASIS"
         smb.conf in their attach directory ?</P
 ></LI
 ></UL
+></LI
+><LI
 ><P
-><I
+>	<I
 CLASS="EMPHASIS"
 >How do I get off the mailing lists ?</I
-></P
+>
+	</P
 ><P
 >To have your name removed from a samba mailing list, go to the
-        same place you went to to get on it. Go to <A
+	same place you went to to get on it. Go to <A
 HREF="http://lists.samba.org/"
 TARGET="_top"
 >http://lists.samba.org</A
->, click 
-		on your nearest mirror and then click on <B
+>, 
+	click on your nearest mirror and then click on <B
 CLASS="COMMAND"
 >Support</B
 > and 
-		then click on <B
+	then click on <B
 CLASS="COMMAND"
 > Samba related mailing lists</B
 >. Or perhaps see 
-        <A
+	<A
 HREF="http://lists.samba.org/mailman/roster/samba-ntdom"
 TARGET="_top"
 >here</A
-></P
+>
+	</P
 ><P
 >	Please don't post messages to the list asking to be removed, you will just
-        be referred to the above address (unless that process failed in some way...)
-    </P
+	be referred to the above address (unless that process failed in some way...)
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN351"
+>Domain Control for Windows 9x/ME</A
+></H1
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>The following section contains much of the original 
+DOMAIN.txt file previously included with Samba.  Much of 
+the material is based on what went into the book Special 
+Edition, Using Samba. (Richard Sharpe)</P
+></BLOCKQUOTE
+></DIV
+><P
+>A domain and a workgroup are exactly the same thing in terms of network
+browsing.  The difference is that a distributable authentication
+database is associated with a domain, for secure login access to a
+network.  Also, different access rights can be granted to users if they
+successfully authenticate against a domain logon server (NT server and 
+other systems based on NT server support this, as does at least Samba TNG now).</P
+><P
+>The SMB client logging on to a domain has an expectation that every other
+server in the domain should accept the same authentication information.
+Network browsing functionality of domains and workgroups is
+identical and is explained in BROWSING.txt. It should be noted, that browsing
+is total orthogonal to logon support.</P
+><P
+>Issues related to the single-logon network model are discussed in this
+document.  Samba supports domain logons, network logon scripts, and user
+profiles for MS Windows for workgroups and MS Windows 9X clients.</P
+><P
+>When an SMB client in a domain wishes to logon it broadcast requests for a
+logon server.  The first one to reply gets the job, and validates its
+password using whatever mechanism the Samba administrator has installed.
+It is possible (but very stupid) to create a domain where the user
+database is not shared between servers, i.e. they are effectively workgroup
+servers advertising themselves as participating in a domain.  This
+demonstrates how authentication is quite different from but closely
+involved with domains.</P
+><P
+>Another thing commonly associated with single-logon domains is remote
+administration over the SMB protocol.  Again, there is no reason why this
+cannot be implemented with an underlying username database which is
+different from the Windows NT SAM.  Support for the Remote Administration
+Protocol is planned for a future release of Samba.</P
+><P
+>Network logon support as discussed in this section is aimed at Window for
+Workgroups, and Windows 9X clients. </P
+><P
+>Support for profiles is confirmed as working for Win95, NT 4.0 and NT 3.51.
+It is possible to specify: the profile location; script file to be loaded
+on login; the user's home directory; and for NT a kick-off time could also
+now easily be supported. However, there are some differences between Win9X
+profile support and WinNT profile support. These are discussed below.</P
+><P
+>With NT Workstations, all this does not require the use or intervention of
+an NT 4.0 or NT 3.51 server: Samba can now replace the logon services
+provided by an NT server, to a limited and experimental degree (for example,
+running "User Manager for Domains" will not provide you with access to
+a domain created by a Samba Server).</P
+><P
+>With Win95, the help of an NT server can be enlisted, both for profile storage
+and for user authentication.  For details on user authentication, see
+security_level.txt.  For details on profile storage, see below.</P
+><P
+>Using these features you can make your clients verify their logon via
+the Samba server; make clients run a batch file when they logon to
+the network and download their preferences, desktop and start menu.</P
+><P
+>Before launching into the configuration instructions, it is worthwhile looking
+at how a Win9X client performs a logon:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	The client broadcasts (to the IP broadcast address of the subnet it is in)
+	a NetLogon request. This is sent to the NetBIOS address DOMAIN&#60;00&#62; at the
+	NetBIOS layer.  The client chooses the first response it receives, which
+	contains the NetBIOS name of the logon server to use in the format of 
+	\\SERVER.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to that server, logs on (does an SMBsessetupX) and
+	then connects to the IPC$ share (using an SMBtconX).
+	</P
+></LI
+><LI
+><P
+>	The client then does a NetWkstaUserLogon request, which retrieves the name
+	of the user's logon script. 
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the NetLogon share and searches for this 	
+	and if it is found and can be read, is retrieved and executed by the client.
+	After this, the client disconnects from the NetLogon share.
+	</P
+></LI
+><LI
+><P
+>	The client then sends a NetUserGetInfo request to the server, to retrieve
+	the user's home share, which is used to search for profiles. Since the
+	response to the NetUserGetInfo request does not contain much more 	
+	the user's home share, profiles for Win9X clients MUST reside in the user
+	home directory.
+	</P
+></LI
+><LI
+><P
+>	The client then connects to the user's home share and searches for the 
+	user's profile. As it turns out, you can specify the user's home share as
+	a sharename and path. For example, \\server\fred\.profile.
+	If the profiles are found, they are implemented.
+	</P
+></LI
+><LI
+><P
+>	The client then disconnects from the user's home share, and reconnects to
+	the NetLogon share and looks for CONFIG.POL, the policies file. If this is
+	found, it is read and implemented.
+	</P
+></LI
+></OL
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN381"
+>Configuration Instructions:	Network Logons</A
+></H2
+><P
+>To use domain logons and profiles you need to do the following:</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	Create a share called [netlogon] in your smb.conf. This share should
+	be readable by all users, and probably should not be writeable. This
+	share will hold your network logon scripts, and the CONFIG.POL file
+	(Note: for details on the CONFIG.POL file, how to use it, what it is,
+	refer to the Microsoft Windows NT Administration documentation.
+	The format of these files is not known, so you will need to use
+	Microsoft tools).
+	</P
+><P
+>	For example I have used:
+	</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[netlogon]
+     path = /data/dos/netlogon
+     writeable = no
+     guest ok = no</PRE
+></P
+><P
+>	Note that it is important that this share is not writeable by ordinary
+	users, in a secure environment: ordinary users should not be allowed
+	to modify or add files that another user's computer would then download
+	when they log in.
+	</P
+></LI
+><LI
+><P
+>	in the [global] section of smb.conf set the following:
+	</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>domain logons = yes
+logon script = %U.bat
+	</PRE
+></P
+><P
+>	The choice of batch file is, of course, up to you. The above would
+	give each user a separate batch file as the %U will be changed to
+	their username automatically. The other standard % macros may also be
+	used. You can make the batch files come from a subdirectory by using
+	something like:
+	</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon script = scripts\%U.bat
+	</PRE
+></P
+></LI
+><LI
+><P
+>	create the batch files to be run when the user logs in. If the batch
+	file doesn't exist then no batch file will be run. 
+	</P
+><P
+>	In the batch files you need to be careful to use DOS style cr/lf line
+	endings. If you don't then DOS may get confused. I suggest you use a
+	DOS editor to remotely edit the files if you don't know how to produce
+	DOS style files under unix.
+	</P
+></LI
+><LI
+><P
+>	Use smbclient with the -U option for some users to make sure that
+	the \\server\NETLOGON share is available, the batch files are
+	visible and they are readable by the users.
+	</P
+></LI
+><LI
+><P
+>	you will probably find that your clients automatically mount the
+	\\SERVER\NETLOGON share as drive z: while logging in. You can put
+	some useful programs there to execute from the batch files.
+	</P
+></LI
+></OL
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>security mode and master browsers</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>There are a few comments to make in order to tie up some 
+loose ends.  There has been much debate over the issue of whether
+or not it is ok to configure Samba as a Domain Controller in security
+modes other than <TT
+CLASS="CONSTANT"
+>USER</TT
+>.  The only security mode 
+which  will not work due to technical reasons is <TT
+CLASS="CONSTANT"
+>SHARE</TT
+>
+mode security.  <TT
+CLASS="CONSTANT"
+>DOMAIN</TT
+> and <TT
+CLASS="CONSTANT"
+>SERVER</TT
+>
+mode security is really just a variation on SMB user level security.</P
+><P
+>Actually, this issue is also closer tied to the debate on whether 
+or not Samba must be the domain master browser for its workgroup
+when operating as a DC.  While it may technically be possible
+to configure a server as such (after all, browsing and domain logons
+are two distinctly different functions), it is not a good idea to
+so.  You should remember that the DC must register the DOMAIN#1b NetBIOS 
+name.  This is the name used by Windows clients to locate the DC.
+Windows clients do not distinguish between the DC and the DMB.
+For this reason, it is very wise to configure the Samba DC as the DMB.</P
+><P
+>Now back to the issue of configuring a Samba DC to use a mode other
+than "security = user".  If a Samba host is configured to use 
+another SMB server or DC in order to validate user connection 
+requests, then it is a fact that some other machine on the network 
+(the "password server") knows more about user than the Samba host.
+99% of the time, this other host is a domain controller.  Now 
+in order to operate in domain mode security, the "workgroup" parameter
+must be set to the name of the Windows NT domain (which already 
+has a domain controller, right?)</P
+><P
+>Therefore configuring a Samba box as a DC for a domain that 
+already by definition has a PDC is asking for trouble.
+Therefore, you should always configure the Samba DC to be the DMB
+for its domain.</P
+></TD
+></TR
+></TABLE
+></DIV
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN415"
+>Configuration Instructions:	Setting up Roaming User Profiles</A
+></H2
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE!</I
+> Roaming profiles support is different 
+for Win9X and WinNT.</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>Before discussing how to configure roaming profiles, it is useful to see how
+Win9X and WinNT clients implement these features.</P
+><P
+>Win9X clients send a NetUserGetInfo request to the server to get the user's
+profiles location. However, the response does not have room for a separate 
+profiles location field, only the user's home share. This means that Win9X 
+profiles are restricted to being in the user's home directory.</P
+><P
+>WinNT clients send a NetSAMLogon RPC request, which contains many fields, 
+including a separate field for the location of the user's profiles. 
+This means that support for profiles is different for Win9X and WinNT.</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN423"
+>Windows NT Configuration</A
+></H3
+><P
+>To support WinNT clients, inn the [global] section of smb.conf set the
+following (for example):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath</PRE
+></P
+><P
+>The default for this option is \\%N\%U\profile, namely
+\\sambaserver\username\profile.  The \\N%\%U service is created
+automatically by the [homes] service.
+If you are using a samba server for the profiles, you _must_ make the
+share specified in the logon path browseable. </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 26aug96 - we have discovered a problem where Windows clients can
+maintain a connection to the [homes] share in between logins.  The
+[homes] share must NOT therefore be used in a profile path.]</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN431"
+>Windows 9X Configuration</A
+></H3
+><P
+>To support Win9X clients, you must use the "logon home" parameter. Samba has
+now been fixed so that "net use/home" now works as well, and it, too, relies
+on the "logon home" parameter.</P
+><P
+>By using the logon home parameter, you are restricted to putting Win9X 
+profiles in the user's home directory.   But wait! There is a trick you 
+can use. If you set the following in the [global] section of your 
+smb.conf file:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles</PRE
+></P
+><P
+>then your Win9X clients will dutifully put their clients in a subdirectory
+of your home directory called .profiles (thus making them hidden).</P
+><P
+>Not only that, but 'net use/home' will also work, because of a feature in 
+Win9X. It removes any directory stuff off the end of the home directory area
+and only uses the server and share portion. That is, it looks like you
+specified \\%L\%U for "logon home".</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN439"
+>Win9X and WinNT Configuration</A
+></H3
+><P
+>You can support profiles for both Win9X and WinNT clients by setting both the
+"logon home" and "logon path" parameters. For example:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U</PRE
+></P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>I have not checked what 'net use /home' does on NT when "logon home" is
+set as above.</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN446"
+>Windows 9X Profile Setup</A
+></H3
+><P
+>When a user first logs in on Windows 9X, the file user.DAT is created,
+as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
+These directories and their contents will be merged with the local
+versions stored in c:\windows\profiles\username on subsequent logins,
+taking the most recent from each.  You will need to use the [global]
+options "preserve case = yes", "short case preserve = yes" and
+"case sensitive = no" in order to maintain capital letters in shortcuts
+in any of the profile folders.</P
+><P
+>The user.DAT file contains all the user's preferences.  If you wish to
+enforce a set of preferences, rename their user.DAT file to user.MAN,
+and deny them write access to this file.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Passwords and
+	select the User Profiles tab.  Select the required level of
+	roaming preferences.  Press OK, but do _not_ allow the computer
+	to reboot.
+	</P
+></LI
+><LI
+><P
+>	On the Windows 95 machine, go to Control Panel | Network |
+	Client for Microsoft Networks | Preferences.  Select 'Log on to
+	NT Domain'.  Then, ensure that the Primary Logon is 'Client for
+	Microsoft Networks'.  Press OK, and this time allow the computer
+	to reboot.
+	</P
+></LI
+></OL
+><P
+>Under Windows 95, Profiles are downloaded from the Primary Logon.
+If you have the Primary Logon as 'Client for Novell Networks', then
+the profiles and logon script will be downloaded from your Novell
+Server.  If you have the Primary Logon as 'Windows Logon', then the
+profiles will be loaded from the local machine - a bit against the
+concept of roaming profiles, if you ask me.</P
+><P
+>You will now find that the Microsoft Networks Login box contains
+[user, password, domain] instead of just [user, password].  Type in
+the samba server's domain name (or any other domain known to exist,
+but bear in mind that the user will be authenticated against this
+domain and profiles downloaded from it, if that domain logon server
+supports it), user name and user's password.</P
+><P
+>Once the user has been successfully validated, the Windows 95 machine
+will inform you that 'The user has not logged on before' and asks you
+if you wish to save the user's preferences?  Select 'yes'.</P
+><P
+>Once the Windows 95 client comes up with the desktop, you should be able
+to examine the contents of the directory specified in the "logon path"
+on the samba server and verify that the "Desktop", "Start Menu",
+"Programs" and "Nethood" folders have been created.</P
+><P
+>These folders will be cached locally on the client, and updated when
+the user logs off (if you haven't made them read-only by then :-).
+You will find that if the user creates further folders or short-cuts,
+that the client will merge the profile contents downloaded with the
+contents of the profile directory already on the local client, taking
+the newest folders and short-cuts from each set.</P
+><P
+>If you have made the folders / files read-only on the samba server,
+then you will get errors from the w95 machine on logon and logout, as
+it attempts to merge the local and the remote profile.  Basically, if
+you have any errors reported by the w95 machine, check the unix file
+permissions and ownership rights on the profile directory contents,
+on the samba server.</P
+><P
+>If you have problems creating user profiles, you can reset the user's
+local desktop cache, as shown below.  When this user then next logs in,
+they will be told that they are logging in "for the first time".</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>	instead of logging in under the [user, password, domain] dialog,
+	press escape.
+	</P
+></LI
+><LI
+><P
+>	run the regedit.exe program, and look in:
+	</P
+><P
+>	HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList
+	</P
+><P
+>	you will find an entry, for each user, of ProfilePath.  Note the
+	contents of this key (likely to be c:\windows\profiles\username),
+	then delete the key ProfilePath for the required user.
+	</P
+><P
+>	[Exit the registry editor].
+	</P
+></LI
+><LI
+><P
+>	<I
+CLASS="EMPHASIS"
+>WARNING</I
+> - before deleting the contents of the 
+	directory listed in
+   the ProfilePath (this is likely to be c:\windows\profiles\username),
+   ask them if they have any important files stored on their desktop
+   or in their start menu.  delete the contents of the directory
+   ProfilePath (making a backup if any of the files are needed).
+	</P
+><P
+>   This will have the effect of removing the local (read-only hidden
+   system file) user.DAT in their profile directory, as well as the
+   local "desktop", "nethood", "start menu" and "programs" folders.
+	</P
+></LI
+><LI
+><P
+>	search for the user's .PWL password-caching file in the c:\windows
+	directory, and delete it.
+	</P
+></LI
+><LI
+><P
+>	log off the windows 95 client.
+	</P
+></LI
+><LI
+><P
+>	check the contents of the profile path (see "logon path" described
+	above), and delete the user.DAT or user.MAN file for the user,
+	making a backup if required.  
+	</P
+></LI
+></OL
+><P
+>If all else fails, increase samba's debug log levels to between 3 and 10,
+and / or run a packet trace program such as tcpdump or netmon.exe, and
+look for any error reports.</P
+><P
+>If you have access to an NT server, then first set up roaming profiles
+and / or netlogons on the NT server.  Make a packet trace, or examine
+the example packet traces provided with NT server, and see what the
+differences are with the equivalent samba trace.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN482"
+>Windows NT Workstation 4.0</A
+></H3
+><P
+>When a user first logs in to a Windows NT Workstation, the profile
+NTuser.DAT is created.  The profile location can be now specified
+through the "logon path" parameter.  </P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i tried setting the path to
+\\samba-server\homes\profile, and discovered that this fails because
+a background process maintains the connection to the [homes] share
+which does _not_ close down in between user logins.  you have to
+have \\samba-server\%L\profile, where user is the username created
+from the [homes] share].</P
+></BLOCKQUOTE
+></DIV
+><P
+>There is a parameter that is now available for use with NT Profiles:
+"logon drive".  This should be set to "h:" or any other drive, and
+should be used in conjunction with the new "logon home" parameter.</P
+><P
+>The entry for the NT 4.0 profile is a _directory_ not a file.  The NT
+help on profiles mentions that a directory is also created with a .PDS
+extension.  The user, while logging in, must have write permission to
+create the full profile path (and the folder with the .PDS extension)
+[lkcl 10aug97 - i found that the creation of the .PDS directory failed,
+and had to create these manually for each user, with a shell script.
+also, i presume, but have not tested, that the full profile path must
+be browseable just as it is for w95, due to the manner in which they
+attempt to create the full profile path: test existence of each path
+component; create path component].</P
+><P
+>In the profile directory, NT creates more folders than 95.  It creates
+"Application Data" and others, as well as "Desktop", "Nethood",
+"Start Menu" and "Programs".  The profile itself is stored in a file
+NTuser.DAT.  Nothing appears to be stored in the .PDS directory, and
+its purpose is currently unknown.</P
+><P
+>You can use the System Control Panel to copy a local profile onto
+a samba server (see NT Help on profiles: it is also capable of firing
+up the correct location in the System Control Panel for you).  The
+NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
+turns a profile into a mandatory one.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 10aug97 - i notice that NT Workstation tells me that it is
+downloading a profile from a slow link.  whether this is actually the
+case, or whether there is some configuration issue, as yet unknown,
+that makes NT Workstation _think_ that the link is a slow one is a
+matter to be resolved].</P
+><P
+>[lkcl 20aug97 - after samba digest correspondence, one user found, and
+another confirmed, that profiles cannot be loaded from a samba server
+unless "security = user" and "encrypt passwords = yes" (see the file
+ENCRYPTION.txt) or "security = server" and "password server = ip.address.
+of.yourNTserver" are used.  Either of these options will allow the NT
+workstation to access the samba server using LAN manager encrypted
+passwords, without the user intervention normally required by NT
+workstation for clear-text passwords].</P
+><P
+>[lkcl 25aug97 - more comments received about NT profiles: the case of
+the profile _matters_.  the file _must_ be called NTuser.DAT or, for
+a mandatory profile, NTuser.MAN].</P
+></BLOCKQUOTE
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN495"
+>Windows NT Server</A
+></H3
+><P
+>There is nothing to stop you specifying any path that you like for the
+location of users' profiles.  Therefore, you could specify that the
+profile be stored on a samba server, or any other SMB server, as long as
+that SMB server supports encrypted passwords.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN498"
+>Sharing Profiles between W95 and NT Workstation 4.0</A
+></H3
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Potentially outdated or incorrect material follows</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>I think this is all bogus, but have not deleted it. (Richard Sharpe)</P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+>The default logon path is \\%N\U%.  NT Workstation will attempt to create
+a directory "\\samba-server\username.PDS" if you specify the logon path
+as "\\samba-server\username" with the NT User Manager.  Therefore, you
+will need to specify (for example) "\\samba-server\username\profile".
+NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which
+is more likely to succeed.</P
+><P
+>If you then want to share the same Start Menu / Desktop with W95, you will
+need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97
+this has its drawbacks: i created a shortcut to telnet.exe, which attempts
+to run from the c:\winnt\system32 directory.  this directory is obviously
+unlikely to exist on a Win95-only host].</P
+><P
+>&#13;If you have this set up correctly, you will find separate user.DAT and
+NTuser.DAT files in the same profile directory.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
+><P
+><B
+>Note: </B
+>[lkcl 25aug97 - there are some issues to resolve with downloading of
+NT profiles, probably to do with time/date stamps.  i have found that
+NTuser.DAT is never updated on the workstation after the first time that
+it is copied to the local workstation profile directory.  this is in
+contrast to w95, where it _does_ transfer / update profiles correctly].</P
+></BLOCKQUOTE
+></DIV
+></DIV
 ></DIV
 ></DIV
 ><DIV
@@ -1149,12 +2176,35 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN300"
+NAME="AEN508"
 >DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
 ></H1
+><DIV
+CLASS="WARNING"
 ><P
->This appendix was originally authored by John H Terpstra of the Samba Team
-and is included here for posterity.</P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="100%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Possibly Outdated Material</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+>	This appendix was originally authored by John H Terpstra of 
+	the Samba Team and is included here for posterity.
+	</P
+></TD
+></TR
+></TABLE
+></DIV
 ><P
 ><I
 CLASS="EMPHASIS"
@@ -1171,12 +2221,9 @@ Windows NT SAM.</P
 ><P
 >Windows NT Server can be installed as either a plain file and print server
 (WORKGROUP workstation or server) or as a server that participates in Domain
-Control (DOMAIN member, Primary Domain controller or Backup Domain controller).</P
-><P
->The same is true for OS/2 Warp Server, Digital Pathworks and other similar
-products, all of which can participate in Domain Control along with Windows NT.
-However only those servers which have licensed Windows NT code in them can be
-a primary Domain Controller (eg Windows NT Server, Advanced Server for Unix.)</P
+Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
+The same is true for OS/2 Warp Server, Digital Pathworks and other similar
+products, all of which can participate in Domain Control along with Windows NT.</P
 ><P
 >To many people these terms can be confusing, so let's try to clear the air.</P
 ><P
@@ -1227,7 +2274,7 @@ plain Servers.</P
 ><P
 >The User database is called the SAM (Security Access Manager) database and
 is used for all user authentication as well as for authentication of inter-
-process authentication (ie: to ensure that the service action a user has
+process authentication (i.e. to ensure that the service action a user has
 requested is permitted within the limits of that user's privileges).</P
 ><P
 >The Samba team have produced a utility that can dump the Windows NT SAM into 
@@ -1238,7 +2285,7 @@ to Samba systems.</P
 ><P
 >Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
 can participate in a Domain security system that is controlled by Windows NT
-servers that have been correctly configured. At most every domain will have
+servers that have been correctly configured. Almost every domain will have
 ONE Primary Domain Controller (PDC). It is desirable that each domain will
 have at least one Backup Domain Controller (BDC).</P
 ><P
diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html
index 34f4ed9283a..32c4b7be593 100644
--- a/docs/htmldocs/UNIX_INSTALL.html
+++ b/docs/htmldocs/UNIX_INSTALL.html
@@ -84,7 +84,7 @@ CLASS="USERINPUT"
 ></P
 ><P
 >first to see what special options you can enable.
-	Then exectuting</P
+	Then executing</P
 ><P
 ><TT
 CLASS="PROMPT"
@@ -202,7 +202,7 @@ CLASS="PROGRAMLISTING"
 >which would allow connections by anyone with an 
 	account on the server, using either their login name or 
 	"homes" as the service name. (Note that I also set the 
-	workgroup that Samba is part of. See BROWSING.txt for defails)</P
+	workgroup that Samba is part of. See BROWSING.txt for details)</P
 ><P
 >Note that <B
 CLASS="COMMAND"
@@ -249,7 +249,7 @@ CLASS="FILENAME"
 	not it will give an error message.</P
 ><P
 >Make sure it runs OK and that the services look 
-	resonable before proceeding. </P
+	reasonable before proceeding. </P
 ></DIV
 ><DIV
 CLASS="SECT1"
@@ -358,7 +358,7 @@ CLASS="FILENAME"
 		<TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
-> to make them consistant.</P
+> to make them consistent.</P
 ><P
 >NOTE: On many systems you may need to use the 
 		"interfaces" option in smb.conf to specify the IP address 
@@ -371,7 +371,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > tries to determine it at run 
-		time, but fails on somunixes. See the section on "testing nmbd" 
+		time, but fails on some unixes. See the section on "testing nmbd" 
 		for a method of finding if you need to do this.</P
 ><P
 >!!!WARNING!!! Many unixes only accept around 5 
@@ -637,7 +637,7 @@ NAME="AEN162"
 >Diagnosing Problems</A
 ></H2
 ><P
->If you have instalation problems then go to 
+>If you have installation problems then go to 
 		<TT
 CLASS="FILENAME"
 >DIAGNOSIS.txt</TT
@@ -771,7 +771,7 @@ NAME="AEN182"
 		are set by an application when it opens a file to determine 
 		what types of access should be allowed simultaneously with 
 		its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE 
-		or DENY_ALL. There are also special compatability modes called 
+		or DENY_ALL. There are also special compatibility modes called 
 		DENY_FCB and  DENY_DOS.</P
 ><P
 >You can disable share modes using "share modes = no". 
@@ -804,7 +804,7 @@ NAME="AEN195"
 ><P
 >If you have problems using filenames with accented 
 		characters in them (like the German, French or Scandinavian 
-		character sets) then I recommmend you look at the "valid chars" 
+		character sets) then I recommend you look at the "valid chars" 
 		option in smb.conf and also take a look at the validchars 
 		package in the examples directory.</P
 ></DIV
diff --git a/docs/htmldocs/findsmb.1.html b/docs/htmldocs/findsmb.1.html
index 0f7ed2265ea..2f246d666d8 100644
--- a/docs/htmldocs/findsmb.1.html
+++ b/docs/htmldocs/findsmb.1.html
@@ -165,6 +165,12 @@ CLASS="COMMAND"
 >nmbd</B
 > running would yield output similar
 	to the following</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 ><TT
@@ -183,6 +189,9 @@ CLASS="COMPUTEROUTPUT"
 192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
 	</TT
 ></PRE
+></TD
+></TR
+></TABLE
 ></DIV
 ><DIV
 CLASS="REFSECT1"
diff --git a/docs/htmldocs/lmhosts.5.html b/docs/htmldocs/lmhosts.5.html
index 671278c19e0..13b162ce44f 100644
--- a/docs/htmldocs/lmhosts.5.html
+++ b/docs/htmldocs/lmhosts.5.html
@@ -50,7 +50,7 @@ NAME="AEN12"
 ><H2
 >DESCRIPTION</H2
 ><P
->This file is part of the &#60;<A
+>This file is part of the <A
 HREF="samba.7.html"
 TARGET="_top"
 >	Samba</A
@@ -59,10 +59,9 @@ TARGET="_top"
 ><TT
 CLASS="FILENAME"
 >lmhosts</TT
-> is the <I
-CLASS="EMPHASIS"
+> is the <EM
 >Samba
-	</I
+	</EM
 > NetBIOS name to IP address mapping file.  It 
 	is very similar to the <TT
 CLASS="FILENAME"
@@ -105,6 +104,12 @@ NAME="AEN20"
 ><P
 >An example follows :</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >#
@@ -114,6 +119,9 @@ CLASS="PROGRAMLISTING"
 192.9.200.20	NTSERVER#20
 192.9.200.21	SAMBASERVER
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Contains three IP to NetBIOS name mappings. The first 
diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html
index 456ea98b20c..8e792e31221 100644
--- a/docs/htmldocs/make_smbcodepage.1.html
+++ b/docs/htmldocs/make_smbcodepage.1.html
@@ -14,7 +14,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="FINDSMB"
+NAME="MAKE-SMBCODEPAGE"
 >make_smbcodepage</A
 ></H1
 ><DIV
@@ -104,24 +104,24 @@ CLASS="PARAMETER"
 >inputfile</DT
 ><DD
 ><P
->This is the input file to process. In t
-		he '<TT
+>This is the input file to process. In 
+		the <TT
 CLASS="PARAMETER"
 ><I
 >c</I
 ></TT
->' case this will be a text 
+> case this will be a text 
 		codepage definition file such as the ones found in the Samba 	
 		<TT
 CLASS="FILENAME"
 >source/codepages</TT
 > directory. In
-		the '<TT
+		the <TT
 CLASS="PARAMETER"
 ><I
 >d</I
 ></TT
->' case this will be the 
+> case this will be the 
 		binary format codepage definition file normally found in 
 		the <TT
 CLASS="FILENAME"
@@ -202,7 +202,7 @@ NAME="AEN58"
 ><P
 ><B
 CLASS="COMMAND"
->codepage_def.&lt;codepage&gt;</B
+>codepage_def.&#60;codepage&#62;</B
 ></P
 ><P
 >These are the input (text) codepage files provided in the 
@@ -259,7 +259,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->codepage.&lt;codepage&gt;</B
+>codepage.&#60;codepage&#62;</B
 > - These are the 
 	output (binary) codepage files produced  and placed in the Samba 
 	destination <TT
diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html
index 4f7f71fe700..29bd8180407 100644
--- a/docs/htmldocs/nmbd.8.html
+++ b/docs/htmldocs/nmbd.8.html
@@ -37,7 +37,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbd</B
->  [-D] [-a] [-o] [-P] [-h] [-V] [-d &lt;debug level&gt;] [-H &lt;lmhosts file&gt;] [-l &lt;log file&gt;] [-n &lt;primary netbios name&gt;] [-p &lt;port number&gt;] [-s &lt;configuration file&gt;]</P
+>  [-D] [-a] [-o] [-P] [-h] [-V] [-d &#60;debug level&#62;] [-H &#60;lmhosts file&#62;] [-l &#60;log file&#62;] [-n &#60;primary netbios name&#62;] [-p &#60;port number&#62;] [-s &#60;configuration file&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -54,7 +54,7 @@ CLASS="COMMAND"
 >nmbd</B
 > is a server that understands 
 	and can reply to NetBIOS over IP name service requests, like 
-	those produced by SMBD/CIFS clients such as Windows 95/98/ME, 
+	those produced by SMB/CIFS clients such as Windows 95/98/ME, 
 	Windows NT, Windows 2000, and LanManager clients. It also
 	participates in the browsing protocols which make up the 
 	Windows "Network Neighborhood" view.</P
@@ -71,9 +71,8 @@ CLASS="COMMAND"
 	specified it will respond with the IP number of the host it 
 	is running on.  Its "own NetBIOS name" is by
 	default the primary DNS name of the host it is running on, 
-	but this can be overridden with the <I
-CLASS="EMPHASIS"
->-n</I
+	but this can be overridden with the <EM
+>-n</EM
 > 
 	option (see OPTIONS below). Thus <B
 CLASS="COMMAND"
@@ -175,7 +174,7 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
->-H &lt;filename&gt;</DT
+>-H &#60;filename&#62;</DT
 ><DD
 ><P
 >NetBIOS lmhosts file.  The lmhosts 
@@ -194,18 +193,16 @@ CLASS="FILENAME"
 ></A
 >
 		to resolve any NetBIOS name queries needed by the server. Note 
-		that the contents of this file are <I
-CLASS="EMPHASIS"
->NOT</I
+		that the contents of this file are <EM
+>NOT</EM
 > 
 		used by <B
 CLASS="COMMAND"
 >nmbd</B
 > to answer any name queries. 
 		Adding a line to this file affects name NetBIOS resolution 
-		from this host <I
-CLASS="EMPHASIS"
->ONLY</I
+		from this host <EM
+>ONLY</EM
 >.</P
 ><P
 >The default path to this file is compiled into 
@@ -242,7 +239,7 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
->-d &lt;debug level&gt;</DT
+>-d &#60;debug level&#62;</DT
 ><DD
 ><P
 >debuglevel is an integer 
@@ -278,7 +275,7 @@ CLASS="FILENAME"
 > file.</P
 ></DD
 ><DT
->-l &lt;log file&gt;</DT
+>-l &#60;log file&#62;</DT
 ><DD
 ><P
 >The -l parameter specifies a path 
@@ -306,7 +303,7 @@ CLASS="FILENAME"
 >.</P
 ></DD
 ><DT
->-n &lt;primary NetBIOS name&gt;</DT
+>-n &#60;primary NetBIOS name&#62;</DT
 ><DD
 ><P
 >This option allows you to override
@@ -331,7 +328,7 @@ CLASS="FILENAME"
 >.</P
 ></DD
 ><DT
->-p &lt;UDP port number&gt;</DT
+>-p &#60;UDP port number&#62;</DT
 ><DD
 ><P
 >UDP port number is a positive integer value.
@@ -344,7 +341,7 @@ CLASS="COMMAND"
 		won't need help!</P
 ></DD
 ><DT
->-s &lt;configuration file&gt;</DT
+>-s &#60;configuration file&#62;</DT
 ><DD
 ><P
 >The default configuration file name 
@@ -484,9 +481,8 @@ CLASS="FILENAME"
 >If <B
 CLASS="COMMAND"
 >nmbd</B
-> is acting as a <I
-CLASS="EMPHASIS"
->		browse master</I
+> is acting as a <EM
+>		browse master</EM
 > (see the <A
 HREF="smb.conf.5.html#localmaster"
 TARGET="_top"
@@ -529,9 +525,8 @@ NAME="AEN171"
 CLASS="COMMAND"
 >nmbd</B
 > process it is recommended 
-	that SIGKILL (-9) <I
-CLASS="EMPHASIS"
->NOT</I
+	that SIGKILL (-9) <EM
+>NOT</EM
 > be used, except as a last 
 	resort, as this may leave the name database in an inconsistent state. 
 	The correct way to terminate <B
@@ -544,7 +539,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > will accept SIGHUP, which will cause 
-	it to dump out it's namelists into the file <TT
+	it to dump out its namelists into the file <TT
 CLASS="FILENAME"
 >namelist.debug
 	</TT
@@ -560,7 +555,7 @@ CLASS="FILENAME"
 	cause <B
 CLASS="COMMAND"
 >nmbd</B
-> to dump out it's server database in
+> to dump out its server database in
 	the <TT
 CLASS="FILENAME"
 >log.nmb</TT
@@ -568,11 +563,11 @@ CLASS="FILENAME"
 	of nmbd may be raised by sending it a SIGUSR1 (<B
 CLASS="COMMAND"
 >kill -USR1
-	&lt;nmbd-pid&gt;</B
+	&#60;nmbd-pid&#62;</B
 >) and lowered by sending it a
 	SIGUSR2 (<B
 CLASS="COMMAND"
->kill -USR2 &lt;nmbd-pid&gt;</B
+>kill -USR2 &#60;nmbd-pid&#62;</B
 >). This is to 
 	allow transient problems to be diagnosed, whilst still running at a 
 	normally low log level.</P
diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html
index 71503708752..c87d7d35db9 100644
--- a/docs/htmldocs/nmblookup.1.html
+++ b/docs/htmldocs/nmblookup.1.html
@@ -37,7 +37,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >nmblookup</B
->  [-M] [-R] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] {name}</P
+>  [-M] [-R] [-S] [-r] [-A] [-h] [-B &#60;broadcast address&#62;] [-U &#60;unicast address&#62;] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-i &#60;NetBIOS scope&#62;] [-T] {name}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -128,7 +128,7 @@ CLASS="CONSTANT"
 		datagrams. The reason for this option is a bug in Windows 95 
 		where it ignores the source port of the requesting packet 
 	 	and only replies to UDP port 137. Unfortunately, on most UNIX 
-		systems root privilage is needed to bind to this port, and 
+		systems root privilege is needed to bind to this port, and 
 		in addition, if the <A
 HREF="nmbd.8.html"
 TARGET="_top"
@@ -156,7 +156,7 @@ CLASS="REPLACEABLE"
 >Print a help (usage) message.</P
 ></DD
 ><DT
->-B &lt;broadcast address&gt;</DT
+>-B &#60;broadcast address&#62;</DT
 ><DD
 ><P
 >Send the query to the given broadcast address. Without 
@@ -179,7 +179,7 @@ CLASS="FILENAME"
 		</P
 ></DD
 ><DT
->-U &lt;unicast address&gt;</DT
+>-U &#60;unicast address&#62;</DT
 ><DD
 ><P
 >Do a unicast query to the specified address or 
@@ -198,7 +198,7 @@ CLASS="PARAMETER"
 		query a WINS server.</P
 ></DD
 ><DT
->-d &lt;debuglevel&gt;</DT
+>-d &#60;debuglevel&#62;</DT
 ><DD
 ><P
 >debuglevel is an integer from 0 to 10.</P
@@ -234,7 +234,7 @@ CLASS="FILENAME"
 > file.</P
 ></DD
 ><DT
->-s &lt;smb.conf&gt;</DT
+>-s &#60;smb.conf&#62;</DT
 ><DD
 ><P
 >This parameter specifies the pathname to 
@@ -246,7 +246,7 @@ TARGET="_top"
 		the Samba setup on the machine.</P
 ></DD
 ><DT
->-i &lt;scope&gt;</DT
+>-i &#60;scope&#62;</DT
 ><DD
 ><P
 >This specifies a NetBIOS scope that
@@ -256,9 +256,8 @@ CLASS="COMMAND"
 > will use to communicate with when 
 		generating NetBIOS names. For details on the use of NetBIOS 
 		scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are 
-		<I
-CLASS="EMPHASIS"
->very</I
+		<EM
+>very</EM
 > rarely used, only set this parameter 
 		if you are the system administrator in charge of all the 
 		NetBIOS systems you communicate with.</P
@@ -271,9 +270,8 @@ CLASS="EMPHASIS"
 		lookup to be looked up via a reverse DNS lookup into a 
 		DNS name, and printed out before each</P
 ><P
-><I
-CLASS="EMPHASIS"
->IP address .... NetBIOS name</I
+><EM
+>IP address .... NetBIOS name</EM
 ></P
 ><P
 > pair that is the normal output.</P
@@ -285,7 +283,7 @@ CLASS="EMPHASIS"
 >This is the NetBIOS name being queried. Depending 
 		upon the previous options this may be a NetBIOS name or IP address. 
 		If a NetBIOS name then the different name types may be specified 
-		by appending '#&lt;type&gt;' to the name. This name may also be
+		by appending '#&#60;type&#62;' to the name. This name may also be
 		'*', which will return all registered names within a broadcast 
 		area.</P
 ></DD
@@ -323,7 +321,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->nmblookup -U samba.org -R IRIX#1B'</B
+>nmblookup -U samba.org -R 'IRIX#1B'</B
 ></P
 ><P
 >would query the WINS server samba.org for the domain 
diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html
index 34208f8feea..36a6ba6c9c6 100644
--- a/docs/htmldocs/printer_driver2.html
+++ b/docs/htmldocs/printer_driver2.html
@@ -33,71 +33,89 @@ NAME="AEN3"
 ></H1
 ><P
 >Beginning with the 2.2.0 release, Samba supports 
-	the native Windows NT printing mechanisms implemented via 
-	MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
-	Samba only supported LanMan printing calls.</P
+the native Windows NT printing mechanisms implemented via 
+MS-RPC (i.e. the SPOOLSS named pipe).  Previous versions of 
+Samba only supported LanMan printing calls.</P
 ><P
 >The additional functionality provided by the new 
-	SPOOLSS support includes:</P
+SPOOLSS support includes:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >Support for downloading printer driver 
-		files to Windows 95/98/NT/2000 clients upon demand.
-		</P
+	files to Windows 95/98/NT/2000 clients upon demand.
+	</P
 ></LI
 ><LI
 ><P
 >Uploading of printer drivers via the 
-		Windows NT Add Printer Wizard (APW) or the <A
+	Windows NT Add Printer Wizard (APW) or the 
+	Imprints tool set (refer to <A
 HREF="http://imprints.sourceforge.net"
 TARGET="_top"
->Imprints tool set
-		</A
-></P
+>http://imprints.sourceforge.net</A
+>). 
+	</P
 ></LI
 ><LI
 ><P
 >Support for the native MS-RPC printing 
-		calls such as StartDocPrinter, EnumJobs(), etc...  (See 
-		the <A
+	calls such as StartDocPrinter, EnumJobs(), etc...  (See 
+	the MSDN documentation at <A
 HREF="http://msdn.microsoft.com/"
 TARGET="_top"
->MSDN documentation
-		</A
-> for more information on the Win32 printing API)
-		</P
+>http://msdn.microsoft.com/</A
+> 
+	for more information on the Win32 printing API)
+	</P
 ></LI
 ><LI
 ><P
 >Support for NT Access Control Lists (ACL) 
-		on printer objects</P
+	on printer objects</P
 ></LI
 ><LI
 ><P
 >Improved support for printer queue manipulation 
-		through the use of an internal databases for spooled job 
-		information</P
+	through the use of an internal databases for spooled job 
+	information</P
 ></LI
 ></UL
+><P
+>There has been some initial confusion about what all this means
+and whether or not it is a requirement for printer drivers to be 
+installed on a Samba host in order to support printing from Windows 
+clients.  A bug existed in Samba 2.2.0 which made Windows NT/2000 clients 
+require that the Samba server possess a valid driver for the printer.  
+This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients
+can use the local APW for installing drivers to be used with a Samba 
+served printer.  This is the same behavior exhibited by Windows 9x clients.
+As a side note, Samba does not use these drivers in any way to process 
+spooled files.  They are utilized entirely by the clients.</P
+><P
+>The following MS KB article, may be of some help if you are dealing with
+Windows 2000 clients:  <I
+CLASS="EMPHASIS"
+>How to Add Printers with No User 
+Interaction in Windows 2000</I
+></P
+><P
+><A
+HREF="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP"
+TARGET="_top"
+>http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</A
+></P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN20"
+NAME="AEN25"
 >Configuration</A
 ></H1
-><P
->In order to support the uploading of printer driver 
-	files, you must first configure a file share named [print$].  
-	The name of this share is hard coded in Samba's internals so 
-	the name is very important (print$ is the service used by 
-	Windows NT print servers to provide support for printer driver 
-	download).</P
 ><DIV
 CLASS="WARNING"
 ><P
@@ -110,70 +128,95 @@ WIDTH="100%"
 ><TD
 ALIGN="CENTER"
 ><B
->Warning</B
+>[print$] vs. [printer$]</B
 ></TD
 ></TR
 ><TR
 ><TD
 ALIGN="LEFT"
 ><P
->Previous versions of Samba recommended using 
-		a share named [printer$].  This name was taken from the 
-		printer$ service created by Windows 9x clients when a 
-		printer was shared.  Windows 9x printer servers always have 
-		a printer$ service which provides read-only access via no 
-		password in order to support printer driver downloads.</P
+>Previous versions of Samba recommended using a share named [printer$].  
+This name was taken from the printer$ service created by Windows 9x 
+clients when a printer was shared.  Windows 9x printer servers always have 
+a printer$ service which provides read-only access via no 
+password in order to support printer driver downloads.</P
 ><P
 >However, the initial implementation allowed for a 
-		parameter named <TT
+parameter named <TT
 CLASS="PARAMETER"
 ><I
 >printer driver location</I
 ></TT
 > 
-		to be used on a per share basis to specify the location of 
-		the driver files associated with that printer.  Another 
-		parameter named <TT
+to be used on a per share basis to specify the location of 
+the driver files associated with that printer.  Another 
+parameter named <TT
 CLASS="PARAMETER"
 ><I
 >printer driver</I
 ></TT
 > provided 
-		a means of defining the printer driver name to be sent to 
-		the client.</P
+a means of defining the printer driver name to be sent to 
+the client.</P
 ><P
 >These parameters, including <TT
 CLASS="PARAMETER"
 ><I
->printer driver 
-		file</I
+>printer driver
+file</I
 ></TT
 > parameter, are being depreciated and should not 
-		be used in new installations.  For more information on this change, 
-		you should refer to the <A
+be used in new installations.  For more information on this change, 
+you should refer to the <A
 HREF="#MIGRATION"
->Migration section 
-		</A
->of this document.</P
+>Migration section</A
+>
+of this document.</P
 ></TD
 ></TR
 ></TABLE
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN36"
+>Creating [print$]</A
+></H2
 ><P
->You should modify the server's smb.conf file to create the 
-	following file share (of course, some of the parameter values,
-	such as 'path' are arbitrary and should be replaced with
-	appropriate values for your site):</P
+>In order to support the uploading of printer driver 
+files, you must first configure a file share named [print$].  
+The name of this share is hard coded in Samba's internals so 
+the name is very important (print$ is the service used by 
+Windows NT print servers to provide support for printer driver 
+download).</P
+><P
+>You should modify the server's smb.conf file to add the global
+parameters and to create the 
+following file share (of course, some of the parameter values,
+such as 'path' are arbitrary and should be replaced with
+appropriate values for your site):</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->[print$]
-	path = /usr/local/samba/printers
-	guest ok = yes
-	browseable = yes
-	read only = yes
-	write list = ntadmin
-	</PRE
+>[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root</PRE
 ></P
 ><P
 >The <A
@@ -182,70 +225,73 @@ TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->	write list</I
+>write list</I
 ></TT
 ></A
 > is used to allow administrative 
-	level user accounts to have write access in order to update files 
-	on the share.  See the <A
+level user accounts to have write access in order to update files 
+on the share.  See the <A
 HREF="smb./conf.5.html"
 TARGET="_top"
->	smb.conf(5) man page</A
-> for more information on 
-	configuring file shares.</P
+>smb.conf(5) 
+man page</A
+> for more information on configuring file shares.</P
 ><P
 >The requirement for <A
 HREF="smb.conf.5.html#GUESTOK"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
->	guest ok = yes</B
+>guest 
+ok = yes</B
 ></A
 > depends upon how your
-	site is configured.  If users will be guaranteed to have 
-	an account on the Samba host, then this is a non-issue.</P
+site is configured.  If users will be guaranteed to have 
+an account on the Samba host, then this is a non-issue.</P
+><DIV
+CLASS="NOTE"
+><BLOCKQUOTE
+CLASS="NOTE"
 ><P
-><I
-CLASS="EMPHASIS"
->author's note: </I
->The non-issue is that 
-	if all your Windows NT users are guarenteed to be authenticated 
-	by the Samba server (such as a domain member server and the NT 
-	user has already been validated by the Domain Controller in 
-	order to logon to the Windows NT console), then guest access 
-	is not necessary.  Of course, in a workgroup environment where 
-	you just want to be able to print without worrying about 
-	silly accounts and security, then configure the share for 
-	guest access.  You'll probably want to add <A
+><B
+>Author's Note: </B
+>The non-issue is that if all your Windows NT users are guaranteed to be 
+authenticated by the Samba server (such as a domain member server and the NT 
+user has already been validated by the Domain Controller in 
+order to logon to the Windows NT console), then guest access 
+is not necessary.  Of course, in a workgroup environment where 
+you just want to be able to print without worrying about 
+silly accounts and security, then configure the share for 
+guest access.  You'll probably want to add <A
 HREF="smb.conf.5.html#MAPTOGUEST"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
->map to guest = Bad User
-	</B
+>map to guest = Bad User</B
 ></A
 > in the [global] section as well.  Make sure 
-	you understand what this parameter does before using it 
-	though. --jerry]</P
+you understand what this parameter does before using it 
+though. --jerry</P
+></BLOCKQUOTE
+></DIV
 ><P
 >In order for a Windows NT print server to support 
-	the downloading of driver files by multiple client architectures,
-	it must create subdirectories within the [print$] service
-	which correspond to each of the supported client architectures.
-	Samba follows this model as well.</P
+the downloading of driver files by multiple client architectures,
+it must create subdirectories within the [print$] service
+which correspond to each of the supported client architectures.
+Samba follows this model as well.</P
 ><P
 >Next create the directory tree below the [print$] share 
-	for each architecture you wish to support.</P
+for each architecture you wish to support.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->	[print$]-----
-		|-W32X86		; "Windows NT x86"
-		|-WIN40			; "Windows 95/98"
-		|-W32ALPHA		; "Windows NT Alpha_AXP"
-		|-W32MIPS		; "Windows NT R4000"
-		|-W32PPC		; "Windows NT PowerPC"
-	</PRE
+>[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"</PRE
 ></P
 ><DIV
 CLASS="WARNING"
@@ -259,38 +305,34 @@ WIDTH="100%"
 ><TD
 ALIGN="CENTER"
 ><B
->Warning</B
+>ATTENTION!  REQUIRED PERMISSIONS</B
 ></TD
 ></TR
 ><TR
 ><TD
 ALIGN="LEFT"
 ><P
-><I
-CLASS="EMPHASIS"
->ATTENTION!  REQUIRED PERMISSIONS</I
-></P
-><P
 >In order to currently add a new driver to you Samba host, 
-		one of two conditions must hold true:</P
+one of two conditions must hold true:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >The account used to connect to the Samba host 
-			must have a uid of 0 (i.e. a root account)</P
+	must have a uid of 0 (i.e. a root account)</P
 ></LI
 ><LI
 ><P
 >The account used to connect to the Samba host
-			must be a member of the <A
-HREF="smb.conf.5.html"
+	must be a member of the <A
+HREF="smb.conf.5.html#PRINTERADMIN"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->			printer admin</I
+>printer 
+	admin</I
 ></TT
 ></A
 > list.</P
@@ -298,97 +340,128 @@ CLASS="PARAMETER"
 ></UL
 ><P
 >Of course, the connected account must still possess access
-		to add files to the subdirectories beneath [print$].</P
+to add files to the subdirectories beneath [print$]. Remember
+that all file shares are set to 'read only' by default.</P
 ></TD
 ></TR
 ></TABLE
 ></DIV
 ><P
 >Once you have created the required [print$] service and 
-	associated subdirectories, simply log onto the Samba server using 
-	a root (or <TT
+associated subdirectories, simply log onto the Samba server using 
+a root (or <TT
 CLASS="PARAMETER"
 ><I
 >printer admin</I
 ></TT
 >) account
-	from a Windows NT 4.0 client.  Navigate to the "Printers" folder
-	on the Samba server.  You should see an initial listing of printers
-	that matches the printer shares defined on your Samba host.</P
+from a Windows NT 4.0 client.  Navigate to the "Printers" folder
+on the Samba server.  You should see an initial listing of printers
+that matches the printer shares defined on your Samba host.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN71"
+>Setting Drivers for Existing Printers</A
+></H2
 ><P
 >The initial listing of printers in the Samba host's 
-	Printers folder will have no printer driver assigned to them.  
-	The way assign a driver to a printer is to view the Properties 
-	of the printer and either</P
+Printers folder will have no real printer driver assigned 
+to them.  By default, in Samba 2.2.0 this driver name was set to 
+<I
+CLASS="EMPHASIS"
+>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</I
+>.
+Later versions changed this to a NULL string to allow the use
+tof the local Add Printer Wizard on NT/2000 clients.
+Attempting to view the printer properties for a printer
+which has this default driver assigned will result in 
+the error message:</P
+><P
+><I
+CLASS="EMPHASIS"
+>Device settings cannot be displayed.  The driver 
+for the specified printer is not installed, only spooler 
+properties will be displayed.  Do you want to install the 
+driver now?</I
+></P
+><P
+>Click "No" in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a 
+printer is to either</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
 >Use the "New Driver..." button to install 
-		a new printer driver, or</P
+	a new printer driver, or</P
 ></LI
 ><LI
 ><P
 >Select a driver from the popup list of 
-		installed drivers.  Initially this list will be empty.</P
+	installed drivers.  Initially this list will be empty.</P
 ></LI
 ></UL
 ><P
 >If you wish to install printer drivers for client 
-	operating systems other than "Windows NT x86", you will need 
-	to use the "Sharing" tab of the printer properties dialog.</P
+operating systems other than "Windows NT x86", you will need 
+to use the "Sharing" tab of the printer properties dialog.</P
 ><P
 >Assuming you have connected with a root account, you 
-	will also be able modify other printer properties such as 
-	ACLs and device settings using this dialog box.</P
+will also be able modify other printer properties such as 
+ACLs and device settings using this dialog box.</P
 ><P
 >A few closing comments for this section, it is possible 
-	on a Windows NT print server to have printers
-	listed in the Printers folder which are not shared.  Samba does
-	not make this distinction.  By definition, the only printers of
-	which Samba is aware are those which are specified as shares in
-	<TT
+on a Windows NT print server to have printers
+listed in the Printers folder which are not shared.  Samba does
+not make this distinction.  By definition, the only printers of
+which Samba is aware are those which are specified as shares in
+<TT
 CLASS="FILENAME"
 >smb.conf</TT
 >.</P
 ><P
 >Another interesting side note is that Windows NT clients do
-	not use the SMB printer share, but rather can print directly 
-	to any printer on another Windows NT host using MS-RPC.  This
-	of course assumes that the printing client has the necessary
-	privileges on the remote host serving the printer.  The default
-	permissions assigned by Windows NT to a printer gives the "Print"
-	permissions to the "Everyone" well-known group.</P
+not use the SMB printer share, but rather can print directly 
+to any printer on another Windows NT host using MS-RPC.  This
+of course assumes that the printing client has the necessary
+privileges on the remote host serving the printer.  The default
+permissions assigned by Windows NT to a printer gives the "Print"
+permissions to the "Everyone" well-known group.</P
+></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN74"
+NAME="AEN88"
 >Support a large number of printers</A
 ></H2
 ><P
 >One issue that has arisen during the development
-		phase of Samba 2.2 is the need to support driver downloads for
-		100's of printers.  Using the Windows NT APW is somewhat 
-		awkward to say the list.  If more than one printer are using the 
-		same driver, the <A
+phase of Samba 2.2 is the need to support driver downloads for
+100's of printers.  Using the Windows NT APW is somewhat 
+awkward to say the list.  If more than one printer are using the 
+same driver, the <A
 HREF="rpcclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >rpcclient's
-		setdriver command</B
+setdriver command</B
 ></A
 > can be used to set the driver
-		associated with an installed driver.  The following is example
-		of how this could be accomplished:</P
+associated with an installed driver.  The following is example
+of how this could be accomplished:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
-		<TT
+<TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumdrivers"
@@ -396,44 +469,185 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
  
 [Windows NT x86]
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 4000 Series PS]
+     Driver Name: [HP LaserJet 4000 Series PS]
  
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 2100 Series PS]
+     Driver Name: [HP LaserJet 2100 Series PS]
  
 Printer Driver Info 1:
-	Driver Name: [HP LaserJet 4Si/4SiMX PS]
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
 				  
-		<TT
+<TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumprinters"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-	flags:[0x800000]
-	name:[\\POGO\hp-print]
-	description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
-	comment:[]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
 				  
-		<TT
+<TT
 CLASS="PROMPT"
 >$ </TT
->rpcclient pogo -U root%bleaK.er \
-		<TT
+>rpcclient pogo -U root%secret \
+<TT
 CLASS="PROMPT"
 >&gt; </TT
 > -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
-Succesfully set hp-print to driver HP LaserJet 4000 Series PS.
-		</PRE
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
 ></P
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN99"
+>Adding New Printers via the Windows NT APW</A
+></H2
+><P
+>By default, Samba offers all printer shares defined in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+Add Printer Wizard icon.  The APW will be show only if</P
+><P
+></P
+><UL
+><LI
+><P
+>The connected user is able to successfully
+	execute an OpenPrinterEx(\\server) with administrative
+	privileges (i.e. root or <TT
+CLASS="PARAMETER"
+><I
+>printer admin</I
+></TT
+>).
+	</P
+></LI
+><LI
+><P
+><A
+HREF="smb.conf.5.html#SHOWADDPRINTERWIZARD"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>show 
+	add printer wizard = yes</I
+></TT
+></A
+> (the default).
+	</P
+></LI
+></UL
+><P
+>In order to be able to use the APW to successfully add a printer to a Samba 
+server, the <A
+HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>add 
+printer command</I
+></TT
+></A
+> must have a defined value.  The program
+hook must successfully add the printer to the system (i.e. 
+<TT
+CLASS="FILENAME"
+>/etc/printcap</TT
+> or appropriate files) and 
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> if necessary.</P
+><P
+>When using the APW from a client, if the named printer share does 
+not exist, <B
+CLASS="COMMAND"
+>smbd</B
+> will execute the <TT
+CLASS="PARAMETER"
+><I
+>add printer 
+command</I
+></TT
+> and reparse to the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+to attempt to locate the new printer share.  If the share is still not defined,
+an error of "Access Denied" is returned to the client.  Note that the 
+<TT
+CLASS="PARAMETER"
+><I
+>add printer program</I
+></TT
+> is executed under the context
+of the connected user, not necessarily a root account.</P
+><P
+>There is a complementing <A
+HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>delete
+printer command</I
+></TT
+></A
+> for removing entries from the "Printers..."
+folder.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN124"
+>Samba and Printer Ports</A
+></H2
+><P
+>Windows NT/2000 print servers associate a port with each printer.  These normally
+take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
+concept of ports associated with a printer.  By default, only one printer port,
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
+order to print, rather it is a requirement of Windows clients.  </P
+><P
+>Note that Samba does not support the concept of "Printer Pooling" internally 
+either.  This is when a logical printer is assigned to multiple ports as 
+a form of load balancing or fail over.</P
+><P
+>If you require that multiple ports be defined for some reason,
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> possesses a <A
+HREF="smb.conf.5.html#ENUMPORTSCOMMAND"
+TARGET="_top"
+><TT
+CLASS="PARAMETER"
+><I
+>enumports 
+command</I
+></TT
+></A
+> which can be used to define an external program 
+that generates a listing of ports on a system.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN85"
+NAME="AEN132"
 >The Imprints Toolset</A
 ></H1
 ><P
@@ -451,7 +665,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN89"
+NAME="AEN136"
 >What is Imprints?</A
 ></H2
 ><P
@@ -483,7 +697,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN99"
+NAME="AEN146"
 >Creating Printer Driver Packages</A
 ></H2
 ><P
@@ -499,7 +713,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN102"
+NAME="AEN149"
 >The Imprints server</A
 ></H2
 ><P
@@ -520,7 +734,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN106"
+NAME="AEN153"
 >The Installation Client</A
 ></H2
 ><P
@@ -565,24 +779,23 @@ CLASS="COMMAND"
 ><PRE
 CLASS="PROGRAMLISTING"
 >	
-		foreach (supported architecture for a given driver)
-		{
-			1.	rpcclient: Get the appropriate upload directory 
-				on the remote server
-			2.	smbclient: Upload the driver files
-			3.	rpcclient: Issues an AddPrinterDriver() MS-RPC
-		}
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
 	
-		4.	rpcclient: Issue an AddPrinterEx() MS-RPC to actually
-			create the printer
-		</PRE
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer</PRE
 ></P
 ><P
 >One of the problems encountered when implementing 
 		the Imprints tool set was the name space issues between 
 		various supported client architectures.  For example, Windows 
 		NT includes a driver named "Apple LaserWriter II NTX v51.8" 
-		and Windows 95 callsits version of this driver "Apple 
+		and Windows 95 calls its version of this driver "Apple 
 		LaserWriter II NTX"</P
 ><P
 >The problem is how to know what client drivers have 
@@ -598,7 +811,7 @@ CLASS="FILENAME"
 ></P
 ><P
 >will reveal that Windows NT always uses the NT driver 
-		name.  The is ok as Windows NT always requires that at least 
+		name.  This is ok as Windows NT always requires that at least 
 		the Windows NT version of the printer driver is present.  
 		However, Samba does not have the requirement internally.  
 		Therefore, how can you use the NT driver name if is has not 
@@ -615,18 +828,61 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN128"
+NAME="AEN175"
 ><A
 NAME="MIGRATION"
 ></A
->Migration to from Samba 2.0.x to 
-	2.2.x</A
+>Migration to from Samba 2.0.x to 2.2.x</A
 ></H1
 ><P
->Given that printer driver management has changed
-	(we hope improved :) ) in 2.2.0 over prior releases,
-	migration from an existing setup to 2.2.0 can follow
-	several paths.</P
+>Given that printer driver management has changed (we hope improved) in 
+2.2 over prior releases, migration from an existing setup to 2.2 can 
+follow several paths.</P
+><P
+>Windows clients have a tendency to remember things for quite a while.
+For example, if a Windows NT client has attached to a Samba 2.0 server,
+it will remember the server as a LanMan printer server.  Upgrading 
+the Samba host to 2.2 makes support for MSRPC printing possible, but 
+the NT client will still remember the previous setting.</P
+><P
+>In order to give an NT client printing "amnesia" (only necessary if you 
+want to use the newer MSRPC printing functionality in Samba), delete 
+the registry keys associated with the print server contained in 
+<TT
+CLASS="CONSTANT"
+>[HKLM\SYSTEM\CurrentControlSet\Control\Print]</TT
+>.  The 
+spooler service on the client should be stopped prior to doing this:</P
+><P
+><TT
+CLASS="PROMPT"
+>C:\WINNT\ &#62;</TT
+> <TT
+CLASS="USERINPUT"
+><B
+>net stop spooler</B
+></TT
+></P
+><P
+><I
+CLASS="EMPHASIS"
+>All the normal disclaimers about editing the registry go 
+here.</I
+>  Be careful, and know what you are doing.</P
+><P
+>The spooler service should be restarted after you have finished 
+removing the appropriate registry entries by replacing the 
+<B
+CLASS="COMMAND"
+>stop</B
+> command above with <B
+CLASS="COMMAND"
+>start</B
+>.</P
+><P
+>Windows 9x clients will continue to use LanMan printing calls
+with a 2.2 Samba server so there is no need to perform any of these
+modifications on non-NT clients.</P
 ><DIV
 CLASS="WARNING"
 ><P
@@ -639,16 +895,15 @@ WIDTH="100%"
 ><TD
 ALIGN="CENTER"
 ><B
->Warning</B
+>Achtung!</B
 ></TD
 ></TR
 ><TR
 ><TD
 ALIGN="LEFT"
 ><P
->The following smb.conf parameters are considered to be
-		depreciated and will be removed soon.  Do not use them
-		in new installations</P
+>The following smb.conf parameters are considered to be depreciated and will 
+be removed soon.  Do not use them in new installations</P
 ><P
 ></P
 ><UL
@@ -660,7 +915,7 @@ CLASS="PARAMETER"
 >printer driver file (G)</I
 ></TT
 >
-			</P
+	</P
 ></LI
 ><LI
 ><P
@@ -670,7 +925,7 @@ CLASS="PARAMETER"
 >printer driver (S)</I
 ></TT
 >
-			</P
+	</P
 ></LI
 ><LI
 ><P
@@ -680,7 +935,7 @@ CLASS="PARAMETER"
 >printer driver location (S)</I
 ></TT
 >
-			</P
+	</P
 ></LI
 ></UL
 ></TD
@@ -695,46 +950,54 @@ CLASS="PARAMETER"
 ><LI
 ><P
 >If you do not desire the new Windows NT 
-		print driver support, nothing needs to be done.  
-		All existing parameters work the same.</P
+	print driver support, nothing needs to be done.  
+	All existing parameters work the same.</P
 ></LI
 ><LI
 ><P
 >If you want to take advantage of NT printer 
-		driver support but do not want to migrate the 
-		9x drivers to the new setup, the leave the existing 
-		printers.def file.  When smbd attempts to locate a 
-		9x driver for the printer in the TDB and fails it 
-		will drop down to using the printers.def (and all 
-		associated parameters).  The <B
+	driver support but do not want to migrate the 
+	9x drivers to the new setup, the leave the existing 
+	printers.def file.  When smbd attempts to locate a 
+	9x driver for the printer in the TDB and fails it 
+	will drop down to using the printers.def (and all 
+	associated parameters).  The <B
 CLASS="COMMAND"
 >make_printerdef</B
 > 
-		tool will also remain for backwards compatibility but will 
-		be moved to the "this tool is the old way of doing it" 
-		pile.</P
+	tool will also remain for backwards compatibility but will 
+	be moved to the "this tool is the old way of doing it" 
+	pile.</P
 ></LI
 ><LI
 ><P
 >If you install a Windows 9x driver for a printer 
-		on your Samba host (in the printing TDB), this information will 
-		take precedence and the three old printing parameters
-		will be ignored (including print driver location).</P
+	on your Samba host (in the printing TDB), this information will 
+	take precedence and the three old printing parameters
+	will be ignored (including print driver location).</P
 ></LI
 ><LI
 ><P
 >If you want to migrate an existing <TT
 CLASS="FILENAME"
->		printers.def</TT
-> file into the new setup, the current only 
-		solution is to use the Windows NT APW to install the NT drivers 
-		and the 9x  drivers.  This can be scripted using smbclient and 
-		rpcclient.  See the <A
+>printers.def</TT
+> 
+	file into the new setup, the current only solution is to use the Windows 
+	NT APW to install the NT drivers and the 9x  drivers.  This can be scripted 
+	using <B
+CLASS="COMMAND"
+>smbclient</B
+> and <B
+CLASS="COMMAND"
+>rpcclient</B
+>.  See the 
+	Imprints installation client at <A
 HREF="http://imprints.sourceforge.net/"
 TARGET="_top"
->		Imprints insrallation client</A
-> for an example.
-		</P
+>http://imprints.sourceforge.net/</A
+> 
+	for an example.
+	</P
 ></LI
 ></UL
 ></DIV
diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html
index 0242f7b8270..53a0ea98dd2 100644
--- a/docs/htmldocs/rpcclient.1.html
+++ b/docs/htmldocs/rpcclient.1.html
@@ -37,7 +37,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >rpcclient</B
->  {server} [-A authfile] [-c &lt;command string&gt;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &lt;smb config file&gt;] [-U username[%password]] [-W workgroup] [-N]</P
+>  {server} [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -104,12 +104,21 @@ CLASS="FILENAME"
 		password used in the connection.  The format of the file is 
 		</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->		username = &lt;value&gt; 
-		password = &lt;value&gt;
-		domain   = &lt;value&gt;
+>		username = &#60;value&#62; 
+		password = &#60;value&#62;
+		domain   = &#60;value&#62;
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Make certain that the permissions on the file restrict 
@@ -128,7 +137,10 @@ CLASS="PROGRAMLISTING"
 ><P
 >set the debuglevel. Debug level 0 is the lowest 
 		and 100 being the highest. This should be set to 100 if you are
-		planning on submitting a bug report to the Samba team (see BUGS.txt). 
+		planning on submitting a bug report to the Samba team (see <TT
+CLASS="FILENAME"
+>BUGS.txt</TT
+>). 
 		</P
 ></DD
 ><DT
@@ -142,8 +154,12 @@ CLASS="PROGRAMLISTING"
 >-l logbasename</DT
 ><DD
 ><P
->File name for log/debug files. .client will be 
-		appended. The log file is never removed  by the client.
+>File name for log/debug files. The extension 
+		<TT
+CLASS="CONSTANT"
+>'.client'</TT
+> will be appended. The log file is never removed  
+		by the client.
 		</P
 ></DD
 ><DT
@@ -189,7 +205,7 @@ CLASS="ENVAR"
 		<TT
 CLASS="ENVAR"
 >LOGNAME</TT
-> variable and if either exist, the 
+> variable and if either exists, the 
 		string is uppercased. If these environmental variables are not 
 		found, the username <TT
 CLASS="CONSTANT"
@@ -226,14 +242,8 @@ CLASS="COMMAND"
 ><DD
 ><P
 >Set the SMB domain of the username.   This 
-		overrides the default  domain which is the domain of the 
-		server specified with the  <TT
-CLASS="PARAMETER"
-><I
->-S</I
-></TT
-> option.  
-		If the domain specified is the same as the server's NetBIOS name, 
+		overrides the default domain which is the domain defined in 
+		smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
 		it causes the client to log on using the  server's local SAM (as 
 		opposed to the Domain SAM). </P
 ></DD
@@ -243,14 +253,13 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN91"
+NAME="AEN92"
 ></A
 ><H2
 >COMMANDS</H2
 ><P
-><I
-CLASS="EMPHASIS"
->LSARPC</I
+><EM
+>LSARPC</EM
 ></P
 ><P
 ></P
@@ -267,14 +276,18 @@ CLASS="COMMAND"
 ><B
 CLASS="COMMAND"
 >lookupsids</B
-></P
+> - Resolve a list 
+		of SIDs to usernames.
+		</P
 ></LI
 ><LI
 ><P
 ><B
 CLASS="COMMAND"
 >lookupnames</B
-></P
+> - Resolve s list 
+		of usernames to SIDs.
+		</P
 ></LI
 ><LI
 ><P
@@ -287,9 +300,8 @@ CLASS="COMMAND"
 ><P
 > </P
 ><P
-><I
-CLASS="EMPHASIS"
->SAMR</I
+><EM
+>SAMR</EM
 ></P
 ><P
 ></P
@@ -322,13 +334,40 @@ CLASS="COMMAND"
 >querygroupmem</B
 ></P
 ></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>queryaliasmem</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>querydispinfo</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>querydominfo</B
+></P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
+>enumdomgroups</B
+></P
+></LI
 ></UL
 ><P
 > </P
 ><P
-><I
-CLASS="EMPHASIS"
->SPOOLSS</I
+><EM
+>SPOOLSS</EM
 ></P
 ><P
 ></P
@@ -337,7 +376,7 @@ CLASS="EMPHASIS"
 ><P
 ><B
 CLASS="COMMAND"
->adddriver &lt;arch&gt; &lt;config&gt;</B
+>adddriver &#60;arch&#62; &#60;config&#62;</B
 > 
 		- Execute an AddPrinterDriver() RPC to install the printer driver 
 		information on the server.  Note that the driver files should 
@@ -364,6 +403,12 @@ CLASS="PARAMETER"
 > parameter is defined as 
 		follows: </P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		Long Printer Name:\
@@ -375,6 +420,9 @@ CLASS="PROGRAMLISTING"
 		Default Data Type:\
 		Comma Separated list of Files
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Any empty fields should be enter as the string "NULL". </P
@@ -390,8 +438,8 @@ CLASS="PROGRAMLISTING"
 ><P
 ><B
 CLASS="COMMAND"
->addprinter &lt;printername&gt; 
-		&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</B
+>addprinter &#60;printername&#62; 
+		&#60;sharename&#62; &#60;drivername&#62; &#60;port&#62;</B
 > 
 		- Add a printer on the remote server.  This printer 
  		will be automatically shared.  Be aware that the printer driver 
@@ -414,6 +462,17 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
+>deldriver</B
+> - Delete the 
+		specified printer driver for all architectures.  This
+		does not delete the actual driver files from the server,
+		only the entry from the server's list of drivers.
+		</P
+></LI
+><LI
+><P
+><B
+CLASS="COMMAND"
 >enumdata</B
 > - Enumerate all 
 		printer setting data stored on the server. On Windows NT  clients, 
@@ -426,7 +485,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->enumjobs &lt;printer&gt;</B
+>enumjobs &#60;printer&#62;</B
 > 
 		- List the jobs and status of a given printer.  
 		This command corresponds to the MS Platform SDK EnumJobs() 
@@ -468,7 +527,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->getdata &lt;printername&gt;</B
+>getdata &#60;printername&#62;</B
 > 
 		- Retrieve the data for a given printer setting.  See 
 		the  <B
@@ -482,7 +541,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->getdriver &lt;printername&gt;</B
+>getdriver &#60;printername&#62;</B
 > 
 		- Retrieve the printer driver information (such as driver file, 
 		config file, dependent files, etc...) for 
@@ -494,7 +553,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->getdriverdir &lt;arch&gt;</B
+>getdriverdir &#60;arch&#62;</B
 > 
 		- Execute a GetPrinterDriverDirectory()
 		RPC to retreive the SMB share name and subdirectory for 
@@ -512,7 +571,7 @@ CLASS="PARAMETER"
 ><P
 ><B
 CLASS="COMMAND"
->getprinter &lt;printername&gt;</B
+>getprinter &#60;printername&#62;</B
 > 
 		- Retrieve the current printer information.  This command 
 		corresponds to the GetPrinter() MS Platform SDK function. 
@@ -522,7 +581,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->openprinter &lt;printername&gt;</B
+>openprinter &#60;printername&#62;</B
 > 
 		- Execute an OpenPrinterEx() and ClosePrinter() RPC 
 		against a given printer. </P
@@ -531,7 +590,7 @@ CLASS="COMMAND"
 ><P
 ><B
 CLASS="COMMAND"
->setdriver &lt;printername&gt; &lt;drivername&gt;</B
+>setdriver &#60;printername&#62; &#60;drivername&#62;</B
 > 
 		- Execute a SetPrinter() command to update the printer driver associated
 		with an installed printer.  The printer driver must already be correctly
@@ -549,9 +608,8 @@ CLASS="COMMAND"
 ></LI
 ></UL
 ><P
-><I
-CLASS="EMPHASIS"
->GENERAL OPTIONS</I
+><EM
+>GENERAL OPTIONS</EM
 ></P
 ><P
 ></P
@@ -589,7 +647,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN196"
+NAME="AEN212"
 ></A
 ><H2
 >BUGS</H2
@@ -604,15 +662,14 @@ CLASS="COMMAND"
 ><P
 >From Luke Leighton's original rpcclient man page:</P
 ><P
-><I
-CLASS="EMPHASIS"
->"WARNING!</I
+><EM
+>"WARNING!</EM
 > The MSRPC over SMB code has 
 	been developed from examining  Network traces. No documentation is 
 	available from the original creators  (Microsoft) on how MSRPC over 
 	SMB works, or how the individual MSRPC services  work. Microsoft's 
 	implementation of these services has been demonstrated  (and reported) 
-	to be... a bit flakey in places. </P
+	to be... a bit flaky in places. </P
 ><P
 >The development of Samba's implementation is also a bit rough, 
 	and as more  of the services are understood, it can even result in 
@@ -631,7 +688,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN206"
+NAME="AEN222"
 ></A
 ><H2
 >VERSION</H2
@@ -642,7 +699,7 @@ NAME="AEN206"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN209"
+NAME="AEN225"
 ></A
 ><H2
 >AUTHOR</H2
@@ -653,7 +710,7 @@ NAME="AEN209"
 	to the way the Linux kernel is developed.</P
 ><P
 >The original rpcclient man page was written by Matthew 
-	Geddes, Luke Kenneth Casson, and rewriten by Gerald Carter.  
+	Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.  
 	The conversion to DocBook for Samba 2.2 was done by Gerald 
 	Carter.</P
 ></DIV
diff --git a/docs/htmldocs/samba-pdc-faq.html b/docs/htmldocs/samba-pdc-faq.html
index 058a5d5f518..d9c204bf1b5 100644
--- a/docs/htmldocs/samba-pdc-faq.html
+++ b/docs/htmldocs/samba-pdc-faq.html
@@ -45,9 +45,9 @@ NAME="AEN12"
 ></H1
 ><P
 >	This is the FAQ for Samba 2.2 as an NTDomain controller. 
-	This document is derived from the origional FAQ that was built and 
+	This document is derived from the original FAQ that was built and 
 	maintained by Gerald Carter from the early days of Samba NTDomain development 
-	up until recently.  It is now being updated as significent changes are 
+	up until recently.  It is now being updated as significant changes are 
 	made to 2.2.0.
 	</P
 ><P
@@ -165,7 +165,7 @@ HREF="#AEN103"
 ><A
 HREF="#AEN110"
 >"The machine account for this computer either does not 
-exist or is not accessable."</A
+exist or is not accessible."</A
 ></DT
 ><DT
 ><A
@@ -256,7 +256,7 @@ HREF="#AEN180"
 ><DT
 ><A
 HREF="#AEN182"
->What are 'Policies' ?.</A
+>What are 'Policies' ?</A
 ></DT
 ><DT
 ><A
@@ -314,12 +314,12 @@ HREF="#AEN248"
 ><A
 HREF="#AEN250"
 >What editor can I use in DOS/Windows that won't 
-mess with my unix EOF</A
+mess with my unix EOF ?</A
 ></DT
 ><DT
 ><A
 HREF="#AEN263"
->How do I get 'User Manager' and 'Server Manager'</A
+>How do I get 'User Manager' and 'Server Manager' ?</A
 ></DT
 ><DT
 ><A
@@ -334,7 +334,7 @@ HREF="#AEN282"
 ><DT
 ><A
 HREF="#AEN286"
->How do I get my samba server to become a member ( not PDC ) of an NT domain?</A
+>How do I get my samba server to become a member ( not PDC ) of an NT domain ?</A
 ></DT
 ></DL
 ></DD
@@ -358,13 +358,13 @@ HREF="#AEN292"
 ><A
 HREF="#AEN294"
 >What are some diagnostics tools I can use to debug the domain logon process and where can I
-	find them?</A
+	find them ?</A
 ></DT
 ><DT
 ><A
 HREF="#AEN309"
 >How do I install 'Network Monitor' on an NT Workstation 
-or a Windows 9x box?</A
+or a Windows 9x box ?</A
 ></DT
 ></DL
 ></DD
@@ -419,13 +419,13 @@ CLASS="FILENAME"
 > dialog
 	will let you reset the smbpasswd. That is you don't need to do it from
 	the unix box. However, at the present, you do need to have root as an 
-	administrator and use the root user name and password.</P
+	administrator and use the root username and password.</P
 ><P
 ><B
 CLASS="COMMAND"
 >Policies</B
 > do work on a W2K machine. MS says that recent 
-	builds of W2K dont observe an NT policy but it appears it does in 'legacy' 
+	builds of W2K don't observe an NT policy but it appears it does in 'legacy' 
 	mode.</P
 ></DIV
 ><DIV
@@ -437,7 +437,7 @@ NAME="AEN27"
 >Introduction</A
 ></H1
 ><P
->	This FAQ was origionally compiled by Jerry Carter (gc) chiefly dealing 
+>	This FAQ was originally compiled by Jerry Carter (gc) chiefly dealing 
 	with the 'old HEAD' version of Samba and its NTDomain facilities. It is 
 	being rewritten by David Bannon (drb) so that it addresses more 
 	accurately the Samba 2.2.x release. 
@@ -454,7 +454,7 @@ TARGET="_top"
 	</P
 ><P
 >Hopefully, as we all become familiar with the Samba 2.2 as a 
-	PDC this document will become much more usefull.</P
+	PDC this document will become much more useful.</P
 ></DIV
 ></DIV
 ><DIV
@@ -532,7 +532,7 @@ NAME="AEN37"
 ></LI
 ></UL
 ><P
->	These things are note expected to work in the forseeable future:
+>	These things are not expected to work in the foreseeable future:
 	</P
 ><P
 ></P
@@ -558,7 +558,7 @@ controlled domain?</A
 ></H2
 ><P
 >	The 2.2 release branch of Samba  supports Windows 2000 domain 
-	clients in legacy mode, ie as if the PDC is a NTServer, not a
+	clients in legacy mode, i.e. as if the PDC is a NTServer, not a
 	W2K server.
 	</P
 ></DIV
@@ -572,7 +572,7 @@ NAME="AEN65"
 >CVS</A
 ></H1
 ><P
->	CVS is a programme (publically available) that the Samba developers 
+>	CVS is a program (publicly available) that the Samba developers 
 	use to maintain the central source code. Non developers can get 
 	access to the source in a read only capacity. Many flavours of unix 
 	now arrive with cvs installed.</P
@@ -606,7 +606,7 @@ CLASS="VARIABLELIST"
 ><P
 >Samba 3.0 ? This code boasts all the main 
 		development work in Samba. Due to its developmental
-		nature, its not really suitable for production work.
+		nature, it's not really suitable for production work.
 		</P
 ></DD
 ><DT
@@ -693,7 +693,7 @@ controlled Domain?</A
 HREF="samba-pdc-howto.html"
 TARGET="_top"
 >HOWTO</A
-> accessable from the samba web 
+> accessible from the samba web 
 	site under 'Documentation'. Read it.
 	</P
 ></DIV
@@ -734,11 +734,11 @@ CLASS="SECT2"
 ><A
 NAME="AEN110"
 >"The machine account for this computer either does not 
-exist or is not accessable."</A
+exist or is not accessible."</A
 ></H2
 ><P
 >	When I try to join the domain I get the message "The machine account 
-	for this computer either does not exist or is not accessable". Whats 
+	for this computer either does not exist or is not accessible". Whats 
 	wrong ?
 	</P
 ><P
@@ -802,7 +802,7 @@ CLASS="COMMAND"
 	path to the <B
 CLASS="COMMAND"
 >smbpasswd</B
-> programme, do this :
+> program, do this :
 	</P
 ><P
 >	<B
@@ -812,7 +812,7 @@ CLASS="COMMAND"
 	</P
 ><P
 >	The entry will be created with a well known password, so any machine that 
-	says its doppy could join the domain as long as it gets in first. So 
+	says it's doppy could join the domain as long as it gets in first. So 
 	don't create the accounts any earlier than you need them.
 	</P
 ></DIV
@@ -854,7 +854,7 @@ when creating a machine account.</A
 ><P
 >	This happens if you try to create a machine account from the 
 	machine itself and use a user	name that does not work (for whatever 
-	reason) and then try another (possibly valid) user name.
+	reason) and then try another (possibly valid) username.
 	Exit out of the network applet to close the initial connection 
 	and try again.
 	</P
@@ -891,7 +891,7 @@ NAME="AEN143"
 ><P
 >I joined the domain successfully but after upgrading 
 	to a newer version of the Samba code I get the message, "The system 
-	can not log you on (C000019B), Please try a gain or consult your 
+	can not log you on (C000019B), Please try again or consult your 
 	system administrator" when attempting to logon.
 	</P
 ><P
@@ -1029,14 +1029,14 @@ HREF="#AEN278"
 >
 	</P
 ><P
->	Make sure that the "logon path" is writeable by the user and make sure 
+>	Make sure that the "logon path" is writable by the user and make sure 
 	that the connection to the logon path location is by the current user.   
-	Sometimes Windows client do not drop the connection immediately upon 
+	Sometimes Windows clients do not drop the connection immediately upon 
 	logoff.
 	</P
 ><P
 >	Some people have reported that the logon path location should 
-	also be browseable.  I (GC) have yet to emperically verify this, 
+	also be browseable.  I (GC) have yet to empirically verify this, 
 	but you can try.</P
 ></DIV
 ></DIV
@@ -1054,13 +1054,13 @@ CLASS="SECT2"
 CLASS="SECT2"
 ><A
 NAME="AEN182"
->What are 'Policies' ?.</A
+>What are 'Policies' ?</A
 ></H2
 ><P
 >	When a user logs onto the domain via a client machine, the PDC 
 	sends the client machine a list of things contained in the 
 	'policy' (if it exists).  This list may do things like suppress 
-	a splach screen, format the dates the way you like them or perhaps 
+	a splash screen, format the dates the way you like them or perhaps 
 	remove locally stored profiles.
 	</P
 ><P
@@ -1070,7 +1070,7 @@ CLASS="FILENAME"
 >ntconfig.pol</TT
 > and located in the [netlogon] 
 	share. The file is created with a policy editor and must be readable 
-	by anyone and writeable by only root. See <A
+	by anyone and writable by only root. See <A
 HREF="#AEN203"
 >    below</A
 > for how  to get a suitable editor.
@@ -1102,7 +1102,7 @@ CLASS="PROGRAMLISTING"
 ></P
 ><P
 >	A policy file must be in the [netlogon] share and must be 
-    readable by everyone and writeable by only root. The file 
+    readable by everyone and writable by only root. The file 
 	must be created by an NTServer <A
 HREF="#AEN203"
 >Policy 
@@ -1170,7 +1170,7 @@ CLASS="EMPHASIS"
 >. 
     Further, although the Windows 95 
 	Policy Editor can be installed on an NT Workstation/Server, it will not
-	work with NT policies because the registry key that are set by the policy templates. 
+	work with NT policies because of the registry keys that are set by the policy templates. 
 	However, the files from the NT Server will run happily enough on an NTws. 
 	You need <TT
 CLASS="FILENAME"
@@ -1192,7 +1192,7 @@ CLASS="FILENAME"
     <B
 CLASS="COMMAND"
 >servicepackname /x</B
->, ie thats <B
+>, i.e. that's <B
 CLASS="COMMAND"
 >Nt4sp6ai.exe 
 	/x</B
@@ -1201,7 +1201,7 @@ CLASS="COMMAND"
 >poledt.exe</B
 > and the 
 	associated template files (*.adm) should
-	be extracted as well.  It is also possible to downloaded the policy template 
+	be extracted as well.  It is also possible to download the policy template 
 	files for Office97 and get a copy of the policy editor.  Another possible 
 	location is with the Zero Administration Kit available for download from Microsoft.
     </P
@@ -1261,7 +1261,7 @@ CLASS="FILENAME"
 CLASS="FILENAME"
 >/etc/shadow</TT
 >). 
-	In lots of situations thats OK, for example :
+	In lots of situations that's OK, for example :
 	</P
 ><P
 ></P
@@ -1278,10 +1278,10 @@ CLASS="FILENAME"
 ></LI
 ></UL
 ><P
->	But sometimes you really do need to maintain two seperate password 
+>	But sometimes you really do need to maintain two separate password 
 	databases and there are good reasons to keep then in sync.  Trying 
 	to explain to users that they need to change their passwords in two 
-	seperate places or use two seperate passwords is not fun.
+	separate places or use two separate passwords is not fun.
 	</P
 ><P
 >	However do understand that setting up password sync is not without 
@@ -1358,11 +1358,11 @@ CLASS="SECT2"
 ><A
 NAME="AEN250"
 >What editor can I use in DOS/Windows that won't 
-mess with my unix EOF</A
+mess with my unix EOF ?</A
 ></H2
 ><P
 >There are a number of Windows or DOS based editors that will 
-	understand, and leave intact, the unix eof (as opposed to a DOS CL/LF). 
+	understand, and leave intact, the unix eof (as opposed to a DOS CR/LF). 
 	List members suggested :
 	</P
 ><P
@@ -1390,7 +1390,7 @@ TARGET="_top"
 HREF="http://www.lancs.ac.uk/people/cpaap/pfe/"
 TARGET="_top"
 >		www.lancs.ac.uk/people/cpaap/pfe/</A
-> but its no longer being developed...</P
+> but it's no longer being developed...</P
 ></LI
 ></UL
 ></DIV
@@ -1400,7 +1400,7 @@ CLASS="SECT2"
 CLASS="SECT2"
 ><A
 NAME="AEN263"
->How do I get 'User Manager' and 'Server Manager'</A
+>How do I get 'User Manager' and 'Server Manager' ?</A
 ></H2
 ><P
 >	Since I don't need to buy an NT Server CD now, how do I get 
@@ -1409,7 +1409,7 @@ NAME="AEN263"
 ><P
 >	Microsoft distributes a version of 
 	these tools called nexus for installation on Windows 95 systems.  The 
-	tools set includes
+	tool set includes
 	</P
 ><P
 ></P
@@ -1482,7 +1482,7 @@ CLASS="SECT2"
 CLASS="SECT2"
 ><A
 NAME="AEN286"
->How do I get my samba server to become a member ( not PDC ) of an NT domain?</A
+>How do I get my samba server to become a member ( not PDC ) of an NT domain ?</A
 ></H2
 ><P
 >	Please refer to the <A
@@ -1517,11 +1517,11 @@ CLASS="SECT2"
 ><A
 NAME="AEN294"
 >What are some diagnostics tools I can use to debug the domain logon process and where can I
-	find them?</A
+	find them ?</A
 ></H2
 ><P
 >	One of the best diagnostic tools for debugging problems is Samba itself.  
-	You can use the -d option for both smbd and nmbd to specifiy what 
+	You can use the -d option for both smbd and nmbd to specify what 
 	'debug level' at which to run.  See the man pages on smbd, nmbd  and 
 	smb.conf for more information on debugging options.  The debug 
 	level can range from 1 (the default) to 10 (100 for debugging passwords).
@@ -1532,19 +1532,19 @@ NAME="AEN294"
 CLASS="COMMAND"
 >gcc -g </B
 > flag.   This will include debug 
-	information in the binaries and allow you to attch gdb to the 
+	information in the binaries and allow you to attach gdb to the 
 	running smbd / nmbd process.  In order to attach gdb to an smbd 
 	process for an NT workstation, first get the workstation to make the 
-	connection. Pressing ctrl-alt-delete and going down to the domain box 
+	connection. Pressing Ctrl-Alt-Del and going down to the domain box 
 	is sufficient (at least, on the first time you join the domain) to 
 	generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation 
 	maintains an open connection, and therefore there will be an smbd 
 	process running (assuming that you haven't set a really short smbd 
-	idle timeout)  So, in between pressing ctrl alt delete, and actually 
+	idle timeout)  So, in between pressing Ctrl-Alt-Del, and actually 
 	typing in your password, you can gdb attach and continue.
 	</P
 ><P
->	Some usefull samba commands worth investigating:
+>	Some useful samba commands worth investigating:
 	</P
 ><P
 ></P
@@ -1563,7 +1563,7 @@ CLASS="COMMAND"
     <A
 HREF="http://www.tcpdump.org/"
 TARGET="_top"
->http://www.tcpdup.org/</A
+>http://www.tcpdump.org/</A
 >.
 	Ethereal, another good packet sniffer for UNIX and Win32
 	hosts, can be downloaded from <A
@@ -1573,11 +1573,11 @@ TARGET="_top"
 >.
 	</P
 ><P
->	For tracing things on the Microsoft Windows NT, Network Monitor 
+>	For tracing things on Microsoft Windows NT, Network Monitor 
 	(aka. netmon) is available on the Microsoft Developer Network CD's, 
 	the Windows NT Server install CD and the SMS CD's.  The version of 
 	netmon that ships with SMS allows for dumping packets between any two 
-	computers (ie. placing the network interface in promiscuous mode).  
+	computers (i.e. placing the network interface in promiscuous mode).  
 	The version on the NT Server install CD will only allow monitoring 
 	of network traffic directed to the local NT box and broadcasts on the 
 	local subnet.  Be aware that Ethereal can read and write netmon 
@@ -1591,7 +1591,7 @@ CLASS="SECT2"
 ><A
 NAME="AEN309"
 >How do I install 'Network Monitor' on an NT Workstation 
-or a Windows 9x box?</A
+or a Windows 9x box ?</A
 ></H2
 ><P
 >	Installing netmon on an NT workstation requires a couple 
@@ -1732,13 +1732,13 @@ CLASS="EMPHASIS"
 ></LI
 ><LI
 ><P
-> Ignacio Coupeau has a very comprehesive look at LDAP with Samba at 
+> Ignacio Coupeau has a very comprehensive look at LDAP with Samba at 
 		<A
 HREF="http://www.unav.es/cti/ldap-smb-howto.html"
 TARGET="_top"
 >		http://www.unav.es/cti/ldap-smb-howto.html</A
 > 
-		Be a little carefull however, I suspect that it does not specificly 
+		Be a little careful however, I suspect that it does not specifically 
 		address samba 2.2.x. The HEAD pre-2.1 may possibly be the best
 		stream to look at.</P
 ></LI
@@ -1754,7 +1754,7 @@ HREF="http://www.kneschke.de/projekte/samba_tng"
 TARGET="_top"
 >		http://www.kneschke.de/projekte/samba_tng</A
 >, but again, a 
-		lot of it does not apply to the main stream Samba.</P
+		lot of it does not apply to the mainstream Samba.</P
 ></LI
 ><LI
 ><P
@@ -1839,7 +1839,7 @@ TARGET="_top"
 >http://www.samba-tng.org/</A
 > 
 	    It has been requested that you don't post questions about Samba-TNG to the
-        main stream Samba lists.</P
+        mainstream Samba lists.</P
 ><P
 ></P
 ><P
@@ -1872,18 +1872,18 @@ TARGET="_top"
 > Try and make your question clear and brief, lots of long, 
 		convoluted questions get deleted before	they are completely read ! 
 		Don't post html encoded messages (if you can select colour or font 
-		size its html).</P
+		size it's html).</P
 ></LI
 ><LI
 ><P
-> If you run one of those niffy 'I'm on holidays' things when 
+> If you run one of those nifty 'I'm on holidays' things when 
 		you are away, make sure its configured	to not answer mailing lists.
 		</P
 ></LI
 ><LI
 ><P
 > Don't cross post. Work out which is the best list to post to 
-		and see what happens, ie don't post to both samba-ntdom and samba-technical.
+		and see what happens, i.e. don't post to both samba-ntdom and samba-technical.
         Many people active on the lists subscribe to more 
 		than one list and get annoyed to see the same message two or more times. 
 		Often someone will see a message and thinking it would be better dealt 
@@ -1943,7 +1943,7 @@ TARGET="_top"
 ></P
 ><P
 >	Please don't post messages to the list asking to be removed, you will just
-        be refered to the above address (unless that process failed in some way...)
+        be referred to the above address (unless that process failed in some way...)
     </P
 ></DIV
 ></DIV
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html
index 7c4ff0b3658..963935a3c88 100644
--- a/docs/htmldocs/smb.conf.5.html
+++ b/docs/htmldocs/smb.conf.5.html
@@ -123,9 +123,8 @@ NAME="AEN28"
 ><P
 >There are three special sections, [global],
 	[homes] and [printers], which are
-	described under <I
-CLASS="EMPHASIS"
->special sections</I
+	described under <EM
+>special sections</EM
 >. The
 	following notes apply to ordinary section descriptions.</P
 ><P
@@ -139,14 +138,12 @@ CLASS="EMPHASIS"
 	printable services (used by the client to access print services 
 	on the host running the server).</P
 ><P
->Sections may be designated <I
-CLASS="EMPHASIS"
->guest</I
+>Sections may be designated <EM
+>guest</EM
 > services, 
 	in which case no password is required to access them. A specified 
-	UNIX <I
-CLASS="EMPHASIS"
->guest account</I
+	UNIX <EM
+>guest account</EM
 > is used to define access
 	privileges in this case.</P
 ><P
@@ -168,6 +165,12 @@ CLASS="FILENAME"
 >/home/bar</TT
 >. 
 	The share is accessed via the share name "foo":</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >	<TT
@@ -178,16 +181,24 @@ CLASS="COMPUTEROUTPUT"
 	</TT
 >
 	</PRE
+></TD
+></TR
+></TABLE
 ><P
 >The following sample section defines a printable share. 
 	The share is readonly, but printable. That is, the only write 
 	access permitted is via calls to open, write to and close a 
-	spool file. The <I
-CLASS="EMPHASIS"
->guest ok</I
+	spool file. The <EM
+>guest ok</EM
 > parameter means 
 	access will be permitted as the default guest user (specified 
 	elsewhere):</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >	<TT
@@ -200,6 +211,9 @@ CLASS="COMPUTEROUTPUT"
 	</TT
 >
 	</PRE
+></TD
+></TR
+></TABLE
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -257,9 +271,8 @@ NAME="AEN53"
 ></LI
 ></UL
 ><P
->If you decide to use a <I
-CLASS="EMPHASIS"
->path=</I
+>If you decide to use a <EM
+>path=</EM
 > line 
 		in your [homes] section then you may find it useful 
 		to use the %S macro. For example :</P
@@ -288,6 +301,12 @@ CLASS="USERINPUT"
 		a normal service section can specify, though some make more sense 
 		than others. The following is a typical and suitable [homes]
 		section:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >		<TT
@@ -297,23 +316,23 @@ CLASS="COMPUTEROUTPUT"
 		</TT
 >
 		</PRE
+></TD
+></TR
+></TABLE
 ><P
 >An important point is that if guest access is specified 
 		in the [homes] section, all home directories will be 
-		visible to all clients <I
-CLASS="EMPHASIS"
->without a password</I
+		visible to all clients <EM
+>without a password</EM
 >. 
 		In the very unlikely event that this is actually desirable, it 
-		would be wise to also specify <I
-CLASS="EMPHASIS"
+		would be wise to also specify <EM
 >read only
-		access</I
+		access</EM
 >.</P
 ><P
->Note that the <I
-CLASS="EMPHASIS"
->browseable</I
+>Note that the <EM
+>browseable</EM
 > flag for 
 		auto home directories will be inherited from the global browseable 
 		flag, not the [homes] browseable flag. This is useful as 
@@ -376,6 +395,12 @@ NAME="AEN78"
 		world-writeable spool directory with the sticky bit set on 
 		it. A typical [printers] entry would look like 
 		this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 ><TT
@@ -386,12 +411,21 @@ CLASS="COMPUTEROUTPUT"
  			printable = yes 
 		</TT
 ></PRE
+></TD
+></TR
+></TABLE
 ><P
 >All aliases given for a printer in the printcap file 
 		are legitimate printer names as far as the server is concerned. 
 		If your printing subsystem doesn't work like that, you will have 
 		to set up a pseudo-printcap. This is a file consisting of one or 
 		more lines like this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >		<TT
@@ -400,6 +434,9 @@ CLASS="COMPUTEROUTPUT"
 		</TT
 >
 		</PRE
+></TD
+></TR
+></TABLE
 ><P
 >Each alias should be an acceptable printer name for 
 		your printing subsystem. In the [global] section, specify 
@@ -431,29 +468,24 @@ NAME="AEN101"
 >parameters define the specific attributes of sections.</P
 ><P
 >Some parameters are specific to the [global] section
-	(e.g., <I
-CLASS="EMPHASIS"
->security</I
+	(e.g., <EM
+>security</EM
 >).  Some parameters are usable 
-	in all sections (e.g., <I
-CLASS="EMPHASIS"
->create mode</I
+	in all sections (e.g., <EM
+>create mode</EM
 >). All others 
 	are permissible only in normal sections. For the purposes of the 
 	following descriptions the [homes] and [printers]
-	sections will be considered normal.  The letter <I
-CLASS="EMPHASIS"
->G</I
+	sections will be considered normal.  The letter <EM
+>G</EM
 > 
 	in parentheses indicates that a parameter is specific to the
-	[global] section. The letter <I
-CLASS="EMPHASIS"
->S</I
+	[global] section. The letter <EM
+>S</EM
 >
 	indicates that a parameter can be specified in a service specific
-	section. Note that all <I
-CLASS="EMPHASIS"
->S</I
+	section. Note that all <EM
+>S</EM
 > parameters can also be specified in 
 	the [global] section - in which case they will define
 	the default behavior for all services.</P
@@ -570,9 +602,8 @@ CLASS="VARIABLELIST"
 ><P
 >the name of your NIS home directory server.  
 		This is obtained from your NIS auto.map entry.  If you have 
-		not compiled Samba with the <I
-CLASS="EMPHASIS"
->--with-automount</I
+		not compiled Samba with the <EM
+>--with-automount</EM
 > 
 		option then this value will be the same as %.</P
 ></DD
@@ -682,9 +713,8 @@ CLASS="VARIABLELIST"
 > controls if names that have characters that 
 		aren't of the "default" case are mangled. For example, 
 		if this is yes then a name like "Mail" would be mangled. 
-		Default <I
-CLASS="EMPHASIS"
->no</I
+		Default <EM
+>no</EM
 >.</P
 ></DD
 ><DT
@@ -693,9 +723,8 @@ CLASS="EMPHASIS"
 ><P
 >controls whether filenames are case sensitive. If 
 		they aren't then Samba must do a filename search and match on passed 
-		names. Default <I
-CLASS="EMPHASIS"
->no</I
+		names. Default <EM
+>no</EM
 >.</P
 ></DD
 ><DT
@@ -703,9 +732,8 @@ CLASS="EMPHASIS"
 ><DD
 ><P
 >controls what the default case is for new 
-		filenames. Default <I
-CLASS="EMPHASIS"
->lower</I
+		filenames. Default <EM
+>lower</EM
 >.</P
 ></DD
 ><DT
@@ -714,9 +742,8 @@ CLASS="EMPHASIS"
 ><P
 >controls if new files are created with the 
 		case that the client passes, or if they are forced to be the 
-		"default" case. Default <I
-CLASS="EMPHASIS"
->yes</I
+		"default" case. Default <EM
+>yes</EM
 >.
 		</P
 ></DD
@@ -729,9 +756,8 @@ CLASS="EMPHASIS"
 		upper case, or if they are forced to be the "default" 
 		case. This option can be use with "preserve case = yes" 
 		to permit long filenames to retain their case, while short names 
-		are lowered. Default <I
-CLASS="EMPHASIS"
->yes</I
+		are lowercased. Default <EM
+>yes</EM
 >.</P
 ></DD
 ></DL
@@ -782,7 +808,7 @@ CLASS="REPLACEABLE"
 ></LI
 ><LI
 ><P
->The client's netbios name and any previously 
+>The client's NetBIOS name and any previously 
 		used user names are checked against the supplied password, if 
 		they match then the connection is allowed as the corresponding 
 		user.</P
@@ -833,11 +859,11 @@ NAME="AEN253"
 ><LI
 ><P
 ><A
-HREF="#ADDUSERSCRIPT"
+HREF="#ADDPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->add user script</I
+>add printer command</I
 ></TT
 ></A
 ></P
@@ -845,11 +871,23 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#ADDPRINTERCOMMAND"
+HREF="#ADDSHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#ADDUSERSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
->addprinter command</I
+>add user script</I
 ></TT
 ></A
 ></P
@@ -941,6 +979,18 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
+HREF="#CHANGESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
 HREF="#CHARACTERSET"
 ><TT
 CLASS="PARAMETER"
@@ -1097,23 +1147,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DELETEUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->delete user script</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
 HREF="#DELETEPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->deleteprinter command</I
+>delete printer command</I
 ></TT
 ></A
 ></P
@@ -1121,11 +1159,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DFREECOMMAND"
+HREF="#DELETESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->dfree command</I
+>delete share command</I
 ></TT
 ></A
 ></P
@@ -1133,11 +1171,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DNSPROXY"
+HREF="#DELETEUSERSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
->dns proxy</I
+>delete user script</I
 ></TT
 ></A
 ></P
@@ -1145,11 +1183,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DOMAINADMINGROUP"
+HREF="#DFREECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain admin group</I
+>dfree command</I
 ></TT
 ></A
 ></P
@@ -1157,11 +1195,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DOMAINADMINUSERS"
+HREF="#DNSPROXY"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain admin users</I
+>dns proxy</I
 ></TT
 ></A
 ></P
@@ -1169,11 +1207,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DOMAINGROUPS"
+HREF="#DOMAINADMINGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain groups</I
+>domain admin group</I
 ></TT
 ></A
 ></P
@@ -1193,18 +1231,6 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#DOMAINGUESTUSERS"
-><TT
-CLASS="PARAMETER"
-><I
->domain guest users</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
 HREF="#DOMAINLOGONS"
 ><TT
 CLASS="PARAMETER"
@@ -1841,6 +1867,18 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
+HREF="#OBEYPAMRESTRICTIONS"
+><TT
+CLASS="PARAMETER"
+><I
+>obey pam restrictions</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
 HREF="#OPLOCKBREAKWAITTIME"
 ><TT
 CLASS="PARAMETER"
@@ -1877,6 +1915,18 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
 HREF="#PANICACTION"
 ><TT
 CLASS="PARAMETER"
@@ -2537,18 +2587,6 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="#UNIXREALNAME"
-><TT
-CLASS="PARAMETER"
-><I
->unix realname</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
 HREF="#UPDATEENCRYPTED"
 ><TT
 CLASS="PARAMETER"
@@ -2743,7 +2781,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN893"
+NAME="AEN897"
 ></A
 ><H2
 >COMPLETE LIST OF SERVICE PARAMETERS</H2
@@ -4162,7 +4200,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN1365"
+NAME="AEN1369"
 ></A
 ><H2
 >EXPLANATION OF EACH PARAMETER</H2
@@ -4173,157 +4211,9 @@ CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><A
-NAME="ADDUSERSCRIPT"
-></A
->add user script (G)</DT
-><DD
-><P
->This is the full pathname to a script that will 
-		be run <I
-CLASS="EMPHASIS"
->AS ROOT</I
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)
-		</A
-> under special circumstances described below.</P
-><P
->Normally, a Samba server requires that UNIX users are 
-		created for all users accessing files on this server. For sites 
-		that use Windows NT account databases as their primary user database 
-		creating these users and keeping the user list in sync with the 
-		Windows NT PDC is an onerous task. This option allows <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> to create the required UNIX users 
-		<I
-CLASS="EMPHASIS"
->ON DEMAND</I
-> when a user accesses the Samba server.</P
-><P
->In order to use this option, <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> 
-		must be set to <TT
-CLASS="PARAMETER"
-><I
->security=server</I
-></TT
-> or <TT
-CLASS="PARAMETER"
-><I
->		security=domain</I
-></TT
-> and <TT
-CLASS="PARAMETER"
-><I
->add user script</I
-></TT
->
-		must be set to a full pathname for a script that will create a UNIX 
-		user given one argument of <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
->, which expands into 
-		the UNIX user name to create.</P
-><P
->When the Windows user attempts to access the Samba server, 
-		at login (session setup in the SMB protocol) time, <A
-HREF="smbd.8.html"
-TARGET="_top"
->		smbd</A
-> contacts the <TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-> and 
-		attempts to authenticate the given user with the given password. If the 
-		authentication succeeds then <B
-CLASS="COMMAND"
->smbd</B
-> 
-		attempts to find a UNIX user in the UNIX password database to map the 
-		Windows user into. If this lookup fails, and <TT
-CLASS="PARAMETER"
-><I
->add user script
-		</I
-></TT
-> is set then <B
-CLASS="COMMAND"
->smbd</B
-> will
-		call the specified script <I
-CLASS="EMPHASIS"
->AS ROOT</I
->, expanding 
-		any <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
-> argument to be the user name to create.</P
-><P
->If this script successfully creates the user then <B
-CLASS="COMMAND"
->smbd
-		</B
-> will continue on as though the UNIX user
-		already existed. In this way, UNIX users are dynamically created to
-		match existing Windows NT accounts.</P
-><P
->See also <A
-HREF="#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
->		security</I
-></TT
-></A
->, <A
-HREF="#PASSWORDSERVER"
->		<TT
-CLASS="PARAMETER"
-><I
->password server</I
-></TT
-></A
->, 
-		<A
-HREF="#DELETEUSERSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->delete user 
-		script</I
-></TT
-></A
->.</P
-><P
->Default: <B
-CLASS="COMMAND"
->add user script = &lt;empty string&gt;
-		</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->add user script = /usr/local/samba/bin/add_user 
-		%u</B
-></P
-></DD
-><DT
-><A
 NAME="ADDPRINTERCOMMAND"
 ></A
->addprinter command (G)</DT
+>add printer command (G)</DT
 ><DD
 ><P
 >With the introduction of MS-RPC based printing
@@ -4334,10 +4224,11 @@ NAME="ADDPRINTERCOMMAND"
 		NT/2000 print server.</P
 ><P
 >For a Samba host this means that the printer must be 
-		physically added to underlying printing system.  The <TT
+		physically added to the underlying printing system.  The <TT
 CLASS="PARAMETER"
 ><I
->		addprinter command</I
+>add 
+		printer command</I
 ></TT
 > defines a script to be run which 
 		will perform the necessary operations for adding the printer
@@ -4359,7 +4250,7 @@ CLASS="COMMAND"
 >The <TT
 CLASS="PARAMETER"
 ><I
->addprinter command</I
+>add printer command</I
 ></TT
 > is
 		automatically invoked with the following parameter (in 
@@ -4433,7 +4324,7 @@ CLASS="PARAMETER"
 >Once the <TT
 CLASS="PARAMETER"
 ><I
->addprinter command</I
+>add printer command</I
 ></TT
 > has 
 		been executed, <B
@@ -4454,7 +4345,7 @@ HREF="#DELETEPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->		deleteprinter command</I
+>		delete printer command</I
 ></TT
 ></A
 >, <A
@@ -4477,9 +4368,8 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->none</I
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -4490,6 +4380,290 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="ADDSHARECOMMAND"
+></A
+>add share command (G)</DT
+><DD
+><P
+>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+> is used to define an 
+		external program or script which will add a new service definition 
+		to <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  In order to successfully 
+		execute the <TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+>, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</P
+><P
+>		When executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will automatically invoke the 
+		<TT
+CLASS="PARAMETER"
+><I
+>add share command</I
+></TT
+> with four parameters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>configFile</I
+></TT
+> - the location 
+			of the global <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>shareName</I
+></TT
+> - the name of the new 
+			share.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>pathName</I
+></TT
+> - path to an **existing**
+			directory on disk.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>comment</I
+></TT
+> - comment string to associate 
+			with the new share.
+			</P
+></LI
+></UL
+><P
+>		This parameter is only used for add file shares.  To add printer shares, 
+		see the <A
+HREF="#ADDPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add printer 
+		command</I
+></TT
+></A
+>.
+		</P
+><P
+>		See also <A
+HREF="#CHANGESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>change share 
+		command</I
+></TT
+></A
+>, <A
+HREF="#DELETESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete share
+		command</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>add share command = /usr/local/bin/addshare</B
+></P
+></DD
+><DT
+><A
+NAME="ADDUSERSCRIPT"
+></A
+>add user script (G)</DT
+><DD
+><P
+>This is the full pathname to a script that will 
+		be run <EM
+>AS ROOT</EM
+> by <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)
+		</A
+> under special circumstances described below.</P
+><P
+>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> to create the required UNIX users 
+		<EM
+>ON DEMAND</EM
+> when a user accesses the Samba server.</P
+><P
+>In order to use this option, <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> 
+		must be set to <TT
+CLASS="PARAMETER"
+><I
+>security=server</I
+></TT
+> or <TT
+CLASS="PARAMETER"
+><I
+>		security=domain</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+>
+		must be set to a full pathname for a script that will create a UNIX 
+		user given one argument of <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+>, which expands into 
+		the UNIX user name to create.</P
+><P
+>When the Windows user attempts to access the Samba server, 
+		at login (session setup in the SMB protocol) time, <A
+HREF="smbd.8.html"
+TARGET="_top"
+>		smbd</A
+> contacts the <TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+> and 
+		attempts to authenticate the given user with the given password. If the 
+		authentication succeeds then <B
+CLASS="COMMAND"
+>smbd</B
+> 
+		attempts to find a UNIX user in the UNIX password database to map the 
+		Windows user into. If this lookup fails, and <TT
+CLASS="PARAMETER"
+><I
+>add user script
+		</I
+></TT
+> is set then <B
+CLASS="COMMAND"
+>smbd</B
+> will
+		call the specified script <EM
+>AS ROOT</EM
+>, expanding 
+		any <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+> argument to be the user name to create.</P
+><P
+>If this script successfully creates the user then <B
+CLASS="COMMAND"
+>smbd
+		</B
+> will continue on as though the UNIX user
+		already existed. In this way, UNIX users are dynamically created to
+		match existing Windows NT accounts.</P
+><P
+>See also <A
+HREF="#SECURITY"
+><TT
+CLASS="PARAMETER"
+><I
+>		security</I
+></TT
+></A
+>, <A
+HREF="#PASSWORDSERVER"
+>		<TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+></A
+>, 
+		<A
+HREF="#DELETEUSERSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>delete user 
+		script</I
+></TT
+></A
+>.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>add user script = &#60;empty string&#62;
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>add user script = /usr/local/samba/bin/add_user 
+		%u</B
+></P
+></DD
+><DT
+><A
 NAME="ADMINUSERS"
 ></A
 >admin users (S)</DT
@@ -4503,9 +4677,8 @@ NAME="ADMINUSERS"
 		this list will be able to do anything they like on the share, 
 		irrespective of file permissions.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no admin users</I
+>Default: <EM
+>no admin users</EM
 ></P
 ><P
 >Example: <B
@@ -4554,7 +4727,11 @@ CLASS="CONSTANT"
 >domain</TT
 >.  
 		If it is set to no, then attempts to connect to a resource from 
-		a domain or workgroup other than the one which smbd is running 
+		a domain or workgroup other than the one which <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> is running 
 		in will fail, even if that domain is trusted by the remote server 
 		doing the authentication.</P
 ><P
@@ -4612,7 +4789,7 @@ CLASS="COMMAND"
 ><A
 NAME="ANNOUNCEVERSION"
 ></A
->annouce version (G)</DT
+>announce version (G)</DT
 ><DD
 ><P
 >This specifies the major and minor version numbers 
@@ -4660,9 +4837,8 @@ CLASS="PARAMETER"
 ><I
 >available = no</I
 ></TT
->, then <I
-CLASS="EMPHASIS"
->ALL</I
+>, then <EM
+>ALL</EM
 > 
 		attempts to connect to the service will fail. Such failures are 
 		logged.</P
@@ -4680,7 +4856,7 @@ NAME="BINDINTERFACESONLY"
 ><DD
 ><P
 >This global parameter allows the Samba admin 
-		to limit what interfaces on a machine will serve smb requests. If 
+		to limit what interfaces on a machine will serve SMB requests. If 
 		affects file service <A
 HREF="smbd.8.html"
 TARGET="_top"
@@ -4769,9 +4945,8 @@ CLASS="PARAMETER"
 >bind interfaces only</I
 ></TT
 > is set then 
-		unless the network address <I
-CLASS="EMPHASIS"
->127.0.0.1</I
+		unless the network address <EM
+>127.0.0.1</EM
 > is added 
 		to the <TT
 CLASS="PARAMETER"
@@ -4800,9 +4975,8 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbpasswd</B
 >
-		by default connects to the <I
-CLASS="EMPHASIS"
->localhost - 127.0.0.1</I
+		by default connects to the <EM
+>localhost - 127.0.0.1</EM
 > 
 		address as an SMB client to issue the password change request. If 
 		<TT
@@ -4811,9 +4985,8 @@ CLASS="PARAMETER"
 >bind interfaces only</I
 ></TT
 > is set then unless the 
-		network address <I
-CLASS="EMPHASIS"
->127.0.0.1</I
+		network address <EM
+>127.0.0.1</EM
 > is added to the
 		<TT
 CLASS="PARAMETER"
@@ -4862,13 +5035,11 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > at the address 
-		<I
-CLASS="EMPHASIS"
->127.0.0.1</I
+		<EM
+>127.0.0.1</EM
 > to determine if they are running.  
-		Not adding <I
-CLASS="EMPHASIS"
->127.0.0.1</I
+		Not adding <EM
+>127.0.0.1</EM
 >  will cause <B
 CLASS="COMMAND"
 >		smbd</B
@@ -4915,7 +5086,7 @@ TARGET="_top"
 ><P
 >If this parameter is set to <TT
 CLASS="CONSTANT"
->False</TT
+>false</TT
 >, then 
 		Samba 2.2 will behave as previous versions of Samba would and 
 		will fail the lock request immediately if the lock range 
@@ -5058,12 +5229,146 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="CHANGESHARECOMMAND"
+></A
+>change share command (G)</DT
+><DD
+><P
+>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+> is used to define an 
+		external program or script which will modify an existing service definition 
+		in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  In order to successfully 
+		execute the <TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+>, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</P
+><P
+>		When executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will automatically invoke the 
+		<TT
+CLASS="PARAMETER"
+><I
+>change share command</I
+></TT
+> with four parameters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>configFile</I
+></TT
+> - the location 
+			of the global <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>shareName</I
+></TT
+> - the name of the new 
+			share.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>pathName</I
+></TT
+> - path to an **existing**
+			directory on disk.
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>comment</I
+></TT
+> - comment string to associate 
+			with the new share.
+			</P
+></LI
+></UL
+><P
+>		This parameter is only used modify existing file shares definitions.  To modify 
+		printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+		</P
+><P
+>		See also <A
+HREF="#ADDSHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>add share
+		command</I
+></TT
+></A
+>, <A
+HREF="#DELETESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete 
+		share command</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>change share command = /usr/local/bin/addshare</B
+></P
+></DD
+><DT
+><A
 NAME="CHARACTERSET"
 ></A
 >character set (G)</DT
 ><DD
 ><P
->This allows a smbd to map incoming filenames 
+>This allows <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> to map incoming filenames 
 		from a DOS Code page (see the <A
 HREF="#CLIENTCODEPAGE"
 >client 
@@ -5085,9 +5390,8 @@ CLASS="PARAMETER"
 >client code page</I
 ></TT
 >
-			<I
-CLASS="EMPHASIS"
->MUST</I
+			<EM
+>MUST</EM
 > be set to code page 850 if the 
 			<TT
 CLASS="PARAMETER"
@@ -5113,9 +5417,8 @@ CLASS="PARAMETER"
 >client code page
 			</I
 ></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
+> <EM
+>MUST</EM
 > be set to code page 852 if 
 			the <TT
 CLASS="PARAMETER"
@@ -5141,9 +5444,8 @@ CLASS="PARAMETER"
 >client code page
 			</I
 ></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
+> <EM
+>MUST</EM
 > be set to code page 
 			866 if the <TT
 CLASS="PARAMETER"
@@ -5169,9 +5471,8 @@ CLASS="PARAMETER"
 >client code page
 			</I
 ></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
+> <EM
+>MUST</EM
 > be set to code page 
 			737 if the <TT
 CLASS="PARAMETER"
@@ -5197,9 +5498,8 @@ CLASS="PARAMETER"
 ><I
 >client code page</I
 ></TT
-> <I
-CLASS="EMPHASIS"
->MUST</I
+> <EM
+>MUST</EM
 > 
 			be set to code page 866 if the <TT
 CLASS="PARAMETER"
@@ -5215,9 +5515,8 @@ CLASS="CONSTANT"
 ></LI
 ></UL
 ><P
-><I
-CLASS="EMPHASIS"
->BUG</I
+><EM
+>BUG</EM
 >. These MSDOS code page to UNIX character 
 		set mappings should be dynamic, like the loading of MS DOS code pages, 
 		not static.</P
@@ -5227,7 +5526,7 @@ CLASS="EMPHASIS"
 ><P
 >Default: <B
 CLASS="COMMAND"
->character set = &lt;empty string&gt;</B
+>character set = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -5356,9 +5655,8 @@ CLASS="PARAMETER"
 >client code page</I
 ></TT
 > parameter 
-		<I
-CLASS="EMPHASIS"
->MUST</I
+		<EM
+>MUST</EM
 > be set before the <TT
 CLASS="PARAMETER"
 ><I
@@ -5553,7 +5851,7 @@ CLASS="CONSTANT"
 ><P
 >Default: <B
 CLASS="COMMAND"
->coding system = &lt;empty value&gt;</B
+>coding system = &#60;empty value&#62;</B
 >
 		</P
 ></DD
@@ -5583,9 +5881,8 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->No comment string</I
+>Default: <EM
+>No comment string</EM
 ></P
 ><P
 >Example: <B
@@ -5642,9 +5939,8 @@ NAME="COPY"
 		copied must occur earlier in the configuration file than the 
 		service doing the copying.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no value</I
+>Default: <EM
+>no value</EM
 ></P
 ><P
 >Example: <B
@@ -5675,9 +5971,8 @@ CLASS="PARAMETER"
 		calculated according to the mapping from DOS modes to UNIX 
 		permissions, and the resulting UNIX mode is then bit-wise 'AND'ed 
 		with this parameter. This parameter may be thought of as a bit-wise 
-		MASK for the UNIX modes of a file. Any bit <I
-CLASS="EMPHASIS"
->not</I
+		MASK for the UNIX modes of a file. Any bit <EM
+>not</EM
 > 
 		set here will be removed from the modes set on a file when it is 
 		created.</P
@@ -5738,6 +6033,18 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
+>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <A
+HREF="#SECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>security mask</I
+></TT
+></A
+>.</P
+><P
 >Default: <B
 CLASS="COMMAND"
 >create mask = 0744</B
@@ -5836,7 +6143,11 @@ NAME="DEBUGPID"
 ><DD
 ><P
 >When using only one log file for more then one 
-		forked smbd-process there may be hard to follow which process 
+		forked <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+>-process there may be hard to follow which process 
 		outputs which message. This boolean parameter is adds the process-id 
 		to the timestamp message headers in the logfile when turned on.</P
 ><P
@@ -5916,21 +6227,15 @@ NAME="DEBUGLEVEL"
 >debuglevel (G)</DT
 ><DD
 ><P
->The value of the parameter (an integer) allows 
-		the debug level (logging level) to be specified in the 
-		<TT
-CLASS="FILENAME"
->smb.conf</TT
-> file. This is to give greater 
-		flexibility in the configuration of the system.</P
-><P
->The default will be the debug level specified on 
-		the command line or level zero if none was specified.</P
-><P
->Example: <B
-CLASS="COMMAND"
->debug level = 3</B
-></P
+>Synonym for <A
+HREF="#LOGLEVEL"
+><TT
+CLASS="PARAMETER"
+><I
+>		log level</I
+></TT
+></A
+>.</P
 ></DD
 ><DT
 ><A
@@ -5983,9 +6288,8 @@ NAME="DEFAULTSERVICE"
 ><P
 >This parameter specifies the name of a service 
 		which will be connected to if the service actually requested cannot 
-		be found. Note that the square brackets are <I
-CLASS="EMPHASIS"
->NOT</I
+		be found. Note that the square brackets are <EM
+>NOT</EM
 > 
 		given in the parameter value (see example below).</P
 ><P
@@ -6027,6 +6331,12 @@ CLASS="PARAMETER"
 ><P
 >Example:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
@@ -6035,6 +6345,105 @@ CLASS="PROGRAMLISTING"
 [pub]
 	path = /%S
 		</PRE
+></TD
+></TR
+></TABLE
+></P
+></DD
+><DT
+><A
+NAME="DELETEPRINTERCOMMAND"
+></A
+>delete printer command (G)</DT
+><DD
+><P
+>With the introduction of MS-RPC based printer
+		support for Windows NT/2000 clients in Samba 2.2, it is now 
+		possible to delete printer at run time by issuing the 
+		DeletePrinter() RPC call.</P
+><P
+>For a Samba host this means that the printer must be 
+		physically deleted from underlying printing system.  The <TT
+CLASS="PARAMETER"
+><I
+>		deleteprinter command</I
+></TT
+> defines a script to be run which 
+		will perform the necessary operations for removing the printer
+		from the print system and from <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.
+		</P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>delete printer command</I
+></TT
+> is 
+		automatically called with only one parameter: <TT
+CLASS="PARAMETER"
+><I
+>		"printer name"</I
+></TT
+>.</P
+><P
+>Once the <TT
+CLASS="PARAMETER"
+><I
+>delete printer command</I
+></TT
+> has 
+		been executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will reparse the <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> to associated printer no longer exists.  
+		If the sharename is still valid, then <B
+CLASS="COMMAND"
+>smbd
+		</B
+> will return an ACCESS_DENIED error to the client.</P
+><P
+>See also <A
+HREF="#ADDPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>		add printer command</I
+></TT
+></A
+>, <A
+HREF="#PRINTING"
+><TT
+CLASS="PARAMETER"
+><I
+>printing</I
+></TT
+></A
+>,
+		<A
+HREF="#SHOWADDPRINTERWIZARD"
+><TT
+CLASS="PARAMETER"
+><I
+>show add
+		printer wizard</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>deleteprinter command = /usr/bin/removeprinter
+		</B
 ></P
 ></DD
 ><DT
@@ -6058,15 +6467,131 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="DELETESHARECOMMAND"
+></A
+>delete share command (G)</DT
+><DD
+><P
+>Samba 2.2.0 introduced the ability to dynamically 
+		add and delete shares via the Windows NT 4.0 Server Manager.  The 
+		<TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+> is used to define an 
+		external program or script which will remove an existing service 
+		definition from <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>.  In order to successfully 
+		execute the <TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+>, <B
+CLASS="COMMAND"
+>smbd</B
+>
+		requires that the administrator be connected using a root account (i.e. 
+		uid == 0).
+		</P
+><P
+>		When executed, <B
+CLASS="COMMAND"
+>smbd</B
+> will automatically invoke the 
+		<TT
+CLASS="PARAMETER"
+><I
+>delete share command</I
+></TT
+> with two parameters.
+		</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>configFile</I
+></TT
+> - the location 
+			of the global <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. 
+			</P
+></LI
+><LI
+><P
+><TT
+CLASS="PARAMETER"
+><I
+>shareName</I
+></TT
+> - the name of 
+			the existing service.
+			</P
+></LI
+></UL
+><P
+>		This parameter is only used to remove file shares.  To delete printer shares, 
+		see the <A
+HREF="#DELETEPRINTERCOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete printer 
+		command</I
+></TT
+></A
+>.
+		</P
+><P
+>		See also <A
+HREF="#ADDSHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>delete share
+		command</I
+></TT
+></A
+>, <A
+HREF="#CHANGESHARECOMMAND"
+><TT
+CLASS="PARAMETER"
+><I
+>change 
+		share</I
+></TT
+></A
+>.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>delete share command = /usr/local/bin/delshare</B
+></P
+></DD
+><DT
+><A
 NAME="DELETEUSERSCRIPT"
 ></A
 >delete user script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run <I
-CLASS="EMPHASIS"
->AS ROOT</I
+		be run <EM
+>AS ROOT</EM
 > by <A
 HREF="smbd.8.html"
 TARGET="_top"
@@ -6084,10 +6609,9 @@ CLASS="COMMAND"
 		Windows NT PDC is an onerous task. This option allows <B
 CLASS="COMMAND"
 >		smbd</B
-> to delete the required UNIX users <I
-CLASS="EMPHASIS"
+> to delete the required UNIX users <EM
 >ON 
-		DEMAND</I
+		DEMAND</EM
 > when a user accesses the Samba server and the 
 		Windows NT user no longer exists.</P
 ><P
@@ -6114,9 +6638,8 @@ CLASS="PARAMETER"
 		</I
 ></TT
 >, which expands into the UNIX user name to delete.
-		<I
-CLASS="EMPHASIS"
->NOTE</I
+		<EM
+>NOTE</EM
 > that this is different to the <A
 HREF="#ADDUSERSCRIPT"
 ><TT
@@ -6150,9 +6673,8 @@ CLASS="PARAMETER"
 		the user in this circumstance would not be a good idea.</P
 ><P
 >When the Windows user attempts to access the Samba server, 
-		at <I
-CLASS="EMPHASIS"
->login</I
+		at <EM
+>login</EM
 > (session setup in the SMB protocol) 
 		time, <B
 CLASS="COMMAND"
@@ -6183,9 +6705,8 @@ CLASS="PARAMETER"
 CLASS="COMMAND"
 >smbd</B
 > will all the specified script 
-		<I
-CLASS="EMPHASIS"
->AS ROOT</I
+		<EM
+>AS ROOT</EM
 >, expanding any <TT
 CLASS="PARAMETER"
 ><I
@@ -6224,7 +6745,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->delete user script = &lt;empty string&gt;
+>delete user script = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -6236,103 +6757,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="DELETEPRINTERCOMMAND"
-></A
->deleteprinter command (G)</DT
-><DD
-><P
->With the introduction of MS-RPC based printer
-		support for Windows NT/2000 clients in Samba 2.2, it is now 
-		possible to delete printer at run time by issuing the 
-		DeletePrinter() RPC call.</P
-><P
->For a Samba host this means that the printer must be 
-		physically deleted from underlying printing system.  The <TT
-CLASS="PARAMETER"
-><I
->		deleteprinter command</I
-></TT
-> defines a script to be run which 
-		will perform the necessary operations for removing the printer
-		from the print system and from <TT
-CLASS="FILENAME"
->smb.conf</TT
->.
-		</P
-><P
->The <TT
-CLASS="PARAMETER"
-><I
->deleteprinter command</I
-></TT
-> is 
-		automatically called with only one parameter: <TT
-CLASS="PARAMETER"
-><I
->		"printer name"</I
-></TT
->.</P
-><P
->Once the <TT
-CLASS="PARAMETER"
-><I
->deleteprinter command</I
-></TT
-> has 
-		been executed, <B
-CLASS="COMMAND"
->smbd</B
-> will reparse the <TT
-CLASS="FILENAME"
->		smb.conf</TT
-> to associated printer no longer exists.  
-		If the sharename is still valid, then <B
-CLASS="COMMAND"
->smbd
-		</B
-> will return an ACCESS_DENIED error to the client.</P
-><P
->See also <A
-HREF="#ADDPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->		addprinter command</I
-></TT
-></A
->, <A
-HREF="#PRINTING"
-><TT
-CLASS="PARAMETER"
-><I
->printing</I
-></TT
-></A
->,
-		<A
-HREF="#SHOWADDPRINTERWIZARD"
-><TT
-CLASS="PARAMETER"
-><I
->show add
-		printer wizard</I
-></TT
-></A
-></P
-><P
->Default: <I
-CLASS="EMPHASIS"
->none</I
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->deleteprinter command = /usr/bin/removeprinter
-		</B
-></P
-></DD
-><DT
-><A
 NAME="DELETEVETOFILES"
 ></A
 >delete veto files (S)</DT
@@ -6349,13 +6773,16 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >
-		option).  If this option is set to False (the default) then if a vetoed 
+		option).  If this option is set to <TT
+CLASS="CONSTANT"
+>false</TT
+> (the default) then if a vetoed 
 		directory contains any non-vetoed files or directories then the 
 		directory delete will fail. This is usually what you want.</P
 ><P
 >If this option is set to <TT
 CLASS="CONSTANT"
->True</TT
+>true</TT
 >, then Samba 
 		will attempt to recursively delete any files and directories within 
 		the vetoed directory. This can be useful for integration with file 
@@ -6442,17 +6869,15 @@ CLASS="FILENAME"
 		third return value can give the block size in bytes. The default 
 		blocksize is 1024 bytes.</P
 ><P
->Note: Your script should <I
-CLASS="EMPHASIS"
->NOT</I
+>Note: Your script should <EM
+>NOT</EM
 > be setuid or 
 		setgid and should be owned by (and writeable only by) root!</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >By default internal routines for 
 		determining the disk capacity and remaining space will be used.
-		</I
+		</EM
 ></P
 ><P
 >Example: <B
@@ -6463,22 +6888,40 @@ CLASS="COMMAND"
 ><P
 >Where the script dfree (which must be made executable) could be:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
 		#!/bin/sh
 		df $1 | tail -1 | awk '{print $2" "$4}'
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >or perhaps (on Sys V based systems):</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
 		#!/bin/sh
 		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Note that you may have to replace the command names 
@@ -6517,9 +6960,8 @@ NAME="DIRECTORYMASK"
 		calculated according to the mapping from DOS modes to UNIX permissions, 
 		and the resulting UNIX mode is then bit-wise 'AND'ed with this 
 		parameter. This parameter may be thought of as a bit-wise MASK for 
-		the UNIX modes of a directory. Any bit <I
-CLASS="EMPHASIS"
->not</I
+		the UNIX modes of a directory. Any bit <EM
+>not</EM
 > set 
 		here will be removed from the modes set on a directory when it is 
 		created.</P
@@ -6541,6 +6983,18 @@ CLASS="PARAMETER"
 > parameter. This parameter is set to 000 by 
 		default (i.e. no extra mode bits are added).</P
 ><P
+>Note that this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		a mask on access control lists also, they need to set the <A
+HREF="#DIRECTORYSECURITYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory security mask</I
+></TT
+></A
+>.</P
+><P
 >See the <A
 HREF="#FORCEDIRECTORYMODE"
 ><TT
@@ -6629,28 +7083,20 @@ NAME="DIRECTORYSECURITYMASK"
 		mask may be treated as a set of bits the user is not allowed 
 		to change.</P
 ><P
->If not set explicitly this parameter is set to the same 
-		value as the <A
-HREF="#DIRECTORYMASK"
-><TT
-CLASS="PARAMETER"
-><I
->directory 
-		mask</I
-></TT
-></A
-> parameter. To allow a user to
-		modify all the user/group/world permissions on a directory, set 
-		this parameter to 0777.</P
+>If not set explicitly this parameter is set to 0777
+		meaning a user is allowed to modify all the user/group/world
+		permissions on a directory.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
-		Administrators of most normal systems will probably want to set 
-		it to 0777.</P
+		Administrators of most normal systems will probably want to leave
+		it as the default of <TT
+CLASS="CONSTANT"
+>0777</TT
+>.</P
 ><P
 >See also the <A
 HREF="#FORCEDIRECTORYSECURITYMODE"
@@ -6682,13 +7128,12 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->directory security mask = &lt;same as 
-		directory mask&gt;</B
+>directory security mask = 0777</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->directory security mask = 0777</B
+>directory security mask = 0700</B
 ></P
 ></DD
 ><DT
@@ -6741,73 +7186,47 @@ NAME="DOMAINADMINGROUP"
 >domain admin group (G)</DT
 ><DD
 ><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by 
-		visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
->		http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINADMINUSERS"
-></A
->domain admin users (G)</DT
-><DD
+>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Admins" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>	notation.
+		</P
 ><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by 
-		visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
->		http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINGROUPS"
+>See also <A
+HREF="#DOMAINGUESTGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		guest group</I
+></TT
 ></A
->domain groups (G)</DT
-><DD
+>, <A
+HREF="#DOMAINLOGONS"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		logons</I
+></TT
+></A
+>
+		</P
 ><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by 
-		visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
->		http://lists.samba.org/</A
->.</P
+>Default: <EM
+>no domain administrators</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>domain admin group = root @wheel</B
+></P
 ></DD
 ><DT
 ><A
@@ -6816,48 +7235,47 @@ NAME="DOMAINGUESTGROUP"
 >domain guest group (G)</DT
 ><DD
 ><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by 
-		visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
->		http://lists.samba.org/</A
->.</P
-></DD
-><DT
-><A
-NAME="DOMAINGUESTUSERS"
+>This parameter is intended as a temporary solution
+		to enable users to be a member of the "Domain Guests" group when 
+		a Samba host is acting as a PDC.  A complete solution will be provided
+		by a system for mapping Windows NT/2000 groups onto UNIX groups.
+		Please note that this parameter has a somewhat confusing name.  It 
+		accepts a list of usernames and of group names in standard 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+>	notation.
+		</P
+><P
+>See also <A
+HREF="#DOMAINADMINGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		admin group</I
+></TT
 ></A
->domain guest users (G)</DT
-><DD
+>, <A
+HREF="#DOMAINLOGONS"
+><TT
+CLASS="PARAMETER"
+><I
+>domain
+		logons</I
+></TT
+></A
+>
+		</P
 ><P
->This is an <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-> parameter 
-		that is part of the unfinished Samba NT Domain Controller Code. It may 
-		be removed in a later release. To work with the latest code builds 
-		that may have more support for Samba NT Domain Controller functionality 
-		please subscribe to the mailing list <A
-HREF="mailto:samba-ntdom@samba.org"
-TARGET="_top"
->samba-ntdom</A
-> available by 
-		visiting the web page at <A
-HREF="http://lists.samba.org/"
-TARGET="_top"
->		http://lists.samba.org/</A
->.</P
+>Default: <EM
+>no domain guests</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>domain guest group = nobody @guest</B
+></P
 ></DD
 ><DT
 ><A
@@ -6866,7 +7284,10 @@ NAME="DOMAINLOGONS"
 >domain logons (G)</DT
 ><DD
 ><P
->If set to true, the Samba server will serve 
+>If set to <TT
+CLASS="CONSTANT"
+>true</TT
+>, the Samba server will serve 
 		Windows 95/98 Domain logons for the <A
 HREF="#WORKGROUP"
 >		<TT
@@ -7027,10 +7448,9 @@ CLASS="FILENAME"
 >. 
 		Experimentation is the best policy :-)  </P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (i.e., all directories are OK 
-		to descend)</I
+		to descend)</EM
 ></P
 ><P
 >Example: <B
@@ -7046,7 +7466,7 @@ NAME="DOSFILEMODE"
 ><DD
 ><P
 > The default behavior in Samba is to provide 
-		UNIX-like behavor where only the owner of a file/directory is 
+		UNIX-like behavior where only the owner of a file/directory is 
 		able to change the permissions on it.  However, this behavior
 		is often confusing to  DOS/Windows users.  Enabling this parameter 
 		allows a user who has write access to the file (by whatever 
@@ -7115,8 +7535,12 @@ CLASS="COMMAND"
 > is acting 
 		on behalf of is not the file owner. Setting this option to <TT
 CLASS="CONSTANT"
->		True</TT
-> allows DOS semantics and smbd will change the file 
+>		true</TT
+> allows DOS semantics and <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> will change the file 
 		timestamp as DOS requires.</P
 ><P
 >Default: <B
@@ -7168,7 +7592,7 @@ CLASS="COMMAND"
 > program for information on how to set up 
  		and maintain this file), or set the <A
 HREF="#SECURITY"
->security=[serve|domain]</A
+>security=[server|domain]</A
 > parameter which 
 		causes <B
 CLASS="COMMAND"
@@ -7189,19 +7613,18 @@ NAME="ENHANCEDBROWSING"
 ><DD
 ><P
 >This option enables a couple of enhancements to 
-		cross-subnet browse propogation that have been added in Samba 
+		cross-subnet browse propagation that have been added in Samba 
 		but which are not standard in Microsoft implementations.  
-		<I
-CLASS="EMPHASIS"
+		<EM
 >These enhancements are currently only available in
-		the HEAD Samba CVS tree (not Samba 2.2.x).</I
+		the HEAD Samba CVS tree (not Samba 2.2.x).</EM
 ></P
 ><P
->The first enhancement to browse propogation consists of a regular
+>The first enhancement to browse propagation consists of a regular
 		wildcard query to a Samba WINS server for all Domain Master Browsers,
-		followed by a browse synchronisation with each of the returned
+		followed by a browse synchronization with each of the returned
 		DMBs. The second enhancement consists of a regular randomised browse
-		synchronisation with all currently known DMBs.</P
+		synchronization with all currently known DMBs.</P
 ><P
 >You may wish to disable this option if you have a problem with empty
 		workgroups not disappearing from browse lists. Due to the restrictions
@@ -7209,7 +7632,7 @@ CLASS="EMPHASIS"
 		to stay around forever which can be annoying.</P
 ><P
 >In general you should leave this option enabled as it makes
-		cross-subnet browse propogation much more reliable.</P
+		cross-subnet browse propagation much more reliable.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
@@ -7252,9 +7675,8 @@ CLASS="PARAMETER"
 		to standard output.  This listing will then be used in response
 		to the level 1 and 2 EnumPorts() RPC.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no enumports command</I
+>Default: <EM
+>no enumports command</EM
 ></P
 ><P
 >Example: <B
@@ -7307,7 +7729,7 @@ NAME="FAKEDIRECTORYCREATETIMES"
 		reported by Samba will be updated whenever a file is created or 
 		or deleted in the directory.  NMAKE finds all object files in 
 		the object directory.  The timestamp of the last one built is then 
-		compared to the timestamp of the object dircetory.  If the 
+		compared to the timestamp of the object directory.  If the 
 		directory's timestamp if newer, then all object files
 		will be rebuilt.  Enabling this option 
 		ensures directories always predate their contents and an NMAKE build 
@@ -7420,9 +7842,8 @@ NAME="FORCECREATEMODE"
 ><DD
 ><P
 >This parameter specifies a set of UNIX mode bit 
-		permissions that will <I
-CLASS="EMPHASIS"
->always</I
+		permissions that will <EM
+>always</EM
 > be set on a 
 		file created by Samba. This is done by bitwise 'OR'ing these bits onto 
 		the mode bits of a file that is being created or having its 
@@ -7436,6 +7857,22 @@ CLASS="PARAMETER"
 > 
 		parameter is applied.</P
 ><P
+>Note that by default this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		this mask on access control lists also, they need to set the <A
+HREF="#RESTRICTACLWITHMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>restrict acl with 
+		mask</I
+></TT
+></A
+> to <TT
+CLASS="CONSTANT"
+>true</TT
+>.</P
+><P
 >See also the parameter <A
 HREF="#CREATEMASK"
 ><TT
@@ -7480,9 +7917,8 @@ NAME="FORCEDIRECTORYMODE"
 ><DD
 ><P
 >This parameter specifies a set of UNIX mode bit 
-		permissions that will <I
-CLASS="EMPHASIS"
->always</I
+		permissions that will <EM
+>always</EM
 > be set on a directory 
 		created by Samba. This is done by bitwise 'OR'ing these bits onto the 
 		mode bits of a directory that is being created. The default for this 
@@ -7496,6 +7932,22 @@ CLASS="PARAMETER"
 > is 
 		applied.</P
 ><P
+>Note that by default this parameter does not apply to permissions
+		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+		this mask on access control lists also, they need to set the <A
+HREF="#RESTRICTACLWITHMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>restrict acl with 
+		mask</I
+></TT
+></A
+> to <TT
+CLASS="CONSTANT"
+>true</TT
+>.</P
+><P
 >See also the parameter <A
 HREF="#DIRECTORYMASK"
 ><TT
@@ -7549,28 +8001,17 @@ NAME="FORCEDIRECTORYSECURITYMODE"
 		mask may be treated as a set of bits that, when modifying security 
 		on a directory, the user has always set to be 'on'.</P
 ><P
->If not set explicitly this parameter is set to the same 
-		value as the <A
-HREF="#FORCEDIRECTORYMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force 
-		directory mode</I
-></TT
-></A
-> parameter. To allow
-		a user to modify all the user/group/world permissions on a 
-		directory without restrictions, set this parameter to 000.</P
+>If not set explicitly this parameter is 000, which 
+		allows a user to modify all the user/group/world permissions on a 
+		directory without restrictions.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
-		Administrators of most normal systems will probably want to set 
-		it to 0000.</P
+		Administrators of most normal systems will probably want to leave
+		it set as 0000.</P
 ><P
 >See also the <A
 HREF="#DIRECTORYSECURITYMASK"
@@ -7602,13 +8043,12 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->force directory security mode = &lt;same as 
-		force directory mode&gt;</B
+>force directory security mode = 0</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->force directory security mode = 0</B
+>force directory security mode = 700</B
 ></P
 ></DD
 ><DT
@@ -7676,9 +8116,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no forced group</I
+>Default: <EM
+>no forced group</EM
 ></P
 ><P
 >Example: <B
@@ -7704,28 +8143,17 @@ NAME="FORCESECURITYMODE"
 		mask may be treated as a set of bits that, when modifying security 
 		on a file, the user has always set to be 'on'.</P
 ><P
->If not set explicitly this parameter is set to the same 
-		value as the <A
-HREF="#FORCECREATEMODE"
-><TT
-CLASS="PARAMETER"
-><I
->force 
-		create mode</I
-></TT
-></A
-> parameter. To allow a user to 
-		modify all the user/group/world permissions on a file, with no 
-		restrictions set this parameter to 000.</P
+>If not set explicitly this parameter is set to 0,
+		and allows a user to modify all the user/group/world permissions on a file,
+		with no restrictions.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that users who can access 
 		the Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
-		Administrators of most normal systems will probably want to set 
-		it to 0000.</P
+		Administrators of most normal systems will probably want to leave
+		this set to 0000.</P
 ><P
 >See also the <A
 HREF="#FORCEDIRECTORYSECURITYMODE"
@@ -7757,13 +8185,12 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->force security mode = &lt;same as force 
-		create mode&gt;</B
+>force security mode = 0</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->force security mode = 0</B
+>force security mode = 700</B
 ></P
 ></DD
 ><DT
@@ -7800,9 +8227,8 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no forced user</I
+>Default: <EM
+>no forced user</EM
 ></P
 ><P
 >Example: <B
@@ -7873,7 +8299,7 @@ CLASS="PARAMETER"
 		</A
 >parameter is set to <TT
 CLASS="CONSTANT"
->False</TT
+>false</TT
 >.</P
 ><P
 >Default: <B
@@ -7937,10 +8363,9 @@ CLASS="COMMAND"
 >		lp(1)</B
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >specified at compile time, usually 
-		"nobody"</I
+		"nobody"</EM
 ></P
 ><P
 >Example: <B
@@ -8092,9 +8517,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no file are hidden</I
+>Default: <EM
+>no file are hidden</EM
 ></P
 ><P
 >Example: <B
@@ -8145,7 +8569,7 @@ CLASS="PARAMETER"
 ></A
 > is <TT
 CLASS="CONSTANT"
->True</TT
+>true</TT
 >, and <A
 HREF="smbd.8.html"
 TARGET="_top"
@@ -8174,9 +8598,8 @@ CLASS="COMMAND"
 		that copes with different map formats and also Amd (another 
 		automounter) maps.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE :</I
+><EM
+>NOTE :</EM
 >A working NIS client is required on 
 		the system for this option to work.</P
 ><P
@@ -8202,7 +8625,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->homedir map = &lt;empty string&gt;</B
+>homedir map = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -8299,9 +8722,8 @@ CLASS="PARAMETER"
 ><P
 >You can also specify hosts by network/netmask pairs and 
 		by netgroup names if your system supports netgroups. The 
-		<I
-CLASS="EMPHASIS"
->EXCEPT</I
+		<EM
+>EXCEPT</EM
 > keyword can also be used to limit a 
 		wildcard list. The following examples may provide some help:</P
 ><P
@@ -8352,10 +8774,9 @@ CLASS="COMMAND"
 > for a way of testing your host access to see if it does 
 		what you expect.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (i.e., all hosts permitted access)
-		</I
+		</EM
 ></P
 ><P
 >Example: <B
@@ -8377,9 +8798,8 @@ CLASS="PARAMETER"
 >hosts allow</I
 ></TT
 > 
-		- hosts listed here are <I
-CLASS="EMPHASIS"
->NOT</I
+		- hosts listed here are <EM
+>NOT</EM
 > permitted access to 
 		services unless the specific services have their own lists to override 
 		this one. Where the lists conflict, the <TT
@@ -8390,10 +8810,9 @@ CLASS="PARAMETER"
 > 
 		list takes precedence.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (i.e., no hosts specifically excluded)
-		</I
+		</EM
 ></P
 ><P
 >Example: <B
@@ -8429,11 +8848,10 @@ CLASS="PARAMETER"
 >		hosts equiv</I
 ></TT
 > may be useful for NT clients which will 
-		not supply passwords to samba.</P
+		not supply passwords to Samba.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE :</I
+><EM
+>NOTE :</EM
 > The use of <TT
 CLASS="PARAMETER"
 ><I
@@ -8450,15 +8868,13 @@ CLASS="PARAMETER"
 ></TT
 > option be only used if you really 
 		know what you are doing, or perhaps on a home network where you trust 
-		your spouse and kids. And only if you <I
-CLASS="EMPHASIS"
->really</I
+		your spouse and kids. And only if you <EM
+>really</EM
 > trust 
 		them :-).</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no host equivalences</I
+>Default: <EM
+>no host equivalences</EM
 ></P
 ><P
 >Example: <B
@@ -8496,9 +8912,8 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no file included</I
+>Default: <EM
+>no file included</EM
 ></P
 ><P
 >Example: <B
@@ -8586,14 +9001,13 @@ CLASS="PARAMETER"
 		</A
 > as usual.</P
 ><P
->Note that the setuid bit is <I
-CLASS="EMPHASIS"
->never</I
+>Note that the setuid bit is <EM
+>never</EM
 > set via 
 		inheritance (the code explicitly prohibits this).</P
 ><P
 >This can be particularly useful on large systems with 
-		many users, perhaps several thousand,to allow a single [homes] 
+		many users, perhaps several thousand, to allow a single [homes] 
 		share to be used flexibly by each user.</P
 ><P
 >See also <A
@@ -8708,10 +9122,9 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >all active interfaces except 127.0.0.1 
-		that are broadcast capable</I
+		that are broadcast capable</EM
 ></P
 ></DD
 ><DT
@@ -8722,9 +9135,8 @@ NAME="INVALIDUSERS"
 ><DD
 ><P
 >This is a list of users that should not be allowed 
-		to login to this service. This is really a <I
-CLASS="EMPHASIS"
->paranoid</I
+		to login to this service. This is really a <EM
+>paranoid</EM
 > 
 		check to absolutely ensure an improper setting does not breach 
 		your security.</P
@@ -8741,7 +9153,7 @@ CLASS="EMPHASIS"
 		so the value <TT
 CLASS="PARAMETER"
 ><I
->+&amp;group</I
+>+&#38;group</I
 ></TT
 > means check the 
 		UNIX group database, followed by the NIS netgroup database, and 
@@ -8773,9 +9185,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no invalid users</I
+>Default: <EM
+>no invalid users</EM
 ></P
 ><P
 >Example: <B
@@ -8859,9 +9270,8 @@ CLASS="COMMAND"
 >
 		</A
 > has oplocked. This allows complete data consistency between 
-		SMB/CIFS, NFS and local file access (and is a <I
-CLASS="EMPHASIS"
->very</I
+		SMB/CIFS, NFS and local file access (and is a <EM
+>very</EM
 > 
 		cool feature :-).</P
 ><P
@@ -8907,8 +9317,12 @@ NAME="LANMANAUTH"
 >lanman auth (G)</DT
 ><DD
 ><P
->This parameter determines whether or not smbd will
-		attempt to authentication users using the LANMAN password hash.
+>This parameter determines whether or not <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> will
+		attempt to authenticate users using the LANMAN password hash.
 		If disabled, only clients which support NT password hashes (e.g. Windows 
 		NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
 		network client) will be able to connect to the Samba host.</P
@@ -8971,7 +9385,10 @@ CLASS="PARAMETER"
 ></TT
 >
 		</A
-> parameter must be set to "true" on this share in order for 
+> parameter must be set to <TT
+CLASS="CONSTANT"
+>true</TT
+> on this share in order for 
 		this parameter to have any effect.</P
 ><P
 >See also the <A
@@ -9164,32 +9581,38 @@ CLASS="COMMAND"
 > to try and become a local master browser 
 		on a subnet. If set to <TT
 CLASS="CONSTANT"
->False</TT
+>false</TT
 > then <B
 CLASS="COMMAND"
 >		nmbd</B
 > will not attempt to become a local master browser 
 		on a subnet and will also lose in all browsing elections. By
-		default this value is set to true. Setting this value to true doesn't
-		mean that Samba will <I
-CLASS="EMPHASIS"
->become</I
+		default this value is set to <TT
+CLASS="CONSTANT"
+>true</TT
+>. Setting this value to <TT
+CLASS="CONSTANT"
+>true</TT
+> doesn't
+		mean that Samba will <EM
+>become</EM
 > the local master 
 		browser on a subnet, just that <B
 CLASS="COMMAND"
 >nmbd</B
-> will <I
-CLASS="EMPHASIS"
->		participate</I
+> will <EM
+>		participate</EM
 > in elections for local master browser.</P
 ><P
->Setting this value to False will cause <B
+>Setting this value to <TT
+CLASS="CONSTANT"
+>false</TT
+> will cause <B
 CLASS="COMMAND"
 >nmbd</B
 >
-		<I
-CLASS="EMPHASIS"
->never</I
+		<EM
+>never</EM
 > to become a local master browser.</P
 ><P
 >Default: <B
@@ -9269,15 +9692,13 @@ CLASS="COMMAND"
 >, real locking will be performed 
 		by the server.</P
 ><P
->This option <I
-CLASS="EMPHASIS"
->may</I
+>This option <EM
+>may</EM
 > be useful for read-only 
-		filesystems which <I
-CLASS="EMPHASIS"
->may</I
+		filesystems which <EM
+>may</EM
 > not need locking (such as 
-		cdrom drives), although setting this parameter of <TT
+		CDROM drives), although setting this parameter of <TT
 CLASS="CONSTANT"
 >no</TT
 > 
@@ -9318,15 +9739,21 @@ NAME="LOGLEVEL"
 >log level (G)</DT
 ><DD
 ><P
->Synonym for <A
-HREF="#DEBUGLEVEL"
-><TT
-CLASS="PARAMETER"
-><I
->		debug level</I
-></TT
-></A
->.</P
+>The value of the parameter (an integer) allows 
+		the debug level (logging level) to be specified in the 
+		<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. This is to give greater 
+		flexibility in the configuration of the system.</P
+><P
+>The default will be the log level specified on 
+		the command line or level zero if none was specified.</P
+><P
+>Example: <B
+CLASS="COMMAND"
+>log level = 3</B
+></P
 ></DD
 ><DT
 ><A
@@ -9484,16 +9911,15 @@ CLASS="FILENAME"
 ><P
 >The share and the path must be readable by the user for 
 		the preferences and directories to be loaded onto the Windows NT
-		client.  The share must be writeable when the logs in for the first
+		client.  The share must be writeable when the user logs in for the first
 		time, in order that the Windows NT client can create the NTuser.dat
 		and other directories.</P
 ><P
 >Thereafter, the directories and any of the contents can, 
 		if required, be made read-only.  It is not advisable that the 
 		NTuser.dat file be made read-only - rename it to NTuser.man to 
-		achieve the desired effect (a <I
-CLASS="EMPHASIS"
->MAN</I
+		achieve the desired effect (a <EM
+>MAN</EM
 >datory 
 		profile). </P
 ><P
@@ -9529,7 +9955,7 @@ NAME="LOGONSCRIPT"
 >This parameter specifies the batch file (.bat) or 
 		NT command file (.cmd) to be downloaded and run on a machine when 
 		a user successfully logs in.  The file must contain the DOS 
-		style cr/lf line endings. Using a DOS-style editor to create the 
+		style CR/LF line endings. Using a DOS-style editor to create the 
 		file is recommended.</P
 ><P
 >The script must be a relative path to the [netlogon] 
@@ -9556,7 +9982,7 @@ CLASS="FILENAME"
 >/usr/local/samba/netlogon/STARTUP.BAT</TT
 ></P
 ><P
->The contents of the batch file is entirely your choice.  A 
+>The contents of the batch file are entirely your choice.  A 
 		suggested command would be to add <B
 CLASS="COMMAND"
 >NET TIME \\SERVER /SET 
@@ -9583,9 +10009,8 @@ CLASS="COMMAND"
 >This option is only useful if Samba is set up as a logon 
 		server.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no logon script defined</I
+>Default: <EM
+>no logon script defined</EM
 ></P
 ><P
 >Example: <B
@@ -9614,7 +10039,7 @@ CLASS="PARAMETER"
 ><I
 >%p</I
 ></TT
-> is given then the printername 
+> is given then the printer name 
 		is put in its place. A <TT
 CLASS="PARAMETER"
 ><I
@@ -9795,7 +10220,7 @@ CLASS="PARAMETER"
 ><I
 >%p</I
 ></TT
-> is given then the printername 
+> is given then the printer name 
 		is put in its place. Otherwise it is placed at the end of the 
 		command.</P
 ><P
@@ -9822,14 +10247,13 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <TT
 CLASS="PARAMETER"
 ><I
 >		printing</I
 ></TT
-></I
+></EM
 ></P
 ><P
 >Example: <B
@@ -9866,7 +10290,7 @@ CLASS="PARAMETER"
 ><I
 >%p</I
 ></TT
-> is given then the printername 
+> is given then the printer name 
 		is put in its place. A <TT
 CLASS="PARAMETER"
 ><I
@@ -9952,7 +10376,7 @@ CLASS="PARAMETER"
 ><I
 >%p</I
 ></TT
-> is given then the printername 
+> is given then the printer name 
 		is put in its place. A <TT
 CLASS="PARAMETER"
 ><I
@@ -9981,15 +10405,14 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <TT
 CLASS="PARAMETER"
 ><I
 >printing
 		</I
 ></TT
-></I
+></EM
 ></P
 ><P
 >Example 1: <B
@@ -10011,7 +10434,7 @@ NAME="MACHINEPASSWORDTIMEOUT"
 >machine password timeout (G)</DT
 ><DD
 ><P
->If a Samba server is a member of an Windows 
+>If a Samba server is a member of a Windows 
 		NT Domain (see the <A
 HREF="#SECURITYEQUALSDOMAIN"
 >security=domain</A
@@ -10078,7 +10501,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->magic output = &lt;magic script name&gt;.out
+>magic output = &#60;magic script name&#62;.out
 		</B
 ></P
 ><P
@@ -10100,8 +10523,8 @@ NAME="MAGICSCRIPT"
 		executed on behalf of the connected user.</P
 ><P
 >Scripts executed in this way will be deleted upon 
-		completion assuming that the user has the appripriate level 
-		of priviledge and the ile permissions allow the deletion.</P
+		completion assuming that the user has the appropriate level 
+		of privilege and the file permissions allow the deletion.</P
 ><P
 >If the script generates output, output will be sent to 
 		the file specified by the <A
@@ -10117,24 +10540,20 @@ CLASS="PARAMETER"
 >Note that some shells are unable to interpret scripts 
 		containing CR/LF instead of CR as 
 		the end-of-line marker. Magic scripts must be executable 
-		<I
-CLASS="EMPHASIS"
->as is</I
+		<EM
+>as is</EM
 > on the host, which for some hosts and 
 		some shells will require filtering at the DOS end.</P
 ><P
->Magic scripts are <I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
+>Magic scripts are <EM
+>EXPERIMENTAL</EM
 > and 
-		should <I
-CLASS="EMPHASIS"
->NOT</I
+		should <EM
+>NOT</EM
 > be relied upon.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->None. Magic scripts disabled.</I
+>Default: <EM
+>None. Magic scripts disabled.</EM
 ></P
 ><P
 >Example: <B
@@ -10167,7 +10586,7 @@ NAME="MANGLEDMAP"
 ><DD
 ><P
 >This is for those who want to directly map UNIX 
-		file names which can not be represented on Windows/DOS.  The mangling 
+		file names which cannot be represented on Windows/DOS.  The mangling 
 		of names is not always what is needed.  In particular you may have 
 		documents with file extensions that differ between DOS and UNIX. 
 		For example, under UNIX it is common to use <TT
@@ -10198,12 +10617,11 @@ CLASS="COMMAND"
 CLASS="FILENAME"
 >;1
 		</TT
-> off the ends of filenames on some CDROMS (only visible 
+> off the ends of filenames on some CDROMs (only visible 
 		under some UNIXes). To do this use a map of (*;1 *;).</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no mangled map</I
+>Default: <EM
+>no mangled map</EM
 ></P
 ><P
 >Example: <B
@@ -10316,12 +10734,12 @@ TARGET="_top"
 ><P
 >The larger this value, the more likely it is that mangled 
 		names can be successfully converted to correct long UNIX names. 
-		However, large stack sizes will slow most directory access. Smaller 
+		However, large stack sizes will slow most directory accesses. Smaller 
 		stacks save memory in the server (each stack element costs 256 bytes).
 		</P
 ><P
 >It is not possible to absolutely guarantee correct long 
-		file names, so be prepared for some surprises!</P
+		filenames, so be prepared for some surprises!</P
 ><P
 >Default: <B
 CLASS="COMMAND"
@@ -10341,9 +10759,8 @@ NAME="MANGLINGCHAR"
 ><DD
 ><P
 >This controls what character is used as 
-		the <I
-CLASS="EMPHASIS"
->magic</I
+		the <EM
+>magic</EM
 > character in <A
 HREF="#AEN201"
 >name mangling</A
@@ -10544,9 +10961,8 @@ HREF="#GUESTACCOUNT"
 			will not know the reason they cannot access files they think
 			they should - there will have been no message given to them
 			that they got their password wrong. Helpdesk services will
-			<I
-CLASS="EMPHASIS"
->hate</I
+			<EM
+>hate</EM
 > you if you set the <TT
 CLASS="PARAMETER"
 ><I
@@ -10565,9 +10981,8 @@ CLASS="PARAMETER"
 ></TT
 > modes other than 
 		share. This is because in these modes the name of the resource being
-		requested is <I
-CLASS="EMPHASIS"
->not</I
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client so the server 
 		cannot make authentication decisions at the correct time (connection 
@@ -10709,7 +11124,7 @@ NAME="MAXMUX"
 ><DD
 ><P
 >This option controls the maximum number of 
-		outstanding simultaneous SMB operations that samba tells the client 
+		outstanding simultaneous SMB operations that Samba tells the client 
 		it will allow. You should never need to set this parameter.</P
 ><P
 >Default: <B
@@ -10817,9 +11232,8 @@ CLASS="CONSTANT"
 ><TT
 CLASS="CONSTANT"
 >LANMAN1</TT
->: First <I
-CLASS="EMPHASIS"
->			modern</I
+>: First <EM
+>			modern</EM
 > version of the protocol. Long filename
 			support.</P
 ></LI
@@ -10883,10 +11297,14 @@ CLASS="COMMAND"
 ></A
 >
 		processes concurrently running on a system and is intended
-		as a stop gap to prevent degrading service to clients in the event
+		as a stopgap to prevent degrading service to clients in the event
 		that the server has insufficient resources to handle more than this
 		number of connections.  Remember that under normal operating
-		conditions, each user will have an smbd associated with him or her
+		conditions, each user will have an <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> associated with him or her
 		to handle connections to all shares from a given host.
 		</P
 ><P
@@ -11018,14 +11436,13 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >xedit</B
 >, then 
-		removes it afterwards. <I
-CLASS="EMPHASIS"
+		removes it afterwards. <EM
 >NOTE THAT IT IS VERY IMPORTANT 
-		THAT THIS COMMAND RETURN IMMEDIATELY</I
+		THAT THIS COMMAND RETURN IMMEDIATELY</EM
 >. That's why I 
 		have the '&#38;' on the end. If it doesn't return immediately then 
 		your PCs may freeze when sending messages (they should recover 
-		after 30secs, hopefully).</P
+		after 30 seconds, hopefully).</P
 ><P
 >All messages are delivered as the global guest user. 
 		The command takes the standard substitutions, although <TT
@@ -11087,7 +11504,7 @@ CLASS="PARAMETER"
 ><B
 CLASS="COMMAND"
 >message command = /bin/mail -s 'message from %f on 
-		%m' root &lt; %s; rm %s</B
+		%m' root &#60; %s; rm %s</B
 ></P
 ><P
 >If you don't have a message command then the message 
@@ -11103,9 +11520,8 @@ CLASS="COMMAND"
 >message command = rm %s</B
 ></P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no message command</I
+>Default: <EM
+>no message command</EM
 ></P
 ><P
 >Example: <B
@@ -11475,9 +11891,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->empty string (no additional names)</I
+>Default: <EM
+>empty string (no additional names)</EM
 ></P
 ><P
 >Example: <B
@@ -11510,9 +11925,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->machine DNS name</I
+>Default: <EM
+>machine DNS name</EM
 ></P
 ><P
 >Example: <B
@@ -11677,6 +12091,36 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="OBEYPAMRESTRICTIONS"
+></A
+>obey pam restrictions (G)</DT
+><DD
+><P
+>When Samba 2.2 is configured to enable PAM support
+		(i.e. --with-pam), this parameter will control whether or not Samba
+		should obey PAM's account and session management directives.  The 
+		default behavior is to use PAM for clear text authentication only
+		and to ignore any account or session management.  Note that Samba
+		always ignores PAM for authentication in the case of <A
+HREF="#ENCRYPTPASSWORDS"
+><TT
+CLASS="PARAMETER"
+><I
+>encrypt passwords = yes</I
+></TT
+>
+		</A
+>.  The reason is that PAM modules cannot support the challenge/response
+		authentication mechanism needed in the presence of SMB password encryption.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>obey pam restrictions = no</B
+></P
+></DD
+><DT
+><A
 NAME="ONLYUSER"
 ></A
 >only user (S)</DT
@@ -11737,30 +12181,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="OLELOCKINGCOMPATIBILITY"
-></A
->ole locking compatibility (G)</DT
-><DD
-><P
->This parameter allows an administrator to turn 
- 		off the byte range lock manipulation that is done within Samba to 
-		give compatibility for OLE applications. Windows OLE applications 
-		use byte range locking as a form of inter-process communication, by 
-		locking ranges of bytes around the 2^32 region of a file range. This 
-		can cause certain UNIX lock managers to crash or otherwise cause 
-		problems. Setting this parameter to <TT
-CLASS="CONSTANT"
->no</TT
-> means you 
-		trust your UNIX lock manager to handle such cases correctly.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ole locking compatibility = yes</B
-></P
-></DD
-><DT
-><A
 NAME="ONLYGUEST"
 ></A
 >only guest (S)</DT
@@ -11791,10 +12211,9 @@ NAME="OPLOCKBREAKWAITTIME"
 		is the amount of time Samba will wait before sending an oplock break 
 		request to such (broken) clients.</P
 ><P
-><I
-CLASS="EMPHASIS"
+><EM
 >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
-		AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM
 >.</P
 ><P
 >Default: <B
@@ -11809,9 +12228,8 @@ NAME="OPLOCKCONTENTIONLIMIT"
 >oplock contention limit (S)</DT
 ><DD
 ><P
->This is a <I
-CLASS="EMPHASIS"
->very</I
+>This is a <EM
+>very</EM
 > advanced 
 		<A
 HREF="smbd.8.html"
@@ -11821,7 +12239,11 @@ TARGET="_top"
 		improve the efficiency of the granting of oplocks under multiple 
 		client contention for the same file.</P
 ><P
->In brief it specifies a number, which causes smbd not to 
+>In brief it specifies a number, which causes <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> not to 
 		grant an oplock even when requested if the approximate number of 
 		clients contending for an oplock on the same file goes over this 
 		limit. This causes <B
@@ -11830,10 +12252,9 @@ CLASS="COMMAND"
 > to behave in a similar 
 		way to Windows NT.</P
 ><P
-><I
-CLASS="EMPHASIS"
+><EM
 >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
-		AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM
 >.</P
 ><P
 >Default: <B
@@ -11848,7 +12269,10 @@ NAME="OPLOCKS"
 >oplocks (S)</DT
 ><DD
 ><P
->This boolean option tells smbd whether to 
+>This boolean option tells <B
+CLASS="COMMAND"
+>smbd</B
+> whether to 
 		issue oplocks (opportunistic locks) to file open requests on this 
 		share. The oplock code can dramatically (approx. 30% or more) improve 
 	 	the speed of access to files on Samba servers. It allows the clients 
@@ -11929,9 +12353,8 @@ CLASS="PARAMETER"
 ></TT
 > in the local broadcast area.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note :</I
+><EM
+>Note :</EM
 >By default, Samba will win 
 		a local master browsing election over all Microsoft operating 
 		systems except a Windows NT 4.0/2000 Domain Controller.  This 
@@ -11967,11 +12390,11 @@ NAME="OS2DRIVERMAP"
 		path to a file containing a mapping of Windows NT printer driver
 		names to OS/2 printer driver names.  The format is:</P
 ><P
->&lt;nt driver name&gt; = &lt;os2 driver 
-		name&gt;.&lt;device name&gt;</P
+>&#60;nt driver name&#62; = &#60;os2 driver 
+		name&#62;.&#60;device name&#62;</P
 ><P
 >For example, a valid entry using the HP LaserJet 5
-		printer driver woudl appear as <B
+		printer driver would appear as <B
 CLASS="COMMAND"
 >HP LaserJet 5L = LASERJET.HP 
 		LaserJet 5L</B
@@ -11993,12 +12416,50 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->os2 driver map = &lt;empty string&gt;
+>os2 driver map = &#60;empty string&#62;
 		</B
 ></P
 ></DD
 ><DT
 ><A
+NAME="PAMPASSWORDCHANGE"
+></A
+>pam password change (G)</DT
+><DD
+><P
+>With the addition of better PAM support in Samba 2.2, 
+  		this parameter, it is possible to use PAM's password change control 
+  		flag for Samba.  If enabled, then PAM will be used for password
+ 		changes when requested by an SMB client insted of the program listed in 
+                <A
+HREF="#PASSWDPROGRAM"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd program</I
+></TT
+></A
+>. 
+                It should be possible to enable this without changing your 
+                <A
+HREF="#PASSWDCHAT"
+><TT
+CLASS="PARAMETER"
+><I
+>passwd chat</I
+></TT
+></A
+>
+                paramater for most setups.
+  		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>pam password change = no</B
+></P
+></DD
+><DT
+><A
 NAME="PANICACTION"
 ></A
 >panic action (G)</DT
@@ -12019,7 +12480,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->panic action = &lt;empty string&gt;</B
+>panic action = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -12034,16 +12495,15 @@ NAME="PASSWDCHAT"
 >passwd chat (G)</DT
 ><DD
 ><P
->This string controls the <I
-CLASS="EMPHASIS"
->"chat"</I
+>This string controls the <EM
+>"chat"</EM
 > 
 		conversation that takes places between <A
 HREF="smbd.8.html"
 TARGET="_top"
 >smbd</A
 > and the local password changing
-		program to change the users password. The string describes a 
+		program to change the user's password. The string describes a 
 		sequence of response-receive pairs that <A
 HREF="smbd.8.html"
 TARGET="_top"
@@ -12100,8 +12560,8 @@ CLASS="CONSTANT"
 		in them into a single string.</P
 ><P
 >If the send string in any part of the chat sequence 
-		is a fullstop ".",  then no string is sent. Similarly, 
-		if the expect string is a fullstop then no string is expected.</P
+		is a full stop ".",  then no string is sent. Similarly, 
+		if the expect string is a full stop then no string is expected.</P
 ><P
 >Note that if the <A
 HREF="#UNIXPASSWORDSYNC"
@@ -12112,15 +12572,31 @@ CLASS="PARAMETER"
 		password sync</I
 ></TT
 ></A
-> parameter is set to true, then this 
-		sequence is called <I
-CLASS="EMPHASIS"
->AS ROOT</I
+> parameter is set to <TT
+CLASS="CONSTANT"
+>true</TT
+>, then this 
+		sequence is called <EM
+>AS ROOT</EM
 > when the SMB password 
 		in the smbpasswd file is being changed, without access to the old 
 		password cleartext. In this case the old password cleartext is set 
 		to "" (the empty string).</P
 ><P
+>Also, if the <A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam
+ 		password change</I
+></TT
+></A
+> parameter is set to true, the chat pairs
+                may be matched in any order, and sucess is determined by the PAM result, 
+                not any particular output. The \n macro is ignored for PAM conversions.
+  		</P
+><P
 >See also <A
 HREF="#UNIXPASSWORDSYNC"
 ><TT
@@ -12138,7 +12614,7 @@ CLASS="PARAMETER"
 >		passwd program</I
 ></TT
 ></A
-> and <A
+> ,<A
 HREF="#PASSWDCHATDEBUG"
 >		<TT
 CLASS="PARAMETER"
@@ -12146,6 +12622,14 @@ CLASS="PARAMETER"
 >passwd chat debug</I
 ></TT
 ></A
+> and <A
+HREF="#PAMPASSWORDCHANGE"
+>		<TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+></A
 >.</P
 ><P
 >Default: <B
@@ -12169,9 +12653,8 @@ NAME="PASSWDCHATDEBUG"
 ><DD
 ><P
 >This boolean specifies if the passwd chat script 
-		parameter is run in <I
-CLASS="EMPHASIS"
->debug</I
+		parameter is run in <EM
+>debug</EM
 > mode. In this mode the 
 		strings passed to and received from the passwd chat are printed 
 		in the <A
@@ -12205,10 +12688,19 @@ CLASS="PARAMETER"
 >passwd program</I
 ></TT
 > and should 
-		be turned off after this has been done. This parameter is off by
-		default.</P
+ 		be turned off after this has been done. This option has no effect if the 
+                <A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+></A
+>
+                paramter is set. This parameter is off by default.</P
 ><P
->See also &#60;<A
+>See also <A
 HREF="#PASSWDCHAT"
 ><TT
 CLASS="PARAMETER"
@@ -12216,7 +12708,16 @@ CLASS="PARAMETER"
 >passwd chat</I
 ></TT
 >
-		</A
+ 		</A
+>, <A
+HREF="#PAMPASSWORDCHANGE"
+><TT
+CLASS="PARAMETER"
+><I
+>pam password change</I
+></TT
+>
+                </A
 >, <A
 HREF="#PASSWDPROGRAM"
 ><TT
@@ -12225,7 +12726,7 @@ CLASS="PARAMETER"
 >passwd program</I
 ></TT
 >
-		</A
+  		</A
 >.</P
 ><P
 >Default: <B
@@ -12250,18 +12751,16 @@ CLASS="PARAMETER"
 		will be replaced with the user name. The user name is checked for 
 		existence before calling the password changing program.</P
 ><P
->Also note that many passwd programs insist in <I
-CLASS="EMPHASIS"
+>Also note that many passwd programs insist in <EM
 >reasonable
-		</I
+		</EM
 > passwords, such as a minimum length, or the inclusion 
 		of mixed case chars and digits. This can pose a problem as some clients 
 		(such as Windows for Workgroups) uppercase the password before sending 
 		it.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that if the <TT
 CLASS="PARAMETER"
 ><I
@@ -12270,11 +12769,10 @@ CLASS="PARAMETER"
 ></TT
 > parameter is set to <TT
 CLASS="CONSTANT"
->True
+>true
 		</TT
-> then this program is called <I
-CLASS="EMPHASIS"
->AS ROOT</I
+> then this program is called <EM
+>AS ROOT</EM
 > 
 		before the SMB password in the <A
 HREF="smbpasswd.5.html"
@@ -12294,13 +12792,11 @@ CLASS="PARAMETER"
 >unix password sync</I
 ></TT
 > parameter 
-		is set this parameter <I
-CLASS="EMPHASIS"
->MUST USE ABSOLUTE PATHS</I
+		is set this parameter <EM
+>MUST USE ABSOLUTE PATHS</EM
 > 
-		for <I
-CLASS="EMPHASIS"
->ALL</I
+		for <EM
+>ALL</EM
 > programs called, and must be examined 
 		for security implications. Note that by default <TT
 CLASS="PARAMETER"
@@ -12310,7 +12806,7 @@ CLASS="PARAMETER"
 ></TT
 > is set to <TT
 CLASS="CONSTANT"
->False</TT
+>false</TT
 >.</P
 ><P
 >See also <A
@@ -12439,15 +12935,13 @@ CLASS="PARAMETER"
 		the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
 		user level security mode.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > Using a password server 
 		means your UNIX box (running Samba) is only as secure as your 
-		password server. <I
-CLASS="EMPHASIS"
+		password server. <EM
 >DO NOT CHOOSE A PASSWORD SERVER THAT 
-		YOU DON'T COMPLETELY TRUST</I
+		YOU DON'T COMPLETELY TRUST</EM
 >.</P
 ><P
 >Never point a Samba server at itself for password 
@@ -12504,7 +12998,7 @@ CLASS="PARAMETER"
 		Primary or Backup Domain controllers to authenticate against by 
 		doing a query for the name <TT
 CLASS="CONSTANT"
->WORKGROUP&lt;1C&gt;</TT
+>WORKGROUP&#60;1C&#62;</TT
 > 
 		and then contacting each server returned in the list of IP 
 		addresses from the name resolution source. </P
@@ -12559,7 +13053,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >			security=server</B
 >  mode the network logon will appear to 
-			come from there rather than from the users workstation.</P
+			come from there rather than from the user's workstation.</P
 ></LI
 ></UL
 ><P
@@ -12576,7 +13070,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->password server = &lt;empty string&gt;</B
+>password server = &#60;empty string&#62;</B
 >
 		</P
 ><P
@@ -12636,9 +13130,8 @@ CLASS="PARAMETER"
 ></A
 > if one was specified.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->none</I
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -12685,7 +13178,7 @@ NAME="POSTEXEC"
 		substitutions. The command may be run as the root on some 
 		systems.</P
 ><P
->An interesting example may be do unmount server 
+>An interesting example may be to unmount server 
 		resources:</P
 ><P
 ><B
@@ -12704,16 +13197,15 @@ CLASS="PARAMETER"
 		</A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->none (no command executed)</I
+>Default: <EM
+>none (no command executed)</EM
 >
 		</P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >postexec = echo \"%u disconnected from %S 
-		from %m (%I)\" &gt;&gt; /tmp/log</B
+		from %m (%I)\" &#62;&#62; /tmp/log</B
 ></P
 ></DD
 ><DT
@@ -12724,7 +13216,7 @@ NAME="POSTSCRIPT"
 ><DD
 ><P
 >This parameter forces a printer to interpret 
-		the print files as postscript. This is done by adding a <TT
+		the print files as PostScript. This is done by adding a <TT
 CLASS="CONSTANT"
 >%!
 		</TT
@@ -12781,15 +13273,14 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->none (no command executed)</I
+>Default: <EM
+>none (no command executed)</EM
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >preexec = echo \"%u connected to %S from %m
-		(%I)\" &gt;&gt; /tmp/log</B
+		(%I)\" &#62;&#62; /tmp/log</B
 ></P
 ></DD
 ><DT
@@ -12830,7 +13321,10 @@ TARGET="_top"
 > is a preferred master browser 
 		for its workgroup.</P
 ><P
->If this is set to true, on startup, <B
+>If this is set to <TT
+CLASS="CONSTANT"
+>true</TT
+>, on startup, <B
 CLASS="COMMAND"
 >nmbd</B
 > 
@@ -12915,9 +13409,8 @@ CLASS="PARAMETER"
 ></A
 > option is easier.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no preloaded services</I
+>Default: <EM
+>no preloaded services</EM
 ></P
 ><P
 >Example: <B
@@ -12998,9 +13491,8 @@ CLASS="PARAMETER"
 		spool file name is generated automatically by the server, the printer 
 		name is discussed below.</P
 ><P
->The print command <I
-CLASS="EMPHASIS"
->MUST</I
+>The print command <EM
+>MUST</EM
 > contain at least 
 		one occurrence of <TT
 CLASS="PARAMETER"
@@ -13058,7 +13550,7 @@ CLASS="PARAMETER"
 ><P
 ><B
 CLASS="COMMAND"
->print command = echo Printing %s &gt;&gt; 
+>print command = echo Printing %s &#62;&#62; 
 		/tmp/print.log; lpr -P %p %s; rm %s</B
 ></P
 ><P
@@ -13222,6 +13714,12 @@ CLASS="COMMAND"
 ><P
 >A minimal printcap file would look something like this:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		print1|My Printer 1
@@ -13230,15 +13728,17 @@ CLASS="PROGRAMLISTING"
 		print4|My Printer 4
 		print5|My Printer 5
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >where the '|' separates aliases of a printer. The fact 
 		that the second alias has a space in it gives a hint to Samba 
 		that it's a comment.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE</I
+><EM
+>NOTE</EM
 >: Under AIX the default printcap 
 		name is <TT
 CLASS="FILENAME"
@@ -13277,7 +13777,7 @@ NAME="PRINTERADMIN"
 ><P
 >Default: <B
 CLASS="COMMAND"
->printer admin = &lt;empty string&gt;</B
+>printer admin = &#60;empty string&#62;</B
 >
 		</P
 ><P
@@ -13293,20 +13793,17 @@ NAME="PRINTERDRIVER"
 >printer driver (S)</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->This is a depreciated 
+><EM
+>Note :</EM
+>This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
-		<TT
-CLASS="FILENAME"
->PRINTER_DRIVER2.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs
-		</TT
-> of the Samba distribution for more information
+		the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 2.2. Printing
+		HOWTO</A
+> for more information
 		on the new method of loading printer drivers onto a Samba server.
 		</P
 ><P
@@ -13354,20 +13851,17 @@ NAME="PRINTERDRIVERFILE"
 >printer driver file (G)</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->This is a depreciated 
+><EM
+>Note :</EM
+>This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
-		<TT
-CLASS="FILENAME"
->PRINTER_DRIVER2.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs
-		</TT
-> of the Samba distribution for more information
+		the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 2.2. Printing
+		HOWTO</A
+> for more information
 		on the new method of loading printer drivers onto a Samba server.
 		</P
 ><P
@@ -13392,7 +13886,7 @@ CLASS="FILENAME"
 		</TT
 > files found on the Windows 95 client system. For more 
 		details on setting up serving of printer drivers to Windows 95 
-		clients, see the documentation file in the <TT
+		clients, see the outdated documentation file in the <TT
 CLASS="FILENAME"
 >docs/</TT
 > 
@@ -13411,9 +13905,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->None (set in compile).</I
+>Default: <EM
+>None (set in compile).</EM
 ></P
 ><P
 >Example: <B
@@ -13429,20 +13922,17 @@ NAME="PRINTERDRIVERLOCATION"
 >printer driver location (S)</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->Note :</I
->This is a depreciated 
+><EM
+>Note :</EM
+>This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
-		<TT
-CLASS="FILENAME"
->PRINTER_DRIVER2.txt</TT
-> in the <TT
-CLASS="FILENAME"
->docs
-		</TT
-> of the Samba distribution for more information
+		the <A
+HREF="printer_driver2.html"
+TARGET="_top"
+>Samba 2.2. Printing
+		HOWTO</A
+> for more information
 		on the new method of loading printer drivers onto a Samba server.
 		</P
 ><P
@@ -13458,7 +13948,7 @@ CLASS="COMMAND"
 ><P
 >Where MACHINE is the NetBIOS name of your Samba server, 
 		and PRINTER$ is a share you set up for serving printer driver 
-		files. For more details on setting this up see the documentation 
+		files. For more details on setting this up see the outdated documentation 
 		file in the <TT
 CLASS="FILENAME"
 >docs/</TT
@@ -13502,13 +13992,12 @@ NAME="PRINTERNAME"
 		name given will be used for any printable service that does 
 		not have its own printer name specified.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (but may be <TT
 CLASS="CONSTANT"
 >lp</TT
 > 
-		on many systems)</I
+		on many systems)</EM
 ></P
 ><P
 >Example: <B
@@ -13571,7 +14060,7 @@ CLASS="PARAMETER"
 >lprm command</I
 ></TT
 > if specified in the 
-		[global]f&#62; section.</P
+		[global] section.</P
 ><P
 >Currently eight printing styles are supported. They are
 		<TT
@@ -13664,14 +14153,14 @@ NAME="QUEUEPAUSECOMMAND"
 ><DD
 ><P
 >This parameter specifies the command to be 
-		executed on the server host in order to pause the printerqueue.</P
+		executed on the server host in order to pause the printer queue.</P
 ><P
 >This command should be a program or script which takes 
-		a printer name as its only parameter and stops the printerqueue, 
+		a printer name as its only parameter and stops the printer queue, 
 		such that no longer jobs are submitted to the printer.</P
 ><P
 >This command is not supported by Windows for Workgroups, 
-		but can be issued from the Printer's window under Windows 95 
+		but can be issued from the Printers window under Windows 95 
 		and NT.</P
 ><P
 >If a <TT
@@ -13679,7 +14168,7 @@ CLASS="PARAMETER"
 ><I
 >%p</I
 ></TT
-> is given then the printername 
+> is given then the printer name 
 		is put in its place. Otherwise it is placed at the end of the command.
 		</P
 ><P
@@ -13687,15 +14176,14 @@ CLASS="PARAMETER"
 		path in the command as the PATH may not be available to the 
 		server.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <TT
 CLASS="PARAMETER"
 ><I
 >printing
 		</I
 ></TT
-></I
+></EM
 ></P
 ><P
 >Example: <B
@@ -13711,7 +14199,7 @@ NAME="QUEUERESUMECOMMAND"
 ><DD
 ><P
 >This parameter specifies the command to be 
-		executed on the server host in order to resume the printerqueue. It 
+		executed on the server host in order to resume the printer queue. It 
  		is the command to undo the behavior that is caused by the 
 		previous parameter (<A
 HREF="#QUEUEPAUSECOMMAND"
@@ -13724,11 +14212,11 @@ CLASS="PARAMETER"
 >).</P
 ><P
 >This command should be a program or script which takes 
-		a printer name as its only parameter and resumes the printerqueue, 
+		a printer name as its only parameter and resumes the printer queue, 
 		such that queued jobs are resubmitted to the printer.</P
 ><P
 >This command is not supported by Windows for Workgroups, 
-		but can be issued from the Printer's window under Windows 95 
+		but can be issued from the Printers window under Windows 95 
 		and NT.</P
 ><P
 >If a <TT
@@ -13736,7 +14224,7 @@ CLASS="PARAMETER"
 ><I
 >%p</I
 ></TT
-> is given then the printername 
+> is given then the printer name 
 		is put in its place. Otherwise it is placed at the end of the 
 		command.</P
 ><P
@@ -13744,8 +14232,7 @@ CLASS="PARAMETER"
 		path in the command as the PATH may not be available to the 
 		server.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <A
 HREF="#PRINTING"
 ><TT
@@ -13754,7 +14241,7 @@ CLASS="PARAMETER"
 >printing</I
 ></TT
 ></A
-></I
+></EM
 >
 		</P
 ><P
@@ -13838,7 +14325,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->read list = &lt;empty string&gt;</B
+>read list = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -13966,7 +14453,10 @@ CLASS="COMMAND"
 		192.168.4.255/STAFF</B
 ></P
 ><P
->the above line would cause nmbd to announce itself 
+>the above line would cause <B
+CLASS="COMMAND"
+>nmbd</B
+> to announce itself 
 		to the two given IP addresses using the given workgroup names. 
 		If you leave out the workgroup name then the one given in 
 		the <A
@@ -13995,7 +14485,7 @@ CLASS="FILENAME"
 ><P
 >Default: <B
 CLASS="COMMAND"
->remote announce = &lt;empty string&gt;
+>remote announce = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -14011,10 +14501,10 @@ HREF="nmbd.8.html"
 TARGET="_top"
 >nmbd(8)</A
 > to periodically request 
-		synchronization of browse lists with the master browser of a samba 
+		synchronization of browse lists with the master browser of a Samba 
 		server that is on a remote segment. This option will allow you to 
 		gain browse lists for multiple workgroups across routed networks. This 
-		is done in a manner that does not work with any non-samba servers.</P
+		is done in a manner that does not work with any non-Samba servers.</P
 ><P
 >This is useful if you want your Samba server and all local 
 		clients to appear in a remote workgroup for which the normal browse 
@@ -14041,25 +14531,133 @@ CLASS="COMMAND"
 		of known browse masters if your network config is that stable. If 
 		a machine IP address is given Samba makes NO attempt to validate 
 		that the remote machine is available, is listening, nor that it 
-		is in fact the browse master on it's segment.</P
+		is in fact the browse master on its segment.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->remote browse sync = &lt;empty string&gt;
+>remote browse sync = &#60;empty string&#62;
 		</B
 ></P
 ></DD
 ><DT
 ><A
+NAME="RESTRICTACLWITHMASK"
+></A
+>restrict acl with mask (S)</DT
+><DD
+><P
+>This is a boolean parameter.  If set to <TT
+CLASS="CONSTANT"
+>false</TT
+> (default), then 
+		creation of files with access control lists (ACLS) and modification of ACLs
+		using the Windows NT/2000 ACL editor will be applied directly to the file
+		or directory.</P
+><P
+>If set to <TT
+CLASS="CONSTANT"
+>true</TT
+>, then all requests to set an ACL on a file will have the
+		parameters <A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></A
+>,
+		<A
+HREF="#FORCECREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></A
+>
+		applied before setting the ACL, and all requests to set an ACL on a directory will
+		have the parameters <A
+HREF="#DIRECTORYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory 
+		mask</I
+></TT
+></A
+>, <A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force 
+		directory mode</I
+></TT
+></A
+> applied before setting the ACL.
+		</P
+><P
+>See also <A
+HREF="#CREATEMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>create mask</I
+></TT
+></A
+>,
+		<A
+HREF="#FORCECREATEMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force create mode</I
+></TT
+></A
+>,
+		<A
+HREF="#DIRECTORYMASK"
+><TT
+CLASS="PARAMETER"
+><I
+>directory mask</I
+></TT
+></A
+>,
+		<A
+HREF="#FORCEDIRECTORYMODE"
+><TT
+CLASS="PARAMETER"
+><I
+>force directory mode</I
+></TT
+></A
+>
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>restrict acl with mask = no</B
+></P
+></DD
+><DT
+><A
 NAME="RESTRICTANONYMOUS"
 ></A
 >restrict anonymous (G)</DT
 ><DD
 ><P
->This is a boolean parameter.  If it is true, then 
+>This is a boolean parameter.  If it is <TT
+CLASS="CONSTANT"
+>true</TT
+>, then 
 		anonymous access to the server will be restricted, namely in the 
 		case where the server is expecting the client to send a username, 
-		but it doesn't.  Setting it to true will force these anonymous 
+		but it doesn't.  Setting it to <TT
+CLASS="CONSTANT"
+>true</TT
+> will force these anonymous 
  		connections to be denied, and the client will be required to always 
 		supply a username and password when connecting. Use of this parameter 
 		is only recommended for homogeneous NT client environments.</P
@@ -14069,10 +14667,13 @@ NAME="RESTRICTANONYMOUS"
 		likes to use anonymous connections when refreshing the share list, 
 		and this is a way to work around that.</P
 ><P
->When restrict anonymous is true, all anonymous connections 
+>When restrict anonymous is <TT
+CLASS="CONSTANT"
+>true</TT
+>, all anonymous connections 
 		are denied no matter what they are for.  This can effect the ability 
-		of a machine to access the samba Primary Domain Controller to revalidate 
-		it's machine account after someone else has logged on the client 
+		of a machine to access the Samba Primary Domain Controller to revalidate 
+		its machine account after someone else has logged on the client 
 		interactively.  The NT client will display a message saying that 
 		the machine's account in  the domain doesn't exist or the password is 
 		bad.  The best way to deal  with this is to reboot NT client machines 
@@ -14129,7 +14730,7 @@ NAME="ROOTDIRECTORY"
 CLASS="COMMAND"
 >chroot()</B
 > (i.e. 
-		Change it's root directory) to this directory on startup. This is 
+		Change its root directory) to this directory on startup. This is 
 		not strictly necessary for secure operation. Even without it the 
 		server will deny access to files not in one of the service entries. 
 		It may also check for, and deny access to, soft links to other 
@@ -14159,9 +14760,8 @@ CLASS="PARAMETER"
 >root directory</I
 ></TT
 > 
-		option, <I
-CLASS="EMPHASIS"
->including</I
+		option, <EM
+>including</EM
 > some files needed for 
 		complete operation of the server. To maintain full operability 
 		of the server you will need to mirror some system files 
@@ -14204,7 +14804,7 @@ CLASS="PARAMETER"
 >
 		parameter except that the command is run as root. This 
 		is useful for unmounting filesystems 
-		(such as cdroms) after a connection is closed.</P
+		(such as CDROMs) after a connection is closed.</P
 ><P
 >See also <A
 HREF="#POSTEXEC"
@@ -14218,7 +14818,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->root postexec = &lt;empty string&gt;
+>root postexec = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -14236,8 +14836,8 @@ CLASS="PARAMETER"
 ></TT
 >
 		parameter except that the command is run as root. This 
-		is useful for mounting filesystems (such as cdroms) after a 
-		connection is closed.</P
+		is useful for mounting filesystems (such as CDROMs) when a 
+		connection is opened.</P
 ><P
 >See also <A
 HREF="#PREEXEC"
@@ -14259,7 +14859,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->root preexec = &lt;empty string&gt;
+>root preexec = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -14394,9 +14994,8 @@ CLASS="PARAMETER"
 >It is possible to use <B
 CLASS="COMMAND"
 >smbd</B
-> in a <I
-CLASS="EMPHASIS"
->		hybrid mode</I
+> in a <EM
+>		hybrid mode</EM
 > where it is offers both user and share 
 		level security under different <A
 HREF="#NETBIOSALIASES"
@@ -14413,13 +15012,12 @@ CLASS="PARAMETER"
 ><A
 NAME="SECURITYEQUALSSHARE"
 ></A
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = SHARE
-		</I
+		</EM
 ></P
 ><P
->When clients connect to a share level security server then 
+>When clients connect to a share level security server they 
 		need not log onto the server with a valid username and password before 
 		attempting to connect to a shared resource (although modern clients 
 		such as Windows 95/98 and Windows NT will send a logon request with 
@@ -14434,9 +15032,8 @@ CLASS="COMMAND"
 >Note that <B
 CLASS="COMMAND"
 >smbd</B
-> <I
-CLASS="EMPHASIS"
->ALWAYS</I
+> <EM
+>ALWAYS</EM
 > 
 		uses a valid UNIX user to act on behalf of the client, even in
 		<B
@@ -14496,10 +15093,9 @@ CLASS="PARAMETER"
 ></LI
 ><LI
 ><P
->If the client did a previous <I
-CLASS="EMPHASIS"
+>If the client did a previous <EM
 >logon
-			</I
+			</EM
 > request (the SessionSetup SMB call) then the 
 			username sent in this SMB will be added as a potential username.
 			</P
@@ -14554,9 +15150,8 @@ CLASS="PARAMETER"
 >, then this 
 		guest user will be used, otherwise access is denied.</P
 ><P
->Note that it can be <I
-CLASS="EMPHASIS"
->very</I
+>Note that it can be <EM
+>very</EM
 > confusing 
 		in share-level security as to which UNIX username will eventually
 		be used in granting access.</P
@@ -14569,10 +15164,9 @@ HREF="#AEN234"
 ><A
 NAME="SECURITYEQUALSUSER"
 ></A
-><I
-CLASS="EMPHASIS"
->SECURIYT = USER
-		</I
+><EM
+>SECURITY = USER
+		</EM
 ></P
 ><P
 >This is the default security setting in Samba 2.2. 
@@ -14615,13 +15209,11 @@ CLASS="PARAMETER"
 		may change the UNIX user to use on this connection, but only after 
 		the user has been successfully authenticated.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that the name of the resource being 
-		requested is <I
-CLASS="EMPHASIS"
->not</I
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
@@ -14653,10 +15245,9 @@ HREF="#AEN234"
 ><A
 NAME="SECURITYEQUALSSERVER"
 ></A
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = SERVER
-		</I
+		</EM
 ></P
 ><P
 >In this mode Samba will try to validate the username/password 
@@ -14681,10 +15272,9 @@ CLASS="FILENAME"
 > for details on how to set this 
 		up.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that from the clients point of 
+><EM
+>Note</EM
+> that from the client's point of 
 		view <B
 CLASS="COMMAND"
 >security = server</B
@@ -14695,13 +15285,11 @@ CLASS="COMMAND"
 		with the authentication, it does not in any way affect what the 
 		client sees.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that the name of the resource being 
-		requested is <I
-CLASS="EMPHASIS"
->not</I
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
@@ -14753,10 +15341,9 @@ CLASS="PARAMETER"
 ><A
 NAME="SECURITYEQUALSDOMAIN"
 ></A
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = DOMAIN
-		</I
+		</EM
 ></P
 ><P
 >This mode will only work correctly if <A
@@ -14781,17 +15368,15 @@ CLASS="CONSTANT"
 		it to a Windows NT Primary or Backup Domain Controller, in exactly 
 		the same way that a Windows NT Server would do.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that a valid UNIX user must still 
 		exist as well as the account on the Domain Controller to allow 
 		Samba to have a valid UNIX account to map file access to.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
-> that from the clients point 
+><EM
+>Note</EM
+> that from the client's point 
 		of view <B
 CLASS="COMMAND"
 >security = domain</B
@@ -14802,13 +15387,11 @@ CLASS="COMMAND"
 >. It only affects how the server deals with the authentication, 
 		it does not in any way affect what the client sees.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that the name of the resource being 
-		requested is <I
-CLASS="EMPHASIS"
->not</I
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
@@ -14832,9 +15415,8 @@ CLASS="PARAMETER"
 		</A
 > parameter for details on doing this.</P
 ><P
-><I
-CLASS="EMPHASIS"
->BUG:</I
+><EM
+>BUG:</EM
 > There is currently a bug in the 
 		implementation of <B
 CLASS="COMMAND"
@@ -14899,28 +15481,20 @@ NAME="SECURITYMASK"
 		mask may be treated as a set of bits the user is not allowed 
 		to change.</P
 ><P
->If not set explicitly this parameter is set to the same
-		value as the <A
-HREF="#CREATEMASK"
-><TT
-CLASS="PARAMETER"
-><I
->create mask
-		</I
-></TT
-></A
-> parameter. To allow a user to modify all the 
-		user/group/world permissions on a file, set this parameter to 
-		0777.</P
+>If not set explicitly this parameter is 0777, allowing
+		a user to modify all the user/group/world permissions on a file.
+		</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that users who can access the 
 		Samba server through other means can easily bypass this 
 		restriction, so it is primarily useful for standalone 
 		"appliance" systems.  Administrators of most normal systems will 
-		probably want to set it to 0777.</P
+		probably want to leave it set to <TT
+CLASS="CONSTANT"
+>0777</TT
+>.</P
 ><P
 >See also the <A
 HREF="#FORCEDIRECTORYSECURITYMODE"
@@ -14952,13 +15526,12 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->security mask = &lt;same as create mask&gt;
-		</B
+>security mask = 0777</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->security mask = 0777</B
+>security mask = 0770</B
 ></P
 ></DD
 ><DT
@@ -14972,7 +15545,7 @@ NAME="SERVERSTRING"
 		printer comment box in print manager and next to the IPC connection 
 		in <B
 CLASS="COMMAND"
->net view"</B
+>net view</B
 >. It can be any string that you wish 
 		to show to your users.</P
 ><P
@@ -15080,9 +15653,8 @@ CLASS="CONSTANT"
 >This option gives full share compatibility and enabled 
 		by default.</P
 ><P
->You should <I
-CLASS="EMPHASIS"
->NEVER</I
+>You should <EM
+>NEVER</EM
 > turn this parameter 
 		off as many Windows applications will break if you do so.</P
 ><P
@@ -15154,7 +15726,7 @@ CLASS="PARAMETER"
 >printer admin</I
 ></TT
 > group), the OpenPrinterEx() 
-		call fails and the clients another open call with a request for 
+		call fails and the client makes another open call with a request for 
 		a lower privilege level.  This should succeed, however the APW 
 		icon will not be displayed.</P
 ><P
@@ -15165,9 +15737,8 @@ CLASS="PARAMETER"
 ></TT
 >
 		parameter will always cause the OpenPrinterEx() on the server
-		to fail.  Thus the APW icon will never be displayed. <I
-CLASS="EMPHASIS"
->		Note :</I
+		to fail.  Thus the APW icon will never be displayed. <EM
+>		Note :</EM
 >This does not prevent the same user from having 
 		administrative privilege on an individual printer.</P
 ><P
@@ -15238,7 +15809,7 @@ NAME="SOCKETADDRESS"
 		support multiple virtual interfaces on the one server, each 
 		with a different configuration.</P
 ><P
->By default samba will accept connections on any 
+>By default Samba will accept connections on any 
 		address.</P
 ><P
 >Example: <B
@@ -15332,9 +15903,8 @@ TARGET="_top"
 ></LI
 ></UL
 ><P
->Those marked with a <I
-CLASS="EMPHASIS"
->'*'</I
+>Those marked with a <EM
+>'*'</EM
 > take an integer 
 		argument. The others can optionally take a 1 or 0 argument to enable 
 		or disable the option, by default they will be enabled if you 
@@ -15406,9 +15976,8 @@ CLASS="COMMAND"
 >SAMBA_NETBIOS_NAME=myhostname</B
 ></P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->No default value</I
+>Default: <EM
+>No default value</EM
 ></P
 ><P
 >Examples: <B
@@ -15438,13 +16007,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15452,8 +16019,8 @@ CLASS="EMPHASIS"
 		it is set to <TT
 CLASS="CONSTANT"
 >no</TT
->, the SSL enabled samba behaves 
-		exactly like the non-SSL samba. If set to <TT
+>, the SSL-enabled Samba behaves 
+		exactly like the non-SSL Samba. If set to <TT
 CLASS="CONSTANT"
 >yes</TT
 >, 
@@ -15496,19 +16063,17 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
 >This variable defines where to look up the Certification
 		Authorities. The given directory should contain one file for 
-		each CA that samba will trust.  The file name must be the hash 
+		each CA that Samba will trust.  The file name must be the hash 
 		value over the "Distinguished Name" of the CA. How this directory 
 		is set up is explained later in this document. All files within the 
 		directory that don't fit into this naming scheme are ignored. You 
@@ -15535,13 +16100,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15575,13 +16138,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15604,13 +16165,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15645,13 +16204,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15686,13 +16243,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15738,18 +16293,16 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
->These two variables define whether samba will go 
-		into SSL mode or not. If none of them is defined, samba will 
+>These two variables define whether Samba will go 
+		into SSL mode or not. If none of them is defined, Samba will 
 		allow only SSL connections. If the <A
 HREF="#SSLHOSTS"
 >		<TT
@@ -15766,7 +16319,9 @@ CLASS="PARAMETER"
 >		ssl hosts resign</I
 ></TT
 > variable lists hosts, only these 
-		hosts will NOT be forced into SSL mode. The syntax for these two 
+		hosts will <EM
+>NOT</EM
+> be forced into SSL mode. The syntax for these two 
 		variables is the same as for the <A
 HREF="#HOSTSALLOW"
 ><TT
@@ -15792,12 +16347,12 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->ssl hosts = &lt;empty string&gt;</B
+>ssl hosts = &#60;empty string&#62;</B
 ></P
 ><P
 ><B
 CLASS="COMMAND"
->ssl hosts resign = &lt;empty string&gt;</B
+>ssl hosts resign = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -15820,13 +16375,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15860,9 +16413,8 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >no</TT
 >, clients don't need certificates. 
-		Contrary to web applications you really <I
-CLASS="EMPHASIS"
->should</I
+		Contrary to web applications you really <EM
+>should</EM
 > 
 		require client certificates. In the web environment the client's 
 		data is sensitive (credit card numbers) and the server must prove 
@@ -15889,13 +16441,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -15944,27 +16494,24 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
 >This is the file containing the server's certificate. 
-		The server <I
-CLASS="EMPHASIS"
->must</I
+		The server <EM
+>must</EM
 > have a certificate. The 
 		file may also contain the server's private key. See later for 
 		how certificates and private keys are created.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->ssl server cert = &lt;empty string&gt;
+>ssl server cert = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -15983,32 +16530,28 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
 >This file contains the private key of the server. If 
 		this variable is not defined, the key is looked up in the 
 		certificate file (it may be appended to the certificate). 
-		The server <I
-CLASS="EMPHASIS"
->must</I
+		The server <EM
+>must</EM
 > have a private key
-		and the certificate <I
-CLASS="EMPHASIS"
->must</I
+		and the certificate <EM
+>must</EM
 > 
 		match this private key.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->ssl server key = &lt;empty string&gt;
+>ssl server key = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -16027,13 +16570,11 @@ CLASS="COMMAND"
 > was 
 		given at configure time.</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that for export control reasons 
-		this code is <I
-CLASS="EMPHASIS"
->NOT</I
+		this code is <EM
+>NOT</EM
 > enabled by default in any 
 		current binary version of Samba.</P
 ><P
@@ -16150,7 +16691,7 @@ CLASS="CONSTANT"
 > the server does file 
 		lock checks only when the client explicitly asks for them.</P
 ><P
->Well behaved clients always ask for lock checks when it 
+>Well-behaved clients always ask for lock checks when it 
 		is important, so in the vast majority of cases <B
 CLASS="COMMAND"
 >strict 
@@ -16179,7 +16720,11 @@ NAME="STRICTSYNC"
 CLASS="CONSTANT"
 >no</TT
 > (the 
-		default) means that smbd ignores the Windows applications requests for
+		default) means that <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> ignores the Windows applications requests for
 		a sync call. There is only a possibility of losing data if the
 		operating system itself that Samba is running on crashes, so there is
 		little danger in this default setting. In addition, this fixes many
@@ -16227,10 +16772,16 @@ NAME="SYNCALWAYS"
 ><P
 >This is a boolean parameter that controls 
 		whether writes will always be written to stable storage before 
-		the write call returns. If this is false then the server will be 
+		the write call returns. If this is <TT
+CLASS="CONSTANT"
+>false</TT
+> then the server will be 
 		guided by the client's request in each write call (clients can 
 		set a bit indicating that a particular write should be synchronous). 
-		If this is true then every write will be followed by a <B
+		If this is <TT
+CLASS="CONSTANT"
+>true</TT
+> then every write will be followed by a <B
 CLASS="COMMAND"
 >fsync()
 		</B
@@ -16321,9 +16872,8 @@ NAME="TEMPLATEHOMEDIR"
 >template homedir (G)</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > this parameter is 
 		only available in Samba 3.0.</P
 ><P
@@ -16361,9 +16911,8 @@ NAME="TEMPLATESHELL"
 >template shell (G)</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > this parameter is 
 		only available in Samba 3.0.</P
 ><P
@@ -16449,7 +16998,11 @@ NAME="TOTALPRINTJOBS"
 >This parameter accepts an integer value which defines
 		a limit on the maximum number of print jobs that will be accepted 
 		system wide at any given time.  If a print job is submitted
-		by a client which will exceed this number, then smbd will return an 
+		by a client which will exceed this number, then <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> will return an 
 		error indicating that no space is available on the server.  The 
 		default value of 0 means that no such limit exists.  This parameter
 		can be used to prevent a server from exceeding its capacity and is
@@ -16485,18 +17038,20 @@ NAME="UNIXPASSWORDSYNC"
 >This boolean parameter controls whether Samba 
 		attempts to synchronize the UNIX password with the SMB password 
 		when the encrypted SMB password in the smbpasswd file is changed. 
-		If this is set to true the program specified in the <TT
+		If this is set to <TT
+CLASS="CONSTANT"
+>true</TT
+> the program specified in the <TT
 CLASS="PARAMETER"
 ><I
 >passwd
 		program</I
 ></TT
->parameter is called <I
-CLASS="EMPHASIS"
->AS ROOT</I
+>parameter is called <EM
+>AS ROOT</EM
 > - 
 		to allow the new UNIX password to be set without access to the 
-		old UNIX password (as the SMB password has change code has no 
+		old UNIX password (as the SMB password change code has no 
 		access to the old password cleartext, only the new).</P
 ><P
 >See also <A
@@ -16525,23 +17080,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="UNIXREALNAME"
-></A
->unix realname (G)</DT
-><DD
-><P
->This boolean parameter when set causes samba 
-		to supply the real name field from the unix password file to 
-		the client. This is useful for setting up mail clients and WWW 
-		browsers on systems used by more than one person.</P
-><P
->Default: <B
-CLASS="COMMAND"
->unix realname = yes</B
-></P
-></DD
-><DT
-><A
 NAME="UPDATEENCRYPTED"
 ></A
 >update encrypted (G)</DT
@@ -16602,17 +17140,19 @@ NAME="USERHOSTS"
 >use rhosts (G)</DT
 ><DD
 ><P
->If this global parameter is a true, it specifies 
-		that the UNIX users <TT
+>If this global parameter is <TT
+CLASS="CONSTANT"
+>true</TT
+>, it specifies 
+		that the UNIX user's <TT
 CLASS="FILENAME"
 >.rhosts</TT
 > file in their home directory 
 		will be read to find the names of hosts and users who will be allowed 
 		access without specifying a password.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > The use of <TT
 CLASS="PARAMETER"
 ><I
@@ -16729,7 +17269,7 @@ CLASS="PARAMETER"
 > parameter.</P
 ><P
 >If any of the usernames begin with a '@' then the name 
-		will be looked up first in the yp netgroups list (if Samba 
+		will be looked up first in the NIS netgroups list (if Samba 
 		is compiled with netgroup support), followed by a lookup in 
 		the UNIX groups database and will expand to a list of all users 
 		in the group of that name.</P
@@ -16739,7 +17279,7 @@ CLASS="PARAMETER"
 		expand to a list of all users in the group of that name.</P
 ><P
 >If any of the usernames begin with a '&#38;'then the name 
-		will be looked up only in the yp netgroups database (if Samba 
+		will be looked up only in the NIS netgroups database (if Samba 
 		is compiled with netgroup support) and will expand to a list 
 		of all users in the netgroup group of that name.</P
 ><P
@@ -16757,7 +17297,7 @@ HREF="#AEN234"
 >Default: <B
 CLASS="COMMAND"
 >The guest account if a guest service, 
-		else &lt;empty string&gt;.</B
+		else &#60;empty string&#62;.</B
 ></P
 ><P
 >Examples:<B
@@ -16894,11 +17434,20 @@ CLASS="COMMAND"
 		'!' to tell Samba to stop processing if it gets a match on 
 		that line.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		!sys = mary fred
 		guest = *
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Note that the remapping is applied to all occurrences 
@@ -16935,9 +17484,8 @@ CLASS="PARAMETER"
 		trouble deleting print jobs as PrintManager under WfWg will think 
 		they don't own the print job.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no username map</I
+>Default: <EM
+>no username map</EM
 ></P
 ><P
 >Example: <B
@@ -16957,7 +17505,10 @@ NAME="UTMP"
 		Samba has been configured and compiled  with the option <B
 CLASS="COMMAND"
 >		--with-utmp</B
->. If set to True then Samba will attempt
+>. If set to <TT
+CLASS="CONSTANT"
+>true</TT
+> then Samba will attempt
 		to add utmp or utmpx records (depending on the UNIX system) whenever a
 		connection is made to a Samba server. Sites may use this to record the
 		user connecting to a Samba share.</P
@@ -17006,9 +17557,8 @@ CLASS="FILENAME"
 >/var/run/utmp</TT
 > on Linux).</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->no utmp directory</I
+>Default: <EM
+>no utmp directory</EM
 ></P
 ></DD
 ><DT
@@ -17037,20 +17587,28 @@ NAME="VALIDCHARS"
 		(which is a pointless thing to do as it's already there) you could 
 		do one of the following</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		valid chars = Z
 		valid chars = z:Z
 		valid chars = 0132:0172
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >The last two examples above actually add two characters, 
 		and alter the uppercase and lowercase mappings appropriately.</P
 ><P
->Note that you <I
-CLASS="EMPHASIS"
->MUST</I
+>Note that you <EM
+>MUST</EM
 > specify this parameter 
 		after the <TT
 CLASS="PARAMETER"
@@ -17088,10 +17646,9 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >Samba defaults to using a reasonable set 
-		of valid characters for English systems</I
+		of valid characters for English systems</EM
 ></P
 ><P
 >Example: <B
@@ -17103,9 +17660,8 @@ CLASS="COMMAND"
 >The above example allows filenames to have the Swedish 
 		characters in them.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > It is actually quite difficult to 
 		correctly produce a <TT
 CLASS="PARAMETER"
@@ -17180,10 +17736,9 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >No valid users list (anyone can login)
-		</I
+		</EM
 ></P
 ><P
 >Example: <B
@@ -17205,9 +17760,8 @@ NAME="VETOFILES"
 		or directories as in DOS wildcards.</P
 ><P
 >Each entry must be a unix path, not a DOS path and 
-		must <I
-CLASS="EMPHASIS"
->not</I
+		must <EM
+>not</EM
 > include the  unix directory 
 		separator '/'.</P
 ><P
@@ -17223,9 +17777,8 @@ CLASS="PARAMETER"
 		to be aware of, is that if a directory contains nothing but files 
 		that match the veto files parameter (which means that Windows/DOS 
 		clients cannot ever see them) is deleted, the veto files within 
-		that directory <I
-CLASS="EMPHASIS"
->are automatically deleted</I
+		that directory <EM
+>are automatically deleted</EM
 > along 
 		with it, if the user has UNIX permissions to do so.</P
 ><P
@@ -17252,13 +17805,18 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >No files or directories are vetoed.
-		</I
+		</EM
 ></P
 ><P
->Examples:<PRE
+>Examples:<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
 CLASS="PROGRAMLISTING"
 >	   ; Veto any files containing the word Security, 
     	; any ending in .tmp, and any directory containing the
@@ -17269,6 +17827,9 @@ CLASS="PROGRAMLISTING"
     	; creates.
 		veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ></DD
 ><DT
@@ -17301,10 +17862,9 @@ CLASS="PARAMETER"
 > 
 		parameter.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
+>Default: <EM
 >No files are vetoed for oplock 
-		grants</I
+		grants</EM
 ></P
 ><P
 >You might want to do this on files that you know will 
@@ -17337,9 +17897,8 @@ NAME="VFSOBJECT"
 		with a VFS object.  The Samba VFS layer is new to Samba 2.2 and 
 		must be enabled at compile time with --with-vfs.</P
 ><P
->Default : <I
-CLASS="EMPHASIS"
->no value</I
+>Default : <EM
+>no value</EM
 ></P
 ></DD
 ><DT
@@ -17350,7 +17909,7 @@ NAME="VFSOPTIONS"
 ><DD
 ><P
 >This parameter allows parameters to be passed 
-		to the vfs layer at initialisation time.  The Samba VFS layer 
+		to the vfs layer at initialization time.  The Samba VFS layer 
 		is new to Samba 2.2 and must be enabled at compile time 
 		with --with-vfs.  See also <A
 HREF="#VFSOBJECT"
@@ -17362,9 +17921,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default : <I
-CLASS="EMPHASIS"
->no value</I
+>Default : <EM
+>no value</EM
 ></P
 ></DD
 ><DT
@@ -17378,9 +17936,8 @@ NAME="VOLUME"
 		returned for a share. Useful for CDROMs with installation programs 
 		that insist on a particular volume label.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->the name of the share</I
+>Default: <EM
+>the name of the share</EM
 ></P
 ></DD
 ><DT
@@ -17412,9 +17969,8 @@ NAME="WINBINDCACHETIME"
 >winbind cache time</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > this parameter is only 
 		available in Samba 3.0.</P
 ><P
@@ -17439,9 +17995,8 @@ NAME="WINBINDGID"
 >winbind gid</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > this parameter is only 
 		available in Samba 3.0.</P
 ><P
@@ -17451,12 +18006,12 @@ HREF="winbindd.8.html"
 TARGET="_top"
 >		winbindd(8)</A
 > daemon.  This range of group ids should have no 
-		existing local or nis groups within it as strange conflicts can 
+		existing local or NIS groups within it as strange conflicts can 
 		occur otherwise.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind gid = &lt;empty string&gt;
+>winbind gid = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -17472,9 +18027,8 @@ NAME="WINBINDSEPARATOR"
 >winbind separator</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > this parameter is only 
 		available in Samba 3.0.</P
 ><P
@@ -17518,9 +18072,8 @@ NAME="WINBINDUID"
 >winbind uid</DT
 ><DD
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > this parameter is only 
 		available in Samba 3.0.</P
 ><P
@@ -17530,12 +18083,12 @@ HREF="winbindd.8.html"
 TARGET="_top"
 >		winbindd(8)</A
 > daemon.  This range of ids should have no 
-		existing local or nis users within it as strange conflicts can 
+		existing local or NIS users within it as strange conflicts can 
 		occur otherwise.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind uid = &lt;empty string&gt;
+>winbind uid = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -17579,14 +18132,14 @@ CLASS="COMMAND"
 ></LI
 ><LI
 ><P
->The second argument is the netbios name. If the 
+>The second argument is the NetBIOS name. If the 
 			name is not a legal name then the wins hook is not called. 
 			Legal names contain only  letters, digits, hyphens, underscores 
 			and periods.</P
 ></LI
 ><LI
 ><P
->The third argument is the netbios name 
+>The third argument is the NetBIOS name 
 			type as a 2 digit hexadecimal number. </P
 ></LI
 ><LI
@@ -17650,9 +18203,8 @@ TARGET="_top"
 >You should point this at your WINS server if you have a
 		multi-subnetted network.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE</I
+><EM
+>NOTE</EM
 >. You need to set up Samba to point 
 		to a WINS server if you have multiple subnets and wish cross-subnet 
 		browsing to work correctly.</P
@@ -17663,9 +18215,8 @@ CLASS="FILENAME"
 > 
 		in the docs/ directory of your Samba source distribution.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->not enabled</I
+>Default: <EM
+>not enabled</EM
 ></P
 ><P
 >Example: <B
@@ -17686,15 +18237,20 @@ TARGET="_top"
 > 		
 		nmbd(8)</A
 > process in Samba will act as a WINS server. You should 
-		not set this to true unless you have a multi-subnetted network and 
+		not set this to <TT
+CLASS="CONSTANT"
+>true</TT
+> unless you have a multi-subnetted network and 
 		you wish a particular <B
 CLASS="COMMAND"
 >nmbd</B
 > to be your WINS server. 
-		Note that you should <I
-CLASS="EMPHASIS"
->NEVER</I
-> set this to true 
+		Note that you should <EM
+>NEVER</EM
+> set this to <TT
+CLASS="CONSTANT"
+>true</TT
+>
 		on more than one machine in your network.</P
 ><P
 >Default: <B
@@ -17720,9 +18276,8 @@ CLASS="COMMAND"
 >
 		setting.</P
 ><P
->Default: <I
-CLASS="EMPHASIS"
->set at compile time to WORKGROUP</I
+>Default: <EM
+>set at compile time to WORKGROUP</EM
 ></P
 ><P
 >Example: <B
@@ -17756,9 +18311,8 @@ NAME="WRITECACHESIZE"
 ><P
 >If this integer parameter is set to non-zero value,
 		Samba will create an in-memory cache for each oplocked file 
-		(it does <I
-CLASS="EMPHASIS"
->not</I
+		(it does <EM
+>not</EM
 > do this for 
 		non-oplocked files). All writes that the client does not request 
 		to be flushed directly to disk will be stored in this cache if possible. 
@@ -17768,7 +18322,7 @@ CLASS="EMPHASIS"
 		within it.</P
 ><P
 >This cache allows Samba to batch client writes into a more 
-		efficient write size for RAID disks (ie. writes may be tuned to 
+		efficient write size for RAID disks (i.e. writes may be tuned to 
 		be the RAID stripe size) and can improve performance on systems 
 		where the disk subsystem is a bottleneck but there is free 
 		memory for userspace programs.</P
@@ -17825,7 +18379,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->write list = &lt;empty string&gt;
+>write list = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -17860,7 +18414,7 @@ NAME="WRITERAW"
 ><DD
 ><P
 >This parameter controls whether or not the server 
-		will support raw writes SMB's when transferring data from clients. 
+		will support raw write SMB's when transferring data from clients. 
 		You should never need to change this parameter.</P
 ><P
 >Default: <B
@@ -17896,9 +18450,8 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >printable = yes</B
 >)
-		will <I
-CLASS="EMPHASIS"
->ALWAYS</I
+		will <EM
+>ALWAYS</EM
 > allow writing to the directory 
 		(user privileges permitting), but only via spooling operations.</P
 ><P
@@ -17913,7 +18466,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN5654"
+NAME="AEN5830"
 ></A
 ><H2
 >WARNINGS</H2
@@ -17943,7 +18496,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN5660"
+NAME="AEN5836"
 ></A
 ><H2
 >VERSION</H2
@@ -17954,7 +18507,7 @@ NAME="AEN5660"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN5663"
+NAME="AEN5839"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -18033,7 +18586,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN5683"
+NAME="AEN5859"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html
index 36f570f2a0a..637720fa6ba 100644
--- a/docs/htmldocs/smbcacls.1.html
+++ b/docs/htmldocs/smbcacls.1.html
@@ -35,7 +35,7 @@ NAME="AEN8"
 ><P
 ><B
 CLASS="COMMAND"
->nmblookup</B
+>smbcacls</B
 >  {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]</P
 ></DIV
 ><DIV
@@ -52,18 +52,24 @@ TARGET="_top"
 >	Samba</A
 > suite.</P
 ><P
->The smbcacls program manipulates NT Access Control Lists 
+>The <B
+CLASS="COMMAND"
+>smbcacls</B
+> program manipulates NT Access Control Lists 
 	(ACLs) on SMB file shares. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN27"
+NAME="AEN28"
 ></A
 ><H2
 >OPTIONS</H2
 ><P
->The following options are available to the smbcacls program.  
+>The following options are available to the <B
+CLASS="COMMAND"
+>smbcacls</B
+> program.  
 	The format of ACLs is described in the section ACL FORMAT </P
 ><P
 ></P
@@ -90,7 +96,7 @@ CLASS="VARIABLELIST"
 >-D acls</DT
 ><DD
 ><P
->Delete any ACLs specfied on the command line.  
+>Delete any ACLs specified on the command line.  
 		An error will be printed for each ACL specified that was not 
 		already present in the ACL list. </P
 ></DD
@@ -175,7 +181,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN73"
+NAME="AEN75"
 ></A
 ><H2
 >ACL FORMAT</H2
@@ -183,14 +189,23 @@ NAME="AEN73"
 >The format of an ACL is one or more ACL entries separated by 
 	either commas or newlines.  An ACL entry is one of the following: </P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
-REVISION:&lt;revision number&gt;
-OWNER:&lt;sid or name&gt;
-GROUP:&lt;sid or name&gt;
-ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
+REVISION:&#60;revision number&#62;
+OWNER:&#60;sid or name&#62;
+GROUP:&#60;sid or name&#62;
+ACL:&#60;sid or name&#62;:&#60;type&#62;/&#60;flags&#62;/&#60;mask&#62;
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >The revision of the ACL specifies the internal Windows 
@@ -247,44 +262,38 @@ ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
 ><UL
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->R</I
+><EM
+>R</EM
 > - Allow read access </P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->W</I
+><EM
+>W</EM
 > - Allow write access</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->X</I
+><EM
+>X</EM
 > - Execute permission on the object</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->D</I
+><EM
+>D</EM
 > - Delete the object</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->P</I
+><EM
+>P</EM
 > - Change permissions</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->O</I
+><EM
+>O</EM
 > - Take ownership</P
 ></LI
 ></UL
@@ -295,25 +304,22 @@ CLASS="EMPHASIS"
 ><UL
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->READ</I
+><EM
+>READ</EM
 > -  Equivalent to 'RX'
 		permissions</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->CHANGE</I
+><EM
+>CHANGE</EM
 > - Equivalent to 'RXWD' permissions
 		</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->FULL</I
+><EM
+>FULL</EM
 > - Equivalent to 'RWXDPO' 
 		permissions</P
 ></LI
@@ -322,7 +328,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN123"
+NAME="AEN125"
 ></A
 ><H2
 >EXIT STATUS</H2
@@ -334,8 +340,11 @@ CLASS="COMMAND"
 	depending on the success or otherwise of the operations performed.  
 	The exit status may be one of the following values. </P
 ><P
->If the operation succeded, smbcacls returns and exit 
-	status of 0.  If smbcacls couldn't connect to the specified server, 
+>If the operation succeeded, smbcacls returns and exit 
+	status of 0.  If <B
+CLASS="COMMAND"
+>smbcacls</B
+> couldn't connect to the specified server, 
 	or there was an error getting or setting the ACLs, an exit status 
 	of 1 is returned.  If there was an error parsing any command line 
 	arguments, an exit status of 2 is returned. </P
@@ -343,7 +352,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN128"
+NAME="AEN131"
 ></A
 ><H2
 >VERSION</H2
@@ -354,7 +363,7 @@ NAME="AEN128"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN131"
+NAME="AEN134"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html
index f9cc6085d8d..f38ae269951 100644
--- a/docs/htmldocs/smbclient.1.html
+++ b/docs/htmldocs/smbclient.1.html
@@ -37,7 +37,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbclient</B
->  {servicename} [password] [-b &lt;buffer size&gt;] [-d debuglevel] [-D Directory] [-S server] [-U username] [-W workgroup] [-M &lt;netbios name&gt;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &lt;netbios name&gt;] [-I destinationIP] [-E &lt;terminal code&gt;] [-c &lt;command string&gt;] [-i scope] [-O &lt;socket options&gt;] [-p port] [-R &lt;name resolve order&gt;] [-s &lt;smb config file&gt;] [-T&lt;c|x&gt;IXFqgbNan]</P
+>  {servicename} [password] [-b &#60;buffer size&#62;] [-d debuglevel] [-D Directory] [-S server] [-U username] [-W workgroup] [-M &#60;netbios name&#62;] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L &#60;netbios name&#62;] [-I destinationIP] [-E &#60;terminal code&#62;] [-c &#60;command string&#62;] [-i scope] [-O &#60;socket options&#62;] [-p port] [-R &#60;name resolve order&#62;] [-s &#60;smb config file&#62;] [-T&#60;c|x&#62;IXFqgbNan]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -121,8 +121,14 @@ CLASS="PARAMETER"
 ><I
 >-R</I
 ></TT
-> parameter to smbclient or 
-		using the name resolve order parameter in the smb.conf file, 
+> parameter to <B
+CLASS="COMMAND"
+>smbclient</B
+> or 
+		using the name resolve order parameter in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file, 
 		allowing an administrator to change the order and methods 
 		by which server names are looked up. </P
 ></DD
@@ -189,12 +195,12 @@ CLASS="FILENAME"
 		options. </P
 ></DD
 ><DT
->-R &lt;name resolve order&gt;</DT
+>-R &#60;name resolve order&#62;</DT
 ><DD
 ><P
 >This option is used by the programs in the Samba 
 		suite to determine what naming services and in what order to resolve 
-		host names to IP addresses. The option takes a space separated 
+		host names to IP addresses. The option takes a space-separated 
 		string of different name resolution options.</P
 ><P
 >The options are :"lmhosts", "host", "wins" and "bcast". They 
@@ -227,7 +233,7 @@ CLASS="FILENAME"
 >/etc/hosts
 			</TT
 >, NIS, or DNS lookups. This method of name resolution 
-			is operating system depended for instance on IRIX or Solaris this 
+			is operating system dependent, for instance on IRIX or Solaris this 
 			may be controlled by the <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
@@ -284,7 +290,10 @@ CLASS="PARAMETER"
 >name resolve order
 		</I
 ></TT
-> parameter of the smb.conf file the name resolution
+> parameter of the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file the name resolution
 		methods will be attempted in this order. </P
 ></DD
 ><DT
@@ -339,9 +348,8 @@ CLASS="FILENAME"
 > for a description of how to handle incoming 
 		WinPopup messages in Samba. </P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 >: Copy WinPopup into the startup group 
 		on your WfWg PCs if you want them to always be able to receive 
 		messages. </P
@@ -352,10 +360,15 @@ CLASS="EMPHASIS"
 ><P
 >This specifies a NetBIOS scope that smbclient will 
 		use to communicate with when generating NetBIOS names. For details 
-		on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt.
-		NetBIOS scopes are <I
-CLASS="EMPHASIS"
->very</I
+		on the use of NetBIOS scopes, see <TT
+CLASS="FILENAME"
+>rfc1001.txt</TT
+> and <TT
+CLASS="FILENAME"
+>rfc1002.txt</TT
+>.
+		NetBIOS scopes are <EM
+>very</EM
 > rarely used, only set 
 		this parameter if you are the system administrator in charge of all 
 		the NetBIOS systems you communicate with. </P
@@ -385,7 +398,12 @@ CLASS="EMPHASIS"
 >-d debuglevel</DT
 ><DD
 ><P
->debuglevel is an integer from 0 to 10, or 
+><TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is an integer from 0 to 10, or 
 		the letter 'A'. </P
 ><P
 >The default value if this parameter is not specified 
@@ -402,21 +420,24 @@ CLASS="EMPHASIS"
 		data, and should only be used when investigating a problem.
 		Levels above 3 are designed for use only by developers and 
 		generate HUGE amounts of log data, most of which is extremely 
-		cryptic. If debuglevel is set to the letter 'A', then <I
-CLASS="EMPHASIS"
+		cryptic. If <TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is set to the letter 'A', then <EM
 >all
-		</I
+		</EM
 >  debug messages will be printed. This setting
-		is for developers only (and people who <I
-CLASS="EMPHASIS"
->really</I
+		is for developers only (and people who <EM
+>really</EM
 > want 
 		to know how the code works internally). </P
 ><P
 >Note that specifying this parameter here will override
-		the log level parameter in the <B
-CLASS="COMMAND"
->smb.conf (5)</B
+		the log level parameter in the <TT
+CLASS="FILENAME"
+>smb.conf (5)</TT
 > 
 		file. </P
 ></DD
@@ -433,7 +454,12 @@ CLASS="COMMAND"
 >-l logfilename</DT
 ><DD
 ><P
->If specified, logfilename specifies a base filename 
+>If specified, <TT
+CLASS="REPLACEABLE"
+><I
+>logfilename</I
+></TT
+> specifies a base filename 
 		into which operational data from the running client will be 
 		logged. </P
 ><P
@@ -459,7 +485,12 @@ CLASS="FILENAME"
 >-I IP-address</DT
 ><DD
 ><P
->IP address is the address of the server to connect to. 
+><TT
+CLASS="REPLACEABLE"
+><I
+>IP address</I
+></TT
+> is the address of the server to connect to. 
 		It should be specified in standard "a.b.c.d" notation. </P
 ><P
 >Normally the client would attempt to locate a named 
@@ -496,35 +527,37 @@ CLASS="PARAMETER"
 ><P
 >Sets the SMB username or username and password. 
 		If %pass is not specified, The user will be prompted. The client 
-		will first check the USER environment variable, then the 
+		will first check the <TT
+CLASS="ENVAR"
+>USER</TT
+> environment variable, then the 
 		<TT
-CLASS="PARAMETER"
-><I
->$LOGNAME</I
-></TT
-> variable and if either exist, the 
+CLASS="ENVAR"
+>LOGNAME</TT
+> variable and if either exists, the 
 		string is uppercased. Anything in these variables following a '%' 
-		sign will be treated as the password. If these environmental 
+		sign will be treated as the password. If these environment 
 		variables are not found, the username <TT
 CLASS="CONSTANT"
 >GUEST</TT
 > 
 		is used. </P
 ><P
->If the password is not included in these environment 
-		variables (using the %pass syntax), rpcclient will look for 
+>If the password is not included in these environment
+		variables (using the %pass syntax), <B
+CLASS="COMMAND"
+>rpcclient</B
+> will look for 
 		a <TT
-CLASS="PARAMETER"
-><I
->$PASSWD</I
-></TT
+CLASS="ENVAR"
+>PASSWD</TT
 > environment variable from which 
 		to read the password. </P
 ><P
 >A third option is to use a credentials file which 
 		contains the plaintext of the username and password.  This 
 		option is mainly provided for scripts where the admin doesn't 
-		desire to pass the credentials on the command line or via environment 
+		wish to pass the credentials on the command line or via environment 
 		variables. If this method is used, make certain that the permissions 
 		on the file restrict access from unwanted users.  See the 
 		<TT
@@ -536,10 +569,8 @@ CLASS="PARAMETER"
 ><P
 >Be cautious about including passwords in scripts or in 
 		the <TT
-CLASS="PARAMETER"
-><I
->$PASSWD</I
-></TT
+CLASS="ENVAR"
+>PASSWD</TT
 > environment variable. Also, on 
 		many systems the command line of a running process may be seen 
 		via the <B
@@ -561,11 +592,20 @@ CLASS="COMMAND"
 		password used in the connection.  The format of the file is 
 		</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->username = &lt;value&gt; 
-password = &lt;value&gt;
+>username = &#60;value&#62; 
+password = &#60;value&#62;
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Make certain that the permissions on the file restrict 
@@ -587,22 +627,23 @@ CLASS="PARAMETER"
 		</I
 ></TT
 > option may be useful if your NetBIOS names don't 
-		match your tcp/ip dns host names or if you are trying to reach a 
+		match your TCP/IP DNS host names or if you are trying to reach a 
 		host on another network. </P
 ></DD
 ><DT
 >-t terminal code</DT
 ><DD
 ><P
->This option tells smbclient how to interpret 
+>This option tells <B
+CLASS="COMMAND"
+>smbclient</B
+> how to interpret 
 		filenames coming from the remote server. Usually Asian language 
 		multibyte UNIX implementations use different character sets than 
-		SMB/CIFS servers (<I
-CLASS="EMPHASIS"
->EUC</I
-> instead of <I
-CLASS="EMPHASIS"
->		SJIS</I
+		SMB/CIFS servers (<EM
+>EUC</EM
+> instead of <EM
+>		SJIS</EM
 > for example). Setting this parameter will let 
 		<B
 CLASS="COMMAND"
@@ -768,7 +809,7 @@ CLASS="PARAMETER"
 >r</I
 ></TT
 > - Regular expression include
-			or exclude.  Uses regular  regular expression matching for 
+			or exclude.  Uses regular  expression matching for 
 			excluding or excluding files if  compiled with HAVE_REGEX_H. 
 			However this mode can be very slow. If  not compiled with 
 			HAVE_REGEX_H, does a limited wildcard match on '*' and  '?'. 
@@ -816,9 +857,8 @@ CLASS="PARAMETER"
 ></LI
 ></UL
 ><P
-><I
-CLASS="EMPHASIS"
->Tar Long File Names</I
+><EM
+>Tar Long File Names</EM
 ></P
 ><P
 ><B
@@ -827,30 +867,34 @@ CLASS="COMMAND"
 >'s tar option now supports long 
 		file names both on backup and restore. However, the full path 
 		name of the file must be less than 1024 bytes.  Also, when
-		a tar archive is created, smbclient's tar option places all 
+		a tar archive is created, <B
+CLASS="COMMAND"
+>smbclient</B
+>'s tar option places all 
 		files in the archive with relative names, not absolute names. 
 		</P
 ><P
-><I
-CLASS="EMPHASIS"
->Tar Filenames</I
+><EM
+>Tar Filenames</EM
 ></P
 ><P
 >All file names can be given as DOS path names (with '\' 
 		as the component separator) or as UNIX path names (with '/' as 
 		the component separator). </P
 ><P
-><I
-CLASS="EMPHASIS"
->Examples</I
+><EM
+>Examples</EM
 ></P
 ><P
->Restore from tar file backup.tar into myshare on mypc 
+>Restore from tar file <TT
+CLASS="FILENAME"
+>backup.tar</TT
+> into myshare on mypc 
 		(no password on share). </P
 ><P
 ><B
 CLASS="COMMAND"
->smbclient //mypc/myshare "" -N -Tx backup.tar
+>smbclient //mypc/yshare "" -N -Tx backup.tar
 		</B
 ></P
 ><P
@@ -906,7 +950,7 @@ CLASS="COMMAND"
 >-c command string</DT
 ><DD
 ><P
->command string is a semicolon separated list of 
+>command string is a semicolon-separated list of 
 		commands to be executed instead of prompting from stdin. <TT
 CLASS="PARAMETER"
 ><I
@@ -931,7 +975,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN297"
+NAME="AEN311"
 ></A
 ><H2
 >OPERATIONS</H2
@@ -941,7 +985,7 @@ NAME="AEN297"
 ><P
 ><TT
 CLASS="PROMPT"
->smb:\&gt; </TT
+>smb:\&#62; </TT
 ></P
 ><P
 >The backslash ("\") indicates the current working directory 
@@ -961,7 +1005,7 @@ CLASS="PROMPT"
 ><P
 >Parameters shown in square brackets (e.g., "[parameter]") are 
 	optional.  If not given, the command will use suitable defaults. Parameters 
-	shown in angle brackets (e.g., "&lt;parameter&gt;") are required.
+	shown in angle brackets (e.g., "&#60;parameter&#62;") are required.
 	</P
 ><P
 >Note that all commands operating on the server are actually 
@@ -979,7 +1023,12 @@ CLASS="VARIABLELIST"
 >? [command]</DT
 ><DD
 ><P
->If "command" is specified, the ? command will display 
+>If <TT
+CLASS="REPLACEABLE"
+><I
+>command</I
+></TT
+> is specified, the ? command will display 
 		a brief informative message about the specified command.  If no 
 		command is specified, a list of available commands will
 		be displayed. </P
@@ -988,7 +1037,12 @@ CLASS="VARIABLELIST"
 >! [shell command]</DT
 ><DD
 ><P
->If "shell command" is specified, the !  
+>If <TT
+CLASS="REPLACEABLE"
+><I
+>shell command</I
+></TT
+> is specified, the !  
 		command will execute a shell locally and run the specified shell 
 		command. If no command is specified, a local shell will be run. 
 		</P
@@ -1006,18 +1060,28 @@ CLASS="VARIABLELIST"
 		directory on the server will be reported. </P
 ></DD
 ><DT
->del &lt;mask&gt;</DT
+>del &#60;mask&#62;</DT
 ><DD
 ><P
 >The client will request that the server attempt 
-		to delete all files matching "mask" from the current working 
+		to delete all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> from the current working 
 		directory on the server. </P
 ></DD
 ><DT
->dir &lt;mask&gt;</DT
+>dir &#60;mask&#62;</DT
 ><DD
 ><P
->A list of the files matching "mask" in the current 
+>A list of the files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> in the current 
 		working directory on the server will be retrieved from the server 
 		and displayed. </P
 ></DD
@@ -1029,12 +1093,18 @@ CLASS="VARIABLELIST"
 		from the program. </P
 ></DD
 ><DT
->get &lt;remote file name&gt; [local file name]</DT
+>get &#60;remote file name&#62; [local file name]</DT
 ><DD
 ><P
->Copy the file called "remote file name" from 
+>Copy the file called <TT
+CLASS="FILENAME"
+>remote file name</TT
+> from 
 		the server to the machine running the client. If specified, name 
-		the local copy "local file name".  Note that all transfers in 
+		the local copy <TT
+CLASS="FILENAME"
+>local file name</TT
+>.  Note that all transfers in 
 		<B
 CLASS="COMMAND"
 >smbclient</B
@@ -1051,7 +1121,12 @@ CLASS="COMMAND"
 >lcd [directory name]</DT
 ><DD
 ><P
->If "directory name" is specified, the current 
+>If <TT
+CLASS="REPLACEABLE"
+><I
+>directory name</I
+></TT
+> is specified, the current 
 		working directory on the local machine will be changed to 
 		the directory specified. This operation will fail if for any 
 		reason the specified directory is inaccessible. </P
@@ -1073,13 +1148,13 @@ CLASS="COMMAND"
 		lowercase filenames are the norm on UNIX systems. </P
 ></DD
 ><DT
->ls &lt;mask&gt;</DT
+>ls &#60;mask&#62;</DT
 ><DD
 ><P
 >See the dir command above. </P
 ></DD
 ><DT
->mask &lt;mask&gt;</DT
+>mask &#60;mask&#62;</DT
 ><DD
 ><P
 >This command allows the user to set up a mask 
@@ -1105,45 +1180,71 @@ CLASS="COMMAND"
 		mask back to "*" after using the mget or mput commands. </P
 ></DD
 ><DT
->md &lt;directory name&gt;</DT
+>md &#60;directory name&#62;</DT
 ><DD
 ><P
 >See the mkdir command. </P
 ></DD
 ><DT
->mget &lt;mask&gt;</DT
+>mget &#60;mask&#62;</DT
 ><DD
 ><P
->Copy all files matching mask from the server to 
+>Copy all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> from the server to 
 		the machine running the client. </P
 ><P
->Note that mask is interpreted differently during recursive 
+>Note that <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> is interpreted differently during recursive 
 		operation and non-recursive operation - refer to the recurse and 
 		mask commands for more information. Note that all transfers in 
-		smbclient are binary. See also the lowercase command. </P
+		<B
+CLASS="COMMAND"
+>smbclient</B
+> are binary. See also the lowercase command. </P
 ></DD
 ><DT
->mkdir &lt;directory name&gt;</DT
+>mkdir &#60;directory name&#62;</DT
 ><DD
 ><P
 >Create a new directory on the server (user access 
 		privileges permitting) with the specified name. </P
 ></DD
 ><DT
->mput &lt;mask&gt;</DT
+>mput &#60;mask&#62;</DT
 ><DD
 ><P
->Copy all files matching mask in the current working 
+>Copy all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> in the current working 
 		directory on the local machine to the current working directory on 
 		the server. </P
 ><P
->Note that mask is interpreted differently during recursive 
+>Note that <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> is interpreted differently during recursive 
 		operation and non-recursive operation - refer to the recurse and mask 
-		commands for more information. Note that all transfers in smbclient 
+		commands for more information. Note that all transfers in <B
+CLASS="COMMAND"
+>smbclient</B
+> 
 		are binary. </P
 ></DD
 ><DT
->print &lt;file name&gt;</DT
+>print &#60;file name&#62;</DT
 ><DD
 ><P
 >Print the specified file from the local machine 
@@ -1152,7 +1253,7 @@ CLASS="COMMAND"
 >See also the printmode command.</P
 ></DD
 ><DT
->printmode &lt;graphics or text&gt;</DT
+>printmode &#60;graphics or text&#62;</DT
 ><DD
 ><P
 >Set the print mode to suit either binary data 
@@ -1172,13 +1273,22 @@ CLASS="COMMAND"
 		</P
 ></DD
 ><DT
->put &lt;local file name&gt; [remote file name]</DT
+>put &#60;local file name&#62; [remote file name]</DT
 ><DD
 ><P
->Copy the file called "local file name" from the 
+>Copy the file called <TT
+CLASS="FILENAME"
+>local file name</TT
+> from the 
 		machine running the client to the server. If specified,
-		name the remote copy "remote file name". Note that all transfers 
-		in smbclient are binary. See also the lowercase command. 
+		name the remote copy <TT
+CLASS="FILENAME"
+>remote file name</TT
+>. Note that all transfers 
+		in <B
+CLASS="COMMAND"
+>smbclient</B
+> are binary. See also the lowercase command. 
 		</P
 ></DD
 ><DT
@@ -1195,7 +1305,7 @@ CLASS="COMMAND"
 >See the exit command. </P
 ></DD
 ><DT
->rd &lt;directory name&gt;</DT
+>rd &#60;directory name&#62;</DT
 ><DD
 ><P
 >See the rmdir command. </P
@@ -1220,21 +1330,26 @@ CLASS="COMMAND"
 		using the mask command will be ignored. </P
 ></DD
 ><DT
->rm &lt;mask&gt;</DT
+>rm &#60;mask&#62;</DT
 ><DD
 ><P
->Remove all files matching mask from the current 
+>Remove all files matching <TT
+CLASS="REPLACEABLE"
+><I
+>mask</I
+></TT
+> from the current 
 		working directory on the server. </P
 ></DD
 ><DT
->rmdir &lt;directory name&gt;</DT
+>rmdir &#60;directory name&#62;</DT
 ><DD
 ><P
 >Remove the specified directory (user access 
 		privileges permitting) from the server. </P
 ></DD
 ><DT
->tar &lt;c|x&gt;[IXbgNa]</DT
+>tar &#60;c|x&#62;[IXbgNa]</DT
 ><DD
 ><P
 >Performs a tar operation - see the <TT
@@ -1250,15 +1365,20 @@ CLASS="PARAMETER"
 		</P
 ></DD
 ><DT
->blocksize &lt;blocksize&gt;</DT
+>blocksize &#60;blocksize&#62;</DT
 ><DD
 ><P
 >Blocksize. Must be followed by a valid (greater 
 		than zero) blocksize. Causes tar file to be written out in 
-		blocksize*TBLOCK (usually 512 byte) blocks. </P
+		<TT
+CLASS="REPLACEABLE"
+><I
+>blocksize</I
+></TT
+>*TBLOCK (usually 512 byte) blocks. </P
 ></DD
 ><DT
->tarmode &lt;full|inc|reset|noreset&gt;</DT
+>tarmode &#60;full|inc|reset|noreset&#62;</DT
 ><DD
 ><P
 >Changes tar's behavior with regard to archive 
@@ -1269,7 +1389,7 @@ CLASS="PARAMETER"
 		read/write share). </P
 ></DD
 ><DT
->setmode &lt;filename&gt; &lt;perm=[+|\-]rsha&gt;</DT
+>setmode &#60;filename&#62; &#60;perm=[+|\-]rsha&#62;</DT
 ><DD
 ><P
 >A version of the DOS attrib command to set 
@@ -1288,7 +1408,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN446"
+NAME="AEN478"
 ></A
 ><H2
 >NOTES</H2
@@ -1309,26 +1429,22 @@ NAME="AEN446"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN451"
+NAME="AEN483"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
 ><P
 >The variable <TT
-CLASS="PARAMETER"
-><I
->$USER</I
-></TT
+CLASS="ENVAR"
+>USER</TT
 > may contain the 
 	username of the person  using the client. This information is 
 	used only if the protocol  level is high enough to support 
 	session-level passwords.</P
 ><P
 >The variable <TT
-CLASS="PARAMETER"
-><I
->$PASSWD</I
-></TT
+CLASS="ENVAR"
+>PASSWD</TT
 > may contain 
 	the password of the person using the client.  This information is 
 	used only if the protocol level is high enough to support 
@@ -1337,7 +1453,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN457"
+NAME="AEN489"
 ></A
 ><H2
 >INSTALLATION</H2
@@ -1355,9 +1471,8 @@ CLASS="FILENAME"
 >	/usr/samba/bin/</TT
 > directory, this directory readable 
 	by all, writeable only by root. The client program itself should 
-	be executable by all. The client should <I
-CLASS="EMPHASIS"
->NOT</I
+	be executable by all. The client should <EM
+>NOT</EM
 > be 
 	setuid or setgid! </P
 ><P
@@ -1369,14 +1484,14 @@ CLASS="EMPHASIS"
 CLASS="COMMAND"
 >smbd(8)
 	</B
-> an ordinary user - running that server as a daemon 
+> as an ordinary user - running that server as a daemon 
 	on a user-accessible port (typically any port number over 1024)
 	would provide a suitable test server. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN467"
+NAME="AEN499"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -1392,7 +1507,7 @@ NAME="AEN467"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN471"
+NAME="AEN503"
 ></A
 ><H2
 >VERSION</H2
@@ -1403,7 +1518,7 @@ NAME="AEN471"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN474"
+NAME="AEN506"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html
index c8cb14ccd31..7136d3e981e 100644
--- a/docs/htmldocs/smbcontrol.1.html
+++ b/docs/htmldocs/smbcontrol.1.html
@@ -14,7 +14,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="FINDSMB"
+NAME="SMBCONTROL"
 >smbcontrol</A
 ></H1
 ><DIV
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html
index 33af0242e5d..f5ce9b78fd8 100644
--- a/docs/htmldocs/smbd.8.html
+++ b/docs/htmldocs/smbd.8.html
@@ -36,7 +36,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbd</B
->  [-D] [-a] [-o] [-P] [-h] [-V] [-d &lt;debug level&gt;] [-l &lt;log file&gt;] [-p &lt;port number&gt;] [-O &lt;socket option&gt;] [-s &lt;configuration file&gt;]</P
+>  [-D] [-a] [-o] [-P] [-h] [-V] [-d &#60;debug level&#62;] [-l &#60;log file&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -98,12 +98,15 @@ CLASS="FILENAME"
 	can force a reload by sending a SIGHUP to the server.  Reloading 
 	the configuration file will not affect connections to any service 
 	that is already established.  Either the user will have to 
-	disconnect from the service, or smbd killed and restarted.</P
+	disconnect from the service, or <B
+CLASS="COMMAND"
+>smbd</B
+> killed and restarted.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN35"
+NAME="AEN36"
 ></A
 ><H2
 >OPTIONS</H2
@@ -120,9 +123,12 @@ CLASS="VARIABLELIST"
 		the server to operate as a daemon. That is, it detaches 
 		itself and runs in the background, fielding requests 
 		on the appropriate port. Operating the server as a
-		daemon is the recommended way of running smbd for 
+		daemon is the recommended way of running <B
+CLASS="COMMAND"
+>smbd</B
+> for 
 		servers that provide more than casual use file and 
-		print services.  This switch is assumed is <B
+		print services.  This switch is assumed if <B
 CLASS="COMMAND"
 >smbd
 		</B
@@ -153,7 +159,10 @@ CLASS="COMMAND"
 >-P</DT
 ><DD
 ><P
->Passive option. Causes smbd not to 
+>Passive option. Causes <B
+CLASS="COMMAND"
+>smbd</B
+> not to 
 		send any network traffic out. Used for debugging by 
 		the developers only.</P
 ></DD
@@ -178,10 +187,15 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
->-d &lt;debug level&gt;</DT
+>-d &#60;debug level&#62;</DT
 ><DD
 ><P
->debuglevel is an integer 
+><TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is an integer 
 		from 0 to 10.  The default value if this parameter is 
 		not specified is zero.</P
 ><P
@@ -214,12 +228,14 @@ CLASS="FILENAME"
 > file.</P
 ></DD
 ><DT
->-l &lt;log file&gt;</DT
+>-l &#60;log file&#62;</DT
 ><DD
 ><P
->If specified, <I
-CLASS="EMPHASIS"
+>If specified, <TT
+CLASS="REPLACEABLE"
+><I
 >log file</I
+></TT
 > 
 		specifies a log filename into which informational and debug 
 		messages from the running server will be logged. The log 
@@ -240,7 +256,7 @@ CLASS="FILENAME"
 		file name is specified at compile time.</P
 ></DD
 ><DT
->-O &lt;socket options&gt;</DT
+>-O &#60;socket options&#62;</DT
 ><DD
 ><P
 >See the <A
@@ -259,10 +275,15 @@ CLASS="FILENAME"
 > file for details.</P
 ></DD
 ><DT
->-p &lt;port number&gt;</DT
+>-p &#60;port number&#62;</DT
 ><DD
 ><P
->port number is a positive integer 
+><TT
+CLASS="REPLACEABLE"
+><I
+>port number</I
+></TT
+> is a positive integer 
 		value.  The default value if this parameter is not 
 		specified is 139.</P
 ><P
@@ -285,7 +306,7 @@ CLASS="FILENAME"
 		in the above situation.</P
 ></DD
 ><DT
->-s &lt;configuration file&gt;</DT
+>-s &#60;configuration file&#62;</DT
 ><DD
 ><P
 >The file specified contains the 
@@ -310,7 +331,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN104"
+NAME="AEN109"
 ></A
 ><H2
 >FILES</H2
@@ -408,7 +429,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN137"
+NAME="AEN142"
 ></A
 ><H2
 >LIMITATIONS</H2
@@ -427,7 +448,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN141"
+NAME="AEN146"
 ></A
 ><H2
 >ENVIRONMENTVARIABLES</H2
@@ -437,12 +458,18 @@ NAME="AEN141"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->PRINTER</DT
+><TT
+CLASS="ENVAR"
+>PRINTER</TT
+></DT
 ><DD
 ><P
 >If no printer name is specified to 
 		printable services, most systems will use the value of 
-		this variable (or lp if this variable is 
+		this variable (or <TT
+CLASS="CONSTANT"
+>lp</TT
+> if this variable is 
 		not defined) as the name of the printer to use. This 
 		is not specific to the server, however.</P
 ></DD
@@ -452,7 +479,7 @@ CLASS="VARIABLELIST"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN148"
+NAME="AEN155"
 ></A
 ><H2
 >INSTALLATION</H2
@@ -470,10 +497,16 @@ CLASS="FILENAME"
 	program itself should be executable by all, as users may wish to 
 	run the server themselves (in which case it will of course run 
 	with their privileges).  The server should NOT be setuid. On some 
-	systems it may be worthwhile to make smbd setgid to an empty group. 
+	systems it may be worthwhile to make <B
+CLASS="COMMAND"
+>smbd</B
+> setgid to an empty group. 
 	This is because some systems may have a security hole where daemon 
 	processes that become a user can be attached to with a debugger. 
-	Making the smbd file setgid to an empty group may prevent
+	Making the <B
+CLASS="COMMAND"
+>smbd</B
+> file setgid to an empty group may prevent
 	this hole from being exploited. This security hole and the suggested
 	fix has only been confirmed on old versions (pre-kernel 2.0) of Linux
 	at the time this was written. It is possible that this hole only
@@ -568,20 +601,18 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN179"
+NAME="AEN188"
 ></A
 ><H2
 >RUNNING THE SERVER AS A DAEMON</H2
 ><P
 >To run the server as a daemon from the command 
-	line, simply put the <I
-CLASS="EMPHASIS"
->-D</I
+	line, simply put the <EM
+>-D</EM
 > option on the 
 	command line. There is no need to place an ampersand at 
-	the end of the command line - the <I
-CLASS="EMPHASIS"
->-D</I
+	the end of the command line - the <EM
+>-D</EM
 > 
 	option causes the server to detach itself from the tty 
 	anyway.</P
@@ -617,16 +648,15 @@ CLASS="COMMAND"
 	as a single space or TAB character.)</P
 ><P
 >If the options used at compile time are appropriate for 
-	your system, all parameters except <I
-CLASS="EMPHASIS"
->-D</I
+	your system, all parameters except <EM
+>-D</EM
 > may 
 	be omitted. See the section OPTIONS above.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN192"
+NAME="AEN201"
 ></A
 ><H2
 >RUNNING THE SERVER ON REQUEST</H2
@@ -635,7 +665,10 @@ NAME="AEN192"
 CLASS="COMMAND"
 >inetd
 	</B
->, you can arrange to have the smbd server started 
+>, you can arrange to have the <B
+CLASS="COMMAND"
+>smbd</B
+> server started 
 	whenever a process attempts to connect to it. This requires several 
 	changes to the startup files on the host machine. If you are 
 	experimenting as an ordinary user rather than as root, you will 
@@ -727,6 +760,12 @@ CLASS="FILENAME"
 >Lastly, edit the configuration file to provide suitable 
 	services. To start with, the following two services should be 
 	all you need:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >	<TT
@@ -742,6 +781,9 @@ CLASS="COMPUTEROUTPUT"
 	</TT
 >
 	</PRE
+></TD
+></TR
+></TABLE
 ><P
 >This will allow you to connect to your home directory 
 	and print to any printer supported by the host (user privileges 
@@ -750,7 +792,52 @@ CLASS="COMPUTEROUTPUT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN223"
+NAME="AEN233"
+></A
+><H2
+>PAM INTERACTION</H2
+><P
+>Samba uses PAM for authentication (when presented with a plaintext 
+	password), for account checking (is this account disabled?) and for
+	session management.  The degree too which samba supports PAM is restricted
+	by the limitations of the SMB protocol and the 
+	<A
+HREF="smb.conf.5.html#OBEYPAMRESRICTIONS"
+TARGET="_top"
+>obey pam restricions</A
+>
+	smb.conf paramater.  When this is set, the following restrictions apply:
+	</P
+><P
+></P
+><UL
+><LI
+><P
+><EM
+>Account Validation</EM
+>:  All acccesses to a 
+	samba server are checked 
+	against PAM to see if the account is vaild, not disabled and is permitted to 
+	login at this time.  This also applies to encrypted logins.
+	</P
+></LI
+><LI
+><P
+><EM
+>Session Management</EM
+>:  When not using share 
+	level secuirty, users must pass PAM's session checks before access 
+	is granted.  Note however, that this is bypassed in share level secuirty.  
+	Note also that some older pam configuration files may need a line 
+	added for session support. 
+	</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN244"
 ></A
 ><H2
 >TESTING THE INSTALLATION</H2
@@ -764,8 +851,18 @@ CLASS="COMMAND"
 > will reread their configuration
 	tables if they receive a HUP signal.</P
 ><P
->If your machine's name is fred and your 
-	name is mary, you should now be able to connect 
+>If your machine's name is <TT
+CLASS="REPLACEABLE"
+><I
+>fred</I
+></TT
+> and your 
+	name is <TT
+CLASS="REPLACEABLE"
+><I
+>mary</I
+></TT
+>, you should now be able to connect 
 	to the service <TT
 CLASS="FILENAME"
 >\\fred\mary</TT
@@ -798,7 +895,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN235"
+NAME="AEN258"
 ></A
 ><H2
 >VERSION</H2
@@ -809,7 +906,7 @@ NAME="AEN235"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN238"
+NAME="AEN261"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -832,46 +929,63 @@ NAME="AEN238"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN243"
+NAME="AEN266"
 ></A
 ><H2
 >SIGNALS</H2
 ><P
->Sending the smbd a SIGHUP will cause it to 
-	re-load its <TT
+>Sending the <B
+CLASS="COMMAND"
+>smbd</B
+> a SIGHUP will cause it to 
+	reload its <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > configuration 
 	file within a short period of time.</P
 ><P
->To shut down a users smbd process it is recommended 
+>To shut down a user's <B
+CLASS="COMMAND"
+>smbd</B
+> process it is recommended 
 	that <B
 CLASS="COMMAND"
 >SIGKILL (-9)</B
-> <I
-CLASS="EMPHASIS"
->NOT</I
+> <EM
+>NOT</EM
 > 
 	be used, except as a last resort, as this may leave the shared
 	memory area in an inconsistent state. The safe way to terminate 
-	an smbd is to send it a SIGTERM (-15) signal and wait for 
+	an <B
+CLASS="COMMAND"
+>smbd</B
+> is to send it a SIGTERM (-15) signal and wait for 
 	it to die on its own.</P
 ><P
->The debug log level of smbd may be raised by sending 
+>The debug log level of <B
+CLASS="COMMAND"
+>smbd</B
+> may be raised by sending 
 	it a SIGUSR1 (<B
 CLASS="COMMAND"
->kill -USR1 &lt;smbd-pid&gt;</B
+>kill -USR1 &#60;smbd-pid&#62;</B
 >)
 	and lowered by sending it a SIGUSR2 (<B
 CLASS="COMMAND"
->kill -USR2 &lt;smbd-pid&gt;
+>kill -USR2 &#60;smbd-pid&#62;
 	</B
 >). This is to allow transient problems to be diagnosed, 
 	whilst still running at a normally low log level.</P
 ><P
 >Note that as the signal handlers send a debug write, 
-	they are not re-entrant in smbd. This you should wait until 
-	smbd is in a state of waiting for an incoming smb before 
+	they are not re-entrant in <B
+CLASS="COMMAND"
+>smbd</B
+>. This you should wait until 
+	<B
+CLASS="COMMAND"
+>smbd</B
+> is in a state of waiting for an incoming SMB before 
 	issuing them. It is possible to make the signal handlers safe 
 	by un-blocking the signals before the select call and re-blocking 
 	them after, however this would affect performance.</P
@@ -879,7 +993,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN254"
+NAME="AEN283"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -945,7 +1059,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN271"
+NAME="AEN300"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbmnt.8.html b/docs/htmldocs/smbmnt.8.html
index 88a28b8a696..6546b7c7070 100644
--- a/docs/htmldocs/smbmnt.8.html
+++ b/docs/htmldocs/smbmnt.8.html
@@ -36,7 +36,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbmnt</B
->  {mount-point} [-s &lt;share&gt;] [-r] [-u &lt;uid&gt;] [-g &lt;gid&gt;] [-f &lt;mask&gt;] [-d &lt;mask&gt;] [-o &lt;options&gt;]</P
+>  {mount-point} [-s &#60;share&#62;] [-r] [-u &#60;uid&#62;] [-g &#60;gid&#62;] [-f &#60;mask&#62;] [-d &#60;mask&#62;] [-o &#60;options&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -55,7 +55,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbmnt</B
 > is meant to be installed setuid root 
-	so that normal users can mount their smb shares. It checks 
+	so that normal users can mount their SMB shares. It checks 
 	whether the user has write permissions on the mount point and 
 	then mounts the directory.</P
 ><P
@@ -125,7 +125,7 @@ CLASS="VARIABLELIST"
 ><DD
 ><P
 >		list of options that are passed as-is to smbfs, if this
-		command is run on a 2.4 or higher linux kernel.
+		command is run on a 2.4 or higher Linux kernel.
 		</P
 ></DD
 ></DL
diff --git a/docs/htmldocs/smbmount.8.html b/docs/htmldocs/smbmount.8.html
index ba07f08ed47..721397312ae 100644
--- a/docs/htmldocs/smbmount.8.html
+++ b/docs/htmldocs/smbmount.8.html
@@ -60,21 +60,32 @@ CLASS="COMMAND"
 > command when using the 
 	"-t smb" option. The kernel must support the smbfs filesystem. </P
 ><P
->Options to smbmount are specified as a comma separated
+>Options to <B
+CLASS="COMMAND"
+>smbmount</B
+> are specified as a comma-separated
 	list of key=value pairs. It is possible to send options other
 	than those listed here, assuming that smbfs supports them. If
 	you get mount failures, check your kernel log for errors on
 	unknown options.</P
 ><P
->smbmount is a daemon. After mounting it keeps running until
+><B
+CLASS="COMMAND"
+>smbmount</B
+> is a daemon. After mounting it keeps running until
 	the mounted smbfs is umounted. It will log things that happen
 	when in daemon mode using the "machine name" smbmount, so
-	typically this output will end up in log.smbmount. The
-	smbmount process may also be called mount.smbfs.</P
+	typically this output will end up in <TT
+CLASS="FILENAME"
+>log.smbmount</TT
+>. The
+	<B
+CLASS="COMMAND"
+>smbmount</B
+> process may also be called mount.smbfs.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > <B
 CLASS="COMMAND"
 >smbmount</B
@@ -92,7 +103,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN27"
+NAME="AEN31"
 ></A
 ><H2
 >OPTIONS</H2
@@ -102,7 +113,7 @@ NAME="AEN27"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->username=&lt;arg&gt;</DT
+>username=&#60;arg&#62;</DT
 ><DD
 ><P
 >specifies the username to connect as. If
@@ -115,7 +126,7 @@ CLASS="ENVAR"
 		to be specified as part of the username.</P
 ></DD
 ><DT
->password=&lt;arg&gt;</DT
+>password=&#60;arg&#62;</DT
 ><DD
 ><P
 >specifies the SMB password. If this
@@ -130,36 +141,55 @@ CLASS="COMMAND"
 > will prompt
 		for a passeword, unless the guest option is
 		given. </P
+><P
+>		Note that password which contain the arguement delimiter
+		character (i.e. a comma ',') will failed to be parsed correctly
+		on the command line.  However, the same password defined
+		in the PASSWD environment variable or a credentials file (see
+		below) will be read correctly.
+		</P
 ></DD
 ><DT
->credentials=&lt;filename&gt;</DT
+>credentials=&#60;filename&#62;</DT
 ><DD
 ><P
 >specifies a file that contains a username
 		and/or password. The format of the file is:</P
 ><P
->		<PRE
+>		<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
 CLASS="PROGRAMLISTING"
->		username = &lt;value&gt;
-		password = &lt;value&gt;
+>		username = &#60;value&#62;
+		password = &#60;value&#62;
 		</PRE
+></TD
+></TR
+></TABLE
 >
 		</P
 ><P
 >This is preferred over having passwords in plaintext in a
-		shared file, such as /etc/fstab. Be sure to protect any
+		shared file, such as <TT
+CLASS="FILENAME"
+>/etc/fstab</TT
+>. Be sure to protect any
 		credentials file properly.
 		</P
 ></DD
 ><DT
->netbiosname=&lt;arg&gt;</DT
+>netbiosname=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the source NetBIOS name. It defaults 
 		to the local hostname. </P
 ></DD
 ><DT
->uid=&lt;arg&gt;</DT
+>uid=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the uid that will own all files on
@@ -168,7 +198,7 @@ CLASS="PROGRAMLISTING"
 		</P
 ></DD
 ><DT
->gid=&lt;arg&gt;</DT
+>gid=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the gid that will own all files on
@@ -177,14 +207,14 @@ CLASS="PROGRAMLISTING"
 		gid. </P
 ></DD
 ><DT
->port=&lt;arg&gt;</DT
+>port=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the remote SMB port number. The default 
 		is 139. </P
 ></DD
 ><DT
->fmask=&lt;arg&gt;</DT
+>fmask=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the file mask. This determines the 
@@ -192,35 +222,35 @@ CLASS="PROGRAMLISTING"
 		The default is based on the current umask. </P
 ></DD
 ><DT
->dmask=&lt;arg&gt;</DT
+>dmask=&#60;arg&#62;</DT
 ><DD
 ><P
->sets the directory mask. This deterines the 
+>sets the directory mask. This determines the 
 		permissions that remote directories have in the local filesystem. 
 		The default is based on the current umask. </P
 ></DD
 ><DT
->debug=&lt;arg&gt;</DT
+>debug=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the debug level. This is useful for 
 		tracking down SMB connection problems. </P
 ></DD
 ><DT
->ip=&lt;arg&gt;</DT
+>ip=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the destination host or IP address.
 		</P
 ></DD
 ><DT
->workgroup=&lt;arg&gt;</DT
+>workgroup=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the workgroup on the destination </P
 ></DD
 ><DT
->sockopt=&lt;arg&gt;</DT
+>sockopt=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the TCP socket options. See the <A
@@ -240,7 +270,7 @@ CLASS="PARAMETER"
 		</P
 ></DD
 ><DT
->scope=&lt;arg&gt;</DT
+>scope=&#60;arg&#62;</DT
 ><DD
 ><P
 >sets the NetBIOS scope </P
@@ -264,17 +294,17 @@ CLASS="PARAMETER"
 >mount read-write </P
 ></DD
 ><DT
->iocharset=&lt;arg&gt;</DT
+>iocharset=&#60;arg&#62;</DT
 ><DD
 ><P
->		sets the charset used by the linux side for codepage
+>		sets the charset used by the Linux side for codepage
 		to charset translations (NLS). Argument should be the
 		name of a charset, like iso8859-1. (Note: only kernel
 		2.4.0 or later)
 		</P
 ></DD
 ><DT
->codepage=&lt;arg&gt;</DT
+>codepage=&#60;arg&#62;</DT
 ><DD
 ><P
 >		sets the codepage the server uses. See the iocharset
@@ -283,7 +313,7 @@ CLASS="PARAMETER"
 		</P
 ></DD
 ><DT
->ttl=&lt;arg&gt;</DT
+>ttl=&#60;arg&#62;</DT
 ><DD
 ><P
 >		how long a directory listing is cached in milliseconds
@@ -303,7 +333,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN119"
+NAME="AEN125"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
@@ -330,12 +360,12 @@ CLASS="ENVAR"
 >PASSWD_FILE</TT
 > may contain the pathname of
 	a file to read the password from. A single line of input is
-	read and used as password.</P
+	read and used as the password.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN127"
+NAME="AEN133"
 ></A
 ><H2
 >BUGS</H2
@@ -355,7 +385,7 @@ NAME="AEN127"
 ></LI
 ></UL
 ><P
->Note that the typical response to a bugreport is suggestion
+>Note that the typical response to a bug report is suggestion
 	to try the latest version first. So please try doing that first,
 	and always include which versions you use of relevant software
 	when reporting bugs (minimum: samba, kernel, distribution)</P
@@ -363,7 +393,7 @@ NAME="AEN127"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN134"
+NAME="AEN140"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -374,7 +404,7 @@ NAME="AEN134"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN137"
+NAME="AEN143"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html
index 4ec7b7c86a3..1f862b66114 100644
--- a/docs/htmldocs/smbpasswd.5.html
+++ b/docs/htmldocs/smbpasswd.5.html
@@ -101,9 +101,9 @@ CLASS="VARIABLELIST"
 >Lanman Password Hash</DT
 ><DD
 ><P
->This is the LANMAN hash of the users password, 
+>This is the LANMAN hash of the user's password, 
 		encoded as 32 hex digits.  The LANMAN hash is created by DES 
-		encrypting a well known string with the users password as the 
+		encrypting a well known string with the user's password as the 
 		DES key. This is the same password used by Windows 95/98 machines. 
 		Note that this password hash is regarded as weak as it is
 		vulnerable to dictionary attacks and if two users choose the 
@@ -111,27 +111,24 @@ CLASS="VARIABLELIST"
 		is not "salted" as the UNIX password is). If the user has a 
 		null password this field will contain the characters "NO PASSWORD" 
 		as the start of the hex string. If the hex string is equal to 
-		32 'X' characters then the users account is marked as 
+		32 'X' characters then the user's account is marked as 
 		<TT
 CLASS="CONSTANT"
 >disabled</TT
 > and the user will not be able to 
 		log onto the Samba server. </P
 ><P
-><I
-CLASS="EMPHASIS"
->WARNING !!</I
+><EM
+>WARNING !!</EM
 > Note that, due to 
 		the challenge-response nature of the SMB/CIFS authentication
 		protocol, anyone with a knowledge of this password hash will 
 		be able to impersonate the user on the network. For this
-		reason these hashes are known as <I
-CLASS="EMPHASIS"
+		reason these hashes are known as <EM
 >plain text 
-		equivalents</I
-> and must <I
-CLASS="EMPHASIS"
->NOT</I
+		equivalents</EM
+> and must <EM
+>NOT</EM
 > be made 
 		available to anyone but the root user. To protect these passwords 
 		the smbpasswd file is placed in a directory with read and 
@@ -143,33 +140,30 @@ CLASS="EMPHASIS"
 >NT Password Hash</DT
 ><DD
 ><P
->This is the Windows NT hash of the users 
+>This is the Windows NT hash of the user's 
 		password, encoded as 32 hex digits.  The Windows NT hash is 
-		created by taking the users password as represented in 
+		created by taking the user's password as represented in 
 		16-bit, little-endian UNICODE and then applying the MD4 
 		(internet rfc1321) hashing algorithm to it. </P
 ><P
 >This password hash is considered more secure than
-		the Lanman Password Hash as it preserves the case of the 
+		the LANMAN Password Hash as it preserves the case of the 
 		password and uses a much higher quality hashing algorithm. 
 		However, it is still the case that if two users choose the same 
 		password this entry will be identical (i.e. the password is 
 		not "salted" as the UNIX password is). </P
 ><P
-><I
-CLASS="EMPHASIS"
->WARNING !!</I
+><EM
+>WARNING !!</EM
 >. Note that, due to 
 		the challenge-response nature of the SMB/CIFS authentication
 		protocol, anyone with a knowledge of this password hash will 
 		be able to impersonate the user on the network. For this
-		reason these hashes are known as <I
-CLASS="EMPHASIS"
+		reason these hashes are known as <EM
 >plain text 
-		equivalents</I
-> and must <I
-CLASS="EMPHASIS"
->NOT</I
+		equivalents</EM
+> and must <EM
+>NOT</EM
 > be made 
 		available to anyone but the root user. To protect these passwords 
 		the smbpasswd file is placed in a directory with read and 
@@ -192,9 +186,8 @@ CLASS="EMPHASIS"
 ><UL
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->U</I
+><EM
+>U</EM
 > - This means 
 			this is a "User" account, i.e. an ordinary user. Only User 
 			and Workstation Trust accounts are currently supported 
@@ -202,11 +195,10 @@ CLASS="EMPHASIS"
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->N</I
+><EM
+>N</EM
 > - This means the
-			account has no password (the passwords in the fields Lanman 
+			account has no password (the passwords in the fields LANMAN 
 			Password Hash and NT Password Hash are ignored). Note that this 
 			will only allow users to log on with no password if the <TT
 CLASS="PARAMETER"
@@ -225,18 +217,16 @@ CLASS="FILENAME"
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->D</I
+><EM
+>D</EM
 > - This means the account 
 			is disabled and no SMB/CIFS logins  will be	allowed for 
 			this user. </P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->W</I
+><EM
+>W</EM
 > - This means this account 
 			is a "Workstation Trust" account. This kind of account is used 
 			in the Samba PDC code stream to allow Windows NT Workstations 
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html
index bb3eb7ca47d..f48754163b9 100644
--- a/docs/htmldocs/smbpasswd.8.html
+++ b/docs/htmldocs/smbpasswd.8.html
@@ -24,7 +24,7 @@ NAME="AEN5"
 ></A
 ><H2
 >Name</H2
->smbpasswd&nbsp;--&nbsp;change a users SMB password</DIV
+>smbpasswd&nbsp;--&nbsp;change a user's SMB password</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
@@ -36,7 +36,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbpasswd</B
->  [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &lt;remote machine&gt;] [-R &lt;name resolve order&gt;] [-m] [-j DOMAIN] [-U username] [-h] [-s] [username]</P
+>  [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &#60;remote machine&#62;] [-R &#60;name resolve order&#62;] [-m] [-j DOMAIN] [-U username] [-h] [-s] [username]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -53,16 +53,15 @@ TARGET="_top"
 > suite.</P
 ><P
 >The smbpasswd program has several different 
-	functions, depending on whether it is run by the <I
-CLASS="EMPHASIS"
->root</I
+	functions, depending on whether it is run by the <EM
+>root</EM
 > 
 	user or not. When run as a normal user it allows the user to change 
 	the password used for their SMB sessions on any machines that store 
 	SMB passwords. </P
 ><P
 >By default (when run with no arguments) it will attempt to 
-	change the current users SMB password on the local machine. This is 
+	change the current user's SMB password on the local machine. This is 
 	similar to the way the <B
 CLASS="COMMAND"
 >passwd(1)</B
@@ -71,9 +70,8 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbpasswd</B
 > differs from how the passwd program works 
-	however in that it is not <I
-CLASS="EMPHASIS"
->setuid root</I
+	however in that it is not <EM
+>setuid root</EM
 > but works in 
 	a client-server mode and communicates with a locally running
 	<B
@@ -88,12 +86,12 @@ CLASS="FILENAME"
 > file. </P
 ><P
 >When run by an ordinary user with no options. smbpasswd 
-	will prompt them for their old smb password and then ask them 
+	will prompt them for their old SMB password and then ask them 
 	for their new password twice, to ensure that the new password
 	was typed correctly. No passwords will be echoed on the screen 
-	whilst being typed. If you have a blank smb password (specified by 
+	whilst being typed. If you have a blank SMB password (specified by 
 	the string "NO PASSWORD" in the smbpasswd file) then just press 
-	the &lt;Enter&gt; key when asked for your old password. </P
+	the &#60;Enter&#62; key when asked for your old password. </P
 ><P
 >smbpasswd can also be used by a normal user to change their
 	SMB password on remote machines, such as Windows NT Primary Domain 
@@ -127,7 +125,7 @@ CLASS="VARIABLELIST"
 ><P
 >This option specifies that the username 
 		following should be added to the local smbpasswd file, with the 
-		new password typed (type &lt;Enter&gt; for the old password). This 
+		new password typed (type &#60;Enter&#62; for the old password). This 
 		option is ignored if the username following already exists in 
 		the smbpasswd file and it is treated like a regular change 
 		password command. Note that the user to be added must already exist 
@@ -169,7 +167,7 @@ CLASS="CONSTANT"
 		will fail. </P
 ><P
 >If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
-		format) there is no space in the users password entry to write
+		format) there is no space in the user's password entry to write
 		this information and so the user is disabled by writing 'X' characters 
 		into the password space in the smbpasswd file. See <B
 CLASS="COMMAND"
@@ -219,7 +217,7 @@ CLASS="COMMAND"
 ><DD
 ><P
 ><TT
-CLASS="PARAMETER"
+CLASS="REPLACEABLE"
 ><I
 >debuglevel</I
 ></TT
@@ -303,9 +301,8 @@ CLASS="PARAMETER"
 		copy of the user account database and will not allow the password 
 		change).</P
 ><P
-><I
-CLASS="EMPHASIS"
->Note</I
+><EM
+>Note</EM
 > that Windows 95/98 do not have 
 		a real password database so it is not possible to change passwords 
 		specifying a Win95/98  machine as remote machine target. </P
@@ -503,7 +500,7 @@ CLASS="COMMAND"
 ><DD
 ><P
 >This option causes smbpasswd to be silent (i.e. 
-		not issue prompts) and to read it's old and new passwords from 
+		not issue prompts) and to read its old and new passwords from 
 		standard  input, rather than from <TT
 CLASS="FILENAME"
 >/dev/tty</TT
@@ -519,9 +516,8 @@ CLASS="COMMAND"
 ><DD
 ><P
 >This specifies the username for all of the 
-		<I
-CLASS="EMPHASIS"
->root only</I
+		<EM
+>root only</EM
 > options to operate on. Only root 
 		can specify this parameter as only root has the permission needed 
 		to modify attributes directly in the local smbpasswd file. 
diff --git a/docs/htmldocs/smbsh.1.html b/docs/htmldocs/smbsh.1.html
index 1264e241ba4..3f1b704d388 100644
--- a/docs/htmldocs/smbsh.1.html
+++ b/docs/htmldocs/smbsh.1.html
@@ -67,7 +67,7 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >rcp</B
 >. You must use a 
-	shell that is dynmanically linked in order for <B
+	shell that is dynamically linked in order for <B
 CLASS="COMMAND"
 >smbsh</B
 > 
@@ -83,6 +83,12 @@ CLASS="COMMAND"
 	that authenticate you to the machine running the Windows NT 
 	operating system.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >	<TT
@@ -113,6 +119,9 @@ CLASS="USERINPUT"
 ></TT
 >
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Any dynamically linked command you execute from 
@@ -127,7 +136,7 @@ CLASS="COMMAND"
 > will show all the machines in your workgroup. The command 
 	<B
 CLASS="COMMAND"
->ls /smb/&lt;machine-name&gt;</B
+>ls /smb/&#60;machine-name&#62;</B
 > will show the share 
 	names for that machine. You could then, for example, use the <B
 CLASS="COMMAND"
diff --git a/docs/htmldocs/smbspool.8.html b/docs/htmldocs/smbspool.8.html
index 321cc5d8d62..254abe9a9de 100644
--- a/docs/htmldocs/smbspool.8.html
+++ b/docs/htmldocs/smbspool.8.html
@@ -14,7 +14,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="FINDSMB"
+NAME="SMBSPOOL"
 >smbspool</A
 ></H1
 ><DIV
@@ -24,7 +24,7 @@ NAME="AEN5"
 ></A
 ><H2
 >Name</H2
->nmblookup&nbsp;--&nbsp;send print file to an SMB printer</DIV
+>smbspool&nbsp;--&nbsp;send print file to an SMB printer</DIV
 ><DIV
 CLASS="REFSYNOPSISDIV"
 ><A
@@ -58,9 +58,8 @@ TARGET="_top"
 	Printing System, but you can use smbspool with any printing system 
 	or from a program or script.</P
 ><P
-><I
-CLASS="EMPHASIS"
->DEVICE URI</I
+><EM
+>DEVICE URI</EM
 ></P
 ><P
 >smbspool specifies the destination using a Uniform Resource 
@@ -90,10 +89,8 @@ CLASS="EMPHASIS"
 ><P
 >smbspool tries to get the URI from argv[0]. If argv[0] 
 	contains the name of the program then it looks in the <TT
-CLASS="PARAMETER"
-><I
->	DEVICE_URI</I
-></TT
+CLASS="ENVAR"
+>	DEVICE_URI</TT
 > environment variable.</P
 ><P
 >Programs using the <B
@@ -102,10 +99,8 @@ CLASS="COMMAND"
 > functions can 
 	pass the URI in argv[0], while shell scripts must set the 
 	<TT
-CLASS="PARAMETER"
-><I
->DEVICE_URI</I
-></TT
+CLASS="ENVAR"
+>DEVICE_URI</TT
 > environment variable prior to
 	running smbspool.</P
 ></DIV
diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html
index b31437afea3..1d3dc9f952a 100644
--- a/docs/htmldocs/smbstatus.1.html
+++ b/docs/htmldocs/smbstatus.1.html
@@ -14,7 +14,7 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="FINDSMB"
+NAME="SMBSTATUS"
 >smbstatus</A
 ></H1
 ><DIV
@@ -36,7 +36,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbstatus</B
->  [-P] [-b] [-d] [-L] [-p] [-S] [-s &lt;configuration file&gt;] [-u &lt;username&gt;]</P
+>  [-P] [-b] [-d] [-L] [-p] [-S] [-s &#60;configuration file&#62;] [-u &#60;username&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -117,7 +117,7 @@ CLASS="COMMAND"
 >causes smbstatus to only list shares.</P
 ></DD
 ><DT
->-s &lt;configuration file&gt;</DT
+>-s &#60;configuration file&#62;</DT
 ><DD
 ><P
 >The default configuration file name is
@@ -133,7 +133,7 @@ CLASS="FILENAME"
 > for more information.</P
 ></DD
 ><DT
->-u &lt;username&gt;</DT
+>-u &#60;username&#62;</DT
 ><DD
 ><P
 >selects information relevant to 
diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html
index 5e13ef3577c..47c41a015a9 100644
--- a/docs/htmldocs/smbtar.1.html
+++ b/docs/htmldocs/smbtar.1.html
@@ -253,9 +253,8 @@ NAME="AEN106"
 ><H2
 >DIAGNOSTICS</H2
 ><P
->See the <I
-CLASS="EMPHASIS"
->DIAGNOSTICS</I
+>See the <EM
+>DIAGNOSTICS</EM
 > section for the 
 	<A
 HREF="smbclient.1.html"
diff --git a/docs/htmldocs/smbumount.8.html b/docs/htmldocs/smbumount.8.html
index 0a26e720945..68929fd5f91 100644
--- a/docs/htmldocs/smbumount.8.html
+++ b/docs/htmldocs/smbumount.8.html
@@ -51,7 +51,7 @@ NAME="AEN12"
 CLASS="COMMAND"
 >smbumount</B
 > has 
-	been written to give normal linux-users more control over their 
+	been written to give normal Linux users more control over their 
 	resources. It is safe to install this program suid root, because only 
 	the user who has mounted a filesystem is allowed to unmount it again.  
 	For root it is not necessary to use smbumount. The normal umount 
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
index f91366b1d6f..386fe5bc7af 100644
--- a/docs/htmldocs/swat.8.html
+++ b/docs/htmldocs/swat.8.html
@@ -35,8 +35,8 @@ NAME="AEN8"
 ><P
 ><B
 CLASS="COMMAND"
->nmblookup</B
->  [-s &lt;smb config file&gt;] [-a]</P
+>swat</B
+>  [-s &#60;smb config file&#62;] [-a]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -68,15 +68,24 @@ CLASS="FILENAME"
 CLASS="COMMAND"
 >swat</B
 > configuration page has help links 
-	to all the configurable options in the smb.conf file allowing an 
+	to all the configurable options in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file allowing an 
 	administrator to easily look up the effects of any change. </P
 ><P
->swat is run from inetd </P
+><B
+CLASS="COMMAND"
+>swat</B
+> is run from <B
+CLASS="COMMAND"
+>inetd</B
+> </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN23"
+NAME="AEN26"
 ></A
 ><H2
 >OPTIONS</H2
@@ -95,7 +104,10 @@ CLASS="VARIABLELIST"
 CLASS="COMMAND"
 >smbd
 		</B
-> server. This is the file that swat will modify. 
+> server. This is the file that <B
+CLASS="COMMAND"
+>swat</B
+> will modify. 
 		The information in this file includes server-specific 
 		information such as what printcap file to use, as well as 
 		descriptions of all the services that the server is to provide.
@@ -110,13 +122,18 @@ CLASS="FILENAME"
 ><DD
 ><P
 >This option disables authentication and puts 
-		swat in demo mode. In that mode anyone will be able to modify 
-		the smb.conf file. </P
+		<B
+CLASS="COMMAND"
+>swat</B
+> in demo mode. In that mode anyone will be able to modify 
+		the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file. </P
 ><P
-><I
-CLASS="EMPHASIS"
+><EM
 >Do NOT enable this option on a production 
-		server. </I
+		server. </EM
 ></P
 ></DD
 ></DL
@@ -125,7 +142,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN38"
+NAME="AEN44"
 ></A
 ><H2
 >INSTALLATION</H2
@@ -159,7 +176,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN50"
+NAME="AEN56"
 ></A
 ><H3
 >Inetd Installation</H3
@@ -172,7 +189,10 @@ CLASS="FILENAME"
 CLASS="FILENAME"
 >/etc/services</TT
 >
-		to enable SWAT to be launched via inetd.</P
+		to enable SWAT to be launched via <B
+CLASS="COMMAND"
+>inetd</B
+>.</P
 ><P
 >In <TT
 CLASS="FILENAME"
@@ -229,15 +249,15 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT2"
 ><A
-NAME="AEN71"
+NAME="AEN78"
 ></A
 ><H3
 >Launching</H3
 ><P
->To launch swat just run your favorite web browser and 
+>To launch SWAT just run your favorite web browser and 
 		point it at "http://localhost:901/".</P
 ><P
->Note that you can attach to swat from any IP connected 
+>Note that you can attach to SWAT from any IP connected 
 		machine but connecting from a remote machine leaves your 
 		connection open to password sniffing as passwords will be sent 
 		in the clear over the wire. </P
@@ -246,7 +266,7 @@ NAME="AEN71"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN75"
+NAME="AEN82"
 ></A
 ><H2
 >FILES</H2
@@ -304,7 +324,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN96"
+NAME="AEN103"
 ></A
 ><H2
 >WARNINGS</H2
@@ -336,7 +356,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN104"
+NAME="AEN111"
 ></A
 ><H2
 >VERSION</H2
@@ -347,7 +367,7 @@ NAME="AEN104"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN107"
+NAME="AEN114"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -374,7 +394,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN114"
+NAME="AEN121"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html
index d1a1e4333a5..bae907c687a 100644
--- a/docs/htmldocs/testparm.1.html
+++ b/docs/htmldocs/testparm.1.html
@@ -37,7 +37,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >testparm</B
->  [-s] [-h] [-L &lt;servername&gt;] {config filename} [hostname  hostIP]</P
+>  [-s] [-h] [-L &#60;servername&#62;] {config filename} [hostname  hostIP]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -68,9 +68,8 @@ CLASS="COMMAND"
 	</B
 > will successfully load the configuration file.</P
 ><P
->Note that this is <I
-CLASS="EMPHASIS"
->NOT</I
+>Note that this is <EM
+>NOT</EM
 > a guarantee that 
 	the services specified in the configuration file will be 
 	available or will operate as expected. </P
@@ -126,7 +125,12 @@ CLASS="COMMAND"
 >-L servername</DT
 ><DD
 ><P
->Sets the value of the %L macro to servername.
+>Sets the value of the %L macro to <TT
+CLASS="REPLACEABLE"
+><I
+>servername</I
+></TT
+>.
 		This is useful for testing include files specified with the 
 		%L macro. </P
 ></DD
@@ -147,7 +151,10 @@ CLASS="FILENAME"
 ><DD
 ><P
 >If this parameter and the following are 
-		specified, then testparm will examine the <TT
+		specified, then <B
+CLASS="COMMAND"
+>testparm</B
+> will examine the <TT
 CLASS="PARAMETER"
 ><I
 >hosts
@@ -185,7 +192,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN64"
+NAME="AEN66"
 ></A
 ><H2
 >FILES</H2
@@ -214,13 +221,13 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN73"
+NAME="AEN75"
 ></A
 ><H2
 >DIAGNOSTICS</H2
 ><P
 >The program will issue a message saying whether the 
-	configuration file loaded OK or not. This message may be preceeded by 
+	configuration file loaded OK or not. This message may be preceded by 
 	errors and warnings if the file did not load. If the file was 
 	loaded OK, the program then dumps all known service details 
 	to stdout. </P
@@ -228,7 +235,7 @@ NAME="AEN73"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN76"
+NAME="AEN78"
 ></A
 ><H2
 >VERSION</H2
@@ -239,7 +246,7 @@ NAME="AEN76"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN79"
+NAME="AEN81"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -265,7 +272,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN86"
+NAME="AEN88"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/testprns.1.html b/docs/htmldocs/testprns.1.html
index 94ab41c98d4..4929415da02 100644
--- a/docs/htmldocs/testprns.1.html
+++ b/docs/htmldocs/testprns.1.html
@@ -163,11 +163,11 @@ NAME="AEN48"
 >DIAGNOSTICS</H2
 ><P
 >If a printer is found to be valid, the message 
-	"Printer name &lt;printername&gt; is valid" will be 
+	"Printer name &#60;printername&#62; is valid" will be 
 	displayed. </P
 ><P
 >If a printer is found to be invalid, the message
-	"Printer name &lt;printername&gt; is not valid" will be 
+	"Printer name &#60;printername&#62; is not valid" will be 
 	displayed. </P
 ><P
 >All messages that would normally be logged during
diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html
index 2787f514c07..129d0459e1f 100644
--- a/docs/htmldocs/wbinfo.1.html
+++ b/docs/htmldocs/wbinfo.1.html
@@ -243,13 +243,16 @@ NAME="AEN88"
 CLASS="COMMAND"
 >winbindd(8)
 	</B
-> daemon is not working wbinfo will always return 
+> daemon is not working <B
+CLASS="COMMAND"
+>wbinfo</B
+> will always return 
 	failure. </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN92"
+NAME="AEN93"
 ></A
 ><H2
 >VERSION</H2
@@ -261,7 +264,7 @@ NAME="AEN92"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN95"
+NAME="AEN96"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -279,7 +282,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN100"
+NAME="AEN101"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 2f023561edc..447069f17aa 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -1,7 +1,7 @@
 <HTML
 ><HEAD
 ><TITLE
->Unifed Logons between Windows NT and UNIX using Winbind</TITLE
+>Unified Logons between Windows NT and UNIX using Winbind</TITLE
 ><META
 NAME="GENERATOR"
 CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
@@ -20,7 +20,7 @@ CLASS="TITLEPAGE"
 CLASS="TITLE"
 ><A
 NAME="AEN1"
->Unifed Logons between Windows NT and UNIX using Winbind</A
+>Unified Logons between Windows NT and UNIX using Winbind</A
 ></H1
 ><HR></DIV
 ><DIV
@@ -39,7 +39,7 @@ CLASS="EMPHASIS"
 >winbind
 	</I
 >, a component of the Samba suite of programs as a 
-	solution to the unied logon problem. Winbind uses a UNIX implementation 
+	solution to the unified logon problem. Winbind uses a UNIX implementation 
 	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
 	Service Switch to allow Windows NT domain users to appear and operate 
 	as UNIX users on a UNIX machine. This paper describes the winbind 
@@ -70,7 +70,7 @@ NAME="AEN7"
 	can lead to synchronization problems between the UNIX and Windows 
 	systems and confusion for users.</P
 ><P
->We divide the unifed logon problem for UNIX machines into 
+>We divide the unified logon problem for UNIX machines into 
 	three smaller problems:</P
 ><P
 ></P
@@ -97,7 +97,7 @@ NAME="AEN7"
 	information on the UNIX machines and without creating additional 
 	tasks for the system administrator when maintaining users and 
 	groups on either system. The winbind system provides a simple 
-	and elegant solution to all three components of the unifed logon 
+	and elegant solution to all three components of the unified logon 
 	problem.</P
 ></DIV
 ><DIV
@@ -224,7 +224,7 @@ NAME="AEN40"
 >The Name Service Switch, or NSS, is a feature that is 
 		present in many UNIX operating systems. It allows system 
 		information such as hostnames, mail aliases and user information 
-		to be resolved from dierent sources. For example, a standalone 
+		to be resolved from different sources. For example, a standalone 
 		UNIX workstation may resolve system information from a series of 
 		flat files stored on the local lesystem. A networked workstation 
 		may first attempt to resolve system information from local files, 
@@ -253,7 +253,7 @@ CLASS="FILENAME"
 		for a line which matches the service type being requested, for 
 		example the "passwd" service type is used when user or group names 
 		are looked up. This	config line species which implementations 
-		of that service should be tried andin what order. If the passwd 
+		of that service should be tried and in what order. If the passwd 
 		config line is:</P
 ><P
 ><B
@@ -303,7 +303,7 @@ NAME="AEN56"
 >Pluggable Authentication Modules, also known as PAM, 
 		is a system for abstracting authentication and authorization 
 		technologies. With a PAM module it is possible to specify different 
-		authentication methods for dierent system applications without 
+		authentication methods for different system applications without 
 		having to recompile these applications. PAM is also useful
 		for implementing a particular policy for authorization. For example, 
 		a system administrator may only allow console logins from users 
@@ -318,7 +318,7 @@ NAME="AEN56"
 		this change take eect directly on the Primary Domain Controller.
 		</P
 ><P
->PAM is congured by providing control files in the directory 
+>PAM is configured by providing control files in the directory 
 		<TT
 CLASS="FILENAME"
 >/etc/pam.d/</TT
@@ -350,11 +350,11 @@ NAME="AEN64"
 ></H2
 ><P
 >When a user or group is created under Windows NT 
-		is it allocated a numerical relative identier (RID). This is 
-		slightly dierent to UNIX which has a range of numbers which are 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers which are 
 		used to identify users, and the same range in which to identify 
 		groups. It is winbind's job to convert RIDs to UNIX id numbers and
-		vice versa.  When winbind is congured it is given part of the UNIX 
+		vice versa.  When winbind is configured it is given part of the UNIX 
 		user id space and a part of the UNIX group id space in which to 
 		store Windows NT users and groups. If a Windows NT user is 
 		resolved for the first time, it is allocated the next UNIX id from 
@@ -381,7 +381,7 @@ NAME="AEN68"
 		by NT domain controllers.  User or group information returned 
 		by a PDC is cached by winbind along with a sequence number also 
 		returned by the PDC. This sequence number is incremented by 
-		Windows NT whenever any user or group information is modied. If 
+		Windows NT whenever any user or group information is modified. If 
 		a cached entry has expired, the sequence number is requested from 
 		the PDC and compared against the sequence number of the cached entry. 
 		If the sequence numbers do not match, then the cached information 
@@ -415,7 +415,7 @@ CLASS="FILENAME"
 CLASS="COMMAND"
 >winbindd(8)</B
 > man page which will provide you 
-	with conguration information and give you sample conguration files. 
+	with configuration information and give you sample configuration files. 
 	You may also wish to update the main Samba daemons smbd and nmbd) 
 	with a more recent development release, such as the recently
 	announced Samba 2.2 alpha release.</P
diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html
index a98b7a28640..125daccf34c 100644
--- a/docs/htmldocs/winbindd.8.html
+++ b/docs/htmldocs/winbindd.8.html
@@ -37,7 +37,7 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >nmblookup</B
->  [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B &lt;broadcast address&gt;] [-U &lt;unicast address&gt;] [-d &lt;debug level&gt;] [-s &lt;smb config file&gt;] [-i &lt;NetBIOS scope&gt;] [-T] {name}</P
+>  [-d debuglevel] [-i] [-S] [-r] [-A] [-h] [-B &#60;broadcast address&#62;] [-U &#60;unicast address&#62;] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-i &#60;NetBIOS scope&#62;] [-T] {name}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -70,7 +70,10 @@ CLASS="FILENAME"
 	of user and group ids specified by the administrator of the 
 	Samba system.</P
 ><P
->The service provided by winbindd is called `winbind' and 
+>The service provided by <B
+CLASS="COMMAND"
+>winbindd</B
+> is called `winbind' and 
 	can be used to resolve user and group information from a 
 	Windows NT server. The service can also provide authentication
 	services via an associated PAM module. </P
@@ -128,17 +131,26 @@ CLASS="FILENAME"
 > and then from the 
 	Windows NT server. </P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >passwd:         files winbind
 group:          files winbind
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN52"
+NAME="AEN53"
 ></A
 ><H2
 >OPTIONS</H2
@@ -177,7 +189,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN65"
+NAME="AEN66"
 ></A
 ><H2
 >NAME AND ID RESOLUTION</H2
@@ -208,7 +220,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN71"
+NAME="AEN72"
 ></A
 ><H2
 >CONFIGURATION</H2
@@ -243,7 +255,7 @@ CLASS="COMMAND"
 		DOMAIN\username. In some cases this separator character may 
 		cause problems as the '\' character has special meaning in 
 		unix shells.  In that case you can use the winbind separator 
-		option to specify an alternative sepataror character. Good 
+		option to specify an alternative separator character. Good 
 		alternatives may be '/' (although that conflicts
 		with the unix directory separator) or a '+ 'character. 
 		The '+' character appears to be the best choice for 100% 
@@ -267,12 +279,12 @@ CLASS="COMMAND"
 ><P
 >The winbind uid parameter specifies the 
 		range of user ids that are allocated by the winbindd daemon.  
-		This range of ids should have no existing local or nis users 
+		This range of ids should have no existing local or NIS users 
 		within it as strange conflicts can occur otherwise. </P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind uid = &lt;empty string&gt; 
+>winbind uid = &#60;empty string&#62; 
 		</B
 ></P
 ><P
@@ -287,12 +299,12 @@ CLASS="COMMAND"
 ><P
 >The winbind gid parameter specifies the 
 		range of group ids that are allocated by the winbindd daemon.  
-		This range of group ids should have no existing local or nis 
+		This range of group ids should have no existing local or NIS 
 		groups within it as strange conflicts can occur otherwise.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind gid = &lt;empty string&gt;
+>winbind gid = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -310,7 +322,7 @@ CLASS="COMMAND"
 		seconds the winbindd daemon will cache user and group information 
 		before querying a Windows NT server again. When a item in the 
 		cache is older than this time winbindd will ask the domain 
-		controller for the sequence number of the servers account database. 
+		controller for the sequence number of the server's account database. 
 		If the sequence number has not changed then the cached item is 
 		marked as valid for a further <TT
 CLASS="PARAMETER"
@@ -363,11 +375,13 @@ CLASS="COMMAND"
 > system call will not 
 		return any data. </P
 ><P
-><I
-CLASS="EMPHASIS"
->Warning:</I
+><EM
+>Warning:</EM
 > Turning off user enumeration 
-		may cause some programs to behave oddly.  For example, the finger 
+		may cause some programs to behave oddly.  For example, the <B
+CLASS="COMMAND"
+>finger</B
+> 
 		program relies on having access to the full user list when 
 		searching  for matching usernames. </P
 ><P
@@ -404,9 +418,8 @@ CLASS="COMMAND"
 > system 
 		call will not return any data. </P
 ><P
-><I
-CLASS="EMPHASIS"
->Warning:</I
+><EM
+>Warning:</EM
 > Turning off group 
 		enumeration may cause some programs to behave oddly. 
 		</P
@@ -472,7 +485,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN152"
+NAME="AEN154"
 ></A
 ><H2
 >EXAMPLE SETUP</H2
@@ -487,11 +500,20 @@ CLASS="FILENAME"
 > put the 
 	following:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >passwd:     files winbind
 group:      files winbind
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >In <TT
@@ -505,6 +527,12 @@ CLASS="PARAMETER"
 ></TT
 > lines with something like this: </P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >auth       required	/lib/security/pam_securetty.so
@@ -512,6 +540,9 @@ auth       required	/lib/security/pam_nologin.so
 auth       sufficient	/lib/security/pam_winbind.so
 auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Note in particular the use of the <TT
@@ -552,7 +583,7 @@ CLASS="PARAMETER"
 >-U</I
 ></TT
 > can be any Domain 
-	user that has administrator priviliges on the machine. Next from 
+	user that has administrator privileges on the machine. Next from 
 	within <B
 CLASS="COMMAND"
 >samedit</B
@@ -568,7 +599,7 @@ CLASS="COMMAND"
 ><P
 >Next copy <TT
 CLASS="FILENAME"
->libnss_winbind.so.2</TT
+>libnss_winbind.so</TT
 > to 
 	<TT
 CLASS="FILENAME"
@@ -580,11 +611,33 @@ CLASS="FILENAME"
 	to <TT
 CLASS="FILENAME"
 >/lib/security</TT
+>.  A symbolic link needs to be
+	made from <TT
+CLASS="FILENAME"
+>/lib/libnss_winbind.so</TT
+> to
+	<TT
+CLASS="FILENAME"
+>/lib/libnss_winbind.so.2</TT
+>.  If you are using an
+	older version of glibc then the target of the link should be
+	<TT
+CLASS="FILENAME"
+>/lib/libnss_winbind.so.1</TT
 >.</P
 ><P
->Finally, setup a smb.conf containing directives like the 
+>Finally, setup a <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> containing directives like the 
 	following:  </P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
@@ -598,6 +651,9 @@ CLASS="PROGRAMLISTING"
         security = domain
         password server = *
 	</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Now start winbindd and you should find that your user and 
@@ -616,7 +672,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN191"
+NAME="AEN197"
 ></A
 ><H2
 >Notes</H2
@@ -676,7 +732,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN207"
+NAME="AEN213"
 ></A
 ><H2
 >Signals</H2
@@ -727,7 +783,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN224"
+NAME="AEN230"
 ></A
 ><H2
 >Files</H2
@@ -801,19 +857,19 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN253"
+NAME="AEN259"
 ></A
 ><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
 	the Samba suite.  winbindd is however not available in
-	stable release of Samba as of yet.</P
+	the stable release of Samba as of yet.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN256"
+NAME="AEN262"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -841,7 +897,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN263"
+NAME="AEN269"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1
index 24dbc743c5b..381b5116a2e 100644
--- a/docs/manpages/findsmb.1
+++ b/docs/manpages/findsmb.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH FINDSMB 1 "23 Jun 2001" "findsmb 2.2.0a"
+.TH "FINDSMB" "1" "03 May 2001" "" ""
 .SH NAME
 findsmb \- list info about machines that respond to SMB  name queries on a subnet
 .SH SYNOPSIS
@@ -74,7 +74,8 @@ the Samba suite.
 .PP
 \fBnmbd(8)\fR, 
 \fBsmbclient(1)
-\fR.SH "AUTHOR"
+\fR
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
index ba4df3f050f..f960b17d02e 100644
--- a/docs/manpages/lmhosts.5
+++ b/docs/manpages/lmhosts.5
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH LMHOSTS 5 "23 Jun 2001" "lmhosts 2.2.0a"
+.TH "LMHOSTS" "5" "05 July 2001" "" ""
 .SH NAME
 lmhosts \- The Samba NetBIOS hosts file
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ lmhosts \- The Samba NetBIOS hosts file
 \fIlmhosts\fR is the  SambaNetBIOS name to IP address mapping file.
 .SH "DESCRIPTION"
 .PP
-This file is part of the < Sambasuite.
+This file is part of the  Sambasuite.
 .PP
 \fIlmhosts\fR is the \fBSamba
 \fRNetBIOS name to IP address mapping file. It 
@@ -76,7 +76,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fBsmbclient(1)
-\fR.SH "AUTHOR"
+\fR
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1
index bffe6642ace..ef0cb4d2dda 100644
--- a/docs/manpages/make_smbcodepage.1
+++ b/docs/manpages/make_smbcodepage.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH MAKE_SMBCODEPAGE 1 "23 Jun 2001" "make_smbcodepage 2.2.0a"
+.TH "MAKE_SMBCODEPAGE" "1" "03 May 2001" "" ""
 .SH NAME
 make_smbcodepage \- construct a codepage file for Samba
 .SH SYNOPSIS
@@ -29,11 +29,11 @@ This is the codepage we are processing (a
 number, e.g. 850). 
 .TP
 \fBinputfile\fR
-This is the input file to process. In t
-he '\fIc\fR' case this will be a text 
+This is the input file to process. In 
+the \fIc\fR case this will be a text 
 codepage definition file such as the ones found in the Samba 
 \fIsource/codepages\fR directory. In
-the '\fId\fR' case this will be the 
+the \fId\fR case this will be the 
 binary format codepage definition file normally found in 
 the \fIlib/codepages\fR directory in the 
 Samba install directory path.
@@ -124,7 +124,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fBsmbd(8)\fR, 
-smb.conf(5).SH "AUTHOR"
+smb.conf(5)
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1
index be29bb19fb0..77a580dcea9 100644
--- a/docs/manpages/make_unicodemap.1
+++ b/docs/manpages/make_unicodemap.1
@@ -1,100 +1,99 @@
-.TH MAKE_UNICODEMAP 1 "23 Jun 2001" "make_unicodemap 2.2.0a"
-.PP 
-.SH "NAME" 
-make_unicodemap \- Construct a unicode map file for Samba
-.PP 
-.SH "SYNOPSIS" 
-.PP 
-\fBmake_unicodemap\fP codepage inputfile outputfile
-.PP 
-.SH "DESCRIPTION" 
-.PP 
-This program is part of the \fBSamba\fP suite\&.
-.PP 
-\fBmake_unicodemap\fP compiles text unicode map files into binary unicode
-map files for use with the internationalization features of Samba 2\&.0
-.PP 
-.SH "OPTIONS" 
-.PP 
-.IP 
-.IP "codepage" 
-This is the codepage or UNIX character set we are processing (a number, e\&.g\&. 850)\&.
-.IP 
-.IP "inputfile" 
-This is the input file to process\&. This is a text unicode map file
-such as the ones found in the Samba \fIsource/codepages\fP directory\&.
-.IP 
-.IP "outputfile" 
-This is the binary output file to produce\&.
-.IP 
-.PP 
-.SH "Samba Unicode Map Files" 
-.PP 
-A text Samba unicode map file is a description that tells
-Samba how to map characters from a specified DOS code page or UNIX character
-set to 16 bit unicode\&.
-.PP 
-A binary Samba unicode map file is a binary representation of
-the same information, including a value that specifies what codepage
-or UNIX character set this file is describing\&.
-.PP 
-.SH "FILES" 
-.PP 
-\fBCP<codepage>\&.TXT\fP
-.PP 
-These are the input (text) unicode map files provided in the Samba
-\fIsource/codepages\fP directory\&.
-.PP 
-A text unicode map file consists of multiple lines
-containing two fields\&. These fields are : 
-.PP 
-.IP 
-.IP o 
-\fBcharacter\fP: which is the (hex) character mapped on this
-line\&.
-.IP 
-.IP o 
-\fBunicode\fP: which is the (hex) 16 bit unicode character that the
-character will map to\&.
-.IP 
-.PP 
-\fBunicode_map\&.<codepage>\fP These are the output (binary) unicode map files
-produced and placed in the Samba destination \fIlib/codepage\fP
-directory\&.
-.PP 
-.SH "INSTALLATION" 
-.PP 
-The location of the server and its support files is a matter for
-individual system administrators\&. The following are thus suggestions
-only\&.
-.PP 
-It is recommended that the \fBmake_unicodemap\fP program be installed
-under the \fI/usr/local/samba\fP hierarchy, in a directory readable by
-all, writeable only by root\&. The program itself should be executable
-by all\&.  The program should NOT be setuid or setgid!
-.PP 
-.SH "VERSION" 
-.PP 
-This man page is correct for version 2\&.0 of the Samba suite\&.
-.PP 
-.SH "SEE ALSO" 
-.PP 
-\fBsmb\&.conf(5)\fP, \fBsmbd (8)\fP
-.PP 
-.SH "AUTHOR" 
-.PP 
-The original Samba software and related utilities were created by
-Andrew Tridgell samba@samba\&.org\&. Samba is now developed
-by the Samba Team as an Open Source project similar to the way the
-Linux kernel is developed\&.
-.PP 
-The original Samba man pages were written by Karl Auer\&. The man page
-sources were converted to YODL format (another excellent piece of Open
-Source software, available at
-\fBftp://ftp\&.icce\&.rug\&.nl/pub/unix/\fP)
-and updated for the Samba2\&.0 release by Jeremy Allison\&.
-samba@samba\&.org\&.
-.PP 
-See \fBsamba (7)\fP to find out how to get a full
-list of contributors and details on how to submit bug reports,
-comments etc\&.
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
+.\" Please send any bug reports, improvements, comments, patches, 
+.\" etc. to Steve Cheng <steve@ggi-project.org>.
+.TH "MAKE_UNICODEMAP" "1" "22 June 2001" "" ""
+.SH NAME
+make_unicodemap \- construct a unicode map file for Samba
+.SH SYNOPSIS
+.sp
+\fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
+.SH "DESCRIPTION"
+.PP
+This tool is part of the Samba
+suite.
+.PP
+\fBmake_unicodemap\fR compiles text unicode map 
+files into binary unicode map files for use with the 
+internationalization features of Samba 2.2.
+.SH "OPTIONS"
+.TP
+\fBcodepage\fR
+This is the codepage or UNIX character 
+set we are processing (a number, e.g. 850).
+.TP
+\fBinputfile\fR
+This is the input file to process. This is a 
+text unicode map file such as the ones found in the Samba
+\fIsource/codepages\fR directory. 
+.TP
+\fBoutputfile\fR
+This is the binary output file to produce. 
+.SH "SAMBA UNICODE MAP FILES"
+.PP
+A text Samba unicode map file is a description that tells Samba 
+how to map characters from a specified DOS code page or UNIX character 
+set to 16 bit unicode.
+.PP
+A binary Samba unicode map file is a binary representation 
+of the same information, including a value that specifies what 
+codepage or UNIX character set this file is describing. 
+.SH "FILES"
+.PP
+\fICP<codepage>.TXT\fR
+.PP
+These are the input (text) unicode map files provided 
+in the Samba \fIsource/codepages\fR 
+directory. 
+.PP
+A text unicode map file consists of multiple lines 
+containing two fields. These fields are : 
+.TP 0.2i
+\(bu
+\fIcharacter\fR - which is 
+the (hex) character mapped on this line.
+.TP 0.2i
+\(bu
+\fIunicode\fR - which 
+is the (hex) 16 bit unicode character that the character
+will map to. 
+.PP
+\fIunicode_map.<codepage>\fR - These are 
+the output (binary) unicode map files produced and placed in 
+the Samba destination \fIlib/codepage\fR 
+directory.
+.PP
+.SH "INSTALLATION"
+.PP
+The location of the server and its support files is a matter
+for individual system administrators. The following are thus 
+suggestions only. 
+.PP
+It is recommended that the \fBmake_unicodemap\fR 
+program be installed under the 
+\fI$prefix/samba\fR hierarchy, 
+in a directory readable by all, writeable only by root. The 
+program itself should be executable by all. The program
+should NOT be setuid or setgid! 
+.SH "VERSION"
+.PP
+This man page is correct for version 2.2 of 
+the Samba suite.
+.SH "SEE ALSO"
+.PP
+\fBsmbd(8)\fR, 
+smb.conf(5)
+.SH "AUTHOR"
+.PP
+The original Samba software and related utilities 
+were created by Andrew Tridgell. Samba is now developed
+by the Samba Team as an Open Source project similar 
+to the way the Linux kernel is developed.
+.PP
+The original Samba man pages were written by Karl Auer. 
+The man page sources were converted to YODL format (another 
+excellent piece of Open Source software, available at
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
+Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8
index 6b4d7a43a14..851383e5c0a 100644
--- a/docs/manpages/nmbd.8
+++ b/docs/manpages/nmbd.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH NMBD 8 "23 Jun 2001" "nmbd 2.2.0a"
+.TH "NMBD" "8" "22 June 2001" "" ""
 .SH NAME
 nmbd \- NetBIOS name server to provide NetBIOS  over IP naming services to clients
 .SH SYNOPSIS
@@ -15,7 +15,7 @@ This program is part of the Samba suite.
 .PP
 \fBnmbd\fR is a server that understands 
 and can reply to NetBIOS over IP name service requests, like 
-those produced by SMBD/CIFS clients such as Windows 95/98/ME, 
+those produced by SMB/CIFS clients such as Windows 95/98/ME, 
 Windows NT, Windows 2000, and LanManager clients. It also
 participates in the browsing protocols which make up the 
 Windows "Network Neighborhood" view.
@@ -75,7 +75,8 @@ for \fBnmbd\fR.
 NetBIOS lmhosts file. The lmhosts 
 file is a list of NetBIOS names to IP addresses that 
 is loaded by the nmbd server and used via the name 
-resolution mechanism  name resolve orderto resolve any NetBIOS name queries needed by the server. Note 
+resolution mechanism  name resolve order
+to resolve any NetBIOS name queries needed by the server. Note 
 that the contents of this file are \fBNOT\fR 
 used by \fBnmbd\fR to answer any name queries. 
 Adding a line to this file affects name NetBIOS resolution 
@@ -111,7 +112,8 @@ and generate HUGE amounts of log data, most of which is extremely
 cryptic.
 
 Note that specifying this parameter here will override 
-the log levelparameter in the \fI smb.conf\fRfile.
+the log level
+parameter in the \fI smb.conf\fRfile.
 .TP
 \fB-l <log file>\fR
 The -l parameter specifies a path 
@@ -175,17 +177,20 @@ See the section INSTALLATION below.
 .TP
 \fB\fI/usr/local/samba/lib/smb.conf\fB\fR
 This is the default location of the 
-\fIsmb.conf\fRserver configuration file. Other common places that systems 
+\fIsmb.conf\fR
+server configuration file. Other common places that systems 
 install this file are \fI/usr/samba/lib/smb.conf\fR 
 and \fI/etc/smb.conf\fR.
 
 When run as a WINS server (see the 
-wins supportparameter in the \fI smb.conf(5)\fRman page), \fBnmbd\fR 
+wins support
+parameter in the \fI smb.conf(5)\fRman page), \fBnmbd\fR 
 will store the WINS database in the file \fIwins.dat\fR 
 in the \fIvar/locks\fR directory configured under 
 wherever Samba was configured to install itself.
 
-If \fBnmbd\fR is acting as a \fB browse master\fR (see the local masterparameter in the \fI smb.conf(5)\fRman page), \fBnmbd\fR 
+If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master
+parameter in the \fI smb.conf(5)\fRman page), \fBnmbd\fR 
 will store the browsing database in the file \fIbrowse.dat
 \fRin the \fIvar/locks\fR directory
 configured under wherever Samba was configured to install itself.
@@ -198,11 +203,11 @@ The correct way to terminate \fBnmbd\fR is to send it
 a SIGTERM (-15) signal and wait for it to die on its own.
 .PP
 \fBnmbd\fR will accept SIGHUP, which will cause 
-it to dump out it's namelists into the file \fInamelist.debug
+it to dump out its namelists into the file \fInamelist.debug
 \fRin the \fI/usr/local/samba/var/locks\fR 
 directory (or the \fIvar/locks\fR directory configured 
 under wherever Samba was configured to install itself). This will also 
-cause \fBnmbd\fR to dump out it's server database in
+cause \fBnmbd\fR to dump out its server database in
 the \fIlog.nmb\fR file. In addition, the debug log level 
 of nmbd may be raised by sending it a SIGUSR1 (\fBkill -USR1
 <nmbd-pid>\fR) and lowered by sending it a
diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1
index 05fa4762f9f..afc1ec3a107 100644
--- a/docs/manpages/nmblookup.1
+++ b/docs/manpages/nmblookup.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH NMBLOOKUP 1 "23 Jun 2001" "nmblookup 2.2.0a"
+.TH "NMBLOOKUP" "1" "22 June 2001" "" ""
 .SH NAME
 nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS  names
 .SH SYNOPSIS
@@ -44,8 +44,9 @@ Try and bind to UDP port 137 to send and receive UDP
 datagrams. The reason for this option is a bug in Windows 95 
 where it ignores the source port of the requesting packet 
 and only replies to UDP port 137. Unfortunately, on most UNIX 
-systems root privilage is needed to bind to this port, and 
-in addition, if the nmbd(8)daemon is running on this machine it also binds to this port.
+systems root privilege is needed to bind to this port, and 
+in addition, if the nmbd(8)
+daemon is running on this machine it also binds to this port.
 .TP
 \fB-A\fR
 Interpret \fIname\fR as 
@@ -126,7 +127,7 @@ used to query DNS servers). To query a WINS server,
 .PP
 For example, running :
 .PP
-\fBnmblookup -U samba.org -R IRIX#1B'\fR
+\fBnmblookup -U samba.org -R 'IRIX#1B'\fR
 .PP
 would query the WINS server samba.org for the domain 
 master browser (1B name type) for the IRIX workgroup.
@@ -137,7 +138,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fBnmbd(8)\fR, 
-samba(7).SH "AUTHOR"
+samba(7)
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
index ab1639732ab..9dce67898ab 100644
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH RPCCLIENT 1 "23 Jun 2001" "rpcclient 2.2.0a"
+.TH "RPCCLIENT" "1" "22 June 2001" "" ""
 .SH NAME
 rpcclient \- tool for executing client side  MS-RPC functions
 .SH SYNOPSIS
@@ -50,14 +50,15 @@ below))
 \fB-d debuglevel\fR
 set the debuglevel. Debug level 0 is the lowest 
 and 100 being the highest. This should be set to 100 if you are
-planning on submitting a bug report to the Samba team (see BUGS.txt). 
+planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR). 
 .TP
 \fB-h\fR
 Print a summary of command line options.
 .TP
 \fB-l logbasename\fR
-File name for log/debug files. .client will be 
-appended. The log file is never removed by the client.
+File name for log/debug files. The extension 
+\&'.client' will be appended. The log file is never removed 
+by the client.
 .TP
 \fB-N\fR
 instruct \fBrpcclient\fR not to ask 
@@ -73,7 +74,7 @@ Sets the SMB username or username and password.
 
 If %password is not specified, The user will be prompted. The 
 client will first check the \fBUSER\fR environment variable, then the 
-\fBLOGNAME\fR variable and if either exist, the 
+\fBLOGNAME\fR variable and if either exists, the 
 string is uppercased. If these environmental variables are not 
 found, the username GUEST is used. 
 
@@ -93,9 +94,8 @@ it in directly.
 .TP
 \fB-W domain\fR
 Set the SMB domain of the username. This 
-overrides the default domain which is the domain of the 
-server specified with the \fI-S\fR option. 
-If the domain specified is the same as the server's NetBIOS name, 
+overrides the default domain which is the domain defined in 
+smb.conf. If the domain specified is the same as the server's NetBIOS name, 
 it causes the client to log on using the server's local SAM (as 
 opposed to the Domain SAM). 
 .SH "COMMANDS"
@@ -106,10 +106,12 @@ opposed to the Domain SAM).
 \fBlsaquery\fR
 .TP 0.2i
 \(bu
-\fBlookupsids\fR
+\fBlookupsids\fR - Resolve a list 
+of SIDs to usernames.
 .TP 0.2i
 \(bu
-\fBlookupnames\fR
+\fBlookupnames\fR - Resolve s list 
+of usernames to SIDs.
 .TP 0.2i
 \(bu
 \fBenumtrusts\fR
@@ -130,6 +132,18 @@ opposed to the Domain SAM).
 .TP 0.2i
 \(bu
 \fBquerygroupmem\fR
+.TP 0.2i
+\(bu
+\fBqueryaliasmem\fR
+.TP 0.2i
+\(bu
+\fBquerydispinfo\fR
+.TP 0.2i
+\(bu
+\fBquerydominfo\fR
+.TP 0.2i
+\(bu
+\fBenumdomgroups\fR
 .PP
 .PP
 .PP
@@ -180,6 +194,12 @@ and the \fIport\fRmust be a valid port name (see
 \fBenumports\fR.
 .TP 0.2i
 \(bu
+\fBdeldriver\fR - Delete the 
+specified printer driver for all architectures. This
+does not delete the actual driver files from the server,
+only the entry from the server's list of drivers.
+.TP 0.2i
+\(bu
 \fBenumdata\fR - Enumerate all 
 printer setting data stored on the server. On Windows NT clients, 
 these values are stored in the registry, while Samba servers 
@@ -283,7 +303,7 @@ been developed from examining Network traces. No documentation is
 available from the original creators (Microsoft) on how MSRPC over 
 SMB works, or how the individual MSRPC services work. Microsoft's 
 implementation of these services has been demonstrated (and reported) 
-to be... a bit flakey in places. 
+to be... a bit flaky in places. 
 .PP
 The development of Samba's implementation is also a bit rough, 
 and as more of the services are understood, it can even result in 
@@ -304,6 +324,6 @@ by the Samba Team as an Open Source project similar
 to the way the Linux kernel is developed.
 .PP
 The original rpcclient man page was written by Matthew 
-Geddes, Luke Kenneth Casson, and rewriten by Gerald Carter. 
+Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. 
 The conversion to DocBook for Samba 2.2 was done by Gerald 
 Carter.
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
index 2fe48c759c8..666240006ad 100644
--- a/docs/manpages/samba.7
+++ b/docs/manpages/samba.7
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SAMBA 7 "23 Jun 2001" "samba 2.2.0a"
+.TH "SAMBA" "7" "03 May 2001" "" ""
 .SH NAME
 SAMBA \- A Windows SMB/CIFS fileserver for UNIX
 .SH SYNOPSIS
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index a10c40dfac7..6a2f5f6e259 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMB.CONF 5 "23 Jun 2001" "smb.conf 2.2.0a"
+.TH "SMB.CONF" "5" "05 July 2001" "" ""
 .SH NAME
 smb.conf \- The configuration file for the Samba suite
 .SH "SYNOPSIS"
@@ -447,7 +447,7 @@ that is all in upper case and of suitable length, are created
 upper case, or if they are forced to be the "default" 
 case. This option can be use with "preserve case = yes" 
 to permit long filenames to retain their case, while short names 
-are lowered. Default \fByes\fR.
+are lowercased. Default \fByes\fR.
 .PP
 By default, Samba 2.2 has the same semantics as a Windows 
 NT server, in that it is case insensitive but case preserving.
@@ -474,7 +474,7 @@ If the client has previously registered a username
 with the system and now supplies a correct password for that 
 username then the connection is allowed.
 .IP 3. 
-The client's netbios name and any previously 
+The client's NetBIOS name and any previously 
 used user names are checked against the supplied password, if 
 they match then the connection is allowed as the corresponding 
 user.
@@ -503,10 +503,13 @@ Here is a list of all global parameters. See the section of
 each parameter for details. Note that some are synonyms.
 .TP 0.2i
 \(bu
-\fIadd user script\fR
+\fIadd printer command\fR
+.TP 0.2i
+\(bu
+\fIadd share command\fR
 .TP 0.2i
 \(bu
-\fIaddprinter command\fR
+\fIadd user script\fR
 .TP 0.2i
 \(bu
 \fIallow trusted domains\fR
@@ -530,6 +533,9 @@ each parameter for details. Note that some are synonyms.
 \fIchange notify timeout\fR
 .TP 0.2i
 \(bu
+\fIchange share command\fR
+.TP 0.2i
+\(bu
 \fIcharacter set\fR
 .TP 0.2i
 \(bu
@@ -569,10 +575,13 @@ each parameter for details. Note that some are synonyms.
 \fIdefault service\fR
 .TP 0.2i
 \(bu
-\fIdelete user script\fR
+\fIdelete printer command\fR
+.TP 0.2i
+\(bu
+\fIdelete share command\fR
 .TP 0.2i
 \(bu
-\fIdeleteprinter command\fR
+\fIdelete user script\fR
 .TP 0.2i
 \(bu
 \fIdfree command\fR
@@ -584,18 +593,9 @@ each parameter for details. Note that some are synonyms.
 \fIdomain admin group\fR
 .TP 0.2i
 \(bu
-\fIdomain admin users\fR
-.TP 0.2i
-\(bu
-\fIdomain groups\fR
-.TP 0.2i
-\(bu
 \fIdomain guest group\fR
 .TP 0.2i
 \(bu
-\fIdomain guest users\fR
-.TP 0.2i
-\(bu
 \fIdomain logons\fR
 .TP 0.2i
 \(bu
@@ -755,6 +755,9 @@ each parameter for details. Note that some are synonyms.
 \fInull passwords\fR
 .TP 0.2i
 \(bu
+\fIobey pam restrictions\fR
+.TP 0.2i
+\(bu
 \fIoplock break wait time\fR
 .TP 0.2i
 \(bu
@@ -764,6 +767,9 @@ each parameter for details. Note that some are synonyms.
 \fIos2 driver map\fR
 .TP 0.2i
 \(bu
+\fIpam password change\fR
+.TP 0.2i
+\(bu
 \fIpanic action\fR
 .TP 0.2i
 \(bu
@@ -929,9 +935,6 @@ each parameter for details. Note that some are synonyms.
 \fIunix password sync\fR
 .TP 0.2i
 \(bu
-\fIunix realname\fR
-.TP 0.2i
-\(bu
 \fIupdate encrypted\fR
 .TP 0.2i
 \(bu
@@ -1335,48 +1338,7 @@ each parameter for details. Note that some are synonyms.
 \fIwriteable\fR
 .SH "EXPLANATION OF EACH PARAMETER"
 .TP
-\fBadd user script (G)\fR
-This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by smbd(8)
-under special circumstances described below.
-
-Normally, a Samba server requires that UNIX users are 
-created for all users accessing files on this server. For sites 
-that use Windows NT account databases as their primary user database 
-creating these users and keeping the user list in sync with the 
-Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users 
-\fBON DEMAND\fR when a user accesses the Samba server.
-
-In order to use this option, smbdmust be set to \fIsecurity=server\fR or \fI security=domain\fR and \fIadd user script\fR
-must be set to a full pathname for a script that will create a UNIX 
-user given one argument of \fI%u\fR, which expands into 
-the UNIX user name to create.
-
-When the Windows user attempts to access the Samba server, 
-at login (session setup in the SMB protocol) time,  smbdcontacts the \fIpassword server\fR and 
-attempts to authenticate the given user with the given password. If the 
-authentication succeeds then \fBsmbd\fR 
-attempts to find a UNIX user in the UNIX password database to map the 
-Windows user into. If this lookup fails, and \fIadd user script
-\fRis set then \fBsmbd\fR will
-call the specified script \fBAS ROOT\fR, expanding 
-any \fI%u\fR argument to be the user name to create.
-
-If this script successfully creates the user then \fBsmbd
-\fRwill continue on as though the UNIX user
-already existed. In this way, UNIX users are dynamically created to
-match existing Windows NT accounts.
-
-See also \fI security\fR,  \fIpassword server\fR, 
-\fIdelete user 
-script\fR.
-
-Default: \fBadd user script = <empty string>
-\fR
-Example: \fBadd user script = /usr/local/samba/bin/add_user 
-%u\fR
-.TP
-\fBaddprinter command (G)\fR
+\fBadd printer command (G)\fR
 With the introduction of MS-RPC based printing
 support for Windows NT/2000 clients in Samba 2.2, The MS Add
 Printer Wizard (APW) icon is now also available in the 
@@ -1385,14 +1347,15 @@ allows for printers to be add remotely to a Samba or Windows
 NT/2000 print server.
 
 For a Samba host this means that the printer must be 
-physically added to underlying printing system. The \fI addprinter command\fR defines a script to be run which 
+physically added to the underlying printing system. The \fIadd 
+printer command\fR defines a script to be run which 
 will perform the necessary operations for adding the printer
 to the print system and to add the appropriate service definition 
 to the \fIsmb.conf\fR file in order that it can be 
 shared by \fBsmbd(8)\fR
 .
 
-The \fIaddprinter command\fR is
+The \fIadd printer command\fR is
 automatically invoked with the following parameter (in 
 order:
 .RS
@@ -1423,13 +1386,13 @@ only. The remaining fields in the structure are generated from answers
 to the APW questions.
 .PP
 .PP
-Once the \fIaddprinter command\fR has 
+Once the \fIadd printer command\fR has 
 been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to determine if the share defined by the APW
 exists. If the sharename is still invalid, then \fBsmbd
 \fRwill return an ACCESS_DENIED error to the client.
 .PP
 .PP
-See also \fI deleteprinter command\fR, \fIprinting\fR,
+See also \fI delete printer command\fR, \fIprinting\fR,
 \fIshow add
 printer wizard\fR
 .PP
@@ -1440,6 +1403,95 @@ Default: \fBnone\fR
 Example: \fBaddprinter command = /usr/bin/addprinter
 \fR.PP
 .TP
+\fBadd share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIadd share command\fR is used to define an 
+external program or script which will add a new service definition 
+to \fIsmb.conf\fR. In order to successfully 
+execute the \fIadd share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIadd share command\fR with four parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of the new 
+share.
+.TP 0.2i
+\(bu
+\fIpathName\fR - path to an **existing**
+directory on disk.
+.TP 0.2i
+\(bu
+\fIcomment\fR - comment string to associate 
+with the new share.
+.RE
+.PP
+This parameter is only used for add file shares. To add printer shares, 
+see the \fIadd printer 
+command\fR.
+.PP
+.PP
+See also \fIchange share 
+command\fR, \fIdelete share
+command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBadd share command = /usr/local/bin/addshare\fR
+.PP
+.TP
+\fBadd user script (G)\fR
+This is the full pathname to a script that will 
+be run \fBAS ROOT\fR by smbd(8)
+under special circumstances described below.
+
+Normally, a Samba server requires that UNIX users are 
+created for all users accessing files on this server. For sites 
+that use Windows NT account databases as their primary user database 
+creating these users and keeping the user list in sync with the 
+Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users 
+\fBON DEMAND\fR when a user accesses the Samba server.
+
+In order to use this option, smbd
+must be set to \fIsecurity=server\fR or \fI security=domain\fR and \fIadd user script\fR
+must be set to a full pathname for a script that will create a UNIX 
+user given one argument of \fI%u\fR, which expands into 
+the UNIX user name to create.
+
+When the Windows user attempts to access the Samba server, 
+at login (session setup in the SMB protocol) time,  smbdcontacts the \fIpassword server\fR and 
+attempts to authenticate the given user with the given password. If the 
+authentication succeeds then \fBsmbd\fR 
+attempts to find a UNIX user in the UNIX password database to map the 
+Windows user into. If this lookup fails, and \fIadd user script
+\fRis set then \fBsmbd\fR will
+call the specified script \fBAS ROOT\fR, expanding 
+any \fI%u\fR argument to be the user name to create.
+
+If this script successfully creates the user then \fBsmbd
+\fRwill continue on as though the UNIX user
+already existed. In this way, UNIX users are dynamically created to
+match existing Windows NT accounts.
+
+See also \fI security\fR,  \fIpassword server\fR, 
+\fIdelete user 
+script\fR.
+
+Default: \fBadd user script = <empty string>
+\fR
+Example: \fBadd user script = /usr/local/samba/bin/add_user 
+%u\fR
+.TP
 \fBadmin users (S)\fR
 This is a list of users who will be granted 
 administrative privileges on the share. This means that they 
@@ -1460,7 +1512,7 @@ Synonym for  \fIhosts allow\fR.
 This option only takes effect when the \fIsecurity\fR option is set to 
 server or domain. 
 If it is set to no, then attempts to connect to a resource from 
-a domain or workgroup other than the one which smbd is running 
+a domain or workgroup other than the one which smbdis running 
 in will fail, even if that domain is trusted by the remote server 
 doing the authentication.
 
@@ -1477,7 +1529,8 @@ Default: \fBallow trusted domains = yes\fR
 .TP
 \fBannounce as (G)\fR
 This specifies what type of server 
-\fBnmbd\fRwill announce itself as, to a network neighborhood browse 
+\fBnmbd\fR
+will announce itself as, to a network neighborhood browse 
 list. By default this is set to Windows NT. The valid options 
 are : "NT Server" (which can also be written as "NT"), 
 "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, 
@@ -1491,7 +1544,7 @@ Default: \fBannounce as = NT Server\fR
 
 Example: \fBannounce as = Win95\fR
 .TP
-\fBannouce version (G)\fR
+\fBannounce version (G)\fR
 This specifies the major and minor version numbers 
 that nmbd will use when announcing itself as a server. The default 
 is 4.2. Do not change this parameter unless you have a specific 
@@ -1514,7 +1567,7 @@ Default: \fBavailable = yes\fR
 .TP
 \fBbind interfaces only (G)\fR
 This global parameter allows the Samba admin 
-to limit what interfaces on a machine will serve smb requests. If 
+to limit what interfaces on a machine will serve SMB requests. If 
 affects file service smbd(8)and 
 name service nmbd(8)in slightly 
 different ways.
@@ -1536,7 +1589,8 @@ send packets that arrive through any interfaces not listed in the
 does defeat this simple check, however so it must not be used
 seriously as a security feature for \fBnmbd\fR.
 
-For file service it causes smbd(8)to bind only to the interface list given in the  interfaces parameter. This restricts the networks that 
+For file service it causes smbd(8)
+to bind only to the interface list given in the  interfaces parameter. This restricts the networks that 
 \fBsmbd\fR will serve to packets coming in those 
 interfaces. Note that you should not use this parameter for machines 
 that are serving PPP or other intermittent or non-broadcast network 
@@ -1544,7 +1598,8 @@ interfaces as it will not cope with non-permanent interfaces.
 
 If \fIbind interfaces only\fR is set then 
 unless the network address \fB127.0.0.1\fR is added 
-to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fRand \fBswat(8)\fRmay 
+to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR
+and \fBswat(8)\fRmay 
 not work as expected due to the reasons covered below.
 
 To change a users SMB password, the \fBsmbpasswd\fR
@@ -1577,7 +1632,7 @@ cannot be immediately satisfied, Samba 2.2 will internally
 queue the lock request, and periodically attempt to obtain 
 the lock until the timeout period expires.
 
-If this parameter is set to False, then 
+If this parameter is set to false, then 
 Samba 2.2 will behave as previous versions of Samba would and 
 will fail the lock request immediately if the lock range 
 cannot be obtained.
@@ -1624,8 +1679,54 @@ Example: \fBchange notify timeout = 300\fR
 
 Would change the scan time to every 5 minutes.
 .TP
+\fBchange share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIchange share command\fR is used to define an 
+external program or script which will modify an existing service definition 
+in \fIsmb.conf\fR. In order to successfully 
+execute the \fIchange share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIchange share command\fR with four parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of the new 
+share.
+.TP 0.2i
+\(bu
+\fIpathName\fR - path to an **existing**
+directory on disk.
+.TP 0.2i
+\(bu
+\fIcomment\fR - comment string to associate 
+with the new share.
+.RE
+.PP
+This parameter is only used modify existing file shares definitions. To modify 
+printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+.PP
+.PP
+See also \fIadd share
+command\fR, \fIdelete 
+share command\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBchange share command = /usr/local/bin/addshare\fR
+.PP
+.TP
 \fBcharacter set (G)\fR
-This allows a smbd to map incoming filenames 
+This allows smbdto map incoming filenames 
 from a DOS Code page (see the client 
 code page parameter) to several built in UNIX character sets. 
 The built in code page translations are:
@@ -1696,7 +1797,8 @@ the code page. The default for USA MS-DOS, Windows 95, and
 Windows NT releases is code page 437. The default for western 
 European releases of the above operating systems is code page 850.
 
-This parameter tells smbd(8)which of the \fIcodepage.XXX
+This parameter tells smbd(8)
+which of the \fIcodepage.XXX
 \fRfiles to dynamically load on startup. These files,
 described more fully in the manual page  \fBmake_smbcodepage(1)\fR, tell \fB smbd\fR how to map lower to upper case characters to provide 
 the case insensitivity of filenames that Windows clients expect.
@@ -1901,6 +2003,10 @@ create mode\fR parameter for forcing particular mode
 bits to be set on created files. See also the  \fIdirectory mode"\fR parameter for masking 
 mode bits on created directories. See also the  \fIinherit permissions\fR parameter.
 
+Note that this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+a mask on access control lists also, they need to set the \fIsecurity mask\fR.
+
 Default: \fBcreate mask = 0744\fR
 
 Example: \fBcreate mask = 0775\fR
@@ -1973,15 +2079,7 @@ effect.
 Default: \fBdebug uid = no\fR
 .TP
 \fBdebuglevel (G)\fR
-The value of the parameter (an integer) allows 
-the debug level (logging level) to be specified in the 
-\fIsmb.conf\fR file. This is to give greater 
-flexibility in the configuration of the system.
-
-The default will be the debug level specified on 
-the command line or level zero if none was specified.
-
-Example: \fBdebug level = 3\fR
+Synonym for \fI log level\fR.
 .TP
 \fBdefault (G)\fR
 A synonym for \fI default service\fR.
@@ -2025,6 +2123,33 @@ Example:
 .sp
 .fi
 .TP
+\fBdelete printer command (G)\fR
+With the introduction of MS-RPC based printer
+support for Windows NT/2000 clients in Samba 2.2, it is now 
+possible to delete printer at run time by issuing the 
+DeletePrinter() RPC call.
+
+For a Samba host this means that the printer must be 
+physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which 
+will perform the necessary operations for removing the printer
+from the print system and from \fIsmb.conf\fR.
+
+The \fIdelete printer command\fR is 
+automatically called with only one parameter: \fI "printer name"\fR.
+
+Once the \fIdelete printer command\fR has 
+been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. 
+If the sharename is still valid, then \fBsmbd
+\fRwill return an ACCESS_DENIED error to the client.
+
+See also \fI add printer command\fR, \fIprinting\fR,
+\fIshow add
+printer wizard\fR
+
+Default: \fBnone\fR
+
+Example: \fBdeleteprinter command = /usr/bin/removeprinter
+\fR.TP
 \fBdelete readonly (S)\fR
 This parameter allows readonly files to be deleted. 
 This is not normal DOS semantics, but is allowed by UNIX.
@@ -2035,6 +2160,45 @@ permissions, and DOS semantics prevent deletion of a read only file.
 
 Default: \fBdelete readonly = no\fR
 .TP
+\fBdelete share command (G)\fR
+Samba 2.2.0 introduced the ability to dynamically 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
+\fIdelete share command\fR is used to define an 
+external program or script which will remove an existing service 
+definition from \fIsmb.conf\fR. In order to successfully 
+execute the \fIdelete share command\fR, \fBsmbd\fR
+requires that the administrator be connected using a root account (i.e. 
+uid == 0).
+
+When executed, \fBsmbd\fR will automatically invoke the 
+\fIdelete share command\fR with two parameters.
+.RS
+.TP 0.2i
+\(bu
+\fIconfigFile\fR - the location 
+of the global \fIsmb.conf\fR file. 
+.TP 0.2i
+\(bu
+\fIshareName\fR - the name of 
+the existing service.
+.RE
+.PP
+This parameter is only used to remove file shares. To delete printer shares, 
+see the \fIdelete printer 
+command\fR.
+.PP
+.PP
+See also \fIdelete share
+command\fR, \fIchange 
+share\fR.
+.PP
+.PP
+Default: \fBnone\fR
+.PP
+.PP
+Example: \fBdelete share command = /usr/local/bin/delshare\fR
+.PP
+.TP
 \fBdelete user script (G)\fR
 This is the full pathname to a script that will 
 be run \fBAS ROOT\fR by  \fBsmbd(8)\fRunder special circumstances 
@@ -2088,42 +2252,15 @@ Default: \fBdelete user script = <empty string>
 Example: \fBdelete user script = /usr/local/samba/bin/del_user 
 %u\fR
 .TP
-\fBdeleteprinter command (G)\fR
-With the introduction of MS-RPC based printer
-support for Windows NT/2000 clients in Samba 2.2, it is now 
-possible to delete printer at run time by issuing the 
-DeletePrinter() RPC call.
-
-For a Samba host this means that the printer must be 
-physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which 
-will perform the necessary operations for removing the printer
-from the print system and from \fIsmb.conf\fR.
-
-The \fIdeleteprinter command\fR is 
-automatically called with only one parameter: \fI "printer name"\fR.
-
-Once the \fIdeleteprinter command\fR has 
-been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. 
-If the sharename is still valid, then \fBsmbd
-\fRwill return an ACCESS_DENIED error to the client.
-
-See also \fI addprinter command\fR, \fIprinting\fR,
-\fIshow add
-printer wizard\fR
-
-Default: \fBnone\fR
-
-Example: \fBdeleteprinter command = /usr/bin/removeprinter
-\fR.TP
 \fBdelete veto files (S)\fR
 This option is used when Samba is attempting to 
 delete a directory that contains one or more vetoed directories 
 (see the \fIveto files\fR
-option). If this option is set to False (the default) then if a vetoed 
+option). If this option is set to false (the default) then if a vetoed 
 directory contains any non-vetoed files or directories then the 
 directory delete will fail. This is usually what you want.
 
-If this option is set to True, then Samba 
+If this option is set to true, then Samba 
 will attempt to recursively delete any files and directories within 
 the vetoed directory. This can be useful for integration with file 
 serving systems such as NetAtalk which create meta-files within 
@@ -2223,6 +2360,10 @@ created from this parameter with the value of the \fIforce directory mode
 \fRparameter. This parameter is set to 000 by 
 default (i.e. no extra mode bits are added).
 
+Note that this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+a mask on access control lists also, they need to set the \fIdirectory security mask\fR.
+
 See the \fIforce 
 directory mode\fR parameter to cause particular mode 
 bits to always be set on created directories.
@@ -2253,29 +2394,27 @@ this mask from being modified. Essentially, zero bits in this
 mask may be treated as a set of bits the user is not allowed 
 to change.
 
-If not set explicitly this parameter is set to the same 
-value as the \fIdirectory 
-mask\fR parameter. To allow a user to
-modify all the user/group/world permissions on a directory, set 
-this parameter to 0777.
+If not set explicitly this parameter is set to 0777
+meaning a user is allowed to modify all the user/group/world
+permissions on a directory.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this restriction, 
 so it is primarily useful for standalone "appliance" systems. 
-Administrators of most normal systems will probably want to set 
-it to 0777.
+Administrators of most normal systems will probably want to leave
+it as the default of 0777.
 
 See also the \fI force directory security mode\fR, \fIsecurity mask\fR, 
 \fIforce security mode
 \fRparameters.
 
-Default: \fBdirectory security mask = <same as 
-directory mask>\fR
+Default: \fBdirectory security mask = 0777\fR
 
-Example: \fBdirectory security mask = 0777\fR
+Example: \fBdirectory security mask = 0700\fR
 .TP
 \fBdns proxy (G)\fR
-Specifies that nmbd(8)when acting as a WINS server and finding that a NetBIOS name has not 
+Specifies that nmbd(8)
+when acting as a WINS server and finding that a NetBIOS name has not 
 been registered, should treat the NetBIOS name word-for-word as a DNS 
 name and do a lookup with the DNS server for that name on behalf of 
 the name-querying client.
@@ -2293,44 +2432,38 @@ See also the parameter \fI wins support\fR.
 Default: \fBdns proxy = yes\fR
 .TP
 \fBdomain admin group (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
-.TP
-\fBdomain admin users (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
-.TP
-\fBdomain groups (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
+This parameter is intended as a temporary solution
+to enable users to be a member of the "Domain Admins" group when 
+a Samba host is acting as a PDC. A complete solution will be provided
+by a system for mapping Windows NT/2000 groups onto UNIX groups.
+Please note that this parameter has a somewhat confusing name. It 
+accepts a list of usernames and of group names in standard 
+\fIsmb.conf\fR notation.
+
+See also \fIdomain
+guest group\fR, \fIdomain
+logons\fR
+
+Default: \fBno domain administrators\fR
+
+Example: \fBdomain admin group = root @wheel\fR
 .TP
 \fBdomain guest group (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
-.TP
-\fBdomain guest users (G)\fR
-This is an \fBEXPERIMENTAL\fR parameter 
-that is part of the unfinished Samba NT Domain Controller Code. It may 
-be removed in a later release. To work with the latest code builds 
-that may have more support for Samba NT Domain Controller functionality 
-please subscribe to the mailing list samba-ntdom <URL:mailto:samba-ntdom@samba.org> available by 
-visiting the web page at  http://lists.samba.org/ <URL:http://lists.samba.org/>.
+This parameter is intended as a temporary solution
+to enable users to be a member of the "Domain Guests" group when 
+a Samba host is acting as a PDC. A complete solution will be provided
+by a system for mapping Windows NT/2000 groups onto UNIX groups.
+Please note that this parameter has a somewhat confusing name. It 
+accepts a list of usernames and of group names in standard 
+\fIsmb.conf\fR notation.
+
+See also \fIdomain
+admin group\fR, \fIdomain
+logons\fR
+
+Default: \fBno domain guests\fR
+
+Example: \fBdomain guest group = nobody @guest\fR
 .TP
 \fBdomain logons (G)\fR
 If set to true, the Samba server will serve 
@@ -2349,7 +2482,8 @@ claim a special domain specific NetBIOS name that identifies
 it as a domain master browser for its given  \fIworkgroup\fR. Local master browsers 
 in the same \fIworkgroup\fR on broadcast-isolated 
 subnets will give this \fBnmbd\fR their local browse lists, 
-and then ask \fBsmbd(8)\fRfor a complete copy of the browse list for the whole wide area 
+and then ask \fBsmbd(8)\fR
+for a complete copy of the browse list for the whole wide area 
 network. Browser clients will then contact their local master browser, 
 and will receive the domain-wide browse list, instead of just the list 
 for their broadcast-isolated subnet.
@@ -2390,7 +2524,7 @@ Example: \fBdont descend = /proc,/dev\fR
 .TP
 \fBdos filemode (S)\fR
 The default behavior in Samba is to provide 
-UNIX-like behavor where only the owner of a file/directory is 
+UNIX-like behavior where only the owner of a file/directory is 
 able to change the permissions on it. However, this behavior
 is often confusing to DOS/Windows users. Enabling this parameter 
 allows a user who has write access to the file (by whatever 
@@ -2429,7 +2563,7 @@ file they can change the timestamp on it. Under POSIX semantics,
 only the owner of the file or root may change the timestamp. By 
 default, Samba runs with POSIX semantics and refuses to change the 
 timestamp on a file if the user \fBsmbd\fR is acting 
-on behalf of is not the file owner. Setting this option to  True allows DOS semantics and smbd will change the file 
+on behalf of is not the file owner. Setting this option to  true allows DOS semantics and smbdwill change the file 
 timestamp as DOS requires.
 
 Default: \fBdos filetimes = no\fR
@@ -2446,7 +2580,7 @@ In order for encrypted passwords to work correctly
 \fBsmbd(8)\fRmust either 
 have access to a local \fIsmbpasswd(5)
 \fRprogram for information on how to set up 
-and maintain this file), or set the security=[serve|domain] parameter which 
+and maintain this file), or set the security=[server|domain] parameter which 
 causes \fBsmbd\fR to authenticate against another 
 server.
 
@@ -2454,16 +2588,16 @@ Default: \fBencrypt passwords = no\fR
 .TP
 \fBenhanced browsing (G)\fR
 This option enables a couple of enhancements to 
-cross-subnet browse propogation that have been added in Samba 
+cross-subnet browse propagation that have been added in Samba 
 but which are not standard in Microsoft implementations. 
 \fBThese enhancements are currently only available in
 the HEAD Samba CVS tree (not Samba 2.2.x).\fR
 
-The first enhancement to browse propogation consists of a regular
+The first enhancement to browse propagation consists of a regular
 wildcard query to a Samba WINS server for all Domain Master Browsers,
-followed by a browse synchronisation with each of the returned
+followed by a browse synchronization with each of the returned
 DMBs. The second enhancement consists of a regular randomised browse
-synchronisation with all currently known DMBs.
+synchronization with all currently known DMBs.
 
 You may wish to disable this option if you have a problem with empty
 workgroups not disappearing from browse lists. Due to the restrictions
@@ -2471,7 +2605,7 @@ of the browse protocols these enhancements can cause a empty workgroup
 to stay around forever which can be annoying.
 
 In general you should leave this option enabled as it makes
-cross-subnet browse propogation much more reliable.
+cross-subnet browse propagation much more reliable.
 
 Default: \fBenhanced browsing = yes\fR
 .TP
@@ -2519,7 +2653,7 @@ However, Unix time semantics mean that the create time
 reported by Samba will be updated whenever a file is created or 
 or deleted in the directory. NMAKE finds all object files in 
 the object directory. The timestamp of the last one built is then 
-compared to the timestamp of the object dircetory. If the 
+compared to the timestamp of the object directory. If the 
 directory's timestamp if newer, then all object files
 will be rebuilt. Enabling this option 
 ensures directories always predate their contents and an NMAKE build 
@@ -2554,7 +2688,8 @@ Default: \fBfake oplocks = no\fR
 .TP
 \fBfollow symlinks (S)\fR
 This parameter allows the Samba administrator 
-to stop \fBsmbd(8)\fRfrom following symbolic links in a particular share. Setting this 
+to stop \fBsmbd(8)\fR
+from following symbolic links in a particular share. Setting this 
 parameter to no prevents any file or directory 
 that is a symbolic link from being followed (the user will get an 
 error). This option is very useful to stop users from adding a 
@@ -2577,6 +2712,11 @@ permissions changed. The default for this parameter is (in octal)
 mode after the mask set in the \fIcreate mask\fR 
 parameter is applied.
 
+Note that by default this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+this mask on access control lists also, they need to set the \fIrestrict acl with 
+mask\fR to true.
+
 See also the parameter \fIcreate 
 mask\fR for details on masking mode bits on files.
 
@@ -2601,6 +2741,11 @@ bits to a created directory. This operation is done after the mode
 mask in the parameter \fIdirectory mask\fR is 
 applied.
 
+Note that by default this parameter does not apply to permissions
+set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
+this mask on access control lists also, they need to set the \fIrestrict acl with 
+mask\fR to true.
+
 See also the parameter \fI directory mask\fR for details on masking mode bits 
 on created directories.
 
@@ -2625,26 +2770,23 @@ the user may have modified to be on. Essentially, one bits in this
 mask may be treated as a set of bits that, when modifying security 
 on a directory, the user has always set to be 'on'.
 
-If not set explicitly this parameter is set to the same 
-value as the \fIforce 
-directory mode\fR parameter. To allow
-a user to modify all the user/group/world permissions on a 
-directory without restrictions, set this parameter to 000.
+If not set explicitly this parameter is 000, which 
+allows a user to modify all the user/group/world permissions on a 
+directory without restrictions.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this restriction, 
 so it is primarily useful for standalone "appliance" systems. 
-Administrators of most normal systems will probably want to set 
-it to 0000.
+Administrators of most normal systems will probably want to leave
+it set as 0000.
 
 See also the \fI directory security mask\fR,  \fIsecurity mask\fR, 
 \fIforce security mode
 \fRparameters.
 
-Default: \fBforce directory security mode = <same as 
-force directory mode>\fR
+Default: \fBforce directory security mode = 0\fR
 
-Example: \fBforce directory security mode = 0\fR
+Example: \fBforce directory security mode = 700\fR
 .TP
 \fBforce group (S)\fR
 This specifies a UNIX group name that will be 
@@ -2692,26 +2834,23 @@ the user may have modified to be on. Essentially, one bits in this
 mask may be treated as a set of bits that, when modifying security 
 on a file, the user has always set to be 'on'.
 
-If not set explicitly this parameter is set to the same 
-value as the \fIforce 
-create mode\fR parameter. To allow a user to 
-modify all the user/group/world permissions on a file, with no 
-restrictions set this parameter to 000.
+If not set explicitly this parameter is set to 0,
+and allows a user to modify all the user/group/world permissions on a file,
+with no restrictions.
 
 \fBNote\fR that users who can access 
 the Samba server through other means can easily bypass this restriction, 
 so it is primarily useful for standalone "appliance" systems. 
-Administrators of most normal systems will probably want to set 
-it to 0000.
+Administrators of most normal systems will probably want to leave
+this set to 0000.
 
 See also the \fI force directory security mode\fR,
 \fIdirectory security
 mask\fR, \fI security mask\fR parameters.
 
-Default: \fBforce security mode = <same as force 
-create mode>\fR
+Default: \fBforce security mode = 0\fR
 
-Example: \fBforce security mode = 0\fR
+Example: \fBforce security mode = 700\fR
 .TP
 \fBforce user (S)\fR
 This specifies a UNIX user name that will be 
@@ -2755,7 +2894,7 @@ This is a tuning option. When this is enabled a
 caching algorithm will be used to reduce the time taken for getwd() 
 calls. This can have a significant impact on performance, especially 
 when the \fIwide links\fR
-parameter is set to False.
+parameter is set to false.
 
 Default: \fBgetwd cache = yes\fR
 .TP
@@ -2848,7 +2987,7 @@ Default: \fBhide local users = no\fR
 .TP
 \fBhomedir map (G)\fR
 If\fInis homedir
-\fRis True, and \fBsmbd(8)\fRis also acting 
+\fRis true, and \fBsmbd(8)\fRis also acting 
 as a Win95/98 \fIlogon server\fR then this parameter 
 specifies the NIS (or YP) map from which the server for the user's 
 home directory should be extracted. At present, only the Sun 
@@ -2958,7 +3097,7 @@ and users who will be allowed access without specifying a password.
 
 This is not be confused with  \fIhosts allow\fR which is about hosts 
 access to services and is more useful for guest services. \fI hosts equiv\fR may be useful for NT clients which will 
-not supply passwords to samba.
+not supply passwords to Samba.
 
 \fBNOTE :\fR The use of \fIhosts equiv
 \fRcan be a major security hole. This is because you are 
@@ -3006,7 +3145,7 @@ Note that the setuid bit is \fBnever\fR set via
 inheritance (the code explicitly prohibits this).
 
 This can be particularly useful on large systems with 
-many users, perhaps several thousand,to allow a single [homes] 
+many users, perhaps several thousand, to allow a single [homes] 
 share to be used flexibly by each user.
 
 See also \fIcreate mask
@@ -3141,8 +3280,8 @@ and \fIlevel2 oplocks
 Default: \fBkernel oplocks = yes\fR
 .TP
 \fBlanman auth (G)\fR
-This parameter determines whether or not smbd will
-attempt to authentication users using the LANMAN password hash.
+This parameter determines whether or not smbdwill
+attempt to authenticate users using the LANMAN password hash.
 If disabled, only clients which support NT password hashes (e.g. Windows 
 NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS 
 network client) will be able to connect to the Samba host.
@@ -3177,7 +3316,7 @@ Currently, if \fIkernel
 oplocks\fR are supported then level2 oplocks are 
 not granted (even if this parameter is set to yes). 
 Note also, the \fIoplocks\fR
-parameter must be set to "true" on this share in order for 
+parameter must be set to true on this share in order for 
 this parameter to have any effect.
 
 See also the \fIoplocks\fR
@@ -3233,13 +3372,13 @@ Default: \fBload printers = yes\fR
 .TP
 \fBlocal master (G)\fR
 This option allows \fB nmbd(8)\fRto try and become a local master browser 
-on a subnet. If set to False then \fB nmbd\fR will not attempt to become a local master browser 
+on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser 
 on a subnet and will also lose in all browsing elections. By
 default this value is set to true. Setting this value to true doesn't
 mean that Samba will \fBbecome\fR the local master 
 browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser.
 
-Setting this value to False will cause \fBnmbd\fR
+Setting this value to false will cause \fBnmbd\fR
 \fBnever\fR to become a local master browser.
 
 Default: \fBlocal master = yes\fR
@@ -3271,7 +3410,7 @@ by the server.
 
 This option \fBmay\fR be useful for read-only 
 filesystems which \fBmay\fR not need locking (such as 
-cdrom drives), although setting this parameter of no 
+CDROM drives), although setting this parameter of no 
 is not really recommended even in this case.
 
 Be careful about disabling locking either globally or in a 
@@ -3290,7 +3429,15 @@ you to have separate log files for each user or machine.
 Example: \fBlog file = /usr/local/samba/var/log.%m
 \fR.TP
 \fBlog level (G)\fR
-Synonym for \fI debug level\fR.
+The value of the parameter (an integer) allows 
+the debug level (logging level) to be specified in the 
+\fIsmb.conf\fR file. This is to give greater 
+flexibility in the configuration of the system.
+
+The default will be the log level specified on 
+the command line or level zero if none was specified.
+
+Example: \fBlog level = 3\fR
 .TP
 \fBlogon drive (G)\fR
 This parameter specifies the local path to 
@@ -3358,7 +3505,7 @@ your Windows NT client.
 
 The share and the path must be readable by the user for 
 the preferences and directories to be loaded onto the Windows NT
-client. The share must be writeable when the logs in for the first
+client. The share must be writeable when the user logs in for the first
 time, in order that the Windows NT client can create the NTuser.dat
 and other directories.
 
@@ -3388,7 +3535,7 @@ Example: \fBlogon path = \\\\PROFILESERVER\\PROFILE\\%U\fR
 This parameter specifies the batch file (.bat) or 
 NT command file (.cmd) to be downloaded and run on a machine when 
 a user successfully logs in. The file must contain the DOS 
-style cr/lf line endings. Using a DOS-style editor to create the 
+style CR/LF line endings. Using a DOS-style editor to create the 
 file is recommended.
 
 The script must be a relative path to the [netlogon] 
@@ -3398,7 +3545,7 @@ the file that will be downloaded is:
 
 \fI/usr/local/samba/netlogon/STARTUP.BAT\fR
 
-The contents of the batch file is entirely your choice. A 
+The contents of the batch file are entirely your choice. A 
 suggested command would be to add \fBNET TIME \\\\SERVER /SET 
 /YES\fR, to force every machine to synchronize clocks with 
 the same time server. Another use would be to add \fBNET USE 
@@ -3430,7 +3577,7 @@ a printer name and job number to pause the print job. One way
 of implementing this is by using job priorities, where jobs 
 having a too low priority won't be sent to the printer.
 
-If a \fI%p\fR is given then the printername 
+If a \fI%p\fR is given then the printer name 
 is put in its place. A \fI%j\fR is replaced with 
 the job number (an integer). On HPUX (see \fIprinting=hpux
 \fR), if the \fI-p%p\fR option is added 
@@ -3503,7 +3650,7 @@ requesting status information about. To get around this, the
 server reports on the first printer service connected to by the 
 client. This only happens if the connection number sent is invalid.
 
-If a \fI%p\fR is given then the printername 
+If a \fI%p\fR is given then the printer name 
 is put in its place. Otherwise it is placed at the end of the 
 command.
 
@@ -3528,7 +3675,7 @@ a printer name and job number to resume the print job. See
 also the \fIlppause command
 \fRparameter.
 
-If a \fI%p\fR is given then the printername 
+If a \fI%p\fR is given then the printer name 
 is put in its place. A \fI%j\fR is replaced with 
 the job number (an integer).
 
@@ -3560,7 +3707,7 @@ executed on the server host in order to delete a print job.
 This command should be a program or script which takes 
 a printer name and job number, and deletes the print job.
 
-If a \fI%p\fR is given then the printername 
+If a \fI%p\fR is given then the printer name 
 is put in its place. A \fI%j\fR is replaced with 
 the job number (an integer).
 
@@ -3578,7 +3725,7 @@ Example 1: \fBlprm command = /usr/bin/lprm -P%p %j
 Example 2: \fBlprm command = /usr/bin/cancel %p-%j
 \fR.TP
 \fBmachine password timeout (G)\fR
-If a Samba server is a member of an Windows 
+If a Samba server is a member of a Windows 
 NT Domain (see the security=domain) 
 parameter) then periodically a running  smbd(8)process will try and change the MACHINE ACCOUNT 
 PASSWORD stored in the TDB called \fIprivate/secrets.tdb
@@ -3612,8 +3759,8 @@ This allows a UNIX script to be sent to the Samba host and
 executed on behalf of the connected user.
 
 Scripts executed in this way will be deleted upon 
-completion assuming that the user has the appripriate level 
-of priviledge and the ile permissions allow the deletion.
+completion assuming that the user has the appropriate level 
+of privilege and the file permissions allow the deletion.
 
 If the script generates output, output will be sent to 
 the file specified by the \fI magic output\fR parameter (see above).
@@ -3638,7 +3785,7 @@ Default: \fBmangle case = no\fR
 .TP
 \fBmangled map (S)\fR
 This is for those who want to directly map UNIX 
-file names which can not be represented on Windows/DOS. The mangling 
+file names which cannot be represented on Windows/DOS. The mangling 
 of names is not always what is needed. In particular you may have 
 documents with file extensions that differ between DOS and UNIX. 
 For example, under UNIX it is common to use \fI.html\fR 
@@ -3651,7 +3798,7 @@ you would use:
 \fBmangled map = (*.html *.htm)\fR
 
 One very useful case is to remove the annoying \fI;1
-\fRoff the ends of filenames on some CDROMS (only visible 
+\fRoff the ends of filenames on some CDROMs (only visible 
 under some UNIXes). To do this use a map of (*;1 *;).
 
 Default: \fBno mangled map\fR
@@ -3731,11 +3878,11 @@ or contains upper case characters).
 
 The larger this value, the more likely it is that mangled 
 names can be successfully converted to correct long UNIX names. 
-However, large stack sizes will slow most directory access. Smaller 
+However, large stack sizes will slow most directory accesses. Smaller 
 stacks save memory in the server (each stack element costs 256 bytes).
 
 It is not possible to absolutely guarantee correct long 
-file names, so be prepared for some surprises!
+filenames, so be prepared for some surprises!
 
 Default: \fBmangled stack = 50\fR
 
@@ -3892,7 +4039,7 @@ Example: \fBmax log size = 1000\fR
 .TP
 \fBmax mux (G)\fR
 This option controls the maximum number of 
-outstanding simultaneous SMB operations that samba tells the client 
+outstanding simultaneous SMB operations that Samba tells the client 
 it will allow. You should never need to set this parameter.
 
 Default: \fBmax mux = 50\fR
@@ -3965,11 +4112,12 @@ Example: \fBmax protocol = LANMAN1\fR
 .TP
 \fBmax smbd processes (G)\fR
 This parameter limits the maximum number of 
-\fBsmbd(8)\fRprocesses concurrently running on a system and is intended
-as a stop gap to prevent degrading service to clients in the event
+\fBsmbd(8)\fR
+processes concurrently running on a system and is intended
+as a stopgap to prevent degrading service to clients in the event
 that the server has insufficient resources to handle more than this
 number of connections. Remember that under normal operating
-conditions, each user will have an smbd associated with him or her
+conditions, each user will have an smbdassociated with him or her
 to handle connections to all shares from a given host.
 
 Default: \fBmax smbd processes = 0\fR ## no limit
@@ -3977,7 +4125,8 @@ Default: \fBmax smbd processes = 0\fR ## no limit
 Example: \fBmax smbd processes = 1000\fR
 .TP
 \fBmax ttl (G)\fR
-This option tells nmbd(8)what the default 'time to live' of NetBIOS names should be (in seconds) 
+This option tells nmbd(8)
+what the default 'time to live' of NetBIOS names should be (in seconds) 
 when \fBnmbd\fR is requesting a name using either a
 broadcast packet or from a WINS server. You should never need to
 change this parameter. The default is 3 days.
@@ -4023,7 +4172,7 @@ removes it afterwards. \fBNOTE THAT IT IS VERY IMPORTANT
 THAT THIS COMMAND RETURN IMMEDIATELY\fR. That's why I 
 have the '&' on the end. If it doesn't return immediately then 
 your PCs may freeze when sending messages (they should recover 
-after 30secs, hopefully).
+after 30 seconds, hopefully).
 
 All messages are delivered as the global guest user. 
 The command takes the standard substitutions, although \fI %u\fR won't work (\fI%U\fR may be better 
@@ -4124,7 +4273,8 @@ Example : \fBmin protocol = NT1\fR # disable DOS
 clients
 .TP
 \fBmin wins ttl (G)\fR
-This option tells nmbd(8)when acting as a WINS server (\fI wins support = yes\fR) what the minimum 'time to live' 
+This option tells nmbd(8)
+when acting as a WINS server (\fI wins support = yes\fR) what the minimum 'time to live' 
 of NetBIOS names that \fBnmbd\fR will grant will be (in 
 seconds). You should never need to change this parameter. The default 
 is 6 hours (21600 seconds).
@@ -4298,6 +4448,18 @@ See also smbpasswd (5).
 
 Default: \fBnull passwords = no\fR
 .TP
+\fBobey pam restrictions (G)\fR
+When Samba 2.2 is configured to enable PAM support
+(i.e. --with-pam), this parameter will control whether or not Samba
+should obey PAM's account and session management directives. The 
+default behavior is to use PAM for clear text authentication only
+and to ignore any account or session management. Note that Samba
+always ignores PAM for authentication in the case of \fIencrypt passwords = yes\fR
+\&. The reason is that PAM modules cannot support the challenge/response
+authentication mechanism needed in the presence of SMB password encryption.
+
+Default: \fBobey pam restrictions = no\fR
+.TP
 \fBonly user (S)\fR
 This is a boolean option that controls whether 
 connections with usernames not in the \fIuser\fR 
@@ -4320,18 +4482,6 @@ parameter.
 
 Default: \fBonly user = no\fR
 .TP
-\fBole locking compatibility (G)\fR
-This parameter allows an administrator to turn 
-off the byte range lock manipulation that is done within Samba to 
-give compatibility for OLE applications. Windows OLE applications 
-use byte range locking as a form of inter-process communication, by 
-locking ranges of bytes around the 2^32 region of a file range. This 
-can cause certain UNIX lock managers to crash or otherwise cause 
-problems. Setting this parameter to no means you 
-trust your UNIX lock manager to handle such cases correctly.
-
-Default: \fBole locking compatibility = yes\fR
-.TP
 \fBonly guest (S)\fR
 A synonym for \fI guest only\fR.
 .TP
@@ -4355,7 +4505,7 @@ smbd(8)tuning option to
 improve the efficiency of the granting of oplocks under multiple 
 client contention for the same file.
 
-In brief it specifies a number, which causes smbd not to 
+In brief it specifies a number, which causes smbdnot to 
 grant an oplock even when requested if the approximate number of 
 clients contending for an oplock on the same file goes over this 
 limit. This causes \fBsmbd\fR to behave in a similar 
@@ -4367,7 +4517,7 @@ AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR.
 Default: \fBoplock contention limit = 2\fR
 .TP
 \fBoplocks (S)\fR
-This boolean option tells smbd whether to 
+This boolean option tells \fBsmbd\fR whether to 
 issue oplocks (opportunistic locks) to file open requests on this 
 share. The oplock code can dramatically (approx. 30% or more) improve 
 the speed of access to files on Samba servers. It allows the clients 
@@ -4392,7 +4542,8 @@ Default: \fBoplocks = yes\fR
 \fBos level (G)\fR
 This integer value controls what level Samba 
 advertises itself as for browse elections. The value of this 
-parameter determines whether nmbd(8)has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area.
+parameter determines whether nmbd(8)
+has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area.
 
 \fBNote :\fRBy default, Samba will win 
 a local master browsing election over all Microsoft operating 
@@ -4415,7 +4566,7 @@ names to OS/2 printer driver names. The format is:
 name>.<device name>
 
 For example, a valid entry using the HP LaserJet 5
-printer driver woudl appear as \fBHP LaserJet 5L = LASERJET.HP 
+printer driver would appear as \fBHP LaserJet 5L = LASERJET.HP 
 LaserJet 5L\fR.
 
 The need for the file is due to the printer driver namespace 
@@ -4426,9 +4577,22 @@ containing in the Samba documentation.
 
 Default: \fBos2 driver map = <empty string>
 \fR.TP
+\fBpam password change (G)\fR
+With the addition of better PAM support in Samba 2.2, 
+this parameter, it is possible to use PAM's password change control 
+flag for Samba. If enabled, then PAM will be used for password
+changes when requested by an SMB client insted of the program listed in 
+\fIpasswd program\fR. 
+It should be possible to enable this without changing your 
+\fIpasswd chat\fR
+paramater for most setups.
+
+Default: \fBpam password change = no\fR
+.TP
 \fBpanic action (G)\fR
 This is a Samba developer option that allows a 
-system command to be called when either  smbd(8)crashes. This is usually used to draw attention to the fact that 
+system command to be called when either  smbd(8)
+crashes. This is usually used to draw attention to the fact that 
 a problem occurred.
 
 Default: \fBpanic action = <empty string>\fR
@@ -4438,7 +4602,7 @@ Example: \fBpanic action = "/bin/sleep 90000"\fR
 \fBpasswd chat (G)\fR
 This string controls the \fB"chat"\fR 
 conversation that takes places between smbdand the local password changing
-program to change the users password. The string describes a 
+program to change the user's password. The string describes a 
 sequence of response-receive pairs that  smbd(8)uses to determine what to send to the 
 \fIpasswd program\fR
 and what to expect back. If the expected output is not 
@@ -4461,8 +4625,8 @@ Double quotes can be used to collect strings with spaces
 in them into a single string.
 
 If the send string in any part of the chat sequence 
-is a fullstop ".", then no string is sent. Similarly, 
-if the expect string is a fullstop then no string is expected.
+is a full stop ".", then no string is sent. Similarly, 
+if the expect string is a full stop then no string is expected.
 
 Note that if the \fIunix 
 password sync\fR parameter is set to true, then this 
@@ -4471,8 +4635,13 @@ in the smbpasswd file is being changed, without access to the old
 password cleartext. In this case the old password cleartext is set 
 to "" (the empty string).
 
+Also, if the \fIpam
+password change\fR parameter is set to true, the chat pairs
+may be matched in any order, and sucess is determined by the PAM result, 
+not any particular output. The \\n macro is ignored for PAM conversions.
+
 See also \fIunix password 
-sync\fR, \fI passwd program\fR and  \fIpasswd chat debug\fR.
+sync\fR, \fI passwd program\fR , \fIpasswd chat debug\fR and  \fIpam password change\fR.
 
 Default: \fBpasswd chat = *new*password* %n\\n 
 *new*password* %n\\n *changed*\fR
@@ -4491,10 +4660,12 @@ of 100. This is a dangerous option as it will allow plaintext passwords
 to be seen in the \fBsmbd\fR log. It is available to help 
 Samba admins debug their \fIpasswd chat\fR scripts 
 when calling the \fIpasswd program\fR and should 
-be turned off after this has been done. This parameter is off by
-default.
+be turned off after this has been done. This option has no effect if the 
+\fIpam password change\fR
+paramter is set. This parameter is off by default.
 
-See also <\fIpasswd chat\fR
+See also \fIpasswd chat\fR
+, \fIpam password change\fR
 , \fIpasswd program\fR
 \&.
 
@@ -4513,7 +4684,7 @@ of mixed case chars and digits. This can pose a problem as some clients
 it.
 
 \fBNote\fR that if the \fIunix 
-password sync\fR parameter is set to True
+password sync\fR parameter is set to true
 then this program is called \fBAS ROOT\fR 
 before the SMB password in the smbpasswd(5)
 file is changed. If this UNIX password change fails, then 
@@ -4524,7 +4695,7 @@ If the \fIunix password sync\fR parameter
 is set this parameter \fBMUST USE ABSOLUTE PATHS\fR 
 for \fBALL\fR programs called, and must be examined 
 for security implications. Note that by default \fIunix 
-password sync\fR is set to False.
+password sync\fR is set to false.
 
 See also \fIunix 
 password sync\fR.
@@ -4643,7 +4814,7 @@ restriction of the SMB/CIFS protocol when in \fBsecurity=server
 If you are using a Windows NT server as your 
 password server then you will have to ensure that your users 
 are able to login from the Samba server, as when in \fB security=server\fR mode the network logon will appear to 
-come from there rather than from the users workstation.
+come from there rather than from the user's workstation.
 .RE
 .PP
 See also the \fIsecurity
@@ -4685,7 +4856,8 @@ Default: \fBnone\fR
 Example: \fBpath = /home/fred\fR
 .TP
 \fBposix locking (S)\fR
-The \fBsmbd(8)\fRdaemon maintains an database of file locks obtained by SMB clients.
+The \fBsmbd(8)\fR
+daemon maintains an database of file locks obtained by SMB clients.
 The default behavior is to map this internal database to POSIX
 locks. This means that file locks obtained by SMB clients are 
 consistent with those seen by POSIX compliant applications accessing 
@@ -4700,7 +4872,7 @@ whenever the service is disconnected. It takes the usual
 substitutions. The command may be run as the root on some 
 systems.
 
-An interesting example may be do unmount server 
+An interesting example may be to unmount server 
 resources:
 
 \fBpostexec = /etc/umount /cdrom\fR
@@ -4715,7 +4887,7 @@ from %m (%I)\\" >> /tmp/log\fR
 .TP
 \fBpostscript (S)\fR
 This parameter forces a printer to interpret 
-the print files as postscript. This is done by adding a %!
+the print files as PostScript. This is done by adding a %!
 to the start of print output.
 
 This is most useful when you have lots of PCs that persist 
@@ -4935,11 +5107,11 @@ Default: \fBprinter admin = <empty string>\fR
 Example: \fBprinter admin = admin, @staff\fR
 .TP
 \fBprinter driver (S)\fR
-\fBNote :\fRThis is a depreciated 
+\fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
 following version 2.2. Please see the instructions in
-\fIPRINTER_DRIVER2.txt\fR in the \fIdocs
-\fRof the Samba distribution for more information
+the Samba 2.2. Printing
+HOWTOfor more information
 on the new method of loading printer drivers onto a Samba server.
 
 This option allows you to control the string 
@@ -4961,11 +5133,11 @@ driver file\fR.
 Example: \fBprinter driver = HP LaserJet 4L\fR
 .TP
 \fBprinter driver file (G)\fR
-\fBNote :\fRThis is a depreciated 
+\fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
 following version 2.2. Please see the instructions in
-\fIPRINTER_DRIVER2.txt\fR in the \fIdocs
-\fRof the Samba distribution for more information
+the Samba 2.2. Printing
+HOWTOfor more information
 on the new method of loading printer drivers onto a Samba server.
 
 This parameter tells Samba where the printer driver 
@@ -4978,7 +5150,7 @@ to be found. If this is not set, the default is :
 This file is created from Windows 95 \fImsprint.inf
 \fRfiles found on the Windows 95 client system. For more 
 details on setting up serving of printer drivers to Windows 95 
-clients, see the documentation file in the \fIdocs/\fR 
+clients, see the outdated documentation file in the \fIdocs/\fR 
 directory, \fIPRINTER_DRIVER.txt\fR.
 
 See also \fI printer driver location\fR.
@@ -4989,11 +5161,11 @@ Example: \fBprinter driver file =
 /usr/local/samba/printers/drivers.def\fR
 .TP
 \fBprinter driver location (S)\fR
-\fBNote :\fRThis is a depreciated 
+\fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
 following version 2.2. Please see the instructions in
-\fIPRINTER_DRIVER2.txt\fR in the \fIdocs
-\fRof the Samba distribution for more information
+the Samba 2.2. Printing
+HOWTOfor more information
 on the new method of loading printer drivers onto a Samba server.
 
 This parameter tells clients of a particular printer 
@@ -5005,7 +5177,7 @@ to serve printer drivers to Windows 95 machines, this should be set to
 
 Where MACHINE is the NetBIOS name of your Samba server, 
 and PRINTER$ is a share you set up for serving printer driver 
-files. For more details on setting this up see the documentation 
+files. For more details on setting this up see the outdated documentation 
 file in the \fIdocs/\fR directory, \fI PRINTER_DRIVER.txt\fR.
 
 See also \fI printer driver file\fR.
@@ -5037,7 +5209,7 @@ default values for the \fIprint command\fR,
 \fIlpq command\fR, \fIlppause command
 \fR, \fIlpresume command\fR, and 
 \fIlprm command\fR if specified in the 
-[global]f> section.
+[global] section.
 
 Currently eight printing styles are supported. They are
 BSD, AIX, 
@@ -5062,17 +5234,17 @@ ok\fR.
 .TP
 \fBqueuepause command (S)\fR
 This parameter specifies the command to be 
-executed on the server host in order to pause the printerqueue.
+executed on the server host in order to pause the printer queue.
 
 This command should be a program or script which takes 
-a printer name as its only parameter and stops the printerqueue, 
+a printer name as its only parameter and stops the printer queue, 
 such that no longer jobs are submitted to the printer.
 
 This command is not supported by Windows for Workgroups, 
-but can be issued from the Printer's window under Windows 95 
+but can be issued from the Printers window under Windows 95 
 and NT.
 
-If a \fI%p\fR is given then the printername 
+If a \fI%p\fR is given then the printer name 
 is put in its place. Otherwise it is placed at the end of the command.
 
 Note that it is good practice to include the absolute 
@@ -5085,19 +5257,19 @@ Example: \fBqueuepause command = disable %p\fR
 .TP
 \fBqueueresume command (S)\fR
 This parameter specifies the command to be 
-executed on the server host in order to resume the printerqueue. It 
+executed on the server host in order to resume the printer queue. It 
 is the command to undo the behavior that is caused by the 
 previous parameter (\fI queuepause command\fR).
 
 This command should be a program or script which takes 
-a printer name as its only parameter and resumes the printerqueue, 
+a printer name as its only parameter and resumes the printer queue, 
 such that queued jobs are resubmitted to the printer.
 
 This command is not supported by Windows for Workgroups, 
-but can be issued from the Printer's window under Windows 95 
+but can be issued from the Printers window under Windows 95 
 and NT.
 
-If a \fI%p\fR is given then the printername 
+If a \fI%p\fR is given then the printer name 
 is put in its place. Otherwise it is placed at the end of the 
 command.
 
@@ -5189,7 +5361,7 @@ For example:
 \fBremote announce = 192.168.2.255/SERVERS 
 192.168.4.255/STAFF\fR
 
-the above line would cause nmbd to announce itself 
+the above line would cause \fBnmbd\fR to announce itself 
 to the two given IP addresses using the given workgroup names. 
 If you leave out the workgroup name then the one given in 
 the \fIworkgroup\fR 
@@ -5206,10 +5378,10 @@ Default: \fBremote announce = <empty string>
 \fR.TP
 \fBremote browse sync (G)\fR
 This option allows you to setup nmbd(8)to periodically request 
-synchronization of browse lists with the master browser of a samba 
+synchronization of browse lists with the master browser of a Samba 
 server that is on a remote segment. This option will allow you to 
 gain browse lists for multiple workgroups across routed networks. This 
-is done in a manner that does not work with any non-samba servers.
+is done in a manner that does not work with any non-Samba servers.
 
 This is useful if you want your Samba server and all local 
 clients to appear in a remote workgroup for which the normal browse 
@@ -5229,10 +5401,31 @@ addresses of the remote networks, but can also be the IP addresses
 of known browse masters if your network config is that stable. If 
 a machine IP address is given Samba makes NO attempt to validate 
 that the remote machine is available, is listening, nor that it 
-is in fact the browse master on it's segment.
+is in fact the browse master on its segment.
 
 Default: \fBremote browse sync = <empty string>
 \fR.TP
+\fBrestrict acl with mask (S)\fR
+This is a boolean parameter. If set to false (default), then 
+creation of files with access control lists (ACLS) and modification of ACLs
+using the Windows NT/2000 ACL editor will be applied directly to the file
+or directory.
+
+If set to true, then all requests to set an ACL on a file will have the
+parameters \fIcreate mask\fR,
+\fIforce create mode\fR
+applied before setting the ACL, and all requests to set an ACL on a directory will
+have the parameters \fIdirectory 
+mask\fR, \fIforce 
+directory mode\fR applied before setting the ACL.
+
+See also \fIcreate mask\fR,
+\fIforce create mode\fR,
+\fIdirectory mask\fR,
+\fIforce directory mode\fR
+
+Default: \fBrestrict acl with mask = no\fR
+.TP
 \fBrestrict anonymous (G)\fR
 This is a boolean parameter. If it is true, then 
 anonymous access to the server will be restricted, namely in the 
@@ -5249,8 +5442,8 @@ and this is a way to work around that.
 
 When restrict anonymous is true, all anonymous connections 
 are denied no matter what they are for. This can effect the ability 
-of a machine to access the samba Primary Domain Controller to revalidate 
-it's machine account after someone else has logged on the client 
+of a machine to access the Samba Primary Domain Controller to revalidate 
+its machine account after someone else has logged on the client 
 interactively. The NT client will display a message saying that 
 the machine's account in the domain doesn't exist or the password is 
 bad. The best way to deal with this is to reboot NT client machines 
@@ -5267,7 +5460,7 @@ Synonym for  \fIroot directory"\fR.
 .TP
 \fBroot directory (G)\fR
 The server will \fBchroot()\fR (i.e. 
-Change it's root directory) to this directory on startup. This is 
+Change its root directory) to this directory on startup. This is 
 not strictly necessary for secure operation. Even without it the 
 server will deny access to files not in one of the service entries. 
 It may also check for, and deny access to, soft links to other 
@@ -5296,7 +5489,7 @@ Example: \fBroot directory = /homes/smb\fR
 This is the same as the \fIpostexec\fR
 parameter except that the command is run as root. This 
 is useful for unmounting filesystems 
-(such as cdroms) after a connection is closed.
+(such as CDROMs) after a connection is closed.
 
 See also \fI postexec\fR.
 
@@ -5305,8 +5498,8 @@ Default: \fBroot postexec = <empty string>
 \fBroot preexec (S)\fR
 This is the same as the \fIpreexec\fR
 parameter except that the command is run as root. This 
-is useful for mounting filesystems (such as cdroms) after a 
-connection is closed.
+is useful for mounting filesystems (such as CDROMs) when a 
+connection is opened.
 
 See also \fI preexec\fR and  \fIpreexec close\fR.
 
@@ -5369,7 +5562,7 @@ The different settings will now be explained.
 
 \fBSECURITY = SHARE
 \fR
-When clients connect to a share level security server then 
+When clients connect to a share level security server they 
 need not log onto the server with a valid username and password before 
 attempting to connect to a shared resource (although modern clients 
 such as Windows 95/98 and Windows NT will send a logon request with 
@@ -5438,7 +5631,7 @@ be used in granting access.
 See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
 .PP
 .PP
-\fBSECURIYT = USER
+\fBSECURITY = USER
 \fR.PP
 .PP
 This is the default security setting in Samba 2.2. 
@@ -5476,7 +5669,7 @@ documentation file in the \fIdocs/\fR directory
 up.
 .PP
 .PP
-\fBNote\fR that from the clients point of 
+\fBNote\fR that from the client's point of 
 view \fBsecurity = server\fR is the same as \fB security = user\fR. It only affects how the server deals 
 with the authentication, it does not in any way affect what the 
 client sees.
@@ -5515,7 +5708,7 @@ exist as well as the account on the Domain Controller to allow
 Samba to have a valid UNIX account to map file access to.
 .PP
 .PP
-\fBNote\fR that from the clients point 
+\fBNote\fR that from the client's point 
 of view \fBsecurity = domain\fR is the same as \fBsecurity = user
 \fR\&. It only affects how the server deals with the authentication, 
 it does not in any way affect what the client sees.
@@ -5565,30 +5758,27 @@ this mask from being modified. Essentially, zero bits in this
 mask may be treated as a set of bits the user is not allowed 
 to change.
 
-If not set explicitly this parameter is set to the same
-value as the \fIcreate mask
-\fRparameter. To allow a user to modify all the 
-user/group/world permissions on a file, set this parameter to 
-0777.
+If not set explicitly this parameter is 0777, allowing
+a user to modify all the user/group/world permissions on a file.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this 
 restriction, so it is primarily useful for standalone 
 "appliance" systems. Administrators of most normal systems will 
-probably want to set it to 0777.
+probably want to leave it set to 0777.
 
 See also the  \fIforce directory security mode\fR, 
 \fIdirectory 
 security mask\fR,  \fIforce security mode\fR parameters.
 
-Default: \fBsecurity mask = <same as create mask>
-\fR
-Example: \fBsecurity mask = 0777\fR
+Default: \fBsecurity mask = 0777\fR
+
+Example: \fBsecurity mask = 0770\fR
 .TP
 \fBserver string (G)\fR
 This controls what string will show up in the 
 printer comment box in print manager and next to the IPC connection 
-in \fBnet view"\fR. It can be any string that you wish 
+in \fBnet view\fR. It can be any string that you wish 
 to show to your users.
 
 It also sets what will appear in browse lists next 
@@ -5665,7 +5855,7 @@ open a handle on the printer server with OpenPrinterEx() asking for
 Administrator privileges. If the user does not have administrative
 access on the print server (i.e is not root or a member of the 
 \fIprinter admin\fR group), the OpenPrinterEx() 
-call fails and the clients another open call with a request for 
+call fails and the client makes another open call with a request for 
 a lower privilege level. This should succeed, however the APW 
 icon will not be displayed.
 
@@ -5694,7 +5884,7 @@ address Samba will listen for connections on. This is used to
 support multiple virtual interfaces on the one server, each 
 with a different configuration.
 
-By default samba will accept connections on any 
+By default Samba will accept connections on any 
 address.
 
 Example: \fBsocket address = 192.168.2.20\fR
@@ -5831,8 +6021,8 @@ this code is \fBNOT\fR enabled by default in any
 current binary version of Samba.
 
 This variable enables or disables the entire SSL mode. If 
-it is set to no, the SSL enabled samba behaves 
-exactly like the non-SSL samba. If set to yes, 
+it is set to no, the SSL-enabled Samba behaves 
+exactly like the non-SSL Samba. If set to yes, 
 it depends on the variables \fI ssl hosts\fR and  \fIssl hosts resign\fR whether an SSL 
 connection will be required.
 
@@ -5850,7 +6040,7 @@ current binary version of Samba.
 
 This variable defines where to look up the Certification
 Authorities. The given directory should contain one file for 
-each CA that samba will trust. The file name must be the hash 
+each CA that Samba will trust. The file name must be the hash 
 value over the "Distinguished Name" of the CA. How this directory 
 is set up is explained later in this document. All files within the 
 directory that don't fit into this naming scheme are ignored. You 
@@ -5953,12 +6143,12 @@ given at configure time.
 this code is \fBNOT\fR enabled by default in any 
 current binary version of Samba.
 
-These two variables define whether samba will go 
-into SSL mode or not. If none of them is defined, samba will 
+These two variables define whether Samba will go 
+into SSL mode or not. If none of them is defined, Samba will 
 allow only SSL connections. If the  \fIssl hosts\fR variable lists
 hosts (by IP-address, IP-address range, net group or name), 
 only these hosts will be forced into SSL mode. If the \fI ssl hosts resign\fR variable lists hosts, only these 
-hosts will NOT be forced into SSL mode. The syntax for these two 
+hosts will \fBNOT\fR be forced into SSL mode. The syntax for these two 
 variables is the same as for the \fI hosts allow\fR and  \fIhosts deny\fR pair of variables, only 
 that the subject of the decision is different: It's not the access 
 right but whether SSL is used or not. 
@@ -6087,7 +6277,8 @@ Default: \fBstat cache size = 50\fR
 .TP
 \fBstatus (G)\fR
 This enables or disables logging of connections 
-to a status file that smbstatus(1)can read.
+to a status file that smbstatus(1)
+can read.
 
 With this disabled \fBsmbstatus\fR won't be able
 to tell you what connections are active. You should never need to
@@ -6104,7 +6295,7 @@ deny access if locks exist. This can be slow on some systems.
 When strict locking is no the server does file 
 lock checks only when the client explicitly asks for them.
 
-Well behaved clients always ask for lock checks when it 
+Well-behaved clients always ask for lock checks when it 
 is important, so in the vast majority of cases \fBstrict 
 locking = no\fR is preferable.
 
@@ -6118,7 +6309,7 @@ the process to be suspended until the kernel has ensured that
 all outstanding data in kernel disk buffers has been safely stored 
 onto stable storage. This is very slow and should only be done 
 rarely. Setting this parameter to no (the 
-default) means that smbd ignores the Windows applications requests for
+default) means that smbdignores the Windows applications requests for
 a sync call. There is only a possibility of losing data if the
 operating system itself that Samba is running on crashes, so there is
 little danger in this default setting. In addition, this fixes many
@@ -6223,7 +6414,7 @@ Synonym for \fI debug timestamp\fR.
 This parameter accepts an integer value which defines
 a limit on the maximum number of print jobs that will be accepted 
 system wide at any given time. If a print job is submitted
-by a client which will exceed this number, then smbd will return an 
+by a client which will exceed this number, then smbdwill return an 
 error indicating that no space is available on the server. The 
 default value of 0 means that no such limit exists. This parameter
 can be used to prevent a server from exceeding its capacity and is
@@ -6241,7 +6432,7 @@ when the encrypted SMB password in the smbpasswd file is changed.
 If this is set to true the program specified in the \fIpasswd
 program\fRparameter is called \fBAS ROOT\fR - 
 to allow the new UNIX password to be set without access to the 
-old UNIX password (as the SMB password has change code has no 
+old UNIX password (as the SMB password change code has no 
 access to the old password cleartext, only the new).
 
 See also \fIpasswd 
@@ -6249,14 +6440,6 @@ program\fR, \fI passwd chat\fR.
 
 Default: \fBunix password sync = no\fR
 .TP
-\fBunix realname (G)\fR
-This boolean parameter when set causes samba 
-to supply the real name field from the unix password file to 
-the client. This is useful for setting up mail clients and WWW 
-browsers on systems used by more than one person.
-
-Default: \fBunix realname = yes\fR
-.TP
 \fBupdate encrypted (G)\fR
 This boolean parameter allows a user logging 
 on with a plaintext password to have their encrypted (hashed) 
@@ -6284,8 +6467,8 @@ password in order to connect correctly, and to update their hashed
 Default: \fBupdate encrypted = no\fR
 .TP
 \fBuse rhosts (G)\fR
-If this global parameter is a true, it specifies 
-that the UNIX users \fI.rhosts\fR file in their home directory 
+If this global parameter is true, it specifies 
+that the UNIX user's \fI.rhosts\fR file in their home directory 
 will be read to find the names of hosts and users who will be allowed 
 access without specifying a password.
 
@@ -6335,7 +6518,7 @@ can use the \fIvalid users
 \fRparameter.
 
 If any of the usernames begin with a '@' then the name 
-will be looked up first in the yp netgroups list (if Samba 
+will be looked up first in the NIS netgroups list (if Samba 
 is compiled with netgroup support), followed by a lookup in 
 the UNIX groups database and will expand to a list of all users 
 in the group of that name.
@@ -6345,7 +6528,7 @@ will be looked up only in the UNIX groups database and will
 expand to a list of all users in the group of that name.
 
 If any of the usernames begin with a '&'then the name 
-will be looked up only in the yp netgroups database (if Samba 
+will be looked up only in the NIS netgroups database (if Samba 
 is compiled with netgroup support) and will expand to a list 
 of all users in the netgroup group of that name.
 
@@ -6471,7 +6654,7 @@ Example: \fBusername map = /usr/local/samba/lib/users.map
 \fR.TP
 \fButmp (S)\fR
 This boolean parameter is only available if 
-Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to True then Samba will attempt
+Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to true then Samba will attempt
 to add utmp or utmpx records (depending on the UNIX system) whenever a
 connection is made to a Samba server. Sites may use this to record the
 user connecting to a Samba share.
@@ -6645,7 +6828,7 @@ Default : \fBno value\fR
 .TP
 \fBvfs options (S)\fR
 This parameter allows parameters to be passed 
-to the vfs layer at initialisation time. The Samba VFS layer 
+to the vfs layer at initialization time. The Samba VFS layer 
 is new to Samba 2.2 and must be enabled at compile time 
 with --with-vfs. See also \fI vfs object\fR.
 
@@ -6688,7 +6871,7 @@ available in Samba 3.0.
 
 The winbind gid parameter specifies the range of group 
 ids that are allocated by the  winbindd(8)daemon. This range of group ids should have no 
-existing local or nis groups within it as strange conflicts can 
+existing local or NIS groups within it as strange conflicts can 
 occur otherwise.
 
 Default: \fBwinbind gid = <empty string>
@@ -6715,7 +6898,7 @@ available in Samba 3.0.
 
 The winbind gid parameter specifies the range of group 
 ids that are allocated by the  winbindd(8)daemon. This range of ids should have no 
-existing local or nis users within it as strange conflicts can 
+existing local or NIS users within it as strange conflicts can 
 occur otherwise.
 
 Default: \fBwinbind uid = <empty string>
@@ -6744,13 +6927,13 @@ name has not previously been added, in that case it should be treated
 as an add.
 .TP 0.2i
 \(bu
-The second argument is the netbios name. If the 
+The second argument is the NetBIOS name. If the 
 name is not a legal name then the wins hook is not called. 
 Legal names contain only letters, digits, hyphens, underscores 
 and periods.
 .TP 0.2i
 \(bu
-The third argument is the netbios name 
+The third argument is the NetBIOS name 
 type as a 2 digit hexadecimal number. 
 .TP 0.2i
 \(bu
@@ -6799,7 +6982,7 @@ This boolean controls if the
 nmbd(8)process in Samba will act as a WINS server. You should 
 not set this to true unless you have a multi-subnetted network and 
 you wish a particular \fBnmbd\fR to be your WINS server. 
-Note that you should \fBNEVER\fR set this to true 
+Note that you should \fBNEVER\fR set this to true
 on more than one machine in your network.
 
 Default: \fBwins support = no\fR
@@ -6829,7 +7012,7 @@ Reads for the file are also served from this cache if the data is stored
 within it.
 
 This cache allows Samba to batch client writes into a more 
-efficient write size for RAID disks (ie. writes may be tuned to 
+efficient write size for RAID disks (i.e. writes may be tuned to 
 be the RAID stripe size) and can improve performance on systems 
 where the disk subsystem is a bottleneck but there is free 
 memory for userspace programs.
@@ -6865,7 +7048,7 @@ Synonym for \fI writeable\fR.
 .TP
 \fBwrite raw (G)\fR
 This parameter controls whether or not the server 
-will support raw writes SMB's when transferring data from clients. 
+will support raw write SMB's when transferring data from clients. 
 You should never need to change this parameter.
 
 Default: \fBwrite raw = yes\fR
@@ -6915,7 +7098,8 @@ samba(7),
 \fBsmbclient(1)\fR, 
 \fBnmblookup(1)\fR,
 \fBtestparm(1)\fR, 
-\fBtestprns(1)\fR.SH "AUTHOR"
+\fBtestprns(1)\fR
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
index 9322d1aa8ef..882a7e5e0e5 100644
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@@ -3,21 +3,21 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBCACLS 1 "23 Jun 2001" "smbcacls 2.2.0a"
+.TH "SMBCACLS" "1" "22 June 2001" "" ""
 .SH NAME
 smbcacls \- Set or get ACLs on an NT file or directory names
 .SH SYNOPSIS
 .sp
-\fBnmblookup\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ]  [ \fB-A acls\fR ]  [ \fB-M acls\fR ]  [ \fB-D acls\fR ]  [ \fB-S acls\fR ]  [ \fB-C name\fR ]  [ \fB-G name\fR ]  [ \fB-n\fR ]  [ \fB-h\fR ] 
+\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ]  [ \fB-A acls\fR ]  [ \fB-M acls\fR ]  [ \fB-D acls\fR ]  [ \fB-S acls\fR ]  [ \fB-C name\fR ]  [ \fB-G name\fR ]  [ \fB-n\fR ]  [ \fB-h\fR ] 
 .SH "DESCRIPTION"
 .PP
 This tool is part of the  Sambasuite.
 .PP
-The smbcacls program manipulates NT Access Control Lists 
+The \fBsmbcacls\fR program manipulates NT Access Control Lists 
 (ACLs) on SMB file shares. 
 .SH "OPTIONS"
 .PP
-The following options are available to the smbcacls program. 
+The following options are available to the \fBsmbcacls\fR program. 
 The format of ACLs is described in the section ACL FORMAT 
 .TP
 \fB-A acls\fR
@@ -30,7 +30,7 @@ specified on the command line. An error will be printed for each
 ACL specified that was not already present in the ACL list
 .TP
 \fB-D acls\fR
-Delete any ACLs specfied on the command line. 
+Delete any ACLs specified on the command line. 
 An error will be printed for each ACL specified that was not 
 already present in the ACL list. 
 .TP
@@ -168,8 +168,8 @@ The \fBsmbcacls\fR program sets the exit status
 depending on the success or otherwise of the operations performed. 
 The exit status may be one of the following values. 
 .PP
-If the operation succeded, smbcacls returns and exit 
-status of 0. If smbcacls couldn't connect to the specified server, 
+If the operation succeeded, smbcacls returns and exit 
+status of 0. If \fBsmbcacls\fR couldn't connect to the specified server, 
 or there was an error getting or setting the ACLs, an exit status 
 of 1 is returned. If there was an error parsing any command line 
 arguments, an exit status of 2 is returned. 
diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1
index f75ac743c53..59a2df21b9c 100644
--- a/docs/manpages/smbclient.1
+++ b/docs/manpages/smbclient.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBCLIENT 1 "23 Jun 2001" "smbclient 2.2.0a"
+.TH "SMBCLIENT" "1" "22 June 2001" "" ""
 .SH NAME
 smbclient \- ftp-like client to access SMB/CIFS resources  on servers
 .SH SYNOPSIS
@@ -38,8 +38,8 @@ a NetBIOS server name, which may or may not be the
 same as the IP hostname of the machine running the server.
 
 The server name is looked up according to either 
-the \fI-R\fR parameter to smbclient or 
-using the name resolve order parameter in the smb.conf file, 
+the \fI-R\fR parameter to \fBsmbclient\fR or 
+using the name resolve order parameter in the \fIsmb.conf\fR file, 
 allowing an administrator to change the order and methods 
 by which server names are looked up. 
 .TP
@@ -75,7 +75,7 @@ options.
 \fB-R <name resolve order>\fR
 This option is used by the programs in the Samba 
 suite to determine what naming services and in what order to resolve 
-host names to IP addresses. The option takes a space separated 
+host names to IP addresses. The option takes a space-separated 
 string of different name resolution options.
 
 The options are :"lmhosts", "host", "wins" and "bcast". They 
@@ -92,7 +92,7 @@ any name type matches for lookup.
 host : Do a standard host 
 name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
-is operating system depended for instance on IRIX or Solaris this 
+is operating system dependent, for instance on IRIX or Solaris this 
 may be controlled by the \fI/etc/nsswitch.conf\fR 
 file). Note that this method is only used if the NetBIOS name 
 type being queried is the 0x20 (server) name type, otherwise 
@@ -120,7 +120,7 @@ defined in the \fIsmb.conf\fR file parameter
 .PP
 The default order is lmhosts, host, wins, bcast and without 
 this parameter or any entry in the \fIname resolve order
-\fRparameter of the smb.conf file the name resolution
+\fRparameter of the \fIsmb.conf\fR file the name resolution
 methods will be attempted in this order. 
 .PP
 .TP
@@ -157,7 +157,7 @@ messages.
 \fB-i scope\fR
 This specifies a NetBIOS scope that smbclient will 
 use to communicate with when generating NetBIOS names. For details 
-on the use of NetBIOS scopes, see rfc1001.txt and rfc1002.txt.
+on the use of NetBIOS scopes, see \fIrfc1001.txt\fR and \fIrfc1002.txt\fR.
 NetBIOS scopes are \fBvery\fR rarely used, only set 
 this parameter if you are the system administrator in charge of all 
 the NetBIOS systems you communicate with. 
@@ -178,7 +178,7 @@ allows you to override the host name and use whatever NetBIOS
 name you wish. 
 .TP
 \fB-d debuglevel\fR
-debuglevel is an integer from 0 to 10, or 
+\fIdebuglevel\fR is an integer from 0 to 10, or 
 the letter 'A'. 
 
 The default value if this parameter is not specified 
@@ -195,13 +195,13 @@ Levels above 1 will generate considerable amounts of log
 data, and should only be used when investigating a problem.
 Levels above 3 are designed for use only by developers and 
 generate HUGE amounts of log data, most of which is extremely 
-cryptic. If debuglevel is set to the letter 'A', then \fBall
+cryptic. If \fIdebuglevel\fR is set to the letter 'A', then \fBall
 \fRdebug messages will be printed. This setting
 is for developers only (and people who \fBreally\fR want 
 to know how the code works internally). 
 
 Note that specifying this parameter here will override
-the log level parameter in the \fBsmb.conf (5)\fR 
+the log level parameter in the \fIsmb.conf (5)\fR 
 file. 
 .TP
 \fB-p port\fR
@@ -211,7 +211,7 @@ TCP port number for an SMB/CIFS server is 139, which is the
 default. 
 .TP
 \fB-l logfilename\fR
-If specified, logfilename specifies a base filename 
+If specified, \fIlogfilename\fR specifies a base filename 
 into which operational data from the running client will be 
 logged. 
 
@@ -227,7 +227,7 @@ The log file generated is never removed by the client.
 Print the usage message for the client. 
 .TP
 \fB-I IP-address\fR
-IP address is the address of the server to connect to. 
+\fIIP address\fR is the address of the server to connect to. 
 It should be specified in standard "a.b.c.d" notation. 
 
 Normally the client would attempt to locate a named 
@@ -253,28 +253,28 @@ By default, the client writes messages to standard output
 \fB-U username[%pass]\fR
 Sets the SMB username or username and password. 
 If %pass is not specified, The user will be prompted. The client 
-will first check the USER environment variable, then the 
-\fI$LOGNAME\fR variable and if either exist, the 
+will first check the \fBUSER\fR environment variable, then the 
+\fBLOGNAME\fR variable and if either exists, the 
 string is uppercased. Anything in these variables following a '%' 
-sign will be treated as the password. If these environmental 
+sign will be treated as the password. If these environment 
 variables are not found, the username GUEST 
 is used. 
 
-If the password is not included in these environment 
-variables (using the %pass syntax), rpcclient will look for 
-a \fI$PASSWD\fR environment variable from which 
+If the password is not included in these environment
+variables (using the %pass syntax), \fBrpcclient\fR will look for 
+a \fBPASSWD\fR environment variable from which 
 to read the password. 
 
 A third option is to use a credentials file which 
 contains the plaintext of the username and password. This 
 option is mainly provided for scripts where the admin doesn't 
-desire to pass the credentials on the command line or via environment 
+wish to pass the credentials on the command line or via environment 
 variables. If this method is used, make certain that the permissions 
 on the file restrict access from unwanted users. See the 
 \fI-A\fR for more details. 
 
 Be cautious about including passwords in scripts or in 
-the \fI$PASSWD\fR environment variable. Also, on 
+the \fBPASSWD\fR environment variable. Also, on 
 many systems the command line of a running process may be seen 
 via the \fBps\fR command to be safe always allow 
 \fBrpcclient\fR to prompt for a password and type 
@@ -301,11 +301,11 @@ This option allows you to look at what services
 are available on a server. You use it as \fBsmbclient -L 
 host\fR and a list should appear. The \fI-I
 \fRoption may be useful if your NetBIOS names don't 
-match your tcp/ip dns host names or if you are trying to reach a 
+match your TCP/IP DNS host names or if you are trying to reach a 
 host on another network. 
 .TP
 \fB-t terminal code\fR
-This option tells smbclient how to interpret 
+This option tells \fBsmbclient\fR how to interpret 
 filenames coming from the remote server. Usually Asian language 
 multibyte UNIX implementations use different character sets than 
 SMB/CIFS servers (\fBEUC\fR instead of \fB SJIS\fR for example). Setting this parameter will let 
@@ -383,7 +383,7 @@ diagnostics as it works. This is the same as tarmode quiet.
 .TP 0.2i
 \(bu
 \fIr\fR - Regular expression include
-or exclude. Uses regular regular expression matching for 
+or exclude. Uses regular expression matching for 
 excluding or excluding files if compiled with HAVE_REGEX_H. 
 However this mode can be very slow. If not compiled with 
 HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. 
@@ -407,7 +407,7 @@ archive bit to be reset when a file is backed up. Useful with the
 \fBsmbclient\fR's tar option now supports long 
 file names both on backup and restore. However, the full path 
 name of the file must be less than 1024 bytes. Also, when
-a tar archive is created, smbclient's tar option places all 
+a tar archive is created, \fBsmbclient\fR's tar option places all 
 files in the archive with relative names, not absolute names. 
 .PP
 .PP
@@ -422,11 +422,11 @@ the component separator).
 \fBExamples\fR
 .PP
 .PP
-Restore from tar file backup.tar into myshare on mypc 
+Restore from tar file \fIbackup.tar\fR into myshare on mypc 
 (no password on share). 
 .PP
 .PP
-\fBsmbclient //mypc/myshare "" -N -Tx backup.tar
+\fBsmbclient //mypc/yshare "" -N -Tx backup.tar
 \fR.PP
 .PP
 Restore everything except \fIusers/docs\fR
@@ -463,7 +463,7 @@ Change to initial directory before starting. Probably
 only of any use with the tar -T option. 
 .TP
 \fB-c command string\fR
-command string is a semicolon separated list of 
+command string is a semicolon-separated list of 
 commands to be executed instead of prompting from stdin. \fI -N\fR is implied by \fI-c\fR.
 
 This is particularly useful in scripts and for printing stdin 
@@ -500,13 +500,13 @@ vary from server to server, depending on how the server was implemented.
 The commands available are given here in alphabetical order. 
 .TP
 \fB? [command]\fR
-If "command" is specified, the ? command will display 
+If \fIcommand\fR is specified, the ? command will display 
 a brief informative message about the specified command. If no 
 command is specified, a list of available commands will
 be displayed. 
 .TP
 \fB! [shell command]\fR
-If "shell command" is specified, the ! 
+If \fIshell command\fR is specified, the ! 
 command will execute a shell locally and run the specified shell 
 command. If no command is specified, a local shell will be run. 
 .TP
@@ -521,11 +521,11 @@ directory on the server will be reported.
 .TP
 \fBdel <mask>\fR
 The client will request that the server attempt 
-to delete all files matching "mask" from the current working 
+to delete all files matching \fImask\fR from the current working 
 directory on the server. 
 .TP
 \fBdir <mask>\fR
-A list of the files matching "mask" in the current 
+A list of the files matching \fImask\fR in the current 
 working directory on the server will be retrieved from the server 
 and displayed. 
 .TP
@@ -534,9 +534,9 @@ Terminate the connection with the server and exit
 from the program. 
 .TP
 \fBget <remote file name> [local file name]\fR
-Copy the file called "remote file name" from 
+Copy the file called \fIremote file name\fR from 
 the server to the machine running the client. If specified, name 
-the local copy "local file name". Note that all transfers in 
+the local copy \fIlocal file name\fR. Note that all transfers in 
 \fBsmbclient\fR are binary. See also the 
 lowercase command. 
 .TP
@@ -544,7 +544,7 @@ lowercase command.
 See the ? command above. 
 .TP
 \fBlcd [directory name]\fR
-If "directory name" is specified, the current 
+If \fIdirectory name\fR is specified, the current 
 working directory on the local machine will be changed to 
 the directory specified. This operation will fail if for any 
 reason the specified directory is inaccessible. 
@@ -591,26 +591,26 @@ mask back to "*" after using the mget or mput commands.
 See the mkdir command. 
 .TP
 \fBmget <mask>\fR
-Copy all files matching mask from the server to 
+Copy all files matching \fImask\fR from the server to 
 the machine running the client. 
 
-Note that mask is interpreted differently during recursive 
+Note that \fImask\fR is interpreted differently during recursive 
 operation and non-recursive operation - refer to the recurse and 
 mask commands for more information. Note that all transfers in 
-smbclient are binary. See also the lowercase command. 
+\fBsmbclient\fR are binary. See also the lowercase command. 
 .TP
 \fBmkdir <directory name>\fR
 Create a new directory on the server (user access 
 privileges permitting) with the specified name. 
 .TP
 \fBmput <mask>\fR
-Copy all files matching mask in the current working 
+Copy all files matching \fImask\fR in the current working 
 directory on the local machine to the current working directory on 
 the server. 
 
-Note that mask is interpreted differently during recursive 
+Note that \fImask\fR is interpreted differently during recursive 
 operation and non-recursive operation - refer to the recurse and mask 
-commands for more information. Note that all transfers in smbclient 
+commands for more information. Note that all transfers in \fBsmbclient\fR 
 are binary. 
 .TP
 \fBprint <file name>\fR
@@ -633,10 +633,10 @@ the transfer of each file during these commands. When toggled
 OFF, all specified files will be transferred without prompting. 
 .TP
 \fBput <local file name> [remote file name]\fR
-Copy the file called "local file name" from the 
+Copy the file called \fIlocal file name\fR from the 
 machine running the client to the server. If specified,
-name the remote copy "remote file name". Note that all transfers 
-in smbclient are binary. See also the lowercase command. 
+name the remote copy \fIremote file name\fR. Note that all transfers 
+in \fBsmbclient\fR are binary. See also the lowercase command. 
 .TP
 \fBqueue\fR
 Displays the print queue, showing the job id, 
@@ -664,7 +664,7 @@ to the mget or mput commands will be copied, and any mask specified
 using the mask command will be ignored. 
 .TP
 \fBrm <mask>\fR
-Remove all files matching mask from the current 
+Remove all files matching \fImask\fR from the current 
 working directory on the server. 
 .TP
 \fBrmdir <directory name>\fR
@@ -681,7 +681,7 @@ with tar x may not work - use the command line option instead.
 \fBblocksize <blocksize>\fR
 Blocksize. Must be followed by a valid (greater 
 than zero) blocksize. Causes tar file to be written out in 
-blocksize*TBLOCK (usually 512 byte) blocks. 
+\fIblocksize\fR*TBLOCK (usually 512 byte) blocks. 
 .TP
 \fBtarmode <full|inc|reset|noreset>\fR
 Changes tar's behavior with regard to archive 
@@ -713,12 +713,12 @@ smbclient supports long file names where the server
 supports the LANMAN2 protocol or above. 
 .SH "ENVIRONMENT VARIABLES"
 .PP
-The variable \fI$USER\fR may contain the 
+The variable \fBUSER\fR may contain the 
 username of the person using the client. This information is 
 used only if the protocol level is high enough to support 
 session-level passwords.
 .PP
-The variable \fI$PASSWD\fR may contain 
+The variable \fBPASSWD\fR may contain 
 the password of the person using the client. This information is 
 used only if the protocol level is high enough to support 
 session-level passwords. 
@@ -739,7 +739,7 @@ and writeable only by the user.
 .PP
 To test the client, you will need to know the name of a 
 running SMB/CIFS server. It is possible to run \fBsmbd(8)
-\fRan ordinary user - running that server as a daemon 
+\fRas an ordinary user - running that server as a daemon 
 on a user-accessible port (typically any port number over 1024)
 would provide a suitable test server. 
 .SH "DIAGNOSTICS"
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
index 25858c232d3..92043165952 100644
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBCONTROL 1 "23 Jun 2001" "smbcontrol 2.2.0a"
+.TH "SMBCONTROL" "1" "07 May 2001" "" ""
 .SH NAME
 smbcontrol \- send messages to smbd or nmbd processes
 .SH SYNOPSIS
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index c8a9cc1c0e3..e4faaf60eb1 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBD 8 "23 Jun 2001" "smbd 2.2.0a"
+.TH "SMBD" "8" "05 July 2001" "" ""
 .SH NAME
 smbd \- server to provide SMB/CIFS services to clients
 .SH SYNOPSIS
@@ -31,7 +31,8 @@ services, but will concentrate on the administrative aspects
 of running the server.
 .PP
 Please note that there are significant security 
-implications to running this server, and the \fIsmb.conf(5)\fRmanpage should be regarded as mandatory reading before 
+implications to running this server, and the \fIsmb.conf(5)\fR
+manpage should be regarded as mandatory reading before 
 proceeding with installation.
 .PP
 A session is created whenever a client requests one. 
@@ -45,7 +46,7 @@ are automatically reloaded every minute, if they change. You
 can force a reload by sending a SIGHUP to the server. Reloading 
 the configuration file will not affect connections to any service 
 that is already established. Either the user will have to 
-disconnect from the service, or smbd killed and restarted.
+disconnect from the service, or \fBsmbd\fR killed and restarted.
 .SH "OPTIONS"
 .TP
 \fB-D\fR
@@ -53,9 +54,9 @@ If specified, this parameter causes
 the server to operate as a daemon. That is, it detaches 
 itself and runs in the background, fielding requests 
 on the appropriate port. Operating the server as a
-daemon is the recommended way of running smbd for 
+daemon is the recommended way of running \fBsmbd\fR for 
 servers that provide more than casual use file and 
-print services. This switch is assumed is \fBsmbd
+print services. This switch is assumed if \fBsmbd
 \fRis executed on the command line of a shell.
 .TP
 \fB-a\fR
@@ -70,7 +71,7 @@ log files will be overwritten when opened. By default,
 files.
 .TP
 \fB-P\fR
-Passive option. Causes smbd not to 
+Passive option. Causes \fBsmbd\fR not to 
 send any network traffic out. Used for debugging by 
 the developers only.
 .TP
@@ -83,7 +84,7 @@ Prints the version number for
 \fBsmbd\fR.
 .TP
 \fB-d <debug level>\fR
-debuglevel is an integer 
+\fIdebuglevel\fR is an integer 
 from 0 to 10. The default value if this parameter is 
 not specified is zero.
 
@@ -105,19 +106,21 @@ override the log
 levelfile.
 .TP
 \fB-l <log file>\fR
-If specified, \fBlog file\fR 
+If specified, \fIlog file\fR 
 specifies a log filename into which informational and debug 
 messages from the running server will be logged. The log 
 file generated is never removed by the server although 
-its size may be controlled by the max log sizeoption in the \fI smb.conf(5)\fRfile. The default log 
+its size may be controlled by the max log size
+option in the \fI smb.conf(5)\fRfile. The default log 
 file name is specified at compile time.
 .TP
 \fB-O <socket options>\fR
-See the socket optionsparameter in the \fIsmb.conf(5)
+See the socket options
+parameter in the \fIsmb.conf(5)
 \fRfile for details.
 .TP
 \fB-p <port number>\fR
-port number is a positive integer 
+\fIport number\fR is a positive integer 
 value. The default value if this parameter is not 
 specified is 139.
 
@@ -174,7 +177,8 @@ See the section INSTALLATION below.
 .TP
 \fB\fI/usr/local/samba/lib/smb.conf\fB\fR
 This is the default location of the 
-\fIsmb.conf\fRserver configuration file. Other common places that systems 
+\fIsmb.conf\fR
+server configuration file. Other common places that systems 
 install this file are \fI/usr/samba/lib/smb.conf\fR 
 and \fI/etc/smb.conf\fR.
 
@@ -209,10 +213,10 @@ in a directory readable by all, writeable only by root. The server
 program itself should be executable by all, as users may wish to 
 run the server themselves (in which case it will of course run 
 with their privileges). The server should NOT be setuid. On some 
-systems it may be worthwhile to make smbd setgid to an empty group. 
+systems it may be worthwhile to make \fBsmbd\fR setgid to an empty group. 
 This is because some systems may have a security hole where daemon 
 processes that become a user can be attached to with a debugger. 
-Making the smbd file setgid to an empty group may prevent
+Making the \fBsmbd\fR file setgid to an empty group may prevent
 this hole from being exploited. This security hole and the suggested
 fix has only been confirmed on old versions (pre-kernel 2.0) of Linux
 at the time this was written. It is possible that this hole only
@@ -303,7 +307,7 @@ be omitted. See the section OPTIONS above.
 .SH "RUNNING THE SERVER ON REQUEST"
 .PP
 If your system uses a meta-daemon such as \fBinetd
-\fR, you can arrange to have the smbd server started 
+\fR, you can arrange to have the \fBsmbd\fR server started 
 whenever a process attempts to connect to it. This requires several 
 changes to the startup files on the host machine. If you are 
 experimenting as an ordinary user rather than as root, you will 
@@ -369,6 +373,27 @@ all you need:
 This will allow you to connect to your home directory 
 and print to any printer supported by the host (user privileges 
 permitting).
+.SH "PAM INTERACTION"
+.PP
+Samba uses PAM for authentication (when presented with a plaintext 
+password), for account checking (is this account disabled?) and for
+session management. The degree too which samba supports PAM is restricted
+by the limitations of the SMB protocol and the 
+obey pam restricions
+smb.conf paramater. When this is set, the following restrictions apply:
+.TP 0.2i
+\(bu
+\fBAccount Validation\fR: All acccesses to a 
+samba server are checked 
+against PAM to see if the account is vaild, not disabled and is permitted to 
+login at this time. This also applies to encrypted logins.
+.TP 0.2i
+\(bu
+\fBSession Management\fR: When not using share 
+level secuirty, users must pass PAM's session checks before access 
+is granted. Note however, that this is bypassed in share level secuirty. 
+Note also that some older pam configuration files may need a line 
+added for session support. 
 .SH "TESTING THE INSTALLATION"
 .PP
 If running the server as a daemon, execute it before 
@@ -377,8 +402,8 @@ or kill and restart the meta-daemon. Some versions of
 \fBinetd\fR will reread their configuration
 tables if they receive a HUP signal.
 .PP
-If your machine's name is fred and your 
-name is mary, you should now be able to connect 
+If your machine's name is \fIfred\fR and your 
+name is \fImary\fR, you should now be able to connect 
 to the service \fI\\\\fred\\mary\fR.
 .PP
 To properly test and experiment with the server, we 
@@ -409,26 +434,26 @@ source code and inspect the conditions that gave rise to the
 diagnostics you are seeing.
 .SH "SIGNALS"
 .PP
-Sending the smbd a SIGHUP will cause it to 
-re-load its \fIsmb.conf\fR configuration 
+Sending the \fBsmbd\fR a SIGHUP will cause it to 
+reload its \fIsmb.conf\fR configuration 
 file within a short period of time.
 .PP
-To shut down a users smbd process it is recommended 
+To shut down a user's \fBsmbd\fR process it is recommended 
 that \fBSIGKILL (-9)\fR \fBNOT\fR 
 be used, except as a last resort, as this may leave the shared
 memory area in an inconsistent state. The safe way to terminate 
-an smbd is to send it a SIGTERM (-15) signal and wait for 
+an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for 
 it to die on its own.
 .PP
-The debug log level of smbd may be raised by sending 
+The debug log level of \fBsmbd\fR may be raised by sending 
 it a SIGUSR1 (\fBkill -USR1 <smbd-pid>\fR)
 and lowered by sending it a SIGUSR2 (\fBkill -USR2 <smbd-pid>
 \fR). This is to allow transient problems to be diagnosed, 
 whilst still running at a normally low log level.
 .PP
 Note that as the signal handlers send a debug write, 
-they are not re-entrant in smbd. This you should wait until 
-smbd is in a state of waiting for an incoming smb before 
+they are not re-entrant in \fBsmbd\fR. This you should wait until 
+\fBsmbd\fR is in a state of waiting for an incoming SMB before 
 issuing them. It is possible to make the signal handlers safe 
 by un-blocking the signals before the select call and re-blocking 
 them after, however this would affect performance.
diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8
index 1104791b128..74037b7c45a 100644
--- a/docs/manpages/smbmnt.8
+++ b/docs/manpages/smbmnt.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBMNT 8 "23 Jun 2001" "smbmnt 2.2.0a"
+.TH "SMBMNT" "8" "22 June 2001" "" ""
 .SH NAME
 smbmnt \- helper utility for mounting SMB filesystems
 .SH SYNOPSIS
@@ -14,7 +14,7 @@ smbmnt \- helper utility for mounting SMB filesystems
 \fBsmbmnt\fR is a helper application used 
 by the smbmount program to do the actual mounting of SMB shares. 
 \fBsmbmnt\fR is meant to be installed setuid root 
-so that normal users can mount their smb shares. It checks 
+so that normal users can mount their SMB shares. It checks 
 whether the user has write permissions on the mount point and 
 then mounts the directory.
 .PP
@@ -43,7 +43,7 @@ applied
 .TP
 \fB-o options\fR
 list of options that are passed as-is to smbfs, if this
-command is run on a 2.4 or higher linux kernel.
+command is run on a 2.4 or higher Linux kernel.
 .SH "AUTHOR"
 .PP
 Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8
index 4d5ff3c5b00..b9c9bf7f239 100644
--- a/docs/manpages/smbmount.8
+++ b/docs/manpages/smbmount.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBMOUNT 8 "23 Jun 2001" "smbmount 2.2.0a"
+.TH "SMBMOUNT" "8" "22 June 2001" "" ""
 .SH NAME
 smbmount \- mount an smbfs filesystem
 .SH SYNOPSIS
@@ -16,17 +16,17 @@ is usually invoked as \fBmount.smb\fR from
 the \fBmount(8)\fR command when using the 
 "-t smb" option. The kernel must support the smbfs filesystem. 
 .PP
-Options to smbmount are specified as a comma separated
+Options to \fBsmbmount\fR are specified as a comma-separated
 list of key=value pairs. It is possible to send options other
 than those listed here, assuming that smbfs supports them. If
 you get mount failures, check your kernel log for errors on
 unknown options.
 .PP
-smbmount is a daemon. After mounting it keeps running until
+\fBsmbmount\fR is a daemon. After mounting it keeps running until
 the mounted smbfs is umounted. It will log things that happen
 when in daemon mode using the "machine name" smbmount, so
-typically this output will end up in log.smbmount. The
-smbmount process may also be called mount.smbfs.
+typically this output will end up in \fIlog.smbmount\fR. The
+\fBsmbmount\fR process may also be called mount.smbfs.
 .PP
 \fBNOTE:\fR \fBsmbmount\fR 
 calls \fBsmbmnt(8)\fR to do the actual mount. You 
@@ -48,6 +48,12 @@ option is not given then the environment variable
 no password \fBsmbmount\fR will prompt
 for a passeword, unless the guest option is
 given. 
+
+Note that password which contain the arguement delimiter
+character (i.e. a comma ',') will failed to be parsed correctly
+on the command line. However, the same password defined
+in the PASSWD environment variable or a credentials file (see
+below) will be read correctly.
 .TP
 \fBcredentials=<filename>\fR
 specifies a file that contains a username
@@ -62,7 +68,7 @@ and/or password. The format of the file is:
 .fi
 
 This is preferred over having passwords in plaintext in a
-shared file, such as /etc/fstab. Be sure to protect any
+shared file, such as \fI/etc/fstab\fR. Be sure to protect any
 credentials file properly.
 .TP
 \fBnetbiosname=<arg>\fR
@@ -90,7 +96,7 @@ permissions that remote files have in the local filesystem.
 The default is based on the current umask. 
 .TP
 \fBdmask=<arg>\fR
-sets the directory mask. This deterines the 
+sets the directory mask. This determines the 
 permissions that remote directories have in the local filesystem. 
 The default is based on the current umask. 
 .TP
@@ -121,7 +127,7 @@ mount read-only
 mount read-write 
 .TP
 \fBiocharset=<arg>\fR
-sets the charset used by the linux side for codepage
+sets the charset used by the Linux side for codepage
 to charset translations (NLS). Argument should be the
 name of a charset, like iso8859-1. (Note: only kernel
 2.4.0 or later)
@@ -156,7 +162,7 @@ passwords.
 .PP
 The variable \fBPASSWD_FILE\fR may contain the pathname of
 a file to read the password from. A single line of input is
-read and used as password.
+read and used as the password.
 .SH "BUGS"
 .PP
 Not many known smbmount bugs. But one smbfs bug is
@@ -169,7 +175,7 @@ reconnect when the server disconnects, the mount will go
 dead. A re-mount normally fixes this. At least 2 ways to
 trigger this bug are known.
 .PP
-Note that the typical response to a bugreport is suggestion
+Note that the typical response to a bug report is suggestion
 to try the latest version first. So please try doing that first,
 and always include which versions you use of relevant software
 when reporting bugs (minimum: samba, kernel, distribution)
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index 551426dd819..234b4c746dc 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBPASSWD 5 "23 Jun 2001" "smbpasswd 2.2.0a"
+.TH "SMBPASSWD" "5" "22 June 2001" "" ""
 .SH NAME
 smbpasswd \- The Samba encrypted password file
 .SH SYNOPSIS
@@ -38,9 +38,9 @@ If this does not match then Samba will refuse to recognize
 this smbpasswd file entry as being valid for a user. 
 .TP
 \fBLanman Password Hash\fR
-This is the LANMAN hash of the users password, 
+This is the LANMAN hash of the user's password, 
 encoded as 32 hex digits. The LANMAN hash is created by DES 
-encrypting a well known string with the users password as the 
+encrypting a well known string with the user's password as the 
 DES key. This is the same password used by Windows 95/98 machines. 
 Note that this password hash is regarded as weak as it is
 vulnerable to dictionary attacks and if two users choose the 
@@ -48,7 +48,7 @@ same password this entry will be identical (i.e. the password
 is not "salted" as the UNIX password is). If the user has a 
 null password this field will contain the characters "NO PASSWORD" 
 as the start of the hex string. If the hex string is equal to 
-32 'X' characters then the users account is marked as 
+32 'X' characters then the user's account is marked as 
 disabled and the user will not be able to 
 log onto the Samba server. 
 
@@ -65,14 +65,14 @@ itself must be set to be read/write only by root, with no
 other access. 
 .TP
 \fBNT Password Hash\fR
-This is the Windows NT hash of the users 
+This is the Windows NT hash of the user's 
 password, encoded as 32 hex digits. The Windows NT hash is 
-created by taking the users password as represented in 
+created by taking the user's password as represented in 
 16-bit, little-endian UNICODE and then applying the MD4 
 (internet rfc1321) hashing algorithm to it. 
 
 This password hash is considered more secure than
-the Lanman Password Hash as it preserves the case of the 
+the LANMAN Password Hash as it preserves the case of the 
 password and uses a much higher quality hashing algorithm. 
 However, it is still the case that if two users choose the same 
 password this entry will be identical (i.e. the password is 
@@ -106,7 +106,7 @@ in the smbpasswd file.
 .TP 0.2i
 \(bu
 \fBN\fR - This means the
-account has no password (the passwords in the fields Lanman 
+account has no password (the passwords in the fields LANMAN 
 Password Hash and NT Password Hash are ignored). Note that this 
 will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
 \fRconfig file. 
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index a658e7cc3b3..91c344f11d0 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -3,9 +3,9 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBPASSWD 8 "23 Jun 2001" "smbpasswd 2.2.0a"
+.TH "SMBPASSWD" "8" "22 June 2001" "" ""
 .SH NAME
-smbpasswd \- change a users SMB password
+smbpasswd \- change a user's SMB password
 .SH SYNOPSIS
 .sp
 \fBsmbpasswd\fR [ \fB-a\fR ]  [ \fB-x\fR ]  [ \fB-d\fR ]  [ \fB-e\fR ]  [ \fB-D debuglevel\fR ]  [ \fB-n\fR ]  [ \fB-r <remote machine>\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-m\fR ]  [ \fB-j DOMAIN\fR ]  [ \fB-U username\fR ]  [ \fB-h\fR ]  [ \fB-s\fR ]  [ \fBusername\fR ] 
@@ -20,7 +20,7 @@ the password used for their SMB sessions on any machines that store
 SMB passwords. 
 .PP
 By default (when run with no arguments) it will attempt to 
-change the current users SMB password on the local machine. This is 
+change the current user's SMB password on the local machine. This is 
 similar to the way the \fBpasswd(1)\fR program works. 
 \fBsmbpasswd\fR differs from how the passwd program works 
 however in that it is not \fBsetuid root\fR but works in 
@@ -31,10 +31,10 @@ UNIX machine the encrypted SMB passwords are usually stored in
 the \fIsmbpasswd(5)\fR file. 
 .PP
 When run by an ordinary user with no options. smbpasswd 
-will prompt them for their old smb password and then ask them 
+will prompt them for their old SMB password and then ask them 
 for their new password twice, to ensure that the new password
 was typed correctly. No passwords will be echoed on the screen 
-whilst being typed. If you have a blank smb password (specified by 
+whilst being typed. If you have a blank SMB password (specified by 
 the string "NO PASSWORD" in the smbpasswd file) then just press 
 the <Enter> key when asked for your old password. 
 .PP
@@ -79,7 +79,7 @@ is done all attempts to authenticate via SMB using this username
 will fail. 
 
 If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
-format) there is no space in the users password entry to write
+format) there is no space in the user's password entry to write
 this information and so the user is disabled by writing 'X' characters 
 into the password space in the smbpasswd file. See \fBsmbpasswd(5)
 \fRfor details on the 'old' and new password file formats.
@@ -254,7 +254,7 @@ or as an ordinary user.
 .TP
 \fB-s\fR
 This option causes smbpasswd to be silent (i.e. 
-not issue prompts) and to read it's old and new passwords from 
+not issue prompts) and to read its old and new passwords from 
 standard input, rather than from \fI/dev/tty\fR 
 (like the \fBpasswd(1)\fR program does). This option 
 is to aid people writing scripts to drive smbpasswd
@@ -285,7 +285,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fIsmbpasswd(5)\fR, 
-samba(7).SH "AUTHOR"
+samba(7)
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/smbrun.1 b/docs/manpages/smbrun.1
index 2934cd60658..c671a505aee 100644
--- a/docs/manpages/smbrun.1
+++ b/docs/manpages/smbrun.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBRUN 1 "23 Jun 2001" "smbrun 2.2.0a"
+.TH SMBRUN 1 "24 Mar 2001" "smbrun 2.2.0-alpha3"
 .SH NAME
 smbrun \- interface program between smbd and external  programs
 .SH SYNOPSIS
diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1
index efa1c4523b2..ac5d5f073c5 100644
--- a/docs/manpages/smbsh.1
+++ b/docs/manpages/smbsh.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBSH 1 "23 Jun 2001" "smbsh 2.2.0a"
+.TH "SMBSH" "1" "22 June 2001" "" ""
 .SH NAME
 smbsh \- Allows access to Windows NT filesystem  using UNIX commands
 .SH SYNOPSIS
@@ -15,7 +15,7 @@ This tool is part of the  Sambasuite.
 .PP
 \fBsmbsh\fR allows you to access an NT filesystem 
 using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a 
-shell that is dynmanically linked in order for \fBsmbsh\fR 
+shell that is dynamically linked in order for \fBsmbsh\fR 
 to work correctly.
 .PP
 To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password 
@@ -56,7 +56,8 @@ describe how a program was linked.
 .SH "SEE ALSO"
 .PP
 \fBsmbd(8)\fR, 
-smb.conf(5).SH "AUTHOR"
+smb.conf(5)
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
index d2851da4858..9597f840b73 100644
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@@ -3,9 +3,9 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBSPOOL 8 "23 Jun 2001" "smbspool 2.2.0a"
+.TH "SMBSPOOL" "8" "22 June 2001" "" ""
 .SH NAME
-nmblookup \- send print file to an SMB printer
+smbspool \- send print file to an SMB printer
 .SH SYNOPSIS
 .sp
 \fBsmbspool\fR [ \fBjob\fR ]  [ \fBuser\fR ]  [ \fBtitle\fR ]  [ \fBcopies\fR ]  [ \fBoptions\fR ]  [ \fBfilename\fR ] 
@@ -38,12 +38,12 @@ smb://username:password@server/printer
 smb://username:password@workgroup/server/printer
 .PP
 smbspool tries to get the URI from argv[0]. If argv[0] 
-contains the name of the program then it looks in the \fI DEVICE_URI\fR environment variable.
+contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable.
 .PP
 .PP
 Programs using the \fBexec(2)\fR functions can 
 pass the URI in argv[0], while shell scripts must set the 
-\fIDEVICE_URI\fR environment variable prior to
+\fBDEVICE_URI\fR environment variable prior to
 running smbspool.
 .PP
 .SH "OPTIONS"
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
index 88de3d4c8ca..21275c25a26 100644
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBSTATUS 1 "23 Jun 2001" "smbstatus 2.2.0a"
+.TH "SMBSTATUS" "1" "07 May 2001" "" ""
 .SH NAME
 smbstatus \- report on current Samba connections
 .SH SYNOPSIS
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
index 2bbe5254f59..001062468b0 100644
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBTAR 1 "23 Jun 2001" "smbtar 2.2.0a"
+.TH "SMBTAR" "1" "03 May 2001" "" ""
 .SH NAME
 smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape drives
 .SH SYNOPSIS
@@ -14,7 +14,8 @@ smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape dri
 This tool is part of the  Sambasuite.
 .PP
 \fBsmbtar\fR is a very small shell script on top 
-of \fBsmbclient(1)\fRwhich dumps SMB shares directly to tape. 
+of \fBsmbclient(1)\fR
+which dumps SMB shares directly to tape. 
 .SH "OPTIONS"
 .TP
 \fB-s server\fR
diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8
index 8d0a3aba588..5bc1d61c00d 100644
--- a/docs/manpages/smbumount.8
+++ b/docs/manpages/smbumount.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SMBUMOUNT 8 "23 Jun 2001" "smbumount 2.2.0a"
+.TH "SMBUMOUNT" "8" "22 June 2001" "" ""
 .SH NAME
 smbumount \- smbfs umount for normal users
 .SH SYNOPSIS
@@ -13,7 +13,7 @@ smbumount \- smbfs umount for normal users
 .PP
 With this program, normal users can unmount smb-filesystems, 
 provided that it is suid root. \fBsmbumount\fR has 
-been written to give normal linux-users more control over their 
+been written to give normal Linux users more control over their 
 resources. It is safe to install this program suid root, because only 
 the user who has mounted a filesystem is allowed to unmount it again. 
 For root it is not necessary to use smbumount. The normal umount 
@@ -26,6 +26,7 @@ The directory to unmount.
 .SH "SEE ALSO"
 .PP
 \fBsmbmount(8)\fR
+
 .SH "AUTHOR"
 .PP
 Volker Lendecke, Andrew Tridgell, Michael H. Warfield 
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index ed4f7cf541a..2d1d13ccefe 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -3,12 +3,12 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH SWAT 8 "23 Jun 2001" "swat 2.2.0a"
+.TH "SWAT" "8" "22 June 2001" "" ""
 .SH NAME
 swat \- Samba Web Administration Tool
 .SH SYNOPSIS
 .sp
-\fBnmblookup\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
+\fBswat\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
 .SH "DESCRIPTION"
 .PP
 This tool is part of the  Sambasuite.
@@ -16,17 +16,17 @@ This tool is part of the  Sambasuite.
 \fBswat\fR allows a Samba administrator to 
 configure the complex \fI smb.conf(5)\fRfile via a Web browser. In addition, 
 a \fBswat\fR configuration page has help links 
-to all the configurable options in the smb.conf file allowing an 
+to all the configurable options in the \fIsmb.conf\fR file allowing an 
 administrator to easily look up the effects of any change. 
 .PP
-swat is run from inetd 
+\fBswat\fR is run from \fBinetd\fR 
 .SH "OPTIONS"
 .TP
 \fB-s smb configuration file\fR
 The default configuration file path is 
 determined at compile time. The file specified contains 
 the configuration details required by the \fBsmbd
-\fRserver. This is the file that swat will modify. 
+\fRserver. This is the file that \fBswat\fR will modify. 
 The information in this file includes server-specific 
 information such as what printcap file to use, as well as 
 descriptions of all the services that the server is to provide.
@@ -34,8 +34,8 @@ See \fIsmb.conf\fR for more information.
 .TP
 \fB-a\fR
 This option disables authentication and puts 
-swat in demo mode. In that mode anyone will be able to modify 
-the smb.conf file. 
+\fBswat\fR in demo mode. In that mode anyone will be able to modify 
+the \fIsmb.conf\fR file. 
 
 \fBDo NOT enable this option on a production 
 server. \fR
@@ -58,7 +58,7 @@ these in:
 .PP
 You need to edit your \fI/etc/inetd.conf
 \fRand \fI/etc/services\fR
-to enable SWAT to be launched via inetd.
+to enable SWAT to be launched via \fBinetd\fR.
 .PP
 In \fI/etc/services\fR you need to 
 add a line like this: 
@@ -86,10 +86,10 @@ HUP signal to inetd. To do this use \fBkill -1 PID
 \fRwhere PID is the process ID of the inetd daemon. 
 .SS "LAUNCHING"
 .PP
-To launch swat just run your favorite web browser and 
+To launch SWAT just run your favorite web browser and 
 point it at "http://localhost:901/".
 .PP
-Note that you can attach to swat from any IP connected 
+Note that you can attach to SWAT from any IP connected 
 machine but connecting from a remote machine leaves your 
 connection open to password sniffing as passwords will be sent 
 in the clear over the wire. 
@@ -124,7 +124,8 @@ the Samba suite.
 .PP
 \fBinetd(5)\fR,
 \fBsmbd(8)\fR, 
-smb.conf(5).SH "AUTHOR"
+smb.conf(5)
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1
index fbafd57df6b..b87c2a29bb2 100644
--- a/docs/manpages/testparm.1
+++ b/docs/manpages/testparm.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH TESTPARM 1 "23 Jun 2001" "testparm 2.2.0a"
+.TH "TESTPARM" "1" "22 June 2001" "" ""
 .SH NAME
 testparm \- check an smb.conf configuration file for  internal correctness
 .SH SYNOPSIS
@@ -42,7 +42,7 @@ names and before dumping the service definitions.
 Print usage message 
 .TP
 \fB-L servername\fR
-Sets the value of the %L macro to servername.
+Sets the value of the %L macro to \fIservername\fR.
 This is useful for testing include files specified with the 
 %L macro. 
 .TP
@@ -53,7 +53,7 @@ default \fIsmb.conf\fR file will be checked.
 .TP
 \fBhostname\fR
 If this parameter and the following are 
-specified, then testparm will examine the \fIhosts
+specified, then \fBtestparm\fR will examine the \fIhosts
 allow\fR and \fIhosts deny\fR 
 parameters in the \fIsmb.conf\fR file to 
 determine if the hostname with this IP address would be
@@ -73,7 +73,7 @@ file used by \fBsmbd\fR.
 .SH "DIAGNOSTICS"
 .PP
 The program will issue a message saying whether the 
-configuration file loaded OK or not. This message may be preceeded by 
+configuration file loaded OK or not. This message may be preceded by 
 errors and warnings if the file did not load. If the file was 
 loaded OK, the program then dumps all known service details 
 to stdout. 
@@ -84,7 +84,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fIsmb.conf(5)\fR, 
-\fBsmbd(8)\fR.SH "AUTHOR"
+\fBsmbd(8)\fR
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1
index 35e93721845..7dee600459a 100644
--- a/docs/manpages/testprns.1
+++ b/docs/manpages/testprns.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH TESTPRNS 1 "23 Jun 2001" "testprns 2.2.0a"
+.TH "TESTPRNS" "1" "03 May 2001" "" ""
 .SH NAME
 testprns \- check printer name for validity with smbd
 .SH SYNOPSIS
@@ -74,7 +74,8 @@ the Samba suite.
 .PP
 \fIprintcap(5)\fR, 
 \fBsmbd(8)\fR, 
-\fBsmbclient(1)\fR.SH "AUTHOR"
+\fBsmbclient(1)\fR
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 5626d97ebd5..653c8304cd1 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH WBINFO 1 "23 Jun 2001" "wbinfo 2.2.0a"
+.TH "WBINFO" "1" "22 June 2001" "" ""
 .SH NAME
 wbinfo \- Query information from winbind daemon
 .SH SYNOPSIS
@@ -86,7 +86,7 @@ NT domain the server is a Primary Domain Controller for.
 .PP
 The wbinfo program returns 0 if the operation 
 succeeded, or 1 if the operation failed. If the \fBwinbindd(8)
-\fRdaemon is not working wbinfo will always return 
+\fRdaemon is not working \fBwbinfo\fR will always return 
 failure. 
 .SH "VERSION"
 .PP
@@ -96,6 +96,7 @@ stable release of Samba as of yet.
 .SH "SEE ALSO"
 .PP
 \fBwinbindd(8)\fR
+
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index 30df97efe51..5f891021b43 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH WINBINDD 8 "23 Jun 2001" "winbindd 2.2.0a"
+.TH "WINBINDD" "8" "22 June 2001" "" ""
 .SH NAME
 winbindd \- Name Service Switch daemon for resolving names  from NT servers
 .SH SYNOPSIS
@@ -24,7 +24,7 @@ Users and groups are allocated as they are resolved to a range
 of user and group ids specified by the administrator of the 
 Samba system.
 .PP
-The service provided by winbindd is called `winbind' and 
+The service provided by \fBwinbindd\fR is called `winbind' and 
 can be used to resolve user and group information from a 
 Windows NT server. The service can also provide authentication
 services via an associated PAM module. 
@@ -107,7 +107,7 @@ separator so that the unix user names look like
 DOMAIN\\username. In some cases this separator character may 
 cause problems as the '\\' character has special meaning in 
 unix shells. In that case you can use the winbind separator 
-option to specify an alternative sepataror character. Good 
+option to specify an alternative separator character. Good 
 alternatives may be '/' (although that conflicts
 with the unix directory separator) or a '+ 'character. 
 The '+' character appears to be the best choice for 100% 
@@ -121,7 +121,7 @@ Example: \fBwinbind separator = + \fR
 \fBwinbind uid\fR
 The winbind uid parameter specifies the 
 range of user ids that are allocated by the winbindd daemon. 
-This range of ids should have no existing local or nis users 
+This range of ids should have no existing local or NIS users 
 within it as strange conflicts can occur otherwise. 
 
 Default: \fBwinbind uid = <empty string> 
@@ -131,7 +131,7 @@ Example: \fBwinbind uid = 10000-20000\fR
 \fBwinbind gid\fR
 The winbind gid parameter specifies the 
 range of group ids that are allocated by the winbindd daemon. 
-This range of group ids should have no existing local or nis 
+This range of group ids should have no existing local or NIS 
 groups within it as strange conflicts can occur otherwise.
 
 Default: \fBwinbind gid = <empty string>
@@ -143,7 +143,7 @@ This parameter specifies the number of
 seconds the winbindd daemon will cache user and group information 
 before querying a Windows NT server again. When a item in the 
 cache is older than this time winbindd will ask the domain 
-controller for the sequence number of the servers account database. 
+controller for the sequence number of the server's account database. 
 If the sequence number has not changed then the cached item is 
 marked as valid for a further \fIwinbind cache time
 \fRseconds. Otherwise the item is fetched from the 
@@ -163,7 +163,7 @@ calls to the \fBgetpwent\fR system call will not
 return any data. 
 
 \fBWarning:\fR Turning off user enumeration 
-may cause some programs to behave oddly. For example, the finger 
+may cause some programs to behave oddly. For example, the \fBfinger\fR 
 program relies on having access to the full user list when 
 searching for matching usernames. 
 
@@ -242,7 +242,7 @@ The next step is to join the domain. To do that use the
 \fBsamedit -S '*' -W DOMAIN -UAdministrator\fR
 .PP
 The username after the \fI-U\fR can be any Domain 
-user that has administrator priviliges on the machine. Next from 
+user that has administrator privileges on the machine. Next from 
 within \fBsamedit\fR, run the command: 
 .PP
 \fBcreateuser MACHINE$ -j DOMAIN -L\fR
@@ -250,11 +250,15 @@ within \fBsamedit\fR, run the command:
 This assumes your domain is called "DOMAIN" and your Samba 
 workstation is called "MACHINE". 
 .PP
-Next copy \fIlibnss_winbind.so.2\fR to 
+Next copy \fIlibnss_winbind.so\fR to 
 \fI/lib\fR and \fIpam_winbind.so\fR
-to \fI/lib/security\fR.
+to \fI/lib/security\fR. A symbolic link needs to be
+made from \fI/lib/libnss_winbind.so\fR to
+\fI/lib/libnss_winbind.so.2\fR. If you are using an
+older version of glibc then the target of the link should be
+\fI/lib/libnss_winbind.so.1\fR.
 .PP
-Finally, setup a smb.conf containing directives like the 
+Finally, setup a \fIsmb.conf\fR containing directives like the 
 following: 
 .PP
 .sp
@@ -354,13 +358,14 @@ Storage for cached user and group information.
 .PP
 This man page is correct for version 2.2 of 
 the Samba suite. winbindd is however not available in
-stable release of Samba as of yet.
+the stable release of Samba as of yet.
 .SH "SEE ALSO"
 .PP
 \fInsswitch.conf(5)\fR,
 samba(7),
 wbinfo(1),
-smb.conf(5).SH "AUTHOR"
+smb.conf(5)
+.SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
 were created by Andrew Tridgell. Samba is now developed
diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt
index fa0f65f84bd..55125b7bad5 100644
--- a/docs/textdocs/Application_Serving.txt
+++ b/docs/textdocs/Application_Serving.txt
@@ -1,5 +1,5 @@
 !==
-!== Application_Serving.txt for Samba release 2.2.0a 23 Jun 2001
+!== Application_Serving.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributed:	January 7, 1997
 Updated:	March 24, 1998
diff --git a/docs/textdocs/BROWSING-Config.txt b/docs/textdocs/BROWSING-Config.txt
index 6c0a60286ad..26f55dc4c38 100644
--- a/docs/textdocs/BROWSING-Config.txt
+++ b/docs/textdocs/BROWSING-Config.txt
@@ -1,5 +1,5 @@
 !==
-!== BROWSING-Config.txt for Samba release 2.2.0a 23 Jun 2001
+!== BROWSING-Config.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Date:		July 5, 1998
 Contributor:	John H Terpstra <jht@samba.org>
diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt
index c85af176df5..f041a0c3986 100644
--- a/docs/textdocs/BROWSING.txt
+++ b/docs/textdocs/BROWSING.txt
@@ -1,5 +1,5 @@
 !==
-!== BROWSING.txt for Samba release 2.2.0a 23 Jun 2001
+!== BROWSING.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Author/s:	Many (Thanks to Luke, Jeremy, Andrew, etc.)
 Updated:	July 5, 1998
diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt
index f0e466625ec..8dd6b0200f4 100644
--- a/docs/textdocs/BUGS.txt
+++ b/docs/textdocs/BUGS.txt
@@ -1,5 +1,5 @@
 !==
-!== BUGS.txt for Samba release 2.2.0a 23 Jun 2001
+!== BUGS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Samba Team
 Updated:	June 27, 1997
diff --git a/docs/textdocs/DHCP-Server-Configuration.txt b/docs/textdocs/DHCP-Server-Configuration.txt
index baf45d0603e..82b54c2f5df 100644
--- a/docs/textdocs/DHCP-Server-Configuration.txt
+++ b/docs/textdocs/DHCP-Server-Configuration.txt
@@ -1,8 +1,9 @@
 !==
-!== DHCP-Server-Configuration.txt for Samba release 2.2.0a 23 Jun 2001
+!== DHCP-Server-Configuration.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Subject:	DHCP Server Configuration for SMB Clients
 Date:		March 1, 1998
+Updated:        May 15, 2001
 Contributor:	John H Terpstra <jht@samba.org>
 Support:	This is an unsupported document. Refer to documentation that is
 		supplied with the ISC DHCP Server. Do NOT email the contributor
@@ -13,13 +14,13 @@ Background:
 ===========
 
 We wish to help those folks who wish to use the ISC DHCP Server and provide
-sample configuration settings. Red Hat Linux 5.0 is one operating system that
-comes supplied with the ISC DHCP Server. ISC DHCP is available from
+sample configuration settings. Most operating systems today come ship with
+the ISC DHCP Server. ISC DHCP is available from:
 		ftp://ftp.isc.org/isc/dhcp
 
-Incorrect configuration of MS Windows clients (Windows95, Windows NT Server and
-Workstation) will lead to problems with browsing and with general network
-operation. Windows 95 users often report problems where the TCP/IP and related
+Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows
+NT/2000) will lead to problems with browsing and with general network
+operation. Windows 9X/ME users often report problems where the TCP/IP and related
 network settings will inadvertantly become reset at machine start-up resulting
 in loss of configuration settings. This results in increased maintenance
 overheads as well as serious user frustration.
@@ -29,7 +30,8 @@ network operating problems to incorrect configuration of Samba.
 
 One user insisted that the only way to provent Windows95 from periodically
 performing a full system reset and hardware detection process on start-up was
-to install the NetBEUI protocol in addition to TCP/IP.
+to install the NetBEUI protocol in addition to TCP/IP. This assertion is not
+correct.
 
 In the first place, there is NO need for NetBEUI. All Microsoft Windows clients
 natively run NetBIOS over TCP/IP, and that is the only protocol that is
@@ -46,6 +48,25 @@ would have us believe can be experienced with DHCP. In fact, DHCP in covered by
 rfc1541 and is a very safe method of keeping an MS Windows desktop environment
 under control and for ensuring stable network operation.
 
+Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95
+store all network configuration settings a registry. There are a few reports
+from MS Windows network administrators that warrant mention here. It would appear
+that when one sets certain MS TCP/IP protocol settings (either directly or via
+DHCP) that these do get written to the registry. Even though a subsequent
+change of setting may occur the old value may persist in the registry. This
+has been known to create serious networking problems.
+
+An example of this occurs when a manual TCP/IP environment is configured to
+include a NetBIOS Scope. In this event, when the administrator then changes the
+configuration of the MS TCP/IP protocol stack, without first deleting the
+current settings, by simply checking the box to configure the MS TCP/IP stack
+via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be
+applied to the resulting DHCP offered settings UNLESS the DHCP server also sets
+a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS
+Scope from your DHCP server. The can be done in the dhcpd.conf file with the
+parameter:
+         option netbios-scope "";
+
 While it is true that the Microsoft DHCP server that comes with Windows NT
 Server provides only a sub-set of rfc1533 functionality this is hardly an issue
 in those sites that already have a large investment and commitment to Unix
@@ -76,12 +97,12 @@ such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it
 in their Windows NT Server implementation WINS (Windows Internet Name Server).
 
 A client needs to be configured so that it has a unique Machine (Computer)
-Name. 
+Name.
 
 This can be done, but needs a few NT registry hacks and you need to be able to
 speak UNICODE, which is of course no problem for a True Wizzard(tm) :)
 Instructions on how to do this (including a small util for less capable
-Wizzards) can be found at 
+Wizzards) can be found at
 
 	http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html
 
@@ -95,12 +116,19 @@ d) DNS Domain Name,
 e) DNS Server addresses,
 f) WINS (NBNS) Server addresses,
 g) IP Forwarding,
-h) Timezone offset, 
+h) Timezone offset,
 i) Node Type,
+j) NetBIOS Scope
 
 Other assignments can be made from a DHCP server too, but the above cover the
 major needs.
 
+Note: IF ever an entry has has been made to the NetBIOS Scope field of the
+TCP/IP configuration panel on an MS Windows machine, and it has then been
+committed, then that setting may become persistent. In such a c ase it is better
+to configure the DHCP server with a NetBIOS Scope consisting of an empty string
+(ie: A NULL scope).
+
 
 DHCP Server Installation:
 =========================
@@ -143,19 +171,23 @@ subnet 172.16.1.0 netmask 255.255.255.0 {
 	option domain-name "bestnet.com.au";
 	option time-offset 39600;
 	option ip-forwarding off;
-	option netbios-name-servers 172.16.0.1;
+	option netbios-name-servers 172.16.0.1, 172.16.0.1;
 	option netbios-dd-server 172.16.0.1;
 	option netbios-node-type 8;
+        option netbios-scope "";
 }
 
+; Note: The above netbios-scope is purposely an empty (NULL) string.
+
 group {
 	next-server 172.16.1.10;
 	option subnet-mask 255.255.255.0;
 	option domain-name "bestnet.com.au";
 	option domain-name-servers 172.16.1.1, 172.16.0.2;
-	option netbios-name-servers 172.16.0.1;
+	option netbios-name-servers 172.16.0.1, 172.16.0.1;
 	option netbios-dd-server 172.16.0.1;
 	option netbios-node-type 8;
+        option netbios-scope "SomeCrazyScope";
 	option routers 172.16.1.240;
 	option time-offset 39600;
 	host lexmark1 {
@@ -177,7 +209,7 @@ You can do this by typing:	cp /dev/null /etc/dhcpd.leases
 
 Setting up a route table for all-ones addresses:
 ================================================
-Quoting from the README file that comes with th eISC DHCPD Server:
+Quoting from the README file that comes with the ISC DHCPD Server:
 
                               BROADCAST
 
diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt
index dd7c9c8e332..5ca1743a23a 100644
--- a/docs/textdocs/DIAGNOSIS.txt
+++ b/docs/textdocs/DIAGNOSIS.txt
@@ -1,5 +1,5 @@
 !==
-!== DIAGNOSIS.txt for Samba release 2.2.0a 23 Jun 2001
+!== DIAGNOSIS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Andrew Tridgell
 Updated:	November 1, 1999
diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt
index df81f547024..fed77b939b4 100644
--- a/docs/textdocs/DNIX.txt
+++ b/docs/textdocs/DNIX.txt
@@ -1,5 +1,5 @@
 !==
-!== DNIX.txt for Samba release 2.2.0a 23 Jun 2001
+!== DNIX.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 DNIX has a problem with seteuid() and setegid(). These routines are
 needed for Samba to work correctly, but they were left out of the DNIX
diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt
index e0e91766ebe..eb4e5f58a1a 100644
--- a/docs/textdocs/Faxing.txt
+++ b/docs/textdocs/Faxing.txt
@@ -1,5 +1,5 @@
 !==
-!== Faxing.txt for Samba release 2.2.0a 23 Jun 2001
+!== Faxing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:    Gerhard Zuber <zuber@berlin.snafu.de>
 Date:			August 5th 1997.
diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt
index 0075cb9f727..afa5f8f4542 100644
--- a/docs/textdocs/GOTCHAS.txt
+++ b/docs/textdocs/GOTCHAS.txt
@@ -1,5 +1,5 @@
 !==
-!== GOTCHAS.txt for Samba release 2.2.0a 23 Jun 2001
+!== GOTCHAS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 This file lists Gotchas to watch out for:
 =========================================================================
diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt
index 6da45bb3f91..5b0854b36e5 100644
--- a/docs/textdocs/HINTS.txt
+++ b/docs/textdocs/HINTS.txt
@@ -1,5 +1,5 @@
 !==
-!== HINTS.txt for Samba release 2.2.0a 23 Jun 2001
+!== HINTS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Many
 Updated:	Not for a long time!
diff --git a/docs/textdocs/Imprints.txt b/docs/textdocs/Imprints.txt
index 24cdfddff85..025381166b1 100644
--- a/docs/textdocs/Imprints.txt
+++ b/docs/textdocs/Imprints.txt
@@ -1,5 +1,5 @@
 !==
-!== Imprints.txt for Samba release 2.2.0a 23 Jun 2001
+!== Imprints.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 ==================================================================
 
diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt
index e7f4f0badfa..c6b35811643 100644
--- a/docs/textdocs/Macintosh_Clients.txt
+++ b/docs/textdocs/Macintosh_Clients.txt
@@ -1,5 +1,5 @@
 !==
-!== Macintosh_Clients.txt for Samba release 2.2.0a 23 Jun 2001
+!== Macintosh_Clients.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 > Are there any Macintosh clients for Samba?
 
diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt
index b434b924714..866ec82a727 100644
--- a/docs/textdocs/NetBIOS.txt
+++ b/docs/textdocs/NetBIOS.txt
@@ -1,5 +1,5 @@
 !==
-!== NetBIOS.txt for Samba release 2.2.0a 23 Jun 2001
+!== NetBIOS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:    lkcl - samba@samba.org
                 Copyright 1997  Luke Kenneth Casson Leighton 
diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt
index 50138493934..69fec36f08b 100644
--- a/docs/textdocs/PROFILES.txt
+++ b/docs/textdocs/PROFILES.txt
@@ -1,5 +1,5 @@
 !==
-!== PROFILES.txt for Samba release 2.2.0a 23 Jun 2001
+!== PROFILES.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributors:	Bruce Cook <BC3-AU@bigfoot.com>
 		Copyright (C) 1998 Bruce Cook
diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt
index 31df25e8f9e..1f5407eec81 100644
--- a/docs/textdocs/Passwords.txt
+++ b/docs/textdocs/Passwords.txt
@@ -1,5 +1,5 @@
 !==
-!== Passwords.txt for Samba release 2.2.0a 23 Jun 2001
+!== Passwords.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Unknown
 Date:		Updated April 19th 1999.
diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt
index a24ba171137..dc713d6180a 100644
--- a/docs/textdocs/Printing.txt
+++ b/docs/textdocs/Printing.txt
@@ -1,5 +1,5 @@
 !==
-!== Printing.txt for Samba release 2.2.0a 23 Jun 2001
+!== Printing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Unknown <samba@samba.org>
 Revised by:	Patrick Powell <papowell@lprng.org>
diff --git a/docs/textdocs/Recent-FAQs.txt b/docs/textdocs/Recent-FAQs.txt
index 50e8aba8245..6e614abed1a 100644
--- a/docs/textdocs/Recent-FAQs.txt
+++ b/docs/textdocs/Recent-FAQs.txt
@@ -1,5 +1,5 @@
 !==
-!== Recent-FAQs.txt for Samba release 2.2.0a 23 Jun 2001
+!== Recent-FAQs.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Samba-bugs@samba.org
 Date:		July 5, 1998
diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt
index 039fc881ba2..aea9fd77db7 100644
--- a/docs/textdocs/RoutedNetworks.txt
+++ b/docs/textdocs/RoutedNetworks.txt
@@ -1,5 +1,5 @@
 !==
-!== RoutedNetworks.txt for Samba release 2.2.0a 23 Jun 2001
+!== RoutedNetworks.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 #NOFNR Flag in LMHosts to Communicate Across Routers

 

diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt
index e458a7bd8fd..9d10d6b233e 100644
--- a/docs/textdocs/SCO.txt
+++ b/docs/textdocs/SCO.txt
@@ -1,5 +1,5 @@
 !==
-!== SCO.txt for Samba release 2.2.0a 23 Jun 2001
+!== SCO.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Geza Makay <makayg@math.u-szeged.hu>
 Date:		Unknown
diff --git a/docs/textdocs/SSLeay.txt b/docs/textdocs/SSLeay.txt
index 88013925ab8..7d1b8dc1dff 100644
--- a/docs/textdocs/SSLeay.txt
+++ b/docs/textdocs/SSLeay.txt
@@ -1,5 +1,5 @@
 !==
-!== SSLeay.txt for Samba release 2.2.0a 23 Jun 2001
+!== SSLeay.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor: Christian Starkjohann <cs@obdev.at>
 Date:        May 29, 1998
diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt
index dd1639da867..325376ac250 100644
--- a/docs/textdocs/Speed.txt
+++ b/docs/textdocs/Speed.txt
@@ -1,5 +1,5 @@
 !==
-!== Speed.txt for Samba release 2.2.0a 23 Jun 2001
+!== Speed.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 
 Subject:	Samba performance issues
diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt
index edc5f4e4b41..cbdce761de5 100644
--- a/docs/textdocs/Speed2.txt
+++ b/docs/textdocs/Speed2.txt
@@ -1,5 +1,5 @@
 !==
-!== Speed2.txt for Samba release 2.2.0a 23 Jun 2001
+!== Speed2.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Paul Cochrane <paulc@dth.scot.nhs.uk>
 Organization: 	Dundee Limb Fitting Centre
diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt
index 926f9da5e93..96d863d0742 100644
--- a/docs/textdocs/Tracing.txt
+++ b/docs/textdocs/Tracing.txt
@@ -1,5 +1,5 @@
 !==
-!== Tracing.txt for Samba release 2.2.0a 23 Jun 2001
+!== Tracing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Andrew Tridgell <samba@samba.org>
 Date:		Old
diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt
index dfc8efb64e6..5c6d5b8c813 100644
--- a/docs/textdocs/UNIX-SMB.txt
+++ b/docs/textdocs/UNIX-SMB.txt
@@ -1,5 +1,5 @@
 !==
-!== UNIX-SMB.txt for Samba release 2.2.0a 23 Jun 2001
+!== UNIX-SMB.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Andrew Tridgell <samba@samba.org>
 Date:		April 1995
diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt
index 200e0895b81..84f8fad27fd 100644
--- a/docs/textdocs/UNIX_SECURITY.txt
+++ b/docs/textdocs/UNIX_SECURITY.txt
@@ -1,5 +1,5 @@
 !==
-!== UNIX_SECURITY.txt for Samba release 2.2.0a 23 Jun 2001
+!== UNIX_SECURITY.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	John H Terpstra <jht@samba.org>
 Date:		July 5, 1998
diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt
index 157f9a90a78..911fddf427a 100644
--- a/docs/textdocs/Win95.txt
+++ b/docs/textdocs/Win95.txt
@@ -1,5 +1,5 @@
 !==
-!== Win95.txt for Samba release 2.2.0a 23 Jun 2001
+!== Win95.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Copyright (C) 1997 - Samba-Team
 Contributed Date:	August 20, 1997
diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt
index 03fad0e3997..c7d41a4114a 100644
--- a/docs/textdocs/WinNT.txt
+++ b/docs/textdocs/WinNT.txt
@@ -1,5 +1,5 @@
 !==
-!== WinNT.txt for Samba release 2.2.0a 23 Jun 2001
+!== WinNT.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributors:	Various
 		Password Section - Copyright (C) 1997 - John H Terpstra
diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt
index 1cb53dbdcce..91d032b1695 100644
--- a/docs/textdocs/cifsntdomain.txt
+++ b/docs/textdocs/cifsntdomain.txt
@@ -1,5 +1,5 @@
 !==
-!== cifsntdomain.txt for Samba release 2.2.0a 23 Jun 2001
+!== cifsntdomain.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 NT Domain Authentication
 ------------------------
diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt
index e0e20662af7..dad4bd78314 100644
--- a/docs/textdocs/security_level.txt
+++ b/docs/textdocs/security_level.txt
@@ -1,5 +1,5 @@
 !==
-!== security_level.txt for Samba release 2.2.0a 23 Jun 2001
+!== security_level.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 Contributor:	Andrew Tridgell
 Updated:	June 27, 1997
diff --git a/examples/VFS/README b/examples/VFS/README
index c2f39f9727d..825f8a961ff 100644
--- a/examples/VFS/README
+++ b/examples/VFS/README
@@ -17,6 +17,11 @@ construction.  The following VFS modules are given:
 		connect/disconnect, directory opens/create/remove,
 		file open/close/rename/unlink/chmod.
 
+	block/
+
+		A directory containing a sample module by Ronald Kuetemeier
+		<ronald@kuetemeier.com> to block named symbolic link following.
+
 The libtool program, available from your favourite GNU software
 archive, is required to compile these programs.
 
diff --git a/packaging/Caldera/OpenLinux/makerpms.sh.tmpl b/packaging/Caldera/OpenLinux/makerpms.sh.tmpl
index 5166db9b768..e7ba1d96230 100644
--- a/packaging/Caldera/OpenLinux/makerpms.sh.tmpl
+++ b/packaging/Caldera/OpenLinux/makerpms.sh.tmpl
@@ -5,15 +5,38 @@ SPECDIR=${SPECDIR:-/usr/src/OpenLinux/SPECS}
 SRCDIR=${SRCDIR:-/usr/src/OpenLinux/SOURCES}
 USERID=`id -u`
 GRPID=`id -g`
+devel=0;
+old=0;
 
-( cd ../../../.. ; chown -R ${USERID}.${GRPID} ${SRCDIR}/samba )
-( cd ../../../.. ; tar czvf ${SRCDIR}/samba-PVERSION-PRELEASE.tar.gz samba )
-cp -a *.spec *.spec-lsb $SPECDIR
+# Do some argument parsing...
+if [ z$1 = z"devel" ]; then
+	devel=1;
+	shift
+fi
+if [ z$1 = z"old" ]; then
+	old=1;
+	shift
+fi
+
+# Start preparing the packages...
+if [ $devel -ne 0 ]; then
+        ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba; mv samba samba-PVERSION )
+        ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba-PVERSION; mv samba-PVERSION samba )
+else
+        ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba-PVERSION )
+        ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba-PVERSION )
+fi
+
+cp -af *.spec *.spec-lsb $SPECDIR
 for src in *.patch; do
   trg=`echo $src | sed 's;xxxxxx;PVERSION;'`
   cp -a $src $SRCDIR/$trg
 done
+
+# Start building the package
 cd $SPECDIR
-mv samba2.spec samba2.spec-nonlsb
-ln samba2.spec-lsb samba2.spec
+if [ $old -eq 0 ]; then
+mv -f samba2.spec samba2.spec-nonlsb
+ln -f samba2.spec-lsb samba2.spec
+fi
 rpm -ba -v samba2.spec
diff --git a/packaging/Caldera/OpenLinux/samba.pam b/packaging/Caldera/OpenLinux/samba.pam
index baa8ca37205..8802f78e56b 100644
--- a/packaging/Caldera/OpenLinux/samba.pam
+++ b/packaging/Caldera/OpenLinux/samba.pam
@@ -3,7 +3,9 @@
 #
 # The PAM configuration file for the `samba' service
 #
-auth       required     /lib/security/pam_pwdb.so nullok nodelay # shadow audit
-account    required     /lib/security/pam_pwdb.so audit nodelay
+auth       required     /lib/security/pam_pwdb.so nullok nodelay # audit
+# auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so nodelay # audit
 session    required     /lib/security/pam_pwdb.so nodelay
 password   required     /lib/security/pam_pwdb.so # shadow md5
+#password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf
diff --git a/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl b/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl
index d527b07ecee..ec25b9d6ecb 100644
--- a/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl
+++ b/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl
@@ -27,7 +27,7 @@ Requires    	: libpam >= 0.66, SysVinit-scripts >= 1.04-6
 
 BuildRoot   	: /tmp/%{Name}-%{Version}
 
-Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}-%{date}.tar.gz
+Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz
 #Patch0: %{Name}-%{Version}-smbmount.patch
 #Patch1: %{Name}-%{Version}-install.patch
 #Patch2: %{Name}-%{Version}-smbconf.patch
@@ -182,7 +182,7 @@ verificar rapidamente o efeite de qualquer alteração.
 
 
 %Prep
-%setup -n samba
+%setup
 #%patch0 -p1
 #%patch1 -p1
 #%patch2 -p1
@@ -241,8 +241,7 @@ for i in htmldocs/DOMAIN_MEMBER.html htmldocs/Samba-HOWTO-Collection.html \
          docbook/projdoc/DOMAIN_MEMBER.sgml docbook/projdoc/DOMAIN_MEMBER.sgml \
          docbook/faq/samba-pdc-faq.sgml docbook/howto/samba-pdc-howto.sgml \
          docbook/manpages/smbclient.1.sgml docbook/manpages/smbd.8.sgml \
-	 docbook/projdoc/ENCRYPTION.sgml textdocs/samba-pdc-faq.txt \
-	 textdocs/samba-pdc-howto.txt manpages/smbclient.1 manpages/smbd.8 ; do
+	 docbook/projdoc/ENCRYPTION.sgml manpages/smbclient.1 manpages/smbd.8 ; do
 %{fixUP} -vT docs/$i -e '
     s:/usr/local/samba/private/FOREST.SLEEPY.SID:/var/lock/samba.d/FOREST.SLEEPY.SID: +
     s:/usr/local/samba/private:/usr/bin:g +
@@ -256,9 +255,6 @@ done
 %{fixUP} -vT docs/htmldocs/samba-pdc-faq.html -e '
   s:/usr/local/src:/usr/src:g ;
 '
-%{fixUP} -vT docs/textdocs/PRINTER_DRIVER.txt -e '
-  s:/usr/local/samba/printer:/var/spool/samba:g ;
-'
 # End of DirtyHack(TM)
 
 
@@ -276,15 +272,17 @@ CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
 	--with-swatdir='$(DESTDIR)/usr/share/swat' \
 	--with-sambabook='$(DESTDIR)/usr/share/swat/using_samba' \
 	--with-configdir='$(DESTDIR)'%{EtcSamba} \
+	--with-codepagedir='$(DESTDIR)'/usr/share/samba/codepages \
 	--without-smbwrapper \
 	--with-smbmount \
 	--with-pam \
+	--with-pam_smbpass \
 	--with-netatalk \
 	--with-quotas \
 	--with-utmp \
 	--with-syslog 
 
-make LOGFILEBASE=/var/log/samba.d all nsswitch debug2html bin/smbspool
+make LOGFILEBASE=/var/log/samba.d all nsswitch/libnss_wins.so debug2html bin/smbspool
 
 
 %Install
@@ -294,11 +292,10 @@ VVS=packaging/%{Vendor}/%{Dist}
 mkdir -p $DESTDIR/etc/{{logrotate,pam}.d,sysconfig/daemons}
 mkdir -p $DESTDIR/var/{lo{ck,g}/samba.d,spool/samba}
 mkdir -p $DESTDIR/usr/share/swat/using_samba/{gifs,figs}
-mkdir -p $DESTDIR/usr/share/samba/codepages
 mkdir -p $DESTDIR/lib/security
 mkdir -p $DESTDIR/%{LSBservedir}/{netlogon,profiles,Public}
 mkdir -p $DESTDIR/etc/skel/Samba
-mkdir -p $DESTDIR%{EtcSamba}/codepages/src $DESTDIR/sbin
+mkdir -p $DESTDIR/usr/share/samba/codepages/src $DESTDIR/sbin
 mkdir -p $DESTDIR/%{SVIdir}
 
 make LOGFILEBASE=/var/log/samba.d -C source  install
@@ -306,7 +303,7 @@ make LOGFILEBASE=/var/log/samba.d -C source  install
 strip $DESTDIR/usr/bin/smb{mnt,umount}
 #mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/bin
 
-cp -p source/codepages/codepage_def.??? $DESTDIR%{EtcSamba}/codepages/src
+cp -p source/codepages/codepage_def.??? $DESTDIR/usr/share/samba/codepages/src
 
 # Install the nsswitch library extension file
 install -m 755 source/nsswitch/libnss_wins.so $DESTDIR/lib/libnss_wins.so.2.0
@@ -344,6 +341,9 @@ cp -p $VVS/README.home $DESTDIR/etc/skel/Samba/README.txt
 cp -p $VVS/README.Public $DESTDIR/%{LSBservedir}/Public/README.txt
 cp -p $VVS/README.profiles $DESTDIR/%{LSBservedir}/profiles/README.txt
 
+# Add PAM smbpass facility
+mv $DESTDIR/usr/bin/pam_smbpass.so $DESTDIR/lib/security
+
 install -m 755 $VVS/samba.init-lsb $DESTDIR/%{SVIdir}/%{Name}
 
 for f in testparm testprns; do
@@ -414,6 +414,9 @@ swat					swat
 %{_defaultdocdir}/samba- 		doc
 tmp					IGNORED
 man					IGNORED
+lib/security				IGNORED
+/src/$					IGNORED
+/usr/private/$				IGNORED
 @default@
 EOF
 cat << 'EOF' | %{mkLists} -f -a samba
@@ -421,7 +424,8 @@ cat << 'EOF' | %{mkLists} -f -a samba
 Samba/README.txt			base
 ^/etc					config-IGNORED
 %{_defaultdocdir}/samba-[^/]+/(COPYING|README$)	base
-libnss_wins.so				base
+libnss_wins.*				base
+pam_smbpass.so				base
 %{_defaultdocdir}/samba-[^/]+/(COPYING|README$)	base
 %{_defaultdocdir}/samba- 		doc
 smb(mount|mnt|umount)			smbfs
@@ -450,7 +454,16 @@ test "$1" = "0" || exit 0
 /usr/lib/LSB/init-remove %{Name}
 # We want to remove the browse.dat and wins.dat files so they can not
 # interfer with a new version of samba!
-rm -f /var/lock/samba/{browse,wins}.dat 
+rm -f /var/lock/samba/browse.dat 
+rm -f /var/lock/samba/{brlock,connections,locking,messages}.tdb
+if [ -e /var/lock/samba.d/namelist.debug ]; then
+	rm -f /var/lock/samba.d/namelist.debug
+fi
+rm -f /var/lock/samba/unexpected.tdb
+rm -f /var/lock/samba/{smbd,nmbd}.pid
+
+# Note: We MUST keep:
+#	winbindd_*, sshare_info*, printing*, ntdrivers*
 
 
 %PostUn -n swat
@@ -490,4 +503,4 @@ test "$1" = "0" || exit 0
 
 %ChangeLog
 * Mon Jan 01 1997 ...
-$Id: samba2.spec-lsb.tmpl,v 1.1.2.17 2001/04/15 00:33:29 jht Exp $
+$Id: samba2.spec-lsb.tmpl,v 1.1.2.17.2.1 2001/07/06 00:48:38 jra Exp $
diff --git a/packaging/Caldera/OpenLinux/samba2.spec.tmpl b/packaging/Caldera/OpenLinux/samba2.spec.tmpl
index ebe501dcc24..027bb5c15ca 100644
--- a/packaging/Caldera/OpenLinux/samba2.spec.tmpl
+++ b/packaging/Caldera/OpenLinux/samba2.spec.tmpl
@@ -28,7 +28,7 @@ Requires    	: libpam >= 0.66, SysVinit-scripts >= 1.04-6
 
 BuildRoot   	: /tmp/%{Name}-%{Version}
 
-Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}-%{date}.tar.gz
+Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz
 #Patch0: %{Name}-%{Version}-smbmount.patch
 #Patch1: %{Name}-%{Version}-install.patch
 #Patch2: %{Name}-%{Version}-smbconf.patch
@@ -82,7 +82,7 @@ Maschinen ein.
 
 %Description -l es
 Samba dispone de un servidor SMB que puede utilizarse para proporcionar
-servicios de red a clientes SMB (a veces conocido como "Lan Manager"), 
+servicios de red a clientes SMB (a veces conocido como "Lan Manager"),
 incluyendo varias versiones de MS Windows, OS/2 y otras máquinas Linux.
 
 %Description -l fr
@@ -152,8 +152,8 @@ ficheiros de servidores SMB.
 
 %Description -n swat
 SWAT allows a Samba administrator to configure the complex smb.conf
-file via a Web browser.  It also provides links to all the configurable 
-options in the smb.conf file allowing an administrator to easily look 
+file via a Web browser.  It also provides links to all the configurable
+options in the smb.conf file allowing an administrator to easily look
 up the effects of any change.
 
 %Description -l de -n swat
@@ -186,13 +186,8 @@ todas as opções configuraveis no smb.conf, permitindo a um admnistrador
 verificar rapidamente o efeite de qualquer alteração.
 
 
-%Description debug
-This package contains programs that can be used to crash test any SMB
-server. Please use it with care. If you do not need it then do NOT install.
-
-
 %Prep
-%setup -n samba
+%setup
 #%patch0 -p1
 #%patch1 -p1
 #%patch2 -p1
@@ -246,11 +241,10 @@ done
 for i in htmldocs/DOMAIN_MEMBER.html htmldocs/Samba-HOWTO-Collection.html \
          htmldocs/samba-pdc-faq.html htmldocs/samba-pdc-howto.html \
          htmldocs/smbclient.1.html htmldocs/smbd.8.html \
-         docbook/projdoc/DOMAIN_MEMBER.sgml docbook/howto/DOMAIN_MEMBER.sgml \
+         docbook/projdoc/DOMAIN_MEMBER.sgml htmldocs/DOMAIN_MEMBER.html \
          docbook/faq/samba-pdc-faq.sgml docbook/howto/samba-pdc-howto.sgml \
          docbook/manpages/smbclient.1.sgml docbook/manpages/smbd.8.sgml \
-	 docbook/projdoc/ENCRYPTION.sgml textdocs/samba-pdc-faq.txt \
-	 textdocs/samba-pdc-howto.txt manpages/smbclient.1 manpages/smbd.8 ; do
+	 docbook/projdoc/ENCRYPTION.sgml manpages/smbclient.1 manpages/smbd.8 ; do
 %{fixUP} -vT docs/$i -e '
     s:/usr/local/samba/private/FOREST.SLEEPY.SID:/var/lock/samba.d/FOREST.SLEEPY.SID: +
     s:/usr/local/samba/private:/usr/bin:g +
@@ -264,9 +258,6 @@ done
 %{fixUP} -vT docs/htmldocs/samba-pdc-faq.html -e '
   s:/usr/local/src:/usr/src:g ;
 '
-%{fixUP} -vT docs/textdocs/PRINTER_DRIVER.txt -e '
-  s:/usr/local/samba/printer:/var/spool/samba:g ;
-'
 # End of DirtyHack(TM)
 
 
@@ -284,18 +275,19 @@ CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \
 	--with-swatdir='$(DESTDIR)/usr/share/swat' \
 	--with-sambabook='$(DESTDIR)/usr/share/swat/using_samba' \
 	--with-configdir='$(DESTDIR)'%{EtcSamba} \
+	--with-codepagedir='$(DESTDIR)'/usr/share/samba/codepages \
 	--without-smbwrapper \
 	--with-smbmount \
 	--with-pam \
+       --with-pam_smbpass \
 	--with-netatalk \
 	--with-quotas \
 	--with-syslog \
 	--with-utmp 
 
 make LOGFILEBASE=/var/log/samba.d all
-make LOGFILEBASE=/var/log/samba.d nsswitch
-# debug package:
-make LOGFILEBASE=/var/log/samba.d smbfilter debug2html 
+make LOGFILEBASE=/var/log/samba.d nsswitch/libnss_wins.so
+make LOGFILEBASE=/var/log/samba.d smbfilter debug2html
 make LOGFILEBASE=/var/log/samba.d bin/smbspool
 
 
@@ -308,7 +300,7 @@ mkdir -p $DESTDIR/var/{lo{ck,g}/samba.d,spool/samba}
 mkdir -p $DESTDIR/usr/share/swat/using_samba/{gifs,figs}
 mkdir -p $DESTDIR/lib/security
 mkdir -p $DESTDIR/%{LSBservedir}/{netlogon,profiles,Public}
-mkdir -p $DESTDIR%{EtcSamba}/codepages/src $DESTDIR/sbin
+mkdir -p $DESTDIR/usr/share/samba/codepages/src $DESTDIR/sbin
 
 make -C source  install
 make LOGFILEBASE=/var/log/samba.d -C source install
@@ -316,7 +308,7 @@ make LOGFILEBASE=/var/log/samba.d -C source install
 strip $DESTDIR/usr/bin/smb{mnt,umount}
 #mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/sbin
 
-cp -p source/codepages/codepage_def.??? $DESTDIR%{EtcSamba}/codepages/src
+cp -p source/codepages/codepage_def.??? $DESTDIR/usr/share/samba/codepages/src
 
 # Install the nsswitch library extension file
 install -m 755 source/nsswitch/libnss_wins.so $DESTDIR/lib/libnss_wins.so.2.0
@@ -356,6 +348,9 @@ cp -p $VVS/README.home $DESTDIR/etc/skel/Samba/README.txt
 cp -p $VVS/README.Public $DESTDIR/%{LSBservedir}/Public/README.txt
 cp -p $VVS/README.profiles $DESTDIR/%{LSBservedir}/profiles/README.txt
 
+# Add PAM smbpass facility
+mv $DESTDIR/usr/bin/pam_smbpass.so $DESTDIR/lib/security
+
 for f in testparm testprns; do
   ln -s $f $DESTDIR/usr/bin/smb$f
   ln -s $f.1 $DESTDIR/usr/man/man1/smb$f.1
@@ -486,4 +481,4 @@ lisa --inetd disable swat $1
 
 %ChangeLog
 * Mon Jan 01 1997 ...
-$Id: samba2.spec.tmpl,v 1.1.6.15 2001/04/15 00:33:29 jht Exp $
+$Id: samba2.spec.tmpl,v 1.1.6.15.2.1 2001/07/06 00:48:38 jra Exp $
diff --git a/packaging/Caldera/OpenServer/Install b/packaging/Caldera/OpenServer/Install
index 1065fcdec32..ab27b6f67fa 100755
--- a/packaging/Caldera/OpenServer/Install
+++ b/packaging/Caldera/OpenServer/Install
@@ -54,7 +54,7 @@ for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \
 do
 $V    install -m755 -s source/bin/$i ${BLDFIX}/bin
 done
-for i in addtosmbpass mksmbpasswd.sh smbtar
+for i in mksmbpasswd.sh smbtar
 do
 $V    install -m755 source/script/$i ${BLDFIX}/bin
 done
diff --git a/packaging/Caldera/OpenServer/pkg/input/Samba.pkg b/packaging/Caldera/OpenServer/pkg/input/Samba.pkg
index 986eb11218a..ea76e74a610 100644
--- a/packaging/Caldera/OpenServer/pkg/input/Samba.pkg
+++ b/packaging/Caldera/OpenServer/pkg/input/Samba.pkg
@@ -146,12 +146,6 @@ owner = root
 group = sys
 flags = 
 
-FILE:Samba:SHARED:usr/local/samba/bin/addtosmbpass:
-mode  = 0755
-owner = root
-group = sys
-flags = 
-
 FILE:Samba:SHARED:usr/local/samba/bin/mksmbpasswd.sh:
 mode  = 0755
 owner = root
diff --git a/packaging/Caldera/UnixWare/Install b/packaging/Caldera/UnixWare/Install
index a379d08400d..3fffc37d25a 100755
--- a/packaging/Caldera/UnixWare/Install
+++ b/packaging/Caldera/UnixWare/Install
@@ -30,7 +30,10 @@ $V mkdir -p ${BLDFIX}/var/locks
 $V mkdir -p ${BLDFIX}/lib/codepages/src
 
 # Copy into the dist tree the pkg data files
-$V cp pkg/* ${BUILD_ROOT}
+for i in pkg/*
+do
+    [ -f $i ] && $V cp $i ${BUILD_ROOT}
+done
 
 cd ../../..
 
@@ -41,7 +44,7 @@ for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \
 do
 $V    install -m755 -s source/bin/$i ${BLDFIX}/bin
 done
-for i in addtosmbpass mksmbpasswd.sh smbtar
+for i in mksmbpasswd.sh smbtar
 do
 $V    install -m755 source/script/$i ${BLDFIX}/bin
 done
diff --git a/packaging/Caldera/UnixWare/pkg/prototype b/packaging/Caldera/UnixWare/pkg/prototype
index 273678ab522..13a64b6feb1 100644
--- a/packaging/Caldera/UnixWare/pkg/prototype
+++ b/packaging/Caldera/UnixWare/pkg/prototype
@@ -24,7 +24,6 @@ f samba usr/local/samba/bin/rpcclient 0755 root sys
 f samba usr/local/samba/bin/smbspool 0755 root sys
 f samba usr/local/samba/bin/smbsh 0755 root sys
 f samba usr/local/samba/bin/smbwrapper.so 0755 root sys
-f samba usr/local/samba/bin/addtosmbpass 0755 root sys
 f samba usr/local/samba/bin/mksmbpasswd.sh 0755 root sys
 f samba usr/local/samba/bin/smbtar 0755 root sys
 f samba usr/local/samba/bin/smbprint 0755 root sys
@@ -220,7 +219,7 @@ f samba usr/local/samba/swat/help/lmhosts.5.html 0644 root sys
 f samba usr/local/samba/swat/help/make_smbcodepage.1.html 0644 root sys
 f samba usr/local/samba/swat/help/nmbd.8.html 0644 root sys
 f samba usr/local/samba/swat/help/nmblookup.1.html 0644 root sys
-f samba usr/local/samba/swat/help/rpcclient.8.html 0644 root sys
+f samba usr/local/samba/swat/help/rpcclient.1.html 0644 root sys
 f samba usr/local/samba/swat/help/samba-pdc-faq.html 0644 root sys
 f samba usr/local/samba/swat/help/samba-pdc-howto.html 0644 root sys
 f samba usr/local/samba/swat/help/samba.7.html 0644 root sys
diff --git a/packaging/Example/samba.init b/packaging/Example/samba.init
index c1d605cda06..4f02cd8a1af 100755
--- a/packaging/Example/samba.init
+++ b/packaging/Example/samba.init
@@ -1,5 +1,8 @@
 #!/bin/sh
 #
+SMBD=/usr/local/samba/bin/smbd
+NMBD=/usr/local/samba/bin/nmbd
+
 if [ ! -d /usr/bin ]; then
 	echo "The /usr file system is not mounted."
         exit 1
@@ -19,8 +22,8 @@ case "$1" in
 
 	'start')
 	   echo "Starting Samba"
-	   /usr/local/samba/sbin/smbd
-	   /usr/local/samba/sbin/nmbd
+	   $SMBD
+	   $NMBD
 	   echo "Done."
 	   ;;
 	'stop')
diff --git a/packaging/Mandrake/makerpms.sh.tmpl b/packaging/Mandrake/makerpms.sh.tmpl
index cdea6b140e5..c4ad9c6b581 100644
--- a/packaging/Mandrake/makerpms.sh.tmpl
+++ b/packaging/Mandrake/makerpms.sh.tmpl
@@ -5,9 +5,11 @@ SPECDIR=/usr/src/RPM/SPECS
 SRCDIR=/usr/src/RPM/SOURCES
 USERID=`id -u`
 GRPID=`id -g`
+VERSION='PVERSION'
 
-( cd ../../.. ; chown -R ${USERID}.${GRPID} ${SRCDIR}/samba )
-( cd ../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba )
+( cd ../../.. ; mv samba samba-$VERSION; chown -R ${USERID}.${GRPID} ${SRCDIR}/samba-$VERSION )
+( cd ../../.. ; tar --exclude=CVS -czvf ${SRCDIR}/samba-$VERSION.tar.gz samba-$VERSION )
+( cd ../../.. ; mv samba-$VERSION samba )
 cp -a *.spec $SPECDIR
 cp -a *.patch smb.* samba.log $SRCDIR
 cd $SPECDIR
diff --git a/packaging/Mandrake/samba.log b/packaging/Mandrake/samba.log
index 4e8b44b60e7..7dc1667bafe 100644
--- a/packaging/Mandrake/samba.log
+++ b/packaging/Mandrake/samba.log
@@ -1,4 +1,4 @@
-/var/log/samba/log.nmb {
+/var/log/samba/log.nmbd {
     notifempty
     missingok
     postrotate
@@ -6,7 +6,7 @@
     endscript
 }
 
-/var/log/samba/log.smb {
+/var/log/samba/log.smbd {
     notifempty
     missingok
     postrotate
diff --git a/packaging/Mandrake/samba.pamd b/packaging/Mandrake/samba.pamd
index 7d7274e37cf..30912de1726 100644
--- a/packaging/Mandrake/samba.pamd
+++ b/packaging/Mandrake/samba.pamd
@@ -1,5 +1,5 @@
 #%PAM-1.0
-auth       required	pam_nologin.so
-auth       required	pam_stack.so service=system-auth
-account    required	pam_stack.so service=system-auth
-session    required	pam_stack.so service=system-auth
+auth       required	/lib/security/pam_nologin.so
+auth       required	/lib/security/pam_stack.so service=system-auth
+account    required	/lib/security/pam_stack.so service=system-auth
+session    required	/lib/security/pam_stack.so service=system-auth
diff --git a/packaging/Mandrake/samba2.spec.tmpl b/packaging/Mandrake/samba2.spec.tmpl
index 32e2b7771f8..5bc92535f80 100644
--- a/packaging/Mandrake/samba2.spec.tmpl
+++ b/packaging/Mandrake/samba2.spec.tmpl
@@ -5,8 +5,8 @@ Release: PRELEASE
 Copyright: GNU GPL version 2
 Group: Networking
 Source: ftp://samba.org/pub/samba/samba-%{version}.tar.gz
-Packager: John H Terpstra [Samba-Team] <jht@samba.org>
-Requires: pam >= 0.72 /etc/pam.d/sytem-auth kernel >= 2.2.1 glibc >= 2.1.2
+Packager: Gerald (Jerry) Carter [Samba-Team] <jerry@samba.org>
+Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2
 Prereq: chkconfig fileutils
 BuildRoot: /var/tmp/samba
 Prefix: /usr
@@ -38,17 +38,22 @@ This binary release includes encrypted password support.
 Please read the smb.conf file and ENCRYPTION.txt in the
 docs directory for implementation details.
 
-NOTE: Red Hat Linux uses PAM which has integrated support
-for Shadow passwords and quotas. Do NOT recompile with the
-SHADOW_PWD option enabled
-
 %changelog
+* Mon May 21 2001 Gerald (Jerry) Carter <jerry@samba.org>
+  - removed docs/htmldocs and docs/manpages from /usr/share/docs
+    These het installed in /usr/share/swat already
+  - Fix for codepages and src not getting installed in the RPM
+  - Fixed minor typos
+
+* Mon Apr 23 2001 Gerald (Jerry) Carter <jerry@samba.org>
+  - Added a few bug fixes to release the first Mandrake RPMS
+
 * Sat Apr 14 2001 John H Terpstra <jht@samba.org>
- - Added official samba-team support for Mandrakesoft
+  - Added official samba-team support for Mandrakesoft
 	- We get a lot of requests for this!
 
 %prep
-%setup -n samba
+%setup
 
 %build
 cd source
@@ -63,21 +68,22 @@ EXTRA="-D_LARGEFILE64_SOURCE"
 NUMCPU=`grep processor /proc/cpuinfo | wc -l`
 
 CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
-        --prefix=%{prefix} \
+	--prefix=%{prefix} \
 	--with-fhs \
-        --libdir=/etc \
+	--libdir=/etc/samba \
 	--localstatedir=/var \
+	--with-codepagedir=%{prefix}/share/samba/codepages \
 	--with-configdir=/etc/samba \
-        --with-lockdir=/var/lock/samba \
-        --with-privatedir=/etc/samba \
-        --with-swatdir=%{prefix}/share/swat \
-        --with-quotas \
-        --with-smbmount \
-        --with-pam \
-        --with-syslog \
-        --with-utmp \
-        --with-netatalk \
-        --with-sambabook=%{prefix}/share/swat/using_samba
+	--with-lockdir=/var/lock/samba \
+	--with-swatdir=%{prefix}/share/swat \
+	--with-quotas \
+	--with-smbmount \
+	--with-pam \
+	--with-pam_smbpass \
+	--with-syslog \
+	--with-utmp \
+	--with-netatalk \
+	--with-sambabook=%{prefix}/share/swat/using_samba
 
 make -j${NUMCPU} proto
 make -j${NUMCPU} all smbfilter nsswitch/libnss_wins.so debug2html
@@ -85,13 +91,15 @@ make -j${NUMCPU} all smbfilter nsswitch/libnss_wins.so debug2html
 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,samba/codepages}
+mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,samba,xinetd.d}
+mkdir -p $RPM_BUILD_ROOT/etc/samba/security
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-mkdir -p $RPM_BUILD_ROOT/lib
+mkdir -p $RPM_BUILD_ROOT/lib/security
 mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin}
 mkdir -p $RPM_BUILD_ROOT/home/samba
 mkdir -p $RPM_BUILD_ROOT/sbin
 mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include}
+mkdir -p $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src 
 mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs}
 mkdir -p $RPM_BUILD_ROOT%{prefix}/share/man/{man1,man5,man7,man8}
 mkdir -p $RPM_BUILD_ROOT/var/lock/samba
@@ -100,40 +108,32 @@ mkdir -p $RPM_BUILD_ROOT/var/spool/samba
 
 # Install standard binary files
 for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \
-      make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool
+   make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool \
+   smbmount smbumount smbmnt
 do
-install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin
+	install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin
 done
-for i in addtosmbpass mksmbpasswd.sh smbtar 
+for i in smbtar
 do
-install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin
+	install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin
 done
 
 # Install secure binary files
-for i in smbd nmbd swat smbmount smbumount smbmnt debug2html \
-      smbfilter
+for i in smbd nmbd swat debug2html smbfilter
 do
-install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin
+	install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin
 done
 
 # we need a symlink for mount to recognise the smb and smbfs filesystem types
-ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
-ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb
+ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
+ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb
 
-# Install level 1 man pages
-for i in *.1
-do
-install -m644 docs/manpages/$i $RPM_BUILD_ROOT%{prefix}/share/man/man1
-done
- 
 # Install codepage source files
-for i in 437 737 775 850 852 861 866 932 936 949 950 1251
-do
-install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT/etc/codepages/src
+for i in 437 737 775 850 852 861 866 932 936 949 950 1251; do
+	install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src
 done
-for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R
-do
-install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROOT/etc/codepages/src
+for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R; do
+	install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src
 done
 
 # Install the nsswitch library extenstion file
@@ -141,40 +141,43 @@ install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
 # Make link for wins resolver
 ( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; )
 
+# PAM Authentication file
+install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security
+
 # Install SWAT helper files
-for i in swat/help/*.html docs/htmldocs/*.html
-do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help
+for i in swat/help/*.html docs/htmldocs/*.html; do
+	install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help
 done
-for i in swat/images/*.gif
-do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images
+for i in swat/images/*.gif; do
+	install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images
 done
-for i in swat/include/*.html
-do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include
+for i in swat/include/*.html; do
+	install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include
 done
 
 # This is the O'Reily Samba Book - on-line
-for i in docs/htmldocs/using_samba/*.html
-do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba
+for i in docs/htmldocs/using_samba/*.html; do
+	install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba
 done
-for i in docs/htmldocs/using_samba/figs/*.gif
-do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/figs
+for i in docs/htmldocs/using_samba/figs/*.gif; do
+	install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/figs
 done
-for i in docs/htmldocs/using_samba/gifs/*.gif
-do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/gifs
+for i in docs/htmldocs/using_samba/gifs/*.gif; do
+	install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/gifs
 done
 
 # Install the miscellany
 install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat
+# Install level 1 man pages
+for i in *.1; do
+	install -m644 docs/manpages/$i $RPM_BUILD_ROOT%{prefix}/share/man/man1
+done
 install -m644 docs/manpages/smb.conf.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5
 install -m644 docs/manpages/lmhosts.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5
 install -m644 docs/manpages/smbpasswd.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5
+
 install -m644 docs/manpages/samba.7 $RPM_BUILD_ROOT%{prefix}/share/man/man7
+
 install -m644 docs/manpages/smbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/nmbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbpasswd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
@@ -182,12 +185,14 @@ install -m644 docs/manpages/swat.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbmount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbmnt.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbumount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/smbspool.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+
 install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat
+
 install -m644 packaging/Mandrake/smb.con* $RPM_BUILD_ROOT/etc/samba/
 install -m644 packaging/Mandrake/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers
 install -m755 packaging/Mandrake/smbprint $RPM_BUILD_ROOT%{prefix}/bin
 install -m755 packaging/Mandrake/findsmb $RPM_BUILD_ROOT%{prefix}/bin
-install -m755 packaging/Mandrake/smbadduser $RPM_BUILD_ROOT%{prefix}/bin
 install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb
 install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba
 install -m644 packaging/Mandrake/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba
@@ -195,9 +200,12 @@ install -m644 packaging/Mandrake/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba
 install -m644 packaging/Mandrake/samba.xinetd $RPM_BUILD_ROOT/etc/xinetd.d/swat
 echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/samba/lmhosts
 
-# Link smbmount to /sbin/mount.smb and /sbin/mount.smbfs
-ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb
-ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
+##
+## remove these directories so they don't get installed twice
+##
+/bin/rm -rf docs/htmldocs
+/bin/rm -rf docs/manpages
+
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -207,14 +215,14 @@ rm -rf $RPM_BUILD_ROOT
 /sbin/chkconfig smb off
 
 # Build codepage load files
-cd /etc
+cd %{prefix}/share/samba/codepages
 for i in 437 737 775 850 852 861 866 932 936 949 950 1251
 do
-%{prefix}/bin/make_smbcodepage c $i /etc/codepages/src/codepage_def.$i /etc/codepages/codepage.$i
+%{prefix}/bin/make_smbcodepage c $i %{prefix}/share/samba/codepages/src/codepage_def.$i %{prefix}/share/samba/codepages/codepage.$i
 done
 for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R
 do
-%{prefix}/bin/make_unicodemap $i /etc/codepages/src/CP$i.TXT /etc/codepages/unicode_map.$i
+%{prefix}/bin/make_unicodemap $i %{prefix}/share/samba/codepages/src/CP$i.TXT %{prefix}/share/samba/codepages/unicode_map.$i
 done
 
 # Add swat entry to /etc/services if not already there
@@ -222,25 +230,14 @@ if !( grep ^[:space:]*swat /etc/services > /dev/null ) then
 	echo 'swat		901/tcp				# Add swat service used via inetd' >> /etc/services
 fi
 
-# Add swat entry to /etc/inetd.conf if needed
-if [ -f /etc/inetd.conf ]; then
-	if !( grep ^[:space:]*swat /etc/inetd.conf > /dev/null ) then
-		echo '#swat	stream	tcp	nowait.400	root	%{prefix}/sbin/swat swat' >> /etc/inetd.conf
-	killall -1 inetd || :
-	fi
-fi
-
 %preun
 if [ $1 = 0 ] ; then
     /sbin/chkconfig --del smb
 
-    # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba!
+    # We want to remove the browse.dat file
     if [ -e /var/lock/samba/browse.dat ]; then
 	    rm -f /var/lock/samba/browse.dat
     fi
-    if [ -e /var/lock/samba/wins.dat ]; then
-	    rm -f /var/lock/samba/wins.dat
-    fi
 fi
 
 %postun
@@ -259,10 +256,6 @@ if [ $1 = 0 ] ; then
     # Remove swat entries from /etc/inetd.conf and /etc/services
     cd /etc
     tmpfile=/etc/tmp.$$
-	if [ -f /etc/inetd.conf ]; then
-      sed -e '/^[:space:]*swat.*$/d' /etc/inetd.conf > $tmpfile
-      mv $tmpfile inetd.conf
-	fi
     sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile
     mv $tmpfile services
 fi
@@ -282,14 +275,13 @@ fi
 %attr(-,root,root) /sbin/*
 %attr(-,root,root) %{prefix}/bin/*
 %attr(755,root,root) /lib/*
-%attr(-,root,root) %{prefix}/share/samba/swat/help/*
-%attr(-,root,root) %{prefix}/share/samba/swat/images/*
-%attr(-,root,root) %{prefix}/share/samba/swat/include/*
-%attr(-,root,root) %{prefix}/share/samba/swat/using_samba/*
+%attr(-,root,root) %{prefix}/share/swat/help/*
+%attr(-,root,root) %{prefix}/share/swat/images/*
+%attr(-,root,root) %{prefix}/share/swat/include/*
+%attr(-,root,root) %{prefix}/share/swat/using_samba/*
 %attr(-,root,root) %config(noreplace) /etc/samba/lmhosts
 %attr(-,root,root) %config(noreplace) /etc/samba/smb.conf
 %attr(-,root,root) %config(noreplace) /etc/samba/smbusers
-%attr(-,root,root) /etc/samba/smb.conf.sample
 %attr(-,root,root) /etc/rc.d/init.d/smb
 %attr(-,root,root) /etc/logrotate.d/samba
 %attr(-,root,root) %config(noreplace) /etc/pam.d/samba
@@ -297,8 +289,9 @@ fi
 %attr(-,root,root) %{prefix}/share/man/man5/*
 %attr(-,root,root) %{prefix}/share/man/man7/*
 %attr(-,root,root) %{prefix}/share/man/man8/*
-%attr(-,root,root) %dir %{prefix}/share/samba/codepages/*
-%attr(-,root,root) %dir %{prefix}/share/samba/codepages/src/*
+%attr(-,root,root) %dir /etc/samba/
+%attr(-,root,root) %dir /usr/share/samba/codepages/*
+%attr(-,root,root) %dir /usr/share/samba/codepages/src/*
 %attr(-,root,root) %dir /var/lock/samba
 %attr(-,root,root) %dir /var/log/samba
 %attr(1777,root,root) %dir /var/spool/samba
diff --git a/packaging/Mandrake/smb.conf b/packaging/Mandrake/smb.conf
index 4098e8d0dae..a14e90ec16b 100644
--- a/packaging/Mandrake/smb.conf
+++ b/packaging/Mandrake/smb.conf
@@ -1,51 +1,320 @@
-# Samba config file created using SWAT
-# from localhost (127.0.0.1)
-
-# Global parameters
+# This is the main Samba configuration file. You should read the
+# smb.conf(5) manual page in order to understand the options listed
+# here. Samba has a huge number of configurable options (perhaps too
+# many!) most of which are not shown in this example
+#
+# Any line which starts with a ; (semi-colon) or a # (hash) 
+# is a comment and is ignored. In this example we will use a #
+# for commentry and a ; for parts of the config file that you
+# may wish to enable
+#
+# NOTE: Whenever you modify this file you should run the command "testparm"
+# to check that you have not made any basic syntactic errors. 
+#
+#======================= Global Settings =====================================
 [global]
-	workgroup = MDKGROUP
-	server string = Samba Server on Mandrake Linux
-	encrypt passwords = Yes
-	smb passwd file = /etc/samba/smbpasswd
-	username map = /etc/samba/smbusers
-	password level = 8
-	username level = 8
-	log file = /var/log/samba/log.%m
-	max log size = 50
-	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
-	printcap name = lpstat
-	dns proxy = No
-	printing = cups
 
+# workgroup = NT-Domain-Name or Workgroup-Name
+   workgroup = MDKGROUP
+
+# server string is the equivalent of the NT Description field
+   server string = Samba Server %v
+
+# This option is important for security. It allows you to restrict
+# connections to machines which are on your local network. The
+# following example restricts access to two C class networks and
+# the "loopback" interface. For more examples of the syntax see
+# the smb.conf man page
+;   hosts allow = 192.168.1. 192.168.2. 127.
+
+# Enabling internationalization:
+# you can match a Windows code page with a UNIX character set.
+# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
+# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
+# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
+# 950 (Trad. Chin.).
+# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
+# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
+# This is an example for french users:
+;   client code page = 850
+;   character set = ISO8859-1
+
+
+# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
+# (as cups is now used in linux-mandrake 7.2 by default)
+# if you want to automatically load your printer list rather
+# than setting them up individually then you'll need this
+   printcap name = lpstat
+   load printers = yes
+
+# It should not be necessary to spell out the print system type unless
+# yours is non-standard. Currently supported print systems include:
+# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
+   printing = cups
+
+
+# Uncomment this if you want a guest account, you must add this to /etc/passwd
+# otherwise the user "nobody" is used
+;  guest account = pcguest
+
+# this tells Samba to use a separate log file for each machine
+# that connects
+   log file = /var/log/samba/log.%m
+
+# Put a capping on the size of the log files (in Kb).
+   max log size = 50
+
+# Security mode. Most people will want user level security. See
+# security_level.txt for details.
+   security = user
+# Use password server option only with security = server
+;   password server = <NT-Server-Name>
+
+# Password Level allows matching of _n_ characters of the password for
+# all combinations of upper and lower case.
+;  password level = 8
+;  username level = 8
+
+# You may wish to use password encryption. Please read
+# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
+# Do not enable this option unless you have read those documents
+;  encrypt passwords = yes
+;  smb passwd file = /etc/samba/private/smbpasswd
+
+# The following are needed to allow password changing from Windows to
+# update the Linux sytsem password also.
+# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
+# NOTE2: You do NOT need these to allow workstations to change only
+#        the encrypted SMB passwords. They allow the Unix password
+#        to be kept in sync with the SMB password.
+;  unix password sync = Yes
+;  passwd program = /usr/bin/passwd %u
+;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
+
+# Unix users can map to different SMB User names
+;  username map = /etc/smbusers
+
+# Using the following line enables you to customise your configuration
+# on a per machine basis. The %m gets replaced with the netbios name
+# of the machine that is connecting
+;   include = /etc/smb.conf.%m
+
+# Most people will find that this option gives better performance.
+# See speed.txt and the manual pages for details
+   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
+
+# Configure Samba to use multiple interfaces
+# If you have multiple network interfaces then you must list them
+# here. See the man page for details.
+;   interfaces = 192.168.12.2/24 192.168.13.2/24 
+
+# Configure remote browse list synchronisation here
+#  request announcement to, or browse list sync from:
+#	a specific host or from / to a whole subnet (see below)
+;   remote browse sync = 192.168.3.25 192.168.5.255
+# Cause this host to announce itself to local subnets here
+;   remote announce = 192.168.1.255 192.168.2.44
+
+# Browser Control Options:
+# set local master to no if you don't want Samba to become a master
+# browser on your network. Otherwise the normal election rules apply
+;   local master = no
+
+# OS Level determines the precedence of this server in master browser
+# elections. The default value should be reasonable
+;   os level = 33
+
+# Domain Master specifies Samba to be the Domain Master Browser. This
+# allows Samba to collate browse lists between subnets. Don't use this
+# if you already have a Windows NT domain controller doing this job
+;   domain master = yes 
+
+# Preferred Master causes Samba to force a local browser election on startup
+# and gives it a slightly higher chance of winning the election
+;   preferred master = yes
+
+# Enable this if you want Samba to be a domain logon server for 
+# Windows95 workstations. 
+;   domain logons = yes
+
+# if you enable domain logons then you may want a per-machine or
+# per user logon script
+# run a specific logon batch file per workstation (machine)
+;   logon script = %m.bat
+# run a specific logon batch file per username
+;   logon script = %U.bat
+
+# Where to store roving profiles (only for Win95 and WinNT)
+#        %L substitutes for this servers netbios name, %U is username
+#        You must uncomment the [Profiles] share below
+;   logon path = \\%L\Profiles\%U
+
+# All NetBIOS names must be resolved to IP Addresses
+# 'Name Resolve Order' allows the named resolution mechanism to be specified
+# the default order is "host lmhosts wins bcast". "host" means use the unix
+# system gethostbyname() function call that will use either /etc/hosts OR
+# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
+# and the /etc/resolv.conf file. "host" therefore is system configuration
+# dependant. This parameter is most often of use to prevent DNS lookups
+# in order to resolve NetBIOS names to IP Addresses. Use with care!
+# The example below excludes use of name resolution for machines that are NOT
+# on the local network segment
+# - OR - are not deliberately to be known via lmhosts or via WINS.
+; name resolve order = wins lmhosts bcast
+
+# Windows Internet Name Serving Support Section:
+# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
+;   wins support = yes
+
+# WINS Server - Tells the NMBD components of Samba to be a WINS Client
+#	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
+;   wins server = w.x.y.z
+
+# WINS Proxy - Tells Samba to answer name resolution queries on
+# behalf of a non WINS capable client, for this to work there must be
+# at least one	WINS Server on the network. The default is NO.
+;   wins proxy = yes
+
+# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
+# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
+# this has been changed in version 1.9.18 to no.
+   dns proxy = no 
+
+# Case Preservation can be handy - system default is _no_
+# NOTE: These can be set on a per share basis
+;  preserve case = no
+;  short preserve case = no
+# Default case is normally upper case for all DOS files
+;  default case = lower
+# Be very careful with case sensitivity - it can break things!
+;  case sensitive = no
+
+#============================ Share Definitions ==============================
 [homes]
-	comment = Home Directories
-	read only = No
-	browseable = No
+   comment = Home Directories
+   browseable = no
+   writable = yes
 
-[netlogon]
-	comment = Network Logon Service
-	path = /home/samba/netlogon
-	guest ok = Yes
-	share modes = No
+# Un-comment the following and create the netlogon directory for Domain Logons
+; [netlogon]
+;   comment = Network Logon Service
+;   path = /var/lib/samba/netlogon
+;   guest ok = yes
+;   writable = no
+;   share modes = no
 
-[Profiles]
-	path = /home/samba/profiles
-	guest ok = Yes
-	browseable = No
+#Uncomment the following 2 lines if you would like your login scripts to
+#be created dynamically by ntlogon (check that you have it in the correct
+#locationn (the default of the ntlogon rpm available in contribs)
+;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon
+;root postexec = rm -f /var/lib/samba/netlogon/%U.bat
 
+# Un-comment the following to provide a specific roving profile share
+# the default is to use the user's home directory
+;[Profiles]
+;    path = /var/lib/samba/profiles
+;    browseable = no
+;    guest ok = yes
+
+
+# NOTE: If you have a CUPS print system there is no need to 
+# specifically define each individual printer.
+# You must configure the samba printers with the appropriate Windows
+# drivers on your Windows clients. On the Samba server no filtering is
+# done. If you wish that the server provides the driver and the clients
+# send PostScript ("Generic PostScript Printer" under Windows), you have
+# to swap the 'print command' line below with the commented one.
 [printers]
-	comment = All Printers
-	path = /var/spool/samba
-	create mask = 0700
-	guest ok = Yes
-	printable = Yes
-	print command = lpr-cups -P %p -o raw %s
-	lpq command = lpstat -o %p
-	lprm command = cancel %p-%j
-	browseable = No
-
-[public]
-	comment = Public Stuff
-	path = /home/samba
-	write list = @staff
-	guest ok = Yes
+   comment = All Printers
+   path = /var/spool/samba
+   browseable = no
+# to allow user 'guest account' to print.
+   guest ok = yes
+   writable = no
+   printable = yes
+   create mode = 0700
+# =====================================
+# print command: see above for details.
+# =====================================
+   print command = lpr-cups -P %p -o raw %s -r	 # using client side printer drivers.
+;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
+   lpq command = lpstat -o %p
+   lprm command = cancel %p-%j
+
+# This one is useful for people to share files
+;[tmp]
+;   comment = Temporary file space
+;   path = /tmp
+;   read only = no
+;   public = yes
+
+# A publicly accessible directory, but read only, except for people in
+# the "staff" group
+;[public]
+;   comment = Public Stuff
+;   path = /home/samba/public
+;   public = yes
+;   writable = no
+;   write list = @staff
+
+# Other examples. 
+#
+# A private printer, usable only by fred. Spool data will be placed in fred's
+# home directory. Note that fred must have write access to the spool directory,
+# wherever it is.
+;[fredsprn]
+;   comment = Fred's Printer
+;   valid users = fred
+;   path = /homes/fred
+;   printer = freds_printer
+;   public = no
+;   writable = no
+;   printable = yes
+
+# A private directory, usable only by fred. Note that fred requires write
+# access to the directory.
+;[fredsdir]
+;   comment = Fred's Service
+;   path = /usr/somewhere/private
+;   valid users = fred
+;   public = no
+;   writable = yes
+;   printable = no
+
+# a service which has a different directory for each machine that connects
+# this allows you to tailor configurations to incoming machines. You could
+# also use the %u option to tailor it by user name.
+# The %m gets replaced with the machine name that is connecting.
+;[pchome]
+;  comment = PC Directories
+;  path = /usr/pc/%m
+;  public = no
+;  writable = yes
+
+# A publicly accessible directory, read/write to all users. Note that all files
+# created in the directory by users will be owned by the default user, so
+# any user with access can delete any other user's files. Obviously this
+# directory must be writable by the default user. Another user could of course
+# be specified, in which case all files would be owned by that user instead.
+;[public]
+;   path = /usr/somewhere/else/public
+;   public = yes
+;   only guest = yes
+;   writable = yes
+;   printable = no
+
+# The following two entries demonstrate how to share a directory so that two
+# users can place files there that will be owned by the specific users. In this
+# setup, the directory should be writable by both users and should have the
+# sticky bit set on it to prevent abuse. Obviously this could be extended to
+# as many users as required.
+;[myshare]
+;   comment = Mary's and Fred's stuff
+;   path = /usr/somewhere/shared
+;   valid users = mary fred
+;   public = no
+;   writable = yes
+;   printable = no
+;   create mask = 0765
+
+
diff --git a/packaging/Mandrake/smb.init b/packaging/Mandrake/smb.init
index 09ece8db1e0..8855f04efba 100755
--- a/packaging/Mandrake/smb.init
+++ b/packaging/Mandrake/smb.init
@@ -26,65 +26,68 @@ RETVAL=0
 
 
 start() {
-      echo -n "Starting SMB services: "
-      daemon smbd -D
-      RETVAL=$?
-      echo
-      echo -n "Starting NMB services: "
-      daemon nmbd -D
-      RETVAL2=$?
-      echo
-      [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \
-         RETVAL=1
-      return $RETVAL
-}
+	echo -n "Starting SMB services: "
+	daemon smbd -D 	
+	RETVAL=$?
+	echo
+	echo -n "Starting NMB services: "
+	daemon nmbd -D 
+	RETVAL2=$?
+	echo
+	[ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \
+	   RETVAL=1
+	return $RETVAL
+}	
 stop() {
-      echo -n "Shutting down SMB services: "
-      killproc smbd
-      RETVAL=$?
-      echo
-      echo -n "Shutting down NMB services: "
-      killproc nmbd
-      RETVAL2=$?
-      [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb
-      echo ""
-      return $RETVAL
-}
+	echo -n "Shutting down SMB services: "
+	killproc smbd
+	RETVAL=$?
+	echo
+	echo -n "Shutting down NMB services: "
+	killproc nmbd
+	RETVAL2=$?
+	[ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb
+	echo ""
+	return $RETVAL
+}	
 restart() {
-      stop
-      start
-}
+	stop
+	start
+}	
 reload() {
         echo -n "Reloading smb.conf file: "
-      killproc smbd -HUP
-      RETVAL=$?
-      echo
-      return $RETVAL
-}
+	killproc smbd -HUP
+	RETVAL=$?
+	echo
+	return $RETVAL
+}	
 mdkstatus() {
-      status smbd
-      status nmbd
-}
+	status smbd
+	status nmbd
+}	
 
-
-# See how we were called.
 case "$1" in
-	start)
-	    start
-	    ;;
-	stop)
-	    stop
-	    ;;
-	restart)
-	    restart
-	    ;;
-	reload)
-	    reload
-	    ;;
-	status)
-	    mdkstatus
-	    ;;
-	condrestart)
-	    [ -f /var/lock/subsys/smb ] && restart || :
-	    ;;
-	*)
+  start)
+  	start
+	;;
+  stop)
+  	stop
+	;;
+  restart)
+  	restart
+	;;
+  reload)
+  	reload
+	;;
+  status)
+  	mdkstatus
+	;;
+  condrestart)
+  	[ -f /var/lock/subsys/smb ] && restart || :
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart|status|condrestart}"
+	exit 1
+esac
+
+exit $?
diff --git a/packaging/PHT/TurboLinux/samba.pamd b/packaging/PHT/TurboLinux/samba.pamd
index 1b4a93fb19e..225ab724ec9 100644
--- a/packaging/PHT/TurboLinux/samba.pamd
+++ b/packaging/PHT/TurboLinux/samba.pamd
@@ -1,4 +1,11 @@
-auth		required	/lib/security/pam_pwdb.so nullok shadow
-account		required	/lib/security/pam_pwdb.so
-session		required	/lib/security/pam_pwdb.so
-password	required	/lib/security/pam_pwdb.so
+#%PAM-1.0
+#[For version 1.0 syntax, the above header is optional]
+#
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay # shadow audit
+# auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so # shadow md5
+#password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf
diff --git a/packaging/PHT/TurboLinux/samba2.spec.tmpl b/packaging/PHT/TurboLinux/samba2.spec.tmpl
index fd89c16f38b..0633f62a7e7 100644
--- a/packaging/PHT/TurboLinux/samba2.spec.tmpl
+++ b/packaging/PHT/TurboLinux/samba2.spec.tmpl
@@ -194,13 +194,14 @@ autoheader
 NUMCPU=`grep processor /proc/cpuinfo | wc -l`
 CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
 	--prefix=%{prefix} \
-	--libdir=/etc \
+	--libdir=/etc/samba \
 	--with-lockdir=/var/lock/samba \
 	--with-privatedir=/etc \
 	--with-swatdir=%{prefix}/share/swat \
 	--with-quotas \
 	--with-smbmount \
 	--with-pam \
+	--with-pam_smbpass \
 	--with-profile \
 	--with-syslog \
 	--with-utmp \
@@ -214,7 +215,8 @@ make -j${NUMCPU} debug2html
 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/sbin
-mkdir -p $RPM_BUILD_ROOT/etc/codepages/src
+mkdir -p $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src
+mkdir -p $RPM_BUILD_ROOT/etc/samba
 mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d}
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 mkdir -p $RPM_BUILD_ROOT/lib
@@ -254,11 +256,11 @@ done
 # Install codepage source files
 for i in 437 737 775 850 852 861 866 932 936 949 950 1251
 do
-install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT/etc/codepages/src
+install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT%{prefix}/samba/codepages/src
 done
 for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R
 do
-install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROOT/etc/codepages/src
+install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROO%{prefix}/samba/codepages/src
 done
 
 # Install the nsswitch library extension file
@@ -266,6 +268,9 @@ install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
 # Make link for wins resolver
 ( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; )
 
+# Install PAM pam_smbpass.so
+install -m644 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security
+
 # Install SWAT helper files
 for i in swat/help/*.html docs/htmldocs/*.html
 do
@@ -307,8 +312,8 @@ install -m644 docs/manpages/swat.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbmount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbmnt.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
 install -m644 docs/manpages/smbumount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
-install -m644 packaging/PHT/TurboLinux/smb.conf $RPM_BUILD_ROOT/etc/smb.conf
-install -m644 packaging/PHT/TurboLinux/smbusers $RPM_BUILD_ROOT/etc/smbusers
+install -m644 packaging/PHT/TurboLinux/smb.conf $RPM_BUILD_ROOT/etc/samba/smb.conf
+install -m644 packaging/PHT/TurboLinux/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers
 install -m755 packaging/PHT/TurboLinux/smbprint $RPM_BUILD_ROOT%{prefix}/bin
 install -m755 packaging/PHT/TurboLinux/findsmb $RPM_BUILD_ROOT%{prefix}/bin
 install -m755 packaging/PHT/TurboLinux/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb
@@ -329,14 +334,14 @@ rm -rf $RPM_BUILD_ROOT
 /sbin/chkconfig smb off
 
 # Build codepage load files
-cd /etc
+cd %{prefix}/share/samba
 for i in 437 737 775 850 852 861 866 932 936 949 950 1251
 do
-%{prefix}/bin/make_smbcodepage c $i /etc/codepages/src/codepage_def.$i /etc/codepages/codepage.$i
+%{prefix}/bin/make_smbcodepage c $i %{prefix}/share/samba/codepages/src/codepage_def.$i %{prefix}/share/samba/codepages/codepage.$i
 done
 for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R
 do
-%{prefix}/bin/make_unicodemap $i /etc/codepages/src/CP$i.TXT /etc/codepages/unicode_map.$i
+%{prefix}/bin/make_unicodemap $i %{prefix}/share/samba/codepages/src/CP$i.TXT %{prefix}/share/samba/codepages/unicode_map.$i
 done
 
 # Add swat entry to /etc/services if not already there
@@ -361,8 +366,8 @@ fi
 if [ $1 = 0 ] ; then
     /sbin/chkconfig --del smb
 
-    for n in /etc/codepages/*; do
-        if [ $n != /etc/codepages/src ]; then
+    for n in %{prefix}/share/samba/codepages/*; do
+        if [ $n != %{prefix}/share/samba/codepages/src ]; then
             rm -rf $n
         fi
     done
@@ -384,8 +389,18 @@ if [ $1 = 0 ] ; then
     if [ -e /var/log/samba ]; then
       rm -rf /var/log/samba
     fi
-    if [ -e /var/lock/samba ]; then
-      rm -rf /var/lock/samba
+
+# Note: We MUST keep:
+#	winbindd_*, sshare_info*, printing*, ntdrivers*
+
+    if [ -x /var/lock/samba ]; then
+      rm -f /var/lock/samba/browse.dat 
+      rm -f /var/lock/samba/{brlock,connections,locking,messages}.tdb
+      if [ -e /var/lock/samba.d/namelist.debug ]; then
+	rm -f /var/lock/samba.d/namelist.debug
+      fi
+      rm -f /var/lock/samba/unexpected.tdb
+      rm -f /var/lock/samba/{smbd,nmbd}.pid
     fi
 
     # Remove swat entries from /etc/inetd.conf and /etc/services
@@ -437,19 +452,20 @@ fi
 %attr(-,root,root) %{prefix}/bin/smbspool
 %attr(-,root,root) %{prefix}/bin/smbadduser
 %attr(755,root,root) /lib/libnss_wins.s*
+%attr(755,root,root) /lib/security/pam_smbpass.so
 %attr(-,root,root) %{prefix}/share/swat/help/*
 %attr(-,root,root) %{prefix}/share/swat/images/*
 %attr(-,root,root) %{prefix}/share/swat/include/header.html
 %attr(-,root,root) %{prefix}/share/swat/include/footer.html
 %attr(-,root,root) %{prefix}/share/swat/using_samba/*
-%attr(-,root,root) %config(noreplace) /etc/lmhosts
-%attr(-,root,root) %config(noreplace) /etc/smb.conf
-%attr(-,root,root) %config(noreplace) /etc/smbusers
+%attr(-,root,root) %config(noreplace) /etc/samba/lmhosts
+%attr(-,root,root) %config(noreplace) /etc/samba/smb.conf
+%attr(-,root,root) %config(noreplace) /etc/samba/smbusers
 %attr(-,root,root) /etc/rc.d/init.d/smb
 %attr(-,root,root) /etc/logrotate.d/samba
 %attr(-,root,root) /etc/pam.d/samba
-%attr(-,root,root) /etc/codepages/src/codepage_def.*
-%attr(-,root,root) /etc/codepages/src/CP*
+%attr(-,root,root) %{prefix}/share/samba/codepages/src/codepage_def.*
+%attr(-,root,root) %{prefix}/share/samba/codepages/src/CP*
 # %attr(-,root,root) %{prefix}/share/man/man1/smbsh.1
 %attr(-,root,root) %{prefix}/share/man/man1/make_smbcodepage.1
 %attr(-,root,root) %{prefix}/share/man/man1/make_unicodemap.1
@@ -469,8 +485,8 @@ fi
 %attr(-,root,root) %{prefix}/share/man/man8/smbpasswd.8
 %attr(-,root,root) %{prefix}/share/man/man8/swat.8
 %attr(-,root,nobody) %dir /home/samba
-%attr(-,root,root) %dir /etc/codepages
-%attr(-,root,root) %dir /etc/codepages/src
+%attr(-,root,root) %dir %{prefix}/share/samba/codepages
+%attr(-,root,root) %dir %{prefix}/share/samba/codepages/src
 %attr(-,root,root) %dir /var/lock/samba
 %attr(-,root,root) %dir /var/log/samba
 %attr(1777,root,root) %dir /var/spool/samba
diff --git a/packaging/RedHat/samba.log b/packaging/RedHat/samba.log
index c8ab3852e27..4b244099c4f 100644
--- a/packaging/RedHat/samba.log
+++ b/packaging/RedHat/samba.log
@@ -1,10 +1,10 @@
-/var/log/samba/log.nmb {
+/var/log/samba/log.nmbd {
     postrotate
 	/usr/bin/killall -HUP nmbd
     endscript
 }
 
-/var/log/samba/log.smb {
+/var/log/samba/log.smbd {
     postrotate
 	/usr/bin/killall -HUP smbd
     endscript
diff --git a/packaging/RedHat/samba.pamd b/packaging/RedHat/samba.pamd
index 1b4a93fb19e..bf7a5b392ca 100644
--- a/packaging/RedHat/samba.pamd
+++ b/packaging/RedHat/samba.pamd
@@ -1,4 +1,4 @@
-auth		required	/lib/security/pam_pwdb.so nullok shadow
+auth		required	/lib/security/pam_pwdb.so nullok
 account		required	/lib/security/pam_pwdb.so
 session		required	/lib/security/pam_pwdb.so
-password	required	/lib/security/pam_pwdb.so
+password	required	/lib/security/pam_pwdb.so # shadow md5 nullok audit
diff --git a/packaging/RedHat/samba2.spec.tmpl b/packaging/RedHat/samba2.spec.tmpl
index d1edfa4562c..44a8fe998e3 100644
--- a/packaging/RedHat/samba2.spec.tmpl
+++ b/packaging/RedHat/samba2.spec.tmpl
@@ -160,7 +160,8 @@ CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
 	--with-syslog \
 	--with-utmp \
 	--with-netatalk \
-	--with-sambabook=%{prefix}/share/swat/using_samba
+	--with-sambabook=%{prefix}/share/swat/using_samba \
+	--with-swatdir=%{prefix}/share/swat
 make -j${NUMCPU} proto
 make -j${NUMCPU} all nsswitch/libnss_wins.so
 make -j${NUMCPU} debug2html
diff --git a/packaging/SGI/idb.pl b/packaging/SGI/idb.pl
index 82a49ee31a8..ba051495091 100755
--- a/packaging/SGI/idb.pl
+++ b/packaging/SGI/idb.pl
@@ -101,6 +101,7 @@ chdir $curdir;
 # the "*.doc" files from the source tree
 @docs = sort byfilename grep (!/^docs\/$/ & (/^source\/.*\.doc$/ | /^docs\//),@allfiles);
 @docs = grep(!/htmldocs\/using_samba/, @docs);
+@docs = grep(!/docbook/, @docs);
 
 @swatfiles = sort grep(/^packaging\/SGI\/swat/, @allfiles);
 @catman = sort grep(/^packaging\/SGI\/catman/ & !/\/$/, @allfiles);
@@ -133,7 +134,6 @@ else {
 }
 
 print IDB "d 0755 root sys usr/samba $SRCPFX/packaging/SGI $PKG.sw.base\n";
-print IDB "f 0444 root sys usr/samba/README $SRCPFX/packaging/SGI/README $PKG.sw.base\n";
 
 print IDB "d 0755 root sys usr/samba/bin $SRCPFX/packaging/SGI $PKG.sw.base\n";
 while(@bins) {
diff --git a/packaging/SGI/smbprint b/packaging/SGI/smbprint
index 0db8b6f7e3a..07923a42b1e 100644
--- a/packaging/SGI/smbprint
+++ b/packaging/SGI/smbprint
@@ -49,6 +49,6 @@ password=""
 	echo translate
 	echo "print -"
 	cat $*
-) | /usr/samba/bin/smbclient "\\\\$server\\$service" $password -N -P  > /dev/null
+) | /usr/samba/bin/smbclient "//$server/$service" $password -N  > /dev/null
 exit $?
 
diff --git a/packaging/Solaris/makepkg.sh b/packaging/Solaris/makepkg.sh
index ea15eafbc34..b57e182e4a3 100755
--- a/packaging/Solaris/makepkg.sh
+++ b/packaging/Solaris/makepkg.sh
@@ -52,6 +52,38 @@ add_dynamic_entries()
       echo f none samba/bin/$binfile=source/bin/$binfile 0755 root other
     fi
   done
+
+  # Add the scripts to bin/
+  echo "#\n# Scripts \n#"
+  cd $DISTR_BASE/source/script
+  for shfile in *
+  do
+    if [ -f $shfile ]; then
+ 	echo f none samba/bin/$shfile=source/script/$shfile 0755 root other
+    fi
+  done
+
+  # Add the manpages
+  echo "#\n# man pages \n#"
+  echo d none /usr ? ? ?
+  echo d none /usr/share ? ? ?
+  echo d none /usr/share/man ? ? ?
+
+  # Create directories for man page sections if nonexistent
+  cd $DISTR_BASE/docs/manpages
+  for i in 1 2 3 4 5 6 7 8 9
+  do
+     manpages=`ls *.$i 2>/dev/null`
+     if [ $? -eq 0 ]
+     then
+	echo d none /usr/share/man/man$i ? ? ?
+	for manpage in $manpages 
+	do
+		echo f none /usr/share/man/man${i}/${manpage}=docs/manpages/$manpage 0644 root other
+	done
+     fi
+  done
+
   echo "#\n# HTML documentation \n#"
   cd $DISTR_BASE
   list=`find docs/htmldocs -type d | grep -v "/CVS$"`
@@ -151,4 +183,3 @@ then
 	pkgtrans /tmp samba.pkg samba
 fi
 echo The samba package is in /tmp
-rm -f prototype
diff --git a/packaging/Solaris/prototype.master b/packaging/Solaris/prototype.master
index 8f98104cdde..bfcb3e00492 100644
--- a/packaging/Solaris/prototype.master
+++ b/packaging/Solaris/prototype.master
@@ -8,6 +8,7 @@
 i pkginfo=./pkginfo
 i copyright=./copyright
 i request=./request
+i checkinstall
 i preremove=./preremove
 i postinstall=./postinstall
 i i.swat=./i.swat
@@ -15,7 +16,7 @@ i r.swat=./r.swat
 #
 # Stuff that goes into the system areas of the filesystem.
 #
-d initscript /etc ? ? ?
+d none /etc ? ? ?
 d initscript /etc/init.d ? ? ?
 f initscript /etc/init.d/samba.server=packaging/Solaris/samba.server 0744 root sys
 d initscript /etc/rc3.d ? ? ?
@@ -23,8 +24,9 @@ s initscript /etc/rc3.d/S99samba.server=../init.d/samba.server
 #
 # Stuff to set up SWAT
 #
-e swat /etc/services=packaging/Solaris/services ? ? ?
-e swat /etc/inetd.conf=packaging/Solaris/inetd.conf ? ? ?
+d swat /etc/inet ? ? ?
+e swat /etc/inet/services=packaging/Solaris/services ? ? ?
+e swat /etc/inet/inetd.conf=packaging/Solaris/inetd.conf ? ? ?
 #
 # Create the samba subtree. (Usually /usr/local/samba )
 #
@@ -34,44 +36,6 @@ d none samba/bin 0755 root other
 d none samba/lib 0755 root other
 d none samba/docs 0755 root other
 #
-# Scripts
-#
-f none samba/bin/smbtar=source/script/smbtar 0755 root other
-f none samba/bin/addtosmbpass=source/script/addtosmbpass 0755 root other
-f none samba/bin/convert_smbpasswd=source/script/convert_smbpasswd 0755 root other
-f none samba/bin/mksmbpasswd.sh=source/script/mksmbpasswd.sh 0755 root other
-#
-# man pages
-#
-d none /usr ? ? ?
-d none /usr/share ? ? ?
-d none /usr/share/man ? ? ?
-d none /usr/share/man/man1 ? ? ?
-d none /usr/share/man/man5 ? ? ?
-d none /usr/share/man/man7 ? ? ?
-d none /usr/share/man/man8 ? ? ?
-f none /usr/share/man/man1/make_smbcodepage.1=docs/manpages/make_smbcodepage.1 0644 root other
-f none /usr/share/man/man1/nmblookup.1=docs/manpages/nmblookup.1 0644 root other
-f none /usr/share/man/man1/smbclient.1=docs/manpages/smbclient.1 0644 root other
-f none /usr/share/man/man1/smbrun.1=docs/manpages/smbrun.1 0644 root other
-f none /usr/share/man/man1/smbsh.1=docs/manpages/smbsh.1 0644 root other
-f none /usr/share/man/man1/smbstatus.1=docs/manpages/smbstatus.1 0644 root other
-f none /usr/share/man/man1/smbtar.1=docs/manpages/smbtar.1 0644 root other
-f none /usr/share/man/man1/testparm.1=docs/manpages/testparm.1 0644 root other
-f none /usr/share/man/man1/testprns.1=docs/manpages/testprns.1 0644 root other
-f none /usr/share/man/man5/lmhosts.5=docs/manpages/lmhosts.5 0644 root other
-f none /usr/share/man/man5/smb.conf.5=docs/manpages/smb.conf.5 0644 root other
-f none /usr/share/man/man5/smbpasswd.5=docs/manpages/smbpasswd.5 0644 root other
-f none /usr/share/man/man7/samba.7=docs/manpages/samba.7 0644 root other
-f none /usr/share/man/man8/nmbd.8=docs/manpages/nmbd.8 0644 root other
-f none /usr/share/man/man8/smbd.8=docs/manpages/smbd.8 0644 root other
-f none /usr/share/man/man8/smbmnt.8=docs/manpages/smbmnt.8 0644 root other
-f none /usr/share/man/man8/smbmount.8=docs/manpages/smbmount.8 0644 root other
-f none /usr/share/man/man8/smbpasswd.8=docs/manpages/smbpasswd.8 0644 root other
-f none /usr/share/man/man8/smbumount.8=docs/manpages/smbumount.8 0644 root other
-f none /usr/share/man/man8/swat.8=docs/manpages/swat.8 0644 root other
-f none /usr/share/man/man8/smbspool.8=docs/manpages/smbspool.8 0644 root other
-#
 # Stuff that goes into lib
 #
 f none samba/lib/smb.conf.example=examples/smb.conf.default 0644 root other
diff --git a/source/Makefile.in b/source/Makefile.in
index 4f642994924..24d8692f987 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -39,6 +39,7 @@ LIBDIR = @libdir@
 VARDIR = @localstatedir@
 CONFIGDIR = @configdir@
 MANDIR = @mandir@
+INCLUDEDIR = @includedir@
 
 # The permissions to give the executables
 INSTALLPERMS = 0755
@@ -81,11 +82,11 @@ FLAGS32  = $(ISA32) $(FLAGS5) $(PASSWD_FLAGS)
 
 SPROGS = bin/smbd bin/nmbd bin/swat
 PROGS1 = bin/smbclient bin/smbspool bin/testparm bin/testprns bin/smbstatus bin/smbcontrol @RUNPROG@
-PROGS2 = bin/smbpasswd bin/make_smbcodepage bin/rpcclient bin/make_unicodemap bin/smbcacls @WRAP@ @WRAP32@
+PROGS2 = bin/smbpasswd bin/make_smbcodepage bin/rpcclient bin/make_unicodemap bin/smbcacls @WRAP@ @WRAP32@ @PAM_MOD@
 MPROGS = @MPROGS@
-PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/make_printerdef 
+PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup 
 
-SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/convert_smbpasswd
+SCRIPTS = $(srcdir)/script/smbtar 
 
 QUOTAOBJS=@QUOTAOBJS@
 
@@ -98,7 +99,7 @@ TDB_OBJ = tdb/tdb.o tdb/spinlock.o tdb/tdbutil.o
 LIB_OBJ = lib/charcnv.o lib/charset.o lib/debug.o lib/fault.o \
           lib/getsmbpass.o lib/interface.o lib/kanji.o lib/md4.o \
           lib/interfaces.o lib/pidfile.o lib/replace.o \
-          lib/signal.o lib/slprintf.o lib/system.o lib/doscalls.o lib/time.o \
+          lib/signal.o lib/system.o lib/doscalls.o lib/time.o \
 	  lib/ufc.o lib/genrand.o lib/username.o lib/access.o lib/smbrun.o \
 	  lib/bitmap.o lib/crc32.o lib/snprintf.o lib/wins_srv.o \
 	  lib/util_array.o lib/util_str.o lib/util_sid.o \
@@ -119,12 +120,13 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
 	     libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \
 	     libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \
 	     libsmb/clitrans.o libsmb/clisecdesc.o \
-	     libsmb/namequery.o libsmb/nmblib.o \
+	     libsmb/namequery.o libsmb/nmblib.o libsmb/clistr.o \
              libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o \
              libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
 	     libsmb/passchange.o libsmb/unexpected.o $(RPC_PARSE_OBJ1)
 
 LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \
+	       libsmb/cli_netlogon.o libsmb/cli_srvsvc.o \
 	       rpc_client/cli_pipe.o
 
 RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
@@ -133,7 +135,8 @@ RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
                  rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
                  rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
                  rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
-		 rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o
+		 rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o \
+		lib/util_getent.o
 
 # this includes only the low level parse code, not stuff
 # that requires knowledge of security contexts
@@ -166,6 +169,7 @@ OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o
 NOTIFY_OBJ = smbd/notify.o smbd/notify_hash.o smbd/notify_kernel.o
 
 SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \
+	    smbd/utmp.o smbd/session.o \
             smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \
             smbd/ipc.o smbd/lanman.o smbd/mangle.o smbd/negprot.o \
             smbd/message.o smbd/nttrans.o smbd/pipes.o \
@@ -241,7 +245,8 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \
                 $(UBIQX_OBJ) $(RPC_PARSE_OBJ) $(RPC_CLIENT_OBJ) $(LIB_OBJ)
 
 RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_spoolss.o \
-		rpcclient/cmd_samr.o rpcclient/cmd_lsarpc.o
+		rpcclient/cmd_samr.o rpcclient/cmd_lsarpc.o \
+		rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o
 
 RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
@@ -258,6 +263,8 @@ SMBW_OBJ = smbwrapper/smbw.o \
 
 SMBWRAPPER_OBJ = $(SMBW_OBJ) smbwrapper/wrapped.o
 
+LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ)
+
 CLIENT_OBJ = client/client.o client/clitar.o \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \
              $(READLINE_OBJ)
@@ -325,6 +332,21 @@ NSS_OBJ = $(NSS_OBJ_0:.o=.po)
 PICOBJS = $(SMBWRAPPER_OBJ:.o=.po)
 PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32)
 
+PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
+		pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \
+		lib/debug.o lib/util_sid.o lib/messages.o lib/util_str.o \
+		lib/wins_srv.o lib/substitute.o lib/select.o lib/util.o \
+		nsswitch/wb_client.o nsswitch/wb_common.o lib/system.o \
+		lib/charset.o lib/util_file.o lib/kanji.o lib/genrand.o \
+		lib/username.o lib/charcnv.o lib/time.o lib/md4.o \
+		lib/util_unistr.o lib/signal.o lib/talloc.o lib/ms_fnmatch.o \
+		lib/util_sock.o lib/doscalls.o lib/smbrun.o lib/util_sec.o \
+		ubiqx/ubi_sLinkList.o libsmb/smbencrypt.o libsmb/smbdes.o \
+		$(PARAM_OBJ) $(TDB_OBJ) $(PASSDB_OBJ)
+
+PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0:.o=.po)
+LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.po)
+
 WINBINDD_OBJ1 = \
 		nsswitch/winbindd.o       \
 		nsswitch/winbindd_user.o  \
@@ -356,6 +378,8 @@ NSS_OBJ = $(NSS_OBJ_0:.o=.po)
 
 all : CHECK $(SPROGS) $(PROGS) 
 
+pam_smbpass : CHECK bin/pam_smbpass.@SHLIBEXT@
+
 smbwrapper : CHECK bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@
 
 smbtorture : CHECK bin/smbtorture
@@ -558,33 +582,45 @@ bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32)
 	@echo Linking shared library $@
 	@$(LD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LIBS)
 
+bin/libsmbclient.so: $(LIBSMBCLIENT_PICOBJS)
+	@echo Linking libsmbclient shared library $@
+	@$(LD) -shared -o $@ $(LIBSMBCLIENT_PICOBJS) $(LIBS) # Anything else?
+
 bin/smbsh: $(SMBSH_OBJ) bin/.dummy
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS)
 
+bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_OBJ)
+	@echo Linking shared library $@
+	$(LD) @LDSHFLAGS@ -symbolic -o $@ $(PAM_SMBPASS_OBJ) -lpam $(LIBS) -lc
+
 nsswitch/libnss_wins.so: $(NSS_OBJ)
 	@echo "Linking $@"
 	@$(LD) @LDSHFLAGS@ -o $@ $(NSS_OBJ) -lc
 
-bin/winbindd: $(WINBINDD_OBJ) bin/.dummy
-	@echo Linking $@
-	@$(LINK) -o $@ $(WINBINDD_OBJ) $(LIBS)
+#bin/winbindd: $(WINBINDD_OBJ) bin/.dummy
+#	@echo Linking $@
+#	@$(LINK) -o $@ $(WINBINDD_OBJ) $(LIBS)
 
-nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS)
-	@echo "Linking $@"
-	@$(LINK) -shared -o $@ $(WINBIND_NSS_PICOBJS)
+#nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS)
+#	@echo "Linking $@"
+#	@$(LINK) -shared -o $@ $(WINBIND_NSS_PICOBJS)
 
-nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) bin/.dummy
-	@echo Linking $@
-	@$(LINK) -shared -o $@ $(PAM_WINBIND_OBJ)
+#nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) bin/.dummy
+#	@echo Linking $@
+#	@$(LINK) -shared -o $@ $(PAM_WINBIND_OBJ)
 
-bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) $(UBIQX_OBJ) bin/.dummy
-	@echo Linking $@
-	@$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
-		$(UBIQX_OBJ) $(LIBS)
+#bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) $(UBIQX_OBJ) bin/.dummy
+#	@echo Linking $@
+#	@$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \
+#		$(UBIQX_OBJ) $(LIBS)
+
+#nsswitch: nsswitch/libnss_wins.so nsswitch/pam_winbind.so \
+#	nsswitch/libnss_winbind.so bin/wbinfo
 
-nsswitch: nsswitch/libnss_wins.so nsswitch/pam_winbind.so \
-	nsswitch/libnss_winbind.so bin/wbinfo
+bin/winbindd nsswitch/libnss_winbind.so nsswitch/pam_winbind.so bin/wbinfo nsswitch:
+	@echo The winbind code in this branch is not compilable.  Please use
+	@echo the version in HEAD CVS instead.
 
 install: installbin installman installscripts installcp installswat
 
diff --git a/source/acconfig.h b/source/acconfig.h
index d550a2c4f46..f2b812409fe 100644
--- a/source/acconfig.h
+++ b/source/acconfig.h
@@ -1,5 +1,6 @@
 #undef HAVE_VOLATILE
 #undef HAVE_BROKEN_READDIR
+#undef HAVE_C99_VSNPRINTF
 #undef HAVE_ERRNO_DECL
 #undef HAVE_LONGLONG
 #undef HAVE_OFF64_T
@@ -7,6 +8,7 @@
 #undef HAVE_UNSIGNED_CHAR
 #undef HAVE_UTIMBUF
 #undef HAVE_SIG_ATOMIC_T_TYPE
+#undef HAVE_SOCKLEN_T_TYPE
 #undef ssize_t
 #undef ino_t
 #undef ssize_t
@@ -61,6 +63,7 @@
 #undef WITH_NISPLUS
 #undef WITH_TDBPWD
 #undef WITH_PAM
+#undef WITH_PAM_SMBPASS
 #undef WITH_NISPLUS_HOME
 #undef WITH_AUTOMOUNT
 #undef WITH_SMBMOUNT
@@ -144,6 +147,10 @@
 #undef HAVE_UNIXWARE_ACLS
 #undef HAVE_SOLARIS_ACLS
 #undef HAVE_IRIX_ACLS
-#undef HAVE_XFS_ACLS
 #undef HAVE_AIX_ACLS
 #undef HAVE_NO_ACLS
+#undef HAVE_LIBPAM
+#undef HAVE_ASPRINTF_DECL
+#undef HAVE_VASPRINTF_DECL
+#undef HAVE_SNPRINTF_DECL
+#undef HAVE_VSNPRINTF_DECL
diff --git a/source/aclocal.m4 b/source/aclocal.m4
index 9a7145402a9..13788f99bea 100644
--- a/source/aclocal.m4
+++ b/source/aclocal.m4
@@ -49,6 +49,20 @@ fi
 rm -f conftest*
 ])])
 
+dnl see if a declaration exists for a function or variable
+dnl defines HAVE_function_DECL if it exists
+dnl AC_HAVE_DECL(var, includes)
+AC_DEFUN(AC_HAVE_DECL,
+[
+ AC_CACHE_CHECK([for $1 declaration],ac_cv_have_$1_decl,[
+    AC_TRY_COMPILE([$2],[int i = (int)$1],
+        ac_cv_have_$1_decl=yes,ac_cv_have_$1_decl=no)])
+ if test x"$ac_cv_have_$1_decl" = x"yes"; then
+    AC_DEFINE([HAVE_]translit([$1], [a-z], [A-Z])[_DECL])
+ fi
+])
+
+
 dnl check for a function in a library, but don't
 dnl keep adding the same library to the LIBS variable.
 dnl AC_LIBTESTFUNC(lib,func)
diff --git a/source/auth/pampass.c b/source/auth/pampass.c
index e6de54dfe69..53d2a062fdd 100644
--- a/source/auth/pampass.c
+++ b/source/auth/pampass.c
@@ -5,6 +5,7 @@
    Copyright (C) Andrew Tridgell 1992-2001
    Copyright (C) John H Terpsta 1999-2001
    Copyright (C) Andrew Bartlett 2001
+   Copyright (C) Jeremy Allison 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -43,65 +44,106 @@ extern int DEBUGLEVEL;
 #include <security/pam_appl.h>
 
 /*
- * Static variables used to communicate between the conversation function
- * and the server_login function
+ * Structure used to communicate between the conversation function
+ * and the server_login/change password functions.
  */
 
-static char *PAM_username;
-static char *PAM_password;
+struct smb_pam_userdata {
+	char *PAM_username;
+	char *PAM_password;
+	char *PAM_newpassword;
+};
+
+typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr);
 
 /*
  *  Macros to help make life easy
  */
 #define COPY_STRING(s) (s) ? strdup(s) : NULL
 
-/*
- * PAM error handler.
- */
-static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
+/*******************************************************************
+ PAM error handler.
+ *********************************************************************/
+
+static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
 {
 
-       	if( pam_error != PAM_SUCCESS)
-	{
-		DEBUG(dbglvl, ("PAM: %s : %s\n", msg, pam_strerror(pamh, pam_error)));
+	if( pam_error != PAM_SUCCESS) {
+		DEBUG(dbglvl, ("smb_pam_error_handler: PAM: %s : %s\n",
+				msg, pam_strerror(pamh, pam_error)));
+		
 		return False;
 	}
 	return True;
 }
 
+/*******************************************************************
+ This function is a sanity check, to make sure that we NEVER report
+ failure as sucess.
+*********************************************************************/
+
+static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
+							char *msg, int dbglvl, uint32 *nt_status)
+{
+	if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl))
+		return True;
+
+	if (*nt_status == NT_STATUS_NOPROBLEMO) {
+		/* Complain LOUDLY */
+		DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \
+error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE"));
+		*nt_status = NT_STATUS_LOGON_FAILURE;
+	}
+	return False;
+}
+
 /*
  * PAM conversation function
  * Here we assume (for now, at least) that echo on means login name, and
  * echo off means password.
  */
 
-static int PAM_conv(int num_msg,
+static int smb_pam_conv(int num_msg,
 		    const struct pam_message **msg,
 		    struct pam_response **resp,
 		    void *appdata_ptr)
 {
 	int replies = 0;
 	struct pam_response *reply = NULL;
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
+
+	*resp = NULL;
+
+	if (num_msg <= 0)
+		return PAM_CONV_ERR;
+
+	/*
+	 * Apparantly HPUX has a buggy PAM that doesn't support the
+	 * appdata_ptr. Fail if this is the case. JRA.
+	 */
+
+	if (udp == NULL) {
+		DEBUG(0,("smb_pam_conv: PAM on this system is broken - appdata_ptr == NULL !\n"));
+		return PAM_CONV_ERR;
+	}
 
 	reply = malloc(sizeof(struct pam_response) * num_msg);
 	if (!reply)
 		return PAM_CONV_ERR;
 
-	for (replies = 0; replies < num_msg; replies++)
-	{
-		switch (msg[replies]->msg_style)
-		{
+	memset(reply, '\0', sizeof(struct pam_response) * num_msg);
+
+	for (replies = 0; replies < num_msg; replies++) {
+		switch (msg[replies]->msg_style) {
 			case PAM_PROMPT_ECHO_ON:
 				reply[replies].resp_retcode = PAM_SUCCESS;
-			reply[replies].resp =
-					COPY_STRING(PAM_username);
+				reply[replies].resp = COPY_STRING(udp->PAM_username);
 				/* PAM frees resp */
 				break;
 
 			case PAM_PROMPT_ECHO_OFF:
 				reply[replies].resp_retcode = PAM_SUCCESS;
-				reply[replies].resp =
-					COPY_STRING(PAM_password);
+				reply[replies].resp = COPY_STRING(udp->PAM_password);
 				/* PAM frees resp */
 				break;
 
@@ -125,291 +167,712 @@ static int PAM_conv(int num_msg,
 	return PAM_SUCCESS;
 }
 
-static struct pam_conv PAM_conversation = {
-	&PAM_conv,
-	NULL
+/*
+ * PAM password change conversation function
+ * Here we assume (for now, at least) that echo on means login name, and
+ * echo off means password.
+ */
+
+static void special_char_sub(char *buf)
+{
+	all_string_sub(buf, "\\n", "", 0);
+	all_string_sub(buf, "\\r", "", 0);
+	all_string_sub(buf, "\\s", " ", 0);
+	all_string_sub(buf, "\\t", "\t", 0);
+}
+
+static void pwd_sub(char *buf, char *username, char *oldpass, char *newpass)
+{
+	pstring_sub(buf, "%u", username);
+	all_string_sub(buf, "%o", oldpass, sizeof(fstring));
+	all_string_sub(buf, "%n", newpass, sizeof(fstring));
+}
+
+
+struct chat_struct {
+	struct chat_struct *next, *prev;
+	fstring prompt;
+	fstring reply;
 };
 
+/**************************************************************
+ Create a linked list containing chat data.
+***************************************************************/
+
+static struct chat_struct *make_pw_chat(char *p) 
+{
+	fstring prompt;
+	fstring reply;
+	struct chat_struct *list = NULL;
+	struct chat_struct *t;
+	struct chat_struct *tmp;
+
+	while (1) {
+		t = (struct chat_struct *)malloc(sizeof(*t));
+		if (!t) {
+			DEBUG(0,("make_pw_chat: malloc failed!\n"));
+			return NULL;
+		}
+
+		ZERO_STRUCTP(t);
+
+		DLIST_ADD_END(list, t, tmp);
+
+		if (!next_token(&p, prompt, NULL, sizeof(fstring)))
+			break;
+
+		if (strequal(prompt,"."))
+			fstrcpy(prompt,"*");
+
+		special_char_sub(prompt);
+		fstrcpy(t->prompt, prompt);
+		
+		if (!next_token(&p, reply, NULL, sizeof(fstring)))
+			break;
+
+		if (strequal(reply,"."))
+				fstrcpy(reply,"");
+
+		special_char_sub(reply);
+		fstrcpy(t->reply, reply);
+
+	}
+	return list;
+}
+
+static void free_pw_chat(struct chat_struct *list)
+{
+    while (list) {
+        struct chat_struct *old_head = list;
+        DLIST_REMOVE(list, list);
+        free(old_head);
+    }
+}
+
+static int smb_pam_passchange_conv(int num_msg,
+				const struct pam_message **msg,
+				struct pam_response **resp,
+				void *appdata_ptr)
+{
+	int replies = 0;
+	struct pam_response *reply = NULL;
+	fstring current_prompt;
+	fstring current_reply;
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
+	struct chat_struct *pw_chat= make_pw_chat(lp_passwd_chat());
+	struct chat_struct *t;
+	BOOL found; 
+	*resp = NULL;
+	
+	DEBUG(10,("smb_pam_passchange_conv: starting converstation for %d messages\n", num_msg));
+
+	if (num_msg <= 0)
+		return PAM_CONV_ERR;
+
+	if (pw_chat == NULL)
+		return PAM_CONV_ERR;
+
+	/*
+	 * Apparantly HPUX has a buggy PAM that doesn't support the
+	 * appdata_ptr. Fail if this is the case. JRA.
+	 */
+
+	if (udp == NULL) {
+		DEBUG(0,("smb_pam_passchange_conv: PAM on this system is broken - appdata_ptr == NULL !\n"));
+		free_pw_chat(pw_chat);
+		return PAM_CONV_ERR;
+	}
+
+	reply = malloc(sizeof(struct pam_response) * num_msg);
+	if (!reply) {
+		DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));
+		free_pw_chat(pw_chat);
+		return PAM_CONV_ERR;
+	}
+
+	for (replies = 0; replies < num_msg; replies++) {
+		found = False;
+		DEBUG(10,("smb_pam_passchange_conv: Processing message %d\n", replies));
+		switch (msg[replies]->msg_style) {
+		case PAM_PROMPT_ECHO_ON:
+			DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg));
+			fstrcpy(current_prompt, msg[replies]->msg);
+			strlower(current_prompt);
+			for (t=pw_chat; t; t=t->next) {
+				if (ms_fnmatch(t->prompt, current_prompt) == 0) {
+					fstrcpy(current_reply, t->reply);
+					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
+					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We sent: %s\n", current_reply));
+					reply[replies].resp_retcode = PAM_SUCCESS;
+					reply[replies].resp = COPY_STRING(current_reply);
+					found = True;
+					break;
+				}
+			}
+			/* PAM frees resp */
+			if (!found) {
+				DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
+				free_pw_chat(pw_chat);
+				free(reply);
+				reply = NULL;
+				return PAM_CONV_ERR;
+			}
+			break;
+
+		case PAM_PROMPT_ECHO_OFF:
+			DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg));
+			fstrcpy(current_prompt, msg[replies]->msg);
+			strlower(current_prompt);
+			for (t=pw_chat; t; t=t->next) {
+				if (ms_fnmatch(t->prompt, current_prompt) == 0) {
+					fstrcpy(current_reply, t->reply);
+					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
+					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
+					reply[replies].resp_retcode = PAM_SUCCESS;
+					reply[replies].resp = COPY_STRING(current_reply);
+#ifdef DEBUG_PASSWORD
+					DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
+#endif
+					found = True;
+					break;
+				}
+			}
+			/* PAM frees resp */
+			
+			if (!found) {
+				DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
+				free_pw_chat(pw_chat);
+				free(reply);
+				reply = NULL;
+				return PAM_CONV_ERR;
+			}
+			break;
+
+		case PAM_TEXT_INFO:
+			/* fall through */
+
+		case PAM_ERROR_MSG:
+			/* ignore it... */
+			reply[replies].resp_retcode = PAM_SUCCESS;
+			reply[replies].resp = NULL;
+			break;
+			
+		default:
+			/* Must be an error of some sort... */
+			free_pw_chat(pw_chat);
+			free(reply);
+			reply = NULL;
+			return PAM_CONV_ERR;
+		}
+	}
+		
+	free_pw_chat(pw_chat);
+	if (reply)
+		*resp = reply;
+	return PAM_SUCCESS;
+}
+
+/***************************************************************************
+ Free up a malloced pam_conv struct.
+****************************************************************************/
+
+static void smb_free_pam_conv(struct pam_conv *pconv)
+{
+	if (pconv)
+		safe_free(pconv->appdata_ptr);
+
+	safe_free(pconv);
+}
+
+/***************************************************************************
+ Allocate a pam_conv struct.
+****************************************************************************/
+
+static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, char *user,
+					char *passwd, char *newpass)
+{
+	struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv));
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata));
+
+	if (pconv == NULL || udp == NULL) {
+		safe_free(pconv);
+		safe_free(udp);
+		return NULL;
+	}
+
+	udp->PAM_username = user;
+	udp->PAM_password = passwd;
+	udp->PAM_newpassword = newpass;
+
+	pconv->conv = smb_pam_conv_fnptr;
+	pconv->appdata_ptr = (void *)udp;
+	return pconv;
+}
+
 /* 
  * PAM Closing out cleanup handler
  */
-static BOOL proc_pam_end(pam_handle_t *pamh)
+
+static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
 {
-       int pam_error;
+	int pam_error;
+
+	smb_free_pam_conv(smb_pam_conv_ptr);
        
-       if( pamh != NULL )
-       {
+	if( pamh != NULL ) {
 		pam_error = pam_end(pamh, 0);
-		if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
-			DEBUG(4, ("PAM: PAM_END OK.\n"));
-    			return True;
+		if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
+			DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n"));
+			return True;
 		}
-       }
-       DEBUG(2,("PAM: not initialised"));
-       return False;
+	}
+	DEBUG(2,("smb_pam_end: PAM: not initialised"));
+	return False;
 }
 
 /*
  * Start PAM authentication for specified account
  */
-static BOOL proc_pam_start(pam_handle_t **pamh, char *user)
+
+static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct pam_conv *pconv)
 {
-       int pam_error;
-       char * rhost;
+	int pam_error;
 
-       DEBUG(4,("PAM: Init user: %s\n", user));
+	*pamh = (pam_handle_t *)NULL;
 
-       pam_error = pam_start("samba", user, &PAM_conversation, pamh);
-       if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
-	       proc_pam_end(*pamh);
-               return False;
-       }
+	DEBUG(4,("smb_pam_start: PAM: Init user: %s\n", user));
 
-       rhost = client_name();
-       if (strcmp(rhost,"UNKNOWN") == 0)
-               rhost = client_addr();
+	pam_error = pam_start("samba", user, pconv, pamh);
+	if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
+
+	if (rhost == NULL) {
+		rhost = client_name();
+		if (strequal(rhost,"UNKNOWN"))
+			rhost = client_addr();
+	}
 
 #ifdef PAM_RHOST
-       DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
-       pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
-       if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
-	       proc_pam_end(*pamh);
-               return False;
-       }
+	DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", rhost));
+	pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
+	if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
+		smb_pam_end(*pamh, pconv);
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
 #endif
 #ifdef PAM_TTY
-       DEBUG(4,("PAM: setting tty\n"));
-       pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
-       if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
-	       proc_pam_end(*pamh);
-               return False;
-       }
+	DEBUG(4,("smb_pam_start: PAM: setting tty\n"));
+	pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
+	if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
+		smb_pam_end(*pamh, pconv);
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
 #endif
-       DEBUG(4,("PAM: Init passed for user: %s\n", user));
-       return True;
+	DEBUG(4,("smb_pam_start: PAM: Init passed for user: %s\n", user));
+	return True;
 }
 
 /*
  * PAM Authentication Handler
  */
-static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
+static uint32 smb_pam_auth(pam_handle_t *pamh, char *user)
 {
 	int pam_error;
+	uint32 nt_status = NT_STATUS_LOGON_FAILURE;
 
 	/*
 	 * To enable debugging set in /etc/pam.d/samba:
 	 *	auth required /lib/security/pam_pwdb.so nullok shadow audit
 	 */
 	
-        DEBUG(4,("PAM: Authenticate User: %s\n", user));
-	pam_error = pam_authenticate(pamh, PAM_SILENT); /* Can we authenticate user? */
+	DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
+	pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
 	switch( pam_error ){
 		case PAM_AUTH_ERR:
-			DEBUG(2, ("PAM: Athentication Error\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user));
+			nt_status = NT_STATUS_WRONG_PASSWORD;
 			break;
 		case PAM_CRED_INSUFFICIENT:
-			DEBUG(2, ("PAM: Insufficient Credentials\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user));
+			nt_status = NT_STATUS_INSUFFICIENT_LOGON_INFO;
 			break;
 		case PAM_AUTHINFO_UNAVAIL:
-			DEBUG(2, ("PAM: Authentication Information Unavailable\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Authentication Information Unavailable for user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
 			break;
 		case PAM_USER_UNKNOWN:
-			DEBUG(2, ("PAM: Username NOT known to Authentication system\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Username %s NOT known to Authentication system\n", user));
+			nt_status = NT_STATUS_NO_SUCH_USER;
 			break;
 		case PAM_MAXTRIES:
-			DEBUG(2, ("PAM: One or more authentication modules reports user limit exceeeded\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: One or more authentication modules reports user limit for user %s exceeeded\n", user));
+			nt_status = NT_STATUS_REMOTE_SESSION_LIMIT;
 			break;
 		case PAM_ABORT:
-			DEBUG(0, ("PAM: One or more PAM modules failed to load\n"));
+			DEBUG(0, ("smb_pam_auth: PAM: One or more PAM modules failed to load for user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_auth: PAM: User %s Authenticated OK\n", user));
+			nt_status = NT_STATUS_NOPROBLEMO;
 			break;
-	        case PAM_SUCCESS:
-			DEBUG(4, ("PAM: User %s Authenticated OK\n", user));
-		        break;
 		default:
-			DEBUG(0, ("PAM: UNKNOWN ERROR while authenticating user %s\n", user));
-	}
-	if(!pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) {
-		proc_pam_end(pamh);
-		return False;
+			DEBUG(0, ("smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
+			break;
 	}
-	/* If this point is reached, the user has been authenticated. */
-	return (True);
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Authentication Failure", 2, &nt_status);
+	return nt_status;
 }
 
 /* 
  * PAM Account Handler
  */
-static BOOL pam_account(pam_handle_t *pamh, char * user, char * password)
+static uint32 smb_pam_account(pam_handle_t *pamh, char * user)
 {
 	int pam_error;
+	uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
 
-        DEBUG(4,("PAM: Account Management for User: %s\n", user));
+	DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user));
 	pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
 	switch( pam_error ) {
 		case PAM_AUTHTOK_EXPIRED:
-			DEBUG(2, ("PAM: User is valid but password is expired\n"));
+			DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user));
+			nt_status = NT_STATUS_PASSWORD_EXPIRED;
 			break;
 		case PAM_ACCT_EXPIRED:
-			DEBUG(2, ("PAM: User no longer permitted to access system\n"));
+			DEBUG(2, ("smb_pam_account: PAM: User %s no longer permitted to access system\n", user));
+			nt_status = NT_STATUS_ACCOUNT_EXPIRED;
 			break;
 		case PAM_AUTH_ERR:
-			DEBUG(2, ("PAM: There was an authentication error\n"));
+			DEBUG(2, ("smb_pam_account: PAM: There was an authentication error for user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
 			break;
 		case PAM_PERM_DENIED:
-			DEBUG(0, ("PAM: User is NOT permitted to access system at this time\n"));
+			DEBUG(0, ("smb_pam_account: PAM: User %s is NOT permitted to access system at this time\n", user));
+			nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
 			break;
 		case PAM_USER_UNKNOWN:
-			DEBUG(0, ("PAM: User \"%s\" is NOT known to account management\n", user));
+			DEBUG(0, ("smb_pam_account: PAM: User \"%s\" is NOT known to account management\n", user));
+			nt_status = NT_STATUS_NO_SUCH_USER;
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_account: PAM: Account OK for User: %s\n", user));
+			nt_status = NT_STATUS_NOPROBLEMO;
 			break;
-	        case PAM_SUCCESS:
-			DEBUG(4, ("PAM: Account OK for User: %s\n", user));
-		        break;
 		default:
-			DEBUG(0, ("PAM: UNKNOWN ERROR for User: %s\n", user));
-	}
-	if(!pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) {
-		proc_pam_end(pamh);
-		return False;
+			nt_status = NT_STATUS_ACCOUNT_DISABLED;
+			DEBUG(0, ("smb_pam_account: PAM: UNKNOWN PAM ERROR (%d) during Account Management for User: %s\n", pam_error, user));
+			break;
 	}
 
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Account Check Failed", 2, &nt_status);
+	return nt_status;
+}
+
+/*
+ * PAM Credential Setting
+ */
+
+static uint32 smb_pam_setcred(pam_handle_t *pamh, char * user)
+{
+	int pam_error;
+	uint32 nt_status = NT_STATUS_NO_TOKEN;
+
 	/*
 	 * This will allow samba to aquire a kerberos token. And, when
 	 * exporting an AFS cell, be able to /write/ to this cell.
 	 */
 
-        DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
+	DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
 	pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT)); 
-	if(!pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) {
-		proc_pam_end(pamh);
+	switch( pam_error ) {
+		case PAM_CRED_UNAVAIL:
+			DEBUG(0, ("smb_pam_setcred: PAM: Credentials not found for user:%s\n", user ));
+			 nt_status = NT_STATUS_NO_TOKEN;
+			break;
+		case PAM_CRED_EXPIRED:
+			DEBUG(0, ("smb_pam_setcred: PAM: Credentials for user: \"%s\" EXPIRED!\n", user ));
+			nt_status = NT_STATUS_PASSWORD_EXPIRED;
+			break;
+		case PAM_USER_UNKNOWN:
+			DEBUG(0, ("smb_pam_setcred: PAM: User: \"%s\" is NOT known so can not set credentials!\n", user ));
+			nt_status = NT_STATUS_NO_SUCH_USER;
+			break;
+		case PAM_CRED_ERR:
+			DEBUG(0, ("smb_pam_setcred: PAM: Unknown setcredentials error - unable to set credentials for %s\n", user ));
+			nt_status = NT_STATUS_LOGON_FAILURE;
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_setcred: PAM: SetCredentials OK for User: %s\n", user));
+			nt_status = NT_STATUS_NOPROBLEMO;
+			break;
+		default:
+			DEBUG(0, ("smb_pam_setcred: PAM: UNKNOWN PAM ERROR (%d) during SetCredentials for User: %s\n", pam_error, user));
+			nt_status = NT_STATUS_NO_TOKEN;
+			break;
+	}
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Set Credential Failure", 2, &nt_status);
+	return nt_status;
+}
+
+/*
+ * PAM Internal Session Handler
+ */
+static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
+{
+	int pam_error;
+
+#ifdef PAM_TTY
+	DEBUG(4,("smb_internal_pam_session: PAM: tty set to: %s\n", tty));
+	pam_error = pam_set_item(pamh, PAM_TTY, tty);
+	if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0))
 		return False;
+#endif
+
+	if (flag) {
+		pam_error = pam_open_session(pamh, PAM_SILENT);
+		if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0))
+			return False;
+	} else {
+		pam_setcred(pamh, (PAM_DELETE_CRED|PAM_SILENT)); /* We don't care if this fails */
+		pam_error = pam_close_session(pamh, PAM_SILENT); /* This will probably pick up the error anyway */
+		if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0))
+			return False;
 	}
-	
-	/* If this point is reached, the user has been authenticated. */
 	return (True);
 }
 
-
 /*
- * PAM Internal Session Handler
+ * Internal PAM Password Changer.
  */
-static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
+
+static BOOL smb_pam_chauthtok(pam_handle_t *pamh, char * user)
 {
-       int pam_error;
+	int pam_error;
 
-       PAM_password = NULL;
-       PAM_username = user;
+	DEBUG(4,("smb_pam_chauthtok: PAM: Password Change for User: %s\n", user));
 
-#ifdef PAM_TTY
-       DEBUG(4,("PAM: tty set to: %s\n", tty));
-       pam_error = pam_set_item(pamh, PAM_TTY, tty);
-       if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
-	       proc_pam_end(pamh);
-               return False;
-       }
+	pam_error = pam_chauthtok(pamh, PAM_SILENT); /* Change Password */
+
+	switch( pam_error ) {
+	case PAM_AUTHTOK_ERR:
+		DEBUG(2, ("PAM: unable to obtain the new authentication token - is password to weak?\n"));
+		break;
+
+	/* This doesn't seem to be defined on Solaris. JRA */
+#ifdef PAM_AUTHTOK_RECOVER_ERR
+	case PAM_AUTHTOK_RECOVER_ERR:
+		DEBUG(2, ("PAM: unable to obtain the old authentication token - was the old password wrong?.\n"));
+		break;
 #endif
 
-       if (flag) {
-         pam_error = pam_open_session(pamh, PAM_SILENT);
-         if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
-	       proc_pam_end(pamh);
-               return False;
-         }
-       }
-       else
-       {
-         pam_error = pam_close_session(pamh, PAM_SILENT);
-         if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
-	       proc_pam_end(pamh);
-               return False;
-         }
-       }
-      return (True);
+	case PAM_AUTHTOK_LOCK_BUSY:
+		DEBUG(2, ("PAM: unable to change the authentication token since it is currently locked.\n"));
+		break;
+	case PAM_AUTHTOK_DISABLE_AGING:
+		DEBUG(2, ("PAM: Authentication token aging has been disabled.\n"));
+		break;
+	case PAM_PERM_DENIED:
+		DEBUG(0, ("PAM: Permission denied.\n"));
+		break;
+	case PAM_TRY_AGAIN:
+		DEBUG(0, ("PAM: Could not update all authentication token(s). No authentication tokens were updated.\n"));
+		break;
+	case PAM_USER_UNKNOWN:
+		DEBUG(0, ("PAM: User not known to PAM\n"));
+		break;
+	case PAM_SUCCESS:
+		DEBUG(4, ("PAM: Account OK for User: %s\n", user));
+		break;
+	default:
+		DEBUG(0, ("PAM: UNKNOWN PAM ERROR (%d) for User: %s\n", pam_error, user));
+	}
+ 
+	if(!smb_pam_error_handler(pamh, pam_error, "Password Change Failed", 2)) {
+		return False;
+	}
+
+	/* If this point is reached, the password has changed. */
+	return True;
 }
 
 /*
  * PAM Externally accessible Session handler
  */
-BOOL pam_session(BOOL flag, const connection_struct *conn, char *tty)
+
+BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
 {
 	pam_handle_t *pamh = NULL;
-	char * user;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return True;
 
-	user = malloc(strlen(conn->user)+1);
-	if ( user == NULL )
-	{
-		DEBUG(0, ("PAM: PAM_session Malloc Failed!\n"));
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
 		return False;
-	}
 
-	/* This is freed by PAM */
-	StrnCpy(user, conn->user, strlen(conn->user)+1);
+	if (!smb_pam_start(&pamh, user, rhost, pconv))
+		return False;
 
-	if (!proc_pam_start(&pamh, user))
-	{
-	  proc_pam_end(pamh);
-	  return False;
+	if (!smb_internal_pam_session(pamh, user, tty, True)) {
+		smb_pam_end(pamh, pconv);
+		return False;
 	}
 
-	if (proc_pam_session(pamh, user, tty, flag))
-	{
-	  return proc_pam_end(pamh);
-	}
-	else
-	{
-	  proc_pam_end(pamh);
-	  return False;
+	return smb_pam_end(pamh, pconv);
+}
+
+/*
+ * PAM Externally accessible Session handler
+ */
+
+BOOL smb_pam_close_session(char *user, char *tty, char *rhost)
+{
+	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return True;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return False;
+
+	if (!smb_pam_start(&pamh, user, rhost, pconv))
+		return False;
+
+	if (!smb_internal_pam_session(pamh, user, tty, False)) {
+		smb_pam_end(pamh, pconv);
+		return False;
 	}
+
+	return smb_pam_end(pamh, pconv);
 }
 
 /*
  * PAM Externally accessible Account handler
  */
-BOOL pam_accountcheck(char * user)
+
+uint32 smb_pam_accountcheck(char * user)
 {
+	uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
 	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
 
-	PAM_username = user;
-	PAM_password = NULL;
+	/* Ignore PAM if told to. */
 
-	if( proc_pam_start(&pamh, user))
-	{
-			if ( pam_account(pamh, user, NULL))
-			{
-				return( proc_pam_end(pamh));
-			}
-	}
-	DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n"));
-	return( False );
+	if (!lp_obey_pam_restrictions())
+		return NT_STATUS_NOPROBLEMO;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return False;
+
+	if (!smb_pam_start(&pamh, user, NULL, pconv))
+		return NT_STATUS_ACCOUNT_DISABLED;
+
+	if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_NOPROBLEMO)
+		DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user));
+
+	smb_pam_end(pamh, pconv);
+	return nt_status;
 }
 
 /*
  * PAM Password Validation Suite
  */
-BOOL pam_passcheck(char * user, char * password)
+
+uint32 smb_pam_passcheck(char * user, char * password)
 {
 	pam_handle_t *pamh = NULL;
+	uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+	struct pam_conv *pconv = NULL;
 
-	PAM_username = user;
-	PAM_password = password;
+	/*
+	 * Note we can't ignore PAM here as this is the only
+	 * way of doing auths on plaintext passwords when
+	 * compiled --with-pam.
+	 */
 
-	if( proc_pam_start(&pamh, user))
-	{
-		if ( pam_auth(pamh, user, password))
-		{
-			if ( pam_account(pamh, user, password))
-			{
-				return( proc_pam_end(pamh));
-			}
-		}
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, password, NULL)) == NULL)
+		return NT_STATUS_LOGON_FAILURE;
+
+	if (!smb_pam_start(&pamh, user, NULL, pconv))
+		return NT_STATUS_LOGON_FAILURE;
+
+	if ((nt_status = smb_pam_auth(pamh, user)) != NT_STATUS_NOPROBLEMO) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_NOPROBLEMO) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	if ((nt_status = smb_pam_setcred(pamh, user)) != NT_STATUS_NOPROBLEMO) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	smb_pam_end(pamh, pconv);
+	return nt_status;
+}
+
+/*
+ * PAM Password Change Suite
+ */
+
+BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword)
+{
+	/* Appropriate quantities of root should be obtained BEFORE calling this function */
+	struct pam_conv *pconv = NULL;
+	pam_handle_t *pamh = NULL;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
+		return False;
+
+	if(!smb_pam_start(&pamh, user, NULL, pconv))
+		return False;
+
+	if (!smb_pam_chauthtok(pamh, user)) {
+		DEBUG(0, ("smb_pam_passchange: PAM: Password Change Failed for user %s!\n", user));
+		smb_pam_end(pamh, pconv);
+		return False;
 	}
-	DEBUG(0, ("PAM: System Validation Failed - Rejecting User!\n"));
-	return( False );
+
+	return smb_pam_end(pamh, pconv);
 }
 
 #else
 
- /* Do *NOT* make this function static. Doing so breaks the compile on gcc */
+/* If PAM not used, no PAM restrictions on accounts. */
+ uint32 smb_pam_accountcheck(char * user)
+{
+	return NT_STATUS_NOPROBLEMO;
+}
 
- void pampass_dummy_function( void ) { } /*This stops compiler complaints */
+/* If PAM not used, also no PAM restrictions on sessions. */
+ BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+{
+	return True;
+}
 
+/* If PAM not used, also no PAM restrictions on sessions. */
+ BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost)
+{
+	return True;
+}
 #endif /* WITH_PAM */
diff --git a/source/auth/pass_check.c b/source/auth/pass_check.c
index 236465bc903..9424189b236 100644
--- a/source/auth/pass_check.c
+++ b/source/auth/pass_check.c
@@ -599,7 +599,7 @@ static BOOL password_check(char *password)
 {
 
 #ifdef WITH_PAM
-	return (pam_passcheck(this_user, password));
+	return (smb_pam_passcheck(this_user, password) == NT_STATUS_NOPROBLEMO);
 #endif /* WITH_PAM */
 
 #ifdef WITH_AFS
@@ -681,12 +681,13 @@ the function pointer fn() points to a function to call when a successful
 match is found and is used to update the encrypted password file 
 return True on correct match, False otherwise
 ****************************************************************************/
+
 BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
 		BOOL (*fn) (char *, char *))
 {
 	pstring pass2;
 	int level = lp_passwordlevel();
-	struct passwd *pass;
+	struct passwd *pass = NULL;
 
 	if (password)
 		password[pwlen] = 0;
@@ -708,8 +709,20 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
 		pass = Get_Pwnam(user, True);
 	}
 
+#ifdef WITH_PAM
+
+	/*
+	 * If we're using PAM we want to short-circuit all the 
+	 * checks below and dive straight into the PAM code.
+	 */
+
+	fstrcpy(this_user, user);
+
+	DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
+
+#else /* Not using PAM */
 
-	DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen));
+	DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
 
 	if (!pass) {
 		DEBUG(3, ("Couldn't find user %s\n", user));
@@ -802,6 +815,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
 		}
 	}
 
+#endif /* WITH_PAM */
+
 	/* try it as it came to us */
 	if (password_check(password)) {
 		if (fn)
diff --git a/source/client/client.c b/source/client/client.c
index be2e6238c3b..4969156f083 100644
--- a/source/client/client.c
+++ b/source/client/client.c
@@ -473,7 +473,7 @@ static int do_list_queue_empty(void)
 /****************************************************************************
 a helper for do_list
   ****************************************************************************/
-static void do_list_helper(file_info *f, const char *mask)
+static void do_list_helper(file_info *f, const char *mask, void *state)
 {
 	if (f->mode & aDIR) {
 		if (do_list_dirs && do_this_one(f)) {
@@ -537,7 +537,7 @@ void do_list(const char *mask,uint16 attribute,void (*fn)(file_info *),BOOL rec,
 			 */
 			pstring head;
 			pstrcpy(head, do_list_queue_head());
-			cli_list(cli, head, attribute, do_list_helper);
+			cli_list(cli, head, attribute, do_list_helper, NULL);
 			remove_do_list_queue_head();
 			if ((! do_list_queue_empty()) && (fn == display_finfo))
 			{
@@ -561,7 +561,7 @@ void do_list(const char *mask,uint16 attribute,void (*fn)(file_info *),BOOL rec,
 	}
 	else
 	{
-		if (cli_list(cli, mask, attribute, do_list_helper) == -1)
+		if (cli_list(cli, mask, attribute, do_list_helper, NULL) == -1)
 		{
 			DEBUG(0, ("%s listing %s\n", cli_errstr(cli), mask));
 		}
@@ -1117,27 +1117,50 @@ static void cmd_put(void)
 	do_put(rname,lname);
 }
 
+/*************************************
+  File list structure
+*************************************/
+
+static struct file_list {
+	struct file_list *prev, *next;
+	char *file_path;
+	BOOL isdir;
+} *file_list;
+
+/****************************************************************************
+  Free a file_list structure
+****************************************************************************/
+
+static void free_file_list (struct file_list * list)
+{
+	struct file_list *tmp;
+	
+	while (list)
+	{
+		tmp = list;
+		DLIST_REMOVE(list, list);
+		if (tmp->file_path) free(tmp->file_path);
+		free(tmp);
+	}
+}
 
 /****************************************************************************
   seek in a directory/file list until you get something that doesn't start with
   the specified name
   ****************************************************************************/
-static BOOL seek_list(FILE *f,char *name)
+static BOOL seek_list(struct file_list *list, char *name)
 {
-	pstring s;
-	while (!feof(f)) {
-		if (!fgets(s,sizeof(s),f)) return(False);
-		trim_string(s,"./","\n");
-		if (strncmp(s,name,strlen(name)) != 0) {
-			pstrcpy(name,s);
+	while (list) {
+		trim_string(list->file_path,"./","\n");
+		if (strncmp(list->file_path, name, strlen(name)) != 0) {
 			return(True);
 		}
+		list = list->next;
 	}
       
 	return(False);
 }
 
-
 /****************************************************************************
   set the file selection mask
   ****************************************************************************/
@@ -1147,90 +1170,146 @@ static void cmd_select(void)
 	next_token(NULL,fileselection,NULL,sizeof(fileselection));
 }
 
+/****************************************************************************
+  Recursive file matching function act as find
+  match must be always set to True when calling this function
+****************************************************************************/
+static int file_find(struct file_list **list, const char *directory, 
+		      const char *expression, BOOL match)
+{
+	DIR *dir;
+	struct file_list *entry;
+        struct stat statbuf;
+        int ret;
+        char *path;
+	BOOL isdir;
+	char *dname;
+
+        dir = opendir(directory);
+	if (!dir) return -1;
+	
+        while ((dname = readdirname(dir))) {
+		if (!strcmp("..", dname)) continue;
+		if (!strcmp(".", dname)) continue;
+		
+		if (asprintf(&path, "%s/%s", directory, dname) <= 0) {
+			continue;
+		}
+
+		isdir = False;
+		if (!match || !ms_fnmatch(expression, dname)) {
+			if (recurse) {
+				ret = stat(path, &statbuf);
+				if (ret == 0) {
+					if (S_ISDIR(statbuf.st_mode)) {
+						isdir = True;
+						ret = file_find(list, path, expression, False);
+					}
+				} else {
+					DEBUG(0,("file_find: cannot stat file %s\n", path));
+				}
+				
+				if (ret == -1) {
+					free(path);
+					closedir(dir);
+					return -1;
+				}
+			}
+			entry = (struct file_list *) malloc(sizeof (struct file_list));
+			if (!entry) {
+				DEBUG(0,("Out of memory in file_find\n"));
+				closedir(dir);
+				return -1;
+			}
+			entry->file_path = path;
+			entry->isdir = isdir;
+                        DLIST_ADD(*list, entry);
+		} else {
+			free(path);
+		}
+        }
+
+	closedir(dir);
+	return 0;
+}
 
 /****************************************************************************
   mput some files
   ****************************************************************************/
 static void cmd_mput(void)
 {
-	pstring lname;
-	pstring rname;
 	fstring buf;
 	char *p=buf;
 	
 	while (next_token(NULL,p,NULL,sizeof(buf))) {
-		SMB_STRUCT_STAT st;
-		pstring cmd;
-		pstring tmpname;
-		FILE *f;
-		int fd;
-
-		slprintf(tmpname,sizeof(tmpname)-1, "%s/ls.smb.XXXXXX",
-				tmpdir());
-		fd = smb_mkstemp(tmpname);
+		int ret;
+		struct file_list *temp_list;
+		char *quest, *lname, *rname;
+	
+		file_list = NULL;
 
-		if (fd == -1) {
-			DEBUG(0,("Failed to create temporary file %s\n", tmpname));
+		ret = file_find(&file_list, ".", p, True);
+		if (ret) {
+			free_file_list(file_list);
 			continue;
 		}
-
-		if (recurse)
-			slprintf(cmd,sizeof(pstring)-1,
-				"find . -name \"%s\" -print > %s",p,tmpname);
-		else
-			slprintf(cmd,sizeof(pstring)-1,
-				"find . -maxdepth 1 -name \"%s\" -print > %s",p,tmpname);
-		system(cmd);
-		close(fd);
-
-		f = sys_fopen(tmpname,"r");
-		if (!f) continue;
 		
-		while (!feof(f)) {
-			pstring quest;
+		quest = NULL;
+		lname = NULL;
+		rname = NULL;
+				
+		for (temp_list = file_list; temp_list; 
+		     temp_list = temp_list->next) {
 
-			if (!fgets(lname,sizeof(lname),f)) break;
-			trim_string(lname,"./","\n");
-			
-		again1:
+			if (lname) free(lname);
+			if (asprintf(&lname, "%s/", temp_list->file_path) <= 0)
+				continue;
+			trim_string(lname, "./", "/");
 			
 			/* check if it's a directory */
-			if (directory_exist(lname,&st)) {
-				if (!recurse) continue;
-				slprintf(quest,sizeof(pstring)-1,
-					 "Put directory %s? ",lname);
-				if (prompt && !yesno(quest)) {
-					pstrcat(lname,"/");
-					if (!seek_list(f,lname))
-						break;
-					goto again1;		    
-				}
-	      
-				pstrcpy(rname,cur_dir);
-				pstrcat(rname,lname);
-				dos_format(rname);
-				if (!cli_chkpath(cli, rname) && !do_mkdir(rname)) {
-					pstrcat(lname,"/");
-					if (!seek_list(f,lname))
-						break;
-					goto again1;
+			if (temp_list->isdir) {
+				/* if (!recurse) continue; */
+				
+				if (quest) free(quest);
+				asprintf(&quest, "Put directory %s? ", lname);
+				if (prompt && !yesno(quest)) { /* No */
+					/* Skip the directory */
+					lname[strlen(lname)-1] = '/';
+					if (!seek_list(temp_list, lname))
+						break;		    
+				} else { /* Yes */
+	      				if (rname) free(rname);
+					asprintf(&rname, "%s%s", cur_dir, lname);
+					dos_format(rname);
+					if (!cli_chkpath(cli, rname) && 
+					    !do_mkdir(rname)) {
+						DEBUG (0, ("Unable to make dir, skipping..."));
+						/* Skip the directory */
+						lname[strlen(lname)-1] = '/';
+						if (!seek_list(temp_list, lname))
+							break;
+					}
 				}
 				continue;
 			} else {
-				slprintf(quest,sizeof(quest)-1,
-					 "Put file %s? ",lname);
-				if (prompt && !yesno(quest)) continue;
+				if (quest) free(quest);
+				asprintf(&quest,"Put file %s? ", lname);
+				if (prompt && !yesno(quest)) /* No */
+					continue;
 				
-				pstrcpy(rname,cur_dir);
-				pstrcat(rname,lname);
+				/* Yes */
+				if (rname) free(rname);
+				asprintf(&rname, "%s%s", cur_dir, lname);
 			}
 
 			dos_format(rname);
 
-			do_put(rname,lname);
+			do_put(rname, lname);
 		}
-		fclose(f);
-		unlink(tmpname);
+		free_file_list(file_list);
+		if (quest) free(quest);
+		if (lname) free(lname);
+		if (rname) free(rname);
 	}
 }
 
@@ -1548,7 +1627,8 @@ static void cmd_lcd(void)
 /****************************************************************************
 list a share name
 ****************************************************************************/
-static void browse_fn(const char *name, uint32 m, const char *comment)
+static void browse_fn(const char *name, uint32 m, 
+                      const char *comment, void *state)
 {
         fstring typestr;
 
@@ -1581,7 +1661,7 @@ static BOOL browse_host(BOOL sort)
         printf("\n\tSharename      Type      Comment\n");
         printf("\t---------      ----      -------\n");
 
-	if((ret = cli_RNetShareEnum(cli, browse_fn)) == -1)
+	if((ret = cli_RNetShareEnum(cli, browse_fn, NULL)) == -1)
 		printf("Error returning browse list: %s\n", cli_errstr(cli));
 
 	return (ret != -1);
@@ -1590,7 +1670,8 @@ static BOOL browse_host(BOOL sort)
 /****************************************************************************
 list a server name
 ****************************************************************************/
-static void server_fn(const char *name, uint32 m, const char *comment)
+static void server_fn(const char *name, uint32 m, 
+                      const char *comment, void *state)
 {
         printf("\t%-16.16s     %s\n", name, comment);
 }
@@ -1605,12 +1686,12 @@ static BOOL list_servers(char *wk_grp)
         printf("\n\tServer               Comment\n");
         printf("\t---------            -------\n");
 
-	cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_ALL, server_fn);
+	cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_ALL, server_fn, NULL);
 
         printf("\n\tWorkgroup            Master\n");
         printf("\t---------            -------\n");
 
-	cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_DOMAIN_ENUM, server_fn);
+	cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_DOMAIN_ENUM, server_fn, NULL);
 	return True;
 }
 
@@ -1846,13 +1927,13 @@ static void process_stdin(void)
 
 	while (1) {
 		fstring tok;
-		fstring prompt;
+		fstring the_prompt;
 		char *line;
 		int i;
 		
 		/* display a prompt */
-		slprintf(prompt, sizeof(prompt)-1, "smb: %s> ", cur_dir);
-		line = smb_readline(prompt, readline_callback, completion_fn);
+		slprintf(the_prompt, sizeof(the_prompt)-1, "smb: %s> ", cur_dir);
+		line = smb_readline(the_prompt, readline_callback, completion_fn);
 
 		if (!line) break;
 
diff --git a/source/client/smbspool.c b/source/client/smbspool.c
index b0077b73bae..1a17b15b896 100644
--- a/source/client/smbspool.c
+++ b/source/client/smbspool.c
@@ -115,7 +115,7 @@ static int		smb_print(struct cli_state *, char *, FILE *);
     copies = atoi(argv[4]);
 
  /*
-  * Fine the URI...
+  * Find the URI...
   */
 
   if (strncmp(argv[0], "smb://", 6) == 0)
@@ -205,11 +205,33 @@ static int		smb_print(struct cli_state *, char *, FILE *);
 
   load_interfaces();
 
-  if ((cli = smb_connect(workgroup, server, printer, username, password)) == NULL)
+  do
   {
-    perror("ERROR: Unable to connect to SAMBA host");
-    return (1);
+    if ((cli = smb_connect(workgroup, server, printer, username, password)) == NULL)
+    {
+      if (getenv("CLASS") == NULL)
+      {
+        perror("ERROR: Unable to connect to SAMBA host, will retry in 60 seconds...");
+        sleep (60);
+      }
+      else
+      {
+        perror("ERROR: Unable to connect to SAMBA host, trying next printer...");
+        return (1);
+      }
+    }
   }
+  while (cli == NULL);
+
+ /*
+  * Now that we are connected to the server, ignore SIGTERM so that we
+  * can finish out any page data the driver sends (e.g. to eject the
+  * current page...  Only ignore SIGTERM if we are printing data from
+  * stdin (otherwise you can't cancel raw jobs...)
+  */
+
+  if (argc < 7)
+    CatchSignal(SIGTERM, SIG_IGN);
 
  /*
   * Queue the job...
@@ -279,7 +301,7 @@ smb_connect(char *workgroup,		/* I - Workgroup */
 
   if ((c = cli_initialise(NULL)) == NULL)
   {
-    fputs("ERROR: cli_initialize() failed...\n", stderr);
+    fputs("ERROR: cli_initialise() failed...\n", stderr);
     return (NULL);
   }
 
@@ -358,7 +380,7 @@ smb_print(struct cli_state *cli,	/* I - SMB connection */
   */
 
   for (ptr = title; *ptr; ptr ++)
-    if (!isalnum(*ptr) && !isspace(*ptr))
+    if (!isalnum((int)*ptr) && !isspace((int)*ptr))
       *ptr = '_';
 
  /*
diff --git a/source/codepages/CPISO8859-15.TXT b/source/codepages/CPISO8859-15.TXT
index ec643bb3b12..dc23eafeb01 100644
--- a/source/codepages/CPISO8859-15.TXT
+++ b/source/codepages/CPISO8859-15.TXT
@@ -1,9 +1,9 @@
 #
 #	Name:             ISO 8859-15 to Unicode
 #	Unicode version:  1.1
-#	Table version:    0.1
+#	Table version:    0.2
 #	Table format:     Format A
-#	Date:             08 January 2001
+#	Date:             01 may 2001
 #	Authors:          Toomas Soome <tsoome@ut.ee>
 #
 #	Copyright (c) 1991-1995 Unicode, Inc.  All Rights reserved.
@@ -25,14 +25,14 @@
 #	General notes:
 #
 #	This table contains the data the Unicode Consortium has on how
-#       ISO 8859-13 characters map into Unicode.
+#       ISO 8859-15 characters map into Unicode.
 #
 #	Format:  Three tab-separated columns
-#		 Column #1 is the ISO 8859-13 code (in hex as 0xXX)
+#		 Column #1 is the ISO 8859-15 code (in hex as 0xXX)
 #		 Column #2 is the Unicode (in hex as 0xXXXX)
 #		 Column #3 the Unicode name (follows a comment sign, '#')
 #
-#	The entries are in ISO 8859-13 order
+#	The entries are in ISO 8859-15 order
 #
 #	Any comments or problems, contact <tsoome@ut.ee>
 #
@@ -132,98 +132,98 @@
 0x7D	0x007D	#	RIGHT CURLY BRACKET
 0x7E	0x007E	#	TILDE
 0xA0	0x00A0	#	NO-BREAK SPACE
-0xA1	0x201D	#	RIGHT DOUBLE QUOTATION MARK
+0xA1	0x00A1	#	INVERTED EXCLAMATION MARK
 0xA2	0x00A2	#	CENT SIGN
 0xA3	0x00A3	#	POUND SIGN
-0xA4	0x00A4	#	CURRENCY SIGN
-0xA5	0x201E	#	DOUBLE LOW-9 QUOTATION MARK
-0xA6	0x00A6	#	BROKEN BAR
+0xA4	0x20AC	#	EURO SIGN
+0xA5	0x00A5	#	YEN SIGN
+0xA6	0x0160	#	LATIN CAPITAL LETTER S WITH CARON
 0xA7	0x00A7	#	SECTION SIGN
-0xA8	0x00D8	#	LATIN CAPITAL LETTER O WITH STROKE
+0xA8	0x0161	#	LATIN SMALL LETTER S WITH CARON
 0xA9	0x00A9	#	COPYRIGHT SIGN
-0xAA	0x0156	#	LATIN CAPITAL LETTER R WITH CEDILLA
+0xAA	0x00AA	#	FEMININE ORDINAL INDICATOR
 0xAB	0x00AB	#	LEFT-POINTING DOUBLE ANGLE QUOTATION MARK
 0xAC	0x00AC	#	NOT SIGN
 0xAD	0x00AD	#	SOFT HYPHEN
 0xAE	0x00AE	#	REGISTERED SIGN
-0xAF	0x00C6	#	LATIN CAPITAL LETTER AE
+0xAF	0x00AF	#	MACRON
 0xB0	0x00B0	#	DEGREE SIGN
 0xB1	0x00B1	#	PLUS-MINUS SIGN
 0xB2	0x00B2	#	SUPERSCRIPT TWO
 0xB3	0x00B3	#	SUPERSCRIPT THREE
-0xB4	0x201C	#	LEFT DOUBLE QUOTATION MARK
+0xB4	0x017D	#	LATIN CAPITAL LETTER Z WITH CARON
 0xB5	0x00B5	#	MICRO SIGN
 0xB6	0x00B6	#	PILCROW SIGN
 0xB7	0x00B7	#	MIDDLE DOT
-0xB8	0x00F8	#	LATIN SMALL LETTER O WITH STROKE
+0xB8	0x017E	#	LATIN SMALL LETTER Z WITH CARON
 0xB9	0x00B9	#	SUPERSCRIPT ONE
-0xBA	0x0157	#	LATIN SMALL LETTER R WITH CEDILLA
+0xBA	0x00BA	#	MASCULINE ORDINAL INDICATOR
 0xBB	0x00BB	#	RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK
-0xBC	0x00BC	#	VULGAR FRACTION ONE QUARTER
-0xBD	0x00BD	#	VULGAR FRACTION ONE HALF
-0xBE	0x00BE	#	VULGAR FRACTION THREE QUARTERS
-0xBF	0x00E6	#	LATIN SMALL LETTER AE
-0xC0	0x0104	#	LATIN CAPITAL LETTER A WITH OGONEK
-0xC1	0x012E	#	LATIN CAPITAL LETTER I WITH OGONEK
-0xC2	0x0100	#	LATIN CAPITAL LETTER A WITH MACRON
-0xC3	0x0106	#	LATIN CAPITAL LETTER C WITH ACUTE
+0xBC	0x0152	#	LATIN CAPITAL LIGATURE OE
+0xBD	0x0153	#	LATIN SMALL LIGATURE OE
+0xBE	0x0178	#	LATIN CAPITAL LETTER Y WITH DIAERESIS
+0xBF	0x00BF	#	INVERTED QUESTION MARK
+0xC0	0x00C0	#	LATIN CAPITAL LETTER A WITH GRAVE
+0xC1	0x00C1	#	LATIN CAPITAL LETTER A WITH ACUTE
+0xC2	0x00C2	#	LATIN CAPITAL LETTER A WITH CIRCUMFLEX
+0xC3	0x00C3	#	LATIN CAPITAL LETTER A WITH TILDE
 0xC4	0x00C4	#	LATIN CAPITAL LETTER A WITH DIAERESIS
 0xC5	0x00C5	#	LATIN CAPITAL LETTER A WITH RING ABOVE
-0xC6	0x0118	#	LATIN CAPITAL LETTER E WITH OGONEK
-0xC7	0x0112	#	LATIN CAPITAL LETTER E WITH MACRON
-0xC8	0x010C	#	LATIN CAPITAL LETTER C WITH CARON
+0xC6	0x00C6	#	LATIN CAPITAL LETTER AE
+0xC7	0x00C7	#	LATIN CAPITAL LETTER C WITH CEDILLA
+0xC8	0x00C8	#	LATIN CAPITAL LETTER E WITH GRAVE
 0xC9	0x00C9	#	LATIN CAPITAL LETTER E WITH ACUTE
-0xCA	0x0179	#	LATIN CAPITAL LETTER Z WITH ACUTE
-0xCB	0x0116	#	LATIN CAPITAL LETTER E WITH DOT ABOVE
-0xCC	0x0122	#	LATIN CAPITAL LETTER G WITH CEDILLA
-0xCD	0x0136	#	LATIN CAPITAL LETTER K WITH CEDILLA
-0xCE	0x012A	#	LATIN CAPITAL LETTER I WITH MACRON
-0xCF	0x013B	#	LATIN CAPITAL LETTER L WITH CEDILLA
-0xD0	0x0160	#	LATIN CAPITAL LETTER S WITH CARON
-0xD1	0x0143	#	LATIN CAPITAL LETTER N WITH ACUTE
-0xD2	0x0145	#	LATIN CAPITAL LETTER N WITH CEDILLA
+0xCA	0x00CA	#	LATIN CAPITAL LETTER E WITH CIRCUMFLEX
+0xCB	0x00CB	#	LATIN CAPITAL LETTER E WITH DIAERESIS
+0xCC	0x00CC	#	LATIN CAPITAL LETTER I WITH GRAVE
+0xCD	0x00CD	#	LATIN CAPITAL LETTER I WITH ACUTE
+0xCE	0x00CE	#	LATIN CAPITAL LETTER I WITH CIRCUMFLEX
+0xCF	0x00CF	#	LATIN CAPITAL LETTER I WITH DIAERESIS
+0xD0	0x00D0	#	LATIN CAPITAL LETTER ETH (Icelandic)
+0xD1	0x00D1	#	LATIN CAPITAL LETTER N WITH TILDE
+0xD2	0x00D2	#	LATIN CAPITAL LETTER O WITH GRAVE
 0xD3	0x00D3	#	LATIN CAPITAL LETTER O WITH ACUTE
-0xD4	0x014C	#	LATIN CAPITAL LETTER O WITH MACRON
+0xD4	0x00D4	#	LATIN CAPITAL LETTER O WITH CIRCUMFLEX
 0xD5	0x00D5	#	LATIN CAPITAL LETTER O WITH TILDE
 0xD6	0x00D6	#	LATIN CAPITAL LETTER O WITH DIAERESIS
 0xD7	0x00D7	#	MULTIPLICATION SIGN
-0xD8	0x0172	#	LATIN CAPITAL LETTER U WITH OGONEK
-0xD9	0x0141	#	LATIN CAPITAL LETTER L WITH STROKE
-0xDA	0x015A	#	LATIN CAPITAL LETTER S WITH ACUTE
-0xDB	0x016A	#	LATIN CAPITAL LETTER U WITH MACRON
+0xD8	0x00D8	#	LATIN CAPITAL LETTER O WITH STROKE
+0xD9	0x00D9	#	LATIN CAPITAL LETTER U WITH GRAVE
+0xDA	0x00DA	#	LATIN CAPITAL LETTER U WITH ACUTE
+0xDB	0x00DB	#	LATIN CAPITAL LETTER U WITH CIRCUMFLEX
 0xDC	0x00DC	#	LATIN CAPITAL LETTER U WITH DIAERESIS
-0xDD	0x017B	#	LATIN CAPITAL LETTER Z WITH DOT ABOVE
-0xDE	0x017D	#	LATIN CAPITAL LETTER Z WITH CARON
-0xDF	0x00DF	#	LATIN SMALL LETTER SHARP S
-0xE0	0x0105	#	LATIN SMALL LETTER A WITH OGONEK
-0xE1	0x012F	#	LATIN SMALL LETTER I WITH OGONEK
-0xE2	0x0101	#	LATIN SMALL LETTER A WITH MACRON
-0xE3	0x0107	#	LATIN SMALL LETTER C WITH ACUTE
+0xDD	0x00DD	#	LATIN CAPITAL LETTER Y WITH ACUTE
+0xDE	0x00DE	#	LATIN CAPITAL LETTER THORN (Icelandic)
+0xDF	0x00DF	#	LATIN SMALL LETTER SHARP S (German)
+0xE0	0x00E0	#	LATIN SMALL LETTER A WITH GRAVE
+0xE1	0x00E1	#	LATIN SMALL LETTER A WITH ACUTE
+0xE2	0x00E2	#	LATIN SMALL LETTER A WITH CIRCUMFLEX
+0xE3	0x00E3	#	LATIN SMALL LETTER A WITH TILDE
 0xE4	0x00E4	#	LATIN SMALL LETTER A WITH DIAERESIS
 0xE5	0x00E5	#	LATIN SMALL LETTER A WITH RING ABOVE
-0xE6	0x0119	#	LATIN SMALL LETTER E WITH OGONEK
-0xE7	0x0113	#	LATIN SMALL LETTER E WITH MACRON
-0xE8	0x010D	#	LATIN SMALL LETTER C WITH CARON
+0xE6	0x00E6	#	LATIN SMALL LETTER AE
+0xE7	0x00E7	#	LATIN SMALL LETTER C WITH CEDILLA
+0xE8	0x00E8	#	LATIN SMALL LETTER E WITH GRAVE
 0xE9	0x00E9	#	LATIN SMALL LETTER E WITH ACUTE
-0xEA	0x017A	#	LATIN SMALL LETTER Z WITH ACUTE
-0xEB	0x0117	#	LATIN SMALL LETTER E WITH DOT ABOVE
-0xEC	0x0123	#	LATIN SMALL LETTER G WITH CEDILLA
-0xED	0x0137	#	LATIN SMALL LETTER K WITH CEDILLA
-0xEE	0x012B	#	LATIN SMALL LETTER I WITH MACRON
-0xEF	0x013C	#	LATIN SMALL LETTER L WITH CEDILLA
-0xF0	0x0161	#	LATIN SMALL LETTER S WITH CARON
-0xF1	0x0144	#	LATIN SMALL LETTER N WITH ACUTE
-0xF2	0x0146	#	LATIN SMALL LETTER N WITH CEDILLA
+0xEA	0x00EA	#	LATIN SMALL LETTER E WITH CIRCUMFLEX
+0xEB	0x00EB	#	LATIN SMALL LETTER E WITH DIAERESIS
+0xEC	0x00EC	#	LATIN SMALL LETTER I WITH GRAVE
+0xED	0x00ED	#	LATIN SMALL LETTER I WITH ACUTE
+0xEE	0x00EE	#	LATIN SMALL LETTER I WITH CIRCUMFLEX
+0xEF	0x00EF	#	LATIN SMALL LETTER I WITH DIAERESIS
+0xF0	0x00F0	#	LATIN SMALL LETTER ETH (Icelandic)
+0xF1	0x00F1	#	LATIN SMALL LETTER N WITH TILDE
+0xF2	0x00F2	#	LATIN SMALL LETTER O WITH GRAVE
 0xF3	0x00F3	#	LATIN SMALL LETTER O WITH ACUTE
-0xF4	0x014D	#	LATIN SMALL LETTER O WITH MACRON
+0xF4	0x00F4	#	LATIN SMALL LETTER O WITH CIRCUMFLEX
 0xF5	0x00F5	#	LATIN SMALL LETTER O WITH TILDE
 0xF6	0x00F6	#	LATIN SMALL LETTER O WITH DIAERESIS
 0xF7	0x00F7	#	DIVISION SIGN
-0xF8	0x0173	#	LATIN SMALL LETTER U WITH OGONEK
-0xF9	0x0142	#	LATIN SMALL LETTER L WITH STROKE
-0xFA	0x015B	#	LATIN SMALL LETTER S WITH ACUTE
-0xFB	0x016B	#	LATIN SMALL LETTER U WITH MACRON
+0xF8	0x00F8	#	LATIN SMALL LETTER O WITH STROKE
+0xF9	0x00F9	#	LATIN SMALL LETTER U WITH GRAVE
+0xFA	0x00FA	#	LATIN SMALL LETTER U WITH ACUTE
+0xFB	0x00FB	#	LATIN SMALL LETTER U WITH CIRCUMFLEX
 0xFC	0x00FC	#	LATIN SMALL LETTER U WITH DIAERESIS
-0xFD	0x017C	#	LATIN SMALL LETTER Z WITH DOT ABOVE
-0xFE	0x017E	#	LATIN SMALL LETTER Z WITH CARON
-0xFF	0x2019	#	RIGHT SINGLE QUOTATION MARK
+0xFD	0x00FD	#	LATIN SMALL LETTER Y WITH ACUTE
+0xFE	0x00FE	#	LATIN SMALL LETTER THORN (Icelandic)
+0xFF	0x00FF	#	LATIN SMALL LETTER Y WITH DIAERESIS
diff --git a/source/config.guess b/source/config.guess
index adea47180fc..c339a949429 100755
--- a/source/config.guess
+++ b/source/config.guess
@@ -1,7 +1,10 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc.
-#
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+#   Free Software Foundation, Inc.
+
+timestamp='2001-06-29'
+
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
@@ -22,72 +25,277 @@
 # the same distribution terms that you use for the rest of that program.
 
 # Written by Per Bothner <bothner@cygnus.com>.
-# The master version of this file is at the FSF in /home/gd/gnu/lib.
+# Please send patches to <config-patches@gnu.org>.
 #
 # This script attempts to guess a canonical system name similar to
 # config.sub.  If it succeeds, it prints the system name on stdout, and
 # exits with 0.  Otherwise, it exits with 1.
 #
 # The plan is that this can be called by configure scripts if you
-# don't specify an explicit system type (host/target name).
-#
-# Only a few systems have been added to this list; please add others
-# (but try to keep the structure clean).
-#
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+
+dummy=dummy-$$
+trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script.
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int dummy(){}" > $dummy.c ;
+	for c in cc gcc c89 ; do
+	  ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ;
+	  if test $? = 0 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	rm -f $dummy.c $dummy.o $dummy.rel ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac'
 
 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 8/24/94.)
+# (ghazi@noc.rutgers.edu 1994-08-24)
 if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
 	PATH=$PATH:/.attbin ; export PATH
 fi
 
 UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
 UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
 UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
 
-trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15
-
 # Note: order is significant - the case branches are not exclusive.
 
 case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
-    news*:NEWS-OS:6.*:*)
-        echo mips-sony-newsos6
-        exit 0 ;;
+    *:NetBSD:*:*)
+	# Netbsd (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	# Determine the machine/vendor (is the vendor relevant).
+	case "${UNAME_MACHINE}" in
+	    amiga) machine=m68k-unknown ;;
+	    arm32) machine=arm-unknown ;;
+	    atari*) machine=m68k-atari ;;
+	    sun3*) machine=m68k-sun ;;
+	    mac68k) machine=m68k-apple ;;
+	    macppc) machine=powerpc-apple ;;
+	    hp3[0-9][05]) machine=m68k-hp ;;
+	    ibmrt|romp-ibm) machine=romp-ibm ;;
+	    *) machine=${UNAME_MACHINE}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE}" in
+	    i386|sparc|amiga|arm*|hp300|mvme68k|vax|atari|luna68k|mac68k|news68k|next68k|pc532|sun3*|x68k)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit 0 ;;
     alpha:OSF1:*:*)
+	if test $UNAME_RELEASE = "V4.0"; then
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+	fi
 	# A Vn.n version is a released version.
 	# A Tn.n version is a released field test version.
 	# A Xn.n version is an unreleased experimental baselevel.
 	# 1.2 uses "1.2" for uname -r.
-	echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'`
+	cat <<EOF >$dummy.s
+	.data
+\$Lformat:
+	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
+
+	.text
+	.globl main
+	.align 4
+	.ent main
+main:
+	.frame \$30,16,\$26,0
+	ldgp \$29,0(\$27)
+	.prologue 1
+	.long 0x47e03d80 # implver \$0
+	lda \$2,-1
+	.long 0x47e20c21 # amask \$2,\$1
+	lda \$16,\$Lformat
+	mov \$0,\$17
+	not \$1,\$18
+	jsr \$26,printf
+	ldgp \$29,0(\$26)
+	mov 0,\$16
+	jsr \$26,exit
+	.end main
+EOF
+	eval $set_cc_for_build
+	$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
+	if test "$?" = 0 ; then
+		case `./$dummy` in
+			0-0)
+				UNAME_MACHINE="alpha"
+				;;
+			1-0)
+				UNAME_MACHINE="alphaev5"
+				;;
+			1-1)
+				UNAME_MACHINE="alphaev56"
+				;;
+			1-101)
+				UNAME_MACHINE="alphapca56"
+				;;
+			2-303)
+				UNAME_MACHINE="alphaev6"
+				;;
+			2-307)
+				UNAME_MACHINE="alphaev67"
+				;;
+		esac
+	fi
+	rm -f $dummy.s $dummy
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit 0 ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
 	exit 0 ;;
     21064:Windows_NT:50:3)
 	echo alpha-dec-winnt3.5
 	exit 0 ;;
     Amiga*:UNIX_System_V:4.0:*)
-	echo m68k-cbm-sysv4
+	echo m68k-unknown-sysv4
 	exit 0;;
-    amiga:NetBSD:*:*)
-      echo m68k-cbm-netbsd${UNAME_RELEASE}
-      exit 0 ;;
     amiga:OpenBSD:*:*)
-      echo m68k-cbm-openbsd${UNAME_RELEASE}
-      exit 0 ;;
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit 0 ;;
+    arc64:OpenBSD:*:*)
+	echo mips64el-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    hkmips:OpenBSD:*:*)
+	echo mips-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    pmax:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sgi:OpenBSD:*:*)
+	echo mips-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    wgrisc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit 0 ;;
     arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
 	echo arm-acorn-riscix${UNAME_RELEASE}
 	exit 0;;
-    Pyramid*:OSx*:*:*)
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit 0;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
 	if test "`(/bin/universe) 2>/dev/null`" = att ; then
 		echo pyramid-pyramid-sysv3
 	else
 		echo pyramid-pyramid-bsd
 	fi
 	exit 0 ;;
-    sun4*:SunOS:5.*:*)
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit 0 ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
 	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit 0 ;;
     i86pc:SunOS:5.*:*)
-	echo i386-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit 0 ;;
     sun4*:SunOS:6*:*)
 	# According to config.sub, this is the proper way to canonicalize
@@ -107,26 +315,67 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     sun3*:SunOS:*:*)
 	echo m68k-sun-sunos${UNAME_RELEASE}
 	exit 0 ;;
-    atari*:NetBSD:*:*)
-	echo m68k-atari-netbsd${UNAME_RELEASE}
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
 	exit 0 ;;
-    atari*:OpenBSD:*:*)
-	echo m68k-atari-openbsd${UNAME_RELEASE}
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
 	exit 0 ;;
-    sun3*:NetBSD:*:*)
-	echo m68k-sun-netbsd${UNAME_RELEASE}
+    atari*:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit 0 ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
 	exit 0 ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit 0 ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit 0 ;;
     sun3*:OpenBSD:*:*)
-	echo m68k-sun-openbsd${UNAME_RELEASE}
-	exit 0 ;;
-    mac68k:NetBSD:*:*)
-	echo m68k-apple-netbsd${UNAME_RELEASE}
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
     mac68k:OpenBSD:*:*)
-	echo m68k-apple-openbsd${UNAME_RELEASE}
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
-	Power*:Darwin:*:*)
-	echo powerpc-apple-darwin${UNAME_RELEASE}
+    mvme88k:OpenBSD:*:*)
+	echo m88k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit 0 ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
 	exit 0 ;;
     RISC*:ULTRIX:*:*)
 	echo mips-dec-ultrix${UNAME_RELEASE}
@@ -134,12 +383,41 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     VAX*:ULTRIX*:*:*)
 	echo vax-dec-ultrix${UNAME_RELEASE}
 	exit 0 ;;
-    mips:*:4*:UMIPS)
-	echo mips-mips-riscos4sysv
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
 	exit 0 ;;
-    mips:*:5*:RISCos)
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	eval $set_cc_for_build
+	$CC_FOR_BUILD $dummy.c -o $dummy \
+	  && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+	  && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
 	echo mips-mips-riscos${UNAME_RELEASE}
 	exit 0 ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit 0 ;;
     Night_Hawk:Power_UNIX:*:*)
 	echo powerpc-harris-powerunix
 	exit 0 ;;
@@ -155,15 +433,18 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     AViiON:dgux:*:*)
         # DG/UX returns AViiON for all architectures
         UNAME_PROCESSOR=`/usr/bin/uname -p`
-        if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then
-	if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \
-	     -o ${TARGET_BINARY_INTERFACE}x = x ] ; then
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
 		echo m88k-dg-dgux${UNAME_RELEASE}
-	else
+	    else
 		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
 	fi
-        else echo i586-dg-dgux${UNAME_RELEASE}
-        fi
  	exit 0 ;;
     M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
 	echo m88k-dolphin-sysv3
@@ -181,15 +462,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
     *:IRIX*:*:*)
 	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
 	exit 0 ;;
-   ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
 	echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
 	exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
-    i[34]86:AIX:*:*)
+    i*86:AIX:*:*)
 	echo i386-ibm-aix
 	exit 0 ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit 0 ;;
     *:AIX:2:3)
 	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
-		sed 's/^		//' << EOF >dummy.c
+		sed 's/^		//' << EOF >$dummy.c
 		#include <sys/systemcfg.h>
 
 		main()
@@ -200,8 +489,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
 			exit(0);
 			}
 EOF
-		${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
-		rm -f dummy.c dummy
+		eval $set_cc_for_build
+		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
+		rm -f $dummy.c $dummy
 		echo rs6000-ibm-aix3.2.5
 	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
 		echo rs6000-ibm-aix3.2.4
@@ -209,8 +499,9 @@ EOF
 		echo rs6000-ibm-aix3.2
 	fi
 	exit 0 ;;
-    *:AIX:*:4)
-	if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
 		IBM_ARCH=rs6000
 	else
 		IBM_ARCH=powerpc
@@ -218,7 +509,7 @@ EOF
 	if [ -x /usr/bin/oslevel ] ; then
 		IBM_REV=`/usr/bin/oslevel`
 	else
-		IBM_REV=4.${UNAME_RELEASE}
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
 	fi
 	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
 	exit 0 ;;
@@ -228,8 +519,8 @@ EOF
     ibmrt:4.4BSD:*|romp-ibm:BSD:*)
 	echo romp-ibm-bsd4.4
 	exit 0 ;;
-    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC NetBSD and
-	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to 
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
 	exit 0 ;;                           # report: romp-ibm BSD 4.3
     *:BOSX:*:*)
 	echo rs6000-bull-bosx
@@ -243,18 +534,76 @@ EOF
     hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
 	echo m68k-hp-bsd4.4
 	exit 0 ;;
-    9000/[3478]??:HP-UX:*:*)
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "${UNAME_MACHINE}" in
 	    9000/31? )            HP_ARCH=m68000 ;;
 	    9000/[34]?? )         HP_ARCH=m68k ;;
-	    9000/7?? | 9000/8?[679] ) HP_ARCH=hppa1.1 ;;
-	    9000/8?? )            HP_ARCH=hppa1.0 ;;
+	    9000/[678][0-9][0-9])
+              case "${HPUX_REV}" in
+                11.[0-9][0-9])
+                  if [ -x /usr/bin/getconf ]; then
+                    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+                        esac ;;
+                    esac
+                  fi ;;
+              esac
+              if [ "${HP_ARCH}" = "" ]; then
+              sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+	eval $set_cc_for_build
+	(CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null ) && HP_ARCH=`./$dummy`
+	if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
+	rm -f $dummy.c $dummy
+	fi ;;
 	esac
-	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
 	exit 0 ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit 0 ;;
     3050*:HI-UX:*:*)
-	sed 's/^	//' << EOF >dummy.c
+	sed 's/^	//' << EOF >$dummy.c
 	#include <unistd.h>
 	int
 	main ()
@@ -279,8 +628,9 @@ EOF
 	  exit (0);
 	}
 EOF
-	${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0
-	rm -f dummy.c dummy
+	eval $set_cc_for_build
+	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
 	echo unknown-hitachi-hiuxwe2
 	exit 0 ;;
     9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@@ -289,15 +639,28 @@ EOF
     9000/8??:4.3bsd:*:*)
 	echo hppa1.0-hp-bsd
 	exit 0 ;;
+    *9??*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit 0 ;;
     hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
 	echo hppa1.1-hp-osf
 	exit 0 ;;
     hp8??:OSF1:*:*)
 	echo hppa1.0-hp-osf
 	exit 0 ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit 0 ;;
     parisc*:Lites*:*:*)
 	echo hppa1.1-hp-lites
 	exit 0 ;;
+    hppa*:OpenBSD:*:*)
+	echo hppa-unknown-openbsd
+	exit 0 ;;
     C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
 	echo c1-convex-bsd
         exit 0 ;;
@@ -316,126 +679,256 @@ EOF
     C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
 	echo c4-convex-bsd
         exit 0 ;;
-    CRAY*T3E:*:*:*)
-        echo t3e-cray-unicos_mk
-        exit 0 ;;
     CRAY*X-MP:*:*:*)
 	echo xmp-cray-unicos
         exit 0 ;;
     CRAY*Y-MP:*:*:*)
 	echo ymp-cray-unicos${UNAME_RELEASE}
 	exit 0 ;;
-    CRAY*C90:*:*:*)
-	echo c90-cray-unicos${UNAME_RELEASE}
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/
 	exit 0 ;;
     CRAY*TS:*:*:*)
-	echo t90-cray-unicos${UNAME_RELEASE}
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3D:*:*:*)
+	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
 	exit 0 ;;
     CRAY-2:*:*:*)
 	echo cray2-cray-unicos
         exit 0 ;;
-    hp3[0-9][05]:NetBSD:*:*)
-	echo m68k-hp-netbsd${UNAME_RELEASE}
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit 0 ;;
+    hp300:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
 	exit 0 ;;
-    hp3[0-9][05]:OpenBSD:*:*)
-	echo m68k-hp-openbsd${UNAME_RELEASE}
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
 	exit 0 ;;
-    i[34]86:BSD/386:*:* | *:BSD/OS:*:*)
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:BSD/OS:*:*)
 	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
 	exit 0 ;;
     *:FreeBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
 	exit 0 ;;
-    *:NetBSD:*:*)
-	echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
-	exit 0 ;;
     *:OpenBSD:*:*)
 	echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
 	exit 0 ;;
-    *:QNX:*:4*)
-       echo i386-qnx-qnx4 
-       exit 0 ;;
     i*:CYGWIN*:*)
-	echo i386-unknown-cygwin32
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit 0 ;;
+    i*:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit 0 ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit 0 ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i386-pc-interix
+	exit 0 ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
 	exit 0 ;;
     p*:CYGWIN*:*)
-	echo powerpcle-unknown-cygwin32
+	echo powerpcle-unknown-cygwin
 	exit 0 ;;
     prep*:SunOS:5.*:*)
 	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
 	exit 0 ;;
     *:GNU:*:*)
-	echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
 	exit 0 ;;
-    *:Linux:*:*)
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit 0 ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux
+	exit 0 ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    mips:Linux:*:*)
+	case `sed -n '/^byte/s/^.*: \(.*\) endian/\1/p' < /proc/cpuinfo` in
+	  big)    echo mips-unknown-linux-gnu && exit 0 ;;
+	  little) echo mipsel-unknown-linux-gnu && exit 0 ;;
+	esac
+	;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit 0 ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev67 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit 0 ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit 0 ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit 0 ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit 0 ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit 0 ;;
+    i*86:Linux:*:*)
 	# The BFD linker knows what the default object file format is, so
-	# first see if it will tell us.
-	ld_help_string=`ld --help 2>&1`
-	if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i[345]86"; then
-	  echo "${UNAME_MACHINE}-unknown-linux" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i[345]86linux"; then
-	  echo "${UNAME_MACHINE}-unknown-linuxaout" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i[345]86coff"; then
-	  echo "${UNAME_MACHINE}-unknown-linuxcoff" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then
-	  echo "${UNAME_MACHINE}-unknown-linux" ; exit 0
-	elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then
-	  echo "${UNAME_MACHINE}-unknown-linuxaout" ; exit 0
-	elif test "${UNAME_MACHINE}" = "alpha" ; then
-	  echo alpha-unknown-linux ; exit 0
-	else
-	  # Either a pre-BFD a.out linker (linuxoldld) or one that does not give us
-	  # useful --help.  Gcc wants to distinguish between linuxoldld and linuxaout.
-	  test ! -d /usr/lib/ldscripts/. \
-	    && echo "${UNAME_MACHINE}-unknown-linuxoldld" && exit 0
-	  # Determine whether the default compiler is a.out or elf
-	  cat >dummy.c <<EOF
-main(argc, argv)
-int argc;
-char *argv[];
-{
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	ld_supported_targets=`cd /; ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit 0 ;;		
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit 0 ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit 0 ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	cat >$dummy.c <<EOF
+#include <features.h>
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
 #ifdef __ELF__
-  printf ("%s-unknown-linux\n", argv[1]);
+# ifdef __GLIBC__
+#  if __GLIBC__ >= 2
+    printf ("%s-pc-linux-gnu\n", argv[1]);
+#  else
+    printf ("%s-pc-linux-gnulibc1\n", argv[1]);
+#  endif
+# else
+   printf ("%s-pc-linux-gnulibc1\n", argv[1]);
+# endif
 #else
-  printf ("%s-unknown-linuxaout\n", argv[1]);
+  printf ("%s-pc-linux-gnuaout\n", argv[1]);
 #endif
   return 0;
 }
 EOF
-	  ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0
-	  rm -f dummy.c dummy
-	fi ;;
-# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.  earlier versions
-# are messed up and put the nodename in both sysname and nodename.
-    i[34]86:DYNIX/ptx:4*:*)
+	eval $set_cc_for_build
+	$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
+	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
 	echo i386-sequent-sysv4
 	exit 0 ;;
-    i[34]86:*:4.*:* | i[34]86:SYSTEM_V:4.*:*)
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit 0 ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
 	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
-		echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE}
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
 	else
-		echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
 	fi
 	exit 0 ;;
-    i[34]86:*:3.2:*)
+    i*86:*:5:[78]*)
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit 0 ;;
+    i*86:*:3.2:*)
 	if test -f /usr/options/cb.name; then
 		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
-		echo ${UNAME_MACHINE}-unknown-isc$UNAME_REL
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
 	elif /bin/uname -X 2>/dev/null >/dev/null ; then
 		UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
 		(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
 		(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
 			&& UNAME_MACHINE=i586
-		echo ${UNAME_MACHINE}-unknown-sco$UNAME_REL
+		(/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
 	else
-		echo ${UNAME_MACHINE}-unknown-sysv32
+		echo ${UNAME_MACHINE}-pc-sysv32
 	fi
 	exit 0 ;;
-    *:UnixWare:*:* | *:OpenUNIX:*:*)
-	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
 	exit 0 ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit 0 ;;
     Intel:Mach:3*:*)
-	echo i386-unknown-mach3
+	echo i386-pc-mach3
 	exit 0 ;;
     paragon:*:*:*)
 	echo i860-intel-osf1
@@ -451,30 +944,42 @@ EOF
 	# "miniframe"
 	echo m68010-convergent-sysv
 	exit 0 ;;
-    M680[234]0:*:R3V[567]*:*)
+    M68*:*:R3V[567]*:*)
 	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
-    3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0)
-        uname -p 2>/dev/null | grep 86 >/dev/null \
-          && echo i486-ncr-sysv4.3 && exit 0
-        uname -p 2>/dev/null | grep entium >/dev/null \
-          && echo i586-ncr-sysv4.3 && exit 0 ;;
+    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
     3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
-        uname -p 2>/dev/null | grep 86 >/dev/null \
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
           && echo i486-ncr-sysv4 && exit 0 ;;
-    m680[234]0:LynxOS:2.[23]*:*)
-	echo m68k-lynx-lynxos${UNAME_RELEASE}
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
 	exit 0 ;;
     mc68030:UNIX_System_V:4.*:*)
 	echo m68k-atari-sysv4
 	exit 0 ;;
-    i[34]86:LynxOS:2.[23]*:*)
-	echo i386-lynx-lynxos${UNAME_RELEASE}
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
 	exit 0 ;;
-    TSUNAMI:LynxOS:2.[23]*:*)
-	echo sparc-lynx-lynxos${UNAME_RELEASE}
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
 	exit 0 ;;
-    rs6000:LynxOS:2.[23]*:*)
-	echo rs6000-lynx-lynxos${UNAME_RELEASE}
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
 	exit 0 ;;
     RM*:SINIX-*:*:*)
 	echo mips-sni-sysv4
@@ -487,25 +992,117 @@ EOF
 		echo ns32k-sni-sysv
 	fi
 	exit 0 ;;
-	*:ReliantUNIX-*:*:*)
-	echo mips-sni-sysv4
+    PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                           # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit 0 ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit 0 ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
 	exit 0 ;;
     mc68*:A/UX:*:*)
 	echo m68k-apple-aux${UNAME_RELEASE}
 	exit 0 ;;
-    R3000:*System_V*:*:*)
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit 0 ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
 	if [ -d /usr/nec ]; then
 	        echo mips-nec-sysv${UNAME_RELEASE}
 	else
 	        echo mips-unknown-sysv${UNAME_RELEASE}
 	fi
         exit 0 ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit 0 ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit 0 ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit 0 ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Darwin:*:*)
+	echo `uname -p`-apple-darwin${UNAME_RELEASE}
+	exit 0 ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	if test "${UNAME_MACHINE}" = "x86pc"; then
+		UNAME_MACHINE=pc
+	fi
+	echo `uname -p`-${UNAME_MACHINE}-nto-qnx
+	exit 0 ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit 0 ;;
+    NSR-[KW]:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit 0 ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit 0 ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit 0 ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit 0 ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit 0 ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit 0 ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit 0 ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit 0 ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit 0 ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit 0 ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit 0 ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit 0 ;;
 esac
 
 #echo '(No uname command or uname output not recognized.)' 1>&2
 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
 
-cat >dummy.c <<EOF
+cat >$dummy.c <<EOF
 #ifdef _SEQUENT_
 # include <sys/types.h>
 # include <sys/utsname.h>
@@ -543,7 +1140,10 @@ main ()
 #endif
   int version;
   version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
-  printf ("%s-next-nextstep%s\n", __ARCHITECTURE__,  version==2 ? "2" : "3");
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
   exit (0);
 #endif
 
@@ -560,7 +1160,7 @@ main ()
 #endif
 
 #if defined (__386BSD__)
-  printf ("i386-unknown-bsd\n"); exit (0);
+  printf ("i386-pc-bsd\n"); exit (0);
 #endif
 
 #if defined (sequent)
@@ -588,11 +1188,24 @@ main ()
 #endif
 
 #if defined (vax)
-#if !defined (ultrix)
-  printf ("vax-dec-bsd\n"); exit (0);
-#else
-  printf ("vax-dec-ultrix\n"); exit (0);
-#endif
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
 #endif
 
 #if defined (alliant) && defined (i860)
@@ -603,8 +1216,9 @@ main ()
 }
 EOF
 
-${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0
-rm -f dummy.c dummy
+eval $set_cc_for_build
+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0
+rm -f $dummy.c $dummy
 
 # Apollos put the system type in the environment.
 
@@ -636,6 +1250,48 @@ then
     esac
 fi
 
-#echo '(Unable to guess system type)' 1>&2
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+    ftp://ftp.gnu.org/pub/gnu/config/
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
 
 exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/source/config.sub b/source/config.sub
index 8f8f708aca9..578b302738e 100755
--- a/source/config.sub
+++ b/source/config.sub
@@ -1,9 +1,13 @@
 #! /bin/sh
-# Configuration validation subroutine script, version 1.1.
-#   Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996 Free Software Foundation, Inc.
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+#   Free Software Foundation, Inc.
+
+timestamp='2001-06-08'
+
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
-# can handle that machine.  It does not imply ALL GNU software can. 
+# can handle that machine.  It does not imply ALL GNU software can.
 #
 # This file is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -25,6 +29,8 @@
 # configuration script generated by Autoconf, you may include it under
 # the same distribution terms that you use for the rest of that program.
 
+# Please send patches to <config-patches@gnu.org>.
+#
 # Configuration subroutine to validate and canonicalize a configuration type.
 # Supply the specified configuration type as an argument.
 # If it is invalid, we print an error message on stderr and exit with code 1.
@@ -41,32 +47,87 @@
 # The goal of this file is to map all the various variations of a given
 # machine specification into a single specification in the form:
 #	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
 # It is wrong to echo any other type of specification.
 
-if [ x$1 = x ]
-then
-	echo Configuration name missing. 1>&2
-	echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
-	echo "or     $0 ALIAS" 1>&2
-	echo where ALIAS is a recognized configuration type. 1>&2
-	exit 1
-fi
+me=`echo "$0" | sed -e 's,.*/,,'`
 
-# First pass through any local machine types.
-case $1 in
-	*local*)
-		echo $1
-		exit 0
-		;;
-	*)
-	;;
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit 0;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
 esac
 
-# Separate what the user gave into CPU-COMPANY and OS (if any).
-basic_machine=`echo $1 | sed 's/-[^-]*$//'`
-if [ $basic_machine != $1 ]
-then os=`echo $1 | sed 's/.*-/-/'`
-else os=; fi
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
 
 ### Let's recognize common machines as not being operating systems so
 ### that things like config.sub decstation-3100 work.  We also
@@ -81,52 +142,64 @@ case $os in
 	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
 	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
 	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp )
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis)
 		os=
 		basic_machine=$1
 		;;
-	-sim | -cisco | -oki | -wec | -winbond )	# CYGNUS LOCAL
+	-sim | -cisco | -oki | -wec | -winbond)
 		os=
 		basic_machine=$1
 		;;
-	-apple*)					# CYGNUS LOCAL
-		os=
-		basic_machine=$1
+	-scout)
 		;;
-	-scout)						# CYGNUS LOCAL
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
 		;;
-	-wrs)						# CYGNUS LOCAL
-		os=vxworks
+	-chorusos*)
+		os=-chorusos
 		basic_machine=$1
 		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
 	-hiux*)
 		os=-hiuxwe2
 		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
 	-sco4)
 		os=-sco3.2v4
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-unknown/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-sco3.2.[4-9]*)
 		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-unknown/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-sco3.2v[4-9]*)
 		# Don't forget version if it is 3.2v4 or newer.
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-unknown/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-sco*)
 		os=-sco3.2v2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-unknown/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-isc)
 		os=-isc2.2
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-unknown/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-clix*)
 		basic_machine=clipper-intergraph
 		;;
 	-isc*)
-		basic_machine=`echo $1 | sed -e 's/86-.*/86-unknown/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
 		;;
 	-lynx*)
 		os=-lynxos
@@ -137,50 +210,90 @@ case $os in
 	-windowsnt*)
 		os=`echo $os | sed -e 's/windowsnt/winnt/'`
 		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
 esac
 
 # Decode aliases for certain CPU-COMPANY combinations.
 case $basic_machine in
 	# Recognize the basic CPU types without company name.
 	# Some are omitted here because they have special meanings below.
-	tahoe | i[345]86 | i860 | m68k | m68000 | m88k | ns32k | arm | armeb \
-		| armel | pyramid \
-		| tron | a29k | 580 | i960 | h8300 | hppa1.0 | hppa1.1 \
-		| alpha | we32k | ns16k | clipper | sparclite | i370 | s390 | sh \
-		| powerpc | powerpcle | sparc64 | 1750a | dsp16xx | mips64 | mipsel \
-		| pdp11 | mips64el | mips64orion | mips64orionel \
-		| sparc | sparc8 | supersparc | microsparc | ultrasparc)
+	tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \
+	        | arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \
+		| pyramid | mn10200 | mn10300 | tron | a29k \
+		| 580 | i960 | h8300 \
+		| x86 | ppcbe | mipsbe | mipsle | shbe | shle \
+		| hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
+		| hppa64 \
+		| alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
+		| alphaev6[78] \
+		| we32k | ns16k | clipper | i370 | sh | sh[34] \
+		| powerpc | powerpcle \
+		| 1750a | dsp16xx | pdp10 | pdp11 \
+		| mips16 | mips64 | mipsel | mips64el \
+		| mips64orion | mips64orionel | mipstx39 | mipstx39el \
+		| mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
+		| mips64vr5000 | mips64vr5000el | mcore | s390 | s390x \
+		| sparc | sparclet | sparclite | sparc64 | sparcv9 | sparcv9b \
+		| v850 | c4x \
+		| thumb | d10v | d30v | fr30 | avr | openrisc | tic80 \
+		| pj | pjl | h8500 | z8k)
 		basic_machine=$basic_machine-unknown
 		;;
-	m88110 | m680[012346]0 | m683?2 | m68360 | z8k | v70 | h8500 | w65) # CYGNUS LOCAL
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
 		basic_machine=$basic_machine-unknown
+		os=-none
 		;;
-	mips64vr4300 | mips64vr4300el) # CYGNUS LOCAL jsmith
-		basic_machine=$basic_machine-unknown
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
 		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
 	# Object if more than one company name word.
 	*-*-*)
 		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
 		exit 1
 		;;
 	# Recognize the basic CPU types with company name.
-	vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \
-	      | sparc-* | ns32k-* | fx80-* | arm-* | arme[lb]-* | c[123]* \
-	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \
-	      | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \
-	      | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \
-	      | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \
-	      | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* \
-	      | mips64-* | mipsel-* | mips64el-* | mips64orion-* \
-	      | mips64orionel-* | sparc8-* | supersparc-* | microsparc-* | ultrasparc-*)
-		;;
-	m88110-* | m680[012346]0-* | m683?2-* | m68360-* | z8k-* | h8500-*) # CYGNUS LOCAL
-		;;
-	mips64vr4300-* | mips64vr4300el-*) # CYGNUS LOCAL jsmith
+	# FIXME: clean up the formatting here.
+	vax-* | tahoe-* | i*86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
+	      | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \
+	      | arm-*  | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \
+	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
+	      | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
+	      | xmp-* | ymp-* \
+	      | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \
+	      | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
+	      | hppa2.0n-* | hppa64-* \
+	      | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
+	      | alphaev6[78]-* \
+	      | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
+	      | clipper-* | orion-* \
+	      | sparclite-* | pdp10-* | pdp11-* | sh-* | sh[34]-* | sh[34]eb-* \
+	      | powerpc-* | powerpcle-* | sparc64-* | sparcv9-* | sparcv9b-* | sparc86x-* \
+	      | mips16-* | mips64-* | mipsel-* \
+	      | mips64el-* | mips64orion-* | mips64orionel-* \
+	      | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
+	      | mipstx39-* | mipstx39el-* | mcore-* \
+	      | f30[01]-* | f700-* | s390-* | s390x-* | sv1-* | t3e-* \
+	      | [cjt]90-* \
+	      | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
+	      | thumb-* | v850-* | d30v-* | tic30-* | tic80-* | c30-* | fr30-* \
+	      | bs2000-* | tic54x-* | c54x-* | x86_64-* | pj-* | pjl-*)
 		;;
 	# Recognize the various machine names and aliases which stand
 	# for a CPU type and a company and sometimes even an OS.
-	386bsd)						# CYGNUS LOCAL
+	386bsd)
 		basic_machine=i386-unknown
 		os=-bsd
 		;;
@@ -190,11 +303,11 @@ case $basic_machine in
 	3b*)
 		basic_machine=we32k-att
 		;;
-	a29khif)					# CYGNUS LOCAL
+	a29khif)
 		basic_machine=a29k-amd
 		os=-udi
 		;;
-	adobe68k)					# CYGNUS LOCAL
+	adobe68k)
 		basic_machine=m68010-adobe
 		os=-scout
 		;;
@@ -213,40 +326,32 @@ case $basic_machine in
 		os=-sysv
 		;;
 	amiga | amiga-*)
-		basic_machine=m68k-cbm
+		basic_machine=m68k-unknown
 		;;
-	amigados)
-		basic_machine=m68k-cbm
-		os=-amigados
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
 		;;
 	amigaunix | amix)
-		basic_machine=m68k-cbm
+		basic_machine=m68k-unknown
 		os=-sysv4
 		;;
 	apollo68)
 		basic_machine=m68k-apollo
 		os=-sysv
 		;;
-	apollo68bsd)					# CYGNUS LOCAL
+	apollo68bsd)
 		basic_machine=m68k-apollo
 		os=-bsd
 		;;
-	arm | armel | armeb)
-		basic_machine=arm-arm
-		os=-aout
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
 		;;
 	balance)
 		basic_machine=ns32k-sequent
 		os=-dynix
 		;;
-	[ctj]90-cray)
-		basic_machine=c90-cray
-		os=-unicos
-		;;
-	t3e-cray)
-		basic_machine=t3e-cray
-		os=-unicos_mk
-		;;
 	convex-c1)
 		basic_machine=c1-convex
 		os=-bsd
@@ -275,9 +380,16 @@ case $basic_machine in
 		basic_machine=cray2-cray
 		os=-unicos
 		;;
+	[cjt]90)
+		basic_machine=${basic_machine}-cray
+		os=-unicos
+		;;
 	crds | unos)
 		basic_machine=m68k-crds
 		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
 	da30 | da30-*)
 		basic_machine=m68k-da30
 		;;
@@ -311,7 +423,7 @@ case $basic_machine in
 	encore | umax | mmax)
 		basic_machine=ns32k-encore
 		;;
-	es1800 | OSE68k | ose68k | ose | OSE)		# CYGNUS LOCAL
+	es1800 | OSE68k | ose68k | ose | OSE)
 		basic_machine=m68k-ericsson
 		os=-ose
 		;;
@@ -325,6 +437,10 @@ case $basic_machine in
 		basic_machine=tron-gmicro
 		os=-sysv
 		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
 	h3050r* | hiux*)
 		basic_machine=hppa1.1-hitachi
 		os=-hiuxwe2
@@ -333,11 +449,11 @@ case $basic_machine in
 		basic_machine=h8300-hitachi
 		os=-hms
 		;;
-	h8300xray)					# CYGNUS LOCAL
+	h8300xray)
 		basic_machine=h8300-hitachi
 		os=-xray
 		;;
-	h8500hms)					# CYGNUS LOCAL
+	h8500hms)
 		basic_machine=h8500-hitachi
 		os=-hms
 		;;
@@ -356,71 +472,74 @@ case $basic_machine in
 		basic_machine=m68k-hp
 		os=-hpux
 		;;
-        w89k-*)						# CYGNUS LOCAL
-                basic_machine=hppa1.1-winbond
-                os=-proelf
-                ;;
-        op50n-*)					# CYGNUS LOCAL
-                basic_machine=hppa1.1-oki
-                os=-proelf
-                ;;
-        op60c-*)					# CYGNUS LOCAL
-                basic_machine=hppa1.1-oki
-                os=-proelf
-                ;;
-        hppro)						# CYGNUS LOCAL
-                basic_machine=hppa1.1-hp
-                os=-proelf
-                ;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
 	hp9k2[0-9][0-9] | hp9k31[0-9])
 		basic_machine=m68000-hp
 		;;
 	hp9k3[2-9][0-9])
 		basic_machine=m68k-hp
 		;;
-	hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
 		basic_machine=hppa1.1-hp
 		;;
 	hp9k8[0-9][0-9] | hp8[0-9][0-9])
 		basic_machine=hppa1.0-hp
 		;;
-	hppaosf)					# CYGNUS LOCAL
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
 		basic_machine=hppa1.1-hp
 		os=-osf
 		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
 	i370-ibm* | ibm*)
 		basic_machine=i370-ibm
-		os=-mvs
 		;;
 # I'm not sure what "Sysv32" means.  Should this be sysv3.2?
-	i[3456]86v32)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-unknown/'`
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv32
 		;;
-	i[3456]86v4*)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-unknown/'`
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv4
 		;;
-	i[3456]86v)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-unknown/'`
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-sysv
 		;;
-	i[3456]86sol2)
-		basic_machine=`echo $1 | sed -e 's/86.*/86-unknown/'`
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
 		os=-solaris2
 		;;
-	i386mach)					# CYGNUS LOCAL
+	i386mach)
 		basic_machine=i386-mach
 		os=-mach
 		;;
-	i386-vsta | vsta)				# CYGNUS LOCAL
+	i386-vsta | vsta)
 		basic_machine=i386-unknown
 		os=-vsta
 		;;
-	i386-go32 | go32)				# CYGNUS LOCAL
-		basic_machine=i386-unknown
-		os=-go32
-		;;
 	iris | iris4d)
 		basic_machine=mips-sgi
 		case $os in
@@ -446,31 +565,59 @@ case $basic_machine in
 		basic_machine=ns32k-utek
 		os=-sysv
 		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
 	miniframe)
 		basic_machine=m68000-convergent
 		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsel*-linux*)
+		basic_machine=mipsel-unknown
+		os=-linux-gnu
+		;;
+	mips*-linux*)
+		basic_machine=mips-unknown
+		os=-linux-gnu
+		;;
 	mips3*-*)
 		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
 		;;
 	mips3*)
 		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
 		;;
-	monitor)					# CYGNUS LOCAL
+	mmix*)
+		basic_machine=mmix-knuth
+		os=-mmixware
+		;;
+	monitor)
 		basic_machine=m68k-rom68k
 		os=-coff
 		;;
-	msdos)						# CYGNUS LOCAL
-		basic_machine=i386-unknown	
+	msdos)
+		basic_machine=i386-pc
 		os=-msdos
 		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
 	ncr3000)
 		basic_machine=i486-ncr
 		os=-sysv4
 		;;
 	netbsd386)
-		basic_machine=i386-unknown		# CYGNUS LOCAL
+		basic_machine=i386-unknown
 		os=-netbsd
 		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
 	news | news700 | news800 | news900)
 		basic_machine=m68k-sony
 		os=-newsos
@@ -483,7 +630,7 @@ case $basic_machine in
 		basic_machine=mips-sony
 		os=-newsos
 		;;
-	necv70)						# CYGNUS LOCAL
+	necv70)
 		basic_machine=v70-nec
 		os=-sysv
 		;;
@@ -512,14 +659,29 @@ case $basic_machine in
 		basic_machine=i960-intel
 		os=-nindy
 		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
 	np1)
 		basic_machine=np1-gould
 		;;
-	OSE68000 | ose68000)				# CYGNUS LOCAL
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	OSE68000 | ose68000)
 		basic_machine=m68000-ericsson
 		os=-ose
 		;;
-	os68k)						# CYGNUS LOCAL
+	os68k)
 		basic_machine=m68k-none
 		os=-os68k
 		;;
@@ -540,30 +702,28 @@ case $basic_machine in
         pc532 | pc532-*)
 		basic_machine=ns32k-pc532
 		;;
-	pentium | p5)
-		basic_machine=i586-intel
+	pentium | p5 | k5 | k6 | nexgen)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon)
+		basic_machine=i686-pc
 		;;
-	pentiumpro | p6)
-		basic_machine=i686-intel
+	pentiumii | pentium2)
+		basic_machine=i686-pc
 		;;
-	pentium-* | p5-*)
+	pentium-* | p5-* | k5-* | k6-* | nexgen-*)
 		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	pentiumpro-* | p6-*)
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
 		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
-	k5)
-		# We don't have specific support for AMD's K5 yet, so just call it a Pentium
-		basic_machine=i586-amd
-		;;
-	nexgen)
-		# We don't have specific support for Nexgen yet, so just call it a Pentium
-		basic_machine=i586-nexgen
+	pentiumii-* | pentium2-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
 		;;
 	pn)
 		basic_machine=pn-gould
 		;;
-	power)	basic_machine=rs6000-ibm
+	power)	basic_machine=power-ibm
 		;;
 	ppc)	basic_machine=powerpc-unknown
 	        ;;
@@ -578,7 +738,11 @@ case $basic_machine in
 	ps2)
 		basic_machine=i386-ibm
 		;;
-	rom68k)						# CYGNUS LOCAL
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rom68k)
 		basic_machine=m68k-rom68k
 		os=-coff
 		;;
@@ -588,11 +752,7 @@ case $basic_machine in
 	rtpc | rtpc-*)
 		basic_machine=romp-ibm
 		;;
-	s390*)
-		basic_machine=s390-ibm
-		os=-linux
-		;;
-	sa29200)					# CYGNUS LOCAL
+	sa29200)
 		basic_machine=a29k-amd
 		os=-udi
 		;;
@@ -603,24 +763,10 @@ case $basic_machine in
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
-	sparclite-wrs)					# CYGNUS LOCAL
+	sparclite-wrs)
 		basic_machine=sparclite-wrs
 		os=-vxworks
 		;;
-	sparcfrw)					# CYGNUS LOCAL
-		basic_machine=sparcfrw-sun
-		os=-sunos4
-		;;
-	sparcfrwcompat)					# CYGNUS LOCAL
-		basic_machine=sparcfrwcompat-sun
-		os=-sunos4
-		;;
-	sparclitefrw)					# CYGNUS LOCAL
-		basic_machine=sparclitefrw-fujitsu
-		;;
-	sparclitefrwcompat)				# CYGNUS LOCAL
-		basic_machine=sparclitefrwcompat-fujitsu
-		;;
 	sps7)
 		basic_machine=m68k-bull
 		os=-sysv2
@@ -628,10 +774,10 @@ case $basic_machine in
 	spur)
 		basic_machine=spur-unknown
 		;;
-	st2000)						# CYGNUS LOCAL
+	st2000)
 		basic_machine=m68k-tandem
 		;;
-	stratus)					# CYGNUS LOCAL
+	stratus)
 		basic_machine=i860-stratus
 		os=-sysv4
 		;;
@@ -675,10 +821,28 @@ case $basic_machine in
 	sun386 | sun386i | roadrunner)
 		basic_machine=i386-sun
 		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
 	symmetry)
 		basic_machine=i386-sequent
 		os=-dynix
 		;;
+	t3e)
+		basic_machine=t3e-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
 	tower | tower-32)
 		basic_machine=m68k-ncr
 		;;
@@ -690,7 +854,7 @@ case $basic_machine in
 		basic_machine=a29k-nyu
 		os=-sym1
 		;;
-	v810 | necv810)					# CYGNUS LOCAL
+	v810 | necv810)
 		basic_machine=v810-nec
 		os=-none
 		;;
@@ -702,6 +866,9 @@ case $basic_machine in
 		basic_machine=vax-dec
 		os=-vms
 		;;
+	vpp*|vx|vx-*)
+               basic_machine=f301-fujitsu
+               ;;
 	vxworks960)
 		basic_machine=i960-wrs
 		os=-vxworks
@@ -710,13 +877,21 @@ case $basic_machine in
 		basic_machine=m68k-wrs
 		os=-vxworks
 		;;
-        vxworks29k)					# CYGNUS LOCAL
-                basic_machine=a29k-wrs
-                os=-vxworks
-                ;;
-	w65*)						# CYGNUS LOCAL
- 		basic_machine=w65-wdc
- 		os=-none
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	windows32)
+		basic_machine=i386-pc
+		os=-windows32-msvcrt
 		;;
 	xmp)
 		basic_machine=xmp-cray
@@ -725,7 +900,7 @@ case $basic_machine in
         xps | xps100)
 		basic_machine=xps100-honeywell
 		;;
-	z8k-*-coff)					# CYGNUS LOCAL
+	z8k-*-coff)
 		basic_machine=z8k-unknown
 		os=-sim
 		;;
@@ -736,17 +911,21 @@ case $basic_machine in
 
 # Here we handle the default manufacturer of certain CPU types.  It is in
 # some cases the only manufacturer, in others, it is the most popular.
-	w89k)						# CYGNUS LOCAL
+	w89k)
 		basic_machine=hppa1.1-winbond
 		;;
-	op50n)						# CYGNUS LOCAL
+	op50n)
 		basic_machine=hppa1.1-oki
 		;;
-	op60c)						# CYGNUS LOCAL
+	op60c)
 		basic_machine=hppa1.1-oki
 		;;
 	mips)
-		basic_machine=mips-mips
+		if [ x$os = x-linux-gnu ]; then
+			basic_machine=mips-unknown
+		else
+			basic_machine=mips-mips
+		fi
 		;;
 	romp)
 		basic_machine=romp-ibm
@@ -757,13 +936,20 @@ case $basic_machine in
 	vax)
 		basic_machine=vax-dec
 		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
 	pdp11)
 		basic_machine=pdp11-dec
 		;;
 	we32k)
 		basic_machine=we32k-att
 		;;
-	sparc)
+	sh3 | sh4)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv9 | sparcv9b)
 		basic_machine=sparc-sun
 		;;
         cydra)
@@ -775,12 +961,19 @@ case $basic_machine in
 	orion105)
 		basic_machine=clipper-highlevel
 		;;
-	mac | mpw | mac-mpw)				# CYGNUS LOCAL
+	mac | mpw | mac-mpw)
 		basic_machine=m68k-apple
 		;;
-	pmac | pmac-mpw)				# CYGNUS LOCAL
+	pmac | pmac-mpw)
 		basic_machine=powerpc-apple
 		;;
+	c4x*)
+		basic_machine=c4x-none
+		os=-coff
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
 	*)
 		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
 		exit 1
@@ -804,6 +997,8 @@ esac
 if [ x"$os" != x"" ]
 then
 case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
 	# -solaris* is a basic system type, with this one exception.
 	-solaris1 | -solaris1.*)
 		os=`echo $os | sed -e 's|solaris1|sunos4|'`
@@ -811,42 +1006,72 @@ case $os in
 	-solaris)
 		os=-solaris2
 		;;
-	-unixware* | svr4*)
+	-svr4*)
 		os=-sysv4
 		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
 	-gnu/linux*)
-		os=`echo $os | sed -e 's|gnu/linux|linux|'`
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
 		;;
 	# First accept the basic system types.
 	# The portable systems comes first.
-	# Each alternative must end in a *, to match a version number.
+	# Each alternative MUST END IN A *, to match a version number.
 	# -sysv* is not here because it comes later, after sysvr4.
-	-gnu* | -bsd* | -mach* | -lites* | -minix* | -genix* | -ultrix* | -irix* \
-	      | -vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[3456]* \
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
 	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
-	      | -amigados* | -msdos* | -moss* | -newsos* | -unicos* | -aos* \
-	      | -nindy* | -vxworks* | -ebmon* | -hms* | -mvs* | -clix* \
-	      | -riscos* | -linux* | -uniplus* | -iris* | -rtu* | -xenix* \
-	      | -hiux* | -386bsd* | -netbsd* | -freebsd* | -openbsd* \
-	      | -riscix*  | -lites* \
-	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
-	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta | -udi \
-	      | -eabi* | -ieee* | -qnx*)
-		;;
-	# CYGNUS LOCAL
-	-go32 | -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
-	      | -windows* | -osx | -abug |  -netware* | -proelf | -os9* \
-	      | -macos* | -mpw* | -magic* | -pe* | -win32)
-		;;
-	-mac*)						# CYGNUS LOCAL
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -os2*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto*)
+		os=-nto-qnx
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
 		os=`echo $os | sed -e 's|mac|macos|'`
 		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
 	-sunos5*)
 		os=`echo $os | sed -e 's|sunos5|solaris2|'`
 		;;
 	-sunos6*)
 		os=`echo $os | sed -e 's|sunos6|solaris3|'`
 		;;
+	-opened*)
+		os=-openedition
+		;;
+	-wince*)
+		os=-wince
+		;;
 	-osfrose*)
 		os=-osfrose
 		;;
@@ -862,12 +1087,18 @@ case $os in
 	-acis*)
 		os=-aos
 		;;
-	-386bsd)					# CYGNUS LOCAL
+	-386bsd)
 		os=-bsd
 		;;
 	-ctix* | -uts*)
 		os=-sysv
 		;;
+	-ns2 )
+	        os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
 	# Preserve the version number of sinix5.
 	-sinix5.*)
 		os=`echo $os | sed -e 's|sinix|sysv|'`
@@ -893,15 +1124,18 @@ case $os in
 	# This must come after -sysvr4.
 	-sysv*)
 		;;
-	-ose*)						# CYGNUS LOCAL
+	-ose*)
 		os=-ose
 		;;
-	-es1800*)					# CYGNUS LOCAL
+	-es1800*)
 		os=-ose
 		;;
 	-xenix)
 		os=-xenix
 		;;
+        -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+	        os=-mint
+		;;
 	-none)
 		;;
 	*)
@@ -927,6 +1161,15 @@ case $basic_machine in
 	*-acorn)
 		os=-riscix1.2
 		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+	pdp10-*)
+		os=-tops20
+		;;
         pdp11-*)
 		os=-none
 		;;
@@ -945,10 +1188,13 @@ case $basic_machine in
 		# default.
 		# os=-sunos4
 		;;
-	m68*-cisco)					# CYGNUS LOCAL
+	m68*-cisco)
 		os=-aout
 		;;
-	mips*-cisco)					# CYGNUS LOCAL
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
 		os=-elf
 		;;
 	*-tti)	# must be before sparc entry or we get the wrong os.
@@ -957,16 +1203,19 @@ case $basic_machine in
 	sparc-* | *-sun)
 		os=-sunos4.1.1
 		;;
+	*-be)
+		os=-beos
+		;;
 	*-ibm)
 		os=-aix
 		;;
-	*-wec)						# CYGNUS LOCAL
+	*-wec)
 		os=-proelf
 		;;
-	*-winbond)					# CYGNUS LOCAL
+	*-winbond)
 		os=-proelf
 		;;
-	*-oki)						# CYGNUS LOCAL
+	*-oki)
 		os=-proelf
 		;;
 	*-hp)
@@ -979,7 +1228,7 @@ case $basic_machine in
 		os=-sysv
 		;;
 	*-cbm)
-		os=-amigados
+		os=-amigaos
 		;;
 	*-dg)
 		os=-dgux
@@ -993,6 +1242,9 @@ case $basic_machine in
 	m88k-omron*)
 		os=-luna
 		;;
+	*-next )
+		os=-nextstep
+		;;
 	*-sequent)
 		os=-ptx
 		;;
@@ -1026,15 +1278,21 @@ case $basic_machine in
 	*-masscomp)
 		os=-rtu
 		;;
-	*-rom68k)					# CYGNUS LOCAL
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
 		os=-coff
 		;;
-	*-*bug)						# CYGNUS LOCAL
+	*-*bug)
 		os=-coff
 		;;
-	*-apple)					# CYGNUS LOCAL
+	*-apple)
 		os=-macos
 		;;
+	*-atari*)
+		os=-mint
+		;;
 	*)
 		os=-none
 		;;
@@ -1053,18 +1311,18 @@ case $basic_machine in
 			-sunos*)
 				vendor=sun
 				;;
-			-bosx*)				# CYGNUS LOCAL
-				vendor=bull
-				;;
-			-lynxos*)
-				vendor=lynx
-				;;
 			-aix*)
 				vendor=ibm
 				;;
+			-beos*)
+				vendor=be
+				;;
 			-hpux*)
 				vendor=hp
 				;;
+			-mpeix*)
+				vendor=hp
+				;;
 			-hiux*)
 				vendor=hitachi
 				;;
@@ -1080,24 +1338,38 @@ case $basic_machine in
 			-genix*)
 				vendor=ns
 				;;
-			-mvs*)
+			-mvs* | -opened*)
 				vendor=ibm
 				;;
 			-ptx*)
 				vendor=sequent
 				;;
-			-vxworks*)
+			-vxsim* | -vxworks*)
 				vendor=wrs
 				;;
-			-hms*)				# CYGNUS LOCAL
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
 				vendor=hitachi
 				;;
-			-mpw* | -macos*)		# CYGNUS LOCAL
+			-mpw* | -macos*)
 				vendor=apple
 				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
 		esac
 		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
 		;;
 esac
 
 echo $basic_machine$os
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/source/configure b/source/configure
index 1de9bd83157..1a8274f86aa 100755
--- a/source/configure
+++ b/source/configure
@@ -15,15 +15,15 @@ ac_default_prefix=/usr/local/samba
 ac_help="$ac_help
   --with-fhs            use FHS-compliant paths [default=no]"
 ac_help="$ac_help
-  --with-privatedir=DIR     Where to put smbpasswd ($privatedir)"
+  --with-privatedir=DIR     Where to put smbpasswd ($ac_default_prefix/private)"
 ac_help="$ac_help
-  --with-lockdir=DIR     Where to put lock files ($lockdir)"
+  --with-lockdir=DIR     Where to put lock files ($ac_default_prefix/var/locks)"
 ac_help="$ac_help
-  --with-swatdir=DIR     Where to put SWAT files ($swatdir)"
+  --with-swatdir=DIR     Where to put SWAT files ($ac_default_prefix/swat)"
 ac_help="$ac_help
-  --with-configdir=DIR     Where to put configuration files ($configdir)"
+  --with-configdir=DIR     Where to put configuration files (\$libdir)"
 ac_help="$ac_help
-  --with-codepagedir=DIR     Where to put codepage files ($codepagedir)"
+  --with-codepagedir=DIR     Where to put codepage files (\$libdir/codepages)"
 ac_help="$ac_help
   --enable-debug        turn on debugging [default=no]"
 ac_help="$ac_help
@@ -64,6 +64,9 @@ ac_help="$ac_help
   --with-pam     Include PAM password database support
   --without-pam  Don't include PAM password database support (default)"
 ac_help="$ac_help
+  --with-pam_smbpass     Include the smbpass PAM module
+  --without-pam_smbpass  Don't include the smbpass PAM module (default)"
+ac_help="$ac_help
   --with-nisplus     Include NISPLUS password database support
   --without-nisplus  Don't include NISPLUS password database support (default)"
 ac_help="$ac_help
@@ -751,6 +754,7 @@ fi
 
 
 
+
 # compile with optimization and without debugging by default
 CFLAGS="-O ${CFLAGS}"
 
@@ -768,7 +772,7 @@ fi
 # Extract the first word of "gcc", so it can be a program name with args.
 set dummy gcc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:772: checking for $ac_word" >&5
+echo "configure:776: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -798,7 +802,7 @@ if test -z "$CC"; then
   # Extract the first word of "cc", so it can be a program name with args.
 set dummy cc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:802: checking for $ac_word" >&5
+echo "configure:806: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -849,7 +853,7 @@ fi
       # Extract the first word of "cl", so it can be a program name with args.
 set dummy cl; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:853: checking for $ac_word" >&5
+echo "configure:857: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -881,7 +885,7 @@ fi
 fi
 
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6
-echo "configure:885: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
+echo "configure:889: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5
 
 ac_ext=c
 # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
@@ -892,12 +896,12 @@ cross_compiling=$ac_cv_prog_cc_cross
 
 cat > conftest.$ac_ext << EOF
 
-#line 896 "configure"
+#line 900 "configure"
 #include "confdefs.h"
 
 main(){return(0);}
 EOF
-if { (eval echo configure:901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:905: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   ac_cv_prog_cc_works=yes
   # If we can't run a trivial program, we are probably using a cross compiler.
   if (./conftest; exit) 2>/dev/null; then
@@ -923,12 +927,12 @@ if test $ac_cv_prog_cc_works = no; then
   { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; }
 fi
 echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6
-echo "configure:927: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
+echo "configure:931: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5
 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6
 cross_compiling=$ac_cv_prog_cc_cross
 
 echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
-echo "configure:932: checking whether we are using GNU C" >&5
+echo "configure:936: checking whether we are using GNU C" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -937,7 +941,7 @@ else
   yes;
 #endif
 EOF
-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:941: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:945: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
   ac_cv_prog_gcc=yes
 else
   ac_cv_prog_gcc=no
@@ -956,7 +960,7 @@ ac_test_CFLAGS="${CFLAGS+set}"
 ac_save_CFLAGS="$CFLAGS"
 CFLAGS=
 echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6
-echo "configure:960: checking whether ${CC-cc} accepts -g" >&5
+echo "configure:964: checking whether ${CC-cc} accepts -g" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1018,7 +1022,7 @@ ac_configure=$ac_aux_dir/configure # This should be Cygnus configure.
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
 echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:1022: checking for a BSD compatible install" >&5
+echo "configure:1026: checking for a BSD compatible install" >&5
 if test -z "$INSTALL"; then
 if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1075,7 +1079,7 @@ do
 # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1079: checking for $ac_word" >&5
+echo "configure:1083: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1180,7 +1184,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
 fi
 
 echo $ac_n "checking host system type""... $ac_c" 1>&6
-echo "configure:1184: checking host system type" >&5
+echo "configure:1188: checking host system type" >&5
 
 host_alias=$host
 case "$host_alias" in
@@ -1201,7 +1205,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 echo "$ac_t""$host" 1>&6
 
 echo $ac_n "checking build system type""... $ac_c" 1>&6
-echo "configure:1205: checking build system type" >&5
+echo "configure:1209: checking build system type" >&5
 
 build_alias=$build
 case "$build_alias" in
@@ -1221,7 +1225,7 @@ echo "$ac_t""$build" 1>&6
 # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:1225: checking for $ac_word" >&5
+echo "configure:1229: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1260,7 +1264,7 @@ ac_prog=ld
 if test "$ac_cv_prog_gcc" = yes; then
   # Check if gcc -print-prog-name=ld gives a path.
   echo $ac_n "checking for ld used by GCC""... $ac_c" 1>&6
-echo "configure:1264: checking for ld used by GCC" >&5
+echo "configure:1268: checking for ld used by GCC" >&5
   ac_prog=`($CC -print-prog-name=ld) 2>&5`
   case "$ac_prog" in
     # Accept absolute paths.
@@ -1284,10 +1288,10 @@ echo "configure:1264: checking for ld used by GCC" >&5
   esac
 elif test "$with_gnu_ld" = yes; then
   echo $ac_n "checking for GNU ld""... $ac_c" 1>&6
-echo "configure:1288: checking for GNU ld" >&5
+echo "configure:1292: checking for GNU ld" >&5
 else
   echo $ac_n "checking for non-GNU ld""... $ac_c" 1>&6
-echo "configure:1291: checking for non-GNU ld" >&5
+echo "configure:1295: checking for non-GNU ld" >&5
 fi
 if eval "test \"`echo '$''{'ac_cv_path_LD'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -1322,7 +1326,7 @@ else
 fi
 test -z "$LD" && { echo "configure: error: no acceptable ld found in \$PATH" 1>&2; exit 1; }
 echo $ac_n "checking if the linker ($LD) is GNU ld""... $ac_c" 1>&6
-echo "configure:1326: checking if the linker ($LD) is GNU ld" >&5
+echo "configure:1330: checking if the linker ($LD) is GNU ld" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_gnu_ld'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1338,7 +1342,7 @@ echo "$ac_t""$ac_cv_prog_gnu_ld" 1>&6
 
 
 echo $ac_n "checking for BSD-compatible nm""... $ac_c" 1>&6
-echo "configure:1342: checking for BSD-compatible nm" >&5
+echo "configure:1346: checking for BSD-compatible nm" >&5
 if eval "test \"`echo '$''{'ac_cv_path_NM'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1374,7 +1378,7 @@ NM="$ac_cv_path_NM"
 echo "$ac_t""$NM" 1>&6
 
 echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6
-echo "configure:1378: checking whether ln -s works" >&5
+echo "configure:1382: checking whether ln -s works" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1423,8 +1427,8 @@ test x"$silent" = xyes && libtool_flags="$libtool_flags --silent"
 case "$lt_target" in
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 1427 "configure"' > conftest.$ac_ext
-  if { (eval echo configure:1428: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  echo '#line 1431 "configure"' > conftest.$ac_ext
+  if { (eval echo configure:1432: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
     case "`/usr/bin/file conftest.o`" in
     *32-bit*)
       LD="${LD-ld} -32"
@@ -1445,19 +1449,19 @@ case "$lt_target" in
   SAVE_CFLAGS="$CFLAGS"
   CFLAGS="$CFLAGS -belf"
   echo $ac_n "checking whether the C compiler needs -belf""... $ac_c" 1>&6
-echo "configure:1449: checking whether the C compiler needs -belf" >&5
+echo "configure:1453: checking whether the C compiler needs -belf" >&5
 if eval "test \"`echo '$''{'lt_cv_cc_needs_belf'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1454 "configure"
+#line 1458 "configure"
 #include "confdefs.h"
 
 int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:1461: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:1465: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   lt_cv_cc_needs_belf=yes
 else
@@ -1562,10 +1566,10 @@ exec 5>>./config.log
 
 if test "x$CC" != xcc; then
   echo $ac_n "checking whether $CC and cc understand -c and -o together""... $ac_c" 1>&6
-echo "configure:1566: checking whether $CC and cc understand -c and -o together" >&5
+echo "configure:1570: checking whether $CC and cc understand -c and -o together" >&5
 else
   echo $ac_n "checking whether cc understands -c and -o together""... $ac_c" 1>&6
-echo "configure:1569: checking whether cc understands -c and -o together" >&5
+echo "configure:1573: checking whether cc understands -c and -o together" >&5
 fi
 set dummy $CC; ac_cc="`echo $2 |
 		       sed -e 's/[^a-zA-Z0-9_]/_/g' -e 's/^[0-9]/_/'`"
@@ -1577,16 +1581,16 @@ else
 # We do the test twice because some compilers refuse to overwrite an
 # existing .o file with -o, though they will create one.
 ac_try='${CC-cc} -c conftest.c -o conftest.o 1>&5'
-if { (eval echo configure:1581: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } &&
-   test -f conftest.o && { (eval echo configure:1582: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; };
+if { (eval echo configure:1585: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } &&
+   test -f conftest.o && { (eval echo configure:1586: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; };
 then
   eval ac_cv_prog_cc_${ac_cc}_c_o=yes
   if test "x$CC" != xcc; then
     # Test first that cc exists at all.
-    if { ac_try='cc -c conftest.c 1>&5'; { (eval echo configure:1587: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; }; then
+    if { ac_try='cc -c conftest.c 1>&5'; { (eval echo configure:1591: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; }; then
       ac_try='cc -c conftest.c -o conftest.o 1>&5'
-      if { (eval echo configure:1589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } &&
-	 test -f conftest.o && { (eval echo configure:1590: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; };
+      if { (eval echo configure:1593: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } &&
+	 test -f conftest.o && { (eval echo configure:1594: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; };
       then
         # cc works too.
         :
@@ -1620,20 +1624,20 @@ fi
 
 
 echo $ac_n "checking that the C compiler understands volatile""... $ac_c" 1>&6
-echo "configure:1624: checking that the C compiler understands volatile" >&5
+echo "configure:1628: checking that the C compiler understands volatile" >&5
 if eval "test \"`echo '$''{'samba_cv_volatile'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 1630 "configure"
+#line 1634 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 int main() {
 volatile int i = 0
 ; return 0; }
 EOF
-if { (eval echo configure:1637: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:1641: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_volatile=yes
 else
@@ -1683,7 +1687,7 @@ else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; }
 fi
 
 echo $ac_n "checking host system type""... $ac_c" 1>&6
-echo "configure:1687: checking host system type" >&5
+echo "configure:1691: checking host system type" >&5
 
 host_alias=$host
 case "$host_alias" in
@@ -1704,7 +1708,7 @@ host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 echo "$ac_t""$host" 1>&6
 
 echo $ac_n "checking target system type""... $ac_c" 1>&6
-echo "configure:1708: checking target system type" >&5
+echo "configure:1712: checking target system type" >&5
 
 target_alias=$target
 case "$target_alias" in
@@ -1722,7 +1726,7 @@ target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
 echo "$ac_t""$target" 1>&6
 
 echo $ac_n "checking build system type""... $ac_c" 1>&6
-echo "configure:1726: checking build system type" >&5
+echo "configure:1730: checking build system type" >&5
 
 build_alias=$build
 case "$build_alias" in
@@ -1756,7 +1760,7 @@ esac
 
     
     echo $ac_n "checking config.cache system type""... $ac_c" 1>&6
-echo "configure:1760: checking config.cache system type" >&5
+echo "configure:1764: checking config.cache system type" >&5
     if { test x"${ac_cv_host_system_type+set}" = x"set" &&
          test x"$ac_cv_host_system_type" != x"$host"; } ||
        { test x"${ac_cv_build_system_type+set}" = x"set" &&
@@ -1781,7 +1785,7 @@ case "$host_os" in
 # Try to work out if this is the native HPUX compiler that uses the -Ae flag.
     *hpux*)
       echo $ac_n "checking whether ${CC-cc} accepts -Ae""... $ac_c" 1>&6
-echo "configure:1785: checking whether ${CC-cc} accepts -Ae" >&5
+echo "configure:1789: checking whether ${CC-cc} accepts -Ae" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_Ae'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -1865,14 +1869,14 @@ EOF
     *sysv4*)
       if test $host = mips-sni-sysv4 ; then
         echo $ac_n "checking for LFS support""... $ac_c" 1>&6
-echo "configure:1869: checking for LFS support" >&5
+echo "configure:1873: checking for LFS support" >&5
         old_CPPFLAGS="$CPPFLAGS"
         CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS"
         if test "$cross_compiling" = yes; then
   SINIX_LFS_SUPPORT=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 1876 "configure"
+#line 1880 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -1884,7 +1888,7 @@ exit(1);
 #endif
 }
 EOF
-if { (eval echo configure:1888: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1892: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   SINIX_LFS_SUPPORT=yes
 else
@@ -1911,14 +1915,14 @@ fi
 #
     *linux*)
         echo $ac_n "checking for LFS support""... $ac_c" 1>&6
-echo "configure:1915: checking for LFS support" >&5
+echo "configure:1919: checking for LFS support" >&5
         old_CPPFLAGS="$CPPFLAGS"
-        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
        if test "$cross_compiling" = yes; then
   LINUX_LFS_SUPPORT=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 1922 "configure"
+#line 1926 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -1956,7 +1960,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:1960: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   LINUX_LFS_SUPPORT=yes
 else
@@ -1970,21 +1974,21 @@ fi
 
         CPPFLAGS="$old_CPPFLAGS"
         if test x$LINUX_LFS_SUPPORT = xyes ; then
-          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
         fi
        echo "$ac_t""$LINUX_LFS_SUPPORT" 1>&6
 		;;
 
     *hurd*)
         echo $ac_n "checking for LFS support""... $ac_c" 1>&6
-echo "configure:1981: checking for LFS support" >&5
+echo "configure:1985: checking for LFS support" >&5
         old_CPPFLAGS="$CPPFLAGS"
         CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
         if test "$cross_compiling" = yes; then
   GLIBC_LFS_SUPPORT=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 1988 "configure"
+#line 1992 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -1996,7 +2000,7 @@ exit(1);
 #endif
 }
 EOF
-if { (eval echo configure:2000: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2004: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   GLIBC_LFS_SUPPORT=yes
 else
@@ -2018,21 +2022,21 @@ fi
 esac
 
 echo $ac_n "checking for inline""... $ac_c" 1>&6
-echo "configure:2022: checking for inline" >&5
+echo "configure:2026: checking for inline" >&5
 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat > conftest.$ac_ext <<EOF
-#line 2029 "configure"
+#line 2033 "configure"
 #include "confdefs.h"
 
 int main() {
 } $ac_kw foo() {
 ; return 0; }
 EOF
-if { (eval echo configure:2036: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2040: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_inline=$ac_kw; break
 else
@@ -2058,7 +2062,7 @@ EOF
 esac
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:2062: checking how to run the C preprocessor" >&5
+echo "configure:2066: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -2073,13 +2077,13 @@ else
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 2077 "configure"
+#line 2081 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2083: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2087: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -2090,13 +2094,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 2094 "configure"
+#line 2098 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2100: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2104: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -2107,13 +2111,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -nologo -E"
   cat > conftest.$ac_ext <<EOF
-#line 2111 "configure"
+#line 2115 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2117: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2121: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -2138,12 +2142,12 @@ fi
 echo "$ac_t""$CPP" 1>&6
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:2142: checking for ANSI C header files" >&5
+echo "configure:2146: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2147 "configure"
+#line 2151 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -2151,7 +2155,7 @@ else
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2155: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2159: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2168,7 +2172,7 @@ rm -f conftest*
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 2172 "configure"
+#line 2176 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -2186,7 +2190,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 2190 "configure"
+#line 2194 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -2207,7 +2211,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 2211 "configure"
+#line 2215 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -2218,7 +2222,7 @@ if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
 exit (0); }
 
 EOF
-if { (eval echo configure:2222: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:2226: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -2246,12 +2250,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6
-echo "configure:2250: checking for $ac_hdr that defines DIR" >&5
+echo "configure:2254: checking for $ac_hdr that defines DIR" >&5
 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2255 "configure"
+#line 2259 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <$ac_hdr>
@@ -2259,7 +2263,7 @@ int main() {
 DIR *dirp = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:2263: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2267: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_header_dirent_$ac_safe=yes"
 else
@@ -2284,7 +2288,7 @@ done
 # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
 if test $ac_header_dirent = dirent.h; then
 echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6
-echo "configure:2288: checking for opendir in -ldir" >&5
+echo "configure:2292: checking for opendir in -ldir" >&5
 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -2292,7 +2296,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldir  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2296 "configure"
+#line 2300 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -2303,7 +2307,7 @@ int main() {
 opendir()
 ; return 0; }
 EOF
-if { (eval echo configure:2307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2325,7 +2329,7 @@ fi
 
 else
 echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6
-echo "configure:2329: checking for opendir in -lx" >&5
+echo "configure:2333: checking for opendir in -lx" >&5
 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -2333,7 +2337,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lx  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2337 "configure"
+#line 2341 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -2344,7 +2348,7 @@ int main() {
 opendir()
 ; return 0; }
 EOF
-if { (eval echo configure:2348: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2352: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2367,12 +2371,12 @@ fi
 fi
 
 echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
-echo "configure:2371: checking whether time.h and sys/time.h may both be included" >&5
+echo "configure:2375: checking whether time.h and sys/time.h may both be included" >&5
 if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2376 "configure"
+#line 2380 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -2381,7 +2385,7 @@ int main() {
 struct tm *tp;
 ; return 0; }
 EOF
-if { (eval echo configure:2385: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2389: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_time=yes
 else
@@ -2402,12 +2406,12 @@ EOF
 fi
 
 echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6
-echo "configure:2406: checking for sys/wait.h that is POSIX.1 compatible" >&5
+echo "configure:2410: checking for sys/wait.h that is POSIX.1 compatible" >&5
 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2411 "configure"
+#line 2415 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -2423,7 +2427,7 @@ wait (&s);
 s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
 ; return 0; }
 EOF
-if { (eval echo configure:2427: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2431: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_sys_wait_h=yes
 else
@@ -2447,17 +2451,17 @@ for ac_hdr in arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2451: checking for $ac_hdr" >&5
+echo "configure:2455: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2456 "configure"
+#line 2460 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2461: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2465: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2487,17 +2491,17 @@ for ac_hdr in unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2491: checking for $ac_hdr" >&5
+echo "configure:2495: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2496 "configure"
+#line 2500 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2501: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2505: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2527,17 +2531,17 @@ for ac_hdr in compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2531: checking for $ac_hdr" >&5
+echo "configure:2535: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2536 "configure"
+#line 2540 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2541: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2545: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2563,21 +2567,21 @@ else
 fi
 done
 
-for ac_hdr in sys/param.h ctype.h sys/un.h sys/wait.h sys/resource.h sys/ioctl.h sys/mode.h
+for ac_hdr in sys/param.h ctype.h sys/un.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2571: checking for $ac_hdr" >&5
+echo "configure:2575: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2576 "configure"
+#line 2580 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2581: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2585: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2603,21 +2607,21 @@ else
 fi
 done
 
-for ac_hdr in sys/mman.h sys/filio.h sys/priv.h string.h strings.h stdlib.h sys/socket.h
+for ac_hdr in sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2611: checking for $ac_hdr" >&5
+echo "configure:2615: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2616 "configure"
+#line 2620 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2621: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2625: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2647,17 +2651,17 @@ for ac_hdr in sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h term
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2651: checking for $ac_hdr" >&5
+echo "configure:2655: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2656 "configure"
+#line 2660 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2665: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2687,17 +2691,17 @@ for ac_hdr in sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2691: checking for $ac_hdr" >&5
+echo "configure:2695: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2696 "configure"
+#line 2700 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2705: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2723,6 +2727,47 @@ else
 fi
 done
 
+for ac_hdr in security/pam_modules.h security/_pam_macros.h
+do
+ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+echo "configure:2735: checking for $ac_hdr" >&5
+if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 2740 "configure"
+#include "confdefs.h"
+#include <$ac_hdr>
+EOF
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2745: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+if test -z "$ac_err"; then
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=yes"
+else
+  echo "$ac_err" >&5
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_header_$ac_safe=no"
+fi
+rm -f conftest*
+fi
+if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_hdr 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+
 #
 # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
 # This causes configure to fail to detect it. Check for shadow separately on HPUX.
@@ -2730,14 +2775,14 @@ done
 case "$host_os" in
     *hpux*)
 		cat > conftest.$ac_ext <<EOF
-#line 2734 "configure"
+#line 2779 "configure"
 #include "confdefs.h"
 #include <shadow.h>
 int main() {
 struct spwd testme
 ; return 0; }
 EOF
-if { (eval echo configure:2741: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2786: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_shadow_h=yes
 else
@@ -2759,17 +2804,17 @@ for ac_hdr in shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2763: checking for $ac_hdr" >&5
+echo "configure:2808: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2768 "configure"
+#line 2813 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2773: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2818: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2795,21 +2840,21 @@ else
 fi
 done
 
-for ac_hdr in nss.h sys/security.h security/pam_appl.h
+for ac_hdr in nss.h nss_common.h sys/security.h security/pam_appl.h security/pam_modules.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2803: checking for $ac_hdr" >&5
+echo "configure:2848: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2808 "configure"
+#line 2853 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2813: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2858: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2839,17 +2884,17 @@ for ac_hdr in stropts.h poll.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2843: checking for $ac_hdr" >&5
+echo "configure:2888: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2848 "configure"
+#line 2893 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2853: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2898: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2879,17 +2924,17 @@ for ac_hdr in sys/capability.h syscall.h sys/syscall.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2883: checking for $ac_hdr" >&5
+echo "configure:2928: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2888 "configure"
+#line 2933 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2893: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2915,21 +2960,21 @@ else
 fi
 done
 
-for ac_hdr in sys/acl.h sys/cdefs.h glob.h acl/acl.h
+for ac_hdr in sys/acl.h sys/cdefs.h glob.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2923: checking for $ac_hdr" >&5
+echo "configure:2968: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2928 "configure"
+#line 2973 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2933: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:2978: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2961,17 +3006,17 @@ for ac_hdr in utmp.h utmpx.h lastlog.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:2965: checking for $ac_hdr" >&5
+echo "configure:3010: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2970 "configure"
+#line 3015 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:2975: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3020: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3003,17 +3048,17 @@ for ac_hdr in sys/fs/vx_quota.h
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:3007: checking for $ac_hdr" >&5
+echo "configure:3052: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3012 "configure"
+#line 3057 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3017: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3062: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3041,7 +3086,7 @@ done
 
 
 echo $ac_n "checking size of int""... $ac_c" 1>&6
-echo "configure:3045: checking size of int" >&5
+echo "configure:3090: checking size of int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3049,7 +3094,7 @@ else
   ac_cv_sizeof_int=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 3053 "configure"
+#line 3098 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -3060,7 +3105,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:3064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:3109: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int=`cat conftestval`
 else
@@ -3080,7 +3125,7 @@ EOF
 
 
 echo $ac_n "checking size of long""... $ac_c" 1>&6
-echo "configure:3084: checking size of long" >&5
+echo "configure:3129: checking size of long" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3088,7 +3133,7 @@ else
   ac_cv_sizeof_long=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 3092 "configure"
+#line 3137 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -3099,7 +3144,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:3103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:3148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long=`cat conftestval`
 else
@@ -3119,7 +3164,7 @@ EOF
 
 
 echo $ac_n "checking size of short""... $ac_c" 1>&6
-echo "configure:3123: checking size of short" >&5
+echo "configure:3168: checking size of short" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3127,7 +3172,7 @@ else
   ac_cv_sizeof_short=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 3131 "configure"
+#line 3176 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -3138,7 +3183,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:3142: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:3187: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_short=`cat conftestval`
 else
@@ -3159,12 +3204,12 @@ EOF
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:3163: checking for working const" >&5
+echo "configure:3208: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3168 "configure"
+#line 3213 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -3213,7 +3258,7 @@ ccp = (char const *const *) p;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3217: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3262: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -3234,21 +3279,21 @@ EOF
 fi
 
 echo $ac_n "checking for inline""... $ac_c" 1>&6
-echo "configure:3238: checking for inline" >&5
+echo "configure:3283: checking for inline" >&5
 if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat > conftest.$ac_ext <<EOF
-#line 3245 "configure"
+#line 3290 "configure"
 #include "confdefs.h"
 
 int main() {
 } $ac_kw foo() {
 ; return 0; }
 EOF
-if { (eval echo configure:3252: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3297: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_inline=$ac_kw; break
 else
@@ -3274,14 +3319,14 @@ EOF
 esac
 
 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:3278: checking whether byte ordering is bigendian" >&5
+echo "configure:3323: checking whether byte ordering is bigendian" >&5
 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 3285 "configure"
+#line 3330 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -3292,11 +3337,11 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:3296: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3341: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 3300 "configure"
+#line 3345 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -3307,7 +3352,7 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:3311: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3356: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -3327,7 +3372,7 @@ if test "$cross_compiling" = yes; then
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 3331 "configure"
+#line 3376 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -3340,7 +3385,7 @@ main () {
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-if { (eval echo configure:3344: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:3389: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_bigendian=no
 else
@@ -3364,14 +3409,14 @@ EOF
 fi
 
 echo $ac_n "checking whether char is unsigned""... $ac_c" 1>&6
-echo "configure:3368: checking whether char is unsigned" >&5
+echo "configure:3413: checking whether char is unsigned" >&5
 if eval "test \"`echo '$''{'ac_cv_c_char_unsigned'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   if test "$GCC" = yes; then
   # GCC predefines this symbol on systems where it applies.
 cat > conftest.$ac_ext <<EOF
-#line 3375 "configure"
+#line 3420 "configure"
 #include "confdefs.h"
 #ifdef __CHAR_UNSIGNED__
   yes
@@ -3393,7 +3438,7 @@ if test "$cross_compiling" = yes; then
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 3397 "configure"
+#line 3442 "configure"
 #include "confdefs.h"
 /* volatile prevents gcc2 from optimizing the test away on sparcs.  */
 #if !defined(__STDC__) || __STDC__ != 1
@@ -3403,7 +3448,7 @@ main() {
   volatile char c = 255; exit(c < 0);
 }
 EOF
-if { (eval echo configure:3407: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:3452: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_char_unsigned=yes
 else
@@ -3428,12 +3473,12 @@ fi
 
 
 echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6
-echo "configure:3432: checking return type of signal handlers" >&5
+echo "configure:3477: checking return type of signal handlers" >&5
 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3437 "configure"
+#line 3482 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -3450,7 +3495,7 @@ int main() {
 int i;
 ; return 0; }
 EOF
-if { (eval echo configure:3454: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3499: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -3469,12 +3514,12 @@ EOF
 
 
 echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6
-echo "configure:3473: checking for uid_t in sys/types.h" >&5
+echo "configure:3518: checking for uid_t in sys/types.h" >&5
 if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3478 "configure"
+#line 3523 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -3503,12 +3548,12 @@ EOF
 fi
 
 echo $ac_n "checking for mode_t""... $ac_c" 1>&6
-echo "configure:3507: checking for mode_t" >&5
+echo "configure:3552: checking for mode_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3512 "configure"
+#line 3557 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3536,12 +3581,12 @@ EOF
 fi
 
 echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:3540: checking for off_t" >&5
+echo "configure:3585: checking for off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3545 "configure"
+#line 3590 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3569,12 +3614,12 @@ EOF
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:3573: checking for size_t" >&5
+echo "configure:3618: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3578 "configure"
+#line 3623 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3602,12 +3647,12 @@ EOF
 fi
 
 echo $ac_n "checking for pid_t""... $ac_c" 1>&6
-echo "configure:3606: checking for pid_t" >&5
+echo "configure:3651: checking for pid_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3611 "configure"
+#line 3656 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3635,12 +3680,12 @@ EOF
 fi
 
 echo $ac_n "checking for st_rdev in struct stat""... $ac_c" 1>&6
-echo "configure:3639: checking for st_rdev in struct stat" >&5
+echo "configure:3684: checking for st_rdev in struct stat" >&5
 if eval "test \"`echo '$''{'ac_cv_struct_st_rdev'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3644 "configure"
+#line 3689 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -3648,7 +3693,7 @@ int main() {
 struct stat s; s.st_rdev;
 ; return 0; }
 EOF
-if { (eval echo configure:3652: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3697: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_st_rdev=yes
 else
@@ -3669,12 +3714,12 @@ EOF
 fi
 
 echo $ac_n "checking for d_off in dirent""... $ac_c" 1>&6
-echo "configure:3673: checking for d_off in dirent" >&5
+echo "configure:3718: checking for d_off in dirent" >&5
 if eval "test \"`echo '$''{'ac_cv_dirent_d_off'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3678 "configure"
+#line 3723 "configure"
 #include "confdefs.h"
 
 #include <unistd.h>
@@ -3684,7 +3729,7 @@ int main() {
 struct dirent d; d.d_off;
 ; return 0; }
 EOF
-if { (eval echo configure:3688: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3733: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_dirent_d_off=yes
 else
@@ -3705,12 +3750,12 @@ EOF
 fi
 
 echo $ac_n "checking for ino_t""... $ac_c" 1>&6
-echo "configure:3709: checking for ino_t" >&5
+echo "configure:3754: checking for ino_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_ino_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3714 "configure"
+#line 3759 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3738,12 +3783,12 @@ EOF
 fi
 
 echo $ac_n "checking for loff_t""... $ac_c" 1>&6
-echo "configure:3742: checking for loff_t" >&5
+echo "configure:3787: checking for loff_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_loff_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3747 "configure"
+#line 3792 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3771,12 +3816,12 @@ EOF
 fi
 
 echo $ac_n "checking for offset_t""... $ac_c" 1>&6
-echo "configure:3775: checking for offset_t" >&5
+echo "configure:3820: checking for offset_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_offset_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3780 "configure"
+#line 3825 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3804,12 +3849,12 @@ EOF
 fi
 
 echo $ac_n "checking for ssize_t""... $ac_c" 1>&6
-echo "configure:3808: checking for ssize_t" >&5
+echo "configure:3853: checking for ssize_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3813 "configure"
+#line 3858 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3837,12 +3882,12 @@ EOF
 fi
 
 echo $ac_n "checking for wchar_t""... $ac_c" 1>&6
-echo "configure:3841: checking for wchar_t" >&5
+echo "configure:3886: checking for wchar_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_wchar_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3846 "configure"
+#line 3891 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -3872,7 +3917,7 @@ fi
 
 # we need libcups for CUPS support...
 echo $ac_n "checking for httpConnect in -lcups""... $ac_c" 1>&6
-echo "configure:3876: checking for httpConnect in -lcups" >&5
+echo "configure:3921: checking for httpConnect in -lcups" >&5
 ac_lib_var=`echo cups'_'httpConnect | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -3880,7 +3925,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lcups  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 3884 "configure"
+#line 3929 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -3891,7 +3936,7 @@ int main() {
 httpConnect()
 ; return 0; }
 EOF
-if { (eval echo configure:3895: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3940: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -3921,7 +3966,7 @@ fi
 
 # we need libdl for PAM and the new VFS code
 echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
-echo "configure:3925: checking for dlopen in -ldl" >&5
+echo "configure:3970: checking for dlopen in -ldl" >&5
 ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -3929,7 +3974,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 3933 "configure"
+#line 3978 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -3940,7 +3985,7 @@ int main() {
 dlopen()
 ; return 0; }
 EOF
-if { (eval echo configure:3944: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -3965,14 +4010,54 @@ else
 fi
 
 
+echo $ac_n "checking for socklen_t type""... $ac_c" 1>&6
+echo "configure:4015: checking for socklen_t type" >&5
+if eval "test \"`echo '$''{'samba_cv_socklen_t'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4021 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>
+int main() {
+socklen_t i = 0
+; return 0; }
+EOF
+if { (eval echo configure:4034: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  samba_cv_socklen_t=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  samba_cv_socklen_t=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$samba_cv_socklen_t" 1>&6
+if test x"$samba_cv_socklen_t" = x"yes"; then
+   cat >> confdefs.h <<\EOF
+#define HAVE_SOCKLEN_T_TYPE 1
+EOF
+
+fi
+
 echo $ac_n "checking for sig_atomic_t type""... $ac_c" 1>&6
-echo "configure:3970: checking for sig_atomic_t type" >&5
+echo "configure:4055: checking for sig_atomic_t type" >&5
 if eval "test \"`echo '$''{'samba_cv_sig_atomic_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 3976 "configure"
+#line 4061 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -3985,7 +4070,7 @@ int main() {
 sig_atomic_t i = 0
 ; return 0; }
 EOF
-if { (eval echo configure:3989: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4074: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_sig_atomic_t=yes
 else
@@ -4005,114 +4090,257 @@ EOF
 
 fi
 
-echo $ac_n "checking for errno in errno.h""... $ac_c" 1>&6
-echo "configure:4010: checking for errno in errno.h" >&5
-if eval "test \"`echo '$''{'samba_cv_errno'+set}'`\" = set"; then
+# stupid headers have the functions but no declaration. grrrr.
+
+ echo $ac_n "checking for errno declaration""... $ac_c" 1>&6
+echo "configure:4097: checking for errno declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_errno_decl'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 4016 "configure"
+#line 4103 "configure"
 #include "confdefs.h"
 #include <errno.h>
 int main() {
-int i = errno
+int i = (int)errno
 ; return 0; }
 EOF
-if { (eval echo configure:4023: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4110: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  samba_cv_errno=yes
+  ac_cv_have_errno_decl=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  samba_cv_have_errno=no
+  ac_cv_have_errno_decl=no
 fi
 rm -f conftest*
 fi
 
-echo "$ac_t""$samba_cv_errno" 1>&6
-if test x"$samba_cv_errno" = x"yes"; then
-   cat >> confdefs.h <<\EOF
+echo "$ac_t""$ac_cv_have_errno_decl" 1>&6
+ if test x"$ac_cv_have_errno_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
 #define HAVE_ERRNO_DECL 1
 EOF
 
-fi
+ fi
+
 
-# stupid glibc has the functions but no declaration. grrrr.
-echo $ac_n "checking for setresuid declaration""... $ac_c" 1>&6
-echo "configure:4045: checking for setresuid declaration" >&5
-if eval "test \"`echo '$''{'samba_cv_have_setresuid_decl'+set}'`\" = set"; then
+ echo $ac_n "checking for setresuid declaration""... $ac_c" 1>&6
+echo "configure:4132: checking for setresuid declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_setresuid_decl'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 4051 "configure"
+#line 4138 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 int main() {
 int i = (int)setresuid
 ; return 0; }
 EOF
-if { (eval echo configure:4058: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4145: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  samba_cv_have_setresuid_decl=yes
+  ac_cv_have_setresuid_decl=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  samba_cv_have_setresuid_decl=no
+  ac_cv_have_setresuid_decl=no
 fi
 rm -f conftest*
 fi
 
-echo "$ac_t""$samba_cv_have_setresuid_decl" 1>&6
-if test x"$samba_cv_have_setresuid_decl" = x"yes"; then
+echo "$ac_t""$ac_cv_have_setresuid_decl" 1>&6
+ if test x"$ac_cv_have_setresuid_decl" = x"yes"; then
     cat >> confdefs.h <<\EOF
 #define HAVE_SETRESUID_DECL 1
 EOF
 
-fi
+ fi
 
-# stupid glibc has the functions but no declaration. grrrr.
-echo $ac_n "checking for setresgid declaration""... $ac_c" 1>&6
-echo "configure:4080: checking for setresgid declaration" >&5
-if eval "test \"`echo '$''{'samba_cv_have_setresgid_decl'+set}'`\" = set"; then
+
+ echo $ac_n "checking for setresgid declaration""... $ac_c" 1>&6
+echo "configure:4167: checking for setresgid declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_setresgid_decl'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 4086 "configure"
+#line 4173 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 int main() {
 int i = (int)setresgid
 ; return 0; }
 EOF
-if { (eval echo configure:4093: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4180: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
-  samba_cv_have_setresgid_decl=yes
+  ac_cv_have_setresgid_decl=yes
 else
   echo "configure: failed program was:" >&5
   cat conftest.$ac_ext >&5
   rm -rf conftest*
-  samba_cv_have_setresgid_decl=no
+  ac_cv_have_setresgid_decl=no
 fi
 rm -f conftest*
 fi
 
-echo "$ac_t""$samba_cv_have_setresgid_decl" 1>&6
-if test x"$samba_cv_have_setresgid_decl" = x"yes"; then
+echo "$ac_t""$ac_cv_have_setresgid_decl" 1>&6
+ if test x"$ac_cv_have_setresgid_decl" = x"yes"; then
     cat >> confdefs.h <<\EOF
 #define HAVE_SETRESGID_DECL 1
 EOF
 
+ fi
+
+
+ echo $ac_n "checking for asprintf declaration""... $ac_c" 1>&6
+echo "configure:4202: checking for asprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_asprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4208 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)asprintf
+; return 0; }
+EOF
+if { (eval echo configure:4215: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_asprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_asprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_asprintf_decl" 1>&6
+ if test x"$ac_cv_have_asprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_ASPRINTF_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for vasprintf declaration""... $ac_c" 1>&6
+echo "configure:4237: checking for vasprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_vasprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4243 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)vasprintf
+; return 0; }
+EOF
+if { (eval echo configure:4250: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_vasprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_vasprintf_decl=no
+fi
+rm -f conftest*
 fi
 
+echo "$ac_t""$ac_cv_have_vasprintf_decl" 1>&6
+ if test x"$ac_cv_have_vasprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_VASPRINTF_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for vsnprintf declaration""... $ac_c" 1>&6
+echo "configure:4272: checking for vsnprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_vsnprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4278 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)vsnprintf
+; return 0; }
+EOF
+if { (eval echo configure:4285: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_vsnprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_vsnprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_vsnprintf_decl" 1>&6
+ if test x"$ac_cv_have_vsnprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_VSNPRINTF_DECL 1
+EOF
+
+ fi
+
+
+ echo $ac_n "checking for snprintf declaration""... $ac_c" 1>&6
+echo "configure:4307: checking for snprintf declaration" >&5
+if eval "test \"`echo '$''{'ac_cv_have_snprintf_decl'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+    cat > conftest.$ac_ext <<EOF
+#line 4313 "configure"
+#include "confdefs.h"
+#include <stdio.h>
+int main() {
+int i = (int)snprintf
+; return 0; }
+EOF
+if { (eval echo configure:4320: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+  rm -rf conftest*
+  ac_cv_have_snprintf_decl=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  ac_cv_have_snprintf_decl=no
+fi
+rm -f conftest*
+fi
+
+echo "$ac_t""$ac_cv_have_snprintf_decl" 1>&6
+ if test x"$ac_cv_have_snprintf_decl" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_SNPRINTF_DECL 1
+EOF
+
+ fi
+
+
 # and glibc has setresuid under linux but the function does
 # nothing until kernel 2.1.44! very dumb.
 echo $ac_n "checking for real setresuid""... $ac_c" 1>&6
-echo "configure:4116: checking for real setresuid" >&5
+echo "configure:4344: checking for real setresuid" >&5
 if eval "test \"`echo '$''{'samba_cv_have_setresuid'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4121,12 +4349,12 @@ else
   samba_cv_have_setresuid=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 4125 "configure"
+#line 4353 "configure"
 #include "confdefs.h"
 #include <errno.h>
 main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);}
 EOF
-if { (eval echo configure:4130: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_have_setresuid=yes
 else
@@ -4151,7 +4379,7 @@ fi
 # Do the same check for setresguid...
 #
 echo $ac_n "checking for real setresgid""... $ac_c" 1>&6
-echo "configure:4155: checking for real setresgid" >&5
+echo "configure:4383: checking for real setresgid" >&5
 if eval "test \"`echo '$''{'samba_cv_have_setresgid'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4160,13 +4388,13 @@ else
   samba_cv_have_setresgid=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 4164 "configure"
+#line 4392 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 #include <errno.h>
 main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);}
 EOF
-if { (eval echo configure:4170: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4398: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_have_setresgid=yes
 else
@@ -4189,7 +4417,7 @@ EOF
 fi
 
 echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6
-echo "configure:4193: checking for 8-bit clean memcmp" >&5
+echo "configure:4421: checking for 8-bit clean memcmp" >&5
 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4197,7 +4425,7 @@ else
   ac_cv_func_memcmp_clean=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 4201 "configure"
+#line 4429 "configure"
 #include "confdefs.h"
 
 main()
@@ -4207,7 +4435,7 @@ main()
 }
 
 EOF
-if { (eval echo configure:4211: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4439: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_memcmp_clean=yes
 else
@@ -4226,116 +4454,12 @@ test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}"
 
 
 ###############################################
-# test for where we get crypt() from
-for ac_func in crypt
-do
-echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:4234: checking for $ac_func" >&5
-if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  cat > conftest.$ac_ext <<EOF
-#line 4239 "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char $ac_func(); below.  */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-char $ac_func();
-
-int main() {
-
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-$ac_func();
-#endif
-
-; return 0; }
-EOF
-if { (eval echo configure:4262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  eval "ac_cv_func_$ac_func=yes"
-else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_func_$ac_func=no"
-fi
-rm -f conftest*
-fi
-
-if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
-  cat >> confdefs.h <<EOF
-#define $ac_tr_func 1
-EOF
- 
-else
-  echo "$ac_t""no" 1>&6
-fi
-done
-
-if test x"$ac_cv_func_crypt" = x"no"; then
-    echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-echo "configure:4288: checking for crypt in -lcrypt" >&5
-ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
-if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  ac_save_LIBS="$LIBS"
-LIBS="-lcrypt  $LIBS"
-cat > conftest.$ac_ext <<EOF
-#line 4296 "configure"
-#include "confdefs.h"
-/* Override any gcc2 internal prototype to avoid an error.  */
-/* We use char because int might match the return type of a gcc2
-    builtin and then its argument prototype would still apply.  */
-char crypt();
-
-int main() {
-crypt()
-; return 0; }
-EOF
-if { (eval echo configure:4307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-  rm -rf conftest*
-  eval "ac_cv_lib_$ac_lib_var=yes"
-else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  eval "ac_cv_lib_$ac_lib_var=no"
-fi
-rm -f conftest*
-LIBS="$ac_save_LIBS"
-
-fi
-if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
-  echo "$ac_t""yes" 1>&6
-  LIBS="$LIBS -lcrypt";
-	cat >> confdefs.h <<\EOF
-#define HAVE_CRYPT 1
-EOF
-
-else
-  echo "$ac_t""no" 1>&6
-fi
-
-fi
-
-###############################################
 # Readline included by default unless explicitly asked not to
 test "${with_readline+set}" != "set" && with_readline=yes
 
 # test for where we get readline() from
 echo $ac_n "checking whether to use readline""... $ac_c" 1>&6
-echo "configure:4339: checking whether to use readline" >&5
+echo "configure:4463: checking whether to use readline" >&5
 # Check whether --with-readline or --without-readline was given.
 if test "${with_readline+set}" = set; then
   withval="$with_readline"
@@ -4347,17 +4471,17 @@ if test "${with_readline+set}" = set; then
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:4351: checking for $ac_hdr" >&5
+echo "configure:4475: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4356 "configure"
+#line 4480 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4361: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4485: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4387,17 +4511,17 @@ done
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:4391: checking for $ac_hdr" >&5
+echo "configure:4515: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4396 "configure"
+#line 4520 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4401: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4525: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4428,17 +4552,17 @@ done
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:4432: checking for $ac_hdr" >&5
+echo "configure:4556: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4437 "configure"
+#line 4561 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4442: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4566: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4461,7 +4585,7 @@ EOF
  
       for termlib in ncurses curses termcap terminfo termlib; do
        echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6
-echo "configure:4465: checking for tgetent in -l${termlib}" >&5
+echo "configure:4589: checking for tgetent in -l${termlib}" >&5
 ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4469,7 +4593,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-l${termlib}  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4473 "configure"
+#line 4597 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4480,7 +4604,7 @@ int main() {
 tgetent()
 ; return 0; }
 EOF
-if { (eval echo configure:4484: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4608: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4502,7 +4626,7 @@ fi
 
       done
       echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6
-echo "configure:4506: checking for rl_callback_handler_install in -lreadline" >&5
+echo "configure:4630: checking for rl_callback_handler_install in -lreadline" >&5
 ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4510,7 +4634,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lreadline $TERMLIBS $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4514 "configure"
+#line 4638 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4521,7 +4645,7 @@ int main() {
 rl_callback_handler_install()
 ; return 0; }
 EOF
-if { (eval echo configure:4525: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4649: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4572,17 +4696,17 @@ done
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:4576: checking for $ac_hdr" >&5
+echo "configure:4700: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4581 "configure"
+#line 4705 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4586: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4710: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4612,17 +4736,17 @@ done
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:4616: checking for $ac_hdr" >&5
+echo "configure:4740: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4621 "configure"
+#line 4745 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4626: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4750: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4653,17 +4777,17 @@ done
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:4657: checking for $ac_hdr" >&5
+echo "configure:4781: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4662 "configure"
+#line 4786 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4667: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4791: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -4686,7 +4810,7 @@ EOF
  
       for termlib in ncurses curses termcap terminfo termlib; do
        echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6
-echo "configure:4690: checking for tgetent in -l${termlib}" >&5
+echo "configure:4814: checking for tgetent in -l${termlib}" >&5
 ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4694,7 +4818,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-l${termlib}  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4698 "configure"
+#line 4822 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4705,7 +4829,7 @@ int main() {
 tgetent()
 ; return 0; }
 EOF
-if { (eval echo configure:4709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4833: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4727,7 +4851,7 @@ fi
 
       done
       echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6
-echo "configure:4731: checking for rl_callback_handler_install in -lreadline" >&5
+echo "configure:4855: checking for rl_callback_handler_install in -lreadline" >&5
 ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4735,7 +4859,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lreadline $TERMLIBS $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4739 "configure"
+#line 4863 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4746,7 +4870,7 @@ int main() {
 rl_callback_handler_install()
 ; return 0; }
 EOF
-if { (eval echo configure:4750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4874: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4801,12 +4925,12 @@ fi
 for ac_func in connect
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:4805: checking for $ac_func" >&5
+echo "configure:4929: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 4810 "configure"
+#line 4934 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -4829,7 +4953,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:4833: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:4957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -4857,7 +4981,7 @@ if test x"$ac_cv_func_connect" = x"no"; then
     case "$LIBS" in
     *-lnsl*) ;;
     *) echo $ac_n "checking for printf in -lnsl_s""... $ac_c" 1>&6
-echo "configure:4861: checking for printf in -lnsl_s" >&5
+echo "configure:4985: checking for printf in -lnsl_s" >&5
 ac_lib_var=`echo nsl_s'_'printf | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4865,7 +4989,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl_s  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4869 "configure"
+#line 4993 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4876,7 +5000,7 @@ int main() {
 printf()
 ; return 0; }
 EOF
-if { (eval echo configure:4880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5004: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4907,7 +5031,7 @@ fi
     case "$LIBS" in
     *-lnsl*) ;;
     *) echo $ac_n "checking for printf in -lnsl""... $ac_c" 1>&6
-echo "configure:4911: checking for printf in -lnsl" >&5
+echo "configure:5035: checking for printf in -lnsl" >&5
 ac_lib_var=`echo nsl'_'printf | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4915,7 +5039,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4919 "configure"
+#line 5043 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4926,7 +5050,7 @@ int main() {
 printf()
 ; return 0; }
 EOF
-if { (eval echo configure:4930: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -4957,7 +5081,7 @@ fi
     case "$LIBS" in
     *-lsocket*) ;;
     *) echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
-echo "configure:4961: checking for connect in -lsocket" >&5
+echo "configure:5085: checking for connect in -lsocket" >&5
 ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -4965,7 +5089,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsocket  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 4969 "configure"
+#line 5093 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -4976,7 +5100,7 @@ int main() {
 connect()
 ; return 0; }
 EOF
-if { (eval echo configure:4980: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5104: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -5007,7 +5131,7 @@ fi
     case "$LIBS" in
     *-linet*) ;;
     *) echo $ac_n "checking for connect in -linet""... $ac_c" 1>&6
-echo "configure:5011: checking for connect in -linet" >&5
+echo "configure:5135: checking for connect in -linet" >&5
 ac_lib_var=`echo inet'_'connect | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -5015,7 +5139,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-linet  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 5019 "configure"
+#line 5143 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -5026,7 +5150,7 @@ int main() {
 connect()
 ; return 0; }
 EOF
-if { (eval echo configure:5030: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5154: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -5070,12 +5194,12 @@ fi
 for ac_func in yp_get_default_domain
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5074: checking for $ac_func" >&5
+echo "configure:5198: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5079 "configure"
+#line 5203 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5098,7 +5222,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5226: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5124,7 +5248,7 @@ done
 
 if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then
 	echo $ac_n "checking for yp_get_default_domain in -lnsl""... $ac_c" 1>&6
-echo "configure:5128: checking for yp_get_default_domain in -lnsl" >&5
+echo "configure:5252: checking for yp_get_default_domain in -lnsl" >&5
 ac_lib_var=`echo nsl'_'yp_get_default_domain | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -5132,7 +5256,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 5136 "configure"
+#line 5260 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -5143,7 +5267,7 @@ int main() {
 yp_get_default_domain()
 ; return 0; }
 EOF
-if { (eval echo configure:5147: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5271: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -5173,12 +5297,12 @@ fi
 for ac_func in execl
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5177: checking for $ac_func" >&5
+echo "configure:5301: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5182 "configure"
+#line 5306 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5201,7 +5325,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5329: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5234,12 +5358,12 @@ fi
 for ac_func in waitpid getcwd strdup strtoul strerror chown fchown chmod fchmod chroot
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5238: checking for $ac_func" >&5
+echo "configure:5362: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5243 "configure"
+#line 5367 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5262,7 +5386,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5266: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5390: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5289,12 +5413,12 @@ done
 for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5293: checking for $ac_func" >&5
+echo "configure:5417: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5298 "configure"
+#line 5422 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5317,7 +5441,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5321: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5341,15 +5465,15 @@ else
 fi
 done
 
-for ac_func in memmove vsnprintf snprintf setsid glob strpbrk pipe crypt16 getauthuid
+for ac_func in memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5348: checking for $ac_func" >&5
+echo "configure:5472: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5353 "configure"
+#line 5477 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5372,7 +5496,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5376: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5500: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5399,12 +5523,12 @@ done
 for ac_func in strftime sigprocmask sigblock sigaction innetgr setnetgrent getnetgrent endnetgrent
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5403: checking for $ac_func" >&5
+echo "configure:5527: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5408 "configure"
+#line 5532 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5427,7 +5551,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5431: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5555: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5454,12 +5578,12 @@ done
 for ac_func in initgroups select poll rdchk getgrnam getgrent pathconf
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5458: checking for $ac_func" >&5
+echo "configure:5582: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5463 "configure"
+#line 5587 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5482,7 +5606,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5486: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5610: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5509,12 +5633,12 @@ done
 for ac_func in setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5513: checking for $ac_func" >&5
+echo "configure:5637: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5518 "configure"
+#line 5642 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5537,7 +5661,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5665: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5564,12 +5688,12 @@ done
 for ac_func in lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5568: checking for $ac_func" >&5
+echo "configure:5692: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5573 "configure"
+#line 5697 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5592,7 +5716,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5596: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5619,12 +5743,12 @@ done
 for ac_func in fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5623: checking for $ac_func" >&5
+echo "configure:5747: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5628 "configure"
+#line 5752 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5647,7 +5771,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5651: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5775: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5671,15 +5795,15 @@ else
 fi
 done
 
-for ac_func in srandom random srand rand setenv usleep strcasecmp fcvt fcvtl
+for ac_func in srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5678: checking for $ac_func" >&5
+echo "configure:5802: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5683 "configure"
+#line 5807 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5702,7 +5826,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5706: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5830: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5731,12 +5855,12 @@ done
 for ac_func in syscall
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5735: checking for $ac_func" >&5
+echo "configure:5859: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5740 "configure"
+#line 5864 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5759,7 +5883,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5763: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5887: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5787,12 +5911,12 @@ done
 for ac_func in _dup _dup2 _opendir _readdir _seekdir _telldir _closedir
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5791: checking for $ac_func" >&5
+echo "configure:5915: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5796 "configure"
+#line 5920 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5815,7 +5939,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5819: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5842,12 +5966,12 @@ done
 for ac_func in __dup __dup2 __opendir __readdir __seekdir __telldir __closedir
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5846: checking for $ac_func" >&5
+echo "configure:5970: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5851 "configure"
+#line 5975 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5870,7 +5994,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5874: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:5998: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5897,12 +6021,12 @@ done
 for ac_func in __getcwd _getcwd
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5901: checking for $ac_func" >&5
+echo "configure:6025: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5906 "configure"
+#line 6030 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5925,7 +6049,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6053: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -5952,12 +6076,12 @@ done
 for ac_func in __xstat __fxstat __lxstat
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5956: checking for $ac_func" >&5
+echo "configure:6080: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5961 "configure"
+#line 6085 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -5980,7 +6104,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:5984: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6007,12 +6131,12 @@ done
 for ac_func in _stat _lstat _fstat __stat __lstat __fstat
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6011: checking for $ac_func" >&5
+echo "configure:6135: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6016 "configure"
+#line 6140 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6035,7 +6159,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6039: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6062,12 +6186,12 @@ done
 for ac_func in _acl __acl _facl __facl _open __open _chdir __chdir
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6066: checking for $ac_func" >&5
+echo "configure:6190: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6071 "configure"
+#line 6195 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6090,7 +6214,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6094: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6218: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6117,12 +6241,12 @@ done
 for ac_func in _close __close _fchdir __fchdir _fcntl __fcntl
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6121: checking for $ac_func" >&5
+echo "configure:6245: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6126 "configure"
+#line 6250 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6145,7 +6269,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6149: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6273: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6172,12 +6296,12 @@ done
 for ac_func in getdents _getdents __getdents _lseek __lseek _read __read
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6176: checking for $ac_func" >&5
+echo "configure:6300: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6181 "configure"
+#line 6305 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6200,7 +6324,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6328: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6227,12 +6351,12 @@ done
 for ac_func in _write __write _fork __fork
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6231: checking for $ac_func" >&5
+echo "configure:6355: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6236 "configure"
+#line 6360 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6255,7 +6379,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6259: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6383: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6282,12 +6406,12 @@ done
 for ac_func in _stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6286: checking for $ac_func" >&5
+echo "configure:6410: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6291 "configure"
+#line 6415 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6310,7 +6434,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6314: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6438: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6337,12 +6461,12 @@ done
 for ac_func in __sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6341: checking for $ac_func" >&5
+echo "configure:6465: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6346 "configure"
+#line 6470 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6365,7 +6489,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6369: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6493: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6392,12 +6516,12 @@ done
 for ac_func in pread _pread __pread pread64 _pread64 __pread64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6396: checking for $ac_func" >&5
+echo "configure:6520: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6401 "configure"
+#line 6525 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6420,7 +6544,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6424: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6447,12 +6571,12 @@ done
 for ac_func in pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6451: checking for $ac_func" >&5
+echo "configure:6575: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6456 "configure"
+#line 6580 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6475,7 +6599,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6479: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6603: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6502,12 +6626,12 @@ done
 for ac_func in open64 _open64 __open64 creat64
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6506: checking for $ac_func" >&5
+echo "configure:6630: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6511 "configure"
+#line 6635 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6530,7 +6654,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6534: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6658: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6561,9 +6685,9 @@ done
 
 if test x$ac_cv_func_stat64 = xno ; then
   echo $ac_n "checking for stat64 in <sys/stat.h>""... $ac_c" 1>&6
-echo "configure:6565: checking for stat64 in <sys/stat.h>" >&5
+echo "configure:6689: checking for stat64 in <sys/stat.h>" >&5
   cat > conftest.$ac_ext <<EOF
-#line 6567 "configure"
+#line 6691 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -6575,7 +6699,7 @@ int main() {
 struct stat64 st64; exit(stat64(".",&st64));
 ; return 0; }
 EOF
-if { (eval echo configure:6579: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6703: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_func_stat64=yes
 else
@@ -6594,9 +6718,9 @@ fi
 
 if test x$ac_cv_func_lstat64 = xno ; then
   echo $ac_n "checking for lstat64 in <sys/stat.h>""... $ac_c" 1>&6
-echo "configure:6598: checking for lstat64 in <sys/stat.h>" >&5
+echo "configure:6722: checking for lstat64 in <sys/stat.h>" >&5
   cat > conftest.$ac_ext <<EOF
-#line 6600 "configure"
+#line 6724 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -6608,7 +6732,7 @@ int main() {
 struct stat64 st64; exit(lstat64(".",&st64));
 ; return 0; }
 EOF
-if { (eval echo configure:6612: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6736: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_func_lstat64=yes
 else
@@ -6627,9 +6751,9 @@ fi
 
 if test x$ac_cv_func_fstat64 = xno ; then
   echo $ac_n "checking for fstat64 in <sys/stat.h>""... $ac_c" 1>&6
-echo "configure:6631: checking for fstat64 in <sys/stat.h>" >&5
+echo "configure:6755: checking for fstat64 in <sys/stat.h>" >&5
   cat > conftest.$ac_ext <<EOF
-#line 6633 "configure"
+#line 6757 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -6641,7 +6765,7 @@ int main() {
 struct stat64 st64; exit(fstat64(0,&st64));
 ; return 0; }
 EOF
-if { (eval echo configure:6645: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6769: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_func_fstat64=yes
 else
@@ -6666,7 +6790,7 @@ fi
 
 if test x$ac_cv_func_strcasecmp = xno ; then
 	echo $ac_n "checking for strcasecmp in -lresolv""... $ac_c" 1>&6
-echo "configure:6670: checking for strcasecmp in -lresolv" >&5
+echo "configure:6794: checking for strcasecmp in -lresolv" >&5
 ac_lib_var=`echo resolv'_'strcasecmp | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6674,7 +6798,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lresolv  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6678 "configure"
+#line 6802 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -6685,7 +6809,7 @@ int main() {
 strcasecmp()
 ; return 0; }
 EOF
-if { (eval echo configure:6689: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6813: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6721,12 +6845,12 @@ case "$LIBS" in
   *-lsecurity*) for ac_func in putprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6725: checking for $ac_func" >&5
+echo "configure:6849: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6730 "configure"
+#line 6854 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6749,7 +6873,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6753: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6877: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6774,7 +6898,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for putprpwnam in -lsecurity""... $ac_c" 1>&6
-echo "configure:6778: checking for putprpwnam in -lsecurity" >&5
+echo "configure:6902: checking for putprpwnam in -lsecurity" >&5
 ac_lib_var=`echo security'_'putprpwnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6782,7 +6906,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsecurity  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6786 "configure"
+#line 6910 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -6793,7 +6917,7 @@ int main() {
 putprpwnam()
 ; return 0; }
 EOF
-if { (eval echo configure:6797: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6921: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6823,12 +6947,12 @@ fi
      for ac_func in putprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6827: checking for $ac_func" >&5
+echo "configure:6951: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6832 "configure"
+#line 6956 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6851,7 +6975,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6855: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6979: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6882,12 +7006,12 @@ case "$LIBS" in
   *-lsec*) for ac_func in putprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6886: checking for $ac_func" >&5
+echo "configure:7010: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6891 "configure"
+#line 7015 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6910,7 +7034,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6914: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7038: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6935,7 +7059,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for putprpwnam in -lsec""... $ac_c" 1>&6
-echo "configure:6939: checking for putprpwnam in -lsec" >&5
+echo "configure:7063: checking for putprpwnam in -lsec" >&5
 ac_lib_var=`echo sec'_'putprpwnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6943,7 +7067,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsec  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6947 "configure"
+#line 7071 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -6954,7 +7078,7 @@ int main() {
 putprpwnam()
 ; return 0; }
 EOF
-if { (eval echo configure:6958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7082: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6984,12 +7108,12 @@ fi
      for ac_func in putprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6988: checking for $ac_func" >&5
+echo "configure:7112: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6993 "configure"
+#line 7117 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7012,7 +7136,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7140: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7044,12 +7168,12 @@ case "$LIBS" in
   *-lsecurity*) for ac_func in set_auth_parameters
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7048: checking for $ac_func" >&5
+echo "configure:7172: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7053 "configure"
+#line 7177 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7072,7 +7196,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7200: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7097,7 +7221,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6
-echo "configure:7101: checking for set_auth_parameters in -lsecurity" >&5
+echo "configure:7225: checking for set_auth_parameters in -lsecurity" >&5
 ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7105,7 +7229,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsecurity  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7109 "configure"
+#line 7233 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7116,7 +7240,7 @@ int main() {
 set_auth_parameters()
 ; return 0; }
 EOF
-if { (eval echo configure:7120: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7244: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7146,12 +7270,12 @@ fi
      for ac_func in set_auth_parameters
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7150: checking for $ac_func" >&5
+echo "configure:7274: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7155 "configure"
+#line 7279 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7174,7 +7298,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7178: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7205,12 +7329,12 @@ case "$LIBS" in
   *-lsec*) for ac_func in set_auth_parameters
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7209: checking for $ac_func" >&5
+echo "configure:7333: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7214 "configure"
+#line 7338 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7233,7 +7357,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7237: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7361: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7258,7 +7382,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for set_auth_parameters in -lsec""... $ac_c" 1>&6
-echo "configure:7262: checking for set_auth_parameters in -lsec" >&5
+echo "configure:7386: checking for set_auth_parameters in -lsec" >&5
 ac_lib_var=`echo sec'_'set_auth_parameters | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7266,7 +7390,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsec  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7270 "configure"
+#line 7394 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7277,7 +7401,7 @@ int main() {
 set_auth_parameters()
 ; return 0; }
 EOF
-if { (eval echo configure:7281: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7405: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7307,12 +7431,12 @@ fi
      for ac_func in set_auth_parameters
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7311: checking for $ac_func" >&5
+echo "configure:7435: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7316 "configure"
+#line 7440 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7335,7 +7459,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7339: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7463: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7368,12 +7492,12 @@ case "$LIBS" in
   *-lgen*) for ac_func in getspnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7372: checking for $ac_func" >&5
+echo "configure:7496: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7377 "configure"
+#line 7501 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7396,7 +7520,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7524: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7421,7 +7545,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6
-echo "configure:7425: checking for getspnam in -lgen" >&5
+echo "configure:7549: checking for getspnam in -lgen" >&5
 ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7429,7 +7553,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lgen  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7433 "configure"
+#line 7557 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7440,7 +7564,7 @@ int main() {
 getspnam()
 ; return 0; }
 EOF
-if { (eval echo configure:7444: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7568: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7470,12 +7594,12 @@ fi
      for ac_func in getspnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7474: checking for $ac_func" >&5
+echo "configure:7598: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7479 "configure"
+#line 7603 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7498,7 +7622,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7502: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7626: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7530,12 +7654,12 @@ case "$LIBS" in
   *-lsecurity*) for ac_func in getspnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7534: checking for $ac_func" >&5
+echo "configure:7658: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7539 "configure"
+#line 7663 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7558,7 +7682,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7583,7 +7707,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for getspnam in -lsecurity""... $ac_c" 1>&6
-echo "configure:7587: checking for getspnam in -lsecurity" >&5
+echo "configure:7711: checking for getspnam in -lsecurity" >&5
 ac_lib_var=`echo security'_'getspnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7591,7 +7715,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsecurity  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7595 "configure"
+#line 7719 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7602,7 +7726,7 @@ int main() {
 getspnam()
 ; return 0; }
 EOF
-if { (eval echo configure:7606: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7730: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7632,12 +7756,12 @@ fi
      for ac_func in getspnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7636: checking for $ac_func" >&5
+echo "configure:7760: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7641 "configure"
+#line 7765 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7660,7 +7784,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7664: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7788: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7691,12 +7815,12 @@ case "$LIBS" in
   *-lsec*) for ac_func in getspnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7695: checking for $ac_func" >&5
+echo "configure:7819: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7700 "configure"
+#line 7824 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7719,7 +7843,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7723: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7847: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7744,7 +7868,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6
-echo "configure:7748: checking for getspnam in -lsec" >&5
+echo "configure:7872: checking for getspnam in -lsec" >&5
 ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7752,7 +7876,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsec  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7756 "configure"
+#line 7880 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7763,7 +7887,7 @@ int main() {
 getspnam()
 ; return 0; }
 EOF
-if { (eval echo configure:7767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7891: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7793,12 +7917,12 @@ fi
      for ac_func in getspnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7797: checking for $ac_func" >&5
+echo "configure:7921: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7802 "configure"
+#line 7926 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7821,7 +7945,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7825: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7949: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7853,12 +7977,12 @@ case "$LIBS" in
   *-lsecurity*) for ac_func in bigcrypt
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7857: checking for $ac_func" >&5
+echo "configure:7981: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7862 "configure"
+#line 7986 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7881,7 +8005,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7906,7 +8030,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for bigcrypt in -lsecurity""... $ac_c" 1>&6
-echo "configure:7910: checking for bigcrypt in -lsecurity" >&5
+echo "configure:8034: checking for bigcrypt in -lsecurity" >&5
 ac_lib_var=`echo security'_'bigcrypt | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7914,7 +8038,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsecurity  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7918 "configure"
+#line 8042 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7925,7 +8049,7 @@ int main() {
 bigcrypt()
 ; return 0; }
 EOF
-if { (eval echo configure:7929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8053: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7955,12 +8079,12 @@ fi
      for ac_func in bigcrypt
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7959: checking for $ac_func" >&5
+echo "configure:8083: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7964 "configure"
+#line 8088 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7983,7 +8107,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8014,12 +8138,12 @@ case "$LIBS" in
   *-lsec*) for ac_func in bigcrypt
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8018: checking for $ac_func" >&5
+echo "configure:8142: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8023 "configure"
+#line 8147 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8042,7 +8166,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8046: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8170: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8067,7 +8191,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for bigcrypt in -lsec""... $ac_c" 1>&6
-echo "configure:8071: checking for bigcrypt in -lsec" >&5
+echo "configure:8195: checking for bigcrypt in -lsec" >&5
 ac_lib_var=`echo sec'_'bigcrypt | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -8075,7 +8199,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsec  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 8079 "configure"
+#line 8203 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -8086,7 +8210,7 @@ int main() {
 bigcrypt()
 ; return 0; }
 EOF
-if { (eval echo configure:8090: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8214: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -8116,12 +8240,12 @@ fi
      for ac_func in bigcrypt
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8120: checking for $ac_func" >&5
+echo "configure:8244: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8125 "configure"
+#line 8249 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8144,7 +8268,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8272: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8176,12 +8300,12 @@ case "$LIBS" in
   *-lsecurity*) for ac_func in getprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8180: checking for $ac_func" >&5
+echo "configure:8304: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8185 "configure"
+#line 8309 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8204,7 +8328,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8332: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8229,7 +8353,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6
-echo "configure:8233: checking for getprpwnam in -lsecurity" >&5
+echo "configure:8357: checking for getprpwnam in -lsecurity" >&5
 ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -8237,7 +8361,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsecurity  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 8241 "configure"
+#line 8365 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -8248,7 +8372,7 @@ int main() {
 getprpwnam()
 ; return 0; }
 EOF
-if { (eval echo configure:8252: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8376: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -8278,12 +8402,12 @@ fi
      for ac_func in getprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8282: checking for $ac_func" >&5
+echo "configure:8406: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8287 "configure"
+#line 8411 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8306,7 +8430,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8310: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8434: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8337,12 +8461,12 @@ case "$LIBS" in
   *-lsec*) for ac_func in getprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8341: checking for $ac_func" >&5
+echo "configure:8465: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8346 "configure"
+#line 8470 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8365,7 +8489,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8369: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8493: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8390,7 +8514,7 @@ fi
 done
  ;;
   *) echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6
-echo "configure:8394: checking for getprpwnam in -lsec" >&5
+echo "configure:8518: checking for getprpwnam in -lsec" >&5
 ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -8398,7 +8522,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsec  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 8402 "configure"
+#line 8526 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -8409,7 +8533,7 @@ int main() {
 getprpwnam()
 ; return 0; }
 EOF
-if { (eval echo configure:8413: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8537: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -8439,12 +8563,12 @@ fi
      for ac_func in getprpwnam
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:8443: checking for $ac_func" >&5
+echo "configure:8567: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8448 "configure"
+#line 8572 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -8467,7 +8591,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:8471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8595: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -8572,7 +8696,7 @@ EOF
 		*dgux*) # Extract the first word of "groff", so it can be a program name with args.
 set dummy groff; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:8576: checking for $ac_word" >&5
+echo "configure:8700: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_ROFF'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8627,7 +8751,7 @@ esac
 
 # try to work out how to produce pic code with this compiler
 echo $ac_n "checking whether ${CC-cc} accepts -fpic""... $ac_c" 1>&6
-echo "configure:8631: checking whether ${CC-cc} accepts -fpic" >&5
+echo "configure:8755: checking whether ${CC-cc} accepts -fpic" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_fpic'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8647,7 +8771,7 @@ if test $ac_cv_prog_cc_fpic = yes; then
 fi
 if test x$PICFLAG = x; then
   echo $ac_n "checking whether ${CC-cc} accepts -KPIC""... $ac_c" 1>&6
-echo "configure:8651: checking whether ${CC-cc} accepts -KPIC" >&5
+echo "configure:8775: checking whether ${CC-cc} accepts -KPIC" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_KPIC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8668,7 +8792,7 @@ echo "$ac_t""$ac_cv_prog_cc_KPIC" 1>&6
 fi
 if test x$PICFLAG = x; then
   echo $ac_n "checking whether ${CC-cc} accepts -Kpic""... $ac_c" 1>&6
-echo "configure:8672: checking whether ${CC-cc} accepts -Kpic" >&5
+echo "configure:8796: checking whether ${CC-cc} accepts -Kpic" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_cc_Kpic'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8691,7 +8815,7 @@ fi
 ################
 
 echo $ac_n "checking for long long""... $ac_c" 1>&6
-echo "configure:8695: checking for long long" >&5
+echo "configure:8819: checking for long long" >&5
 if eval "test \"`echo '$''{'samba_cv_have_longlong'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8700,12 +8824,12 @@ if test "$cross_compiling" = yes; then
   samba_cv_have_longlong=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 8704 "configure"
+#line 8828 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); }
 EOF
-if { (eval echo configure:8709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8833: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_have_longlong=yes
 else
@@ -8732,20 +8856,20 @@ fi
 # AIX needs this.
 
 echo $ac_n "checking for LL suffix on long long integers""... $ac_c" 1>&6
-echo "configure:8736: checking for LL suffix on long long integers" >&5
+echo "configure:8860: checking for LL suffix on long long integers" >&5
 if eval "test \"`echo '$''{'samba_cv_compiler_supports_ll'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 8742 "configure"
+#line 8866 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main() {
 long long i = 0x8000000000LL
 ; return 0; }
 EOF
-if { (eval echo configure:8749: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8873: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_compiler_supports_ll=yes
 else
@@ -8767,7 +8891,7 @@ fi
 
   
 echo $ac_n "checking for 64 bit off_t""... $ac_c" 1>&6
-echo "configure:8771: checking for 64 bit off_t" >&5
+echo "configure:8895: checking for 64 bit off_t" >&5
 if eval "test \"`echo '$''{'samba_cv_SIZEOF_OFF_T'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8776,13 +8900,13 @@ if test "$cross_compiling" = yes; then
   samba_cv_SIZEOF_OFF_T=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 8780 "configure"
+#line 8904 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 #include <sys/stat.h>
 main() { exit((sizeof(off_t) == 8) ? 0 : 1); }
 EOF
-if { (eval echo configure:8786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8910: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_SIZEOF_OFF_T=yes
 else
@@ -8805,7 +8929,7 @@ EOF
 fi
 
 echo $ac_n "checking for off64_t""... $ac_c" 1>&6
-echo "configure:8809: checking for off64_t" >&5
+echo "configure:8933: checking for off64_t" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_OFF64_T'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8814,7 +8938,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_OFF64_T=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 8818 "configure"
+#line 8942 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -8824,7 +8948,7 @@ else
 #include <sys/stat.h>
 main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }
 EOF
-if { (eval echo configure:8828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8952: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_OFF64_T=yes
 else
@@ -8847,7 +8971,7 @@ EOF
 fi
 
 echo $ac_n "checking for 64 bit ino_t""... $ac_c" 1>&6
-echo "configure:8851: checking for 64 bit ino_t" >&5
+echo "configure:8975: checking for 64 bit ino_t" >&5
 if eval "test \"`echo '$''{'samba_cv_SIZEOF_INO_T'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8856,13 +8980,13 @@ if test "$cross_compiling" = yes; then
   samba_cv_SIZEOF_INO_T=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 8860 "configure"
+#line 8984 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 #include <sys/stat.h>
 main() { exit((sizeof(ino_t) == 8) ? 0 : 1); }
 EOF
-if { (eval echo configure:8866: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8990: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_SIZEOF_INO_T=yes
 else
@@ -8885,7 +9009,7 @@ EOF
 fi
 
 echo $ac_n "checking for ino64_t""... $ac_c" 1>&6
-echo "configure:8889: checking for ino64_t" >&5
+echo "configure:9013: checking for ino64_t" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_INO64_T'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8894,7 +9018,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_INO64_T=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 8898 "configure"
+#line 9022 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -8904,7 +9028,7 @@ else
 #include <sys/stat.h>
 main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }
 EOF
-if { (eval echo configure:8908: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:9032: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_INO64_T=yes
 else
@@ -8927,13 +9051,13 @@ EOF
 fi
 
 echo $ac_n "checking for struct dirent64""... $ac_c" 1>&6
-echo "configure:8931: checking for struct dirent64" >&5
+echo "configure:9055: checking for struct dirent64" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_DIRENT64'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 8937 "configure"
+#line 9061 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -8945,7 +9069,7 @@ int main() {
 struct dirent64 de;
 ; return 0; }
 EOF
-if { (eval echo configure:8949: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9073: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_STRUCT_DIRENT64=yes
 else
@@ -8966,7 +9090,7 @@ EOF
 fi
 
 echo $ac_n "checking for unsigned char""... $ac_c" 1>&6
-echo "configure:8970: checking for unsigned char" >&5
+echo "configure:9094: checking for unsigned char" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UNSIGNED_CHAR'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -8975,12 +9099,12 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_UNSIGNED_CHAR=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 8979 "configure"
+#line 9103 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main() { char c; c=250; exit((c > 0)?0:1); }
 EOF
-if { (eval echo configure:8984: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:9108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_UNSIGNED_CHAR=yes
 else
@@ -9003,13 +9127,13 @@ EOF
 fi
 
 echo $ac_n "checking for sin_len in sock""... $ac_c" 1>&6
-echo "configure:9007: checking for sin_len in sock" >&5
+echo "configure:9131: checking for sin_len in sock" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_SOCK_SIN_LEN'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9013 "configure"
+#line 9137 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -9018,7 +9142,7 @@ int main() {
 struct sockaddr_in sock; sock.sin_len = sizeof(sock);
 ; return 0; }
 EOF
-if { (eval echo configure:9022: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9146: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_SOCK_SIN_LEN=yes
 else
@@ -9039,13 +9163,13 @@ EOF
 fi
 
 echo $ac_n "checking whether seekdir returns void""... $ac_c" 1>&6
-echo "configure:9043: checking whether seekdir returns void" >&5
+echo "configure:9167: checking whether seekdir returns void" >&5
 if eval "test \"`echo '$''{'samba_cv_SEEKDIR_RETURNS_VOID'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9049 "configure"
+#line 9173 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <dirent.h>
@@ -9054,7 +9178,7 @@ int main() {
 return 0;
 ; return 0; }
 EOF
-if { (eval echo configure:9058: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9182: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_SEEKDIR_RETURNS_VOID=yes
 else
@@ -9075,20 +9199,20 @@ EOF
 fi
 
 echo $ac_n "checking for __FILE__ macro""... $ac_c" 1>&6
-echo "configure:9079: checking for __FILE__ macro" >&5
+echo "configure:9203: checking for __FILE__ macro" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_FILE_MACRO'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9085 "configure"
+#line 9209 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main() {
 printf("%s\n", __FILE__);
 ; return 0; }
 EOF
-if { (eval echo configure:9092: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9216: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_FILE_MACRO=yes
 else
@@ -9109,20 +9233,20 @@ EOF
 fi
 
 echo $ac_n "checking for __FUNCTION__ macro""... $ac_c" 1>&6
-echo "configure:9113: checking for __FUNCTION__ macro" >&5
+echo "configure:9237: checking for __FUNCTION__ macro" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_FUNCTION_MACRO'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9119 "configure"
+#line 9243 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main() {
 printf("%s\n", __FUNCTION__);
 ; return 0; }
 EOF
-if { (eval echo configure:9126: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9250: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_FUNCTION_MACRO=yes
 else
@@ -9143,7 +9267,7 @@ EOF
 fi
 
 echo $ac_n "checking if gettimeofday takes tz argument""... $ac_c" 1>&6
-echo "configure:9147: checking if gettimeofday takes tz argument" >&5
+echo "configure:9271: checking if gettimeofday takes tz argument" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_GETTIMEOFDAY_TZ'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -9152,14 +9276,14 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_GETTIMEOFDAY_TZ=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 9156 "configure"
+#line 9280 "configure"
 #include "confdefs.h"
 
 #include <sys/time.h>
 #include <unistd.h>
 main() { struct timeval tv; exit(gettimeofday(&tv, NULL));}
 EOF
-if { (eval echo configure:9163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:9287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_GETTIMEOFDAY_TZ=yes
 else
@@ -9181,9 +9305,62 @@ EOF
 
 fi
 
+echo $ac_n "checking for C99 vsnprintf""... $ac_c" 1>&6
+echo "configure:9310: checking for C99 vsnprintf" >&5
+if eval "test \"`echo '$''{'samba_cv_HAVE_C99_VSNPRINTF'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  
+if test "$cross_compiling" = yes; then
+  samba_cv_HAVE_C99_VSNPRINTF=cross
+else
+  cat > conftest.$ac_ext <<EOF
+#line 9319 "configure"
+#include "confdefs.h"
+
+#include <sys/types.h>
+#include <stdarg.h>
+void foo(const char *format, ...) { 
+       va_list ap;
+       int len;
+       char buf[5];
+
+       va_start(ap, format);
+       len = vsnprintf(0, 0, format, ap);
+       va_end(ap);
+       if (len != 5) exit(1);
+
+       if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
+
+       exit(0);
+}
+main() { foo("hello"); }
+
+EOF
+if { (eval echo configure:9341: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+then
+  samba_cv_HAVE_C99_VSNPRINTF=yes
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -fr conftest*
+  samba_cv_HAVE_C99_VSNPRINTF=no
+fi
+rm -fr conftest*
+fi
+
+fi
+
+echo "$ac_t""$samba_cv_HAVE_C99_VSNPRINTF" 1>&6
+if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
+    cat >> confdefs.h <<\EOF
+#define HAVE_C99_VSNPRINTF 1
+EOF
+
+fi
 
 echo $ac_n "checking for broken readdir""... $ac_c" 1>&6
-echo "configure:9187: checking for broken readdir" >&5
+echo "configure:9364: checking for broken readdir" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_READDIR'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -9192,7 +9369,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_BROKEN_READDIR=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 9196 "configure"
+#line 9373 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <dirent.h>
@@ -9200,7 +9377,7 @@ main() { struct dirent *di; DIR *d = opendir("."); di = readdir(d);
 if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 &&
 di->d_name[0] == 0) exit(0); exit(1);} 
 EOF
-if { (eval echo configure:9204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:9381: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_BROKEN_READDIR=yes
 else
@@ -9223,13 +9400,13 @@ EOF
 fi
 
 echo $ac_n "checking for utimbuf""... $ac_c" 1>&6
-echo "configure:9227: checking for utimbuf" >&5
+echo "configure:9404: checking for utimbuf" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UTIMBUF'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9233 "configure"
+#line 9410 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utime.h>
@@ -9237,7 +9414,7 @@ int main() {
 struct utimbuf tbuf;  tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf));
 ; return 0; }
 EOF
-if { (eval echo configure:9241: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9418: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UTIMBUF=yes
 else
@@ -9261,12 +9438,12 @@ fi
 for ac_func in pututline pututxline updwtmp updwtmpx getutmpx
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:9265: checking for $ac_func" >&5
+echo "configure:9442: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 9270 "configure"
+#line 9447 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -9289,7 +9466,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:9293: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:9470: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -9315,13 +9492,13 @@ done
 
 
 echo $ac_n "checking for ut_name in utmp""... $ac_c" 1>&6
-echo "configure:9319: checking for ut_name in utmp" >&5
+echo "configure:9496: checking for ut_name in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_NAME'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9325 "configure"
+#line 9502 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9329,7 +9506,7 @@ int main() {
 struct utmp ut;  ut.ut_name[0] = 'a';
 ; return 0; }
 EOF
-if { (eval echo configure:9333: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9510: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_NAME=yes
 else
@@ -9350,13 +9527,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_user in utmp""... $ac_c" 1>&6
-echo "configure:9354: checking for ut_user in utmp" >&5
+echo "configure:9531: checking for ut_user in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_USER'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9360 "configure"
+#line 9537 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9364,7 +9541,7 @@ int main() {
 struct utmp ut;  ut.ut_user[0] = 'a';
 ; return 0; }
 EOF
-if { (eval echo configure:9368: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9545: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_USER=yes
 else
@@ -9385,13 +9562,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_id in utmp""... $ac_c" 1>&6
-echo "configure:9389: checking for ut_id in utmp" >&5
+echo "configure:9566: checking for ut_id in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ID'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9395 "configure"
+#line 9572 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9399,7 +9576,7 @@ int main() {
 struct utmp ut;  ut.ut_id[0] = 'a';
 ; return 0; }
 EOF
-if { (eval echo configure:9403: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9580: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_ID=yes
 else
@@ -9420,13 +9597,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_host in utmp""... $ac_c" 1>&6
-echo "configure:9424: checking for ut_host in utmp" >&5
+echo "configure:9601: checking for ut_host in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_HOST'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9430 "configure"
+#line 9607 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9434,7 +9611,7 @@ int main() {
 struct utmp ut;  ut.ut_host[0] = 'a';
 ; return 0; }
 EOF
-if { (eval echo configure:9438: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9615: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_HOST=yes
 else
@@ -9455,13 +9632,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_time in utmp""... $ac_c" 1>&6
-echo "configure:9459: checking for ut_time in utmp" >&5
+echo "configure:9636: checking for ut_time in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TIME'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9465 "configure"
+#line 9642 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9469,7 +9646,7 @@ int main() {
 struct utmp ut;  time_t t; ut.ut_time = t;
 ; return 0; }
 EOF
-if { (eval echo configure:9473: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9650: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_TIME=yes
 else
@@ -9490,13 +9667,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_tv in utmp""... $ac_c" 1>&6
-echo "configure:9494: checking for ut_tv in utmp" >&5
+echo "configure:9671: checking for ut_tv in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TV'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9500 "configure"
+#line 9677 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9504,7 +9681,7 @@ int main() {
 struct utmp ut;  struct timeval tv; ut.ut_tv = tv;
 ; return 0; }
 EOF
-if { (eval echo configure:9508: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9685: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_TV=yes
 else
@@ -9525,13 +9702,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_type in utmp""... $ac_c" 1>&6
-echo "configure:9529: checking for ut_type in utmp" >&5
+echo "configure:9706: checking for ut_type in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TYPE'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9535 "configure"
+#line 9712 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9539,7 +9716,7 @@ int main() {
 struct utmp ut;  ut.ut_type = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:9543: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9720: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_TYPE=yes
 else
@@ -9560,13 +9737,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_pid in utmp""... $ac_c" 1>&6
-echo "configure:9564: checking for ut_pid in utmp" >&5
+echo "configure:9741: checking for ut_pid in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_PID'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9570 "configure"
+#line 9747 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9574,7 +9751,7 @@ int main() {
 struct utmp ut;  ut.ut_pid = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:9578: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9755: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_PID=yes
 else
@@ -9595,13 +9772,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_exit in utmp""... $ac_c" 1>&6
-echo "configure:9599: checking for ut_exit in utmp" >&5
+echo "configure:9776: checking for ut_exit in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_EXIT'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9605 "configure"
+#line 9782 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9609,7 +9786,7 @@ int main() {
 struct utmp ut;  ut.ut_exit.e_exit = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:9613: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9790: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_EXIT=yes
 else
@@ -9630,13 +9807,13 @@ EOF
 fi 
 
 echo $ac_n "checking for ut_addr in utmp""... $ac_c" 1>&6
-echo "configure:9634: checking for ut_addr in utmp" >&5
+echo "configure:9811: checking for ut_addr in utmp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ADDR'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9640 "configure"
+#line 9817 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9644,7 +9821,7 @@ int main() {
 struct utmp ut;  ut.ut_addr = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:9648: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9825: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UT_UT_ADDR=yes
 else
@@ -9666,13 +9843,13 @@ fi
 
 if test x$ac_cv_func_pututline = xyes ; then
   echo $ac_n "checking whether pututline returns pointer""... $ac_c" 1>&6
-echo "configure:9670: checking whether pututline returns pointer" >&5
+echo "configure:9847: checking whether pututline returns pointer" >&5
 if eval "test \"`echo '$''{'samba_cv_PUTUTLINE_RETURNS_UTMP'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 9676 "configure"
+#line 9853 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmp.h>
@@ -9680,7 +9857,7 @@ int main() {
 struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);
 ; return 0; }
 EOF
-if { (eval echo configure:9684: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9861: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_PUTUTLINE_RETURNS_UTMP=yes
 else
@@ -9702,13 +9879,13 @@ EOF
 fi
 
 echo $ac_n "checking for ut_syslen in utmpx""... $ac_c" 1>&6
-echo "configure:9706: checking for ut_syslen in utmpx" >&5
+echo "configure:9883: checking for ut_syslen in utmpx" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UX_UT_SYSLEN'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9712 "configure"
+#line 9889 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <utmpx.h>
@@ -9716,7 +9893,7 @@ int main() {
 struct utmpx ux;  ux.ut_syslen = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:9720: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:9897: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UX_UT_SYSLEN=yes
 else
@@ -9737,7 +9914,7 @@ EOF
 fi 
 
 echo $ac_n "checking for Linux kernel oplocks""... $ac_c" 1>&6
-echo "configure:9741: checking for Linux kernel oplocks" >&5
+echo "configure:9918: checking for Linux kernel oplocks" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_LINUX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -9746,7 +9923,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 9750 "configure"
+#line 9927 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -9760,7 +9937,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:9764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:9941: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes
 else
@@ -9783,7 +9960,7 @@ EOF
 fi
 
 echo $ac_n "checking for kernel change notify support""... $ac_c" 1>&6
-echo "configure:9787: checking for kernel change notify support" >&5
+echo "configure:9964: checking for kernel change notify support" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_CHANGE_NOTIFY'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -9792,7 +9969,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 9796 "configure"
+#line 9973 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -9806,7 +9983,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:9810: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:9987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes
 else
@@ -9829,7 +10006,7 @@ EOF
 fi
 
 echo $ac_n "checking for kernel share modes""... $ac_c" 1>&6
-echo "configure:9833: checking for kernel share modes" >&5
+echo "configure:10010: checking for kernel share modes" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_SHARE_MODES'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -9838,7 +10015,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_KERNEL_SHARE_MODES=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 9842 "configure"
+#line 10019 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -9854,7 +10031,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:9858: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10035: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_KERNEL_SHARE_MODES=yes
 else
@@ -9880,13 +10057,13 @@ fi
 
 
 echo $ac_n "checking for IRIX kernel oplock type definitions""... $ac_c" 1>&6
-echo "configure:9884: checking for IRIX kernel oplock type definitions" >&5
+echo "configure:10061: checking for IRIX kernel oplock type definitions" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_IRIX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9890 "configure"
+#line 10067 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <fcntl.h>
@@ -9894,7 +10071,7 @@ int main() {
 oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1;
 ; return 0; }
 EOF
-if { (eval echo configure:9898: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10075: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes
 else
@@ -9915,7 +10092,7 @@ EOF
 fi
 
 echo $ac_n "checking for irix specific capabilities""... $ac_c" 1>&6
-echo "configure:9919: checking for irix specific capabilities" >&5
+echo "configure:10096: checking for irix specific capabilities" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -9924,7 +10101,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 9928 "configure"
+#line 10105 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/capability.h>
@@ -9939,7 +10116,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:9943: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10120: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes
 else
@@ -9967,13 +10144,13 @@ fi
 #
 
 echo $ac_n "checking for int16 typedef included by rpc/rpc.h""... $ac_c" 1>&6
-echo "configure:9971: checking for int16 typedef included by rpc/rpc.h" >&5
+echo "configure:10148: checking for int16 typedef included by rpc/rpc.h" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_INT16_FROM_RPC_RPC_H'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 9977 "configure"
+#line 10154 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if defined(HAVE_RPC_RPC_H)
@@ -9983,7 +10160,7 @@ int main() {
 int16 testvar;
 ; return 0; }
 EOF
-if { (eval echo configure:9987: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10164: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes
 else
@@ -10004,13 +10181,13 @@ EOF
 fi
 
 echo $ac_n "checking for uint16 typedef included by rpc/rpc.h""... $ac_c" 1>&6
-echo "configure:10008: checking for uint16 typedef included by rpc/rpc.h" >&5
+echo "configure:10185: checking for uint16 typedef included by rpc/rpc.h" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UINT16_FROM_RPC_RPC_H'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10014 "configure"
+#line 10191 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if defined(HAVE_RPC_RPC_H)
@@ -10020,7 +10197,7 @@ int main() {
 uint16 testvar;
 ; return 0; }
 EOF
-if { (eval echo configure:10024: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10201: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes
 else
@@ -10041,13 +10218,13 @@ EOF
 fi
 
 echo $ac_n "checking for int32 typedef included by rpc/rpc.h""... $ac_c" 1>&6
-echo "configure:10045: checking for int32 typedef included by rpc/rpc.h" >&5
+echo "configure:10222: checking for int32 typedef included by rpc/rpc.h" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_INT32_FROM_RPC_RPC_H'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10051 "configure"
+#line 10228 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if defined(HAVE_RPC_RPC_H)
@@ -10057,7 +10234,7 @@ int main() {
 int32 testvar;
 ; return 0; }
 EOF
-if { (eval echo configure:10061: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10238: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes
 else
@@ -10078,13 +10255,13 @@ EOF
 fi
 
 echo $ac_n "checking for uint32 typedef included by rpc/rpc.h""... $ac_c" 1>&6
-echo "configure:10082: checking for uint32 typedef included by rpc/rpc.h" >&5
+echo "configure:10259: checking for uint32 typedef included by rpc/rpc.h" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_UINT32_FROM_RPC_RPC_H'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10088 "configure"
+#line 10265 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if defined(HAVE_RPC_RPC_H)
@@ -10094,7 +10271,7 @@ int main() {
 uint32 testvar;
 ; return 0; }
 EOF
-if { (eval echo configure:10098: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10275: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes
 else
@@ -10116,13 +10293,13 @@ fi
 
 
 echo $ac_n "checking for conflicting AUTH_ERROR define in rpc/rpc.h""... $ac_c" 1>&6
-echo "configure:10120: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5
+echo "configure:10297: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 10126 "configure"
+#line 10303 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #ifdef HAVE_SYS_SECURITY_H
@@ -10136,7 +10313,7 @@ int main() {
 int testvar;
 ; return 0; }
 EOF
-if { (eval echo configure:10140: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10317: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no
 else
@@ -10157,16 +10334,16 @@ EOF
 fi
 
 echo $ac_n "checking for test routines""... $ac_c" 1>&6
-echo "configure:10161: checking for test routines" >&5
+echo "configure:10338: checking for test routines" >&5
 if test "$cross_compiling" = yes; then
   echo "configure: warning: cannot run when cross-compiling" 1>&2
 else
   cat > conftest.$ac_ext <<EOF
-#line 10166 "configure"
+#line 10343 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/trivial.c"
 EOF
-if { (eval echo configure:10170: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10347: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   echo "$ac_t""yes" 1>&6
 else
@@ -10180,7 +10357,7 @@ fi
 
 
 echo $ac_n "checking for ftruncate extend""... $ac_c" 1>&6
-echo "configure:10184: checking for ftruncate extend" >&5
+echo "configure:10361: checking for ftruncate extend" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_FTRUNCATE_EXTEND'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10189,11 +10366,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_FTRUNCATE_EXTEND=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10193 "configure"
+#line 10370 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/ftruncate.c"
 EOF
-if { (eval echo configure:10197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_FTRUNCATE_EXTEND=yes
 else
@@ -10216,7 +10393,7 @@ EOF
 fi
 
 echo $ac_n "checking for broken getgroups""... $ac_c" 1>&6
-echo "configure:10220: checking for broken getgroups" >&5
+echo "configure:10397: checking for broken getgroups" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_GETGROUPS'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10225,11 +10402,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_BROKEN_GETGROUPS=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10229 "configure"
+#line 10406 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/getgroups.c"
 EOF
-if { (eval echo configure:10233: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_BROKEN_GETGROUPS=yes
 else
@@ -10252,15 +10429,15 @@ EOF
 fi
 
 echo $ac_n "checking whether getpass should be replaced""... $ac_c" 1>&6
-echo "configure:10256: checking whether getpass should be replaced" >&5
+echo "configure:10433: checking whether getpass should be replaced" >&5
 if eval "test \"`echo '$''{'samba_cv_REPLACE_GETPASS'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 SAVE_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper"
+CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper"
 cat > conftest.$ac_ext <<EOF
-#line 10264 "configure"
+#line 10441 "configure"
 #include "confdefs.h"
 
 #define REPLACE_GETPASS 1
@@ -10273,7 +10450,7 @@ int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:10277: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:10454: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_REPLACE_GETPASS=yes
 else
@@ -10296,7 +10473,7 @@ EOF
 fi
 
 echo $ac_n "checking for broken inet_ntoa""... $ac_c" 1>&6
-echo "configure:10300: checking for broken inet_ntoa" >&5
+echo "configure:10477: checking for broken inet_ntoa" >&5
 if eval "test \"`echo '$''{'samba_cv_REPLACE_INET_NTOA'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10305,7 +10482,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_REPLACE_INET_NTOA=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10309 "configure"
+#line 10486 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -10319,7 +10496,7 @@ if (strcmp(inet_ntoa(ip),"18.52.86.120") &&
     strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } 
 exit(1);}
 EOF
-if { (eval echo configure:10323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10500: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_REPLACE_INET_NTOA=yes
 else
@@ -10342,7 +10519,7 @@ EOF
 fi
 
 echo $ac_n "checking for secure mkstemp""... $ac_c" 1>&6
-echo "configure:10346: checking for secure mkstemp" >&5
+echo "configure:10523: checking for secure mkstemp" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_SECURE_MKSTEMP'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10351,7 +10528,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_SECURE_MKSTEMP=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10355 "configure"
+#line 10532 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <sys/types.h>
@@ -10368,7 +10545,7 @@ main() {
   exit(0);
 }
 EOF
-if { (eval echo configure:10372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10549: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_SECURE_MKSTEMP=yes
 else
@@ -10391,7 +10568,7 @@ EOF
 fi
 
 echo $ac_n "checking for sysconf(_SC_NGROUPS_MAX)""... $ac_c" 1>&6
-echo "configure:10395: checking for sysconf(_SC_NGROUPS_MAX)" >&5
+echo "configure:10572: checking for sysconf(_SC_NGROUPS_MAX)" >&5
 if eval "test \"`echo '$''{'samba_cv_SYSCONF_SC_NGROUPS_MAX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10400,12 +10577,12 @@ if test "$cross_compiling" = yes; then
   samba_cv_SYSCONF_SC_NGROUPS_MAX=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10404 "configure"
+#line 10581 "configure"
 #include "confdefs.h"
 #include <unistd.h>
 main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); }
 EOF
-if { (eval echo configure:10409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10586: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_SYSCONF_SC_NGROUPS_MAX=yes
 else
@@ -10428,7 +10605,7 @@ EOF
 fi
 
 echo $ac_n "checking for root""... $ac_c" 1>&6
-echo "configure:10432: checking for root" >&5
+echo "configure:10609: checking for root" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_ROOT'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10437,11 +10614,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_ROOT=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10441 "configure"
+#line 10618 "configure"
 #include "confdefs.h"
 main() { exit(getuid() != 0); }
 EOF
-if { (eval echo configure:10445: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_ROOT=yes
 else
@@ -10469,7 +10646,7 @@ fi
 # look for a method of finding the list of network interfaces
 iface=no;
 echo $ac_n "checking for iface AIX""... $ac_c" 1>&6
-echo "configure:10473: checking for iface AIX" >&5
+echo "configure:10650: checking for iface AIX" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_AIX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10478,7 +10655,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_IFACE_AIX=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10482 "configure"
+#line 10659 "configure"
 #include "confdefs.h"
 
 #define HAVE_IFACE_AIX 1
@@ -10486,7 +10663,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/interfaces.c"
 EOF
-if { (eval echo configure:10490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10667: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_IFACE_AIX=yes
 else
@@ -10510,7 +10687,7 @@ fi
 
 if test $iface = no; then
 echo $ac_n "checking for iface ifconf""... $ac_c" 1>&6
-echo "configure:10514: checking for iface ifconf" >&5
+echo "configure:10691: checking for iface ifconf" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFCONF'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10519,7 +10696,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_IFACE_IFCONF=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10523 "configure"
+#line 10700 "configure"
 #include "confdefs.h"
 
 #define HAVE_IFACE_IFCONF 1
@@ -10527,7 +10704,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/interfaces.c"
 EOF
-if { (eval echo configure:10531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_IFACE_IFCONF=yes
 else
@@ -10552,7 +10729,7 @@ fi
 
 if test $iface = no; then
 echo $ac_n "checking for iface ifreq""... $ac_c" 1>&6
-echo "configure:10556: checking for iface ifreq" >&5
+echo "configure:10733: checking for iface ifreq" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFREQ'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10561,7 +10738,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_IFACE_IFREQ=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10565 "configure"
+#line 10742 "configure"
 #include "confdefs.h"
 
 #define HAVE_IFACE_IFREQ 1
@@ -10569,7 +10746,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/interfaces.c"
 EOF
-if { (eval echo configure:10573: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_IFACE_IFREQ=yes
 else
@@ -10598,7 +10775,7 @@ fi
 seteuid=no;
 if test $seteuid = no; then
 echo $ac_n "checking for setresuid""... $ac_c" 1>&6
-echo "configure:10602: checking for setresuid" >&5
+echo "configure:10779: checking for setresuid" >&5
 if eval "test \"`echo '$''{'samba_cv_USE_SETRESUID'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10607,7 +10784,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_USE_SETRESUID=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10611 "configure"
+#line 10788 "configure"
 #include "confdefs.h"
 
 #define AUTOCONF_TEST 1
@@ -10615,7 +10792,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/util_sec.c"
 EOF
-if { (eval echo configure:10619: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10796: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_USE_SETRESUID=yes
 else
@@ -10641,7 +10818,7 @@ fi
 
 if test $seteuid = no; then
 echo $ac_n "checking for setreuid""... $ac_c" 1>&6
-echo "configure:10645: checking for setreuid" >&5
+echo "configure:10822: checking for setreuid" >&5
 if eval "test \"`echo '$''{'samba_cv_USE_SETREUID'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10650,7 +10827,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_USE_SETREUID=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10654 "configure"
+#line 10831 "configure"
 #include "confdefs.h"
 
 #define AUTOCONF_TEST 1
@@ -10658,7 +10835,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/util_sec.c"
 EOF
-if { (eval echo configure:10662: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10839: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_USE_SETREUID=yes
 else
@@ -10683,7 +10860,7 @@ fi
 
 if test $seteuid = no; then
 echo $ac_n "checking for seteuid""... $ac_c" 1>&6
-echo "configure:10687: checking for seteuid" >&5
+echo "configure:10864: checking for seteuid" >&5
 if eval "test \"`echo '$''{'samba_cv_USE_SETEUID'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10692,7 +10869,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_USE_SETEUID=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10696 "configure"
+#line 10873 "configure"
 #include "confdefs.h"
 
 #define AUTOCONF_TEST 1
@@ -10700,7 +10877,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/util_sec.c"
 EOF
-if { (eval echo configure:10704: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10881: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_USE_SETEUID=yes
 else
@@ -10725,7 +10902,7 @@ fi
 
 if test $seteuid = no; then
 echo $ac_n "checking for setuidx""... $ac_c" 1>&6
-echo "configure:10729: checking for setuidx" >&5
+echo "configure:10906: checking for setuidx" >&5
 if eval "test \"`echo '$''{'samba_cv_USE_SETUIDX'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10734,7 +10911,7 @@ if test "$cross_compiling" = yes; then
   samba_cv_USE_SETUIDX=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10738 "configure"
+#line 10915 "configure"
 #include "confdefs.h"
 
 #define AUTOCONF_TEST 1
@@ -10742,7 +10919,7 @@ else
 #include "confdefs.h"
 #include "${srcdir-.}/lib/util_sec.c"
 EOF
-if { (eval echo configure:10746: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10923: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_USE_SETUIDX=yes
 else
@@ -10767,7 +10944,7 @@ fi
 
 
 echo $ac_n "checking for working mmap""... $ac_c" 1>&6
-echo "configure:10771: checking for working mmap" >&5
+echo "configure:10948: checking for working mmap" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_MMAP'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10776,11 +10953,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_MMAP=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10780 "configure"
+#line 10957 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/shared_mmap.c"
 EOF
-if { (eval echo configure:10784: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10961: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_MMAP=yes
 else
@@ -10803,7 +10980,7 @@ EOF
 fi
 
 echo $ac_n "checking for ftruncate needs root""... $ac_c" 1>&6
-echo "configure:10807: checking for ftruncate needs root" >&5
+echo "configure:10984: checking for ftruncate needs root" >&5
 if eval "test \"`echo '$''{'samba_cv_FTRUNCATE_NEEDS_ROOT'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10812,11 +10989,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_FTRUNCATE_NEEDS_ROOT=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10816 "configure"
+#line 10993 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/ftruncroot.c"
 EOF
-if { (eval echo configure:10820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:10997: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_FTRUNCATE_NEEDS_ROOT=yes
 else
@@ -10839,7 +11016,7 @@ EOF
 fi
 
 echo $ac_n "checking for fcntl locking""... $ac_c" 1>&6
-echo "configure:10843: checking for fcntl locking" >&5
+echo "configure:11020: checking for fcntl locking" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_FCNTL_LOCK'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10848,11 +11025,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_FCNTL_LOCK=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10852 "configure"
+#line 11029 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/fcntl_lock.c"
 EOF
-if { (eval echo configure:10856: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:11033: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_FCNTL_LOCK=yes
 else
@@ -10875,7 +11052,7 @@ EOF
 fi
 
 echo $ac_n "checking for broken (glibc2.1/x86) 64 bit fcntl locking""... $ac_c" 1>&6
-echo "configure:10879: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5
+echo "configure:11056: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_FCNTL64_LOCKS'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10884,11 +11061,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10888 "configure"
+#line 11065 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/fcntl_lock64.c"
 EOF
-if { (eval echo configure:10892: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:11069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes
 else
@@ -10913,7 +11090,7 @@ else
 
 
   echo $ac_n "checking for 64 bit fcntl locking""... $ac_c" 1>&6
-echo "configure:10917: checking for 64 bit fcntl locking" >&5
+echo "configure:11094: checking for 64 bit fcntl locking" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_FLOCK64'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10922,7 +11099,7 @@ else
   samba_cv_HAVE_STRUCT_FLOCK64=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10926 "configure"
+#line 11103 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -10946,7 +11123,7 @@ exit(1);
 #endif
 }
 EOF
-if { (eval echo configure:10950: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:11127: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_STRUCT_FLOCK64=yes
 else
@@ -10971,7 +11148,7 @@ EOF
 fi
 
 echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6
-echo "configure:10975: checking for a crypt that needs truncated salt" >&5
+echo "configure:11152: checking for a crypt that needs truncated salt" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -10980,11 +11157,11 @@ if test "$cross_compiling" = yes; then
   samba_cv_HAVE_TRUNCATED_SALT=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 10984 "configure"
+#line 11161 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/crypttest.c"
 EOF
-if { (eval echo configure:10988: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:11165: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   samba_cv_HAVE_TRUNCATED_SALT=no
 else
@@ -11007,13 +11184,13 @@ EOF
 fi
 
 echo $ac_n "checking for broken nisplus include files""... $ac_c" 1>&6
-echo "configure:11011: checking for broken nisplus include files" >&5
+echo "configure:11188: checking for broken nisplus include files" >&5
 if eval "test \"`echo '$''{'samba_cv_BROKEN_NISPLUS_INCLUDE_FILES'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 cat > conftest.$ac_ext <<EOF
-#line 11017 "configure"
+#line 11194 "configure"
 #include "confdefs.h"
 #include <sys/acl.h>
 #if defined(HAVE_RPCSVC_NIS_H)
@@ -11023,7 +11200,7 @@ int main() {
 return 0;
 ; return 0; }
 EOF
-if { (eval echo configure:11027: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:11204: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no
 else
@@ -11047,7 +11224,7 @@ fi
 #################################################
 # check for smbwrapper support
 echo $ac_n "checking whether to use smbwrapper""... $ac_c" 1>&6
-echo "configure:11051: checking whether to use smbwrapper" >&5
+echo "configure:11228: checking whether to use smbwrapper" >&5
 # Check whether --with-smbwrapper or --without-smbwrapper was given.
 if test "${with_smbwrapper+set}" = set; then
   withval="$with_smbwrapper"
@@ -11091,7 +11268,7 @@ fi
 #################################################
 # check for the AFS filesystem
 echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6
-echo "configure:11095: checking whether to use AFS" >&5
+echo "configure:11272: checking whether to use AFS" >&5
 # Check whether --with-afs or --without-afs was given.
 if test "${with_afs+set}" = set; then
   withval="$with_afs"
@@ -11117,7 +11294,7 @@ fi
 #################################################
 # check for the DFS auth system
 echo $ac_n "checking whether to use DFS auth""... $ac_c" 1>&6
-echo "configure:11121: checking whether to use DFS auth" >&5
+echo "configure:11298: checking whether to use DFS auth" >&5
 # Check whether --with-dfs or --without-dfs was given.
 if test "${with_dfs+set}" = set; then
   withval="$with_dfs"
@@ -11142,7 +11319,7 @@ fi
 #################################################
 # check for Kerberos IV auth system
 echo $ac_n "checking whether to use Kerberos IV""... $ac_c" 1>&6
-echo "configure:11146: checking whether to use Kerberos IV" >&5
+echo "configure:11323: checking whether to use Kerberos IV" >&5
 # Check whether --with-krb4 or --without-krb4 was given.
 if test "${with_krb4+set}" = set; then
   withval="$with_krb4"
@@ -11152,7 +11329,7 @@ if test "${with_krb4+set}" = set; then
 EOF
 
     echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6
-echo "configure:11156: checking for dn_expand in -lresolv" >&5
+echo "configure:11333: checking for dn_expand in -lresolv" >&5
 ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -11160,7 +11337,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lresolv  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 11164 "configure"
+#line 11341 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -11171,7 +11348,7 @@ int main() {
 dn_expand()
 ; return 0; }
 EOF
-if { (eval echo configure:11175: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:11352: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -11210,7 +11387,7 @@ fi
 #################################################
 # check for Kerberos 5 auth system
 echo $ac_n "checking whether to use Kerberos 5""... $ac_c" 1>&6
-echo "configure:11214: checking whether to use Kerberos 5" >&5
+echo "configure:11391: checking whether to use Kerberos 5" >&5
 # Check whether --with-krb5 or --without-krb5 was given.
 if test "${with_krb5+set}" = set; then
   withval="$with_krb5"
@@ -11231,7 +11408,7 @@ fi
 #################################################
 # check for automount support
 echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6
-echo "configure:11235: checking whether to use AUTOMOUNT" >&5
+echo "configure:11412: checking whether to use AUTOMOUNT" >&5
 # Check whether --with-automount or --without-automount was given.
 if test "${with_automount+set}" = set; then
   withval="$with_automount"
@@ -11256,7 +11433,7 @@ fi
 #################################################
 # check for smbmount support
 echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6
-echo "configure:11260: checking whether to use SMBMOUNT" >&5
+echo "configure:11437: checking whether to use SMBMOUNT" >&5
 # Check whether --with-smbmount or --without-smbmount was given.
 if test "${with_smbmount+set}" = set; then
   withval="$with_smbmount"
@@ -11284,8 +11461,9 @@ fi
 
 #################################################
 # check for a PAM password database
+with_pam_for_crypt=no
 echo $ac_n "checking whether to use PAM password database""... $ac_c" 1>&6
-echo "configure:11289: checking whether to use PAM password database" >&5
+echo "configure:11467: checking whether to use PAM password database" >&5
 # Check whether --with-pam or --without-pam was given.
 if test "${with_pam+set}" = set; then
   withval="$with_pam"
@@ -11297,6 +11475,89 @@ if test "${with_pam+set}" = set; then
 EOF
 
     LIBS="$LIBS -lpam"
+    with_pam_for_crypt=yes
+    ;;
+  *)
+    echo "$ac_t""no" 1>&6
+    ;;
+  esac 
+else
+  echo "$ac_t""no" 1>&6
+
+fi
+
+
+# we can't build a pam module if we don't have pam.
+echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6
+echo "configure:11493: checking for pam_get_data in -lpam" >&5
+ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lpam  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11501 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char pam_get_data();
+
+int main() {
+pam_get_data()
+; return 0; }
+EOF
+if { (eval echo configure:11512: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<\EOF
+#define HAVE_LIBPAM 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+#################################################
+# check for pam_smbpass support
+echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6
+echo "configure:11539: checking whether to use pam_smbpass" >&5
+# Check whether --with-pam_smbpass or --without-pam_smbpass was given.
+if test "${with_pam_smbpass+set}" = set; then
+  withval="$with_pam_smbpass"
+   case "$withval" in
+  yes)
+    echo "$ac_t""yes" 1>&6
+
+# Conditions under which pam_smbpass should not be built.
+
+       if test x$PICFLAG = x; then
+          echo "$ac_t""No support for PIC code - disabling pam_smbpass" 1>&6
+          PAM_MOD=""
+       elif test x$ac_cv_lib_pam_pam_get_data = xno; then
+          echo "$ac_t""No libpam found -- disabling pam_smbpass" 1>&6
+          PAM_MOD=""
+       else
+          cat >> confdefs.h <<\EOF
+#define WITH_PAM_SMBPASS 1
+EOF
+
+          PAM_MOD="bin/pam_smbpass.so"
+       fi
     ;;
   *)
     echo "$ac_t""no" 1>&6
@@ -11308,6 +11569,115 @@ else
 fi
 
 
+
+###############################################
+# test for where we get crypt() from, but only
+# if not using PAM
+if test $with_pam_for_crypt = no; then
+for ac_func in crypt
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:11581: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 11586 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:11609: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
+else
+  echo "$ac_t""no" 1>&6
+fi
+done
+
+if test x"$ac_cv_func_crypt" = x"no"; then
+    echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
+echo "configure:11635: checking for crypt in -lcrypt" >&5
+ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lcrypt  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 11643 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char crypt();
+
+int main() {
+crypt()
+; return 0; }
+EOF
+if { (eval echo configure:11654: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  LIBS="$LIBS -lcrypt";
+	cat >> confdefs.h <<\EOF
+#define HAVE_CRYPT 1
+EOF
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+fi
+
+
 #################################################
 # removed until we get the code actually working
 # --jeremy
@@ -11354,7 +11724,7 @@ fi
 #################################################
 # check for a NISPLUS password database
 echo $ac_n "checking whether to use NISPLUS password database""... $ac_c" 1>&6
-echo "configure:11358: checking whether to use NISPLUS password database" >&5
+echo "configure:11728: checking whether to use NISPLUS password database" >&5
 # Check whether --with-nisplus or --without-nisplus was given.
 if test "${with_nisplus+set}" = set; then
   withval="$with_nisplus"
@@ -11379,7 +11749,7 @@ fi
 #################################################
 # check for a NISPLUS_HOME support 
 echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6
-echo "configure:11383: checking whether to use NISPLUS_HOME" >&5
+echo "configure:11753: checking whether to use NISPLUS_HOME" >&5
 # Check whether --with-nisplus-home or --without-nisplus-home was given.
 if test "${with_nisplus_home+set}" = set; then
   withval="$with_nisplus_home"
@@ -11404,7 +11774,7 @@ fi
 #################################################
 # check for the secure socket layer
 echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6
-echo "configure:11408: checking whether to use SSL" >&5
+echo "configure:11778: checking whether to use SSL" >&5
 # Check whether --with-ssl or --without-ssl was given.
 if test "${with_ssl+set}" = set; then
   withval="$with_ssl"
@@ -11428,7 +11798,7 @@ EOF
 	  LDFLAGS="=L/usr/local/ssl/lib $LDFLAGS"
 	;;
         * )
-          CFLAGS="-I${withval}/include $CFLAGS"
+          CFLAGS="-I${withval} $CFLAGS"
 	  LIBS="-lssl -lcrypto $LIBS"
   	  LDFLAGS="-L${withval}/lib $LDFLAGS"
 	;;
@@ -11463,7 +11833,7 @@ fi
 #################################################
 # check for syslog logging
 echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6
-echo "configure:11467: checking whether to use syslog logging" >&5
+echo "configure:11837: checking whether to use syslog logging" >&5
 # Check whether --with-syslog or --without-syslog was given.
 if test "${with_syslog+set}" = set; then
   withval="$with_syslog"
@@ -11488,7 +11858,7 @@ fi
 #################################################
 # check for a shared memory profiling support
 echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6
-echo "configure:11492: checking whether to use profiling" >&5
+echo "configure:11862: checking whether to use profiling" >&5
 # Check whether --with-profile or --without-profile was given.
 if test "${with_profile+set}" = set; then
   withval="$with_profile"
@@ -11514,7 +11884,7 @@ fi
 #################################################
 # check for experimental netatalk resource fork support
 echo $ac_n "checking whether to support netatalk""... $ac_c" 1>&6
-echo "configure:11518: checking whether to support netatalk" >&5
+echo "configure:11888: checking whether to support netatalk" >&5
 # Check whether --with-netatalk or --without-netatalk was given.
 if test "${with_netatalk+set}" = set; then
   withval="$with_netatalk"
@@ -11541,7 +11911,7 @@ fi
 QUOTAOBJS=smbd/noquotas.o
 
 echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6
-echo "configure:11545: checking whether to support disk-quotas" >&5
+echo "configure:11915: checking whether to support disk-quotas" >&5
 # Check whether --with-quotas or --without-quotas was given.
 if test "${with_quotas+set}" = set; then
   withval="$with_quotas"
@@ -11565,7 +11935,7 @@ fi
 # check for experimental utmp accounting
 
 echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6
-echo "configure:11569: checking whether to support utmp accounting" >&5
+echo "configure:11939: checking whether to support utmp accounting" >&5
 # Check whether --with-utmp or --without-utmp was given.
 if test "${with_utmp+set}" = set; then
   withval="$with_utmp"
@@ -11591,7 +11961,7 @@ fi
 # check for MS Dfs support
 
 echo $ac_n "checking whether to support Microsoft Dfs""... $ac_c" 1>&6
-echo "configure:11595: checking whether to support Microsoft Dfs" >&5
+echo "configure:11965: checking whether to support Microsoft Dfs" >&5
 # Check whether --with-msdfs or --without-msdfs was given.
 if test "${with_msdfs+set}" = set; then
   withval="$with_msdfs"
@@ -11617,7 +11987,7 @@ fi
 # check for Samba VFS support
 
 echo $ac_n "checking whether to support the experimantal Samba vfs""... $ac_c" 1>&6
-echo "configure:11621: checking whether to support the experimantal Samba vfs" >&5
+echo "configure:11991: checking whether to support the experimantal Samba vfs" >&5
 # Check whether --with-vfs or --without-vfs was given.
 if test "${with_vfs+set}" = set; then
   withval="$with_vfs"
@@ -11642,14 +12012,14 @@ fi
 #################################################
 # these tests are taken from the GNU fileutils package
 echo "checking how to get filesystem space usage" 1>&6
-echo "configure:11646: checking how to get filesystem space usage" >&5
+echo "configure:12016: checking how to get filesystem space usage" >&5
 space=no
 
 # Test for statvfs64.
 if test $space = no; then
   # SVR4
   echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6
-echo "configure:11653: checking statvfs64 function (SVR4)" >&5
+echo "configure:12023: checking statvfs64 function (SVR4)" >&5
 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11657,7 +12027,7 @@ else
   fu_cv_sys_stat_statvfs64=cross
 else
   cat > conftest.$ac_ext <<EOF
-#line 11661 "configure"
+#line 12031 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_UNISTD_H)
@@ -11671,7 +12041,7 @@ else
     exit (statvfs64 (".", &fsd));
   }
 EOF
-if { (eval echo configure:11675: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12045: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   fu_cv_sys_stat_statvfs64=yes
 else
@@ -11704,12 +12074,12 @@ fi
 if test $space = no; then
   # SVR4
   echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6
-echo "configure:11708: checking statvfs function (SVR4)" >&5
+echo "configure:12078: checking statvfs function (SVR4)" >&5
 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 11713 "configure"
+#line 12083 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/statvfs.h>
@@ -11717,7 +12087,7 @@ int main() {
 struct statvfs fsd; statvfs (0, &fsd);
 ; return 0; }
 EOF
-if { (eval echo configure:11721: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   fu_cv_sys_stat_statvfs=yes
 else
@@ -11742,7 +12112,7 @@ fi
 if test $space = no; then
   # DEC Alpha running OSF/1
   echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6
-echo "configure:11746: checking for 3-argument statfs function (DEC OSF/1)" >&5
+echo "configure:12116: checking for 3-argument statfs function (DEC OSF/1)" >&5
   if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11750,7 +12120,7 @@ else
   fu_cv_sys_stat_statfs3_osf1=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 11754 "configure"
+#line 12124 "configure"
 #include "confdefs.h"
 
 #include <sys/param.h>
@@ -11763,7 +12133,7 @@ else
     exit (statfs (".", &fsd, sizeof (struct statfs)));
   }
 EOF
-if { (eval echo configure:11767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12137: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   fu_cv_sys_stat_statfs3_osf1=yes
 else
@@ -11790,7 +12160,7 @@ fi
 if test $space = no; then
 # AIX
   echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6
-echo "configure:11794: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5
+echo "configure:12164: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5
   if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11798,7 +12168,7 @@ else
   fu_cv_sys_stat_statfs2_bsize=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 11802 "configure"
+#line 12172 "configure"
 #include "confdefs.h"
 
 #ifdef HAVE_SYS_PARAM_H
@@ -11817,7 +12187,7 @@ else
   exit (statfs (".", &fsd));
   }
 EOF
-if { (eval echo configure:11821: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   fu_cv_sys_stat_statfs2_bsize=yes
 else
@@ -11844,7 +12214,7 @@ fi
 if test $space = no; then
 # SVR3
   echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6
-echo "configure:11848: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5
+echo "configure:12218: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5
   if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11852,7 +12222,7 @@ else
   fu_cv_sys_stat_statfs4=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 11856 "configure"
+#line 12226 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/statfs.h>
@@ -11862,7 +12232,7 @@ else
   exit (statfs (".", &fsd, sizeof fsd, 0));
   }
 EOF
-if { (eval echo configure:11866: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12236: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   fu_cv_sys_stat_statfs4=yes
 else
@@ -11889,7 +12259,7 @@ fi
 if test $space = no; then
 # 4.4BSD and NetBSD
   echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6
-echo "configure:11893: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5
+echo "configure:12263: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5
   if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11897,7 +12267,7 @@ else
   fu_cv_sys_stat_statfs2_fsize=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 11901 "configure"
+#line 12271 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #ifdef HAVE_SYS_PARAM_H
@@ -11913,7 +12283,7 @@ else
   exit (statfs (".", &fsd));
   }
 EOF
-if { (eval echo configure:11917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   fu_cv_sys_stat_statfs2_fsize=yes
 else
@@ -11940,7 +12310,7 @@ fi
 if test $space = no; then
   # Ultrix
   echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6
-echo "configure:11944: checking for two-argument statfs with struct fs_data (Ultrix)" >&5
+echo "configure:12314: checking for two-argument statfs with struct fs_data (Ultrix)" >&5
   if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -11948,7 +12318,7 @@ else
   fu_cv_sys_stat_fs_data=no
 else
   cat > conftest.$ac_ext <<EOF
-#line 11952 "configure"
+#line 12322 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #ifdef HAVE_SYS_PARAM_H
@@ -11968,7 +12338,7 @@ else
   exit (statfs (".", &fsd) != 1);
   }
 EOF
-if { (eval echo configure:11972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   fu_cv_sys_stat_fs_data=yes
 else
@@ -12001,9 +12371,9 @@ fi
 # file support.
 #
 echo $ac_n "checking checking if large file support can be enabled""... $ac_c" 1>&6
-echo "configure:12005: checking checking if large file support can be enabled" >&5
+echo "configure:12375: checking checking if large file support can be enabled" >&5
 cat > conftest.$ac_ext <<EOF
-#line 12007 "configure"
+#line 12377 "configure"
 #include "confdefs.h"
 
 #if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)))
@@ -12016,7 +12386,7 @@ int main() {
 int i
 ; return 0; }
 EOF
-if { (eval echo configure:12020: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:12390: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes
 else
@@ -12083,7 +12453,7 @@ fi
 # check for ACL support
 
 echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6
-echo "configure:12087: checking whether to support ACLs" >&5
+echo "configure:12457: checking whether to support ACLs" >&5
 # Check whether --with-acl-support or --without-acl-support was given.
 if test "${with_acl_support+set}" = set; then
   withval="$with_acl_support"
@@ -12121,7 +12491,7 @@ EOF
 			;;
 		*)
 		    echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6
-echo "configure:12125: checking for acl_get_file in -lacl" >&5
+echo "configure:12495: checking for acl_get_file in -lacl" >&5
 ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -12129,7 +12499,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lacl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 12133 "configure"
+#line 12503 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -12140,7 +12510,7 @@ int main() {
 acl_get_file()
 ; return 0; }
 EOF
-if { (eval echo configure:12144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12514: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -12168,13 +12538,13 @@ else
 fi
 
 			echo $ac_n "checking for ACL support""... $ac_c" 1>&6
-echo "configure:12172: checking for ACL support" >&5
+echo "configure:12542: checking for ACL support" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 			cat > conftest.$ac_ext <<EOF
-#line 12178 "configure"
+#line 12548 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/acl.h>
@@ -12182,7 +12552,7 @@ int main() {
  acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);
 ; return 0; }
 EOF
-if { (eval echo configure:12186: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12556: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   samba_cv_HAVE_POSIX_ACLS=yes
 else
@@ -12202,13 +12572,13 @@ echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6
 EOF
 
 				echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6
-echo "configure:12206: checking for acl_get_perm_np" >&5
+echo "configure:12576: checking for acl_get_perm_np" >&5
 if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
 				cat > conftest.$ac_ext <<EOF
-#line 12212 "configure"
+#line 12582 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/acl.h>
@@ -12216,7 +12586,7 @@ int main() {
  acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);
 ; return 0; }
 EOF
-if { (eval echo configure:12220: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:12590: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   samba_cv_HAVE_ACL_GET_PERM_NP=yes
 else
@@ -12236,41 +12606,6 @@ EOF
 
 				fi
 			fi
-			echo $ac_n "checking for XFS ACL support""... $ac_c" 1>&6
-echo "configure:12241: checking for XFS ACL support" >&5
-if eval "test \"`echo '$''{'samba_cv_HAVE_XFS_ACLS'+set}'`\" = set"; then
-  echo $ac_n "(cached) $ac_c" 1>&6
-else
-  
-			cat > conftest.$ac_ext <<EOF
-#line 12247 "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <acl/acl.h>
-int main() {
- char test_str[13] = SGI_ACL_FILE; 
-; return 0; }
-EOF
-if { (eval echo configure:12255: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-  rm -rf conftest*
-  samba_cv_HAVE_XFS_ACLS=yes
-else
-  echo "configure: failed program was:" >&5
-  cat conftest.$ac_ext >&5
-  rm -rf conftest*
-  samba_cv_XFS_POSIX_ACLS=no
-fi
-rm -f conftest*
-fi
-
-echo "$ac_t""$samba_cv_HAVE_XFS_ACLS" 1>&6
-			if test x"$samba_cv_HAVE_XFS_ACLS" = x"yes"; then
-				echo "$ac_t""Using XFS ACLs" 1>&6
-				cat >> confdefs.h <<\EOF
-#define HAVE_XFS_ACLS 1
-EOF
-
-			fi
 			;;
 		esac
 		;;
@@ -12305,11 +12640,11 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 12309 "configure"
+#line 12644 "configure"
 #include "confdefs.h"
 #include "${srcdir-.}/tests/summary.c"
 EOF
-if { (eval echo configure:12313: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:12648: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   echo "configure OK";
 else
@@ -12468,6 +12803,7 @@ s%@RUNPROG@%$RUNPROG%g
 s%@MPROGS@%$MPROGS%g
 s%@LDSHFLAGS@%$LDSHFLAGS%g
 s%@HOST_OS@%$HOST_OS%g
+s%@PAM_MOD@%$PAM_MOD%g
 s%@WRAP@%$WRAP%g
 s%@WRAP32@%$WRAP32%g
 s%@PICFLAG@%$PICFLAG%g
diff --git a/source/configure.in b/source/configure.in
index a25300fe856..92f341e1299 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -25,7 +25,7 @@ AC_ARG_WITH(fhs, [  --with-fhs            use FHS-compliant paths [default=no]],
 #################################################
 # set private directory location
 AC_ARG_WITH(privatedir,
-[  --with-privatedir=DIR     Where to put smbpasswd ($privatedir)],
+[  --with-privatedir=DIR     Where to put smbpasswd ($ac_default_prefix/private)],
 [ case "$withval" in
   yes|no)
   #
@@ -41,7 +41,7 @@ AC_ARG_WITH(privatedir,
 #################################################
 # set lock directory location
 AC_ARG_WITH(lockdir,
-[  --with-lockdir=DIR     Where to put lock files ($lockdir)],
+[  --with-lockdir=DIR     Where to put lock files ($ac_default_prefix/var/locks)],
 [ case "$withval" in
   yes|no)
   #
@@ -57,7 +57,7 @@ AC_ARG_WITH(lockdir,
 #################################################
 # set SWAT directory location
 AC_ARG_WITH(swatdir,
-[  --with-swatdir=DIR     Where to put SWAT files ($swatdir)],
+[  --with-swatdir=DIR     Where to put SWAT files ($ac_default_prefix/swat)],
 [ case "$withval" in
   yes|no)
   #
@@ -73,7 +73,7 @@ AC_ARG_WITH(swatdir,
 #################################################
 # set configuration directory location
 AC_ARG_WITH(configdir,
-[  --with-configdir=DIR     Where to put configuration files ($configdir)],
+[  --with-configdir=DIR     Where to put configuration files (\$libdir)],
 [ case "$withval" in
   yes|no)
   #
@@ -89,7 +89,7 @@ AC_ARG_WITH(configdir,
 #################################################
 # set codepage directory location
 AC_ARG_WITH(codepagedir,
-[  --with-codepagedir=DIR     Where to put codepage files ($codepagedir)],
+[  --with-codepagedir=DIR     Where to put codepage files (\$libdir/codepages)],
 [ case "$withval" in
   yes|no)
   #
@@ -118,6 +118,7 @@ AC_SUBST(RUNPROG)
 AC_SUBST(MPROGS)
 AC_SUBST(LDSHFLAGS)
 AC_SUBST(HOST_OS)
+AC_SUBST(PAM_MOD)
 AC_SUBST(WRAP)
 AC_SUBST(WRAP32)
 AC_SUBST(PICFLAG)
@@ -267,7 +268,7 @@ exit(1);
     *linux*)
         AC_MSG_CHECKING([for LFS support])
         old_CPPFLAGS="$CPPFLAGS"
-        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+        CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
        AC_TRY_RUN([
 #include <unistd.h>
 #include <sys/utsname.h>
@@ -305,7 +306,7 @@ main() {
 ], [LINUX_LFS_SUPPORT=yes], [LINUX_LFS_SUPPORT=no], [LINUX_LFS_SUPPORT=cross])
         CPPFLAGS="$old_CPPFLAGS"
         if test x$LINUX_LFS_SUPPORT = xyes ; then
-          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS"
+          CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
         fi
        AC_MSG_RESULT([$LINUX_LFS_SUPPORT])
 		;;
@@ -340,10 +341,12 @@ AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h)
 AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h)
 AC_CHECK_HEADERS(compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h)
-AC_CHECK_HEADERS(sys/param.h ctype.h sys/un.h sys/wait.h sys/resource.h sys/ioctl.h sys/mode.h)
-AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h string.h strings.h stdlib.h sys/socket.h)
+AC_CHECK_HEADERS(sys/param.h ctype.h sys/un.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h)
+AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h)
 AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h)
 AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h)
+AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h)
+
 #
 # HPUX has a bug in that including shadow.h causes a re-definition of MAXINT.
 # This causes configure to fail to detect it. Check for shadow separately on HPUX.
@@ -358,10 +361,10 @@ case "$host_os" in
 	;;
 esac
 AC_CHECK_HEADERS(shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h)
-AC_CHECK_HEADERS(nss.h sys/security.h security/pam_appl.h)
+AC_CHECK_HEADERS(nss.h nss_common.h sys/security.h security/pam_appl.h security/pam_modules.h)
 AC_CHECK_HEADERS(stropts.h poll.h)
 AC_CHECK_HEADERS(sys/capability.h syscall.h sys/syscall.h)
-AC_CHECK_HEADERS(sys/acl.h sys/cdefs.h glob.h acl/acl.h)
+AC_CHECK_HEADERS(sys/acl.h sys/cdefs.h glob.h)
 
 # For experimental utmp support (lastlog on some BSD-like systems)
 AC_CHECK_HEADERS(utmp.h utmpx.h lastlog.h)
@@ -399,6 +402,19 @@ AC_CHECK_LIB(cups,httpConnect)
 AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl";
 	AC_DEFINE(HAVE_LIBDL)])
 
+AC_CACHE_CHECK([for socklen_t type],samba_cv_socklen_t, [
+    AC_TRY_COMPILE([
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>],[socklen_t i = 0],
+    samba_cv_socklen_t=yes,samba_cv_socklen_t=no)])
+if test x"$samba_cv_socklen_t" = x"yes"; then
+   AC_DEFINE(HAVE_SOCKLEN_T_TYPE)
+fi
+
 AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [
     AC_TRY_COMPILE([
 #include <sys/types.h>
@@ -412,28 +428,14 @@ if test x"$samba_cv_sig_atomic_t" = x"yes"; then
    AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE)
 fi
 
-AC_CACHE_CHECK([for errno in errno.h],samba_cv_errno, [
-    AC_TRY_COMPILE([#include <errno.h>],[int i = errno],
-	samba_cv_errno=yes,samba_cv_have_errno=no)])
-if test x"$samba_cv_errno" = x"yes"; then
-   AC_DEFINE(HAVE_ERRNO_DECL)
-fi
-
-# stupid glibc has the functions but no declaration. grrrr.
-AC_CACHE_CHECK([for setresuid declaration],samba_cv_have_setresuid_decl,[
-    AC_TRY_COMPILE([#include <unistd.h>],[int i = (int)setresuid],
-        samba_cv_have_setresuid_decl=yes,samba_cv_have_setresuid_decl=no)])
-if test x"$samba_cv_have_setresuid_decl" = x"yes"; then
-    AC_DEFINE(HAVE_SETRESUID_DECL)
-fi
-
-# stupid glibc has the functions but no declaration. grrrr.
-AC_CACHE_CHECK([for setresgid declaration],samba_cv_have_setresgid_decl,[
-    AC_TRY_COMPILE([#include <unistd.h>],[int i = (int)setresgid],
-        samba_cv_have_setresgid_decl=yes,samba_cv_have_setresgid_decl=no)])
-if test x"$samba_cv_have_setresgid_decl" = x"yes"; then
-    AC_DEFINE(HAVE_SETRESGID_DECL)
-fi
+# stupid headers have the functions but no declaration. grrrr.
+AC_HAVE_DECL(errno, [#include <errno.h>])
+AC_HAVE_DECL(setresuid, [#include <unistd.h>])
+AC_HAVE_DECL(setresgid, [#include <unistd.h>])
+AC_HAVE_DECL(asprintf, [#include <stdio.h>])
+AC_HAVE_DECL(vasprintf, [#include <stdio.h>])
+AC_HAVE_DECL(vsnprintf, [#include <stdio.h>])
+AC_HAVE_DECL(snprintf, [#include <stdio.h>])
 
 # and glibc has setresuid under linux but the function does
 # nothing until kernel 2.1.44! very dumb.
@@ -459,14 +461,6 @@ fi
 AC_FUNC_MEMCMP
 
 ###############################################
-# test for where we get crypt() from
-AC_CHECK_FUNCS(crypt)
-if test x"$ac_cv_func_crypt" = x"no"; then
-    AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt";
-	AC_DEFINE(HAVE_CRYPT)])
-fi
-
-###############################################
 # Readline included by default unless explicitly asked not to
 test "${with_readline+set}" != "set" && with_readline=yes
 
@@ -581,13 +575,13 @@ fi
 
 AC_CHECK_FUNCS(waitpid getcwd strdup strtoul strerror chown fchown chmod fchmod chroot)
 AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset)
-AC_CHECK_FUNCS(memmove vsnprintf snprintf setsid glob strpbrk pipe crypt16 getauthuid)
+AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid)
 AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction innetgr setnetgrent getnetgrent endnetgrent)
 AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf)
 AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64)
 AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64)
 AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf)
-AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl)
+AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink)
 
 # syscall() is needed for smbwrapper.
 AC_CHECK_FUNCS(syscall)
@@ -896,6 +890,30 @@ if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then
     AC_DEFINE(HAVE_GETTIMEOFDAY_TZ)
 fi
 
+AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[
+AC_TRY_RUN([
+#include <sys/types.h>
+#include <stdarg.h>
+void foo(const char *format, ...) { 
+       va_list ap;
+       int len;
+       char buf[5];
+
+       va_start(ap, format);
+       len = vsnprintf(0, 0, format, ap);
+       va_end(ap);
+       if (len != 5) exit(1);
+
+       if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
+
+       exit(0);
+}
+main() { foo("hello"); }
+],
+samba_cv_HAVE_C99_VSNPRINTF=yes,samba_cv_HAVE_C99_VSNPRINTF=no,samba_cv_HAVE_C99_VSNPRINTF=cross)])
+if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
+    AC_DEFINE(HAVE_C99_VSNPRINTF)
+fi
 
 AC_CACHE_CHECK([for broken readdir],samba_cv_HAVE_BROKEN_READDIR,[
 AC_TRY_RUN([#include <sys/types.h>
@@ -1210,7 +1228,7 @@ fi
 
 AC_CACHE_CHECK([whether getpass should be replaced],samba_cv_REPLACE_GETPASS,[
 SAVE_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper"
+CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper"
 AC_TRY_COMPILE([
 #define REPLACE_GETPASS 1
 #define NO_CONFIG_H 1
@@ -1605,6 +1623,7 @@ AC_ARG_WITH(smbmount,
 
 #################################################
 # check for a PAM password database
+with_pam_for_crypt=no
 AC_MSG_CHECKING(whether to use PAM password database)
 AC_ARG_WITH(pam,
 [  --with-pam     Include PAM password database support
@@ -1614,6 +1633,40 @@ AC_ARG_WITH(pam,
     AC_MSG_RESULT(yes)
     AC_DEFINE(WITH_PAM)
     LIBS="$LIBS -lpam"
+    with_pam_for_crypt=yes
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+  esac ],
+  AC_MSG_RESULT(no)
+)
+
+# we can't build a pam module if we don't have pam.
+AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)])
+
+#################################################
+# check for pam_smbpass support
+AC_MSG_CHECKING(whether to use pam_smbpass)
+AC_ARG_WITH(pam_smbpass,
+[  --with-pam_smbpass     Include the smbpass PAM module
+  --without-pam_smbpass  Don't include the smbpass PAM module (default)],
+[ case "$withval" in
+  yes)
+    AC_MSG_RESULT(yes)
+
+# Conditions under which pam_smbpass should not be built.
+
+       if test x$PICFLAG = x; then
+          AC_MSG_RESULT([No support for PIC code - disabling pam_smbpass])
+          PAM_MOD=""
+       elif test x$ac_cv_lib_pam_pam_get_data = xno; then
+          AC_MSG_RESULT([No libpam found -- disabling pam_smbpass])
+          PAM_MOD=""
+       else
+          AC_DEFINE(WITH_PAM_SMBPASS)
+          PAM_MOD="bin/pam_smbpass.so"
+       fi
     ;;
   *)
     AC_MSG_RESULT(no)
@@ -1622,6 +1675,19 @@ AC_ARG_WITH(pam,
   AC_MSG_RESULT(no)
 )
 
+
+###############################################
+# test for where we get crypt() from, but only
+# if not using PAM
+if test $with_pam_for_crypt = no; then
+AC_CHECK_FUNCS(crypt)
+if test x"$ac_cv_func_crypt" = x"no"; then
+    AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt";
+	AC_DEFINE(HAVE_CRYPT)])
+fi
+fi
+
+
 #################################################
 # removed until we get the code actually working
 # --jeremy
@@ -1725,7 +1791,7 @@ AC_ARG_WITH(ssl,
 	  LDFLAGS="=L/usr/local/ssl/lib $LDFLAGS"
 	;;
         * )
-          CFLAGS="-I${withval}/include $CFLAGS"
+          CFLAGS="-I${withval} $CFLAGS"
 	  LIBS="-lssl -lcrypto $LIBS"
   	  LDFLAGS="-L${withval}/lib $LDFLAGS"
 	;;
@@ -2165,15 +2231,6 @@ samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)])
 					AC_DEFINE(HAVE_ACL_GET_PERM_NP)
 				fi
 			fi
-			AC_CACHE_CHECK([for XFS ACL support],samba_cv_HAVE_XFS_ACLS,[
-			AC_TRY_COMPILE([#include <sys/types.h>
-#include <acl/acl.h>],
-[ char test_str[13] = SGI_ACL_FILE; ],
-samba_cv_HAVE_XFS_ACLS=yes,samba_cv_XFS_POSIX_ACLS=no)])
-			if test x"$samba_cv_HAVE_XFS_ACLS" = x"yes"; then
-				AC_MSG_RESULT(Using XFS ACLs)
-				AC_DEFINE(HAVE_XFS_ACLS)
-			fi
 			;;
 		esac
 		;;
diff --git a/source/include/config.h.in b/source/include/config.h.in
index 66561c9761e..15a7a856276 100644
--- a/source/include/config.h.in
+++ b/source/include/config.h.in
@@ -63,6 +63,7 @@
 
 #undef HAVE_VOLATILE
 #undef HAVE_BROKEN_READDIR
+#undef HAVE_C99_VSNPRINTF
 #undef HAVE_ERRNO_DECL
 #undef HAVE_LONGLONG
 #undef HAVE_OFF64_T
@@ -70,6 +71,7 @@
 #undef HAVE_UNSIGNED_CHAR
 #undef HAVE_UTIMBUF
 #undef HAVE_SIG_ATOMIC_T_TYPE
+#undef HAVE_SOCKLEN_T_TYPE
 #undef ssize_t
 #undef ino_t
 #undef ssize_t
@@ -124,6 +126,7 @@
 #undef WITH_NISPLUS
 #undef WITH_TDBPWD
 #undef WITH_PAM
+#undef WITH_PAM_SMBPASS
 #undef WITH_NISPLUS_HOME
 #undef WITH_AUTOMOUNT
 #undef WITH_SMBMOUNT
@@ -207,9 +210,13 @@
 #undef HAVE_UNIXWARE_ACLS
 #undef HAVE_SOLARIS_ACLS
 #undef HAVE_IRIX_ACLS
-#undef HAVE_XFS_ACLS
 #undef HAVE_AIX_ACLS
 #undef HAVE_NO_ACLS
+#undef HAVE_LIBPAM
+#undef HAVE_ASPRINTF_DECL
+#undef HAVE_VASPRINTF_DECL
+#undef HAVE_SNPRINTF_DECL
+#undef HAVE_VSNPRINTF_DECL
 
 /* The number of bytes in a int.  */
 #undef SIZEOF_INT
@@ -430,6 +437,9 @@
 /* Define if you have the _write function.  */
 #undef HAVE__WRITE
 
+/* Define if you have the asprintf function.  */
+#undef HAVE_ASPRINTF
+
 /* Define if you have the atexit function.  */
 #undef HAVE_ATEXIT
 
@@ -619,6 +629,9 @@
 /* Define if you have the readdir64 function.  */
 #undef HAVE_READDIR64
 
+/* Define if you have the readlink function.  */
+#undef HAVE_READLINK
+
 /* Define if you have the rename function.  */
 #undef HAVE_RENAME
 
@@ -697,6 +710,9 @@
 /* Define if you have the strtoul function.  */
 #undef HAVE_STRTOUL
 
+/* Define if you have the symlink function.  */
+#undef HAVE_SYMLINK
+
 /* Define if you have the syscall function.  */
 #undef HAVE_SYSCALL
 
@@ -718,6 +734,9 @@
 /* Define if you have the utimes function.  */
 #undef HAVE_UTIMES
 
+/* Define if you have the vasprintf function.  */
+#undef HAVE_VASPRINTF
+
 /* Define if you have the vsnprintf function.  */
 #undef HAVE_VSNPRINTF
 
@@ -727,9 +746,6 @@
 /* Define if you have the yp_get_default_domain function.  */
 #undef HAVE_YP_GET_DEFAULT_DOMAIN
 
-/* Define if you have the <acl/acl.h> header file.  */
-#undef HAVE_ACL_ACL_H
-
 /* Define if you have the <arpa/inet.h> header file.  */
 #undef HAVE_ARPA_INET_H
 
@@ -784,6 +800,9 @@
 /* Define if you have the <nss.h> header file.  */
 #undef HAVE_NSS_H
 
+/* Define if you have the <nss_common.h> header file.  */
+#undef HAVE_NSS_COMMON_H
+
 /* Define if you have the <poll.h> header file.  */
 #undef HAVE_POLL_H
 
@@ -808,9 +827,15 @@
 /* Define if you have the <rpcsvc/ypclnt.h> header file.  */
 #undef HAVE_RPCSVC_YPCLNT_H
 
+/* Define if you have the <security/_pam_macros.h> header file.  */
+#undef HAVE_SECURITY__PAM_MACROS_H
+
 /* Define if you have the <security/pam_appl.h> header file.  */
 #undef HAVE_SECURITY_PAM_APPL_H
 
+/* Define if you have the <security/pam_modules.h> header file.  */
+#undef HAVE_SECURITY_PAM_MODULES_H
+
 /* Define if you have the <shadow.h> header file.  */
 #undef HAVE_SHADOW_H
 
@@ -865,6 +890,9 @@
 /* Define if you have the <sys/ioctl.h> header file.  */
 #undef HAVE_SYS_IOCTL_H
 
+/* Define if you have the <sys/ipc.h> header file.  */
+#undef HAVE_SYS_IPC_H
+
 /* Define if you have the <sys/mman.h> header file.  */
 #undef HAVE_SYS_MMAN_H
 
@@ -892,6 +920,9 @@
 /* Define if you have the <sys/select.h> header file.  */
 #undef HAVE_SYS_SELECT_H
 
+/* Define if you have the <sys/shm.h> header file.  */
+#undef HAVE_SYS_SHM_H
+
 /* Define if you have the <sys/socket.h> header file.  */
 #undef HAVE_SYS_SOCKET_H
 
diff --git a/source/include/debug.h b/source/include/debug.h
index d2c3b1d37ef..240da0d6fc5 100644
--- a/source/include/debug.h
+++ b/source/include/debug.h
@@ -37,21 +37,8 @@
    arguemnts to DEBUG() right. We have got them wrong too often in the 
    past.
  */
-#ifdef HAVE_STDARG_H
-int  Debug1( char *, ... )
-#ifdef __GNUC__
-     __attribute__ ((format (__printf__, 1, 2)))
-#endif
-;
-BOOL dbgtext( char *, ... )
-#ifdef __GNUC__
-     __attribute__ ((format (__printf__, 1, 2)))
-#endif
-;
-#else
-int  Debug1();
-BOOL dbgtext();
-#endif
+int  Debug1( char *, ... ) PRINTF_ATTRIBUTE(1,2);
+BOOL dbgtext( char *, ... ) PRINTF_ATTRIBUTE(1,2);
 
 /* If we have these macros, we can add additional info to the header. */
 #ifdef HAVE_FILE_MACRO
diff --git a/source/include/includes.h b/source/include/includes.h
index eef1c1e0bc1..c5f4720a5af 100644
--- a/source/include/includes.h
+++ b/source/include/includes.h
@@ -54,6 +54,13 @@
 #endif
 #endif
 
+/* use gcc attribute to check printf fns */
+#ifdef __GNUC__
+#define PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2)))
+#else
+#define PRINTF_ATTRIBUTE(a1, a2)
+#endif
+
 #ifdef RELIANTUNIX
 /*
  * <unistd.h> has to be included before any other to get
@@ -271,10 +278,6 @@
 #include <sys/acl.h>
 #endif
 
-#ifdef HAVE_XFS_ACLS
-#include <acl/acl.h>
-#endif
-
 #ifdef HAVE_SYS_FS_S5PARAM_H 
 #include <sys/fs/s5param.h>
 #endif
@@ -350,6 +353,14 @@
 #endif
 #endif /* HAVE_NETGROUP */
 
+#if defined(HAVE_SYS_IPC_H)
+#include <sys/ipc.h>
+#endif /* HAVE_SYS_IPC_H */
+
+#if defined(HAVE_SYS_SHM_H)
+#include <sys/shm.h>
+#endif /* HAVE_SYS_SHM_H */
+
 /*
  * Define VOLATILE if needed.
  */
@@ -361,15 +372,17 @@
 #endif
 
 /*
- * Define SIG_ATOMIC_T if needed.
+ * Define additional missing types
  */
+#ifndef HAVE_SIG_ATOMIC_T_TYPE
+typedef int sig_atomic_t;
+#endif
 
-#if defined(HAVE_SIG_ATOMIC_T_TYPE)
-#define SIG_ATOMIC_T sig_atomic_t
-#else
-#define SIG_ATOMIC_T int
+#ifndef HAVE_SOCKLEN_T_TYPE
+typedef int socklen_t;
 #endif
 
+
 #ifndef uchar
 #define uchar unsigned char
 #endif
@@ -421,6 +434,9 @@
 #define int32 long
 #elif (SIZEOF_SHORT == 4)
 #define int32 short
+#else
+/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */
+#define uint32 int
 #endif
 #endif
 
@@ -436,6 +452,9 @@
 #define uint32 unsigned long
 #elif (SIZEOF_SHORT == 4)
 #define uint32 unsigned short
+#else
+/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */
+#define uint32 unsigned
 #endif
 #endif
 
@@ -622,6 +641,8 @@ extern int errno;
 #include "messages.h"
 #include "util_list.h"
 
+#include "util_getent.h"
+
 #ifndef UBI_BINTREE_H
 #include "ubi_Cache.h"
 #endif /* UBI_BINTREE_H */
@@ -644,6 +665,8 @@ extern int errno;
 
 #include "profile.h"
 
+#include "mapping.h"
+
 #ifndef MAXCODEPAGELINES
 #define MAXCODEPAGELINES 256
 #endif
@@ -678,17 +701,38 @@ typedef struct smb_wpasswd {
 #define UNI_XDIGIT   0x8
 #define UNI_SPACE    0x10
 
-#ifdef HAVE_NSS_H
+#ifdef HAVE_NSS_COMMON_H
+
+/* Sun Solaris */
+
+#include <nss_common.h>
+#include <nss_dbdefs.h>
+#include <nsswitch.h>
+
+typedef nss_status_t NSS_STATUS;
+
+#define NSS_STATUS_SUCCESS     NSS_SUCCESS
+#define NSS_STATUS_NOTFOUND    NSS_NOTFOUND
+#define NSS_STATUS_UNAVAIL     NSS_UNAVAIL
+#define NSS_STATUS_TRYAGAIN    NSS_TRYAGAIN
+
+#elif HAVE_NSS_H
+
+/* GNU */
+
 #include <nss.h>
-#else
 
-/* Minimal needed to compile.. */
+typedef enum nss_status NSS_STATUS;
+
+#else /* Nothing's defined. Neither gnu nor sun */
 
-enum nss_status {
-	NSS_STATUS_SUCCESS,
-	NSS_STATUS_NOTFOUND,
-	NSS_STATUS_UNAVAIL
-};
+typedef enum
+{
+  NSS_STATUS_SUCCESS,
+  NSS_STATUS_NOTFOUND,
+  NSS_STATUS_UNAVAIL,
+  NSS_STATUS_TRYAGAIN
+} NSS_STATUS;
 
 #endif
 
@@ -846,6 +890,9 @@ int setresuid(uid_t ruid, uid_t euid, uid_t suid);
 #if (defined(USE_SETRESUID) && !defined(HAVE_SETRESGID_DECL))
 int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
 #endif
+#ifndef HAVE_VASPRINTF_DECL
+int vasprintf(char **ptr, const char *format, va_list ap);
+#endif
 
 #if !defined(HAVE_BZERO) && defined(HAVE_MEMSET)
 #define bzero(a,b) memset((a),'\0',(b))
@@ -934,13 +981,13 @@ int setresgid(gid_t rgid, gid_t egid, gid_t sgid);
 #define S_IXOTH 00001           /* execute permission: other */
 #endif
 
-/* Some systems (SCO) treat UNIX domain sockets as FIFOs */
-
-#ifndef S_IFSOCK
-#define S_IFSOCK S_IFIFO
+/* NetBSD doesn't have these */
+#ifndef SHM_R
+#define SHM_R 0400
 #endif
-#ifndef S_ISSOCK
-#define S_ISSOCK(mode)  ((mode & S_IFSOCK) == S_IFSOCK)
+
+#ifndef SHM_W
+#define SHM_W 0200
 #endif
 
 #if HAVE_KERNEL_SHARE_MODES
@@ -982,5 +1029,19 @@ extern int DEBUGLEVEL;
 #define RTLD_NOW 0
 #endif
 
+/* add varargs prototypes with printf checking */
+int fdprintf(int , char *, ...) PRINTF_ATTRIBUTE(2,3);
+#ifndef HAVE_SNPRINTF_DECL
+int snprintf(char *,size_t ,const char *, ...) PRINTF_ATTRIBUTE(3,4);
+#endif
+#ifndef HAVE_ASPRINTF_DECL
+int asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3);
+#endif
+
+/* we used to use these fns, but now we have good replacements
+   for snprintf and vsnprintf */
+#define slprintf snprintf
+#define vslprintf vsnprintf
+
 #endif /* _INCLUDES_H */
 
diff --git a/source/include/local.h b/source/include/local.h
index b5590f9f912..1a58e9e2d11 100644
--- a/source/include/local.h
+++ b/source/include/local.h
@@ -100,6 +100,11 @@
 #define GUEST_ACCOUNT "nobody"
 #endif
 
+/* user to test password server with as invalid in security=server mode. */
+#ifndef INVALID_USER_PREFIX
+#define INVALID_USER_PREFIX "sambatest"
+#endif
+
 /* the default pager to use for the client "more" command. Users can
    override this with the PAGER environment variable */
 #ifndef PAGER
@@ -176,4 +181,12 @@
 /* Minimum length of allowed password when changing UNIX password. */
 #define MINPASSWDLENGTH 5
 
+/* maximum ID number used for session control. This cannot be larger
+   than 62*62 for the current code */
+#define MAX_SESSION_ID 3000
+
+#ifndef SESSION_TEMPLATE
+#define SESSION_TEMPLATE "smb/%d"
+#endif
+
 #endif
diff --git a/source/include/messages.h b/source/include/messages.h
index fb88ddbd0e1..b41f1f38a8e 100644
--- a/source/include/messages.h
+++ b/source/include/messages.h
@@ -39,5 +39,6 @@
 #define MSG_PRINTER_NOTIFY 2001
 
 #define MSG_SMB_CONF_UPDATED 3001
+#define MSG_SMB_FORCE_TDIS   3002
 
 #endif
diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h
index ecd261949c5..58ed1759e71 100644
--- a/source/include/ntdomain.h
+++ b/source/include/ntdomain.h
@@ -267,7 +267,8 @@ typedef struct
 struct acct_info
 {
     fstring acct_name; /* account name */
-    uint32 smb_userid; /* domain-relative RID */
+    fstring acct_desc; /* account name */
+    uint32 rid; /* domain-relative RID */
 };
 
 /*
diff --git a/source/include/profile.h b/source/include/profile.h
index 5916614fb74..a8ffb963671 100644
--- a/source/include/profile.h
+++ b/source/include/profile.h
@@ -96,6 +96,10 @@ struct profile_stats {
 	unsigned syscall_ftruncate_time;
 	unsigned syscall_fcntl_lock_count;
 	unsigned syscall_fcntl_lock_time;
+	unsigned syscall_readlink_count;
+	unsigned syscall_readlink_time;
+	unsigned syscall_symlink_count;
+	unsigned syscall_symlink_time;
 /* stat cache counters */
 	unsigned statcache_lookups;
 	unsigned statcache_misses;
diff --git a/source/include/proto.h b/source/include/proto.h
index ba66888ea3c..c1e3a4fe12d 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -100,7 +100,8 @@ int sys_fsusage(const char *path, SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
 
 /*The following definitions come from  lib/genrand.c  */
 
-void generate_random_buffer( unsigned char *out, int len, BOOL re_seed);
+void set_rand_reseed_data(unsigned char *data, size_t len);
+void generate_random_buffer( unsigned char *out, int len, BOOL do_reseed_now);
 char *generate_random_str(size_t len);
 
 /*The following definitions come from  lib/getsmbpass.c  */
@@ -110,11 +111,10 @@ char *getsmbpass(char *prompt)    ;
 /*The following definitions come from  lib/hash.c  */
 
 BOOL hash_table_init(hash_table *table, int num_buckets, compare_function compare_func);
-int string_hash(int hash_size, const char *key);
 hash_element *hash_lookup(hash_table *table, char *key);
 hash_element *hash_insert(hash_table *table, char *value, char *key);
 void hash_remove(hash_table *table, hash_element *hash_elem);
-BOOL hash_clear(hash_table *table);
+void hash_clear(hash_table *table);
 
 /*The following definitions come from  lib/interface.c  */
 
@@ -158,7 +158,7 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type, void *buf, size_t len
 
 /*The following definitions come from  lib/ms_fnmatch.c  */
 
-int ms_fnmatch(char *pattern, char *string);
+int ms_fnmatch(const char *pattern, const char *string);
 
 /*The following definitions come from  lib/pidfile.c  */
 
@@ -188,10 +188,6 @@ void CatchSignal(int signum,void (*handler)(int ));
 void CatchChild(void);
 void CatchChildLeaveStatus(void);
 
-/*The following definitions come from  lib/slprintf.c  */
-
-int vslprintf(char *str, int n, char *format, va_list ap);
-
 /*The following definitions come from  libsmb/cliconnect.c  */
 
 BOOL cli_session_setup(struct cli_state *cli, 
@@ -223,6 +219,7 @@ int cli_set_port(struct cli_state *cli, int port);
 BOOL cli_receive_smb(struct cli_state *cli);
 BOOL cli_send_smb(struct cli_state *cli);
 void cli_setup_packet(struct cli_state *cli);
+void cli_setup_bcc(struct cli_state *cli, void *p);
 void cli_init_creds(struct cli_state *cli, const struct ntuser_creds *usr);
 struct cli_state *cli_initialise(struct cli_state *cli);
 void cli_shutdown(struct cli_state *cli);
@@ -241,10 +238,10 @@ BOOL cli_unlink(struct cli_state *cli, char *fname);
 BOOL cli_mkdir(struct cli_state *cli, char *dname);
 BOOL cli_rmdir(struct cli_state *cli, char *dname);
 int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag);
-int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess, uint32 FileAttributes,
-						uint32 ShareAccess, uint32 CreateDisposition, uint32 CreateOptions);
+int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess,
+		 uint32 FileAttributes, uint32 ShareAccess,
+		 uint32 CreateDisposition, uint32 CreateOptions);
 int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess);
-int cli_nt_create_uni(struct cli_state *cli, char *fname, uint32 DesiredAccess);
 int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode);
 BOOL cli_close(struct cli_state *cli, int fnum);
 BOOL cli_lock(struct cli_state *cli, int fnum, 
@@ -261,34 +258,39 @@ BOOL cli_getatr(struct cli_state *cli, char *fname,
 BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t);
 BOOL cli_chkpath(struct cli_state *cli, char *path);
 BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail);
+int cli_ctemp(struct cli_state *cli, char *path, char **tmp_path);
 
 /*The following definitions come from  libsmb/clilist.c  */
 
-int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, 
-	     void (*fn)(file_info *, const char *));
+int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, 
+		 void (*fn)(file_info *, const char *, void *), void *state);
 int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, 
-		 void (*fn)(file_info *, const char *));
+		 void (*fn)(file_info *, const char *, void *), void *state);
+int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, 
+	     void (*fn)(file_info *, const char *, void *), void *state);
 
 /*The following definitions come from  libsmb/cli_lsarpc.c  */
 
 struct cli_state *cli_lsa_initialise(struct cli_state *cli, char *system_name,
 				     struct ntuser_creds *creds);
 void cli_lsa_shutdown(struct cli_state *cli);
-uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, 
-			   uint32 des_access, POLICY_HND *pol);
-uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *pol);
-uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol,
-			   int num_sids, DOM_SID *sids, char ***names, 
-			   uint32 **types, int *num_names);
-uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol,
-			    int num_names, char **names, DOM_SID **sids,
-			    uint32 **types, int *num_sids);
-uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol, 
-				 uint16 info_class, fstring domain_name, 
-				 DOM_SID * domain_sid);
-uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol, 
-			      uint32 *enum_ctx, uint32 *num_domains,
-			      char ***domain_names, DOM_SID **domain_sids);
+uint32 cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   BOOL sec_qos, uint32 des_access, POLICY_HND *pol);
+uint32 cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+		     POLICY_HND *pol);
+uint32 cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   POLICY_HND *pol, int num_sids, DOM_SID *sids, 
+			   char ***names, uint32 **types, int *num_names);
+uint32 cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			    POLICY_HND *pol, int num_names, char **names, 
+			    DOM_SID **sids, uint32 **types, int *num_sids);
+uint32 cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				 POLICY_HND *pol, uint16 info_class, 
+				 fstring domain_name, DOM_SID *domain_sid);
+uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *pol, uint32 *enum_ctx, 
+			      uint32 *num_domains, char ***domain_names, 
+			      DOM_SID **domain_sids);
 
 /*The following definitions come from  libsmb/climessage.c  */
 
@@ -297,6 +299,15 @@ BOOL cli_message_start(struct cli_state *cli, char *host, char *username,
 BOOL cli_message_text(struct cli_state *cli, char *msg, int len, int grp);
 BOOL cli_message_end(struct cli_state *cli, int grp);
 
+/*The following definitions come from  libsmb/cli_netlogon.c  */
+
+struct cli_state *cli_netlogon_initialise(struct cli_state *cli, 
+					  char *system_name,
+					  struct ntuser_creds *creds);
+void cli_netlogon_shutdown(struct cli_state *cli);
+uint32 cli_netlogon_logon_ctrl2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				uint32 query_level);
+
 /*The following definitions come from  libsmb/cliprint.c  */
 
 int cli_print_queue(struct cli_state *cli, 
@@ -305,7 +316,7 @@ int cli_printjob_del(struct cli_state *cli, int job);
 
 /*The following definitions come from  libsmb/clirap.c  */
 
-BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, int pipe_name_len,
+BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, 
                   uint16 *setup, uint32 setup_count, uint32 max_setup_count,
                   char *params, uint32 param_count, uint32 max_param_count,
                   char *data, uint32 data_count, uint32 max_data_count,
@@ -317,9 +328,10 @@ BOOL cli_api(struct cli_state *cli,
 	     char **rparam, int *rprcnt,
 	     char **rdata, int *rdrcnt);
 BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation);
-int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *));
+int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state);
 BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
-		       void (*fn)(const char *, uint32, const char *));
+		       void (*fn)(const char *, uint32, const char *, void *),
+		       void *state);
 BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password,
                              const char *old_password);
 BOOL cli_qpathinfo(struct cli_state *cli, const char *fname, 
@@ -333,10 +345,11 @@ BOOL cli_qfileinfo(struct cli_state *cli, int fnum,
 		   uint16 *mode, size_t *size,
 		   time_t *c_time, time_t *a_time, time_t *m_time, 
 		   time_t *w_time, SMB_INO_T *ino);
+BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char *outdata);
 
 /*The following definitions come from  libsmb/clireadwrite.c  */
 
-size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size);
+ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size);
 ssize_t cli_write(struct cli_state *cli,
 		  int fnum, uint16 write_mode,
 		  char *buf, off_t offset, size_t size);
@@ -348,30 +361,53 @@ ssize_t cli_smbwrite(struct cli_state *cli,
 struct cli_state *cli_samr_initialise(struct cli_state *cli, char *system_name,
 				      struct ntuser_creds *creds);
 void cli_samr_shutdown(struct cli_state *cli);
-uint32 cli_samr_connect(struct cli_state *cli, char *srv_name,
-			uint32 access_mask, POLICY_HND *connect_pol);
-uint32 cli_samr_close(struct cli_state *cli, POLICY_HND *connect_pol);
-uint32 cli_samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol,
-			    uint32 access_mask, DOM_SID *domain_sid,
-			    POLICY_HND *domain_pol);
-uint32 cli_samr_open_user(struct cli_state *cli, POLICY_HND *domain_pol,
-			  uint32 access_mask, uint32 user_rid,
-			  POLICY_HND *user_pol);
-uint32 cli_samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol,
-			  uint32 access_mask, uint32 group_rid,
-			  POLICY_HND *group_pol);
-uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol, 
-			       uint16 switch_value, SAM_USERINFO_CTR *ctr);
-uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol,
-				uint32 info_level, GROUP_INFO_CTR *ctr);
-uint32 cli_samr_query_usergroups(struct cli_state *cli, POLICY_HND *user_pol,
-				 uint32 *num_groups, DOM_GID **gid);
-uint32 cli_samr_query_groupmem(struct cli_state *cli, POLICY_HND *group_pol,
-			       uint32 *num_mem, uint32 **rid, uint32 **attr);
+uint32 cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			char *srv_name, uint32 access_mask, 
+			POLICY_HND *connect_pol);
+uint32 cli_samr_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+		      POLICY_HND *connect_pol);
+uint32 cli_samr_open_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			    POLICY_HND *connect_pol, uint32 access_mask, 
+			    DOM_SID *domain_sid, POLICY_HND *domain_pol);
+uint32 cli_samr_open_user(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			  POLICY_HND *domain_pol, uint32 access_mask, 
+			  uint32 user_rid, POLICY_HND *user_pol);
+uint32 cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			   POLICY_HND *domain_pol, uint32 access_mask, 
+			   uint32 group_rid, POLICY_HND *group_pol);
+uint32 cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			       POLICY_HND *user_pol, uint16 switch_value, 
+			       SAM_USERINFO_CTR *ctr);
+uint32 cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				POLICY_HND *group_pol, uint32 info_level, 
+				GROUP_INFO_CTR *ctr);
+uint32 cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				 POLICY_HND *user_pol, uint32 *num_groups, 
+				 DOM_GID **gid);
+uint32 cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			       POLICY_HND *group_pol, uint32 *num_mem, 
+			       uint32 **rid, uint32 **attr);
+uint32 cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				POLICY_HND *pol, uint32 *start_idx, 
+				uint32 size, struct acct_info **dom_groups,
+				uint32 *num_dom_groups);
+uint32 cli_samr_query_aliasmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			       POLICY_HND *alias_pol, uint32 *num_mem, 
+			       DOM_SID **sids);
+uint32 cli_samr_open_alias(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			   POLICY_HND *domain_pol, uint32 access_mask, 
+			   uint32 alias_rid, POLICY_HND *alias_pol);
+uint32 cli_samr_query_dom_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			       POLICY_HND *domain_pol, uint16 switch_value,
+			       SAM_UNK_CTR *ctr);
+uint32 cli_samr_query_dispinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			       POLICY_HND *domain_pol, uint32 *start_idx,
+			       uint16 switch_value, uint32 *num_entries,
+			       uint32 max_entries, SAM_DISPINFO_CTR *ctr);
 
 /*The following definitions come from  libsmb/clisecdesc.c  */
 
-SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd);
+SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd, TALLOC_CTX *mem_ctx);
 BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd);
 
 /*The following definitions come from  libsmb/cli_spoolss.c  */
@@ -380,24 +416,46 @@ struct cli_state *cli_spoolss_initialise(struct cli_state *cli,
 					 char *system_name,
 					 struct ntuser_creds *creds);
 void cli_spoolss_shutdown(struct cli_state *cli);
-uint32 cli_spoolss_open_printer_ex(struct cli_state *cli, char *printername,
-				   char *datatype, uint32 access_required,
-				   char *station, char *username,
-				   POLICY_HND *pol);
-uint32 cli_spoolss_close_printer(struct cli_state *cli, POLICY_HND *pol);
-uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags,
-				 uint32 level, int *returned, 
-				 PRINTER_INFO_CTR *ctr);
-uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level, 
-			      int *returned, PORT_INFO_CTR *ctr);
+uint32 cli_spoolss_open_printer_ex(
+	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
+	char *printername,
+	char *datatype, 
+	uint32 access_required,
+	char *station, 
+	char *username,
+	POLICY_HND *pol
+);
+uint32 cli_spoolss_close_printer(
+	struct cli_state *cli,
+	TALLOC_CTX *mem_ctx,
+	POLICY_HND *pol
+);
+uint32 cli_spoolss_enum_printers(
+	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
+	uint32 flags,
+	uint32 level, 
+	int *returned, 
+	PRINTER_INFO_CTR *ctr
+);
+uint32 cli_spoolss_enum_ports(
+	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
+	uint32 level, 
+	int *returned, 
+	PORT_INFO_CTR *ctr
+);
 uint32 cli_spoolss_getprinter(
 	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
 	POLICY_HND *pol,
 	uint32 level, 
 	PRINTER_INFO_CTR *ctr
 );
 uint32 cli_spoolss_setprinter(
 	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
 	POLICY_HND *pol,
 	uint32 level, 
 	PRINTER_INFO_CTR *ctr,
@@ -405,6 +463,7 @@ uint32 cli_spoolss_setprinter(
 );
 uint32 cli_spoolss_getprinterdriver (
 	struct cli_state 	*cli, 
+	TALLOC_CTX 		*mem_ctx,
 	POLICY_HND 		*pol, 
 	uint32 			level,
 	char* 			env,
@@ -412,6 +471,7 @@ uint32 cli_spoolss_getprinterdriver (
 );
 uint32 cli_spoolss_enumprinterdrivers (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	char* 			env,
 	uint32			*returned,
@@ -419,25 +479,50 @@ uint32 cli_spoolss_enumprinterdrivers (
 );
 uint32 cli_spoolss_getprinterdriverdir (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	char* 			env,
 	DRIVER_DIRECTORY_CTR  	*ctr
 );
 uint32 cli_spoolss_addprinterdriver (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	PRINTER_DRIVER_CTR  	*ctr
 );
 uint32 cli_spoolss_addprinterex (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	PRINTER_INFO_CTR  	*ctr
 );
+uint32 cli_spoolss_deleteprinterdriver (
+	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
+	char			*arch,
+	char			*driver
+);
+
+/*The following definitions come from  libsmb/cli_srvsvc.c  */
+
+struct cli_state *cli_svrsvc_initialise(struct cli_state *cli, 
+					char *system_name,
+					struct ntuser_creds *creds);
+void cli_srvsvc_shutdown(struct cli_state *cli);
+uint32 cli_srvsvc_net_srv_get_info(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				   uint32 switch_value, SRV_INFO_CTR *ctr);
+
+/*The following definitions come from  libsmb/clistr.c  */
+
+int clistr_push(struct cli_state *cli, void *dest, const char *src, int dest_len, int flags);
+int clistr_pull(struct cli_state *cli, char *dest, const void *src, int dest_len, int src_len, int flags);
+int clistr_align_out(struct cli_state *cli, const void *p, int flags);
+int clistr_align_in(struct cli_state *cli, const void *p, int flags);
 
 /*The following definitions come from  libsmb/clitrans.c  */
 
 BOOL cli_send_trans(struct cli_state *cli, int trans, 
-		    char *name, int pipe_name_len, 
+		    char *pipe_name, 
 		    int fid, int flags,
 		    uint16 *setup, int lsetup, int msetup,
 		    char *param, int lparam, int mparam,
@@ -475,12 +560,17 @@ BOOL deal_with_creds(uchar sess_key[8],
 struct node_status *name_status_query(int fd,struct nmb_name *name,
 				      struct in_addr to_ip, int *num_names);
 BOOL name_status_find(int type, struct in_addr to_ip, char *name);
+BOOL name_register(int fd, const char *name, int name_type,
+		   struct in_addr name_ip, int opcode,
+		   BOOL bcast, 
+		   struct in_addr to_ip, int *count);
 struct in_addr *name_query(int fd,const char *name,int name_type, 
 			   BOOL bcast,BOOL recurse,
 			   struct in_addr to_ip, int *count);
 FILE *startlmhosts(char *fname);
 BOOL getlmhostsent( FILE *fp, pstring name, int *name_type, struct in_addr *ipaddr);
 void endlmhosts(FILE *fp);
+BOOL name_register_wins(const char *name, int name_type);
 BOOL name_resolve_bcast(const char *name, int name_type,
 			struct in_addr **return_ip_list, int *return_count);
 BOOL resolve_name(const char *name, struct in_addr *return_ip, int name_type);
@@ -608,8 +698,9 @@ int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual);
 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
 int sys_acl_valid( SMB_ACL_T theacl );
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
 int sys_acl_set_fd( int fd, SMB_ACL_T theacl);
+int sys_acl_delete_def_file(const char *name);
 int sys_acl_free_text(char *text);
 int sys_acl_free_acl(SMB_ACL_T the_acl) ;
 int sys_acl_free_qualifier(void *qual) ;
@@ -629,8 +720,9 @@ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type);
 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p);
 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d);
 int sys_acl_valid(SMB_ACL_T acl_d);
-int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d);
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d);
 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d);
+int sys_acl_delete_def_file(const char *path);
 int sys_acl_free_text(char *text);
 int sys_acl_free_acl(SMB_ACL_T acl_d) ;
 int sys_acl_free_qualifier(void *qual) ;
@@ -650,32 +742,12 @@ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type);
 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p);
 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d);
 int sys_acl_valid(SMB_ACL_T acl_d);
-int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d);
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d);
 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d);
+int sys_acl_delete_def_file(const char *name);
 int sys_acl_free_text(char *text);
 int sys_acl_free_acl(SMB_ACL_T acl_d) ;
 int sys_acl_free_qualifier(void *qual) ;
-int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
-SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type);
-SMB_ACL_T sys_acl_get_fd(int fd);
-char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen);
-int sys_acl_valid( SMB_ACL_T theacl );
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
-int sys_acl_set_fd( int fd, SMB_ACL_T theacl);
-int sys_acl_create_entry( SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p);
-int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
-int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
-void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d);
-int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
-int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
-int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
-SMB_ACL_T sys_acl_init( int count);
-int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type);
-int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry_d, void *qual_p);
-int sys_acl_set_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d);
-int sys_acl_free_text(char *text);
-int sys_acl_free_acl(SMB_ACL_T the_acl) ;
-int sys_acl_free_qualifier(void *qual) ;
 int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
@@ -691,8 +763,9 @@ int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual);
 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
 int sys_acl_valid( SMB_ACL_T theacl );
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
 int sys_acl_set_fd( int fd, SMB_ACL_T theacl);
+int sys_acl_delete_def_file(const char *name);
 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
 int sys_acl_free_text(char *text);
 int sys_acl_free_acl(SMB_ACL_T posix_acl);
@@ -714,8 +787,9 @@ int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype);
 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual);
 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset);
 int sys_acl_valid( SMB_ACL_T theacl );
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
 int sys_acl_set_fd( int fd, SMB_ACL_T theacl);
+int sys_acl_delete_def_file(const char *name);
 int sys_acl_free_acl(SMB_ACL_T the_acl) ;
 int sys_acl_free_qualifier(void *qual) ;
 
@@ -735,6 +809,8 @@ FILE *sys_fopen(const char *path, const char *type);
 SMB_STRUCT_DIRENT *sys_readdir(DIR *dirp);
 int sys_waitpid(pid_t pid,int *status,int options);
 char *sys_getwd(char *s);
+int sys_symlink(const char *oldpath, const char *newpath);
+int sys_readlink(const char *path, char *buf, size_t bufsiz);
 int sys_chown(const char *fname,uid_t uid,gid_t gid);
 int sys_chroot(const char *dname);
 struct hostent *sys_gethostbyname(const char *name);
@@ -770,11 +846,13 @@ int sys_dlclose (void *handle);
 
 TALLOC_CTX *talloc_init(void);
 void *talloc(TALLOC_CTX *t, size_t size);
+void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size);
 void talloc_destroy_pool(TALLOC_CTX *t);
 void talloc_destroy(TALLOC_CTX *t);
 size_t talloc_pool_size(TALLOC_CTX *t);
 void *talloc_zero(TALLOC_CTX *t, size_t size);
 void *talloc_memdup(TALLOC_CTX *t, void *p, size_t size);
+char *talloc_strdup(TALLOC_CTX *t, char *p);
 
 /*The following definitions come from  lib/time.c  */
 
@@ -799,7 +877,7 @@ time_t get_create_time(SMB_STRUCT_STAT *st,BOOL fake_dirs);
 
 /*The following definitions come from  lib/ufc.c  */
 
-char *ufc_crypt(char *key,char *salt);
+char *ufc_crypt(const char *key,const char *salt);
 
 /*The following definitions come from  lib/username.c  */
 
@@ -842,6 +920,8 @@ char *attrib_string(uint16 mode);
 void show_msg(char *buf);
 void smb_setlen(char *buf,int len);
 int set_message(char *buf,int num_words,int num_bytes,BOOL zero);
+void set_message_bcc(char *buf,int num_bytes);
+void set_message_end(void *outbuf,void *end_ptr);
 void dos_clean_name(char *s);
 void unix_clean_name(char *s);
 void make_dir_struct(char *buf,char *mask,char *fname,SMB_OFF_T size,int mode,time_t date);
@@ -862,7 +942,6 @@ BOOL zero_ip(struct in_addr ip);
 char *automount_lookup(char *user_name);
 char *automount_lookup(char *user_name);
 BOOL same_net(struct in_addr ip1,struct in_addr ip2,struct in_addr mask);
-struct hostent *Get_Hostbyname(const char *name);
 BOOL process_exists(pid_t pid);
 char *uidtoname(uid_t uid);
 char *gidtoname(gid_t gid);
@@ -886,7 +965,6 @@ int str_checksum(const char *s);
 void zero_free(void *p, size_t size);
 int set_maxfiles(int requested_max);
 BOOL reg_split_key(char *full_keyname, uint32 *reg_type, char *key_name);
-char *smbd_mktemp(char *template);
 int smb_mkstemp(char *template);
 void *memdup(void *p, size_t size);
 char *myhostname(void);
@@ -917,6 +995,13 @@ char **file_lines_pload(char *syscmd, int *numlines, BOOL convert);
 void file_lines_free(char **lines);
 void file_lines_slashcont(char **lines);
 
+/*The following definitions come from  lib/util_getent.c  */
+
+struct sys_grent * getgrent_list(void);
+void grent_free (struct sys_grent *glist);
+struct sys_pwent * getpwent_list(void);
+void pwent_free (struct sys_pwent *plist);
+
 /*The following definitions come from  lib/util_list.c  */
 
 BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
@@ -937,6 +1022,8 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 
 /*The following definitions come from  lib/util_sec.c  */
 
+void sec_init(void);
+BOOL non_root_mode(void);
 void gain_root_privilege(void);
 void gain_root_group_privilege(void);
 void set_effective_uid(uid_t uid);
@@ -957,6 +1044,7 @@ char *sid_to_string(fstring sidstr_out, DOM_SID *sid);
 BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
 BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
 BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
+BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid);
 void sid_copy(DOM_SID *dst, const DOM_SID *src);
 DOM_SID *sid_dup(DOM_SID *src);
 BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid);
@@ -978,12 +1066,10 @@ ssize_t write_socket(int fd,char *buf,size_t len);
 ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout);
 BOOL receive_smb(int fd,char *buffer, unsigned int timeout);
 BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout);
-BOOL send_null_session_msg(int fd);
 BOOL send_smb(int fd,char *buffer);
 BOOL send_one_packet(char *buf,int len,struct in_addr ip,int port,int type);
 int open_socket_in(int type, int port, int dlevel,uint32 socket_addr, BOOL rebind);
 int open_socket_out(int type, struct in_addr *addr, int port ,int timeout);
-void reset_globals_after_fork(void);
 void client_setfd(int fd);
 char *client_name(void);
 char *client_addr(void);
@@ -992,6 +1078,7 @@ char *get_socket_addr(int fd);
 int open_pipe_sock(char *path);
 int create_pipe_socket(char *dir, int dir_perms,
 				char *path, int path_perms);
+int sock_exec(const char *prog);
 
 /*The following definitions come from  lib/util_str.c  */
 
@@ -1127,6 +1214,7 @@ unsigned long wins_srv_count( void );
 /*The following definitions come from  locking/brlock.c  */
 
 void brl_init(int read_only);
+void brl_shutdown(int read_only);
 BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 	      uint16 smbpid, pid_t pid, uint16 tid,
 	      br_off start, br_off size, 
@@ -1137,7 +1225,7 @@ BOOL brl_unlock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 BOOL brl_locktest(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 		  uint16 smbpid, pid_t pid, uint16 tid,
 		  br_off start, br_off size, 
-		  enum brl_type lock_type);
+		  enum brl_type lock_type, int check_self);
 void brl_close(SMB_DEV_T dev, SMB_INO_T ino, pid_t pid, int tid, int fnum);
 int brl_forall(BRLOCK_FN(fn));
 
@@ -1145,11 +1233,11 @@ int brl_forall(BRLOCK_FN(fn));
 
 BOOL is_locked(files_struct *fsp,connection_struct *conn,
 	       SMB_BIG_UINT count,SMB_BIG_UINT offset, 
-	       enum brl_type lock_type);
-BOOL do_lock(files_struct *fsp,connection_struct *conn,
+	       enum brl_type lock_type, BOOL check_self);
+BOOL do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
              SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type,
              int *eclass,uint32 *ecode);
-BOOL do_unlock(files_struct *fsp,connection_struct *conn,
+BOOL do_unlock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
                SMB_BIG_UINT count,SMB_BIG_UINT offset, 
 	       int *eclass,uint32 *ecode);
 void locking_close_file(files_struct *fsp);
@@ -1189,15 +1277,11 @@ BOOL is_msdfs_link(connection_struct* conn, char* path);
 BOOL get_referred_path(struct junction_map* junction);
 BOOL dfs_redirect(char* pathname, connection_struct* conn);
 BOOL dfs_findfirst_redirect(char* pathname, connection_struct* conn);
-int setup_dfs_referral(char* pathname, int max_referral_level, 
-			char** ppdata);
+int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata);
 int dfs_path_error(char* inbuf, char* outbuf);
 BOOL create_msdfs_link(struct junction_map* jn, BOOL exists);
 BOOL remove_msdfs_link(struct junction_map* jn);
 int enum_msdfs_links(struct junction_map* jn);
-int setup_dfs_referral(char* pathname, int max_referral_level, 
-		       char** ppdata);
-BOOL is_msdfs_link(connection_struct* conn, char* path);
 
 /*The following definitions come from  nmbd/asyncdns.c  */
 
@@ -1563,9 +1647,6 @@ void close_sock(void);
 int write_sock(void *buffer, int count);
 int read_reply(struct winbindd_response *response);
 void free_response(struct winbindd_response *response);
-enum nss_status winbindd_request(int req_type, 
-				 struct winbindd_request *request,
-				 struct winbindd_response *response);
 
 /*The following definitions come from  param/loadparm.c  */
 
@@ -1583,8 +1664,7 @@ char *lp_os2_driver_map(void);
 char *lp_lockdir(void);
 char *lp_utmpdir(void);
 char *lp_wtmpdir(void);
-char *lp_utmp_hostname(void);
-BOOL lp_utmp_consolidate(void);
+BOOL lp_utmp(void);
 char *lp_rootdir(void);
 char *lp_source_environment(void);
 char *lp_defaultservice(void);
@@ -1614,11 +1694,8 @@ char *lp_panic_action(void);
 char *lp_adduser_script(void);
 char *lp_deluser_script(void);
 char *lp_wins_hook(void);
-char *lp_domain_groups(void);
 char *lp_domain_admin_group(void);
 char *lp_domain_guest_group(void);
-char *lp_domain_admin_users(void);
-char *lp_domain_guest_users(void);
 char *lp_winbind_uid(void);
 char *lp_winbind_gid(void);
 char *lp_template_homedir(void);
@@ -1659,8 +1736,10 @@ BOOL lp_use_rhosts(void);
 BOOL lp_readprediction(void);
 BOOL lp_readbmpx(void);
 BOOL lp_readraw(void);
+BOOL lp_large_readwrite(void);
 BOOL lp_writeraw(void);
 BOOL lp_null_passwords(void);
+BOOL lp_obey_pam_restrictions(void);
 BOOL lp_strip_dot(void);
 BOOL lp_encrypted_passwords(void);
 BOOL lp_update_encrypted(void);
@@ -1670,9 +1749,9 @@ BOOL lp_debug_hires_timestamp(void);
 BOOL lp_debug_pid(void);
 BOOL lp_debug_uid(void);
 BOOL lp_browse_list(void);
-BOOL lp_unix_realname(void);
 BOOL lp_nis_home_map(void);
 BOOL lp_bind_interfaces_only(void);
+BOOL lp_pam_password_change(void);
 BOOL lp_unix_password_sync(void);
 BOOL lp_passwd_chat_debug(void);
 BOOL lp_nt_smb_support(void);
@@ -1684,6 +1763,7 @@ BOOL lp_restrict_anonymous(void);
 BOOL lp_lanman_auth(void);
 BOOL lp_host_msdfs(void);
 BOOL lp_kernel_oplocks(void);
+BOOL lp_enhanced_browsing(void);
 int lp_os_level(void);
 int lp_max_ttl(void);
 int lp_max_wins_ttl(void);
@@ -1762,6 +1842,7 @@ BOOL lp_shortpreservecase(int );
 BOOL lp_casemangle(int );
 BOOL lp_status(int );
 BOOL lp_hide_dot_files(int );
+BOOL lp_hideunreadable(int );
 BOOL lp_browseable(int );
 BOOL lp_readonly(int );
 BOOL lp_no_set_dir(int );
@@ -1774,7 +1855,6 @@ BOOL lp_map_archive(int );
 BOOL lp_locking(int );
 BOOL lp_strict_locking(int );
 BOOL lp_posix_locking(int );
-BOOL lp_utmp(int );
 BOOL lp_share_modes(int );
 BOOL lp_oplocks(int );
 BOOL lp_level2_oplocks(int );
@@ -1796,12 +1876,12 @@ BOOL lp_blocking_locks(int );
 BOOL lp_inherit_perms(int );
 int lp_create_mask(int );
 int lp_force_create_mode(int );
-int _lp_security_mask(int );
-int _lp_force_security_mode(int );
+int lp_security_mask(int );
+int lp_force_security_mode(int );
 int lp_dir_mask(int );
 int lp_force_dir_mode(int );
-int _lp_dir_security_mask(int );
-int _lp_force_dir_security_mode(int );
+int lp_dir_security_mask(int );
+int lp_force_dir_security_mode(int );
 int lp_max_connections(int );
 int lp_defaultcase(int );
 int lp_minprintspace(int );
@@ -1843,10 +1923,6 @@ int lp_default_server_announce(void);
 int lp_major_announce_version(void);
 int lp_minor_announce_version(void);
 void lp_set_name_resolve_order(char *new_order);
-int lp_security_mask(int snum);
-int lp_force_security_mode(int snum);
-int lp_dir_security_mask(int snum);
-int lp_force_dir_security_mode(int snum);
 char *lp_printername(int snum);
 
 /*The following definitions come from  param/params.c  */
@@ -1865,9 +1941,11 @@ struct passdb_ops *nisplus_initialize_password_db(void);
 
 /*The following definitions come from  passdb/pampass.c  */
 
-BOOL pam_session(BOOL flag, const connection_struct *conn, char *tty);
-BOOL pam_accountcheck(char * user);
-BOOL pam_passcheck(char * user, char * password);
+BOOL smb_pam_claim_session(char *user, char *tty, char *rhost);
+BOOL smb_pam_close_session(char *user, char *tty, char *rhost);
+uint32 smb_pam_accountcheck(char * user);
+uint32 smb_pam_passcheck(char * user, char * password);
+BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword);
 
 /*The following definitions come from  passdb/pass_check.c  */
 
@@ -1942,6 +2020,7 @@ BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
 					  time_t *pass_last_set_time);
 BOOL secrets_store_trust_account_password(char *domain, uint8 new_pwd[16]);
 BOOL trust_password_delete(char *domain);
+void reset_globals_after_fork(void);
 
 /*The following definitions come from  passdb/smbpass.c  */
 
@@ -2010,6 +2089,8 @@ uint32 add_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level);
 uint32 get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
                             fstring printername, fstring architecture, uint32 version);
 uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level);
+BOOL printer_driver_in_use (char *arch, char *driver);
+uint32 delete_printer_driver (NT_PRINTER_DRIVER_INFO_LEVEL_3 *i);
 BOOL get_specific_param_by_index(NT_PRINTER_INFO_LEVEL printer, uint32 level, uint32 param_index,
                                  fstring value, uint8 **data, uint32 *type, uint32 *len);
 BOOL get_specific_param(NT_PRINTER_INFO_LEVEL printer, uint32 level,
@@ -2031,7 +2112,7 @@ void pcap_printer_fn(void (*fn)(char *, char *));
 
 /*The following definitions come from  printing/printfsp.c  */
 
-files_struct *print_fsp_open(connection_struct *conn,char *jobname);
+files_struct *print_fsp_open(connection_struct *conn);
 void print_fsp_end(files_struct *fsp, BOOL normal_close);
 
 /*The following definitions come from  printing/print_generic.c  */
@@ -2166,6 +2247,9 @@ void cli_use_wait_keyboard(void);
 /*The following definitions come from  rpcclient/cmd_lsarpc.c  */
 
 
+/*The following definitions come from  rpcclient/cmd_netlogon.c  */
+
+
 /*The following definitions come from  rpcclient/cmd_samr.c  */
 
 
@@ -2174,6 +2258,9 @@ void cli_use_wait_keyboard(void);
 BOOL get_short_archi(char *short_archi, char *long_archi);
 void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch);
 
+/*The following definitions come from  rpcclient/cmd_srvsvc.c  */
+
+
 /*The following definitions come from  rpc_client/ncacn_np_use.c  */
 
 BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
@@ -2297,7 +2384,6 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, uint32 enum_context,
                            uint32 status);
 BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, 
 			     prs_struct *ps, int depth);
-void lsa_free_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM * r_e);
 BOOL lsa_io_dom_query_5(char *desc, DOM_QUERY_5 *d_q, prs_struct *ps, int depth);
 BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps,
 		    int depth);
@@ -2321,6 +2407,8 @@ BOOL lsa_io_q_close(char *desc, LSA_Q_CLOSE *q_c, prs_struct *ps, int depth);
 BOOL lsa_io_r_close(char *desc,  LSA_R_CLOSE *r_c, prs_struct *ps, int depth);
 BOOL lsa_io_q_open_secret(char *desc, LSA_Q_OPEN_SECRET *q_c, prs_struct *ps, int depth);
 BOOL lsa_io_r_open_secret(char *desc, LSA_R_OPEN_SECRET *r_c, prs_struct *ps, int depth);
+BOOL lsa_io_q_unk_get_connuser(char *desc, LSA_Q_UNK_GET_CONNUSER *q_c, prs_struct *ps, int depth);
+BOOL lsa_io_r_unk_get_connuser(char *desc, LSA_R_UNK_GET_CONNUSER *r_c, prs_struct *ps, int depth);
 
 /*The following definitions come from  rpc_parse/parse_misc.c  */
 
@@ -2391,16 +2479,28 @@ void init_owf_info(OWF_INFO *hash, uint8 data[16]);
 BOOL smb_io_owf_info(char *desc, OWF_INFO *hash, prs_struct *ps, int depth);
 BOOL smb_io_gid(char *desc,  DOM_GID *gid, prs_struct *ps, int depth);
 BOOL smb_io_pol_hnd(char *desc, POLICY_HND *pol, prs_struct *ps, int depth);
+void init_unistr3(UNISTR3 *str, const char *buf);
 BOOL smb_io_unistr3(char *desc, UNISTR3 *name, prs_struct *ps, int depth);
 BOOL prs_uint64(char *name, prs_struct *ps, int depth, UINT64_S *data64);
 
 /*The following definitions come from  rpc_parse/parse_net.c  */
 
 BOOL net_io_q_logon_ctrl2(char *desc, NET_Q_LOGON_CTRL2 *q_l, prs_struct *ps, int depth);
-void init_r_logon_ctrl2(NET_R_LOGON_CTRL2 *r_l, uint32 query_level,
-				uint32 flags, uint32 pdc_status, uint32 logon_attempts,
-				uint32 tc_status, char *trusted_domain_name);
+void init_net_q_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, char *srv_name,
+			    uint32 query_level);
+void init_net_r_logon_ctrl2(NET_R_LOGON_CTRL2 *r_l, uint32 query_level,
+			    uint32 flags, uint32 pdc_status, 
+			    uint32 logon_attempts, uint32 tc_status, 
+			    char *trusted_domain_name);
 BOOL net_io_r_logon_ctrl2(char *desc, NET_R_LOGON_CTRL2 *r_l, prs_struct *ps, int depth);
+BOOL net_io_q_logon_ctrl(char *desc, NET_Q_LOGON_CTRL *q_l, prs_struct *ps, 
+			 int depth);
+void init_net_q_logon_ctrl(NET_Q_LOGON_CTRL *q_l, char *srv_name,
+			   uint32 query_level);
+void init_net_r_logon_ctrl(NET_R_LOGON_CTRL *r_l, uint32 query_level,
+			   uint32 flags, uint32 pdc_status);
+BOOL net_io_r_logon_ctrl(char *desc, NET_R_LOGON_CTRL *r_l, prs_struct *ps, 
+			 int depth);
 void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
 			uint32 num_doms, char *dom_name);
 BOOL net_io_r_trust_dom(char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth);
@@ -2410,6 +2510,8 @@ void init_q_req_chal(NET_Q_REQ_CHAL *q_c,
 				DOM_CHAL *clnt_chal);
 BOOL net_io_q_req_chal(char *desc,  NET_Q_REQ_CHAL *q_c, prs_struct *ps, int depth);
 BOOL net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int depth);
+BOOL net_io_q_auth(char *desc, NET_Q_AUTH *q_a, prs_struct *ps, int depth);
+BOOL net_io_r_auth(char *desc, NET_R_AUTH *r_a, prs_struct *ps, int depth);
 void init_q_auth_2(NET_Q_AUTH_2 *q_a,
 		char *logon_srv, char *acct_name, uint16 sec_chan, char *comp_name,
 		DOM_CHAL *clnt_chal, uint32 clnt_flgs);
@@ -2715,19 +2817,19 @@ void init_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO * q_e, POLICY_HND *pol,
 				uint32 max_entries);
 BOOL samr_io_q_query_dispinfo(char *desc, SAMR_Q_QUERY_DISPINFO * q_e,
 			      prs_struct *ps, int depth);
-void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
-void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
-void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 DOMAIN_GRP * grp);
-void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]);
-void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 DOMAIN_GRP * grp);
 void init_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO * r_u,
@@ -2873,7 +2975,7 @@ BOOL samr_io_rids(char *desc, uint32 *num_rids, uint32 **rid,
 BOOL samr_io_r_query_useraliases(char *desc, SAMR_R_QUERY_USERALIASES * r_u,
 				 prs_struct *ps, int depth);
 void init_samr_q_open_alias(SAMR_Q_OPEN_ALIAS * q_u, POLICY_HND *pol,
-			    uint32 unknown_0, uint32 rid);
+			    uint32 access_mask, uint32 rid);
 BOOL samr_io_q_open_alias(char *desc, SAMR_Q_OPEN_ALIAS * q_u,
 			  prs_struct *ps, int depth);
 BOOL samr_io_r_open_alias(char *desc, SAMR_R_OPEN_ALIAS * r_u,
@@ -2928,12 +3030,12 @@ void init_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM * r_u,
 				uint32 status);
 BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM * r_u,
 			      prs_struct *ps, int depth);
-void init_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES * q_u,
+uint32 init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u,
 			      POLICY_HND *pol, uint32 flags,
 			      uint32 num_names, char **name);
 BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES * q_u,
 			    prs_struct *ps, int depth);
-void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
+uint32 init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
 			      uint32 num_rids,
 			      uint32 *rid, uint32 *type,
 			      uint32 status);
@@ -2971,8 +3073,7 @@ void init_sam_user_info11(SAM_USER_INFO_11 * usr,
 			  NTTIME * expiry,
 			  char *mach_acct,
 			  uint32 rid_user, uint32 rid_group, uint16 acct_ctrl);
-void init_sam_user_info24(SAM_USER_INFO_24 * usr,
-			  char newpass[516], uint16 passlen);
+void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516]);
 void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all zeros */
 			NTTIME * logoff_time,	/* all zeros */
 			NTTIME * kickoff_time,	/* all zeros */
@@ -3159,6 +3260,7 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
 		const fstring clientname,
 		const fstring user_name);
 BOOL make_spoolss_q_addprinterex(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_ADDPRINTEREX *q_u, 
 	const char *srv_name,
 	const char* clientname, 
@@ -3166,10 +3268,18 @@ BOOL make_spoolss_q_addprinterex(
 	uint32 level, 
 	PRINTER_INFO_CTR *ctr);
 BOOL make_spoolss_printer_info_2(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_PRINTER_INFO_LEVEL_2 **spool_info2, 
 	PRINTER_INFO_2 *info
 );
 BOOL spoolss_io_q_open_printer_ex(char *desc, SPOOL_Q_OPEN_PRINTER_EX *q_u, prs_struct *ps, int depth);
+BOOL make_spoolss_q_deleteprinterdriver(
+	TALLOC_CTX *mem_ctx,
+	SPOOL_Q_DELETEPRINTERDRIVER *q_u, 
+	const char *server,
+	const char* arch, 
+	const char* driver 
+);
 BOOL spoolss_io_r_open_printer_ex(char *desc, SPOOL_R_OPEN_PRINTER_EX *r_u, prs_struct *ps, int depth);
 BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
                                 const POLICY_HND *handle,
@@ -3183,6 +3293,8 @@ BOOL spoolss_io_q_abortprinter(char *desc, SPOOL_Q_ABORTPRINTER *q_u, prs_struct
 BOOL spoolss_io_r_abortprinter(char *desc, SPOOL_R_ABORTPRINTER *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_deleteprinter(char *desc, SPOOL_Q_DELETEPRINTER *q_u, prs_struct *ps, int depth);
 BOOL spoolss_io_r_deleteprinter(char *desc, SPOOL_R_DELETEPRINTER *r_u, prs_struct *ps, int depth);
+BOOL spoolss_io_q_deleteprinterdriver(char *desc, SPOOL_Q_DELETEPRINTERDRIVER *q_u, prs_struct *ps, int depth);
+BOOL spoolss_io_r_deleteprinterdriver(char *desc, SPOOL_R_DELETEPRINTERDRIVER *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_closeprinter(char *desc, SPOOL_Q_CLOSEPRINTER *q_u, prs_struct *ps, int depth);
 BOOL spoolss_io_r_closeprinter(char *desc, SPOOL_R_CLOSEPRINTER *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_startdocprinter(char *desc, SPOOL_Q_STARTDOCPRINTER *q_u, prs_struct *ps, int depth);
@@ -3247,9 +3359,14 @@ BOOL make_spoolss_q_getprinterdriver2(SPOOL_Q_GETPRINTERDRIVER2 *q_u,
 			       NEW_BUFFER *buffer, uint32 offered);
 BOOL spoolss_io_q_getprinterdriver2(char *desc, SPOOL_Q_GETPRINTERDRIVER2 *q_u, prs_struct *ps, int depth);
 BOOL spoolss_io_r_getprinterdriver2(char *desc, SPOOL_R_GETPRINTERDRIVER2 *r_u, prs_struct *ps, int depth);
-BOOL make_spoolss_q_enumprinters(SPOOL_Q_ENUMPRINTERS *q_u, uint32 flags, 
-				fstring servername, uint32 level, 
-				NEW_BUFFER *buffer, uint32 offered);
+BOOL make_spoolss_q_enumprinters(
+	SPOOL_Q_ENUMPRINTERS *q_u, 
+	uint32 flags, 
+	fstring servername, 
+	uint32 level, 
+	NEW_BUFFER *buffer, 
+	uint32 offered
+);
 BOOL make_spoolss_q_enumports(SPOOL_Q_ENUMPORTS *q_u, 
 				fstring servername, uint32 level, 
 				NEW_BUFFER *buffer, uint32 offered);
@@ -3258,6 +3375,7 @@ BOOL spoolss_io_r_enumprinters(char *desc, SPOOL_R_ENUMPRINTERS *r_u, prs_struct
 BOOL spoolss_io_r_getprinter(char *desc, SPOOL_R_GETPRINTER *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_getprinter(char *desc, SPOOL_Q_GETPRINTER *q_u, prs_struct *ps, int depth);
 BOOL make_spoolss_q_getprinter(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_GETPRINTER *q_u, 
 	const POLICY_HND *hnd, 
 	uint32 level, 
@@ -3265,6 +3383,7 @@ BOOL make_spoolss_q_getprinter(
 	uint32 offered
 );
 BOOL make_spoolss_q_setprinter(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_SETPRINTER *q_u, 
 	const POLICY_HND *hnd, 
 	uint32 level, 
@@ -3316,15 +3435,22 @@ BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_
 BOOL smb_io_unibuffer(char *desc, UNISTR2 *buffer, prs_struct *ps, int depth);
 BOOL spool_io_printer_driver_info_level(char *desc, SPOOL_PRINTER_DRIVER_INFO_LEVEL *il, prs_struct *ps, int depth);
 BOOL make_spoolss_q_addprinterdriver(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_ADDPRINTERDRIVER *q_u, 
 	const char* srv_name, 
 	uint32 level, 
 	PRINTER_DRIVER_CTR *info);
 BOOL make_spoolss_driver_info_3(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 **spool_drv_info,
 	DRIVER_INFO_3 *info3
 );
-BOOL make_spoolss_buffer5(BUFFER5 *buf5, uint32 len, uint16 *src);
+BOOL make_spoolss_buffer5(
+	TALLOC_CTX *mem_ctx,
+	BUFFER5 *buf5, 
+	uint32 len, 
+	uint16 *src
+);
 BOOL spoolss_io_q_addprinterdriver(char *desc, SPOOL_Q_ADDPRINTERDRIVER *q_u, prs_struct *ps, int depth);
 BOOL spoolss_io_r_addprinterdriver(char *desc, SPOOL_R_ADDPRINTERDRIVER *q_u, prs_struct *ps, int depth);
 BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni,
@@ -3340,6 +3466,8 @@ BOOL spoolss_io_q_getprinterdriverdir(char *desc, SPOOL_Q_GETPRINTERDRIVERDIR *q
 BOOL spoolss_io_r_getprinterdriverdir(char *desc, SPOOL_R_GETPRINTERDRIVERDIR *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_r_enumprintprocessors(char *desc, SPOOL_R_ENUMPRINTPROCESSORS *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_enumprintprocessors(char *desc, SPOOL_Q_ENUMPRINTPROCESSORS *q_u, prs_struct *ps, int depth);
+BOOL spoolss_io_q_addprintprocessor(char *desc, SPOOL_Q_ADDPRINTPROCESSOR *q_u, prs_struct *ps, int depth);
+BOOL spoolss_io_r_addprintprocessor(char *desc, SPOOL_R_ADDPRINTPROCESSOR *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_r_enumprintprocdatatypes(char *desc, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_enumprintprocdatatypes(char *desc, SPOOL_Q_ENUMPRINTPROCDATATYPES *q_u, prs_struct *ps, int depth);
 BOOL spoolss_io_q_enumprintmonitors(char *desc, SPOOL_Q_ENUMPRINTMONITORS *q_u, prs_struct *ps, int depth);
@@ -3393,7 +3521,8 @@ void init_srv_share_info502(SH_INFO_502 *sh502,
 				char *net_name, uint32 type, char *remark,
 				uint32 perms, uint32 max_uses, uint32 num_uses,
 				char *path, char *passwd, SEC_DESC *psd, size_t sd_size);
-void init_srv_share_info502_str(SH_INFO_502_STR *sh502,
+void init_srv_share_info502_str(SH_INFO_502_STR *sh502str,
+				SH_INFO_502 *ptrs,
 				char *net_name, char *remark,
 				char *path, char *passwd, SEC_DESC *psd, size_t sd_size);
 void init_srv_q_net_share_enum(SRV_Q_NET_SHARE_ENUM *q_n, 
@@ -3461,13 +3590,27 @@ void init_srv_q_net_srv_get_info(SRV_Q_NET_SRV_GET_INFO *srv,
 BOOL srv_io_q_net_srv_get_info(char *desc, SRV_Q_NET_SRV_GET_INFO *q_n, prs_struct *ps, int depth);
 void init_srv_r_net_srv_get_info(SRV_R_NET_SRV_GET_INFO *srv,
 				uint32 switch_value, SRV_INFO_CTR *ctr, uint32 status);
+void init_srv_r_net_srv_set_info(SRV_R_NET_SRV_SET_INFO *srv,
+				 uint32 switch_value, uint32 status);
+BOOL srv_io_q_net_srv_set_info(char *desc, SRV_Q_NET_SRV_SET_INFO *q_n, 
+			       prs_struct *ps, int depth);
 BOOL srv_io_r_net_srv_get_info(char *desc, SRV_R_NET_SRV_GET_INFO *r_n, prs_struct *ps, int depth);
+BOOL srv_io_r_net_srv_set_info(char *desc, SRV_R_NET_SRV_SET_INFO *r_n, 
+			       prs_struct *ps, int depth);
 BOOL srv_io_q_net_remote_tod(char *desc, SRV_Q_NET_REMOTE_TOD *q_n, prs_struct *ps, int depth);
 void init_time_of_day_info(TIME_OF_DAY_INFO *tod, uint32 elapsedt, uint32 msecs,
                            uint32 hours, uint32 mins, uint32 secs, uint32 hunds,
 			   uint32 zone, uint32 tintervals, uint32 day,
 			   uint32 month, uint32 year, uint32 weekday);
 BOOL srv_io_r_net_remote_tod(char *desc, SRV_R_NET_REMOTE_TOD *r_n, prs_struct *ps, int depth);
+BOOL srv_io_q_net_disk_enum(char *desc, SRV_Q_NET_DISK_ENUM *q_n, prs_struct *ps, int depth);
+BOOL srv_io_r_net_disk_enum(char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_struct *ps, int depth);
+BOOL srv_io_q_net_name_validate(char *desc, SRV_Q_NET_NAME_VALIDATE *q_n, prs_struct *ps, int depth);
+BOOL srv_io_r_net_name_validate(char *desc, SRV_R_NET_NAME_VALIDATE *r_n, prs_struct *ps, int depth);
+BOOL srv_io_q_net_file_query_secdesc(char *desc, SRV_Q_NET_FILE_QUERY_SECDESC *q_n, prs_struct *ps, int depth);
+BOOL srv_io_r_net_file_query_secdesc(char *desc, SRV_R_NET_FILE_QUERY_SECDESC *r_n, prs_struct *ps, int depth);
+BOOL srv_io_q_net_file_set_secdesc(char *desc, SRV_Q_NET_FILE_SET_SECDESC *q_n, prs_struct *ps, int depth);
+BOOL srv_io_r_net_file_set_secdesc(char *desc, SRV_R_NET_FILE_SET_SECDESC *r_n, prs_struct *ps, int depth);
 
 /*The following definitions come from  rpc_parse/parse_wks.c  */
 
@@ -3516,6 +3659,7 @@ uint32 _lsa_lookup_sids(pipes_struct *p, LSA_Q_LOOKUP_SIDS *q_u, LSA_R_LOOKUP_SI
 uint32 _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_NAMES *r_u);
 uint32 _lsa_close(pipes_struct *p, LSA_Q_CLOSE *q_u, LSA_R_CLOSE *r_u);
 uint32 _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SECRET *r_u);
+uint32 _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u);
 
 /*The following definitions come from  rpc_server/srv_netlog.c  */
 
@@ -3526,6 +3670,7 @@ BOOL api_netlog_rpc(pipes_struct *p);
 uint32 _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u);
 uint32 _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRUST_DOM_LIST *r_u);
 uint32 _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u);
+uint32 _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u);
 uint32 _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u);
 uint32 _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u);
 uint32 _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u);
@@ -3535,7 +3680,7 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
 
 BOOL create_next_pdu(pipes_struct *p);
 BOOL api_pipe_bind_auth_resp(pipes_struct *p, prs_struct *rpc_in_p);
-BOOL setup_fault_pdu(pipes_struct *p);
+BOOL setup_fault_pdu(pipes_struct *p, uint32 status);
 BOOL check_bind_req(char* pipe_name, RPC_IFACE* abstract,
 					RPC_IFACE* transfer);
 BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p);
@@ -3628,12 +3773,13 @@ BOOL api_spoolss_rpc(pipes_struct *p);
 
 /*The following definitions come from  rpc_server/srv_spoolss_nt.c  */
 
-void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len);
 uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, SPOOL_R_OPEN_PRINTER_EX *r_u);
 BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode,
 				NT_DEVICEMODE **pp_nt_devmode);
 uint32 _spoolss_closeprinter(pipes_struct *p, SPOOL_Q_CLOSEPRINTER *q_u, SPOOL_R_CLOSEPRINTER *r_u);
 uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL_R_DELETEPRINTER *r_u);
+uint32 _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER *q_u, 
+				    SPOOL_R_DELETEPRINTERDRIVER *r_u);
 uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPOOL_R_GETPRINTERDATA *r_u);
 uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNEX *r_u);
 uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCNEX *r_u);
@@ -3680,6 +3826,7 @@ BOOL share_info_db_init(void);
 void map_generic_share_sd_bits(SEC_DESC *psd);
 BOOL share_access_check(connection_struct *conn, int snum, uint16 vuid, uint32 desired_access);
 uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u);
+uint32 _srv_net_srv_set_info(pipes_struct *p, SRV_Q_NET_SRV_SET_INFO *q_u, SRV_R_NET_SRV_SET_INFO *r_u);
 uint32 _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u);
 uint32 _srv_net_conn_enum(pipes_struct *p, SRV_Q_NET_CONN_ENUM *q_u, SRV_R_NET_CONN_ENUM *r_u);
 uint32 _srv_net_sess_enum(pipes_struct *p, SRV_Q_NET_SESS_ENUM *q_u, SRV_R_NET_SESS_ENUM *r_u);
@@ -3690,6 +3837,12 @@ uint32 _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S
 uint32 _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_SHARE_ADD *r_u);
 uint32 _srv_net_share_del(pipes_struct *p, SRV_Q_NET_SHARE_DEL *q_u, SRV_R_NET_SHARE_DEL *r_u);
 uint32 _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET_REMOTE_TOD *r_u);
+uint32 _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC *q_u,
+			SRV_R_NET_FILE_QUERY_SECDESC *r_u);
+uint32 _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u,
+									SRV_R_NET_FILE_SET_SECDESC *r_u);
+uint32 _srv_net_disk_enum(pipes_struct *p, SRV_Q_NET_DISK_ENUM *q_u, SRV_R_NET_DISK_ENUM *r_u);
+uint32 _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u);
 
 /*The following definitions come from  rpc_server/srv_util.c  */
 
@@ -3753,6 +3906,7 @@ connection_struct *conn_new(void);
 void conn_close_all(void);
 BOOL conn_idle_all(time_t t, int deadtime);
 void conn_free(connection_struct *conn);
+void msg_force_tdis(int msg_type, pid_t pid, void *buf, size_t len);
 
 /*The following definitions come from  smbd/connection.c  */
 
@@ -3959,11 +4113,12 @@ void generate_next_challenge(char *challenge);
 BOOL set_challenge(unsigned char *challenge);
 user_struct *get_valid_user_struct(uint16 vuid);
 void invalidate_vuid(uint16 vuid);
+void invalidate_all_vuids(void);
 char *validated_username(uint16 vuid);
 char *validated_domain(uint16 vuid);
 NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, BOOL is_guest);
-uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, 
-		     char *domain,BOOL guest);
+int register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, 
+		  char *domain,BOOL guest);
 void add_session_user(char *user);
 BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
 BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
@@ -4079,6 +4234,7 @@ int rename_internals(connection_struct *conn,
 int reply_mv(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize);
 int reply_copy(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize);
 int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize);
+uint16 get_lock_pid( char *data, int data_offset, BOOL large_file_format);
 SMB_BIG_UINT get_lock_count( char *data, int data_offset, BOOL large_file_format);
 SMB_BIG_UINT get_lock_offset( char *data, int data_offset, BOOL large_file_format, BOOL *err);
 int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize);
@@ -4115,6 +4271,11 @@ int find_service(char *service);
 connection_struct *make_connection(char *service,char *user,char *password, int pwlen, char *dev,uint16 vuid, int *ecode);
 void close_cnum(connection_struct *conn, uint16 vuid);
 
+/*The following definitions come from  smbd/session.c  */
+
+BOOL session_claim(uint16 vuid);
+void session_yield(uint16 vuid);
+
 /*The following definitions come from  smbd/ssl.c  */
 
 int sslutil_init(int isServer);
@@ -4158,10 +4319,16 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid);
 BOOL sid_to_uid(DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype);
 BOOL sid_to_gid(DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype);
 
+/*The following definitions come from  smbd/utmp.c  */
+
+void sys_utmp_yield(const char *username, const char *hostname, 
+		    const char *id_str, int id_num);
+void sys_utmp_claim(const char *username, const char *hostname, 
+		    const char *id_str, int id_num);
+
 /*The following definitions come from  smbd/vfs.c  */
 
-int vfs_init_default(connection_struct *conn);
-BOOL vfs_init_custom(connection_struct *conn);
+BOOL vfs_init(connection_struct *conn);
 BOOL vfs_directory_exist(connection_struct *conn, char *dname, SMB_STRUCT_STAT *st);
 int vfs_mkdir(connection_struct *conn, char *fname, mode_t mode);
 char *vfs_getwd(connection_struct *conn, char *unix_path);
@@ -4208,6 +4375,8 @@ char *vfswrap_getwd(connection_struct *conn, char *path);
 int vfswrap_utime(connection_struct *conn, char *path, struct utimbuf *times);
 int vfswrap_ftruncate(files_struct *fsp, int fd, SMB_OFF_T len);
 BOOL vfswrap_lock(files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
+int vfswrap_symlink(connection_struct *conn, const char *oldpath, const char *newpath);
+int vfswrap_readlink(connection_struct *conn, const char *path, char *buf, size_t bufsiz);
 size_t vfswrap_fget_nt_acl(files_struct *fsp, int fd, SEC_DESC **ppdesc);
 size_t vfswrap_get_nt_acl(files_struct *fsp, char *name, SEC_DESC **ppdesc);
 BOOL vfswrap_fset_nt_acl(files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd);
@@ -4305,7 +4474,9 @@ int tdb_clear_spinlocks(TDB_CONTEXT *tdb);
 
 /*The following definitions come from  tdb/tdb.c  */
 
+void tdb_dump_all(TDB_CONTEXT *tdb);
 void tdb_printfreelist(TDB_CONTEXT *tdb);
+enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb);
 const char *tdb_errorstr(TDB_CONTEXT *tdb);
 TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key);
 int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key);
@@ -4323,6 +4494,7 @@ int tdb_lockkeys(TDB_CONTEXT *tdb, u32 number, TDB_DATA keys[]);
 void tdb_unlockkeys(TDB_CONTEXT *tdb);
 int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key);
 void tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key);
+void tdb_logging_function(TDB_CONTEXT *tdb, void (*fn)(TDB_CONTEXT *, int , const char *, ...));
 
 /*The following definitions come from  tdb/tdbutil.c  */
 
@@ -4334,8 +4506,11 @@ int tdb_store_int_byblob(TDB_CONTEXT *tdb, char *keystr, size_t len, int v);
 int tdb_store_int(TDB_CONTEXT *tdb, char *keystr, int v);
 int tdb_store_by_string(TDB_CONTEXT *tdb, char *keystr, void *buffer, int len);
 TDB_DATA tdb_fetch_by_string(TDB_CONTEXT *tdb, char *keystr);
+int tdb_change_int_atomic(TDB_CONTEXT *tdb, char *keystr, int *oldval, int change_val);
 size_t tdb_pack(char *buf, int bufsize, char *fmt, ...);
 int tdb_unpack(char *buf, int bufsize, char *fmt, ...);
+TDB_CONTEXT *tdb_open_log(char *name, int hash_size, int tdb_flags,
+			  int open_flags, mode_t mode);
 
 /*The following definitions come from  utils/nbio.c  */
 
diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h
index ad7fa31365e..1a6e178068a 100644
--- a/source/include/rpc_lsa.h
+++ b/source/include/rpc_lsa.h
@@ -48,6 +48,7 @@ enum SID_NAME_USE
 #define LSA_OPENPOLICY         0x06
 #define LSA_OPENPOLICY2        0x2c
 #define LSA_OPENSECRET         0x1C
+#define LSA_UNK_GET_CONNUSER   0x2d /* LsaGetConnectedCredentials ? */
 
 /* XXXX these are here to get a compile! */
 #define LSA_LOOKUPRIDS      0xFD
@@ -380,4 +381,31 @@ typedef struct lsa_r_open_secret
 	uint32 status;
 } LSA_R_OPEN_SECRET;
 
+/* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user
+                  called when "Take Ownership" is clicked -SK */
+typedef struct lsa_q_unk_get_connuser
+{
+  uint32 ptr_srvname;
+  UNISTR2 uni2_srvname;
+  uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */
+  uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */
+  uint32 unk3; 
+} LSA_Q_UNK_GET_CONNUSER;
+
+/* LSA_R_UNK_GET_CONNUSER */
+typedef struct lsa_r_unk_get_connuser
+{
+  uint32 ptr_user_name;
+  UNIHDR hdr_user_name;
+  UNISTR2 uni2_user_name;
+  
+  uint32 unk1;
+  
+  uint32 ptr_dom_name;
+  UNIHDR hdr_dom_name;
+  UNISTR2 uni2_dom_name;
+
+  uint32 status;
+} LSA_R_UNK_GET_CONNUSER;
+
 #endif /* _RPC_LSA_H */
diff --git a/source/include/rpc_netlogon.h b/source/include/rpc_netlogon.h
index 29b17e6a059..f15cec3ca9a 100644
--- a/source/include/rpc_netlogon.h
+++ b/source/include/rpc_netlogon.h
@@ -26,17 +26,22 @@
 
 
 /* NETLOGON pipe */
-#define NET_REQCHAL            0x04
-#define NET_SRVPWSET           0x06
 #define NET_SAMLOGON           0x02
 #define NET_SAMLOGOFF          0x03
+#define NET_REQCHAL            0x04
+#define NET_AUTH               0x05
+#define NET_SRVPWSET           0x06
+#define NET_SAM_DELTAS         0x07
+#define NET_LOGON_CTRL         0x0c
 #define NET_AUTH2              0x0f
 #define NET_LOGON_CTRL2        0x0e
+#define NET_SAM_SYNC           0x10
 #define NET_TRUST_DOM_LIST     0x13
 
 /* Secure Channel types.  used in NetrServerAuthenticate negotiation */
 #define SEC_CHAN_WKSTA   2
 #define SEC_CHAN_DOMAIN  4
+#define SEC_CHAN_BDC     6
 
 #if 0
 /* I think this is correct - it's what gets parsed on the wire. JRA. */
@@ -159,25 +164,6 @@ typedef struct net_user_info_3
 } NET_USER_INFO_3;
 
 
-/********************************************************
- Logon Control Query
-
- query_level 0x1 - pdc status
- query_level 0x3 - number of logon attempts.
-
- ********************************************************/
-/* NET_Q_LOGON_CTRL2 - LSA Netr Logon Control 2*/
-typedef struct net_q_logon_ctrl2_info
-{
-	uint32       ptr;             /* undocumented buffer pointer */
-	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
-	
-	uint32       function_code; /* 0x1 */
-	uint32       query_level;   /* 0x1, 0x3 */
-	uint32       switch_value;  /* 0x1 */
-
-} NET_Q_LOGON_CTRL2;
-
 /* NETLOGON_INFO_1 - pdc status info, i presume */
 typedef struct netlogon_1_info
 {
@@ -210,6 +196,59 @@ typedef struct netlogon_3_info
 
 } NETLOGON_INFO_3;
 
+/********************************************************
+ Logon Control Query
+
+ This is generated by a nltest /bdc_query:DOMAIN
+
+ query_level 0x1, function_code 0x1
+
+ ********************************************************/
+
+/* NET_Q_LOGON_CTRL - LSA Netr Logon Control */
+
+typedef struct net_q_logon_ctrl_info
+{
+	uint32 ptr;
+	UNISTR2 uni_server_name;
+	uint32 function_code;
+	uint32 query_level;
+} NET_Q_LOGON_CTRL;
+
+/* NET_R_LOGON_CTRL - LSA Netr Logon Control */
+
+typedef struct net_r_logon_ctrl_info
+{
+	uint32 switch_value;
+	uint32 ptr;
+
+	union {
+		NETLOGON_INFO_1 info1;
+	} logon;
+
+	uint32 status;
+} NET_R_LOGON_CTRL;
+
+/********************************************************
+ Logon Control2 Query
+
+ query_level 0x1 - pdc status
+ query_level 0x3 - number of logon attempts.
+
+ ********************************************************/
+
+/* NET_Q_LOGON_CTRL2 - LSA Netr Logon Control 2 */
+typedef struct net_q_logon_ctrl2_info
+{
+	uint32       ptr;             /* undocumented buffer pointer */
+	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
+	
+	uint32       function_code; /* 0x1 */
+	uint32       query_level;   /* 0x1, 0x3 */
+	uint32       switch_value;  /* 0x1 */
+
+} NET_Q_LOGON_CTRL2;
+
 /*******************************************************
  Logon Control Response
 
@@ -282,7 +321,19 @@ typedef struct net_r_req_chal_info
 
 } NET_R_REQ_CHAL;
 
+/* NET_Q_AUTH */
+typedef struct net_q_auth_info
+{
+	DOM_LOG_INFO clnt_id; /* client identification info */
+	DOM_CHAL clnt_chal;     /* client-calculated credentials */
+} NET_Q_AUTH;
 
+/* NET_R_AUTH */
+typedef struct net_r_auth_info
+{
+	DOM_CHAL srv_chal;     /* server-calculated credentials */
+	uint32 status; /* return code */
+} NET_R_AUTH;
 
 /* NET_Q_AUTH_2 */
 typedef struct net_q_auth2_info
@@ -430,6 +481,4 @@ typedef struct net_r_sam_logoff_info
 
 } NET_R_SAM_LOGOFF;
 
-
 #endif /* _RPC_NETLOGON_H */
-
diff --git a/source/include/rpc_samr.h b/source/include/rpc_samr.h
index 15705a1b6cc..cdfb19580de 100644
--- a/source/include/rpc_samr.h
+++ b/source/include/rpc_samr.h
@@ -219,6 +219,58 @@ typedef struct sam_user_info_24
 	uint8 pass[516];
 } SAM_USER_INFO_24;
 
+/*
+ * NB. This structure is *definately* incorrect. It's my best guess
+ * currently for W2K SP2. The password field is encrypted in a different
+ * way than normal... And there are definately other problems. JRA.
+ */
+
+/* SAM_USER_INFO_25 */
+typedef struct sam_user_info_25
+{
+	/* TIMES MAY NOT IN RIGHT ORDER!!!! */
+	NTTIME logon_time;            /* logon time */
+	NTTIME logoff_time;           /* logoff time */
+	NTTIME kickoff_time;          /* kickoff time */
+	NTTIME pass_last_set_time;    /* password last set time */
+	NTTIME pass_can_change_time;  /* password can change time */
+	NTTIME pass_must_change_time; /* password must change time */
+
+	UNIHDR hdr_user_name;    /* NULL - user name unicode string header */
+	UNIHDR hdr_full_name;    /* user's full name unicode string header */
+	UNIHDR hdr_home_dir;     /* home directory unicode string header */
+	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
+	UNIHDR hdr_logon_script; /* logon script unicode string header */
+	UNIHDR hdr_profile_path; /* profile path unicode string header */
+	UNIHDR hdr_acct_desc  ;  /* user description */
+	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
+	UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */
+	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
+
+	uint8 lm_pwd[16];    /* lm user passwords */
+	uint8 nt_pwd[16];    /* nt user passwords */
+
+	uint32 user_rid;      /* Primary User ID */
+	uint32 group_rid;     /* Primary Group ID */
+
+	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
+
+	uint32 unknown_6[6];
+
+	uint8 pass[532];
+
+	UNISTR2 uni_user_name;    /* NULL - username unicode string */
+	UNISTR2 uni_full_name;    /* user's full name unicode string */
+	UNISTR2 uni_home_dir;     /* home directory unicode string */
+	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
+	UNISTR2 uni_logon_script; /* logon script unicode string */
+	UNISTR2 uni_profile_path; /* profile path unicode string */
+	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
+	UNISTR2 uni_workstations; /* login from workstations unicode string */
+	UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */
+	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
+} SAM_USER_INFO_25;
+
 
 /* SAM_USER_INFO_21 */
 typedef struct sam_user_info_21
@@ -565,7 +617,7 @@ typedef struct r_samr_open_domain_info
 
 } SAMR_R_OPEN_DOMAIN;
 
-#define MAX_SAM_ENTRIES 250
+#define MAX_SAM_ENTRIES 50
 
 typedef struct samr_entry_info
 {
@@ -734,8 +786,8 @@ typedef struct samr_str_entry_info1
 
 typedef struct sam_entry_info_1
 {
-	SAM_ENTRY1 sam[MAX_SAM_ENTRIES];
-	SAM_STR1   str[MAX_SAM_ENTRIES];
+	SAM_ENTRY1 *sam;
+	SAM_STR1   *str;
 
 } SAM_DISPINFO_1;
 
@@ -764,8 +816,8 @@ typedef struct samr_str_entry_info2
 
 typedef struct sam_entry_info_2
 {
-	SAM_ENTRY2 sam[MAX_SAM_ENTRIES];
-	SAM_STR2   str[MAX_SAM_ENTRIES];
+	SAM_ENTRY2 *sam;
+	SAM_STR2   *str;
 
 } SAM_DISPINFO_2;
 
@@ -793,8 +845,8 @@ typedef struct samr_str_entry_info3
 
 typedef struct sam_entry_info_3
 {
-	SAM_ENTRY3 sam[MAX_SAM_ENTRIES];
-	SAM_STR3   str[MAX_SAM_ENTRIES];
+	SAM_ENTRY3 *sam;
+	SAM_STR3   *str;
 
 } SAM_DISPINFO_3;
 
@@ -816,8 +868,8 @@ typedef struct samr_str_entry_info4
 
 typedef struct sam_entry_info_4
 {
-	SAM_ENTRY4 sam[MAX_SAM_ENTRIES];
-	SAM_STR4   str[MAX_SAM_ENTRIES];
+	SAM_ENTRY4 *sam;
+	SAM_STR4   *str;
 
 } SAM_DISPINFO_4;
 
@@ -839,8 +891,8 @@ typedef struct samr_str_entry_info5
 
 typedef struct sam_entry_info_5
 {
-	SAM_ENTRY5 sam[MAX_SAM_ENTRIES];
-	SAM_STR5   str[MAX_SAM_ENTRIES];
+	SAM_ENTRY5 *sam;
+	SAM_STR5   *str;
 
 } SAM_DISPINFO_5;
 
@@ -1140,6 +1192,7 @@ typedef struct sam_userinfo_ctr_info
 		SAM_USER_INFO_21 *id21; /* auth-level 21 */
 		SAM_USER_INFO_23 *id23; /* auth-level 0x17 */
 		SAM_USER_INFO_24 *id24; /* auth-level 0x18 */
+		SAM_USER_INFO_25 *id25; /* auth-level 0x19 */
 		void* id; /* to make typecasting easy */
 
 	} info;
@@ -1249,8 +1302,8 @@ typedef struct q_samr_lookup_names_info
 	uint32 ptr;            /* 0x0000 0000 - 32 bit unknown */
 	uint32 num_names2;      /* number of names being looked up */
 
-	UNIHDR  hdr_name[MAX_LOOKUP_SIDS]; /* unicode account name header */
-	UNISTR2 uni_name[MAX_LOOKUP_SIDS]; /* unicode account name string */
+	UNIHDR  *hdr_name; /* unicode account name header */
+	UNISTR2 *uni_name; /* unicode account name string */
 
 } SAMR_Q_LOOKUP_NAMES;
 
@@ -1530,8 +1583,8 @@ typedef struct q_samr_open_alias_info
 {
 	POLICY_HND dom_pol;
 
-	uint32 unknown_0;         /* 0x0000 0008 */
-	uint32 rid_alias;        /* rid */
+	uint32 access_mask;         
+	uint32 rid_alias;
 
 } SAMR_Q_OPEN_ALIAS;
 
diff --git a/source/include/rpc_spoolss.h b/source/include/rpc_spoolss.h
index 1e0a43987cb..dd66982cd5c 100755
--- a/source/include/rpc_spoolss.h
+++ b/source/include/rpc_spoolss.h
@@ -30,8 +30,6 @@
 /* spoolss pipe: this are the calls which are not implemented ...
 #define SPOOLSS_OPENPRINTER				0x01
 #define SPOOLSS_GETPRINTERDRIVER			0x0b
-#define SPOOLSS_DELETEPRINTERDRIVER			0x0d
-#define SPOOLSS_ADDPRINTPROCESSOR			0x0e
 #define SPOOLSS_GETPRINTPROCESSORDIRECTORY		0x10
 #define SPOOLSS_READPRINTER				0x16
 #define SPOOLSS_WAITFORPRINTERCHANGE			0x1c
@@ -74,6 +72,8 @@
 #define SPOOLSS_ADDPRINTERDRIVER			0x09
 #define SPOOLSS_ENUMPRINTERDRIVERS			0x0a
 #define SPOOLSS_GETPRINTERDRIVERDIRECTORY		0x0c
+#define SPOOLSS_DELETEPRINTERDRIVER			0x0d
+#define SPOOLSS_ADDPRINTPROCESSOR			0x0e
 #define SPOOLSS_ENUMPRINTPROCESSORS			0x0f
 #define SPOOLSS_STARTDOCPRINTER				0x11
 #define SPOOLSS_STARTPAGEPRINTER			0x12
@@ -577,6 +577,23 @@ typedef struct spool_r_endpageprinter
 }
 SPOOL_R_ENDPAGEPRINTER;
 
+
+typedef struct spool_q_deleteprinterdriver
+{
+	uint32 server_ptr;
+	UNISTR2 server;
+	UNISTR2 arch;
+	UNISTR2 driver;
+}
+SPOOL_Q_DELETEPRINTERDRIVER;
+
+typedef struct spool_r_deleteprinterdriver
+{
+	uint32 status;
+}
+SPOOL_R_DELETEPRINTERDRIVER;
+
+
 typedef struct spool_doc_info_1
 {
 	uint32 p_docname;
@@ -1558,6 +1575,23 @@ typedef struct spool_r_getprinterdriverdirectory
 }
 SPOOL_R_GETPRINTERDRIVERDIR;
 
+typedef struct spool_q_addprintprocessor
+{
+	uint32 server_ptr;
+	UNISTR2 server;
+	UNISTR2 environment;
+	UNISTR2 path;
+	UNISTR2 name;
+}
+SPOOL_Q_ADDPRINTPROCESSOR;
+
+typedef struct spool_r_addprintprocessor
+{
+	uint32 status;
+}
+SPOOL_R_ADDPRINTPROCESSOR;
+
+
 typedef struct spool_q_enumprintprocessors
 {
 	uint32 name_ptr;
diff --git a/source/include/rpc_srvsvc.h b/source/include/rpc_srvsvc.h
index 2224f387662..d6fe7617b25 100644
--- a/source/include/rpc_srvsvc.h
+++ b/source/include/rpc_srvsvc.h
@@ -36,8 +36,48 @@
 #define SRV_NET_SHARE_DEL      0x12
 #define SRV_NET_SRV_GET_INFO   0x15
 #define SRV_NET_SRV_SET_INFO   0x16
+#define SRV_NET_DISK_ENUM      0x17
 #define SRV_NET_REMOTE_TOD     0x1c
+#define SRV_NET_NAME_VALIDATE  0x21
 #define SRV_NETSHAREENUM       0x24
+#define SRV_NETFILEQUERYSECDESC 0x27
+#define SRV_NETFILESETSECDESC	0x28
+
+#define MAX_SERVER_DISK_ENTRIES 15
+
+typedef struct disk_info {
+	uint32  unknown;
+	UNISTR3 disk_name;
+} DISK_INFO;
+
+typedef struct disk_enum_container {
+	uint32 level;
+	uint32 entries_read;
+	uint32 unknown;
+	uint32 disk_info_ptr;
+	DISK_INFO disk_info[MAX_SERVER_DISK_ENTRIES];
+} DISK_ENUM_CONTAINER;
+
+typedef struct net_srv_disk_enum {
+	uint32 ptr_srv_name;         /* pointer (to server name?) */
+	UNISTR2 uni_srv_name;        /* server name */
+
+	DISK_ENUM_CONTAINER disk_enum_ctr;
+
+	uint32 preferred_len;        /* preferred maximum length (0xffff ffff) */
+	uint32 total_entries;        /* total number of entries */
+	ENUM_HND enum_hnd;
+	uint32 status;               /* return status */
+} SRV_Q_NET_DISK_ENUM, SRV_R_NET_DISK_ENUM;
+
+typedef struct net_name_validate {
+	uint32 ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	UNISTR2 uni_name; /*name to validate*/
+	uint32 type;
+	uint32 flags;
+	uint32 status;
+} SRV_Q_NET_NAME_VALIDATE, SRV_R_NET_NAME_VALIDATE;
 
 /* SESS_INFO_0 (pointers to level 0 session info strings) */
 typedef struct ptr_sess_info0
@@ -328,6 +368,8 @@ typedef struct ptr_share_info502
 /* SH_INFO_502_STR (level 502 share info strings) */
 typedef struct str_share_info502
 {
+	SH_INFO_502 *ptrs;
+
 	UNISTR2 uni_netname; /* unicode string of net name (e.g NETLOGON) */
 	UNISTR2 uni_remark;  /* unicode string of comment (e.g "Logon server share") */
 	UNISTR2 uni_path;    /* unicode string of local path (e.g c:\winnt\system32\repl\import\scripts) */
@@ -723,5 +765,48 @@ typedef struct r_net_remote_tod
 
 } SRV_R_NET_REMOTE_TOD;
 
+/* SRV_Q_NET_FILE_QUERY_SECDESC */
+typedef struct q_net_file_query_secdesc
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	uint32  ptr_qual_name;
+	UNISTR2 uni_qual_name;
+	UNISTR2 uni_file_name;
+	uint32  unknown1;
+	uint32  unknown2;
+	uint32  unknown3;
+} SRV_Q_NET_FILE_QUERY_SECDESC;
+
+/* SRV_R_NET_FILE_QUERY_SECDESC */
+typedef struct r_net_file_query_secdesc
+{
+	uint32 ptr_response;
+	uint32 size_response;
+	uint32 ptr_secdesc;
+	uint32 size_secdesc;
+	SEC_DESC *sec_desc;
+	uint32 status;
+} SRV_R_NET_FILE_QUERY_SECDESC;
 
+/* SRV_Q_NET_FILE_SET_SECDESC */
+typedef struct q_net_file_set_secdesc
+{
+	uint32  ptr_srv_name;
+	UNISTR2 uni_srv_name;
+	uint32  ptr_qual_name;
+	UNISTR2 uni_qual_name;
+	UNISTR2 uni_file_name;
+	uint32  sec_info;
+	uint32  size_set;
+	uint32  ptr_secdesc;
+	uint32  size_secdesc;
+	SEC_DESC *sec_desc;
+} SRV_Q_NET_FILE_SET_SECDESC;
+
+/* SRV_R_NET_FILE_SET_SECDESC */
+typedef struct r_net_file_set_secdesc
+{
+	uint32 status;
+} SRV_R_NET_FILE_SET_SECDESC;
 #endif /* _RPC_SRVSVC_H */
diff --git a/source/include/safe_string.h b/source/include/safe_string.h
index 815939d1541..2c3d2eda01f 100644
--- a/source/include/safe_string.h
+++ b/source/include/safe_string.h
@@ -37,11 +37,6 @@
 #endif /* sprintf */
 #define sprintf __ERROR__XX__NEVER_USE_SPRINTF__;
 
-#ifdef snprintf
-#undef snprintf
-#endif /* snprintf */
-#define snprintf __ERROR__XX__NEVER_USE_SNPRINTF___;
-
 #define pstrcpy(d,s) safe_strcpy((d),(s),sizeof(pstring)-1)
 #define pstrcat(d,s) safe_strcat((d),(s),sizeof(pstring)-1)
 #define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
diff --git a/source/include/smb.h b/source/include/smb.h
index d8bd852b859..7cb9c0bb973 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -27,6 +27,7 @@
 
 #define BUFFER_SIZE (0xFFFF)
 #define SAFETY_MARGIN 1024
+#define LARGE_WRITEX_HDR_SIZE 65
 
 #define NMB_PORT 137
 #define DGRAM_PORT 138
@@ -56,7 +57,7 @@ typedef int BOOL;
 #define STR_UPPER 4
 #define STR_ASCII 8
 #define STR_UNICODE 16
-
+#define STR_NOALIGN 32
 
 /* how long to wait for secondary SMB packets (milli-seconds) */
 #define SMB_SECONDARY_WAIT (60*1000)
@@ -176,6 +177,7 @@ implemented */
 #define ERRfilexists 80 /* File in operation already exists */
 #define ERRcannotopen 110 /* Cannot open the file specified */
 #define ERRunknownlevel 124
+#define ERRnotlocked 158 /* This region is not locked by this locking context. */
 #define ERRrename 183
 #define ERRbadpipe 230 /* Named pipe invalid */
 #define ERRpipebusy 231 /* All instances of pipe are busy */
@@ -205,6 +207,7 @@ implemented */
 #define ERROR_INVALID_PRINTER_NAME     (1801)
 #define ERROR_INVALID_DATATYPE	       (1804)
 #define ERROR_INVALID_ENVIRONMENT      (1805)
+#define ERROR_PRINTER_DRIVER_IN_USE    (3001) 
 
 /* here's a special one from observing NT */
 #define ERRnoipc 66 /* don't support ipc */
@@ -1178,6 +1181,16 @@ struct bitmap {
 								FILE_EXECUTE|SYNCHRONIZE_ACCESS)
 
 /* Mapping of access rights to UNIX perms. */
+#define UNIX_ACCESS_RWX		FILE_GENERIC_ALL
+#define UNIX_ACCESS_R 		FILE_GENERIC_READ
+#define UNIX_ACCESS_W		FILE_GENERIC_WRITE
+#define UNIX_ACCESS_X		FILE_GENERIC_EXECUTE
+
+#if 0
+/*
+ * This is the old mapping we used to use. To get W2KSP2 profiles
+ * working we need to map to the canonical file perms.
+ */
 #define UNIX_ACCESS_RWX (UNIX_ACCESS_R|UNIX_ACCESS_W|UNIX_ACCESS_X)
 #define UNIX_ACCESS_R (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
 			FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_READ_DATA)
@@ -1186,6 +1199,7 @@ struct bitmap {
 			FILE_APPEND_DATA|FILE_WRITE_DATA)
 #define UNIX_ACCESS_X (READ_CONTROL_ACCESS|SYNCHRONIZE_ACCESS|\
 			FILE_EXECUTE|FILE_READ_ATTRIBUTES)
+#endif
 
 #define UNIX_ACCESS_NONE (WRITE_OWNER_ACCESS)
 
@@ -1404,7 +1418,9 @@ char *strdup(char *s);
 #define CAP_LOCK_AND_READ    0x0100
 #define CAP_NT_FIND          0x0200
 #define CAP_DFS              0x1000
+#define CAP_W2K_SMBS         0x2000
 #define CAP_LARGE_READX      0x4000
+#define CAP_LARGE_WRITEX     0x8000
 #define CAP_EXTENDED_SECURITY 0x80000000
 
 /* protocol types. It assumes that higher protocols include lower protocols
@@ -1700,6 +1716,8 @@ typedef struct user_struct
 	gid_t *groups;
 
 	NT_USER_TOKEN *nt_user_token;
+
+	int session_id; /* used by utmp and pam session code */
 } user_struct;
 
 #include "ntdomain.h"
diff --git a/source/include/smb_acls.h b/source/include/smb_acls.h
index 613f6db3e32..bea90bf46a0 100644
--- a/source/include/smb_acls.h
+++ b/source/include/smb_acls.h
@@ -124,48 +124,6 @@ typedef struct SMB_ACL_T {
 #define SMB_ACL_TYPE_ACCESS         ACL_TYPE_ACCESS
 #define SMB_ACL_TYPE_DEFAULT        ACL_TYPE_DEFAULT
 
-/* XFS ACLS are defined here */
-/* donated by John Trostel (jtrostel@connex.com) */
-
-#elif defined(HAVE_XFS_ACLS)
-
-/* This is an nearly an identity mapping (just remove the SMB_). */
-#define SMB_ACL_TAG_T               acl_tag_t
-#define SMB_ACL_TYPE_T				acl_type_t
-//#define SMB_ACL_PERMSET_T           acl_permset_t
-typedef ushort	*SMB_ACL_PERMSET_T;
-#define SMB_ACL_PERM_T				acl_perm_t
-#define SMB_ACL_READ                ACL_READ
-#define SMB_ACL_WRITE               ACL_WRITE
-#define SMB_ACL_EXECUTE             ACL_EXECUTE
-
-/* Types of ACLs. */
-#define SMB_ACL_USER                ACL_USER
-#define SMB_ACL_USER_OBJ            ACL_USER_OBJ
-#define SMB_ACL_GROUP               ACL_GROUP
-#define SMB_ACL_GROUP_OBJ           ACL_GROUP_OBJ
-#define SMB_ACL_OTHER               ACL_OTHER_OBJ
-#define SMB_ACL_MASK                ACL_MASK
-
-#define SMB_ACL_T 					acl_t
-
-#define SMB_ACL_ENTRY_T				acl_entry_t
-
-#define SMB_ACL_FIRST_ENTRY         ACL_FIRST_ENTRY
-#define SMB_ACL_NEXT_ENTRY          ACL_NEXT_ENTRY
-
-#define SMB_ACL_TYPE_ACCESS         ACL_TYPE_ACCESS
-#define SMB_ACL_TYPE_DEFAULT        ACL_TYPE_DEFAULT
-
-/* Not yet in Official SGI XFS CVS */
-
-#if defined(CONFIG_EXTENDED_PERMISSSION)
-#define SMB_ACL_CHOWN				ACL_CHOWN
-#define SMB_ACL_CHMOD				ACL_CHMOD
-#define SMB_ACL_DELETE				ACL_DELETE
-#define EXTENDED_PERM_BITS			(ACL_CHOWN|ACL_CHMOD|ACL_DELETE)
-#endif /* CONFIG_EXTENDED_PERMISSION */
-
 #elif defined(HAVE_AIX_ACLS)
 
 /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
diff --git a/source/include/smb_macros.h b/source/include/smb_macros.h
index 2e74d7e69f5..cad6229f1ae 100644
--- a/source/include/smb_macros.h
+++ b/source/include/smb_macros.h
@@ -128,6 +128,7 @@
 #define SMB_LPID_OFFSET(indx) (10 * (indx))
 #define SMB_LKOFF_OFFSET(indx) ( 2 + (10 * (indx)))
 #define SMB_LKLEN_OFFSET(indx) ( 6 + (10 * (indx)))
+#define SMB_LARGE__LPID_OFFSET(indx) (20 * (indx))
 #define SMB_LARGE_LKOFF_OFFSET_HIGH(indx) (4 + (20 * (indx)))
 #define SMB_LARGE_LKOFF_OFFSET_LOW(indx) (8 + (20 * (indx)))
 #define SMB_LARGE_LKLEN_OFFSET_HIGH(indx) (12 + (20 * (indx)))
diff --git a/source/include/talloc.h b/source/include/talloc.h
index 32b0f28ae6d..89c2f82e056 100644
--- a/source/include/talloc.h
+++ b/source/include/talloc.h
@@ -21,17 +21,10 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#ifdef DEBUG_TALLOC
-#define BAD_PTR (void*)0xdeadbeef
-#else
-#define BAD_PTR NULL
-#endif
-
 struct talloc_chunk {
 	struct talloc_chunk *next;
+	size_t size;
 	void *ptr;
-	size_t alloc_size;
-	size_t total_size;
 };
 
 typedef struct {
diff --git a/source/include/version.h b/source/include/version.h
index 14d0827c298..682efc644da 100644
--- a/source/include/version.h
+++ b/source/include/version.h
@@ -1 +1 @@
-#define VERSION "2.2.0a"
+#define VERSION "2.2.1"
diff --git a/source/include/vfs.h b/source/include/vfs.h
index 51f3df1ec95..93823a5f239 100644
--- a/source/include/vfs.h
+++ b/source/include/vfs.h
@@ -86,6 +86,8 @@ struct vfs_ops {
     int (*utime)(struct connection_struct *conn, char *path, struct utimbuf *times);
 	int (*ftruncate)(struct files_struct *fsp, int fd, SMB_OFF_T offset);
 	BOOL (*lock)(struct files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
+	int (*symlink)(struct connection_struct *conn, const char *oldpath, const char *newpath);
+	int (*readlink)(struct connection_struct *conn, const char *path, char *buf, size_t bufsiz);
 
 	/* NT ACL operations. */
 
diff --git a/source/lib/access.c b/source/lib/access.c
index bcfef1dc2ff..ed4d5ac3631 100644
--- a/source/lib/access.c
+++ b/source/lib/access.c
@@ -260,13 +260,12 @@ static BOOL only_ipaddrs_in_list(const char* list)
 		
 		if (!is_ipaddress(tok))
 		{
-			char *p;
 			/* 
 			 * if we failed, make sure that it was not because the token
 			 * was a network/netmask pair.  Only network/netmask pairs
 			 * have a '/' in them
 			 */
-			if ((p=strchr(tok, '/')) == NULL)
+			if (strchr(tok, '/') == NULL)
 			{
 				only_ip = False;
 				DEBUG(3,("only_ipaddrs_in_list: list [%s] has non-ip address %s\n", list, tok));
diff --git a/source/lib/debug.c b/source/lib/debug.c
index 9c97385db33..4ec70bd118a 100644
--- a/source/lib/debug.c
+++ b/source/lib/debug.c
@@ -180,7 +180,7 @@ BOOL debug_parse_params(char **params, int *debuglevel_class)
 	/* Allow DBGC_ALL to be specifies w/o requiring its class name e.g."10"  
 	 * v.s. "all:10", this is the traditional way to set DEBUGLEVEL 
 	 */
-	if (isdigit(params[0][0])) {
+	if (isdigit((int)params[0][0])) {
 		debuglevel_class[DBGC_ALL] = atoi(params[0]);
 		i = 1; /* start processing at the next params */
 	}
@@ -242,9 +242,9 @@ void debug_message(int msg_type, pid_t src, void *buf, size_t len)
 	/* Set the new DEBUGLEVEL_CLASS array from the pased array */
 	memcpy(DEBUGLEVEL_CLASS, buf, sizeof(DEBUGLEVEL_CLASS));
 	
-	DEBUG(1,("INFO: Debug class %s level = %d   (pid %d from pid %d)\n",
+	DEBUG(1,("INFO: Debug class %s level = %d   (pid %u from pid %u)\n",
 			classname_table[DBGC_ALL],
-			DEBUGLEVEL_CLASS[DBGC_ALL], getpid(), (int)src));
+			DEBUGLEVEL_CLASS[DBGC_ALL], (unsigned int)getpid(), (unsigned int)src));
 
 	for (i=1; i<DBGC_LAST; i++) {
 		if (DEBUGLEVEL_CLASS[i])
@@ -310,21 +310,14 @@ BOOL reopen_logs( void )
 	FILE *new_dbf = NULL;
 	BOOL ret = True;
 
-	if (DEBUGLEVEL_CLASS[ DBGC_ALL ] <= 0) {
-		if (dbf) {
-			(void)fclose(dbf);
-			dbf = NULL;
-		}
-		return True;
-	}
-
 	oldumask = umask( 022 );
   
 	pstrcpy(fname, debugf );
 	if (lp_loaded() && (*lp_logfile()))
 		pstrcpy(fname, lp_logfile());
 
-	pstrcpy( debugf, fname );
+	pstrcpy(debugf, fname);
+
 	if (append_log)
 		new_dbf = sys_fopen( debugf, "a" );
 	else
@@ -450,26 +443,14 @@ void check_log_size( void )
  * This is called by dbghdr() and format_debug_text().
  * ************************************************************************** **
  */
-#ifdef HAVE_STDARG_H
  int Debug1( char *format_str, ... )
 {
-#else
- int Debug1(va_alist)
-va_dcl
-{  
-  char *format_str;
-#endif
   va_list ap;  
   int old_errno = errno;
 
   if( stdout_logging )
     {
-#ifdef HAVE_STDARG_H
     va_start( ap, format_str );
-#else
-    va_start( ap );
-    format_str = va_arg( ap, char * );
-#endif
     if(dbf)
       (void)vfprintf( dbf, format_str, ap );
     va_end( ap );
@@ -524,12 +505,7 @@ va_dcl
     else
       priority = priority_map[syslog_level];
       
-#ifdef HAVE_STDARG_H
     va_start( ap, format_str );
-#else
-    va_start( ap );
-    format_str = va_arg( ap, char * );
-#endif
     vslprintf( msgbuf, sizeof(msgbuf)-1, format_str, ap );
     va_end( ap );
       
@@ -544,12 +520,7 @@ va_dcl
   if( !lp_syslog_only() )
 #endif
     {
-#ifdef HAVE_STDARG_H
     va_start( ap, format_str );
-#else
-    va_start( ap );
-    format_str = va_arg( ap, char * );
-#endif
     if(dbf)
       (void)vfprintf( dbf, format_str, ap );
     va_end( ap );
@@ -740,7 +711,6 @@ BOOL dbghdr( int level, char *file, char *func, int line )
  *
  * ************************************************************************** **
  */
-#ifdef HAVE_STDARG_H
  BOOL dbgtext( char *format_str, ... )
   {
   va_list ap;
@@ -755,24 +725,5 @@ BOOL dbghdr( int level, char *file, char *func, int line )
   return( True );
   } /* dbgtext */
 
-#else
- BOOL dbgtext( va_alist )
- va_dcl
-  {
-  char *format_str;
-  va_list ap;
-  pstring msgbuf;
-
-  va_start( ap );
-  format_str = va_arg( ap, char * );
-  vslprintf( msgbuf, sizeof(msgbuf)-1, format_str, ap );
-  va_end( ap );
-
-  format_debug_text( msgbuf );
-
-  return( True );
-  } /* dbgtext */
-
-#endif
 
 /* ************************************************************************** */
diff --git a/source/lib/genrand.c b/source/lib/genrand.c
index 4a7de802e8f..7af44118ae5 100644
--- a/source/lib/genrand.c
+++ b/source/lib/genrand.c
@@ -1,10 +1,10 @@
 /* 
    Unix SMB/Netbios implementation.
-   Version 1.9.
+   Version 2.2
 
    Functions to create reasonable random numbers for crypto use.
 
-   Copyright (C) Jeremy Allison 1998
+   Copyright (C) Jeremy Allison 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -24,208 +24,230 @@
 #include "includes.h"
 
 extern int DEBUGLEVEL;
-static uint32 counter = 0;
+
+
+static unsigned char hash[258];
+static uint32 counter;
+unsigned char *reseed_data;
+size_t reseed_data_size;
+
+/**************************************************************** 
+ Copy any user given reseed data.
+*****************************************************************/
+
+void set_rand_reseed_data(unsigned char *data, size_t len)
+{
+	if (reseed_data)
+		free(reseed_data);
+	reseed_data_size = 0;
+
+	reseed_data = (unsigned char *)memdup(data, len);
+	if (reseed_data)
+		reseed_data_size = len;
+}
+
+/**************************************************************** 
+ Setup the seed.
+*****************************************************************/
+
+static void seed_random_stream(unsigned char *seedval, size_t seedlen)
+{
+	unsigned char j = 0;
+	size_t ind;
+
+	for (ind = 0; ind < 256; ind++)
+		hash[ind] = (unsigned char)ind;
+
+	for( ind = 0; ind < 256; ind++) {
+		unsigned char tc;
+
+		j += (hash[ind] + seedval[ind%seedlen]);
+
+		tc = hash[ind];
+		hash[ind] = hash[j];
+		hash[j] = tc;
+	}
+
+	hash[256] = 0;
+	hash[257] = 0;
+}
+
+/**************************************************************** 
+ Get datasize bytes worth of random data.
+*****************************************************************/
+
+static void get_random_stream(unsigned char *data, size_t datasize)
+{
+	unsigned char index_i = hash[256];
+	unsigned char index_j = hash[257];
+	size_t ind;
+
+	for( ind = 0; ind < datasize; ind++) {
+		unsigned char tc;
+		unsigned char t;
+
+		index_i++;
+		index_j += hash[index_i];
+
+		tc = hash[index_i];
+		hash[index_i] = hash[index_j];
+		hash[index_j] = tc;
+
+		t = hash[index_i] + hash[index_j];
+		data[ind] = hash[t];
+	}
+
+	hash[256] = index_i;
+	hash[257] = index_j;
+}
 
 /****************************************************************
-get a 16 byte hash from the contents of a file
-Note that the hash is not initialised.
+ Get a 16 byte hash from the contents of a file.
+ Note that the hash is not initialised.
 *****************************************************************/
-static void do_filehash(char *fname, unsigned char *hash)
+
+static void do_filehash(char *fname, unsigned char *the_hash)
 {
 	unsigned char buf[1011]; /* deliberate weird size */
 	unsigned char tmp_md4[16];
 	int fd, n;
 
 	fd = sys_open(fname,O_RDONLY,0);
-	if (fd == -1) return;
+	if (fd == -1)
+		return;
 
 	while ((n = read(fd, (char *)buf, sizeof(buf))) > 0) {
 		mdfour(tmp_md4, buf, n);
 		for (n=0;n<16;n++)
-			hash[n] ^= tmp_md4[n];
+			the_hash[n] ^= tmp_md4[n];
 	}
 	close(fd);
 }
 
-
-
-/****************************************************************
- Try and get a seed by looking at the atimes of files in a given
- directory. XOR them into the buf array.
-*****************************************************************/
-
-static void do_dirrand(char *name, unsigned char *buf, int buf_len)
-{
-  DIR *dp = opendir(name);
-  pstring fullname;
-  int len_left;
-  int fullname_len;
-  char *pos;
-
-  pstrcpy(fullname, name);
-  fullname_len = strlen(fullname);
-
-  if(fullname_len + 2 > sizeof(pstring))
-    return;
-
-  if(fullname[fullname_len] != '/') {
-    fullname[fullname_len] = '/';
-    fullname[fullname_len+1] = '\0';
-    fullname_len = strlen(fullname);
-  }
-
-  len_left = sizeof(pstring) - fullname_len - 1;
-  pos = &fullname[fullname_len];
-
-  if(dp != NULL) {
-    char *p;
-
-    while ((p = readdirname(dp))) {           
-      SMB_STRUCT_STAT st;
-
-      if(strlen(p) <= len_left)
-        pstrcpy(pos, p);
-
-      if(sys_stat(fullname,&st) == 0) {
-        SIVAL(buf, ((counter * 4)%(buf_len-4)), 
-              IVAL(buf,((counter * 4)%(buf_len-4))) ^ st.st_atime);
-        counter++;
-        DEBUG(10,("do_dirrand: value from file %s.\n", fullname));
-      }
-    }
-    closedir(dp); 
-  }
-}
-
 /**************************************************************
  Try and get a good random number seed. Try a number of
- different factors. Firstly, try /dev/urandom and try and
- read from this. If this fails iterate through /tmp and
- /dev and XOR all the file timestamps. Next add in
- a hash of the contents of /etc/shadow and the smb passwd
- file and a combination of pid and time of day (yes I know this
- sucks :-). Finally md4 the result.
+ different factors. Firstly, try /dev/urandom - use if exists.
 
  We use /dev/urandom as a read of /dev/random can block if
  the entropy pool dries up. This leads clients to timeout
  or be very slow on connect.
 
- The result goes in a 16 byte buffer passed from the caller
+ If we can't use /dev/urandom then seed the stream random generator
+ above...
 **************************************************************/
 
-static uint32 do_reseed(unsigned char *md4_outbuf)
+static int do_reseed(BOOL use_fd, int fd)
 {
-  unsigned char md4_inbuf[40];
-  BOOL got_random = False;
-  uint32 v1, v2, ret;
-  int fd;
-  struct timeval tval;
-  pid_t mypid;
-  struct passwd *pw;
-
-  memset(md4_inbuf, '\0', sizeof(md4_inbuf));
-
-  fd = sys_open( "/dev/urandom", O_RDONLY,0);
-  if(fd >= 0) {
-    /* 
-     * We can use /dev/urandom !
-     */
-    if(read(fd, md4_inbuf, 40) == 40) {
-      got_random = True;
-      DEBUG(10,("do_reseed: got 40 bytes from /dev/urandom.\n"));
-    }
-    close(fd);
-  }
-
-  if(!got_random) {
-    /*
-     * /dev/urandom failed - try /dev for timestamps.
-     */
-    do_dirrand("/dev", md4_inbuf, sizeof(md4_inbuf));
-  }
-
-  /* possibly add in some secret file contents */
-  do_filehash("/etc/shadow", &md4_inbuf[0]);
-  do_filehash(lp_smb_passwd_file(), &md4_inbuf[16]);
-
-  /* add in the root encrypted password. On any system where security is taken
-     seriously this will be secret */
-  pw = sys_getpwnam("root");
-  if (pw && pw->pw_passwd) {
-	  int i;
-	  unsigned char md4_tmp[16];
-	  mdfour(md4_tmp, (unsigned char *)pw->pw_passwd, strlen(pw->pw_passwd));
-	  for (i=0;i<16;i++)
-		  md4_inbuf[8+i] ^= md4_tmp[i];
-  }
-
-  /*
-   * Finally add the counter, time of day, and pid.
-   */
-  GetTimeOfDay(&tval);
-  mypid = sys_getpid();
-  v1 = (counter++) + mypid + tval.tv_sec;
-  v2 = (counter++) * mypid + tval.tv_usec;
-
-  SIVAL(md4_inbuf, 32, v1 ^ IVAL(md4_inbuf, 32));
-  SIVAL(md4_inbuf, 36, v2 ^ IVAL(md4_inbuf, 36));
-
-  mdfour(md4_outbuf, md4_inbuf, sizeof(md4_inbuf));
-
-  /*
-   * Return a 32 bit int created from XORing the
-   * 16 bit return buffer.
-   */
-
-  ret = IVAL(md4_outbuf, 0);
-  ret ^= IVAL(md4_outbuf, 4);
-  ret ^= IVAL(md4_outbuf, 8);
-  return (ret ^ IVAL(md4_outbuf, 12));
+	unsigned char seed_inbuf[40];
+	uint32 v1, v2; struct timeval tval; pid_t mypid;
+	struct passwd *pw;
+
+	if (use_fd) {
+		if (fd != -1)
+			return fd;
+
+		fd = sys_open( "/dev/urandom", O_RDONLY,0);
+		if(fd >= 0)
+			return fd;
+	}
+
+#ifdef __INSURE__
+	memset(seed_inbuf, '\0', sizeof(seed_inbuf));
+#endif
+
+	/* Add in some secret file contents */
+
+	do_filehash("/etc/shadow", &seed_inbuf[0]);
+	do_filehash(lp_smb_passwd_file(), &seed_inbuf[16]);
+
+	/*
+	 * Add in the root encrypted password.
+	 * On any system where security is taken
+	 * seriously this will be secret.
+	 */
+
+	pw = sys_getpwnam("root");
+	if (pw && pw->pw_passwd) {
+		size_t i;
+		unsigned char md4_tmp[16];
+		mdfour(md4_tmp, (unsigned char *)pw->pw_passwd, strlen(pw->pw_passwd));
+		for (i=0;i<16;i++)
+			seed_inbuf[8+i] ^= md4_tmp[i];
+	}
+
+	/*
+	 * Add the counter, time of day, and pid.
+	 */
+
+	GetTimeOfDay(&tval);
+	mypid = sys_getpid();
+	v1 = (counter++) + mypid + tval.tv_sec;
+	v2 = (counter++) * mypid + tval.tv_usec;
+
+	SIVAL(seed_inbuf, 32, v1 ^ IVAL(seed_inbuf, 32));
+	SIVAL(seed_inbuf, 36, v2 ^ IVAL(seed_inbuf, 36));
+
+	/*
+	 * Add any user-given reseed data.
+	 */
+
+	if (reseed_data) {
+		size_t i;
+		for (i = 0; i < sizeof(seed_inbuf); i++)
+			seed_inbuf[i] ^= reseed_data[i % reseed_data_size];
+	}
+
+	seed_random_stream(seed_inbuf, sizeof(seed_inbuf));
+
+	return -1;
 }
 
 /*******************************************************************
  Interface to the (hopefully) good crypto random number generator.
 ********************************************************************/
 
-void generate_random_buffer( unsigned char *out, int len, BOOL re_seed)
+void generate_random_buffer( unsigned char *out, int len, BOOL do_reseed_now)
 {
-  static BOOL done_reseed = False;
-  static unsigned char md4_buf[16];
-  unsigned char tmp_buf[16];
-  unsigned char *p;
-
-  if(!done_reseed || re_seed) {
-	  sys_srandom(do_reseed(md4_buf));
-	  done_reseed = True;
-  }
-
-  /*
-   * Generate random numbers in chunks of 64 bytes,
-   * then md4 them & copy to the output buffer.
-   * Added XOR with output from random, seeded
-   * by the original md4_buf. This is to stop the
-   * output from this function being the previous
-   * md4_buf md4'ed. The output from this function
-   * is often output onto the wire, and so it should
-   * not be possible to guess the next output from
-   * this function based on the previous output.
-   * XORing in the output from random(), seeded by
-   * the original md4 hash should stop this. JRA.
-   */
-
-  p = out;
-  while(len > 0) {
-    int i;
-    int copy_len = len > 16 ? 16 : len;
-    mdfour(tmp_buf, md4_buf, sizeof(md4_buf));
-    memcpy(md4_buf, tmp_buf, sizeof(md4_buf));
-    /* XOR in output from random(). */
-    for(i = 0; i < 4; i++)
-      SIVAL(tmp_buf, i*4, (IVAL(tmp_buf, i*4) ^ (uint32)sys_random()));
-    memcpy(p, tmp_buf, copy_len);
-    p += copy_len;
-    len -= copy_len;
-  }
+	static BOOL done_reseed = False;
+	static int urand_fd = -1;
+	unsigned char md4_buf[64];
+	unsigned char tmp_buf[16];
+	unsigned char *p;
+
+	if(!done_reseed || do_reseed_now) {
+		urand_fd = do_reseed(True, urand_fd);
+		done_reseed = True;
+	}
+
+	if (urand_fd != -1 && len > 0) {
+
+		if (read(urand_fd, out, len) == len)
+			return; /* len bytes of random data read from urandom. */
+
+		/* Read of urand error, drop back to non urand method. */
+		close(urand_fd);
+		urand_fd = -1;
+		do_reseed(False, -1);
+		done_reseed = True;
+	}
+
+	/*
+	 * Generate random numbers in chunks of 64 bytes,
+	 * then md4 them & copy to the output buffer.
+	 * This way the raw state of the stream is never externally
+	 * seen.
+	 */
+
+	p = out;
+	while(len > 0) {
+		int copy_len = len > 16 ? 16 : len;
+
+		get_random_stream(md4_buf, sizeof(md4_buf));
+		mdfour(tmp_buf, md4_buf, sizeof(md4_buf));
+		memcpy(p, tmp_buf, copy_len);
+		p += copy_len;
+		len -= copy_len;
+	}
 }
 
 /*******************************************************************
diff --git a/source/lib/hash.c b/source/lib/hash.c
index c96315f37e0..92840a4c983 100644
--- a/source/lib/hash.c
+++ b/source/lib/hash.c
@@ -92,7 +92,7 @@ BOOL hash_table_init(hash_table *table, int num_buckets, compare_function compar
  **************************************************************
  */
 
-int string_hash(int hash_size, const char *key)
+static int string_hash(int hash_size, const char *key)
 {
 	int j=0;
 	while (*key)
@@ -147,7 +147,7 @@ static hash_element *hash_chain_find(hash_table *table, ubi_dlList *hash_chain,
 
 hash_element *hash_lookup(hash_table *table, char *key)
 {
-	return (hash_chain_find(table, &(table->buckets[string_hash(table->size, key)]), key));
+	return (hash_chain_find(table, &table->buckets[string_hash(table->size, key)], key));
 }
 
 /* ***************************************************************
@@ -198,7 +198,7 @@ hash_element *hash_insert(hash_table *table, char *value, char *key)
 		table->num_elements += 1;
 	}
 
-	bucket = &(table->buckets[string_hash(table->size, key)]);
+	bucket = &table->buckets[string_hash(table->size, key)];
 
 	/* Since we only have 1-byte for the key string, we need to 
 	 * allocate extra space in the hash_element to store the entire key
@@ -301,7 +301,7 @@ static BOOL enlarge_hash_table(hash_table *table)
  *************************************************************************
  */
 
-BOOL hash_clear(hash_table *table)
+void hash_clear(hash_table *table)
 {
 	int i;
 	ubi_dlList	*bucket = table->buckets;
@@ -319,6 +319,4 @@ BOOL hash_clear(hash_table *table)
 	if(table->buckets)
 		free((char *) table->buckets);
 	table->buckets = NULL;
-
-	return True;
 }
diff --git a/source/lib/messages.c b/source/lib/messages.c
index 5591f141cc1..ffa873960e7 100644
--- a/source/lib/messages.c
+++ b/source/lib/messages.c
@@ -70,7 +70,7 @@ a useful function for testing the message system
 ****************************************************************************/
 void ping_message(int msg_type, pid_t src, void *buf, size_t len)
 {
-	DEBUG(1,("INFO: Received PING message from PID %d\n",src));
+	DEBUG(1,("INFO: Received PING message from PID %u\n",(unsigned int)src));
 	message_send_pid(src, MSG_PONG, buf, len, True);
 }
 /****************************************************************************
@@ -78,7 +78,7 @@ return current debug level
 ****************************************************************************/
 void debuglevel_message(int msg_type, pid_t src, void *buf, size_t len)
 {
-	DEBUG(1,("INFO: Received REQ_DEBUGLEVEL message from PID %d\n",src));
+	DEBUG(1,("INFO: Received REQ_DEBUGLEVEL message from PID %u\n",(unsigned int)src));
 	message_send_pid(src, MSG_DEBUGLEVEL, DEBUGLEVEL_CLASS, sizeof(DEBUGLEVEL_CLASS), True);
 }
 
@@ -89,7 +89,7 @@ BOOL message_init(void)
 {
 	if (tdb) return True;
 
-	tdb = tdb_open(lock_path("messages.tdb"), 
+	tdb = tdb_open_log(lock_path("messages.tdb"), 
 		       0, TDB_CLEAR_IF_FIRST, 
 		       O_RDWR|O_CREAT,0600);
 
@@ -361,9 +361,13 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
 	struct connections_data crec;
 	struct msg_all *msg_all = (struct msg_all *)state;
 
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
 	memcpy(&crec, dbuf.dptr, sizeof(crec));
 
-	if (crec.cnum != -1) return 0;
+	if (crec.cnum != -1)
+		return 0;
 
 	/* if the msg send fails because the pid was not found (i.e. smbd died), 
 	 * the msg has already been deleted from the messages.tdb.*/
@@ -372,8 +376,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void
 		
 		/* if the pid was not found delete the entry from connections.tdb */
 		if (errno == ESRCH) {
-			DEBUG(2,("pid %d doesn't exist - deleting connections %d [%s]\n",
-					crec.pid, crec.cnum, crec.name));
+			DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
+					(unsigned int)crec.pid, crec.cnum, crec.name));
 			tdb_delete(the_tdb, kbuf);
 		}
 	}
diff --git a/source/lib/ms_fnmatch.c b/source/lib/ms_fnmatch.c
index b4591c7dbc4..87e40049e05 100644
--- a/source/lib/ms_fnmatch.c
+++ b/source/lib/ms_fnmatch.c
@@ -24,22 +24,15 @@
 */  
 
 
-#if FNMATCH_TEST
-#include <stdio.h>
-#include <stdlib.h>
-#else
 #include "includes.h"
-#endif
-
-
 
 /* 
    bugger. we need a separate wildcard routine for older versions
    of the protocol. This is not yet perfect, but its a lot
    better thaan what we had */
-static int ms_fnmatch_lanman_core(char *pattern, char *string)
+static int ms_fnmatch_lanman_core(const char *pattern, const char *string)
 {
-	char *p = pattern, *n = string;
+	const char *p = pattern, *n = string;
 	char c;
 
 	if (strcmp(p,"?")==0 && strcmp(n,".")==0) goto match;
@@ -118,7 +111,7 @@ next:
 	return 0;
 }
 
-static int ms_fnmatch_lanman1(char *pattern, char *string)
+static int ms_fnmatch_lanman1(const char *pattern, const char *string)
 {
 	if (!strpbrk(pattern, "?*<>\"")) {
 		if (strcmp(string,"..") == 0) string = ".";
@@ -142,9 +135,9 @@ static int ms_fnmatch_lanman1(char *pattern, char *string)
 
    Returns 0 on match, -1 on fail.
 */
-int ms_fnmatch(char *pattern, char *string)
+int ms_fnmatch(const char *pattern, const char *string)
 {
-	char *p = pattern, *n = string;
+	const char *p = pattern, *n = string;
 	char c;
 	extern int Protocol;
 
@@ -201,59 +194,3 @@ int ms_fnmatch(char *pattern, char *string)
 	
 	return -1;
 }
-
-
-#if FNMATCH_TEST
-
-static int match_one(char *pattern, char *file)
-{
-	if (strcmp(file,"..") == 0) file = ".";
-	if (strcmp(pattern,".") == 0) return -1;
-
-	return ms_fnmatch(pattern, file);
-}
-
-static char *match_test(char *pattern, char *file, char *short_name)
-{
-	static char ret[4];
-	strncpy(ret, "---", 3);
-
-	if (match_one(pattern, ".") == 0) ret[0] = '+';
-	if (match_one(pattern, "..") == 0) ret[1] = '+';
-	if (match_one(pattern, file) == 0 || 
-	    (*short_name && match_one(pattern, short_name)==0)) ret[2] = '+';
-	return ret;
-}
-
- int main(int argc, char *argv[])
-{
-	int ret;
-	char ans[4], mask[100], file[100], mfile[100];
-	char *ans2;
-	int n, i=0;
-	char line[200];
-
-	if (argc == 3) {
-		ret = ms_fnmatch(argv[1], argv[2]);
-		if (ret == 0) 
-			printf("YES\n");
-		else printf("NO\n");
-		return ret;
-	}
-	mfile[0] = 0;
-
-	while (fgets(line, sizeof(line)-1, stdin)) {
-		n = sscanf(line, "%3s %s %s %s\n", ans, mask, file, mfile);
-		if (n < 3) continue;
-		ans2 = match_test(mask, file, mfile);
-		if (strcmp(ans2, ans)) {
-			printf("%s %s %d mask=[%s]  file=[%s]  mfile=[%s]\n",
-			       ans, ans2, i, mask, file, mfile);
-		}
-		i++;
-		mfile[0] = 0;
-	}
-	return 0;
-}
-#endif /* FNMATCH_TEST */
-
diff --git a/source/lib/snprintf.c b/source/lib/snprintf.c
index 1a8c10afc40..0a52e1762b1 100644
--- a/source/lib/snprintf.c
+++ b/source/lib/snprintf.c
@@ -49,41 +49,38 @@
  *    fixed handling of %.0f
  *    added test for HAVE_LONG_DOUBLE
  *
+ * tridge@samba.org, idra@samba.org, April 2001
+ *    got rid of fcvt code (twas buggy and made testing harder)
+ *    added C99 semantics
+ *
  **************************************************************/
 
+#ifndef NO_CONFIG_H /* for some tests */
 #include "config.h"
+#endif
 
+#ifdef HAVE_STRING_H
 #include <string.h>
-# include <ctype.h>
-#include <sys/types.h>
-
-#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)
-
-/* Define this as a fall through, HAVE_STDARG_H is probably already set */
-
-#define HAVE_VARARGS_H
+#endif
 
-/* varargs declarations: */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+#ifdef HAVE_CTYPE_H
+#include <ctype.h>
+#endif
+#include <sys/types.h>
+#include <stdarg.h>
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
 
-#if defined(HAVE_STDARG_H)
-# include <stdarg.h>
-# define HAVE_STDARGS    /* let's hope that works everywhere (mj) */
-# define VA_LOCAL_DECL   va_list ap
-# define VA_START(f)     va_start(ap, f)
-# define VA_SHIFT(v,t)  ;   /* no-op for ANSI */
-# define VA_END          va_end(ap)
+#if defined(HAVE_SNPRINTF) && defined(HAVE_VSNPRINTF) && defined(HAVE_C99_VSNPRINTF)
+/* only include stdio.h if we are not re-defining snprintf or vsnprintf */
+#include <stdio.h>
+ /* make the compiler happy with an empty file */
+ void dummy_snprintf(void) {} 
 #else
-# if defined(HAVE_VARARGS_H)
-#  include <varargs.h>
-#  undef HAVE_STDARGS
-#  define VA_LOCAL_DECL   va_list ap
-#  define VA_START(f)     va_start(ap)      /* f is ignored! */
-#  define VA_SHIFT(v,t) v = va_arg(ap,t)
-#  define VA_END        va_end(ap)
-# else
-/*XX ** NO VARARGS ** XX*/
-# endif
-#endif
 
 #ifdef HAVE_LONG_DOUBLE
 #define LDOUBLE long double
@@ -97,18 +94,15 @@
 #define LLONG long
 #endif
 
-/*int snprintf (char *str, size_t count, const char *fmt, ...);*/
-/*int vsnprintf (char *str, size_t count, const char *fmt, va_list arg);*/
-
-static void dopr (char *buffer, size_t maxlen, const char *format, 
-                  va_list args);
-static void fmtstr (char *buffer, size_t *currlen, size_t maxlen,
+static size_t dopr(char *buffer, size_t maxlen, const char *format, 
+		   va_list args);
+static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
 		    char *value, int flags, int min, int max);
-static void fmtint (char *buffer, size_t *currlen, size_t maxlen,
+static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 		    long value, int base, int min, int max, int flags);
-static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
+static void fmtfp(char *buffer, size_t *currlen, size_t maxlen,
 		   LDOUBLE fvalue, int min, int max, int flags);
-static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c );
+static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
 
 /*
  * dopr(): poor man's version of doprintf
@@ -140,774 +134,804 @@ static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c );
 #define DP_C_LLONG   4
 
 #define char_to_int(p) ((p)- '0')
+#ifndef MAX
 #define MAX(p,q) (((p) >= (q)) ? (p) : (q))
+#endif
 
-static void dopr (char *buffer, size_t maxlen, const char *format, va_list args)
+static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args)
 {
-  char ch;
-  LLONG value;
-  LDOUBLE fvalue;
-  char *strvalue;
-  int min;
-  int max;
-  int state;
-  int flags;
-  int cflags;
-  size_t currlen;
-  
-  state = DP_S_DEFAULT;
-  currlen = flags = cflags = min = 0;
-  max = -1;
-  ch = *format++;
-
-  while (state != DP_S_DONE)
-  {
-    if ((ch == '\0') || (currlen >= maxlen)) 
-      state = DP_S_DONE;
-
-    switch(state) 
-    {
-    case DP_S_DEFAULT:
-      if (ch == '%') 
-	state = DP_S_FLAGS;
-      else 
-	dopr_outch (buffer, &currlen, maxlen, ch);
-      ch = *format++;
-      break;
-    case DP_S_FLAGS:
-      switch (ch) 
-      {
-      case '-':
-	flags |= DP_F_MINUS;
-        ch = *format++;
-	break;
-      case '+':
-	flags |= DP_F_PLUS;
-        ch = *format++;
-	break;
-      case ' ':
-	flags |= DP_F_SPACE;
-        ch = *format++;
-	break;
-      case '#':
-	flags |= DP_F_NUM;
-        ch = *format++;
-	break;
-      case '0':
-	flags |= DP_F_ZERO;
-        ch = *format++;
-	break;
-      default:
-	state = DP_S_MIN;
-	break;
-      }
-      break;
-    case DP_S_MIN:
-      if (isdigit((unsigned char)ch)) 
-      {
-	min = 10*min + char_to_int (ch);
-	ch = *format++;
-      } 
-      else if (ch == '*') 
-      {
-	min = va_arg (args, int);
-	ch = *format++;
-	state = DP_S_DOT;
-      } 
-      else 
-	state = DP_S_DOT;
-      break;
-    case DP_S_DOT:
-      if (ch == '.') 
-      {
-	state = DP_S_MAX;
-	ch = *format++;
-      } 
-      else 
-	state = DP_S_MOD;
-      break;
-    case DP_S_MAX:
-      if (isdigit((unsigned char)ch)) 
-      {
-	if (max < 0)
-	  max = 0;
-	max = 10*max + char_to_int (ch);
-	ch = *format++;
-      } 
-      else if (ch == '*') 
-      {
-	max = va_arg (args, int);
+	char ch;
+	LLONG value;
+	LDOUBLE fvalue;
+	char *strvalue;
+	int min;
+	int max;
+	int state;
+	int flags;
+	int cflags;
+	size_t currlen;
+	
+	state = DP_S_DEFAULT;
+	currlen = flags = cflags = min = 0;
+	max = -1;
 	ch = *format++;
-	state = DP_S_MOD;
-      } 
-      else 
-	state = DP_S_MOD;
-      break;
-    case DP_S_MOD:
-      switch (ch) 
-      {
-      case 'h':
-	cflags = DP_C_SHORT;
-	ch = *format++;
-	break;
-      case 'l':
-	cflags = DP_C_LONG;
-	ch = *format++;
-	if (ch == 'l') {	/* It's a long long */
-	  cflags = DP_C_LLONG;
-	  ch = *format++;
+	
+	while (state != DP_S_DONE) {
+		if (ch == '\0') 
+			state = DP_S_DONE;
+
+		switch(state) {
+		case DP_S_DEFAULT:
+			if (ch == '%') 
+				state = DP_S_FLAGS;
+			else 
+				dopr_outch (buffer, &currlen, maxlen, ch);
+			ch = *format++;
+			break;
+		case DP_S_FLAGS:
+			switch (ch) {
+			case '-':
+				flags |= DP_F_MINUS;
+				ch = *format++;
+				break;
+			case '+':
+				flags |= DP_F_PLUS;
+				ch = *format++;
+				break;
+			case ' ':
+				flags |= DP_F_SPACE;
+				ch = *format++;
+				break;
+			case '#':
+				flags |= DP_F_NUM;
+				ch = *format++;
+				break;
+			case '0':
+				flags |= DP_F_ZERO;
+				ch = *format++;
+				break;
+			default:
+				state = DP_S_MIN;
+				break;
+			}
+			break;
+		case DP_S_MIN:
+			if (isdigit((unsigned char)ch)) {
+				min = 10*min + char_to_int (ch);
+				ch = *format++;
+			} else if (ch == '*') {
+				min = va_arg (args, int);
+				ch = *format++;
+				state = DP_S_DOT;
+			} else {
+				state = DP_S_DOT;
+			}
+			break;
+		case DP_S_DOT:
+			if (ch == '.') {
+				state = DP_S_MAX;
+				ch = *format++;
+			} else { 
+				state = DP_S_MOD;
+			}
+			break;
+		case DP_S_MAX:
+			if (isdigit((unsigned char)ch)) {
+				if (max < 0)
+					max = 0;
+				max = 10*max + char_to_int (ch);
+				ch = *format++;
+			} else if (ch == '*') {
+				max = va_arg (args, int);
+				ch = *format++;
+				state = DP_S_MOD;
+			} else {
+				state = DP_S_MOD;
+			}
+			break;
+		case DP_S_MOD:
+			switch (ch) {
+			case 'h':
+				cflags = DP_C_SHORT;
+				ch = *format++;
+				break;
+			case 'l':
+				cflags = DP_C_LONG;
+				ch = *format++;
+				if (ch == 'l') {	/* It's a long long */
+					cflags = DP_C_LLONG;
+					ch = *format++;
+				}
+				break;
+			case 'L':
+				cflags = DP_C_LDOUBLE;
+				ch = *format++;
+				break;
+			default:
+				break;
+			}
+			state = DP_S_CONV;
+			break;
+		case DP_S_CONV:
+			switch (ch) {
+			case 'd':
+			case 'i':
+				if (cflags == DP_C_SHORT) 
+					value = va_arg (args, int);
+				else if (cflags == DP_C_LONG)
+					value = va_arg (args, long int);
+				else if (cflags == DP_C_LLONG)
+					value = va_arg (args, LLONG);
+				else
+					value = va_arg (args, int);
+				fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+				break;
+			case 'o':
+				flags |= DP_F_UNSIGNED;
+				if (cflags == DP_C_SHORT)
+					value = va_arg (args, unsigned int);
+				else if (cflags == DP_C_LONG)
+					value = (long)va_arg (args, unsigned long int);
+				else if (cflags == DP_C_LLONG)
+					value = (long)va_arg (args, unsigned LLONG);
+				else
+					value = (long)va_arg (args, unsigned int);
+				fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
+				break;
+			case 'u':
+				flags |= DP_F_UNSIGNED;
+				if (cflags == DP_C_SHORT)
+					value = va_arg (args, unsigned int);
+				else if (cflags == DP_C_LONG)
+					value = (long)va_arg (args, unsigned long int);
+				else if (cflags == DP_C_LLONG)
+					value = (LLONG)va_arg (args, unsigned LLONG);
+				else
+					value = (long)va_arg (args, unsigned int);
+				fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+				break;
+			case 'X':
+				flags |= DP_F_UP;
+			case 'x':
+				flags |= DP_F_UNSIGNED;
+				if (cflags == DP_C_SHORT)
+					value = va_arg (args, unsigned int);
+				else if (cflags == DP_C_LONG)
+					value = (long)va_arg (args, unsigned long int);
+				else if (cflags == DP_C_LLONG)
+					value = (LLONG)va_arg (args, unsigned LLONG);
+				else
+					value = (long)va_arg (args, unsigned int);
+				fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
+				break;
+			case 'f':
+				if (cflags == DP_C_LDOUBLE)
+					fvalue = va_arg (args, LDOUBLE);
+				else
+					fvalue = va_arg (args, double);
+				/* um, floating point? */
+				fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+				break;
+			case 'E':
+				flags |= DP_F_UP;
+			case 'e':
+				if (cflags == DP_C_LDOUBLE)
+					fvalue = va_arg (args, LDOUBLE);
+				else
+					fvalue = va_arg (args, double);
+				break;
+			case 'G':
+				flags |= DP_F_UP;
+			case 'g':
+				if (cflags == DP_C_LDOUBLE)
+					fvalue = va_arg (args, LDOUBLE);
+				else
+					fvalue = va_arg (args, double);
+				break;
+			case 'c':
+				dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
+				break;
+			case 's':
+				strvalue = va_arg (args, char *);
+				if (max == -1) {
+					max = strlen(strvalue);
+				}
+				if (min > 0 && max >= 0 && min > max) max = min;
+				fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
+				break;
+			case 'p':
+				strvalue = va_arg (args, void *);
+				fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
+				break;
+			case 'n':
+				if (cflags == DP_C_SHORT) {
+					short int *num;
+					num = va_arg (args, short int *);
+					*num = currlen;
+				} else if (cflags == DP_C_LONG) {
+					long int *num;
+					num = va_arg (args, long int *);
+					*num = (long int)currlen;
+				} else if (cflags == DP_C_LLONG) {
+					LLONG *num;
+					num = va_arg (args, LLONG *);
+					*num = (LLONG)currlen;
+				} else {
+					int *num;
+					num = va_arg (args, int *);
+					*num = currlen;
+				}
+				break;
+			case '%':
+				dopr_outch (buffer, &currlen, maxlen, ch);
+				break;
+			case 'w':
+				/* not supported yet, treat as next char */
+				ch = *format++;
+				break;
+			default:
+				/* Unknown, skip */
+				break;
+			}
+			ch = *format++;
+			state = DP_S_DEFAULT;
+			flags = cflags = min = 0;
+			max = -1;
+			break;
+		case DP_S_DONE:
+			break;
+		default:
+			/* hmm? */
+			break; /* some picky compilers need this */
+		}
 	}
-	break;
-      case 'L':
-	cflags = DP_C_LDOUBLE;
-	ch = *format++;
-	break;
-      default:
-	break;
-      }
-      state = DP_S_CONV;
-      break;
-    case DP_S_CONV:
-      switch (ch) 
-      {
-      case 'd':
-      case 'i':
-	if (cflags == DP_C_SHORT) 
-	  value = va_arg (args, short int);
-	else if (cflags == DP_C_LONG)
-	  value = va_arg (args, long int);
-	else if (cflags == DP_C_LLONG)
-	  value = va_arg (args, LLONG);
-	else
-	  value = va_arg (args, int);
-	fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
-	break;
-      case 'o':
-	flags |= DP_F_UNSIGNED;
-	if (cflags == DP_C_SHORT)
-	  value = va_arg (args, unsigned short int);
-	else if (cflags == DP_C_LONG)
-	  value = (long)va_arg (args, unsigned long int);
-	else if (cflags == DP_C_LLONG)
-	  value = (long)va_arg (args, unsigned LLONG);
-	else
-	  value = (long)va_arg (args, unsigned int);
-	fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
-	break;
-      case 'u':
-	flags |= DP_F_UNSIGNED;
-	if (cflags == DP_C_SHORT)
-	  value = va_arg (args, unsigned short int);
-	else if (cflags == DP_C_LONG)
-	  value = (long)va_arg (args, unsigned long int);
-	else if (cflags == DP_C_LLONG)
-	  value = (LLONG)va_arg (args, unsigned LLONG);
-	else
-	  value = (long)va_arg (args, unsigned int);
-	fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
-	break;
-      case 'X':
-	flags |= DP_F_UP;
-      case 'x':
-	flags |= DP_F_UNSIGNED;
-	if (cflags == DP_C_SHORT)
-	  value = va_arg (args, unsigned short int);
-	else if (cflags == DP_C_LONG)
-	  value = (long)va_arg (args, unsigned long int);
-	else if (cflags == DP_C_LLONG)
-	  value = (LLONG)va_arg (args, unsigned LLONG);
-	else
-	  value = (long)va_arg (args, unsigned int);
-	fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
-	break;
-      case 'f':
-	if (cflags == DP_C_LDOUBLE)
-	  fvalue = va_arg (args, LDOUBLE);
-	else
-	  fvalue = va_arg (args, double);
-	/* um, floating point? */
-	fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
-	break;
-      case 'E':
-	flags |= DP_F_UP;
-      case 'e':
-	if (cflags == DP_C_LDOUBLE)
-	  fvalue = va_arg (args, LDOUBLE);
-	else
-	  fvalue = va_arg (args, double);
-	break;
-      case 'G':
-	flags |= DP_F_UP;
-      case 'g':
-	if (cflags == DP_C_LDOUBLE)
-	  fvalue = va_arg (args, LDOUBLE);
-	else
-	  fvalue = va_arg (args, double);
-	break;
-      case 'c':
-	dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
-	break;
-      case 's':
-	strvalue = va_arg (args, char *);
-	if (max < 0) 
-	  max = maxlen; /* ie, no max */
-	fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
-	break;
-      case 'p':
-	strvalue = va_arg (args, void *);
-	fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
-	break;
-      case 'n':
-	if (cflags == DP_C_SHORT) 
-	{
-	  short int *num;
-	  num = va_arg (args, short int *);
-	  *num = currlen;
-        } 
-	else if (cflags == DP_C_LONG) 
-	{
-	  long int *num;
-	  num = va_arg (args, long int *);
-	  *num = (long int)currlen;
-        } 
-	else if (cflags == DP_C_LLONG) 
-	{
-	  LLONG *num;
-	  num = va_arg (args, LLONG *);
-	  *num = (LLONG)currlen;
-        } 
-	else 
-	{
-	  int *num;
-	  num = va_arg (args, int *);
-	  *num = currlen;
-        }
-	break;
-      case '%':
-	dopr_outch (buffer, &currlen, maxlen, ch);
-	break;
-      case 'w':
-	/* not supported yet, treat as next char */
-	ch = *format++;
-	break;
-      default:
-	/* Unknown, skip */
-	break;
-      }
-      ch = *format++;
-      state = DP_S_DEFAULT;
-      flags = cflags = min = 0;
-      max = -1;
-      break;
-    case DP_S_DONE:
-      break;
-    default:
-      /* hmm? */
-      break; /* some picky compilers need this */
-    }
-  }
-  if (currlen < maxlen - 1) 
-    buffer[currlen] = '\0';
-  else 
-    buffer[maxlen - 1] = '\0';
+	if (maxlen != 0) {
+		if (currlen < maxlen - 1) 
+			buffer[currlen] = '\0';
+		else if (maxlen > 0) 
+			buffer[maxlen - 1] = '\0';
+	}
+	
+	return currlen;
 }
 
-static void fmtstr (char *buffer, size_t *currlen, size_t maxlen,
+static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
 		    char *value, int flags, int min, int max)
 {
-  int padlen, strln;     /* amount to pad */
-  int cnt = 0;
-  
-  if (value == 0)
-  {
-    value = "<NULL>";
-  }
-
-  for (strln = 0; value[strln]; ++strln); /* strlen */
-  padlen = min - strln;
-  if (padlen < 0) 
-    padlen = 0;
-  if (flags & DP_F_MINUS) 
-    padlen = -padlen; /* Left Justify */
-
-  while ((padlen > 0) && (cnt < max)) 
-  {
-    dopr_outch (buffer, currlen, maxlen, ' ');
-    --padlen;
-    ++cnt;
-  }
-  while (*value && (cnt < max)) 
-  {
-    dopr_outch (buffer, currlen, maxlen, *value++);
-    ++cnt;
-  }
-  while ((padlen < 0) && (cnt < max)) 
-  {
-    dopr_outch (buffer, currlen, maxlen, ' ');
-    ++padlen;
-    ++cnt;
-  }
+	int padlen, strln;     /* amount to pad */
+	int cnt = 0;
+
+#ifdef DEBUG_SNPRINTF
+	printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value);
+#endif
+	if (value == 0) {
+		value = "<NULL>";
+	}
+
+	for (strln = 0; value[strln]; ++strln); /* strlen */
+	padlen = min - strln;
+	if (padlen < 0) 
+		padlen = 0;
+	if (flags & DP_F_MINUS) 
+		padlen = -padlen; /* Left Justify */
+	
+	while ((padlen > 0) && (cnt < max)) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		--padlen;
+		++cnt;
+	}
+	while (*value && (cnt < max)) {
+		dopr_outch (buffer, currlen, maxlen, *value++);
+		++cnt;
+	}
+	while ((padlen < 0) && (cnt < max)) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++padlen;
+		++cnt;
+	}
 }
 
 /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
 
-static void fmtint (char *buffer, size_t *currlen, size_t maxlen,
+static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 		    long value, int base, int min, int max, int flags)
 {
-  int signvalue = 0;
-  unsigned long uvalue;
-  char convert[20];
-  int place = 0;
-  int spadlen = 0; /* amount to space pad */
-  int zpadlen = 0; /* amount to zero pad */
-  int caps = 0;
-  
-  if (max < 0)
-    max = 0;
-
-  uvalue = value;
-
-  if(!(flags & DP_F_UNSIGNED))
-  {
-    if( value < 0 ) {
-      signvalue = '-';
-      uvalue = -value;
-    }
-    else
-      if (flags & DP_F_PLUS)  /* Do a sign (+/i) */
-	signvalue = '+';
-    else
-      if (flags & DP_F_SPACE)
-	signvalue = ' ';
-  }
+	int signvalue = 0;
+	unsigned long uvalue;
+	char convert[20];
+	int place = 0;
+	int spadlen = 0; /* amount to space pad */
+	int zpadlen = 0; /* amount to zero pad */
+	int caps = 0;
+	
+	if (max < 0)
+		max = 0;
+	
+	uvalue = value;
+	
+	if(!(flags & DP_F_UNSIGNED)) {
+		if( value < 0 ) {
+			signvalue = '-';
+			uvalue = -value;
+		} else {
+			if (flags & DP_F_PLUS)  /* Do a sign (+/i) */
+				signvalue = '+';
+			else if (flags & DP_F_SPACE)
+				signvalue = ' ';
+		}
+	}
   
-  if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
-
-  do {
-    convert[place++] =
-      (caps? "0123456789ABCDEF":"0123456789abcdef")
-      [uvalue % (unsigned)base  ];
-    uvalue = (uvalue / (unsigned)base );
-  } while(uvalue && (place < 20));
-  if (place == 20) place--;
-  convert[place] = 0;
-
-  zpadlen = max - place;
-  spadlen = min - MAX (max, place) - (signvalue ? 1 : 0);
-  if (zpadlen < 0) zpadlen = 0;
-  if (spadlen < 0) spadlen = 0;
-  if (flags & DP_F_ZERO)
-  {
-    zpadlen = MAX(zpadlen, spadlen);
-    spadlen = 0;
-  }
-  if (flags & DP_F_MINUS) 
-    spadlen = -spadlen; /* Left Justifty */
+	if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
+
+	do {
+		convert[place++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")
+			[uvalue % (unsigned)base  ];
+		uvalue = (uvalue / (unsigned)base );
+	} while(uvalue && (place < 20));
+	if (place == 20) place--;
+	convert[place] = 0;
+
+	zpadlen = max - place;
+	spadlen = min - MAX (max, place) - (signvalue ? 1 : 0);
+	if (zpadlen < 0) zpadlen = 0;
+	if (spadlen < 0) spadlen = 0;
+	if (flags & DP_F_ZERO) {
+		zpadlen = MAX(zpadlen, spadlen);
+		spadlen = 0;
+	}
+	if (flags & DP_F_MINUS) 
+		spadlen = -spadlen; /* Left Justifty */
 
 #ifdef DEBUG_SNPRINTF
-  printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
-	 zpadlen, spadlen, min, max, place);
+	printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
+	       zpadlen, spadlen, min, max, place);
 #endif
 
-  /* Spaces */
-  while (spadlen > 0) 
-  {
-    dopr_outch (buffer, currlen, maxlen, ' ');
-    --spadlen;
-  }
-
-  /* Sign */
-  if (signvalue) 
-    dopr_outch (buffer, currlen, maxlen, signvalue);
-
-  /* Zeros */
-  if (zpadlen > 0) 
-  {
-    while (zpadlen > 0)
-    {
-      dopr_outch (buffer, currlen, maxlen, '0');
-      --zpadlen;
-    }
-  }
-
-  /* Digits */
-  while (place > 0) 
-    dopr_outch (buffer, currlen, maxlen, convert[--place]);
+	/* Spaces */
+	while (spadlen > 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		--spadlen;
+	}
+
+	/* Sign */
+	if (signvalue) 
+		dopr_outch (buffer, currlen, maxlen, signvalue);
+
+	/* Zeros */
+	if (zpadlen > 0) {
+		while (zpadlen > 0) {
+			dopr_outch (buffer, currlen, maxlen, '0');
+			--zpadlen;
+		}
+	}
+
+	/* Digits */
+	while (place > 0) 
+		dopr_outch (buffer, currlen, maxlen, convert[--place]);
   
-  /* Left Justified spaces */
-  while (spadlen < 0) {
-    dopr_outch (buffer, currlen, maxlen, ' ');
-    ++spadlen;
-  }
+	/* Left Justified spaces */
+	while (spadlen < 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++spadlen;
+	}
 }
 
-static LDOUBLE abs_val (LDOUBLE value)
+static LDOUBLE abs_val(LDOUBLE value)
 {
-  LDOUBLE result = value;
+	LDOUBLE result = value;
 
-  if (value < 0)
-    result = -value;
+	if (value < 0)
+		result = -value;
+	
+	return result;
+}
 
-  return result;
+static LDOUBLE POW10(int exp)
+{
+	LDOUBLE result = 1;
+	
+	while (exp) {
+		result *= 10;
+		exp--;
+	}
+  
+	return result;
 }
 
-static LDOUBLE pow10 (int exp)
+static LLONG ROUND(LDOUBLE value)
 {
-  LDOUBLE result = 1;
+	LLONG intpart;
 
-  while (exp)
-  {
-    result *= 10;
-    exp--;
-  }
-  
-  return result;
+	intpart = (LLONG)value;
+	value = value - intpart;
+	if (value >= 0.5) intpart++;
+	
+	return intpart;
 }
 
-static long round (LDOUBLE value)
+/* a replacement for modf that doesn't need the math library. Should
+   be portable, but slow */
+static double my_modf(double x0, double *iptr)
 {
-  long intpart;
+	int i;
+	long l;
+	double x = x0;
+	double f = 1.0;
+
+	for (i=0;i<100;i++) {
+		l = (long)x;
+		if (l <= (x+1) && l >= (x-1)) break;
+		x *= 0.1;
+		f *= 10.0;
+	}
 
-  intpart = (long)value;
-  value = value - intpart;
-  if (value >= 0.5)
-    intpart++;
+	if (i == 100) {
+		/* yikes! the number is beyond what we can handle. What do we do? */
+		(*iptr) = 0;
+		return 0;
+	}
+
+	if (i != 0) {
+		double i2;
+		double ret;
 
-  return intpart;
+		ret = my_modf(x0-l*f, &i2);
+		(*iptr) = l*f + i2;
+		return ret;
+	} 
+
+	(*iptr) = l;
+	return x - (*iptr);
 }
 
+
 static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
 		   LDOUBLE fvalue, int min, int max, int flags)
 {
-  int signvalue = 0;
-  LDOUBLE ufvalue;
-#ifndef HAVE_FCVT
-  char iconvert[20];
-  char fconvert[20];
-#else
-  char iconvert[311];
-  char fconvert[311];
-  char *result;
-  int dec_pt, sig;
-  int r_length;
-# ifdef HAVE_FCVTL
-  extern char *fcvtl(long double value, int ndigit, int *decpt, int *sign);
-# else
-  extern char *fcvt(double value, int ndigit, int *decpt, int *sign);
-# endif
-#endif
-  int iplace = 0;
-  int fplace = 0;
-  int padlen = 0; /* amount to pad */
-  int zpadlen = 0; 
-  int caps = 0;
-  long intpart;
-  long fracpart;
+	int signvalue = 0;
+	double ufvalue;
+	char iconvert[311];
+	char fconvert[311];
+	int iplace = 0;
+	int fplace = 0;
+	int padlen = 0; /* amount to pad */
+	int zpadlen = 0; 
+	int caps = 0;
+	int index;
+	double intpart;
+	double fracpart;
+	double temp;
   
-  /* 
-   * AIX manpage says the default is 0, but Solaris says the default
-   * is 6, and sprintf on AIX defaults to 6
-   */
-  if (max < 0)
-    max = 6;
-
-  ufvalue = abs_val (fvalue);
-
-  if (fvalue < 0)
-    signvalue = '-';
-  else
-    if (flags & DP_F_PLUS)  /* Do a sign (+/i) */
-      signvalue = '+';
-    else
-      if (flags & DP_F_SPACE)
-	signvalue = ' ';
+	/* 
+	 * AIX manpage says the default is 0, but Solaris says the default
+	 * is 6, and sprintf on AIX defaults to 6
+	 */
+	if (max < 0)
+		max = 6;
+
+	ufvalue = abs_val (fvalue);
+
+	if (fvalue < 0) {
+		signvalue = '-';
+	} else {
+		if (flags & DP_F_PLUS) { /* Do a sign (+/i) */
+			signvalue = '+';
+		} else {
+			if (flags & DP_F_SPACE)
+				signvalue = ' ';
+		}
+	}
 
 #if 0
-  if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
+	if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
 #endif
 
-#ifndef HAVE_FCVT
-  intpart = (long)ufvalue;
-
-  /* 
-   * Sorry, we only support 9 digits past the decimal because of our 
-   * conversion method
-   */
-  if (max > 9)
-    max = 9;
-
-  /* We "cheat" by converting the fractional part to integer by
-   * multiplying by a factor of 10
-   */
-  fracpart = round ((pow10 (max)) * (ufvalue - intpart));
-
-  if (fracpart >= pow10 (max))
-  {
-    intpart++;
-    fracpart -= pow10 (max);
-  }
-
-#ifdef DEBUG_SNPRINTF
-  printf("fmtfp: %g %d.%d min=%d max=%d\n", 
-	 (double)fvalue, intpart, fracpart, min, max);
+#if 0
+	 if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */
 #endif
 
-  /* Convert integer part */
-  do {
-    iconvert[iplace++] =
-      (caps? "0123456789ABCDEF":"0123456789abcdef")[intpart % 10];
-    intpart = (intpart / 10);
-  } while(intpart && (iplace < 20));
-  if (iplace == 20) iplace--;
-  iconvert[iplace] = 0;
-
-  /* Convert fractional part */
-  do {
-    fconvert[fplace++] =
-      (caps? "0123456789ABCDEF":"0123456789abcdef")[fracpart % 10];
-    fracpart = (fracpart / 10);
-  } while(fracpart && (fplace < 20));
-  if (fplace == 20) fplace--;
-  fconvert[fplace] = 0;
-#else  /* use fcvt() */
-  if (max > 310)
-    max = 310;
-# ifdef HAVE_FCVTL
-  result = fcvtl(ufvalue, max, &dec_pt, &sig);
-# else
-  result = fcvt(ufvalue, max, &dec_pt, &sig);
-# endif
-
-  r_length = strlen(result);
-
-  /*
-   * Fix broken fcvt implementation returns..
-   */
-
-  if (r_length == 0)
-    {
-      result[0] = '0';
-      result[1] = '\0';
-      r_length = 1;
-    }
-
-  if ( r_length < dec_pt )
-    dec_pt = r_length;
-
-  if (dec_pt <= 0) {
-    iplace = 1;
-    iconvert[0] = '0';
-    iconvert[1] = '\0';
-
-    fplace = 0;
-
-    while(r_length)
-      fconvert[fplace++] = result[--r_length];
-
-    while ((dec_pt < 0) && (fplace < max)) {
-		fconvert[fplace++] = '0';
-		dec_pt++;
+	/* 
+	 * Sorry, we only support 16 digits past the decimal because of our 
+	 * conversion method
+	 */
+	if (max > 16)
+		max = 16;
+
+	/* We "cheat" by converting the fractional part to integer by
+	 * multiplying by a factor of 10
+	 */
+
+	temp = ufvalue;
+	my_modf(temp, &intpart);
+
+	fracpart = ROUND((POW10(max)) * (ufvalue - intpart));
+	
+	if (fracpart >= POW10(max)) {
+		intpart++;
+		fracpart -= POW10(max);
 	}
-  } else {
-    int c;
 
-    iplace=0;
-    for(c=dec_pt; c; iconvert[iplace++] = result[--c])
-		;
-    iconvert[iplace] = '\0';
 
-    result += dec_pt;
-    fplace = 0;
-    
-    for(c=(r_length-dec_pt); c; fconvert[fplace++] = result[--c])
-		;
-  }
-#endif /* fcvt */
+	/* Convert integer part */
+	do {
+		temp = intpart;
+		my_modf(intpart*0.1, &intpart);
+		temp = temp*0.1;
+		index = (int) ((temp -intpart +0.05)* 10.0);
+		/* index = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */
+		/* printf ("%llf, %f, %x\n", temp, intpart, index); */
+		iconvert[iplace++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")[index];
+	} while (intpart && (iplace < 311));
+	if (iplace == 311) iplace--;
+	iconvert[iplace] = 0;
+
+	/* Convert fractional part */
+	if (fracpart)
+	{
+		do {
+			temp = fracpart;
+			my_modf(fracpart*0.1, &fracpart);
+			temp = temp*0.1;
+			index = (int) ((temp -fracpart +0.05)* 10.0);
+			/* index = (int) ((((temp/10) -fracpart) +0.05) *10); */
+			/* printf ("%lf, %lf, %ld\n", temp, fracpart, index); */
+			fconvert[fplace++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")[index];
+		} while(fracpart && (fplace < 311));
+		if (fplace == 311) fplace--;
+	}
+	fconvert[fplace] = 0;
   
-  /* -1 for decimal point, another -1 if we are printing a sign */
-  padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); 
-  zpadlen = max - fplace;
-  if (zpadlen < 0)
-    zpadlen = 0;
-  if (padlen < 0) 
-    padlen = 0;
-  if (flags & DP_F_MINUS) 
-    padlen = -padlen; /* Left Justifty */
-
-  if ((flags & DP_F_ZERO) && (padlen > 0)) 
-  {
-    if (signvalue) 
-    {
-      dopr_outch (buffer, currlen, maxlen, signvalue);
-      --padlen;
-      signvalue = 0;
-    }
-    while (padlen > 0)
-    {
-      dopr_outch (buffer, currlen, maxlen, '0');
-      --padlen;
-    }
-  }
-  while (padlen > 0)
-  {
-    dopr_outch (buffer, currlen, maxlen, ' ');
-    --padlen;
-  }
-  if (signvalue) 
-    dopr_outch (buffer, currlen, maxlen, signvalue);
-
-  while (iplace > 0) 
-    dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
-
+	/* -1 for decimal point, another -1 if we are printing a sign */
+	padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); 
+	zpadlen = max - fplace;
+	if (zpadlen < 0) zpadlen = 0;
+	if (padlen < 0) 
+		padlen = 0;
+	if (flags & DP_F_MINUS) 
+		padlen = -padlen; /* Left Justifty */
+	
+	if ((flags & DP_F_ZERO) && (padlen > 0)) {
+		if (signvalue) {
+			dopr_outch (buffer, currlen, maxlen, signvalue);
+			--padlen;
+			signvalue = 0;
+		}
+		while (padlen > 0) {
+			dopr_outch (buffer, currlen, maxlen, '0');
+			--padlen;
+		}
+	}
+	while (padlen > 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		--padlen;
+	}
+	if (signvalue) 
+		dopr_outch (buffer, currlen, maxlen, signvalue);
+	
+	while (iplace > 0) 
+		dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
 
 #ifdef DEBUG_SNPRINTF
-  printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
+	printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
 #endif
 
-  /*
-   * Decimal point.  This should probably use locale to find the correct
-   * char to print out.
-   */
-  if (max > 0) {
-	  dopr_outch (buffer, currlen, maxlen, '.');
-
-	  while (fplace > 0) 
-		  dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
-  }
-
-  while (zpadlen > 0)
-  {
-    dopr_outch (buffer, currlen, maxlen, '0');
-    --zpadlen;
-  }
-
-  while (padlen < 0) 
-  {
-    dopr_outch (buffer, currlen, maxlen, ' ');
-    ++padlen;
-  }
+	/*
+	 * Decimal point.  This should probably use locale to find the correct
+	 * char to print out.
+	 */
+	if (max > 0) {
+		dopr_outch (buffer, currlen, maxlen, '.');
+		
+		while (fplace > 0) 
+			dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
+	}
+	
+	while (zpadlen > 0) {
+		dopr_outch (buffer, currlen, maxlen, '0');
+		--zpadlen;
+	}
+
+	while (padlen < 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++padlen;
+	}
 }
 
-static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c)
+static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
 {
-  if (*currlen < maxlen)
-    buffer[(*currlen)++] = c;
+	if (*currlen < maxlen) {
+		buffer[(*currlen)] = c;
+	}
+	(*currlen)++;
 }
-#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
 
-#ifndef HAVE_VSNPRINTF
+#if !defined(HAVE_VSNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
  int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
 {
-  str[0] = 0;
-  dopr(str, count, fmt, args);
-  return(strlen(str));
+	return dopr(str, count, fmt, args);
 }
-#endif /* !HAVE_VSNPRINTF */
-
-#if 0 /* DONT USE SNPRINTF !!! */
-#ifndef HAVE_SNPRINTF
-/* VARARGS3 */
-#ifdef HAVE_STDARGS
- int snprintf (char *str,size_t count,const char *fmt,...)
-#else
- int snprintf (va_alist) va_dcl
 #endif
+
+#if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
+ int snprintf(char *str,size_t count,const char *fmt,...)
 {
-#ifndef HAVE_STDARGS
-  char *str;
-  size_t count;
-  char *fmt;
-#endif
-  VA_LOCAL_DECL;
+	size_t ret;
+	va_list ap;
     
-  VA_START (fmt);
-  VA_SHIFT (str, char *);
-  VA_SHIFT (count, size_t );
-  VA_SHIFT (fmt, char *);
-  (void) vsnprintf(str, count, fmt, ap);
-  VA_END;
-  return(strlen(str));
+	va_start(ap, fmt);
+	ret = vsnprintf(str, count, fmt, ap);
+	va_end(ap);
+	return ret;
 }
 #endif
 
-#else
- /* keep compilers happy about empty files */
- void dummy_snprintf(void) {}
-#endif /* !HAVE_SNPRINTF */
+#endif 
 
-#ifdef TEST_SNPRINTF
-#ifndef LONG_STRING
-#define LONG_STRING 1024
+#ifndef HAVE_VASPRINTF
+ int vasprintf(char **ptr, const char *format, va_list ap)
+{
+	int ret;
+	
+	ret = vsnprintf(NULL, 0, format, ap);
+	if (ret <= 0) return ret;
+
+	(*ptr) = (char *)malloc(ret+1);
+	if (!*ptr) return -1;
+	ret = vsnprintf(*ptr, ret+1, format, ap);
+
+	return ret;
+}
 #endif
+
+
+#ifndef HAVE_ASPRINTF
+ int asprintf(char **ptr, const char *format, ...)
+{
+	va_list ap;
+	int ret;
+	
+	va_start(ap, format);
+	ret = vasprintf(ptr, format, ap);
+	va_end(ap);
+
+	return ret;
+}
+#endif
+
+#ifdef TEST_SNPRINTF
+
+ int sprintf(char *str,const char *fmt,...);
+
  int main (void)
 {
-  char buf1[LONG_STRING];
-  char buf2[LONG_STRING];
-  char *fp_fmt[] = {
-    "%-1.5f",
-    "%1.5f",
-    "%123.9f",
-    "%10.5f",
-    "% 10.5f",
-    "%+22.9f",
-    "%+4.9f",
-    "%01.3f",
-    "%4f",
-    "%3.1f",
-    "%3.2f",
-    "%.0f",
-    "%.1f",
-    NULL
-  };
-  double fp_nums[] = { -1.5, 134.21, 91340.2, 341.1234, 0203.9, 0.96, 0.996, 
-    0.9996, 1.996, 4.136, 6442452944.1234, 0};
-  char *int_fmt[] = {
-    "%-1.5d",
-    "%1.5d",
-    "%123.9d",
-    "%5.5d",
-    "%10.5d",
-    "% 10.5d",
-    "%+22.33d",
-    "%01.3d",
-    "%4d",
-    NULL
-  };
-  long int_nums[] = { -1, 134, 91340, 341, 0203, 0};
-  int x, y;
-  int fail = 0;
-  int num = 0;
-
-  printf ("Testing snprintf format codes against system sprintf...\n");
-
-  for (x = 0; fp_fmt[x] != NULL ; x++)
-    for (y = 0; fp_nums[y] != 0 ; y++)
-    {
-      snprintf (buf1, sizeof (buf1), fp_fmt[x], fp_nums[y]);
-      sprintf (buf2, fp_fmt[x], fp_nums[y]);
-      if (strcmp (buf1, buf2))
-      {
-	printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf  = %s\n", 
-	    fp_fmt[x], buf1, buf2);
-	fail++;
-      }
-      num++;
-    }
-
-  for (x = 0; int_fmt[x] != NULL ; x++)
-    for (y = 0; int_nums[y] != 0 ; y++)
-    {
-      snprintf (buf1, sizeof (buf1), int_fmt[x], int_nums[y]);
-      sprintf (buf2, int_fmt[x], int_nums[y]);
-      if (strcmp (buf1, buf2))
-      {
-	printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf  = %s\n", 
-	    int_fmt[x], buf1, buf2);
-	fail++;
-      }
-      num++;
-    }
-  printf ("%d tests failed out of %d.\n", fail, num);
+	char buf1[1024];
+	char buf2[1024];
+	char *fp_fmt[] = {
+		"%1.1f",
+		"%-1.5f",
+		"%1.5f",
+		"%123.9f",
+		"%10.5f",
+		"% 10.5f",
+		"%+22.9f",
+		"%+4.9f",
+		"%01.3f",
+		"%4f",
+		"%3.1f",
+		"%3.2f",
+		"%.0f",
+		"%f",
+		"-16.16f",
+		NULL
+	};
+	double fp_nums[] = { 6442452944.1234, -1.5, 134.21, 91340.2, 341.1234, 0203.9, 0.96, 0.996, 
+			     0.9996, 1.996, 4.136,  0};
+	char *int_fmt[] = {
+		"%-1.5d",
+		"%1.5d",
+		"%123.9d",
+		"%5.5d",
+		"%10.5d",
+		"% 10.5d",
+		"%+22.33d",
+		"%01.3d",
+		"%4d",
+		"%d",
+		NULL
+	};
+	long int_nums[] = { -1, 134, 91340, 341, 0203, 0};
+	char *str_fmt[] = {
+		"10.5s",
+		"5.10s",
+		"10.1s",
+		"0.10s",
+		"10.0s",
+		"1.10s",
+		"%s",
+		"%.1s",
+		"%.10s",
+		"%10s",
+		NULL
+	};
+	char *str_vals[] = {"hello", "a", "", "a longer string", NULL};
+	int x, y;
+	int fail = 0;
+	int num = 0;
+
+	printf ("Testing snprintf format codes against system sprintf...\n");
+
+	for (x = 0; fp_fmt[x] ; x++) {
+		for (y = 0; fp_nums[y] != 0 ; y++) {
+			int l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]);
+			int l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]);
+			sprintf (buf2, fp_fmt[x], fp_nums[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", 
+				       fp_fmt[x], buf1, buf2);
+				fail++;
+			}
+			if (l1 != l2) {
+				printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, fp_fmt[x]);
+				fail++;
+			}
+			num++;
+		}
+	}
+
+	for (x = 0; int_fmt[x] ; x++) {
+		for (y = 0; int_nums[y] != 0 ; y++) {
+			int l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]);
+			int l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]);
+			sprintf (buf2, int_fmt[x], int_nums[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", 
+				       int_fmt[x], buf1, buf2);
+				fail++;
+			}
+			if (l1 != l2) {
+				printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, int_fmt[x]);
+				fail++;
+			}
+			num++;
+		}
+	}
+
+	for (x = 0; str_fmt[x] ; x++) {
+		for (y = 0; str_vals[y] != 0 ; y++) {
+			int l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]);
+			int l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]);
+			sprintf (buf2, str_fmt[x], str_vals[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\tsnprintf = [%s]\n\t sprintf = [%s]\n", 
+				       str_fmt[x], buf1, buf2);
+				fail++;
+			}
+			if (l1 != l2) {
+				printf("snprintf l1 != l2 (%d %d) %s\n", l1, l2, str_fmt[x]);
+				fail++;
+			}
+			num++;
+		}
+	}
+
+	printf ("%d tests failed out of %d.\n", fail, num);
+
+	printf("seeing how many digits we support\n");
+	{
+		double v0 = 0.12345678901234567890123456789012345678901;
+		for (x=0; x<100; x++) {
+			snprintf(buf1, sizeof(buf1), "%1.1f", v0*pow(10, x));
+			sprintf(buf2,                "%1.1f", v0*pow(10, x));
+			if (strcmp(buf1, buf2)) {
+				printf("we seem to support %d digits\n", x-1);
+				break;
+			}
+		}
+	}
+
+	return 0;
 }
 #endif /* SNPRINTF_TEST */
-
diff --git a/source/lib/substitute.c b/source/lib/substitute.c
index 6abdeea114c..25be4b030f7 100644
--- a/source/lib/substitute.c
+++ b/source/lib/substitute.c
@@ -172,9 +172,21 @@ void standard_sub_basic(char *str)
 	fstring pidstr;
 
 	for (s=str; (p=strchr(s, '%'));s=p) {
+		fstring tmp_str;
+
 		int l = sizeof(pstring) - (int)(p-str);
 		
 		switch (*(p+1)) {
+		case 'U' : 
+			fstrcpy(tmp_str, sam_logon_in_ssb?samlogon_user:current_user_info.smb_name);
+			strlower(tmp_str);
+			string_sub(p,"%U",tmp_str,l);
+			break;
+		case 'D' :
+			fstrcpy(tmp_str, current_user_info.domain);
+			strupper(tmp_str);
+			string_sub(p,"%D", tmp_str,l);
+			break;
 		case 'I' : string_sub(p,"%I", client_addr(),l); break;
 		case 'L' : string_sub(p,"%L", local_machine,l); break;
 		case 'M' : string_sub(p,"%M", client_name(),l); break;
@@ -212,7 +224,6 @@ void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, c
 		int l = sizeof(pstring) - (int)(p-str);
 		
 		switch (*(p+1)) {
-		case 'U' : string_sub(p,"%U",sam_logon_in_ssb?samlogon_user:current_user_info.smb_name,l); break;
 		case 'G' :
 			if ((pass = Get_Pwnam(user,False))!=NULL) {
 				string_sub(p,"%G",gidtoname(pass->pw_gid),l);
@@ -220,7 +231,6 @@ void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, c
 				p += 2;
 			}
 			break;
-		case 'D' : string_sub(p,"%D", current_user_info.domain,l); break;
 		case 'N' : string_sub(p,"%N", automount_server(user),l); break;
 		case 'H':
 			if ((home = get_user_home_dir(user))) {
diff --git a/source/lib/sysacls.c b/source/lib/sysacls.c
index d1b6e58b409..0770a8856a2 100644
--- a/source/lib/sysacls.c
+++ b/source/lib/sysacls.c
@@ -45,8 +45,9 @@ extern int DEBUGLEVEL;
  int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
  int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
  int sys_acl_valid( SMB_ACL_T theacl )
- int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
  int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
+ int sys_acl_delete_def_file(const char *path)
 
  This next one is not POSIX complient - but we *have* to have it !
  More POSIX braindamage.
@@ -160,7 +161,7 @@ int sys_acl_valid( SMB_ACL_T theacl )
 	return acl_valid(theacl);
 }
 
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
 {
 	return acl_set_file(name, acltype, theacl);
 }
@@ -170,6 +171,11 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
 	return acl_set_fd(fd, theacl);
 }
 
+int sys_acl_delete_def_file(const char *name)
+{
+	return acl_delete_def_file(name);
+}
+
 int sys_acl_free_text(char *text)
 {
 	return acl_free(text);
@@ -649,17 +655,40 @@ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
 	return 0;
 }
 
-int sys_acl_valid(SMB_ACL_T acl_d)
+/*
+ * sort the ACL and check it for validity
+ *
+ * if it's a minimal ACL with only 4 entries then we
+ * need to recalculate the mask permissions to make
+ * sure that they are the same as the GROUP_OBJ
+ * permissions as required by the UnixWare acl() system call.
+ *
+ * (note: since POSIX allows minimal ACLs which only contain
+ * 3 entries - ie there is no mask entry - we should, in theory,
+ * check for this and add a mask entry if necessary - however
+ * we "know" that the caller of this interface always specifies
+ * a mask so, in practice "this never happens" (tm) - if it *does*
+ * happen aclsort() will fail and return an error and someone will
+ * have to fix it ...)
+ */
+
+static int acl_sort(SMB_ACL_T acl_d)
 {
-	if (aclsort(acl_d->count, 1, acl_d->acl) != 0) {
+	int     fixmask = (acl_d->count <= 4);
+
+	if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
 		errno = EINVAL;
 		return -1;
 	}
-
 	return 0;
 }
+ 
+int sys_acl_valid(SMB_ACL_T acl_d)
+{
+	return acl_sort(acl_d);
+}
 
-int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 {
 	struct stat	s;
 	struct acl	*acl_p;
@@ -672,7 +701,7 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 		return -1;
 	}
 
-	if (stat(name, &s) != 0) {
+	if (acl_sort(acl_d) != 0) {
 		return -1;
 	}
 
@@ -684,6 +713,9 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 	 * since the acl() system call will replace both
 	 * the access ACLs and the default ACLs (if any)
 	 */
+	if (stat(name, &s) != 0) {
+		return -1;
+	}
 	if (S_ISDIR(s.st_mode)) {
 		SMB_ACL_T	acc_acl;
 		SMB_ACL_T	def_acl;
@@ -692,13 +724,11 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 
 		if (type == SMB_ACL_TYPE_ACCESS) {
 			acc_acl = acl_d;
-			def_acl = 
-			tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
+			def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
 
 		} else {
 			def_acl = acl_d;
-			acc_acl = 
-			tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
+			acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
 		}
 
 		if (tmp_acl == NULL) {
@@ -708,9 +738,8 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 		/*
 		 * allocate a temporary buffer for the complete ACL
 		 */
-		acl_count	= acc_acl->count + def_acl->count;
-		acl_p		=
-		acl_buf		= malloc(acl_count * sizeof(acl_buf[0]));
+		acl_count = acc_acl->count + def_acl->count;
+		acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
 
 		if (acl_buf == NULL) {
 			sys_acl_free_acl(tmp_acl);
@@ -741,12 +770,7 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 		return -1;
 	}
 
-	if (aclsort(acl_count, 1, acl_p) != 0) {
-		errno = EINVAL;
-		ret = -1;
-	} else {
-		ret = acl(name, SETACL, acl_count, acl_p);
-	}
+	ret = acl(name, SETACL, acl_count, acl_p);
 
 	if (acl_buf) {
 		free(acl_buf);
@@ -757,14 +781,33 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 
 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
 {
-	if (aclsort(acl_d->count, 1, acl_d->acl) != 0) {
-		errno = EINVAL;
+	if (acl_sort(acl_d) != 0) {
 		return -1;
 	}
 
 	return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
 }
 
+int sys_acl_delete_def_file(const char *path)
+{
+	SMB_ACL_T	acl_d;
+	int		ret;
+
+	/*
+	 * fetching the access ACL and rewriting it has
+	 * the effect of deleting the default ACL
+	 */
+	if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
+		return -1;
+	}
+
+	ret = acl(path, SETACL, acl_d->count, acl_d->acl);
+
+	sys_acl_free_acl(acl_d);
+	
+	return ret;
+}
+
 int sys_acl_free_text(char *text)
 {
 	free(text);
@@ -1003,7 +1046,7 @@ int sys_acl_valid(SMB_ACL_T acl_d)
 	return acl_valid(acl_d->aclp);
 }
 
-int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
+int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
 {
 	return acl_set_file(name, type, acl_d->aclp);
 }
@@ -1013,6 +1056,11 @@ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
 	return acl_set_fd(fd, acl_d->aclp);
 }
 
+int sys_acl_delete_def_file(const char *name)
+{
+	return acl_delete_def_file(name);
+}
+
 int sys_acl_free_text(char *text)
 {
 	return acl_free(text);
@@ -1032,225 +1080,6 @@ int sys_acl_free_qualifier(void *qual)
 	return 0;
 }
 
-#elif defined(HAVE_XFS_ACLS)
-/* For Linux SGI/XFS Filesystems    
- * contributed by J Trostel, Connex 
- *                                  */
-
-/* based on the implementation for Solaris by Toomas Soome.. which is 
- * based on the implementation  by Micheal Davidson for Unixware...
- *
- * Linux XFS is a 'work-in-progress'
- * This interface may change...  
- * You've been warned ;->           */
-
-/* First, do the identity mapping */
-
-int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-{
-	if( acl_get_entry( the_acl, entry_id, entry_p) >= 0) {
-		return 1;
-	}
-	else {
-		return -1;
-	}
-}
-
-SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
-{
-	return acl_get_file( path_p, type);
-}
-
-SMB_ACL_T sys_acl_get_fd(int fd)
-{
-	return acl_get_fd(fd);
-}
-
-char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
-{
-	return acl_to_text( the_acl, plen);
-}
-
-int sys_acl_valid( SMB_ACL_T theacl )
-{
-	return acl_valid(theacl);
-}
-
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
-{
-	return acl_set_file(name, acltype, theacl);
-}
-
-int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
-{
-	return acl_set_fd(fd, theacl);
-}
-
-/* Now the functions I need to define for XFS */
-
-int sys_acl_create_entry( SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
-{
-	acl_t acl, newacl;
-	acl_entry_t ace;
-	int cnt;
-
-	acl = *acl_p;
-	ace = *entry_p;
-
-	if((*acl_p == NULL) || (ace == NULL)){
-		errno = EINVAL;
-		return -1;
-	}
-	
-	cnt = acl->acl_cnt;	
-	if( (cnt + 1) > ACL_MAX_ENTRIES  ){
-		errno = ENOSPC;
-		return -1;
-	}
-
-	newacl = (acl_t)malloc(sizeof(struct acl));
-	if(newacl == NULL){
-		errno = ENOMEM;
-		return -1;
-	}
-	
-	*newacl = *acl;
-	newacl->acl_entry[cnt] = *ace;
-	newacl->acl_cnt = cnt + 1;
-
-	acl_free(*acl_p);
-	*acl_p = newacl;
-	*entry_p = &newacl->acl_entry[cnt];
-	return 0;
-}
-
-
-int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-{
-	*tag_type_p = entry_d->ae_tag;
-	return 0;
-}
-
-int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-{
-	*permset_p = &entry_d->ae_perm;
-	return 0;
-}
-
-void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
-{
-	if (entry_d->ae_tag != SMB_ACL_USER
-		&& entry_d->ae_tag != SMB_ACL_GROUP) {
-		errno = EINVAL;
-		return NULL;
-	}	
-	return &entry_d->ae_id;
-}
-
-int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
-{
-	*permset = 0;
-	return 0;
-}
-
-int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-{
-	return (*permset & perm);
-}
-
-int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-{
-
-	/* TO DO: Add in ALL possible permissions here */
-	/* TO DO: Include extended ones!! */
-
-	if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE && perm != SMB_ACL_EXECUTE) {
-		errno = EINVAL;
-		return -1;
-	}
-	
-	if(permset == NULL) {
-		errno = EINVAL;
-		return -1;
-	}
-	
-	*permset |= perm;
-	
-	return 0;
-}
-
-SMB_ACL_T sys_acl_init( int count)
-{
-	SMB_ACL_T a;
-	if((count > ACL_MAX_ENTRIES) || (count < 0)) {
-		errno = EINVAL;
-		return NULL;
-	}
-	else {
-		a = (struct acl *)malloc(sizeof(struct acl)); /* where is this memory freed? */
-		a->acl_cnt = 0;
-		return a;
-	}
-}
-
-int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
-{
-	
-	switch (tag_type) {
-		case SMB_ACL_USER:
-		case SMB_ACL_USER_OBJ:
-		case SMB_ACL_GROUP:
-		case SMB_ACL_GROUP_OBJ:
-		case SMB_ACL_OTHER:
-		case SMB_ACL_MASK:
-			entry_d->ae_tag = tag_type;
-			break;
-		default:
-			errno = EINVAL;
-			return -1;
-	}
-	return 0;
-}
-
-int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry_d, void *qual_p)
-{
-	if(entry_d->ae_tag != SMB_ACL_GROUP &&
-		entry_d->ae_tag != SMB_ACL_USER) {
-		errno = EINVAL;
-		return -1;
-	}
-	
-	entry_d->ae_id = *((uid_t *)qual_p);
-
-	return 0;
-}
-
-int sys_acl_set_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
-{
-  /* TO DO: expand to extended permissions eventually! */
-
-	if(*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
-		return EINVAL;
-	}
-
-	return 0;
-}
-
-int sys_acl_free_text(char *text)
-{
-	return acl_free(text);
-}
-
-int sys_acl_free_acl(SMB_ACL_T the_acl) 
-{
-	return acl_free(the_acl);
-}
-
-int sys_acl_free_qualifier(void *qual) 
-{
-	return 0;
-}
-
 #elif defined(HAVE_AIX_ACLS)
 
 /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
@@ -1914,7 +1743,7 @@ int sys_acl_valid( SMB_ACL_T theacl )
 	return(0);
 }
 
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
 {
 	struct acl_entry_link *acl_entry_link = NULL;
 	struct acl *file_acl = NULL;
@@ -2098,6 +1927,12 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
 	return(rc);
 }
 
+int sys_acl_delete_def_file(const char *name)
+{
+	/* AIX has no default ACL */
+	return 0;
+}
+
 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
 {
 	return(*permset & perm);
@@ -2234,7 +2069,7 @@ int sys_acl_valid( SMB_ACL_T theacl )
 	return -1;
 }
 
-int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
+int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
 {
 	errno = ENOSYS;
 	return -1;
@@ -2246,6 +2081,12 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
 	return -1;
 }
 
+int sys_acl_delete_def_file(const char *name)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
 int sys_acl_free_acl(SMB_ACL_T the_acl) 
 {
 	errno = ENOSYS;
diff --git a/source/lib/system.c b/source/lib/system.c
index 0c627b2f659..a402af77c9b 100644
--- a/source/lib/system.c
+++ b/source/lib/system.c
@@ -265,6 +265,34 @@ char *sys_getwd(char *s)
 }
 
 /*******************************************************************
+system wrapper for symlink
+********************************************************************/
+
+int sys_symlink(const char *oldpath, const char *newpath)
+{
+#ifndef HAVE_SYMLINK
+	errno = ENOSYS;
+	return -1;
+#else
+	return symlink(oldpath, newpath);
+#endif
+}
+
+/*******************************************************************
+system wrapper for readlink
+********************************************************************/
+
+int sys_readlink(const char *path, char *buf, size_t bufsiz)
+{
+#ifndef HAVE_READLINK
+	errno = ENOSYS;
+	return -1;
+#else
+	return readlink(path, buf, bufsiz);
+#endif
+}
+
+/*******************************************************************
 chown isn't used much but OS/2 doesn't have it
 ********************************************************************/
 
@@ -583,6 +611,9 @@ int sys_setgroups(int setlen, gid_t *gidset)
 struct saved_pw {
 	fstring 	pw_name;
 	fstring 	pw_passwd;
+	fstring		pw_gecos;
+	pstring		pw_dir;
+	pstring		pw_shell;
 	struct passwd pass;
 };
 
@@ -594,6 +625,26 @@ static int num_lookups; /* Counter so we don't always use cache. */
 #define PW_RET_CACHE_MAX_LOOKUPS 100
 #endif
 
+static void copy_pwent(struct saved_pw *dst, struct passwd *pass)
+{
+	memcpy((char *)&dst->pass, pass, sizeof(struct passwd));
+
+	fstrcpy(dst->pw_name, pass->pw_name);
+	dst->pass.pw_name = dst->pw_name;
+
+	fstrcpy(dst->pw_passwd, pass->pw_passwd);
+	dst->pass.pw_passwd = dst->pw_passwd;
+
+	fstrcpy(dst->pw_gecos, pass->pw_gecos);
+	dst->pass.pw_gecos = dst->pw_gecos;
+
+	pstrcpy(dst->pw_dir, pass->pw_dir);
+	dst->pass.pw_dir = dst->pw_dir;
+
+	pstrcpy(dst->pw_shell, pass->pw_shell);
+	dst->pass.pw_shell = dst->pw_shell;
+}
+
 static struct passwd *setup_pwret(struct passwd *pass)
 {
 	if (pass == NULL) {
@@ -604,25 +655,13 @@ static struct passwd *setup_pwret(struct passwd *pass)
 		return NULL;
 	}
 
-	/* this gets the uid, gid and null pointers */
-
-	memcpy((char *)&pw_mod.pass, pass, sizeof(struct passwd));
-	fstrcpy(pw_mod.pw_name, pass->pw_name);
-	pw_mod.pass.pw_name = pw_mod.pw_name;
-	fstrcpy(pw_mod.pw_passwd, pass->pw_passwd);
-	pw_mod.pass.pw_passwd = pw_mod.pw_passwd;
-
+	copy_pwent( &pw_mod, pass);
 
 	if (pass != &pw_cache.pass) {
 
 		/* If it's a cache miss we must also refill the cache. */
 
-		memcpy((char *)&pw_cache.pass, pass, sizeof(struct passwd));
-		fstrcpy(pw_cache.pw_name, pass->pw_name);
-		pw_cache.pass.pw_name = pw_cache.pw_name;
-		fstrcpy(pw_cache.pw_passwd, pass->pw_passwd);
-		pw_cache.pass.pw_passwd = pw_cache.pw_passwd;
-
+		copy_pwent( &pw_cache, pass);
 		num_lookups = 1;
 
 	} else {
diff --git a/source/lib/talloc.c b/source/lib/talloc.c
index 54a3d8ed769..a8ee481744b 100644
--- a/source/lib/talloc.c
+++ b/source/lib/talloc.c
@@ -35,10 +35,7 @@
 
 #include "includes.h"
 
-#define TALLOC_ALIGN 32
-#define TALLOC_CHUNK_SIZE (0x2000)
-
-/* initialissa talloc context. */
+/* initialise talloc context. */
 TALLOC_CTX *talloc_init(void)
 {
 	TALLOC_CTX *t;
@@ -56,43 +53,55 @@ TALLOC_CTX *talloc_init(void)
 void *talloc(TALLOC_CTX *t, size_t size)
 {
 	void *p;
-	if (size == 0)
-	{
-		/* debugging value used to track down
-		   memory problems. BAD_PTR is defined
-		   in talloc.h */
-		p = BAD_PTR;
-		return p;
-	}
+	struct talloc_chunk *tc;
 
-	/* normal code path */
-	size = (size + (TALLOC_ALIGN-1)) & ~(TALLOC_ALIGN-1);
+	if (size == 0) return NULL;
 
-	if (!t->list || (t->list->total_size - t->list->alloc_size) < size) {
-		struct talloc_chunk *c;
-		size_t asize = (size + (TALLOC_CHUNK_SIZE-1)) & ~(TALLOC_CHUNK_SIZE-1);
+	p = malloc(size);
+	if (!p) return p;
 
-		c = (struct talloc_chunk *)malloc(sizeof(*c));
-		if (!c) return NULL;
-		c->next = t->list;
-		c->ptr = (void *)malloc(asize);
-		if (!c->ptr) {
-			free(c);
-			return NULL;
-		}
-		c->alloc_size = 0;
-		c->total_size = asize;
-		t->list = c;
-		t->total_alloc_size += asize;
+	tc = malloc(sizeof(*tc));
+	if (!tc) {
+		free(p);
+		return NULL;
 	}
 
-	p = ((char *)t->list->ptr) + t->list->alloc_size;
-	t->list->alloc_size += size;
+	tc->ptr = p;
+	tc->size = size;
+	tc->next = t->list;
+	t->list = tc;
+	t->total_alloc_size += size;
 
-	
 	return p;
 }
 
+/* a talloc version of realloc */
+void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size)
+{
+	struct talloc_chunk *tc;
+
+	/* size zero is equivalent to free() */
+	if (size == 0)
+		return NULL;
+
+	/* realloc(NULL) is equavalent to malloc() */
+	if (ptr == NULL)
+		return talloc(t, size);
+
+	for (tc=t->list; tc; tc=tc->next) {
+		if (tc->ptr == ptr) {
+			ptr = realloc(ptr, size);
+			if (ptr) {
+				t->total_alloc_size += (size - tc->size);
+				tc->size = size;
+				tc->ptr = ptr;
+			}
+			return ptr;
+		}
+	}
+	return NULL;
+}
+
 /* destroy a whole pool */
 void talloc_destroy_pool(TALLOC_CTX *t)
 {
@@ -103,7 +112,7 @@ void talloc_destroy_pool(TALLOC_CTX *t)
 
 	while (t->list) {
 		c = t->list->next;
-		free(t->list->ptr);
+		if (t->list->ptr) free(t->list->ptr);
 		free(t->list);
 		t->list = c;
 	}
@@ -118,14 +127,13 @@ void talloc_destroy(TALLOC_CTX *t)
 	if (!t)
 		return;
 	talloc_destroy_pool(t);
+	memset(t, 0, sizeof(*t));
 	free(t);
 }
 
 /* return the current total size of the pool. */
 size_t talloc_pool_size(TALLOC_CTX *t)
 {
-	if (!t->list)
-		return 0;
 	return t->total_alloc_size;
 }
 
@@ -152,3 +160,9 @@ void *talloc_memdup(TALLOC_CTX *t, void *p, size_t size)
 
 	return newp;
 }
+
+/* strdup with a talloc */
+char *talloc_strdup(TALLOC_CTX *t, char *p)
+{
+	return talloc_memdup(t, p, strlen(p) + 1);
+}
diff --git a/source/lib/ufc.c b/source/lib/ufc.c
index 86cb41a10c7..ecc04d9e97c 100644
--- a/source/lib/ufc.c
+++ b/source/lib/ufc.c
@@ -282,9 +282,7 @@ static ufc_long longmask[32] = {
  * bzero and some don't have memset.
  */
 
-static void clearmem(start, cnt)
-  char *start;
-  int cnt;
+static void clearmem(char *start, int cnt)
   { while(cnt--)
       *start++ = '\0';
   }
@@ -300,7 +298,7 @@ static int initialized = 0;
  * by fcrypt users.
  */
 
-static void ufc_init_des()
+static void ufc_init_des(void)
   { int comes_from_bit;
     int bit, sg;
     ufc_long j;
@@ -351,13 +349,13 @@ static void ufc_init_des()
     clearmem((char*)eperm32tab, sizeof(eperm32tab));
 
     for(bit = 0; bit < 48; bit++) {
-      ufc_long mask1,comes_from;
+      ufc_long inner_mask1,comes_from;
 	
       comes_from = perm32[esel[bit]-1]-1;
-      mask1      = bytemask[comes_from % 8];
+      inner_mask1      = bytemask[comes_from % 8];
 	
       for(j = 256; j--;) {
-	if(j & mask1)
+	if(j & inner_mask1)
 	  eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK(bit % 24);
       }
     }
@@ -432,7 +430,7 @@ static void ufc_init_des()
     clearmem((char*)efp, sizeof efp);
     for(bit = 0; bit < 64; bit++) {
       int o_bit, o_long;
-      ufc_long word_value, mask1, mask2;
+      ufc_long word_value, inner_mask1, inner_mask2;
       int comes_from_f_bit, comes_from_e_bit;
       int comes_from_word, bit_within_word;
 
@@ -452,12 +450,12 @@ static void ufc_init_des()
       comes_from_word  = comes_from_e_bit / 6;        /* 0..15 */
       bit_within_word  = comes_from_e_bit % 6;        /* 0..5  */
 
-      mask1 = longmask[bit_within_word + 26];
-      mask2 = longmask[o_bit];
+      inner_mask1 = longmask[bit_within_word + 26];
+      inner_mask2 = longmask[o_bit];
 
       for(word_value = 64; word_value--;) {
-	if(word_value & mask1)
-	  efp[comes_from_word][word_value][o_long] |= mask2;
+	if(word_value & inner_mask1)
+	  efp[comes_from_word][word_value][o_long] |= inner_mask2;
       }
     }
     initialized++;
@@ -469,9 +467,7 @@ static void ufc_init_des()
  */
 
 #ifdef _UFC_32_
-static void shuffle_sb(k, saltbits)
-  long32 *k;
-  ufc_long saltbits;
+static void shuffle_sb(long32 *k, ufc_long saltbits)
   { ufc_long j;
     long32 x;
     for(j=4096; j--;) {
@@ -483,9 +479,7 @@ static void shuffle_sb(k, saltbits)
 #endif
 
 #ifdef _UFC_64_
-static void shuffle_sb(k, saltbits)
-  long64 *k;
-  ufc_long saltbits;
+static void shuffle_sb(long64 *k, ufc_long saltbits)
   { ufc_long j;
     long64 x;
     for(j=4096; j--;) {
@@ -504,9 +498,9 @@ static unsigned char current_salt[3] = "&&"; /* invalid value */
 static ufc_long current_saltbits = 0;
 static int direction = 0;
 
-static void setup_salt(char *s1)
+static void setup_salt(const char *s1)
   { ufc_long i, j, saltbits;
-    unsigned char *s2 = (unsigned char *)s1;
+    const unsigned char *s2 = (const unsigned char *)s1;
 
     if(!initialized)
       ufc_init_des();
@@ -544,8 +538,7 @@ static void setup_salt(char *s1)
     current_saltbits = saltbits;
   }
 
-static void ufc_mk_keytab(key)
-  char *key;
+static void ufc_mk_keytab(char *key)
   { ufc_long v1, v2, *k1;
     int i;
 #ifdef _UFC_32_
@@ -594,8 +587,7 @@ static void ufc_mk_keytab(key)
  * Undo an extra E selection and do final permutations
  */
 
-ufc_long *_ufc_dofinalperm(l1, l2, r1, r2)
-  ufc_long l1,l2,r1,r2;
+ufc_long *_ufc_dofinalperm(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2)
   { ufc_long v1, v2, x;
     static ufc_long ary[2];
 
@@ -633,9 +625,7 @@ ufc_long *_ufc_dofinalperm(l1, l2, r1, r2)
  * prefixing with the salt
  */
 
-static char *output_conversion(v1, v2, salt)
-  ufc_long v1, v2;
-  char *salt;
+static char *output_conversion(ufc_long v1, ufc_long v2, const char *salt)
   { static char outbuf[14];
     int i, s;
 
@@ -663,7 +653,7 @@ static char *output_conversion(v1, v2, salt)
 
 static ufc_long *_ufc_doit(ufc_long , ufc_long, ufc_long, ufc_long, ufc_long);
    
-char *ufc_crypt(char *key,char *salt)
+char *ufc_crypt(const char *key,const char *salt)
   { ufc_long *s;
     char ktab[9];
 
@@ -703,8 +693,7 @@ extern long32 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
 
 #define SBA(sb, v) (*(long32*)((char*)(sb)+(v)))
 
-static ufc_long *_ufc_doit(l1, l2, r1, r2, itr)
-  ufc_long l1, l2, r1, r2, itr;
+static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
   { int i;
     long32 s, *k;
 
@@ -743,8 +732,7 @@ extern long64 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[];
 
 #define SBA(sb, v) (*(long64*)((char*)(sb)+(v)))
 
-static ufc_long *_ufc_doit(l1, l2, r1, r2, itr)
-  ufc_long l1, l2, r1, r2, itr;
+static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr)
   { int i;
     long64 l, r, s, *k;
 
diff --git a/source/lib/util.c b/source/lib/util.c
index 8edb6db1157..453bccdd361 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -335,12 +335,31 @@ void smb_setlen(char *buf,int len)
 ********************************************************************/
 int set_message(char *buf,int num_words,int num_bytes,BOOL zero)
 {
-  if (zero)
-    memset(buf + smb_size,'\0',num_words*2 + num_bytes);
-  CVAL(buf,smb_wct) = num_words;
-  SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
-  smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
-  return (smb_size + num_words*2 + num_bytes);
+	if (zero)
+		memset(buf + smb_size,'\0',num_words*2 + num_bytes);
+	CVAL(buf,smb_wct) = num_words;
+	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
+	smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+	return (smb_size + num_words*2 + num_bytes);
+}
+
+/*******************************************************************
+  setup only the byte count for a smb message
+********************************************************************/
+void set_message_bcc(char *buf,int num_bytes)
+{
+	int num_words = CVAL(buf,smb_wct);
+	SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);  
+	smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+}
+
+/*******************************************************************
+  setup only the byte count for a smb message, using the end of the
+  message as a marker
+********************************************************************/
+void set_message_end(void *outbuf,void *end_ptr)
+{
+	set_message_bcc((char *)outbuf,PTR_DIFF(end_ptr,smb_buf((char *)outbuf)));
 }
 
 /*******************************************************************
@@ -784,13 +803,13 @@ uint32 interpret_addr(char *str)
     res = inet_addr(str);
   } else {
     /* otherwise assume it's a network name of some sort and use 
-       Get_Hostbyname */
-    if ((hp = Get_Hostbyname(str)) == 0) {
-      DEBUG(3,("Get_Hostbyname: Unknown host. %s\n",str));
+       sys_gethostbyname */
+    if ((hp = sys_gethostbyname(str)) == 0) {
+      DEBUG(3,("sys_gethostbyname: Unknown host. %s\n",str));
       return 0;
     }
     if(hp->h_addr == NULL) {
-      DEBUG(3,("Get_Hostbyname: host address is invalid for host %s\n",str));
+      DEBUG(3,("sys_gethostbyname: host address is invalid for host %s\n",str));
       return 0;
     }
     putip((char *)&res,(char *)hp->h_addr);
@@ -977,67 +996,6 @@ BOOL same_net(struct in_addr ip1,struct in_addr ip2,struct in_addr mask)
 
 
 /****************************************************************************
-a wrapper for gethostbyname() that tries with all lower and all upper case 
-if the initial name fails
-****************************************************************************/
-struct hostent *Get_Hostbyname(const char *name)
-{
-  char *name2 = strdup(name);
-  struct hostent *ret;
-
-  if (!name2)
-    {
-      DEBUG(0,("Memory allocation error in Get_Hostbyname! panic\n"));
-      exit(0);
-    }
-
-   
-  /* 
-   * This next test is redundent and causes some systems (with
-   * broken isalnum() calls) problems.
-   * JRA.
-   */
-
-#if 0
-  if (!isalnum(*name2))
-    {
-      free(name2);
-      return(NULL);
-    }
-#endif /* 0 */
-
-  ret = sys_gethostbyname(name2);
-  if (ret != NULL)
-    {
-      free(name2);
-      return(ret);
-    }
-
-  /* try with all lowercase */
-  strlower(name2);
-  ret = sys_gethostbyname(name2);
-  if (ret != NULL)
-    {
-      free(name2);
-      return(ret);
-    }
-
-  /* try with all uppercase */
-  strupper(name2);
-  ret = sys_gethostbyname(name2);
-  if (ret != NULL)
-    {
-      free(name2);
-      return(ret);
-    }
-  
-  /* nothing works :-( */
-  free(name2);
-  return(NULL);
-}
-
-
-/****************************************************************************
 check if a process exists. Does this work on all unixes?
 ****************************************************************************/
 
@@ -1095,13 +1053,15 @@ uid_t nametouid(char *name)
 	uid_t u;
 
 	u = (uid_t)strtol(name, &p, 0);
-	if (p != name) return u;
+	if ((p != name) && (*p == '\0'))
+		return u;
 
 	if (winbind_nametouid(&u, name))
 		return u;
 
 	pass = sys_getpwnam(name);
-	if (pass) return(pass->pw_uid);
+	if (pass)
+		return(pass->pw_uid);
 	return (uid_t)-1;
 }
 
@@ -1117,13 +1077,15 @@ gid_t nametogid(char *name)
 	gid_t g;
 
 	g = (gid_t)strtol(name, &p, 0);
-	if (p != name) return g;
+	if ((p != name) && (*p == '\0'))
+		return g;
 
 	if (winbind_nametogid(&g, name))
 		return g;
 
 	grp = getgrnam(name);
-	if (grp) return(grp->gr_gid);
+	if (grp)
+		return(grp->gr_gid);
 	return (gid_t)-1;
 }
 
@@ -1168,7 +1130,9 @@ char *readdirname(DIR *p)
 
 	{
 		static pstring buf;
-		memcpy(buf, dname, NAMLEN(ptr)+1);
+		int len = NAMLEN(ptr);
+		memcpy(buf, dname, len);
+		buf[len] = 0;
 		dname = buf;
 	}
 
@@ -1714,34 +1678,6 @@ BOOL reg_split_key(char *full_keyname, uint32 *reg_type, char *key_name)
 
 
 /*****************************************************************
-like mktemp() but make sure that no % characters are used
-% characters are bad for us because of the macro subs
- *****************************************************************/  
-char *smbd_mktemp(char *template)
-{
-	char *p = mktemp(template);
-	char *p2;
-	SMB_STRUCT_STAT st;
-
-	if (!p) return NULL;
-
-	while ((p2=strchr(p,'%'))) {
-		p2[0] = 'A';
-		while (sys_stat(p,&st) == 0 && p2[0] < 'Z') {
-			/* damn, it exists */
-			p2[0]++;
-		}
-		if (p2[0] == 'Z') {
-			/* oh well ... better return something */
-			p2[0] = '%';
-			return p;
-		}
-	}
-
-	return p;
-}
-
-/*****************************************************************
 possibly replace mkstemp if it is broken
 *****************************************************************/  
 int smb_mkstemp(char *template)
@@ -1750,8 +1686,8 @@ int smb_mkstemp(char *template)
 	return mkstemp(template);
 #else
 	/* have a reasonable go at emulating it. Hope that
-		the system mktemp() isn't completly hopeless */
-	char *p = smbd_mktemp(template);
+	   the system mktemp() isn't completly hopeless */
+	char *p = mktemp(template);
 	if (!p) return -1;
 	return open(p, O_CREAT|O_EXCL|O_RDWR, 0600);
 #endif
diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c
index e1b18460e24..8b75a5f4876 100644
--- a/source/lib/util_seaccess.c
+++ b/source/lib/util_seaccess.c
@@ -106,14 +106,14 @@ static uint32 check_ace(SEC_ACE *ace, NT_USER_TOKEN *token, uint32 acc_desired,
  include other bits requested.
 **********************************************************************************/ 
 
-static BOOL get_max_access( SEC_ACL *acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status)
+static BOOL get_max_access( SEC_ACL *the_acl, NT_USER_TOKEN *token, uint32 *granted, uint32 desired, uint32 *status)
 {
 	uint32 acc_denied = 0;
 	uint32 acc_granted = 0;
 	size_t i;
 	
-	for ( i = 0 ; i < acl->num_aces; i++) {
-		SEC_ACE *ace = &acl->ace[i];
+	for ( i = 0 ; i < the_acl->num_aces; i++) {
+		SEC_ACE *ace = &the_acl->ace[i];
 		uint32 mask = ace->info.mask;
 
 		if (!token_sid_in_ace( token, ace))
@@ -206,7 +206,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
 {
 	extern NT_USER_TOKEN anonymous_token;
 	size_t i;
-	SEC_ACL *acl;
+	SEC_ACL *the_acl;
 	fstring sid_str;
 	NT_USER_TOKEN *token = user->nt_user_token ? user->nt_user_token : &anonymous_token;
 	uint32 tmp_acc_desired = acc_desired;
@@ -259,15 +259,15 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user,
 		}
 	}
 
-	acl = sd->dacl;
+	the_acl = sd->dacl;
 
 	if (tmp_acc_desired & MAXIMUM_ALLOWED_ACCESS) {
 		tmp_acc_desired &= ~MAXIMUM_ALLOWED_ACCESS;
-		return get_max_access( acl, token, acc_granted, tmp_acc_desired, status);
+		return get_max_access( the_acl, token, acc_granted, tmp_acc_desired, status);
 	}
 
-	for ( i = 0 ; i < acl->num_aces && tmp_acc_desired != 0; i++) {
-		SEC_ACE *ace = &acl->ace[i];
+	for ( i = 0 ; i < the_acl->num_aces && tmp_acc_desired != 0; i++) {
+		SEC_ACE *ace = &the_acl->ace[i];
 
 		DEBUG(10,("se_access_check: ACE %u: type %d, flags = 0x%02x, SID = %s mask = %x, current desired = %x\n",
 			  (unsigned int)i, ace->type, ace->flags,
@@ -310,7 +310,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 {
 	SEC_DESC_BUF *sdb;
 	SEC_DESC *sd;
-	SEC_ACL *new_dacl, *acl;
+	SEC_ACL *new_dacl, *the_acl;
 	SEC_ACE *new_ace_list = NULL;
 	int new_ace_list_ndx = 0, i;
 	size_t size;
@@ -319,13 +319,13 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 	   sacl should also be processed but this is left out as sacls are
 	   not implemented in Samba at the moment.*/
 
-	acl = parent_ctr->dacl;
+	the_acl = parent_ctr->dacl;
 
-	if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * acl->num_aces))) 
+	if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces))) 
 		return NULL;
 
-	for (i = 0; acl && i < acl->num_aces; i++) {
-		SEC_ACE *ace = &acl->ace[i];
+	for (i = 0; the_acl && i < the_acl->num_aces; i++) {
+		SEC_ACE *ace = &the_acl->ace[i];
 		SEC_ACE *new_ace = &new_ace_list[new_ace_list_ndx];
 		uint8 new_flags = 0;
 		BOOL inherit = False;
diff --git a/source/lib/util_sec.c b/source/lib/util_sec.c
index 068be684f36..54b819b1cc6 100644
--- a/source/lib/util_sec.c
+++ b/source/lib/util_sec.c
@@ -42,8 +42,34 @@ extern int DEBUGLEVEL;
 
 #define DEBUG(x, y) printf y
 #define smb_panic(x) exit(1)
+#define BOOL int
 #endif
 
+/* are we running as non-root? This is used by the regresison test code,
+   and potentially also for sites that want non-root smbd */
+static uid_t initial_uid;
+
+/****************************************************************************
+remember what uid we got started as - this allows us to run correctly
+as non-root while catching trapdoor systems
+****************************************************************************/
+void sec_init(void)
+{
+	initial_uid = geteuid();
+	if (initial_uid != (uid_t)0) {
+		/* the DEBUG() subsystem has not been initialised when this is called */
+		fprintf(stderr, "WARNING: running as non-root. Some functionality will be missing\n");
+	}
+}
+
+/****************************************************************************
+are we running in non-root mode?
+****************************************************************************/
+BOOL non_root_mode(void)
+{
+	return (initial_uid != (uid_t)0);
+}
+
 /****************************************************************************
 abort if we haven't set the uid correctly
 ****************************************************************************/
@@ -51,11 +77,13 @@ static void assert_uid(uid_t ruid, uid_t euid)
 {
 	if ((euid != (uid_t)-1 && geteuid() != euid) ||
 	    (ruid != (uid_t)-1 && getuid() != ruid)) {
-		DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
-			 (int)ruid, (int)euid,
-			 (int)getuid(), (int)geteuid()));
-		smb_panic("failed to set uid\n");
-		exit(1);
+		if (!non_root_mode()) {
+			DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
+				 (int)ruid, (int)euid,
+				 (int)getuid(), (int)geteuid()));
+			smb_panic("failed to set uid\n");
+			exit(1);
+		}
 	}
 }
 
@@ -66,12 +94,14 @@ static void assert_gid(gid_t rgid, gid_t egid)
 {
 	if ((egid != (gid_t)-1 && getegid() != egid) ||
 	    (rgid != (gid_t)-1 && getgid() != rgid)) {
-		DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
-			 (int)rgid, (int)egid,
-			 (int)getgid(), (int)getegid(),
-			 (int)getuid(), (int)geteuid()));
-		smb_panic("failed to set gid\n");
-		exit(1);
+		if (!non_root_mode()) {
+			DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
+				 (int)rgid, (int)egid,
+				 (int)getgid(), (int)getegid(),
+				 (int)getuid(), (int)geteuid()));
+			smb_panic("failed to set gid\n");
+			exit(1);
+		}
 	}
 }
 
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index e888c1cbcbf..70341507cb7 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -86,22 +86,16 @@ static known_sid_users builtin_groups[] = {
 	{ BUILTIN_ALIAS_RID_BACKUP_OPS, SID_NAME_ALIAS, "Backup Operators" },
 	{  0, (enum SID_NAME_USE)0, NULL}};
 
+#define MAX_SID_NAMES	7
+
 static struct sid_name_map_info
 {
 	DOM_SID *sid;
 	char *name;
 	known_sid_users *known_users;
-}
-sid_name_map[] =
-{
-	{ &global_sam_sid, global_myname, NULL},
-	{ &global_sam_sid, global_myworkgroup, NULL},
-	{ &global_sid_Builtin, "BUILTIN", &builtin_groups[0]},
-	{ &global_sid_World_Domain, "", &everyone_users[0] },
-	{ &global_sid_Creator_Owner_Domain, "", &creator_owner_users[0] },
-	{ &global_sid_NT_Authority, "NT Authority", &nt_authority_users[0] },
-	{ NULL, NULL, NULL}
-};
+} sid_name_map[MAX_SID_NAMES];
+
+static BOOL sid_name_map_initialized = False;
 
 /*
  * An NT compatible anonymous token.
@@ -114,6 +108,65 @@ NT_USER_TOKEN anonymous_token = {
     anon_sid_array
 };
 
+/**************************************************************************
+ quick init function
+ *************************************************************************/
+static void init_sid_name_map (void)
+{
+	int i = 0;
+	
+	if (sid_name_map_initialized) return;
+	
+
+	if ((lp_security() == SEC_USER) && lp_domain_logons()) {
+		sid_name_map[i].sid = &global_sam_sid;
+		sid_name_map[i].name = global_myworkgroup;
+		sid_name_map[i].known_users = NULL;
+		i++;
+		sid_name_map[i].sid = &global_sam_sid;
+		sid_name_map[i].name = global_myname;
+		sid_name_map[i].known_users = NULL;
+		i++;
+	}
+	else {
+		sid_name_map[i].sid = &global_sam_sid;
+		sid_name_map[i].name = global_myname;
+		sid_name_map[i].known_users = NULL;
+		i++;
+	}
+
+	sid_name_map[i].sid = &global_sid_Builtin;
+	sid_name_map[i].name = "BUILTIN";
+	sid_name_map[i].known_users = &builtin_groups[0];
+	i++;
+	
+	sid_name_map[i].sid = &global_sid_World_Domain;
+	sid_name_map[i].name = "";
+	sid_name_map[i].known_users = &everyone_users[0];
+	i++;
+
+	sid_name_map[i].sid = &global_sid_Creator_Owner_Domain;
+	sid_name_map[i].name = "";
+	sid_name_map[i].known_users = &creator_owner_users[0];
+	i++;
+		
+	sid_name_map[i].sid = &global_sid_NT_Authority;
+	sid_name_map[i].name = "NT Authority";
+	sid_name_map[i].known_users = &nt_authority_users[0];
+	i++;
+		
+
+	/* end of array */
+	sid_name_map[i].sid = NULL;
+	sid_name_map[i].name = NULL;
+	sid_name_map[i].known_users = NULL;
+	
+	sid_name_map_initialized = True;
+		
+	return;
+
+}
+
 /****************************************************************************
  Creates some useful well known sids
 ****************************************************************************/
@@ -146,8 +199,12 @@ BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
 {
 	fstring sid_str;
 	int i = 0;
+	
 	sid_to_string(sid_str, sid);
 
+	if (!sid_name_map_initialized) 
+		init_sid_name_map();
+
 	DEBUG(5,("map_domain_sid_to_name: %s\n", sid_str));
 
 	if (nt_domain == NULL)
@@ -156,7 +213,7 @@ BOOL map_domain_sid_to_name(DOM_SID *sid, char *nt_domain)
 	while (sid_name_map[i].sid != NULL) {
 		sid_to_string(sid_str, sid_name_map[i].sid);
 		DEBUG(5,("map_domain_sid_to_name: compare: %s\n", sid_str));
-		if (sid_equal(sid_name_map[i].sid, sid)) {
+		if (sid_equal(sid_name_map[i].sid, sid)) {		
 			fstrcpy(nt_domain, sid_name_map[i].name);
 			DEBUG(5,("map_domain_sid_to_name: found '%s'\n", nt_domain));
 			return True;
@@ -178,6 +235,9 @@ BOOL lookup_known_rid(DOM_SID *sid, uint32 rid, char *name, enum SID_NAME_USE *p
 	int i = 0;
 	struct sid_name_map_info *psnm;
 
+	if (!sid_name_map_initialized) 
+		init_sid_name_map();
+
 	for(i = 0; sid_name_map[i].sid != NULL; i++) {
 		psnm = &sid_name_map[i];
 		if(sid_equal(psnm->sid, sid)) {
@@ -217,10 +277,13 @@ BOOL map_domain_name_to_sid(DOM_SID *sid, char *nt_domain)
 		DEBUG(5,("map_domain_name_to_sid: overriding blank name to %s\n", nt_domain));
 		sid_copy(sid, &global_sam_sid);
 		return True;
-    }
+	}
 
 	DEBUG(5,("map_domain_name_to_sid: %s\n", nt_domain));
 
+	if (!sid_name_map_initialized) 
+		init_sid_name_map();
+
 	while (sid_name_map[i].name != NULL) {
 		DEBUG(5,("map_domain_name_to_sid: compare: %s\n", sid_name_map[i].name));
 		if (strequal(sid_name_map[i].name, nt_domain)) {
@@ -382,6 +445,19 @@ BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
 }
 
 /*****************************************************************
+ Return the last rid from the end of a sid
+*****************************************************************/  
+
+BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid)
+{
+	if (sid->num_auths > 0) {
+		*rid = sid->sub_auths[sid->num_auths - 1];
+		return True;
+	}
+	return False;
+}
+
+/*****************************************************************
  Copies a sid
 *****************************************************************/  
 
diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
index 88fe8189b0d..bc693fd471b 100644
--- a/source/lib/util_sock.c
+++ b/source/lib/util_sock.c
@@ -106,9 +106,9 @@ static void print_socket_options(int s)
 
 	for (; p->name != NULL; p++) {
 		if (getsockopt(s, p->level, p->option, (void *)&value, &vlen) == -1) {
-			DEBUG(3,("Could not test socket option %s.\n", p->name));
+			DEBUG(5,("Could not test socket option %s.\n", p->name));
 		} else {
-			DEBUG(3,("socket option %s = %d\n",p->name,value));
+			DEBUG(5,("socket option %s = %d\n",p->name,value));
 		}
 	}
  }
@@ -174,26 +174,25 @@ void set_socket_options(int fd, char *options)
 
 ssize_t read_udp_socket(int fd,char *buf,size_t len)
 {
-  ssize_t ret;
-  struct sockaddr_in sock;
-  int socklen;
-  
-  socklen = sizeof(sock);
-  memset((char *)&sock,'\0',socklen);
-  memset((char *)&lastip,'\0',sizeof(lastip));
-  ret = (ssize_t)recvfrom(fd,buf,len,0,(struct sockaddr *)&sock,&socklen);
-  if (ret <= 0) {
-    DEBUG(2,("read socket failed. ERRNO=%s\n",strerror(errno)));
-    return(0);
-  }
+	ssize_t ret;
+	struct sockaddr_in sock;
+	socklen_t socklen = sizeof(sock);
+
+	memset((char *)&sock,'\0',socklen);
+	memset((char *)&lastip,'\0',sizeof(lastip));
+	ret = (ssize_t)recvfrom(fd,buf,len,0,(struct sockaddr *)&sock,&socklen);
+	if (ret <= 0) {
+		DEBUG(2,("read socket failed. ERRNO=%s\n",strerror(errno)));
+		return(0);
+	}
 
-  lastip = sock.sin_addr;
-  lastport = ntohs(sock.sin_port);
+	lastip = sock.sin_addr;
+	lastport = ntohs(sock.sin_port);
 
-  DEBUG(10,("read_udp_socket: lastip %s lastport %d read: %d\n",
-             inet_ntoa(lastip), lastport, ret));
+	DEBUG(10,("read_udp_socket: lastip %s lastport %d read: %d\n",
+			inet_ntoa(lastip), lastport, ret));
 
-  return(ret);
+	return(ret);
 }
 
 /****************************************************************************
@@ -642,35 +641,40 @@ ssize_t read_smb_length(int fd,char *inbuf,unsigned int timeout)
 
 BOOL receive_smb(int fd,char *buffer, unsigned int timeout)
 {
-  ssize_t len,ret;
+	ssize_t len,ret;
 
-  smb_read_error = 0;
+	smb_read_error = 0;
 
-  memset(buffer,'\0',smb_size + 100);
+	memset(buffer,'\0',smb_size + 100);
 
-  len = read_smb_length_return_keepalive(fd,buffer,timeout);
-  if (len < 0)
-  {
-    DEBUG(10,("receive_smb: length < 0!\n"));
-    return(False);
-  }
+	len = read_smb_length_return_keepalive(fd,buffer,timeout);
+	if (len < 0) {
+		DEBUG(10,("receive_smb: length < 0!\n"));
+		return(False);
+	}
 
-  if (len > BUFFER_SIZE) {
-    DEBUG(0,("Invalid packet length! (%d bytes).\n",len));
-    if (len > BUFFER_SIZE + (SAFETY_MARGIN/2))
-    {
-	exit(1);
-    }
-  }
+	/*
+	 * A WRITEX with CAP_LARGE_WRITEX can be 64k worth of data plus 65 bytes
+     * of header. Don't print the error if this fits.... JRA.
+	 */
 
-  if(len > 0) {
-    ret = read_socket_data(fd,buffer+4,len);
-    if (ret != len) {
-      smb_read_error = READ_ERROR;
-      return False;
-    }
-  }
-  return(True);
+	if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
+		DEBUG(0,("Invalid packet length! (%d bytes).\n",len));
+		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
+			smb_read_error = READ_ERROR;
+			return False;
+		}
+	}
+
+	if(len > 0) {
+		ret = read_socket_data(fd,buffer+4,len);
+		if (ret != len) {
+			smb_read_error = READ_ERROR;
+			return False;
+		}
+	}
+
+	return(True);
 }
 
 /****************************************************************************
@@ -708,55 +712,27 @@ BOOL client_receive_smb(int fd,char *buffer, unsigned int timeout)
 }
 
 /****************************************************************************
-  send an null session message to a fd
-****************************************************************************/
-
-BOOL send_null_session_msg(int fd)
-{
-  ssize_t ret;
-  uint32 blank = 0;
-  size_t len = 4;
-  size_t nwritten=0;
-  char *buffer = (char *)&blank;
-
-  while (nwritten < len)
-  {
-    ret = write_socket(fd,buffer+nwritten,len - nwritten);
-    if (ret <= 0)
-    {
-      DEBUG(0,("send_null_session_msg: Error writing %d bytes to client. %d. Exiting\n",(int)len,(int)ret));
-      exit(1);
-    }
-    nwritten += ret;
-  }
-
-  DEBUG(10,("send_null_session_msg: sent 4 null bytes to client.\n"));
-  return True;
-}
-
-/****************************************************************************
   send an smb to a fd 
 ****************************************************************************/
 
 BOOL send_smb(int fd,char *buffer)
 {
-  size_t len;
-  size_t nwritten=0;
-  ssize_t ret;
-  len = smb_len(buffer) + 4;
-
-  while (nwritten < len)
-  {
-    ret = write_socket(fd,buffer+nwritten,len - nwritten);
-    if (ret <= 0)
-    {
-      DEBUG(0,("Error writing %d bytes to client. %d. Exiting\n",(int)len,(int)ret));
-      exit(1);
-    }
-    nwritten += ret;
-  }
+	size_t len;
+	size_t nwritten=0;
+	ssize_t ret;
+	len = smb_len(buffer) + 4;
+
+	while (nwritten < len) {
+		ret = write_socket(fd,buffer+nwritten,len - nwritten);
+		if (ret <= 0) {
+			DEBUG(0,("Error writing %d bytes to client. %d. (%s)\n",
+				(int)len,(int)ret, strerror(errno) ));
+			return False;
+		}
+		nwritten += ret;
+	}
 
-  return True;
+	return True;
 }
 
 /****************************************************************************
@@ -814,9 +790,9 @@ int open_socket_in(int type, int port, int dlevel,uint32 socket_addr, BOOL rebin
     { DEBUG(0,("gethostname failed\n")); return -1; } 
 
   /* get host info */
-  if ((hp = Get_Hostbyname(host_name)) == 0) 
+  if ((hp = sys_gethostbyname(host_name)) == 0) 
     {
-      DEBUG(0,( "Get_Hostbyname: Unknown host %s\n",host_name));
+      DEBUG(0,( "sys_gethostbyname: Unknown host %s\n",host_name));
       return -1;
     }
   
@@ -939,27 +915,6 @@ connect_again:
   return res;
 }
 
-
-/*******************************************************************
- Reset the 'done' variables so after a client process is created
- from a fork call these calls will be re-done. This should be
- expanded if more variables need reseting.
- ******************************************************************/
-
-
-void reset_globals_after_fork(void)
-{
-  /*
-   * Re-seed the random crypto generator, so all smbd's
-   * started from the same parent won't generate the same
-   * sequence.
-   */
-  {
-    unsigned char dummy;
-    generate_random_buffer( &dummy, 1, True);
-  } 
-}
-
 /* the following 3 client_*() functions are nasty ways of allowing
    some generic functions to get info that really should be hidden in
    particular modules */
@@ -989,8 +944,8 @@ static BOOL matchname(char *remotehost,struct in_addr  addr)
 	struct hostent *hp;
 	int     i;
 	
-	if ((hp = Get_Hostbyname(remotehost)) == 0) {
-		DEBUG(0,("Get_Hostbyname(%s): lookup failure.\n", remotehost));
+	if ((hp = sys_gethostbyname(remotehost)) == 0) {
+		DEBUG(0,("sys_gethostbyname(%s): lookup failure.\n", remotehost));
 		return False;
 	} 
 
@@ -1061,6 +1016,12 @@ char *get_socket_name(int fd)
 			pstrcpy(name_buf,"UNKNOWN");
 		}
 	}
+
+	alpha_strcpy(name_buf, name_buf, "_-.", sizeof(name_buf));
+	if (strstr(name_buf,"..")) {
+		pstrcpy(name_buf, "UNKNOWN");
+	}
+
 	return name_buf;
 }
 
@@ -1189,3 +1150,97 @@ int create_pipe_socket(char *dir, int dir_perms,
 
 	return s;
 }
+
+/*******************************************************************
+this is like socketpair but uses tcp. It is used by the Samba
+regression test code
+The function guarantees that nobody else can attach to the socket,
+or if they do that this function fails and the socket gets closed
+returns 0 on success, -1 on failure
+the resulting file descriptors are symmetrical
+ ******************************************************************/
+static int socketpair_tcp(int fd[2])
+{
+	int listener;
+	struct sockaddr_in sock;
+	struct sockaddr_in sock2;
+	socklen_t socklen = sizeof(sock);
+	int connect_done = 0;
+	
+	fd[0] = fd[1] = listener = -1;
+
+	memset(&sock, 0, sizeof(sock));
+	
+	if ((listener = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
+
+        memset(&sock2, 0, sizeof(sock2));
+#ifdef HAVE_SOCK_SIN_LEN
+        sock2.sin_len = sizeof(sock2);
+#endif
+        sock2.sin_family = PF_INET;
+
+        bind(listener, (struct sockaddr *)&sock2, sizeof(sock2));
+
+	if (listen(listener, 1) != 0) goto failed;
+
+	if (getsockname(listener, (struct sockaddr *)&sock, &socklen) != 0) goto failed;
+
+	if ((fd[1] = socket(PF_INET, SOCK_STREAM, 0)) == -1) goto failed;
+
+	set_blocking(fd[1], 0);
+
+	sock.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+
+	if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) == -1) {
+		if (errno != EINPROGRESS) goto failed;
+	} else {
+		connect_done = 1;
+	}
+
+	if ((fd[0] = accept(listener, (struct sockaddr *)&sock, &socklen)) == -1) goto failed;
+
+	close(listener);
+	if (connect_done == 0) {
+		if (connect(fd[1],(struct sockaddr *)&sock,sizeof(sock)) != 0
+		    && errno != EISCONN) goto failed;
+	}
+
+	set_blocking(fd[1], 1);
+
+	/* all OK! */
+	return 0;
+
+ failed:
+	if (fd[0] != -1) close(fd[0]);
+	if (fd[1] != -1) close(fd[1]);
+	if (listener != -1) close(listener);
+	return -1;
+}
+
+
+/*******************************************************************
+run a program on a local tcp socket, this is used to launch smbd
+when regression testing
+the return value is a socket which is attached to a subprocess
+running "prog". stdin and stdout are attached. stderr is left
+attached to the original stderr
+ ******************************************************************/
+int sock_exec(const char *prog)
+{
+	int fd[2];
+	if (socketpair_tcp(fd) != 0) {
+		DEBUG(0,("socketpair_tcp failed (%s)\n", strerror(errno)));
+		return -1;
+	}
+	if (fork() == 0) {
+		close(fd[0]);
+		close(0);
+		close(1);
+		dup(fd[1]);
+		dup(fd[1]);
+		exit(system(prog));
+	}
+	close(fd[1]);
+	return fd[0];
+}
+
diff --git a/source/lib/util_str.c b/source/lib/util_str.c
index 8ec319c3b84..07c91805cc7 100644
--- a/source/lib/util_str.c
+++ b/source/lib/util_str.c
@@ -545,9 +545,11 @@ BOOL trim_string(char *s,const char *front,const char *back)
     size_t back_len;
     char	*sP;
 
-    if ( !s ) {
+	/* Ignore null or empty strings. */
+
+    if ( !s || (s[0] == '\0'))
         return False;
-    }
+
     sP	= s;
     s_len	= strlen( s ) + 1;
     front_len	= (front) ? strlen( front ) + 1 : 0;
@@ -589,7 +591,7 @@ BOOL trim_string(char *s,const char *front,const char *back)
      * Kenichi Okuyama.
      */
 
-    if ( back && back_len > 1 ) {
+    if ( back && back_len > 1 && s_len >= back_len) {
         char	*bP	= sP + s_len - back_len;
         long	b_len	= s_len;
 
diff --git a/source/lib/util_unistr.c b/source/lib/util_unistr.c
index 71d900a3b33..9b3e25dd7ea 100644
--- a/source/lib/util_unistr.c
+++ b/source/lib/util_unistr.c
@@ -201,11 +201,10 @@ char *dos_unistr2_to_str(UNISTR2 *str)
 	char *lbuf = lbufs[nexti];
 	char *p;
 	uint16 *src = str->buffer;
-	int max_size = MIN(MAXUNI-3, str->uni_str_len);
 
 	nexti = (nexti+1)%8;
 
-	for (p = lbuf; (p-lbuf < max_size) && *src; src++) {
+	for (p = lbuf; (p - lbuf < MAXUNI-3) && (src - str->buffer < str->uni_str_len) && *src; src++) {
 		uint16 ucs2_val = SVAL(src,0);
 		uint16 cp_val = ucs2_to_doscp[ucs2_val];
 
@@ -227,49 +226,41 @@ char *dos_unistr2_to_str(UNISTR2 *str)
  ********************************************************************/
 void ascii_to_unistr(uint16 *dest, const char *src, int maxlen)
 {
-        uint16 *destend = dest + maxlen;
-        register char c;
+	uint16 *destend = dest + maxlen;
+	char c;
 
-        while (dest < destend)
-        {
-                c = *(src++);
-                if (c == 0)
-                {
-                        break;
-                }
+	while (dest < destend) {
+		c = *(src++);
+		if (c == 0)
+			break;
 
 		SSVAL(dest, 0, c);
-                dest++;
-        }
+		dest++;
+	}
 
-        *dest = 0;
+	*dest = 0;
 }
 
-
 /*******************************************************************
  Pull an ASCII string out of a UNICODE array (uint16's).
  ********************************************************************/
 
 void unistr_to_ascii(char *dest, const uint16 *src, int len)
 {
-        char *destend = dest + len;
-        register uint16 c;
+	char *destend = dest + len;
+	uint16 c;
 	
-	if (src == NULL)
-	{
+	if (src == NULL) {
 		*dest = '\0';
 		return;
 	}
 
 	/* normal code path for a valid 'src' */
-	while (dest < destend)
-	{
+	while (dest < destend) {
 		c = SVAL(src, 0);
 		src++;
 		if (c == 0)
-		{
 			break;
-		}
 
 		*(dest++) = (char)c;
 	}
@@ -339,11 +330,10 @@ char *dos_buffer2_to_str(BUFFER2 *str)
 	char *lbuf = lbufs[nexti];
 	char *p;
 	uint16 *src = str->buffer;
-	int max_size = MIN(sizeof(str->buffer)-3, str->buf_len/2);
 
 	nexti = (nexti+1)%8;
 
-	for (p = lbuf; (p-lbuf < max_size) && *src; src++) {
+	for (p = lbuf; (p - lbuf < sizeof(str->buffer)-3) && (src - str->buffer < str->buf_len/2) && *src; src++) {
 		uint16 ucs2_val = SVAL(src,0);
 		uint16 cp_val = ucs2_to_doscp[ucs2_val];
 
@@ -368,11 +358,10 @@ char *dos_buffer2_to_multistr(BUFFER2 *str)
 	char *lbuf = lbufs[nexti];
 	char *p;
 	uint16 *src = str->buffer;
-	int max_size = MIN(sizeof(str->buffer)-3, str->buf_len/2);
 
 	nexti = (nexti+1)%8;
 
-	for (p = lbuf; p-lbuf < max_size; src++) {
+	for (p = lbuf; (p - lbuf < sizeof(str->buffer)-3) && (src - str->buffer < str->buf_len/2); src++) {
 		if (*src == 0) {
 			*p++ = ' ';
 		} else {
@@ -481,8 +470,6 @@ int unistrcpy(char *dst, char *src)
 	return num_wchars;
 }
 
-
-
 /*******************************************************************
  Free any existing maps.
 ********************************************************************/
@@ -505,7 +492,6 @@ static void free_maps(smb_ucs2_t **pp_cp_to_ucs2, uint16 **pp_ucs2_to_cp)
 	}
 }
 
-
 /*******************************************************************
  Build a default (null) codepage to unicode map.
 ********************************************************************/
diff --git a/source/libsmb/cli_lsarpc.c b/source/libsmb/cli_lsarpc.c
index 7f5431e4b3a..88f0dff225b 100644
--- a/source/libsmb/cli_lsarpc.c
+++ b/source/libsmb/cli_lsarpc.c
@@ -2,7 +2,7 @@
    Unix SMB/Netbios implementation.
    Version 2.2
    RPC pipe client
-   Copyright (C) Tim Potter                             2000,
+   Copyright (C) Tim Potter                        2000-2001,
    Copyright (C) Andrew Tridgell              1992-1997,2000,
    Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
    Copyright (C) Paul Ashton                       1997,2000,
@@ -84,8 +84,8 @@ void cli_lsa_shutdown(struct cli_state *cli)
 
 /* Open a LSA policy handle */
 
-uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, 
-			   uint32 des_access, POLICY_HND *pol)
+uint32 cli_lsa_open_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   BOOL sec_qos, uint32 des_access, POLICY_HND *pol)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_OPEN_POL q;
@@ -98,8 +98,8 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Initialise input parameters */
 
@@ -140,7 +140,8 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
 
 /* Close a LSA policy handle */
 
-uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *pol)
+uint32 cli_lsa_close(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+		     POLICY_HND *pol)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_CLOSE q;
@@ -152,8 +153,8 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *pol)
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -187,9 +188,9 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *pol)
 
 /* Lookup a list of sids */
 
-uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol,
-			   int num_sids, DOM_SID *sids, char ***names, 
-			   uint32 **types, int *num_names)
+uint32 cli_lsa_lookup_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			   POLICY_HND *pol, int num_sids, DOM_SID *sids, 
+			   char ***names, uint32 **types, int *num_names)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_LOOKUP_SIDS q;
@@ -204,12 +205,12 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol,
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
-	init_q_lookup_sids(cli->mem_ctx, &q, pol, num_sids, sids, 1);
+	init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
 
 	if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
@@ -246,14 +247,14 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol,
 
 	(*num_names) = r.names->num_entries;
 	
-	if (!((*names) = (char **)malloc(sizeof(char *) * 
+	if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) * 
 					 r.names->num_entries))) {
 		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
 		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	if (!((*types) = (uint32 *)malloc(sizeof(uint32) * 
+	if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) * 
 				      r.names->num_entries))) {
 		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
 		result = NT_STATUS_UNSUCCESSFUL;
@@ -277,7 +278,7 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol,
 				 "%s%s%s", dom_name, dom_name[0] ? 
 				 "\\" : "", name);
 
-			(*names)[i] = strdup(full_name);
+			(*names)[i] = talloc_strdup(mem_ctx, full_name);
 			(*types)[i] = t_names.name[i].sid_name_use;
 		} else {
 			(*names)[i] = NULL;
@@ -294,9 +295,9 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *pol,
 
 /* Lookup a list of names */
 
-uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol,
-			    int num_names, char **names, DOM_SID **sids,
-			    uint32 **types, int *num_sids)
+uint32 cli_lsa_lookup_names(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			    POLICY_HND *pol, int num_names, char **names, 
+			    DOM_SID **sids, uint32 **types, int *num_sids)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_LOOKUP_NAMES q;
@@ -310,12 +311,12 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol,
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
-	init_q_lookup_names(cli->mem_ctx, &q, pol, num_names, names);
+	init_q_lookup_names(mem_ctx, &q, pol, num_names, names);
 
 	if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
@@ -349,14 +350,14 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol,
 
 	(*num_sids) = r.num_entries;
 
-	if (!((*sids = (DOM_SID *)malloc(sizeof(DOM_SID) *
+	if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
 					 r.num_entries)))) {
 		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
 		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
-	if (!((*types = (uint32 *)malloc(sizeof(uint32) *
+	if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) *
 					  r.num_entries)))) {
 		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
 		result = NT_STATUS_UNSUCCESSFUL;
@@ -395,9 +396,9 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *pol,
 
 /* Query info policy */
 
-uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol, 
-				 uint16 info_class, fstring domain_name, 
-				 DOM_SID * domain_sid)
+uint32 cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				 POLICY_HND *pol, uint16 info_class, 
+				 fstring domain_name, DOM_SID *domain_sid)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_QUERY_INFO q;
@@ -409,8 +410,8 @@ uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol,
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -435,6 +436,9 @@ uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol,
 
 	/* Return output parameters */
 
+	ZERO_STRUCTP(domain_sid);
+	domain_name[0] = '\0';
+
 	switch (info_class) {
 
 	case 3:
@@ -479,9 +483,10 @@ uint32 cli_lsa_query_info_policy(struct cli_state *cli, POLICY_HND *pol,
 
 /* Enumerate list of trusted domains */
 
-uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol, 
-			      uint32 *enum_ctx, uint32 *num_domains,
-			      char ***domain_names, DOM_SID **domain_sids)
+uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			      POLICY_HND *pol, uint32 *enum_ctx, 
+			      uint32 *num_domains, char ***domain_names, 
+			      DOM_SID **domain_sids)
 {
 	prs_struct qbuf, rbuf;
 	LSA_Q_ENUM_TRUST_DOM q;
@@ -494,8 +499,8 @@ uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol,
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -516,7 +521,12 @@ uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol,
 
 	result = r.status;
 
-	if (result != NT_STATUS_NOPROBLEMO && result != 0x8000001a) {
+	/* For some undocumented reason this function sometimes returns
+	   0x8000001a (NT_STATUS_UNABLE_TO_FREE_VM) so we ignore it and
+	   pretend everything is OK. */
+
+	if (result != NT_STATUS_NOPROBLEMO && 
+	    result != NT_STATUS_UNABLE_TO_FREE_VM) {
 
 		/* An actual error ocured */
 
@@ -527,33 +537,42 @@ uint32 cli_lsa_enum_trust_dom(struct cli_state *cli, POLICY_HND *pol,
 
 	/* Return output parameters */
 
-	if (!((*domain_names) = (char **)malloc(sizeof(char *) *
-						r.num_domains))) {
-		DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
-		result = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
+	if (r.num_domains) {
 
-	if (!((*domain_sids) = (DOM_SID *)malloc(sizeof(DOM_SID) *
-						 r.num_domains))) {
-		DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
-		result = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
+		/* Allocate memory for trusted domain names and sids */
 
-	for (i = 0; i < r.num_domains; i++) {
-		fstring tmp;
+		*domain_names = (char **)talloc(mem_ctx, sizeof(char *) *
+						r.num_domains);
 
-		unistr2_to_ascii(tmp, &r.uni_domain_name[i], sizeof(tmp) - 1);
-		(*domain_names)[i] = strdup(tmp);
-		sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid);
+		if (!*domain_names) {
+			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+			result = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+
+		*domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
+						 r.num_domains);
+		if (!domain_sids) {
+			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+			result = NT_STATUS_UNSUCCESSFUL;
+			goto done;
+		}
+
+		/* Copy across names and sids */
+
+		for (i = 0; i < r.num_domains; i++) {
+			fstring tmp;
+
+			unistr2_to_ascii(tmp, &r.uni_domain_name[i], 
+					 sizeof(tmp) - 1);
+			(*domain_names)[i] = strdup(tmp);
+			sid_copy(&(*domain_sids)[i], &r.domain_sid[i].sid);
+		}
 	}
 
 	*num_domains = r.num_domains;
 	*enum_ctx = r.enum_context;
 
-	lsa_free_r_enum_trust_dom(&r);
-
  done:
 	prs_mem_free(&qbuf);
 	prs_mem_free(&rbuf);
diff --git a/source/libsmb/cli_samr.c b/source/libsmb/cli_samr.c
index 4c53bd05847..9fb7e078f67 100644
--- a/source/libsmb/cli_samr.c
+++ b/source/libsmb/cli_samr.c
@@ -2,7 +2,7 @@
    Unix SMB/Netbios implementation.
    Version 2.2
    RPC pipe client
-   Copyright (C) Tim Potter                             2000,
+   Copyright (C) Tim Potter                        2000-2001,
    Copyright (C) Andrew Tridgell              1992-1997,2000,
    Copyright (C) Luke Kenneth Casson Leighton 1996-1997,2000,
    Copyright (C) Paul Ashton                       1997,2000,
@@ -84,21 +84,22 @@ void cli_samr_shutdown(struct cli_state *cli)
 
 /* Connect to SAMR database */
 
-uint32 cli_samr_connect(struct cli_state *cli, char *srv_name,
-			uint32 access_mask, POLICY_HND *connect_pol)
+uint32 cli_samr_connect(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			char *srv_name, uint32 access_mask, 
+			POLICY_HND *connect_pol)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_CONNECT q;
 	SAMR_R_CONNECT r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -106,14 +107,12 @@ uint32 cli_samr_connect(struct cli_state *cli, char *srv_name,
 
 	if (!samr_io_q_connect("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_CONNECT, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_connect("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -132,20 +131,21 @@ uint32 cli_samr_connect(struct cli_state *cli, char *srv_name,
 
 /* Close SAMR handle */
 
-uint32 cli_samr_close(struct cli_state *cli, POLICY_HND *connect_pol)
+uint32 cli_samr_close(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+		      POLICY_HND *connect_pol)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_CLOSE_HND q;
 	SAMR_R_CLOSE_HND r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -153,14 +153,12 @@ uint32 cli_samr_close(struct cli_state *cli, POLICY_HND *connect_pol)
 
 	if (!samr_io_q_close_hnd("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_CLOSE_HND, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_close_hnd("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -179,22 +177,22 @@ uint32 cli_samr_close(struct cli_state *cli, POLICY_HND *connect_pol)
 
 /* Open handle on a domain */
 
-uint32 cli_samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol,
-			    uint32 access_mask, DOM_SID *domain_sid,
-			    POLICY_HND *domain_pol)
+uint32 cli_samr_open_domain(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			    POLICY_HND *connect_pol, uint32 access_mask, 
+			    DOM_SID *domain_sid, POLICY_HND *domain_pol)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_OPEN_DOMAIN q;
 	SAMR_R_OPEN_DOMAIN r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -202,14 +200,12 @@ uint32 cli_samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol,
 
 	if (!samr_io_q_open_domain("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_OPEN_DOMAIN, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_open_domain("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -228,22 +224,22 @@ uint32 cli_samr_open_domain(struct cli_state *cli, POLICY_HND *connect_pol,
 
 /* Open handle on a user */
 
-uint32 cli_samr_open_user(struct cli_state *cli, POLICY_HND *domain_pol,
-			  uint32 access_mask, uint32 user_rid,
-			  POLICY_HND *user_pol)
+uint32 cli_samr_open_user(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			  POLICY_HND *domain_pol, uint32 access_mask, 
+			  uint32 user_rid, POLICY_HND *user_pol)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_OPEN_USER q;
 	SAMR_R_OPEN_USER r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -251,14 +247,12 @@ uint32 cli_samr_open_user(struct cli_state *cli, POLICY_HND *domain_pol,
 
 	if (!samr_io_q_open_user("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_OPEN_USER, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_open_user("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -277,22 +271,22 @@ uint32 cli_samr_open_user(struct cli_state *cli, POLICY_HND *domain_pol,
 
 /* Open handle on a group */
 
-uint32 cli_samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol,
-			  uint32 access_mask, uint32 group_rid,
-			  POLICY_HND *group_pol)
+uint32 cli_samr_open_group(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			   POLICY_HND *domain_pol, uint32 access_mask, 
+			   uint32 group_rid, POLICY_HND *group_pol)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_OPEN_GROUP q;
 	SAMR_R_OPEN_GROUP r;
-	uint32 result;
+	uint32 result =  NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -300,14 +294,12 @@ uint32 cli_samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol,
 
 	if (!samr_io_q_open_group("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_OPEN_GROUP, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_open_group("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -326,21 +318,22 @@ uint32 cli_samr_open_group(struct cli_state *cli, POLICY_HND *domain_pol,
 
 /* Query user info */
 
-uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol, 
-			       uint16 switch_value, SAM_USERINFO_CTR *ctr)
+uint32 cli_samr_query_userinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			       POLICY_HND *user_pol, uint16 switch_value, 
+			       SAM_USERINFO_CTR *ctr)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_QUERY_USERINFO q;
 	SAMR_R_QUERY_USERINFO r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -348,7 +341,6 @@ uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol,
 
 	if (!samr_io_q_query_userinfo("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_QUERY_USERINFO, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -357,7 +349,6 @@ uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol,
 	r.ctr = ctr;
 
 	if (!samr_io_r_query_userinfo("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -374,21 +365,22 @@ uint32 cli_samr_query_userinfo(struct cli_state *cli, POLICY_HND *user_pol,
 
 /* Query group info */
 
-uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol,
-				uint32 info_level, GROUP_INFO_CTR *ctr)
+uint32 cli_samr_query_groupinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+				POLICY_HND *group_pol, uint32 info_level, 
+				GROUP_INFO_CTR *ctr)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_QUERY_GROUPINFO q;
 	SAMR_R_QUERY_GROUPINFO r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -396,7 +388,6 @@ uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol,
 
 	if (!samr_io_q_query_groupinfo("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPINFO, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -405,7 +396,6 @@ uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol,
 	r.ctr = ctr;
 
 	if (!samr_io_r_query_groupinfo("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -422,21 +412,22 @@ uint32 cli_samr_query_groupinfo(struct cli_state *cli, POLICY_HND *group_pol,
 
 /* Query user groups */
 
-uint32 cli_samr_query_usergroups(struct cli_state *cli, POLICY_HND *user_pol,
-				 uint32 *num_groups, DOM_GID **gid)
+uint32 cli_samr_query_usergroups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				 POLICY_HND *user_pol, uint32 *num_groups, 
+				 DOM_GID **gid)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_QUERY_USERGROUPS q;
 	SAMR_R_QUERY_USERGROUPS r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -444,14 +435,12 @@ uint32 cli_samr_query_usergroups(struct cli_state *cli, POLICY_HND *user_pol,
 
 	if (!samr_io_q_query_usergroups("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_QUERY_USERGROUPS, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_query_usergroups("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -471,21 +460,22 @@ uint32 cli_samr_query_usergroups(struct cli_state *cli, POLICY_HND *user_pol,
 
 /* Query user groups */
 
-uint32 cli_samr_query_groupmem(struct cli_state *cli, POLICY_HND *group_pol,
-			       uint32 *num_mem, uint32 **rid, uint32 **attr)
+uint32 cli_samr_query_groupmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			       POLICY_HND *group_pol, uint32 *num_mem, 
+			       uint32 **rid, uint32 **attr)
 {
 	prs_struct qbuf, rbuf;
 	SAMR_Q_QUERY_GROUPMEM q;
 	SAMR_R_QUERY_GROUPMEM r;
-	uint32 result;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Marshall data and send request */
 
@@ -493,14 +483,12 @@ uint32 cli_samr_query_groupmem(struct cli_state *cli, POLICY_HND *group_pol,
 
 	if (!samr_io_q_query_groupmem("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SAMR_QUERY_GROUPMEM, &qbuf, &rbuf)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
 	/* Unmarshall response */
 
 	if (!samr_io_r_query_groupmem("", &r, &rbuf, 0)) {
-		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
 
@@ -518,3 +506,288 @@ uint32 cli_samr_query_groupmem(struct cli_state *cli, POLICY_HND *group_pol,
 
 	return result;
 }
+
+/* Enumerate domain groups */
+
+uint32 cli_samr_enum_dom_groups(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+				POLICY_HND *pol, uint32 *start_idx, 
+				uint32 size, struct acct_info **dom_groups,
+				uint32 *num_dom_groups)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_ENUM_DOM_GROUPS q;
+	SAMR_R_ENUM_DOM_GROUPS r;
+	uint32 result = NT_STATUS_UNSUCCESSFUL, name_idx, i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_enum_dom_groups(&q, pol, *start_idx, size);
+
+	if (!samr_io_q_enum_dom_groups("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_ENUM_DOM_GROUPS, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_enum_dom_groups("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	result = r.status;
+
+	if (result != NT_STATUS_NOPROBLEMO &&
+	    result != STATUS_MORE_ENTRIES) {
+		goto done;
+	}
+
+	*num_dom_groups = r.num_entries2;
+
+	if (!((*dom_groups) = (struct acct_info *)
+	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	memset(*dom_groups, 0, sizeof(struct acct_info) * *num_dom_groups);
+
+	name_idx = 0;
+
+	for (i = 0; i < *num_dom_groups; i++) {
+
+		(*dom_groups)[i].rid = r.sam[i].rid;
+
+		if (r.sam[i].hdr_name.buffer) {
+			unistr2_to_ascii((*dom_groups)[i].acct_name,
+					 &r.uni_grp_name[name_idx],
+					 sizeof(fstring) - 1);
+			name_idx++;
+		}
+
+		*start_idx = r.next_idx;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query alias members */
+
+uint32 cli_samr_query_aliasmem(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+			       POLICY_HND *alias_pol, uint32 *num_mem, 
+			       DOM_SID **sids)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_ALIASMEM q;
+	SAMR_R_QUERY_ALIASMEM r;
+	uint32 result = NT_STATUS_UNSUCCESSFUL, i;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_aliasmem(&q, alias_pol);
+
+	if (!samr_io_q_query_aliasmem("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_ALIASMEM, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_aliasmem("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if ((result = r.status) != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	*num_mem = r.num_sids;
+
+	if (!(*sids = talloc(mem_ctx, sizeof(DOM_SID) * *num_mem))) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	for (i = 0; i < *num_mem; i++) {
+		(*sids)[i] = r.sid[i].sid;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Open handle on an alias */
+
+uint32 cli_samr_open_alias(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			   POLICY_HND *domain_pol, uint32 access_mask, 
+			   uint32 alias_rid, POLICY_HND *alias_pol)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_OPEN_ALIAS q;
+	SAMR_R_OPEN_ALIAS r;
+	uint32 result;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_open_alias(&q, domain_pol, access_mask, alias_rid);
+
+	if (!samr_io_q_open_alias("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_OPEN_ALIAS, &qbuf, &rbuf)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_open_alias("", &r, &rbuf, 0)) {
+		result = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if ((result = r.status) == NT_STATUS_NOPROBLEMO) {
+		*alias_pol = r.pol;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query domain info */
+
+uint32 cli_samr_query_dom_info(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			       POLICY_HND *domain_pol, uint16 switch_value,
+			       SAM_UNK_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_DOMAIN_INFO q;
+	SAMR_R_QUERY_DOMAIN_INFO r;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_dom_info(&q, domain_pol, switch_value);
+
+	if (!samr_io_q_query_dom_info("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_DOMAIN_INFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	r.ctr = ctr;
+
+	if (!samr_io_r_query_dom_info("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if ((result = r.status) != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
+
+/* Query display info */
+
+uint32 cli_samr_query_dispinfo(struct cli_state *cli, TALLOC_CTX *mem_ctx, 
+			       POLICY_HND *domain_pol, uint32 *start_idx,
+			       uint16 switch_value, uint32 *num_entries,
+			       uint32 max_entries, SAM_DISPINFO_CTR *ctr)
+{
+	prs_struct qbuf, rbuf;
+	SAMR_Q_QUERY_DISPINFO q;
+	SAMR_R_QUERY_DISPINFO r;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+	/* Initialise parse structures */
+
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+	/* Marshall data and send request */
+
+	init_samr_q_query_dispinfo(&q, domain_pol, switch_value,
+				   *start_idx, max_entries);
+
+	if (!samr_io_q_query_dispinfo("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req(cli, SAMR_QUERY_DISPINFO, &qbuf, &rbuf)) {
+		goto done;
+	}
+
+	/* Unmarshall response */
+
+	if (!samr_io_r_query_dispinfo("", &r, &rbuf, 0)) {
+		goto done;
+	}
+
+	/* Return output parameters */
+
+	if ((result = r.status) != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	*num_entries = r.num_entries;
+	*start_idx += r.num_entries;  /* No next_idx in this structure! */
+
+ done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;
+}
diff --git a/source/libsmb/cli_spoolss.c b/source/libsmb/cli_spoolss.c
index db761e57bfa..2c962ef27a0 100644
--- a/source/libsmb/cli_spoolss.c
+++ b/source/libsmb/cli_spoolss.c
@@ -87,10 +87,16 @@ void cli_spoolss_shutdown(struct cli_state *cli)
 
 /* Open printer ex */
 
-uint32 cli_spoolss_open_printer_ex(struct cli_state *cli, char *printername,
-				   char *datatype, uint32 access_required,
-				   char *station, char *username,
-				   POLICY_HND *pol)
+uint32 cli_spoolss_open_printer_ex(
+	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
+	char *printername,
+	char *datatype, 
+	uint32 access_required,
+	char *station, 
+	char *username,
+	POLICY_HND *pol
+)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_OPEN_PRINTER_EX q;
@@ -102,8 +108,8 @@ uint32 cli_spoolss_open_printer_ex(struct cli_state *cli, char *printername,
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Initialise input parameters */
 
@@ -140,7 +146,11 @@ uint32 cli_spoolss_open_printer_ex(struct cli_state *cli, char *printername,
 
 /* Close a printer handle */
 
-uint32 cli_spoolss_close_printer(struct cli_state *cli, POLICY_HND *pol)
+uint32 cli_spoolss_close_printer(
+	struct cli_state *cli,
+	TALLOC_CTX *mem_ctx,
+	POLICY_HND *pol
+)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_CLOSEPRINTER q;
@@ -152,8 +162,8 @@ uint32 cli_spoolss_close_printer(struct cli_state *cli, POLICY_HND *pol)
 
 	/* Initialise parse structures */
 
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 	/* Initialise input parameters */
 
@@ -201,8 +211,12 @@ static void init_buffer(NEW_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
 /* Decode various printer info levels - perhaps this should live in
    parse_spoolss.c? */
 
-static void decode_printer_info_0(NEW_BUFFER *buffer, uint32 returned, 
-				  PRINTER_INFO_0 **info)
+static void decode_printer_info_0(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	PRINTER_INFO_0 **info
+)
 {
         uint32 i;
         PRINTER_INFO_0  *inf;
@@ -218,13 +232,17 @@ static void decode_printer_info_0(NEW_BUFFER *buffer, uint32 returned,
         *info=inf;
 }
 
-static void decode_printer_info_1(NEW_BUFFER *buffer, uint32 returned, 
-				  PRINTER_INFO_1 **info)
+static void decode_printer_info_1(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	PRINTER_INFO_1 **info
+)
 {
         uint32 i;
         PRINTER_INFO_1  *inf;
 
-        inf=(PRINTER_INFO_1 *)malloc(returned*sizeof(PRINTER_INFO_1));
+        inf=(PRINTER_INFO_1 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_1));
 
         buffer->prs.data_offset=0;
 
@@ -235,13 +253,17 @@ static void decode_printer_info_1(NEW_BUFFER *buffer, uint32 returned,
         *info=inf;
 }
 
-static void decode_printer_info_2(NEW_BUFFER *buffer, uint32 returned, 
-				  PRINTER_INFO_2 **info)
+static void decode_printer_info_2(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	PRINTER_INFO_2 **info
+)
 {
         uint32 i;
         PRINTER_INFO_2  *inf;
 
-        inf=(PRINTER_INFO_2 *)malloc(returned*sizeof(PRINTER_INFO_2));
+        inf=(PRINTER_INFO_2 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_2));
 
         buffer->prs.data_offset=0;
 
@@ -254,13 +276,17 @@ static void decode_printer_info_2(NEW_BUFFER *buffer, uint32 returned,
         *info=inf;
 }
 
-static void decode_printer_info_3(NEW_BUFFER *buffer, uint32 returned, 
-				  PRINTER_INFO_3 **info)
+static void decode_printer_info_3(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	PRINTER_INFO_3 **info
+)
 {
         uint32 i;
         PRINTER_INFO_3  *inf;
 
-        inf=(PRINTER_INFO_3 *)malloc(returned*sizeof(PRINTER_INFO_3));
+        inf=(PRINTER_INFO_3 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_3));
 
         buffer->prs.data_offset=0;
 
@@ -275,13 +301,17 @@ static void decode_printer_info_3(NEW_BUFFER *buffer, uint32 returned,
 /**********************************************************************
  Decode a PORT_INFO_1 struct from a NEW_BUFFER 
 **********************************************************************/
-static void decode_port_info_1(NEW_BUFFER *buffer, uint32 returned, 
-			       PORT_INFO_1 **info)
+static void decode_port_info_1(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	PORT_INFO_1 **info
+)
 {
         uint32 i;
         PORT_INFO_1 *inf;
 
-        inf=(PORT_INFO_1*)malloc(returned*sizeof(PORT_INFO_1));
+        inf=(PORT_INFO_1*)talloc(mem_ctx, returned*sizeof(PORT_INFO_1));
 
         prs_set_offset(&buffer->prs, 0);
 
@@ -295,13 +325,16 @@ static void decode_port_info_1(NEW_BUFFER *buffer, uint32 returned,
 /**********************************************************************
  Decode a PORT_INFO_2 struct from a NEW_BUFFER 
 **********************************************************************/
-static void decode_port_info_2(NEW_BUFFER *buffer, uint32 returned, 
-			       PORT_INFO_2 **info)
+static void decode_port_info_2(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	PORT_INFO_2 **info)
 {
         uint32 i;
         PORT_INFO_2 *inf;
 
-        inf=(PORT_INFO_2*)malloc(returned*sizeof(PORT_INFO_2));
+        inf=(PORT_INFO_2*)talloc(mem_ctx, returned*sizeof(PORT_INFO_2));
 
         prs_set_offset(&buffer->prs, 0);
 
@@ -312,13 +345,17 @@ static void decode_port_info_2(NEW_BUFFER *buffer, uint32 returned,
         *info=inf;
 }
 
-static void decode_printer_driver_1(NEW_BUFFER *buffer, uint32 returned, 
-			 	    DRIVER_INFO_1 **info)
+static void decode_printer_driver_1(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	DRIVER_INFO_1 **info
+)
 {
         uint32 i;
         DRIVER_INFO_1 *inf;
 
-        inf=(DRIVER_INFO_1 *)malloc(returned*sizeof(DRIVER_INFO_1));
+        inf=(DRIVER_INFO_1 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_1));
 
         buffer->prs.data_offset=0;
 
@@ -329,13 +366,17 @@ static void decode_printer_driver_1(NEW_BUFFER *buffer, uint32 returned,
         *info=inf;
 }
 
-static void decode_printer_driver_2(NEW_BUFFER *buffer, uint32 returned, 
-				    DRIVER_INFO_2 **info)
+static void decode_printer_driver_2(
+	TALLOC_CTX *mem_ctx,
+	NEW_BUFFER *buffer, 
+	uint32 returned, 
+	DRIVER_INFO_2 **info
+)
 {
         uint32 i;
         DRIVER_INFO_2 *inf;
 
-        inf=(DRIVER_INFO_2 *)malloc(returned*sizeof(DRIVER_INFO_2));
+        inf=(DRIVER_INFO_2 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_2));
 
         buffer->prs.data_offset=0;
 
@@ -347,6 +388,7 @@ static void decode_printer_driver_2(NEW_BUFFER *buffer, uint32 returned,
 }
 
 static void decode_printer_driver_3(
+	TALLOC_CTX *mem_ctx,
 	NEW_BUFFER *buffer, 
 	uint32 returned, 
 	DRIVER_INFO_3 **info
@@ -355,7 +397,7 @@ static void decode_printer_driver_3(
         uint32 i;
         DRIVER_INFO_3 *inf;
 
-        inf=(DRIVER_INFO_3 *)malloc(returned*sizeof(DRIVER_INFO_3));
+        inf=(DRIVER_INFO_3 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_3));
 
         buffer->prs.data_offset=0;
 
@@ -367,6 +409,7 @@ static void decode_printer_driver_3(
 }
 
 static void decode_printerdriverdir_1 (
+	TALLOC_CTX *mem_ctx,
 	NEW_BUFFER *buffer, 
 	uint32 returned, 
 	DRIVER_DIRECTORY_1 **info
@@ -374,7 +417,7 @@ static void decode_printerdriverdir_1 (
 {
 	DRIVER_DIRECTORY_1 *inf;
  
-        inf=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1));
+        inf=(DRIVER_DIRECTORY_1 *)talloc(mem_ctx, sizeof(DRIVER_DIRECTORY_1));
 
         prs_set_offset(&buffer->prs, 0);
 
@@ -386,9 +429,14 @@ static void decode_printerdriverdir_1 (
 
 /* Enumerate printers */
 
-uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags,
-				 uint32 level, int *returned, 
-				 PRINTER_INFO_CTR *ctr)
+uint32 cli_spoolss_enum_printers(
+	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
+	uint32 flags,
+	uint32 level, 
+	int *returned, 
+	PRINTER_INFO_CTR *ctr
+)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_ENUMPRINTERS q;
@@ -407,10 +455,10 @@ uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags,
 	do {
 		/* Initialise input parameters */
 
-		init_buffer(&buffer, needed, cli->mem_ctx);
+		init_buffer(&buffer, needed, mem_ctx);
 
-		prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-		prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+		prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+		prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 		make_spoolss_q_enumprinters(&q, flags, server, level, &buffer, 
 					    needed);
@@ -430,21 +478,20 @@ uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags,
 		
 		/* Return output parameters */
 
-		if ((result = r.status) == NT_STATUS_NOPROBLEMO && r.returned > 0) {
-
-			*returned = r.returned;
+		if (((result=r.status) == NT_STATUS_NOPROBLEMO) && (*returned = r.returned))
+		{
 
 			switch (level) {
 			case 1:
-				decode_printer_info_1(r.buffer, r.returned, 
+				decode_printer_info_1(mem_ctx, r.buffer, r.returned, 
 						      &ctr->printers_1);
 				break;
 			case 2:
-				decode_printer_info_2(r.buffer, r.returned, 
+				decode_printer_info_2(mem_ctx, r.buffer, r.returned, 
 						      &ctr->printers_2);
 				break;
 			case 3:
-				decode_printer_info_3(r.buffer, r.returned, 
+				decode_printer_info_3(mem_ctx, r.buffer, r.returned, 
 						      &ctr->printers_3);
 				break;
 			}			
@@ -460,8 +507,13 @@ uint32 cli_spoolss_enum_printers(struct cli_state *cli, uint32 flags,
 }
 
 /* Enumerate printer ports */
-uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level, 
-			      int *returned, PORT_INFO_CTR *ctr)
+uint32 cli_spoolss_enum_ports(
+	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
+	uint32 level, 
+	int *returned, 
+	PORT_INFO_CTR *ctr
+)
 {
 	prs_struct qbuf, rbuf;
 	SPOOL_Q_ENUMPORTS q;
@@ -480,10 +532,10 @@ uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level,
 	do {
 		/* Initialise input parameters */
 
-		init_buffer(&buffer, needed, cli->mem_ctx);
+		init_buffer(&buffer, needed, mem_ctx);
 
-		prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-		prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+		prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+		prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 		make_spoolss_q_enumports(&q, server, level, &buffer, needed);
 
@@ -509,11 +561,11 @@ uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level,
 
 			switch (level) {
 			case 1:
-				decode_port_info_1(r.buffer, r.returned, 
+				decode_port_info_1(mem_ctx, r.buffer, r.returned, 
 						   &ctr->port.info_1);
 				break;
 			case 2:
-				decode_port_info_2(r.buffer, r.returned, 
+				decode_port_info_2(mem_ctx, r.buffer, r.returned, 
 						   &ctr->port.info_2);
 				break;
 			}			
@@ -531,6 +583,7 @@ uint32 cli_spoolss_enum_ports(struct cli_state *cli, uint32 level,
 /* Get printer info */
 uint32 cli_spoolss_getprinter(
 	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
 	POLICY_HND *pol,
 	uint32 level, 
 	PRINTER_INFO_CTR *ctr
@@ -549,12 +602,12 @@ uint32 cli_spoolss_getprinter(
 	do {
 		/* Initialise input parameters */
 
-		init_buffer(&buffer, needed, cli->mem_ctx);
+		init_buffer(&buffer, needed, mem_ctx);
 
-		prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-		prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+		prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+		prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
-		make_spoolss_q_getprinter(&q, pol, level, &buffer, needed);
+		make_spoolss_q_getprinter(mem_ctx, &q, pol, level, &buffer, needed);
 
 		/* Marshall data and send request */
 		if (!spoolss_io_q_getprinter("", &q, &qbuf, 0) ||
@@ -574,16 +627,16 @@ uint32 cli_spoolss_getprinter(
 
 			switch (level) {
 			case 0:
-				decode_printer_info_0(r.buffer, 1, &ctr->printers_0);
+				decode_printer_info_0(mem_ctx, r.buffer, 1, &ctr->printers_0);
 				break;
 			case 1:
-				decode_printer_info_1(r.buffer, 1, &ctr->printers_1);
+				decode_printer_info_1(mem_ctx, r.buffer, 1, &ctr->printers_1);
 				break;
 			case 2:
-				decode_printer_info_2(r.buffer, 1, &ctr->printers_2);
+				decode_printer_info_2(mem_ctx, r.buffer, 1, &ctr->printers_2);
 				break;
 			case 3:
-				decode_printer_info_3(r.buffer, 1, &ctr->printers_3);
+				decode_printer_info_3(mem_ctx, r.buffer, 1, &ctr->printers_3);
 				break;
 			}			
 		}
@@ -602,6 +655,7 @@ uint32 cli_spoolss_getprinter(
  */
 uint32 cli_spoolss_setprinter(
 	struct cli_state *cli, 
+	TALLOC_CTX *mem_ctx,
 	POLICY_HND *pol,
 	uint32 level, 
 	PRINTER_INFO_CTR *ctr,
@@ -617,13 +671,12 @@ uint32 cli_spoolss_setprinter(
 	ZERO_STRUCT(r);
 
 	/* Initialise input parameters */
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 		
-	make_spoolss_q_setprinter(&q, pol, level, ctr, command);
+	make_spoolss_q_setprinter(mem_ctx, &q, pol, level, ctr, command);
 
 	/* Marshall data and send request */
-	result = NT_STATUS_UNSUCCESSFUL;
 	if (!spoolss_io_q_setprinter("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, SPOOLSS_SETPRINTER, &qbuf, &rbuf)) 
 	{
@@ -632,7 +685,6 @@ uint32 cli_spoolss_setprinter(
 	}
 
 	/* Unmarshall response */
-	result = NT_STATUS_UNSUCCESSFUL;
 	if (!spoolss_io_r_setprinter("", &r, &rbuf, 0)) 
 	{
 		goto done;
@@ -653,6 +705,7 @@ done:
  */
 uint32 cli_spoolss_getprinterdriver (
 	struct cli_state 	*cli, 
+	TALLOC_CTX 		*mem_ctx,
 	POLICY_HND 		*pol, 
 	uint32 			level,
 	char* 			env,
@@ -677,10 +730,10 @@ uint32 cli_spoolss_getprinterdriver (
 	{
 		/* Initialise input parameters */
 
-		init_buffer(&buffer, needed, cli->mem_ctx);
+		init_buffer(&buffer, needed, mem_ctx);
 
-		prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-		prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+		prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+		prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 
 		/* write the request */
@@ -707,13 +760,13 @@ uint32 cli_spoolss_getprinterdriver (
 			switch (level) 
 			{
 			case 1:
-				decode_printer_driver_1(r.buffer, 1, &ctr->info1);
+				decode_printer_driver_1(mem_ctx, r.buffer, 1, &ctr->info1);
 				break;
 			case 2:
-				decode_printer_driver_2(r.buffer, 1, &ctr->info2);
+				decode_printer_driver_2(mem_ctx, r.buffer, 1, &ctr->info2);
 				break;
 			case 3:
-				decode_printer_driver_3(r.buffer, 1, &ctr->info3);
+				decode_printer_driver_3(mem_ctx, r.buffer, 1, &ctr->info3);
 				break;
 			}			
 		}
@@ -732,6 +785,7 @@ uint32 cli_spoolss_getprinterdriver (
  */
 uint32 cli_spoolss_enumprinterdrivers (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	char* 			env,
 	uint32			*returned,
@@ -755,10 +809,10 @@ uint32 cli_spoolss_enumprinterdrivers (
 	do 
 	{
 		/* Initialise input parameters */
-		init_buffer(&buffer, needed, cli->mem_ctx);
+		init_buffer(&buffer, needed, mem_ctx);
 
-		prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-		prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+		prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+		prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 
 		/* write the request */
@@ -787,13 +841,13 @@ uint32 cli_spoolss_enumprinterdrivers (
 			switch (level) 
 			{
 			case 1:
-				decode_printer_driver_1(r.buffer, r.returned, &ctr->info1);
+				decode_printer_driver_1(mem_ctx, r.buffer, r.returned, &ctr->info1);
 				break;
 			case 2:
-				decode_printer_driver_2(r.buffer, r.returned, &ctr->info2);
+				decode_printer_driver_2(mem_ctx, r.buffer, r.returned, &ctr->info2);
 				break;
 			case 3:
-				decode_printer_driver_3(r.buffer, r.returned, &ctr->info3);
+				decode_printer_driver_3(mem_ctx, r.buffer, r.returned, &ctr->info3);
 				break;
 			}			
 		}
@@ -813,6 +867,7 @@ uint32 cli_spoolss_enumprinterdrivers (
  */
 uint32 cli_spoolss_getprinterdriverdir (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	char* 			env,
 	DRIVER_DIRECTORY_CTR  	*ctr
@@ -835,10 +890,10 @@ uint32 cli_spoolss_getprinterdriverdir (
 	do 
 	{
 		/* Initialise input parameters */
-		init_buffer(&buffer, needed, cli->mem_ctx);
+		init_buffer(&buffer, needed, mem_ctx);
 
-		prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-		prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+		prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+		prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 
 		/* write the request */
@@ -864,7 +919,7 @@ uint32 cli_spoolss_getprinterdriverdir (
 			switch (level) 
 			{
 			case 1:
-				decode_printerdriverdir_1(r.buffer, 1, &ctr->info1);
+				decode_printerdriverdir_1(mem_ctx, r.buffer, 1, &ctr->info1);
 				break;
 			}			
 		}
@@ -883,6 +938,7 @@ uint32 cli_spoolss_getprinterdriverdir (
  */
 uint32 cli_spoolss_addprinterdriver (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	PRINTER_DRIVER_CTR  	*ctr
 )
@@ -890,22 +946,22 @@ uint32 cli_spoolss_addprinterdriver (
 	prs_struct 			qbuf, rbuf;
 	SPOOL_Q_ADDPRINTERDRIVER 	q;
         SPOOL_R_ADDPRINTERDRIVER 	r;
-	uint32 				result;
+	uint32 				result = NT_STATUS_UNSUCCESSFUL;
 	fstring 			server;
 
 	ZERO_STRUCT(q);
 	ZERO_STRUCT(r);
-
+	
         slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
         strupper (server);
 
 	/* Initialise input parameters */
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 
 	/* write the request */
-	make_spoolss_q_addprinterdriver (&q, server, level, ctr);
+	make_spoolss_q_addprinterdriver (mem_ctx, &q, server, level, ctr);
 
 	/* Marshall data and send request */
 	result = NT_STATUS_UNSUCCESSFUL;
@@ -929,7 +985,7 @@ uint32 cli_spoolss_addprinterdriver (
 done:
 	prs_mem_free(&qbuf);
 	prs_mem_free(&rbuf);
-
+	
 	return result;	
 }
 
@@ -938,6 +994,7 @@ done:
  */
 uint32 cli_spoolss_addprinterex (
 	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
 	uint32 			level,
 	PRINTER_INFO_CTR  	*ctr
 )
@@ -961,12 +1018,12 @@ uint32 cli_spoolss_addprinterex (
 	
 
 	/* Initialise input parameters */
-	prs_init(&qbuf, MAX_PDU_FRAG_LEN, cli->mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
 
 
 	/* write the request */
-	make_spoolss_q_addprinterex (&q, server, client, user, level, ctr);
+	make_spoolss_q_addprinterex (mem_ctx, &q, server, client, user, level, ctr);
 
 	/* Marshall data and send request */
 	result = NT_STATUS_UNSUCCESSFUL;
@@ -994,4 +1051,61 @@ done:
 	return result;	
 }
 
+/**********************************************************************
+ * Delete a Printer Driver from the server (does not remove 
+ * the driver files
+ */
+uint32 cli_spoolss_deleteprinterdriver (
+	struct cli_state 	*cli, 
+	TALLOC_CTX		*mem_ctx,
+	char			*arch,
+	char			*driver
+)
+{
+	prs_struct 			qbuf, rbuf;
+	SPOOL_Q_DELETEPRINTERDRIVER	q;
+        SPOOL_R_DELETEPRINTERDRIVER	r;
+	uint32 				result;
+	fstring				server;
+
+	ZERO_STRUCT(q);
+	ZERO_STRUCT(r);
+
+
+	/* Initialise input parameters */
+	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
+	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
+
+        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (server);
+
+	/* write the request */
+	make_spoolss_q_deleteprinterdriver (mem_ctx, &q, server, arch, driver);
+
+	/* Marshall data and send request */
+	result = NT_STATUS_UNSUCCESSFUL;
+	if (!spoolss_io_q_deleteprinterdriver ("", &q, &qbuf, 0) ||
+	    !rpc_api_pipe_req (cli,SPOOLSS_DELETEPRINTERDRIVER , &qbuf, &rbuf)) 
+	{
+		goto done;
+	}
+
+		
+	/* Unmarshall response */
+	result = NT_STATUS_UNSUCCESSFUL;
+	if (!spoolss_io_r_deleteprinterdriver ("", &r, &rbuf, 0))
+	{
+		goto done;
+	}
+		
+	/* Return output parameters */
+	result = r.status;
+
+done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
+	return result;	
+}
+
 
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index 8a56a08b1d4..67eef52583f 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -104,8 +104,7 @@ BOOL cli_session_setup(struct cli_state *cli,
 			/*
 			 * Plaintext mode needed, assume plaintext supplied.
 			 */
-			fstrcpy(pword, pass);
-			unix_to_dos(pword,True);
+			passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE);
 			fstrcpy(ntpword, "");
 			ntpasslen = 0;
 		}
@@ -124,7 +123,7 @@ BOOL cli_session_setup(struct cli_state *cli,
 
 	if (cli->protocol < PROTOCOL_NT1)
 	{
-		set_message(cli->outbuf,10,1 + strlen(user) + passlen,True);
+		set_message(cli->outbuf,10, 0, True);
 		CVAL(cli->outbuf,smb_com) = SMBsesssetupX;
 		cli_setup_packet(cli);
 
@@ -137,12 +136,20 @@ BOOL cli_session_setup(struct cli_state *cli,
 		p = smb_buf(cli->outbuf);
 		memcpy(p,pword,passlen);
 		p += passlen;
-		pstrcpy(p,user);
-		unix_to_dos(p,True);
-		strupper(p);
+		p += clistr_push(cli, p, user, -1, STR_CONVERT|STR_UPPER|STR_TERMINATE);
+		cli_setup_bcc(cli, p);
 	}
 	else
 	{
+		uint32 capabilities;
+
+		capabilities = CAP_NT_SMBS;
+		if (cli->use_level_II_oplocks) {
+			capabilities |= CAP_LEVEL_II_OPLOCKS;
+		}
+		if (cli->capabilities & CAP_UNICODE) {
+			capabilities |= CAP_UNICODE;
+		}
 		set_message(cli->outbuf,13,0,True);
 		CVAL(cli->outbuf,smb_com) = SMBsesssetupX;
 		cli_setup_packet(cli);
@@ -154,23 +161,17 @@ BOOL cli_session_setup(struct cli_state *cli,
 		SIVAL(cli->outbuf,smb_vwv5,cli->sesskey);
 		SSVAL(cli->outbuf,smb_vwv7,passlen);
 		SSVAL(cli->outbuf,smb_vwv8,ntpasslen);
-		SSVAL(cli->outbuf,smb_vwv11,CAP_NT_SMBS|(cli->use_level_II_oplocks ? CAP_LEVEL_II_OPLOCKS : 0));
+		SIVAL(cli->outbuf,smb_vwv11,capabilities);
 		p = smb_buf(cli->outbuf);
 		memcpy(p,pword,passlen); 
 		p += SVAL(cli->outbuf,smb_vwv7);
 		memcpy(p,ntpword,ntpasslen); 
 		p += SVAL(cli->outbuf,smb_vwv8);
-		pstrcpy(p,user);
-		unix_to_dos(p,True);
-		strupper(p);
-		p = skip_string(p,1);
-		pstrcpy(p,workgroup);
-		unix_to_dos(p,True);
-		strupper(p);
-		p = skip_string(p,1);
-		pstrcpy(p,"Unix");p = skip_string(p,1);
-		pstrcpy(p,"Samba");p = skip_string(p,1);
-		set_message(cli->outbuf,13,PTR_DIFF(p,smb_buf(cli->outbuf)),False);
+		p += clistr_push(cli, p, user, -1, STR_CONVERT|STR_TERMINATE|STR_UPPER);
+		p += clistr_push(cli, p, workgroup, -1, STR_CONVERT|STR_TERMINATE|STR_UPPER);
+		p += clistr_push(cli, p, "Unix", -1, STR_CONVERT|STR_TERMINATE);
+		p += clistr_push(cli, p, "Samba", -1, STR_CONVERT|STR_TERMINATE);
+		cli_setup_bcc(cli, p);
 	}
 
       cli_send_smb(cli);
@@ -187,24 +188,17 @@ BOOL cli_session_setup(struct cli_state *cli,
       cli->vuid = SVAL(cli->inbuf,smb_uid);
 
       if (cli->protocol >= PROTOCOL_NT1) {
-        /*
-         * Save off some of the connected server
-         * info.
-         */
-        char *server_domain,*server_os,*server_type;
-        server_os = smb_buf(cli->inbuf);
-        server_type = skip_string(server_os,1);
-        server_domain = skip_string(server_type,1);
-        fstrcpy(cli->server_os, server_os);
-		dos_to_unix(cli->server_os, True);
-        fstrcpy(cli->server_type, server_type);
-		dos_to_unix(cli->server_type, True);
-        fstrcpy(cli->server_domain, server_domain);
-		dos_to_unix(cli->server_domain, True);
+	      /*
+	       * Save off some of the connected server
+	       * info.
+	       */
+	      char *q = smb_buf(cli->inbuf);
+	      q += clistr_pull(cli, cli->server_os, q, sizeof(fstring), -1, STR_TERMINATE|STR_CONVERT);
+	      q += clistr_pull(cli, cli->server_type, q, sizeof(fstring), -1, STR_TERMINATE|STR_CONVERT);
+	      q += clistr_pull(cli, cli->server_domain, q, sizeof(fstring), -1, STR_TERMINATE|STR_CONVERT);
       }
 
       fstrcpy(cli->user_name, user);
-      dos_to_unix(cli->user_name, True);
 
       return True;
 }
@@ -257,12 +251,11 @@ BOOL cli_send_tconX(struct cli_state *cli,
 		unix_to_dos(dos_pword,True);
 		SMBencrypt((uchar *)dos_pword,(uchar *)cli->cryptkey,(uchar *)pword);
 	} else {
-		if(!(cli->sec_mode & 2)) {
+		if((cli->sec_mode & 3) == 0) {
 			/*
 			 * Non-encrypted passwords - convert to DOS codepage before using.
 			 */
-			fstrcpy(pword,pass);
-			unix_to_dos(pword,True);
+			passlen = clistr_push(cli, pword, pass, -1, STR_CONVERT|STR_TERMINATE);
 		} else {
 			memcpy(pword, pass, passlen);
 		}
@@ -273,8 +266,7 @@ BOOL cli_send_tconX(struct cli_state *cli,
 	unix_to_dos(fullshare, True);
 	strupper(fullshare);
 
-	set_message(cli->outbuf,4,
-		    2 + strlen(fullshare) + passlen + strlen(dev),True);
+	set_message(cli->outbuf,4, 0, True);
 	CVAL(cli->outbuf,smb_com) = SMBtconX;
 	cli_setup_packet(cli);
 
@@ -284,10 +276,10 @@ BOOL cli_send_tconX(struct cli_state *cli,
 	p = smb_buf(cli->outbuf);
 	memcpy(p,pword,passlen);
 	p += passlen;
-	fstrcpy(p,fullshare);
-	p = skip_string(p,1);
-	pstrcpy(p,dev);
-	unix_to_dos(p,True);
+	p += clistr_push(cli, p, fullshare, -1, STR_CONVERT | STR_TERMINATE);
+	fstrcpy(p, dev); p += strlen(dev)+1;
+
+	cli_setup_bcc(cli, p);
 
 	SCVAL(cli->inbuf,smb_rcls, 1);
 
@@ -302,7 +294,7 @@ BOOL cli_send_tconX(struct cli_state *cli,
 	fstrcpy(cli->dev, "A:");
 
 	if (cli->protocol >= PROTOCOL_NT1) {
-		fstrcpy(cli->dev, smb_buf(cli->inbuf));
+		clistr_pull(cli, cli->dev, smb_buf(cli->inbuf), sizeof(fstring), -1, STR_TERMINATE | STR_CONVERT);
 	}
 
 	if (strcasecmp(share,"IPC$")==0) {
@@ -347,17 +339,11 @@ void cli_negprot_send(struct cli_state *cli)
 {
 	char *p;
 	int numprots;
-	int plength;
 
 	memset(cli->outbuf,'\0',smb_size);
 
 	/* setup the protocol strings */
-	for (plength=0,numprots=0;
-	     prots[numprots].name && prots[numprots].prot<=cli->protocol;
-	     numprots++)
-		plength += strlen(prots[numprots].name)+2;
-    
-	set_message(cli->outbuf,0,plength,True);
+	set_message(cli->outbuf,0,0,True);
 
 	p = smb_buf(cli->outbuf);
 	for (numprots=0;
@@ -370,6 +356,7 @@ void cli_negprot_send(struct cli_state *cli)
 	}
 
 	CVAL(cli->outbuf,smb_com) = SMBnegprot;
+	cli_setup_bcc(cli, p);
 	cli_setup_packet(cli);
 
 	CVAL(smb_buf(cli->outbuf),0) = 2;
@@ -442,6 +429,12 @@ BOOL cli_negprot(struct cli_state *cli)
 			cli->readbraw_supported = True;
 			cli->writebraw_supported = True;      
 		}
+		/* work out if they sent us a workgroup */
+		if (smb_buflen(cli->inbuf) > 8) {
+			clistr_pull(cli, cli->server_domain, 
+				    smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
+				    smb_buflen(cli->inbuf)-8, STR_CONVERT|STR_UNICODE|STR_NOALIGN);
+		}
 	} else if (cli->protocol >= PROTOCOL_LANMAN1) {
 		cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
 		cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
@@ -461,6 +454,11 @@ BOOL cli_negprot(struct cli_state *cli)
 
 	cli->max_xmit = MIN(cli->max_xmit, CLI_BUFFER_SIZE);
 
+	/* a way to force ascii SMB */
+	if (getenv("CLI_FORCE_ASCII")) {
+		cli->capabilities &= ~CAP_UNICODE;
+	}
+
 	return True;
 }
 
@@ -560,7 +558,6 @@ retry:
 	return(True);
 }
 
-
 /****************************************************************************
 open the client sockets
 ****************************************************************************/
@@ -582,8 +579,12 @@ BOOL cli_connect(struct cli_state *cli, const char *host, struct in_addr *ip)
 
         if (cli->port == 0) cli->port = 139;  /* Set to default */
 
-	cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, 
-				  cli->port, cli->timeout);
+	if (getenv("LIBSMB_PROG")) {
+		cli->fd = sock_exec(getenv("LIBSMB_PROG"));
+	} else {
+		cli->fd = open_socket_out(SOCK_STREAM, &cli->dest_ip, 
+					  cli->port, cli->timeout);
+	}
 	if (cli->fd == -1)
 		return False;
 
@@ -677,7 +678,7 @@ BOOL cli_establish_connection(struct cli_state *cli,
 	{
 		DEBUG(1,("failed session request\n"));
 		if (do_shutdown)
-          cli_shutdown(cli);
+			cli_shutdown(cli);
 		return False;
 	}
 
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index 19380498063..8d4a025fcc0 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -106,11 +106,23 @@ void cli_setup_packet(struct cli_state *cli)
 	SSVAL(cli->outbuf,smb_uid,cli->vuid);
 	SSVAL(cli->outbuf,smb_mid,cli->mid);
 	if (cli->protocol > PROTOCOL_CORE) {
+		uint16 flags2;
 		SCVAL(cli->outbuf,smb_flg,0x8);
-		SSVAL(cli->outbuf,smb_flg2,0x1);
+		flags2 = FLAGS2_LONG_PATH_COMPONENTS;
+		if (cli->capabilities & CAP_UNICODE) {
+			flags2 |= FLAGS2_UNICODE_STRINGS;
+		}
+		SSVAL(cli->outbuf,smb_flg2, flags2);
 	}
 }
 
+/****************************************************************************
+setup the bcc length of the packet from a pointer to the end of the data
+****************************************************************************/
+void cli_setup_bcc(struct cli_state *cli, void *p)
+{
+	set_message_bcc(cli->outbuf, PTR_DIFF(p, smb_buf(cli->outbuf)));
+}
 
 
 /****************************************************************************
diff --git a/source/libsmb/clierror.c b/source/libsmb/clierror.c
index eb2ca624e85..6d499867905 100644
--- a/source/libsmb/clierror.c
+++ b/source/libsmb/clierror.c
@@ -198,11 +198,12 @@ int cli_error(struct cli_state *cli, uint8 *eclass, uint32 *num, uint32 *nt_rpc_
 		case ERRbadshare: return EBUSY;
 		case ERRlock: return EBUSY;
 		case ERROR_INVALID_NAME: return ENOENT;
+		case ERRnosuchshare: return ENODEV;
 		}
 	}
 	if (rcls == ERRSRV) {
 		switch (code) {
-		case ERRbadpw: return EACCES;
+		case ERRbadpw: return EPERM;
 		case ERRaccess: return EACCES;
 		case ERRnoresource: return ENOMEM;
 		case ERRinvdevice: return ENODEV;
diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c
index 63706f7669e..56d2f63c799 100644
--- a/source/libsmb/clifile.c
+++ b/source/libsmb/clifile.c
@@ -33,7 +33,7 @@ BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst)
         memset(cli->outbuf,'\0',smb_size);
         memset(cli->inbuf,'\0',smb_size);
 
-        set_message(cli->outbuf,1, 4 + strlen(fname_src) + strlen(fname_dst), True);
+        set_message(cli->outbuf,1, 0, True);
 
         CVAL(cli->outbuf,smb_com) = SMBmv;
         SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -43,12 +43,13 @@ BOOL cli_rename(struct cli_state *cli, char *fname_src, char *fname_dst)
 
         p = smb_buf(cli->outbuf);
         *p++ = 4;
-        pstrcpy(p,fname_src);
-        unix_to_dos(p,True);
-        p = skip_string(p,1);
+	p += clistr_push(cli, p, fname_src, -1, 
+			 STR_TERMINATE | STR_CONVERT);
         *p++ = 4;
-        pstrcpy(p,fname_dst);
-        unix_to_dos(p,True);
+	p += clistr_push(cli, p, fname_dst, -1, 
+			 STR_TERMINATE | STR_CONVERT);
+
+	cli_setup_bcc(cli, p);
 
         cli_send_smb(cli);
         if (!cli_receive_smb(cli)) {
@@ -72,7 +73,7 @@ BOOL cli_unlink(struct cli_state *cli, char *fname)
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,1, 2 + strlen(fname),True);
+	set_message(cli->outbuf,1, 0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBunlink;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -82,9 +83,9 @@ BOOL cli_unlink(struct cli_state *cli, char *fname)
   
 	p = smb_buf(cli->outbuf);
 	*p++ = 4;      
-	pstrcpy(p,fname);
-    unix_to_dos(p,True);
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE | STR_CONVERT);
 
+	cli_setup_bcc(cli, p);
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
 		return False;
@@ -107,7 +108,7 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname)
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,0, 2 + strlen(dname),True);
+	set_message(cli->outbuf,0, 0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBmkdir;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -115,8 +116,9 @@ BOOL cli_mkdir(struct cli_state *cli, char *dname)
 
 	p = smb_buf(cli->outbuf);
 	*p++ = 4;      
-	pstrcpy(p,dname);
-    unix_to_dos(p,True);
+	p += clistr_push(cli, p, dname, -1, STR_CONVERT|STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -140,7 +142,7 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname)
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,0, 2 + strlen(dname),True);
+	set_message(cli->outbuf,0, 0, True);
 
 	CVAL(cli->outbuf,smb_com) = SMBrmdir;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -148,8 +150,9 @@ BOOL cli_rmdir(struct cli_state *cli, char *dname)
 
 	p = smb_buf(cli->outbuf);
 	*p++ = 4;      
-	pstrcpy(p,dname);
-	unix_to_dos(p,True);
+	p += clistr_push(cli, p, dname, -1, STR_TERMINATE|STR_CONVERT);
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -183,11 +186,11 @@ int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag)
 	data = flag ? 1 : 0;
 
 	if (!cli_send_trans(cli, SMBtrans2,
-		NULL, 0,                        /* name, length */
-		-1, 0,                          /* fid, flags */
-		&setup, 1, 0,                   /* setup, length, max */
-		param, param_len, 2,            /* param, length, max */
-		&data,  data_len, cli->max_xmit /* data, length, max */
+						NULL,                        /* name */
+						-1, 0,                          /* fid, flags */
+						&setup, 1, 0,                   /* setup, length, max */
+						param, param_len, 2,            /* param, length, max */
+						&data,  data_len, cli->max_xmit /* data, length, max */
 						)) {
 		return False;
 	}
@@ -209,15 +212,17 @@ int cli_nt_delete_on_close(struct cli_state *cli, int fnum, BOOL flag)
  Used in smbtorture.
 ****************************************************************************/
 
-int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess, uint32 FileAttributes,
-						uint32 ShareAccess, uint32 CreateDisposition, uint32 CreateOptions)
+int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess,
+		 uint32 FileAttributes, uint32 ShareAccess,
+		 uint32 CreateDisposition, uint32 CreateOptions)
 {
 	char *p;
+	int len;
 
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,24,1 + strlen(fname),True);
+	set_message(cli->outbuf,24,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBntcreateX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -235,12 +240,17 @@ int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess,
 	SIVAL(cli->outbuf,smb_ntcreate_CreateDisposition, CreateDisposition);
 	SIVAL(cli->outbuf,smb_ntcreate_CreateOptions, CreateOptions);
 	SIVAL(cli->outbuf,smb_ntcreate_ImpersonationLevel, 0x02);
-	SSVAL(cli->outbuf,smb_ntcreate_NameLength, strlen(fname));
 
 	p = smb_buf(cli->outbuf);
-	pstrcpy(p,fname);
-	unix_to_dos(p,True);
-	p = skip_string(p,1);
+	/* this alignment and termination is critical for netapp filers. Don't change */
+	p += clistr_align_out(cli, p, STR_CONVERT);
+	len = clistr_push(cli, p, fname, -1, STR_CONVERT);
+	p += len;
+	SSVAL(cli->outbuf,smb_ntcreate_NameLength, len);
+	/* sigh. this copes with broken netapp filer behaviour */
+	p += clistr_push(cli, p, "", -1, STR_TERMINATE);
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -257,6 +267,7 @@ int cli_nt_create_full(struct cli_state *cli, char *fname, uint32 DesiredAccess,
 /****************************************************************************
 open a file
 ****************************************************************************/
+
 int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess)
 {
 	return cli_nt_create_full(cli, fname, DesiredAccess, 0,
@@ -265,56 +276,6 @@ int cli_nt_create(struct cli_state *cli, char *fname, uint32 DesiredAccess)
 
 /****************************************************************************
 open a file
-****************************************************************************/
-int cli_nt_create_uni(struct cli_state *cli, char *fname, uint32 DesiredAccess)
-{
-	pstring uni;
-	char *p;
-
-	memset(cli->outbuf,'\0',smb_size);
-	memset(cli->inbuf,'\0',smb_size);
-
-	set_message(cli->outbuf,24,(strlen(fname) + 1) * 2 + 1,True);
-
-	CVAL(cli->outbuf,smb_com) = SMBntcreateX;
-	SSVAL(cli->outbuf,smb_tid,cli->cnum);
-	cli_setup_packet(cli);
-
-	SSVAL(cli->outbuf,smb_vwv0,0xFF);
-	if (cli->use_oplocks)
-		SIVAL(cli->outbuf,smb_ntcreate_Flags, REQUEST_OPLOCK|REQUEST_BATCH_OPLOCK);
-	else 
-		SIVAL(cli->outbuf,smb_ntcreate_Flags, 0);
-	SIVAL(cli->outbuf,smb_ntcreate_RootDirectoryFid, 0x0);
-	SIVAL(cli->outbuf,smb_ntcreate_DesiredAccess, DesiredAccess);
-	SIVAL(cli->outbuf,smb_ntcreate_FileAttributes, 0x0);
-	SIVAL(cli->outbuf,smb_ntcreate_ShareAccess, 0x03);
-	SIVAL(cli->outbuf,smb_ntcreate_CreateDisposition, 0x01);
-	SIVAL(cli->outbuf,smb_ntcreate_CreateOptions, 0x0);
-	SIVAL(cli->outbuf,smb_ntcreate_ImpersonationLevel, 0x02);
-	SSVAL(cli->outbuf,smb_ntcreate_NameLength, strlen(fname) * 2);
-
-	p = smb_buf(cli->outbuf);
-	p++; /* Alignment */
-	pstrcpy(uni, fname);
-	unix_to_dos(uni, True);
-	dos_struni2(p, uni, (strlen(fname) + 1) * 2);
-
-	cli_send_smb(cli);
-	if (!cli_receive_smb(cli)) {
-		return -1;
-	}
-
-	if (CVAL(cli->inbuf,smb_rcls) != 0) {
-		return -1;
-	}
-
-	return SVAL(cli->inbuf,smb_vwv2 + 1);
-}
-
-
-/****************************************************************************
-open a file
 WARNING: if you open with O_WRONLY then getattrE won't work!
 ****************************************************************************/
 int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
@@ -353,7 +314,7 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,15,1 + strlen(fname),True);
+	set_message(cli->outbuf,15,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBopenX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -375,9 +336,9 @@ int cli_open(struct cli_state *cli, char *fname, int flags, int share_mode)
 	}
   
 	p = smb_buf(cli->outbuf);
-	pstrcpy(p,fname);
-	unix_to_dos(p,True);
-	p = skip_string(p,1);
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE | STR_CONVERT);
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -436,7 +397,7 @@ BOOL cli_lock(struct cli_state *cli, int fnum,
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0', smb_size);
 
-	set_message(cli->outbuf,8,10,True);
+	set_message(cli->outbuf,8,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBlockingX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -453,6 +414,11 @@ BOOL cli_lock(struct cli_state *cli, int fnum,
 	SSVAL(p, 0, cli->pid);
 	SIVAL(p, 2, offset);
 	SIVAL(p, 6, len);
+
+	p += 10;
+
+	cli_setup_bcc(cli, p);
+
 	cli_send_smb(cli);
 
         cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 2*1000);
@@ -481,7 +447,7 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len)
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,8,10,True);
+	set_message(cli->outbuf,8,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBlockingX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -498,7 +464,8 @@ BOOL cli_unlock(struct cli_state *cli, int fnum, uint32 offset, uint32 len)
 	SSVAL(p, 0, cli->pid);
 	SIVAL(p, 2, offset);
 	SIVAL(p, 6, len);
-
+	p += 10;
+	cli_setup_bcc(cli, p);
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
 		return False;
@@ -528,7 +495,7 @@ BOOL cli_lock64(struct cli_state *cli, int fnum,
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0', smb_size);
 
-	set_message(cli->outbuf,8,20,True);
+	set_message(cli->outbuf,8,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBlockingX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -543,8 +510,11 @@ BOOL cli_lock64(struct cli_state *cli, int fnum,
 
 	p = smb_buf(cli->outbuf);
 	SIVAL(p, 0, cli->pid);
-	SOFF_T_R(p, 0, offset);
+	SOFF_T_R(p, 4, offset);
 	SOFF_T_R(p, 12, len);
+	p += 20;
+
+	cli_setup_bcc(cli, p);
 	cli_send_smb(cli);
 
         cli->timeout = (timeout == -1) ? 0x7FFFFFFF : (timeout + 2*1000);
@@ -573,7 +543,7 @@ BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,8,20,True);
+	set_message(cli->outbuf,8,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBlockingX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -590,7 +560,8 @@ BOOL cli_unlock64(struct cli_state *cli, int fnum, SMB_BIG_UINT offset, SMB_BIG_
 	SIVAL(p, 0, cli->pid);
 	SOFF_T_R(p, 4, offset);
 	SOFF_T_R(p, 12, len);
-
+	p += 20;
+	cli_setup_bcc(cli, p);
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
 		return False;
@@ -669,16 +640,17 @@ BOOL cli_getatr(struct cli_state *cli, char *fname,
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,0,strlen(fname)+2,True);
+	set_message(cli->outbuf,0,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBgetatr;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
 	cli_setup_packet(cli);
 
 	p = smb_buf(cli->outbuf);
-	*p = 4;
-	pstrcpy(p+1, fname);
-    unix_to_dos(p+1,True);
+	*p++ = 4;
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE | STR_CONVERT);
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -716,7 +688,7 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t)
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,8,strlen(fname)+4,True);
+	set_message(cli->outbuf,8,0,True);
 
 	CVAL(cli->outbuf,smb_com) = SMBsetatr;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -726,11 +698,11 @@ BOOL cli_setatr(struct cli_state *cli, char *fname, uint16 attr, time_t t)
 	put_dos_date3(cli->outbuf,smb_vwv1, t);
 
 	p = smb_buf(cli->outbuf);
-	*p = 4;
-	pstrcpy(p+1, fname);
-    unix_to_dos(p+1,True);
-	p = skip_string(p,1);
-	*p = 4;
+	*p++ = 4;
+	p += clistr_push(cli, p, fname, -1, STR_TERMINATE | STR_CONVERT);
+	*p++ = 4;
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -758,14 +730,15 @@ BOOL cli_chkpath(struct cli_state *cli, char *path)
 	if (!*path2) *path2 = '\\';
 	
 	memset(cli->outbuf,'\0',smb_size);
-	set_message(cli->outbuf,0,4 + strlen(path2),True);
+	set_message(cli->outbuf,0,0,True);
 	SCVAL(cli->outbuf,smb_com,SMBchkpth);
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
 	cli_setup_packet(cli);
 	p = smb_buf(cli->outbuf);
 	*p++ = 4;
-	safe_strcpy(p,path2,strlen(path2));
-	unix_to_dos(p,True);
+	p += clistr_push(cli, p, path2, -1, STR_TERMINATE | STR_CONVERT);
+
+	cli_setup_bcc(cli, p);
 
 	cli_send_smb(cli);
 	if (!cli_receive_smb(cli)) {
@@ -802,3 +775,44 @@ BOOL cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail)
 	return True;
 }
 
+
+/****************************************************************************
+create and open a temporary file
+****************************************************************************/
+int cli_ctemp(struct cli_state *cli, char *path, char **tmp_path)
+{
+	char *p;
+
+	memset(cli->outbuf,'\0',smb_size);
+	memset(cli->inbuf,'\0',smb_size);
+
+	set_message(cli->outbuf,1,strlen(path)+2,True);
+
+	CVAL(cli->outbuf,smb_com) = SMBctemp;
+	SSVAL(cli->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet(cli);
+
+	SSVAL(cli->outbuf,smb_vwv0,0);
+
+	p = smb_buf(cli->outbuf);
+	*p++ = 4;
+	p += clistr_push(cli, p, path, -1, STR_TERMINATE | STR_CONVERT);
+
+	cli_send_smb(cli);
+	if (!cli_receive_smb(cli)) {
+		return -1;
+	}
+
+	if (CVAL(cli->inbuf,smb_rcls) != 0) {
+		return -1;
+	}
+
+	if (tmp_path) {
+		pstring path2;
+		clistr_pull(cli, path2, smb_buf(cli->inbuf)+1, 
+			    sizeof(path2), -1, STR_TERMINATE | STR_CONVERT);
+		*tmp_path = strdup(path2);
+	}
+
+	return SVAL(cli->inbuf,smb_vwv0);
+}
diff --git a/source/libsmb/clilist.c b/source/libsmb/clilist.c
index 2e904e06b7d..a04c691fa49 100644
--- a/source/libsmb/clilist.c
+++ b/source/libsmb/clilist.c
@@ -30,7 +30,8 @@ The length of the structure is returned
 The structure of a long filename depends on the info level. 260 is used
 by NT and 2 is used by OS/2
 ****************************************************************************/
-static int interpret_long_filename(int level,char *p,file_info *finfo)
+static int interpret_long_filename(struct cli_state *cli,
+				   int level,char *p,file_info *finfo)
 {
 	extern file_info def_finfo;
 
@@ -47,8 +48,10 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
 				finfo->mtime = make_unix_date2(p+12);
 				finfo->size = IVAL(p,16);
 				finfo->mode = CVAL(p,24);
-				pstrcpy(finfo->name,p+27);
-				dos_to_unix(finfo->name,True);
+				clistr_pull(cli, finfo->name, p+27,
+					    sizeof(finfo->name),
+					    -1, 
+					    STR_TERMINATE | STR_CONVERT);
 			}
 			return(28 + CVAL(p,26));
 
@@ -60,8 +63,10 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
 				finfo->mtime = make_unix_date2(p+12);
 				finfo->size = IVAL(p,16);
 				finfo->mode = CVAL(p,24);
-				pstrcpy(finfo->name,p+31);
-				dos_to_unix(finfo->name,True);
+				clistr_pull(cli, finfo->name, p+31,
+					    sizeof(finfo->name),
+					    -1, 
+					    STR_TERMINATE | STR_CONVERT);
 			}
 			return(32 + CVAL(p,30));
 
@@ -74,8 +79,10 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
 				finfo->mtime = make_unix_date2(p+16);
 				finfo->size = IVAL(p,20);
 				finfo->mode = CVAL(p,28);
-				pstrcpy(finfo->name,p+33);
-				dos_to_unix(finfo->name,True);
+				clistr_pull(cli, finfo->name, p+33,
+					    sizeof(finfo->name),
+					    -1, 
+					    STR_TERMINATE | STR_CONVERT);
 			}
 			return(SVAL(p,4)+4);
 			
@@ -87,15 +94,17 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
 				finfo->mtime = make_unix_date2(p+16);
 				finfo->size = IVAL(p,20);
 				finfo->mode = CVAL(p,28);
-				pstrcpy(finfo->name,p+37);
-				dos_to_unix(finfo->name,True);
+				clistr_pull(cli, finfo->name, p+37,
+					    sizeof(finfo->name),
+					    -1, 
+					    STR_TERMINATE | STR_CONVERT);
 			}
 			return(SVAL(p,4)+4);
 			
 		case 260: /* NT uses this, but also accepts 2 */
 			if (finfo) {
 				int ret = SVAL(p,0);
-				int namelen, slen;
+				int namelen;
 				p += 4; /* next entry offset */
 				p += 4; /* fileindex */
 				
@@ -122,18 +131,21 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
 				finfo->mode = CVAL(p,0); p += 4;
 				namelen = IVAL(p,0); p += 4;
 				p += 4; /* EA size */
-				slen = SVAL(p, 0);
+				/* slen = SVAL(p, 0); */
 				p += 2; 
-				if (p[1] == 0 && slen > 1) {
-					/* NT has stuffed up again */
-					unistr_to_dos(finfo->short_name, p, slen/2);
-				} else {
-					strncpy(finfo->short_name, p, 12);
-					finfo->short_name[12] = 0;
+				{
+					/* stupid NT bugs. grr */
+					int flags = STR_CONVERT;
+					if (p[1] == 0 && namelen > 1) flags |= STR_UNICODE;
+					clistr_pull(cli, finfo->short_name, p,
+						    sizeof(finfo->short_name),
+						    24, flags);
 				}
 				p += 24; /* short name? */	  
-				StrnCpy(finfo->name,p,MIN(sizeof(finfo->name)-1,namelen));
-				dos_to_unix(finfo->name,True);
+				clistr_pull(cli, finfo->name, p,
+					    sizeof(finfo->name),
+					    namelen, 
+					    STR_CONVERT);
 				return(ret);
 			}
 			return(SVAL(p,0));
@@ -147,12 +159,11 @@ static int interpret_long_filename(int level,char *p,file_info *finfo)
 /****************************************************************************
   do a directory listing, calling fn on each file found
   ****************************************************************************/
-int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, 
-	     void (*fn)(file_info *, const char *))
+int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, 
+		 void (*fn)(file_info *, const char *, void *), void *state)
 {
 	int max_matches = 512;
-	/* NT uses 260, OS/2 uses 2. Both accept 1. */
-	int info_level = cli->protocol<PROTOCOL_NT1?1:260; 
+	int info_level;
 	char *p, *p2;
 	pstring mask;
 	file_info finfo;
@@ -170,9 +181,11 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 	int param_len, data_len;	
 	uint16 setup;
 	pstring param;
-	
+
+	/* NT uses 260, OS/2 uses 2. Both accept 1. */
+	info_level = (cli->capabilities&CAP_NT_SMBS)?260:1;
+
 	pstrcpy(mask,Mask);
-	unix_to_dos(mask,True);
 	
 	while (ff_eos == 0) {
 		loop_count++;
@@ -181,8 +194,6 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 			break;
 		}
 
-		param_len = 12+strlen(mask)+1;
-
 		if (First) {
 			setup = TRANSACT2_FINDFIRST;
 			SSVAL(param,0,attribute); /* attribute */
@@ -190,7 +201,9 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 			SSVAL(param,4,4+2);	/* resume required + close on end */
 			SSVAL(param,6,info_level); 
 			SIVAL(param,8,0);
-			pstrcpy(param+12,mask);
+			p = param+12;
+			p += clistr_push(cli, param+12, mask, -1, 
+					 STR_TERMINATE | STR_CONVERT);
 		} else {
 			setup = TRANSACT2_FINDNEXT;
 			SSVAL(param,0,ff_dir_handle);
@@ -198,14 +211,15 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 			SSVAL(param,4,info_level); 
 			SIVAL(param,6,0); /* ff_resume_key */
 			SSVAL(param,10,8+4+2);	/* continue + resume required + close on end */
-			pstrcpy(param+12,mask);
-
-			DEBUG(5,("hand=0x%X ff_lastname=%d mask=%s\n",
-				 ff_dir_handle,ff_lastname,mask));
+			p = param+12;
+			p += clistr_push(cli, param+12, mask, -1, 
+					 STR_TERMINATE | STR_CONVERT);
 		}
 
+		param_len = PTR_DIFF(p, param);
+
 		if (!cli_send_trans(cli, SMBtrans2, 
-				    NULL, 0,                /* Name, length */
+				    NULL,                   /* Name */
 				    -1, 0,                  /* fid, flags */
 				    &setup, 1, 0,           /* setup, length, max */
 				    param, param_len, 10,   /* param, length, max */
@@ -254,19 +268,24 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 			switch(info_level)
 				{
 				case 260:
-					StrnCpy(mask,p+ff_lastname,
-						MIN(sizeof(mask)-1,data_len-ff_lastname));
+					clistr_pull(cli, mask, p+ff_lastname,
+						    sizeof(mask), 
+						    data_len-ff_lastname,
+						    STR_TERMINATE |
+						    STR_CONVERT);
 					break;
 				case 1:
-					pstrcpy(mask,p + ff_lastname + 1);
+					clistr_pull(cli, mask, p+ff_lastname+1,
+						    sizeof(mask), 
+						    -1,
+						    STR_TERMINATE |
+						    STR_CONVERT);
 					break;
 				}
 		} else {
 			pstrcpy(mask,"");
 		}
  
-		dos_to_unix(mask, True);
- 
 		/* and add them to the dirlist pool */
 		dirlist = Realloc(dirlist,dirlist_len + data_len);
 
@@ -278,7 +297,7 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 		/* put in a length for the last entry, to ensure we can chain entries 
 		   into the next packet */
 		for (p2=p,i=0;i<(ff_searchcount-1);i++)
-			p2 += interpret_long_filename(info_level,p2,NULL);
+			p2 += interpret_long_filename(cli,info_level,p2,NULL);
 		SSVAL(p2,0,data_len - PTR_DIFF(p2,p));
 
 		/* grab the data for later use */
@@ -299,8 +318,8 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 	}
 
 	for (p=dirlist,i=0;i<total_received;i++) {
-		p += interpret_long_filename(info_level,p,&finfo);
-		fn(&finfo, Mask);
+		p += interpret_long_filename(cli,info_level,p,&finfo);
+		fn(&finfo, Mask, state);
 	}
 
 	/* free up the dirlist buffer */
@@ -314,7 +333,7 @@ int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute,
 interpret a short filename structure
 The length of the structure is returned
 ****************************************************************************/
-static int interpret_short_filename(char *p,file_info *finfo)
+static int interpret_short_filename(struct cli_state *cli, char *p,file_info *finfo)
 {
 	extern file_info def_finfo;
 
@@ -326,7 +345,7 @@ static int interpret_short_filename(char *p,file_info *finfo)
 	finfo->ctime = make_unix_date(p+22);
 	finfo->mtime = finfo->atime = finfo->ctime;
 	finfo->size = IVAL(p,26);
-	pstrcpy(finfo->name,p+30);
+	clistr_pull(cli, finfo->name, p+30, sizeof(finfo->name), 12, STR_CONVERT|STR_ASCII);
 	if (strcmp(finfo->name, "..") && strcmp(finfo->name, "."))
 		fstrcpy(finfo->short_name,finfo->name);
 	
@@ -340,7 +359,7 @@ static int interpret_short_filename(char *p,file_info *finfo)
   but should otherwise not be used
   ****************************************************************************/
 int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, 
-		 void (*fn)(file_info *, const char *))
+		 void (*fn)(file_info *, const char *, void *), void *state)
 {
 	char *p;
 	int received = 0;
@@ -360,12 +379,9 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 		memset(cli->outbuf,'\0',smb_size);
 		memset(cli->inbuf,'\0',smb_size);
 
-		if (first)	
-			set_message(cli->outbuf,2,5 + strlen(mask),True);
-		else
-			set_message(cli->outbuf,2,5 + 21,True);
+		set_message(cli->outbuf,2,0,True);
 
-		CVAL(cli->outbuf,smb_com) = SMBffirst;
+		CVAL(cli->outbuf,smb_com) = SMBsearch;
 
 		SSVAL(cli->outbuf,smb_tid,cli->cnum);
 		cli_setup_packet(cli);
@@ -376,21 +392,19 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 		p = smb_buf(cli->outbuf);
 		*p++ = 4;
       
-		if (first)
-			pstrcpy(p,mask);
-		else
-			pstrcpy(p,"");
-		p += strlen(p) + 1;
-      
+		p += clistr_push(cli, p, first?mask:"", -1, STR_TERMINATE|STR_CONVERT);      
 		*p++ = 5;
 		if (first) {
 			SSVAL(p,0,0);
+			p += 2;
 		} else {
 			SSVAL(p,0,21);
 			p += 2;
 			memcpy(p,status,21);
+			p += 21;
 		}
 
+		cli_setup_bcc(cli, p);
 		cli_send_smb(cli);
 		if (!cli_receive_smb(cli)) break;
 
@@ -420,7 +434,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 		memset(cli->outbuf,'\0',smb_size);
 		memset(cli->inbuf,'\0',smb_size);
 
-		set_message(cli->outbuf,2,5 + 21,True);
+		set_message(cli->outbuf,2,0,True);
 		CVAL(cli->outbuf,smb_com) = SMBfclose;
 		SSVAL(cli->outbuf,smb_tid,cli->cnum);
 		cli_setup_packet(cli);
@@ -436,7 +450,9 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 		SSVAL(p, 0, 21);
 		p += 2;
 		memcpy(p,status,21);
+		p += 21;
 		
+		cli_setup_bcc(cli, p);
 		cli_send_smb(cli);
 		if (!cli_receive_smb(cli)) {
 			DEBUG(0,("Error closing search: %s\n",smb_errstr(cli->inbuf)));
@@ -445,10 +461,24 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 
 	for (p=dirlist,i=0;i<num_received;i++) {
 		file_info finfo;
-		p += interpret_short_filename(p,&finfo);
-		fn(&finfo, Mask);
+		p += interpret_short_filename(cli, p,&finfo);
+		fn(&finfo, Mask, state);
 	}
 
 	if (dirlist) free(dirlist);
 	return(num_received);
 }
+
+
+/****************************************************************************
+  do a directory listing, calling fn on each file found
+  this auto-switches between old and new style
+  ****************************************************************************/
+int cli_list(struct cli_state *cli,const char *Mask,uint16 attribute, 
+	     void (*fn)(file_info *, const char *, void *), void *state)
+{
+	if (cli->protocol <= PROTOCOL_LANMAN1) {
+		return cli_list_old(cli, Mask, attribute, fn, state);
+	}
+	return cli_list_new(cli, Mask, attribute, fn, state);
+}
diff --git a/source/libsmb/climessage.c b/source/libsmb/climessage.c
index c15fdbce8c5..87f81754599 100644
--- a/source/libsmb/climessage.c
+++ b/source/libsmb/climessage.c
@@ -41,15 +41,13 @@ BOOL cli_message_start(struct cli_state *cli, char *host, char *username,
 	
 	p = smb_buf(cli->outbuf);
 	*p++ = 4;
-	pstrcpy(p,username);
-	unix_to_dos(p,True);
-	p = skip_string(p,1);
+	p += clistr_push(cli, p, username, -1, 
+			 STR_TERMINATE|STR_CONVERT);
 	*p++ = 4;
-	pstrcpy(p,host);
-	unix_to_dos(p,True);
-	p = skip_string(p,1);
+	p += clistr_push(cli, p, host, -1, 
+			 STR_TERMINATE|STR_CONVERT);
 	
-	set_message(cli->outbuf,0,PTR_DIFF(p,smb_buf(cli->outbuf)),False);
+	cli_setup_bcc(cli, p);
 	
 	cli_send_smb(cli);	
 	
diff --git a/source/libsmb/clirap.c b/source/libsmb/clirap.c
index 085b1c35bb9..5050caf0732 100644
--- a/source/libsmb/clirap.c
+++ b/source/libsmb/clirap.c
@@ -27,18 +27,15 @@
 /****************************************************************************
 Call a remote api on an arbitrary pipe.  takes param, data and setup buffers.
 ****************************************************************************/
-BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, int pipe_name_len,
+BOOL cli_api_pipe(struct cli_state *cli, char *pipe_name, 
                   uint16 *setup, uint32 setup_count, uint32 max_setup_count,
                   char *params, uint32 param_count, uint32 max_param_count,
                   char *data, uint32 data_count, uint32 max_data_count,
                   char **rparam, uint32 *rparam_count,
                   char **rdata, uint32 *rdata_count)
 {
-  if (pipe_name_len == 0)
-    pipe_name_len = strlen(pipe_name);
-
   cli_send_trans(cli, SMBtrans, 
-                 pipe_name, pipe_name_len,
+                 pipe_name, 
                  0,0,                         /* fid, flags */
                  setup, setup_count, max_setup_count,
                  params, param_count, max_param_count,
@@ -59,8 +56,8 @@ BOOL cli_api(struct cli_state *cli,
 	     char **rdata, int *rdrcnt)
 {
   cli_send_trans(cli,SMBtrans,
-                 PIPE_LANMAN,strlen(PIPE_LANMAN), /* Name, length */
-                 0,0,                             /* fid, flags */
+                 PIPE_LANMAN,             /* Name */
+                 0,0,                     /* fid, flags */
                  NULL,0,0,                /* Setup, length, max */
                  param, prcnt, mprcnt,    /* Params, length, max */
                  data, drcnt, mdrcnt      /* Data, length, max */ 
@@ -137,7 +134,7 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
 /****************************************************************************
 call a NetShareEnum - try and browse available connections on a host
 ****************************************************************************/
-int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *))
+int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, const char *, void *), void *state)
 {
 	char *rparam = NULL;
 	char *rdata = NULL;
@@ -182,9 +179,12 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, co
 					int type = SVAL(p,14);
 					int comment_offset = IVAL(p,16) & 0xFFFF;
 					char *cmnt = comment_offset?(rdata+comment_offset-converter):"";
-					dos_to_unix(sname,True);
-					dos_to_unix(cmnt,True);
-					fn(sname, type, cmnt);
+					pstring s1, s2;
+
+					pstrcpy(s1, dos_to_unix(sname, False));
+					pstrcpy(s2, dos_to_unix(cmnt, False));
+
+					fn(s1, type, s2, state);
 				}
 			} else {
 				DEBUG(4,("NetShareEnum res=%d\n", res));
@@ -210,7 +210,8 @@ The callback function takes 3 arguments: the machine name, the server type and
 the comment.
 ****************************************************************************/
 BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
-		       void (*fn)(const char *, uint32, const char *))
+		       void (*fn)(const char *, uint32, const char *, void *),
+		       void *state)
 {
 	char *rparam = NULL;
 	char *rdata = NULL;
@@ -219,7 +220,7 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
 	pstring param;
 	int uLevel = 1;
 	int count = -1;
-  
+
 	/* send a SMBtrans command with api NetServerEnum */
 	p = param;
 	SSVAL(p,0,0x68); /* api number */
@@ -228,17 +229,16 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
 	p = skip_string(p,1);
   
 	pstrcpy(p,"B16BBDz");
-  
+
 	p = skip_string(p,1);
 	SSVAL(p,0,uLevel);
 	SSVAL(p,2,CLI_BUFFER_SIZE);
 	p += 4;
 	SIVAL(p,0,stype);
 	p += 4;
-	
-	pstrcpy(p, workgroup);
-	unix_to_dos(p, True);
-	p = skip_string(p,1);
+
+	p += clistr_push(cli, p, workgroup, -1, 
+			 STR_TERMINATE | STR_CONVERT | STR_ASCII);
 	
 	if (cli_api(cli, 
                     param, PTR_DIFF(p,param), 8,        /* params, length, max */
@@ -259,13 +259,15 @@ BOOL cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32 stype,
 				char *sname = p;
 				int comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
 				char *cmnt = comment_offset?(rdata+comment_offset):"";
+				pstring s1, s2;
+
 				if (comment_offset < 0 || comment_offset > rdrcnt) continue;
 
 				stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
 
-				dos_to_unix(sname, True);
-				dos_to_unix(cmnt, True);
-				fn(sname, stype, cmnt);
+				pstrcpy(s1, dos_to_unix(sname, False));
+				pstrcpy(s2, dos_to_unix(cmnt, False));
+				fn(s1, stype, s2, state);
 			}
 		}
 	}
@@ -349,7 +351,7 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char
   data_len = 532;
     
   if (cli_send_trans(cli,SMBtrans,
-                    PIPE_LANMAN,strlen(PIPE_LANMAN),      /* name, length */
+                    PIPE_LANMAN,                          /* name */
                     0,0,                                  /* fid, flags */
                     NULL,0,0,                             /* setup, length, max */
                     param,param_len,2,                    /* param, length, max */
@@ -391,17 +393,19 @@ BOOL cli_qpathinfo(struct cli_state *cli, const char *fname,
 	int count=8;
 	BOOL ret;
 	time_t (*date_fn)(void *);
+	char *p;
 
-	param_len = strlen(fname) + 7;
+	p = param;
+	memset(p, 0, 6);
+	SSVAL(p, 0, SMB_INFO_STANDARD);
+	p += 6;
+	p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE | STR_CONVERT);
 
-	memset(param, 0, param_len);
-	SSVAL(param, 0, SMB_INFO_STANDARD);
-	pstrcpy(&param[6], fname);
-    unix_to_dos(&param[6],True);
+	param_len = PTR_DIFF(p, param);
 
 	do {
 		ret = (cli_send_trans(cli, SMBtrans2, 
-				      NULL, 0,        /* Name, length */
+				      NULL,           /* Name */
 				      -1, 0,          /* fid, flags */
 				      &setup, 1, 0,   /* setup, length, max */
 				      param, param_len, 10, /* param, length, max */
@@ -465,16 +469,18 @@ BOOL cli_qpathinfo2(struct cli_state *cli, const char *fname,
 	uint16 setup = TRANSACT2_QPATHINFO;
 	pstring param;
 	char *rparam=NULL, *rdata=NULL;
+	char *p;
 
-	param_len = strlen(fname) + 7;
+	p = param;
+	memset(p, 0, 6);
+	SSVAL(p, 0, SMB_QUERY_FILE_ALL_INFO);
+	p += 6;
+	p += clistr_push(cli, p, fname, sizeof(pstring)-6, STR_TERMINATE | STR_CONVERT);
 
-	memset(param, 0, param_len);
-	SSVAL(param, 0, SMB_QUERY_FILE_ALL_INFO);
-	pstrcpy(&param[6], fname);
-    unix_to_dos(&param[6],True);
+	param_len = PTR_DIFF(p, param);
 
 	if (!cli_send_trans(cli, SMBtrans2, 
-                            NULL, 0,                      /* name, length */
+                            NULL,                         /* name */
                             -1, 0,                        /* fid, flags */
                             &setup, 1, 0,                 /* setup, length, max */
                             param, param_len, 10,         /* param, length, max */
@@ -546,7 +552,7 @@ BOOL cli_qfileinfo(struct cli_state *cli, int fnum,
 	SSVAL(param, 2, SMB_QUERY_FILE_ALL_INFO);
 
 	if (!cli_send_trans(cli, SMBtrans2, 
-                            NULL, 0,                        /* name, length */
+                            NULL,                           /* name */
                             -1, 0,                          /* fid, flags */
                             &setup, 1, 0,                   /* setup, length, max */
                             param, param_len, 2,            /* param, length, max */
@@ -592,3 +598,46 @@ BOOL cli_qfileinfo(struct cli_state *cli, int fnum,
 	return True;
 }
 
+/****************************************************************************
+send a qfileinfo call
+****************************************************************************/
+BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char *outdata)
+{
+	int data_len = 0;
+	int param_len = 0;
+	uint16 setup = TRANSACT2_QFILEINFO;
+	pstring param;
+	char *rparam=NULL, *rdata=NULL;
+
+	/* if its a win95 server then fail this - win95 totally screws it
+	   up */
+	if (cli->win95) return False;
+
+	param_len = 4;
+
+	memset(param, 0, param_len);
+	SSVAL(param, 0, fnum);
+	SSVAL(param, 2, level);
+
+	if (!cli_send_trans(cli, SMBtrans2, 
+                            NULL,                           /* name */
+                            -1, 0,                          /* fid, flags */
+                            &setup, 1, 0,                   /* setup, length, max */
+                            param, param_len, 2,            /* param, length, max */
+                            NULL, data_len, cli->max_xmit   /* data, length, max */
+                           )) {
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+                               &rparam, &param_len,
+                               &rdata, &data_len)) {
+		return False;
+	}
+
+	memcpy(outdata, rdata, data_len);
+
+	if (rdata) free(rdata);
+	if (rparam) free(rparam);
+	return True;
+}
diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c
index 86a51da8352..458532cb2ed 100644
--- a/source/libsmb/clireadwrite.c
+++ b/source/libsmb/clireadwrite.c
@@ -26,7 +26,8 @@
 /****************************************************************************
 issue a single SMBread and don't wait for a reply
 ****************************************************************************/
-static void cli_issue_read(struct cli_state *cli, int fnum, off_t offset, 
+
+static BOOL cli_issue_read(struct cli_state *cli, int fnum, off_t offset, 
 			   size_t size, int i)
 {
 	memset(cli->outbuf,'\0',smb_size);
@@ -45,92 +46,88 @@ static void cli_issue_read(struct cli_state *cli, int fnum, off_t offset,
 	SSVAL(cli->outbuf,smb_vwv6,size);
 	SSVAL(cli->outbuf,smb_mid,cli->mid + i);
 
-	cli_send_smb(cli);
+	return cli_send_smb(cli);
 }
 
 /****************************************************************************
-  read from a file
+  Read size bytes at offset offset using SMBreadX.
 ****************************************************************************/
-size_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+
+ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
 {
+	uint32 ecode;
+	uint8 eclass;
 	char *p;
-	int total = -1;
-	int issued=0;
-	int received=0;
-/*
- * There is a problem in this code when mpx is more than one.
- * for some reason files can get corrupted when being read.
- * Until we understand this fully I am serializing reads (one
- * read/one reply) for now. JRA.
- */
-#if 0
-	int mpx = MAX(cli->max_mux-1, 1); 
-#else
-	int mpx = 1;
-#endif
-	int block = (cli->max_xmit - (smb_size+32)) & ~1023;
-	int mid;
-	int blocks = (size + (block-1)) / block;
+	int size2;
+	int readsize;
+	ssize_t total = 0;
 
-	if (size == 0) return 0;
+	if (size == 0) 
+		return 0;
 
-	while (received < blocks) {
-		int size2;
+	/*
+	 * Set readsize to the maximum size we can handle in one readX,
+	 * rounded down to a multiple of 1024.
+	 */
 
-		while (issued - received < mpx && issued < blocks) {
-			int size1 = MIN(block, size-issued*block);
-			cli_issue_read(cli, fnum, offset+issued*block, size1, issued);
-			issued++;
-		}
+	readsize = (cli->max_xmit - (smb_size+32)) & ~1023;
 
-		if (!cli_receive_smb(cli)) {
-			return total;
-		}
+	while (total < size) {
+		readsize = MIN(readsize, size-total);
 
-		received++;
-		mid = SVAL(cli->inbuf, smb_mid) - cli->mid;
-		size2 = SVAL(cli->inbuf, smb_vwv5);
+		/* Issue a read and receive a reply */
 
-		if (CVAL(cli->inbuf,smb_rcls) != 0) {
-			blocks = MIN(blocks, mid-1);
-			continue;
-		}
+		if (!cli_issue_read(cli, fnum, offset, readsize, 0))
+			return -1;
 
-		if (size2 <= 0) {
-			blocks = MIN(blocks, mid-1);
-			/* this distinguishes EOF from an error */
-			total = MAX(total, 0);
-			continue;
-		}
+		if (!cli_receive_smb(cli))
+			return -1;
+
+		/*
+		 * Check for error.  Because the client library doesn't support
+		 * STATUS32, we need to check for and ignore the more data error
+		 * for pipe support.
+		 */
 
-		if (size2 > block) {
-			DEBUG(0,("server returned more than we wanted!\n"));
+		if (cli_error(cli, &eclass, &ecode, NULL) &&
+			(eclass != ERRDOS && ecode != ERRmoredata)) {
 			return -1;
 		}
-		if (mid >= issued) {
-			DEBUG(0,("invalid mid from server!\n"));
+
+		size2 = SVAL(cli->inbuf, smb_vwv5);
+
+		if (size2 > readsize) {
+			DEBUG(5,("server returned more than we wanted!\n"));
+			return -1;
+		} else if (size2 < 0) {
+			DEBUG(5,("read return < 0!\n"));
 			return -1;
 		}
+
+		/* Copy data into buffer */
+
 		p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6);
+		memcpy(buf + total, p, size2);
 
-		memcpy(buf+mid*block, p, size2);
+		total += size2;
+		offset += size2;
 
-		total = MAX(total, mid*block + size2);
-	}
+		/*
+		 * If the server returned less than we asked for we're at EOF.
+		 */
 
-	while (received < issued) {
-		cli_receive_smb(cli);
-		received++;
+		if (size2 < readsize)
+			break;
 	}
-	
+
 	return total;
 }
 
-
 /****************************************************************************
 issue a single SMBwrite and don't wait for a reply
 ****************************************************************************/
-static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint16 mode, char *buf,
+
+static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint16 mode, char *buf,
 			    size_t size, int i)
 {
 	char *p;
@@ -138,7 +135,10 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint1
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	set_message(cli->outbuf,12,size,True);
+	if (size > 0xFFFF)
+		set_message(cli->outbuf,14,0,True);
+	else
+		set_message(cli->outbuf,12,0,True);
 	
 	CVAL(cli->outbuf,smb_com) = SMBwriteX;
 	SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -152,17 +152,19 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint1
 	SSVAL(cli->outbuf,smb_vwv7,mode);
 
 	SSVAL(cli->outbuf,smb_vwv8,(mode & 0x0008) ? size : 0);
+	SSVAL(cli->outbuf,smb_vwv9,((size>>16)&1));
 	SSVAL(cli->outbuf,smb_vwv10,size);
 	SSVAL(cli->outbuf,smb_vwv11,
 	      smb_buf(cli->outbuf) - smb_base(cli->outbuf));
 	
 	p = smb_base(cli->outbuf) + SVAL(cli->outbuf,smb_vwv11);
 	memcpy(p, buf, size);
+	cli_setup_bcc(cli, p+size);
 
 	SSVAL(cli->outbuf,smb_mid,cli->mid + i);
 	
 	show_msg(cli->outbuf);
-	cli_send_smb(cli);
+	return cli_send_smb(cli);
 }
 
 /****************************************************************************
@@ -172,6 +174,7 @@ static void cli_issue_write(struct cli_state *cli, int fnum, off_t offset, uint1
               0x0004 use raw named pipe protocol
               0x0008 start of message mode named pipe protocol
 ****************************************************************************/
+
 ssize_t cli_write(struct cli_state *cli,
 		  int fnum, uint16 write_mode,
 		  char *buf, off_t offset, size_t size)
@@ -185,45 +188,39 @@ ssize_t cli_write(struct cli_state *cli,
 
 	while (received < blocks) {
 
-		while ((issued - received < mpx) && (issued < blocks))
-		{
+		while ((issued - received < mpx) && (issued < blocks)) {
 			int bsent = issued * block;
 			int size1 = MIN(block, size - bsent);
 
-			cli_issue_write(cli, fnum, offset + bsent,
+			if (!cli_issue_write(cli, fnum, offset + bsent,
 			                write_mode,
 			                buf + bsent,
-					size1, issued);
+					size1, issued))
+				return -1;
 			issued++;
 		}
 
 		if (!cli_receive_smb(cli))
-		{
 			return bwritten;
-		}
 
 		received++;
 
 		if (CVAL(cli->inbuf,smb_rcls) != 0)
-		{
 			break;
-		}
 
 		bwritten += SVAL(cli->inbuf, smb_vwv2);
 	}
 
 	while (received < issued && cli_receive_smb(cli))
-	{
 		received++;
-	}
 	
 	return bwritten;
 }
 
-
 /****************************************************************************
   write to a file using a SMBwrite and not bypassing 0 byte writes
 ****************************************************************************/
+
 ssize_t cli_smbwrite(struct cli_state *cli,
 		     int fnum, char *buf, off_t offset, size_t size1)
 {
@@ -236,7 +233,7 @@ ssize_t cli_smbwrite(struct cli_state *cli,
 		memset(cli->outbuf,'\0',smb_size);
 		memset(cli->inbuf,'\0',smb_size);
 
-		set_message(cli->outbuf,5, 3 + size,True);
+		set_message(cli->outbuf,5, 0,True);
 
 		CVAL(cli->outbuf,smb_com) = SMBwrite;
 		SSVAL(cli->outbuf,smb_tid,cli->cnum);
@@ -249,20 +246,23 @@ ssize_t cli_smbwrite(struct cli_state *cli,
 		
 		p = smb_buf(cli->outbuf);
 		*p++ = 1;
-		SSVAL(p, 0, size);
-		memcpy(p+2, buf, size);
+		SSVAL(p, 0, size); p += 2;
+		memcpy(p, buf, size); p += size;
+
+		cli_setup_bcc(cli, p);
 		
-		cli_send_smb(cli);
-		if (!cli_receive_smb(cli)) {
+		if (!cli_send_smb(cli))
+			return -1;
+
+		if (!cli_receive_smb(cli))
 			return -1;
-		}
 		
-		if (CVAL(cli->inbuf,smb_rcls) != 0) {
+		if (CVAL(cli->inbuf,smb_rcls) != 0)
 			return -1;
-		}
 
 		size = SVAL(cli->inbuf,smb_vwv0);
-		if (size == 0) break;
+		if (size == 0)
+			break;
 
 		size1 -= size;
 		total += size;
@@ -270,4 +270,3 @@ ssize_t cli_smbwrite(struct cli_state *cli,
 
 	return total;
 }
-
diff --git a/source/libsmb/clisecdesc.c b/source/libsmb/clisecdesc.c
index 0b52d625131..69c7d5f73fd 100644
--- a/source/libsmb/clisecdesc.c
+++ b/source/libsmb/clisecdesc.c
@@ -28,12 +28,11 @@
 /****************************************************************************
   query the security descriptor for a open file
   ****************************************************************************/
-SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
+SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd, TALLOC_CTX *mem_ctx)
 {
 	char param[8];
 	char *rparam=NULL, *rdata=NULL;
 	int rparam_count=0, rdata_count=0;
-	TALLOC_CTX *mem_ctx;
 	prs_struct pd;
 	SEC_DESC *psd = NULL;
 
@@ -58,11 +57,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 		goto cleanup;
 	}
 
-	if ((mem_ctx = talloc_init()) == NULL) {
-		DEBUG(0,("talloc_init failed.\n"));
-		goto cleanup;
-	}
-
 	prs_init(&pd, rdata_count, mem_ctx, UNMARSHALL);
 	prs_append_data(&pd, rdata, rdata_count);
 	pd.data_offset = 0;
@@ -74,7 +68,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 
  cleanup:
 
-	talloc_destroy(mem_ctx);
 	safe_free(rparam);
 	safe_free(rdata);
 
@@ -82,9 +75,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 	return psd;
 }
 
-
-
-
 /****************************************************************************
   set the security descriptor for a open file
   ****************************************************************************/
@@ -143,4 +133,3 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
 	prs_mem_free(&pd);
 	return ret;
 }
-
diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c
index 5cd6ae30ce0..d21d179126a 100644
--- a/source/libsmb/clitrans.c
+++ b/source/libsmb/clitrans.c
@@ -28,7 +28,7 @@
   send a SMB trans or trans2 request
   ****************************************************************************/
 BOOL cli_send_trans(struct cli_state *cli, int trans, 
-		    char *name, int pipe_name_len, 
+		    char *pipe_name, 
 		    int fid, int flags,
 		    uint16 *setup, int lsetup, int msetup,
 		    char *param, int lparam, int mparam,
@@ -39,6 +39,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 	int tot_data=0,tot_param=0;
 	char *outdata,*outparam;
 	char *p;
+	int pipe_name_len=0;
 
 	this_lparam = MIN(lparam,cli->max_xmit - (500+lsetup*2)); /* hack */
 	this_ldata = MIN(ldata,cli->max_xmit - (500+lsetup*2+this_lparam));
@@ -49,7 +50,11 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 	SSVAL(cli->outbuf,smb_tid, cli->cnum);
 	cli_setup_packet(cli);
 
-	outparam = smb_buf(cli->outbuf)+(trans==SMBtrans ? pipe_name_len+1 : 3);
+	if (pipe_name) {
+		pipe_name_len = clistr_push(cli, smb_buf(cli->outbuf), pipe_name, -1, STR_TERMINATE);
+	}
+
+	outparam = smb_buf(cli->outbuf)+(trans==SMBtrans ? pipe_name_len : 3);
 	outdata = outparam+this_lparam;
 
 	/* primary request */
@@ -68,9 +73,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 	for (i=0;i<lsetup;i++)		/* setup[] */
 		SSVAL(cli->outbuf,smb_setup+i*2,setup[i]);
 	p = smb_buf(cli->outbuf);
-	if (trans==SMBtrans) {
-		memcpy(p,name, pipe_name_len + 1);  /* name[] */
-	} else {
+	if (trans != SMBtrans) {
 		*p++ = 0;  /* put in a null smb_name */
 		*p++ = 'D'; *p++ = ' ';	/* observed in OS/2 */
 	}
@@ -78,8 +81,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 		memcpy(outparam,param,this_lparam);
 	if (this_ldata)			/* data[] */
 		memcpy(outdata,data,this_ldata);
-	set_message(cli->outbuf,14+lsetup,		/* wcnt, bcc */
-		    PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False);
+	cli_setup_bcc(cli, outdata+this_ldata);
 
 	show_msg(cli->outbuf);
 	cli_send_smb(cli);
@@ -119,8 +121,7 @@ BOOL cli_send_trans(struct cli_state *cli, int trans,
 				memcpy(outparam,param+tot_param,this_lparam);
 			if (this_ldata)			/* data[] */
 				memcpy(outdata,data+tot_data,this_ldata);
-			set_message(cli->outbuf,trans==SMBtrans?8:9, /* wcnt, bcc */
-				    PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False);
+			cli_setup_bcc(cli, outdata+this_ldata);
 			
 			show_msg(cli->outbuf);
 			cli_send_smb(cli);
@@ -288,8 +289,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
 	if (this_ldata)			/* data[] */
 		memcpy(outdata,data,this_ldata);
 
-	set_message(cli->outbuf,19+lsetup,		/* wcnt, bcc */
-		    PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False);
+	cli_setup_bcc(cli, outdata+this_ldata);
 
 	show_msg(cli->outbuf);
 	cli_send_smb(cli);
@@ -328,8 +328,7 @@ BOOL cli_send_nt_trans(struct cli_state *cli,
 				memcpy(outparam,param+tot_param,this_lparam);
 			if (this_ldata)			/* data[] */
 				memcpy(outdata,data+tot_data,this_ldata);
-			set_message(cli->outbuf,18,
-				    PTR_DIFF(outdata+this_ldata,smb_buf(cli->outbuf)),False);
+			cli_setup_bcc(cli, outdata+this_ldata);
 			
 			show_msg(cli->outbuf);
 			cli_send_smb(cli);
diff --git a/source/libsmb/namequery.c b/source/libsmb/namequery.c
index 816804753e7..465198dfad4 100644
--- a/source/libsmb/namequery.c
+++ b/source/libsmb/namequery.c
@@ -190,6 +190,96 @@ BOOL name_status_find(int type, struct in_addr to_ip, char *name)
 	return True;
 }
 
+/****************************************************************************
+ Do a NetBIOS name registation to try to claim a name ...
+***************************************************************************/
+BOOL name_register(int fd, const char *name, int name_type,
+		   struct in_addr name_ip, int opcode,
+		   BOOL bcast, 
+		   struct in_addr to_ip, int *count)
+{
+  int retries = 3;
+  struct timeval tval;
+  struct packet_struct p;
+  struct packet_struct *p2;
+  struct nmb_packet *nmb = &p.packet.nmb;
+  struct in_addr register_ip;
+
+  DEBUG(4, ("name_register: %s as %s on %s\n", name, inet_ntoa(name_ip), inet_ntoa(to_ip)));
+
+  register_ip.s_addr = name_ip.s_addr;  /* Fix this ... */
+  
+  bzero((char *)&p, sizeof(p));
+
+  *count = 0;
+
+  nmb->header.name_trn_id = generate_trn_id();
+  nmb->header.opcode = opcode;
+  nmb->header.response = False;
+  nmb->header.nm_flags.bcast = False;
+  nmb->header.nm_flags.recursion_available = False;
+  nmb->header.nm_flags.recursion_desired = True;  /* ? */
+  nmb->header.nm_flags.trunc = False;
+  nmb->header.nm_flags.authoritative = True;
+
+  nmb->header.qdcount = 1;
+  nmb->header.ancount = 0;
+  nmb->header.nscount = 0;
+  nmb->header.arcount = 1;
+
+  make_nmb_name(&nmb->question.question_name, name, name_type);
+
+  nmb->question.question_type = 0x20;
+  nmb->question.question_class = 0x1;
+
+  /* Now, create the additional stuff for a registration request */
+
+  if ((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) {
+
+    DEBUG(0, ("name_register: malloc fail for additional record.\n"));
+    return False;
+
+  }
+
+  bzero((char *)nmb->additional, sizeof(struct res_rec));
+
+  nmb->additional->rr_name  = nmb->question.question_name;
+  nmb->additional->rr_type  = RR_TYPE_NB;
+  nmb->additional->rr_class = RR_CLASS_IN;
+
+  /* See RFC 1002, sections 5.1.1.1, 5.1.1.2 and 5.1.1.3 */
+  if (nmb->header.nm_flags.bcast)
+    nmb->additional->ttl = PERMANENT_TTL;
+  else
+    nmb->additional->ttl = lp_max_ttl();
+
+  nmb->additional->rdlength = 6;
+
+  nmb->additional->rdata[0] = NB_MFLAG & 0xFF;
+
+  /* Set the address for the name we are registering. */
+  putip(&nmb->additional->rdata[2], &register_ip);
+
+  p.ip = to_ip;
+  p.port = NMB_PORT;
+  p.fd = fd;
+  p.timestamp = time(NULL);
+  p.packet_type = NMB_PACKET;
+
+  GetTimeOfDay(&tval);
+
+  if (!send_packet(&p))
+    return False;
+
+  retries--;
+
+  if ((p2 = receive_nmb_packet(fd, 10, nmb->header.name_trn_id))) {
+    debug_nmb_packet(p2);
+    free(p2);  /* No memory leaks ... */
+  }
+
+  return True;
+}
 
 /****************************************************************************
  Do a netbios name query to find someones IP.
@@ -456,6 +546,65 @@ void endlmhosts(FILE *fp)
   fclose(fp);
 }
 
+BOOL name_register_wins(const char *name, int name_type)
+{
+  int sock, i, return_count;
+  int num_interfaces = iface_count();
+  struct in_addr sendto_ip;
+
+  /*
+   * Do a broadcast register ...
+   */
+
+  if (!lp_wins_server())
+    return False;
+
+  DEBUG(4, ("name_register_wins:Registering my name %s on %s\n", name, lp_wins_server()));
+
+  sock = open_socket_in(SOCK_DGRAM, 0, 3, 
+			interpret_addr("0.0.0.0"), True);
+
+  if (sock == -1) return False;
+
+  set_socket_options(sock, "SO_BROADCAST");
+
+  sendto_ip.s_addr = inet_addr(lp_wins_server());
+
+  if (num_interfaces > 1) {
+
+    for (i = 0; i < num_interfaces; i++) {
+      
+      if (!name_register(sock, name, name_type, *iface_n_ip(i), 
+			 NMB_NAME_MULTIHOMED_REG_OPCODE,
+			 True, sendto_ip, &return_count)) {
+
+	close(sock);
+	return False;
+
+      }
+
+    }
+
+  }
+  else {
+
+    if (!name_register(sock, name, name_type, *iface_n_ip(0),
+		       NMB_NAME_REG_OPCODE,
+		       True, sendto_ip, &return_count)) {
+
+      close(sock);
+      return False;
+
+    }
+
+  }
+
+  close(sock);
+
+  return True;
+
+}
+
 /********************************************************
  Resolve via "bcast" method.
 *********************************************************/
@@ -623,7 +772,7 @@ static BOOL resolve_hosts(const char *name,
 
 	DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x20>\n", name));
 	
-	if (((hp = Get_Hostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
+	if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
 		struct in_addr return_ip;
 		putip((char *)&return_ip,(char *)hp->h_addr);
 		*return_iplist = (struct in_addr *)malloc(sizeof(struct in_addr));
diff --git a/source/libsmb/pwd_cache.c b/source/libsmb/pwd_cache.c
index 26b1d192f09..420b49ed2e7 100644
--- a/source/libsmb/pwd_cache.c
+++ b/source/libsmb/pwd_cache.c
@@ -103,11 +103,21 @@ void pwd_read(struct pwd_info *pwd, char *passwd_report, BOOL do_encrypt)
 
 	user_pass = (char*)getpass(passwd_report);
 
+	/*
+	 * Do not assume that an empty string is a NULL password.
+	 * If you do this will break the session key generation for
+	 * and account with an emtpy password.  If you wish to use
+	 * a NULL password, use the -N option to smbclient and rpcclient
+	 * --jerry
+	 */
+#if 0
 	if (user_pass == NULL || user_pass[0] == 0)
 	{
 		pwd_set_nullpwd(pwd);
 	}
 	else if (do_encrypt)
+#endif
+	if (do_encrypt)
 	{
 		pwd_make_lm_nt_16(pwd, user_pass);
 	}
diff --git a/source/libsmb/smbdes.c b/source/libsmb/smbdes.c
index d0e1c6e85fb..7e8a9a5b89e 100644
--- a/source/libsmb/smbdes.c
+++ b/source/libsmb/smbdes.c
@@ -381,7 +381,7 @@ void SamOEMhash( unsigned char *data, unsigned char *key, int val)
      s_box[ind] = s_box[j];
      s_box[j] = tc;
   }
-  for( ind = 0; ind < (val ? 516 : 16); ind++)
+  for( ind = 0; ind < val; ind++)
   {
     unsigned char tc;
     unsigned char t;
diff --git a/source/libsmb/smbencrypt.c b/source/libsmb/smbencrypt.c
index caf92567879..7efb2bb9b31 100644
--- a/source/libsmb/smbencrypt.c
+++ b/source/libsmb/smbencrypt.c
@@ -223,7 +223,7 @@ BOOL make_oem_passwd_hash(char data[516], const char *passwd, uchar old_pw_hash[
 	DEBUG(100,("make_oem_passwd_hash\n"));
 	dump_data(100, data, 516);
 #endif
-	SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, True);
+	SamOEMhash( (unsigned char *)data, (unsigned char *)old_pw_hash, 516);
 
 	return True;
 }
diff --git a/source/libsmb/unexpected.c b/source/libsmb/unexpected.c
index 6c5dd611a9c..4aa566de5b2 100644
--- a/source/libsmb/unexpected.c
+++ b/source/libsmb/unexpected.c
@@ -49,7 +49,7 @@ void unexpected_packet(struct packet_struct *p)
 	int len=0;
 
 	if (!tdbd) {
-		tdbd = tdb_open(lock_path("unexpected.tdb"), 1, 
+		tdbd = tdb_open_log(lock_path("unexpected.tdb"), 1, 
 			       TDB_CLEAR_IF_FIRST,
 			       O_RDWR | O_CREAT, 0644);
 		if (!tdbd) {
@@ -151,7 +151,7 @@ struct packet_struct *receive_unexpected(enum packet_type packet_type, int id,
 {
 	TDB_CONTEXT *tdb2;
 
-	tdb2 = tdb_open(lock_path("unexpected.tdb"), 0, 0, O_RDONLY, 0);
+	tdb2 = tdb_open_log(lock_path("unexpected.tdb"), 0, 0, O_RDONLY, 0);
 	if (!tdb2) return NULL;
 
 	matched_packet = NULL;
diff --git a/source/locking/brlock.c b/source/locking/brlock.c
index 175ab5c9b0a..7f3ec6757e3 100644
--- a/source/locking/brlock.c
+++ b/source/locking/brlock.c
@@ -113,12 +113,16 @@ static BOOL brl_conflict(struct lock_struct *lck1,
 
 
 /****************************************************************************
-delete a record if it is for a dead process
+ Delete a record if it is for a dead process, if check_self is true, then
+ delete any records belonging to this pid also (there shouldn't be any).
 ****************************************************************************/
+
 static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
 {
 	struct lock_struct *locks;
 	int count, i;
+	BOOL check_self = *(BOOL *)state;
+	pid_t mypid = sys_getpid();
 
 	tdb_chainlock(tdb, kbuf);
 
@@ -128,7 +132,20 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat
 	for (i=0; i<count; i++) {
 		struct lock_struct *lock = &locks[i];
 
-		if (process_exists(lock->context.pid)) continue;
+		/* If check_self is true we want to remove our own records. */
+		if (check_self && (mypid == lock->context.pid)) {
+
+			DEBUG(0,("brlock : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n",
+					(unsigned int)lock->context.pid ));
+
+		} else if (process_exists(lock->context.pid)) {
+
+			DEBUG(10,("brlock : delete_fn. pid %u exists.\n", (unsigned int)lock->context.pid ));
+			continue;
+		}
+
+		DEBUG(10,("brlock : delete_fn. Deleting record for process %u\n",
+				(unsigned int)lock->context.pid ));
 
 		if (count > 1 && i < count-1) {
 			memmove(&locks[i], &locks[i+1], 
@@ -152,10 +169,14 @@ static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *stat
 /****************************************************************************
  Open up the brlock.tdb database.
 ****************************************************************************/
+
 void brl_init(int read_only)
 {
-	if (tdb) return;
-	tdb = tdb_open(lock_path("brlock.tdb"), 0, TDB_CLEAR_IF_FIRST, 
+	BOOL check_self = False;
+
+	if (tdb)
+		return;
+	tdb = tdb_open_log(lock_path("brlock.tdb"), 0, TDB_CLEAR_IF_FIRST, 
 		       read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
 	if (!tdb) {
 		DEBUG(0,("Failed to open byte range locking database\n"));
@@ -163,11 +184,27 @@ void brl_init(int read_only)
 	}
 
 	/* delete any dead locks */
-	if (!read_only) {
-		tdb_traverse(tdb, delete_fn, NULL);
-	}
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
 }
 
+/****************************************************************************
+ Close down the brlock.tdb database.
+****************************************************************************/
+
+void brl_shutdown(int read_only)
+{
+	BOOL check_self = True;
+
+	if (!tdb)
+		return;
+
+	/* delete any dead locks */
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
+
+	tdb_close(tdb);
+}
 
 /****************************************************************************
  Lock a range of bytes.
@@ -304,13 +341,33 @@ smbpid = %u, pid = %u, tid = %u\n",
 }
 
 /****************************************************************************
+ Check to see if this lock conflicts, but ignore our own locks on the
+ same fnum only.
+****************************************************************************/
+
+static BOOL brl_conflict_other(struct lock_struct *lck1, struct lock_struct *lck2)
+{
+	if (lck1->lock_type == READ_LOCK && lck2->lock_type == READ_LOCK) 
+		return False;
+
+	if (brl_same_context(&lck1->context, &lck2->context) &&
+				lck1->fnum == lck2->fnum)
+		return False;
+
+	if (lck1->start >= (lck2->start + lck2->size) ||
+	    lck2->start >= (lck1->start + lck1->size)) return False;
+	    
+	return True;
+} 
+
+/****************************************************************************
  Test if we could add a lock if we wanted to.
 ****************************************************************************/
 
 BOOL brl_locktest(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 		  uint16 smbpid, pid_t pid, uint16 tid,
 		  br_off start, br_off size, 
-		  enum brl_type lock_type)
+		  enum brl_type lock_type, int check_self)
 {
 	TDB_DATA kbuf, dbuf;
 	int count, i;
@@ -336,8 +393,15 @@ BOOL brl_locktest(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
 		locks = (struct lock_struct *)dbuf.dptr;
 		count = dbuf.dsize / sizeof(*locks);
 		for (i=0; i<count; i++) {
-			if (brl_conflict(&locks[i], &lock)) {
-				goto fail;
+			if (check_self) {
+				if (brl_conflict(&locks[i], &lock))
+					goto fail;
+			} else {
+				/*
+				 * Our own locks don't conflict.
+				 */
+				if (brl_conflict_other(&locks[i], &lock))
+					goto fail;
 			}
 		}
 	}
diff --git a/source/locking/locking.c b/source/locking/locking.c
index 5824287e913..067b1dc0ddf 100644
--- a/source/locking/locking.c
+++ b/source/locking/locking.c
@@ -37,7 +37,7 @@
 
 #include "includes.h"
 extern int DEBUGLEVEL;
-int global_smbpid;
+uint16 global_smbpid;
 
 /* the locking database handle */
 static TDB_CONTEXT *tdb;
@@ -53,11 +53,14 @@ static const char *lock_type_name(enum brl_type lock_type)
 
 /****************************************************************************
  Utility function called to see if a file region is locked.
+ If check_self is True, then checks on our own fd with the same locking context
+ are still made. If check_self is False, then checks are not made on our own fd
+ with the same locking context are not made.
 ****************************************************************************/
 
 BOOL is_locked(files_struct *fsp,connection_struct *conn,
 	       SMB_BIG_UINT count,SMB_BIG_UINT offset, 
-	       enum brl_type lock_type)
+	       enum brl_type lock_type, BOOL check_self)
 {
 	int snum = SNUM(conn);
 	BOOL ret;
@@ -70,16 +73,25 @@ BOOL is_locked(files_struct *fsp,connection_struct *conn,
 
 	ret = !brl_locktest(fsp->dev, fsp->inode, fsp->fnum,
 			     global_smbpid, sys_getpid(), conn->cnum, 
-			     offset, count, lock_type);
+			     offset, count, lock_type, check_self);
+
+	DEBUG(10,("is_locked: brl start=%.0f len=%.0f %s for file %s\n",
+			(double)offset, (double)count, ret ? "locked" : "unlocked",
+			fsp->fsp_name ));
 
 	/*
 	 * There is no lock held by an SMB daemon, check to
 	 * see if there is a POSIX lock from a UNIX or NFS process.
 	 */
 
-	if(!ret && lp_posix_locking(snum))
+	if(!ret && lp_posix_locking(snum)) {
 		ret = is_posix_locked(fsp, offset, count, lock_type);
 
+		DEBUG(10,("is_locked: posix start=%.0f len=%.0f %s for file %s\n",
+				(double)offset, (double)count, ret ? "locked" : "unlocked",
+				fsp->fsp_name ));
+	}
+
 	return ret;
 }
 
@@ -87,7 +99,7 @@ BOOL is_locked(files_struct *fsp,connection_struct *conn,
  Utility function called by locking requests.
 ****************************************************************************/
 
-BOOL do_lock(files_struct *fsp,connection_struct *conn,
+BOOL do_lock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
              SMB_BIG_UINT count,SMB_BIG_UINT offset,enum brl_type lock_type,
              int *eclass,uint32 *ecode)
 {
@@ -107,7 +119,7 @@ BOOL do_lock(files_struct *fsp,connection_struct *conn,
 
 	if (OPEN_FSP(fsp) && fsp->can_lock && (fsp->conn == conn)) {
 		ok = brl_lock(fsp->dev, fsp->inode, fsp->fnum,
-			      global_smbpid, sys_getpid(), conn->cnum, 
+			      lock_pid, sys_getpid(), conn->cnum, 
 			      offset, count, 
 			      lock_type);
 
@@ -127,7 +139,7 @@ BOOL do_lock(files_struct *fsp,connection_struct *conn,
 				 * lock entry.
 				 */
 				(void)brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
-								global_smbpid, sys_getpid(), conn->cnum, 
+								lock_pid, sys_getpid(), conn->cnum, 
 								offset, count);
 			}
 		}
@@ -145,7 +157,7 @@ BOOL do_lock(files_struct *fsp,connection_struct *conn,
  Utility function called by unlocking requests.
 ****************************************************************************/
 
-BOOL do_unlock(files_struct *fsp,connection_struct *conn,
+BOOL do_unlock(files_struct *fsp,connection_struct *conn, uint16 lock_pid,
                SMB_BIG_UINT count,SMB_BIG_UINT offset, 
 	       int *eclass,uint32 *ecode)
 {
@@ -156,7 +168,7 @@ BOOL do_unlock(files_struct *fsp,connection_struct *conn,
 	
 	if (!OPEN_FSP(fsp) || !fsp->can_lock || (fsp->conn != conn)) {
 		*eclass = ERRDOS;
-		*ecode = ERRlock;
+		*ecode = ERRbadfid;
 		return False;
 	}
 	
@@ -170,12 +182,12 @@ BOOL do_unlock(files_struct *fsp,connection_struct *conn,
 	 */
 
 	ok = brl_unlock(fsp->dev, fsp->inode, fsp->fnum,
-			global_smbpid, sys_getpid(), conn->cnum, offset, count);
+			lock_pid, sys_getpid(), conn->cnum, offset, count);
    
 	if (!ok) {
 		DEBUG(10,("do_unlock: returning ERRlock.\n" ));
 		*eclass = ERRDOS;
-		*ecode = ERRlock;
+		*ecode = ERRnotlocked;
 		return False;
 	}
 
@@ -215,15 +227,74 @@ void locking_close_file(files_struct *fsp)
 }
 
 /****************************************************************************
+ Delete a record if it is for a dead process, if check_self is true, then
+ delete any records belonging to this pid also (there shouldn't be any).
+ This function is only called on locking startup and shutdown.
+****************************************************************************/
+
+static int delete_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
+{
+	struct locking_data *data;
+	share_mode_entry *shares;
+	int i, del_count=0;
+	pid_t mypid = sys_getpid();
+	BOOL check_self = *(BOOL *)state;
+
+	tdb_chainlock(tdb, kbuf);
+
+	data = (struct locking_data *)dbuf.dptr;
+	shares = (share_mode_entry *)(dbuf.dptr + sizeof(*data));
+
+	for (i=0;i<data->num_share_mode_entries;) {
+
+		if (check_self && (shares[i].pid == mypid)) {
+			DEBUG(0,("locking : delete_fn. LOGIC ERROR ! Shutting down and a record for my pid (%u) exists !\n",
+					(unsigned int)shares[i].pid ));
+		} else if (!process_exists(shares[i].pid)) {
+			DEBUG(0,("locking : delete_fn. LOGIC ERROR ! Entry for pid %u and it no longer exists !\n",
+					(unsigned int)shares[i].pid ));
+		} else {
+			/* Process exists, leave this record alone. */
+			i++;
+			continue;
+		}
+
+		data->num_share_mode_entries--;
+		memmove(&shares[i], &shares[i+1],
+		dbuf.dsize - (sizeof(*data) + (i+1)*sizeof(*shares)));
+		del_count++;
+
+	}
+
+	/* the record has shrunk a bit */
+	dbuf.dsize -= del_count * sizeof(*shares);
+
+	/* store it back in the database */
+	if (data->num_share_mode_entries == 0)
+		tdb_delete(ttdb, kbuf);
+	else
+		tdb_store(ttdb, kbuf, dbuf, TDB_REPLACE);
+
+	tdb_chainunlock(tdb, kbuf);
+	return 0;
+}
+
+/****************************************************************************
  Initialise the locking functions.
 ****************************************************************************/
+
+static int open_read_only;
+
 BOOL locking_init(int read_only)
 {
+	BOOL check_self = False;
+
 	brl_init(read_only);
 
-	if (tdb) return True;
+	if (tdb)
+		return True;
 
-	tdb = tdb_open(lock_path("locking.tdb"), 
+	tdb = tdb_open_log(lock_path("locking.tdb"), 
 		       0, TDB_CLEAR_IF_FIRST, 
 		       read_only?O_RDONLY:O_RDWR|O_CREAT,
 		       0644);
@@ -236,15 +307,35 @@ BOOL locking_init(int read_only)
 	if (!posix_locking_init(read_only))
 		return False;
 
+	/* delete any dead locks */
+	if (!read_only)
+		tdb_traverse(tdb, delete_fn, &check_self);
+
+	open_read_only = read_only;
+
 	return True;
 }
 
 /*******************************************************************
  Deinitialize the share_mode management.
 ******************************************************************/
+
 BOOL locking_end(void)
 {
-	if (tdb && tdb_close(tdb) != 0) return False;
+	BOOL check_self = True;
+
+	brl_shutdown(open_read_only);
+	if (tdb) {
+
+		/* delete any dead locks */
+
+		if (!open_read_only)
+			tdb_traverse(tdb, delete_fn, &check_self);
+
+		if (tdb_close(tdb) != 0)
+			return False;
+	}
+
 	return True;
 }
 
diff --git a/source/locking/posix.c b/source/locking/posix.c
index 75fc6272b5a..2a8a7aacd73 100644
--- a/source/locking/posix.c
+++ b/source/locking/posix.c
@@ -25,7 +25,6 @@
 
 #include "includes.h"
 extern int DEBUGLEVEL;
-extern int global_smbpid;
 
 /*
  * The POSIX locking database handle.
@@ -1350,14 +1349,14 @@ BOOL posix_locking_init(int read_only)
 		return True;
 	
 	if (!posix_lock_tdb)
-		posix_lock_tdb = tdb_open(NULL, 0, TDB_INTERNAL,
+		posix_lock_tdb = tdb_open_log(NULL, 0, TDB_INTERNAL,
 					  read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
 	if (!posix_lock_tdb) {
 		DEBUG(0,("Failed to open POSIX byte range locking database.\n"));
 		return False;
 	}
 	if (!posix_pending_close_tdb)
-		posix_pending_close_tdb = tdb_open(NULL, 0, TDB_INTERNAL,
+		posix_pending_close_tdb = tdb_open_log(NULL, 0, TDB_INTERNAL,
 						   read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644);
 	if (!posix_pending_close_tdb) {
 		DEBUG(0,("Failed to open POSIX pending close database.\n"));
diff --git a/source/msdfs/msdfs.c b/source/msdfs/msdfs.c
index b93590fcd24..b2530a3d7f2 100644
--- a/source/msdfs/msdfs.c
+++ b/source/msdfs/msdfs.c
@@ -30,285 +30,298 @@ extern uint32 global_client_caps;
 /**********************************************************************
  Create a tcon relative path from a dfs_path structure
  **********************************************************************/
+
 static void create_nondfs_path(char* pathname, struct dfs_path* pdp)
 {
-  pstrcpy(pathname,pdp->volumename); 
-  pstrcat(pathname,"\\"); 
-  pstrcat(pathname,pdp->restofthepath); 
+	pstrcpy(pathname,pdp->volumename); 
+	pstrcat(pathname,"\\"); 
+	pstrcat(pathname,pdp->restofthepath); 
 }
 
 /**********************************************************************
   Parse the pathname  of the form \hostname\service\volume\restofthepath
   into the dfs_path structure 
  **********************************************************************/
+
 static BOOL parse_dfs_path(char* pathname, struct dfs_path* pdp)
 {
-  pstring pathname_local;
-  char* p,*temp;
-
-  pstrcpy(pathname_local,pathname);
-  p = temp = pathname_local;
-
-  ZERO_STRUCTP(pdp);
-
-  trim_string(temp,"\\","\\");
-  DEBUG(10,("temp in parse_dfs_path: .%s. after trimming \\'s\n",temp));
-
-  /* now tokenize */
-  /* parse out hostname */
-  p = strchr(temp,'\\');
-  if(p == NULL)
-    return False;
-  *p = '\0';
-  pstrcpy(pdp->hostname,temp);
-  DEBUG(10,("hostname: %s\n",pdp->hostname));
-
-  /* parse out servicename */
-  temp = p+1;
-  p = strchr(temp,'\\');
-  if(p == NULL)
-    {
-      pstrcpy(pdp->servicename,temp);
-      return True;
-    }
-  *p = '\0';
-  pstrcpy(pdp->servicename,temp);
-  DEBUG(10,("servicename: %s\n",pdp->servicename));
-
-  /* parse out volumename */
-  temp = p+1;
-  p = strchr(temp,'\\');
-  if(p == NULL)
-    {
-      pstrcpy(pdp->volumename,temp);
-      return True;
-    }
-  *p = '\0';
-  pstrcpy(pdp->volumename,temp);
-  DEBUG(10,("volumename: %s\n",pdp->volumename));
-
-  /* remaining path .. */
-  pstrcpy(pdp->restofthepath,p+1);
-  DEBUG(10,("rest of the path: %s\n",pdp->restofthepath));
-  return True;
+	pstring pathname_local;
+	char* p,*temp;
+
+	pstrcpy(pathname_local,pathname);
+	p = temp = pathname_local;
+
+	ZERO_STRUCTP(pdp);
+
+	trim_string(temp,"\\","\\");
+	DEBUG(10,("temp in parse_dfs_path: .%s. after trimming \\'s\n",temp));
+
+	/* now tokenize */
+	/* parse out hostname */
+	p = strchr(temp,'\\');
+	if(p == NULL)
+		return False;
+	*p = '\0';
+	pstrcpy(pdp->hostname,temp);
+	DEBUG(10,("hostname: %s\n",pdp->hostname));
+
+	/* parse out servicename */
+	temp = p+1;
+	p = strchr(temp,'\\');
+	if(p == NULL) {
+		pstrcpy(pdp->servicename,temp);
+		return True;
+	}
+	*p = '\0';
+	pstrcpy(pdp->servicename,temp);
+	DEBUG(10,("servicename: %s\n",pdp->servicename));
+
+	/* parse out volumename */
+	temp = p+1;
+	p = strchr(temp,'\\');
+	if(p == NULL) {
+		pstrcpy(pdp->volumename,temp);
+		return True;
+	}
+	*p = '\0';
+	pstrcpy(pdp->volumename,temp);
+	DEBUG(10,("volumename: %s\n",pdp->volumename));
+
+	/* remaining path .. */
+	pstrcpy(pdp->restofthepath,p+1);
+	DEBUG(10,("rest of the path: %s\n",pdp->restofthepath));
+	return True;
+}
+
+/********************************************************
+ Fake up a connection struct for the VFS layer.
+*********************************************************/
+
+static BOOL create_conn_struct( connection_struct *conn, int snum, char *path)
+{
+	ZERO_STRUCTP(conn);
+	conn->service = snum;
+	conn->connectpath = path;
+
+	if (!vfs_init(conn)) {
+		DEBUG(0,("create_conn_struct: vfs init failed.\n"));
+		return False;
+	}
+	return True;
 }
 
 /**********************************************************************
  Forms a valid Unix pathname from the junction 
  **********************************************************************/
-static BOOL form_path_from_junction(struct junction_map* jn, char* path, 
-				 int max_pathlen)
+
+static BOOL form_path_from_junction(struct junction_map* jn, char* path, int max_pathlen,
+								connection_struct *conn)
 {
-  int snum;
+	int snum;
 
-  if(!path || !jn)
-    return False;
+	if(!path || !jn)
+		return False;
 
-  snum = lp_servicenumber(jn->service_name);
-  if(snum < 0)
-    return False;
+	snum = lp_servicenumber(jn->service_name);
+	if(snum < 0)
+		return False;
 
-  safe_strcpy(path, lp_pathname(snum), max_pathlen-1);
-  safe_strcat(path, "/", max_pathlen-1);
-  strlower(jn->volume_name);
-  safe_strcat(path, jn->volume_name, max_pathlen-1);
-  return True;
+	safe_strcpy(path, lp_pathname(snum), max_pathlen-1);
+	safe_strcat(path, "/", max_pathlen-1);
+	strlower(jn->volume_name);
+	safe_strcat(path, jn->volume_name, max_pathlen-1);
+
+	if (!create_conn_struct(conn, snum, path))
+		return False;
+
+	return True;
 }
 
 /**********************************************************************
  Creates a junction structure from the Dfs pathname
  **********************************************************************/
+
 BOOL create_junction(char* pathname, struct junction_map* jn)
 {
-  struct dfs_path dp;
+	struct dfs_path dp;
   
-  parse_dfs_path(pathname,&dp);
-
-  /* check if path is dfs : check hostname is the first token */
-  if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0))
-     {
-       DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n",
-		dp.hostname, pathname));
-       return False;
-     }
-
-  /* Check for a non-DFS share */
-    if(!lp_msdfs_root(lp_servicenumber(dp.servicename)))
-      {
-	DEBUG(4,("create_junction: %s is not an msdfs root.\n", 
-		 dp.servicename));
-	return False;
-      }
+	parse_dfs_path(pathname,&dp);
+
+	/* check if path is dfs : check hostname is the first token */
+	if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0)) {
+		DEBUG(4,("create_junction: Invalid hostname %s in dfs path %s\n", dp.hostname, pathname));
+		return False;
+	}
 
-  pstrcpy(jn->service_name,dp.servicename);
-  pstrcpy(jn->volume_name,dp.volumename);
-  return True;
+	/* Check for a non-DFS share */
+	if(!lp_msdfs_root(lp_servicenumber(dp.servicename))) {
+		DEBUG(4,("create_junction: %s is not an msdfs root.\n", dp.servicename));
+		return False;
+	}
+
+	pstrcpy(jn->service_name,dp.servicename);
+	pstrcpy(jn->volume_name,dp.volumename);
+	return True;
 }
 
 /**********************************************************************
  Parse the contents of a symlink to verify if it is an msdfs referral
  A valid referral is of the form: msdfs:server1\share1,server2\share2
  **********************************************************************/
+
 static BOOL parse_symlink(char* buf,struct referral** preflist, int* refcount)
 {
-  pstring temp;
-  char* prot;
-  char* alt_path[MAX_REFERRAL_COUNT];
-  int count=0, i;
-  struct referral* reflist;
+	pstring temp;
+	char* prot;
+	char* alt_path[MAX_REFERRAL_COUNT];
+	int count=0, i;
+	struct referral* reflist;
 
-  pstrcpy(temp,buf);
+	pstrcpy(temp,buf);
   
-  prot = strtok(temp,":");
-
-  if(!strequal(prot, "msdfs"))
-    return False;
-
-  /* It's an msdfs referral */
-  if(!preflist) 
-    return True;
-
-  /* parse out the alternate paths */
-  while(((alt_path[count] = strtok(NULL,",")) != NULL) 
-	&& count<MAX_REFERRAL_COUNT)
-    count++;
-
-  DEBUG(10,("parse_symlink: count=%d\n", count));
-  reflist = *preflist = (struct referral*) malloc(count * 
-						  sizeof(struct referral));
-  if(reflist == NULL)
-    {
-      DEBUG(0,("parse_symlink: Malloc failed!\n"));
-      return False;
-    }
+	prot = strtok(temp,":");
+
+	if(!strequal(prot, "msdfs"))
+		return False;
+
+	/* It's an msdfs referral */
+	if(!preflist) 
+		return True;
+
+	/* parse out the alternate paths */
+	while(((alt_path[count] = strtok(NULL,",")) != NULL) && count<MAX_REFERRAL_COUNT)
+		count++;
+
+	DEBUG(10,("parse_symlink: count=%d\n", count));
+
+	reflist = *preflist = (struct referral*) malloc(count * sizeof(struct referral));
+	if(reflist == NULL) {
+		DEBUG(0,("parse_symlink: Malloc failed!\n"));
+		return False;
+	}
   
-  for(i=0;i<count;i++)
-    {
-      /* replace / in the alternate path by a \ */
-      char* p = strchr(alt_path[i],'/');
-      if(p) *p = '\\'; 
-
-      pstrcpy(reflist[i].alternate_path, "\\");
-      pstrcat(reflist[i].alternate_path, alt_path[i]);
-      reflist[i].proximity = 0;
-      reflist[i].ttl = REFERRAL_TTL;
-      DEBUG(10, ("parse_symlink: Created alt path: %s\n",
-		reflist[i].alternate_path));
-    }
-
-  if(refcount)
-    *refcount = count;
-
-  return True;
+	for(i=0;i<count;i++) {
+		/* replace / in the alternate path by a \ */
+		char* p = strchr(alt_path[i],'/');
+		if(p)
+			*p = '\\'; 
+
+		pstrcpy(reflist[i].alternate_path, "\\");
+		pstrcat(reflist[i].alternate_path, alt_path[i]);
+		reflist[i].proximity = 0;
+		reflist[i].ttl = REFERRAL_TTL;
+		DEBUG(10, ("parse_symlink: Created alt path: %s\n", reflist[i].alternate_path));
+	}
+
+	if(refcount)
+		*refcount = count;
+
+	return True;
 }
  
 /**********************************************************************
  Returns true if the unix path is a valid msdfs symlink
  **********************************************************************/
+
 BOOL is_msdfs_link(connection_struct* conn, char* path)
 {
-  SMB_STRUCT_STAT st;
-  pstring referral;
-  int referral_len = 0;
+	SMB_STRUCT_STAT st;
+	pstring referral;
+	int referral_len = 0;
 
-  if(!path || !conn)
-    return False;
+	if(!path || !conn)
+		return False;
 
-  strlower(path);
+	strlower(path);
 
-  if(conn->vfs_ops.lstat(conn,dos_to_unix(path,False),&st) != 0)
-    {
-      DEBUG(5,("is_msdfs_link: %s does not exist.\n",path));
-      return False;
-    }
+	if(conn->vfs_ops.lstat(conn,dos_to_unix(path,False),&st) != 0) {
+		DEBUG(5,("is_msdfs_link: %s does not exist.\n",path));
+		return False;
+	}
   
-  if(S_ISLNK(st.st_mode))
-    {
-      /* open the link and read it */
-      referral_len = readlink(path, referral, sizeof(pstring));
-      if(referral_len == -1)
-	DEBUG(0,("is_msdfs_link: Error reading msdfs link %s: %s\n",
-		 path, strerror(errno)));
-
-      referral[referral_len] = '\0';
-      DEBUG(5,("is_msdfs_link: %s -> %s\n",path,referral));
-      if(parse_symlink(referral, NULL, NULL))
-	return True;
-    }
-  return False;
+	if(S_ISLNK(st.st_mode)) {
+		/* open the link and read it */
+		referral_len = conn->vfs_ops.readlink(conn, path, referral, sizeof(pstring));
+		if(referral_len == -1)
+			DEBUG(0,("is_msdfs_link: Error reading msdfs link %s: %s\n", path, strerror(errno)));
+
+		referral[referral_len] = '\0';
+		DEBUG(5,("is_msdfs_link: %s -> %s\n",path,referral));
+		if(parse_symlink(referral, NULL, NULL))
+			return True;
+	}
+	return False;
 }
 
 /**********************************************************************
  Fills in the junction_map struct with the referrals from the 
  symbolic link
  **********************************************************************/
+
 BOOL get_referred_path(struct junction_map* junction)
 {
-  fstring path;
-  pstring buf;
-  SMB_STRUCT_STAT st;
-  
-  if(!form_path_from_junction(junction, path, sizeof(path)))
-    return False;
+	pstring path;
+	pstring buf;
+	SMB_STRUCT_STAT st;
+	connection_struct conns;
+ 	connection_struct *conn = &conns;
+ 
+	if(!form_path_from_junction(junction, path, sizeof(path), conn))
+		return False;
 
-  DEBUG(5,("get_referred_path: lstat target: %s\n", path));
+	DEBUG(5,("get_referred_path: lstat target: %s\n", path));
   
-  if(lstat(dos_to_unix(path, False),&st) != 0)
-    {
-      DEBUG(5,("get_referred_path: %s does not exist.\n",path));
-      return False;
-    }
+	if(conn->vfs_ops.lstat(conn,dos_to_unix(path, False),&st) != 0) {
+		DEBUG(5,("get_referred_path: %s does not exist.\n",path));
+		return False;
+	}
   
-  if(S_ISLNK(st.st_mode))
-    {
-      /* open the link and read it to get the dfs referral */
-      int linkcnt = 0;
-      linkcnt = readlink(path, buf, sizeof(buf));
-      buf[linkcnt] = '\0';
-      DEBUG(5,("get_referred_path: Referral: %s\n",buf));
-      if(parse_symlink(buf, &junction->referral_list, 
-		       &junction->referral_count))
-	return True;
-    }
-  return False;
+	if(S_ISLNK(st.st_mode)) {
+		/* open the link and read it to get the dfs referral */
+		int linkcnt = 0;
+		linkcnt = conn->vfs_ops.readlink(conn, path, buf, sizeof(buf));
+		buf[linkcnt] = '\0';
+		DEBUG(5,("get_referred_path: Referral: %s\n",buf));
+		if(parse_symlink(buf, &junction->referral_list, &junction->referral_count))
+			return True;
+	}
+	return False;
 }
 
 /**************************************************************
 Decides if given pathname is Dfs and if it should be redirected
 Converts pathname to non-dfs format if Dfs redirection not required 
 **************************************************************/
+
 BOOL dfs_redirect(char* pathname, connection_struct* conn)
 {
-  struct dfs_path dp;
-  pstring temp;
-  fstring path;
-
-  pstrcpy(temp,pathname);
-
-  if(!lp_msdfs_root(SNUM(conn)) )
-    return False;
-
-  parse_dfs_path(pathname,&dp);
-
-  if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0))
-     return False;
-
-  /* check if need to redirect */
-  fstrcpy(path, conn->connectpath);
-  fstrcat(path, "/");
-  fstrcat(path, dp.volumename);
-  if(is_msdfs_link(conn, path))
-    {
-      DEBUG(4,("dfs_redirect: Redirecting %s\n",temp));
-      return True;
-    }
-  else
-    {
-      create_nondfs_path(pathname,&dp);
-      DEBUG(4,("dfs_redirect: Not redirecting %s. Converted to non-dfs pathname \'%s\'\n",
-	       temp,pathname));
-      return False;
-    }
+	struct dfs_path dp;
+	pstring temp;
+	fstring path;
+
+	pstrcpy(temp,pathname);
+
+	if(!lp_msdfs_root(SNUM(conn)) )
+		return False;
+
+	parse_dfs_path(pathname,&dp);
+
+	if(global_myname && (strcasecmp(global_myname,dp.hostname)!=0))
+		return False;
+
+	/* check if need to redirect */
+	fstrcpy(path, conn->connectpath);
+	fstrcat(path, "/");
+	fstrcat(path, dp.volumename);
+	if(is_msdfs_link(conn, path)) {
+		DEBUG(4,("dfs_redirect: Redirecting %s\n",temp));
+		return True;
+	} else {
+		create_nondfs_path(pathname,&dp);
+		DEBUG(4,("dfs_redirect: Not redirecting %s. Converted to non-dfs pathname \'%s\'\n",
+				temp,pathname));
+		return False;
+	}
 }
 
 /*
@@ -316,450 +329,434 @@ BOOL dfs_redirect(char* pathname, connection_struct* conn)
   If the findfirst is for the dfs junction, then no redirection,
   if it is for the underlying directory contents, redirect.
   */
+
 BOOL dfs_findfirst_redirect(char* pathname, connection_struct* conn)
 {
-  struct dfs_path dp;
+	struct dfs_path dp;
   
-  pstring temp;
-
-  pstrcpy(temp,pathname);
-
-  /* Is the path Dfs-redirectable? */
-  if(!dfs_redirect(temp,conn))
-    {
-      pstrcpy(pathname,temp);
-      return False;
-    }
-
-  parse_dfs_path(pathname,&dp);
-  DEBUG(8,("dfs_findfirst_redirect: path %s is in Dfs. dp.restofthepath=.%s.\n",pathname,dp.restofthepath));
-  if(*(dp.restofthepath))
-    return True;
-  else
-    {
-      create_nondfs_path(pathname,&dp);
-      return False;
-    }
+	pstring temp;
+
+	pstrcpy(temp,pathname);
+
+	/* Is the path Dfs-redirectable? */
+	if(!dfs_redirect(temp,conn)) {
+		pstrcpy(pathname,temp);
+		return False;
+	}
+
+	parse_dfs_path(pathname,&dp);
+	DEBUG(8,("dfs_findfirst_redirect: path %s is in Dfs. dp.restofthepath=.%s.\n",
+				pathname,dp.restofthepath));
+	if(!(*(dp.restofthepath))) {
+		create_nondfs_path(pathname,&dp);
+		return False;
+	}
+
+	return True;
 }
 
 static int setup_ver2_dfs_referral(char* pathname, char** ppdata, 
 				   struct junction_map* junction,
 				   BOOL self_referral)
 {
-  char* pdata = *ppdata;
-
-  unsigned char uni_requestedpath[1024];
-  int uni_reqpathoffset1,uni_reqpathoffset2;
-  int uni_curroffset;
-  int requestedpathlen=0;
-  int offset;
-  int reply_size = 0;
-  int i=0;
-
-  DEBUG(10,("setting up version2 referral\nRequested path:\n"));
-
-  requestedpathlen = (dos_struni2(uni_requestedpath,pathname,512)+1)*2;
-
-  dump_data(10,uni_requestedpath,requestedpathlen);
-
-  DEBUG(10,("ref count = %u\n",junction->referral_count));
-
-  uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + 
-    VERSION2_REFERRAL_SIZE * junction->referral_count;
-
-  uni_reqpathoffset2 = uni_reqpathoffset1 + requestedpathlen;
-
-  uni_curroffset = uni_reqpathoffset2 + requestedpathlen;
-
-  reply_size = REFERRAL_HEADER_SIZE + VERSION2_REFERRAL_SIZE*junction->referral_count +
-    2 * requestedpathlen;
-  DEBUG(10,("reply_size: %u\n",reply_size));
-
-  /* add up the unicode lengths of all the referral paths */
-  for(i=0;i<junction->referral_count;i++)
-    {
-      DEBUG(10,("referral %u : %s\n",i,junction->referral_list[i].alternate_path));
-      reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
-    }
-
-  DEBUG(10,("reply_size = %u\n",reply_size));
-  /* add the unexplained 0x16 bytes */
-  reply_size += 0x16;
-
-  pdata = *ppdata = Realloc(pdata,reply_size);
-  if(pdata == NULL)
-    {
-      DEBUG(0,("malloc failed for Realloc!\n"));
-      return -1;
-    }
-
-  /* copy in the dfs requested paths.. required for offset calculations */
-  memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen);
-  memcpy(pdata+uni_reqpathoffset2,uni_requestedpath,requestedpathlen);
-
-
-  /* create the header */
-  SSVAL(pdata,0,requestedpathlen-2); /* path consumed */
-  SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */
-  if(self_referral)
-    SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); 
-  else
-    SIVAL(pdata,4,DFSREF_STORAGE_SERVER);
-
-  offset = 8;
-  /* add the referral elements */
-  for(i=0;i<junction->referral_count;i++)
-    {
-      struct referral* ref = &(junction->referral_list[i]);
-      int unilen;
-
-      SSVAL(pdata,offset,2); /* version 2 */
-      SSVAL(pdata,offset+2,VERSION2_REFERRAL_SIZE);
-      if(self_referral)
-	SSVAL(pdata,offset+4,1);
-      else
-	SSVAL(pdata,offset+4,0);
-      SSVAL(pdata,offset+6,0); /* ref_flags :use path_consumed bytes? */
-      SIVAL(pdata,offset+8,ref->proximity);
-      SIVAL(pdata,offset+12,ref->ttl);
-	    
-      SSVAL(pdata,offset+16,uni_reqpathoffset1-offset);
-      SSVAL(pdata,offset+18,uni_reqpathoffset2-offset);
-      /* copy referred path into current offset */
-      unilen = (dos_struni2(pdata+uni_curroffset,ref->alternate_path,512)
-		+1)*2;
-      SSVAL(pdata,offset+20,uni_curroffset-offset);
-	    
-      uni_curroffset += unilen;
-      offset += VERSION2_REFERRAL_SIZE;
-    }
-  /* add in the unexplained 22 (0x16) bytes at the end */
-  memset(pdata+uni_curroffset,'\0',0x16);
-  free(junction->referral_list);
-  return reply_size;
+	char* pdata = *ppdata;
+
+	unsigned char uni_requestedpath[1024];
+	int uni_reqpathoffset1,uni_reqpathoffset2;
+	int uni_curroffset;
+	int requestedpathlen=0;
+	int offset;
+	int reply_size = 0;
+	int i=0;
+
+	DEBUG(10,("setting up version2 referral\nRequested path:\n"));
+
+	requestedpathlen = (dos_struni2(uni_requestedpath,pathname,512)+1)*2;
+
+	dump_data(10,uni_requestedpath,requestedpathlen);
+
+	DEBUG(10,("ref count = %u\n",junction->referral_count));
+
+	uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + 
+			VERSION2_REFERRAL_SIZE * junction->referral_count;
+
+	uni_reqpathoffset2 = uni_reqpathoffset1 + requestedpathlen;
+
+	uni_curroffset = uni_reqpathoffset2 + requestedpathlen;
+
+	reply_size = REFERRAL_HEADER_SIZE + VERSION2_REFERRAL_SIZE*junction->referral_count +
+					2 * requestedpathlen;
+	DEBUG(10,("reply_size: %u\n",reply_size));
+
+	/* add up the unicode lengths of all the referral paths */
+	for(i=0;i<junction->referral_count;i++) {
+		DEBUG(10,("referral %u : %s\n",i,junction->referral_list[i].alternate_path));
+		reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
+	}
+
+	DEBUG(10,("reply_size = %u\n",reply_size));
+	/* add the unexplained 0x16 bytes */
+	reply_size += 0x16;
+
+	pdata = *ppdata = Realloc(pdata,reply_size);
+	if(pdata == NULL) {
+		DEBUG(0,("malloc failed for Realloc!\n"));
+		return -1;
+	}
+
+	/* copy in the dfs requested paths.. required for offset calculations */
+	memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen);
+	memcpy(pdata+uni_reqpathoffset2,uni_requestedpath,requestedpathlen);
+
+	/* create the header */
+	SSVAL(pdata,0,requestedpathlen-2); /* path consumed */
+	SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */
+	if(self_referral)
+		SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); 
+	else
+		SIVAL(pdata,4,DFSREF_STORAGE_SERVER);
+
+	offset = 8;
+	/* add the referral elements */
+	for(i=0;i<junction->referral_count;i++) {
+		struct referral* ref = &(junction->referral_list[i]);
+		int unilen;
+
+		SSVAL(pdata,offset,2); /* version 2 */
+		SSVAL(pdata,offset+2,VERSION2_REFERRAL_SIZE);
+		if(self_referral)
+			SSVAL(pdata,offset+4,1);
+		else
+			SSVAL(pdata,offset+4,0);
+		SSVAL(pdata,offset+6,0); /* ref_flags :use path_consumed bytes? */
+		SIVAL(pdata,offset+8,ref->proximity);
+		SIVAL(pdata,offset+12,ref->ttl);
+
+		SSVAL(pdata,offset+16,uni_reqpathoffset1-offset);
+		SSVAL(pdata,offset+18,uni_reqpathoffset2-offset);
+		/* copy referred path into current offset */
+		unilen = (dos_struni2(pdata+uni_curroffset,ref->alternate_path,512) +1)*2;
+		SSVAL(pdata,offset+20,uni_curroffset-offset);
+
+		uni_curroffset += unilen;
+		offset += VERSION2_REFERRAL_SIZE;
+	}
+	/* add in the unexplained 22 (0x16) bytes at the end */
+	memset(pdata+uni_curroffset,'\0',0x16);
+	free(junction->referral_list);
+	return reply_size;
 }
 
 static int setup_ver3_dfs_referral(char* pathname, char** ppdata, 
 				   struct junction_map* junction,
 				   BOOL self_referral)
 {
-  char* pdata = *ppdata;
+	char* pdata = *ppdata;
 
-  unsigned char uni_reqpath[1024];
-  int uni_reqpathoffset1, uni_reqpathoffset2;
-  int uni_curroffset;
-  int reply_size = 0;
+	unsigned char uni_reqpath[1024];
+	int uni_reqpathoffset1, uni_reqpathoffset2;
+	int uni_curroffset;
+	int reply_size = 0;
 
-  int reqpathlen = 0;
-  int offset,i=0;
+	int reqpathlen = 0;
+	int offset,i=0;
 	
-  DEBUG(10,("setting up version3 referral\n"));
+	DEBUG(10,("setting up version3 referral\n"));
 
-  reqpathlen = (dos_struni2(uni_reqpath,pathname,512)+1)*2;
+	reqpathlen = (dos_struni2(uni_reqpath,pathname,512)+1)*2;
 	
-  dump_data(10,uni_reqpath,reqpathlen);
-
-  uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + VERSION3_REFERRAL_SIZE *
-    junction->referral_count;
-  uni_reqpathoffset2 = uni_reqpathoffset1 + reqpathlen;
-  reply_size = uni_curroffset = uni_reqpathoffset2 + reqpathlen;
-
-  for(i=0;i<junction->referral_count;i++)
-    {
-      DEBUG(10,("referral %u : %s\n",i,junction->referral_list[i].alternate_path));
-      reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
-    }
-
-  pdata = *ppdata = Realloc(pdata,reply_size);
-  if(pdata == NULL)
-    {
-      DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
-      return -1;
-    }
+	dump_data(10,uni_reqpath,reqpathlen);
+
+	uni_reqpathoffset1 = REFERRAL_HEADER_SIZE + VERSION3_REFERRAL_SIZE * junction->referral_count;
+	uni_reqpathoffset2 = uni_reqpathoffset1 + reqpathlen;
+	reply_size = uni_curroffset = uni_reqpathoffset2 + reqpathlen;
+
+	for(i=0;i<junction->referral_count;i++) {
+		DEBUG(10,("referral %u : %s\n",i,junction->referral_list[i].alternate_path));
+		reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
+	}
+
+	pdata = *ppdata = Realloc(pdata,reply_size);
+	if(pdata == NULL) {
+		DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
+		return -1;
+	}
 	
-  /* create the header */
-  SSVAL(pdata,0,reqpathlen-2); /* path consumed */
-  SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */
-  if(self_referral)
-    SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); 
-  else
-    SIVAL(pdata,4,DFSREF_STORAGE_SERVER);
+	/* create the header */
+	SSVAL(pdata,0,reqpathlen-2); /* path consumed */
+	SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */
+	if(self_referral)
+		SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); 
+	else
+		SIVAL(pdata,4,DFSREF_STORAGE_SERVER);
 	
-  /* copy in the reqpaths */
-  memcpy(pdata+uni_reqpathoffset1,uni_reqpath,reqpathlen);
-  memcpy(pdata+uni_reqpathoffset2,uni_reqpath,reqpathlen);
+	/* copy in the reqpaths */
+	memcpy(pdata+uni_reqpathoffset1,uni_reqpath,reqpathlen);
+	memcpy(pdata+uni_reqpathoffset2,uni_reqpath,reqpathlen);
 	
-  offset = 8;
-  for(i=0;i<junction->referral_count;i++)
-    {
-      struct referral* ref = &(junction->referral_list[i]);
-      int unilen;
-
-      SSVAL(pdata,offset,3); /* version 3 */
-      SSVAL(pdata,offset+2,VERSION3_REFERRAL_SIZE);
-      if(self_referral)
-	SSVAL(pdata,offset+4,1);
-      else
-	SSVAL(pdata,offset+4,0);
-
-      SSVAL(pdata,offset+6,0); /* ref_flags :use path_consumed bytes? */
-      SIVAL(pdata,offset+8,ref->ttl);
+	offset = 8;
+	for(i=0;i<junction->referral_count;i++) {
+		struct referral* ref = &(junction->referral_list[i]);
+		int unilen;
+
+		SSVAL(pdata,offset,3); /* version 3 */
+		SSVAL(pdata,offset+2,VERSION3_REFERRAL_SIZE);
+		if(self_referral)
+			SSVAL(pdata,offset+4,1);
+		else
+			SSVAL(pdata,offset+4,0);
+
+		SSVAL(pdata,offset+6,0); /* ref_flags :use path_consumed bytes? */
+		SIVAL(pdata,offset+8,ref->ttl);
 	    
-      SSVAL(pdata,offset+12,uni_reqpathoffset1-offset);
-      SSVAL(pdata,offset+14,uni_reqpathoffset2-offset);
-      /* copy referred path into current offset */
-      unilen = (dos_struni2(pdata+uni_curroffset,ref->alternate_path,512)
-		+1)*2;
-      SSVAL(pdata,offset+16,uni_curroffset-offset);
-      /* copy 0x10 bytes of 00's in the ServiceSite GUID */
-      memset(pdata+offset+18,'\0',16);
-
-      uni_curroffset += unilen;
-      offset += VERSION3_REFERRAL_SIZE;
-    }
-  free(junction->referral_list);
-  return reply_size;
+		SSVAL(pdata,offset+12,uni_reqpathoffset1-offset);
+		SSVAL(pdata,offset+14,uni_reqpathoffset2-offset);
+		/* copy referred path into current offset */
+		unilen = (dos_struni2(pdata+uni_curroffset,ref->alternate_path,512) +1)*2;
+		SSVAL(pdata,offset+16,uni_curroffset-offset);
+		/* copy 0x10 bytes of 00's in the ServiceSite GUID */
+		memset(pdata+offset+18,'\0',16);
+
+		uni_curroffset += unilen;
+		offset += VERSION3_REFERRAL_SIZE;
+	}
+	free(junction->referral_list);
+	return reply_size;
 }
 
-
-
 /******************************************************************
  * Set up the Dfs referral for the dfs pathname
  ******************************************************************/
-int setup_dfs_referral(char* pathname, int max_referral_level, 
-			char** ppdata)
+
+int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata)
 {
-  struct junction_map junction;
+	struct junction_map junction;
 
-  BOOL self_referral;
+	BOOL self_referral;
 
-  int reply_size = 0;
+	int reply_size = 0;
 
-  ZERO_STRUCT(junction);
+	ZERO_STRUCT(junction);
 
-  if(!create_junction(pathname, &junction))
-    return -1;
+	if(!create_junction(pathname, &junction))
+		return -1;
 
-  /* get the junction entry */
-  if(!get_referred_path(&junction))
-    {
+	/* get the junction entry */
+	if(!get_referred_path(&junction)) {
+    
+		/* refer the same pathname, create a standard referral struct */
+		struct referral* ref;
+		self_referral = True;
+		junction.referral_count = 1;
+		if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) {
+			DEBUG(0,("malloc failed for referral\n"));
+			return -1;
+		}
       
-      /* refer the same pathname, create a standard referral struct */
-      struct referral* ref;
-      self_referral = True;
-      junction.referral_count = 1;
-      if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL)
-	{
-	  DEBUG(0,("malloc failed for referral\n"));
-	  return -1;
+		pstrcpy(ref->alternate_path,pathname);
+		ref->proximity = 0;
+		ref->ttl = REFERRAL_TTL;
+		junction.referral_list = ref;
+	} else {
+		self_referral = False;
+		if( DEBUGLVL( 3 ) ) {
+			int i=0;
+			dbgtext("setup_dfs_referral: Path %s to alternate path(s):",pathname);
+			for(i=0;i<junction.referral_count;i++)
+				dbgtext(" %s",junction.referral_list[i].alternate_path);
+			dbgtext(".\n");
+		}
 	}
       
-      pstrcpy(ref->alternate_path,pathname);
-      ref->proximity = 0;
-      ref->ttl = REFERRAL_TTL;
-      junction.referral_list = ref;
-    }
-  else
-    {
-      self_referral = False;
-      if( DEBUGLVL( 3 ) )
-	{
-	  int i=0;
-	  dbgtext("setup_dfs_referral: Path %s to alternate path(s):",pathname);
-	  for(i=0;i<junction.referral_count;i++)
-	    dbgtext(" %s",junction.referral_list[i].alternate_path);
-	  dbgtext(".\n");
+	/* create the referral depeding on version */
+	DEBUG(10,("max_referral_level :%d\n",max_referral_level));
+	if(max_referral_level<2 || max_referral_level>3)
+		max_referral_level = 2;
+
+	switch(max_referral_level) {
+	case 2:
+		{
+		reply_size = setup_ver2_dfs_referral(pathname, ppdata, &junction, self_referral);
+		break;
+		}
+	case 3:
+		{
+		reply_size = setup_ver3_dfs_referral(pathname, ppdata, &junction, self_referral);
+		break;
+		}
+	default:
+		{
+		DEBUG(0,("setup_dfs_referral: Invalid dfs referral version: %d\n", max_referral_level));
+		return -1;
+		}
 	}
-    }
       
-  /* create the referral depeding on version */
-  DEBUG(10,("max_referral_level :%d\n",max_referral_level));
-  if(max_referral_level<2 || max_referral_level>3) max_referral_level = 2;
-
-  switch(max_referral_level)
-    {
-    case 2:
-      {
-	reply_size = setup_ver2_dfs_referral(pathname, ppdata, &junction,
-					     self_referral);
-	break;
-      }
-    case 3:
-      {
-	reply_size = setup_ver3_dfs_referral(pathname, ppdata, &junction,
-					     self_referral);
-	break;
-      }
-    default:
-      {
-	DEBUG(0,("setup_dfs_referral: Invalid dfs referral version: %d\n", 
-		 max_referral_level));
-	return -1;
-      }
-    }
-      
-  DEBUG(10,("DFS Referral pdata:\n"));
-  dump_data(10,*ppdata,reply_size);
-  return reply_size;
+	DEBUG(10,("DFS Referral pdata:\n"));
+	dump_data(10,*ppdata,reply_size);
+	return reply_size;
 }
 
 int dfs_path_error(char* inbuf, char* outbuf)
 {
-  enum remote_arch_types ra_type = get_remote_arch();
-  BOOL NT_arch = ((ra_type==RA_WINNT) || (ra_type == RA_WIN2K));
-  if(NT_arch && (global_client_caps & (CAP_NT_SMBS | CAP_STATUS32)) )
-    {
-      SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
-      return(ERROR(0,0xc0000000|NT_STATUS_PATH_NOT_COVERED));
-    }
-  return(ERROR(ERRSRV,ERRbadpath)); 
+	enum remote_arch_types ra_type = get_remote_arch();
+	BOOL NT_arch = ((ra_type==RA_WINNT) || (ra_type == RA_WIN2K));
+	if(NT_arch && (global_client_caps & (CAP_NT_SMBS | CAP_STATUS32)) ) {
+		SSVAL(outbuf,smb_flg2,SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+		return(ERROR(0,0xc0000000|NT_STATUS_PATH_NOT_COVERED));
+	}
+	return(ERROR(ERRSRV,ERRbadpath)); 
 }
 
 /**********************************************************************
  The following functions are called by the NETDFS RPC pipe functions
  **********************************************************************/
+
 BOOL create_msdfs_link(struct junction_map* jn, BOOL exists)
 {
-  pstring path;
-  pstring msdfs_link;
-  int i=0;
-
-  if(!form_path_from_junction(jn, path, sizeof(path)))
-    return False;
+	pstring path;
+	pstring msdfs_link;
+	connection_struct conns;
+ 	connection_struct *conn = &conns;
+	int i=0;
+
+	if(!form_path_from_junction(jn, path, sizeof(path), conn))
+		return False;
   
-  /* form the msdfs_link contents */
-  pstrcpy(msdfs_link, "msdfs:");
-  for(i=0; i<jn->referral_count; i++)
-    {
-      char* refpath = jn->referral_list[i].alternate_path;
+	/* form the msdfs_link contents */
+	pstrcpy(msdfs_link, "msdfs:");
+	for(i=0; i<jn->referral_count; i++) {
+		char* refpath = jn->referral_list[i].alternate_path;
       
-      trim_string(refpath, "\\", "\\");
-      if(*refpath == '\0')
-	continue;
+		trim_string(refpath, "\\", "\\");
+		if(*refpath == '\0')
+			continue;
       
-      if(i>0)
-	pstrcat(msdfs_link, ",");
+		if(i>0)
+			pstrcat(msdfs_link, ",");
       
-      pstrcat(msdfs_link, refpath);
-    }
-
-  DEBUG(5,("create_msdfs_link: Creating new msdfs link: %s -> %s\n",
-	   path, msdfs_link));
-
-  if(exists)
-    if(unlink(path)!=0)
-      return False;
-
-  if(symlink(msdfs_link, path) < 0)
-    {
-      DEBUG(1,("create_msdfs_link: symlink failed %s -> %s\nError: %s\n", 
-	       path, msdfs_link, strerror(errno)));
-      return False;
-    }
-  return True;
+		pstrcat(msdfs_link, refpath);
+	}
+
+	DEBUG(5,("create_msdfs_link: Creating new msdfs link: %s -> %s\n", path, msdfs_link));
+
+	if(exists)
+		if(conn->vfs_ops.unlink(conn,path)!=0)
+			return False;
+
+	if(conn->vfs_ops.symlink(conn, msdfs_link, path) < 0) {
+		DEBUG(1,("create_msdfs_link: symlink failed %s -> %s\nError: %s\n", 
+				path, msdfs_link, strerror(errno)));
+		return False;
+	}
+	return True;
 }
 
 BOOL remove_msdfs_link(struct junction_map* jn)
 {
-  pstring path;
+	pstring path;
+	connection_struct conns;
+ 	connection_struct *conn = &conns;
 
-  if(!form_path_from_junction(jn, path, sizeof(path)))
-    return False;
+	if(!form_path_from_junction(jn, path, sizeof(path), conn))
+		return False;
      
-  if(unlink(path)!=0)
-    return False;
+	if(conn->vfs_ops.unlink(conn, path)!=0)
+		return False;
   
-  return True;
+	return True;
 }
 
 static BOOL form_junctions(int snum, struct junction_map* jn, int* jn_count)
 {
-  int cnt = *jn_count;
-  DIR *dirp;
-  char* dname;
-
-  char* connect_path = lp_pathname(snum);
-  char* service_name = lp_servicename(snum);
+	int cnt = *jn_count;
+	DIR *dirp;
+	char* dname;
+	pstring connect_path;
+	char* service_name = lp_servicename(snum);
+	connection_struct conns;
+	connection_struct *conn = &conns;
  
-  if(*connect_path == '\0')
-    return False;
-
-  /* form a junction for the msdfs root - convention */ 
-  /*
-    pstrpcy(jn[cnt].service_name, service_name);
-    jn[cnt].volume_name[0] = '\0';
-    jn[cnt].referral_count = 1;
+	pstrcpy(connect_path,lp_pathname(snum));
+
+	if(*connect_path == '\0')
+		return False;
+
+	/*
+	 * Fake up a connection struct for the VFS layer.
+	 */
+
+	if (!create_conn_struct(conn, snum, connect_path))
+		return False;
+
+	/* form a junction for the msdfs root - convention */ 
+	/*
+		pstrpcy(jn[cnt].service_name, service_name);
+		jn[cnt].volume_name[0] = '\0';
+		jn[cnt].referral_count = 1;
   
-    slprintf(alt_path,sizeof(alt_path)-1"\\\\%s\\%s", global_myname, service_name);
-    jn[cnt].referral_l
-    */
-
-  dirp = opendir(connect_path);
-  if(!dirp)
-    return False;
-
-  while((dname = readdirname(dirp)) != NULL)
-    {
-      SMB_STRUCT_STAT st;
-      pstring pathreal;
-      fstring buf;
-      int buflen = 0;
-      pstrcpy(pathreal, connect_path);
-      pstrcat(pathreal, "/");
-      pstrcat(pathreal, dname);
+		slprintf(alt_path,sizeof(alt_path)-1"\\\\%s\\%s", global_myname, service_name);
+		jn[cnt].referral_l
+	*/
+
+	dirp = conn->vfs_ops.opendir(conn, dos_to_unix(connect_path,False));
+	if(!dirp)
+		return False;
+
+	while((dname = vfs_readdirname(conn, dirp)) != NULL) {
+		SMB_STRUCT_STAT st;
+		pstring pathreal;
+		fstring buf;
+		int buflen = 0;
+		pstrcpy(pathreal, connect_path);
+		pstrcat(pathreal, "/");
+		pstrcat(pathreal, dname);
  
-      if(lstat(pathreal,&st) != 0)
-	{
-	  DEBUG(4,("lstat error for %s: %s\n",pathreal, strerror(errno)));
-	  continue;
+		if(conn->vfs_ops.lstat(conn,pathreal,&st) != 0) {
+			DEBUG(4,("lstat error for %s: %s\n",pathreal, strerror(errno)));
+			continue;
+		}
+		if(S_ISLNK(st.st_mode)) {
+			buflen = conn->vfs_ops.readlink(conn, dos_to_unix(pathreal,False), buf, sizeof(fstring));
+			buf[buflen] = '\0';
+			if(parse_symlink(buf, &(jn[cnt].referral_list), &(jn[cnt].referral_count))) {
+				pstrcpy(jn[cnt].service_name, service_name);
+				pstrcpy(jn[cnt].volume_name, dname);
+				cnt++;
+			}
+		}
 	}
-     if(S_ISLNK(st.st_mode))
-       {
-	 buflen = readlink(pathreal, buf, sizeof(fstring));
-	 buf[buflen] = '\0';
-	 if(parse_symlink(buf, &(jn[cnt].referral_list),
-			  &(jn[cnt].referral_count)))
-	   {
-	     pstrcpy(jn[cnt].service_name, service_name);
-	     pstrcpy(jn[cnt].volume_name, dname);
-	     cnt++;
-	   }
-       }
-    }
   
-  closedir(dirp);
-  *jn_count = cnt;
-  return True;
+	conn->vfs_ops.closedir(conn,dirp);
+	*jn_count = cnt;
+	return True;
 }
 
 int enum_msdfs_links(struct junction_map* jn)
 {
-  int i=0;
-  int jn_count = 0;
-
-  if(!lp_host_msdfs())
-    return -1;
-
-  for(i=0;*lp_servicename(i);i++)
-    {
-      if(lp_msdfs_root(i)) 
-	  form_junctions(i,jn,&jn_count);
-    }
-  return jn_count;
+	int i=0;
+	int jn_count = 0;
+
+	if(!lp_host_msdfs())
+		return -1;
+
+	for(i=0;*lp_servicename(i);i++) {
+		if(lp_msdfs_root(i)) 
+			form_junctions(i,jn,&jn_count);
+	}
+	return jn_count;
 }
 
 
 #else
 /* Stub functions if WITH_MSDFS not defined */
-int setup_dfs_referral(char* pathname, int max_referral_level, 
-		       char** ppdata)
+ int setup_dfs_referral(char* pathname, int max_referral_level, char** ppdata)
 {
-  return -1;
+	return -1;
 }
 
-BOOL is_msdfs_link(connection_struct* conn, char* path)
+ BOOL is_msdfs_link(connection_struct* conn, char* path)
 {
-  return False;
+	return False;
 }
 
 #endif
diff --git a/source/nmbd/nmbd.c b/source/nmbd/nmbd.c
index 46f6056e7c0..2fab8f6bc7b 100644
--- a/source/nmbd/nmbd.c
+++ b/source/nmbd/nmbd.c
@@ -83,7 +83,7 @@ static void sig_term(int sig)
 /**************************************************************************** **
  catch a sighup
  **************************************************************************** */
-static VOLATILE SIG_ATOMIC_T reload_after_sighup = False;
+static VOLATILE sig_atomic_t reload_after_sighup = False;
 
 static void sig_hup(int sig)
 {
@@ -460,7 +460,9 @@ static void process(void)
      * This will only work to a Samba WINS server.
      * (nmbd_browsesync.c)
      */
-    collect_all_workgroup_names_from_wins_server(t);
+    if (lp_enhanced_browsing()) {
+	    collect_all_workgroup_names_from_wins_server(t);
+    }
 
     /*
      * Go through the response record queue and time out or re-transmit
@@ -477,7 +479,9 @@ static void process(void)
     /*
      * regularly sync with any other DMBs we know about 
      */
-    sync_all_dmbs(t);
+    if (lp_enhanced_browsing()) {
+	    sync_all_dmbs(t);
+    }
 
     /*
      * clear the unexpected packet queue 
diff --git a/source/nmbd/nmbd_namequery.c b/source/nmbd/nmbd_namequery.c
index 57baa4cb2f0..61435c14f55 100644
--- a/source/nmbd/nmbd_namequery.c
+++ b/source/nmbd/nmbd_namequery.c
@@ -30,8 +30,9 @@ extern int DEBUGLEVEL;
  Deal with a response packet when querying a name.
 ****************************************************************************/
 
-static void query_name_response(struct subnet_record *subrec,
-                       struct response_record *rrec, struct packet_struct *p)
+static void query_name_response( struct subnet_record   *subrec,
+                                 struct response_record *rrec,
+                                 struct packet_struct   *p)
 {
   struct nmb_packet *nmb = &p->packet.nmb;
   BOOL success = False;
@@ -52,9 +53,14 @@ static void query_name_response(struct subnet_record *subrec,
     {
       /* WINS server is telling us to wait. Pretend we didn't get
          the response but don't send out any more query requests. */
-  
-      DEBUG(5,("query_name_response: WACK from WINS server %s in querying \
-name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(question_name), subrec->subnet_name));
+
+      if( DEBUGLVL( 5 ) )
+        {
+        dbgtext( "query_name_response: " );
+        dbgtext( "WACK from WINS server %s ", inet_ntoa(p->ip) );
+        dbgtext( "in querying name %s ", nmb_namestr(question_name) );
+        dbgtext( "on subnet %s.\n", subrec->subnet_name );
+        }
   
       rrec->repeat_count = 0;
       /* How long we should wait for. */
@@ -66,18 +72,26 @@ name %s on subnet %s.\n", inet_ntoa(p->ip), nmb_namestr(question_name), subrec->
     {
       success = False;
 
-      DEBUG(5,("query_name_response: On subnet %s - negative response \
-from IP %s for name %s. Error code was %d.\n", subrec->subnet_name, inet_ntoa(p->ip), 
-                      nmb_namestr(question_name), nmb->header.rcode));
+      if( DEBUGLVL( 5 ) )
+        {
+        dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+        dbgtext( "- negative response from IP %s ", inet_ntoa(p->ip) );
+        dbgtext( "for name %s. ", nmb_namestr(question_name) );
+        dbgtext( "Error code was %d.\n", nmb->header.rcode );
+        }
     }
     else
     {
       success = True;
 
       putip((char *)&answer_ip,&nmb->answers->rdata[2]);
-      DEBUG(5,("query_name_response: On subnet %s - positive response from IP %s \
-for name %s. IP of that name is %s\n", subrec->subnet_name, inet_ntoa(p->ip),
-                    nmb_namestr(question_name), inet_ntoa(answer_ip)));
+      if( DEBUGLVL( 5 ) )
+        {
+        dbgtext( "query_name_response: On subnet %s ", subrec->subnet_name );
+        dbgtext( "- positive response from IP %s ", inet_ntoa(p->ip) );
+        dbgtext( "for name %s.  ", nmb_namestr(question_name) );
+        dbgtext( "IP of that name is %s\n", inet_ntoa(answer_ip) );
+        }
 
       /* Interestingly, we could add these names to our namelists, and
          change nmbd to a model that checked its own name cache first,
@@ -87,10 +101,15 @@ for name %s. IP of that name is %s\n", subrec->subnet_name, inet_ntoa(p->ip),
   }
   else if( rrec->num_msgs > 1)
   {
-    DEBUG(0,("query_name_response: Multiple (%d) responses received for a query on \
-subnet %s for name %s. This response was from IP %s\n", 
-        rrec->num_msgs, subrec->subnet_name, nmb_namestr(question_name), 
-        inet_ntoa(p->ip) ));
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "query_name_response: " );
+      dbgtext( "Multiple (%d) responses ", rrec->num_msgs );
+      dbgtext( "received for a query on subnet %s ", subrec->subnet_name );
+      dbgtext( "for name %s.\nThis response ", nmb_namestr(question_name) );
+      dbgtext( "was from IP %s, reporting", inet_ntoa(p->ip) );
+      dbgtext( "an IP address of %s.\n", inet_ntoa(answer_ip) );
+      }
 
     /* We have already called the success or fail function, so we
        don't call again here. Leave the response record around in
@@ -128,9 +147,12 @@ static void query_name_timeout_response(struct subnet_record *subrec,
 
   if(failed)
   {
-    DEBUG(5,("query_name_timeout_response: No response to querying name %s on subnet %s.\n",
-        nmb_namestr(question_name), subrec->subnet_name));
-
+    if( DEBUGLVL( 5 ) )
+      {
+      dbgtext( "query_name_timeout_response: No response to " );
+      dbgtext( "query for name %s ", nmb_namestr(question_name) );
+      dbgtext( "on subnet %s.\n", subrec->subnet_name );
+      }
     if(rrec->fail_fn)
       (*rrec->fail_fn)(subrec, rrec, question_name, 0);
   }
@@ -201,8 +223,12 @@ BOOL query_name(struct subnet_record *subrec, char *name, int type,
     rrec.rdlength = namerec->data.num_ips * 6;
     if(rrec.rdlength > MAX_DGRAM_SIZE)
     {
-      DEBUG(0,("query_name: nmbd internal error - there are %d ip addresses for name %s.\n",
-               namerec->data.num_ips, nmb_namestr(&nmbname) ));
+      if( DEBUGLVL( 0 ) )
+        {
+        dbgtext( "query_name: nmbd internal error - " );
+        dbgtext( "there are %d ip addresses ", namerec->data.num_ips );
+        dbgtext( "for name %s.\n", nmb_namestr(&nmbname) );
+        }
       return False;
     }
 
@@ -226,8 +252,11 @@ BOOL query_name(struct subnet_record *subrec, char *name, int type,
         userdata,
         &nmbname) == NULL)
   {
-    DEBUG(0,("query_name: Failed to send packet trying to query name %s\n",
-          nmb_namestr(&nmbname)));
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "query_name: Failed to send packet " );
+      dbgtext( "trying to query name %s\n", nmb_namestr(&nmbname) );
+      }
     return True;
   }
   return False;
@@ -255,8 +284,11 @@ BOOL query_name_from_wins_server(struct in_addr ip_to,
         userdata,
         &nmbname) == NULL)
   {
-    DEBUG(0,("query_name_from_wins_server: Failed to send packet trying to query name %s\n",
-          nmb_namestr(&nmbname)));
+    if( DEBUGLVL( 0 ) )
+      {
+      dbgtext( "query_name_from_wins_server: Failed to send packet " );
+      dbgtext( "trying to query name %s\n", nmb_namestr(&nmbname) );
+      }
     return True;
   }
   return False;
diff --git a/source/nmbd/nmbd_packets.c b/source/nmbd/nmbd_packets.c
index 8b102985611..00059c1775e 100644
--- a/source/nmbd/nmbd_packets.c
+++ b/source/nmbd/nmbd_packets.c
@@ -107,12 +107,14 @@ static void debug_browse_data(char *outbuf, int len)
 
     for (j = 0; j < 16; j++)
     {
-      unsigned char x = outbuf[i+j];
+      unsigned char x;
+      if (i+j >= len)
+        break;
+
+      x = outbuf[i+j];
       if (x < 32 || x > 127) 
         x = '.';
 	    
-      if (i+j >= len)
-        break;
       DEBUGADD( 4, ( "%c", x ) );
     }
 
@@ -1263,14 +1265,21 @@ an error packet of type %x\n",
   len = SVAL(buf,smb_vwv11);
   buf2 = smb_base(buf) + SVAL(buf,smb_vwv12);
 
+  if (len <= 0)
+    return;
+
+  if (buf2 + len > buf + sizeof(dgram->data)) {
+    DEBUG(2,("process_dgram: datagram from %s to %s IP %s for %s len=%d too long.\n",
+		nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
+		inet_ntoa(p->ip), smb_buf(buf),len));
+	len = (buf + sizeof(dgram->data)) - buf;
+  }
+
   DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d\n",
 	   nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
 	   inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len));
 
  
-  if (len <= 0)
-    return;
-
   /* Datagram packet received for the browser mailslot */
   if (strequal(smb_buf(buf),BROWSE_MAILSLOT))
   {
diff --git a/source/nmbd/nmbd_synclists.c b/source/nmbd/nmbd_synclists.c
index 6105fb41650..23cbc01b889 100644
--- a/source/nmbd/nmbd_synclists.c
+++ b/source/nmbd/nmbd_synclists.c
@@ -51,7 +51,8 @@ static FILE *fp;
   This is the NetServerEnum callback.
   Note sname and comment are in UNIX codepage format.
   ******************************************************************/
-static void callback(const char *sname, uint32 stype, const char *comment)
+static void callback(const char *sname, uint32 stype, 
+                     const char *comment, void *state)
 {
 	fprintf(fp,"\"%s\" %08X \"%s\"\n", sname, stype, comment);
 }
@@ -106,8 +107,8 @@ static void sync_child(char *name, int nm_type,
 
 	/* Fetch a workgroup list. */
 	cli_NetServerEnum(&cli, unix_workgroup,
-			  local_type|SV_TYPE_DOMAIN_ENUM,
-			  callback);
+			  local_type|SV_TYPE_DOMAIN_ENUM, 
+			  callback, NULL);
 	
 	/* Now fetch a server list. */
 	if (servers) {
@@ -115,7 +116,7 @@ static void sync_child(char *name, int nm_type,
 		dos_to_unix(unix_workgroup, True);
 		cli_NetServerEnum(&cli, unix_workgroup, 
 				  local?SV_TYPE_LOCAL_LIST_ONLY:SV_TYPE_ALL,
-				  callback);
+				  callback, NULL);
 	}
 	
 	cli_shutdown(&cli);
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index ece504411b3..a8410f85086 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -19,8 +19,12 @@
 #define MODULE_NAME "pam_winbind"
 #define PAM_SM_AUTH
 #define PAM_SM_ACCOUNT
+#ifdef HAVE_SECURITY_PAM_MODULES_H
 #include <security/pam_modules.h>
+#endif
+#ifdef HAVE_SECURITY__PAM_MACROS_H
 #include <security/_pam_macros.h>
+#endif
 
 #define PAM_DEBUG_ARG (1<<0)
 #define PAM_USE_AUTHTOK_ARG (1<<1)
diff --git a/source/nsswitch/wb_client.c b/source/nsswitch/wb_client.c
index 746e5406bc8..71a21a97207 100644
--- a/source/nsswitch/wb_client.c
+++ b/source/nsswitch/wb_client.c
@@ -31,7 +31,7 @@ BOOL winbind_lookup_name(const char *name, DOM_SID *sid, enum SID_NAME_USE *name
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
-	enum nss_status result;
+	NSS_STATUS result;
 	
 	if (!sid || !name_type)
 		return False;
@@ -42,7 +42,7 @@ BOOL winbind_lookup_name(const char *name, DOM_SID *sid, enum SID_NAME_USE *name
 	ZERO_STRUCT(response);
 
 	fstrcpy(request.data.name, name);
-	if ((result = winbindd_request(WINBINDD_LOOKUPNAME, &request, 
+	if ((result = (NSS_STATUS)winbindd_request(WINBINDD_LOOKUPNAME, &request, 
 				       &response)) == NSS_STATUS_SUCCESS) {
 		string_to_sid(sid, response.data.sid.sid);
 		*name_type = (enum SID_NAME_USE)response.data.sid.type;
@@ -57,7 +57,7 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_N
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
-	enum nss_status result;
+	NSS_STATUS result;
 	fstring sid_str;
 	
 	/* Initialise request */
@@ -70,7 +70,7 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name, enum SID_N
 	
 	/* Make request */
 
-	result = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
+	result = (NSS_STATUS)winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
 
 	/* Copy out result */
 
diff --git a/source/nsswitch/wb_common.c b/source/nsswitch/wb_common.c
index 98a4b6758bc..243f05825b7 100644
--- a/source/nsswitch/wb_common.c
+++ b/source/nsswitch/wb_common.c
@@ -59,7 +59,7 @@ void init_response(struct winbindd_response *response)
 {
 	/* Initialise return value */
 
-	response->result = (enum winbindd_result)NSS_STATUS_UNAVAIL;
+	response->result = WINBINDD_ERROR;
 }
 
 /* Close established socket */
@@ -141,6 +141,7 @@ static int open_pipe_sock(void)
 	if (connect(established_socket, (struct sockaddr *)&sunaddr, 
 		    sizeof(sunaddr)) == -1) {
 		close_sock();
+		established_socket = -1;
 		return -1;
 	}
         
@@ -304,7 +305,7 @@ void free_response(struct winbindd_response *response)
 
 /* Handle simple types of requests */
 
-enum nss_status winbindd_request(int req_type, 
+NSS_STATUS winbindd_request(int req_type, 
 				 struct winbindd_request *request,
 				 struct winbindd_response *response)
 {
diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c
index cff2b8b69a0..f20e1b16144 100644
--- a/source/nsswitch/wbinfo.c
+++ b/source/nsswitch/wbinfo.c
@@ -28,7 +28,7 @@
 
 /* Prototypes from common.h - only needed #if TNG */
 
-enum nss_status winbindd_request(int req_type, 
+NSS_STATUS winbindd_request(int req_type, 
 				 struct winbindd_request *request,
 				 struct winbindd_response *response);
 
@@ -101,10 +101,11 @@ static BOOL wbinfo_check_secret(void)
 
         if (result) {
 
-                if (response.data.num_entries) {
+                if (response.data.num_entries == 0) {
                         printf("Secret is good\n");
                 } else {
-                        printf("Secret is bad\n");
+                        printf("Secret is bad\n0x%08x\n", 
+			       response.data.num_entries);
                 }
 
                 return True;
@@ -447,8 +448,8 @@ int main(int argc, char **argv)
 				return 1;
 			}
 			break;
-
-			/* Invalid option */
+				
+                      /* Invalid option */
 
 		default:
 			usage();
diff --git a/source/nsswitch/winbind_nss.c b/source/nsswitch/winbind_nss.c
index 78485aa05e3..04b576a7a53 100644
--- a/source/nsswitch/winbind_nss.c
+++ b/source/nsswitch/winbind_nss.c
@@ -25,11 +25,15 @@
 #include "winbind_nss_config.h"
 #include "winbindd_nss.h"
 
-/* prototypes from common.c */
+/* Prototypes from common.c */
+
 void init_request(struct winbindd_request *req,int rq_type);
+NSS_STATUS winbindd_request(int req_type, 
+				 struct winbindd_request *request,
+				 struct winbindd_response *response);
 int write_sock(void *buffer, int count);
 int read_reply(struct winbindd_response *response);
-
+void free_response(struct winbindd_response *response);
 
 /* Allocate some space from the nss static buffer.  The buffer and buflen
    are the pointers passed in by the C library to the _nss_ntdom_*
@@ -37,429 +41,810 @@ int read_reply(struct winbindd_response *response);
 
 static char *get_static(char **buffer, int *buflen, int len)
 {
-    char *result;
+	char *result;
 
-    /* Error check.  We return false if things aren't set up right, or
-       there isn't enough buffer space left. */
+	/* Error check.  We return false if things aren't set up right, or
+	   there isn't enough buffer space left. */
+	
+	if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
+		return NULL;
+	}
 
-    if ((buffer == NULL) || (buflen == NULL) || (*buflen < len)) {
-        return NULL;
-    }
+	/* Some architectures, like Sparc, need pointers aligned on 
+	   boundaries */
+#if _ALIGNMENT_REQUIRED
+	{
+		int mod = len % _MAX_ALIGNMENT;
+		if(mod != 0)
+			len += _MAX_ALIGNMENT - mod;
+	}
+#endif
 
-    /* Return an index into the static buffer */
+	/* Return an index into the static buffer */
 
-    result = *buffer;
-    *buffer += len;
-    *buflen -= len;
+	result = *buffer;
+	*buffer += len;
+	*buflen -= len;
 
-    return result;
+	return result;
 }
 
 /* I've copied the strtok() replacement function next_token() from
    lib/util_str.c as I really don't want to have to link in any other
    objects if I can possibly avoid it. */
 
-#ifdef strchr /* Aargh! This points at multibyte_strchr(). )-: */
-#undef strchr
-#endif
-
 static char *last_ptr = NULL;
 
 BOOL next_token(char **ptr, char *buff, char *sep, size_t bufsize)
 {
-    char *s;
-    BOOL quoted;
-    size_t len=1;
+	char *s;
+	BOOL quoted;
+	size_t len=1;
     
-    if (!ptr) ptr = &last_ptr;
-    if (!ptr) return(False);
+	if (!ptr) ptr = &last_ptr;
+	if (!ptr) return(False);
     
-    s = *ptr;
+	s = *ptr;
     
-    /* default to simple separators */
-    if (!sep) sep = " \t\n\r";
+	/* default to simple separators */
+	if (!sep) sep = " \t\n\r";
     
-    /* find the first non sep char */
-    while(*s && strchr(sep,*s)) s++;
+	/* find the first non sep char */
+	while(*s && strchr(sep,*s)) s++;
     
-    /* nothing left? */
-    if (! *s) return(False);
+	/* nothing left? */
+	if (! *s) return(False);
     
-    /* copy over the token */
-    for (quoted = False; 
-         len < bufsize && *s && (quoted || !strchr(sep,*s)); 
-         s++) {
-
-        if (*s == '\"') {
-            quoted = !quoted;
-        } else {
-            len++;
-            *buff++ = *s;
-        }
-    }
+	/* copy over the token */
+	for (quoted = False; 
+	     len < bufsize && *s && (quoted || !strchr(sep,*s)); 
+	     s++) {
+
+		if (*s == '\"') {
+			quoted = !quoted;
+		} else {
+			len++;
+			*buff++ = *s;
+		}
+	}
     
-    *ptr = (*s) ? s+1 : s;  
-    *buff = 0;
-    last_ptr = *ptr;
+	*ptr = (*s) ? s+1 : s;  
+	*buff = 0;
+	last_ptr = *ptr;
   
-    return(True);
-}
-
-
-/* handle simple types of requests */
-static enum nss_status generic_request(int req_type, 
-				       struct winbindd_request *request,
-				       struct winbindd_response *response)
-{
-	struct winbindd_request lrequest;
-	struct winbindd_response lresponse;
-
-	if (!response) response = &lresponse;
-	if (!request) request = &lrequest;
-	
-	/* Fill in request and send down pipe */
-	init_request(request, req_type);
-	
-	if (write_sock(request, sizeof(*request)) == -1) {
-		return NSS_STATUS_UNAVAIL;
-	}
-	
-	/* Wait for reply */
-	if (read_reply(response) == -1) {
-		return NSS_STATUS_UNAVAIL;
-	}
-
-	/* Copy reply data from socket */
-	if (response->result != WINBINDD_OK) {
-		return NSS_STATUS_NOTFOUND;
-	}
-	
-	return NSS_STATUS_SUCCESS;
+	return(True);
 }
 
 /* Fill a pwent structure from a winbindd_response structure.  We use
    the static data passed to us by libc to put strings and stuff in.
-   Return errno = ERANGE and NSS_STATUS_TRYAGAIN if we run out of
-   memory. */
+   Return NSS_STATUS_TRYAGAIN if we run out of memory. */
 
-static enum nss_status fill_pwent(struct passwd *result,
-				  struct winbindd_response *response,
-				  char **buffer, int *buflen, int *errnop)
+static NSS_STATUS fill_pwent(struct passwd *result,
+				  struct winbindd_pw *pw,
+				  char **buffer, int *buflen)
 {
-    struct winbindd_pw *pw = &response->data.pw;
-
-    /* User name */
+	/* User name */
 
-    if ((result->pw_name = 
-         get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
+	if ((result->pw_name = 
+	     get_static(buffer, buflen, strlen(pw->pw_name) + 1)) == NULL) {
 
-        /* Out of memory */
+		/* Out of memory */
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    strcpy(result->pw_name, pw->pw_name);
+	strcpy(result->pw_name, pw->pw_name);
 
-    /* Password */
+	/* Password */
 
-    if ((result->pw_passwd = 
-         get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
+	if ((result->pw_passwd = 
+	     get_static(buffer, buflen, strlen(pw->pw_passwd) + 1)) == NULL) {
 
-        /* Out of memory */
+		/* Out of memory */
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    strcpy(result->pw_passwd, pw->pw_passwd);
+	strcpy(result->pw_passwd, pw->pw_passwd);
         
-    /* [ug]id */
-
-    result->pw_uid = pw->pw_uid;
-    result->pw_gid = pw->pw_gid;
-
-    /* GECOS */
+	/* [ug]id */
 
-    if ((result->pw_gecos = 
-         get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
+	result->pw_uid = pw->pw_uid;
+	result->pw_gid = pw->pw_gid;
 
-        /* Out of memory */
+	/* GECOS */
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+	if ((result->pw_gecos = 
+	     get_static(buffer, buflen, strlen(pw->pw_gecos) + 1)) == NULL) {
 
-    strcpy(result->pw_gecos, pw->pw_gecos);
+		/* Out of memory */
 
-    /* Home directory */
-
-    if ((result->pw_dir = 
-         get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
-
-        /* Out of memory */
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+	strcpy(result->pw_gecos, pw->pw_gecos);
+	
+	/* Home directory */
+	
+	if ((result->pw_dir = 
+	     get_static(buffer, buflen, strlen(pw->pw_dir) + 1)) == NULL) {
 
-    strcpy(result->pw_dir, pw->pw_dir);
+		/* Out of memory */
 
-    /* Logon shell */
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    if ((result->pw_shell = 
-         get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
+	strcpy(result->pw_dir, pw->pw_dir);
 
-        /* Out of memory */
+	/* Logon shell */
+	
+	if ((result->pw_shell = 
+	     get_static(buffer, buflen, strlen(pw->pw_shell) + 1)) == NULL) {
+		
+		/* Out of memory */
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    strcpy(result->pw_shell, pw->pw_shell);
+	strcpy(result->pw_shell, pw->pw_shell);
 
-    return NSS_STATUS_SUCCESS;
+	return NSS_STATUS_SUCCESS;
 }
 
 /* Fill a grent structure from a winbindd_response structure.  We use
    the static data passed to us by libc to put strings and stuff in.
-   Return errno = ERANGE and NSS_STATUS_TRYAGAIN if we run out of
-   memory. */
+   Return NSS_STATUS_TRYAGAIN if we run out of memory. */
 
-static int fill_grent(struct group *result, 
-                      struct winbindd_response *response,
-                      char **buffer, int *buflen, int *errnop)
+static int fill_grent(struct group *result, struct winbindd_gr *gr,
+		      char *gr_mem, char **buffer, int *buflen)
 {
-    struct winbindd_gr *gr = &response->data.gr;
-    fstring name;
-    int i;
+	fstring name;
+	int i;
 
-    /* Group name */
+	/* Group name */
 
-    if ((result->gr_name =
-         get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
+	if ((result->gr_name =
+	     get_static(buffer, buflen, strlen(gr->gr_name) + 1)) == NULL) {
 
-        /* Out of memory */
+		/* Out of memory */
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
-
-    strcpy(result->gr_name, gr->gr_name);
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    /* Password */
+	strcpy(result->gr_name, gr->gr_name);
 
-    if ((result->gr_passwd =
-         get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
+	/* Password */
 
-        /* Out of memory */
+	if ((result->gr_passwd =
+	     get_static(buffer, buflen, strlen(gr->gr_passwd) + 1)) == NULL) {
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+		/* Out of memory */
+		
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    strcpy(result->gr_passwd, gr->gr_passwd);
+	strcpy(result->gr_passwd, gr->gr_passwd);
 
-    /* gid */
+	/* gid */
 
-    result->gr_gid = gr->gr_gid;
+	result->gr_gid = gr->gr_gid;
 
-    /* Group membership */
+	/* Group membership */
 
-    if ((gr->num_gr_mem < 0) || !response->extra_data) {
-        gr->num_gr_mem = 0;
-    }
+	if ((gr->num_gr_mem < 0) || !gr_mem) {
+		gr->num_gr_mem = 0;
+	}
 
-    if ((result->gr_mem = 
-         (char **)get_static(buffer, buflen, (gr->num_gr_mem + 1) * 
-                             sizeof(char *))) == NULL) {
+	if ((result->gr_mem = 
+	     (char **)get_static(buffer, buflen, (gr->num_gr_mem + 1) * 
+				 sizeof(char *))) == NULL) {
 
-        /* Out of memory */
+		/* Out of memory */
 
-        *errnop = ERANGE;
-        return NSS_STATUS_TRYAGAIN;
-    }
+		return NSS_STATUS_TRYAGAIN;
+	}
 
-    if (gr->num_gr_mem == 0) {
+	if (gr->num_gr_mem == 0) {
 
-        /* Group is empty */
+		/* Group is empty */
 
-        *(result->gr_mem) = NULL;
-        return NSS_STATUS_SUCCESS;
-    }
+		*(result->gr_mem) = NULL;
+		return NSS_STATUS_SUCCESS;
+	}
 
-    /* Start looking at extra data */
+	/* Start looking at extra data */
 
-    i = 0;
+	i = 0;
 
-    while(next_token(&response->extra_data, name, ",", sizeof(fstring))) {
+	while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
         
-        /* Allocate space for member */
+		/* Allocate space for member */
         
-        if (((result->gr_mem)[i] = 
-             get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
+		if (((result->gr_mem)[i] = 
+		     get_static(buffer, buflen, strlen(name) + 1)) == NULL) {
             
-            /* Out of memory */
+			/* Out of memory */
             
-            *errnop = ERANGE;
-            return NSS_STATUS_TRYAGAIN;
-        }        
+			return NSS_STATUS_TRYAGAIN;
+		}        
         
-        strcpy((result->gr_mem)[i], name);
-        i++;
-    }
+		strcpy((result->gr_mem)[i], name);
+		i++;
+	}
 
-    /* Terminate list */
+	/* Terminate list */
 
-    (result->gr_mem)[i] = NULL;
-    
-    return NSS_STATUS_SUCCESS;
+	(result->gr_mem)[i] = NULL;
+
+	return NSS_STATUS_SUCCESS;
 }
 
 /*
  * NSS user functions
  */
 
+static struct winbindd_response getpwent_response;
+
+static int ndx_pw_cache;                 /* Current index into pwd cache */
+static int num_pw_cache;                 /* Current size of pwd cache */
+
 /* Rewind "file pointer" to start of ntdom password database */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_setpwent(void)
 {
-	return generic_request(WINBINDD_SETPWENT, NULL, NULL);
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: setpwent\n", getpid());
+#endif
+
+	if (num_pw_cache > 0) {
+		ndx_pw_cache = num_pw_cache = 0;
+		free_response(&getpwent_response);
+	}
+
+	return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
 }
 
 /* Close ntdom password database "file pointer" */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_endpwent(void)
 {
-	return generic_request(WINBINDD_ENDPWENT, NULL, NULL);
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: endpwent\n", getpid());
+#endif
+
+	if (num_pw_cache > 0) {
+		ndx_pw_cache = num_pw_cache = 0;
+		free_response(&getpwent_response);
+	}
+
+	return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
 }
 
 /* Fetch the next password entry from ntdom password database */
 
-enum nss_status
+#define MAX_GETPWENT_USERS 250
+
+NSS_STATUS
 _nss_winbind_getpwent_r(struct passwd *result, char *buffer, 
-                      size_t buflen, int *errnop)
+			size_t buflen, int *errnop)
 {
-	enum nss_status ret;
-	struct winbindd_response response;
+	NSS_STATUS ret;
+	struct winbindd_request request;
+	static int called_again;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getpwent\n", getpid());
+#endif
+
+	/* Return an entry from the cache if we have one, or if we are
+	   called again because we exceeded our static buffer.  */
+
+	if ((ndx_pw_cache < num_pw_cache) || called_again) {
+		goto return_result;
+	}
+
+	/* Else call winbindd to get a bunch of entries */
+	
+	if (num_pw_cache > 0) {
+		free_response(&getpwent_response);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(getpwent_response);
+
+	request.data.num_entries = MAX_GETPWENT_USERS;
+
+	ret = winbindd_request(WINBINDD_GETPWENT, &request, 
+			       &getpwent_response);
+
+	if (ret == NSS_STATUS_SUCCESS) {
+		struct winbindd_pw *pw_cache;
+
+		/* Fill cache */
+
+		ndx_pw_cache = 0;
+		num_pw_cache = getpwent_response.data.num_entries;
 
-	ret = generic_request(WINBINDD_GETPWENT, NULL, &response);
-	if (ret != NSS_STATUS_SUCCESS) return ret;
+		/* Return a result */
 
-	return fill_pwent(result, &response, &buffer, &buflen, errnop);
+	return_result:
+
+		pw_cache = getpwent_response.extra_data;
+
+		/* Check data is valid */
+
+		if (pw_cache == NULL) {
+			return NSS_STATUS_NOTFOUND;
+		}
+
+		ret = fill_pwent(result, &pw_cache[ndx_pw_cache],
+				 &buffer, &buflen);
+		
+		/* Out of memory - try again */
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			called_again = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		*errnop = errno = 0;
+		called_again = False;
+		ndx_pw_cache++;
+
+		/* If we've finished with this lot of results free cache */
+
+		if (ndx_pw_cache == num_pw_cache) {
+			ndx_pw_cache = num_pw_cache = 0;
+			free_response(&getpwent_response);
+		}
+	}
+
+	return ret;
 }
 
 /* Return passwd struct from uid */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
-                      size_t buflen, int *errnop)
+			size_t buflen, int *errnop)
 {
-	enum nss_status ret;
-	struct winbindd_response response;
+	NSS_STATUS ret;
+	static struct winbindd_response response;
 	struct winbindd_request request;
+	static int keep_response=0;
+
+	/* If our static buffer needs to be expanded we are called again */
+	if (!keep_response) {
 
-	request.data.uid = uid;
+		/* Call for the first time */
 
-	ret = generic_request(WINBINDD_GETPWNAM_FROM_UID, &request, &response);
-	if (ret != NSS_STATUS_SUCCESS) return ret;
+		ZERO_STRUCT(response);
+		ZERO_STRUCT(request);
 
-	return fill_pwent(result, &response, &buffer, &buflen, errnop);
+		request.data.uid = uid;
+
+		ret = winbindd_request(WINBINDD_GETPWNAM_FROM_UID, &request, 
+				       &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+			ret = fill_pwent(result, &response.data.pw, 
+					 &buffer, &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+
+		/* We've been called again */
+
+		ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = errno = 0;
+	}
+
+	free_response(&response);
+	return ret;
 }
 
 /* Return passwd struct from username */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
-                      size_t buflen, int *errnop)
+			size_t buflen, int *errnop)
 {
-	enum nss_status ret;
-	struct winbindd_response response;
+	NSS_STATUS ret;
+	static struct winbindd_response response;
 	struct winbindd_request request;
+	static int keep_response;
 
-	strncpy(request.data.username, name, sizeof(request.data.username) - 1);
-	request.data.username[sizeof(request.data.username) - 1] = '\0';
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getpwnam %s\n", getpid(), name);
+#endif
 
-	ret = generic_request(WINBINDD_GETPWNAM_FROM_USER, &request, &response);
-	if (ret != NSS_STATUS_SUCCESS) return ret;
+	/* If our static buffer needs to be expanded we are called again */
 
-	return fill_pwent(result, &response, &buffer, &buflen, errnop);
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(response);
+		ZERO_STRUCT(request);
+
+		strncpy(request.data.username, name, 
+			sizeof(request.data.username) - 1);
+		request.data.username
+			[sizeof(request.data.username) - 1] = '\0';
+
+		ret = winbindd_request(WINBINDD_GETPWNAM_FROM_USER, &request, 
+				       &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+			ret = fill_pwent(result, &response.data.pw, &buffer,
+					 &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+
+		/* We've been called again */
+
+		ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = errno = 0;
+	}
+
+	free_response(&response);
+	return ret;
 }
 
 /*
  * NSS group functions
  */
 
+static struct winbindd_response getgrent_response;
+
+static int ndx_gr_cache;                 /* Current index into grp cache */
+static int num_gr_cache;                 /* Current size of grp cache */
+
 /* Rewind "file pointer" to start of ntdom group database */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_setgrent(void)
 {
-	return generic_request(WINBINDD_SETGRENT, NULL, NULL);
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: setgrent\n", getpid());
+#endif
+
+	if (num_gr_cache > 0) {
+		ndx_gr_cache = num_gr_cache = 0;
+		free_response(&getgrent_response);
+	}
+
+	return winbindd_request(WINBINDD_SETGRENT, NULL, NULL);
 }
 
 /* Close "file pointer" for ntdom group database */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_endgrent(void)
 {
-	return generic_request(WINBINDD_ENDGRENT, NULL, NULL);
-}
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: endgrent\n", getpid());
+#endif
 
+	if (num_gr_cache > 0) {
+		ndx_gr_cache = num_gr_cache = 0;
+		free_response(&getgrent_response);
+	}
 
+	return winbindd_request(WINBINDD_ENDGRENT, NULL, NULL);
+}
 
 /* Get next entry from ntdom group database */
 
-enum nss_status
+#define MAX_GETGRENT_USERS 250
+
+NSS_STATUS
 _nss_winbind_getgrent_r(struct group *result,
-                      char *buffer, size_t buflen, int *errnop)
+			char *buffer, size_t buflen, int *errnop)
 {
-	enum nss_status ret;
-	struct winbindd_response response;
+	NSS_STATUS ret;
+	static struct winbindd_request request;
+	static int called_again;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getgrent\n", getpid());
+#endif
+
+	/* Return an entry from the cache if we have one, or if we are
+	   called again because we exceeded our static buffer.  */
+
+	if ((ndx_gr_cache < num_gr_cache) || called_again) {
+		goto return_result;
+	}
+
+	/* Else call winbindd to get a bunch of entries */
+	
+	if (num_gr_cache > 0) {
+		free_response(&getgrent_response);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(getgrent_response);
+
+	request.data.num_entries = MAX_GETGRENT_USERS;
+
+	ret = winbindd_request(WINBINDD_GETGRENT, &request, 
+			       &getgrent_response);
+
+	if (ret == NSS_STATUS_SUCCESS) {
+		struct winbindd_gr *gr_cache;
+		int mem_ofs;
+
+		/* Fill cache */
+
+		ndx_gr_cache = 0;
+		num_gr_cache = getgrent_response.data.num_entries;
+
+		/* Return a result */
+
+	return_result:
+
+		gr_cache = getgrent_response.extra_data;
+
+		/* Check data is valid */
+
+		if (gr_cache == NULL) {
+			return NSS_STATUS_NOTFOUND;
+		}
+
+		/* Fill group membership.  The offset into the extra data
+		   for the group membership is the reported offset plus the
+		   size of all the winbindd_gr records returned. */
+
+		mem_ofs = gr_cache[ndx_gr_cache].gr_mem_ofs +
+			num_gr_cache * sizeof(struct winbindd_gr);
+
+		ret = fill_grent(result, &gr_cache[ndx_gr_cache],
+				 (char *)(getgrent_response.extra_data +
+					  mem_ofs), &buffer, &buflen);
+		
+		/* Out of memory - try again */
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			called_again = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		*errnop = 0;
+		called_again = False;
+		ndx_gr_cache++;
 
-	ret = generic_request(WINBINDD_GETGRENT, NULL, &response);
-	if (ret != NSS_STATUS_SUCCESS) return ret;
+		/* If we've finished with this lot of results free cache */
 
-	return fill_grent(result, &response, &buffer, &buflen, errnop);
+		if (ndx_gr_cache == num_gr_cache) {
+			ndx_gr_cache = num_gr_cache = 0;
+			free_response(&getgrent_response);
+		}
+	}
+
+	return ret;
 }
 
 /* Return group struct from group name */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_getgrnam_r(const char *name,
-                      struct group *result, char *buffer,
-                      size_t buflen, int *errnop)
+			struct group *result, char *buffer,
+			size_t buflen, int *errnop)
 {
-	enum nss_status ret;
-	struct winbindd_response response;
+	NSS_STATUS ret;
+	static struct winbindd_response response;
 	struct winbindd_request request;
+	static int keep_response;
+	
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getgrnam %s\n", getpid(), name);
+#endif
 
-	strncpy(request.data.groupname, name, sizeof(request.data.groupname));
-	request.data.groupname[sizeof(request.data.groupname) - 1] = '\0';
-
-	ret = generic_request(WINBINDD_GETGRNAM_FROM_GROUP, &request, &response);
-	if (ret != NSS_STATUS_SUCCESS) return ret;
+	/* If our static buffer needs to be expanded we are called again */
+	
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(request);
+		ZERO_STRUCT(response);
+
+		strncpy(request.data.groupname, name, 
+			sizeof(request.data.groupname));
+		request.data.groupname
+			[sizeof(request.data.groupname) - 1] = '\0';
+
+		ret = winbindd_request(WINBINDD_GETGRNAM_FROM_GROUP, 
+				       &request, &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+			ret = fill_grent(result, &response.data.gr, 
+					 response.extra_data,
+					 &buffer, &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+		
+		/* We've been called again */
+		
+		ret = fill_grent(result, &response.data.gr, 
+				 response.extra_data, &buffer, &buflen);
+		
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = 0;
+	}
 
-	return fill_grent(result, &response, &buffer, &buflen, errnop);
+	free_response(&response);
+	return ret;
 }
 
 /* Return group struct from gid */
 
-enum nss_status
+NSS_STATUS
 _nss_winbind_getgrgid_r(gid_t gid,
-                      struct group *result, char *buffer,
-                      size_t buflen, int *errnop)
+			struct group *result, char *buffer,
+			size_t buflen, int *errnop)
 {
-	enum nss_status ret;
-	struct winbindd_response response;
+	NSS_STATUS ret;
+	static struct winbindd_response response;
+	struct winbindd_request request;
+	static int keep_response;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: getgrgid %d\n", getpid(), gid);
+#endif
+
+	/* If our static buffer needs to be expanded we are called again */
+
+	if (!keep_response) {
+
+		/* Call for the first time */
+
+		ZERO_STRUCT(request);
+		ZERO_STRUCT(response);
+
+		request.data.gid = gid;
+
+		ret = winbindd_request(WINBINDD_GETGRNAM_FROM_GID, &request, 
+				       &response);
+
+		if (ret == NSS_STATUS_SUCCESS) {
+
+			ret = fill_grent(result, &response.data.gr, 
+					 response.extra_data, 
+					 &buffer, &buflen);
+
+			if (ret == NSS_STATUS_TRYAGAIN) {
+				keep_response = True;
+				*errnop = errno = ERANGE;
+				return ret;
+			}
+		}
+
+	} else {
+
+		/* We've been called again */
+
+		ret = fill_grent(result, &response.data.gr, 
+				 response.extra_data, &buffer, &buflen);
+
+		if (ret == NSS_STATUS_TRYAGAIN) {
+			keep_response = True;
+			*errnop = errno = ERANGE;
+			return ret;
+		}
+
+		keep_response = False;
+		*errnop = 0;
+	}
+
+	free_response(&response);
+	return ret;
+}
+
+/* Initialise supplementary groups */
+
+NSS_STATUS
+_nss_winbind_initgroups(char *user, gid_t group, long int *start,
+			long int *size, gid_t *groups, long int limit,
+			int *errnop)
+{
+	NSS_STATUS ret;
 	struct winbindd_request request;
+	struct winbindd_response response;
+	int i;
+
+#ifdef DEBUG_NSS
+	fprintf(stderr, "[%5d]: initgroups %s (%d)\n", getpid(),
+		user, group);
+#endif
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
 
-	request.data.gid = gid;
+	strncpy(request.data.username, user,
+		sizeof(request.data.username) - 1);
 
-	ret = generic_request(WINBINDD_GETGRNAM_FROM_GID, &request, &response);
-	if (ret != NSS_STATUS_SUCCESS) return ret;
+	ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+
+	if (ret == NSS_STATUS_SUCCESS) {
+		int num_gids = response.data.num_entries;
+		gid_t *gid_list = (gid_t *)response.extra_data;
+
+		/* Copy group list to client */
+
+		for (i = 0; i < num_gids; i++) {
+
+			/* Skip primary group */
+
+			if (gid_list[i] == group) continue;
+
+			/* Add to buffer */
+
+			if (*start == *size && limit <= 0) {
+				groups = realloc(
+					groups, 2 * (*size) * sizeof(*groups));
+				if (!groups) goto done;
+				*size *= 2;
+			}
+
+			groups[*start] = gid_list[i];
+			*start += 1;
+
+			/* Filled buffer? */
+
+			if (*start == limit) goto done;
+		}
+	}
+	
+	/* Back to your regularly scheduled programming */
 
-	return fill_grent(result, &response, &buffer, &buflen, errnop);
+ done:
+	return ret;
 }
diff --git a/source/nsswitch/winbind_nss_config.h b/source/nsswitch/winbind_nss_config.h
index c663842a815..5c09a5dd1bc 100644
--- a/source/nsswitch/winbind_nss_config.h
+++ b/source/nsswitch/winbind_nss_config.h
@@ -70,17 +70,62 @@
 #include <errno.h>
 #include <pwd.h>
 
-#ifdef HAVE_NSS_H
+#ifdef HAVE_NSS_COMMON_H
+/* Sun Solaris */
+
+#include <nss_common.h>
+#include <nss_dbdefs.h>
+#include <nsswitch.h>
+
+typedef nss_status_t NSS_STATUS;
+
+#define NSS_STATUS_SUCCESS     NSS_SUCCESS
+#define NSS_STATUS_NOTFOUND    NSS_NOTFOUND
+#define NSS_STATUS_UNAVAIL     NSS_UNAVAIL
+#define NSS_STATUS_TRYAGAIN    NSS_TRYAGAIN
+
+#elif HAVE_NSS_H
+/* GNU */
+
 #include <nss.h>
-#else
-/* Minimal needed to compile.. */
-enum nss_status {
-NSS_STATUS_SUCCESS,
-NSS_STATUS_NOTFOUND,
-NSS_STATUS_UNAVAIL
-};
+
+typedef enum nss_status NSS_STATUS;
+
+#else /* Nothing's defined. Neither gnu nor sun */
+
+typedef enum
+{
+  NSS_STATUS_SUCCESS,
+  NSS_STATUS_NOTFOUND,
+  NSS_STATUS_UNAVAIL,
+  NSS_STATUS_TRYAGAIN
+} NSS_STATUS;
+
 #endif
 
+/* Declarations for functions in winbind_nss.c
+   needed in winbind_nss_solaris.c (solaris wrapper to nss) */
+
+NSS_STATUS _nss_winbind_setpwent(void);
+NSS_STATUS _nss_winbind_endpwent(void);
+NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer,
+				   size_t buflen, int* errnop);
+NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer,
+				   size_t buflen, int* errnop);
+NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result,
+				   char* buffer, size_t buflen, int* errnop);
+
+NSS_STATUS _nss_winbind_setgrent(void);
+NSS_STATUS _nss_winbind_endgrent(void);
+NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer,
+				   size_t buflen, int* errnop);
+NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
+				   struct group *result, char *buffer,
+				   size_t buflen, int *errnop);
+NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
+				   struct group *result, char *buffer,
+				   size_t buflen, int *errnop);
+
 /* I'm trying really hard not to include anything from smb.h with the
    result of some silly looking redeclaration of structures. */
 
@@ -127,6 +172,7 @@ typedef int BOOL;
 
 /* zero a structure given a pointer to the structure */
 #define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); }
+    
 /* Some systems (SCO) treat UNIX domain sockets as FIFOs */
 
 #ifndef S_IFSOCK
diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
index b0e35f3cd6e..acb251950ad 100644
--- a/source/nsswitch/winbindd.c
+++ b/source/nsswitch/winbindd.c
@@ -267,7 +267,8 @@ static void new_connection(int accept_sock)
 {
     struct sockaddr_un sunaddr;
     struct winbindd_cli_state *state;
-    int len, sock;
+    socklen_t len
+	int sock;
     
     /* Accept connection */
     
diff --git a/source/nsswitch/winbindd_cache.c b/source/nsswitch/winbindd_cache.c
index 7b263dfe009..bc519430f3a 100644
--- a/source/nsswitch/winbindd_cache.c
+++ b/source/nsswitch/winbindd_cache.c
@@ -39,7 +39,7 @@ void winbindd_cache_init(void)
 {
 	/* Open tdb cache */
 	unlink(lock_path("winbindd_cache.tdb"));
-	if (!(cache_tdb = tdb_open(lock_path("winbindd_cache.tdb"), 0, 
+	if (!(cache_tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 0, 
 				   TDB_NOLOCK,
 				   O_RDWR | O_CREAT, 0600))) {
 		DEBUG(0, ("Unable to open tdb cache - user and group caching "
diff --git a/source/nsswitch/winbindd_idmap.c b/source/nsswitch/winbindd_idmap.c
index 11f7b8aae7a..891b79c2758 100644
--- a/source/nsswitch/winbindd_idmap.c
+++ b/source/nsswitch/winbindd_idmap.c
@@ -210,7 +210,7 @@ BOOL winbindd_idmap_init(void)
 {
     /* Open tdb cache */
 
-    if (!(idmap_tdb = tdb_open(lock_path("winbindd_idmap.tdb"), 0,
+    if (!(idmap_tdb = tdb_open_log(lock_path("winbindd_idmap.tdb"), 0,
                                TDB_NOLOCK | TDB_NOMMAP, 
                                O_RDWR | O_CREAT, 0600))) {
         DEBUG(0, ("Unable to open idmap database\n"));
diff --git a/source/nsswitch/wins.c b/source/nsswitch/wins.c
index be76c2e54ee..dea6418cb84 100644
--- a/source/nsswitch/wins.c
+++ b/source/nsswitch/wins.c
@@ -31,6 +31,39 @@ extern int DEBUGLEVEL;
 #define INADDRSZ 4
 #endif
 
+/* Use our own create socket code so we don't recurse.... */
+
+static int wins_lookup_open_socket_in(void)
+{
+	struct sockaddr_in sock;
+	int val=1;
+	int res;
+
+	memset((char *)&sock,'\0',sizeof(sock));
+
+#ifdef HAVE_SOCK_SIN_LEN
+	sock.sin_len = sizeof(sock);
+#endif
+	sock.sin_port = 0;
+	sock.sin_family = AF_INET;
+	sock.sin_addr.s_addr = interpret_addr("0.0.0.0");
+	res = socket(AF_INET, SOCK_DGRAM, 0);
+	if (res == -1)
+		return -1;
+
+	setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+#ifdef SO_REUSEPORT
+	setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+#endif /* SO_REUSEPORT */
+
+	/* now we've got a socket - we need to bind it */
+
+	if (bind(res, (struct sockaddr * ) &sock,sizeof(sock)) < 0)
+		return(-1);
+
+	return res;
+}
+
 struct in_addr *lookup_backend(const char *name, int *count)
 {
 	int fd;
@@ -51,8 +84,9 @@ struct in_addr *lookup_backend(const char *name, int *count)
 
 	*count = 0;
 
-	fd = open_socket_in(SOCK_DGRAM,0, 3, interpret_addr("0.0.0.0"), True);
-	if (fd == -1) return NULL;
+	fd = wins_lookup_open_socket_in();
+	if (fd == -1)
+		return NULL;
 
 	set_socket_options(fd,"SO_BROADCAST");
 
@@ -85,6 +119,7 @@ struct in_addr *lookup_backend(const char *name, int *count)
 	}
 
  out:
+
 	close(fd);
 	return ret;
 }
@@ -94,21 +129,24 @@ struct in_addr *lookup_backend(const char *name, int *count)
 gethostbyname() - we ignore any domain portion of the name and only
 handle names that are at most 15 characters long
   **************************************************************************/
-enum nss_status 
-_nss_wins_gethostbyname_r(const char *name, struct hostent *he,
+
+NSS_STATUS _nss_wins_gethostbyname_r(const char *name, struct hostent *he,
 			  char *buffer, size_t buflen, int *errnop,
 			  int *h_errnop)
 {
 	char **host_addresses;
 	struct in_addr *ip_list;
 	int i, count;
+	size_t namelen = strlen(name) + 1;
+
+	memset(he, '\0', sizeof(*he));
 
 	ip_list = lookup_backend(name, &count);
 	if (!ip_list) {
 		return NSS_STATUS_NOTFOUND;
 	}
 
-	if (buflen < (2*count+1)*INADDRSZ) {
+	if (buflen < namelen + (2*count+1)*INADDRSZ) {
 		/* no ENOMEM error type?! */
 		return NSS_STATUS_NOTFOUND;
 	}
@@ -130,7 +168,11 @@ _nss_wins_gethostbyname_r(const char *name, struct hostent *he,
 		host_addresses++;
 	}
 
-	if (ip_list) free(ip_list);
+	if (ip_list)
+		free(ip_list);
+
+	memcpy(buffer, name, namelen);
+	he->h_name = buffer;
 
 	return NSS_STATUS_SUCCESS;
 }
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index f8e540466b5..fb96c3214de 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -86,10 +86,8 @@ pstring global_scope = "";
 #endif
 
 /* some helpful bits */
-#define pSERVICE(i) ServicePtrs[i]
-#define iSERVICE(i) (*pSERVICE(i))
-#define LP_SNUM_OK(iService) (((iService) >= 0) && ((iService) < iNumServices) && iSERVICE(iService).valid)
-#define VALID(i) iSERVICE(i).valid
+#define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && ServicePtrs[(i)]->valid)
+#define VALID(i) ServicePtrs[i]->valid
 
 int keepalive = DEFAULT_KEEPALIVE;
 BOOL use_getwd_cache = True;
@@ -131,8 +129,6 @@ typedef struct
 	char *szWorkGroup;
 	char *szDomainAdminGroup;
 	char *szDomainGuestGroup;
-	char *szDomainAdminUsers;
-	char *szDomainGuestUsers;
 	char *szDomainHostsallow;
 	char *szDomainHostsdeny;
 	char *szUsernameMap;
@@ -155,7 +151,6 @@ typedef struct
 	char *szAnnounceVersion;	/* This is initialised in init_globals */
 	char *szNetbiosAliases;
 	char *szDomainOtherSIDs;
-	char *szDomainGroups;
 	char *szNameResolveOrder;
 	char *szLdapServer;
 	char *szLdapSuffix;
@@ -169,9 +164,8 @@ typedef struct
 #ifdef WITH_UTMP
 	char *szUtmpDir;
 	char *szWtmpDir;
-	char *szUtmpHostname;
-	BOOL bUtmpConsolidate;
-#endif				/* WITH_UTMP */
+	BOOL bUtmp;
+#endif
 	char *szSourceEnv;
 	char *szWinbindUID;
 	char *szWinbindGID;
@@ -199,6 +193,7 @@ typedef struct
 	int iTotalPrintJobs;
 	int syslog;
 	int os_level;
+	int enhanced_browsing;
 	int max_ttl;
 	int max_wins_ttl;
 	int min_wins_ttl;
@@ -245,18 +240,20 @@ typedef struct
 	BOOL bUpdateEncrypt;
 	BOOL bStripDot;
 	BOOL bNullPasswords;
+	BOOL bObeyPamRestrictions;
 	BOOL bLoadPrinters;
 	BOOL bUseRhosts;
+	BOOL bLargeReadwrite;
 	BOOL bReadRaw;
 	BOOL bWriteRaw;
 	BOOL bReadPrediction;
 	BOOL bReadbmpx;
 	BOOL bSyslogOnly;
 	BOOL bBrowseList;
-	BOOL bUnixRealname;
 	BOOL bNISHomeMap;
 	BOOL bTimeServer;
 	BOOL bBindInterfacesOnly;
+	BOOL bPamPasswordChange;
 	BOOL bUnixPasswdSync;
 	BOOL bPasswdChatDebug;
 	BOOL bTimestampLogs;
@@ -354,6 +351,7 @@ typedef struct
 	BOOL bCaseMangle;
 	BOOL status;
 	BOOL bHideDotFiles;
+	BOOL bHideUnReadable;
 	BOOL bBrowseable;
 	BOOL bAvailable;
 	BOOL bRead_only;
@@ -368,9 +366,6 @@ typedef struct
 	BOOL bLocking;
 	BOOL bStrictLocking;
 	BOOL bPosixLocking;
-#ifdef WITH_UTMP
-	BOOL bUtmp;
-#endif
 	BOOL bShareModes;
 	BOOL bOpLocks;
 	BOOL bLevel2OpLocks;
@@ -450,12 +445,12 @@ static service sDefault = {
 	0,			/* iWriteCacheSize */
 	0744,			/* iCreate_mask */
 	0000,			/* iCreate_force_mode */
-	-1,			/* iSecurity_mask */
-	-1,			/* iSecurity_force_mode */
+	0777,			/* iSecurity_mask */
+	0,			/* iSecurity_force_mode */
 	0755,			/* iDir_mask */
 	0000,			/* iDir_force_mode */
-	-1,			/* iDir_Security_mask */
-	-1,			/* iDir_Security_force_mode */
+	0777,			/* iDir_Security_mask */
+	0,			/* iDir_Security_force_mode */
 	0,			/* iMaxConnections */
 	CASE_LOWER,		/* iDefaultCase */
 	DEFAULT_PRINTING,	/* iPrinting */
@@ -469,6 +464,7 @@ static service sDefault = {
 	False,			/* case mangle */
 	True,			/* status */
 	True,			/* bHideDotFiles */
+	False,			/* bHideUnReadable */
 	True,			/* bBrowseable */
 	True,			/* bAvailable */
 	True,			/* bRead_only */
@@ -483,9 +479,6 @@ static service sDefault = {
 	True,			/* bLocking */
 	False,			/* bStrictLocking */
 	True,			/* bPosixLocking */
-#ifdef WITH_UTMP
-	False,			/* bUtmp */
-#endif
 	True,			/* bShareModes */
 	True,			/* bOpLocks */
 	True,			/* bLevel2OpLocks */
@@ -678,6 +671,7 @@ static struct parm_struct parm_table[] = {
 	{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, 0},
 	{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
 	{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
+	{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, 0},
 	{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
 /* #ifdef WITH_TDBPWD
 	{"tdb passwd file", P_STRING, P_GLOBAL, &Globals.szTDBPasswdFile, NULL, NULL, 0},
@@ -688,6 +682,7 @@ static struct parm_struct parm_table[] = {
 	{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
 	{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
 	
+	{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
 	{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
 	{"passwd chat", P_STRING, P_GLOBAL, &Globals.szPasswdChat, NULL, NULL, 0},
 	{"passwd chat debug", P_BOOL, P_GLOBAL, &Globals.bPasswdChatDebug, NULL, NULL, 0},
@@ -709,7 +704,7 @@ static struct parm_struct parm_table[] = {
 	{"admin users", P_STRING, P_LOCAL, &sDefault.szAdminUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
 	{"read list", P_STRING, P_LOCAL, &sDefault.readlist, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
 	{"write list", P_STRING, P_LOCAL, &sDefault.writelist, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
-	{"printer admin", P_STRING, P_LOCAL, &sDefault.printer_admin, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
+	{"printer admin", P_STRING, P_LOCAL, &sDefault.printer_admin, NULL, NULL, FLAG_GLOBAL | FLAG_PRINT},
 	{"force user", P_STRING, P_LOCAL, &sDefault.force_user, NULL, NULL, FLAG_SHARE},
 	{"force group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, FLAG_SHARE},
 	{"group", P_STRING, P_LOCAL, &sDefault.force_group, NULL, NULL, 0},
@@ -780,6 +775,7 @@ static struct parm_struct parm_table[] = {
 	{"Protocol Options", P_SEP, P_SEPARATOR},
 	
 	{"protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
+	{"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, 0},
 	{"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, 0},
 	{"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, 0},
 	{"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, 0},
@@ -867,6 +863,7 @@ static struct parm_struct parm_table[] = {
 	{"mangle case", P_BOOL, P_LOCAL, &sDefault.bCaseMangle, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
 	{"mangling char", P_CHAR, P_LOCAL, &sDefault.magic_char, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
 	{"hide dot files", P_BOOL, P_LOCAL, &sDefault.bHideDotFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
+	{"hide unreadable", P_BOOL, P_LOCAL, &sDefault.bHideUnReadable, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
 	{"delete veto files", P_BOOL, P_LOCAL, &sDefault.bDeleteVetoFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
 	{"veto files", P_STRING, P_LOCAL, &sDefault.szVetoFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL | FLAG_DOS_STRING},
 	{"hide files", P_STRING, P_LOCAL, &sDefault.szHideFiles, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL | FLAG_DOS_STRING},
@@ -880,11 +877,8 @@ static struct parm_struct parm_table[] = {
 
 	{"Domain Options", P_SEP, P_SEPARATOR},
 	
-	{"domain groups", P_STRING, P_GLOBAL, &Globals.szDomainGroups, NULL, NULL, 0},
 	{"domain admin group", P_STRING, P_GLOBAL, &Globals.szDomainAdminGroup, NULL, NULL, 0},
 	{"domain guest group", P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0},
-	{"domain admin users", P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL, NULL, 0},
-	{"domain guest users", P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL, NULL, 0},
 #ifdef USING_GROUPNAME_MAP
 	
 	{"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
@@ -914,6 +908,7 @@ static struct parm_struct parm_table[] = {
 	{"browse list", P_BOOL, P_GLOBAL, &Globals.bBrowseList, NULL, NULL, 0},
 	{"browseable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
 	{"browsable", P_BOOL, P_LOCAL, &sDefault.bBrowseable, NULL, NULL, 0},
+	{"enhanced browsing", P_BOOL, P_GLOBAL, &Globals.enhanced_browsing, NULL, NULL},
 
 	{"WINS Options", P_SEP, P_SEPARATOR},
 	{"dns proxy", P_BOOL, P_GLOBAL, &Globals.bDNSproxy, NULL, NULL, 0},
@@ -929,9 +924,6 @@ static struct parm_struct parm_table[] = {
 	{"fake oplocks", P_BOOL, P_LOCAL, &sDefault.bFakeOplocks, NULL, NULL, FLAG_SHARE},
 	{"kernel oplocks", P_BOOL, P_GLOBAL, &Globals.bKernelOplocks, NULL, NULL, FLAG_GLOBAL},
 	{"locking", P_BOOL, P_LOCAL, &sDefault.bLocking, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
-#ifdef WITH_UTMP
-	{"utmp", P_BOOL, P_LOCAL, &sDefault.bUtmp, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
-#endif
 	
 	{"oplocks", P_BOOL, P_LOCAL, &sDefault.bOpLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
 	{"level2 oplocks", P_BOOL, P_LOCAL, &sDefault.bLevel2OpLocks, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
@@ -963,17 +955,13 @@ static struct parm_struct parm_table[] = {
 	{"lock dir", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0}, 
 	{"lock directory", P_STRING, P_GLOBAL, &Globals.szLockDir, NULL, NULL, 0},
 #ifdef WITH_UTMP
-	{"utmp dir", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0},
 	{"utmp directory", P_STRING, P_GLOBAL, &Globals.szUtmpDir, NULL, NULL, 0},
-	{"wtmp dir", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0},
 	{"wtmp directory", P_STRING, P_GLOBAL, &Globals.szWtmpDir, NULL, NULL, 0},
-	{"utmp hostname", P_STRING, P_GLOBAL, &Globals.szUtmpHostname, NULL, NULL, 0},
-	{"utmp consolidate", P_BOOL, P_GLOBAL, &Globals.bUtmpConsolidate, NULL, NULL, 0},
-#endif /* WITH_UTMP */
+	{"utmp",          P_BOOL, P_GLOBAL, &Globals.bUtmp, NULL, NULL, 0},
+#endif
 	
-	{"default service", P_STRING, P_GLOBAL,
-	 &Globals.szDefaultService, NULL, NULL, 0},
-	{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, 0},
+	{"default service", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_DOS_STRING},
+	{"default", P_STRING, P_GLOBAL, &Globals.szDefaultService, NULL, NULL, FLAG_DOS_STRING},
 	{"message command", P_STRING, P_GLOBAL, &Globals.szMsgCommand, NULL, NULL, 0},
 	{"dfree command", P_STRING, P_GLOBAL, &Globals.szDfree, NULL, NULL, 0},
 	{"valid chars", P_STRING, P_GLOBAL, &Globals.szValidChars, handle_valid_chars, NULL, 0},
@@ -982,7 +970,6 @@ static struct parm_struct parm_table[] = {
 	{"socket address", P_STRING, P_GLOBAL, &Globals.szSocketAddress, NULL, NULL, 0},
 	{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, 0},
 	{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, 0},
-	{"unix realname", P_BOOL, P_GLOBAL, &Globals.bUnixRealname, NULL, NULL, 0},
 	{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, 0},
 	{"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE},
 	
@@ -997,7 +984,7 @@ static struct parm_struct parm_table[] = {
 	{"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_SHARE},
 	{"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_SHARE | FLAG_PRINT},
 	{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT},
-	{"volume", P_STRING, P_LOCAL, &sDefault.volume, NULL, NULL, FLAG_SHARE},
+	{"volume", P_STRING, P_LOCAL, &sDefault.volume, NULL, NULL, FLAG_SHARE | FLAG_DOS_STRING},
 	{"fstype", P_STRING, P_LOCAL, &sDefault.fstype, NULL, NULL, FLAG_SHARE},
 	{"set directory", P_BOOLREV, P_LOCAL, &sDefault.bNo_set_dir, NULL, NULL, FLAG_SHARE},
 	{"source environment", P_STRING, P_GLOBAL, &Globals.szSourceEnv, handle_source_env, NULL, 0},
@@ -1018,12 +1005,12 @@ static struct parm_struct parm_table[] = {
 
 	{"VFS options", P_SEP, P_SEPARATOR},
 	
-	{"vfs object", P_STRING, P_LOCAL, &sDefault.szVfsObjectFile, handle_vfs_object, NULL, 0},
-	{"vfs options", P_STRING, P_LOCAL, &sDefault.szVfsOptions, NULL, NULL, 0},
+	{"vfs object", P_STRING, P_LOCAL, &sDefault.szVfsObjectFile, handle_vfs_object, NULL, FLAG_SHARE},
+	{"vfs options", P_STRING, P_LOCAL, &sDefault.szVfsOptions, NULL, NULL, FLAG_SHARE},
 
 	
 	{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
-	{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_GLOBAL},
+	{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, 0},
 
 	{"Winbind options", P_SEP, P_SEPARATOR},
 
@@ -1205,9 +1192,8 @@ static void init_globals(void)
 #ifdef WITH_UTMP
 	string_set(&Globals.szUtmpDir, "");
 	string_set(&Globals.szWtmpDir, "");
-	string_set(&Globals.szUtmpHostname, "%m");
-	Globals.bUtmpConsolidate = False;
-#endif /* WITH_UTMP */
+	Globals.bUtmp = False;
+#endif
 	string_set(&Globals.szSocketAddress, "0.0.0.0");
 	pstrcpy(s, "Samba ");
 	pstrcat(s, VERSION);
@@ -1238,6 +1224,7 @@ static void init_globals(void)
 	Globals.pwordlevel = 0;
 	Globals.unamelevel = 0;
 	Globals.deadtime = 0;
+	Globals.bLargeReadwrite = False;
 	Globals.max_log_size = 5000;
 	Globals.max_open_files = MAX_OPEN_FILES;
 	Globals.maxprotocol = PROTOCOL_NT1;
@@ -1250,6 +1237,7 @@ static void init_globals(void)
 	Globals.bReadPrediction = False;
 	Globals.bReadbmpx = False;
 	Globals.bNullPasswords = False;
+	Globals.bObeyPamRestrictions = False;
 	Globals.bStripDot = False;
 	Globals.syslog = 1;
 	Globals.bSyslogOnly = False;
@@ -1267,7 +1255,6 @@ static void init_globals(void)
 	Globals.lm_interval = 60;
 	Globals.stat_cache_size = 50;	/* Number of stat translations we'll keep */
 	Globals.announce_as = ANNOUNCE_AS_NT_SERVER;
-	Globals.bUnixRealname = True;
 #if (defined(HAVE_NETGROUP) && defined(WITH_AUTOMOUNT))
 	Globals.bNISHomeMap = False;
 #ifdef WITH_NISPLUS_HOME
@@ -1280,6 +1267,7 @@ static void init_globals(void)
 	Globals.bTimeServer = False;
 	Globals.bBindInterfacesOnly = False;
 	Globals.bUnixPasswdSync = False;
+	Globals.bPamPasswordChange = False;
 	Globals.bPasswdChatDebug = False;
 	Globals.bNTSmbSupport = True;	/* Do NT SMB's by default. */
 	Globals.bNTPipeSupport = True;	/* Do NT pipes by default. */
@@ -1290,6 +1278,7 @@ static void init_globals(void)
 	Globals.map_to_guest = 0;	/* By Default, "Never" */
 	Globals.min_passwd_length = MINPASSWDLENGTH;	/* By Default, 5. */
 	Globals.oplock_break_wait_time = 0;	/* By Default, 0 msecs. */
+	Globals.enhanced_browsing = True; 
 
 #ifdef WITH_LDAP
 	/* default values for ldap */
@@ -1414,13 +1403,13 @@ static char *lp_string(const char *s)
  int fn_name(void) {return(*(int *)(ptr));}
 
 #define FN_LOCAL_STRING(fn_name,val) \
- char *fn_name(int i) {return(lp_string((LP_SNUM_OK(i)&&pSERVICE(i)->val)?pSERVICE(i)->val : sDefault.val));}
+ char *fn_name(int i) {return(lp_string((LP_SNUM_OK(i) && ServicePtrs[(i)]->val) ? ServicePtrs[(i)]->val : sDefault.val));}
 #define FN_LOCAL_BOOL(fn_name,val) \
- BOOL fn_name(int i) {return(LP_SNUM_OK(i)? pSERVICE(i)->val : sDefault.val);}
+ BOOL fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
 #define FN_LOCAL_CHAR(fn_name,val) \
- char fn_name(int i) {return(LP_SNUM_OK(i)? pSERVICE(i)->val : sDefault.val);}
+ char fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
 #define FN_LOCAL_INTEGER(fn_name,val) \
- int fn_name(int i) {return(LP_SNUM_OK(i)? pSERVICE(i)->val : sDefault.val);}
+ int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
 
 FN_GLOBAL_STRING(lp_logfile, &Globals.szLogFile)
 FN_GLOBAL_STRING(lp_configfile, &Globals.szConfigFile)
@@ -1439,9 +1428,8 @@ FN_GLOBAL_STRING(lp_lockdir, &Globals.szLockDir)
 #ifdef WITH_UTMP
 FN_GLOBAL_STRING(lp_utmpdir, &Globals.szUtmpDir)
 FN_GLOBAL_STRING(lp_wtmpdir, &Globals.szWtmpDir)
-FN_GLOBAL_STRING(lp_utmp_hostname, &Globals.szUtmpHostname)
-FN_GLOBAL_BOOL(lp_utmp_consolidate, &Globals.bUtmpConsolidate)
-#endif /* WITH_UTMP */
+FN_GLOBAL_BOOL(lp_utmp, &Globals.bUtmp)
+#endif
 FN_GLOBAL_STRING(lp_rootdir, &Globals.szRootdir)
 FN_GLOBAL_STRING(lp_source_environment, &Globals.szSourceEnv)
 FN_GLOBAL_STRING(lp_defaultservice, &Globals.szDefaultService)
@@ -1474,11 +1462,8 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
 FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
 FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
 FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook)
-FN_GLOBAL_STRING(lp_domain_groups, &Globals.szDomainGroups)
 FN_GLOBAL_STRING(lp_domain_admin_group, &Globals.szDomainAdminGroup)
 FN_GLOBAL_STRING(lp_domain_guest_group, &Globals.szDomainGuestGroup)
-FN_GLOBAL_STRING(lp_domain_admin_users, &Globals.szDomainAdminUsers)
-FN_GLOBAL_STRING(lp_domain_guest_users, &Globals.szDomainGuestUsers)
 FN_GLOBAL_STRING(lp_winbind_uid, &Globals.szWinbindUID)
 FN_GLOBAL_STRING(lp_winbind_gid, &Globals.szWinbindGID)
 FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir)
@@ -1525,8 +1510,10 @@ FN_GLOBAL_BOOL(lp_use_rhosts, &Globals.bUseRhosts)
 FN_GLOBAL_BOOL(lp_readprediction, &Globals.bReadPrediction)
 FN_GLOBAL_BOOL(lp_readbmpx, &Globals.bReadbmpx)
 FN_GLOBAL_BOOL(lp_readraw, &Globals.bReadRaw)
+FN_GLOBAL_BOOL(lp_large_readwrite, &Globals.bLargeReadwrite)
 FN_GLOBAL_BOOL(lp_writeraw, &Globals.bWriteRaw)
 FN_GLOBAL_BOOL(lp_null_passwords, &Globals.bNullPasswords)
+FN_GLOBAL_BOOL(lp_obey_pam_restrictions, &Globals.bObeyPamRestrictions)
 FN_GLOBAL_BOOL(lp_strip_dot, &Globals.bStripDot)
 FN_GLOBAL_BOOL(lp_encrypted_passwords, &Globals.bEncryptPasswords)
 FN_GLOBAL_BOOL(lp_update_encrypted, &Globals.bUpdateEncrypt)
@@ -1536,10 +1523,10 @@ FN_GLOBAL_BOOL(lp_debug_hires_timestamp, &Globals.bDebugHiresTimestamp)
 FN_GLOBAL_BOOL(lp_debug_pid, &Globals.bDebugPid)
 FN_GLOBAL_BOOL(lp_debug_uid, &Globals.bDebugUid)
 FN_GLOBAL_BOOL(lp_browse_list, &Globals.bBrowseList)
-FN_GLOBAL_BOOL(lp_unix_realname, &Globals.bUnixRealname)
 FN_GLOBAL_BOOL(lp_nis_home_map, &Globals.bNISHomeMap)
 static FN_GLOBAL_BOOL(lp_time_server, &Globals.bTimeServer)
 FN_GLOBAL_BOOL(lp_bind_interfaces_only, &Globals.bBindInterfacesOnly)
+FN_GLOBAL_BOOL(lp_pam_password_change, &Globals.bPamPasswordChange)
 FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync)
 FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug)
 FN_GLOBAL_BOOL(lp_nt_smb_support, &Globals.bNTSmbSupport)
@@ -1551,6 +1538,7 @@ FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous)
 FN_GLOBAL_BOOL(lp_lanman_auth, &Globals.bLanmanAuth)
 FN_GLOBAL_BOOL(lp_host_msdfs, &Globals.bHostMSDfs)
 FN_GLOBAL_BOOL(lp_kernel_oplocks, &Globals.bKernelOplocks)
+FN_GLOBAL_BOOL(lp_enhanced_browsing, &Globals.enhanced_browsing)
 FN_GLOBAL_INTEGER(lp_os_level, &Globals.os_level)
 FN_GLOBAL_INTEGER(lp_max_ttl, &Globals.max_ttl)
 FN_GLOBAL_INTEGER(lp_max_wins_ttl, &Globals.max_wins_ttl)
@@ -1634,6 +1622,7 @@ FN_LOCAL_BOOL(lp_shortpreservecase, bShortCasePreserve)
 FN_LOCAL_BOOL(lp_casemangle, bCaseMangle)
 FN_LOCAL_BOOL(lp_status, status)
 FN_LOCAL_BOOL(lp_hide_dot_files, bHideDotFiles)
+FN_LOCAL_BOOL(lp_hideunreadable, bHideUnReadable)
 FN_LOCAL_BOOL(lp_browseable, bBrowseable)
 FN_LOCAL_BOOL(lp_readonly, bRead_only)
 FN_LOCAL_BOOL(lp_no_set_dir, bNo_set_dir)
@@ -1646,9 +1635,6 @@ FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
 FN_LOCAL_BOOL(lp_locking, bLocking)
 FN_LOCAL_BOOL(lp_strict_locking, bStrictLocking)
 FN_LOCAL_BOOL(lp_posix_locking, bPosixLocking)
-#ifdef WITH_UTMP
-FN_LOCAL_BOOL(lp_utmp, bUtmp)
-#endif
 FN_LOCAL_BOOL(lp_share_modes, bShareModes)
 FN_LOCAL_BOOL(lp_oplocks, bOpLocks)
 FN_LOCAL_BOOL(lp_level2_oplocks, bLevel2OpLocks)
@@ -1670,12 +1656,12 @@ FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
 FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
 FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
 FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
-FN_LOCAL_INTEGER(_lp_security_mask, iSecurity_mask)
-FN_LOCAL_INTEGER(_lp_force_security_mode, iSecurity_force_mode)
+FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
+FN_LOCAL_INTEGER(lp_force_security_mode, iSecurity_force_mode)
 FN_LOCAL_INTEGER(lp_dir_mask, iDir_mask)
 FN_LOCAL_INTEGER(lp_force_dir_mode, iDir_force_mode)
-FN_LOCAL_INTEGER(_lp_dir_security_mask, iDir_Security_mask)
-FN_LOCAL_INTEGER(_lp_force_dir_security_mode, iDir_Security_force_mode)
+FN_LOCAL_INTEGER(lp_dir_security_mask, iDir_Security_mask)
+FN_LOCAL_INTEGER(lp_force_dir_security_mode, iDir_Security_force_mode)
 FN_LOCAL_INTEGER(lp_max_connections, iMaxConnections)
 FN_LOCAL_INTEGER(lp_defaultcase, iDefaultCase)
 FN_LOCAL_INTEGER(lp_minprintspace, iMinPrintSpace)
@@ -1739,6 +1725,8 @@ static void free_service(service * pservice)
 			string_free((char **)
 				    (((char *)pservice) +
 				     PTR_DIFF(parm_table[i].ptr, &sDefault)));
+
+	ZERO_STRUCTP(pservice);
 }
 
 /***************************************************************************
@@ -1763,35 +1751,49 @@ static int add_a_service(service * pservice, char *name)
 
 	/* find an invalid one */
 	for (i = 0; i < iNumServices; i++)
-		if (!pSERVICE(i)->valid)
+		if (!ServicePtrs[i]->valid)
 			break;
 
 	/* if not, then create one */
 	if (i == iNumServices)
 	{
+#ifdef __INSURE__
+		service **oldservices = iNumServices ? malloc(sizeof(service *) * iNumServices) : NULL;
+
+		if (iNumServices)
+			memcpy(oldservices, ServicePtrs, sizeof(service *) * iNumServices);
+#endif
+
 		ServicePtrs =
 			(service **) Realloc(ServicePtrs,
 					     sizeof(service *) *
 					     num_to_alloc);
+#ifdef __INSURE__
+		if (iNumServices && (memcmp(oldservices, ServicePtrs, sizeof(service *) * iNumServices) != 0)) {
+			smb_panic("add_a_service: Realloc corrupted ptrs...\n");
+		}
+		safe_free(oldservices);
+#endif
+
 		if (ServicePtrs)
-			pSERVICE(iNumServices) =
+			ServicePtrs[iNumServices] =
 				(service *) malloc(sizeof(service));
 
-		if (!ServicePtrs || !pSERVICE(iNumServices))
+		if (!ServicePtrs || !ServicePtrs[iNumServices])
 			return (-1);
 
 		iNumServices++;
 	}
 	else
-		free_service(pSERVICE(i));
+		free_service(ServicePtrs[i]);
 
-	pSERVICE(i)->valid = True;
+	ServicePtrs[i]->valid = True;
 
-	init_service(pSERVICE(i));
-	copy_service(pSERVICE(i), &tservice, NULL);
+	init_service(ServicePtrs[i]);
+	copy_service(ServicePtrs[i], &tservice, NULL);
 	if (name)
 	{
-		string_set(&iSERVICE(i).szService, name);
+		string_set(&ServicePtrs[i]->szService, name);
 	}
 	return (i);
 }
@@ -1802,23 +1804,23 @@ from service ifrom. homename must be in DOS codepage.
 ***************************************************************************/
 BOOL lp_add_home(char *pszHomename, int iDefaultService, char *pszHomedir)
 {
-	int i = add_a_service(pSERVICE(iDefaultService), pszHomename);
+	int i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
 	if (i < 0)
 		return (False);
 
-	if (!(*(iSERVICE(i).szPath))
-	    || strequal(iSERVICE(i).szPath, lp_pathname(-1)))
-		string_set(&iSERVICE(i).szPath, pszHomedir);
-	if (!(*(iSERVICE(i).comment)))
+	if (!(*(ServicePtrs[i]->szPath))
+	    || strequal(ServicePtrs[i]->szPath, lp_pathname(-1)))
+		string_set(&ServicePtrs[i]->szPath, pszHomedir);
+	if (!(*(ServicePtrs[i]->comment)))
 	{
 		pstring comment;
 		slprintf(comment, sizeof(comment) - 1,
 			 "Home directory of %s", pszHomename);
-		string_set(&iSERVICE(i).comment, comment);
+		string_set(&ServicePtrs[i]->comment, comment);
 	}
-	iSERVICE(i).bAvailable = sDefault.bAvailable;
-	iSERVICE(i).bBrowseable = sDefault.bBrowseable;
+	ServicePtrs[i]->bAvailable = sDefault.bAvailable;
+	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
 
 	DEBUG(3,
 	      ("adding home directory %s at %s\n", pszHomename, pszHomedir));
@@ -1831,7 +1833,7 @@ add a new service, based on an old one. pszService must be in DOS codepage.
 ***************************************************************************/
 int lp_add_service(char *pszService, int iDefaultService)
 {
-	return (add_a_service(pSERVICE(iDefaultService), pszService));
+	return (add_a_service(ServicePtrs[iDefaultService], pszService));
 }
 
 
@@ -1849,18 +1851,18 @@ static BOOL lp_add_ipc(char *ipc_name, BOOL guest_ok)
 	slprintf(comment, sizeof(comment) - 1,
 		 "IPC Service (%s)", Globals.szServerString);
 
-	string_set(&iSERVICE(i).szPath, tmpdir());
-	string_set(&iSERVICE(i).szUsername, "");
-	string_set(&iSERVICE(i).comment, comment);
-	string_set(&iSERVICE(i).fstype, "IPC");
-	iSERVICE(i).status = False;
-	iSERVICE(i).iMaxConnections = 0;
-	iSERVICE(i).bAvailable = True;
-	iSERVICE(i).bRead_only = True;
-	iSERVICE(i).bGuest_only = False;
-	iSERVICE(i).bGuest_ok = guest_ok;
-	iSERVICE(i).bPrint_ok = False;
-	iSERVICE(i).bBrowseable = sDefault.bBrowseable;
+	string_set(&ServicePtrs[i]->szPath, tmpdir());
+	string_set(&ServicePtrs[i]->szUsername, "");
+	string_set(&ServicePtrs[i]->comment, comment);
+	string_set(&ServicePtrs[i]->fstype, "IPC");
+	ServicePtrs[i]->status = False;
+	ServicePtrs[i]->iMaxConnections = 0;
+	ServicePtrs[i]->bAvailable = True;
+	ServicePtrs[i]->bRead_only = True;
+	ServicePtrs[i]->bGuest_only = False;
+	ServicePtrs[i]->bGuest_ok = guest_ok;
+	ServicePtrs[i]->bPrint_ok = False;
+	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
 
 	DEBUG(3, ("adding IPC service %s\n", ipc_name));
 
@@ -1875,7 +1877,7 @@ printername must be in DOS codepage.
 BOOL lp_add_printer(char *pszPrintername, int iDefaultService)
 {
 	char *comment = "From Printcap";
-	int i = add_a_service(pSERVICE(iDefaultService), pszPrintername);
+	int i = add_a_service(ServicePtrs[iDefaultService], pszPrintername);
 
 	if (i < 0)
 		return (False);
@@ -1886,17 +1888,17 @@ BOOL lp_add_printer(char *pszPrintername, int iDefaultService)
 	/* entry (if/when the 'available' keyword is implemented!).    */
 
 	/* the printer name is set to the service name. */
-	string_set(&iSERVICE(i).szPrintername, pszPrintername);
-	string_set(&iSERVICE(i).comment, comment);
-	iSERVICE(i).bBrowseable = sDefault.bBrowseable;
+	string_set(&ServicePtrs[i]->szPrintername, pszPrintername);
+	string_set(&ServicePtrs[i]->comment, comment);
+	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
 	/* Printers cannot be read_only. */
-	iSERVICE(i).bRead_only = False;
+	ServicePtrs[i]->bRead_only = False;
 	/* No share modes on printer services. */
-	iSERVICE(i).bShareModes = False;
+	ServicePtrs[i]->bShareModes = False;
 	/* No oplocks on printer services. */
-	iSERVICE(i).bOpLocks = False;
+	ServicePtrs[i]->bOpLocks = False;
 	/* Printer services must be printable. */
-	iSERVICE(i).bPrint_ok = True;
+	ServicePtrs[i]->bPrint_ok = True;
 
 	DEBUG(3, ("adding printer service %s\n", pszPrintername));
 
@@ -1961,12 +1963,10 @@ static int getservicebyname(char *pszServiceName, service * pserviceDest)
 
 	for (iService = iNumServices - 1; iService >= 0; iService--)
 		if (VALID(iService) &&
-		    strwicmp(iSERVICE(iService).szService,
-			     pszServiceName) == 0)
+		    strwicmp(ServicePtrs[iService]->szService, pszServiceName) == 0)
 		{
 			if (pserviceDest != NULL)
-				copy_service(pserviceDest, pSERVICE(iService),
-					     NULL);
+				copy_service(pserviceDest, ServicePtrs[iService], NULL);
 			break;
 		}
 
@@ -2049,7 +2049,7 @@ static BOOL service_ok(int iService)
 	BOOL bRetval;
 
 	bRetval = True;
-	if (iSERVICE(iService).szService[0] == '\0')
+	if (ServicePtrs[iService]->szService[0] == '\0')
 	{
 		DEBUG(0,
 		      ("The following message indicates an internal error:\n"));
@@ -2059,31 +2059,31 @@ static BOOL service_ok(int iService)
 
 	/* The [printers] entry MUST be printable. I'm all for flexibility, but */
 	/* I can't see why you'd want a non-printable printer service...        */
-	if (strwicmp(iSERVICE(iService).szService, PRINTERS_NAME) == 0) {
-		if (!iSERVICE(iService).bPrint_ok) {
+	if (strwicmp(ServicePtrs[iService]->szService, PRINTERS_NAME) == 0) {
+		if (!ServicePtrs[iService]->bPrint_ok) {
 			DEBUG(0,
 			      ("WARNING: [%s] service MUST be printable!\n",
-			       iSERVICE(iService).szService));
-			iSERVICE(iService).bPrint_ok = True;
+			       ServicePtrs[iService]->szService));
+			ServicePtrs[iService]->bPrint_ok = True;
 		}
 		/* [printers] service must also be non-browsable. */
-		if (iSERVICE(iService).bBrowseable)
-			iSERVICE(iService).bBrowseable = False;
+		if (ServicePtrs[iService]->bBrowseable)
+			ServicePtrs[iService]->bBrowseable = False;
 	}
 
-	if (iSERVICE(iService).szPath[0] == '\0' &&
-	    strwicmp(iSERVICE(iService).szService, HOMES_NAME) != 0)
+	if (ServicePtrs[iService]->szPath[0] == '\0' &&
+	    strwicmp(ServicePtrs[iService]->szService, HOMES_NAME) != 0)
 	{
 		DEBUG(0,
 		      ("No path in service %s - using %s\n",
-		       iSERVICE(iService).szService, tmpdir()));
-		string_set(&iSERVICE(iService).szPath, tmpdir());
+		       ServicePtrs[iService]->szService, tmpdir()));
+		string_set(&ServicePtrs[iService]->szPath, tmpdir());
 	}
 
 	/* If a service is flagged unavailable, log the fact at level 0. */
-	if (!iSERVICE(iService).bAvailable)
+	if (!ServicePtrs[iService]->bAvailable)
 		DEBUG(1, ("NOTE: Service %s is flagged unavailable.\n",
-			  iSERVICE(iService).szService));
+			  ServicePtrs[iService]->szService));
 
 	return (bRetval);
 }
@@ -2429,9 +2429,9 @@ static BOOL handle_copy(char *pszParmValue, char **ptr)
 		}
 		else
 		{
-			copy_service(pSERVICE(iServiceIndex),
+			copy_service(ServicePtrs[iServiceIndex],
 				     &serviceTemp,
-				     iSERVICE(iServiceIndex).copymap);
+				     ServicePtrs[iServiceIndex]->copymap);
 			bRetval = True;
 		}
 	}
@@ -2528,7 +2528,7 @@ static void init_copymap(service * pservice)
 ***************************************************************************/
 void *lp_local_ptr(int snum, void *ptr)
 {
-	return (void *)(((char *)pSERVICE(snum)) + PTR_DIFF(ptr, &sDefault));
+	return (void *)(((char *)ServicePtrs[snum]) + PTR_DIFF(ptr, &sDefault));
 }
 
 /***************************************************************************
@@ -2573,20 +2573,20 @@ BOOL lp_do_parameter(int snum, char *pszParmName, char *pszParmValue)
 			return (True);
 		}
 		parm_ptr =
-			((char *)pSERVICE(snum)) + PTR_DIFF(def_ptr,
+			((char *)ServicePtrs[snum]) + PTR_DIFF(def_ptr,
 							    &sDefault);
 	}
 
 	if (snum >= 0)
 	{
-		if (!iSERVICE(snum).copymap)
-			init_copymap(pSERVICE(snum));
+		if (!ServicePtrs[snum]->copymap)
+			init_copymap(ServicePtrs[snum]);
 
 		/* this handles the aliases - set the copymap for other entries with
 		   the same data pointer */
 		for (i = 0; parm_table[i].label; i++)
 			if (parm_table[i].ptr == parm_table[parmnum].ptr)
-				iSERVICE(snum).copymap[i] = False;
+				ServicePtrs[snum]->copymap[i] = False;
 	}
 
 	/* if it is a special case then go ahead */
@@ -2921,7 +2921,7 @@ BOOL lp_is_default(int snum, struct parm_struct *parm)
 	int pdiff = PTR_DIFF(parm->ptr, &sDefault);
 
 	return equal_parameter(parm->type,
-			       ((char *)pSERVICE(snum)) + pdiff,
+			       ((char *)ServicePtrs[snum]) + pdiff,
 			       ((char *)&sDefault) + pdiff);
 }
 
@@ -2995,7 +2995,7 @@ struct parm_struct *lp_next_parameter(int snum, int *i, int allparameters)
 	}
 	else
 	{
-		service *pService = pSERVICE(snum);
+		service *pService = ServicePtrs[snum];
 
 		for (; parm_table[*i].label; (*i)++)
 		{
@@ -3057,7 +3057,7 @@ Return TRUE if the passed service number is within range.
 ***************************************************************************/
 BOOL lp_snum_ok(int iService)
 {
-	return (LP_SNUM_OK(iService) && iSERVICE(iService).bAvailable);
+	return (LP_SNUM_OK(iService) && ServicePtrs[iService]->bAvailable);
 }
 
 
@@ -3107,9 +3107,9 @@ void lp_add_one_printer(char *name, char *comment)
 		lp_add_printer(name, printers);
 		if ((i = lp_servicenumber(name)) >= 0)
 		{
-			string_set(&iSERVICE(i).comment, comment);
-            unix_to_dos(iSERVICE(i).comment, True);
-			iSERVICE(i).autoloaded = True;
+			string_set(&ServicePtrs[i]->comment, comment);
+            unix_to_dos(ServicePtrs[i]->comment, True);
+			ServicePtrs[i]->autoloaded = True;
 		}
 	}
 }
@@ -3135,8 +3135,8 @@ void lp_killunused(BOOL (*snumused) (int))
 
 		if (!snumused || !snumused(i))
 		{
-			iSERVICE(i).valid = False;
-			free_service(pSERVICE(i));
+			ServicePtrs[i]->valid = False;
+			free_service(ServicePtrs[i]);
 		}
 	}
 }
@@ -3149,8 +3149,8 @@ void lp_killservice(int iServiceIn)
 {
 	if (VALID(iServiceIn))
 	{
-		iSERVICE(iServiceIn).valid = False;
-		free_service(pSERVICE(iServiceIn));
+		ServicePtrs[iServiceIn]->valid = False;
+		free_service(ServicePtrs[iServiceIn]);
 	}
 }
 
@@ -3354,9 +3354,9 @@ void lp_dump_one(FILE * f, BOOL show_defaults, int snum, char *(*dos_to_ext)(cha
 {
 	if (VALID(snum))
 	{
-		if (iSERVICE(snum).szService[0] == '\0')
+		if (ServicePtrs[snum]->szService[0] == '\0')
 			return;
-		dump_a_service(pSERVICE(snum), f, dos_to_ext);
+		dump_a_service(ServicePtrs[snum], f, dos_to_ext);
 	}
 }
 
@@ -3385,17 +3385,14 @@ int lp_servicenumber(char *pszServiceName)
 }
 
 /*******************************************************************
-  a useful volume label function
-  ******************************************************************/
+ A useful volume label function. Returns a string in DOS codepage.
+********************************************************************/
+
 char *volume_label(int snum)
 {
 	char *ret = lp_volume(snum);
-	if (!*ret) {
-		/* lp_volume returns a unix charset - lp_servicename returns a
-		   dos codepage - convert so volume_label() always returns UNIX.
-		*/
-		return (dos_to_unix(lp_servicename(snum), False));
-	}
+	if (!*ret)
+		return lp_servicename(snum);
 	return (ret);
 }
 
@@ -3518,7 +3515,7 @@ remove a service
 ********************************************************************/
 void lp_remove_service(int snum)
 {
-	pSERVICE(snum)->valid = False;
+	ServicePtrs[snum]->valid = False;
 }
 
 /*******************************************************************
@@ -3601,43 +3598,6 @@ void lp_set_name_resolve_order(char *new_order)
 	Globals.szNameResolveOrder = new_order;
 }
 
-/***********************************************************
- Functions to return the current security masks/modes. If
- set to -1 then return the create mask/mode instead.
-************************************************************/
-
-int lp_security_mask(int snum)
-{
-	int val = _lp_security_mask(snum);
-	if (val == -1)
-		return lp_create_mask(snum);
-	return val;
-}
-
-int lp_force_security_mode(int snum)
-{
-	int val = _lp_force_security_mode(snum);
-	if (val == -1)
-		return lp_force_create_mode(snum);
-	return val;
-}
-
-int lp_dir_security_mask(int snum)
-{
-	int val = _lp_dir_security_mask(snum);
-	if (val == -1)
-		return lp_dir_mask(snum);
-	return val;
-}
-
-int lp_force_dir_security_mode(int snum)
-{
-	int val = _lp_force_dir_security_mode(snum);
-	if (val == -1)
-		return lp_force_dir_mode(snum);
-	return val;
-}
-
 char *lp_printername(int snum)
 {
 	char *ret = _lp_printername(snum);
diff --git a/source/passdb/nispass.c b/source/passdb/nispass.c
index 007ae10d06d..c1a867bc338 100644
--- a/source/passdb/nispass.c
+++ b/source/passdb/nispass.c
@@ -49,7 +49,7 @@ extern int      DEBUGLEVEL;
 extern pstring samlogon_user;
 extern BOOL sam_logon_in_ssb;
 
-static VOLATILE SIG_ATOMIC_T gotalarm;
+static VOLATILE sig_atomic_t gotalarm;
 
 /***************************************************************
 
diff --git a/source/passdb/pampass.c b/source/passdb/pampass.c
index e6de54dfe69..53d2a062fdd 100644
--- a/source/passdb/pampass.c
+++ b/source/passdb/pampass.c
@@ -5,6 +5,7 @@
    Copyright (C) Andrew Tridgell 1992-2001
    Copyright (C) John H Terpsta 1999-2001
    Copyright (C) Andrew Bartlett 2001
+   Copyright (C) Jeremy Allison 2001
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -43,65 +44,106 @@ extern int DEBUGLEVEL;
 #include <security/pam_appl.h>
 
 /*
- * Static variables used to communicate between the conversation function
- * and the server_login function
+ * Structure used to communicate between the conversation function
+ * and the server_login/change password functions.
  */
 
-static char *PAM_username;
-static char *PAM_password;
+struct smb_pam_userdata {
+	char *PAM_username;
+	char *PAM_password;
+	char *PAM_newpassword;
+};
+
+typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr);
 
 /*
  *  Macros to help make life easy
  */
 #define COPY_STRING(s) (s) ? strdup(s) : NULL
 
-/*
- * PAM error handler.
- */
-static BOOL pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
+/*******************************************************************
+ PAM error handler.
+ *********************************************************************/
+
+static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl)
 {
 
-       	if( pam_error != PAM_SUCCESS)
-	{
-		DEBUG(dbglvl, ("PAM: %s : %s\n", msg, pam_strerror(pamh, pam_error)));
+	if( pam_error != PAM_SUCCESS) {
+		DEBUG(dbglvl, ("smb_pam_error_handler: PAM: %s : %s\n",
+				msg, pam_strerror(pamh, pam_error)));
+		
 		return False;
 	}
 	return True;
 }
 
+/*******************************************************************
+ This function is a sanity check, to make sure that we NEVER report
+ failure as sucess.
+*********************************************************************/
+
+static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
+							char *msg, int dbglvl, uint32 *nt_status)
+{
+	if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl))
+		return True;
+
+	if (*nt_status == NT_STATUS_NOPROBLEMO) {
+		/* Complain LOUDLY */
+		DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \
+error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE"));
+		*nt_status = NT_STATUS_LOGON_FAILURE;
+	}
+	return False;
+}
+
 /*
  * PAM conversation function
  * Here we assume (for now, at least) that echo on means login name, and
  * echo off means password.
  */
 
-static int PAM_conv(int num_msg,
+static int smb_pam_conv(int num_msg,
 		    const struct pam_message **msg,
 		    struct pam_response **resp,
 		    void *appdata_ptr)
 {
 	int replies = 0;
 	struct pam_response *reply = NULL;
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
+
+	*resp = NULL;
+
+	if (num_msg <= 0)
+		return PAM_CONV_ERR;
+
+	/*
+	 * Apparantly HPUX has a buggy PAM that doesn't support the
+	 * appdata_ptr. Fail if this is the case. JRA.
+	 */
+
+	if (udp == NULL) {
+		DEBUG(0,("smb_pam_conv: PAM on this system is broken - appdata_ptr == NULL !\n"));
+		return PAM_CONV_ERR;
+	}
 
 	reply = malloc(sizeof(struct pam_response) * num_msg);
 	if (!reply)
 		return PAM_CONV_ERR;
 
-	for (replies = 0; replies < num_msg; replies++)
-	{
-		switch (msg[replies]->msg_style)
-		{
+	memset(reply, '\0', sizeof(struct pam_response) * num_msg);
+
+	for (replies = 0; replies < num_msg; replies++) {
+		switch (msg[replies]->msg_style) {
 			case PAM_PROMPT_ECHO_ON:
 				reply[replies].resp_retcode = PAM_SUCCESS;
-			reply[replies].resp =
-					COPY_STRING(PAM_username);
+				reply[replies].resp = COPY_STRING(udp->PAM_username);
 				/* PAM frees resp */
 				break;
 
 			case PAM_PROMPT_ECHO_OFF:
 				reply[replies].resp_retcode = PAM_SUCCESS;
-				reply[replies].resp =
-					COPY_STRING(PAM_password);
+				reply[replies].resp = COPY_STRING(udp->PAM_password);
 				/* PAM frees resp */
 				break;
 
@@ -125,291 +167,712 @@ static int PAM_conv(int num_msg,
 	return PAM_SUCCESS;
 }
 
-static struct pam_conv PAM_conversation = {
-	&PAM_conv,
-	NULL
+/*
+ * PAM password change conversation function
+ * Here we assume (for now, at least) that echo on means login name, and
+ * echo off means password.
+ */
+
+static void special_char_sub(char *buf)
+{
+	all_string_sub(buf, "\\n", "", 0);
+	all_string_sub(buf, "\\r", "", 0);
+	all_string_sub(buf, "\\s", " ", 0);
+	all_string_sub(buf, "\\t", "\t", 0);
+}
+
+static void pwd_sub(char *buf, char *username, char *oldpass, char *newpass)
+{
+	pstring_sub(buf, "%u", username);
+	all_string_sub(buf, "%o", oldpass, sizeof(fstring));
+	all_string_sub(buf, "%n", newpass, sizeof(fstring));
+}
+
+
+struct chat_struct {
+	struct chat_struct *next, *prev;
+	fstring prompt;
+	fstring reply;
 };
 
+/**************************************************************
+ Create a linked list containing chat data.
+***************************************************************/
+
+static struct chat_struct *make_pw_chat(char *p) 
+{
+	fstring prompt;
+	fstring reply;
+	struct chat_struct *list = NULL;
+	struct chat_struct *t;
+	struct chat_struct *tmp;
+
+	while (1) {
+		t = (struct chat_struct *)malloc(sizeof(*t));
+		if (!t) {
+			DEBUG(0,("make_pw_chat: malloc failed!\n"));
+			return NULL;
+		}
+
+		ZERO_STRUCTP(t);
+
+		DLIST_ADD_END(list, t, tmp);
+
+		if (!next_token(&p, prompt, NULL, sizeof(fstring)))
+			break;
+
+		if (strequal(prompt,"."))
+			fstrcpy(prompt,"*");
+
+		special_char_sub(prompt);
+		fstrcpy(t->prompt, prompt);
+		
+		if (!next_token(&p, reply, NULL, sizeof(fstring)))
+			break;
+
+		if (strequal(reply,"."))
+				fstrcpy(reply,"");
+
+		special_char_sub(reply);
+		fstrcpy(t->reply, reply);
+
+	}
+	return list;
+}
+
+static void free_pw_chat(struct chat_struct *list)
+{
+    while (list) {
+        struct chat_struct *old_head = list;
+        DLIST_REMOVE(list, list);
+        free(old_head);
+    }
+}
+
+static int smb_pam_passchange_conv(int num_msg,
+				const struct pam_message **msg,
+				struct pam_response **resp,
+				void *appdata_ptr)
+{
+	int replies = 0;
+	struct pam_response *reply = NULL;
+	fstring current_prompt;
+	fstring current_reply;
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr;
+	struct chat_struct *pw_chat= make_pw_chat(lp_passwd_chat());
+	struct chat_struct *t;
+	BOOL found; 
+	*resp = NULL;
+	
+	DEBUG(10,("smb_pam_passchange_conv: starting converstation for %d messages\n", num_msg));
+
+	if (num_msg <= 0)
+		return PAM_CONV_ERR;
+
+	if (pw_chat == NULL)
+		return PAM_CONV_ERR;
+
+	/*
+	 * Apparantly HPUX has a buggy PAM that doesn't support the
+	 * appdata_ptr. Fail if this is the case. JRA.
+	 */
+
+	if (udp == NULL) {
+		DEBUG(0,("smb_pam_passchange_conv: PAM on this system is broken - appdata_ptr == NULL !\n"));
+		free_pw_chat(pw_chat);
+		return PAM_CONV_ERR;
+	}
+
+	reply = malloc(sizeof(struct pam_response) * num_msg);
+	if (!reply) {
+		DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));
+		free_pw_chat(pw_chat);
+		return PAM_CONV_ERR;
+	}
+
+	for (replies = 0; replies < num_msg; replies++) {
+		found = False;
+		DEBUG(10,("smb_pam_passchange_conv: Processing message %d\n", replies));
+		switch (msg[replies]->msg_style) {
+		case PAM_PROMPT_ECHO_ON:
+			DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg));
+			fstrcpy(current_prompt, msg[replies]->msg);
+			strlower(current_prompt);
+			for (t=pw_chat; t; t=t->next) {
+				if (ms_fnmatch(t->prompt, current_prompt) == 0) {
+					fstrcpy(current_reply, t->reply);
+					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
+					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We sent: %s\n", current_reply));
+					reply[replies].resp_retcode = PAM_SUCCESS;
+					reply[replies].resp = COPY_STRING(current_reply);
+					found = True;
+					break;
+				}
+			}
+			/* PAM frees resp */
+			if (!found) {
+				DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
+				free_pw_chat(pw_chat);
+				free(reply);
+				reply = NULL;
+				return PAM_CONV_ERR;
+			}
+			break;
+
+		case PAM_PROMPT_ECHO_OFF:
+			DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg));
+			fstrcpy(current_prompt, msg[replies]->msg);
+			strlower(current_prompt);
+			for (t=pw_chat; t; t=t->next) {
+				if (ms_fnmatch(t->prompt, current_prompt) == 0) {
+					fstrcpy(current_reply, t->reply);
+					DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply));
+					pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword);
+					reply[replies].resp_retcode = PAM_SUCCESS;
+					reply[replies].resp = COPY_STRING(current_reply);
+#ifdef DEBUG_PASSWORD
+					DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply));
+#endif
+					found = True;
+					break;
+				}
+			}
+			/* PAM frees resp */
+			
+			if (!found) {
+				DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg));
+				free_pw_chat(pw_chat);
+				free(reply);
+				reply = NULL;
+				return PAM_CONV_ERR;
+			}
+			break;
+
+		case PAM_TEXT_INFO:
+			/* fall through */
+
+		case PAM_ERROR_MSG:
+			/* ignore it... */
+			reply[replies].resp_retcode = PAM_SUCCESS;
+			reply[replies].resp = NULL;
+			break;
+			
+		default:
+			/* Must be an error of some sort... */
+			free_pw_chat(pw_chat);
+			free(reply);
+			reply = NULL;
+			return PAM_CONV_ERR;
+		}
+	}
+		
+	free_pw_chat(pw_chat);
+	if (reply)
+		*resp = reply;
+	return PAM_SUCCESS;
+}
+
+/***************************************************************************
+ Free up a malloced pam_conv struct.
+****************************************************************************/
+
+static void smb_free_pam_conv(struct pam_conv *pconv)
+{
+	if (pconv)
+		safe_free(pconv->appdata_ptr);
+
+	safe_free(pconv);
+}
+
+/***************************************************************************
+ Allocate a pam_conv struct.
+****************************************************************************/
+
+static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, char *user,
+					char *passwd, char *newpass)
+{
+	struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv));
+	struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata));
+
+	if (pconv == NULL || udp == NULL) {
+		safe_free(pconv);
+		safe_free(udp);
+		return NULL;
+	}
+
+	udp->PAM_username = user;
+	udp->PAM_password = passwd;
+	udp->PAM_newpassword = newpass;
+
+	pconv->conv = smb_pam_conv_fnptr;
+	pconv->appdata_ptr = (void *)udp;
+	return pconv;
+}
+
 /* 
  * PAM Closing out cleanup handler
  */
-static BOOL proc_pam_end(pam_handle_t *pamh)
+
+static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
 {
-       int pam_error;
+	int pam_error;
+
+	smb_free_pam_conv(smb_pam_conv_ptr);
        
-       if( pamh != NULL )
-       {
+	if( pamh != NULL ) {
 		pam_error = pam_end(pamh, 0);
-		if(pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
-			DEBUG(4, ("PAM: PAM_END OK.\n"));
-    			return True;
+		if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
+			DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n"));
+			return True;
 		}
-       }
-       DEBUG(2,("PAM: not initialised"));
-       return False;
+	}
+	DEBUG(2,("smb_pam_end: PAM: not initialised"));
+	return False;
 }
 
 /*
  * Start PAM authentication for specified account
  */
-static BOOL proc_pam_start(pam_handle_t **pamh, char *user)
+
+static BOOL smb_pam_start(pam_handle_t **pamh, char *user, char *rhost, struct pam_conv *pconv)
 {
-       int pam_error;
-       char * rhost;
+	int pam_error;
 
-       DEBUG(4,("PAM: Init user: %s\n", user));
+	*pamh = (pam_handle_t *)NULL;
 
-       pam_error = pam_start("samba", user, &PAM_conversation, pamh);
-       if( !pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
-	       proc_pam_end(*pamh);
-               return False;
-       }
+	DEBUG(4,("smb_pam_start: PAM: Init user: %s\n", user));
 
-       rhost = client_name();
-       if (strcmp(rhost,"UNKNOWN") == 0)
-               rhost = client_addr();
+	pam_error = pam_start("samba", user, pconv, pamh);
+	if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) {
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
+
+	if (rhost == NULL) {
+		rhost = client_name();
+		if (strequal(rhost,"UNKNOWN"))
+			rhost = client_addr();
+	}
 
 #ifdef PAM_RHOST
-       DEBUG(4,("PAM: setting rhost to: %s\n", rhost));
-       pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
-       if(!pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
-	       proc_pam_end(*pamh);
-               return False;
-       }
+	DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", rhost));
+	pam_error = pam_set_item(*pamh, PAM_RHOST, rhost);
+	if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
+		smb_pam_end(*pamh, pconv);
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
 #endif
 #ifdef PAM_TTY
-       DEBUG(4,("PAM: setting tty\n"));
-       pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
-       if (!pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
-	       proc_pam_end(*pamh);
-               return False;
-       }
+	DEBUG(4,("smb_pam_start: PAM: setting tty\n"));
+	pam_error = pam_set_item(*pamh, PAM_TTY, "samba");
+	if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) {
+		smb_pam_end(*pamh, pconv);
+		*pamh = (pam_handle_t *)NULL;
+		return False;
+	}
 #endif
-       DEBUG(4,("PAM: Init passed for user: %s\n", user));
-       return True;
+	DEBUG(4,("smb_pam_start: PAM: Init passed for user: %s\n", user));
+	return True;
 }
 
 /*
  * PAM Authentication Handler
  */
-static BOOL pam_auth(pam_handle_t *pamh, char *user, char *password)
+static uint32 smb_pam_auth(pam_handle_t *pamh, char *user)
 {
 	int pam_error;
+	uint32 nt_status = NT_STATUS_LOGON_FAILURE;
 
 	/*
 	 * To enable debugging set in /etc/pam.d/samba:
 	 *	auth required /lib/security/pam_pwdb.so nullok shadow audit
 	 */
 	
-        DEBUG(4,("PAM: Authenticate User: %s\n", user));
-	pam_error = pam_authenticate(pamh, PAM_SILENT); /* Can we authenticate user? */
+	DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
+	pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
 	switch( pam_error ){
 		case PAM_AUTH_ERR:
-			DEBUG(2, ("PAM: Athentication Error\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user));
+			nt_status = NT_STATUS_WRONG_PASSWORD;
 			break;
 		case PAM_CRED_INSUFFICIENT:
-			DEBUG(2, ("PAM: Insufficient Credentials\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user));
+			nt_status = NT_STATUS_INSUFFICIENT_LOGON_INFO;
 			break;
 		case PAM_AUTHINFO_UNAVAIL:
-			DEBUG(2, ("PAM: Authentication Information Unavailable\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Authentication Information Unavailable for user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
 			break;
 		case PAM_USER_UNKNOWN:
-			DEBUG(2, ("PAM: Username NOT known to Authentication system\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: Username %s NOT known to Authentication system\n", user));
+			nt_status = NT_STATUS_NO_SUCH_USER;
 			break;
 		case PAM_MAXTRIES:
-			DEBUG(2, ("PAM: One or more authentication modules reports user limit exceeeded\n"));
+			DEBUG(2, ("smb_pam_auth: PAM: One or more authentication modules reports user limit for user %s exceeeded\n", user));
+			nt_status = NT_STATUS_REMOTE_SESSION_LIMIT;
 			break;
 		case PAM_ABORT:
-			DEBUG(0, ("PAM: One or more PAM modules failed to load\n"));
+			DEBUG(0, ("smb_pam_auth: PAM: One or more PAM modules failed to load for user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_auth: PAM: User %s Authenticated OK\n", user));
+			nt_status = NT_STATUS_NOPROBLEMO;
 			break;
-	        case PAM_SUCCESS:
-			DEBUG(4, ("PAM: User %s Authenticated OK\n", user));
-		        break;
 		default:
-			DEBUG(0, ("PAM: UNKNOWN ERROR while authenticating user %s\n", user));
-	}
-	if(!pam_error_handler(pamh, pam_error, "Authentication Failure", 2)) {
-		proc_pam_end(pamh);
-		return False;
+			DEBUG(0, ("smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
+			break;
 	}
-	/* If this point is reached, the user has been authenticated. */
-	return (True);
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Authentication Failure", 2, &nt_status);
+	return nt_status;
 }
 
 /* 
  * PAM Account Handler
  */
-static BOOL pam_account(pam_handle_t *pamh, char * user, char * password)
+static uint32 smb_pam_account(pam_handle_t *pamh, char * user)
 {
 	int pam_error;
+	uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
 
-        DEBUG(4,("PAM: Account Management for User: %s\n", user));
+	DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user));
 	pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */
 	switch( pam_error ) {
 		case PAM_AUTHTOK_EXPIRED:
-			DEBUG(2, ("PAM: User is valid but password is expired\n"));
+			DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user));
+			nt_status = NT_STATUS_PASSWORD_EXPIRED;
 			break;
 		case PAM_ACCT_EXPIRED:
-			DEBUG(2, ("PAM: User no longer permitted to access system\n"));
+			DEBUG(2, ("smb_pam_account: PAM: User %s no longer permitted to access system\n", user));
+			nt_status = NT_STATUS_ACCOUNT_EXPIRED;
 			break;
 		case PAM_AUTH_ERR:
-			DEBUG(2, ("PAM: There was an authentication error\n"));
+			DEBUG(2, ("smb_pam_account: PAM: There was an authentication error for user %s\n", user));
+			nt_status = NT_STATUS_LOGON_FAILURE;
 			break;
 		case PAM_PERM_DENIED:
-			DEBUG(0, ("PAM: User is NOT permitted to access system at this time\n"));
+			DEBUG(0, ("smb_pam_account: PAM: User %s is NOT permitted to access system at this time\n", user));
+			nt_status = NT_STATUS_ACCOUNT_RESTRICTION;
 			break;
 		case PAM_USER_UNKNOWN:
-			DEBUG(0, ("PAM: User \"%s\" is NOT known to account management\n", user));
+			DEBUG(0, ("smb_pam_account: PAM: User \"%s\" is NOT known to account management\n", user));
+			nt_status = NT_STATUS_NO_SUCH_USER;
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_account: PAM: Account OK for User: %s\n", user));
+			nt_status = NT_STATUS_NOPROBLEMO;
 			break;
-	        case PAM_SUCCESS:
-			DEBUG(4, ("PAM: Account OK for User: %s\n", user));
-		        break;
 		default:
-			DEBUG(0, ("PAM: UNKNOWN ERROR for User: %s\n", user));
-	}
-	if(!pam_error_handler(pamh, pam_error, "Account Check Failed", 2)) {
-		proc_pam_end(pamh);
-		return False;
+			nt_status = NT_STATUS_ACCOUNT_DISABLED;
+			DEBUG(0, ("smb_pam_account: PAM: UNKNOWN PAM ERROR (%d) during Account Management for User: %s\n", pam_error, user));
+			break;
 	}
 
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Account Check Failed", 2, &nt_status);
+	return nt_status;
+}
+
+/*
+ * PAM Credential Setting
+ */
+
+static uint32 smb_pam_setcred(pam_handle_t *pamh, char * user)
+{
+	int pam_error;
+	uint32 nt_status = NT_STATUS_NO_TOKEN;
+
 	/*
 	 * This will allow samba to aquire a kerberos token. And, when
 	 * exporting an AFS cell, be able to /write/ to this cell.
 	 */
 
-        DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
+	DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
 	pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT)); 
-	if(!pam_error_handler(pamh, pam_error, "Set Credential Failure", 2)) {
-		proc_pam_end(pamh);
+	switch( pam_error ) {
+		case PAM_CRED_UNAVAIL:
+			DEBUG(0, ("smb_pam_setcred: PAM: Credentials not found for user:%s\n", user ));
+			 nt_status = NT_STATUS_NO_TOKEN;
+			break;
+		case PAM_CRED_EXPIRED:
+			DEBUG(0, ("smb_pam_setcred: PAM: Credentials for user: \"%s\" EXPIRED!\n", user ));
+			nt_status = NT_STATUS_PASSWORD_EXPIRED;
+			break;
+		case PAM_USER_UNKNOWN:
+			DEBUG(0, ("smb_pam_setcred: PAM: User: \"%s\" is NOT known so can not set credentials!\n", user ));
+			nt_status = NT_STATUS_NO_SUCH_USER;
+			break;
+		case PAM_CRED_ERR:
+			DEBUG(0, ("smb_pam_setcred: PAM: Unknown setcredentials error - unable to set credentials for %s\n", user ));
+			nt_status = NT_STATUS_LOGON_FAILURE;
+			break;
+		case PAM_SUCCESS:
+			DEBUG(4, ("smb_pam_setcred: PAM: SetCredentials OK for User: %s\n", user));
+			nt_status = NT_STATUS_NOPROBLEMO;
+			break;
+		default:
+			DEBUG(0, ("smb_pam_setcred: PAM: UNKNOWN PAM ERROR (%d) during SetCredentials for User: %s\n", pam_error, user));
+			nt_status = NT_STATUS_NO_TOKEN;
+			break;
+	}
+
+	smb_pam_nt_status_error_handler(pamh, pam_error, "Set Credential Failure", 2, &nt_status);
+	return nt_status;
+}
+
+/*
+ * PAM Internal Session Handler
+ */
+static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
+{
+	int pam_error;
+
+#ifdef PAM_TTY
+	DEBUG(4,("smb_internal_pam_session: PAM: tty set to: %s\n", tty));
+	pam_error = pam_set_item(pamh, PAM_TTY, tty);
+	if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0))
 		return False;
+#endif
+
+	if (flag) {
+		pam_error = pam_open_session(pamh, PAM_SILENT);
+		if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0))
+			return False;
+	} else {
+		pam_setcred(pamh, (PAM_DELETE_CRED|PAM_SILENT)); /* We don't care if this fails */
+		pam_error = pam_close_session(pamh, PAM_SILENT); /* This will probably pick up the error anyway */
+		if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0))
+			return False;
 	}
-	
-	/* If this point is reached, the user has been authenticated. */
 	return (True);
 }
 
-
 /*
- * PAM Internal Session Handler
+ * Internal PAM Password Changer.
  */
-static BOOL proc_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag)
+
+static BOOL smb_pam_chauthtok(pam_handle_t *pamh, char * user)
 {
-       int pam_error;
+	int pam_error;
 
-       PAM_password = NULL;
-       PAM_username = user;
+	DEBUG(4,("smb_pam_chauthtok: PAM: Password Change for User: %s\n", user));
 
-#ifdef PAM_TTY
-       DEBUG(4,("PAM: tty set to: %s\n", tty));
-       pam_error = pam_set_item(pamh, PAM_TTY, tty);
-       if (!pam_error_handler(pamh, pam_error, "set tty failed", 0)) {
-	       proc_pam_end(pamh);
-               return False;
-       }
+	pam_error = pam_chauthtok(pamh, PAM_SILENT); /* Change Password */
+
+	switch( pam_error ) {
+	case PAM_AUTHTOK_ERR:
+		DEBUG(2, ("PAM: unable to obtain the new authentication token - is password to weak?\n"));
+		break;
+
+	/* This doesn't seem to be defined on Solaris. JRA */
+#ifdef PAM_AUTHTOK_RECOVER_ERR
+	case PAM_AUTHTOK_RECOVER_ERR:
+		DEBUG(2, ("PAM: unable to obtain the old authentication token - was the old password wrong?.\n"));
+		break;
 #endif
 
-       if (flag) {
-         pam_error = pam_open_session(pamh, PAM_SILENT);
-         if (!pam_error_handler(pamh, pam_error, "session setup failed", 0)) {
-	       proc_pam_end(pamh);
-               return False;
-         }
-       }
-       else
-       {
-         pam_error = pam_close_session(pamh, PAM_SILENT);
-         if (!pam_error_handler(pamh, pam_error, "session close failed", 0)) {
-	       proc_pam_end(pamh);
-               return False;
-         }
-       }
-      return (True);
+	case PAM_AUTHTOK_LOCK_BUSY:
+		DEBUG(2, ("PAM: unable to change the authentication token since it is currently locked.\n"));
+		break;
+	case PAM_AUTHTOK_DISABLE_AGING:
+		DEBUG(2, ("PAM: Authentication token aging has been disabled.\n"));
+		break;
+	case PAM_PERM_DENIED:
+		DEBUG(0, ("PAM: Permission denied.\n"));
+		break;
+	case PAM_TRY_AGAIN:
+		DEBUG(0, ("PAM: Could not update all authentication token(s). No authentication tokens were updated.\n"));
+		break;
+	case PAM_USER_UNKNOWN:
+		DEBUG(0, ("PAM: User not known to PAM\n"));
+		break;
+	case PAM_SUCCESS:
+		DEBUG(4, ("PAM: Account OK for User: %s\n", user));
+		break;
+	default:
+		DEBUG(0, ("PAM: UNKNOWN PAM ERROR (%d) for User: %s\n", pam_error, user));
+	}
+ 
+	if(!smb_pam_error_handler(pamh, pam_error, "Password Change Failed", 2)) {
+		return False;
+	}
+
+	/* If this point is reached, the password has changed. */
+	return True;
 }
 
 /*
  * PAM Externally accessible Session handler
  */
-BOOL pam_session(BOOL flag, const connection_struct *conn, char *tty)
+
+BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
 {
 	pam_handle_t *pamh = NULL;
-	char * user;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return True;
 
-	user = malloc(strlen(conn->user)+1);
-	if ( user == NULL )
-	{
-		DEBUG(0, ("PAM: PAM_session Malloc Failed!\n"));
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
 		return False;
-	}
 
-	/* This is freed by PAM */
-	StrnCpy(user, conn->user, strlen(conn->user)+1);
+	if (!smb_pam_start(&pamh, user, rhost, pconv))
+		return False;
 
-	if (!proc_pam_start(&pamh, user))
-	{
-	  proc_pam_end(pamh);
-	  return False;
+	if (!smb_internal_pam_session(pamh, user, tty, True)) {
+		smb_pam_end(pamh, pconv);
+		return False;
 	}
 
-	if (proc_pam_session(pamh, user, tty, flag))
-	{
-	  return proc_pam_end(pamh);
-	}
-	else
-	{
-	  proc_pam_end(pamh);
-	  return False;
+	return smb_pam_end(pamh, pconv);
+}
+
+/*
+ * PAM Externally accessible Session handler
+ */
+
+BOOL smb_pam_close_session(char *user, char *tty, char *rhost)
+{
+	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
+
+	/* Ignore PAM if told to. */
+
+	if (!lp_obey_pam_restrictions())
+		return True;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return False;
+
+	if (!smb_pam_start(&pamh, user, rhost, pconv))
+		return False;
+
+	if (!smb_internal_pam_session(pamh, user, tty, False)) {
+		smb_pam_end(pamh, pconv);
+		return False;
 	}
+
+	return smb_pam_end(pamh, pconv);
 }
 
 /*
  * PAM Externally accessible Account handler
  */
-BOOL pam_accountcheck(char * user)
+
+uint32 smb_pam_accountcheck(char * user)
 {
+	uint32 nt_status = NT_STATUS_ACCOUNT_DISABLED;
 	pam_handle_t *pamh = NULL;
+	struct pam_conv *pconv = NULL;
 
-	PAM_username = user;
-	PAM_password = NULL;
+	/* Ignore PAM if told to. */
 
-	if( proc_pam_start(&pamh, user))
-	{
-			if ( pam_account(pamh, user, NULL))
-			{
-				return( proc_pam_end(pamh));
-			}
-	}
-	DEBUG(0, ("PAM: Account Validation Failed - Rejecting User!\n"));
-	return( False );
+	if (!lp_obey_pam_restrictions())
+		return NT_STATUS_NOPROBLEMO;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL)
+		return False;
+
+	if (!smb_pam_start(&pamh, user, NULL, pconv))
+		return NT_STATUS_ACCOUNT_DISABLED;
+
+	if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_NOPROBLEMO)
+		DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user));
+
+	smb_pam_end(pamh, pconv);
+	return nt_status;
 }
 
 /*
  * PAM Password Validation Suite
  */
-BOOL pam_passcheck(char * user, char * password)
+
+uint32 smb_pam_passcheck(char * user, char * password)
 {
 	pam_handle_t *pamh = NULL;
+	uint32 nt_status = NT_STATUS_LOGON_FAILURE;
+	struct pam_conv *pconv = NULL;
 
-	PAM_username = user;
-	PAM_password = password;
+	/*
+	 * Note we can't ignore PAM here as this is the only
+	 * way of doing auths on plaintext passwords when
+	 * compiled --with-pam.
+	 */
 
-	if( proc_pam_start(&pamh, user))
-	{
-		if ( pam_auth(pamh, user, password))
-		{
-			if ( pam_account(pamh, user, password))
-			{
-				return( proc_pam_end(pamh));
-			}
-		}
+	if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, password, NULL)) == NULL)
+		return NT_STATUS_LOGON_FAILURE;
+
+	if (!smb_pam_start(&pamh, user, NULL, pconv))
+		return NT_STATUS_LOGON_FAILURE;
+
+	if ((nt_status = smb_pam_auth(pamh, user)) != NT_STATUS_NOPROBLEMO) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	if ((nt_status = smb_pam_account(pamh, user)) != NT_STATUS_NOPROBLEMO) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	if ((nt_status = smb_pam_setcred(pamh, user)) != NT_STATUS_NOPROBLEMO) {
+		DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user));
+		smb_pam_end(pamh, pconv);
+		return nt_status;
+	}
+
+	smb_pam_end(pamh, pconv);
+	return nt_status;
+}
+
+/*
+ * PAM Password Change Suite
+ */
+
+BOOL smb_pam_passchange(char * user, char * oldpassword, char * newpassword)
+{
+	/* Appropriate quantities of root should be obtained BEFORE calling this function */
+	struct pam_conv *pconv = NULL;
+	pam_handle_t *pamh = NULL;
+
+	if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
+		return False;
+
+	if(!smb_pam_start(&pamh, user, NULL, pconv))
+		return False;
+
+	if (!smb_pam_chauthtok(pamh, user)) {
+		DEBUG(0, ("smb_pam_passchange: PAM: Password Change Failed for user %s!\n", user));
+		smb_pam_end(pamh, pconv);
+		return False;
 	}
-	DEBUG(0, ("PAM: System Validation Failed - Rejecting User!\n"));
-	return( False );
+
+	return smb_pam_end(pamh, pconv);
 }
 
 #else
 
- /* Do *NOT* make this function static. Doing so breaks the compile on gcc */
+/* If PAM not used, no PAM restrictions on accounts. */
+ uint32 smb_pam_accountcheck(char * user)
+{
+	return NT_STATUS_NOPROBLEMO;
+}
 
- void pampass_dummy_function( void ) { } /*This stops compiler complaints */
+/* If PAM not used, also no PAM restrictions on sessions. */
+ BOOL smb_pam_claim_session(char *user, char *tty, char *rhost)
+{
+	return True;
+}
 
+/* If PAM not used, also no PAM restrictions on sessions. */
+ BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost)
+{
+	return True;
+}
 #endif /* WITH_PAM */
diff --git a/source/passdb/pass_check.c b/source/passdb/pass_check.c
index 236465bc903..9424189b236 100644
--- a/source/passdb/pass_check.c
+++ b/source/passdb/pass_check.c
@@ -599,7 +599,7 @@ static BOOL password_check(char *password)
 {
 
 #ifdef WITH_PAM
-	return (pam_passcheck(this_user, password));
+	return (smb_pam_passcheck(this_user, password) == NT_STATUS_NOPROBLEMO);
 #endif /* WITH_PAM */
 
 #ifdef WITH_AFS
@@ -681,12 +681,13 @@ the function pointer fn() points to a function to call when a successful
 match is found and is used to update the encrypted password file 
 return True on correct match, False otherwise
 ****************************************************************************/
+
 BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
 		BOOL (*fn) (char *, char *))
 {
 	pstring pass2;
 	int level = lp_passwordlevel();
-	struct passwd *pass;
+	struct passwd *pass = NULL;
 
 	if (password)
 		password[pwlen] = 0;
@@ -708,8 +709,20 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
 		pass = Get_Pwnam(user, True);
 	}
 
+#ifdef WITH_PAM
+
+	/*
+	 * If we're using PAM we want to short-circuit all the 
+	 * checks below and dive straight into the PAM code.
+	 */
+
+	fstrcpy(this_user, user);
+
+	DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen));
+
+#else /* Not using PAM */
 
-	DEBUG(4, ("Checking password for user %s (l=%d)\n", user, pwlen));
+	DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen));
 
 	if (!pass) {
 		DEBUG(3, ("Couldn't find user %s\n", user));
@@ -802,6 +815,8 @@ BOOL pass_check(char *user, char *password, int pwlen, struct passwd *pwd,
 		}
 	}
 
+#endif /* WITH_PAM */
+
 	/* try it as it came to us */
 	if (password_check(password)) {
 		if (fn)
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 9fc280c2580..e1d7dca39a6 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -897,6 +897,10 @@ BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
 		return False;
 	}
 
+
+	/* These parameters where removed.  Use the 'domain admins' or 'domain
+	   guests' instead.  --jerry */
+#if 0	/* JERRY */
 	if (user_in_list(user_name, lp_domain_guest_users()))
 	{
 		*u_rid = DOMAIN_USER_RID_GUEST;
@@ -907,10 +911,11 @@ BOOL pdb_name_to_rid(char *user_name, uint32 *u_rid, uint32 *g_rid)
 	}
 	else
 	{
-		/* turn the unix UID into a Domain RID.  this is what the posix
-		   sub-system does (adds 1000 to the uid) */
-		*u_rid = pdb_uid_to_user_rid(pw->pw_uid);
-	}
+#endif
+
+	/* turn the unix UID into a Domain RID.  this is what the posix
+	   sub-system does (adds 1000 to the uid) */
+	*u_rid = pdb_uid_to_user_rid(pw->pw_uid);
 
 	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
 	*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
@@ -1235,13 +1240,17 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 		if(rid == DOMAIN_USER_RID_ADMIN) {
 			pstring admin_users;
 			char *p = admin_users;
+#if 0	/* JERRY */
 			pstrcpy( admin_users, lp_domain_admin_users());
+#endif
 			if(!next_token(&p, name, NULL, sizeof(fstring)))
 				fstrcpy(name, "Administrator");
 		} else if (rid == DOMAIN_USER_RID_GUEST) {
 			pstring guest_users;
 			char *p = guest_users;
+#if 0	/* JERRY */
 			pstrcpy( guest_users, lp_domain_guest_users());
+#endif
 			if(!next_token(&p, name, NULL, sizeof(fstring)))
 				fstrcpy(name, "Guest");
 		} else {
diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c
index 4d42469e3d5..be528abae73 100644
--- a/source/passdb/secrets.c
+++ b/source/passdb/secrets.c
@@ -41,7 +41,7 @@ BOOL secrets_init(void)
 	*p = 0;
 	pstrcat(fname,"/secrets.tdb");
 
-	tdb = tdb_open(fname, 0, 0, O_RDWR|O_CREAT, 0600);
+	tdb = tdb_open_log(fname, 0, 0, O_RDWR|O_CREAT, 0600);
 
 	if (!tdb) {
 		DEBUG(0,("Failed to open %s\n", fname));
@@ -183,3 +183,32 @@ BOOL trust_password_delete(char *domain)
 {
 	return secrets_delete(trust_keystr(domain));
 }
+
+/*******************************************************************
+ Reset the 'done' variables so after a client process is created
+ from a fork call these calls will be re-done. This should be
+ expanded if more variables need reseting.
+ ******************************************************************/
+
+void reset_globals_after_fork(void)
+{
+	unsigned char dummy;
+
+	/*
+	 * Increment the global seed value to ensure every smbd starts
+	 * with a new random seed.
+	 */
+
+	if (tdb) {
+		uint32 initial_val = sys_getpid();
+		tdb_change_int_atomic(tdb, "INFO/random_seed", (int *)&initial_val, 1);
+		set_rand_reseed_data((unsigned char *)&initial_val, sizeof(initial_val));
+	}
+
+	/*
+	 * Re-seed the random crypto generator, so all smbd's
+	 * started from the same parent won't generate the same
+	 * sequence.
+	 */
+	generate_random_buffer( &dummy, 1, True);
+}
diff --git a/source/passdb/smbpass.c b/source/passdb/smbpass.c
index 34f083a0c2d..8635b6113ff 100644
--- a/source/passdb/smbpass.c
+++ b/source/passdb/smbpass.c
@@ -471,10 +471,7 @@ static struct sam_passwd* build_sampw_from_smbpw (struct smb_passwd *pw_buf)
 		user.user_rid  = pdb_uid_to_user_rid (user.smb_userid);
 		user.group_rid = pdb_gid_to_group_rid(user.smb_grpid );
 
-		if (lp_unix_realname())
-			pstrcpy(full_name, pwfile->pw_gecos);
-		else
-			pstrcpy(full_name    , "<Full Name>");
+		pstrcpy(full_name, pwfile->pw_gecos);
 		pstrcpy(logon_script , lp_logon_script       ());
 		pstrcpy(profile_path , lp_logon_path         ());
 		pstrcpy(home_drive   , lp_logon_drive        ());
@@ -1362,7 +1359,7 @@ struct sam_passwd *smbiterate_getsam21pwuid(uid_t uid)
 	if (smbpw != NULL)
 	{
 		pwd = build_sampw_from_smbpw (smbpw);
-		DEBUG(10, ("found by user_uid: %d\n", uid));
+		DEBUG(10, ("found by user_uid: %u\n", (unsigned int)uid));
 	}
 
 	return pwd;
diff --git a/source/passdb/tdbpass.c b/source/passdb/tdbpass.c
index 157a7ee59e7..0d9a0f7780b 100644
--- a/source/passdb/tdbpass.c
+++ b/source/passdb/tdbpass.c
@@ -89,10 +89,10 @@ static struct tdb_enum_info tdb_ent;
 static void *startsamtdbpwent(BOOL update)
 {
   /* Open tdb passwd */
-  if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, update ? O_RDWR : O_RDONLY, 0600)))
+  if (!(tdb_ent.passwd_tdb = tdb_open_log(lp_tdb_passwd_file(), 0, 0, update ? O_RDWR : O_RDONLY, 0600)))
   {
      DEBUG(0, ("Unable to open TDB passwd, trying create new!\n"));
-     if (!(tdb_ent.passwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR | O_CREAT | O_EXCL, 0600)))
+     if (!(tdb_ent.passwd_tdb = tdb_open_log(lp_tdb_passwd_file(), 0, 0, O_RDWR | O_CREAT | O_EXCL, 0600)))
      {
          DEBUG(0, ("Unable to creat TDB passwd (smbpasswd.tdb) !!!"));
 	 return NULL;
@@ -177,7 +177,7 @@ static BOOL del_samtdbpwd_entry(const char *name)
   TDB_DATA key;
   fstring keystr;
 
-  if (!(pwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR, 0600)))
+  if (!(pwd_tdb = tdb_open_log(lp_tdb_passwd_file(), 0, 0, O_RDWR, 0600)))
   {
      DEBUG(0, ("Unable to open TDB passwd!"));
      return False;
@@ -217,7 +217,7 @@ static BOOL mod_samtdb21pwd_entry(struct sam_passwd* newpwd, BOOL override)
   int unknown_str_len = (newpwd->unknown_str) ? (strlen (newpwd->unknown_str) + 1) : 0;
   int munged_dial_len = (newpwd->munged_dial) ? (strlen (newpwd->munged_dial) + 1) : 0;
   
-  if (!(pwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR, 0600)))
+  if (!(pwd_tdb = tdb_open_log(lp_tdb_passwd_file(), 0, 0, O_RDWR, 0600)))
   {
      DEBUG(0, ("Unable to open TDB passwd!"));
      return False;
@@ -328,7 +328,7 @@ static BOOL add_samtdb21pwd_entry(struct sam_passwd *newpwd)
   int unknown_str_len = (newpwd->unknown_str) ? (strlen (newpwd->unknown_str) + 1) : 1;
   int munged_dial_len = (newpwd->munged_dial) ? (strlen (newpwd->munged_dial) + 1) : 1;
   
-  if (!(pwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDWR, 0600)))
+  if (!(pwd_tdb = tdb_open_log(lp_tdb_passwd_file(), 0, 0, O_RDWR, 0600)))
   {
      DEBUG(0, ("Unable to open TDB passwd!"));
      return False;
@@ -456,7 +456,7 @@ static struct sam_passwd *getsamtdb21pwnam(char *name)
   TDB_DATA key;
   fstring keystr;
 
-  if (!(pwd_tdb = tdb_open(lp_tdb_passwd_file(), 0, 0, O_RDONLY, 0600)))
+  if (!(pwd_tdb = tdb_open_log(lp_tdb_passwd_file(), 0, 0, O_RDONLY, 0600)))
   {
      DEBUG(0, ("Unable to open TDB passwd!"));
      return False;
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c
index 0aa3b96cddb..5e28f3e5b60 100644
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -180,7 +180,7 @@ BOOL nt_printing_init(void)
 	char *vstring = "INFO/version";
 
 	if (tdb && local_pid == sys_getpid()) return True;
-	tdb = tdb_open(lock_path("ntdrivers.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
+	tdb = tdb_open_log(lock_path("ntdrivers.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
 	if (!tdb) {
 		DEBUG(0,("Failed to open nt drivers database %s (%s)\n",
 			lock_path("ntdrivers.tdb"), strerror(errno) ));
@@ -644,19 +644,15 @@ static uint32 get_correct_cversion(fstring architecture, fstring driverpath_in,
 	DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n",
 			driverpath, cversion));
 
-	fsp->conn->vfs_ops.close(fsp, fsp->fd);
-	file_free(fsp);
+	close_file(fsp, True);
 	close_cnum(conn, user->vuid);
 	pop_sec_ctx();
 	return cversion;
 
 
 	error_exit:
-		if(fsp) {
-			if(fsp->fd != -1)
-				fsp->conn->vfs_ops.close(fsp, fsp->fd);
-			file_free(fsp);
-		}
+		if(fsp)
+			close_file(fsp, True);
 
 		close_cnum(conn, user->vuid);
 		pop_sec_ctx();
@@ -1138,9 +1134,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file,
 			DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n", old_create_time));
 		}
 	}
-	fsp->conn->vfs_ops.close(fsp, fsp->fd);
-	file_free(fsp);
-
+	close_file(fsp, True);
 
 	/* Get file version info (if available) for new file */
 	pstrcpy(filepath, new_file);
@@ -1169,8 +1163,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file,
 			DEBUGADD(6,("file_version_is_newer: mod time = %ld sec\n", new_create_time));
 		}
 	}
-	fsp->conn->vfs_ops.close(fsp, fsp->fd);
-	file_free(fsp);
+	close_file(fsp, True);
 
 	if (use_version) {
 		/* Compare versions and choose the larger version number */
@@ -1198,11 +1191,8 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file,
 	}
 
 	error_exit:
-		if(fsp) {
-			file_free(fsp);
-			if(fsp->fd != -1)
-				fsp->conn->vfs_ops.close(fsp, fsp->fd);
-		}
+		if(fsp)
+			close_file(fsp, True);
 		return -1;
 }
 
@@ -2372,8 +2362,18 @@ static uint32 get_a_printer_2_default(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstrin
 	fstrcpy(info.portname, SAMBA_PRINTER_PORT_NAME);
 	fstrcpy(info.drivername, lp_printerdriver(snum));
 
+#if 0	/* JERRY */
 	if (!*info.drivername)
 		fstrcpy(info.drivername, "NO DRIVER AVAILABLE FOR THIS PRINTER");
+#else
+	/* by setting the driver name to an empty string, a local NT admin
+	   can now run the **local** APW to install a local printer driver
+ 	   for a Samba shared printer in 2.2.  Without this, drivers **must** be 
+	   installed on the Samba server for NT clients --jerry */
+	if (!*info.drivername)
+		fstrcpy(info.drivername, "");
+#endif
+
 
 	DEBUG(10,("get_a_printer_2_default: driver name set to [%s]\n", info.drivername));
 
@@ -2834,6 +2834,113 @@ uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level)
 	return result;
 }
 
+
+/****************************************************************************
+  Determine whether or not a particular driver is currently assigned
+  to a printer
+****************************************************************************/
+BOOL printer_driver_in_use (char *arch, char *driver)
+{
+	TDB_DATA kbuf, newkey, dbuf;
+	NT_PRINTER_INFO_LEVEL_2 info;
+	int ret;
+
+	if (!tdb)
+		nt_printing_init();	
+
+	DEBUG(5,("printer_driver_in_use: Beginning search through printers.tdb...\n"));
+	
+	/* loop through the printers.tdb and check for the drivername */
+	for (kbuf = tdb_firstkey(tdb); kbuf.dptr;
+	     newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) 
+	{
+
+		dbuf = tdb_fetch(tdb, kbuf);
+		if (!dbuf.dptr) 
+			continue;
+
+		if (strncmp(kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) != 0) 
+			continue;
+
+		ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "dddddddddddfffffPfffff",
+			&info.attributes,
+			&info.priority,
+			&info.default_priority,
+			&info.starttime,
+			&info.untiltime,
+			&info.status,
+			&info.cjobs,
+			&info.averageppm,
+			&info.changeid,
+			&info.c_setprinter,
+			&info.setuptime,
+			info.servername,
+			info.printername,
+			info.sharename,
+			info.portname,
+			info.drivername,
+			info.comment,
+			info.location,
+			info.sepfile,
+			info.printprocessor,
+			info.datatype,
+			info.parameters);
+
+		safe_free(dbuf.dptr);
+
+		if (ret == -1) {
+			DEBUG (0,("printer_driver_in_use: tdb_unpack failed for printer %s\n",
+					info.printername));
+			continue;
+		}
+		
+		DEBUG (10,("printer_driver_in_use: Printer - %s (%s)\n",
+			info.printername, info.drivername));
+			
+		if (strcmp(info.drivername, driver) == 0) 
+		{
+			DEBUG(5,("printer_driver_in_use: Printer %s using %s\n",
+				info.printername, driver));
+			return True;
+		}	
+	}
+	DEBUG(5,("printer_driver_in_use: Completed search through printers.tdb...\n"));
+	
+	
+	
+	/* report that the driver is in use by default */
+	return False;
+}
+
+/****************************************************************************
+ Remove a printer driver from the TDB.  This assumes that the the driver was
+ previously looked up.
+ ***************************************************************************/
+uint32 delete_printer_driver (NT_PRINTER_DRIVER_INFO_LEVEL_3 *i)
+{
+	pstring 	key;
+	fstring		arch;
+	TDB_DATA 	kbuf;
+
+
+	get_short_archi(arch, i->environment);
+	slprintf(key, sizeof(key)-1, "%s%s/%d/%s", DRIVERS_PREFIX,
+		arch, i->cversion, i->name); 
+	DEBUG(5,("delete_printer_driver: key = [%s]\n", key));
+
+	kbuf.dptr=key;
+	kbuf.dsize=strlen(key)+1;
+
+	if (tdb_delete(tdb, kbuf) == -1) {
+		DEBUG (0,("delete_printer_driver: fail to delete %s!\n", key));
+		return NT_STATUS_ACCESS_VIOLATION;
+	}
+	
+	DEBUG(5,("delete_printer_driver: [%s] driver delete successful.\n",
+		i->name));
+	
+	return NT_STATUS_NO_PROBLEMO;
+}
 /****************************************************************************
 ****************************************************************************/
 BOOL get_specific_param_by_index(NT_PRINTER_INFO_LEVEL printer, uint32 level, uint32 param_index,
@@ -3029,16 +3136,19 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 	if (winbind_lookup_name(lp_workgroup(), &owner_sid, &name_type)) {
 		sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
 	} else {
+		uint32 owner_rid;
+
+		/* Backup plan - make printer owned by admins or root.
+		   This should emulate a lanman printer as security
+		   settings can't be changed. */
 
-		/* Backup plan - make printer owned by admins or root.  This should
-		   emulate a lanman printer as security settings can't be
-		   changed. */
+		sid_peek_rid(&owner_sid, &owner_rid);
 
-		if (!lookup_name( "Printer Administrators", &owner_sid, &name_type) &&
-			!lookup_name( "Administrators", &owner_sid, &name_type) &&
-			!lookup_name( "Administrator", &owner_sid, &name_type) &&
-			!lookup_name("root", &owner_sid, &name_type)) {
-						sid_copy(&owner_sid, &global_sid_World);
+		if (owner_rid != BUILTIN_ALIAS_RID_PRINT_OPS &&
+		    owner_rid != BUILTIN_ALIAS_RID_ADMINS &&
+		    owner_rid != DOMAIN_USER_RID_ADMIN &&
+		    !lookup_name("root", &owner_sid, &name_type)) {
+			sid_copy(&owner_sid, &global_sid_World);
 		}
 	}
 
@@ -3145,20 +3255,20 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, char *printername, SEC_DESC_BUF **secde
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		SEC_ACL *acl = (*secdesc_ctr)->sec->dacl;
+		SEC_ACL *the_acl = (*secdesc_ctr)->sec->dacl;
 		int i;
 
 		DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", 
-			   printername, acl->num_aces));
+			   printername, the_acl->num_aces));
 
-		for (i = 0; i < acl->num_aces; i++) {
+		for (i = 0; i < the_acl->num_aces; i++) {
 			fstring sid_str;
 
-			sid_to_string(sid_str, &acl->ace[i].sid);
+			sid_to_string(sid_str, &the_acl->ace[i].sid);
 
 			DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
-				   acl->ace[i].type, acl->ace[i].flags, 
-				   acl->ace[i].info.mask)); 
+				   the_acl->ace[i].type, the_acl->ace[i].flags, 
+				   the_acl->ace[i].info.mask)); 
 		}
 	}
 
diff --git a/source/printing/printfsp.c b/source/printing/printfsp.c
index 6a8e4bea450..6545dc59c22 100644
--- a/source/printing/printfsp.c
+++ b/source/printing/printfsp.c
@@ -29,7 +29,7 @@ open a print file and setup a fsp for it. This is a wrapper around
 print_job_start().
 ***************************************************************************/
 
-files_struct *print_fsp_open(connection_struct *conn,char *jobname)
+files_struct *print_fsp_open(connection_struct *conn)
 {
 	int jobid;
 	SMB_STRUCT_STAT sbuf;
@@ -39,7 +39,7 @@ files_struct *print_fsp_open(connection_struct *conn,char *jobname)
 	if(!fsp)
 		return NULL;
 
-	jobid = print_job_start(&current_user, SNUM(conn), jobname);
+	jobid = print_job_start(&current_user, SNUM(conn), "smb.prn");
 	if (jobid == -1) {
 		file_free(fsp);
 		return NULL;
diff --git a/source/printing/printing.c b/source/printing/printing.c
index f1c5bff275d..aab4c2f43f3 100644
--- a/source/printing/printing.c
+++ b/source/printing/printing.c
@@ -55,7 +55,7 @@ BOOL print_backend_init(void)
 	char *sversion = "INFO/version";
 
 	if (tdb && local_pid == sys_getpid()) return True;
-	tdb = tdb_open(lock_path("printing.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
+	tdb = tdb_open_log(lock_path("printing.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
 	if (!tdb) {
 		DEBUG(0,("print_backend_init: Failed to open printing backend database. Error = [%s]\n",
 				 tdb_errorstr(tdb)));
@@ -845,6 +845,7 @@ int print_job_start(struct current_user *user, int snum, char *jobname)
 		SMB_BIG_UINT dspace, dsize;
 		if (sys_fsusage(path, &dspace, &dsize) == 0 &&
 		    dspace < 2*(SMB_BIG_UINT)lp_minprintspace(snum)) {
+			DEBUG(3, ("print_job_start: disk space check failed.\n"));
 			errno = ENOSPC;
 			return -1;
 		}
@@ -852,18 +853,23 @@ int print_job_start(struct current_user *user, int snum, char *jobname)
 
 	/* for autoloaded printers, check that the printcap entry still exists */
 	if (lp_autoloaded(snum) && !pcap_printername_ok(lp_servicename(snum), NULL)) {
+		DEBUG(3, ("print_job_start: printer name %s check failed.\n", lp_servicename(snum) ));
 		errno = ENOENT;
 		return -1;
 	}
 
 	/* Insure the maximum queue size is not violated */
 	if (lp_maxprintjobs(snum) && print_queue_length(snum) > lp_maxprintjobs(snum)) {
+		DEBUG(3, ("print_job_start: number of jobs (%d) larger than max printjobs per queue (%d).\n",
+			print_queue_length(snum), lp_maxprintjobs(snum) ));
 		errno = ENOSPC;
 		return -1;
 	}
 
 	/* Insure the maximum print jobs in the system is not violated */
 	if (lp_totalprintjobs() && get_total_jobs(snum) > lp_totalprintjobs()) {
+		DEBUG(3, ("print_job_start: number of jobs (%d) larger than max printjobs per system (%d).\n",
+			print_queue_length(snum), lp_totalprintjobs() ));
 		errno = ENOSPC;
 		return -1;
 	}
@@ -892,32 +898,27 @@ int print_job_start(struct current_user *user, int snum, char *jobname)
 	/* lock the database */
 	tdb_lock_bystring(tdb, "INFO/nextjob");
 
- next_jobnum:
 	next_jobid = tdb_fetch_int(tdb, "INFO/nextjob");
-	if (next_jobid == -1) next_jobid = 1;
+	if (next_jobid == -1)
+		next_jobid = 1;
 
 	for (jobid = NEXT_JOBID(next_jobid); jobid != next_jobid; jobid = NEXT_JOBID(jobid)) {
-		if (!print_job_exists(jobid)) break;
+		if (!print_job_exists(jobid))
+			break;
 	}
 	if (jobid == next_jobid || !print_job_store(jobid, &pjob)) {
+		DEBUG(3, ("print_job_start: either jobid (%d)==next_jobid(%d) or print_job_store failed.\n",
+				jobid, next_jobid ));
 		jobid = -1;
 		goto fail;
 	}
 
 	tdb_store_int(tdb, "INFO/nextjob", jobid);
 
-	/* we have a job entry - now create the spool file 
-
-	   we unlink first to cope with old spool files and also to beat
-	   a symlink security hole - it allows us to use O_EXCL 
-	   There may be old spool files owned by other users lying around.
-	*/
-	slprintf(pjob.filename, sizeof(pjob.filename)-1, "%s/%s%d", 
-		 path, PRINT_SPOOL_PREFIX, jobid);
-	if (unlink(pjob.filename) == -1 && errno != ENOENT) {
-		goto next_jobnum;
-	}
-	pjob.fd = sys_open(pjob.filename,O_WRONLY|O_CREAT|O_EXCL,0600);
+	/* we have a job entry - now create the spool file */
+	slprintf(pjob.filename, sizeof(pjob.filename)-1, "%s/%sXXXXXX", 
+		 path, PRINT_SPOOL_PREFIX);
+	pjob.fd = smb_mkstemp(pjob.filename);
 
 	if (pjob.fd == -1) {
 		if (errno == EACCES) {
@@ -955,6 +956,8 @@ to open spool file %s.\n", pjob.filename));
 	}
 
 	tdb_unlock_bystring(tdb, "INFO/nextjob");
+
+	DEBUG(3, ("print_job_start: returning fail. Error = %s\n", strerror(errno) ));
 	return -1;
 }
 
@@ -990,6 +993,7 @@ BOOL print_job_end(int jobid, BOOL normal_close)
 		 */
 		close(pjob->fd);
 		pjob->fd = -1;
+		DEBUG(3,("print_job_end: failed to stat file for jobid %d\n", jobid ));
 		goto fail;
 	}
 
@@ -1007,7 +1011,8 @@ BOOL print_job_end(int jobid, BOOL normal_close)
 
 	ret = (*(current_printif->job_submit))(snum, pjob);
 
-	if (ret) goto fail;
+	if (ret)
+		goto fail;
 
 	/* The print job has been sucessfully handed over to the back-end */
 	
@@ -1016,11 +1021,13 @@ BOOL print_job_end(int jobid, BOOL normal_close)
 	print_job_store(jobid, pjob);
 	
 	/* make sure the database is up to date */
-	if (print_cache_expired(snum)) print_queue_update(snum);
+	if (print_cache_expired(snum))
+		print_queue_update(snum);
 	
 	return True;
 
 fail:
+
 	/* The print job was not succesfully started. Cleanup */
 	/* Still need to add proper error return propagation! 010122:JRR */
 	unlink(pjob->filename);
diff --git a/source/profile/profile.c b/source/profile/profile.c
index dce1d78a9b6..20ad8531d88 100644
--- a/source/profile/profile.c
+++ b/source/profile/profile.c
@@ -22,8 +22,6 @@
 
 #include "includes.h"
 
-#include <sys/shm.h>
-
 extern int DEBUGLEVEL;
 
 #define IPC_PERMS ((SHM_R | SHM_W) | (SHM_R>>3) | (SHM_R>>6))
@@ -85,7 +83,7 @@ void reqprofile_message(int msg_type, pid_t src, void *buf, size_t len)
 #else
 	level = 0;
 #endif
-	DEBUG(1,("INFO: Received REQ_PROFILELEVEL message from PID %d\n",src));
+	DEBUG(1,("INFO: Received REQ_PROFILELEVEL message from PID %u\n",(unsigned int)src));
 	message_send_pid(src, MSG_PROFILELEVEL, &level, sizeof(int), True);
 }
 
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index cc79425eede..9c1f7299ea8 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -562,7 +562,7 @@ static BOOL modify_trust_password( char *domain, char *remote_machine,
   struct cli_state cli;
 
   ZERO_STRUCT(cli);
-  if(cli_initialise(&cli) == False) {
+  if(!cli_initialise(&cli)) {
     DEBUG(0,("modify_trust_password: unable to initialize client connection.\n"));
     return False;
   }
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 1ef8a78ea14..4bbbac17ed3 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -1,4 +1,3 @@
-
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
@@ -23,11 +22,6 @@
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-
-#ifdef SYSLOG
-#undef SYSLOG
-#endif
-
 #include "includes.h"
 
 extern int DEBUGLEVEL;
@@ -55,7 +49,6 @@ static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_re
 	int stream_offset = 0;
 	int num_read;
 	char *pdata;
-	uint32 err;
 	int extra_data_size = ((int)*rdata_offset) + ((int)data_to_read) - (int)prs_data_size(rdata);
 
 	DEBUG(5,("rpc_read: data_to_read: %u rdata offset: %u extra_data_size: %d\n",
@@ -77,6 +70,9 @@ static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_re
 
 	do /* read data using SMBreadX */
 	{
+		uint32 ecode;
+		uint8 eclass;
+
 		if (size > (size_t)data_to_read)
 			size = (size_t)data_to_read;
 
@@ -85,8 +81,10 @@ static BOOL rpc_read(struct cli_state *cli, prs_struct *rdata, uint32 data_to_re
 		DEBUG(5,("rpc_read: num_read = %d, read offset: %d, to read: %d\n",
 		          num_read, stream_offset, data_to_read));
 
-		if (cli_error(cli, NULL, &err, NULL)) {
-			DEBUG(0,("rpc_read: Error %u in cli_read\n", (unsigned int)err ));
+		if (cli_error(cli, &eclass, &ecode, NULL) && 
+		    (eclass != ERRDOS && ecode != ERRmoredata)) {
+			DEBUG(0,("rpc_read: Error %d/%u in cli_read\n", 
+				 eclass, (unsigned int)ecode));
 			return False;
 		}
 
@@ -328,7 +326,6 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 	char *rparam = NULL;
 	uint32 rparam_len = 0;
 	uint16 setup[2];
-	uint32 err;
 	BOOL first = True;
 	BOOL last  = True;
 	RPC_HDR rhdr;
@@ -338,16 +335,20 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 	uint32 rdata_len = 0;
 	uint32 current_offset = 0;
 
-	/* 
-	 * Create setup parameters - must be in native byte order.
-	 */
+	/* Create setup parameters - must be in native byte order. */
+
 	setup[0] = cmd; 
 	setup[1] = cli->nt_pipe_fnum; /* Pipe file handle. */
 
-	DEBUG(5,("rpc_api_pipe: cmd:%x fnum:%x\n", (int)cmd, (int)cli->nt_pipe_fnum));
+	DEBUG(5,("rpc_api_pipe: cmd:%x fnum:%x\n", (int)cmd, 
+		 (int)cli->nt_pipe_fnum));
 
-	/* send the data: receive a response. */
-	if (!cli_api_pipe(cli, "\\PIPE\\\0\0\0", 8,
+	/* Send the RPC request and receive a response.  For short RPC
+	   calls (about 1024 bytes or so) the RPC request and response
+	   appears in a SMBtrans request and response.  Larger RPC
+	   responses are received further on. */
+
+	if (!cli_api_pipe(cli, "\\PIPE\\",
 	          setup, 2, 0,                     /* Setup, length, max */
 	          NULL, 0, 0,                      /* Params, length, max */
 	          pdata, data_len, data_len,       /* data, length, max */                  
@@ -358,9 +359,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 		return False;
 	}
 
-	/*
-	 * Throw away returned params - we know we won't use them.
-	 */
+	/* Throw away returned params - we know we won't use them. */
 
 	if(rparam) {
 		free(rparam);
@@ -374,7 +373,8 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 	}
 
 	/*
-	 * Give this memory as dynamically allocated to the return parse struct.
+	 * Give this memory as dynamically allocated to the return parse
+	 * struct.  
 	 */
 
 	prs_give_memory(rdata, prdata, rdata_len, True);
@@ -407,13 +407,15 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 	DEBUG(5,("rpc_api_pipe: len left: %u smbtrans read: %u\n",
 	          (unsigned int)len, (unsigned int)rdata_len ));
 
-	/* check if data to be sent back was too large for one SMB. */
-	/* err status is only informational: the _real_ check is on the length */
+	/* check if data to be sent back was too large for one SMBtrans */
+	/* err status is only informational: the _real_ check is on the
+           length */
+
 	if (len > 0) { 
 		/* || err == (0x80000000 | STATUS_BUFFER_OVERFLOW)) */
-		/*
-		 * Read the rest of the first response PDU.
-		 */
+
+		/* Read the remaining part of the first response fragment */
+
 		if (!rpc_read(cli, rdata, len, &current_offset)) {
 			prs_mem_free(rdata);
 			return False;
@@ -446,7 +448,8 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 	}
 
 	/*
-	 * Read more fragments until we get the last one.
+	 * Read more fragments using SMBreadX until we get one with the
+	 * last bit set.
 	 */
 
 	while (!last) {
@@ -454,6 +457,8 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 		int num_read;
 		char hdr_data[RPC_HEADER_LEN+RPC_HDR_RESP_LEN];
 		prs_struct hps;
+		uint8 eclass;
+		uint32 ecode;
 
 		/*
 		 * First read the header of the next PDU.
@@ -463,8 +468,10 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr
 		prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False);
 
 		num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN);
-		if (cli_error(cli, NULL, &err, NULL)) {
-			DEBUG(0,("rpc_api_pipe: cli_read error : %d\n", err ));
+		if (cli_error(cli, &eclass, &ecode, NULL) &&
+		    (eclass != ERRDOS && ecode != ERRmoredata)) {
+			DEBUG(0,("rpc_api_pipe: cli_read error : %d/%d\n", 
+				 eclass, ecode));
 			return False;
 		}
 
@@ -913,7 +920,7 @@ static BOOL rpc_pipe_set_hnd_state(struct cli_state *cli, char *pipe_name, uint1
 	setup[1] = cli->nt_pipe_fnum; /* pipe file handle.  got this from an SMBOpenX. */
 
 	/* send the data on \PIPE\ */
-	if (cli_api_pipe(cli, "\\PIPE\\\0\0\0", 8,
+	if (cli_api_pipe(cli, "\\PIPE\\",
 	            setup, 2, 0,                /* setup, length, max */
 	            param, 2, 0,                /* param, length, max */
 	            NULL, 0, 1024,              /* data, length, max */
@@ -971,9 +978,6 @@ static BOOL check_bind_response(RPC_HDR_BA *hdr_ba, char *pipe_name, RPC_IFACE *
 	int i = 0;
 
 	while ((pipe_names[i].client_pipe != NULL) && hdr_ba->addr.len > 0) {
-		DEBUG(6,("bind_rpc_pipe: searching pipe name: client:%s server:%s\n",
-		pipe_names[i].client_pipe , pipe_names[i].server_pipe ));
-
 		if ((strequal(pipe_name, pipe_names[i].client_pipe ))) {
 			if (strequal(hdr_ba->addr.str, pipe_names[i].server_pipe )) {
 				DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n",
@@ -1192,6 +1196,8 @@ BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name)
 {
 	int fnum;
 
+	SMB_ASSERT(cli->nt_pipe_fnum == 0);
+
 	if (cli->capabilities & CAP_NT_SMBS) {
 		if ((fnum = cli_nt_create(cli, &(pipe_name[5]), DESIRED_ACCESS_PIPE)) == -1) {
 			DEBUG(0,("cli_nt_session_open: cli_nt_create failed on pipe %s to machine %s.  Error was %s\n",
@@ -1253,4 +1259,5 @@ close the session
 void cli_nt_session_close(struct cli_state *cli)
 {
 	cli_close(cli, cli->nt_pipe_fnum);
+	cli->nt_pipe_fnum = 0;
 }
diff --git a/source/rpc_client/cli_spoolss_notify.c b/source/rpc_client/cli_spoolss_notify.c
index 879a4f129fc..2f712f6adbc 100644
--- a/source/rpc_client/cli_spoolss_notify.c
+++ b/source/rpc_client/cli_spoolss_notify.c
@@ -48,7 +48,7 @@ BOOL spoolss_disconnect_from_client( struct cli_state *cli)
 BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine)
 {
 	ZERO_STRUCTP(cli);
-	if(cli_initialise(cli) == False) {
+	if(!cli_initialise(cli)) {
 		DEBUG(0,("connect_to_client: unable to initialize client connection.\n"));
 		return False;
 	}
diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c
index 98ef3fd0ee3..5abcfb9eef8 100644
--- a/source/rpc_parse/parse_lsa.c
+++ b/source/rpc_parse/parse_lsa.c
@@ -625,20 +625,6 @@ BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e,
 	return True;
 }
 
-void lsa_free_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM * r_e)
-{
-	safe_free(r_e->uni_domain_name);
-	safe_free(r_e->hdr_domain_name);
-	safe_free(r_e->domain_sid);
-
-	r_e->uni_domain_name = NULL;
-	r_e->hdr_domain_name = NULL;
-	r_e->domain_sid = NULL;
-
-	r_e->num_domains = 0;
-	r_e->ptr_enum_domains = 0;
-}
-
 /*******************************************************************
 reads or writes a dom query structure.
 ********************************************************************/
@@ -758,7 +744,7 @@ static BOOL lsa_io_dom_query_6(char *desc, DOM_QUERY_6 *d_q, prs_struct *ps, int
 }
 
 /*******************************************************************
- Reads or writes an LSA_Q_QUERY_INFO structure.
+ Reads or writes an LSA_R_QUERY_INFO structure.
 ********************************************************************/
 
 BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps,
@@ -1295,3 +1281,73 @@ BOOL lsa_io_r_open_secret(char *desc, LSA_R_OPEN_SECRET *r_c, prs_struct *ps, in
 
 	return True;
 }
+
+/*******************************************************************
+ Reads or writes an LSA_Q_UNK_GET_CONNUSER structure.
+********************************************************************/
+
+BOOL lsa_io_q_unk_get_connuser(char *desc, LSA_Q_UNK_GET_CONNUSER *q_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_q_unk_get_connuser");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint32("ptr_srvname", ps, depth, &q_c->ptr_srvname))
+		return False;
+
+	if(!smb_io_unistr2("uni2_srvname", &q_c->uni2_srvname, q_c->ptr_srvname, ps, depth)) /* server name to be looked up */
+		return False;
+
+	if(!prs_uint32("unk1", ps, depth, &q_c->unk1))
+		return False;
+	if(!prs_uint32("unk2", ps, depth, &q_c->unk2))
+		return False;
+	if(!prs_uint32("unk3", ps, depth, &q_c->unk3))
+		return False;
+
+	/* Don't bother to read or write at present... */
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes an LSA_R_UNK_GET_CONNUSER structure.
+********************************************************************/
+
+BOOL lsa_io_r_unk_get_connuser(char *desc, LSA_R_UNK_GET_CONNUSER *r_c, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "lsa_io_r_unk_get_connuser");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+   
+	if(!prs_uint32("ptr_user_name", ps, depth, &r_c->ptr_user_name))
+		return False;
+	if(!smb_io_unihdr("hdr_user_name", &r_c->hdr_user_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni2_user_name", &r_c->uni2_user_name, r_c->ptr_user_name, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+	  return False;
+	
+	if(!prs_uint32("unk1", ps, depth, &r_c->unk1))
+		return False;
+
+	if(!prs_uint32("ptr_dom_name", ps, depth, &r_c->ptr_dom_name))
+		return False;
+	if(!smb_io_unihdr("hdr_dom_name", &r_c->hdr_dom_name, ps, depth))
+		return False;
+	if(!smb_io_unistr2("uni2_dom_name", &r_c->uni2_dom_name, r_c->ptr_dom_name, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+	  return False;
+	
+	if(!prs_uint32("status", ps, depth, &r_c->status))
+		return False;
+
+	return True;
+}
diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c
index 81602a1dc40..4b118dd2b45 100644
--- a/source/rpc_parse/parse_misc.c
+++ b/source/rpc_parse/parse_misc.c
@@ -1457,6 +1457,37 @@ BOOL smb_io_pol_hnd(char *desc, POLICY_HND *pol, prs_struct *ps, int depth)
 }
 
 /*******************************************************************
+ Create a UNISTR3.
+********************************************************************/
+
+void init_unistr3(UNISTR3 *str, const char *buf)
+{
+	size_t len;
+
+	if (buf == NULL) {
+		str->uni_str_len=0;
+		str->str.buffer = NULL;
+		return;
+	}
+
+	len = strlen(buf) + 1;
+
+	str->uni_str_len=len;
+
+	if (len < MAX_UNISTRLEN)
+		len = MAX_UNISTRLEN;
+
+	len *= sizeof(uint16);
+
+	str->str.buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
+	if (str->str.buffer == NULL)
+		smb_panic("init_unistr3: malloc fail\n");
+
+	/* store the string (null-terminated copy) */
+	dos_struni2((char *)str->str.buffer, buf, len);
+}
+
+/*******************************************************************
  Reads or writes a UNISTR3 structure.
 ********************************************************************/
 
diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c
index 1fab8ce2971..587407b3dd3 100644
--- a/source/rpc_parse/parse_net.c
+++ b/source/rpc_parse/parse_net.c
@@ -217,14 +217,31 @@ BOOL net_io_q_logon_ctrl2(char *desc, NET_Q_LOGON_CTRL2 *q_l, prs_struct *ps, in
 }
 
 /*******************************************************************
+ Inits an NET_Q_LOGON_CTRL2 structure.
+********************************************************************/
+
+void init_net_q_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, char *srv_name,
+			    uint32 query_level)
+{
+	DEBUG(5,("init_q_logon_ctrl2\n"));
+
+	q_l->function_code = 0x01;
+	q_l->query_level = query_level;
+	q_l->switch_value  = 0x01;
+
+	init_unistr2(&q_l->uni_server_name, srv_name, strlen(srv_name) + 1);
+}
+
+/*******************************************************************
  Inits an NET_R_LOGON_CTRL2 structure.
 ********************************************************************/
 
-void init_r_logon_ctrl2(NET_R_LOGON_CTRL2 *r_l, uint32 query_level,
-				uint32 flags, uint32 pdc_status, uint32 logon_attempts,
-				uint32 tc_status, char *trusted_domain_name)
+void init_net_r_logon_ctrl2(NET_R_LOGON_CTRL2 *r_l, uint32 query_level,
+			    uint32 flags, uint32 pdc_status, 
+			    uint32 logon_attempts, uint32 tc_status, 
+			    char *trusted_domain_name)
 {
-	DEBUG(5,("make_r_logon_ctrl2\n"));
+	DEBUG(5,("init_r_logon_ctrl2\n"));
 
 	r_l->switch_value  = query_level; /* should only be 0x1 */
 
@@ -301,6 +318,113 @@ BOOL net_io_r_logon_ctrl2(char *desc, NET_R_LOGON_CTRL2 *r_l, prs_struct *ps, in
 }
 
 /*******************************************************************
+ Reads or writes an NET_Q_LOGON_CTRL structure.
+********************************************************************/
+
+BOOL net_io_q_logon_ctrl(char *desc, NET_Q_LOGON_CTRL *q_l, prs_struct *ps, 
+			 int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_q_logon_ctrl");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
+		return False;
+
+	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("function_code", ps, depth, &q_l->function_code))
+		return False;
+	if(!prs_uint32("query_level  ", ps, depth, &q_l->query_level))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Inits an NET_Q_LOGON_CTRL structure.
+********************************************************************/
+
+void init_net_q_logon_ctrl(NET_Q_LOGON_CTRL *q_l, char *srv_name,
+			   uint32 query_level)
+{
+	DEBUG(5,("init_q_logon_ctrl\n"));
+
+	q_l->function_code = 0x01; /* ??? */
+	q_l->query_level = query_level;
+
+	init_unistr2(&q_l->uni_server_name, srv_name, strlen(srv_name) + 1);
+}
+
+/*******************************************************************
+ Inits an NET_R_LOGON_CTRL structure.
+********************************************************************/
+
+void init_net_r_logon_ctrl(NET_R_LOGON_CTRL *r_l, uint32 query_level,
+			   uint32 flags, uint32 pdc_status)
+{
+	DEBUG(5,("init_r_logon_ctrl\n"));
+
+	r_l->switch_value  = query_level; /* should only be 0x1 */
+
+	switch (query_level) {
+	case 1:
+		r_l->ptr = 1; /* undocumented pointer */
+		init_netinfo_1(&r_l->logon.info1, flags, pdc_status);	
+		r_l->status = 0;
+		break;
+	default:
+		DEBUG(2,("init_r_logon_ctrl: unsupported switch value %d\n",
+			r_l->switch_value));
+		r_l->ptr = 0; /* undocumented pointer */
+
+		/* take a guess at an error code... */
+		r_l->status = NT_STATUS_INVALID_INFO_CLASS;
+		break;
+	}
+}
+
+/*******************************************************************
+ Reads or writes an NET_R_LOGON_CTRL structure.
+********************************************************************/
+
+BOOL net_io_r_logon_ctrl(char *desc, NET_R_LOGON_CTRL *r_l, prs_struct *ps, 
+			 int depth)
+{
+	prs_debug(ps, depth, desc, "net_io_r_logon_ctrl");
+	depth++;
+
+	if(!prs_uint32("switch_value ", ps, depth, &r_l->switch_value))
+		return False;
+	if(!prs_uint32("ptr          ", ps, depth, &r_l->ptr))
+		return False;
+
+	if (r_l->ptr != 0) {
+		switch (r_l->switch_value) {
+		case 1:
+			if(!net_io_netinfo_1("", &r_l->logon.info1, ps, depth))
+				return False;
+			break;
+		default:
+			DEBUG(2,("net_io_r_logon_ctrl: unsupported switch value %d\n",
+				r_l->switch_value));
+			break;
+		}
+	}
+
+	if(!prs_uint32("status       ", ps, depth, &r_l->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
  Inits an NET_R_TRUST_DOM_LIST structure.
 ********************************************************************/
 
@@ -309,7 +433,7 @@ void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
 {
 	int i = 0;
 
-	DEBUG(5,("make_r_trust_dom\n"));
+	DEBUG(5,("init_r_trust_dom\n"));
 
 	for (i = 0; i < MAX_TRUST_DOMS; i++) {
 		r_t->uni_trust_dom_name[i].uni_str_len = 0;
@@ -410,7 +534,7 @@ void init_q_req_chal(NET_Q_REQ_CHAL *q_c,
 				char *logon_srv, char *logon_clnt,
 				DOM_CHAL *clnt_chal)
 {
-	DEBUG(5,("make_q_req_chal: %d\n", __LINE__));
+	DEBUG(5,("init_q_req_chal: %d\n", __LINE__));
 
 	q_c->undoc_buffer = 1; /* don't know what this buffer is */
 
@@ -419,7 +543,7 @@ void init_q_req_chal(NET_Q_REQ_CHAL *q_c,
 
 	memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
 
-	DEBUG(5,("make_q_req_chal: %d\n", __LINE__));
+	DEBUG(5,("init_q_req_chal: %d\n", __LINE__));
 }
 
 /*******************************************************************
@@ -486,6 +610,61 @@ BOOL net_io_r_req_chal(char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int dept
 
 
 /*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_q_auth(char *desc, NET_Q_AUTH *q_a, prs_struct *ps, int depth)
+{
+	int old_align;
+	if (q_a == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_q_auth");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_log_info ("", &q_a->clnt_id, ps, depth)) /* client identification info */
+		return False;
+	/* client challenge is _not_ aligned */
+	old_align = ps->align;
+	ps->align = 0;
+	if(!smb_io_chal("", &q_a->clnt_chal, ps, depth)) {
+		/* client-calculated credentials */
+		ps->align = old_align;
+		return False;
+	}
+	ps->align = old_align;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL net_io_r_auth(char *desc, NET_R_AUTH *r_a, prs_struct *ps, int depth)
+{
+	if (r_a == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "net_io_r_auth");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+    
+	if(!smb_io_chal("", &r_a->srv_chal, ps, depth)) /* server challenge */
+		return False;
+
+	if(!prs_uint32("status", ps, depth, &r_a->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
  Inits a NET_Q_AUTH_2 struct.
 ********************************************************************/
 
@@ -569,7 +748,7 @@ BOOL net_io_r_auth_2(char *desc, NET_R_AUTH_2 *r_a, prs_struct *ps, int depth)
 void init_q_srv_pwset(NET_Q_SRV_PWSET *q_s, char *logon_srv, char *acct_name, 
                 uint16 sec_chan, char *comp_name, DOM_CRED *cred, char nt_cypher[16])
 {
-	DEBUG(5,("make_q_srv_pwset\n"));
+	DEBUG(5,("init_q_srv_pwset\n"));
 
 	init_clnt_info(&q_s->clnt_id, logon_srv, acct_name, sec_chan, comp_name, cred);
 
@@ -681,7 +860,7 @@ void init_id_info1(NET_ID_INFO_1 *id, char *domain_name,
 	unsigned char lm_owf[16];
 	unsigned char nt_owf[16];
 
-	DEBUG(5,("make_id_info1: %d\n", __LINE__));
+	DEBUG(5,("init_id_info1: %d\n", __LINE__));
 
 	id->ptr_id_info1 = 1;
 
@@ -707,9 +886,9 @@ void init_id_info1(NET_ID_INFO_1 *id, char *domain_name,
 		memcpy(key, sess_key, 8);
 
 		memcpy(lm_owf, lm_cypher, 16);
-		SamOEMhash(lm_owf, key, False);
+		SamOEMhash(lm_owf, key, 16);
 		memcpy(nt_owf, nt_cypher, 16);
-		SamOEMhash(nt_owf, key, False);
+		SamOEMhash(nt_owf, key, 16);
 
 #ifdef DEBUG_PASSWORD
 		DEBUG(100,("encrypt of lm owf password:"));
diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c
index 20536c91b47..9711eee4524 100644
--- a/source/rpc_parse/parse_samr.c
+++ b/source/rpc_parse/parse_samr.c
@@ -23,7 +23,6 @@
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-
 #include "includes.h"
 #include "rpc_parse.h"
 #include "nterr.h"
@@ -1387,7 +1386,7 @@ BOOL samr_io_q_query_dispinfo(char *desc, SAMR_Q_QUERY_DISPINFO * q_e,
 inits a SAM_DISPINFO_1 structure.
 ********************************************************************/
 
-void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES])
 {
@@ -1404,7 +1403,19 @@ void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries,
 	DEBUG(5, ("init_sam_dispinfo_1: max_entries: %d max_dsize: 0x%x\n",
 		  max_entries, max_data_size));
 
+	sam->sam=(SAM_ENTRY1 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY1));
+	if (!sam->sam)
+		return NT_STATUS_NO_MEMORY;
+
+	sam->str=(SAM_STR1 *)talloc(ctx, max_entries*sizeof(SAM_STR1));
+	if (!sam->str)
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
 	for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) {
+		DEBUG(5, ("init_sam_dispinfo_1: entry: %d\n",i));
 		len_sam_name = pass[i].uni_user_name.uni_str_len;
 		len_sam_full = pass[i].uni_full_name.uni_str_len;
 		len_sam_desc = pass[i].uni_acct_desc.uni_str_len;
@@ -1413,6 +1424,10 @@ void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries,
 				len_sam_name, len_sam_full, len_sam_desc,
 				pass[i].user_rid, pass[i].acb_info);
 
+		ZERO_STRUCTP(&sam->str[i].uni_acct_name);
+		ZERO_STRUCTP(&sam->str[i].uni_full_name);
+		ZERO_STRUCTP(&sam->str[i].uni_acct_desc);
+
 		copy_unistr2(&sam->str[i].uni_acct_name, &pass[i].uni_user_name);
 		copy_unistr2(&sam->str[i].uni_full_name, &pass[i].uni_full_name);
 		copy_unistr2(&sam->str[i].uni_acct_desc, &pass[i].uni_acct_desc);
@@ -1423,6 +1438,8 @@ void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries,
 
 	*num_entries = i;
 	*data_size = dsize;
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -1435,16 +1452,28 @@ static BOOL sam_io_sam_dispinfo_1(char *desc, SAM_DISPINFO_1 * sam,
 {
 	uint32 i;
 
-	if (sam == NULL)
-		return False;
-
 	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_1");
 	depth++;
 
 	if(!prs_align(ps))
 		return False;
 
-	SMB_ASSERT_ARRAY(sam->sam, num_entries);
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY1 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY1) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY1\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR1 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR1) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR1\n"));
+			return False;
+		}
+	}
 
 	for (i = 0; i < num_entries; i++) {
 		if(!sam_io_sam_entry1("", &sam->sam[i], ps, depth))
@@ -1466,7 +1495,7 @@ static BOOL sam_io_sam_dispinfo_1(char *desc, SAM_DISPINFO_1 * sam,
 inits a SAM_DISPINFO_2 structure.
 ********************************************************************/
 
-void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES])
 {
@@ -1482,6 +1511,15 @@ void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries,
 	max_entries = *num_entries;
 	max_data_size = *data_size;
 
+	if (!(sam->sam=(SAM_ENTRY2 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY2))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR2 *)talloc(ctx, max_entries*sizeof(SAM_STR2))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
 	for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) {
 		len_sam_name = pass[i].uni_user_name.uni_str_len;
 		len_sam_desc = pass[i].uni_acct_desc.uni_str_len;
@@ -1490,10 +1528,11 @@ void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries,
 			  len_sam_name, len_sam_desc,
 			  pass[i].user_rid, pass[i].acb_info);
 	  
-		copy_unistr2(&sam->str[i].uni_srv_name,
-		       &pass[i].uni_user_name);
-		copy_unistr2(&sam->str[i].uni_srv_desc,
-		       &pass[i].uni_acct_desc);
+		ZERO_STRUCTP(&sam->str[i].uni_srv_name);
+		ZERO_STRUCTP(&sam->str[i].uni_srv_desc);
+
+		copy_unistr2(&sam->str[i].uni_srv_name, &pass[i].uni_user_name);
+		copy_unistr2(&sam->str[i].uni_srv_desc, &pass[i].uni_acct_desc);
 	  
 		dsize += sizeof(SAM_ENTRY2);
 		dsize += len_sam_name + len_sam_desc;
@@ -1501,6 +1540,8 @@ void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries,
 
 	*num_entries = i;
 	*data_size = dsize;
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -1522,7 +1563,22 @@ static BOOL sam_io_sam_dispinfo_2(char *desc, SAM_DISPINFO_2 * sam,
 	if(!prs_align(ps))
 		return False;
 
-	SMB_ASSERT_ARRAY(sam->sam, num_entries);
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY2 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY2) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY2\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR2 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR2) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR2\n"));
+			return False;
+		}
+	}
 
 	for (i = 0; i < num_entries; i++) {
 		if(!sam_io_sam_entry2("", &sam->sam[i], ps, depth))
@@ -1543,7 +1599,7 @@ static BOOL sam_io_sam_dispinfo_2(char *desc, SAM_DISPINFO_2 * sam,
 inits a SAM_DISPINFO_3 structure.
 ********************************************************************/
 
-void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 DOMAIN_GRP * grp)
 {
@@ -1559,6 +1615,15 @@ void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries,
 	max_entries = *num_entries;
 	max_data_size = *data_size;
 
+	if (!(sam->sam=(SAM_ENTRY3 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY3))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR3 *)talloc(ctx, max_entries*sizeof(SAM_STR3))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
 	for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) {
 		len_sam_name = strlen(grp[i].name);
 		len_sam_desc = strlen(grp[i].comment);
@@ -1575,6 +1640,8 @@ void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries,
 
 	*num_entries = i;
 	*data_size = dsize;
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -1596,7 +1663,22 @@ static BOOL sam_io_sam_dispinfo_3(char *desc, SAM_DISPINFO_3 * sam,
 	if(!prs_align(ps))
 		return False;
 
-	SMB_ASSERT_ARRAY(sam->sam, num_entries);
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY3 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY3) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY3\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR3 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR3) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR3\n"));
+			return False;
+		}
+	}
 
 	for (i = 0; i < num_entries; i++) {
 		if(!sam_io_sam_entry3("", &sam->sam[i], ps, depth))
@@ -1617,7 +1699,7 @@ static BOOL sam_io_sam_dispinfo_3(char *desc, SAM_DISPINFO_3 * sam,
 inits a SAM_DISPINFO_4 structure.
 ********************************************************************/
 
-void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES])
 {
@@ -1634,16 +1716,22 @@ void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries,
 	max_entries = *num_entries;
 	max_data_size = *data_size;
 
+	if (!(sam->sam=(SAM_ENTRY4 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY4))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR4 *)talloc(ctx, max_entries*sizeof(SAM_STR4))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
 	for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) {
 		len_sam_name = pass[i].uni_user_name.uni_str_len;
 	  
-		init_sam_entry4(&sam->sam[i], start_idx + i + 1,
-			  len_sam_name);
-	  
-		unistr2_to_ascii(sam_name, &pass[i].uni_user_name,
-			   sizeof(sam_name));
-		init_string2(&sam->str[i].acct_name, sam_name,
-		       len_sam_name);
+		init_sam_entry4(&sam->sam[i], start_idx + i + 1, len_sam_name);
+
+		unistr2_to_ascii(sam_name, &pass[i].uni_user_name, sizeof(sam_name));
+		init_string2(&sam->str[i].acct_name, sam_name, len_sam_name);
 	  
 		dsize += sizeof(SAM_ENTRY4);
 		dsize += len_sam_name;
@@ -1651,6 +1739,8 @@ void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries,
 	
 	*num_entries = i;
 	*data_size = dsize;
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -1672,7 +1762,22 @@ static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam,
 	if(!prs_align(ps))
 		return False;
 
-	SMB_ASSERT_ARRAY(sam->sam, num_entries);
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY4 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY4) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY4\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR4 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR4) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR4\n"));
+			return False;
+		}
+	}
 
 	for (i = 0; i < num_entries; i++) {
 		if(!sam_io_sam_entry4("", &sam->sam[i], ps, depth))
@@ -1694,7 +1799,7 @@ static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam,
 inits a SAM_DISPINFO_5 structure.
 ********************************************************************/
 
-void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries,
+uint32 init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 *num_entries,
 			 uint32 *data_size, uint32 start_idx,
 			 DOMAIN_GRP * grp)
 {
@@ -1710,14 +1815,20 @@ void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries,
 	max_entries = *num_entries;
 	max_data_size = *data_size;
 
+	if (!(sam->sam=(SAM_ENTRY5 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY5))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(sam->str=(SAM_STR5 *)talloc(ctx, max_entries*sizeof(SAM_STR5))))
+		return NT_STATUS_NO_MEMORY;
+
+	ZERO_STRUCTP(sam->sam);
+	ZERO_STRUCTP(sam->str);
+
 	for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) {
 		len_sam_name = strlen(grp[i].name);
 	  
-		init_sam_entry5(&sam->sam[i], start_idx + i + 1,
-				len_sam_name);
-	  
-		init_string2(&sam->str[i].grp_name, grp[i].name,
-				len_sam_name);
+		init_sam_entry5(&sam->sam[i], start_idx + i + 1, len_sam_name);
+		init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name);
 	  
 		dsize += sizeof(SAM_ENTRY5);
 		dsize += len_sam_name;
@@ -1725,6 +1836,8 @@ void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries,
 	
 	*num_entries = i;
 	*data_size = dsize;
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -1746,7 +1859,22 @@ static BOOL sam_io_sam_dispinfo_5(char *desc, SAM_DISPINFO_5 * sam,
 	if(!prs_align(ps))
 		return False;
 
-	SMB_ASSERT_ARRAY(sam->sam, num_entries);
+	if (UNMARSHALLING(ps) && num_entries > 0) {
+
+		if ((sam->sam = (SAM_ENTRY5 *)
+		     prs_alloc_mem(ps, sizeof(SAM_ENTRY5) *
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_ENTRY5\n"));
+			return False;
+		}
+
+		if ((sam->str = (SAM_STR5 *)
+		     prs_alloc_mem(ps, sizeof(SAM_STR5) * 
+				   num_entries)) == NULL) {
+			DEBUG(0, ("out of memory allocating SAM_STR5\n"));
+			return False;
+		}
+	}
 
 	for (i = 0; i < num_entries; i++) {
 		if(!sam_io_sam_entry5("", &sam->sam[i], ps, depth))
@@ -2047,29 +2175,32 @@ BOOL samr_io_group_info4(char *desc, GROUP_INFO4 * gr4,
 reads or writes a structure.
 ********************************************************************/
 
-static BOOL samr_group_info_ctr(char *desc, GROUP_INFO_CTR * ctr,
+static BOOL samr_group_info_ctr(char *desc, GROUP_INFO_CTR **ctr,
 				prs_struct *ps, int depth)
 {
-	if (ctr == NULL)
+	if (UNMARSHALLING(ps))
+		*ctr = (GROUP_INFO_CTR *)prs_alloc_mem(ps,sizeof(GROUP_INFO_CTR));
+
+	if (*ctr == NULL)
 		return False;
 
 	prs_debug(ps, depth, desc, "samr_group_info_ctr");
 	depth++;
 
-	if(!prs_uint16("switch_value1", ps, depth, &ctr->switch_value1))
+	if(!prs_uint16("switch_value1", ps, depth, &(*ctr)->switch_value1))
 		return False;
-	if(!prs_uint16("switch_value2", ps, depth, &ctr->switch_value2))
+	if(!prs_uint16("switch_value2", ps, depth, &(*ctr)->switch_value2))
 		return False;
 
-	switch (ctr->switch_value1) {
+	switch ((*ctr)->switch_value1) {
 	case 1:
 		if(!samr_io_group_info1("group_info1",
-				  &ctr->group.info1, ps, depth))
+				  &(*ctr)->group.info1, ps, depth))
 			return False;
 		break;
 	case 4:
 		if(!samr_io_group_info4("group_info4",
-				  &ctr->group.info4, ps, depth))
+				  &(*ctr)->group.info4, ps, depth))
 			return False;
 		break;
 	default:
@@ -2395,7 +2526,7 @@ BOOL samr_io_q_set_groupinfo(char *desc, SAMR_Q_SET_GROUPINFO * q_e,
 	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
 		return False;
 	
-	if(!samr_group_info_ctr("ctr", q_e->ctr, ps, depth))
+	if(!samr_group_info_ctr("ctr", &q_e->ctr, ps, depth))
 		return False;
 
 	return True;
@@ -2507,7 +2638,7 @@ BOOL samr_io_r_query_groupinfo(char *desc, SAMR_R_QUERY_GROUPINFO * r_u,
 		return False;
 
 	if (r_u->ptr != 0) {
-		if(!samr_group_info_ctr("ctr", r_u->ctr, ps, depth))
+		if(!samr_group_info_ctr("ctr", &r_u->ctr, ps, depth))
 			return False;
 	}
 
@@ -3594,15 +3725,12 @@ inits a SAMR_Q_OPEN_ALIAS structure.
 ********************************************************************/
 
 void init_samr_q_open_alias(SAMR_Q_OPEN_ALIAS * q_u, POLICY_HND *pol,
-			    uint32 unknown_0, uint32 rid)
+			    uint32 access_mask, uint32 rid)
 {
 	DEBUG(5, ("init_samr_q_open_alias\n"));
 
 	q_u->dom_pol = *pol;
-
-	/* example values: 0x0000 0008 */
-	q_u->unknown_0 = unknown_0;
-
+	q_u->access_mask = access_mask;
 	q_u->rid_alias = rid;
 }
 
@@ -3625,7 +3753,7 @@ BOOL samr_io_q_open_alias(char *desc, SAMR_Q_OPEN_ALIAS * q_u,
 	if(!smb_io_pol_hnd("domain_pol", &q_u->dom_pol, ps, depth))
 		return False;
 
-	if(!prs_uint32("unknown_0", ps, depth, &q_u->unknown_0))
+	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
 		return False;
 	if(!prs_uint32("rid_alias", ps, depth, &q_u->rid_alias))
 		return False;
@@ -3678,6 +3806,8 @@ void init_samr_q_lookup_rids(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_RIDS * q_u,
 	if (q_u->rid == NULL) {
 		q_u->num_rids1 = 0;
 		q_u->num_rids2 = 0;
+	} else {
+		memcpy(q_u->rid, rid, num_rids * sizeof(q_u->rid[0]));
 	}
 }
 
@@ -4289,7 +4419,7 @@ BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM * r_u,
 inits a SAMR_Q_LOOKUP_NAMES structure.
 ********************************************************************/
 
-void init_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES * q_u,
+uint32 init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u,
 			      POLICY_HND *pol, uint32 flags,
 			      uint32 num_names, char **name)
 {
@@ -4304,11 +4434,19 @@ void init_samr_q_lookup_names(SAMR_Q_LOOKUP_NAMES * q_u,
 	q_u->ptr = 0;
 	q_u->num_names2 = num_names;
 
+	if (!(q_u->hdr_name = (UNIHDR *)talloc_zero(ctx, num_names * sizeof(UNIHDR))))
+		return NT_STATUS_NO_MEMORY;
+
+	if (!(q_u->uni_name = (UNISTR2 *)talloc_zero(ctx, num_names * sizeof(UNISTR2))))
+		return NT_STATUS_NO_MEMORY;
+
 	for (i = 0; i < num_names; i++) {
 		int len_name = name[i] != NULL ? strlen(name[i]) : 0;
 		init_uni_hdr(&q_u->hdr_name[i], len_name);	/* unicode header for user_name */
 		init_unistr2(&q_u->uni_name[i], name[i], len_name);	/* unicode string for machine account */
 	}
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -4344,7 +4482,14 @@ BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES * q_u,
 	if(!prs_uint32("num_names2", ps, depth, &q_u->num_names2))
 		return False;
 
-	SMB_ASSERT_ARRAY(q_u->hdr_name, q_u->num_names2);
+	if (UNMARSHALLING(ps) && (q_u->num_names2 != 0)) {
+		q_u->hdr_name = (UNIHDR *)prs_alloc_mem(ps, sizeof(UNIHDR) *
+							q_u->num_names2);
+		q_u->uni_name = (UNISTR2 *)prs_alloc_mem(ps, sizeof(UNISTR2) *
+							 q_u->num_names2);
+		if (!q_u->hdr_name || !q_u->uni_name)
+			return False;
+	}
 
 	for (i = 0; i < q_u->num_names2; i++) {
 		if(!smb_io_unihdr("", &q_u->hdr_name[i], ps, depth))
@@ -4363,7 +4508,7 @@ BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES * q_u,
 inits a SAMR_R_LOOKUP_NAMES structure.
 ********************************************************************/
 
-void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
+uint32 init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
 			      uint32 num_rids,
 			      uint32 *rid, uint32 *type,
 			      uint32 status)
@@ -4381,8 +4526,10 @@ void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
 		r_u->ptr_rids = 1;
 		r_u->num_rids2 = num_rids;
 
-		r_u->rids = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids);
-		r_u->types = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids);
+		if (!(r_u->rids = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids)))
+			return NT_STATUS_NO_MEMORY;
+		if (!(r_u->types = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids)))
+			return NT_STATUS_NO_MEMORY;
 
 		if (!r_u->rids || !r_u->types)
 			goto empty;
@@ -4407,6 +4554,8 @@ void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
 	}
 
 	r_u->status = status;
+
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -4985,10 +5134,9 @@ static BOOL sam_io_user_info11(char *desc, SAM_USER_INFO_11 * usr,
 
  *************************************************************************/
 
-void init_sam_user_info24(SAM_USER_INFO_24 * usr,
-			  char newpass[516], uint16 passlen)
+void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516])
 {
-	DEBUG(10, ("init_sam_user_info24: passlen: %d\n", passlen));
+	DEBUG(10, ("init_sam_user_info24:\n"));
 	memcpy(usr->pass, newpass, sizeof(usr->pass));
 }
 
@@ -5011,6 +5159,9 @@ static BOOL sam_io_user_info24(char *desc, SAM_USER_INFO_24 * usr,
 	if(!prs_uint8s(False, "password", ps, depth, usr->pass, sizeof(usr->pass)))
 		return False;
 
+	if(!prs_align(ps))
+		return False;
+
 	return True;
 }
 
@@ -5325,6 +5476,126 @@ static BOOL sam_io_user_info23(char *desc, SAM_USER_INFO_23 * usr,
 	return True;
 }
 
+/*******************************************************************
+ reads or writes a structure.
+ NB. This structure is *definately* incorrect. It's my best guess
+ currently for W2K SP2. The password field is encrypted in a different
+ way than normal... And there are definately other problems. JRA.
+********************************************************************/
+
+static BOOL sam_io_user_info25(char *desc, SAM_USER_INFO_25 * usr, prs_struct *ps, int depth)
+{
+	if (usr == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "sam_io_user_info23");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
+		return False;
+	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps, depth))
+		return False;
+	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time, ps, depth))
+		return False;
+
+	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
+		return False;
+	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
+		return False;
+	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
+		return False;
+	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
+		return False;
+	if(!smb_io_unihdr("hdr_unknown_str ", &usr->hdr_unknown_str, ps, depth))	/* unknown string */
+		return False;
+	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
+		return False;
+
+	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
+		return False;
+	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
+		return False;
+
+	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
+		return False;
+	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
+		return False;
+	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
+		return False;
+
+	if(!prs_uint32s(False, "unknown_6      ", ps, depth, usr->unknown_6, 6))
+		return False;
+
+	if(!prs_uint8s(False, "password      ", ps, depth, usr->pass, sizeof(usr->pass)))
+		return False;
+
+	/* here begins pointed-to data */
+
+	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth))	/* username unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))	/* user's full name unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))	/* home directory unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))	/* home directory drive unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))	/* logon script unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))	/* profile path unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))	/* user desc unicode string */
+		return False;
+
+	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))	/* worksations user can log on from */
+		return False;
+
+	if(!smb_io_unistr2("uni_unknown_str ", &usr->uni_unknown_str, usr->hdr_unknown_str.buffer, ps, depth))	/* unknown string */
+		return False;
+
+	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth))
+		return False;
+
+#if 0 /* JRA - unknown... */
+	/* ok, this is only guess-work (as usual) */
+	if (usr->ptr_logon_hrs) {
+		if(!prs_uint32("unknown_6     ", ps, depth, &usr->unknown_6))
+			return False;
+		if(!prs_uint32("padding4      ", ps, depth, &usr->padding4))
+			return False;
+		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
+			return False;
+	} else if (UNMARSHALLING(ps)) {
+		usr->unknown_6 = 0;
+		usr->padding4 = 0;
+	}
+#endif
+
+	return True;
+}
+
 
 /*************************************************************************
  init_sam_user_info21W
@@ -5715,12 +5986,12 @@ void init_samr_userinfo_ctr(SAM_USERINFO_CTR * ctr, uchar * sess_key,
 
 	switch (switch_value) {
 	case 0x18:
-		SamOEMhash(ctr->info.id24->pass, sess_key, 1);
+		SamOEMhash(ctr->info.id24->pass, sess_key, 516);
 		dump_data(100, (char *)sess_key, 16);
 		dump_data(100, (char *)ctr->info.id24->pass, 516);
 		break;
 	case 0x17:
-		SamOEMhash(ctr->info.id23->pass, sess_key, 1);
+		SamOEMhash(ctr->info.id23->pass, sess_key, 516);
 		dump_data(100, (char *)sess_key, 16);
 		dump_data(100, (char *)ctr->info.id23->pass, 516);
 		break;
@@ -5820,6 +6091,16 @@ static BOOL samr_io_userinfo_ctr(char *desc, SAM_USERINFO_CTR **ppctr,
 		}
 		ret = sam_io_user_info24("", ctr->info.id24, ps,  depth);
 		break;
+	case 25:
+		if (UNMARSHALLING(ps))
+			ctr->info.id25 = (SAM_USER_INFO_25 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_25));
+
+		if (ctr->info.id25 == NULL) {
+			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
+			return False;
+		}
+		ret = sam_io_user_info25("", ctr->info.id25, ps, depth);
+		break;
 	default:
 		DEBUG(2, ("samr_io_userinfo_ctr: unknown switch level 0x%x\n", ctr->switch_value));
 		ret = False;
@@ -5974,8 +6255,8 @@ void init_samr_q_set_userinfo2(SAMR_Q_SET_USERINFO2 * q_u,
 
 	switch (switch_value) {
 	case 0x12:
-		SamOEMhash(ctr->info.id12->lm_pwd, sess_key, 0);
-		SamOEMhash(ctr->info.id12->nt_pwd, sess_key, 0);
+		SamOEMhash(ctr->info.id12->lm_pwd, sess_key, 16);
+		SamOEMhash(ctr->info.id12->nt_pwd, sess_key, 16);
 		dump_data(100, (char *)sess_key, 16);
 		dump_data(100, (char *)ctr->info.id12->lm_pwd, 16);
 		dump_data(100, (char *)ctr->info.id12->nt_pwd, 16);
diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c
index e5d3a6ce43c..b202c2a3566 100644
--- a/source/rpc_parse/parse_sec.c
+++ b/source/rpc_parse/parse_sec.c
@@ -135,7 +135,14 @@ SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *a
 	dst->num_aces = num_aces;
 	dst->size = 8;
 
-	if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces )) == NULL) {
+	/* Now we need to return a non-NULL address for the ace list even
+	   if the number of aces required is zero.  This is because there
+	   is a distinct difference between a NULL ace and an ace with zero
+	   entries in it.  This is achieved by always making the number of
+	   bytes allocated by talloc() positive.  Heh. */
+
+	if((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces + 1))
+	   == NULL) {
 		return NULL;
 	}
 
@@ -204,9 +211,13 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
 	if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces))
 		return False;
 
-	if (UNMARSHALLING(ps) && psa->num_aces != 0) {
-		/* reading */
-		if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * psa->num_aces)) == NULL)
+	if (UNMARSHALLING(ps)) {
+		/*
+		 * Even if the num_aces is zero, allocate memory as there's a difference
+		 * between a non-present DACL (allow all access) and a DACL with no ACE's
+		 * (allow no access).
+		 */
+		if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * (psa->num_aces+1))) == NULL)
 			return False;
 	}
 
diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c
index ff3e53273a0..2b81a7708c0 100644
--- a/source/rpc_parse/parse_spoolss.c
+++ b/source/rpc_parse/parse_spoolss.c
@@ -761,6 +761,7 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
  * init a structure.
  ********************************************************************/
 BOOL make_spoolss_q_addprinterex(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_ADDPRINTEREX *q_u, 
 	const char *srv_name,
 	const char* clientname, 
@@ -783,7 +784,7 @@ BOOL make_spoolss_q_addprinterex(
 	{
 		case 2:
 			/* init q_u->info.info2 from *info */
-			if (!make_spoolss_printer_info_2(&q_u->info.info_2, ctr->printers_2))
+			if (!make_spoolss_printer_info_2(mem_ctx, &q_u->info.info_2, ctr->printers_2))
 			{
 				DEBUG(0,("make_spoolss_q_addprinterex: Unable to fill SPOOL_Q_ADDPRINTEREX struct!\n"));
 				return False;
@@ -818,6 +819,7 @@ create a SPOOL_PRINTER_INFO_2 stuct from a PRINTER_INFO_2 struct
 *******************************************************************/
 
 BOOL make_spoolss_printer_info_2(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_PRINTER_INFO_LEVEL_2 **spool_info2, 
 	PRINTER_INFO_2 *info
 )
@@ -826,8 +828,7 @@ BOOL make_spoolss_printer_info_2(
 	SPOOL_PRINTER_INFO_LEVEL_2 *inf;
 
 	/* allocate the necessary memory */
-	inf = (SPOOL_PRINTER_INFO_LEVEL_2*)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_2));
-	if (!spool_info2)
+	if (!(inf=(SPOOL_PRINTER_INFO_LEVEL_2*)talloc(mem_ctx, sizeof(SPOOL_PRINTER_INFO_LEVEL_2))))
 	{
 		DEBUG(0,("make_spoolss_printer_info_2: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_2 sruct!\n"));
 		return False;
@@ -908,6 +909,31 @@ BOOL spoolss_io_q_open_printer_ex(char *desc, SPOOL_Q_OPEN_PRINTER_EX *q_u, prs_
 }
 
 /*******************************************************************
+ * init a structure.
+ ********************************************************************/
+BOOL make_spoolss_q_deleteprinterdriver(
+	TALLOC_CTX *mem_ctx,
+	SPOOL_Q_DELETEPRINTERDRIVER *q_u, 
+	const char *server,
+	const char* arch, 
+	const char* driver 
+)
+{
+	DEBUG(5,("make_spoolss_q_deleteprinterdriver\n"));
+	
+	q_u->server_ptr = (server!=NULL)?1:0;
+
+	/* these must be NULL terminated or else NT4 will
+	   complain about invalid parameters --jerry */
+	init_unistr2(&q_u->server, server, strlen(server)+1);
+	init_unistr2(&q_u->arch, arch, strlen(arch)+1);
+	init_unistr2(&q_u->driver, driver, strlen(driver)+1);
+
+	
+	return True;
+}
+
+/*******************************************************************
  * write a structure.
  * called from static spoolss_r_open_printer_ex (srv_spoolss.c)
  * called from spoolss_open_printer_ex (cli_spoolss.c)
@@ -1150,6 +1176,58 @@ BOOL spoolss_io_r_deleteprinter(char *desc, SPOOL_R_DELETEPRINTER *r_u, prs_stru
 	return True;
 }
 
+
+/*******************************************************************
+ * read a structure.
+ * called from api_spoolss_deleteprinterdriver (srv_spoolss.c)
+ * called from spoolss_deleteprinterdriver (cli_spoolss.c)
+ ********************************************************************/
+
+BOOL spoolss_io_q_deleteprinterdriver(char *desc, SPOOL_Q_DELETEPRINTERDRIVER *q_u, prs_struct *ps, int depth)
+{
+	if (q_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_q_deleteprinterdriver");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("server_ptr", ps, depth, &q_u->server_ptr))
+		return False;		
+	if(!smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth))
+		return False;
+	if(!smb_io_unistr2("arch", &q_u->arch, True, ps, depth))
+		return False;
+	if(!smb_io_unistr2("driver", &q_u->driver, True, ps, depth))
+		return False;
+
+
+	return True;
+}
+
+
+/*******************************************************************
+ * write a structure.
+ ********************************************************************/
+BOOL spoolss_io_r_deleteprinterdriver(char *desc, SPOOL_R_DELETEPRINTERDRIVER *r_u, prs_struct *ps, int depth)
+{
+	if (r_u == NULL) return False;
+
+	prs_debug(ps, depth, desc, "spoolss_io_r_deleteprinterdriver");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+
+	if (!prs_uint32("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;
+}
+
+
+
 /*******************************************************************
  * read a structure.
  * called from static spoolss_q_closeprinter (srv_spoolss.c)
@@ -3256,9 +3334,14 @@ BOOL spoolss_io_r_getprinterdriver2(char *desc, SPOOL_R_GETPRINTERDRIVER2 *r_u,
  * init a structure.
  ********************************************************************/
 
-BOOL make_spoolss_q_enumprinters(SPOOL_Q_ENUMPRINTERS *q_u, uint32 flags, 
-				fstring servername, uint32 level, 
-				NEW_BUFFER *buffer, uint32 offered)
+BOOL make_spoolss_q_enumprinters(
+	SPOOL_Q_ENUMPRINTERS *q_u, 
+	uint32 flags, 
+	fstring servername, 
+	uint32 level, 
+	NEW_BUFFER *buffer, 
+	uint32 offered
+)
 {
 	q_u->flags=flags;
 	
@@ -3420,6 +3503,7 @@ BOOL spoolss_io_q_getprinter(char *desc, SPOOL_Q_GETPRINTER *q_u, prs_struct *ps
  ********************************************************************/
 
 BOOL make_spoolss_q_getprinter(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_GETPRINTER *q_u, 
 	const POLICY_HND *hnd, 
 	uint32 level, 
@@ -3444,6 +3528,7 @@ BOOL make_spoolss_q_getprinter(
  * init a structure.
  ********************************************************************/
 BOOL make_spoolss_q_setprinter(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_SETPRINTER *q_u, 
 	const POLICY_HND *hnd, 
 	uint32 level, 
@@ -3474,7 +3559,7 @@ BOOL make_spoolss_q_setprinter(
 		info->printers_2->devmode = NULL;
 		info->printers_2->secdesc = NULL;
 		
-		make_spoolss_printer_info_2 (&q_u->info.info_2, info->printers_2);
+		make_spoolss_printer_info_2 (mem_ctx, &q_u->info.info_2, info->printers_2);
 #if 0	/* JERRY TEST */
 		q_u->secdesc_ctr = (SEC_DESC_BUF*)malloc(sizeof(SEC_DESC_BUF));
 		if (!q_u->secdesc_ctr)
@@ -3483,13 +3568,13 @@ BOOL make_spoolss_q_setprinter(
 		q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
 		q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
 		q_u->secdesc_ctr->sec = secdesc;
-	
+
 		q_u->devmode_ctr.devmode_ptr = (devmode != NULL) ? 1 : 0;
 		q_u->devmode_ctr.size = sizeof(DEVICEMODE) + (3*sizeof(uint32));
 		q_u->devmode_ctr.devmode = devmode;
 #else
 		q_u->secdesc_ctr = NULL;
-		
+	
 		q_u->devmode_ctr.devmode_ptr = 0;
 		q_u->devmode_ctr.size = 0;
 		q_u->devmode_ctr.devmode = NULL;
@@ -4700,6 +4785,7 @@ BOOL spool_io_printer_driver_info_level(char *desc, SPOOL_PRINTER_DRIVER_INFO_LE
  ******************************************************************/
 
 BOOL make_spoolss_q_addprinterdriver(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_Q_ADDPRINTERDRIVER *q_u, 
 	const char* srv_name, 
 	uint32 level, 
@@ -4718,7 +4804,7 @@ BOOL make_spoolss_q_addprinterdriver(
 	{
 	/* info level 3 is supported by Windows 95/98, WinNT and Win2k */
 	case 3 :
-		make_spoolss_driver_info_3(&q_u->info.info_3, info->info3);
+		make_spoolss_driver_info_3(mem_ctx, &q_u->info.info_3, info->info3);
 		break;
 		
 	/* info level 6 is supported by WinME and Win2k */
@@ -4735,6 +4821,7 @@ BOOL make_spoolss_q_addprinterdriver(
 }
 
 BOOL make_spoolss_driver_info_3(
+	TALLOC_CTX *mem_ctx,
 	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 **spool_drv_info,
 	DRIVER_INFO_3 *info3
 )
@@ -4745,11 +4832,8 @@ BOOL make_spoolss_driver_info_3(
 	BOOL		null_char = False;
 	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *inf;
 
-	inf = (SPOOL_PRINTER_DRIVER_INFO_LEVEL_3*)
-		malloc(sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3));
-	if (!inf)
+	if (!(inf=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3*)talloc_zero(mem_ctx, sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3))))
 		return False;
-	memset (inf, 0x0, sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3));
 	
 	inf->cversion	= info3->version;
 	inf->name_ptr	= (info3->name.buffer!=NULL)?1:0;
@@ -4793,7 +4877,7 @@ BOOL make_spoolss_driver_info_3(
 	}
 	inf->dependentfiles_ptr = (info3->dependentfiles != NULL) ? 1 : 0;
 	inf->dependentfilessize = len;
-	if(!make_spoolss_buffer5(&inf->dependentfiles, len, info3->dependentfiles))
+	if(!make_spoolss_buffer5(mem_ctx, &inf->dependentfiles, len, info3->dependentfiles))
 	{
 		safe_free (inf);
 		return False;
@@ -4808,18 +4892,21 @@ BOOL make_spoolss_driver_info_3(
  make a BUFFER5 struct from a uint16*
  ******************************************************************/
 
-BOOL make_spoolss_buffer5(BUFFER5 *buf5, uint32 len, uint16 *src)
+BOOL make_spoolss_buffer5(
+	TALLOC_CTX *mem_ctx,
+	BUFFER5 *buf5, 
+	uint32 len, 
+	uint16 *src
+)
 {
 
 	buf5->buf_len = len;
-	if((buf5->buffer=(uint16*)malloc(sizeof(uint16)*len)) == NULL)
+	if((buf5->buffer=(uint16*)talloc_memdup(mem_ctx, src, sizeof(uint16)*len)) == NULL)
 	{
 		DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
 		return False;
 	}
 	
-	memcpy(buf5->buffer, src, sizeof(uint16)*len);
-
 	return True;
 }
 
@@ -5168,6 +5255,57 @@ BOOL spoolss_io_q_enumprintprocessors(char *desc, SPOOL_Q_ENUMPRINTPROCESSORS *q
 /*******************************************************************
 ********************************************************************/  
 
+BOOL spoolss_io_q_addprintprocessor(char *desc, SPOOL_Q_ADDPRINTPROCESSOR *q_u, prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "spoolss_io_q_addprintprocessor");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("server_ptr", ps, depth, &q_u->server_ptr))
+		return False;
+	if (!smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("environment", &q_u->environment, True, ps, depth))
+		return False;
+		
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("path", &q_u->path, True, ps, depth))
+		return False;
+
+	if (!prs_align(ps))
+		return False;
+	if (!smb_io_unistr2("name", &q_u->name, True, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+********************************************************************/  
+
+BOOL spoolss_io_r_addprintprocessor(char *desc, SPOOL_R_ADDPRINTPROCESSOR *r_u, prs_struct *ps, int depth)
+{		
+	prs_debug(ps, depth, desc, "spoolss_io_r_addprintproicessor");
+	depth++;
+
+	if (!prs_align(ps))
+		return False;
+		
+	if (!prs_uint32("status", ps, depth, &r_u->status))
+		return False;
+
+	return True;		
+}
+
+/*******************************************************************
+********************************************************************/  
+
 BOOL spoolss_io_r_enumprintprocdatatypes(char *desc, SPOOL_R_ENUMPRINTPROCDATATYPES *r_u, prs_struct *ps, int depth)
 {		
 	prs_debug(ps, depth, desc, "spoolss_io_r_enumprintprocdatatypes");
@@ -5407,12 +5545,14 @@ BOOL spoolss_io_q_setprinterdata(char *desc, SPOOL_Q_SETPRINTERDATA *q_u, prs_st
 		case 0x3:
 		case 0x4:
 		case 0x7:
-			if (UNMARSHALLING(ps))
-				q_u->data=(uint8 *)prs_alloc_mem(ps, q_u->max_len * sizeof(uint8));
-			if(q_u->data == NULL)
-				return False;
-			if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
-				return False;
+            if (q_u->max_len) {
+                if (UNMARSHALLING(ps))
+    				q_u->data=(uint8 *)prs_alloc_mem(ps, q_u->max_len * sizeof(uint8));
+    			if(q_u->data == NULL)
+    				return False;
+    			if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
+    				return False;
+            }
 			if(!prs_align(ps))
 				return False;
 			break;
diff --git a/source/rpc_parse/parse_srv.c b/source/rpc_parse/parse_srv.c
index 61d2ff7ba2a..637b8342660 100644
--- a/source/rpc_parse/parse_srv.c
+++ b/source/rpc_parse/parse_srv.c
@@ -1,4 +1,3 @@
-
 /* 
  *  Unix SMB/Netbios implementation.
  *  Version 1.9.
@@ -280,18 +279,27 @@ static BOOL srv_io_share_info502(char *desc, SH_INFO_502 *sh502, prs_struct *ps,
  Inits a SH_INFO_502_STR structure
 ********************************************************************/
 
-void init_srv_share_info502_str(SH_INFO_502_STR *sh502,
+void init_srv_share_info502_str(SH_INFO_502_STR *sh502str,
+				SH_INFO_502 *ptrs,
 				char *net_name, char *remark,
 				char *path, char *passwd, SEC_DESC *psd, size_t sd_size)
 {
 	DEBUG(5,("init_srv_share_info502_str\n"));
 
-	init_unistr2(&sh502->uni_netname, net_name, strlen(net_name)+1);
-	init_unistr2(&sh502->uni_remark, remark, strlen(remark)+1);
-	init_unistr2(&sh502->uni_path, path, strlen(path)+1);
-	init_unistr2(&sh502->uni_passwd, passwd, strlen(passwd)+1);
-	sh502->sd = psd;
-	sh502->sd_size = sd_size;
+	sh502str->ptrs = ptrs;
+
+	if(sh502str->ptrs->ptr_netname)
+		init_unistr2(&sh502str->uni_netname, net_name, strlen(net_name)+1);
+	if(sh502str->ptrs->ptr_remark)
+		init_unistr2(&sh502str->uni_remark, remark, strlen(remark)+1);
+	if(sh502str->ptrs->ptr_path)
+		init_unistr2(&sh502str->uni_path, path, strlen(path)+1);
+	if(sh502str->ptrs->ptr_passwd)
+		init_unistr2(&sh502str->uni_passwd, passwd, strlen(passwd)+1);
+	if(sh502str->ptrs->ptr_sd) {
+		sh502str->sd = psd;
+		sh502str->sd_size = sd_size;
+	}
 }
 
 /*******************************************************************
@@ -308,31 +316,45 @@ static BOOL srv_io_share_info502_str(char *desc, SH_INFO_502_STR *sh502, prs_str
 
 	if(!prs_align(ps))
 		return False;
-	if(!smb_io_unistr2("", &sh502->uni_netname, True, ps, depth))
-		return False;
+
+	if(sh502->ptrs->ptr_netname) {
+		if(!smb_io_unistr2("", &sh502->uni_netname, True, ps, depth))
+			return False;
+	}
 
 	if(!prs_align(ps))
 		return False;
-	if(!smb_io_unistr2("", &sh502->uni_remark, True, ps, depth))
-		return False;
+
+	if(sh502->ptrs->ptr_remark) {
+		if(!smb_io_unistr2("", &sh502->uni_remark, True, ps, depth))
+			return False;
+	}
 
 	if(!prs_align(ps))
 		return False;
-	if(!smb_io_unistr2("", &sh502->uni_path, True, ps, depth))
-		return False;
+
+	if(sh502->ptrs->ptr_path) {
+		if(!smb_io_unistr2("", &sh502->uni_path, True, ps, depth))
+			return False;
+	}
 
 	if(!prs_align(ps))
 		return False;
-	if(!smb_io_unistr2("", &sh502->uni_passwd, True, ps, depth))
-		return False;
+
+	if(sh502->ptrs->ptr_passwd) {
+		if(!smb_io_unistr2("", &sh502->uni_passwd, True, ps, depth))
+			return False;
+	}
 
 	if(!prs_align(ps))
 		return False;
 
-	if(!prs_uint32("sd_size   ", ps, depth, &sh502->sd_size))
-		return False;
-	if (!sec_io_desc(desc, &sh502->sd, ps, depth))
-		return False;
+	if(sh502->ptrs->ptr_sd) {
+		if(!prs_uint32("sd_size   ", ps, depth, &sh502->sd_size))
+			return False;
+		if (!sec_io_desc(desc, &sh502->sd, ps, depth))
+			return False;
+	}
 
 	return True;
 }
@@ -501,6 +523,7 @@ static BOOL srv_io_srv_share_ctr(char *desc, SRV_SHARE_INFO_CTR *ctr, prs_struct
 		}
 
 		for (i = 0; i < num_entries; i++) {
+			info502[i].info_502_str.ptrs = &info502[i].info_502;
 			if(!srv_io_share_info502_str("", &info502[i].info_502_str, ps, depth))
 				return False;
 		}
@@ -675,6 +698,9 @@ static BOOL srv_io_srv_share_info(char *desc, prs_struct *ps, int depth, SRV_SHA
 			if(!srv_io_share_info502("", &r_n->share.info502.info_502, ps, depth))
 				return False;
 
+			/*allow access to pointers in the str part. */
+			r_n->share.info502.info_502_str.ptrs = &r_n->share.info502.info_502;
+
 			if(!srv_io_share_info502_str("", &r_n->share.info502.info_502_str, ps, depth))
 				return False;
 			break;
@@ -2232,6 +2258,57 @@ void init_srv_r_net_srv_get_info(SRV_R_NET_SRV_GET_INFO *srv,
 }
 
 /*******************************************************************
+ Inits a SRV_R_NET_SRV_SET_INFO structure.
+ ********************************************************************/
+
+void init_srv_r_net_srv_set_info(SRV_R_NET_SRV_SET_INFO *srv,
+				 uint32 switch_value, uint32 status)
+{
+	DEBUG(5,("init_srv_r_net_srv_set_info\n"));
+
+	srv->switch_value = switch_value;
+	srv->status = status;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_srv_set_info(char *desc, SRV_Q_NET_SRV_SET_INFO *q_n, 
+			       prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "srv_io_q_net_srv_set_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name  ", ps, depth, &q_n->ptr_srv_name))
+		return False;
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &q_n->switch_value))
+		return False;
+
+	if (UNMARSHALLING(ps)) {
+		q_n->ctr = (SRV_INFO_CTR *)
+			prs_alloc_mem(ps, sizeof(SRV_INFO_CTR));
+
+		if (!q_n->ctr)
+			return False;
+	}
+
+	if(!srv_io_info_ctr("ctr", q_n->ctr, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
  Reads or writes a structure.
  ********************************************************************/
 
@@ -2255,6 +2332,27 @@ BOOL srv_io_r_net_srv_get_info(char *desc, SRV_R_NET_SRV_GET_INFO *r_n, prs_stru
 	return True;
 }
 
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_srv_set_info(char *desc, SRV_R_NET_SRV_SET_INFO *r_n, 
+			       prs_struct *ps, int depth)
+{
+	prs_debug(ps, depth, desc, "srv_io_r_net_srv_set_info");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("switch_value  ", ps, depth, &r_n->switch_value))
+		return False;
+
+	if(!prs_uint32("status ", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
 
 /*******************************************************************
  Reads or writes a structure.
@@ -2374,3 +2472,327 @@ BOOL srv_io_r_net_remote_tod(char *desc, SRV_R_NET_REMOTE_TOD *r_n, prs_struct *
 
 	return True;
 }
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_q_net_disk_enum(char *desc, SRV_Q_NET_DISK_ENUM *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_disk_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("level", ps, depth, &q_n->disk_enum_ctr.level))
+		return False;
+
+	if(!prs_uint32("entries_read", ps, depth, &q_n->disk_enum_ctr.entries_read))
+		return False;
+
+	if(!prs_uint32("buffer", ps, depth, &q_n->disk_enum_ctr.disk_info_ptr))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("preferred_len", ps, depth, &q_n->preferred_len))
+		return False;
+	if(!smb_io_enum_hnd("enum_hnd", &q_n->enum_hnd, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_disk_enum(char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_struct *ps, int depth)
+{
+	int i;
+
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_disk_enum");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("entries_read", ps, depth, &r_n->disk_enum_ctr.entries_read))
+		return False;
+	if(!prs_uint32("ptr_disk_info", ps, depth, &r_n->disk_enum_ctr.disk_info_ptr))
+		return False;
+
+	/*this may be max, unknown, actual?*/
+
+	if(!prs_uint32("max_elements", ps, depth, &r_n->disk_enum_ctr.entries_read))
+		return False;
+	if(!prs_uint32("unknown", ps, depth, &r_n->disk_enum_ctr.unknown))
+		return False;
+	if(!prs_uint32("actual_elements", ps, depth, &r_n->disk_enum_ctr.entries_read))
+		return False;
+
+	for(i=0; i < r_n->disk_enum_ctr.entries_read; i++) {
+
+		if(!prs_uint32("unknown", ps, depth, &r_n->disk_enum_ctr.disk_info[i].unknown))
+			return False;
+   
+		if(!smb_io_unistr3("disk_name", &r_n->disk_enum_ctr.disk_info[i].disk_name, ps, depth))
+			return False;
+
+		if(!prs_align(ps))
+			return False;
+	}
+
+	if(!prs_uint32("total_entries", ps, depth, &r_n->total_entries))
+		return False;
+
+	if(!smb_io_enum_hnd("enum_hnd", &r_n->enum_hnd, ps, depth))
+		return False;
+
+	if(!prs_uint32("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_q_net_name_validate(char *desc, SRV_Q_NET_NAME_VALIDATE *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_name_validate");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("type", ps, depth, &q_n->type))
+		return False;
+
+	if(!prs_uint32("flags", ps, depth, &q_n->flags))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+ ********************************************************************/
+
+BOOL srv_io_r_net_name_validate(char *desc, SRV_R_NET_NAME_VALIDATE *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_name_validate");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_file_query_secdesc(char *desc, SRV_Q_NET_FILE_QUERY_SECDESC *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_file_query_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_file_name, True, ps, depth))
+		return False;
+
+	if(!prs_uint32("unknown1", ps, depth, &q_n->unknown1))
+		return False;
+
+	if(!prs_uint32("unknown2", ps, depth, &q_n->unknown2))
+		return False;
+
+	if(!prs_uint32("unknown3", ps, depth, &q_n->unknown3))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_file_query_secdesc(char *desc, SRV_R_NET_FILE_QUERY_SECDESC *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_file_query_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_response", ps, depth, &r_n->ptr_response))
+		return False;
+
+	if(!prs_uint32("size_response", ps, depth, &r_n->size_response))
+		return False;
+
+	if(!prs_uint32("ptr_secdesc", ps, depth, &r_n->ptr_secdesc))
+		return False;
+
+	if(!prs_uint32("size_secdesc", ps, depth, &r_n->size_secdesc))
+		return False;
+
+	if(!sec_io_desc("sec_desc", &r_n->sec_desc, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_q_net_file_set_secdesc(char *desc, SRV_Q_NET_FILE_SET_SECDESC *q_n, prs_struct *ps, int depth)
+{
+	if (q_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_q_net_file_set_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_srv_name", ps, depth, &q_n->ptr_srv_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_srv_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("ptr_qual_name", ps, depth, &q_n->ptr_qual_name))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_qual_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!smb_io_unistr2("", &q_n->uni_file_name, True, ps, depth))
+		return False;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("sec_info", ps, depth, &q_n->sec_info))
+		return False;
+
+	if(!prs_uint32("size_set", ps, depth, &q_n->size_set))
+		return False;
+
+	if(!prs_uint32("ptr_secdesc", ps, depth, &q_n->ptr_secdesc))
+		return False;
+
+	if(!prs_uint32("size_secdesc", ps, depth, &q_n->size_secdesc))
+		return False;
+
+	if(!sec_io_desc("sec_desc", &q_n->sec_desc, ps, depth))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
+ Reads or writes a structure.
+********************************************************************/
+
+BOOL srv_io_r_net_file_set_secdesc(char *desc, SRV_R_NET_FILE_SET_SECDESC *r_n, prs_struct *ps, int depth)
+{
+	if (r_n == NULL)
+		return False;
+
+	prs_debug(ps, depth, desc, "srv_io_r_net_file_set_secdesc");
+	depth++;
+
+	if(!prs_align(ps))
+		return False;
+
+	if(!prs_uint32("status", ps, depth, &r_n->status))
+		return False;
+
+	return True;
+}
diff --git a/source/rpc_server/srv_dfs_nt.c b/source/rpc_server/srv_dfs_nt.c
index c01ab8f2d9d..54c3fbf324c 100644
--- a/source/rpc_server/srv_dfs_nt.c
+++ b/source/rpc_server/srv_dfs_nt.c
@@ -121,7 +121,7 @@ uint32 _dfs_remove(pipes_struct *p, DFS_Q_DFS_REMOVE *q_u, DFS_R_DFS_REMOVE *r_u
   get_current_user(&user,p);
 
   if (user.uid != 0) {
-	DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
+	DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
 	return ERROR_ACCESS_DENIED;
   }
 
diff --git a/source/rpc_server/srv_lsa.c b/source/rpc_server/srv_lsa.c
index b6a8c745a45..005398924ee 100644
--- a/source/rpc_server/srv_lsa.c
+++ b/source/rpc_server/srv_lsa.c
@@ -269,6 +269,37 @@ static BOOL api_lsa_open_secret(pipes_struct *p)
 }
 
 /***************************************************************************
+ api_lsa_UNK_GET_CONNUSER
+ ***************************************************************************/
+
+static BOOL api_lsa_unk_get_connuser(pipes_struct *p)
+{
+	LSA_Q_UNK_GET_CONNUSER q_u;
+	LSA_R_UNK_GET_CONNUSER r_u;
+	
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if(!lsa_io_q_unk_get_connuser("", &q_u, data, 0)) {
+		DEBUG(0,("api_lsa_unk_get_connuser: failed to unmarshall LSA_Q_UNK_GET_CONNUSER.\n"));
+		return False;
+	}
+
+	r_u.status = _lsa_unk_get_connuser(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!lsa_io_r_unk_get_connuser("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_lsa_unk_get_connuser: Failed to marshall LSA_R_UNK_GET_CONNUSER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/***************************************************************************
  \PIPE\ntlsa commands
  ***************************************************************************/
 
@@ -282,6 +313,7 @@ static struct api_struct api_lsa_cmds[] =
 	{ "LSA_OPENSECRET"      , LSA_OPENSECRET      , api_lsa_open_secret    },
 	{ "LSA_LOOKUPSIDS"      , LSA_LOOKUPSIDS      , api_lsa_lookup_sids    },
 	{ "LSA_LOOKUPNAMES"     , LSA_LOOKUPNAMES     , api_lsa_lookup_names   },
+	{ "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser},
 	{ NULL                  , 0                   , NULL                   }
 };
 
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index 73626b038c9..afcace3f9c8 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -108,7 +108,7 @@ static int init_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
  ***************************************************************************/
 
 static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2,
-				int num_entries, UNISTR2 name[MAX_LOOKUP_SIDS],
+				int num_entries, UNISTR2 *name,
 				uint32 *mapped_count, BOOL endian)
 {
 	int i;
@@ -238,6 +238,11 @@ static void init_lsa_trans_names(TALLOC_CTX *ctx, DOM_R_REF *ref, LSA_TRANS_NAME
 			sid_split_rid(&find_sid, &rid);
 		}
 
+		/* unistr routines take dos codepage strings */
+
+		unix_to_dos(dom_name, True);
+		unix_to_dos(name, True);
+
 		dom_idx = init_dom_ref(ref, dom_name, &find_sid);
 
 		DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to "
@@ -332,6 +337,7 @@ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO
 {
 	LSA_INFO_UNION *info = &r_u->dom;
 	DOM_SID domain_sid;
+	fstring dos_domain;
 	char *name = NULL;
 	DOM_SID *sid = NULL;
 
@@ -340,6 +346,9 @@ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO
 	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
 		return NT_STATUS_INVALID_HANDLE;
 
+	fstrcpy(dos_domain, global_myworkgroup);
+	unix_to_dos(dos_domain, True);
+
 	switch (q_u->info_class) {
 	case 0x02:
 		{
@@ -355,24 +364,25 @@ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO
             break;
 		}
 	case 0x03:
-		switch (lp_server_role())
-		{
+		/* Request PolicyPrimaryDomainInformation. */
+		switch (lp_server_role()) {
 			case ROLE_DOMAIN_PDC:
 			case ROLE_DOMAIN_BDC:
-				name = global_myworkgroup;
+				name = dos_domain;
 				sid = &global_sam_sid;
 				break;
 			case ROLE_DOMAIN_MEMBER:
-				name = global_myname;
-				if (secrets_fetch_domain_sid(global_myworkgroup,
-					&domain_sid))
-						sid = &domain_sid;
+				name = dos_domain;
+				/* We need to return the Domain SID here. */
+				if (secrets_fetch_domain_sid(dos_domain,
+							     &domain_sid))
+					sid = &domain_sid;
 				else
-					sid = &global_sam_sid;
+					return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 				break;
 			case ROLE_STANDALONE:
-				name = global_myname;
-				sid = NULL;
+				name = dos_domain;
+				sid = NULL; /* Tell it we're not in a domain. */
 				break;
 			default:
 				return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
@@ -380,24 +390,19 @@ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO
 		init_dom_query(&r_u->dom.id3, name, sid);
 		break;
 	case 0x05:
-		/* AS/U shows this needs to be the same as level 3. JRA. */
-		switch (lp_server_role())
-		{
+		/* Request PolicyAccountDomainInformation. */
+		switch (lp_server_role()) {
 			case ROLE_DOMAIN_PDC:
 			case ROLE_DOMAIN_BDC:
-				name = global_myworkgroup;
+				name = dos_domain;
 				sid = &global_sam_sid;
 				break;
 			case ROLE_DOMAIN_MEMBER:
-				name = global_myname;
-				if (secrets_fetch_domain_sid(global_myworkgroup,
-					&domain_sid))
-						sid = &domain_sid;
-				else
-					sid = &global_sam_sid;
+				name = dos_domain;
+				sid = &global_sam_sid;
 				break;
 			case ROLE_STANDALONE:
-				name = global_myname;
+				name = dos_domain;
 				sid = &global_sam_sid;
 				break;
 			default:
@@ -406,8 +411,7 @@ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO
 		init_dom_query(&r_u->dom.id5, name, sid);
 		break;
 	case 0x06:
-		switch (lp_server_role())
-		{
+		switch (lp_server_role()) {
 			case ROLE_DOMAIN_BDC:
 				/*
 				 * only a BDC is a backup controller
@@ -515,3 +519,33 @@ uint32 _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SECR
 {
 	return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 }
+
+uint32 _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
+{
+  fstring username, domname;
+  int ulen, dlen;
+  user_struct *vuser = get_valid_user_struct(p->vuid);
+  
+  if (vuser == NULL)
+    return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+  
+  fstrcpy(username, vuser->user.smb_name);
+  fstrcpy(domname, vuser->user.domain);
+  
+  ulen = strlen(username);
+  dlen = strlen(domname);
+  
+  init_uni_hdr(&r_u->hdr_user_name, ulen);
+  r_u->ptr_user_name = 1;
+  init_unistr2(&r_u->uni2_user_name, username, ulen);
+
+  r_u->unk1 = 1;
+  
+  init_uni_hdr(&r_u->hdr_dom_name, dlen);
+  r_u->ptr_dom_name = 1;
+  init_unistr2(&r_u->uni2_dom_name, domname, dlen);
+
+  r_u->status = NT_STATUS_NO_PROBLEMO;
+  
+  return r_u->status;
+}
diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c
index 01d646bf576..4c13ad0c670 100644
--- a/source/rpc_server/srv_netlog.c
+++ b/source/rpc_server/srv_netlog.c
@@ -60,6 +60,37 @@ static BOOL api_net_req_chal(pipes_struct *p)
 }
 
 /*************************************************************************
+ api_net_auth:
+ *************************************************************************/
+
+static BOOL api_net_auth(pipes_struct *p)
+{
+	NET_Q_AUTH q_u;
+	NET_R_AUTH r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the challenge... */
+	if(!net_io_q_auth("", &q_u, data, 0)) {
+		DEBUG(0,("api_net_auth: Failed to unmarshall NET_Q_AUTH.\n"));
+		return False;
+	}
+
+	r_u.status = _net_auth(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if(!net_io_r_auth("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_net_auth: Failed to marshall NET_R_AUTH.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*************************************************************************
  api_net_auth_2:
  *************************************************************************/
 
@@ -257,6 +288,7 @@ static BOOL api_net_logon_ctrl2(pipes_struct *p)
 static struct api_struct api_net_cmds [] =
 {
 	{ "NET_REQCHAL"       , NET_REQCHAL       , api_net_req_chal       }, 
+	{ "NET_AUTH"          , NET_AUTH          , api_net_auth           }, 
 	{ "NET_AUTH2"         , NET_AUTH2         , api_net_auth_2         }, 
 	{ "NET_SRVPWSET"      , NET_SRVPWSET      , api_net_srv_pwset      }, 
 	{ "NET_SAMLOGON"      , NET_SAMLOGON      , api_net_sam_logon      }, 
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index d3d14901ecf..5a7505869c5 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -68,7 +68,7 @@ uint32 _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTR
 	DEBUG(6,("_net_logon_ctrl2: %d\n", __LINE__));
 
 	/* set up the Logon Control2 response */
-	init_r_logon_ctrl2(r_u, q_u->query_level,
+	init_net_r_logon_ctrl2(r_u, q_u->query_level,
 	                   flags, pdc_connection_status, logon_attempts,
 	                   tc_status, trusted_domain);
 
@@ -96,18 +96,6 @@ uint32 _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRU
 	return r_u->status;
 }
 
-/*************************************************************************
- init_net_r_auth_2:
- *************************************************************************/
-
-static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
-                              DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status)
-{
-	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
-	memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
-	r_a->status = status;
-}
-
 /***********************************************************************************
  init_net_r_srv_pwset:
  ***********************************************************************************/
@@ -217,6 +205,62 @@ uint32 _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
 }
 
 /*************************************************************************
+ init_net_r_auth:
+ *************************************************************************/
+
+static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, int status)
+{
+	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
+	r_a->status = status;
+}
+
+/*************************************************************************
+ _net_auth
+ *************************************************************************/
+
+uint32 _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
+{
+	uint32 status = NT_STATUS_NOPROBLEMO;
+	DOM_CHAL srv_cred;
+	UTIME srv_time;
+
+	if (!get_valid_user_struct(p->vuid))
+		return NT_STATUS_NO_SUCH_USER;
+
+	srv_time.time = 0;
+
+	/* check that the client credentials are valid */
+	if (cred_assert(&q_u->clnt_chal, p->dc.sess_key, &p->dc.clnt_cred.challenge, srv_time)) {
+
+		/* create server challenge for inclusion in the reply */
+		cred_create(p->dc.sess_key, &p->dc.srv_cred.challenge, srv_time, &srv_cred);
+
+		/* copy the received client credentials for use next time */
+		memcpy(p->dc.clnt_cred.challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+		memcpy(p->dc.srv_cred .challenge.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+	} else {
+		status = NT_STATUS_ACCESS_DENIED;
+	}
+
+	/* set up the LSA AUTH 2 response */
+	init_net_r_auth(r_u, &srv_cred, status);
+
+	return r_u->status;
+}
+
+/*************************************************************************
+ init_net_r_auth_2:
+ *************************************************************************/
+
+static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
+                              DOM_CHAL *resp_cred, NEG_FLAGS *flgs, int status)
+{
+	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
+	memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
+	r_a->status = status;
+}
+
+/*************************************************************************
  _net_auth_2
  *************************************************************************/
 
@@ -382,8 +426,8 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1, struct smb_passwd *smb_p
 	dump_data(100, nt_pwd, 16);
 #endif
 
-	SamOEMhash((uchar *)lm_pwd, key, False);
-	SamOEMhash((uchar *)nt_pwd, key, False);
+	SamOEMhash((uchar *)lm_pwd, key, 16);
+	SamOEMhash((uchar *)nt_pwd, key, 16);
 
 #ifdef DEBUG_PASSWORD
 	DEBUG(100,("decrypt of lm owf password:"));
@@ -456,26 +500,26 @@ static uint32 net_login_network(NET_ID_INFO_2 *id2, struct smb_passwd *smb_pass)
 uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
 {
 	uint32 status = NT_STATUS_NOPROBLEMO;
-    NET_USER_INFO_3 *usr_info = NULL;
-    DOM_CRED srv_cred;
-    struct smb_passwd *smb_pass = NULL;
-    struct sam_passwd *sam_pass = NULL;
-    UNISTR2 *uni_samlogon_user = NULL;
-    fstring nt_username;
+	NET_USER_INFO_3 *usr_info = NULL;
+	DOM_CRED srv_cred;
+	struct smb_passwd *smb_pass = NULL;
+	struct sam_passwd *sam_pass = NULL;
+	UNISTR2 *uni_samlogon_user = NULL;
+	fstring nt_username;
    
 	usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
 	if (!usr_info)
 		return NT_STATUS_NO_MEMORY;
 	ZERO_STRUCTP(usr_info);
  
-    if (!get_valid_user_struct(p->vuid))
-        return NT_STATUS_NO_SUCH_USER;
+	if (!get_valid_user_struct(p->vuid))
+		return NT_STATUS_NO_SUCH_USER;
     
-    /* checks and updates credentials.  creates reply credentials */
-    if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))
-        return NT_STATUS_INVALID_HANDLE;
-    else
-        memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
+	/* checks and updates credentials.  creates reply credentials */
+	if (!deal_with_creds(p->dc.sess_key, &p->dc.clnt_cred, &q_u->sam_id.client.cred, &srv_cred))
+		return NT_STATUS_INVALID_HANDLE;
+	else
+		memcpy(&p->dc.srv_cred, &p->dc.clnt_cred, sizeof(p->dc.clnt_cred));
     
 	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
 	memcpy(&r_u->srv_creds, &srv_cred, sizeof(r_u->srv_creds));
@@ -486,7 +530,7 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
 	r_u->auth_resp = 1; /* authoritative response */
 	r_u->switch_value = 3; /* indicates type of validation user info */
 
-    /* find the username */
+	/* find the username */
     
 	switch (q_u->sam_id.logon_level) {
 	case INTERACTIVE_LOGON_TYPE:
@@ -550,9 +594,15 @@ uint32 _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_
 	} 
 
 #ifdef WITH_PAM
-	if (!pam_accountcheck(nt_username)) {
-	  return NT_STATUS_ACCOUNT_DISABLED;
-	}
+	become_root();
+#if 0	/* JERRY */
+	status = smb_pam_accountcheck(nt_username);
+#else
+	status = smb_pam_accountcheck(sam_pass->smb_name);
+#endif
+	unbecome_root();
+	if (status != NT_STATUS_NOPROBLEMO)
+		return status;
 #endif
 
 	if (!(smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 07e4e73142e..d16290985ec 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -93,7 +93,7 @@ BOOL create_next_pdu(pipes_struct *p)
 	 */
 
 	if(p->fault_state) {
-		setup_fault_pdu(p);
+		setup_fault_pdu(p, 0x1c010002);
 		return True;
 	}
 
@@ -626,7 +626,7 @@ static BOOL setup_bind_nak(pipes_struct *p)
  Marshall a fault pdu.
 *******************************************************************/
 
-BOOL setup_fault_pdu(pipes_struct *p)
+BOOL setup_fault_pdu(pipes_struct *p, uint32 status)
 {
 	prs_struct outgoing_pdu;
 	RPC_HDR fault_hdr;
@@ -658,7 +658,7 @@ BOOL setup_fault_pdu(pipes_struct *p)
 
 	memset((char *)&hdr_resp, '\0', sizeof(hdr_resp));
 
-	fault_resp.status = 0x1c010002;
+	fault_resp.status = status;
 	fault_resp.reserved = 0;
 
 	/*
@@ -1204,7 +1204,7 @@ BOOL api_rpcTNP(pipes_struct *p, char *rpc_name,
 		 * and not put the pipe into fault state. JRA.
 		 */
 		DEBUG(4, ("unknown\n"));
-		setup_fault_pdu(p);
+		setup_fault_pdu(p, 0x1c010002);
 		return True;
 	}
 
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index 893bc8cb884..f91df7c4ef4 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -570,7 +570,7 @@ static ssize_t process_complete_pdu(pipes_struct *p)
 		DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n",
 			p->name ));
 		set_incoming_fault(p);
-		setup_fault_pdu(p);
+		setup_fault_pdu(p, 0x1c010002);
 		return (ssize_t)data_len;
 	}
 
@@ -619,7 +619,7 @@ static ssize_t process_complete_pdu(pipes_struct *p)
 	if (!reply) {
 		DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name));
 		set_incoming_fault(p);
-		setup_fault_pdu(p);
+		setup_fault_pdu(p, 0x1c010002);
 		prs_mem_free(&rpc_in);
 	} else {
 		/*
diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c
index 63150573139..cd1cc6926fc 100644
--- a/source/rpc_server/srv_samr.c
+++ b/source/rpc_server/srv_samr.c
@@ -670,6 +670,11 @@ static BOOL api_samr_set_userinfo(pipes_struct *p)
 
 	if (!samr_io_q_set_userinfo("", &q_u, data, 0)) {
 		DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n"));
+		/* Fix for W2K SP2 */
+		if (q_u.switch_value == 0x1a) {
+			setup_fault_pdu(p, 0x1c000006);
+			return True;
+		}
 		return False;
 	}
 
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 929a14afeb3..bccff04e308 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -61,7 +61,7 @@ static void free_samr_info(void *ptr)
   dynamically returns the correct user info..... JRA.
  ********************************************************************/
 
-static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
+static uint32 get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
                                 int *total_entries, int *num_entries,
                                 int max_num_entries, uint16 acb_mask)
 {
@@ -72,12 +72,12 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
     (*total_entries) = 0;
 
     if (pw_buf == NULL)
-        return False;
+        return NT_STATUS_NO_MEMORY;
 
     vp = startsmbpwent(False);
     if (!vp) {
         DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
-        return False;
+        return NT_STATUS_ACCESS_DENIED;
     }
 
     while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) {
@@ -119,10 +119,13 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
 
     endsmbpwent(vp);
 
-    return (*num_entries) > 0;
+	if (pwd!=NULL)
+		return STATUS_MORE_ENTRIES;
+	else
+		return NT_STATUS_NO_PROBLEMO;
 }
 
-static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
+static uint32 jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
                                 int *total_entries, uint32 *num_entries,
                                 int max_num_entries, uint16 acb_mask)
 {
@@ -133,12 +136,12 @@ static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
 	*total_entries = 0;
 
 	if (pw_buf == NULL)
-		return False;
+		return NT_STATUS_NO_MEMORY;
 
 	vp = startsmbpwent(False);
 	if (!vp) {
 		DEBUG(0, ("get_sampwd_entries: Unable to open SMB password database.\n"));
-		return False;
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	while (((pwd = getsam21pwent(vp)) != NULL) && (*num_entries) < max_num_entries) {
@@ -183,7 +186,11 @@ static BOOL jf_get_sampwd_entries(SAM_USER_INFO_21 *pw_buf, int start_idx,
 	endsmbpwent(vp);
 
 	*total_entries = *num_entries;
-	return True;
+
+	if (pwd!=NULL)
+		return STATUS_MORE_ENTRIES;
+	else
+		return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -675,7 +682,6 @@ uint32 _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_
 	SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES];
 	int num_entries = 0;
 	int total_entries = 0;
-	BOOL ret;
 	
 	r_u->status = NT_STATUS_NOPROBLEMO;
 
@@ -686,12 +692,12 @@ uint32 _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, SAMR_R_
 	DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
 
 	become_root();
-	ret = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
+	r_u->status = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
 								MAX_SAM_ENTRIES, q_u->acb_mask);
 	unbecome_root();
 
-	if (!ret)
-		return NT_STATUS_ACCESS_DENIED;
+	if (r_u->status != NT_STATUS_NOPROBLEMO && r_u->status != STATUS_MORE_ENTRIES)
+		return r_u->status;
 
 	samr_clear_passwd_fields(pass, num_entries);
 
@@ -775,34 +781,41 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
 
 	/* well-known aliases */
 	if (strequal(sid_str, "S-1-5-32")) {
-		char *name;
+		char *alias_name;
 		while (!lp_hide_local_users() &&
 				num_entries < max_entries && 
-				((name = builtin_alias_rids[num_entries].name) != NULL)) {
+				((alias_name = builtin_alias_rids[num_entries].name) != NULL)) {
 
-			fstrcpy(d_grp[num_entries].name, name);
+			fstrcpy(d_grp[num_entries].name, alias_name);
 			d_grp[num_entries].rid = builtin_alias_rids[num_entries].rid;
 
 			num_entries++;
 		}
 	} else if (strequal(sid_str, sam_sid_str) && !lp_hide_local_users()) {
-		char *name;
+		fstring name;
 		char *sep;
-		struct group *grp;
+		struct sys_grent *glist;
+		struct sys_grent *grp;
 
 		sep = lp_winbind_separator();
 
 		/* local aliases */
 		/* we return the UNIX groups here.  This seems to be the right */
 		/* thing to do, since NT member servers return their local     */
-                /* groups in the same situation.                               */
-		setgrent();
+		/* groups in the same situation.                               */
+
+		/* use getgrent_list() to retrieve the list of groups to avoid
+		 * problems with getgrent possible infinite loop by internal
+		 * libc grent structures overwrites by called functions */
+		grp = glist = getgrent_list();
+		if (grp == NULL)
+			return False;
 
-		while (num_entries < max_entries && ((grp = getgrent()) != NULL)) {
+		for (;(num_entries < max_entries) && (grp != NULL); grp = grp->next) {
 			int i;
 			uint32 trid;
-			name = grp->gr_name;
 
+			fstrcpy(name,grp->gr_name);
 			DEBUG(10,("get_group_alias_entries: got group %s\n", name ));
 
 			/* Don't return winbind groups as they are not local! */
@@ -820,7 +833,8 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
 
 			trid = pdb_gid_to_group_rid(grp->gr_gid);
 			for( i = 0; i < num_entries; i++)
-				if ( d_grp[i].rid == trid ) break;
+				if ( d_grp[i].rid == trid )
+					break;
 
 			if ( i < num_entries )
 				continue; /* rid was there, dup! */
@@ -840,7 +854,7 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
 			num_entries++;
 		}
 
-		endgrent();
+		grent_free(glist);
 	}
 
 	*p_num_entries = num_entries;
@@ -852,7 +866,7 @@ static BOOL get_group_alias_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 star
  Get the group entries - similar to get_sampwd_entries().
  ********************************************************************/
 
-static BOOL get_group_domain_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 start_idx,
+static uint32 get_group_domain_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 start_idx,
 				     uint32 *p_num_entries, uint32 max_entries)
 {
 	fstring sid_str;
@@ -880,7 +894,7 @@ static BOOL get_group_domain_entries(DOMAIN_GRP *d_grp, DOM_SID *sid, uint32 sta
 
 	*p_num_entries = num_entries;
 
-	return True;
+	return NT_STATUS_NO_PROBLEMO;
 }
 
 /*******************************************************************
@@ -959,7 +973,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
     int total_entries = 0;
     uint32 data_size = 0;
 	DOM_SID sid;
-	BOOL ret;
+	uint32 disp_ret;
 	SAM_DISPINFO_CTR *ctr;
 
 	DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__));
@@ -984,30 +998,30 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
 	case 0x4:
 		become_root();
 #if 0
-		ret = get_passwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
+		r_u->status = get_passwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
 						MAX_SAM_ENTRIES, acb_mask);
 #endif
 #if 0
 	/*
 	 * Which should we use here ? JRA.
 	 */
-		ret = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
+		r_u->status = get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
 						MAX_SAM_ENTRIES, acb_mask);
 #endif
 #if 1
-		ret = jf_get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
+		r_u->status = jf_get_sampwd_entries(pass, q_u->start_idx, &total_entries, &num_entries,
 						MAX_SAM_ENTRIES, acb_mask);
 #endif
 		unbecome_root();
-		if (!ret) {
+		if (r_u->status!=STATUS_MORE_ENTRIES && r_u->status!=NT_STATUS_NO_PROBLEMO) {
 			DEBUG(5, ("get_sampwd_entries: failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
+			return r_u->status;
 		}
 		break;
 	case 0x3:
 	case 0x5:
-		ret = get_group_domain_entries(grps, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
-		if (!ret)
+		r_u->status = get_group_domain_entries(grps, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES);
+		if (r_u->status!=NT_STATUS_NO_PROBLEMO)
 			return NT_STATUS_ACCESS_DENIED;
 		break;
 	default:
@@ -1015,6 +1029,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
 		return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
+	orig_num_entries = num_entries;
 
 	if (num_entries > q_u->max_entries)
 		num_entries = q_u->max_entries;
@@ -1028,31 +1043,47 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
 	samr_clear_passwd_fields(pass, num_entries);
 
 	data_size = q_u->max_size;
-	orig_num_entries = num_entries;
 
 	ctr = (SAM_DISPINFO_CTR *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_CTR));
+	if (!ctr)
+		return NT_STATUS_NO_MEMORY;
 
 	/* Now create reply structure */
 	switch (q_u->switch_level) {
 	case 0x1:
-		ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_1));
-		init_sam_dispinfo_1(ctr->sam.info1, &num_entries, &data_size, q_u->start_idx, pass);
+		if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_1))))
+			return NT_STATUS_NO_MEMORY;
+		disp_ret = init_sam_dispinfo_1(p->mem_ctx,ctr->sam.info1, &num_entries, &data_size, q_u->start_idx, pass);
+		if (disp_ret != NT_STATUS_NO_PROBLEMO)
+			return disp_ret;
 		break;
 	case 0x2:
-		ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_2));
-		init_sam_dispinfo_2(ctr->sam.info2, &num_entries, &data_size, q_u->start_idx, pass);
+		if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_2))))
+			return NT_STATUS_NO_MEMORY;
+		disp_ret = init_sam_dispinfo_2(p->mem_ctx,ctr->sam.info2, &num_entries, &data_size, q_u->start_idx, pass);
+		if (disp_ret != NT_STATUS_NO_PROBLEMO)
+			return disp_ret;
 		break;
 	case 0x3:
-		ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_3));
-		init_sam_dispinfo_3(ctr->sam.info3, &num_entries, &data_size, q_u->start_idx, grps);
+		if (!(ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_3))))
+			return NT_STATUS_NO_MEMORY;
+		disp_ret = init_sam_dispinfo_3(p->mem_ctx,ctr->sam.info3, &num_entries, &data_size, q_u->start_idx, grps);
+		if (disp_ret != NT_STATUS_NO_PROBLEMO)
+			return disp_ret;
 		break;
 	case 0x4:
-		ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_4));
-		init_sam_dispinfo_4(ctr->sam.info4, &num_entries, &data_size, q_u->start_idx, pass);
+		if (!(ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_4))))
+			return NT_STATUS_NO_MEMORY;
+		disp_ret = init_sam_dispinfo_4(p->mem_ctx,ctr->sam.info4, &num_entries, &data_size, q_u->start_idx, pass);
+		if (disp_ret != NT_STATUS_NO_PROBLEMO)
+			return disp_ret;
 		break;
 	case 0x5:
-		ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_5));
-		init_sam_dispinfo_5(ctr->sam.info5, &num_entries, &data_size, q_u->start_idx, grps);
+		if (!(ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_5))))
+			return NT_STATUS_NO_MEMORY;
+		disp_ret = init_sam_dispinfo_5(p->mem_ctx,ctr->sam.info5, &num_entries, &data_size, q_u->start_idx, grps);
+		if (disp_ret != NT_STATUS_NO_PROBLEMO)
+			return disp_ret;
 		break;
 	default:
 		ctr->sam.info = NULL;
@@ -1061,11 +1092,10 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_
 
 	DEBUG(5, ("_samr_query_dispinfo: %d\n", __LINE__));
 
-	init_samr_r_query_dispinfo(r_u, num_entries, data_size, q_u->switch_level, ctr, r_u->status);
+	if (num_entries < orig_num_entries)
+		r_u->status = STATUS_MORE_ENTRIES;
 
-	if (num_entries < orig_num_entries) {
-		return STATUS_MORE_ENTRIES;
-	}
+	init_samr_r_query_dispinfo(r_u, num_entries, data_size, q_u->switch_level, ctr, r_u->status);
 
 	return r_u->status;
 }
@@ -1181,7 +1211,7 @@ uint32 _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOK
     uint32 rid[MAX_SAM_ENTRIES];
     enum SID_NAME_USE type[MAX_SAM_ENTRIES];
     int i;
-    int num_rids = q_u->num_names1;
+    int num_rids = q_u->num_names2;
     DOM_SID pol_sid;
 
     r_u->status = NT_STATUS_NOPROBLEMO;
@@ -1201,8 +1231,6 @@ uint32 _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOK
         DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
     }
 
-    SMB_ASSERT_ARRAY(q_u->uni_name, num_rids);
-
     for (i = 0; i < num_rids; i++) {
         fstring name;
 
@@ -1756,7 +1784,7 @@ uint32 _samr_query_dom_info(pipes_struct *p, SAMR_Q_QUERY_DOMAIN_INFO *q_u, SAMR
 
 uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREATE_USER *r_u)
 {
-    struct sam_passwd *sam_pass;
+    struct sam_passwd *sam_pass = NULL;
     fstring mach_acct;
     pstring err_str;
     pstring msg_str;
@@ -1821,7 +1849,6 @@ uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CR
          sizeof(err_str), msg_str, sizeof(msg_str)))
     {
         DEBUG(0, ("%s\n", err_str));
-        close_policy_hnd(p, user_pol);
         return NT_STATUS_ACCESS_DENIED;
     }
 
@@ -1830,19 +1857,16 @@ uint32 _api_samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CR
     unbecome_root();
     if (sam_pass == NULL) {
         /* account doesn't exist: say so */
-        close_policy_hnd(p, user_pol);
         return NT_STATUS_ACCESS_DENIED;
     }
 
     /* Get the domain SID stored in the domain policy */
     if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
-        close_policy_hnd(p, user_pol);
         return NT_STATUS_INVALID_HANDLE;
     }
 
     /* append the user's RID to it */
     if(!sid_append_rid(&sid, sam_pass->user_rid)) {
-        close_policy_hnd(p, user_pol);
         return NT_STATUS_NO_SUCH_USER;
     }
 
@@ -2198,10 +2222,10 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, uint32 rid)
 }
 
 /*******************************************************************
- set_user_info_24
+ set_user_info_pw
  ********************************************************************/
 
-static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid)
+static BOOL set_user_info_pw(char *pass, uint32 rid)
 {
 	struct sam_passwd *pwd = getsam21pwrid(rid);
 	struct sam_passwd new_pwd;
@@ -2218,7 +2242,7 @@ static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid)
 
 	memset(buf, 0, sizeof(pstring));
 
-	if (!decode_pw_buffer((char*)id24->pass, buf, 256, &len, nt_hash, lm_hash))
+	if (!decode_pw_buffer(pass, buf, 256, &len, nt_hash, lm_hash))
 		return False;
 
 	new_pwd.smb_passwd = lm_hash;
@@ -2239,7 +2263,7 @@ static BOOL set_user_info_24(SAM_USER_INFO_24 *id24, uint32 rid)
 	
 	memset(buf, 0, sizeof(buf));
 	
-	DEBUG(5,("set_user_info_24: pdb_update_sam_account()\n"));
+	DEBUG(5,("set_user_info_pw: pdb_update_sam_account()\n"));
 
 	/* update the SAMBA password */
 	if(!mod_sam21pwd_entry(&new_pwd, True))
@@ -2313,13 +2337,39 @@ uint32 _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_
 			break;
 
 		case 24:
-			SamOEMhash(ctr->info.id24->pass, sess_key, 1);
-			if (!set_user_info_24(ctr->info.id24, rid))
+			SamOEMhash(ctr->info.id24->pass, sess_key, 516);
+
+			dump_data(100, (char *)ctr->info.id24->pass, 516);
+
+			if (!set_user_info_pw((char *)(ctr->info.id24->pass), rid))
+				return NT_STATUS_ACCESS_DENIED;
+			break;
+
+		case 25:
+#if 0
+			/*
+			 * Currently we don't really know how to unmarshall
+			 * the level 25 struct, and the password encryption
+			 * is different. This is a placeholder for when we
+			 * do understand it. In the meantime just return INVALID
+			 * info level and W2K SP2 drops down to level 23... JRA.
+			 */
+
+			SamOEMhash(ctr->info.id25->pass, sess_key, 532);
+
+			dump_data(100, (char *)ctr->info.id25->pass, 532);
+
+			if (!set_user_info_pw(ctr->info.id25->pass, rid))
 				return NT_STATUS_ACCESS_DENIED;
 			break;
+#endif
+			return NT_STATUS_INVALID_INFO_CLASS;
 
 		case 23:
-			SamOEMhash(ctr->info.id23->pass, sess_key, 1);
+			SamOEMhash(ctr->info.id23->pass, sess_key, 516);
+
+			dump_data(100, (char *)ctr->info.id23->pass, 516);
+
 			if (!set_user_info_23(ctr->info.id23, rid))
 				return NT_STATUS_ACCESS_DENIED;
 			break;
diff --git a/source/rpc_server/srv_spoolss.c b/source/rpc_server/srv_spoolss.c
index ddd8255139a..63bbc5f87b7 100755
--- a/source/rpc_server/srv_spoolss.c
+++ b/source/rpc_server/srv_spoolss.c
@@ -214,6 +214,38 @@ static BOOL api_spoolss_deleteprinter(pipes_struct *p)
 
 
 /********************************************************************
+ * api_spoolss_deleteprinterdriver
+ *
+ * called from the spoolss dispatcher
+ ********************************************************************/
+
+static BOOL api_spoolss_deleteprinterdriver(pipes_struct *p)
+{
+	SPOOL_Q_DELETEPRINTERDRIVER q_u;
+	SPOOL_R_DELETEPRINTERDRIVER r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	if (!spoolss_io_q_deleteprinterdriver("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_deleteprinterdriver: unable to unmarshall SPOOL_Q_DELETEPRINTERDRIVER.\n"));
+		return False;
+	}
+
+	r_u.status = _spoolss_deleteprinterdriver(p, &q_u, &r_u);
+
+	if (!spoolss_io_r_deleteprinterdriver("",&r_u,rdata,0)) {
+		DEBUG(0,("spoolss_io_r_deleteprinter: unable to marshall SPOOL_R_DELETEPRINTER.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+
+/********************************************************************
  * api_spoolss_rffpcnex
  * ReplyFindFirstPrinterChangeNotifyEx
  ********************************************************************/
@@ -1059,6 +1091,38 @@ static BOOL api_spoolss_enumprintprocessors(pipes_struct *p)
 /****************************************************************************
 ****************************************************************************/
 
+static BOOL api_spoolss_addprintprocessor(pipes_struct *p)
+{
+	SPOOL_Q_ADDPRINTPROCESSOR q_u;
+	SPOOL_R_ADDPRINTPROCESSOR r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+	
+	if(!spoolss_io_q_addprintprocessor("", &q_u, data, 0)) {
+		DEBUG(0,("spoolss_io_q_addprintprocessor: unable to unmarshall SPOOL_Q_ADDPRINTPROCESSOR.\n"));
+		return False;
+	}
+	
+	/* for now, just indicate success and ignore the add.  We'll
+	   automatically set the winprint processor for printer
+	   entries later.  Used to debug the LexMark Optra S 1855 PCL
+	   driver --jerry */
+	r_u.status = NT_STATUS_NO_PROBLEMO;
+
+	if(!spoolss_io_r_addprintprocessor("", &r_u, rdata, 0)) {
+		DEBUG(0,("spoolss_io_r_addprintprocessor: unable to marshall SPOOL_R_ADDPRINTPROCESSOR.\n"));
+		return False;
+	}
+	
+	return True;
+}
+
+/****************************************************************************
+****************************************************************************/
+
 static BOOL api_spoolss_enumprintprocdatatypes(pipes_struct *p)
 {
 	SPOOL_Q_ENUMPRINTPROCDATATYPES q_u;
@@ -1169,6 +1233,7 @@ struct api_struct api_spoolss_cmds[] =
  {"SPOOLSS_ENUMPRINTERDRIVERS",        SPOOLSS_ENUMPRINTERDRIVERS,        api_spoolss_enumprinterdrivers        },
  {"SPOOLSS_ADDPRINTEREX",              SPOOLSS_ADDPRINTEREX,              api_spoolss_addprinterex              },
  {"SPOOLSS_ADDPRINTERDRIVER",          SPOOLSS_ADDPRINTERDRIVER,          api_spoolss_addprinterdriver          },
+ {"SPOOLSS_DELETEPRINTERDRIVER",       SPOOLSS_DELETEPRINTERDRIVER,       api_spoolss_deleteprinterdriver       },
  {"SPOOLSS_GETPRINTERDRIVERDIRECTORY", SPOOLSS_GETPRINTERDRIVERDIRECTORY, api_spoolss_getprinterdriverdirectory },
  {"SPOOLSS_ENUMPRINTERDATA",           SPOOLSS_ENUMPRINTERDATA,           api_spoolss_enumprinterdata           },
  {"SPOOLSS_SETPRINTERDATA",            SPOOLSS_SETPRINTERDATA,            api_spoolss_setprinterdata            },
@@ -1177,6 +1242,7 @@ struct api_struct api_spoolss_cmds[] =
  {"SPOOLSS_DELETEFORM",                SPOOLSS_DELETEFORM,                api_spoolss_deleteform                },
  {"SPOOLSS_GETFORM",                   SPOOLSS_GETFORM,                   api_spoolss_getform                   },
  {"SPOOLSS_SETFORM",                   SPOOLSS_SETFORM,                   api_spoolss_setform                   },
+ {"SPOOLSS_ADDPRINTPROCESSOR",         SPOOLSS_ADDPRINTPROCESSOR,         api_spoolss_addprintprocessor         },
  {"SPOOLSS_ENUMPRINTPROCESSORS",       SPOOLSS_ENUMPRINTPROCESSORS,       api_spoolss_enumprintprocessors       },
  {"SPOOLSS_ENUMMONITORS",              SPOOLSS_ENUMMONITORS,              api_spoolss_enumprintmonitors         },
  {"SPOOLSS_GETJOB",                    SPOOLSS_GETJOB,                    api_spoolss_getjob                    },
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index aa943996307..3fcb08891df 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -34,6 +34,13 @@ extern pstring global_myname;
 #define PRINTER_HANDLE_IS_PRINTER	0
 #define PRINTER_HANDLE_IS_PRINTSERVER	1
 
+struct table_node {
+	char    *long_archi;
+	char    *short_archi;
+	int     version;
+};
+
+
 /* structure to store the printer handles */
 /* and a reference to what it's pointing to */
 /* and the notify info asked about */
@@ -371,7 +378,7 @@ static BOOL set_printer_hnd_printertype(Printer_entry *Printer, char *handlename
 	}
 
 	/* it's a print server */
-	if (!strchr(handlename+2, '\\')) {
+	if (*handlename=='\\' && *(handlename+1)=='\\' && !strchr(handlename+2, '\\')) {
 		DEBUGADD(4,("Printer is a print server\n"));
 		Printer->printer_type = PRINTER_HANDLE_IS_PRINTSERVER;		
 	}
@@ -407,8 +414,13 @@ static BOOL set_printer_hnd_name(Printer_entry *Printer, char *handlename)
 	if (Printer->printer_type!=PRINTER_HANDLE_IS_PRINTER)
 		return False;
 	
-	aprinter=strchr(handlename+2, '\\');
-	aprinter++;
+	if (*handlename=='\\') {
+		aprinter=strchr(handlename+2, '\\');
+		aprinter++;
+	}
+	else {
+		aprinter=handlename;
+	}
 
 	DEBUGADD(5,("searching for [%s] (len=%d)\n", aprinter, strlen(aprinter)));
 
@@ -600,7 +612,7 @@ static BOOL alloc_buffer_size(NEW_BUFFER *buffer, uint32 buffer_size)
  receive the notify message
 ****************************************************************************/
 
-void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len)
+static void srv_spoolss_receive_message(int msg_type, pid_t src, void *buf, size_t len)
 {
 	fstring printer;
 	uint32 status;
@@ -1053,6 +1065,81 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL
 	return result;
 }
 
+/*******************************************************************
+ * static function to lookup the version id corresponding to an
+ * long architecture string
+ ******************************************************************/
+static int get_version_id (char * arch)
+{
+	int i;
+	struct table_node archi_table[]= {
+ 
+	        {"Windows 4.0",          "WIN40",       0 },
+	        {"Windows NT x86",       "W32X86",      2 },
+	        {"Windows NT R4000",     "W32MIPS",     2 },	
+	        {"Windows NT Alpha_AXP", "W32ALPHA",    2 },
+	        {"Windows NT PowerPC",   "W32PPC",      2 },
+	        {NULL,                   "",            -1 }
+	};
+ 
+	for (i=0; archi_table[i].long_archi != NULL; i++)
+	{
+		if (strcmp(arch, archi_table[i].long_archi) == 0)
+			return (archi_table[i].version);
+        }
+	
+	return -1;
+}
+
+/********************************************************************
+ * _spoolss_deleteprinterdriver
+ *
+ * We currently delete the driver for the architecture only.
+ * This can leave the driver for other archtectures.  However,
+ * since every printer associates a "Windows NT x86" driver name
+ * and we cannot delete that one while it is in use, **and** since
+ * it is impossible to assign a driver to a Samba printer without
+ * having the "Windows NT x86" driver installed,...
+ * 
+ * ....we should not get into trouble here.  
+ *
+ *                                                      --jerry
+ ********************************************************************/
+
+uint32 _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER *q_u, 
+				    SPOOL_R_DELETEPRINTERDRIVER *r_u)
+{
+	fstring				driver;
+	fstring				arch;
+	NT_PRINTER_DRIVER_INFO_LEVEL	info;
+	int				version;
+	 
+	unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
+	unistr2_to_ascii(arch,   &q_u->arch,   sizeof(arch)-1   );
+	
+	/* check that we have a valid driver name first */
+	if ((version=get_version_id(arch)) == -1) {
+		/* this is what NT returns */
+		return ERROR_INVALID_ENVIRONMENT;
+	}
+		
+	ZERO_STRUCT(info);
+	if (get_a_printer_driver (&info, 3, driver, arch, version) != 0) {
+		/* this is what NT returns */
+		return ERROR_UNKNOWN_PRINTER_DRIVER;
+	}
+	
+
+	if (printer_driver_in_use(arch, driver))
+	{
+		/* this is what NT returns */
+		return ERROR_PRINTER_DRIVER_IN_USE;
+	}
+
+	return delete_printer_driver(info.info_3);	 
+}
+
+
 /********************************************************************
  GetPrinterData on a printer server Handle.
 ********************************************************************/
@@ -1266,7 +1353,12 @@ static BOOL srv_spoolss_replyopenprinter(char *printer, uint32 localprinter, uin
 	 * and connect to the IPC$ share anonumously
 	 */
 	if (smb_connections==0) {
-		if(!spoolss_connect_to_client(&cli, printer+2)) /* the +2 is to strip the leading 2 backslashs */
+		fstring unix_printer;
+
+		fstrcpy(unix_printer, printer+2); /* the +2 is to strip the leading 2 backslashs */
+		dos_to_unix(unix_printer, True);
+
+		if(!spoolss_connect_to_client(&cli, unix_printer))
 			return False;
 		message_register(MSG_PRINTER_NOTIFY, srv_spoolss_receive_message);
 
@@ -4029,35 +4121,35 @@ static uint32 update_printer_sec(POLICY_HND *handle, uint32 level,
 	nt_printing_getsec(p->mem_ctx, Printer->dev.handlename, &old_secdesc_ctr);
 
 	if (DEBUGLEVEL >= 10) {
-		SEC_ACL *acl;
+		SEC_ACL *the_acl;
 		int i;
 
-		acl = old_secdesc_ctr->sec->dacl;
+		the_acl = old_secdesc_ctr->sec->dacl;
 		DEBUG(10, ("old_secdesc_ctr for %s has %d aces:\n", 
-			   PRINTERNAME(snum), acl->num_aces));
+			   PRINTERNAME(snum), the_acl->num_aces));
 
-		for (i = 0; i < acl->num_aces; i++) {
+		for (i = 0; i < the_acl->num_aces; i++) {
 			fstring sid_str;
 
-			sid_to_string(sid_str, &acl->ace[i].sid);
+			sid_to_string(sid_str, &the_acl->ace[i].sid);
 
 			DEBUG(10, ("%s 0x%08x\n", sid_str, 
-				  acl->ace[i].info.mask));
+				  the_acl->ace[i].info.mask));
 		}
 
-		acl = secdesc_ctr->sec->dacl;
+		the_acl = secdesc_ctr->sec->dacl;
 
-		if (acl) {
+		if (the_acl) {
 			DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", 
-				   PRINTERNAME(snum), acl->num_aces));
+				   PRINTERNAME(snum), the_acl->num_aces));
 
-			for (i = 0; i < acl->num_aces; i++) {
+			for (i = 0; i < the_acl->num_aces; i++) {
 				fstring sid_str;
 				
-				sid_to_string(sid_str, &acl->ace[i].sid);
+				sid_to_string(sid_str, &the_acl->ace[i].sid);
 				
 				DEBUG(10, ("%s 0x%08x\n", sid_str, 
-					   acl->ace[i].info.mask));
+					   the_acl->ace[i].info.mask));
 			}
 		} else {
 			DEBUG(10, ("dacl for secdesc_ctr is NULL\n"));
@@ -4121,7 +4213,6 @@ static BOOL check_printer_ok(NT_PRINTER_INFO_LEVEL_2 *info, int snum)
 static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer)
 {
 	char *cmd = lp_addprinter_cmd();
-	char *path;
 	char **qlines;
 	pstring command;
 	pstring driverlocation;
@@ -4129,11 +4220,6 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer)
 	int ret;
 	int fd;
 
-	if (*lp_pathname(lp_servicenumber(PRINTERS_NAME)))
-		path = lp_pathname(lp_servicenumber(PRINTERS_NAME));
-	else
-		path = lp_lockdir();
-
 	/* build driver path... only 9X architecture is needed for legacy reasons */
 	slprintf(driverlocation, sizeof(driverlocation)-1, "\\\\%s\\print$\\WIN40\\0",
 			global_myname);
@@ -5305,7 +5391,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM *
 	FORM_1 form_1;
 	fstring form_name;
 	int buffer_size=0;
-	int numofforms=0, i = -1;
+	int numofforms=0, i=0;
 
 	/* that's an [in out] buffer */
 	spoolss_move_buffer(q_u->buffer, &r_u->buffer);
@@ -5402,18 +5488,12 @@ static uint32 enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need
 
 	if (*lp_enumports_cmd()) {
 		char *cmd = lp_enumports_cmd();
-		char *path;
 		char **qlines;
 		pstring command;
 		int numlines;
 		int ret;
 		int fd;
 
-		if (*lp_pathname(lp_servicenumber(PRINTERS_NAME)))
-			path = lp_pathname(lp_servicenumber(PRINTERS_NAME));
-		else
-			path = lp_lockdir();
-
 		slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 1);
 
 		DEBUG(10,("Running [%s]\n", command));
@@ -5510,7 +5590,7 @@ static uint32 enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need
 		else
 			path = lp_lockdir();
 
-		slprintf(tmp_file, sizeof(tmp_file)-1, "%s/smbcmd.%d.", path, sys_getpid());
+		slprintf(tmp_file, sizeof(tmp_file)-1, "%s/smbcmd.%u.", path, (unsigned int)sys_getpid());
 		slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 2);
 
 		unlink(tmp_file);
diff --git a/source/rpc_server/srv_srvsvc.c b/source/rpc_server/srv_srvsvc.c
index d4d5e1bfe86..fe008d0dde8 100644
--- a/source/rpc_server/srv_srvsvc.c
+++ b/source/rpc_server/srv_srvsvc.c
@@ -56,6 +56,33 @@ static BOOL api_srv_net_srv_get_info(pipes_struct *p)
 }
 
 /*******************************************************************
+ api_srv_net_srv_get_info
+********************************************************************/
+
+static BOOL api_srv_net_srv_set_info(pipes_struct *p)
+{
+	SRV_Q_NET_SRV_SET_INFO q_u;
+	SRV_R_NET_SRV_SET_INFO r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* grab the net server set info */
+	if (!srv_io_q_net_srv_set_info("", &q_u, data, 0))
+		return False;
+
+	r_u.status = _srv_net_srv_set_info(p, &q_u, &r_u);
+
+	/* store the response in the SMB stream */
+	if (!srv_io_r_net_srv_set_info("", &r_u, rdata, 0))
+		return False;
+
+	return True;
+}
+
+/*******************************************************************
  api_srv_net_file_enum
 ********************************************************************/
 
@@ -345,6 +372,126 @@ static BOOL api_srv_net_remote_tod(pipes_struct *p)
 }
 
 /*******************************************************************
+ RPC to enumerate disks available on a server e.g. C:, D: ...
+*******************************************************************/
+
+static BOOL api_srv_net_disk_enum(pipes_struct *p) 
+{
+	SRV_Q_NET_DISK_ENUM q_u;
+	SRV_R_NET_DISK_ENUM r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net server disk enum. */
+	if(!srv_io_q_net_disk_enum("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_disk_enum: Failed to unmarshall SRV_Q_NET_DISK_ENUM.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_disk_enum(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_disk_enum("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_disk_enum: Failed to marshall SRV_R_NET_DISK_ENUM.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ NetValidateName (opnum 0x21) 
+*******************************************************************/
+
+static BOOL api_srv_net_name_validate(pipes_struct *p) 
+{
+	SRV_Q_NET_NAME_VALIDATE q_u;
+	SRV_R_NET_NAME_VALIDATE r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+ 
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+  
+	/* Unmarshall the net server disk enum. */
+	if(!srv_io_q_net_name_validate("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_name_validate: Failed to unmarshall SRV_Q_NET_NAME_VALIDATE.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_name_validate(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_name_validate("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_name_validate: Failed to marshall SRV_R_NET_NAME_VALIDATE.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ NetFileQuerySecdesc (opnum 0x27)
+*******************************************************************/
+
+static BOOL api_srv_net_file_query_secdesc(pipes_struct *p)
+{
+	SRV_Q_NET_FILE_QUERY_SECDESC q_u;
+	SRV_R_NET_FILE_QUERY_SECDESC r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net file get info from Win9x */
+	if(!srv_io_q_net_file_query_secdesc("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_file_query_secdesc: Failed to unmarshall SRV_Q_NET_FILE_QUERY_SECDESC.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_file_query_secdesc(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_file_query_secdesc("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_file_query_secdesc: Failed to marshall SRV_R_NET_FILE_QUERY_SECDESC.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
+ NetFileSetSecdesc (opnum 0x28)
+*******************************************************************/
+
+static BOOL api_srv_net_file_set_secdesc(pipes_struct *p)
+{
+	SRV_Q_NET_FILE_SET_SECDESC q_u;
+	SRV_R_NET_FILE_SET_SECDESC r_u;
+	prs_struct *data = &p->in_data.data;
+	prs_struct *rdata = &p->out_data.rdata;
+
+	ZERO_STRUCT(q_u);
+	ZERO_STRUCT(r_u);
+
+	/* Unmarshall the net file set info from Win9x */
+	if(!srv_io_q_net_file_set_secdesc("", &q_u, data, 0)) {
+		DEBUG(0,("api_srv_net_file_set_secdesc: Failed to unmarshall SRV_Q_NET_FILE_SET_SECDESC.\n"));
+		return False;
+	}
+
+	r_u.status = _srv_net_file_set_secdesc(p, &q_u, &r_u);
+
+	if(!srv_io_r_net_file_set_secdesc("", &r_u, rdata, 0)) {
+		DEBUG(0,("api_srv_net_file_set_secdesc: Failed to marshall SRV_R_NET_FILE_SET_SECDESC.\n"));
+		return False;
+	}
+
+	return True;
+}
+
+/*******************************************************************
 \PIPE\srvsvc commands
 ********************************************************************/
 
@@ -360,7 +507,12 @@ struct api_struct api_srv_cmds[] =
 	{ "SRV_NET_SHARE_SET_INFO", SRV_NET_SHARE_SET_INFO, api_srv_net_share_set_info },
 	{ "SRV_NETFILEENUM"       , SRV_NETFILEENUM       , api_srv_net_file_enum    },
 	{ "SRV_NET_SRV_GET_INFO"  , SRV_NET_SRV_GET_INFO  , api_srv_net_srv_get_info },
+	{ "SRV_NET_SRV_SET_INFO"  , SRV_NET_SRV_SET_INFO  , api_srv_net_srv_set_info },
 	{ "SRV_NET_REMOTE_TOD"    , SRV_NET_REMOTE_TOD    , api_srv_net_remote_tod   },
+	{ "SRV_NET_DISK_ENUM"     , SRV_NET_DISK_ENUM     , api_srv_net_disk_enum    },
+	{ "SRV_NET_NAME_VALIDATE" , SRV_NET_NAME_VALIDATE , api_srv_net_name_validate},
+	{ "SRV_NETFILEQUERYSECDESC",SRV_NETFILEQUERYSECDESC,api_srv_net_file_query_secdesc},
+	{ "SRV_NETFILESETSECDESC" , SRV_NETFILESETSECDESC , api_srv_net_file_set_secdesc},
 	{ NULL                    , 0                     , NULL                     }
 };
 
diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c
index 887c100d577..b487eb1c824 100644
--- a/source/rpc_server/srv_srvsvc_nt.c
+++ b/source/rpc_server/srv_srvsvc_nt.c
@@ -77,6 +77,14 @@ static void init_srv_share_info_2(SRV_SHARE_INFO_2 *sh2, int snum)
 	pstring_sub(remark,"%S",lp_servicename(snum));
 	pstrcpy(path, "C:");
 	pstrcat(path, lp_pathname(snum));
+
+	/*
+	 * Change / to \\ so that win2k will see it as a valid path.  This was added to
+	 * enable use of browsing in win2k add share dialog.
+	 */ 
+
+	string_replace(path, '/', '\\');
+
 	pstrcpy(passwd, "");
 	len_net_name = strlen(net_name);
 
@@ -117,7 +125,7 @@ BOOL share_info_db_init(void)
     char *vstring = "INFO/version";
  
     if (share_tdb && local_pid == sys_getpid()) return True;
-    share_tdb = tdb_open(lock_path("share_info.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
+    share_tdb = tdb_open_log(lock_path("share_info.tdb"), 0, 0, O_RDWR|O_CREAT, 0600);
     if (!share_tdb) {
         DEBUG(0,("Failed to open share info database %s (%s)\n",
 				lock_path("share_info.tdb"), strerror(errno) ));
@@ -363,6 +371,14 @@ static void init_srv_share_info_502(TALLOC_CTX *ctx, SRV_SHARE_INFO_502 *sh502,
 	pstring_sub(remark,"%S",lp_servicename(snum));
 	pstrcpy(path, "C:");
 	pstrcat(path, lp_pathname(snum));
+
+	/*
+	 * Change / to \\ so that win2k will see it as a valid path.  This was added to
+	 * enable use of browsing in win2k add share dialog.
+	 */ 
+
+	string_replace(path, '/', '\\');
+
 	pstrcpy(passwd, "");
 	len_net_name = strlen(net_name);
 
@@ -379,7 +395,7 @@ static void init_srv_share_info_502(TALLOC_CTX *ctx, SRV_SHARE_INFO_502 *sh502,
 	sd = get_share_security(ctx, snum, &sd_size);
 
 	init_srv_share_info502(&sh502->info_502, net_name, type, remark, 0, 0xffffffff, 1, path, passwd, sd, sd_size);
-	init_srv_share_info502_str(&sh502->info_502_str, net_name, remark, path, passwd, sd, sd_size);
+	init_srv_share_info502_str(&sh502->info_502_str, &sh502->info_502, net_name, remark, path, passwd, sd, sd_size);
 }
 
 /***************************************************************************
@@ -1032,6 +1048,28 @@ uint32 _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R
 }
 
 /*******************************************************************
+net server set info
+********************************************************************/
+
+uint32 _srv_net_srv_set_info(pipes_struct *p, SRV_Q_NET_SRV_SET_INFO *q_u, SRV_R_NET_SRV_SET_INFO *r_u)
+{
+	/* NT gives "Windows NT error 0xc00000022" if we return
+	   NT_STATUS_ACCESS_DENIED here so just pretend everything is OK. */
+
+	uint32 status = NT_STATUS_NOPROBLEMO;
+
+	DEBUG(5,("srv_net_srv_set_info: %d\n", __LINE__));
+
+	/* Set up the net server set info structure. */
+
+	init_srv_r_net_srv_set_info(r_u, 0x0, status);
+
+	DEBUG(5,("srv_net_srv_set_info: %d\n", __LINE__));
+
+	return r_u->status;
+}
+
+/*******************************************************************
 net file enum
 ********************************************************************/
 
@@ -1546,3 +1584,293 @@ uint32 _srv_net_remote_tod(pipes_struct *p, SRV_Q_NET_REMOTE_TOD *q_u, SRV_R_NET
 
 	return r_u->status;
 }
+
+/***********************************************************************************
+ Win9x NT tools get security descriptor.
+***********************************************************************************/
+
+uint32 _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC *q_u,
+			SRV_R_NET_FILE_QUERY_SECDESC *r_u)
+{
+	SEC_DESC *psd = NULL;
+	size_t sd_size;
+	fstring null_pw;
+	pstring filename;
+	pstring qualname;
+	files_struct *fsp = NULL;
+	SMB_STRUCT_STAT st;
+	BOOL bad_path;
+	int access_mode;
+	int action;
+	int ecode;
+	struct current_user user;
+	fstring user_name;
+	connection_struct *conn = NULL;
+
+	ZERO_STRUCT(st);
+
+	r_u->status = NT_STATUS_NOPROBLEMO;
+
+	unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
+
+	/* Null password is ok - we are already an authenticated user... */
+	*null_pw = '\0';
+
+	get_current_user(&user, p);
+	fstrcpy(user_name, uidtoname(user.uid));
+
+	conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
+
+	if (conn == NULL) {
+		DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname));
+		r_u->status = (uint32)ecode;
+		goto error_exit;
+	}
+
+	unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
+	unix_convert(filename, conn, NULL, &bad_path, &st);
+	fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDONLY),
+				(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+
+	if (!fsp) {
+		/* Perhaps it is a directory */
+		if (errno == EISDIR)
+			fsp = open_directory(conn, filename, &st,
+					(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+
+		if (!fsp) {
+			DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename));
+			r_u->status = ERROR_ACCESS_DENIED;
+			goto error_exit;
+		}
+	}
+
+	sd_size = conn->vfs_ops.get_nt_acl(fsp, fsp->fsp_name, &psd);
+
+	if (sd_size == 0) {
+		DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename));
+		r_u->status = ERROR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
+	r_u->ptr_response = 1;
+	r_u->size_response = sd_size;
+	r_u->ptr_secdesc = 1;
+	r_u->size_secdesc = sd_size;
+	r_u->sec_desc = psd;
+
+	psd->dacl->revision = (uint16) NT4_ACL_REVISION;
+
+	close_file(fsp, True);
+
+	close_cnum(conn, user.vuid);
+	return r_u->status;
+
+  error_exit:
+
+	if(fsp) {
+		close_file(fsp, True);
+	}
+
+	if (conn) 
+		close_cnum(conn, user.vuid);
+
+	return r_u->status;
+}
+
+/***********************************************************************************
+ Win9x NT tools set security descriptor.
+***********************************************************************************/
+
+uint32 _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_u,
+									SRV_R_NET_FILE_SET_SECDESC *r_u)
+{
+	BOOL ret;
+	pstring filename;
+	pstring qualname;
+	fstring null_pw;
+	files_struct *fsp = NULL;
+	SMB_STRUCT_STAT st;
+	BOOL bad_path;
+	int access_mode;
+	int action;
+	int ecode;
+	struct current_user user;
+	fstring user_name;
+	connection_struct *conn = NULL;
+
+	ZERO_STRUCT(st);
+
+	r_u->status = NT_STATUS_NOPROBLEMO;
+
+	unistr2_to_ascii(qualname, &q_u->uni_qual_name, sizeof(qualname));
+
+	/* Null password is ok - we are already an authenticated user... */
+	*null_pw = '\0';
+
+	get_current_user(&user, p);
+	fstrcpy(user_name, uidtoname(user.uid));
+
+	conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
+
+	if (conn == NULL) {
+		DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname));
+		r_u->status = (uint32)ecode;
+		goto error_exit;
+	}
+
+	unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
+	unix_convert(filename, conn, NULL, &bad_path, &st);
+
+	fsp = open_file_shared(conn, filename, &st, SET_OPEN_MODE(DOS_OPEN_RDWR),
+			(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, 0, &access_mode, &action);
+
+	if (!fsp) {
+		/* Perhaps it is a directory */
+		if (errno == EISDIR)
+			fsp = open_directory(conn, filename, &st,
+						(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), 0, &action);
+
+		if (!fsp) {
+			DEBUG(3,("_srv_net_file_set_secdesc: Unable to open file %s\n", filename));
+			r_u->status = ERROR_ACCESS_DENIED;
+			goto error_exit;
+		}
+	}
+
+	ret = conn->vfs_ops.set_nt_acl(fsp, fsp->fsp_name, q_u->sec_info, q_u->sec_desc);
+
+	if (ret == False) {
+		DEBUG(3,("_srv_net_file_set_secdesc: Unable to set NT ACL on file %s\n", filename));
+		r_u->status = ERROR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
+	close_file(fsp, True);
+	close_cnum(conn, user.vuid);
+	return r_u->status;
+
+  error_exit:
+
+	if(fsp) {
+		close_file(fsp, True);
+	}
+
+	if (conn) 
+		close_cnum(conn, user.vuid);
+
+	return r_u->status;
+}
+
+/***********************************************************************************
+ It may be that we want to limit users to creating shares on certain areas of the UNIX file area.
+ We could define areas by mapping Windows style disks to points on the UNIX directory hierarchy.
+ These disks would the disks listed by this function.
+ Users could then create shares relative to these disks.  Watch out for moving these disks around.
+ "Nigel Williams" <nigel@veritas.com>.
+***********************************************************************************/
+
+const char *server_disks[] = {"C:"};
+
+static uint32 get_server_disk_count(void)
+{
+	return sizeof(server_disks)/sizeof(server_disks[0]);
+}
+
+static uint32 init_server_disk_enum(uint32 *resume)
+{
+	uint32 server_disk_count = get_server_disk_count();
+
+	/*resume can be an offset into the list for now*/
+
+	if(*resume & 0x80000000)
+		*resume = 0;
+
+	if(*resume > server_disk_count)
+		*resume = server_disk_count;
+
+	return server_disk_count - *resume;
+}
+
+static const char *next_server_disk_enum(uint32 *resume)
+{
+	const char *disk;
+
+	if(init_server_disk_enum(resume) == 0)
+		return NULL;
+
+	disk = server_disks[*resume];
+
+	(*resume)++;
+
+	DEBUG(10, ("next_server_disk_enum: reporting disk %s. resume handle %d.\n", disk, *resume));
+
+	return disk;
+}
+
+uint32 _srv_net_disk_enum(pipes_struct *p, SRV_Q_NET_DISK_ENUM *q_u, SRV_R_NET_DISK_ENUM *r_u)
+{
+	uint32 i;
+	const char *disk_name;
+	uint32 resume=get_enum_hnd(&q_u->enum_hnd);
+
+	r_u->status=NT_STATUS_NOPROBLEMO;
+
+	r_u->total_entries = init_server_disk_enum(&resume);
+
+	r_u->disk_enum_ctr.unknown = 0; 
+
+	r_u->disk_enum_ctr.disk_info_ptr = (uint32) r_u->disk_enum_ctr.disk_info;
+
+	/*allow one DISK_INFO for null terminator*/
+
+	for(i = 0; i < MAX_SERVER_DISK_ENTRIES -1 && (disk_name = next_server_disk_enum(&resume)); i++) {
+
+		r_u->disk_enum_ctr.entries_read++;
+
+		/*copy disk name into a unicode string*/
+
+		init_unistr3(&r_u->disk_enum_ctr.disk_info[i].disk_name, disk_name);    
+	}
+
+	/*add a terminating null string.  Is this there if there is more data to come?*/
+
+	r_u->disk_enum_ctr.entries_read++;
+
+	init_unistr3(&r_u->disk_enum_ctr.disk_info[i].disk_name, "");
+
+	init_enum_hnd(&r_u->enum_hnd, resume);
+
+	return r_u->status;
+}
+
+uint32 _srv_net_name_validate(pipes_struct *p, SRV_Q_NET_NAME_VALIDATE *q_u, SRV_R_NET_NAME_VALIDATE *r_u)
+{
+	int snum;
+	fstring share_name;
+
+	r_u->status=NT_STATUS_NOPROBLEMO;
+
+	switch(q_u->type) {
+
+	case 0x9:
+
+		/*check if share name is ok*/
+		/*also check if we already have a share with this name*/
+
+		unistr2_to_ascii(share_name, &q_u->uni_name, sizeof(share_name));
+		snum = find_service(share_name);
+
+		/* Share already exists. */
+		if (snum >= 0)
+			r_u->status = NT_STATUS_OBJECT_NAME_INVALID;
+		break;
+
+	default:
+		/*unsupported type*/
+		r_u->status = ERROR_INVALID_LEVEL;
+		break;
+	}
+
+	return r_u->status;
+}
diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c
index f107f1f2af9..8f15b7f117b 100644
--- a/source/rpc_server/srv_util.c
+++ b/source/rpc_server/srv_util.c
@@ -162,8 +162,12 @@ void get_domain_user_groups(char *domain_groups, char *user)
 
 	if (domain_groups == NULL || user == NULL) return;
 
+#if 0	/* removed by --jerry */ 
 	/* any additional groups this user is in.  e.g power users */
 	pstrcpy(domain_groups, lp_domain_groups());
+#else
+	*domain_groups = '\0';
+#endif
 
 	/* can only be a user or a guest.  cannot be guest _and_ admin */
 	if (user_in_list(user, lp_domain_guest_group()))
diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c
index a574f2e128a..153d5366e00 100644
--- a/source/rpcclient/cmd_lsarpc.c
+++ b/source/rpcclient/cmd_lsarpc.c
@@ -34,12 +34,19 @@ static uint32 cmd_lsa_query_info_policy(struct cli_state *cli, int argc, char **
 	DOM_SID dom_sid;
 	fstring sid_str, domain_name;
 	uint32 info_class = 3;
+	TALLOC_CTX *mem_ctx;
 
 	if (argc > 2) {
 		printf("Usage: %s [info_class]\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_lsa_query_info_poicy: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	if (argc == 2) {
 		info_class = atoi(argv[1]);
 	}
@@ -50,7 +57,7 @@ static uint32 cmd_lsa_query_info_policy(struct cli_state *cli, int argc, char **
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if ((result = cli_lsa_open_policy(cli, True, 
+	if ((result = cli_lsa_open_policy(cli, mem_ctx, True, 
 					  SEC_RIGHTS_MAXIMUM_ALLOWED,
 					  &pol)) != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -60,7 +67,7 @@ static uint32 cmd_lsa_query_info_policy(struct cli_state *cli, int argc, char **
 
 	/* Lookup info policy */
 
-	if ((result = cli_lsa_query_info_policy(cli, &pol, info_class, 
+	if ((result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class, 
 						domain_name, &dom_sid)) 
 	    != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -73,10 +80,11 @@ static uint32 cmd_lsa_query_info_policy(struct cli_state *cli, int argc, char **
 done:
 
 	if (got_policy_hnd) {
-		cli_lsa_close(cli, &pol);
+		cli_lsa_close(cli, mem_ctx, &pol);
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -91,12 +99,19 @@ static uint32 cmd_lsa_lookup_names(struct cli_state *cli, int argc, char **argv)
 	DOM_SID *sids;
 	uint32 *types;
 	int num_names, i;
+	TALLOC_CTX *mem_ctx;
 
 	if (argc == 1) {
 		printf("Usage: %s [name1 [name2 [...]]]\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_lsa_lookup_names: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
 		fprintf (stderr, "Could not initialize samr pipe!\n");
@@ -104,7 +119,7 @@ static uint32 cmd_lsa_lookup_names(struct cli_state *cli, int argc, char **argv)
 	}
 
 
-	if ((result = cli_lsa_open_policy(cli, True, 
+	if ((result = cli_lsa_open_policy(cli, mem_ctx, True, 
 					  SEC_RIGHTS_MAXIMUM_ALLOWED,
 					  &pol)) != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -114,8 +129,8 @@ static uint32 cmd_lsa_lookup_names(struct cli_state *cli, int argc, char **argv)
 
 	/* Lookup the names */
 
-	if ((result = cli_lsa_lookup_names(
-		cli, &pol, argc - 1, &argv[1], &sids, &types, &num_names) !=
+	if ((result = cli_lsa_lookup_names(cli, mem_ctx, &pol, argc - 1, 
+		&argv[1], &sids, &types, &num_names) !=
 	     NT_STATUS_NOPROBLEMO)) {
 		goto done;
 	}
@@ -130,16 +145,19 @@ static uint32 cmd_lsa_lookup_names(struct cli_state *cli, int argc, char **argv)
 		       types[i]);
 	}
 
+#if 0	/* JERRY */
 	safe_free(sids);
 	safe_free(types);      
+#endif
 
  done:
 
 	if (got_policy_hnd) {
-		cli_lsa_close(cli, &pol);
+		cli_lsa_close(cli, mem_ctx, &pol);
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -155,19 +173,26 @@ static uint32 cmd_lsa_lookup_sids(struct cli_state *cli, int argc, char **argv)
 	char **names;
 	uint32 *types;
 	int num_names, i;
+	TALLOC_CTX *mem_ctx;
 
 	if (argc == 1) {
 		printf("Usage: %s [sid1 [sid2 [...]]]\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_lsa_lookup_sids: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
 		fprintf (stderr, "Could not initialize samr pipe!\n");
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if ((result = cli_lsa_open_policy(cli, True, 
+	if ((result = cli_lsa_open_policy(cli, mem_ctx, True, 
 					  SEC_RIGHTS_MAXIMUM_ALLOWED,
 					  &pol)) != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -177,7 +202,7 @@ static uint32 cmd_lsa_lookup_sids(struct cli_state *cli, int argc, char **argv)
 
 	/* Convert arguments to sids */
 
-	sids = (DOM_SID *)malloc(sizeof(DOM_SID) * (argc - 1));
+	sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
 
 	if (!sids) {
 		printf("out of memory\n");
@@ -190,7 +215,7 @@ static uint32 cmd_lsa_lookup_sids(struct cli_state *cli, int argc, char **argv)
 
 	/* Lookup the SIDs */
 
-	if ((result = cli_lsa_lookup_sids(cli, &pol, argc - 1, sids, 
+	if ((result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, argc - 1, sids, 
 					  &names, &types, &num_names) !=
 	     NT_STATUS_NOPROBLEMO)) {
 		goto done;
@@ -206,6 +231,7 @@ static uint32 cmd_lsa_lookup_sids(struct cli_state *cli, int argc, char **argv)
 		       "*unknown*", types[i]);
 	}
 
+#if 0	/* JERRY */
 	safe_free(sids);
 	safe_free(types);      
 
@@ -214,14 +240,16 @@ static uint32 cmd_lsa_lookup_sids(struct cli_state *cli, int argc, char **argv)
 	}
 
 	safe_free(names);
+#endif
 
  done:
 
 	if (got_policy_hnd) {
-		cli_lsa_close(cli, &pol);
+		cli_lsa_close(cli, mem_ctx, &pol);
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy (mem_ctx);
 
 	return result;
 }
@@ -238,19 +266,26 @@ static uint32 cmd_lsa_enum_trust_dom(struct cli_state *cli, int argc, char **arg
 	uint32 enum_ctx = 0;
 	uint32 num_domains;
 	int i;
+	TALLOC_CTX *mem_ctx;
 
 	if (argc != 1) {
 		printf("Usage: %s\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_lsa_enum_trust_dom: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
 		fprintf (stderr, "Could not initialize samr pipe!\n");
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	if ((result = cli_lsa_open_policy(cli, True, 
+	if ((result = cli_lsa_open_policy(cli, mem_ctx, True, 
 					  SEC_RIGHTS_MAXIMUM_ALLOWED,
 					  &pol)) != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -260,7 +295,7 @@ static uint32 cmd_lsa_enum_trust_dom(struct cli_state *cli, int argc, char **arg
 
 	/* Lookup list of trusted domains */
 
-	if ((result = cli_lsa_enum_trust_dom(cli, &pol, &enum_ctx,
+	if ((result = cli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
 					     &num_domains, &domain_names,
 					     &domain_sids) 
 	     != NT_STATUS_NOPROBLEMO)) {
@@ -277,6 +312,7 @@ static uint32 cmd_lsa_enum_trust_dom(struct cli_state *cli, int argc, char **arg
 		       "*unknown*", sid_str);
 	}
 
+#if 0	/* JERRY */
 	safe_free(domain_sids);
 
 	for (i = 0; i < num_domains; i++) {
@@ -284,14 +320,16 @@ static uint32 cmd_lsa_enum_trust_dom(struct cli_state *cli, int argc, char **arg
 	}
 
 	safe_free(domain_names);
+#endif
 
  done:
 
 	if (got_policy_hnd) {
-		cli_lsa_close(cli, &pol);
+		cli_lsa_close(cli, mem_ctx, &pol);
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c
index b3d135275a7..931d44eb3b1 100644
--- a/source/rpcclient/cmd_samr.c
+++ b/source/rpcclient/cmd_samr.c
@@ -5,8 +5,8 @@
 
    Copyright (C) Andrew Tridgell              1992-2000,
    Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
-   Copyright (C) Elrond                            2000
-   Copyright (C) Tim Potter 2000
+   Copyright (C) Elrond                            2000,
+   Copyright (C) Tim Potter                        2000
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -94,6 +94,31 @@ static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
 	}
 }
 
+static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
+{
+	fstring name;
+
+	unistr2_to_ascii(name, &info2->uni_domain, sizeof(name) - 1); 
+	printf("Domain:\t%s\n", name);
+
+	unistr2_to_ascii(name, &info2->uni_server, sizeof(name) - 1); 
+	printf("Server:\t%s\n", name);
+
+	printf("Total Users:\t%d\n", info2->num_domain_usrs);
+	printf("Total Groups:\t%d\n", info2->num_domain_grps);
+	printf("Total Aliases:\t%d\n", info2->num_local_grps);
+	
+	printf("Sequence No:\t%d\n", info2->seq_num);
+	
+	printf("Unknown 0:\t0x%x\n", info2->unknown_0);
+	printf("Unknown 1:\t0x%x\n", info2->unknown_1);
+	printf("Unknown 2:\t0x%x\n", info2->unknown_2);
+	printf("Unknown 3:\t0x%x\n", info2->unknown_3);
+	printf("Unknown 4:\t0x%x\n", info2->unknown_4);
+	printf("Unknown 5:\t0x%x\n", info2->unknown_5);
+	printf("Unknown 6:\t0x%x\n", info2->unknown_6);
+}
+
 /**********************************************************************
  * Query user information 
  */
@@ -108,11 +133,24 @@ static uint32 cmd_samr_query_user(struct cli_state *cli, int argc, char **argv)
 	SAM_USERINFO_CTR user_ctr;
 	SAM_USER_INFO_21 info_21;
 	fstring			server;
+	TALLOC_CTX		*mem_ctx;
+	uint32 user_rid;
 	
-	if (argc != 1) {
-		printf("Usage: %s\n", argv[0]);
+	
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
 		return 0;
 	}
+	
+	sscanf(argv[1], "%i", &user_rid);
+
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_samr_query_user: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	fetch_domain_sid(cli);
 
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
@@ -123,16 +161,15 @@ static uint32 cmd_samr_query_user(struct cli_state *cli, int argc, char **argv)
 	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper (server);
 	
-	if ((result = cli_samr_connect(cli, server, MAXIMUM_ALLOWED_ACCESS,
+	if ((result = cli_samr_connect(cli, mem_ctx, server, MAXIMUM_ALLOWED_ACCESS,
 				       &connect_pol)) !=
 	    NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
 
 	got_connect_pol = True;
-	fetch_domain_sid(cli);
 
-	if ((result = cli_samr_open_domain(cli, &connect_pol,
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 					   MAXIMUM_ALLOWED_ACCESS,
 					   &domain_sid, &domain_pol))
 	     != NT_STATUS_NOPROBLEMO) {
@@ -141,9 +178,9 @@ static uint32 cmd_samr_query_user(struct cli_state *cli, int argc, char **argv)
 
 	got_domain_pol = True;
 
-	if ((result = cli_samr_open_user(cli, &domain_pol,
+	if ((result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
 					 MAXIMUM_ALLOWED_ACCESS,
-					 0x1f4, &user_pol))
+					 user_rid, &user_pol))
 	    != NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
@@ -155,7 +192,7 @@ static uint32 cmd_samr_query_user(struct cli_state *cli, int argc, char **argv)
 
 	user_ctr.info.id21 = &info_21;
 
-	if ((result = cli_samr_query_userinfo(cli, &user_pol, info_level,
+	if ((result = cli_samr_query_userinfo(cli, mem_ctx, &user_pol, info_level,
 					      &user_ctr)) 
 	    != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -164,11 +201,12 @@ static uint32 cmd_samr_query_user(struct cli_state *cli, int argc, char **argv)
 	display_sam_user_info_21(&info_21);
 
 done:
-	if (got_user_pol) cli_samr_close(cli, &user_pol);
-	if (got_domain_pol) cli_samr_close(cli, &domain_pol);
-	if (got_connect_pol) cli_samr_close(cli, &connect_pol);
+	if (got_user_pol) cli_samr_close(cli, mem_ctx, &user_pol);
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -227,12 +265,21 @@ static uint32 cmd_samr_query_group(struct cli_state *cli, int argc, char **argv)
 		got_group_pol = False;
 	GROUP_INFO_CTR group_ctr;
 	fstring			server;	
+	TALLOC_CTX		*mem_ctx;
 	
 	if (argc != 1) {
 		printf("Usage: %s\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_samr_query_group: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	fetch_domain_sid(cli);
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
 		fprintf (stderr, "Could not initialize samr pipe!\n");
@@ -242,16 +289,15 @@ static uint32 cmd_samr_query_group(struct cli_state *cli, int argc, char **argv)
 	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper (server);
 
-	if ((result = cli_samr_connect(cli, server, MAXIMUM_ALLOWED_ACCESS,
+	if ((result = cli_samr_connect(cli, mem_ctx, server, MAXIMUM_ALLOWED_ACCESS,
 				       &connect_pol)) !=
 	    NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
 
 	got_connect_pol = True;
-	fetch_domain_sid(cli);
 
-	if ((result = cli_samr_open_domain(cli, &connect_pol,
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 					   MAXIMUM_ALLOWED_ACCESS,
 					   &domain_sid, &domain_pol))
 	     != NT_STATUS_NOPROBLEMO) {
@@ -260,7 +306,7 @@ static uint32 cmd_samr_query_group(struct cli_state *cli, int argc, char **argv)
 
 	got_domain_pol = True;
 
-	if ((result = cli_samr_open_group(cli, &domain_pol,
+	if ((result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
 					  MAXIMUM_ALLOWED_ACCESS,
 					  0x202, &group_pol))
 	    != NT_STATUS_NOPROBLEMO) {
@@ -271,7 +317,7 @@ static uint32 cmd_samr_query_group(struct cli_state *cli, int argc, char **argv)
 
 	ZERO_STRUCT(group_ctr);
 
-	if ((result = cli_samr_query_groupinfo(cli, &group_pol, info_level,
+	if ((result = cli_samr_query_groupinfo(cli, mem_ctx, &group_pol, info_level,
 					       &group_ctr)) 
 	    != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -280,11 +326,12 @@ static uint32 cmd_samr_query_group(struct cli_state *cli, int argc, char **argv)
 	display_group_info_ctr(&group_ctr);
 
 done:
-	if (got_group_pol) cli_samr_close(cli, &group_pol);
-	if (got_domain_pol) cli_samr_close(cli, &domain_pol);
-	if (got_connect_pol) cli_samr_close(cli, &connect_pol);
+	if (got_group_pol) cli_samr_close(cli, mem_ctx, &group_pol);
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -305,14 +352,23 @@ static uint32 cmd_samr_query_usergroups(struct cli_state *cli, int argc, char **
 	DOM_GID 		*user_gids;
 	int 			i;
 	fstring			server;
+	TALLOC_CTX		*mem_ctx;
 	
 	if (argc != 2) {
 		printf("Usage: %s rid\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_samr_query_usergroups: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	sscanf(argv[1], "%i", &user_rid);
 
+	fetch_domain_sid(cli);
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
 		fprintf (stderr, "Could not initialize samr pipe!\n");
@@ -322,16 +378,15 @@ static uint32 cmd_samr_query_usergroups(struct cli_state *cli, int argc, char **
 	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper (server);
 		
-	if ((result = cli_samr_connect(cli, server, MAXIMUM_ALLOWED_ACCESS,
+	if ((result = cli_samr_connect(cli, mem_ctx, server, MAXIMUM_ALLOWED_ACCESS,
 				       &connect_pol)) !=
 	    NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
 
 	got_connect_pol = True;
-	fetch_domain_sid(cli);
 
-	if ((result = cli_samr_open_domain(cli, &connect_pol,
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 					   MAXIMUM_ALLOWED_ACCESS,
 					   &domain_sid, &domain_pol))
 	     != NT_STATUS_NOPROBLEMO) {
@@ -340,7 +395,7 @@ static uint32 cmd_samr_query_usergroups(struct cli_state *cli, int argc, char **
 
 	got_domain_pol = True;
 
-	if ((result = cli_samr_open_user(cli, &domain_pol,
+	if ((result = cli_samr_open_user(cli, mem_ctx, &domain_pol,
 					 MAXIMUM_ALLOWED_ACCESS,
 					 user_rid, &user_pol))
 	    != NT_STATUS_NOPROBLEMO) {
@@ -349,7 +404,7 @@ static uint32 cmd_samr_query_usergroups(struct cli_state *cli, int argc, char **
 
 	got_user_pol = True;
 
-	if ((result = cli_samr_query_usergroups(cli, &user_pol,
+	if ((result = cli_samr_query_usergroups(cli, mem_ctx, &user_pol,
 						&num_groups, &user_gids))
 	    != NT_STATUS_NOPROBLEMO) {
 		goto done;
@@ -361,11 +416,12 @@ static uint32 cmd_samr_query_usergroups(struct cli_state *cli, int argc, char **
 	}
 
  done:
-	if (got_user_pol) cli_samr_close(cli, &user_pol);
-	if (got_domain_pol) cli_samr_close(cli, &domain_pol);
-	if (got_connect_pol) cli_samr_close(cli, &connect_pol);
+	if (got_user_pol) cli_samr_close(cli, mem_ctx, &user_pol);
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -382,14 +438,23 @@ static uint32 cmd_samr_query_groupmem(struct cli_state *cli, int argc, char **ar
 	uint32 num_members, *group_rids, *group_attrs, group_rid;
 	int i;
 	fstring			server;
+	TALLOC_CTX		*mem_ctx;
 	
 	if (argc != 2) {
 		printf("Usage: %s rid\n", argv[0]);
 		return 0;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_samr_query_groupmem: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	sscanf(argv[1], "%i", &group_rid);
 
+	fetch_domain_sid(cli);
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
 		fprintf (stderr, "Could not initialize samr pipe!\n");
@@ -399,16 +464,15 @@ static uint32 cmd_samr_query_groupmem(struct cli_state *cli, int argc, char **ar
 	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper (server);
 
-	if ((result = cli_samr_connect(cli, server, MAXIMUM_ALLOWED_ACCESS,
+	if ((result = cli_samr_connect(cli, mem_ctx, server, MAXIMUM_ALLOWED_ACCESS,
 				       &connect_pol)) !=
 	    NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
 
 	got_connect_pol = True;
-	fetch_domain_sid(cli);
 
-	if ((result = cli_samr_open_domain(cli, &connect_pol,
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
 					   MAXIMUM_ALLOWED_ACCESS,
 					   &domain_sid, &domain_pol))
 	     != NT_STATUS_NOPROBLEMO) {
@@ -417,7 +481,7 @@ static uint32 cmd_samr_query_groupmem(struct cli_state *cli, int argc, char **ar
 
 	got_domain_pol = True;
 
-	if ((result = cli_samr_open_group(cli, &domain_pol,
+	if ((result = cli_samr_open_group(cli, mem_ctx, &domain_pol,
 					  MAXIMUM_ALLOWED_ACCESS,
 					  group_rid, &group_pol))
 	    != NT_STATUS_NOPROBLEMO) {
@@ -426,7 +490,7 @@ static uint32 cmd_samr_query_groupmem(struct cli_state *cli, int argc, char **ar
 
 	got_group_pol = True;
 
-	if ((result = cli_samr_query_groupmem(cli, &group_pol,
+	if ((result = cli_samr_query_groupmem(cli, mem_ctx, &group_pol,
 					      &num_members, &group_rids,
 					      &group_attrs))
 	    != NT_STATUS_NOPROBLEMO) {
@@ -439,11 +503,361 @@ static uint32 cmd_samr_query_groupmem(struct cli_state *cli, int argc, char **ar
 	}
 
  done:
-	if (got_group_pol) cli_samr_close(cli, &group_pol);
-	if (got_domain_pol) cli_samr_close(cli, &domain_pol);
-	if (got_connect_pol) cli_samr_close(cli, &connect_pol);
+	if (got_group_pol) cli_samr_close(cli, mem_ctx, &group_pol);
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
+
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
+
+/* Enumerate domain groups */
+
+static uint32 cmd_samr_enum_dom_groups(struct cli_state *cli, int argc, 
+				       char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
+	BOOL got_connect_pol = False, got_domain_pol = False;
+	TALLOC_CTX *mem_ctx;
+	fstring server;
+	uint32 start_idx, size, num_dom_groups, i;
+	struct acct_info *dom_groups;
+
+	if (argc != 1) {
+		printf("Usage: %s\n", argv[0]);
+		return 0;
+	}
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("cmd_samr_enum_dom_groups: talloc_init returned "
+			  "NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	fetch_domain_sid(cli);
+
+	/* Initialise RPC connection */
+
+	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
+		fprintf (stderr, "Could not initialize samr pipe!\n");
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper(server);
+
+	/* Get sam policy handle */
+
+	if ((result = cli_samr_connect(cli, mem_ctx, server, 
+				       MAXIMUM_ALLOWED_ACCESS, 
+				       &connect_pol)) !=
+	    NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_connect_pol = True;
+
+	/* Get domain policy handle */
+
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					   MAXIMUM_ALLOWED_ACCESS,
+					   &domain_sid, &domain_pol))
+	     != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_domain_pol = True;
+
+	/* Enumerate domain groups */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	result = cli_samr_enum_dom_groups(cli, mem_ctx, &domain_pol,
+					  &start_idx, size,
+					  &dom_groups, &num_dom_groups);
+
+	for (i = 0; i < num_dom_groups; i++)
+		printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
+		       dom_groups[i].rid);
+
+ done:
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
+
+/* Query alias membership */
+
+static uint32 cmd_samr_query_aliasmem(struct cli_state *cli, int argc, 
+				      char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol, alias_pol;
+	BOOL got_connect_pol = False, got_domain_pol = False,
+		got_alias_pol = False;
+	TALLOC_CTX *mem_ctx;
+	uint32 result = NT_STATUS_UNSUCCESSFUL, alias_rid, num_members, i;
+	DOM_SID *alias_sids;
+
+	fstring server;
+
+	if (argc != 2) {
+		printf("Usage: %s rid\n", argv[0]);
+		return 0;
+	}
+
+	if (!(mem_ctx=talloc_init())) {
+		DEBUG(0,("cmd_samr_query_aliasmem: talloc_init() "
+			 "returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	sscanf(argv[1], "%i", &alias_rid);
+
+	/* Initialise RPC connection */
+
+	fetch_domain_sid(cli);
+
+	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
+		fprintf (stderr, "Could not initialize samr pipe!\n");
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* Open SAMR handle */
+
+	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper(server);
+
+	if ((result = cli_samr_connect(cli, mem_ctx, server, 
+				       MAXIMUM_ALLOWED_ACCESS, 
+				       &connect_pol)) != 
+	    NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_connect_pol = True;
+
+	/* Open handle on domain */
+
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					   MAXIMUM_ALLOWED_ACCESS,
+					   &domain_sid, &domain_pol))
+	     != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_domain_pol = True;
+
+	/* Open handle on alias */
+
+	if ((result = cli_samr_open_alias(cli, mem_ctx, &domain_pol,
+					  MAXIMUM_ALLOWED_ACCESS,
+					  alias_rid, &alias_pol))
+	    != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_alias_pol = True;
+
+	if ((result = cli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
+					      &num_members, &alias_sids))
+	    != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	for (i = 0; i < num_members; i++) {
+		fstring sid_str;
+
+		sid_to_string(sid_str, &alias_sids[i]);
+		printf("\tsid:[%s]\n", sid_str);
+	}
+
+ done:
+	if (got_alias_pol) cli_samr_close(cli, mem_ctx, &alias_pol);
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
+
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
+
+/* Query display info */
+
+static uint32 cmd_samr_query_dispinfo(struct cli_state *cli, int argc, 
+				      char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
+	BOOL got_connect_pol = False, got_domain_pol = False;
+	TALLOC_CTX *mem_ctx;
+	fstring server;
+	uint32 start_idx, size, num_dom_groups, i;
+	struct acct_info *dom_groups;
+
+	if (argc != 1) {
+		printf("Usage: %s\n", argv[0]);
+		return 0;
+	}
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("cmd_samr_query_dispinfo: talloc_init returned "
+			  "NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	fetch_domain_sid(cli);
+
+	/* Initialise RPC connection */
+
+	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
+		fprintf (stderr, "Could not initialize samr pipe!\n");
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper(server);
+
+	/* Get sam policy handle */
+
+	if ((result = cli_samr_connect(cli, mem_ctx, server, 
+				       MAXIMUM_ALLOWED_ACCESS, 
+				       &connect_pol)) !=
+	    NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_connect_pol = True;
+
+	/* Get domain policy handle */
+
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					   MAXIMUM_ALLOWED_ACCESS,
+					   &domain_sid, &domain_pol))
+	     != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_domain_pol = True;
+
+	/* Query display info */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	result = cli_samr_enum_dom_groups(cli, mem_ctx, &domain_pol,
+					  &start_idx, size,
+					  &dom_groups, &num_dom_groups);
+
+	for (i = 0; i < num_dom_groups; i++)
+		printf("group:[%s] rid:[0x%x]\n", dom_groups[i].acct_name,
+		       dom_groups[i].rid);
+
+ done:
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
+
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
+
+	return result;
+}
+
+/* Query domain info */
+
+static uint32 cmd_samr_query_dominfo(struct cli_state *cli, int argc, 
+				     char **argv) 
+{
+	POLICY_HND connect_pol, domain_pol;
+	uint32 result = NT_STATUS_UNSUCCESSFUL;
+	BOOL got_connect_pol = False, got_domain_pol = False;
+	TALLOC_CTX *mem_ctx;
+	fstring server;
+	uint16 switch_value = 2;
+	SAM_UNK_CTR ctr;
+
+	if (argc > 2) {
+		printf("Usage: %s [infolevel\n", argv[0]);
+		return 0;
+	}
+
+	if (argc == 2)
+		switch_value = atoi(argv[1]);
+
+	if (!(mem_ctx = talloc_init())) {
+		DEBUG(0, ("cmd_samr_query_dispinfo: talloc_init returned "
+			  "NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	fetch_domain_sid(cli);
+
+	/* Initialise RPC connection */
+
+	if (!cli_nt_session_open (cli, PIPE_SAMR)) {
+		fprintf (stderr, "Could not initialize samr pipe!\n");
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper(server);
+
+	/* Get sam policy handle */
+
+	if ((result = cli_samr_connect(cli, mem_ctx, server, 
+				       MAXIMUM_ALLOWED_ACCESS, 
+				       &connect_pol)) 
+	    != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_connect_pol = True;
+
+	/* Get domain policy handle */
+
+	if ((result = cli_samr_open_domain(cli, mem_ctx, &connect_pol,
+					   MAXIMUM_ALLOWED_ACCESS,
+					   &domain_sid, &domain_pol))
+	    != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	got_domain_pol = True;
+
+	/* Query domain info */
+
+	if ((result = cli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
+					      switch_value, &ctr))
+	    != NT_STATUS_NOPROBLEMO) {
+		goto done;
+	}
+
+	/* Display domain info */
+
+	switch (switch_value) {
+	case 2:
+		display_sam_unk_info_2(&ctr.info.inf2);
+		break;
+	default:
+		printf("cannot display domain info for switch value %d\n",
+		       switch_value);
+		break;
+	}
+
+ done:
+	if (got_domain_pol) cli_samr_close(cli, mem_ctx, &domain_pol);
+	if (got_connect_pol) cli_samr_close(cli, mem_ctx, &connect_pol);
+
+	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -452,10 +866,16 @@ static uint32 cmd_samr_query_groupmem(struct cli_state *cli, int argc, char **ar
 
 struct cmd_set samr_commands[] = {
 	{ "SAMR", 		NULL,		 		"" },
+
 	{ "queryuser", 		cmd_samr_query_user, 		"Query user info" },
 	{ "querygroup", 	cmd_samr_query_group, 		"Query group info" },
 	{ "queryusergroups", 	cmd_samr_query_usergroups, 	"Query user groups" },
 	{ "querygroupmem", 	cmd_samr_query_groupmem, 	"Query group membership" },
+	{ "queryaliasmem", 	cmd_samr_query_aliasmem, 	"Query alias membership" },
+	{ "querydispinfo", 	cmd_samr_query_dispinfo, 	"Query display info" },
+	{ "querydominfo", 	cmd_samr_query_dominfo, 	"Query domain info" },
+	{ "enumdomgroups",      cmd_samr_enum_dom_groups,       "Enumerate domain groups" },
+
 	{ NULL, NULL, NULL }
 };
 
diff --git a/source/rpcclient/cmd_spoolss.c b/source/rpcclient/cmd_spoolss.c
index 52ff8b2cdfe..6b5d45a2492 100644
--- a/source/rpcclient/cmd_spoolss.c
+++ b/source/rpcclient/cmd_spoolss.c
@@ -146,8 +146,9 @@ static uint32 cmd_spoolss_open_printer_ex(struct cli_state *cli, int argc, char
 {
 	uint32 		result = NT_STATUS_UNSUCCESSFUL; 
 	pstring		printername;
-	fstring		server, user;
+	fstring		servername, user;
 	POLICY_HND	hnd;
+	TALLOC_CTX 	*mem_ctx;
 	
 	if (argc != 2) {
 		printf("Usage: %s <printername>\n", argv[0]);
@@ -156,10 +157,16 @@ static uint32 cmd_spoolss_open_printer_ex(struct cli_state *cli, int argc, char
 	
 	if (!cli)
 		return NT_STATUS_UNSUCCESSFUL;
-		
 
-	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
-	strupper (server);
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_open_printer_ex: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
 	fstrcpy  (user, cli->user_name);
 	fstrcpy  (printername, argv[1]);
 
@@ -171,18 +178,19 @@ static uint32 cmd_spoolss_open_printer_ex(struct cli_state *cli, int argc, char
 	}
 
 	/* Open the printer handle */
-	result = cli_spoolss_open_printer_ex (cli, printername, "", 
-				MAXIMUM_ALLOWED_ACCESS, server, user, &hnd);
+	result = cli_spoolss_open_printer_ex (cli, mem_ctx, printername, "", 
+				MAXIMUM_ALLOWED_ACCESS, servername, user, &hnd);
 
 	if (result == NT_STATUS_NOPROBLEMO) {
 		printf ("Printer %s opened successfully\n", printername);
-		result = cli_spoolss_close_printer (cli, &hnd);
+		result = cli_spoolss_close_printer (cli, mem_ctx, &hnd);
 		if (result != NT_STATUS_NOPROBLEMO) {
 			printf ("Error closing printer handle! (%s)\n", get_nt_error_msg(result));
 		}
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -194,13 +202,13 @@ printer info level 0 display function
 static void display_print_info_0(PRINTER_INFO_0 *i1)
 {
 	fstring 	name;
-	fstring 	the_server;
+	fstring 	servername;
 
 	unistr_to_ascii(name, i1->printername.buffer, sizeof(name) - 1);
-	unistr_to_ascii(the_server, i1->servername.buffer, sizeof(the_server) - 1);
+	unistr_to_ascii(servername, i1->servername.buffer, sizeof(servername) - 1);
 
 	printf("\tprintername:[%s]\n", name);
-	printf("\tservername:[%s]\n", the_server);
+	printf("\tservername:[%s]\n", servername);
 	printf("\tcjobs:[0x%x]\n", i1->cjobs);
 	printf("\ttotal_jobs:[0x%x]\n", i1->total_jobs);
 	
@@ -335,14 +343,22 @@ static uint32 cmd_spoolss_enum_printers(struct cli_state *cli, int argc, char **
 				info_level = 1;
 	PRINTER_INFO_CTR	ctr;
 	int 			returned;
-	uint32			i;
-	
+	uint32			i = 0;
+	TALLOC_CTX		*mem_ctx;
+
 	if (argc > 2) 
 	{
 		printf("Usage: %s [level]\n", argv[0]);
 		return NT_STATUS_NOPROBLEMO;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_enum_printers: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+
 	if (argc == 2) {
 		info_level = atoi(argv[1]);
 	}
@@ -356,10 +372,14 @@ static uint32 cmd_spoolss_enum_printers(struct cli_state *cli, int argc, char **
 	/* Enumerate printers  -- Should we enumerate types other 
 	   than PRINTER_ENUM_LOCAL?  Maybe accept as a parameter?  --jerry */
 	ZERO_STRUCT(ctr);
-	result = cli_spoolss_enum_printers(cli, PRINTER_ENUM_LOCAL, 
+	result = cli_spoolss_enum_printers(cli, mem_ctx, PRINTER_ENUM_LOCAL, 
 					   info_level, &returned, &ctr);
 
-	if (result == NT_STATUS_NOPROBLEMO) {
+	if (result == NT_STATUS_NOPROBLEMO) 
+	{
+		if (!returned)
+			printf ("No Printers printers returned.\n");
+	
 		switch(info_level) {
 		case 0:
 			for (i=0; i<returned; i++) {
@@ -388,6 +408,7 @@ static uint32 cmd_spoolss_enum_printers(struct cli_state *cli, int argc, char **
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -429,11 +450,19 @@ static uint32 cmd_spoolss_enum_ports(struct cli_state *cli, int argc, char **arg
 				info_level = 1;
 	PORT_INFO_CTR 		ctr;
 	int 			returned;
+	TALLOC_CTX		*mem_ctx;
 	
 	if (argc > 2) {
 		printf("Usage: %s [level]\n", argv[0]);
 		return NT_STATUS_NOPROBLEMO;
 	}
+	
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_enum_ports: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
 
 	if (argc == 2) {
 		info_level = atoi(argv[1]);
@@ -448,7 +477,7 @@ static uint32 cmd_spoolss_enum_ports(struct cli_state *cli, int argc, char **arg
 	/* Enumerate ports */
 	ZERO_STRUCT(ctr);
 
-	result = cli_spoolss_enum_ports(cli, info_level, &returned, &ctr);
+	result = cli_spoolss_enum_ports(cli, mem_ctx, info_level, &returned, &ctr);
 
 	if (result == NT_STATUS_NOPROBLEMO) {
 		int i;
@@ -469,6 +498,7 @@ static uint32 cmd_spoolss_enum_ports(struct cli_state *cli, int argc, char **arg
 	}
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -485,13 +515,21 @@ static uint32 cmd_spoolss_getprinter(struct cli_state *cli, int argc, char **arg
 	PRINTER_INFO_CTR ctr;
 	fstring 	printername, 
 			servername,
-			username;
+			user;
+	TALLOC_CTX	*mem_ctx;
 
 	if (argc == 1 || argc > 3) {
 		printf("Usage: %s <printername> [level]\n", argv[0]);
 		return NT_STATUS_NOPROBLEMO;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_getprinter: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) {
 		fprintf (stderr, "Could not initialize spoolss pipe!\n");
@@ -506,19 +544,19 @@ static uint32 cmd_spoolss_getprinter(struct cli_state *cli, int argc, char **arg
 	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper (servername);
 	slprintf (printername, sizeof(fstring)-1, "%s\\%s", servername, argv[1]);
-	fstrcpy  (username, cli->user_name);
+	fstrcpy  (user, cli->user_name);
 	
 	/* get a printer handle */
 	if ((result = cli_spoolss_open_printer_ex(
-		cli, printername, "", MAXIMUM_ALLOWED_ACCESS, servername,
-		username, &pol)) != NT_STATUS_NOPROBLEMO) {
+		cli, mem_ctx, printername, "", MAXIMUM_ALLOWED_ACCESS, servername,
+		user, &pol)) != NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
  
 	opened_hnd = True;
 
 	/* Get printer info */
-	if ((result = cli_spoolss_getprinter(cli, &pol, info_level, &ctr))
+	if ((result = cli_spoolss_getprinter(cli, mem_ctx, &pol, info_level, &ctr))
 	    != NT_STATUS_NOPROBLEMO) {
 		goto done;
 	}
@@ -545,9 +583,10 @@ static uint32 cmd_spoolss_getprinter(struct cli_state *cli, int argc, char **arg
 
  done: 
 	if (opened_hnd) 
-		cli_spoolss_close_printer(cli, &pol);
+		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return result;
 }
@@ -673,9 +712,10 @@ static uint32 cmd_spoolss_getdriver(struct cli_state *cli, int argc, char **argv
 	BOOL 		opened_hnd = False;
 	PRINTER_DRIVER_CTR 	ctr;
 	fstring 	printername, 
-			server, 
+			servername, 
 			user;
 	uint32		i;
+	TALLOC_CTX	*mem_ctx;
 
 	if ((argc == 1) || (argc > 3)) 
 	{
@@ -683,6 +723,12 @@ static uint32 cmd_spoolss_getdriver(struct cli_state *cli, int argc, char **argv
 		return NT_STATUS_NOPROBLEMO;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_getdriver: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) 
 	{
@@ -691,16 +737,16 @@ static uint32 cmd_spoolss_getdriver(struct cli_state *cli, int argc, char **argv
 	}
 
 	/* get the arguments need to open the printer handle */
-	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
-	strupper (server);
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
 	fstrcpy  (user, cli->user_name);
 	fstrcpy  (printername, argv[1]);
 	if (argc == 3)
 		info_level = atoi(argv[2]);
 
 	/* Open a printer handle */
-	if ((result=cli_spoolss_open_printer_ex (cli, printername, "", 
-		    MAXIMUM_ALLOWED_ACCESS, server, user, &pol)) != NT_STATUS_NO_PROBLEMO) 
+	if ((result=cli_spoolss_open_printer_ex (cli, mem_ctx, printername, "", 
+		    MAXIMUM_ALLOWED_ACCESS, servername, user, &pol)) != NT_STATUS_NO_PROBLEMO) 
 	{
 		printf ("Error opening printer handle for %s!\n", printername);
 		return result;
@@ -711,7 +757,7 @@ static uint32 cmd_spoolss_getdriver(struct cli_state *cli, int argc, char **argv
 	/* loop through and print driver info level for each architecture */
 	for (i=0; archi_table[i].long_archi!=NULL; i++) 
 	{
-		result = cli_spoolss_getprinterdriver (cli, &pol, info_level, 
+		result = cli_spoolss_getprinterdriver (cli, mem_ctx, &pol, info_level, 
 				archi_table[i].long_archi, &ctr);
 				
 		switch (result)
@@ -753,8 +799,9 @@ static uint32 cmd_spoolss_getdriver(struct cli_state *cli, int argc, char **argv
 
 	/* cleanup */
 	if (opened_hnd)
-		cli_spoolss_close_printer (cli, &pol);
+		cli_spoolss_close_printer (cli, mem_ctx, &pol);
 	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
 	
 	if (result==ERROR_UNKNOWN_PRINTER_DRIVER)
 		return NT_STATUS_NO_PROBLEMO;
@@ -771,9 +818,10 @@ static uint32 cmd_spoolss_enum_drivers(struct cli_state *cli, int argc, char **a
 	uint32 		result=0, 
 			info_level = 1;
 	PRINTER_DRIVER_CTR 	ctr;
-	fstring 	server;
+	fstring 	servername;
 	uint32		i, j,
 			returned;
+	TALLOC_CTX	*mem_ctx;
 
 	if (argc > 2) 
 	{
@@ -781,6 +829,12 @@ static uint32 cmd_spoolss_enum_drivers(struct cli_state *cli, int argc, char **a
 		return NT_STATUS_NOPROBLEMO;
 	}
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_enum_drivers: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) 
 	{
@@ -789,8 +843,8 @@ static uint32 cmd_spoolss_enum_drivers(struct cli_state *cli, int argc, char **a
 	}
 
 	/* get the arguments need to open the printer handle */
-	slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
-	strupper (server);
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
 	if (argc == 2)
 		info_level = atoi(argv[1]);
 
@@ -799,7 +853,7 @@ static uint32 cmd_spoolss_enum_drivers(struct cli_state *cli, int argc, char **a
 	for (i=0; archi_table[i].long_archi!=NULL; i++) 
 	{
 		returned = 0;	
-		result = cli_spoolss_enumprinterdrivers (cli, info_level, 
+		result = cli_spoolss_enumprinterdrivers (cli, mem_ctx, info_level, 
 				archi_table[i].long_archi, &returned, &ctr);
 
 		if (returned == 0)
@@ -841,6 +895,7 @@ static uint32 cmd_spoolss_enum_drivers(struct cli_state *cli, int argc, char **a
 
 	/* cleanup */
 	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
 	
 	if (result==ERROR_UNKNOWN_PRINTER_DRIVER)
 		return NT_STATUS_NO_PROBLEMO;
@@ -871,6 +926,7 @@ static uint32 cmd_spoolss_getdriverdir(struct cli_state *cli, int argc, char **a
 	uint32 			result;
 	fstring			env;
 	DRIVER_DIRECTORY_CTR	ctr;
+	TALLOC_CTX		*mem_ctx;
 
 	if (argc > 2) 
 	{
@@ -884,6 +940,13 @@ static uint32 cmd_spoolss_getdriverdir(struct cli_state *cli, int argc, char **a
 		fprintf (stderr, "Could not initialize spoolss pipe!\n");
 		return NT_STATUS_UNSUCCESSFUL;
 	}
+	
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_getdriverdir: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 
 	/* get the arguments need to open the printer handle */
 	if (argc == 2)
@@ -892,7 +955,7 @@ static uint32 cmd_spoolss_getdriverdir(struct cli_state *cli, int argc, char **a
 		fstrcpy (env, "Windows NT x86");
 
 	/* Get the directory.  Only use Info level 1 */
-	if ((result = cli_spoolss_getprinterdriverdir (cli, 1, env, &ctr)) 
+	if ((result = cli_spoolss_getprinterdriverdir (cli, mem_ctx, 1, env, &ctr)) 
 	     != NT_STATUS_NO_PROBLEMO)
 	{
 		return result;
@@ -903,6 +966,7 @@ static uint32 cmd_spoolss_getdriverdir(struct cli_state *cli, int argc, char **a
 
 	/* cleanup */
 	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
 	
 	return result;
 		
@@ -966,7 +1030,11 @@ static char* get_driver_3_param (char* str, char* delim, UNISTR* dest)
 	     <Config File Name>:<Help File Name>:<Language Monitor Name>:\
 	     <Default Data Type>:<Comma Separated list of Files> 
  *******************************************************************************/
-static BOOL init_drv_info_3_members (DRIVER_INFO_3 *info, char *args)
+static BOOL init_drv_info_3_members (
+	TALLOC_CTX *mem_ctx, 
+	DRIVER_INFO_3 *info, 
+	char *args
+)
 {
 	char	*str, *str2;
 	uint32	len, i;
@@ -997,7 +1065,7 @@ static BOOL init_drv_info_3_members (DRIVER_INFO_3 *info, char *args)
 	/* allocate the space; add one extra slot for a terminating NULL.
 	   Each filename is NULL terminated and the end contains a double
 	   NULL */
-	if ((info->dependentfiles=(uint16*)malloc((len+1)*sizeof(uint16))) == NULL)
+	if ((info->dependentfiles=(uint16*)talloc(mem_ctx, (len+1)*sizeof(uint16))) == NULL)
 	{
 		DEBUG(0,("init_drv_info_3_members: Unable to malloc memory for dependenfiles\n"));
 		return False;
@@ -1020,6 +1088,7 @@ static uint32 cmd_spoolss_addprinterdriver (struct cli_state *cli, int argc, cha
 	DRIVER_INFO_3		info3;
 	fstring			arch;
 	fstring			driver_name;
+	TALLOC_CTX		*mem_ctx = NULL;
 
 	/* parse the command arguements */
 	if (argc != 3)
@@ -1031,6 +1100,12 @@ static uint32 cmd_spoolss_addprinterdriver (struct cli_state *cli, int argc, cha
 
 		return NT_STATUS_NOPROBLEMO;
         }
+	
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_addprinterdriver: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) 
@@ -1050,16 +1125,15 @@ static uint32 cmd_spoolss_addprinterdriver (struct cli_state *cli, int argc, cha
 	else
 		set_drv_info_3_env(&info3, arch);
 
-	if (!init_drv_info_3_members(&info3, argv[2]))
+	if (!init_drv_info_3_members(mem_ctx, &info3, argv[2]))
 	{
 		printf ("Error Invalid parameter list - %s.\n", argv[2]);
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 
-	/* Get the directory.  Only use Info level 1 */
 	ctr.info3 = &info3;
-	if ((result = cli_spoolss_addprinterdriver (cli, level, &ctr)) 
+	if ((result = cli_spoolss_addprinterdriver (cli, mem_ctx, level, &ctr)) 
 	     != NT_STATUS_NO_PROBLEMO)
 	{
 		return result;
@@ -1070,6 +1144,7 @@ static uint32 cmd_spoolss_addprinterdriver (struct cli_state *cli, int argc, cha
 
 	/* cleanup */
 	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
 	
 	return result;
 		
@@ -1082,7 +1157,8 @@ static uint32 cmd_spoolss_addprinterex (struct cli_state *cli, int argc, char **
 				level = 2;
 	PRINTER_INFO_CTR	ctr;
 	PRINTER_INFO_2		info2;
-	fstring			server;
+	fstring			servername;
+	TALLOC_CTX		*mem_ctx = NULL;
 	
 	/* parse the command arguements */
 	if (argc != 5)
@@ -1090,9 +1166,16 @@ static uint32 cmd_spoolss_addprinterex (struct cli_state *cli, int argc, char **
 		printf ("Usage: %s <name> <shared name> <driver> <port>\n", argv[0]);
 		return NT_STATUS_NOPROBLEMO;
         }
+	
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_addprinterex: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
 
-        slprintf (server, sizeof(fstring)-1, "\\\\%s", cli->desthost);
-        strupper (server);
+
+        slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+        strupper (servername);
 
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) 
@@ -1105,7 +1188,7 @@ static uint32 cmd_spoolss_addprinterex (struct cli_state *cli, int argc, char **
 	/* Fill in the DRIVER_INFO_3 struct */
 	ZERO_STRUCT(info2);
 #if 0	/* JERRY */
-	init_unistr( &info2.servername, 	server);
+	init_unistr( &info2.servername, 	servername);
 #endif
 	init_unistr( &info2.printername,	argv[1]);
 	init_unistr( &info2.sharename, 		argv[2]);
@@ -1130,11 +1213,8 @@ static uint32 cmd_spoolss_addprinterex (struct cli_state *cli, int argc, char **
 	info2.averageppm	= 0;
 	*/
 
-
-
-	/* Get the directory.  Only use Info level 1 */
 	ctr.printers_2 = &info2;
-	if ((result = cli_spoolss_addprinterex (cli, level, &ctr)) 
+	if ((result = cli_spoolss_addprinterex (cli, mem_ctx, level, &ctr)) 
 	     != NT_STATUS_NO_PROBLEMO)
 	{
 		cli_nt_session_close (cli);
@@ -1145,6 +1225,7 @@ static uint32 cmd_spoolss_addprinterex (struct cli_state *cli, int argc, char **
 
 	/* cleanup */
 	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
 	
 	return result;
 		
@@ -1160,7 +1241,8 @@ static uint32 cmd_spoolss_setdriver (struct cli_state *cli, int argc, char **arg
 	PRINTER_INFO_2		info2;
 	fstring			servername,
 				printername,
-				username;
+				user;
+	TALLOC_CTX		*mem_ctx = NULL;
 	
 	/* parse the command arguements */
 	if (argc != 3)
@@ -1169,10 +1251,16 @@ static uint32 cmd_spoolss_setdriver (struct cli_state *cli, int argc, char **arg
 		return NT_STATUS_NOPROBLEMO;
         }
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_setdriver: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
 	strupper (servername);
 	slprintf (printername, sizeof(fstring)-1, "%s\\%s", servername, argv[1]);
-	fstrcpy  (username, cli->user_name);
+	fstrcpy  (user, cli->user_name);
 
 	/* Initialise RPC connection */
 	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) 
@@ -1183,8 +1271,8 @@ static uint32 cmd_spoolss_setdriver (struct cli_state *cli, int argc, char **arg
 	
 		
 	/* get a printer handle */
-	if ((result = cli_spoolss_open_printer_ex(cli, printername, "", 
-		MAXIMUM_ALLOWED_ACCESS, servername, username, &pol)) 
+	if ((result = cli_spoolss_open_printer_ex(cli, mem_ctx, printername, "", 
+		MAXIMUM_ALLOWED_ACCESS, servername, user, &pol)) 
 		!= NT_STATUS_NOPROBLEMO) 
 	{
 		goto done;
@@ -1195,15 +1283,15 @@ static uint32 cmd_spoolss_setdriver (struct cli_state *cli, int argc, char **arg
 	/* Get printer info */
 	ZERO_STRUCT (info2);
 	ctr.printers_2 = &info2;
-	if ((result = cli_spoolss_getprinter(cli, &pol, level, &ctr)) != NT_STATUS_NOPROBLEMO) 
+	if ((result = cli_spoolss_getprinter(cli, mem_ctx, &pol, level, &ctr)) != NT_STATUS_NOPROBLEMO) 
 	{
-		printf ("Unable to retreive printer information!\n");
+		printf ("Unable to retrieve printer information!\n");
 		goto done;
 	}
 
 	/* set the printer driver */
 	init_unistr(&ctr.printers_2->drivername, argv[2]);
-	if ((result = cli_spoolss_setprinter(cli, &pol, level, &ctr, 0)) != NT_STATUS_NO_PROBLEMO)
+	if ((result = cli_spoolss_setprinter(cli, mem_ctx, &pol, level, &ctr, 0)) != NT_STATUS_NO_PROBLEMO)
 	{
 		printf ("SetPrinter call failed!\n");
 		goto done;;
@@ -1214,19 +1302,74 @@ static uint32 cmd_spoolss_setdriver (struct cli_state *cli, int argc, char **arg
 done:
 	/* cleanup */
 	if (opened_hnd)
-		cli_spoolss_close_printer(cli, &pol);
+		cli_spoolss_close_printer(cli, mem_ctx, &pol);
 	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
 	
 	return result;		
 }
 
 
+static uint32 cmd_spoolss_deletedriver (struct cli_state *cli, int argc, char **argv)
+{
+	uint32 			result = NT_STATUS_UNSUCCESSFUL;
+	fstring			servername;
+	TALLOC_CTX		*mem_ctx = NULL;
+	int			i;
+	
+	/* parse the command arguements */
+	if (argc != 2)
+	{
+		printf ("Usage: %s <driver>\n", argv[0]);
+		return NT_STATUS_NOPROBLEMO;
+        }
+
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("cmd_spoolss_deletedriver: talloc_init returned NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	slprintf (servername, sizeof(fstring)-1, "\\\\%s", cli->desthost);
+	strupper (servername);
+
+	/* Initialise RPC connection */
+	if (!cli_nt_session_open (cli, PIPE_SPOOLSS)) 
+	{
+		fprintf (stderr, "Could not initialize spoolss pipe!\n");
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* delete the driver for all architectures */
+	for (i=0; archi_table[i].long_archi; i++)
+	{
+		/* make the call to remove the driver */
+		if ((result = cli_spoolss_deleteprinterdriver(cli, mem_ctx, 
+			archi_table[i].long_archi, argv[1])) != NT_STATUS_NO_PROBLEMO)
+		{
+			printf ("Failed to remove driver %s for arch [%s] - error %s!\n", 
+				argv[1], archi_table[i].long_archi, get_nt_error_msg(result));
+		}
+		else
+			printf ("Driver %s removed for arch [%s].\n", argv[1], archi_table[i].long_archi);
+	}
+		
+
+	/* cleanup */
+	cli_nt_session_close (cli);
+	talloc_destroy(mem_ctx);
+	
+	return NT_STATUS_NO_PROBLEMO;		
+}
+
+
 /* List of commands exported by this module */
 struct cmd_set spoolss_commands[] = {
 
 	{ "SPOOLSS", 		NULL, 				"" },
 	{ "adddriver",		cmd_spoolss_addprinterdriver,	"Add a print driver" },
 	{ "addprinter",		cmd_spoolss_addprinterex,	"Add a printer" },
+	{ "deldriver",		cmd_spoolss_deletedriver,	"Delete a printer driver" },
 	{ "enumdata",		cmd_spoolss_not_implemented,	"Enumerate printer data (*)" },
 	{ "enumjobs",		cmd_spoolss_not_implemented,	"Enumerate print jobs (*)" },
 	{ "enumports", 		cmd_spoolss_enum_ports, 	"Enumerate printer ports" },
diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c
index db4b5c5bdeb..537d3249338 100644
--- a/source/rpcclient/rpcclient.c
+++ b/source/rpcclient/rpcclient.c
@@ -25,20 +25,15 @@
 extern int DEBUGLEVEL;
 extern fstring debugf;
 
-/* Various pipe commands */
-extern struct cmd_set lsarpc_commands[];
-extern struct cmd_set samr_commands[];
-extern struct cmd_set spoolss_commands[];
+DOM_SID domain_sid;
 
 /* List to hold groups of commands */
+
 static struct cmd_list {
 	struct cmd_list *prev, *next;
 	struct cmd_set *cmd_set;
 } *cmd_list;
 
-
-DOM_SID domain_sid;
-
 /****************************************************************************
 handle completion of commands for readline
 ****************************************************************************/
@@ -160,9 +155,7 @@ static void read_authfile (
 	return;
 }
 
-static char* next_command (
-	char**	cmdstr
-)
+static char* next_command (char** cmdstr)
 {
 	static pstring 		command;
 	char			*p;
@@ -201,22 +194,29 @@ void fetch_domain_sid(struct cli_state *cli)
 	uint32 result = 0, info_class = 5;
 	fstring domain_name;
 	static BOOL got_domain_sid;
+	TALLOC_CTX *mem_ctx;
 
 	if (got_domain_sid) return;
 
+	if (!(mem_ctx=talloc_init()))
+	{
+		DEBUG(0,("fetch_domain_sid: talloc_init returned NULL!\n"));
+		goto error;
+	}
+
 
 	if (!cli_nt_session_open (cli, PIPE_LSARPC)) {
 		fprintf(stderr, "could not initialise lsa pipe\n");
 		goto error;
 	}
 	
-	if ((result = cli_lsa_open_policy(cli, True, 
+	if ((result = cli_lsa_open_policy(cli, mem_ctx, True, 
 					  SEC_RIGHTS_MAXIMUM_ALLOWED,
 					  &pol) != NT_STATUS_NOPROBLEMO)) {
 		goto error;
 	}
 
-	if ((result = cli_lsa_query_info_policy(cli, &pol, info_class, 
+	if ((result = cli_lsa_query_info_policy(cli, mem_ctx, &pol, info_class, 
 						domain_name, &domain_sid))
 	    != NT_STATUS_NOPROBLEMO) {
 		goto error;
@@ -224,8 +224,9 @@ void fetch_domain_sid(struct cli_state *cli)
 
 	got_domain_sid = True;
 
-	cli_lsa_close(cli, &pol);
+	cli_lsa_close(cli, mem_ctx, &pol);
 	cli_nt_session_close(cli);
+	talloc_destroy(mem_ctx);
 
 	return;
 
@@ -315,6 +316,24 @@ static struct cmd_set separator_command[] = {
 };
 
 
+/* Various pipe commands */
+
+extern struct cmd_set lsarpc_commands[];
+extern struct cmd_set samr_commands[];
+extern struct cmd_set spoolss_commands[];
+extern struct cmd_set netlogon_commands[];
+extern struct cmd_set srvsvc_commands[];
+
+static struct cmd_set *rpcclient_command_list[] = {
+	rpcclient_commands,
+	lsarpc_commands,
+	samr_commands,
+	spoolss_commands,
+	netlogon_commands,
+	srvsvc_commands,
+	NULL
+};
+
 void add_command_set(struct cmd_set *cmd_set)
 {
 	struct cmd_list *entry;
@@ -399,11 +418,20 @@ static uint32 process_cmd(struct cli_state *cli, char *cmd)
 	pstring buf;
 	char *p = cmd;
 	uint32 result=0;
+	int len = 0;
+
+	if (cmd[strlen(cmd) - 1] == '\n')
+		cmd[strlen(cmd) - 1] = '\0';
 
 	if (!next_token(&p, buf, " ", sizeof(buf))) {
 		return 0;
 	}
 
+        /* strip the trainly \n if it exsists */
+	len = strlen(buf);
+	if (buf[len-1] == '\n')
+		buf[len-1] = '\0';
+
 	/* Search for matching commands */
 
 	for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
@@ -508,6 +536,7 @@ static void usage(char *pname)
 				username,
 				domain,
 				server;
+	struct cmd_set **cmd_set;
 
 	charset_initialise();
 	setlinebuf(stdout);
@@ -623,37 +652,33 @@ static void usage(char *pname)
 	}
 	
 	/* There are no pointers in ntuser_creds struct so zero it out */
+
 	ZERO_STRUCTP (&creds);
 	
-
 	/* Load command lists */
-	add_command_set(rpcclient_commands);
-	add_command_set(separator_command);
-
-	add_command_set(spoolss_commands);
-	add_command_set(separator_command);
 
-	add_command_set(lsarpc_commands);
-	add_command_set(separator_command);
-
-	add_command_set(samr_commands);
-	add_command_set(separator_command);
-
-
-	/* Do anything specified with -c */
-	if (cmdstr[0]) {
-		char 	*cmd;
-		char 	*p = cmdstr;
-
-		while((cmd=next_command(&p)) != NULL) {
-			process_cmd(&cli, cmd);
-		}
+	cmd_set = rpcclient_command_list;
 
-		return 0;
+	while(*cmd_set) {
+		add_command_set(*cmd_set);
+		add_command_set(separator_command);
+		cmd_set++;
 	}
 
+        /* Do anything specified with -c */
+        if (cmdstr[0]) {
+                char    *cmd;
+                char    *p = cmdstr;
+ 
+                while((cmd=next_command(&p)) != NULL) {
+                        process_cmd(&cli, cmd);
+                }
+ 
+                return 0;
+        }
 
 	/* Loop around accepting commands */
+
 	while(1) {
 		pstring prompt;
 		char *line;
@@ -662,7 +687,12 @@ static void usage(char *pname)
 
 		line = smb_readline(prompt, NULL, completion_fn);
 
-		process_cmd(&cli, line);
+		if (line == NULL)
+			break;
+
+		if (line[0] != '\n')
+			process_cmd(&cli, line);
 	}
-}
 
+	return 0;
+}
diff --git a/source/script/mkproto.awk b/source/script/mkproto.awk
index c66fe07972f..13ff399da0d 100644
--- a/source/script/mkproto.awk
+++ b/source/script/mkproto.awk
@@ -112,11 +112,11 @@ END {
     gotstart = 1;
   }
 
-  if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
+  if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum.*\(|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
     gotstart = 1;
   }
 
-  if( $0 ~ /^long|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^enum remote_arch_types|^FILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ ) {
+  if( $0 ~ /^long|^char|^uint|^struct|^BOOL|^void|^time|^smb_shm_offset_t|^shm_offset_t|^FILE|^SMB_OFF_T|^size_t|^ssize_t|^SMB_BIG_UINT/ ) {
     gotstart = 1;
   }
 
diff --git a/source/script/scancvslog.pl b/source/script/scancvslog.pl
index 6e05c4c3d62..b1114f5706e 100755
--- a/source/script/scancvslog.pl
+++ b/source/script/scancvslog.pl
@@ -83,7 +83,7 @@ sub get_entry {
       $_ = <INFILE>;
       chomp $_;
       next if (not ($_));
-      if (/\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/) {
+      if (/^\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/) {
 	next if ($#Entry == -1);
 	push(Entry,$_);
 	return @Entry;
diff --git a/source/script/uninstallcp.sh b/source/script/uninstallcp.sh
index bd7013c358f..2a9e9d509ab 100755
--- a/source/script/uninstallcp.sh
+++ b/source/script/uninstallcp.sh
@@ -10,13 +10,13 @@ if [ ! -d $CPDIR ]; then
 fi
 
 for p in $*; do
-  if [ ! -f $CPDIR/codepage.$p ]; then
-    echo $CPDIR/codepage.$p does not exist!
+  if [ ! -f $CPDIR/unicode_map.$p ]; then
+    echo $CPDIR/unicode_map.$p does not exist!
   else
-    echo Removing $CPDIR/codepage.$p
-    rm -f $CPDIR/codepage.$p
-    if [ -f $CPDIR/codepage.$p ]; then
-      echo Cannot remove $CPDIR/codepage.$p... does $USER have privileges?
+    echo Removing $CPDIR/unicode_map.$p
+    rm -f $CPDIR/unicode_map.$p
+    if [ -f $CPDIR/unicode_map.$p ]; then
+      echo Cannot remove $CPDIR/unicode_map.$p...  does $USER have privileges?
     fi
   fi
 done
diff --git a/source/smbd/blocking.c b/source/smbd/blocking.c
index e8dc29f80ac..35d1e21f27f 100644
--- a/source/smbd/blocking.c
+++ b/source/smbd/blocking.c
@@ -130,10 +130,11 @@ for fnum = %d, name = %s\n", length, (int)blr->expire_time, lock_timeout,
 
 static void send_blocking_reply(char *outbuf, int outsize)
 {
-  if(outsize > 4)
-    smb_setlen(outbuf,outsize - 4);
+	if(outsize > 4)
+		smb_setlen(outbuf,outsize - 4);
 
-  send_smb(smbd_server_fd(),outbuf);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_blocking_reply: send_smb failed.\n");
 }
 
 /****************************************************************************
@@ -171,15 +172,16 @@ static void reply_lockingX_success(blocking_lock_record *blr)
 
 static void generic_blocking_lock_error(blocking_lock_record *blr, int eclass, int32 ecode)
 {
-  char *outbuf = OutBuffer;
-  char *inbuf = blr->inbuf;
-  construct_reply_common(inbuf, outbuf);
+	char *outbuf = OutBuffer;
+	char *inbuf = blr->inbuf;
+	construct_reply_common(inbuf, outbuf);
 
-  if(eclass == 0) /* NT Error. */
-    SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
+	if(eclass == 0) /* NT Error. */
+		SSVAL(outbuf,smb_flg2, SVAL(outbuf,smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
 
-  ERROR(eclass,ecode);
-  send_smb(smbd_server_fd(),outbuf);
+	ERROR(eclass,ecode);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("generic_blocking_lock_error: send_smb failed.\n");
 }
 
 /****************************************************************************
@@ -194,6 +196,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, int eclass, int32 ec
   connection_struct *conn = conn_find(SVAL(inbuf,smb_tid));
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   SMB_BIG_UINT count = (SMB_BIG_UINT)0, offset = (SMB_BIG_UINT) 0;
+  uint16 lock_pid;
   unsigned char locktype = CVAL(inbuf,smb_vwv3);
   BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
   char *data;
@@ -217,6 +220,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, int eclass, int32 ec
     uint32 dummy2;
     BOOL err;
 
+    lock_pid = get_lock_pid( data, i, large_file_format);
     count = get_lock_count( data, i, large_file_format);
     offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -225,7 +229,7 @@ static void reply_lockingX_error(blocking_lock_record *blr, int eclass, int32 ec
      * request would never have been queued. JRA.
      */
 
-    do_unlock(fsp,conn,count,offset,&dummy1,&dummy2);
+    do_unlock(fsp,conn,lock_pid,count,offset,&dummy1,&dummy2);
   }
 
   generic_blocking_lock_error(blr, eclass, ecode);
@@ -278,7 +282,7 @@ static BOOL process_lockread(blocking_lock_record *blr)
   numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
   data = smb_buf(outbuf) + 3;
  
-  if(!do_lock( fsp, conn, (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, READ_LOCK, &eclass, &ecode)) {
+  if(!do_lock( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, READ_LOCK, &eclass, &ecode)) {
     if((errno != EACCES) && (errno != EAGAIN)) {
       /*
        * We have other than a "can't get lock" POSIX
@@ -341,7 +345,7 @@ static BOOL process_lock(blocking_lock_record *blr)
   offset = IVAL(inbuf,smb_vwv3);
 
   errno = 0;
-  if (!do_lock(fsp, conn, (SMB_BIG_UINT)count, (SMB_BIG_UINT)offset, WRITE_LOCK, &eclass, &ecode)) {
+  if (!do_lock(fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)count, (SMB_BIG_UINT)offset, WRITE_LOCK, &eclass, &ecode)) {
     if((errno != EACCES) && (errno != EAGAIN)) {
 
       /*
@@ -390,6 +394,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   uint16 num_locks = SVAL(inbuf,smb_vwv7);
   SMB_BIG_UINT count = (SMB_BIG_UINT)0, offset = (SMB_BIG_UINT)0;
+  uint16 lock_pid;
   BOOL large_file_format = (locktype & LOCKING_ANDX_LARGE_FILES);
   char *data;
   int eclass=0;
@@ -405,6 +410,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
   for(; blr->lock_num < num_locks; blr->lock_num++) {
     BOOL err;
 
+    lock_pid = get_lock_pid( data, blr->lock_num, large_file_format);
     count = get_lock_count( data, blr->lock_num, large_file_format);
     offset = get_lock_offset( data, blr->lock_num, large_file_format, &err);
 
@@ -413,7 +419,7 @@ static BOOL process_lockingX(blocking_lock_record *blr)
      * request would never have been queued. JRA.
      */
     errno = 0;
-    if(!do_lock(fsp,conn,count,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
+    if(!do_lock(fsp,conn,count,lock_pid,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
                 &eclass, &ecode))
       break;
   }
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index 63f425f4cc3..083308d335f 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -20,9 +20,9 @@
 */
 
 /* fork a child process to exec passwd and write to its
-* tty to change a users password. This is running as the
-* user who is attempting to change the password.
-*/
+ * tty to change a users password. This is running as the
+ * user who is attempting to change the password.
+ */
 
 /* 
  * This code was copied/borrowed and stolen from various sources.
@@ -456,47 +456,28 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
 
 	/* Take the passed information and test it for minimum criteria */
 	/* Minimum password length */
-	if (strlen(newpass) < lp_min_passwd_length())	/* too short, must be at least MINPASSWDLENGTH */
-	{
-		DEBUG(0,
-		      ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
+	if (strlen(newpass) < lp_min_passwd_length()) {
+		/* too short, must be at least MINPASSWDLENGTH */
+		DEBUG(0, ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
 		       name, lp_min_passwd_length()));
 		return (False);	/* inform the user */
 	}
 
 	/* Password is same as old password */
-	if (strcmp(oldpass, newpass) == 0)	/* don't allow same password */
-	{
-		DEBUG(2,
-		      ("Password Change: %s, New password is same as old\n", name));	/* log the attempt */
+	if (strcmp(oldpass, newpass) == 0) {
+		/* don't allow same password */
+		DEBUG(2, ("Password Change: %s, New password is same as old\n", name));	/* log the attempt */
 		return (False);	/* inform the user */
 	}
 
-	pstrcpy(passwordprogram, lp_passwd_program());
-	pstrcpy(chatsequence, lp_passwd_chat());
-
-	if (!*chatsequence)
-	{
-		DEBUG(2, ("Null chat sequence - no password changing\n"));
-		return (False);
-	}
-
-	if (!*passwordprogram)
-	{
-		DEBUG(2, ("Null password program - no password changing\n"));
-		return (False);
-	}
-
 	/* 
 	 * Check the old and new passwords don't contain any control
 	 * characters.
 	 */
 
 	len = strlen(oldpass);
-	for (i = 0; i < len; i++)
-	{
-		if (iscntrl((int)oldpass[i]))
-		{
+	for (i = 0; i < len; i++) {
+		if (iscntrl((int)oldpass[i])) {
 			DEBUG(0,
 			      ("chat_with_program: oldpass contains control characters (disallowed).\n"));
 			return False;
@@ -504,16 +485,43 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
 	}
 
 	len = strlen(newpass);
-	for (i = 0; i < len; i++)
-	{
-		if (iscntrl((int)newpass[i]))
-		{
+	for (i = 0; i < len; i++) {
+		if (iscntrl((int)newpass[i])) {
 			DEBUG(0,
 			      ("chat_with_program: newpass contains control characters (disallowed).\n"));
 			return False;
 		}
 	}
 
+#ifdef WITH_PAM
+	if (lp_pam_password_change()) {
+		BOOL ret;
+
+		if (as_root)
+			become_root();
+
+		ret = smb_pam_passchange(name, oldpass, newpass);
+
+		if (as_root)
+			unbecome_root();
+
+		return ret;
+	}
+#endif
+
+	pstrcpy(passwordprogram, lp_passwd_program());
+	pstrcpy(chatsequence, lp_passwd_chat());
+
+	if (!*chatsequence) {
+		DEBUG(2, ("Null chat sequence - no password changing\n"));
+		return (False);
+	}
+
+	if (!*passwordprogram) {
+		DEBUG(2, ("Null password program - no password changing\n"));
+		return (False);
+	}
+
 	pstring_sub(passwordprogram, "%u", name);
 	/* note that we do NOT substitute the %o and %n in the password program
 	   as this would open up a security hole where the user could use
@@ -527,6 +535,7 @@ BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
 }
 
 #else /* ALLOW_CHANGE_PASSWORD */
+
 BOOL chgpasswd(char *name, char *oldpass, char *newpass, BOOL as_root)
 {
 	DEBUG(0, ("Password changing not compiled in (user=%s)\n", name));
@@ -770,7 +779,7 @@ BOOL check_oem_password(char *user,
 	/* 
 	 * Call the hash function to get the new password.
 	 */
-	SamOEMhash((uchar *) lmdata, (uchar *) smbpw->smb_passwd, True);
+	SamOEMhash((uchar *) lmdata, (uchar *) smbpw->smb_passwd, 516);
 
 	/* 
 	 * The length of the new password is in the last 4 bytes of
diff --git a/source/smbd/conn.c b/source/smbd/conn.c
index e160c6ac83d..725ab22dc44 100644
--- a/source/smbd/conn.c
+++ b/source/smbd/conn.c
@@ -198,3 +198,33 @@ void conn_free(connection_struct *conn)
 	ZERO_STRUCTP(conn);
 	free(conn);
 }
+
+
+/****************************************************************************
+receive a smbcontrol message to forcibly unmount a share
+the message contains just a share name and all instances of that
+share are unmounted
+the special sharename '*' forces unmount of all shares
+****************************************************************************/
+void msg_force_tdis(int msg_type, pid_t pid, void *buf, size_t len)
+{
+	connection_struct *conn, *next;
+	fstring sharename;
+
+	fstrcpy(sharename, buf);
+
+	if (strcmp(sharename, "*") == 0) {
+		DEBUG(1,("Forcing close of all shares\n"));
+		conn_close_all();
+		return;
+	}
+
+	for (conn=Connections;conn;conn=next) {
+		next=conn->next;
+		if (strequal(lp_servicename(conn->service), sharename)) {
+			DEBUG(1,("Forcing close of share %s cnum=%d\n",
+				 sharename, conn->cnum));
+			close_cnum(conn, (uint16)-1);
+		}
+	}
+}
diff --git a/source/smbd/connection.c b/source/smbd/connection.c
index 4039c08da9f..796a54e77dd 100644
--- a/source/smbd/connection.c
+++ b/source/smbd/connection.c
@@ -27,11 +27,6 @@ static TDB_CONTEXT *tdb;
 
 extern int DEBUGLEVEL;
 
-#ifdef WITH_UTMP
-static void utmp_yield(pid_t pid, const connection_struct *conn);
-static void utmp_claim(const struct connections_data *crec, const connection_struct *conn);
-#endif
-
 /****************************************************************************
  Return the connection tdb context (used for message send all).
 ****************************************************************************/
@@ -42,8 +37,9 @@ TDB_CONTEXT *conn_tdb_ctx(void)
 }
 
 /****************************************************************************
-delete a connection record
+ Delete a connection record.
 ****************************************************************************/
+
 BOOL yield_connection(connection_struct *conn,char *name,int max_connections)
 {
 	struct connections_key key;
@@ -62,827 +58,156 @@ BOOL yield_connection(connection_struct *conn,char *name,int max_connections)
 	kbuf.dptr = (char *)&key;
 	kbuf.dsize = sizeof(key);
 
-	tdb_delete(tdb, kbuf);
-
-#ifdef WITH_UTMP
-	if(conn)
-		utmp_yield(key.pid, conn);
-#endif
-
-	return(True);
-}
-
-
-/****************************************************************************
-claim an entry in the connections database
-****************************************************************************/
-BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOOL Clear)
-{
-	struct connections_key key;
-	struct connections_data crec;
-	TDB_DATA kbuf, dbuf;
-
-	if (!tdb) {
-		tdb = tdb_open(lock_path("connections.tdb"), 0, TDB_CLEAR_IF_FIRST, 
-			       O_RDWR | O_CREAT, 0644);
+	if (tdb_delete(tdb, kbuf) != 0) {
+		DEBUG(0,("yield_connection: tdb_delete failed with error %s.\n", tdb_errorstr(tdb) ));
+		return (False);
 	}
-	if (!tdb) return False;
-
-	DEBUG(5,("claiming %s %d\n",name,max_connections));
-
-	ZERO_STRUCT(key);
-	key.pid = sys_getpid();
-	key.cnum = conn?conn->cnum:-1;
-	fstrcpy(key.name, name);
-	dos_to_unix(key.name, True);           /* Convert key to unix-codepage */
 
-	kbuf.dptr = (char *)&key;
-	kbuf.dsize = sizeof(key);
-
-	/* fill in the crec */
-	ZERO_STRUCT(crec);
-	crec.magic = 0x280267;
-	crec.pid = sys_getpid();
-	crec.cnum = conn?conn->cnum:-1;
-	if (conn) {
-		crec.uid = conn->uid;
-		crec.gid = conn->gid;
-		StrnCpy(crec.name,
-			lp_servicename(SNUM(conn)),sizeof(crec.name)-1);
-	}
-	crec.start = time(NULL);
-	
-	StrnCpy(crec.machine,remote_machine,sizeof(crec.machine)-1);
-	StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1);
-
-	dbuf.dptr = (char *)&crec;
-	dbuf.dsize = sizeof(crec);
-
-	if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) return False;
-
-#ifdef WITH_UTMP
-	if (conn)
-	    utmp_claim(&crec, conn);
-#endif
-
-	return True;
+	return(True);
 }
 
-#ifdef WITH_UTMP
-
-/****************************************************************************
-Reflect connection status in utmp/wtmp files.
-	T.D.Lee@durham.ac.uk  September 1999
-
-	With grateful thanks since then to many who have helped port it to
-	different operating systems.  The variety of OS quirks thereby
-	uncovered is amazing...
-
-Hints for porting:
-	o  Always attempt to use programmatic interface (pututline() etc.)
-	   Indeed, at present only programmatic use is supported.
-	o  The only currently supported programmatic interface to "wtmp{,x}"
-	   is through "updwtmp*()" routines.
-	o  The "x" (utmpx/wtmpx; HAVE_UTMPX_H) seems preferable.
-	o  The HAVE_* items should identify supported features.
-	o  If at all possible, avoid "if defined(MY-OS)" constructions.
-
-OS observations and status:
-	Almost every OS seems to have its own quirks.
-
-	Solaris 2.x:
-		Tested on 2.6 and 2.7; should be OK on other flavours.
-	AIX:
-		Apparently has utmpx.h but doesn't implement.
-	OSF:
-		Has utmpx.h, but (e.g.) no "getutmpx()".  (Is this like AIX ?)
-	Redhat 6:
-		utmpx.h seems not to set default filenames.  non-x better.
-	IRIX 6.5:
-		Not tested.  Appears to have "x".
-	HP-UX 9.x:
-		Not tested.  Appears to lack "x".
-	HP-UX 10.x:
-		Not tested.
-		"updwtmp*()" routines seem absent, so no current wtmp* support.
-		Has "ut_addr": probably trivial to implement (although remember
-		that IPv6 is coming...).
-
-	FreeBSD:
-		No "putut*()" type of interface.
-		No "ut_type" and associated defines. 
-		Write files directly.  Alternatively use its login(3)/logout(3).
-	SunOS 4:
-		Not tested.  Resembles FreeBSD, but no login()/logout().
-
-lastlog:
-	Should "lastlog" files, if any, be updated?
-	BSD systems (SunOS 4, FreeBSD):
-		o  Prominent mention on man pages.
-	System-V (e.g. Solaris 2):
-		o  No mention on man pages, even under "man -k".
-		o  Has a "/var/adm/lastlog" file, but pututxline() etc. seem
-		   not to touch it.
-		o  Despite downplaying (above), nevertheless has <lastlog.h>.
-	So perhaps UN*X "lastlog" facility is intended for tty/terminal only?
-
-Notes:
-	Each connection requires a small number (starting at 0, working up)
-	to represent the line (unum).  This must be unique within and across
-	all smbd processes.
-
-	The 4 byte 'ut_id' component is vital to distinguish connections,
-	of which there could be several hundered or even thousand.
-	Entries seem to be printable characters, with optional NULL pads.
-
-	We need to be distinct from other entries in utmp/wtmp.
-
-	Observed things: therefore avoid them.  Add to this list please.
-	From Solaris 2.x (because that's what I have):
-		'sN'	: run-levels; N: [0-9]
-		'co'	: console
-		'CC'	: arbitrary things;  C: [a-z]
-		'rXNN'	: rlogin;  N: [0-9]; X: [0-9a-z]
-		'tXNN'	: rlogin;  N: [0-9]; X: [0-9a-z]
-		'/NNN'	: Solaris CDE
-		'ftpZ'	: ftp (Z is the number 255, aka 0377, aka 0xff)
-	Mostly a record uses the same 'ut_id' in both "utmp" and "wtmp",
-	but differences have been seen.
-
-	Arbitrarily I have chosen to use a distinctive 'SM' for the
-	first two bytes.
-
-	The remaining two encode the "unum" (see above).
-
-	For "utmp consolidate" the suggestion was made to encode the pid into
-	those remaining two bytes (16 bits).  But recent UNIX (e.g Solaris 8)
-	is migrating to pids > 16 bits, so we ought not to do this.
-
-****************************************************************************/
-
-#include <utmp.h>
-
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-
-/* BSD systems: some may need lastlog.h (SunOS 4), some may not (FreeBSD) */
-/* Some System-V systems (e.g. Solaris 2) declare this too. */
-#ifdef HAVE_LASTLOG_H
-#include <lastlog.h>
-#endif
+struct count_stat {
+	pid_t mypid;
+	int curr_connections;
+	char *name;
+	BOOL Clear;
+};
 
 /****************************************************************************
-obtain/release a small number (0 upwards) unique within and across smbds
+ Count the entries belonging to a service in the connection db.
 ****************************************************************************/
-/*
- * Need a "small" number to represent this connection, unique within this
- * smbd and across all smbds.
- *
- * claim:
- *	Start at 0, hunt up for free, unique number "unum" by attempting to
- *	store it as a key in a tdb database:
- *		key: unum		data: pid+conn  
- *	Also store its inverse, ready for yield function:
- *		key: pid+conn		data: unum
- *
- * yield:
- *	Find key: pid+conn; data is unum;  delete record
- *	Find key: unum ; delete record.
- *
- * Comment:
- *	The claim algorithm (a "for" loop attempting to store numbers in a tdb
- *	database) will be increasingly inefficient with larger numbers of
- *	connections.  Is it possible to write a suitable primitive within tdb?
- *
- *	However, by also storing the inverse key/data pair, we at least make
- *	the yield algorithm efficient.
- */
-
-static TDB_CONTEXT *tdb_utmp;
-
-struct utmp_tdb_data {
-	pid_t pid;
-	int cnum;
-};
-
-static int utmp_claim_tdb(const connection_struct *conn)
-{
-	struct utmp_tdb_data udata;
-	int i, slotnum;
-	TDB_DATA kbuf, dbuf;
-
-	if (!tdb_utmp) {
-		tdb_utmp = tdb_open(lock_path("utmp.tdb"), 0,
-				TDB_CLEAR_IF_FIRST, O_RDWR | O_CREAT, 0644);
-	}
-	if (!tdb_utmp) return(-1);
-
-	DEBUG(2,("utmp_claim_tdb: entered\n"));
-
-	ZERO_STRUCT(udata);
-	udata.pid = sys_getpid();
-	udata.cnum = conn ? conn->cnum : -1;
-
-	dbuf.dptr = (char *) &udata;
-	dbuf.dsize = sizeof(udata);
-
-	/* The key is simply a number as close as possible to zero: find it */
-	slotnum = -1;
-	/* stop loop when overflow +ve integers (a huge, busy machine!) */
-	for (i = 0; i >= 0 ; i++) {
-		kbuf.dptr = (char *) &i;
-		kbuf.dsize = sizeof(i);
-
-		if (tdb_store(tdb_utmp, kbuf, dbuf, TDB_INSERT) == 0) {
-			/* have successfully grabbed a free slot */
-			slotnum = i;
-
-			/* store the inverse for faster utmp_yield_tdb() */
-			tdb_store(tdb_utmp, dbuf, kbuf, TDB_INSERT);
-
-			break;	/* Got it; escape */
-		}
-	}
-	if (slotnum < 0) {	/* more connections than positive integers! */
-		DEBUG(2,("utmp_claim_tdb: failed\n"));
-		return(-1);
-	}
-
-	DEBUG(2,("utmp_claim_tdb: leaving with %d\n", slotnum));
-
-	return(slotnum);
-}
 
-static int utmp_yield_tdb(const connection_struct *conn)
+static int count_fn( TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *udp)
 {
-	struct utmp_tdb_data revkey;
-	int i, slotnum;
-	TDB_DATA kbuf, dbuf;
-
-	if (!tdb_utmp) {
-		return(-1);
-	}
-
-	DEBUG(2,("utmp_yield_tdb: entered\n"));
+	struct connections_data crec;
+	struct count_stat *cs = (struct count_stat *)udp;
+ 
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
 
-	ZERO_STRUCT(revkey);
-	revkey.pid = sys_getpid();
-	revkey.cnum = conn ? conn->cnum : -1;
+	memcpy(&crec, dbuf.dptr, sizeof(crec));
+ 
+    if (crec.cnum == -1)
+		return 0;
 
-	kbuf.dptr = (char *) &revkey;
-	kbuf.dsize = sizeof(revkey);
+	/* If the pid was not found delete the entry from connections.tdb */
 
-	dbuf = tdb_fetch(tdb_utmp, kbuf);
-	if (dbuf.dptr == NULL) {
-		DEBUG(2,("utmp_yield_tdb: failed\n"));
-		return(-1);		/* shouldn't happen */
+	if (cs->Clear && !process_exists(crec.pid) && (errno == ESRCH)) {
+		DEBUG(2,("pid %u doesn't exist - deleting connections %d [%s]\n",
+			(unsigned int)crec.pid, crec.cnum, crec.name));
+		if (tdb_delete(the_tdb, kbuf) != 0)
+			DEBUG(0,("count_fn: tdb_delete failed with error %s\n", tdb_errorstr(tdb) ));
+		return 0;
 	}
 
-	/* Save our result */
-	slotnum = *((int*) dbuf.dptr);
-
-	/* Tidy up */
-	tdb_delete(tdb_utmp, kbuf);
-	tdb_delete(tdb_utmp, dbuf);
-
-	free(dbuf.dptr);
-	DEBUG(2,("utmp_yield_tdb: leaving with %d\n", slotnum));
+	if (strequal(crec.name, cs->name))
+		cs->curr_connections++;
 
-	return(slotnum);
+	return 0;
 }
 
-#if defined(HAVE_UT_UT_ID)
 /****************************************************************************
-encode the unique connection number into "ut_id"
+ Claim an entry in the connections database.
 ****************************************************************************/
-static const char *ut_id_encstr =
-	"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 
-static
-int
-ut_id_encode(int i, char *fourbyte)
-{
-	int nbase;
-
-	fourbyte[0] = 'S';
-	fourbyte[1] = 'M';
-
-/*
- * Encode remaining 2 bytes from 'i'.
- * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
- * Example: digits would produce the base-10 numbers from '001'.
- */
-	nbase = strlen(ut_id_encstr);
-
-	fourbyte[3] = ut_id_encstr[i % nbase];
-	i /= nbase;
-	fourbyte[2] = ut_id_encstr[i % nbase];
-	i /= nbase;
-
-	return(i);	/* 0: good; else overflow */
-}
-#endif /* defined(HAVE_UT_UT_ID) */
-
-/*
- * ut_line:
- *	size small, e.g. Solaris: 12;  FreeBSD: 8
- *	pattern conventions differ across systems.
- * So take care in tweaking the template below.
- * Arguably, this could be yet another smb.conf parameter.
- */
-static const char *ut_line_template =
-#if defined(__FreeBSD__)
-	"smb%d" ;
-#else
-	"smb/%d" ;
-#endif
-
-/****************************************************************************
-Fill in a utmp (not utmpx) template
-****************************************************************************/
-static int utmp_fill(struct utmp *u, const connection_struct *conn, pid_t pid,
-  int i, pstring host)
+BOOL claim_connection(connection_struct *conn,char *name,int max_connections,BOOL Clear)
 {
-#if defined(HAVE_UT_UT_TIME)
-	struct timeval timeval;
-#endif /* defined(HAVE_UT_UT_TIME) */
-	char line_tmp[1024];	/* plenty big enough for slprintf() */
-	int line_len;
-	int rc = 0;
-
-/*
- * ut_name, ut_user:
- *	Several (all?) systems seems to define one as the other.
- *	It is easier and clearer simply to let the following take its course,
- *	rather than to try to detect and optimise.
- */
-#if defined(HAVE_UT_UT_USER)
-	pstrcpy(u->ut_user, conn->user);
-#endif /* defined(HAVE_UT_UT_USER) */
-
-#if defined(HAVE_UT_UT_NAME)
-	pstrcpy(u->ut_name, conn->user);
-#endif /* defined(HAVE_UT_UT_NAME) */
-
-/*
- * ut_line:
- *	If size limit proves troublesome, then perhaps use "ut_id_encode()".
- *
- * Temporary variable "line_tmp" avoids trouble:
- * o  with unwanted trailing NULL if ut_line full;
- * o  with overflow if ut_line would be more than full.
- */
-	memset(line_tmp, '\0', sizeof(line_tmp));
-	slprintf(line_tmp, sizeof(line_tmp)-1, (char *) ut_line_template, i);
-	line_len = strlen(line_tmp);
-	if (line_len <= sizeof(u->ut_line)) {
-		memcpy(u->ut_line, line_tmp, sizeof(u->ut_line));
-	}
-	else {
-		DEBUG(1,("utmp_fill: ut_line exceeds field length(%d > %d)\n",
-		  line_len, sizeof(u->ut_line)));
-		return(1);
-	}
+	struct connections_key key;
+	struct connections_data crec;
+	TDB_DATA kbuf, dbuf, lockkey;
+	BOOL rec_locked = False;
+	BOOL ret = True;
 
-#if defined(HAVE_UT_UT_PID)
-	u->ut_pid = pid;
-#endif /* defined(HAVE_UT_UT_PID) */
-
-/*
- * ut_time, ut_tv: 
- *	Some have one, some the other.  Many have both, but defined (aliased).
- *	It is easier and clearer simply to let the following take its course.
- *	But note that we do the more precise ut_tv as the final assignment.
- */
-#if defined(HAVE_UT_UT_TIME)
-	gettimeofday(&timeval, NULL);
-	u->ut_time = timeval.tv_sec;
-#endif /* defined(HAVE_UT_UT_TIME) */
-
-#if defined(HAVE_UT_UT_TV)
-	gettimeofday(&timeval, NULL);
-	u->ut_tv = timeval;
-#endif /* defined(HAVE_UT_UT_TV) */
-
-#if defined(HAVE_UT_UT_HOST)
-	if (host) {
-		pstrcpy(u->ut_host, host);
+	if (!tdb) {
+		tdb = tdb_open_log(lock_path("connections.tdb"), 0, TDB_CLEAR_IF_FIRST, 
+			       O_RDWR | O_CREAT, 0644);
 	}
-#endif /* defined(HAVE_UT_UT_HOST) */
+	if (!tdb)
+		return False;
 
-#if defined(HAVE_UT_UT_ADDR)
 	/*
-	 * "(unsigned long) ut_addr" apparently exists on at least HP-UX 10.20.
-	 * Volunteer to implement, please ...
-	 */
-#endif /* defined(HAVE_UT_UT_ADDR) */
-
-#if defined(HAVE_UT_UT_ID)
-	rc = ut_id_encode(i, u->ut_id);
-#endif /* defined(HAVE_UT_UT_ID) */
-
-	return(rc);
-}
-
-/****************************************************************************
-Default paths to various {u,w}tmp{,x} files
-****************************************************************************/
-#ifdef	HAVE_UTMPX_H
-
-static const char *ux_pathname =
-# if defined (UTMPX_FILE)
-	UTMPX_FILE ;
-# elif defined (_UTMPX_FILE)
-	_UTMPX_FILE ;
-# elif defined (_PATH_UTMPX)
-	_PATH_UTMPX ;
-# else
-	"" ;
-# endif
-
-static const char *wx_pathname =
-# if defined (WTMPX_FILE)
-	WTMPX_FILE ;
-# elif defined (_WTMPX_FILE)
-	_WTMPX_FILE ;
-# elif defined (_PATH_WTMPX)
-	_PATH_WTMPX ;
-# else
-	"" ;
-# endif
-
-#endif	/* HAVE_UTMPX_H */
-
-static const char *ut_pathname =
-# if defined (UTMP_FILE)
-	UTMP_FILE ;
-# elif defined (_UTMP_FILE)
-	_UTMP_FILE ;
-# elif defined (_PATH_UTMP)
-	_PATH_UTMP ;
-# else
-	"" ;
-# endif
-
-static const char *wt_pathname =
-# if defined (WTMP_FILE)
-	WTMP_FILE ;
-# elif defined (_WTMP_FILE)
-	_WTMP_FILE ;
-# elif defined (_PATH_WTMP)
-	_PATH_WTMP ;
-# else
-	"" ;
-# endif
-
-/* BSD-like systems might want "lastlog" support. */
-/* *** Not yet implemented */
-#ifndef HAVE_PUTUTLINE		/* see "pututline_my()" */
-static const char *ll_pathname =
-# if defined (_PATH_LASTLOG)	/* what other names (if any?) */
-	_PATH_LASTLOG ;
-# else
-	"" ;
-# endif	/* _PATH_LASTLOG */
-#endif	/* HAVE_PUTUTLINE */
-
-/*
- * Get name of {u,w}tmp{,x} file.
- *	return: fname contains filename
- *		Possibly empty if this code not yet ported to this system.
- *
- * utmp{,x}:  try "utmp dir", then default (a define)
- * wtmp{,x}:  try "wtmp dir", then "utmp dir", then default (a define)
- */
-static void uw_pathname(pstring fname, const char *uw_name, const char *uw_default)
-{
-	pstring dirname;
-
-	pstrcpy(dirname, "");
-
-	/* For w-files, first look for explicit "wtmp dir" */
-	if (uw_name[0] == 'w') {
-		pstrcpy(dirname,lp_wtmpdir());
-		trim_string(dirname,"","/");
-	}
-
-	/* For u-files and non-explicit w-dir, look for "utmp dir" */
-	if (dirname == 0 || strlen(dirname) == 0) {
-		pstrcpy(dirname,lp_utmpdir());
-		trim_string(dirname,"","/");
-	}
-
-	/* If explicit directory above, use it */
-	if (dirname != 0 && strlen(dirname) != 0) {
-		pstrcpy(fname, dirname);
-		pstrcat(fname, "/");
-		pstrcat(fname, uw_name);
-		return;
-	}
-
-	/* No explicit directory: attempt to use default paths */
-	if (strlen(uw_default) == 0) {
-		/* No explicit setting, no known default.
-		 * Has it yet been ported to this OS?
-		 */
-		DEBUG(2,("uw_pathname: unable to determine pathname\n"));
-	}
-	pstrcpy(fname, uw_default);
-}
-
-#ifndef HAVE_PUTUTLINE
-/****************************************************************************
-Update utmp file directly.  No subroutine interface: probably a BSD system.
-****************************************************************************/
-static void pututline_my(pstring uname, struct utmp *u, BOOL claim)
-{
-	DEBUG(1,("pututline_my: not yet implemented\n"));
-	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
-}
-#endif /* HAVE_PUTUTLINE */
-
-#ifndef HAVE_UPDWTMP
-/****************************************************************************
-Update wtmp file directly.  No subroutine interface: probably a BSD system.
-Credit: Michail Vidiassov <master@iaas.msu.ru>
-****************************************************************************/
-static void updwtmp_my(pstring wname, struct utmp *u, BOOL claim)
-{
-	int fd;
-	struct stat buf;
-
-	if (! claim) {
-		/*
-	 	 * BSD-like systems:
-		 *	may use empty ut_name to distinguish a logout record.
-		 *
-		 * May need "if defined(SUNOS4)" etc. around some of these,
-		 * but try to avoid if possible.
-		 *
-		 * SunOS 4:
-		 *	man page indicates ut_name and ut_host both NULL
-		 * FreeBSD 4.0:
-		 *	man page appears not to specify (hints non-NULL)
-		 *	A correspondent suggest at least ut_name should be NULL
-		 */
-		memset((char *)&(u->ut_name), '\0', sizeof(u->ut_name));
-		memset((char *)&(u->ut_host), '\0', sizeof(u->ut_host));
-	}
-	/* Stolen from logwtmp function in libutil.
-	 * May be more locking/blocking is needed?
+	 * Enforce the max connections parameter.
 	 */
-	if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
-		return;
-	if (fstat(fd, &buf) == 0) {
-		if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
-		(void) ftruncate(fd, buf.st_size);
-	}
-	(void) close(fd);
-}
-#endif /* HAVE_UPDWTMP */
 
-/****************************************************************************
-Update via utmp/wtmp (not utmpx/wtmpx)
-****************************************************************************/
-static void utmp_nox_update(struct utmp *u, pstring host, BOOL claim)
-{
-	pstring uname, wname;
-#if defined(PUTUTLINE_RETURNS_UTMP)
-	struct utmp *urc;
-#endif /* PUTUTLINE_RETURNS_UTMP */
-
-	uw_pathname(uname, "utmp", ut_pathname);
-	DEBUG(2,("utmp_nox_update: uname:%s\n", uname));
+	if (max_connections > 0) {
+		struct count_stat cs;
 
-#ifdef HAVE_PUTUTLINE
-	if (strlen(uname) != 0) {
-		utmpname(uname);
-	}
+		cs.mypid = sys_getpid();
+		cs.curr_connections = 0;
+		cs.name = lp_servicename(SNUM(conn));
+		cs.Clear = Clear;
 
-# if defined(PUTUTLINE_RETURNS_UTMP)
-	setutent();
-	urc = pututline(u);
-	endutent();
-	if (urc == NULL) {
-		DEBUG(2,("utmp_nox_update: pututline() failed\n"));
-		return;
-	}
-# else	/* PUTUTLINE_RETURNS_UTMP */
-	setutent();
-	pututline(u);
-	endutent();
-# endif	/* PUTUTLINE_RETURNS_UTMP */
-
-#else	/* HAVE_PUTUTLINE */
-	if (strlen(uname) != 0) {
-		pututline_my(uname, u, claim);
-	}
-#endif /* HAVE_PUTUTLINE */
+		lockkey.dptr = cs.name;
+		lockkey.dsize = strlen(cs.name)+1;
 
-	uw_pathname(wname, "wtmp", wt_pathname);
-	DEBUG(2,("utmp_nox_update: wname:%s\n", wname));
-	if (strlen(wname) != 0) {
-#ifdef HAVE_UPDWTMP
-		updwtmp(wname, u);
 		/*
-		 * updwtmp() and the newer updwtmpx() may be unsymmetrical.
-		 * At least one OS, Solaris 2.x declares the former in the
-		 * "utmpx" (latter) file and context.
-		 * In the Solaris case this is irrelevant: it has both and
-		 * we always prefer the "x" case, so doesn't come here.
-		 * But are there other systems, with no "x", which lack
-		 * updwtmp() perhaps?
+		 * Go through and count the connections with hash chain representing the service name
+		 * locked. This is slow but removes race conditions. JRA.
 		 */
-#else
-		updwtmp_my(wname, u, claim);
-#endif /* HAVE_UPDWTMP */
-	}
-}
-
-/****************************************************************************
-Update via utmpx/wtmpx (preferred) or via utmp/wtmp
-****************************************************************************/
-static void utmp_update(struct utmp *u, pstring host, BOOL claim)
-{
-#if !defined(HAVE_UTMPX_H)
-	/* No utmpx stuff.  Drop to non-x stuff */
-	utmp_nox_update(u, host, claim);
-#elif !defined(HAVE_PUTUTXLINE)
-	/* Odd.  Have utmpx.h but no "pututxline()".  Drop to non-x stuff */
-	DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
-	utmp_nox_update(u, host, claim);
-#elif !defined(HAVE_GETUTMPX)
-	/* Odd.  Have utmpx.h but no "getutmpx()".  Drop to non-x stuff */
-	DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
-	utmp_nox_update(u, host, claim);
-#else
-	pstring uname, wname;
-	struct utmpx ux, *uxrc;
-
-	getutmpx(u, &ux);
-	if (host) {
-#if defined(HAVE_UX_UT_SYSLEN)
-		ux.ut_syslen = strlen(host) + 1;	/* include end NULL */
-#endif /* defined(HAVE_UX_UT_SYSLEN) */
-		pstrcpy(ux.ut_host, host);
-	}
 
-	uw_pathname(uname, "utmpx", ux_pathname);
-	uw_pathname(wname, "wtmpx", wx_pathname);
-	DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
-	/*
-	 * Check for either uname or wname being empty.
-	 * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
-	 * define default filenames.
-	 * Also, our local installation has not provided an override.
-	 * Drop to non-x method.  (E.g. RH6 has good defaults in "utmp.h".)
-	 */
-	if ((strlen(uname) == 0) || (strlen(wname) == 0)) {
-		utmp_nox_update(u, host, claim);
-	}
-	else {
-		utmpxname(uname);
-		setutxent();
-		uxrc = pututxline(&ux);
-		endutxent();
-		if (uxrc == NULL) {
-			DEBUG(2,("utmp_update: pututxline() failed\n"));
-			return;
+		if (tdb_chainlock(tdb, lockkey)) {
+			DEBUG(0,("claim_connection: tdb_chainlock failed %s\n",
+				tdb_errorstr(tdb) ));
+			return False;
 		}
-#ifdef HAVE_UPDWTMPX
-		updwtmpx(wname, &ux);
-#else
-		/* Have utmpx.h but no "updwtmpx()". */
-		DEBUG(1,("utmp_update: no updwtmpx() function\n"));
-#endif /* HAVE_UPDWTMPX */
-	}
-#endif /* HAVE_UTMPX_H */
-}
 
-/*
- * "utmp consolidate": some background:
- *	False (default):
- *		In "utmp" files note every connection via this process.
- *		Argument "i" is simply a tty-like number we can use as-is.
- *	True:
- *		In "utmp" files, only note first open and final close.  Keep:
- *		o  count of open processes;
- *		o  record value of first "i", to use as "i" in final close.
- */
-static int utmp_count = 0;
-static int utmp_consolidate_conn_num;
+		rec_locked = True;
 
-/****************************************************************************
-close a connection
-****************************************************************************/
-static void utmp_yield(pid_t pid, const connection_struct *conn)
-{
-	struct utmp u;
-	int conn_num, i;
-
-	if (! lp_utmp(SNUM(conn))) {
-		DEBUG(2,("utmp_yield: lp_utmp() NULL\n"));
-		return;
-	}
-
-	i = utmp_yield_tdb(conn);
-	if (i < 0) {
-		DEBUG(2,("utmp_yield: utmp_yield_tdb() failed\n"));
-		return;
-	}
-	conn_num = i;
-	DEBUG(2,("utmp_yield: conn: user:%s cnum:%d i:%d (utmp_count:%d)\n",
-	  conn->user, conn->cnum, i, utmp_count));
-
-	utmp_count -= 1;
-	if (lp_utmp_consolidate()) {
-		if (utmp_count > 0) {
-			DEBUG(2,("utmp_yield: utmp consolidate: %d entries still open\n", utmp_count));
-			return;
+		if (tdb_traverse(tdb, count_fn, &cs) == -1) {
+			DEBUG(0,("claim_connection: traverse of connections.tdb failed with error %s.\n",
+				tdb_errorstr(tdb) ));
+			ret = False;
+			goto out;
 		}
-		else {
-			/* consolidate; final close: override conn_num  */
-			conn_num = utmp_consolidate_conn_num;
+
+		if (cs.curr_connections >= max_connections) {
+			DEBUG(1,("claim_connection: Max connections (%d) exceeded for %s\n",
+				max_connections, name ));
+			ret = False;
+			goto out;
 		}
 	}
 
-	memset((char *)&u, '\0', sizeof(struct utmp));
-
-#if defined(HAVE_UT_UT_EXIT)
-	u.ut_exit.e_termination = 0;
-	u.ut_exit.e_exit = 0;
-#endif	/* defined(HAVE_UT_UT_EXIT) */
-
-#if defined(HAVE_UT_UT_TYPE)
-	u.ut_type = DEAD_PROCESS;
-#endif	/* defined(HAVE_UT_UT_TYPE) */
-
-	if (utmp_fill(&u, conn, pid, conn_num, NULL) == 0) {
-		utmp_update(&u, NULL, False);
-	}
-}
-
-/****************************************************************************
-open a connection
-****************************************************************************/
-static void utmp_claim(const struct connections_data *crec, const connection_struct *conn)
-{
-	struct utmp u;
-	pstring host;
-	int i;
-
-	if (conn == NULL) {
-		DEBUG(2,("utmp_claim: conn NULL\n"));
-		return;
-	}
+	DEBUG(5,("claiming %s %d\n",name,max_connections));
 
-	if (! lp_utmp(SNUM(conn))) {
-		DEBUG(2,("utmp_claim: lp_utmp() NULL\n"));
-		return;
-	}
+	ZERO_STRUCT(key);
+	key.pid = sys_getpid();
+	key.cnum = conn?conn->cnum:-1;
+	fstrcpy(key.name, name);
+	dos_to_unix(key.name, True);           /* Convert key to unix-codepage */
 
-	i = utmp_claim_tdb(conn);
-	if (i < 0) {
-		DEBUG(2,("utmp_claim: utmp_claim_tdb() failed\n"));
-		return;
-	}
+	kbuf.dptr = (char *)&key;
+	kbuf.dsize = sizeof(key);
 
-	pstrcpy(host, lp_utmp_hostname());
-	if (host == 0 || strlen(host) == 0) {
-		pstrcpy(host, crec->machine);
-	}
-	else {
-		/* explicit "utmp host": expand for any "%" variables */
-		standard_sub_basic(host);
+	/* fill in the crec */
+	ZERO_STRUCT(crec);
+	crec.magic = 0x280267;
+	crec.pid = sys_getpid();
+	crec.cnum = conn?conn->cnum:-1;
+	if (conn) {
+		crec.uid = conn->uid;
+		crec.gid = conn->gid;
+		StrnCpy(crec.name,
+			lp_servicename(SNUM(conn)),sizeof(crec.name)-1);
 	}
+	crec.start = time(NULL);
+	
+	StrnCpy(crec.machine,remote_machine,sizeof(crec.machine)-1);
+	StrnCpy(crec.addr,conn?conn->client_address:client_addr(),sizeof(crec.addr)-1);
 
-	DEBUG(2,("utmp_claim: conn: user:%s cnum:%d i:%d (utmp_count:%d)\n",
-	  conn->user, conn->cnum, i, utmp_count));
-	DEBUG(2,("utmp_claim: crec: pid:%d, cnum:%d name:%s addr:%s mach:%s DNS:%s host:%s\n",
-	  crec->pid, crec->cnum, crec->name, crec->addr, crec->machine, client_name(), host));
+	dbuf.dptr = (char *)&crec;
+	dbuf.dsize = sizeof(crec);
 
-	utmp_count += 1;
-	if (lp_utmp_consolidate()) {
-		if (utmp_count > 1) {
-			DEBUG(2,("utmp_claim: utmp consolidate: %d entries already open\n", (utmp_count-1)));
-			return;
-		}
-		else {
-			/* consolidate; first open: keep record of "i" */
-			utmp_consolidate_conn_num = i;
-		}
+	if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) {
+		DEBUG(0,("claim_connection: tdb_store failed with error %s.\n",
+			tdb_errorstr(tdb) ));
+		ret = False;
 	}
 
-	memset((char *)&u, '\0', sizeof(struct utmp));
+  out:
 
-#if defined(HAVE_UT_UT_TYPE)
-	u.ut_type = USER_PROCESS;
-#endif	/* defined(HAVE_UT_UT_TYPE) */
+	if (rec_locked)
+		tdb_chainunlock(tdb, lockkey);
 
-	if (utmp_fill(&u, conn, crec->pid, i, host) == 0) {
-		utmp_update(&u, host, True);
-	}
+	return ret;
 }
-
-#endif	/* WITH_UTMP */
diff --git a/source/smbd/dir.c b/source/smbd/dir.c
index 5bf0dec9444..fa9cbdc4a2a 100644
--- a/source/smbd/dir.c
+++ b/source/smbd/dir.c
@@ -663,6 +663,36 @@ typedef struct
 } Dir;
 
 
+
+/*******************************************************************
+check to see if a user can read a file. This is only approximate,
+it is used as part of the "hide unreadable" option. Don't
+use it for anything security sensitive
+********************************************************************/
+static BOOL user_can_read_file(connection_struct *conn, char *name)
+{
+	SMB_STRUCT_STAT ste;
+
+	/* if we can't stat it does not show it */
+	if (vfs_stat(conn, name, &ste) != 0) return False;
+
+	if (ste.st_uid == conn->uid) {
+		return (ste.st_mode & S_IRUSR) == S_IRUSR;
+      	} else {
+		int i;
+		if (ste.st_gid == conn->gid) {
+			return (ste.st_mode & S_IRGRP) == S_IRGRP;
+		}
+		for (i=0; i<conn->ngroups; i++) {
+			if (conn->groups[i] == ste.st_gid) {
+				return (ste.st_mode & S_IRGRP) == S_IRGRP;
+			}
+		}
+	}
+
+	return (ste.st_mode & S_IROTH) == S_IROTH;
+}
+
 /*******************************************************************
  Open a directory.
 ********************************************************************/
@@ -677,6 +707,7 @@ void *OpenDir(connection_struct *conn, char *name, BOOL use_veto)
   if (!p) return(NULL);
   dirp = (Dir *)malloc(sizeof(Dir));
   if (!dirp) {
+    DEBUG(0,("Out of memory in OpenDir\n"));
     conn->vfs_ops.closedir(conn,p);
     return(NULL);
   }
@@ -695,6 +726,18 @@ void *OpenDir(connection_struct *conn, char *name, BOOL use_veto)
     /* If it's a vetoed file, pretend it doesn't even exist */
     if (use_veto && conn && IS_VETO_PATH(conn, n)) continue;
 
+    /* Honour _hide unreadable_ option */
+    if (conn && lp_hideunreadable(SNUM(conn))) {
+	    char *entry;
+	    int ret=0;
+      
+	    if (asprintf(&entry, "%s/%s/%s", conn->origpath, name, n) > 0) {
+		    ret = user_can_read_file(conn, entry);
+		    free(entry);
+	    }
+	    if (!ret) continue;
+    }
+
     if (used + l > dirp->mallocsize) {
       int s = MAX(used+l,used+2000);
       char *r;
diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c
index 6fd4951769f..76b043c2dac 100644
--- a/source/smbd/ipc.c
+++ b/source/smbd/ipc.c
@@ -103,12 +103,12 @@ void send_trans_reply(char *outbuf,
 	if (buffer_too_large)
 	{
 		/* issue a buffer size warning.  on a DCE/RPC pipe, expect an SMBreadX... */
-		if (!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32 ))) {
+		if (!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32 ))) { 
 			/* Win9x version. */
 			SSVAL(outbuf, smb_err, ERRmoredata);
 			SCVAL(outbuf, smb_rcls, ERRDOS);
 		} else {
-			SIVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
+			SIVAL(outbuf, smb_flg2, SVAL(outbuf, smb_flg2) | FLAGS2_32_BIT_ERROR_CODES);
 			SIVAL(outbuf, smb_rcls, 0x80000000 | STATUS_BUFFER_OVERFLOW);
 		}
 	}
@@ -128,7 +128,8 @@ void send_trans_reply(char *outbuf,
 	SSVAL(outbuf,smb_vwv9,0);
 
 	show_msg(outbuf);
-	send_smb(smbd_server_fd(),outbuf);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_trans_reply: send_smb failed.\n");
 
 	tot_data_sent = this_ldata;
 	tot_param_sent = this_lparam;
@@ -161,7 +162,8 @@ void send_trans_reply(char *outbuf,
 		SSVAL(outbuf,smb_vwv9,0);
 
 		show_msg(outbuf);
-		send_smb(smbd_server_fd(),outbuf);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("send_trans_reply: send_smb failed.\n");
 
 		tot_data_sent  += this_ldata;
 		tot_param_sent += this_lparam;
@@ -424,7 +426,8 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 		   of the parameter/data bytes */
 		outsize = set_message(outbuf,0,0,True);
 		show_msg(outbuf);
-		send_smb(smbd_server_fd(),outbuf);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_trans: send_smb failed.\n");
 	}
 
 	/* receive the rest of the trans packet */
@@ -489,10 +492,18 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
 			(name[strlen(local_machine)+1] == '\\'))
 		name_offset = strlen(local_machine)+1;
 
-	if (strncmp(&name[name_offset],"\\PIPE\\",strlen("\\PIPE\\")) == 0) {
+	if (strnequal(&name[name_offset], "\\PIPE", strlen("\\PIPE"))) {
+		name_offset += strlen("\\PIPE");
+
+		/* Win9x weirdness.  When talking to a unicode server Win9x
+		   only sends \PIPE instead of \PIPE\ */
+
+		if (name[name_offset] == '\\')
+			name_offset++;
+
 		DEBUG(5,("calling named_pipe\n"));
 		outsize = named_pipe(conn,vuid,outbuf,
-				     name+name_offset+strlen("\\PIPE\\"),setup,data,params,
+				     name+name_offset,setup,data,params,
 				     suwcnt,tdscnt,tpscnt,msrcnt,mdrcnt,mprcnt);
 	} else {
 		DEBUG(3,("invalid pipe name\n"));
diff --git a/source/smbd/message.c b/source/smbd/message.c
index 59b8cf85869..b3da3f2b611 100644
--- a/source/smbd/message.c
+++ b/source/smbd/message.c
@@ -61,13 +61,12 @@ static void msg_deliver(void)
   }
 
   /*
-   * Incoming message is in DOS codepage format. Convert to UNIX in
-   * place.
+   * Incoming message is in DOS codepage format. Convert to UNIX.
    */
 
   if(msgpos > 0) {
     msgbuf[msgpos] = '\0'; /* Ensure null terminated. */
-    dos_to_unix(msgbuf,True);
+    pstrcpy(msgbuf,dos_to_unix(msgbuf,False));
   }
 
   for (i=0;i<msgpos;) {
diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c
index 8ce9074d806..25419caf625 100644
--- a/source/smbd/negprot.c
+++ b/source/smbd/negprot.c
@@ -160,6 +160,8 @@ static int reply_nt1(char *outbuf)
   /* dual names + lock_and_read + nt SMBs + remote API calls */
   int capabilities = CAP_NT_FIND|CAP_LOCK_AND_READ|CAP_LEVEL_II_OPLOCKS|
                      (lp_nt_smb_support() ? CAP_NT_SMBS | CAP_RPC_REMOTE_APIS : 0) |
+					 ((lp_large_readwrite() && (SMB_OFF_T_BITS == 64)) ?
+							CAP_LARGE_READX | CAP_LARGE_WRITEX | CAP_W2K_SMBS : 0) |
                      (SMB_OFF_T_BITS == 64 ? CAP_LARGE_FILES : 0);
 
 
diff --git a/source/smbd/notify.c b/source/smbd/notify.c
index 429723c19e7..3c21ce1e1b5 100644
--- a/source/smbd/notify.c
+++ b/source/smbd/notify.c
@@ -71,7 +71,8 @@ static void change_notify_reply_packet(char *inbuf, uint32 error_code)
 	 */
 	set_message(outbuf,18,0,False);
 
-	send_smb(smbd_server_fd(),outbuf);
+	if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("change_notify_reply_packet: send_smb failed.\n");
 }
 
 /****************************************************************************
diff --git a/source/smbd/notify_kernel.c b/source/smbd/notify_kernel.c
index 6509354e9b9..d7408c06b57 100644
--- a/source/smbd/notify_kernel.c
+++ b/source/smbd/notify_kernel.c
@@ -24,9 +24,9 @@
 #if HAVE_KERNEL_CHANGE_NOTIFY
 
 extern int DEBUGLEVEL;
-static VOLATILE SIG_ATOMIC_T fd_pending;
-static VOLATILE SIG_ATOMIC_T signals_received;
-static VOLATILE SIG_ATOMIC_T signals_processed;
+static VOLATILE sig_atomic_t fd_pending;
+static VOLATILE sig_atomic_t signals_received;
+static VOLATILE sig_atomic_t signals_processed;
 
 #ifndef DN_ACCESS
 #define DN_ACCESS       0x00000001      /* File accessed in directory */
@@ -62,10 +62,10 @@ struct change_data {
 /****************************************************************************
 the signal handler for change notify
 *****************************************************************************/
-static void signal_handler(int signal, siginfo_t *info, void *unused)
+static void signal_handler(int sig, siginfo_t *info, void *unused)
 {
-	BlockSignals(True, signal);
-	fd_pending = (SIG_ATOMIC_T)info->si_fd;
+	BlockSignals(True, sig);
+	fd_pending = (sig_atomic_t)info->si_fd;
 	signals_received++;
 	sys_select_signal();
 }
@@ -89,7 +89,7 @@ static BOOL kernel_check_notify(connection_struct *conn, uint16 vuid, char *path
 	DEBUG(3,("kernel change notify on %s fd=%d\n", path, (int)fd_pending));
 
 	close((int)fd_pending);
-	fd_pending = (SIG_ATOMIC_T)-1;
+	fd_pending = (sig_atomic_t)-1;
 	data->directory_handle = -1;
 	signals_processed++;
 	BlockSignals(False, RT_SIGNAL_NOTIFY);
@@ -105,7 +105,7 @@ static void kernel_remove_notify(void *datap)
 	int fd = data->directory_handle;
 	if (fd != -1) {
 		if (fd == (int)fd_pending) {
-			fd_pending = (SIG_ATOMIC_T)-1;
+			fd_pending = (sig_atomic_t)-1;
 			signals_processed++;
 			BlockSignals(False, RT_SIGNAL_NOTIFY);
 		}
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index dcfc74d19a3..7dfe4b7e1e8 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -96,7 +96,8 @@ static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_err
    */
 
   if(params_to_send == 0 && data_to_send == 0) {
-    send_smb(smbd_server_fd(),outbuf);
+    if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_nt_replies: send_smb failed.\n");
     return 0;
   }
 
@@ -225,7 +226,8 @@ static int send_nt_replies(char *inbuf, char *outbuf, int bufsize, uint32 nt_err
           params_to_send, data_to_send, paramsize, datasize));
     
     /* Send the packet */
-    send_smb(smbd_server_fd(),outbuf);
+    if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_nt_replies: send_smb failed.\n");
     
     pp += params_sent_thistime;
     pd += data_sent_thistime;
@@ -704,6 +706,7 @@ int reply_ntcreate_and_X(connection_struct *conn,
 	files_struct *fsp=NULL;
 	char *p = NULL;
 	BOOL stat_open_only = False;
+	time_t c_time;
 	START_PROFILE(SMBntcreateX);
 
 	/* If it's an IPC, use the pipe handler. */
@@ -994,7 +997,16 @@ int reply_ntcreate_and_X(connection_struct *conn,
 	p += 4;
 	
 	/* Create time. */  
-	put_long_date(p,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+	c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+	if (lp_dos_filetime_resolution(SNUM(conn))) {
+		c_time &= ~1;
+		sbuf.st_atime &= ~1;
+		sbuf.st_mtime &= ~1;
+		sbuf.st_mtime &= ~1;
+	}
+
+	put_long_date(p,c_time);
 	p += 8;
 	put_long_date(p,sbuf.st_atime); /* access time */
 	p += 8;
@@ -1201,6 +1213,7 @@ static int call_nt_transact_create(connection_struct *conn,
   int smb_attr;
   int error_class;
   uint32 error_code;
+  time_t c_time;
 
   DEBUG(5,("call_nt_transact_create\n"));
 
@@ -1482,7 +1495,16 @@ static int call_nt_transact_create(connection_struct *conn,
   p += 8;
 
   /* Create time. */
-  put_long_date(p,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+  c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+  if (lp_dos_filetime_resolution(SNUM(conn))) {
+    c_time &= ~1;
+    sbuf.st_atime &= ~1;
+    sbuf.st_mtime &= ~1;
+    sbuf.st_mtime &= ~1;
+  }
+
+  put_long_date(p,c_time);
   p += 8;
   put_long_date(p,sbuf.st_atime); /* access time */
   p += 8;
@@ -1882,7 +1904,8 @@ due to being in oplock break state.\n" ));
     /* We need to send an interim response then receive the rest
        of the parameter/data bytes */
     outsize = set_message(outbuf,0,0,True);
-    send_smb(smbd_server_fd(),outbuf);
+    if (!send_smb(smbd_server_fd(),outbuf))
+      exit_server("reply_nttrans: send_smb failed.\n");
 
     while( num_data_sofar < total_data_count || num_params_sofar < total_parameter_count) {
       BOOL ret;
diff --git a/source/smbd/open.c b/source/smbd/open.c
index c6d4a44688c..92b164ce951 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -238,7 +238,7 @@ static int truncate_unless_locked(struct connection_struct *conn, files_struct *
 {
 	SMB_BIG_UINT mask = (SMB_BIG_UINT)-1;
 
-	if (is_locked(fsp,fsp->conn,mask,0,WRITE_LOCK)){
+	if (is_locked(fsp,fsp->conn,mask,0,WRITE_LOCK,True)){
 		errno = EACCES;
 		unix_ERR_class = ERRDOS;
 		unix_ERR_code = ERRlock;
@@ -492,8 +492,8 @@ static int open_mode_check(connection_struct *conn, const char *fname, SMB_DEV_T
 
         BOOL opb_ret;
 
-        DEBUG(5,("open_mode_check: breaking oplock (%x) on file %s, \
-dev = %x, inode = %.0f\n", share_entry->op_type, fname, (unsigned int)dev, (double)inode));
+        DEBUG(5,("open_mode_check: oplock_request = %d, breaking oplock (%x) on file %s, \
+dev = %x, inode = %.0f\n", *p_oplock_request, share_entry->op_type, fname, (unsigned int)dev, (double)inode));
 
         /* Oplock break - unlock to request it. */
         unlock_share_entry(conn, dev, inode);
@@ -596,11 +596,11 @@ files_struct *open_file_shared(connection_struct *conn,char *fname, SMB_STRUCT_S
 	uint16 port = 0;
 
 	if (conn->printer) {
-		/* printers are handled completely differently. Most of the passed parameters are
-			ignored */
+		/* printers are handled completely differently. Most
+			of the passed parameters are ignored */
 		*Access = DOS_OPEN_WRONLY;
 		*action = FILE_WAS_CREATED;
-		return print_fsp_open(conn, fname);
+		return print_fsp_open(conn);
 	}
 
 	fsp = file_new(conn);
@@ -779,6 +779,14 @@ flags=0x%X flags2=0x%X mode=0%o returned %d\n",
 		}
 
 		/*
+		 * If there are any share modes set then the file *did*
+		 * exist. Ensure we return the correct value for action.
+		 */
+
+		if (num_share_modes > 0)
+			file_existed = True;
+
+		/*
 		 * We exit this block with the share entry *locked*.....
 		 */
 	}
diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
index e0b494017a0..cc2581375ea 100644
--- a/source/smbd/oplock.c
+++ b/source/smbd/oplock.c
@@ -572,7 +572,8 @@ BOOL oplock_break_level2(files_struct *fsp, BOOL local_request, int token)
     /* Prepare the SMBlockingX message. */
 
     prepare_break_message( outbuf, fsp, False);
-    send_smb(smbd_server_fd(), outbuf);
+    if (!send_smb(smbd_server_fd(), outbuf))
+		exit_server("oplock_break_level2: send_smb failed.\n");
   }
 
   /*
@@ -676,13 +677,13 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
      messages crossing on the wire.
    */
 
-  if((inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL)
+  if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL)
   {
     DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
     return False;
   }
 
-  if((outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN))==NULL)
+  if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL)
   {
     DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
     free(inbuf);
@@ -716,7 +717,8 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, struct timeval *tval, B
   fsp->sent_oplock_break = using_levelII?
 	  LEVEL_II_BREAK_SENT:EXCLUSIVE_BREAK_SENT;
 
-  send_smb(smbd_server_fd(), outbuf);
+  if (!send_smb(smbd_server_fd(), outbuf))
+    exit_server("oplock_break: send_smb failed.\n");
 
   /* We need this in case a readraw crosses on the wire. */
   global_oplock_break = True;
@@ -1193,7 +1195,7 @@ setup oplocks for this process
 BOOL init_oplocks(void)
 {
 	struct sockaddr_in sock_name;
-	int len = sizeof(sock_name);
+	socklen_t len = sizeof(sock_name);
 
 	DEBUG(3,("open_oplock_ipc: opening loopback UDP socket.\n"));
 
diff --git a/source/smbd/oplock_linux.c b/source/smbd/oplock_linux.c
index e070761f108..39ee3eb86b3 100644
--- a/source/smbd/oplock_linux.c
+++ b/source/smbd/oplock_linux.c
@@ -25,9 +25,9 @@
 
 extern int DEBUGLEVEL;
 
-static VOLATILE SIG_ATOMIC_T signals_received;
-static VOLATILE SIG_ATOMIC_T signals_processed;
-static VOLATILE SIG_ATOMIC_T fd_pending; /* the fd of the current pending signal */
+static VOLATILE sig_atomic_t signals_received;
+static VOLATILE sig_atomic_t signals_processed;
+static VOLATILE sig_atomic_t fd_pending; /* the fd of the current pending signal */
 
 #ifndef F_SETLEASE
 #define F_SETLEASE	1024
@@ -52,10 +52,10 @@ static VOLATILE SIG_ATOMIC_T fd_pending; /* the fd of the current pending signal
 /****************************************************************************
 handle a LEASE signal, incrementing the signals_received and blocking the signal
 ****************************************************************************/
-static void signal_handler(int signal, siginfo_t *info, void *unused)
+static void signal_handler(int sig, siginfo_t *info, void *unused)
 {
-	BlockSignals(True, signal);
-	fd_pending = (SIG_ATOMIC_T)info->si_fd;
+	BlockSignals(True, sig);
+	fd_pending = (sig_atomic_t)info->si_fd;
 	signals_received++;
 	sys_select_signal();
 }
@@ -127,7 +127,7 @@ static BOOL linux_oplock_receive_message(fd_set *fds, char *buffer, int buffer_l
 	SMB_DEV_T dev;
 	SMB_INO_T inode;
 	SMB_STRUCT_STAT sbuf;
-	BOOL ret;
+	BOOL ret = True;
 
 	if (signals_received == signals_processed) return False;
 
@@ -160,11 +160,11 @@ dev = %x, inode = %.0f\n", (unsigned int)dev, (double)inode ));
 
  out:
 	/* now we can receive more signals */
-	fd_pending = (SIG_ATOMIC_T)-1;
+	fd_pending = (sig_atomic_t)-1;
 	signals_processed++;
 	BlockSignals(False, RT_SIGNAL_LEASE);
      
-	return True;
+	return ret;
 }
 
 
diff --git a/source/smbd/password.c b/source/smbd/password.c
index 1844b90dd05..5ae1c89ace7 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -110,8 +110,9 @@ user_struct *get_valid_user_struct(uint16 vuid)
 
 	for (usp=validated_users;usp;usp=usp->next,count++) {
 		if (vuid == usp->vuid) {
-			if (count > 10)
-                DLIST_PROMOTE(validated_users, usp);
+			if (count > 10) {
+				DLIST_PROMOTE(validated_users, usp);
+			}
 			return usp;
 		}
 	}
@@ -129,6 +130,8 @@ void invalidate_vuid(uint16 vuid)
 	if (vuser == NULL)
 		return;
 
+	session_yield(vuid);
+
 	DLIST_REMOVE(validated_users, vuser);
 
 	safe_free(vuser->groups);
@@ -138,6 +141,20 @@ void invalidate_vuid(uint16 vuid)
 }
 
 /****************************************************************************
+invalidate all vuid entries for this process
+****************************************************************************/
+void invalidate_all_vuids(void)
+{
+	user_struct *usp, *next=NULL;
+
+	for (usp=validated_users;usp;usp=next) {
+		next = usp->next;
+		
+		invalidate_vuid(usp->vuid);
+	}
+}
+
+/****************************************************************************
 return a validated username
 ****************************************************************************/
 char *validated_username(uint16 vuid)
@@ -244,8 +261,8 @@ has been given. vuid is biased by an offset. This allows us to
 tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
 
-uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, 
-		     char *domain,BOOL guest)
+int register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, 
+		  char *domain,BOOL guest)
 {
 	user_struct *vuser = NULL;
 	struct passwd *pwfile; /* for getting real name from passwd file */
@@ -305,12 +322,15 @@ uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
 	DEBUG(3,("uid %d registered to name %s\n",(int)uid,unix_name));
 
 	DEBUG(3, ("Clearing default real name\n"));
-	fstrcpy(vuser->user.full_name, "<Full Name>");
-	if (lp_unix_realname()) {
-		if ((pwfile=sys_getpwnam(vuser->user.unix_name))!= NULL) {
-			DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->user.unix_name,pwfile->pw_gecos));
-			fstrcpy(vuser->user.full_name, pwfile->pw_gecos);
-		}
+	if ((pwfile=sys_getpwnam(vuser->user.unix_name))!= NULL) {
+		DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->user.unix_name,pwfile->pw_gecos));
+		fstrcpy(vuser->user.full_name, pwfile->pw_gecos);
+	}
+
+	if (!session_claim(vuser->vuid)) {
+		DEBUG(1,("Failed to claim session for vuid=%d\n", vuser->vuid));
+		invalidate_vuid(vuser->vuid);
+		return -1;
 	}
 
 	return vuser->vuid;
@@ -430,7 +450,7 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
 
 	if (!lm_pass || !smb_pass) return(False);
 
-	DEBUG(4,("Checking SMB password for user %s\n", 
+	DEBUG(4,("smb_password_ok: Checking SMB password for user %s\n", 
 		 smb_pass->smb_name));
 
 	if(smb_pass->acct_ctrl & ACB_DISABLED) {
@@ -471,24 +491,24 @@ BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
 	/* Try against the lanman password. smb_pass->smb_passwd == NULL means
 	   no password, allow access. */
 
-	DEBUG(4,("Checking LM MD4 password\n"));
-
 	if((smb_pass->smb_passwd == NULL) && 
 	   (smb_pass->acct_ctrl & ACB_PWNOTREQ)) {
-		DEBUG(4,("no password required for user %s\n",
+		DEBUG(4,("smb_password_ok: no password required for user %s\n",
 			 smb_pass->smb_name));
 		return True;
 	}
 
-	if((smb_pass->smb_passwd != NULL) && 
-	   smb_password_check((char *)lm_pass, 
+	if(lp_lanman_auth() && (smb_pass->smb_passwd != NULL)) {
+		DEBUG(4,("smb_password_ok: Checking LM password\n"));
+
+		if (smb_password_check((char *)lm_pass, 
 			      (uchar *)smb_pass->smb_passwd, challenge)) {
-		DEBUG(4,("LM MD4 password check succeeded\n"));
-		return(True);
+			DEBUG(4,("smb_password_ok: LM password check succeeded\n"));
+			return(True);
+		}
+		DEBUG(4,("LM password check failed\n"));
 	}
 
-	DEBUG(4,("LM MD4 password check failed\n"));
-
 	return False;
 }
 
@@ -575,37 +595,40 @@ return True if the password is correct, False otherwise
 BOOL password_ok(char *user, char *password, int pwlen, struct passwd *pwd)
 {
 
-  BOOL ret;
+	BOOL ret;
 
 	if ((pwlen == 0) && !lp_null_passwords()) {
 		DEBUG(4,("Null passwords not allowed.\n"));
 		return False;
 	}
 
-	if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords()))
-	{
+	if (pwlen == 24 || (lp_encrypted_passwords() && (pwlen == 0) && lp_null_passwords())) {
 		/* if 24 bytes long assume it is an encrypted password */
 		uchar challenge[8];
 
-		if (!last_challenge(challenge))
-		{
+		if (!last_challenge(challenge)) {
 			DEBUG(0,("Error: challenge not done for user=%s\n", user));
 			return False;
 		}
 
 		ret = pass_check_smb(user, global_myworkgroup,
 		                      challenge, (uchar *)password, (uchar *)password, pwd);
-#ifdef WITH_PAM
-		if (ret) {
-		  return pam_accountcheck(user);
-		}
-#endif
+
+		/*
+		 * Try with PAM (may not be compiled in - returns True if not. JRA).
+		 * FIXME ! Should this be called if we're using winbindd ? What about
+		 * non-local accounts ? JRA.
+		 */
+
+		if (ret)
+		  return (smb_pam_accountcheck(user) == NT_STATUS_NOPROBLEMO);
+
 		return ret;
 	} 
 
-	return pass_check(user, password, pwlen, pwd, 
+	return (pass_check(user, password, pwlen, pwd, 
 			  lp_update_encrypted() ? 
-			  update_smbpassword_file : NULL);
+			  update_smbpassword_file : NULL));
 }
 
 /****************************************************************************
@@ -725,167 +748,182 @@ static char *validate_group(char *group,char *password,int pwlen,int snum)
 	return(NULL);
 }
 
-
-
 /****************************************************************************
-check for authority to login to a service with a given username/password
+ Check for authority to login to a service with a given username/password.
+ Note this is *NOT* used when logging on using sessionsetup_and_X.
 ****************************************************************************/
+
 BOOL authorise_login(int snum,char *user,char *password, int pwlen, 
 		     BOOL *guest,BOOL *force,uint16 vuid)
 {
-  BOOL ok = False;
-  
-  *guest = False;
-  
+	BOOL ok = False;
+	user_struct *vuser = get_valid_user_struct(vuid);
+
 #if DEBUG_PASSWORD
-  DEBUG(100,("checking authorisation on user=%s pass=%s\n",user,password));
+	DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s\n",
+			user,password));
 #endif
 
-  /* there are several possibilities:
-     1) login as the given user with given password
-     2) login as a previously registered username with the given password
-     3) login as a session list username with the given password
-     4) login as a previously validated user/password pair
-     5) login as the "user =" user with given password
-     6) login as the "user =" user with no password (guest connection)
-     7) login as guest user with no password
-
-     if the service is guest_only then steps 1 to 5 are skipped
-  */
-
-  if (GUEST_ONLY(snum)) *force = True;
+	*guest = False;
+  
+	if (GUEST_ONLY(snum))
+		*force = True;
 
-  if (!(GUEST_ONLY(snum) && GUEST_OK(snum)))
-    {
+	if (!GUEST_ONLY(snum) && (lp_security() > SEC_SHARE)) {
 
-      user_struct *vuser = get_valid_user_struct(vuid);
+		/*
+		 * We should just use the given vuid from a sessionsetup_and_X.
+		 */
 
-      /* check the given username and password */
-      if (!ok && (*user) && user_ok(user,snum)) {
-	ok = password_ok(user,password, pwlen, NULL);
-	if (ok) DEBUG(3,("ACCEPTED: given username password ok\n"));
-      }
+		if (!vuser) {
+			DEBUG(1,("authorise_login: refusing user %s with no session setup\n",
+					user));
+			return False;
+		}
 
-      /* check for a previously registered guest username */
-      if (!ok && (vuser != 0) && vuser->guest) {	  
-	if (user_ok(vuser->user.unix_name,snum) &&
-	    password_ok(vuser->user.unix_name, password, pwlen, NULL)) {
-	  fstrcpy(user, vuser->user.unix_name);
-	  vuser->guest = False;
-	  DEBUG(3,("ACCEPTED: given password with registered user %s\n", user));
-	  ok = True;
+		if (!vuser->guest && user_ok(vuser->user.unix_name,snum)) {
+			fstrcpy(user,vuser->user.unix_name);
+			*guest = False;
+			DEBUG(3,("authorise_login: ACCEPTED: validated uid ok as non-guest \
+(user=%s)\n", user));
+			return True;
+		}
 	}
-      }
-
+ 
+	/* there are several possibilities:
+		1) login as the given user with given password
+		2) login as a previously registered username with the given password
+		3) login as a session list username with the given password
+		4) login as a previously validated user/password pair
+		5) login as the "user =" user with given password
+		6) login as the "user =" user with no password (guest connection)
+		7) login as guest user with no password
+
+		if the service is guest_only then steps 1 to 5 are skipped
+	*/
+
+	if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
+		/* check the given username and password */
+		if (!ok && (*user) && user_ok(user,snum)) {
+			ok = password_ok(user,password, pwlen, NULL);
+			if (ok)
+				DEBUG(3,("authorise_login: ACCEPTED: given username (%s) password ok\n",
+						user ));
+		}
 
-      /* now check the list of session users */
-    if (!ok)
-    {
-      char *auser;
-      char *user_list = strdup(session_users);
-      if (!user_list) return(False);
+		/* check for a previously registered guest username */
+		if (!ok && (vuser != 0) && vuser->guest) {	  
+			if (user_ok(vuser->user.unix_name,snum) &&
+					password_ok(vuser->user.unix_name, password, pwlen, NULL)) {
+				fstrcpy(user, vuser->user.unix_name);
+				vuser->guest = False;
+				DEBUG(3,("authorise_login: ACCEPTED: given password with registered user %s\n", user));
+				ok = True;
+			}
+		}
 
-      for (auser=strtok(user_list,LIST_SEP); 
-           !ok && auser; 
-           auser = strtok(NULL,LIST_SEP))
-      {
-        fstring user2;
-        fstrcpy(user2,auser);
-        if (!user_ok(user2,snum)) continue;
+		/* now check the list of session users */
+		if (!ok) {
+			char *auser;
+			char *user_list = strdup(session_users);
+			if (!user_list)
+				return(False);
+
+			for (auser=strtok(user_list,LIST_SEP); !ok && auser;
+									auser = strtok(NULL,LIST_SEP)) {
+				fstring user2;
+				fstrcpy(user2,auser);
+				if (!user_ok(user2,snum))
+					continue;
 		  
-        if (password_ok(user2,password, pwlen, NULL)) {
-          ok = True;
-          fstrcpy(user,user2);
-          DEBUG(3,("ACCEPTED: session list username and given password ok\n"));
-        }
-      }
-      free(user_list);
-    }
+				if (password_ok(user2,password, pwlen, NULL)) {
+					ok = True;
+					fstrcpy(user,user2);
+					DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \
+and given password ok\n", user));
+				}
+			}
 
-    /* check for a previously validated username/password pair */
-    if (!ok && (lp_security() > SEC_SHARE) &&
-        (vuser != 0) && !vuser->guest &&
-        user_ok(vuser->user.unix_name,snum)) {
-      fstrcpy(user,vuser->user.unix_name);
-      *guest = False;
-      DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n"));
-      ok = True;
-    }
+			free(user_list);
+		}
 
-      /* check for a rhosts entry */
-      if (!ok && user_ok(user,snum) && check_hosts_equiv(user)) {
-	ok = True;
-	DEBUG(3,("ACCEPTED: hosts equiv or rhosts entry\n"));
-      }
+		/* check for a previously validated username/password pair */
+		if (!ok && (lp_security() > SEC_SHARE) && (vuser != 0) && !vuser->guest &&
+							user_ok(vuser->user.unix_name,snum)) {
+			fstrcpy(user,vuser->user.unix_name);
+			*guest = False;
+			DEBUG(3,("authorise_login: ACCEPTED: validated uid (%s) as non-guest\n",
+				user));
+			ok = True;
+		}
 
-      /* check the user= fields and the given password */
-      if (!ok && lp_username(snum)) {
-	char *auser;
-	pstring user_list;
-	StrnCpy(user_list,lp_username(snum),sizeof(pstring));
+		/* check for a rhosts entry */
+		if (!ok && user_ok(user,snum) && check_hosts_equiv(user)) {
+			ok = True;
+			DEBUG(3,("authorise_login: ACCEPTED: hosts equiv or rhosts entry for %s\n",
+					user));
+		}
 
-	pstring_sub(user_list,"%S",lp_servicename(snum));
-	  
-	for (auser=strtok(user_list,LIST_SEP);
-	     auser && !ok;
-	     auser = strtok(NULL,LIST_SEP))
-	  {
-	    if (*auser == '@')
-	      {
-		auser = validate_group(auser+1,password,pwlen,snum);
-		if (auser)
-		  {
-		    ok = True;
-		    fstrcpy(user,auser);
-		    DEBUG(3,("ACCEPTED: group username and given password ok\n"));
-		  }
-	      }
-	    else
-	      {
-		fstring user2;
-		fstrcpy(user2,auser);
-		if (user_ok(user2,snum) && 
-		    password_ok(user2,password,pwlen,NULL))
-		  {
-		    ok = True;
-		    fstrcpy(user,user2);
-		    DEBUG(3,("ACCEPTED: user list username and given password ok\n"));
-		  }
-	      }
-	  }
-      }      
-    } /* not guest only */
+		/* check the user= fields and the given password */
+		if (!ok && lp_username(snum)) {
+			char *auser;
+			pstring user_list;
+			StrnCpy(user_list,lp_username(snum),sizeof(pstring));
 
-  /* check for a normal guest connection */
-  if (!ok && GUEST_OK(snum))
-    {
-      fstring guestname;
-      StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
-      if (Get_Pwnam(guestname,True))
-	{
-	  fstrcpy(user,guestname);
-	  ok = True;
-	  DEBUG(3,("ACCEPTED: guest account and guest ok\n"));
+			pstring_sub(user_list,"%S",lp_servicename(snum));
+	  
+			for (auser=strtok(user_list,LIST_SEP); auser && !ok;
+											auser = strtok(NULL,LIST_SEP)) {
+				if (*auser == '@') {
+					auser = validate_group(auser+1,password,pwlen,snum);
+					if (auser) {
+						ok = True;
+						fstrcpy(user,auser);
+						DEBUG(3,("authorise_login: ACCEPTED: group username \
+and given password ok (%s)\n", user));
+					}
+				} else {
+					fstring user2;
+					fstrcpy(user2,auser);
+					if (user_ok(user2,snum) && password_ok(user2,password,pwlen,NULL)) {
+						ok = True;
+						fstrcpy(user,user2);
+						DEBUG(3,("authorise_login: ACCEPTED: user list username \
+and given password ok (%s)\n", user));
+					}
+				}
+			}
+		}
+	} /* not guest only */
+
+	/* check for a normal guest connection */
+	if (!ok && GUEST_OK(snum)) {
+		fstring guestname;
+		StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
+		if (Get_Pwnam(guestname,True)) {
+			fstrcpy(user,guestname);
+			ok = True;
+			DEBUG(3,("authorise_login: ACCEPTED: guest account and guest ok (%s)\n",
+					user));
+		} else {
+			DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname));
+		}
+		*guest = True;
 	}
-      else
-	DEBUG(0,("Invalid guest account %s??\n",guestname));
-      *guest = True;
-    }
 
-  if (ok && !user_ok(user,snum))
-    {
-      DEBUG(0,("rejected invalid user %s\n",user));
-      ok = False;
-    }
+	if (ok && !user_ok(user,snum)) {
+		DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
+		ok = False;
+	}
 
-  return(ok);
+	return(ok);
 }
 
-
 /****************************************************************************
-read the a hosts.equiv or .rhosts file and check if it
-allows this user from this machine
+ Read the a hosts.equiv or .rhosts file and check if it
+ allows this user from this machine.
 ****************************************************************************/
+
 static BOOL check_user_equiv(char *user, char *remote, char *equiv_file)
 {
   int plus_allowed = 1;
@@ -1112,96 +1150,103 @@ BOOL server_validate(char *user, char *domain,
 		     char *pass, int passlen,
 		     char *ntpass, int ntpasslen)
 {
-  struct cli_state *cli;
-  static unsigned char badpass[24];
-  static BOOL tested_password_server = False;
-  static BOOL bad_password_server = False;
+	struct cli_state *cli;
+	static unsigned char badpass[24];
+	static fstring baduser; 
+	static BOOL tested_password_server = False;
+	static BOOL bad_password_server = False;
 
-  cli = server_client();
+	cli = server_client();
 
-  if (!cli->initialised) {
-    DEBUG(1,("password server %s is not connected\n", cli->desthost));
-    return(False);
-  }  
+	if (!cli->initialised) {
+		DEBUG(1,("password server %s is not connected\n", cli->desthost));
+		return(False);
+	}  
 
-  if(badpass[0] == 0)
-    memset(badpass, 0x1f, sizeof(badpass));
+	if(badpass[0] == 0)
+		memset(badpass, 0x1f, sizeof(badpass));
 
-  if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) {
-    /* 
-     * Very unlikely, our random bad password is the same as the users
-     * password. */
-    memset(badpass, badpass[0]+1, sizeof(badpass));
-  }
+	if((passlen == sizeof(badpass)) && !memcmp(badpass, pass, passlen)) {
+		/* 
+		 * Very unlikely, our random bad password is the same as the users
+		 * password.
+		 */
+		memset(badpass, badpass[0]+1, sizeof(badpass));
+	}
 
-  /*
-   * Attempt a session setup with a totally incorrect password.
-   * If this succeeds with the guest bit *NOT* set then the password
-   * server is broken and is not correctly setting the guest bit. We
-   * need to detect this as some versions of NT4.x are broken. JRA.
-   */
+	if(baduser[0] == 0) {
+		fstrcpy(baduser, INVALID_USER_PREFIX);
+		fstrcat(baduser, global_myname);
+	}
+
+	/*
+	 * Attempt a session setup with a totally incorrect password.
+	 * If this succeeds with the guest bit *NOT* set then the password
+	 * server is broken and is not correctly setting the guest bit. We
+	 * need to detect this as some versions of NT4.x are broken. JRA.
+	 */
 
-  if(!tested_password_server) {
-    if (cli_session_setup(cli, user, (char *)badpass, sizeof(badpass), 
-                              (char *)badpass, sizeof(badpass), domain)) {
+	if(!tested_password_server) {
+		if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), 
+					(char *)badpass, sizeof(badpass), domain)) {
 
-      /*
-       * We connected to the password server so we
-       * can say we've tested it.
-       */
-      tested_password_server = True;
+			/*
+			 * We connected to the password server so we
+			 * can say we've tested it.
+			 */
+			tested_password_server = True;
 
-      if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
-        DEBUG(0,("server_validate: password server %s allows users as non-guest \
+			if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) {
+				DEBUG(0,("server_validate: password server %s allows users as non-guest \
 with a bad password.\n", cli->desthost));
-        DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
+				DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \
 use this machine as the password server.\n"));
-        cli_ulogoff(cli);
+				cli_ulogoff(cli);
 
-        /*
-         * Password server has the bug.
-         */
-        bad_password_server = True;
-        return False;
-      }
-      cli_ulogoff(cli);
-    }
-  } else {
+				/*
+				 * Password server has the bug.
+				 */
+				bad_password_server = True;
+				return False;
+			}
+			cli_ulogoff(cli);
+		}
+	} else {
 
-    /*
-     * We have already tested the password server.
-     * Fail immediately if it has the bug.
-     */
+		/*
+		 * We have already tested the password server.
+		 * Fail immediately if it has the bug.
+		 */
 
-    if(bad_password_server) {
-      DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \
+		if(bad_password_server) {
+			DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \
 with a bad password.\n", cli->desthost));
-      DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \
+			DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \
 use this machine as the password server.\n"));
-      return False;
-    }
-  }
+			return False;
+		}
+	}
 
-  /*
-   * Now we know the password server will correctly set the guest bit, or is
-   * not guest enabled, we can try with the real password.
-   */
+	/*
+	 * Now we know the password server will correctly set the guest bit, or is
+	 * not guest enabled, we can try with the real password.
+	 */
 
-  if (!cli_session_setup(cli, user, pass, passlen, ntpass, ntpasslen, domain)) {
-    DEBUG(1,("password server %s rejected the password\n", cli->desthost));
-    return False;
-  }
+	if (!cli_session_setup(cli, user, pass, passlen, ntpass, ntpasslen, domain)) {
+		DEBUG(1,("password server %s rejected the password\n", cli->desthost));
+		return False;
+	}
 
-  /* if logged in as guest then reject */
-  if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
-    DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
-    cli_ulogoff(cli);
-    return(False);
-  }
+	/* if logged in as guest then reject */
+	if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) {
+		DEBUG(1,("password server %s gave us guest only\n", cli->desthost));
+		cli_ulogoff(cli);
+		return(False);
+	}
 
-  cli_ulogoff(cli);
+	cli_ulogoff(cli);
 
-  return(True);
+	return(True);
 }
 
 /***********************************************************************
@@ -1210,13 +1255,12 @@ use this machine as the password server.\n"));
 ************************************************************************/
 
 static BOOL connect_to_domain_password_server(struct cli_state *pcli, 
-					      char *server,
-                                              unsigned char *trust_passwd)
+								char *server, unsigned char *trust_passwd)
 {
   struct in_addr dest_ip;
   fstring remote_machine;
 
-  if(cli_initialise(pcli) == False) {
+  if(!cli_initialise(pcli)) {
     DEBUG(0,("connect_to_domain_password_server: unable to initialize client connection.\n"));
     return False;
   }
@@ -1514,9 +1558,9 @@ BOOL domain_client_validate( char *user, char *domain,
   /*
    * Get the machine account password for our primary domain
    */
-  if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd, &last_change_time))
+  if (!secrets_fetch_trust_account_password(global_myworkgroup, trust_passwd, &last_change_time))
   {
-	  DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", lp_workgroup()));
+	  DEBUG(0, ("domain_client_validate: could not fetch trust account password for domain %s\n", global_myworkgroup));
 	  return False;
   }
 
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index a9c88212387..4832184df71 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -459,19 +459,60 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp,
 }
 
 /****************************************************************************
+ Ensure the enforced permissions for this share apply.
+****************************************************************************/
+
+static mode_t apply_default_perms(files_struct *fsp, mode_t perms, mode_t type)
+{
+	int snum = SNUM(fsp->conn);
+	mode_t and_bits = (mode_t)0;
+	mode_t or_bits = (mode_t)0;
+
+	/* Get the initial bits to apply. */
+
+	if (fsp->is_directory) {
+		and_bits = lp_dir_security_mask(snum);
+		or_bits = lp_force_dir_security_mode(snum);
+	} else {
+		and_bits = lp_security_mask(snum);
+		or_bits = lp_force_security_mode(snum);
+	}
+
+	/* Now bounce them into the S_USR space. */	
+	switch(type) {
+	case S_IRUSR:
+		and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
+		or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
+		break;
+	case S_IRGRP:
+		and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
+		or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
+		break;
+	case S_IROTH:
+		and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
+		or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
+		break;
+	}
+
+	return ((perms & and_bits)|or_bits);
+}
+
+/****************************************************************************
  A well formed POSIX file or default ACL has at least 3 entries, a 
  SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
  In addition, the owner must always have at least read access.
  When using this call on get_acl, the pst struct is valid and contains
  the mode of the file. When using this call on set_acl, the pst struct has
- been modified to have a mode of r--------.
+ been modified to have a mode containing the default for this file or directory
+ type.
 ****************************************************************************/
 
 static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 							files_struct *fsp,
 							DOM_SID *pfile_owner_sid,
 							DOM_SID *pfile_grp_sid,
-							SMB_STRUCT_STAT *pst)
+							SMB_STRUCT_STAT *pst,
+							BOOL setting_acl)
 {
 	extern DOM_SID global_sid_World;
 	canon_ace *pace;
@@ -481,14 +522,40 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 
 	for (pace = *pp_ace; pace; pace = pace->next) {
 		if (pace->type == SMB_ACL_USER_OBJ) {
-			/* Ensure owner has read access. */
-			if (pace->perms == (mode_t)0)
-				pace->perms = S_IRUSR;
+
+			if (setting_acl) {
+				/* Ensure owner has read access. */
+				pace->perms |= S_IRUSR;
+				if (fsp->is_directory)
+					pace->perms |= (S_IWUSR|S_IXUSR);
+
+				/*
+				 * Ensure create mask/force create mode is respected on set.
+				 */
+
+				pace->perms = apply_default_perms(fsp, pace->perms, S_IRUSR);
+			}
+
 			got_user = True;
-		} else if (pace->type == SMB_ACL_GROUP_OBJ)
+		} else if (pace->type == SMB_ACL_GROUP_OBJ) {
+
+			/*
+			 * Ensure create mask/force create mode is respected on set.
+			 */
+
+			if (setting_acl)
+				pace->perms = apply_default_perms(fsp, pace->perms, S_IRGRP);
 			got_grp = True;
-		else if (pace->type == SMB_ACL_OTHER)
+		} else if (pace->type == SMB_ACL_OTHER) {
+
+			/*
+			 * Ensure create mask/force create mode is respected on set.
+			 */
+
+			if (setting_acl)
+				pace->perms = apply_default_perms(fsp, pace->perms, S_IROTH);
 			got_other = True;
+		}
 	}
 
 	if (!got_user) {
@@ -502,10 +569,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 		pace->owner_type = UID_ACE;
 		pace->unix_ug.uid = pst->st_uid;
 		pace->sid = *pfile_owner_sid;
-		/* Ensure owner has read access. */
 		pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
-		if (pace->perms == (mode_t)0)
-			pace->perms = S_IRUSR;
 		pace->attr = ALLOW_ACE;
 
 		DLIST_ADD(*pp_ace, pace);
@@ -567,18 +631,19 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
 	canon_ace *current_ace = NULL;
 	BOOL got_dir_allow = False;
 	BOOL got_file_allow = False;
-	int i;
+	int i, j;
 
 	*ppfile_ace = NULL;
 	*ppdir_ace = NULL;
 
+	/*
+	 * Convert the incoming ACL into a more regular form.
+	 */
+
 	for(i = 0; i < dacl->num_aces; i++) {
-		enum SID_NAME_USE sid_type;
 		SEC_ACE *psa = &dacl->ace[i];
 
 		if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
-			free_canon_ace_list(file_ace);
-			free_canon_ace_list(dir_ace);
 			DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
 			return False;
 		}
@@ -600,6 +665,50 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
 
 		if(psa->info.mask != UNIX_ACCESS_NONE)
 			psa->info.mask &= ~UNIX_ACCESS_NONE;
+	}
+
+	/*
+	 * Deal with the fact that NT 4.x re-writes the canonical format
+	 * that we return for default ACLs. If a directory ACE is identical
+	 * to a inherited directory ACE then NT changes the bits so that the
+	 * first ACE is set to OI|IO and the second ACE for this SID is set
+	 * to CI. We need to repair this. JRA.
+	 */
+
+	for(i = 0; i < dacl->num_aces; i++) {
+		SEC_ACE *psa1 = &dacl->ace[i];
+
+		for (j = i + 1; j < dacl->num_aces; j++) {
+			SEC_ACE *psa2 = &dacl->ace[j];
+
+			if (psa1->info.mask != psa2->info.mask)
+				continue;
+
+			if (!sid_equal(&psa1->sid, &psa2->sid))
+				continue;
+
+			/*
+			 * Ok - permission bits and SIDs are equal.
+			 * Check if flags were re-written.
+			 */
+
+			if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+
+				psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
+				psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
+				
+			} else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+
+				psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
+				psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
+				
+			}
+		}
+	}
+
+	for(i = 0; i < dacl->num_aces; i++) {
+		enum SID_NAME_USE sid_type;
+		SEC_ACE *psa = &dacl->ace[i];
 
 		/*
 		 * Create a cannon_ace entry representing this NT DACL ACE.
@@ -652,14 +761,17 @@ static BOOL create_canon_ace_lists(files_struct *fsp,
 		 */
 
 		if(sid_equal(&current_ace->sid, pfile_owner_sid)) {
-			/* Note we should apply the default mode/mask here.... FIXME ! JRA */
+
 			current_ace->type = SMB_ACL_USER_OBJ;
+
 		} else if( sid_equal(&current_ace->sid, pfile_grp_sid)) {
-			/* Note we should apply the default mode/mask here.... FIXME ! JRA */
+
 			current_ace->type = SMB_ACL_GROUP_OBJ;
+
 		} else if( sid_equal(&current_ace->sid, &global_sid_World)) {
-			/* Note we should apply the default mode/mask here.... FIXME ! JRA */
+
 			current_ace->type = SMB_ACL_OTHER;
+
 		} else {
 			/*
 			 * Could be a SMB_ACL_USER or SMB_ACL_GROUP. Check by
@@ -1090,6 +1202,37 @@ static void process_deny_list( canon_ace **pp_ace_list )
 }
 
 /****************************************************************************
+ Create a default mode that will be used if a security descriptor entry has
+ no user/group/world entries.
+****************************************************************************/
+
+static mode_t create_default_mode(files_struct *fsp, BOOL interitable_mode)
+{
+	int snum = SNUM(fsp->conn);
+	mode_t and_bits = (mode_t)0;
+	mode_t or_bits = (mode_t)0;
+	mode_t mode = interitable_mode ? unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE, fsp->fsp_name) : S_IRUSR;
+
+	if (fsp->is_directory)
+		mode |= (S_IWUSR|S_IXUSR);
+
+	/*
+	 * Now AND with the create mode/directory mode bits then OR with the
+	 * force create mode/force directory mode bits.
+	 */
+
+	if (fsp->is_directory) {
+		and_bits = lp_dir_security_mask(snum);
+		or_bits = lp_force_dir_security_mode(snum);
+	} else {
+		and_bits = lp_security_mask(snum);
+		or_bits = lp_force_security_mode(snum);
+	}
+
+	return ((mode & and_bits)|or_bits);
+}
+
+/****************************************************************************
  Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
  succeeding.
 ****************************************************************************/
@@ -1166,14 +1309,12 @@ static BOOL unpack_canon_ace(files_struct *fsp,
 
 	/*
 	 * A default 3 element mode entry for a file should be r-- --- ---.
-	 * A default 3 element mode entry for a directory should be r-x --- ---.
+	 * A default 3 element mode entry for a directory should be rwx --- ---.
 	 */
 
-	pst->st_mode = S_IRUSR;
-	if (fsp->is_directory)
-		pst->st_mode |= S_IXUSR;
+	pst->st_mode = create_default_mode(fsp, False);
 
-	if (!ensure_canon_entry_valid(&file_ace, fsp, pfile_owner_sid, pfile_grp_sid, pst)) {
+	if (!ensure_canon_entry_valid(&file_ace, fsp, pfile_owner_sid, pfile_grp_sid, pst, True)) {
 		free_canon_ace_list(file_ace);
 		free_canon_ace_list(dir_ace);
 		return False;
@@ -1183,15 +1324,13 @@ static BOOL unpack_canon_ace(files_struct *fsp,
 
 	/*
 	 * A default inheritable 3 element mode entry for a directory should be the
-	 * mode Samba will use to create a file within. Ensure user x bit is set if
+	 * mode Samba will use to create a file within. Ensure user rwx bits are set if
 	 * it's a directory.
 	 */
 
-	pst->st_mode = unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE, fsp->fsp_name);
-	if (fsp->is_directory)
-		pst->st_mode |= S_IXUSR;
+	pst->st_mode = create_default_mode(fsp, True);
 
-	if (!ensure_canon_entry_valid(&dir_ace, fsp, pfile_owner_sid, pfile_grp_sid, pst)) {
+	if (!ensure_canon_entry_valid(&dir_ace, fsp, pfile_owner_sid, pfile_grp_sid, pst, True)) {
 		free_canon_ace_list(file_ace);
 		free_canon_ace_list(dir_ace);
 		return False;
@@ -1206,7 +1345,6 @@ static BOOL unpack_canon_ace(files_struct *fsp,
 
 }
 
-
 /******************************************************************************
  When returning permissions, try and fit NT display
  semantics if possible. Note the the canon_entries here must have been malloced.
@@ -1377,7 +1515,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
 	 * This next call will ensure we have at least a user/group/world set.
 	 */
 
-	if (!ensure_canon_entry_valid(&list_head, fsp, powner, pgroup, psbuf))
+	if (!ensure_canon_entry_valid(&list_head, fsp, powner, pgroup, psbuf, False))
 		goto fail;
 
 	arrange_posix_perms(fsp->fsp_name,&list_head );
@@ -1387,7 +1525,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
 	 * acl_mask. Ensure all DENY Entries are at the start of the list.
 	 */
 
-	DEBUG(10,("canonicalize_acl: ace entries before arrange :\n"));
+	DEBUG(10,("canonicalise_acl: ace entries before arrange :\n"));
 
 	for ( ace_count = 0, ace = list_head; ace; ace = next_ace, ace_count++) {
 		next_ace = ace->next;
@@ -1405,7 +1543,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
 		}
 	}
 
-	print_canon_ace_list( "canonicalize_acl: ace entries after arrange", list_head );
+	print_canon_ace_list( "canonicalise_acl: ace entries after arrange", list_head );
 
 	return list_head;
 
@@ -1503,7 +1641,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
 
 		if (map_acl_perms_to_permset(p_ace->perms, &the_permset) == -1) {
 			DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
-				p_ace->perms, i, strerror(errno) ));
+				(unsigned int)p_ace->perms, i, strerror(errno) ));
 			goto done;
 		}
 
@@ -1598,11 +1736,14 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
 
 static BOOL convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
 {
+	int snum = SNUM(fsp->conn);
 	size_t ace_count = count_canon_ace_list(file_ace_list);
 	canon_ace *ace_p;
 	canon_ace *owner_ace = NULL;
 	canon_ace *group_ace = NULL;
 	canon_ace *other_ace = NULL;
+	mode_t and_bits;
+	mode_t or_bits;
 
 	if (ace_count != 3) {
 		DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE entries for file %s to convert to \
@@ -1637,8 +1778,23 @@ posix perms.\n", fsp->fsp_name ));
 
 	/* The owner must have at least read access. */
 
-	if (*posix_perms == (mode_t)0)
-		*posix_perms = S_IRUSR;
+	*posix_perms |= S_IRUSR;
+	if (fsp->is_directory)
+		*posix_perms |= (S_IWUSR|S_IXUSR);
+
+	/* If requested apply the masks. */
+
+	/* Get the initial bits to apply. */
+
+	if (fsp->is_directory) {
+		and_bits = lp_dir_security_mask(snum);
+		or_bits = lp_force_dir_security_mode(snum);
+	} else {
+		and_bits = lp_security_mask(snum);
+		or_bits = lp_force_security_mode(snum);
+	}
+
+	*posix_perms = (((*posix_perms) & and_bits)|or_bits);
 
 	DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o to perm=0%o for file %s.\n",
 		(int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, (int)*posix_perms,
@@ -1831,6 +1987,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	canon_ace *file_ace_list = NULL;
 	canon_ace *dir_ace_list = NULL;
 	BOOL acl_perms = False;
+	mode_t orig_mode = (mode_t)0;
+	uid_t orig_uid;
+	gid_t orig_gid;
 
 	DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
 
@@ -1846,6 +2005,11 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 			return False;
 	}
 
+	/* Save the original elements we check against. */
+	orig_mode = sbuf.st_mode;
+	orig_uid = sbuf.st_uid;
+	orig_gid = sbuf.st_gid;
+
 	/*
 	 * Unpack the user/group/world id's.
 	 */
@@ -1857,7 +2021,7 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	 * Do we need to chown ?
 	 */
 
-	if((user != (uid_t)-1 || grp != (uid_t)-1) && (sbuf.st_uid != user || sbuf.st_gid != grp)) {
+	if((user != (uid_t)-1 || grp != (uid_t)-1) && (orig_uid != user || orig_gid != grp)) {
 
 		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
 				fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
@@ -1889,6 +2053,11 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 			if(ret != 0)
 				return False;
 		}
+
+		/* Save the original elements we check against. */
+		orig_mode = sbuf.st_mode;
+		orig_uid = sbuf.st_uid;
+		orig_gid = sbuf.st_gid;
 	}
 
 	create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
@@ -1932,12 +2101,25 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 			}
 		}
 
-		if (acl_perms && acl_set_support && fsp->is_directory && dir_ace_list) {
-			if (!set_canon_ace_list(fsp, dir_ace_list, True, &acl_set_support)) {
-				DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
-				free_canon_ace_list(file_ace_list);
-				free_canon_ace_list(dir_ace_list); 
-				return False;
+		if (acl_perms && acl_set_support && fsp->is_directory) {
+			if (dir_ace_list) {
+				if (!set_canon_ace_list(fsp, dir_ace_list, True, &acl_set_support)) {
+					DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
+					free_canon_ace_list(file_ace_list);
+					free_canon_ace_list(dir_ace_list); 
+					return False;
+				}
+			} else {
+
+				/*
+				 * No default ACL - delete one if it exists.
+				 */
+
+				if (sys_acl_delete_def_file(dos_to_unix(fsp->fsp_name,False)) == -1) {
+					DEBUG(3,("set_nt_acl: sys_acl_delete_def_file failed (%s)\n", strerror(errno)));
+					free_canon_ace_list(file_ace_list);
+					return False;
+				}
 			}
 		}
 
@@ -1956,7 +2138,7 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 				return False;
 			}
 
-			if (sbuf.st_mode != posix_perms) {
+			if (orig_mode != posix_perms) {
 
 				DEBUG(3,("set_nt_acl: chmod %s. perms = 0%o.\n",
 					fsp->fsp_name, (unsigned int)posix_perms ));
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 71d3c57b23c..168cfd440e5 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -48,7 +48,7 @@ extern char *last_inbuf;
 extern char *InBuffer;
 extern char *OutBuffer;
 extern int smb_read_error;
-extern VOLATILE SIG_ATOMIC_T reload_after_sighup;
+extern VOLATILE sig_atomic_t reload_after_sighup;
 extern BOOL global_machine_password_needs_changing;
 extern fstring global_myworkgroup;
 extern pstring global_myname;
@@ -612,7 +612,7 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
 {
   static pid_t pid= (pid_t)-1;
   int outsize = 0;
-  extern int global_smbpid;
+  extern uint16 global_smbpid;
 
   type &= 0xff;
 
@@ -693,6 +693,12 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize
     if (!(flags & AS_USER))
       unbecome_user();
 
+    /* does this protocol need a valid tree connection? */
+    if ((flags & AS_USER) && !conn) {
+	    return ERROR(ERRSRV, ERRinvnid);
+    }
+
+
     /* does this protocol need to be run as the connected user? */
     if ((flags & AS_USER) && !become_user(conn,session_tag)) {
       if (flags & AS_GUEST) 
@@ -781,12 +787,12 @@ static BOOL smbd_process_limit(void)
 		/* Always add one to the smbd process count, as exit_server() always
 		 * subtracts one.
 		 */
-		tdb_lock_bystring(conn_tdb_ctx(), "INFO/total_smbds");
-		total_smbds = tdb_fetch_int(conn_tdb_ctx(), "INFO/total_smbds");
-		total_smbds = total_smbds < 0 ? 1 : total_smbds + 1;
-		tdb_store_int(conn_tdb_ctx(), "INFO/total_smbds", total_smbds);
-		tdb_unlock_bystring(conn_tdb_ctx(), "INFO/total_smbds");
-		
+
+		total_smbds = 1; /* In case we need to create the entry. */
+
+		if (tdb_change_int_atomic(conn_tdb_ctx(), "INFO/total_smbds", &total_smbds, 1) == -1)
+			return True;
+
 		return total_smbds > lp_max_smbd_processes();
 	}
 	else
@@ -822,7 +828,7 @@ void process_smb(char *inbuf, char *outbuf)
 		  static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
 		  DEBUG( 1, ( "Connection denied from %s\n",
 			      client_addr() ) );
-		  send_smb(smbd_server_fd(),(char *)buf);
+		  (void)send_smb(smbd_server_fd(),(char *)buf);
 		  exit_server("connection denied");
 	  }
   }
@@ -860,7 +866,8 @@ void process_smb(char *inbuf, char *outbuf)
                  nread, smb_len(outbuf)));
     }
     else
-      send_smb(smbd_server_fd(),outbuf);
+      if (!send_smb(smbd_server_fd(),outbuf))
+        exit_server("process_smb: send_smb failed.\n");
   }
   trans_num++;
 }
@@ -1183,8 +1190,8 @@ void smbd_process(void)
 	time_t last_timeout_processing_time = time(NULL);
 	unsigned int num_smbs = 0;
 
-	InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
-	OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+	InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
+	OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
 	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
 		return;
 
@@ -1196,6 +1203,9 @@ void smbd_process(void)
 	/* re-initialise the timezone */
 	TimeInit();
 
+	/* register our message handlers */
+	message_register(MSG_SMB_FORCE_TDIS, msg_force_tdis);
+
 	while (True) {
 		int deadtime = lp_deadtime()*60;
 		int select_timeout = setup_select_timeout();
@@ -1210,7 +1220,7 @@ void smbd_process(void)
 		lp_talloc_free();
 		main_loop_talloc_free();
 
-		while (!receive_message_or_smb(InBuffer,BUFFER_SIZE,select_timeout)) {
+		while (!receive_message_or_smb(InBuffer,BUFFER_SIZE+LARGE_WRITEX_HDR_SIZE,select_timeout)) {
 			if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
 				return;
 			num_smbs = 0; /* Reset smb counter. */
@@ -1246,7 +1256,7 @@ void smbd_process(void)
 		
 		if ((num_smbs % 200) == 0) {
 			time_t new_check_time = time(NULL);
-			if(last_timeout_processing_time - new_check_time >= (select_timeout/1000)) {
+			if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
 				if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))
 					return;
 				num_smbs = 0; /* Reset smb counter. */
diff --git a/source/smbd/quotas.c b/source/smbd/quotas.c
index ccb5534641a..caf3997ba80 100644
--- a/source/smbd/quotas.c
+++ b/source/smbd/quotas.c
@@ -277,11 +277,6 @@ static int xdr_getquota_args(XDR *xdrsp, struct getquota_args *args)
 
 static int xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr)
 {
-	gqr_status status;
-	union {
-		rquota gqr_rquota;
-	} getquota_rslt_u;
-  
 	if (!xdr_int(xdrsp, &quotastat)) {
 		DEBUG(6,("nfs_quotas: Status bad or zero\n"));
 		return 0;
@@ -322,6 +317,9 @@ static BOOL nfs_quotas(char *nfspath, uid_t euser_id, SMB_BIG_UINT *bsize, SMB_B
 	int len;
 	static struct timeval timeout = {2,0};
 	enum clnt_stat clnt_stat;
+	BOOL ret = True;
+
+	*bsize = *dfree = *dsize = (SMB_BIG_UINT)0;
 
 	len=strcspn(mnttype, ":");
 	pathname=strstr(mnttype, ":");
@@ -338,15 +336,21 @@ static BOOL nfs_quotas(char *nfspath, uid_t euser_id, SMB_BIG_UINT *bsize, SMB_B
 
 	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
 
-	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) != NULL) {
-		clnt->cl_auth = authunix_create_default();
-		DEBUG(9,("nfs_quotas: auth_success\n"));
+	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
+		ret = False;
+		goto out;
+	}
 
-		clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, xdr_getquota_args, (caddr_t)&args, xdr_getquota_rslt, (caddr_t)&gqr, timeout);
-		if (clnt_stat == RPC_SUCCESS)
-			DEBUG(9,("nfs_quotas: rpccall_success\n"));
-	};
+	clnt->cl_auth = authunix_create_default();
+	DEBUG(9,("nfs_quotas: auth_success\n"));
 
+	clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, xdr_getquota_args, (caddr_t)&args, xdr_getquota_rslt, (caddr_t)&gqr, timeout);
+
+	if (clnt_stat != RPC_SUCCESS) {
+		DEBUG(9,("nfs_quotas: clnt_call fail\n"));
+		ret = False;
+		goto out;
+	}
 
 	/* 
 	 * quotastat returns 0 if the rpc call fails, 1 if quotas exist, 2 if there is
@@ -354,26 +358,30 @@ static BOOL nfs_quotas(char *nfspath, uid_t euser_id, SMB_BIG_UINT *bsize, SMB_B
 	 * something sensible.
 	 */   
 
-	if (quotastat == 1) {
+	switch ( quotastat ) {
+	case 0:
+		DEBUG(9,("nfs_quotas: Remote Quotas Failed!  Error \"%i\" \n", quotastat ));
+		ret = False;
+		goto out;
+
+	case 1:
 		DEBUG(9,("nfs_quotas: Good quota data\n"));
 		D.dqb_bsoftlimit = gqr.getquota_rslt_u.gqr_rquota.rq_bsoftlimit;
 		D.dqb_bhardlimit = gqr.getquota_rslt_u.gqr_rquota.rq_bhardlimit;
 		D.dqb_curblocks = gqr.getquota_rslt_u.gqr_rquota.rq_curblocks;
-	}
+		break;
 
-	if (quotastat == 0 || quotastat == 3) {
+	case 2:
+	case 3:
 		D.dqb_bsoftlimit = 1;
 		D.dqb_curblocks = 1;
-		DEBUG(9,("nfs_quotas: Remote Quotas Failed!  Error \"%i\" \n", quotastat ));
-	}
+		DEBUG(9,("nfs_quotas: Remote Quotas returned \"%i\" \n", quotastat ));
+		break;
 
-	if (quotastat == 2) {
-		DEBUG(9,("nfs_quotas: Remote Quotas Failed!  Error \"%i\" \n", quotastat ));
-		auth_destroy(clnt->cl_auth);
-		clnt_destroy(clnt);
-		free(cutstr);
-		return(False);
-	}       
+	default:
+		DEBUG(9,("nfs_quotas: Remote Quotas Questionable!  Error \"%i\" \n", quotastat ));
+		break;
+	}
 
 	DEBUG(10,("nfs_quotas: Let`s look at D a bit closer... status \"%i\" bsize \"%i\" active? \"%i\" bhard \"%i\" bsoft \"%i\" curb \"%i\" \n",
 			quotastat,
@@ -395,14 +403,19 @@ static BOOL nfs_quotas(char *nfspath, uid_t euser_id, SMB_BIG_UINT *bsize, SMB_B
 	} else
 		*dfree = D.dqb_bsoftlimit - D.dqb_curblocks;
 
-	auth_destroy(clnt->cl_auth);
-	clnt_destroy(clnt);
+  out:
+
+	if (clnt) {
+		if (clnt->cl_auth)
+			auth_destroy(clnt->cl_auth);
+		clnt_destroy(clnt);
+	}
 
 	DEBUG(5,("nfs_quotas: For path \"%s\" returning  bsize %.0f, dfree %.0f, dsize %.0f\n",args.gqa_pathp,(double)*bsize,(double)*dfree,(double)*dsize));
 
-	free(cutstr);
+	safe_free(cutstr);
 	DEBUG(10,("nfs_quotas: End of nfs_quotas\n" ));
-	return(True);
+	return ret;
 }
 #endif
 
@@ -438,7 +451,7 @@ BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_U
 		return(False) ;
   
 	devno = sbuf.st_dev ;
-	DEBUG(5,("disk_quotas: looking for path \"%s\" devno=%x\n", path,devno));
+	DEBUG(5,("disk_quotas: looking for path \"%s\" devno=%x\n", path,(unsigned int)devno));
 	if ( devno != devno_cached ) {
 		devno_cached = devno ;
 #if defined(SUNOS5)
@@ -446,7 +459,7 @@ BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_U
 			return(False) ;
     
 		found = False ;
-		slprintf(devopt, sizeof(devopt) - 1, "dev=%x", devno);
+		slprintf(devopt, sizeof(devopt) - 1, "dev=%x", (unsigned int)devno);
 		while (getmntent(fd, &mnt) == 0) {
 			if( !hasmntopt(&mnt, devopt) )
 				continue;
@@ -473,7 +486,7 @@ BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_U
 		while ((mnt = getmntent(fd)) != NULL) {
 			if ( sys_stat(mnt->mnt_dir,&sbuf) == -1 )
 				continue ;
-			DEBUG(5,("disk_quotas: testing \"%s\" devno=%o\n", mnt->mnt_dir,sbuf.st_dev));
+			DEBUG(5,("disk_quotas: testing \"%s\" devno=%x\n", mnt->mnt_dir,(unsigned int)sbuf.st_dev));
 			if (sbuf.st_dev == devno) {
 				found = True ;
 				break;
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index f6d2c97cb58..22b213b3729 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -54,7 +54,6 @@ static void overflow_attack(int len)
 		dbgtext( "attempting to exploit an old bug.\n" );
 		dbgtext( "Attack was from IP = %s.\n", client_addr() );
 	}
-	exit_server("possible attack");
 }
 
 
@@ -170,11 +169,10 @@ static int connection_error(char *inbuf,char *outbuf,int ecode)
 	return(ERROR(ERRSRV,ecode));
 }
 
-
-
 /****************************************************************************
   parse a share descriptor string
 ****************************************************************************/
+
 static void parse_connect(char *p,char *service,char *user,
 			  char *password,int *pwlen,char *dev)
 {
@@ -228,13 +226,21 @@ int reply_tcon(connection_struct *conn,
 
 	parse_connect(smb_buf(inbuf)+1,service,user,password,&pwlen,dev);
 
+	/*
+	 * If the vuid is valid, we should be using that....
+	 */
+
+	if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
+		pstrcpy(user,validated_username(vuid));
+	}
+
     /*
      * Ensure the user and password names are in UNIX codepage format.
      */
 
-    dos_to_unix(user,True);
+    pstrcpy(user,dos_to_unix(user,False));
 	if (!doencrypt)
-    	dos_to_unix(password,True);
+    	pstrcpy(password,dos_to_unix(password,False));
 
 	/*
 	 * Pass the user through the NT -> unix user mapping
@@ -270,6 +276,7 @@ int reply_tcon(connection_struct *conn,
 /****************************************************************************
  Reply to a tcon and X.
 ****************************************************************************/
+
 int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
 	fstring service;
@@ -293,6 +300,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 
 	if (passlen > MAX_PASS_LEN) {
 		overflow_attack(passlen);
+		return(ERROR(ERRDOS,ERRbuftoosmall));
 	}
  
 	memcpy(password,smb_buf(inbuf),passlen);
@@ -320,12 +328,20 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 	DEBUG(4,("Got device type %s\n",devicename));
 
 	/*
+	 * If the vuid is valid, we should be using that....
+	 */
+
+	if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
+		pstrcpy(user,validated_username(vuid));
+	}
+
+	/*
 	 * Ensure the user and password names are in UNIX codepage format.
 	 */
 
-	dos_to_unix(user,True);
+	pstrcpy(user,dos_to_unix(user,False));
 	if (!doencrypt)
-		dos_to_unix(password,True);
+		pstrcpy(password,dos_to_unix(password,False));
 
 	/*
 	 * Pass the user through the NT -> unix user mapping
@@ -394,7 +410,6 @@ int reply_unknown(char *inbuf,char *outbuf)
 	return(ERROR(ERRSRV,ERRunknownsmb));
 }
 
-
 /****************************************************************************
   reply to an ioctl
 ****************************************************************************/
@@ -563,47 +578,48 @@ static BOOL check_server_security(char *orig_user, char *domain, char *unix_user
                                   char *smb_apasswd, int smb_apasslen,
                                   char *smb_ntpasswd, int smb_ntpasslen)
 {
-  BOOL ret = False;
+	BOOL ret = False;
 
-  if(lp_security() != SEC_SERVER)
-    return False;
+	if(lp_security() != SEC_SERVER)
+		return False;
 
-  if (!check_domain_match(orig_user, domain))
-     return False;
+	if (!check_domain_match(orig_user, domain))
+		return False;
 
-  ret = server_validate(orig_user, domain, 
-                            smb_apasswd, smb_apasslen, 
-                            smb_ntpasswd, smb_ntpasslen);
-  if(ret) {
-    struct passwd *pwd = NULL;
+	ret = server_validate(orig_user, domain, 
+					smb_apasswd, smb_apasslen, 
+					smb_ntpasswd, smb_ntpasslen);
 
-    /*
-     * User validated ok against Domain controller.
-     * If the admin wants us to try and create a UNIX
-     * user on the fly, do so.
-     * Note that we can never delete users when in server
-     * level security as we never know if it was a failure
-     * due to a bad password, or the user really doesn't exist.
-     */
-    if(lp_adduser_script() && !(pwd = smb_getpwnam(unix_user,True))) {
-      smb_create_user(unix_user, NULL);
-    }
+	if(ret) {
+		struct passwd *pwd = NULL;
 
-    if(lp_adduser_script() && pwd) {
-      SMB_STRUCT_STAT st;
+		/*
+		 * User validated ok against Domain controller.
+		 * If the admin wants us to try and create a UNIX
+		 * user on the fly, do so.
+		 * Note that we can never delete users when in server
+		 * level security as we never know if it was a failure
+		 * due to a bad password, or the user really doesn't exist.
+		 */
 
-      /*
-       * Also call smb_create_user if the users home directory
-       * doesn't exist. Used with winbindd to allow the script to
-       * create the home directory for a user mapped with winbindd.
-       */
+		if(lp_adduser_script() && !(pwd = smb_getpwnam(unix_user,True)))
+			smb_create_user(unix_user, NULL);
 
-      if (pwd->pw_shell && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT))
-        smb_create_user(unix_user, pwd->pw_dir);
-    }
-  }
+		if(lp_adduser_script() && pwd) {
+			SMB_STRUCT_STAT st;
 
-  return ret;
+			/*
+			 * Also call smb_create_user if the users home directory
+			 * doesn't exist. Used with winbindd to allow the script to
+			 * create the home directory for a user mapped with winbindd.
+			 */
+
+			if (pwd->pw_dir && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT))
+				smb_create_user(unix_user, pwd->pw_dir);
+		}
+	}
+
+	return ret;
 }
 
 /****************************************************************************
@@ -648,7 +664,7 @@ static BOOL check_domain_security(char *orig_user, char *domain, char *unix_user
        * create the home directory for a user mapped with winbindd.
        */
 
-      if (pwd->pw_shell && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT))
+      if (pwd->pw_dir && (sys_stat(pwd->pw_dir, &st) == -1) && (errno == ENOENT))
         smb_create_user(unix_user, pwd->pw_dir);
     }
 
@@ -690,7 +706,7 @@ reply to a session setup command
 
 int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
-  uint16 sess_vuid;
+  int sess_vuid;
   gid_t gid;
   uid_t uid;
   int   smb_bufsize;    
@@ -705,19 +721,22 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
   BOOL guest=False;
   static BOOL done_sesssetup = False;
   BOOL doencrypt = SMBENCRYPT();
-  char *domain = "";
+  fstring domain;
   START_PROFILE(SMBsesssetupX);
 
   *smb_apasswd = 0;
   *smb_ntpasswd = 0;
-  
+  *domain = 0;
+
   smb_bufsize = SVAL(inbuf,smb_vwv2);
 
   if (Protocol < PROTOCOL_NT1) {
     smb_apasslen = SVAL(inbuf,smb_vwv7);
-    if (smb_apasslen > MAX_PASS_LEN)
+    if (smb_apasslen > MAX_PASS_LEN) {
       overflow_attack(smb_apasslen);
-
+      return(ERROR(ERRDOS,ERRbuftoosmall));
+    }
+      
     memcpy(smb_apasswd,smb_buf(inbuf),smb_apasslen);
     smb_apasswd[smb_apasslen] = 0;
     pstrcpy(user,smb_buf(inbuf)+smb_apasslen);
@@ -725,7 +744,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
      * Incoming user is in DOS codepage format. Convert
      * to UNIX.
      */
-    dos_to_unix(user,True);
+    pstrcpy(user,dos_to_unix(user,False));
   
     if (!doencrypt && (lp_security() != SEC_SERVER)) {
       smb_apasslen = strlen(smb_apasswd);
@@ -755,6 +774,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 
     if (passlen1 > MAX_PASS_LEN) {
       overflow_attack(passlen1);
+      return(ERROR(ERRDOS,ERRbuftoosmall));
     }
 
     passlen1 = MIN(passlen1, MAX_PASS_LEN);
@@ -810,8 +830,8 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
        * Ensure the plaintext passwords are in UNIX format.
        */
       if(!doencrypt) {
-        dos_to_unix(smb_apasswd,True);
-        dos_to_unix(smb_ntpasswd,True);
+        pstrcpy(smb_apasswd,dos_to_unix(smb_apasswd,False));
+        pstrcpy(smb_ntpasswd,dos_to_unix(smb_ntpasswd,False));
       }
 
     } else {
@@ -821,7 +841,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
       /*
        * Ensure the plaintext password is in UNIX format.
        */
-      dos_to_unix(smb_apasswd,True);
+      pstrcpy(smb_apasswd,dos_to_unix(smb_apasswd,False));
       
       /* trim the password */
       smb_apasslen = strlen(smb_apasswd);
@@ -840,13 +860,19 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
      * Incoming user and domain are in DOS codepage format. Convert
      * to UNIX.
      */
-    dos_to_unix(user,True);
-    domain = p;
-    dos_to_unix(domain, True);
+    pstrcpy(user,dos_to_unix(user,False));
+    fstrcpy(domain, dos_to_unix(p, False));
     DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
 	     domain,skip_string(p,1),skip_string(p,2)));
   }
 
+  /* don't allow strange characters in usernames or domains */
+  alpha_strcpy(user, user, ". _-", sizeof(user));
+  alpha_strcpy(domain, domain, ". _-", sizeof(domain));
+  if (strstr(user, "..") || strstr(domain,"..")) {
+	  return bad_password_error(inbuf, outbuf);
+  }
+
   DEBUG(3,("sesssetupX:name=[%s]\n",user));
 
   /* If name ends in $ then I think it's asking about whether a */
@@ -895,15 +921,23 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 
   pstrcpy( orig_user, user);
 
-  /* if the username exists as a domain/username pair on the unix system then use 
-     that */
-  if (!sys_getpwnam(user)) {
-	  pstring user2;
-	  slprintf(user2,sizeof(user2)-1,"%s%s%s", dos_to_unix(domain,False), lp_winbind_separator(), user);
-	  if (sys_getpwnam(user2)) {
-		  DEBUG(3,("Using unix username %s\n", user2));
-		  pstrcpy(user, user2);
-	  }
+  /*
+   * Always try the "DOMAIN\user" lookup first, as this is the most
+   * specific case. If this fails then try the simple "user" lookup.
+   */
+
+  {
+    pstring dom_user;
+
+    /* Work out who's who */
+
+    slprintf(dom_user, sizeof(dom_user) - 1,"%s%s%s",
+               dos_to_unix(domain, False), lp_winbind_separator(), user);
+
+    if (sys_getpwnam(dom_user) != NULL) {
+      pstrcpy(user, dom_user);
+      DEBUG(3,("Using unix username %s\n", dom_user));
+    }
   }
 
   /*
@@ -1054,6 +1088,11 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
      to a uid can get through without a password, on the same VC */
 
   sess_vuid = register_vuid(uid,gid,user,current_user_info.smb_name,domain,guest);
+  
+  if (sess_vuid == -1) {
+	  return(ERROR(ERRDOS,ERRnoaccess));
+  }
+
  
   SSVAL(outbuf,smb_uid,sess_vuid);
   SSVAL(inbuf,smb_uid,sess_vuid);
@@ -1840,14 +1879,15 @@ int reply_mknew(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
 int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
   pstring fname;
-  pstring fname2;
   int outsize = 0;
   int createmode;
-  mode_t unixmode;
+  mode_t unixmode = 0600;
   BOOL bad_path = False;
   files_struct *fsp;
   int oplock_request = CORE_OPLOCK_REQUEST(inbuf);
+  int tmpfd;
   SMB_STRUCT_STAT sbuf;
+
   START_PROFILE(SMBctemp);
 
   createmode = SVAL(inbuf,smb_vwv0);
@@ -1858,17 +1898,22 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
 
   unix_convert(fname,conn,0,&bad_path,&sbuf);
   
-  unixmode = unix_mode(conn,createmode,fname);
-  
-  pstrcpy(fname2,(char *)smbd_mktemp(fname));
-  /* This file should not exist. */
-  ZERO_STRUCT(sbuf);
-  vfs_stat(conn,fname2,&sbuf);
+  tmpfd = smb_mkstemp(fname);
+  if (tmpfd == -1) {
+	  END_PROFILE(SMBctemp);
+	  return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
+
+  vfs_stat(conn,fname,&sbuf);
 
   /* Open file in dos compatibility share mode. */
-  /* We should fail if file exists. */
-  fsp = open_file_shared(conn,fname2,&sbuf,SET_DENY_MODE(DENY_FCB)|SET_OPEN_MODE(DOS_OPEN_FCB), 
-                   (FILE_CREATE_IF_NOT_EXIST|FILE_EXISTS_FAIL), unixmode, oplock_request, NULL, NULL);
+  /* We should fail if file does not exist. */
+  fsp = open_file_shared(conn,fname,&sbuf,
+			 SET_DENY_MODE(DENY_FCB)|SET_OPEN_MODE(DOS_OPEN_FCB), 
+			 FILE_EXISTS_OPEN|FILE_FAIL_IF_NOT_EXIST, 
+			 unixmode, oplock_request, NULL, NULL);
+  /* close fd from smb_mkstemp() */
+  close(tmpfd);
 
   if (!fsp)
   {
@@ -1881,10 +1926,10 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
     return(UNIXERROR(ERRDOS,ERRnoaccess));
   }
 
-  outsize = set_message(outbuf,1,2 + strlen(fname2),True);
+  outsize = set_message(outbuf,1,2 + strlen(fname),True);
   SSVAL(outbuf,smb_vwv0,fsp->fnum);
   CVAL(smb_buf(outbuf),0) = 4;
-  pstrcpy(smb_buf(outbuf) + 1,fname2);
+  pstrcpy(smb_buf(outbuf) + 1,fname);
 
   if (oplock_request && lp_fake_oplocks(SNUM(conn))) {
     CVAL(outbuf,smb_flg) |= CORE_OPLOCK_GRANTED;
@@ -1893,9 +1938,9 @@ int reply_ctemp(connection_struct *conn, char *inbuf,char *outbuf, int dum_size,
   if(EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type))
     CVAL(outbuf,smb_flg) |= CORE_OPLOCK_GRANTED;
 
-  DEBUG( 2, ( "created temp file %s\n", fname2 ) );
+  DEBUG( 2, ( "created temp file %s\n", fname ) );
   DEBUG( 3, ( "ctemp %s fd=%d dmode=%d umode=%o\n",
-        fname2, fsp->fd, createmode, (int)unixmode ) );
+        fname, fsp->fd, createmode, (int)unixmode ) );
 
   END_PROFILE(SMBctemp);
   return(outsize);
@@ -2154,7 +2199,7 @@ int reply_readbraw(connection_struct *conn, char *inbuf, char *outbuf, int dum_s
   maxcount = MIN(65535,maxcount);
   maxcount = MAX(mincount,maxcount);
 
-  if (!is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK))
+  if (!is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK,False))
   {
     SMB_OFF_T size = fsp->size;
     SMB_OFF_T sizeneeded = startpos + maxcount;
@@ -2251,7 +2296,7 @@ int reply_lockread(connection_struct *conn, char *inbuf,char *outbuf, int length
    * for a write lock. JRA.
    */
 
-  if(!do_lock( fsp, conn, (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK, &eclass, &ecode)) {
+  if(!do_lock( fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtoread, (SMB_BIG_UINT)startpos, WRITE_LOCK, &eclass, &ecode)) {
     if((ecode == ERRlock) && lp_blocking_locks(SNUM(conn))) {
       /*
        * A blocking lock was requested. Package up
@@ -2311,7 +2356,7 @@ int reply_read(connection_struct *conn, char *inbuf,char *outbuf, int size, int
   numtoread = MIN(BUFFER_SIZE-outsize,numtoread);
   data = smb_buf(outbuf) + 3;
   
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtoread,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
     END_PROFILE(SMBread);
     return(ERROR(ERRDOS,ERRlock));	
   }
@@ -2388,7 +2433,7 @@ int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 
   }
 
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)smb_maxcnt,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
     END_PROFILE(SMBreadX);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -2449,7 +2494,7 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size,
   CVAL(inbuf,smb_com) = SMBwritec;
   CVAL(outbuf,smb_com) = SMBwritec;
 
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
     END_PROFILE(SMBwritebraw);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -2472,7 +2517,8 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size,
   CVAL(outbuf,smb_com) = SMBwritebraw;
   SSVALS(outbuf,smb_vwv0,-1);
   outsize = set_message(outbuf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
-  send_smb(smbd_server_fd(),outbuf);
+  if (!send_smb(smbd_server_fd(),outbuf))
+    exit_server("reply_writebraw: send_smb failed.\n");
   
   /* Now read the raw data into the buffer and write it */
   if (read_smb_length(smbd_server_fd(),inbuf,SMB_SECONDARY_WAIT) == -1) {
@@ -2514,6 +2560,12 @@ int reply_writebraw(connection_struct *conn, char *inbuf,char *outbuf, int size,
      follows what WfWg does */
   END_PROFILE(SMBwritebraw);
   if (!write_through && total_written==tcount) {
+    /*
+     * Fix for "rabbit pellet" mode, trigger an early TCP ack by
+     * sending a SMBkeepalive. Thanks to DaveCB at Sun for this. JRA.
+     */
+    if (!send_keepalive(smbd_server_fd()))
+      exit_server("reply_writebraw: send of keepalive failed");
     return(-1);
   }
 
@@ -2544,7 +2596,7 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int siz
   startpos = IVAL(inbuf,smb_vwv2);
   data = smb_buf(inbuf) + 3;
   
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
     END_PROFILE(SMBwriteunlock);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -2565,7 +2617,7 @@ int reply_writeunlock(connection_struct *conn, char *inbuf,char *outbuf, int siz
     return(UNIXERROR(ERRDOS,ERRnoaccess));
   }
 
-  if(!do_unlock(fsp, conn, (SMB_BIG_UINT)numtowrite, (SMB_BIG_UINT)startpos, &eclass, &ecode)) {
+  if(!do_unlock(fsp, conn, SVAL(inbuf,smb_pid), (SMB_BIG_UINT)numtowrite, (SMB_BIG_UINT)startpos, &eclass, &ecode)) {
     END_PROFILE(SMBwriteunlock);
     return(ERROR(eclass,ecode));
   }
@@ -2608,7 +2660,7 @@ int reply_write(connection_struct *conn, char *inbuf,char *outbuf,int size,int d
   startpos = IVAL(inbuf,smb_vwv2);
   data = smb_buf(inbuf) + 3;
   
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
     END_PROFILE(SMBwrite);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -2657,7 +2709,9 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
   BOOL write_through = BITSETW(inbuf+smb_vwv7,0);
   ssize_t nwritten = -1;
   unsigned int smb_doff = SVAL(inbuf,smb_vwv11);
+  unsigned int smblen = smb_len(inbuf);
   char *data;
+  BOOL large_writeX = ((CVAL(inbuf,smb_wct) == 14) && (smblen > 0xFFFF));
   START_PROFILE(SMBwriteX);
 
   /* If it's an IPC, pass off the pipe handler. */
@@ -2670,7 +2724,11 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
   CHECK_WRITE(fsp);
   CHECK_ERROR(fsp);
 
-  if(smb_doff > smb_len(inbuf)) {
+  /* Deal with possible LARGE_WRITEX */
+  if (large_writeX)
+    numtowrite |= ((((size_t)SVAL(inbuf,smb_vwv9)) & 1 )<<16);
+
+  if(smb_doff > smblen || (smb_doff + numtowrite > smblen)) {
     END_PROFILE(SMBwriteX);
     return(ERROR(ERRDOS,ERRbadmem));
   }
@@ -2700,7 +2758,7 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
 #endif /* LARGE_SMB_OFF_T */
   }
 
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
     END_PROFILE(SMBwriteX);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -2722,7 +2780,9 @@ int reply_write_and_X(connection_struct *conn, char *inbuf,char *outbuf,int leng
   set_message(outbuf,6,0,True);
   
   SSVAL(outbuf,smb_vwv2,nwritten);
-  
+  if (large_writeX)
+    SSVAL(outbuf,smb_vwv4,(nwritten>>16)&1);
+
   if (nwritten < (ssize_t)numtowrite) {
     CVAL(outbuf,smb_rcls) = ERRHRD;
     SSVAL(outbuf,smb_err,ERRdiskfull);      
@@ -2983,7 +3043,7 @@ int reply_writeclose(connection_struct *conn,
 	mtime = make_unix_date3(inbuf+smb_vwv4);
 	data = smb_buf(inbuf) + 1;
   
-	if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK)) {
+	if (is_locked(fsp,conn,(SMB_BIG_UINT)numtowrite,(SMB_BIG_UINT)startpos, WRITE_LOCK,False)) {
 		END_PROFILE(SMBwriteclose);
 		return(ERROR(ERRDOS,ERRlock));
 	}
@@ -3041,7 +3101,7 @@ int reply_lock(connection_struct *conn,
 	DEBUG(3,("lock fd=%d fnum=%d offset=%.0f count=%.0f\n",
 		 fsp->fd, fsp->fnum, (double)offset, (double)count));
 
-	if (!do_lock(fsp, conn, count, offset, WRITE_LOCK, &eclass, &ecode)) {
+	if (!do_lock(fsp, conn, SVAL(inbuf,smb_pid), count, offset, WRITE_LOCK, &eclass, &ecode)) {
           if((ecode == ERRlock) && lp_blocking_locks(SNUM(conn))) {
 	    /*
              * A blocking lock was requested. Package up
@@ -3080,7 +3140,7 @@ int reply_unlock(connection_struct *conn, char *inbuf,char *outbuf, int size, in
   count = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv1);
   offset = (SMB_BIG_UINT)IVAL(inbuf,smb_vwv3);
 
-  if(!do_unlock(fsp, conn, count, offset, &eclass, &ecode)) {
+  if(!do_unlock(fsp, conn, SVAL(inbuf,smb_pid), count, offset, &eclass, &ecode)) {
     END_PROFILE(SMBunlock);
     return (ERROR(eclass,ecode));
   }
@@ -3149,7 +3209,8 @@ int reply_echo(connection_struct *conn,
 
 		smb_setlen(outbuf,outsize - 4);
 
-		send_smb(smbd_server_fd(),outbuf);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_echo: send_smb failed.\n");
 	}
 
 	DEBUG(3,("echo %d times\n", smb_reverb));
@@ -3177,7 +3238,7 @@ int reply_printopen(connection_struct *conn,
 	}
 
 	/* Open for exclusive use, write only. */
-	fsp = print_fsp_open(conn,"dos.prn");
+	fsp = print_fsp_open(conn);
 
 	if (!fsp) {
 		END_PROFILE(SMBsplopen);
@@ -4195,6 +4256,18 @@ int reply_setdir(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
 }
 
 /****************************************************************************
+ Get a lock pid, dealing with large count requests.
+****************************************************************************/
+
+uint16 get_lock_pid( char *data, int data_offset, BOOL large_file_format)
+{
+	if(!large_file_format)
+		return SVAL(data,SMB_LPID_OFFSET(data_offset));
+	else
+		return SVAL(data,SMB_LARGE__LPID_OFFSET(data_offset));
+}
+
+/****************************************************************************
  Get a lock count, dealing with large count requests.
 ****************************************************************************/
 
@@ -4293,6 +4366,7 @@ int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,
   uint16 num_ulocks = SVAL(inbuf,smb_vwv6);
   uint16 num_locks = SVAL(inbuf,smb_vwv7);
   SMB_BIG_UINT count = 0, offset = 0;
+  uint16 lock_pid;
   int32 lock_timeout = IVAL(inbuf,smb_vwv4);
   int i;
   char *data;
@@ -4316,7 +4390,7 @@ int reply_lockingX(connection_struct *conn, char *inbuf,char *outbuf,int length,
 	BOOL break_to_none = (oplocklevel == 0);
 
     DEBUG(5,("reply_lockingX: oplock break reply (%u) from client for fnum = %d\n",
-              fsp->fnum, (unsigned int)oplocklevel ));
+              (unsigned int)oplocklevel, fsp->fnum ));
 
     /*
      * Make sure we have granted an exclusive or batch oplock on this file.
@@ -4365,6 +4439,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
   /* Data now points at the beginning of the list
      of smb_unlkrng structs */
   for(i = 0; i < (int)num_ulocks; i++) {
+    lock_pid = get_lock_pid( data, i, large_file_format);
     count = get_lock_count( data, i, large_file_format);
     offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -4376,10 +4451,10 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
       return ERROR(ERRDOS,ERRnoaccess);
     }
 
-    DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for file %s\n",
-          (double)offset, (double)count, fsp->fsp_name ));
+    DEBUG(10,("reply_lockingX: unlock start=%.0f, len=%.0f for pid %u, file %s\n",
+          (double)offset, (double)count, (unsigned int)lock_pid, fsp->fsp_name ));
 
-    if(!do_unlock(fsp,conn,count,offset, &eclass, &ecode)) {
+    if(!do_unlock(fsp,conn,lock_pid,count,offset, &eclass, &ecode)) {
       END_PROFILE(SMBlockingX);
       return ERROR(eclass,ecode);
     }
@@ -4395,6 +4470,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
      of smb_lkrng structs */
 
   for(i = 0; i < (int)num_locks; i++) {
+    lock_pid = get_lock_pid( data, i, large_file_format);
     count = get_lock_count( data, i, large_file_format);
     offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -4406,10 +4482,10 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
       return ERROR(ERRDOS,ERRnoaccess);
     }
  
-    DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for file %s\n",
-          (double)offset, (double)count, fsp->fsp_name ));
+    DEBUG(10,("reply_lockingX: lock start=%.0f, len=%.0f for pid %u, file %s\n",
+          (double)offset, (double)count, (unsigned int)lock_pid, fsp->fsp_name ));
 
-    if(!do_lock(fsp,conn,count,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
+    if(!do_lock(fsp,conn,lock_pid, count,offset, ((locktype & 1) ? READ_LOCK : WRITE_LOCK),
                 &eclass, &ecode)) {
       if((ecode == ERRlock) && (lock_timeout != 0) && lp_blocking_locks(SNUM(conn))) {
         /*
@@ -4435,6 +4511,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
      * will delete it (and we shouldn't) .....
      */
     for(i--; i >= 0; i--) {
+      lock_pid = get_lock_pid( data, i, large_file_format);
       count = get_lock_count( data, i, large_file_format);
       offset = get_lock_offset( data, i, large_file_format, &err);
 
@@ -4446,7 +4523,7 @@ no oplock granted on this file (%s).\n", fsp->fnum, fsp->fsp_name));
         return ERROR(ERRDOS,ERRnoaccess);
       }
  
-      do_unlock(fsp,conn,count,offset,&dummy1,&dummy2);
+      do_unlock(fsp,conn,lock_pid,count,offset,&dummy1,&dummy2);
     }
     END_PROFILE(SMBlockingX);
     return ERROR(eclass,ecode);
@@ -4503,7 +4580,7 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,
   tcount = maxcount;
   total_read = 0;
 
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)maxcount,(SMB_BIG_UINT)startpos, READ_LOCK,False)) {
     END_PROFILE(SMBreadBmpx);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -4525,7 +4602,8 @@ int reply_readbmpx(connection_struct *conn, char *inbuf,char *outbuf,int length,
       SSVAL(outbuf,smb_vwv6,nread);
       SSVAL(outbuf,smb_vwv7,smb_offset(data,outbuf));
 
-      send_smb(smbd_server_fd(),outbuf);
+      if (!send_smb(smbd_server_fd(),outbuf))
+        exit_server("reply_readbmpx: send_smb failed.\n");
 
       total_read += nread;
       startpos += nread;
@@ -4569,7 +4647,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size,
      not an SMBwritebmpx - set this up now so we don't forget */
   CVAL(outbuf,smb_com) = SMBwritec;
 
-  if (is_locked(fsp,conn,(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK)) {
+  if (is_locked(fsp,conn,(SMB_BIG_UINT)tcount,(SMB_BIG_UINT)startpos,WRITE_LOCK,False)) {
     END_PROFILE(SMBwriteBmpx);
     return(ERROR(ERRDOS,ERRlock));
   }
@@ -4623,7 +4701,8 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size,
   if (write_through && tcount==nwritten) {
     /* we need to send both a primary and a secondary response */
     smb_setlen(outbuf,outsize - 4);
-    send_smb(smbd_server_fd(),outbuf);
+    if (!send_smb(smbd_server_fd(),outbuf))
+      exit_server("reply_writebmpx: send_smb failed.\n");
 
     /* now the secondary */
     outsize = set_message(outbuf,1,0,True);
diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c
index f604f6cce71..9ca63a0f957 100644
--- a/source/smbd/sec_ctx.c
+++ b/source/smbd/sec_ctx.c
@@ -109,6 +109,10 @@ static BOOL become_id(uid_t uid, gid_t gid)
 
 static void gain_root(void)
 {
+	if (non_root_mode()) {
+		return;
+	}
+
 	if (geteuid() != 0) {
 		set_effective_uid(0);
 
@@ -152,8 +156,10 @@ int get_current_groups(int *p_ngroups, gid_t **p_groups)
 		return -1;
 	}
 
-	if ((ngroups = sys_getgroups(ngroups,groups)) == -1)
+	if ((ngroups = sys_getgroups(ngroups,groups)) == -1) {
+		safe_free(groups);
 		return -1;
+	}
 
 	(*p_ngroups) = ngroups;
 	(*p_groups) = groups;
@@ -275,8 +281,8 @@ BOOL push_sec_ctx(void)
 	ctx_p->uid = geteuid();
 	ctx_p->gid = getegid();
 
- 	DEBUG(3, ("push_sec_ctx(%d, %d) : sec_ctx_stack_ndx = %d\n", 
- 		  ctx_p->uid, ctx_p->gid, sec_ctx_stack_ndx ));
+ 	DEBUG(3, ("push_sec_ctx(%u, %u) : sec_ctx_stack_ndx = %d\n", 
+ 		  (unsigned int)ctx_p->uid, (unsigned int)ctx_p->gid, sec_ctx_stack_ndx ));
 
 	ctx_p->token = dup_nt_token(sec_ctx_stack[sec_ctx_stack_ndx-1].token);
 
@@ -307,14 +313,15 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
 	
 	/* Set the security context */
 
-	DEBUG(3, ("setting sec ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", uid, gid, sec_ctx_stack_ndx));
+	DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", 
+		(unsigned int)uid, (unsigned int)gid, sec_ctx_stack_ndx));
 
 	if (ngroups) {
 		int i;
 
 		DEBUG(3, ("%d user groups: \n", ngroups));
 		for (i = 0; i < ngroups; i++) {
-			DEBUGADD(3, ("%d ", groups[i]));
+			DEBUGADD(3, ("%u ", (unsigned int)groups[i]));
 		}
 
 		DEBUG(3, ("\n"));
@@ -413,7 +420,8 @@ BOOL pop_sec_ctx(void)
 	current_user.groups = prev_ctx_p->groups;
 	current_user.nt_user_token = prev_ctx_p->token;
 
-	DEBUG(3, ("pop_sec_ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", geteuid(), getegid(), sec_ctx_stack_ndx));
+	DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", 
+		(unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx));
 
 	return True;
 }
diff --git a/source/smbd/server.c b/source/smbd/server.c
index bd98fe802fb..49cc9c8fa5c 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -208,7 +208,7 @@ max can be %d\n",
 		num = sys_select(FD_SETSIZE,&lfds,NULL);
 		
 		if (num == -1 && errno == EINTR) {
-			extern VOLATILE SIG_ATOMIC_T reload_after_sighup;
+			extern VOLATILE sig_atomic_t reload_after_sighup;
 
 			/* check for sighup processing */
 			if (reload_after_sighup) {
@@ -228,7 +228,7 @@ max can be %d\n",
 		   accept on these. */
 		for( ; num > 0; num--) {
 			struct sockaddr addr;
-			int in_addrlen = sizeof(addr);
+			socklen_t in_addrlen = sizeof(addr);
 			
 			s = -1;
 			for(i = 0; i < num_interfaces; i++) {
@@ -277,6 +277,16 @@ max can be %d\n",
 			/* The parent doesn't need this socket */
 			close(smbd_server_fd()); 
 
+			/* Sun May 6 18:56:14 2001 ackley@cs.unm.edu:
+				Clear the closed fd info out of server_fd --
+				and more importantly, out of client_fd in
+				util_sock.c, to avoid a possible
+				getpeername failure if we reopen the logs
+				and use %I in the filename.
+			*/
+
+			smbd_set_server_fd(-1);
+
 			/* Force parent to check log size after
 			 * spawning child.  Fix from
 			 * klausr@ITAP.Physik.Uni-Stuttgart.De.  The
@@ -356,7 +366,7 @@ BOOL reload_services(BOOL test)
  Catch a sighup.
 ****************************************************************************/
 
-VOLATILE SIG_ATOMIC_T reload_after_sighup = False;
+VOLATILE sig_atomic_t reload_after_sighup = False;
 
 static void sig_hup(int sig)
 {
@@ -411,16 +421,14 @@ static BOOL dump_core(void)
 /****************************************************************************
 update the current smbd process count
 ****************************************************************************/
+
 static void decrement_smbd_process_count(void)
 {
 	int total_smbds;
 
 	if (lp_max_smbd_processes()) {
-		tdb_lock_bystring(conn_tdb_ctx(), "INFO/total_smbds");
-		if ((total_smbds = tdb_fetch_int(conn_tdb_ctx(), "INFO/total_smbds")) > 0)
-			tdb_store_int(conn_tdb_ctx(), "INFO/total_smbds", total_smbds - 1);
-		
-		tdb_unlock_bystring(conn_tdb_ctx(), "INFO/total_smbds");
+		total_smbds = 0;
+		tdb_change_int_atomic(conn_tdb_ctx(), "INFO/total_smbds", &total_smbds, -1);
 	}
 }
 
@@ -441,12 +449,14 @@ void exit_server(char *reason)
 
 	conn_close_all();
 
+	invalidate_all_vuids();
+
 	/* delete our entry in the connections database. */
 	if (lp_status(-1)) {
 		yield_connection(NULL,"",MAXSTATUS);
 	}
 
-    respond_to_all_remaining_local_messages();
+	respond_to_all_remaining_local_messages();
 	decrement_smbd_process_count();
 
 #ifdef WITH_DFS
@@ -611,15 +621,7 @@ static void usage(char *pname)
 	setluid(0);
 #endif
 
-	/*
-	 * gain_root_privilege uses an assert than will cause a core
-	 * dump if euid != 0. Ensure this is the case.
-	 */
-
-	if(geteuid() != (uid_t)0) {
-		fprintf(stderr, "%s: Version %s : Must have effective user id of zero to run.\n", argv[0], VERSION);
-		exit(1);
-	}
+	sec_init();
 
 	append_log = True;
 
diff --git a/source/smbd/service.c b/source/smbd/service.c
index 394f8ae46d5..f2af4403b2a 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -108,11 +108,6 @@ int add_home_service(char *service, char *homedir)
 	lp_add_home(new_service,iHomeService,homedir);
 	iService = lp_servicenumber(new_service);
 
-	if ((iService != -1) && usr_p && (strstr(lp_pathname(iService),"%D") == NULL))
-		DEBUG(0,("find_service: Service %s added for user %s - contains non-local (Domain) user \
-with non-domain parameterised path (%s). This may be cause the wrong directory to be seen.\n",
-                 new_service, service, lp_pathname(iService) ));
-
 	return iService;
 }
 
@@ -530,39 +525,12 @@ connection_struct *make_connection(char *service,char *user,char *password, int
 	}
 	/* Initialise VFS function pointers */
 
-#if WITH_VFS
-	if (*lp_vfsobj(SNUM(conn))) {
-
-#ifdef HAVE_LIBDL
-
-	    /* Loadable object file */
-
-	    if (!vfs_init_custom(conn)) {
-	    	DEBUG(0, ("vfs_init failed\n"));
-		    conn_free(conn);
-			return NULL;
-	    }
-#else /* HAVE_LIBDL */
-	    DEBUG(0, ("No libdl present - cannot use VFS objects\n"));
-	    conn_free(conn);
-	    return NULL;
-#endif /* HAVE_LIBDL */
-
-	} else {
-
-		/* Normal share - initialise with disk access functions */
-
-	    vfs_init_default(conn);
+	if (!vfs_init(conn)) {
+		DEBUG(0, ("vfs_init failed for service %s\n", lp_servicename(SNUM(conn))));
+		conn_free(conn);
+		return NULL;
 	}
 
-#else /* WITH_VFS */
-
-	/* Normal share - initialise with disk access functions */
-
-	vfs_init_default(conn);
-
-#endif /* WITH_VFS */
-
 	/* execute any "root preexec = " line */
 	if (*lp_rootpreexec(SNUM(conn))) {
 		pstring cmd;
@@ -712,3 +680,5 @@ void close_cnum(connection_struct *conn, uint16 vuid)
 	}
 	conn_free(conn);
 }
+
+
diff --git a/source/smbd/ssl.c b/source/smbd/ssl.c
index 65d6532d486..dff5f34d5dd 100644
--- a/source/smbd/ssl.c
+++ b/source/smbd/ssl.c
@@ -255,11 +255,15 @@ char            *reqHosts, *resignHosts;
     if(msg_type != 0x81){ /* first packet must be a session request */
         DEBUG( 0, ( "Client %s did not use session setup; access denied\n",
                      client_addr() ) );
-        send_smb(fd, (char *)buf);
+        if (!send_smb(fd, (char *)buf))
+          DEBUG(0, ("sslutil_negotiate_ssl: send_smb failed.\n"));
         return -1;
     }
     buf[4] = 0x8e;  /* negative session response: use SSL */
-    send_smb(fd, (char *)buf);
+    if (!send_smb(fd, (char *)buf)) {
+        DEBUG(0,("sslutil_negotiate_ssl: send_smb failed.\n"));
+        return -1;
+    }
     if(sslutil_accept(fd) != 0){
         DEBUG( 0, ( "Client %s failed SSL negotiation!\n", client_addr() ) );
         return -1;
diff --git a/source/smbd/statcache.c b/source/smbd/statcache.c
index 8200c277b32..65a48300164 100644
--- a/source/smbd/statcache.c
+++ b/source/smbd/statcache.c
@@ -221,11 +221,11 @@ BOOL reset_stat_cache( void )
 	static BOOL initialised;
 	if (!lp_stat_cache()) return True;
 
-	if (!initialised) {
-		initialised = True;
-		return hash_table_init( &stat_cache, INIT_STAT_CACHE_SIZE, (compare_function)(strcmp));
+	if (initialised) {
+		hash_clear(&stat_cache);
 	}
-	hash_clear(&stat_cache);
-	return hash_table_init( &stat_cache, INIT_STAT_CACHE_SIZE, (compare_function)(strcmp));
 
+	initialised = hash_table_init( &stat_cache, INIT_STAT_CACHE_SIZE, 
+				       (compare_function)(strcmp));
+	return initialised;
 } /* reset_stat_cache  */
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 05a02238957..5f0652e5780 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -65,7 +65,8 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params,
      the empty packet */
   if(params_to_send == 0 && data_to_send == 0)
   {
-    send_smb(smbd_server_fd(),outbuf);
+    if (!send_smb(smbd_server_fd(),outbuf))
+      exit_server("send_trans2_replies: send_smb failed.\n");
     return 0;
   }
 
@@ -160,7 +161,8 @@ static int send_trans2_replies(char *outbuf, int bufsize, char *params,
           params_to_send, data_to_send, paramsize, datasize));
 
     /* Send the packet */
-    send_smb(smbd_server_fd(),outbuf);
+    if (!send_smb(smbd_server_fd(),outbuf))
+		exit_server("send_trans2_replies: send_smb failed.\n");
 
     pp += params_sent_thistime;
     pd += data_sent_thistime;
@@ -432,6 +434,13 @@ static BOOL get_lanman2_dir_entry(connection_struct *conn,
       mdate = sbuf.st_mtime;
       adate = sbuf.st_atime;
       cdate = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+      if (lp_dos_filetime_resolution(SNUM(conn))) {
+        cdate &= ~1;
+        mdate &= ~1;
+        adate &= ~1;
+      }
+
       if(mode & aDIR)
         size = 0;
 
@@ -1173,9 +1182,10 @@ static int call_trans2qfsinfo(connection_struct *conn,
             (lp_nt_acl_support() ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */
 #if 0 /* Old code. JRA. */
       SIVAL(pdata,0,0x4006); /* FS ATTRIBUTES == long filenames supported? */
+      SIVAL(pdata,0,0x700FF);
 #endif /* Old code. */
 
-      SIVAL(pdata,4,128); /* Max filename component length */
+      SIVAL(pdata,4,255); /* Max filename component length */
       fstype_len = dos_PutUniCode(pdata+12,unix_to_dos(fstype,False),sizeof(pstring), False);
       SIVAL(pdata,8,fstype_len);
       data_len = 12 + fstype_len;
@@ -1303,6 +1313,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
   SMB_OFF_T pos = 0;
   BOOL bad_path = False;
   BOOL delete_pending = False;
+  time_t c_time;
 
   if (tran_call == TRANSACT2_QFILEINFO) {
     files_struct *fsp = file_fsp(params,0);
@@ -1410,12 +1421,21 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
 
   memset((char *)pdata,'\0',data_size);
 
+  c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+
+  if (lp_dos_filetime_resolution(SNUM(conn))) {
+    c_time &= ~1;
+    sbuf.st_atime &= ~1;
+    sbuf.st_mtime &= ~1;
+    sbuf.st_mtime &= ~1;
+  }
+
   switch (info_level) 
     {
     case SMB_INFO_STANDARD:
     case SMB_INFO_QUERY_EA_SIZE:
       data_size = (info_level==1?22:26);
-      put_dos_date2(pdata,l1_fdateCreation,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+      put_dos_date2(pdata,l1_fdateCreation,c_time);
       put_dos_date2(pdata,l1_fdateLastAccess,sbuf.st_atime);
       put_dos_date2(pdata,l1_fdateLastWrite,sbuf.st_mtime); /* write time */
       SIVAL(pdata,l1_cbFile,(uint32)size);
@@ -1426,7 +1446,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
 
     case SMB_INFO_QUERY_EAS_FROM_LIST:
       data_size = 24;
-      put_dos_date2(pdata,0,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+      put_dos_date2(pdata,0,c_time);
       put_dos_date2(pdata,4,sbuf.st_atime);
       put_dos_date2(pdata,8,sbuf.st_mtime);
       SIVAL(pdata,12,(uint32)size);
@@ -1443,8 +1463,15 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
       return(ERROR(ERRDOS,ERRbadfunc)); /* os/2 needs this */      
 
     case SMB_QUERY_FILE_BASIC_INFO:
-      data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */
-      put_long_date(pdata,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+	case 1004:
+
+      if (info_level == SMB_QUERY_FILE_BASIC_INFO)
+	      data_size = 36; /* w95 returns 40 bytes not 36 - why ?. */
+      else {
+          data_size = 40;
+          SIVAL(pdata,36,0);
+      }
+      put_long_date(pdata,c_time);
       put_long_date(pdata+8,sbuf.st_atime);
       put_long_date(pdata+16,sbuf.st_mtime); /* write time */
       put_long_date(pdata+24,sbuf.st_mtime); /* change time */
@@ -1452,7 +1479,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
 
       DEBUG(5,("SMB_QFBI - "));
       {
-        time_t create_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
+        time_t create_time = c_time;
         DEBUG(5,("create: %s ", ctime(&create_time)));
       }
       DEBUG(5,("access: %s ", ctime(&sbuf.st_atime)));
@@ -1518,7 +1545,7 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
       break;
 
     case SMB_QUERY_FILE_ALL_INFO:
-      put_long_date(pdata,get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))));
+      put_long_date(pdata,c_time);
       put_long_date(pdata+8,sbuf.st_atime);
       put_long_date(pdata+16,sbuf.st_mtime); /* write time */
       put_long_date(pdata+24,sbuf.st_mtime); /* change time */
@@ -1549,6 +1576,144 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
       data_size = PTR_DIFF(pdata,(*ppdata));
       break;
 
+	/*
+	 * Windows 2000 completely undocumented new SMB info levels.
+	 * Thanks Microsoft.... sure you're working on making this
+	 * protocol a standard.... sure you are... :-).
+	 * Lying rat-bastards. JRA.
+	 */
+
+	case 1005:
+		SIVAL(pdata,0,mode);
+		SIVAL(pdata,4,0); /* ??? */
+		SOFF_T(pdata,8,size);
+		SIVAL(pdata,16,1); /* ??? */
+		SIVAL(pdata,20,0); /* ??? */
+		data_size = 24;
+		break;
+
+	case 1006:
+		SIVAL(pdata,0,0x907); /* ??? */
+		SIVAL(pdata,4,0x690000); /* ??? */
+		data_size = 8;
+		break;
+
+	case 1007:
+		SIVAL(pdata,0,0); /* ??? */
+		data_size = 4;
+		break;
+
+	case 1008:
+		SIVAL(pdata,0,0x12019F); /* ??? */
+		data_size = 4;
+		break;
+
+	case 1009:
+		/* Pathname with leading '\'. */
+		{
+			pstring new_fname;
+			size_t byte_len;
+
+			pstrcpy(new_fname, "\\");
+			pstrcat(new_fname, fname);
+			byte_len = dos_PutUniCode(pdata+4,new_fname,max_data_bytes,False);
+			SIVAL(pdata,0,byte_len);
+			data_size = 4 + byte_len;
+			break;
+		}
+
+	case 1014:
+		SIVAL(pdata,0,0); /* ??? */
+		SIVAL(pdata,4,0); /* ??? */
+		data_size = 8;
+		break;
+
+	case 1016:
+		SIVAL(pdata,0,0); /* ??? */
+		data_size = 4;
+		break;
+
+	case 1017:
+		SIVAL(pdata,0,0); /* ??? */
+		data_size = 4;
+		break;
+
+#if 0
+	/* Not yet finished... JRA */
+	case 1018:
+		{
+			pstring new_fname;
+			size_t byte_len;
+
+			put_long_date(pdata,c_time);
+			put_long_date(pdata+8,sbuf.st_atime);
+			put_long_date(pdata+16,sbuf.st_mtime); /* write time */
+			put_long_date(pdata+24,sbuf.st_mtime); /* change time */
+			SIVAL(pdata,32,mode);
+			SIVAL(pdata,36,0); /* ??? */
+			SIVAL(pdata,40,0x20); /* ??? */
+			SIVAL(pdata,44,0); /* ??? */
+			SOFF_T(pdata,48,size);
+			SIVAL(pdata,56,0x1); /* ??? */
+			SIVAL(pdata,60,0); /* ??? */
+			SIVAL(pdata,64,0); /* ??? */
+			SIVAL(pdata,68,length); /* Following string length in bytes. */
+			dos_PutUniCode(pdata+72,,False);
+			break;
+		}
+#endif
+
+	case 1021:
+		/* Last component of pathname. */
+		{
+			size_t byte_len = dos_PutUniCode(pdata+4,fname,max_data_bytes,False);
+			SIVAL(pdata,0,byte_len);
+			data_size = 4 + byte_len;
+			break;
+		}
+		
+	case 1022:
+		{
+			size_t byte_len = dos_PutUniCode(pdata+24,"::$DATA", 0xE, False);
+			SIVAL(pdata,0,0); /* ??? */
+			SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
+			SOFF_T(pdata,8,size);
+			SIVAL(pdata,16,0x20); /* ??? */
+			SIVAL(pdata,20,0); /* ??? */
+			data_size = 24 + byte_len;
+			break;
+		}
+
+	case 1028:
+		SOFF_T(pdata,0,size);
+		SIVAL(pdata,8,0); /* ??? */
+		SIVAL(pdata,12,0); /* ??? */
+		data_size = 16;
+		break;
+
+	case 1034:
+		put_long_date(pdata,c_time);
+		put_long_date(pdata+8,sbuf.st_atime);
+		put_long_date(pdata+16,sbuf.st_mtime); /* write time */
+		put_long_date(pdata+24,sbuf.st_mtime); /* change time */
+		SIVAL(pdata,32,0x20); /* ??? */
+		SIVAL(pdata,36,0); /* ??? */
+		SOFF_T(pdata,40,size);
+		SIVAL(pdata,48,mode);
+		SIVAL(pdata,52,0); /* ??? */
+		data_size = 56;
+		break;
+
+	case 1035:
+		SIVAL(pdata,0,mode);
+		SIVAL(pdata,4,0);
+		data_size = 8;
+		break;
+
+	/*
+	 * End new completely undocumented info levels... JRA.
+	 */
+
 #if 0
       /* NT4 server just returns "invalid query" to this - if we try to answer 
 	 it then NTws gets a BSOD! (tridge) */
@@ -1731,6 +1896,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn,
       break;
 
     case SMB_SET_FILE_BASIC_INFO:
+	case 1004:
     {
       /* Patch to do this correctly from Paul Eggert <eggert@twinsun.com>. */
       time_t write_time;
@@ -1752,14 +1918,6 @@ static int call_trans2setfilepathinfo(connection_struct *conn,
                       ? changed_time
                       : write_time);
 
-#if 0 /* Needs more testing... */
-      /* Test from Luke to prevent Win95 from
-         setting incorrect values here.
-       */
-      if (tvs.actime < tvs.modtime)
-        return(ERROR(ERRDOS,ERRnoaccess));
-#endif /* Needs more testing... */
-
       /* attributes */
       mode = IVAL(pdata,32);
       break;
@@ -1770,6 +1928,8 @@ static int call_trans2setfilepathinfo(connection_struct *conn,
      * to mean truncate the file. JRA.
      */
 
+	case 1019:
+	case 1020:
     case SMB_SET_FILE_ALLOCATION_INFO:
     {
       SMB_OFF_T newsize = IVAL(pdata,0);
@@ -1903,7 +2063,9 @@ static int call_trans2setfilepathinfo(connection_struct *conn,
   DEBUG(6,("mode: %x\n"  , mode));
 
   if(!((info_level == SMB_SET_FILE_END_OF_FILE_INFO) ||
-     (info_level == SMB_SET_FILE_ALLOCATION_INFO))) {
+     (info_level == SMB_SET_FILE_ALLOCATION_INFO) ||
+     (info_level == 1019) ||
+     (info_level == 1020))) {
     /*
      * Only do this test if we are not explicitly
      * changing the size of a file.
@@ -2348,7 +2510,8 @@ int reply_trans2(connection_struct *conn,
 		/* We need to send an interim response then receive the rest
 		   of the parameter/data bytes */
 		outsize = set_message(outbuf,0,0,True);
-		send_smb(smbd_server_fd(),outbuf);
+		if (!send_smb(smbd_server_fd(),outbuf))
+			exit_server("reply_trans2: send_smb failed.\n");
 
 		while (num_data_sofar < total_data || 
 		       num_params_sofar < total_params) {
diff --git a/source/smbd/vfs-wrap.c b/source/smbd/vfs-wrap.c
index da8484e14ee..058b02b5ac1 100644
--- a/source/smbd/vfs-wrap.c
+++ b/source/smbd/vfs-wrap.c
@@ -479,33 +479,34 @@ int vfswrap_utime(connection_struct *conn, char *path, struct utimbuf *times)
 int vfswrap_ftruncate(files_struct *fsp, int fd, SMB_OFF_T len)
 {
 	int result = -1;
-    START_PROFILE(syscall_ftruncate);
-
-#ifdef HAVE_FTRUNCATE_EXTEND
-	result = sys_ftruncate(fd, len);
-    END_PROFILE(syscall_ftruncate);
-    return result;
-#else
-
-	/* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot
-		extend a file with ftruncate. Provide alternate implementation
-		for this */
-
 	struct vfs_ops *vfs_ops = &fsp->conn->vfs_ops;
 	SMB_STRUCT_STAT st;
 	char c = 0;
 	SMB_OFF_T currpos;
 
-	currpos = vfs_ops->lseek(fsp, (SMB_OFF_T)0, SEEK_CUR);
-	if(currpos == -1) {
+	START_PROFILE(syscall_ftruncate);
+
+	/* we used to just check HAVE_FTRUNCATE_EXTEND and only use
+	   sys_ftruncate if the system supports it. Then I discovered that
+	   you can have some filesystems that support ftruncate
+	   expansion and some that don't! On Linux fat can't do
+	   ftruncate extend but ext2 can. */
+	result = sys_ftruncate(fd, len);
+	if (result == 0) goto done;
+
+	/* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot
+	   extend a file with ftruncate. Provide alternate implementation
+	   for this */
+	currpos = vfs_ops->lseek(fsp, fd, 0, SEEK_CUR);
+	if (currpos == -1) {
 		goto done;
 	}
 
-	/* Do an fstat to see if the file is longer than
-		the requested size (call ftruncate),
-		or shorter, in which case seek to len - 1 and write 1
-		byte of zero */
-	if(vfs_ops->fstat(fsp, &st)<0) {
+	/* Do an fstat to see if the file is longer than the requested
+	   size in which case the ftruncate above should have
+	   succeeded or shorter, in which case seek to len - 1 and
+	   write 1 byte of zero */
+	if (vfs_ops->fstat(fsp, fd, &st) < 0) {
 		goto done;
 	}
 
@@ -516,35 +517,33 @@ int vfswrap_ftruncate(files_struct *fsp, int fd, SMB_OFF_T len)
 	}
 #endif
 
-	if(st.st_size == len) {
+	if (st.st_size == len) {
 		result = 0;
 		goto done;
 	}
 
-	if(st.st_size > len) {
-		/* Yes this is *deliberately* sys_ftruncate ! JRA */
-		result = sys_ftruncate(fd, len);
+	if (st.st_size > len) {
+		/* the sys_ftruncate should have worked */
 		goto done;
 	}
 
-	if(vfs_ops->lseek(fsp, len-1, SEEK_SET) != len -1) {
+	if (vfs_ops->lseek(fsp, fd, len-1, SEEK_SET) != len -1) {
 		goto done;
 	}
 
-	if(vfs_ops->write(fsp, &c, 1)!=1) {
+	if (vfs_ops->write(fsp, fd, &c, 1)!=1) {
 		goto done;
 	}
 
 	/* Seek to where we were */
-	if(vfs_ops->lseek(fsp, currpos, SEEK_SET) != currpos) {
+	if (vfs_ops->lseek(fsp, fd, currpos, SEEK_SET) != currpos) {
 		goto done;
 	}
+	result = 0;
   done:
 
-    END_PROFILE(syscall_ftruncate);
-    return result;
-#endif
-
+	END_PROFILE(syscall_ftruncate);
+	return result;
 }
 
 BOOL vfswrap_lock(files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
@@ -558,6 +557,38 @@ BOOL vfswrap_lock(files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T
     return result;
 }
 
+int vfswrap_symlink(connection_struct *conn, const char *oldpath, const char *newpath)
+{
+    int result;
+
+    START_PROFILE(syscall_symlink);
+
+#ifdef VFS_CHECK_NULL
+    if ((oldpath == NULL) || (newpath == NULL))
+		smb_panic("NULL pointer passed to vfswrap_symlink()\n");
+#endif
+
+    result = sys_symlink(oldpath, newpath);
+    END_PROFILE(syscall_symlink);
+    return result;
+}
+
+int vfswrap_readlink(connection_struct *conn, const char *path, char *buf, size_t bufsiz)
+{
+    int result;
+
+    START_PROFILE(syscall_readlink);
+
+#ifdef VFS_CHECK_NULL
+    if ((path == NULL) || (buf == NULL))
+		smb_panic("NULL pointer passed to vfswrap_readlink()\n");
+#endif
+
+    result = sys_readlink(path, buf, bufsiz);
+    END_PROFILE(syscall_readlink);
+    return result;
+}
+
 size_t vfswrap_fget_nt_acl(files_struct *fsp, int fd, SEC_DESC **ppdesc)
 {
 	return get_nt_acl(fsp, ppdesc);
diff --git a/source/smbd/vfs.c b/source/smbd/vfs.c
index 713d58cdc8c..ac00d00e9e1 100644
--- a/source/smbd/vfs.c
+++ b/source/smbd/vfs.c
@@ -72,6 +72,9 @@ struct vfs_ops default_vfs_ops = {
 	vfswrap_utime,
 	vfswrap_ftruncate,
 	vfswrap_lock,
+	vfswrap_symlink,
+	vfswrap_readlink,
+
 	vfswrap_fget_nt_acl,
 	vfswrap_get_nt_acl,
 	vfswrap_fset_nt_acl,
@@ -89,7 +92,8 @@ struct vfs_ops default_vfs_ops = {
 /****************************************************************************
   initialise default vfs hooks
 ****************************************************************************/
-int vfs_init_default(connection_struct *conn)
+
+static BOOL vfs_init_default(connection_struct *conn)
 {
     DEBUG(3, ("Initialising default vfs hooks\n"));
 
@@ -102,7 +106,7 @@ int vfs_init_default(connection_struct *conn)
 ****************************************************************************/
 
 #ifdef HAVE_LIBDL
-BOOL vfs_init_custom(connection_struct *conn)
+static BOOL vfs_init_custom(connection_struct *conn)
 {
 	int vfs_version = -1;
     struct vfs_ops *ops, *(*init_fptr)(int *);
@@ -146,145 +150,146 @@ BOOL vfs_init_custom(connection_struct *conn)
 
     memcpy(&conn->vfs_ops, ops, sizeof(struct vfs_ops));
 
-    if (conn->vfs_ops.connect == NULL) {
-	conn->vfs_ops.connect = default_vfs_ops.connect;
-    }
+    if (conn->vfs_ops.connect == NULL)
+		conn->vfs_ops.connect = default_vfs_ops.connect;
 
-    if (conn->vfs_ops.disconnect == NULL) {
-	conn->vfs_ops.disconnect = default_vfs_ops.disconnect;
-    }
+    if (conn->vfs_ops.disconnect == NULL)
+		conn->vfs_ops.disconnect = default_vfs_ops.disconnect;
 
-    if (conn->vfs_ops.disk_free == NULL) {
-	conn->vfs_ops.disk_free = default_vfs_ops.disk_free;
-    }
+    if (conn->vfs_ops.disk_free == NULL)
+		conn->vfs_ops.disk_free = default_vfs_ops.disk_free;
 
-    if (conn->vfs_ops.opendir == NULL) {
-	conn->vfs_ops.opendir = default_vfs_ops.opendir;
-    }
+    if (conn->vfs_ops.opendir == NULL)
+		conn->vfs_ops.opendir = default_vfs_ops.opendir;
 
-    if (conn->vfs_ops.readdir == NULL) {
-	conn->vfs_ops.readdir = default_vfs_ops.readdir;
-    }
+    if (conn->vfs_ops.readdir == NULL)
+		conn->vfs_ops.readdir = default_vfs_ops.readdir;
 
-    if (conn->vfs_ops.mkdir == NULL) {
-	conn->vfs_ops.mkdir = default_vfs_ops.mkdir;
-    }
+    if (conn->vfs_ops.mkdir == NULL)
+		conn->vfs_ops.mkdir = default_vfs_ops.mkdir;
 
-    if (conn->vfs_ops.rmdir == NULL) {
-	conn->vfs_ops.rmdir = default_vfs_ops.rmdir;
-    }
+    if (conn->vfs_ops.rmdir == NULL)
+		conn->vfs_ops.rmdir = default_vfs_ops.rmdir;
 
-    if (conn->vfs_ops.closedir == NULL) {
-	conn->vfs_ops.closedir = default_vfs_ops.closedir;
-    }
+    if (conn->vfs_ops.closedir == NULL)
+		conn->vfs_ops.closedir = default_vfs_ops.closedir;
 
-    if (conn->vfs_ops.open == NULL) {
-	conn->vfs_ops.open = default_vfs_ops.open;
-    }
+    if (conn->vfs_ops.open == NULL)
+		conn->vfs_ops.open = default_vfs_ops.open;
 
-    if (conn->vfs_ops.close == NULL) {
-	conn->vfs_ops.close = default_vfs_ops.close;
-    }
+    if (conn->vfs_ops.close == NULL)
+		conn->vfs_ops.close = default_vfs_ops.close;
 
-    if (conn->vfs_ops.read == NULL) {
-	conn->vfs_ops.read = default_vfs_ops.read;
-    }
+    if (conn->vfs_ops.read == NULL)
+		conn->vfs_ops.read = default_vfs_ops.read;
 
-    if (conn->vfs_ops.write == NULL) {
-	conn->vfs_ops.write = default_vfs_ops.write;
-    }
+    if (conn->vfs_ops.write == NULL)
+		conn->vfs_ops.write = default_vfs_ops.write;
 
-    if (conn->vfs_ops.lseek == NULL) {
-	conn->vfs_ops.lseek = default_vfs_ops.lseek;
-    }
+    if (conn->vfs_ops.lseek == NULL)
+		conn->vfs_ops.lseek = default_vfs_ops.lseek;
 
-    if (conn->vfs_ops.rename == NULL) {
-	conn->vfs_ops.rename = default_vfs_ops.rename;
-    }
+    if (conn->vfs_ops.rename == NULL)
+		conn->vfs_ops.rename = default_vfs_ops.rename;
 
-    if (conn->vfs_ops.fsync == NULL) {
-	conn->vfs_ops.fsync = default_vfs_ops.fsync;
-    }
+    if (conn->vfs_ops.fsync == NULL)
+		conn->vfs_ops.fsync = default_vfs_ops.fsync;
 
-    if (conn->vfs_ops.stat == NULL) {
-	conn->vfs_ops.stat = default_vfs_ops.stat;
-    }
+    if (conn->vfs_ops.stat == NULL)
+		conn->vfs_ops.stat = default_vfs_ops.stat;
 
-    if (conn->vfs_ops.fstat == NULL) {
-	conn->vfs_ops.fstat = default_vfs_ops.fstat;
-    }
+    if (conn->vfs_ops.fstat == NULL)
+		conn->vfs_ops.fstat = default_vfs_ops.fstat;
 
-    if (conn->vfs_ops.lstat == NULL) {
-	conn->vfs_ops.lstat = default_vfs_ops.lstat;
-    }
+    if (conn->vfs_ops.lstat == NULL)
+		conn->vfs_ops.lstat = default_vfs_ops.lstat;
 
-    if (conn->vfs_ops.unlink == NULL) {
-	conn->vfs_ops.unlink = default_vfs_ops.unlink;
-    }
+    if (conn->vfs_ops.unlink == NULL)
+		conn->vfs_ops.unlink = default_vfs_ops.unlink;
 
-    if (conn->vfs_ops.chmod == NULL) {
-	conn->vfs_ops.chmod = default_vfs_ops.chmod;
-    }
+    if (conn->vfs_ops.chmod == NULL)
+		conn->vfs_ops.chmod = default_vfs_ops.chmod;
 
-    if (conn->vfs_ops.fchmod == NULL) {
-	conn->vfs_ops.fchmod = default_vfs_ops.fchmod;
-    }
+    if (conn->vfs_ops.fchmod == NULL)
+		conn->vfs_ops.fchmod = default_vfs_ops.fchmod;
 
-    if (conn->vfs_ops.chown == NULL) {
-	conn->vfs_ops.chown = default_vfs_ops.chown;
-    }
+    if (conn->vfs_ops.chown == NULL)
+		conn->vfs_ops.chown = default_vfs_ops.chown;
 
-    if (conn->vfs_ops.fchown == NULL) {
-	conn->vfs_ops.fchown = default_vfs_ops.fchown;
-    }
+    if (conn->vfs_ops.fchown == NULL)
+		conn->vfs_ops.fchown = default_vfs_ops.fchown;
 
-    if (conn->vfs_ops.chdir == NULL) {
-	conn->vfs_ops.chdir = default_vfs_ops.chdir;
-    }
+    if (conn->vfs_ops.chdir == NULL)
+		conn->vfs_ops.chdir = default_vfs_ops.chdir;
 
-    if (conn->vfs_ops.getwd == NULL) {
-	conn->vfs_ops.getwd = default_vfs_ops.getwd;
-    }
+    if (conn->vfs_ops.getwd == NULL)
+		conn->vfs_ops.getwd = default_vfs_ops.getwd;
 
-    if (conn->vfs_ops.utime == NULL) {
-	conn->vfs_ops.utime = default_vfs_ops.utime;
-    }
+    if (conn->vfs_ops.utime == NULL)
+		conn->vfs_ops.utime = default_vfs_ops.utime;
 
-    if (conn->vfs_ops.ftruncate == NULL) {
-	conn->vfs_ops.ftruncate = default_vfs_ops.ftruncate;
-    }
+    if (conn->vfs_ops.ftruncate == NULL)
+		conn->vfs_ops.ftruncate = default_vfs_ops.ftruncate;
 
-    if (conn->vfs_ops.lock == NULL) {
-	conn->vfs_ops.lock = default_vfs_ops.lock;
-    }
+    if (conn->vfs_ops.lock == NULL)
+		conn->vfs_ops.lock = default_vfs_ops.lock;
 
-    if (conn->vfs_ops.fget_nt_acl == NULL) {
-	conn->vfs_ops.fget_nt_acl = default_vfs_ops.fget_nt_acl;
-    }
+    if (conn->vfs_ops.symlink == NULL)
+		conn->vfs_ops.symlink = default_vfs_ops.symlink;
 
-    if (conn->vfs_ops.get_nt_acl == NULL) {
-	conn->vfs_ops.get_nt_acl = default_vfs_ops.get_nt_acl;
-    }
+    if (conn->vfs_ops.readlink == NULL)
+		conn->vfs_ops.readlink = default_vfs_ops.readlink;
 
-    if (conn->vfs_ops.fset_nt_acl == NULL) {
-	conn->vfs_ops.fset_nt_acl = default_vfs_ops.fset_nt_acl;
-    }
+    if (conn->vfs_ops.fget_nt_acl == NULL)
+		conn->vfs_ops.fget_nt_acl = default_vfs_ops.fget_nt_acl;
 
-    if (conn->vfs_ops.set_nt_acl == NULL) {
-	conn->vfs_ops.set_nt_acl = default_vfs_ops.set_nt_acl;
-    }
+    if (conn->vfs_ops.get_nt_acl == NULL)
+		conn->vfs_ops.get_nt_acl = default_vfs_ops.get_nt_acl;
 
-    if (conn->vfs_ops.chmod_acl == NULL) {
-	conn->vfs_ops.chmod_acl = default_vfs_ops.chmod_acl;
-    }
+    if (conn->vfs_ops.fset_nt_acl == NULL)
+		conn->vfs_ops.fset_nt_acl = default_vfs_ops.fset_nt_acl;
+
+    if (conn->vfs_ops.set_nt_acl == NULL)
+		conn->vfs_ops.set_nt_acl = default_vfs_ops.set_nt_acl;
+
+    if (conn->vfs_ops.chmod_acl == NULL)
+		conn->vfs_ops.chmod_acl = default_vfs_ops.chmod_acl;
+
+    if (conn->vfs_ops.fchmod_acl == NULL)
+		conn->vfs_ops.fchmod_acl = default_vfs_ops.fchmod_acl;
 
-    if (conn->vfs_ops.fchmod_acl == NULL) {
-	conn->vfs_ops.fchmod_acl = default_vfs_ops.fchmod_acl;
-    }
     return True;
 }
 #endif
 
+/*****************************************************************
+ Generic VFS init.
+******************************************************************/
+
+BOOL vfs_init(connection_struct *conn)
+{
+	if (*lp_vfsobj(SNUM(conn))) {
+#ifdef HAVE_LIBDL
+ 
+		/* Loadable object file */
+ 
+		if (!vfs_init_custom(conn)) {
+			DEBUG(0, ("vfs_init: vfs_init_custom failed\n"));
+			return False;
+		}
+
+		return True;
+#else
+		DEBUG(0, ("vfs_init: No libdl present - cannot use VFS objects\n"));
+		return False;
+#endif
+	}
+ 
+	/* Normal share - initialise with disk access functions */
+ 
+	return vfs_init_default(conn);
+}
+
 /*******************************************************************
  Check if directory exists.
 ********************************************************************/
diff --git a/source/smbwrapper/smbw.c b/source/smbwrapper/smbw.c
index 91009af1c58..7ee2d9af261 100644
--- a/source/smbwrapper/smbw.c
+++ b/source/smbwrapper/smbw.c
@@ -281,6 +281,7 @@ static char *smbw_find_workgroup(void)
 		if (name_status_find(0x1d, ip_list[i], name)) {
 			slprintf(server, sizeof(server), "%s#1D", name);
 			if (smbw_server(server, "IPC$")) {
+				smbw_setshared("WORKGROUP", name);
 				free(ip_list);
 				return name;
 			}
diff --git a/source/smbwrapper/smbw_dir.c b/source/smbwrapper/smbw_dir.c
index 15977de8b77..1600d65a9ef 100644
--- a/source/smbwrapper/smbw_dir.c
+++ b/source/smbwrapper/smbw_dir.c
@@ -78,7 +78,7 @@ static struct smbw_dir *cur_dir;
 /***************************************************** 
 add a entry to a directory listing
 *******************************************************/
-static void smbw_dir_add(struct file_info *finfo, const char *mask)
+static void smbw_dir_add(struct file_info *finfo, const char *mask, void *state)
 {
 	DEBUG(5,("%s\n", finfo->name));
 
@@ -101,7 +101,7 @@ static void smbw_dir_add(struct file_info *finfo, const char *mask)
 add a entry to a directory listing
 *******************************************************/
 static void smbw_share_add(const char *share, uint32 type, 
-                           const char *comment)
+                           const char *comment, void *state)
 {
 	struct file_info finfo;
 
@@ -112,7 +112,7 @@ static void smbw_share_add(const char *share, uint32 type,
 	pstrcpy(finfo.name, share);
 	finfo.mode = aRONLY | aDIR;	
 
-	smbw_dir_add(&finfo, NULL);
+	smbw_dir_add(&finfo, NULL, NULL);
 }
 
 
@@ -120,7 +120,7 @@ static void smbw_share_add(const char *share, uint32 type,
 add a server to a directory listing
 *******************************************************/
 static void smbw_server_add(const char *name, uint32 type, 
-			    const char *comment)
+			    const char *comment, void *state)
 {
 	struct file_info finfo;
 
@@ -129,7 +129,7 @@ static void smbw_server_add(const char *name, uint32 type,
 	pstrcpy(finfo.name, name);
 	finfo.mode = aRONLY | aDIR;	
 
-	smbw_dir_add(&finfo, NULL);
+	smbw_dir_add(&finfo, NULL, NULL);
 }
 
 
@@ -151,7 +151,7 @@ static void smbw_printjob_add(struct print_job_info *job)
 	finfo.mode = aRONLY;
 	finfo.size = job->size;
 
-	smbw_dir_add(&finfo, NULL);
+	smbw_dir_add(&finfo, NULL, NULL);
 }
 
 
@@ -202,30 +202,30 @@ int smbw_dir_open(const char *fname)
 
 	if ((p=strstr(srv->server_name,"#01"))) {
 		*p = 0;
-		smbw_server_add(".",0,"");
-		smbw_server_add("..",0,"");
+		smbw_server_add(".",0,"",NULL);
+		smbw_server_add("..",0,"",NULL);
 		cli_NetServerEnum(&srv->cli, srv->server_name, SV_TYPE_DOMAIN_ENUM,
-				  smbw_server_add);
+				  smbw_server_add,NULL);
 		*p = '#';
 	} else if ((p=strstr(srv->server_name,"#1D"))) {
 		DEBUG(4,("doing NetServerEnum\n"));
 		*p = 0;
-		smbw_server_add(".",0,"");
-		smbw_server_add("..",0,"");
+		smbw_server_add(".",0,"",NULL);
+		smbw_server_add("..",0,"",NULL);
 		cli_NetServerEnum(&srv->cli, srv->server_name, SV_TYPE_ALL,
-				  smbw_server_add);
+				  smbw_server_add,NULL);
 		*p = '#';
 	} else if (strcmp(srv->cli.dev,"IPC") == 0) {
 		DEBUG(4,("doing NetShareEnum\n"));
-		smbw_share_add(".",0,"");
-		smbw_share_add("..",0,"");
-		if (cli_RNetShareEnum(&srv->cli, smbw_share_add) < 0) {
+		smbw_share_add(".",0,"",NULL);
+		smbw_share_add("..",0,"",NULL);
+		if (cli_RNetShareEnum(&srv->cli, smbw_share_add,NULL) < 0) {
 			errno = smbw_errno(&srv->cli);
 			goto failed;
 		}
 	} else if (strncmp(srv->cli.dev,"LPT",3) == 0) {
-		smbw_share_add(".",0,"");
-		smbw_share_add("..",0,"");
+		smbw_share_add(".",0,"",NULL);
+		smbw_share_add("..",0,"",NULL);
 		if (cli_print_queue(&srv->cli, smbw_printjob_add) < 0) {
 			errno = smbw_errno(&srv->cli);
 			goto failed;
@@ -233,11 +233,11 @@ int smbw_dir_open(const char *fname)
 	} else {
 #if 0
 		if (strcmp(path,"\\") == 0) {
-			smbw_share_add(".",0,"");
-			smbw_share_add("..",0,"");
+			smbw_share_add(".",0,"",NULL);
+			smbw_share_add("..",0,"",NULL);
 		}
 #endif
-		if (cli_list(&srv->cli, mask, aHIDDEN|aSYSTEM|aDIR, smbw_dir_add) < 0) {
+		if (cli_list(&srv->cli, mask, aHIDDEN|aSYSTEM|aDIR, smbw_dir_add,NULL) < 0) {
 			errno = smbw_errno(&srv->cli);
 			goto failed;
 		}
diff --git a/source/tdb/Makefile b/source/tdb/Makefile
index 01de7d244b6..5945469737c 100644
--- a/source/tdb/Makefile
+++ b/source/tdb/Makefile
@@ -2,20 +2,22 @@
 # Makefile for tdb directory
 #
 
-CFLAGS = -DSTANDALONE -DTDB_DEBUG -g -DHAVE_MMAP=1
+CFLAGS = -DSTANDALONE -DTDB_DEBUG -O2 -g -DHAVE_MMAP=1
 CC = gcc
+
 PROGS = tdbtest tdbtool tdbtorture
+TDB_OBJ = tdb.o spinlock.o
 
 default: $(PROGS)
 
-tdbtest: tdbtest.o tdb.o spinlock.o
-	$(CC) $(CFLAGS) -o tdbtest tdbtest.o tdb.o spinlock.o -lgdbm
+tdbtest: tdbtest.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbtest tdbtest.o $(TDB_OBJ) -lgdbm
 
-tdbtool: tdbtool.o tdb.o spinlock.o
-	$(CC) $(CFLAGS) -o tdbtool tdbtool.o tdb.o spinlock.o
+tdbtool: tdbtool.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbtool tdbtool.o $(TDB_OBJ)
 
-tdbtorture: tdbtorture.o tdb.o
-	$(CC) $(CFLAGS) -o tdbtorture tdbtorture.o tdb.o spinlock.o
+tdbtorture: tdbtorture.o $(TDB_OBJ)
+	$(CC) $(CFLAGS) -o tdbtorture tdbtorture.o $(TDB_OBJ)
 
 clean:
 	rm -f $(PROGS) *.o *~ *% core test.db test.tdb test.gdbm
diff --git a/source/tdb/tdb.c b/source/tdb/tdb.c
index b1335728ab5..c3ded6368b7 100644
--- a/source/tdb/tdb.c
+++ b/source/tdb/tdb.c
@@ -56,6 +56,7 @@
 #define TDB_DEAD(r) ((r)->magic == TDB_DEAD_MAGIC)
 #define TDB_BAD_MAGIC(r) ((r)->magic != TDB_MAGIC && !TDB_DEAD(r))
 #define TDB_HASH_TOP(hash) (FREELIST_TOP + (BUCKET(hash)+1)*sizeof(tdb_off))
+#define TDB_LOG(x) (tdb->log_fn?((tdb->log_fn x),0) : 0)
 
 /* lock offsets */
 #define GLOBAL_LOCK 0
@@ -65,30 +66,45 @@
 #define MAP_FILE 0
 #endif
 
+#ifndef MAP_FAILED
+#define MAP_FAILED ((void *)-1)
+#endif
+
 #define BUCKET(hash) ((hash) % tdb->header.hash_size)
 TDB_DATA tdb_null;
 
 /* all contexts, to ensure no double-opens (fcntl locks don't nest!) */
 static TDB_CONTEXT *tdbs = NULL;
 
-static void *tdb_munmap(void *ptr, tdb_len size)
+static void tdb_munmap(TDB_CONTEXT *tdb)
 {
 #ifdef HAVE_MMAP
-	munmap(ptr, size);
+	if (tdb->map_ptr) munmap(tdb->map_ptr, tdb->map_size);
 #endif
-	return NULL;
+	tdb->map_ptr = NULL;
 }
 
-static void *tdb_mmap(tdb_len size, int read_only, int fd)
+static void tdb_mmap(TDB_CONTEXT *tdb)
 {
-	void *ret = NULL;
 #ifdef HAVE_MMAP
-	ret = mmap(NULL, size, PROT_READ | (read_only ? 0 : PROT_WRITE), MAP_SHARED|MAP_FILE, fd, 0);
-
-	if (ret == (void *)-1)
-		ret = NULL;
+	if (!(tdb->flags & TDB_NOMMAP)) {
+		tdb->map_ptr = mmap(NULL, tdb->map_size, 
+				    PROT_READ|(tdb->read_only? 0:PROT_WRITE), 
+				    MAP_SHARED|MAP_FILE, tdb->fd, 0);
+
+		/*
+		 * NB. When mmap fails it returns MAP_FAILED *NOT* NULL !!!!
+		 */
+
+		if (tdb->map_ptr == MAP_FAILED) {
+			tdb->map_ptr = NULL;
+			TDB_LOG((tdb, 2, "tdb_mmap failed for size %d (%s)\n", 
+				 tdb->map_size, strerror(errno)));
+		}
+	}
+#else
+	tdb->map_ptr = NULL;
 #endif
-	return ret;
 }
 
 /* Endian conversion: we only ever deal with 4 byte quantities */
@@ -124,7 +140,7 @@ struct list_struct {
 /* a byte range locking function - return 0 on success
    this functions locks/unlocks 1 byte at the specified offset */
 static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, 
-		      int rw_type, int lck_type)
+		      int rw_type, int lck_type, int probe)
 {
 	struct flock fl;
 
@@ -137,23 +153,40 @@ static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset,
 	fl.l_len = 1;
 	fl.l_pid = 0;
 
-	if (fcntl(tdb->fd,lck_type,&fl)) return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+	if (fcntl(tdb->fd,lck_type,&fl)) {
+		if (!probe) {
+			TDB_LOG((tdb, 5,"tdb_brlock failed at offset %d rw_type=%d lck_type=%d\n", 
+				 offset, rw_type, lck_type));
+		}
+		return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+	}
 	return 0;
 }
 
 /* lock a list in the database. list -1 is the alloc list */
 static int tdb_lock(TDB_CONTEXT *tdb, int list, int ltype)
 {
-	if (list < -1 || list >= (int)tdb->header.hash_size) return -1;
+	if (list < -1 || list >= (int)tdb->header.hash_size) {
+		TDB_LOG((tdb, 0,"tdb_lock: invalid list %d for ltype=%d\n", 
+			   list, ltype));
+		return -1;
+	}
 	if (tdb->flags & TDB_NOLOCK) return 0;
 
 	/* Since fcntl locks don't nest, we do a lock for the first one,
 	   and simply bump the count for future ones */
 	if (tdb->locked[list+1].count == 0) {
 		if (tdb->header.rwlocks) {
-			if (tdb_spinlock(tdb, list, ltype)) return -1;
-		} else if (tdb_brlock(tdb,FREELIST_TOP+4*list,ltype,F_SETLKW))
+			if (tdb_spinlock(tdb, list, ltype)) {
+				TDB_LOG((tdb, 0, "tdb_lock spinlock on list ltype=%d\n", 
+					   list, ltype));
+				return -1;
+			}
+		} else if (tdb_brlock(tdb,FREELIST_TOP+4*list,ltype,F_SETLKW, 0)) {
+			TDB_LOG((tdb, 0,"tdb_lock failed on list %d ltype=%d (%s)\n", 
+					   list, ltype, strerror(errno)));
 			return -1;
+		}
 		tdb->locked[list+1].ltype = ltype;
 	}
 	tdb->locked[list+1].count++;
@@ -172,7 +205,7 @@ static void tdb_unlock(TDB_CONTEXT *tdb, int list, int ltype)
 	if (tdb->locked[list+1].count == 1) {
 		/* Down to last nested lock: unlock underneath */
 		if (tdb->header.rwlocks) tdb_spinunlock(tdb, list, ltype);
-		else tdb_brlock(tdb, FREELIST_TOP+4*list, F_UNLCK, F_SETLKW);
+		else tdb_brlock(tdb, FREELIST_TOP+4*list, F_UNLCK, F_SETLKW, 0);
 	}
 	tdb->locked[list+1].count--;
 }
@@ -192,45 +225,58 @@ static u32 tdb_hash(TDB_DATA *key)
 
 /* check for an out of bounds access - if it is out of bounds then
    see if the database has been expanded by someone else and expand
-   if necessary */
-static int tdb_oob(TDB_CONTEXT *tdb, tdb_off offset)
+   if necessary 
+   note that "len" is the minimum length needed for the db
+*/
+static int tdb_oob(TDB_CONTEXT *tdb, tdb_off len, int probe)
 {
 	struct stat st;
-	if (offset <= tdb->map_size) return 0;
+	if (len <= tdb->map_size) return 0;
 	if (tdb->flags & TDB_INTERNAL) return 0;
 
 	fstat(tdb->fd, &st);
-	if (st.st_size <= (size_t)offset) return TDB_ERRCODE(TDB_ERR_IO, -1);
+	if (st.st_size < (size_t)len) {
+		if (!probe) {
+			TDB_LOG((tdb, 0,"tdb_oob len %d beyond eof at %d\n",
+				 (int)len, (int)st.st_size));
+		}
+		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
 
 	/* Unmap, update size, remap */
-	if (tdb->map_ptr) tdb->map_ptr=tdb_munmap(tdb->map_ptr, tdb->map_size);
+	tdb_munmap(tdb);
 	tdb->map_size = st.st_size;
-	if (!(tdb->flags & TDB_NOMMAP))
-		tdb->map_ptr = tdb_mmap(tdb->map_size, tdb->read_only,tdb->fd);
+	tdb_mmap(tdb);
 	return 0;
 }
 
 /* write a lump of data at a specified offset */
 static int tdb_write(TDB_CONTEXT *tdb, tdb_off off, void *buf, tdb_len len)
 {
-	if (tdb_oob(tdb, off + len) != 0) return -1;
+	if (tdb_oob(tdb, off + len, 0) != 0) return -1;
 
 	if (tdb->map_ptr) memcpy(off + (char *)tdb->map_ptr, buf, len);
 	else if (lseek(tdb->fd, off, SEEK_SET) != off
-		 || write(tdb->fd, buf, len) != (ssize_t)len)
+		 || write(tdb->fd, buf, len) != (ssize_t)len) {
+		TDB_LOG((tdb, 0,"tdb_write failed at %d len=%d (%s)\n",
+			   off, len, strerror(errno)));
 		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
 	return 0;
 }
 
 /* read a lump of data at a specified offset, maybe convert */
 static int tdb_read(TDB_CONTEXT *tdb,tdb_off off,void *buf,tdb_len len,int cv)
 {
-	if (tdb_oob(tdb, off + len) != 0) return -1;
+	if (tdb_oob(tdb, off + len, 0) != 0) return -1;
 
 	if (tdb->map_ptr) memcpy(buf, off + (char *)tdb->map_ptr, len);
 	else if (lseek(tdb->fd, off, SEEK_SET) != off
-		 || read(tdb->fd, buf, len) != (ssize_t)len)
+		 || read(tdb->fd, buf, len) != (ssize_t)len) {
+		TDB_LOG((tdb, 0,"tdb_read failed at %d len=%d (%s)\n",
+			   off, len, strerror(errno)));
 		return TDB_ERRCODE(TDB_ERR_IO, -1);
+	}
 	if (cv) convert(buf, len);
 	return 0;
 }
@@ -240,7 +286,11 @@ static char *tdb_alloc_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_len len)
 {
 	char *buf;
 
-	if (!(buf = malloc(len))) return TDB_ERRCODE(TDB_ERR_OOM, buf);
+	if (!(buf = malloc(len))) {
+		TDB_LOG((tdb, 0,"tdb_alloc_read malloc failed len=%d (%s)\n",
+			   len, strerror(errno)));
+		return TDB_ERRCODE(TDB_ERR_OOM, buf);
+	}
 	if (tdb_read(tdb, offset, buf, len, 0) == -1) {
 		free(buf);
 		return NULL;
@@ -263,8 +313,11 @@ static int ofs_write(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d)
 static int rec_read(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
 {
 	if (tdb_read(tdb, offset, rec, sizeof(*rec),DOCONV()) == -1) return -1;
-	if (TDB_BAD_MAGIC(rec)) return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
-	return tdb_oob(tdb, rec->next);
+	if (TDB_BAD_MAGIC(rec)) {
+		TDB_LOG((tdb, 0,"rec_read bad magic 0x%x at offset=%d\n", rec->magic, offset));
+		return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+	}
+	return tdb_oob(tdb, rec->next+sizeof(*rec), 0);
 }
 static int rec_write(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
 {
@@ -273,17 +326,15 @@ static int rec_write(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
 }
 
 /* read a freelist record and check for simple errors */
-static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct*rec)
+static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct *rec)
 {
 	if (tdb_read(tdb, off, rec, sizeof(*rec),DOCONV()) == -1) return -1;
 	if (rec->magic != TDB_FREE_MAGIC) {
-#ifdef TDB_DEBUG
-		printf("bad magic 0x%08x at offset %d\n",
-			rec->magic, off);
-#endif
+		TDB_LOG((tdb, 0,"rec_free_read bad magic 0x%x at offset=%d\n", 
+			   rec->magic, off));
 		return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
 	}
-	if (tdb_oob(tdb, rec->next) != 0) return -1;
+	if (tdb_oob(tdb, rec->next+sizeof(*rec), 0) != 0) return -1;
 	return 0;
 }
 
@@ -300,10 +351,67 @@ static int update_tailer(TDB_CONTEXT *tdb, tdb_off offset,
 }
 
 #ifdef TDB_DEBUG
+static tdb_off tdb_dump_record(TDB_CONTEXT *tdb, tdb_off offset)
+{
+	struct list_struct rec;
+	tdb_off tailer_ofs, tailer;
+
+	if (tdb_read(tdb, offset, (char *)&rec, sizeof(rec), DOCONV()) == -1) {
+		printf("ERROR: failed to read record at %u\n", offset);
+		return 0;
+	}
+
+	printf(" rec: offset=%u next=%d rec_len=%d key_len=%d data_len=%d full_hash=0x%x magic=0x%x\n",
+	       offset, rec.next, rec.rec_len, rec.key_len, rec.data_len, rec.full_hash, rec.magic);
+
+	tailer_ofs = offset + sizeof(rec) + rec.rec_len - sizeof(tdb_off);
+	if (ofs_read(tdb, tailer_ofs, &tailer) == -1) {
+		printf("ERROR: failed to read tailer at %u\n", tailer_ofs);
+		return rec.next;
+	}
+
+	if (tailer != rec.rec_len + sizeof(rec)) {
+		printf("ERROR: tailer does not match record! tailer=%u totalsize=%u\n", tailer, rec.rec_len + sizeof(rec));
+	}
+	return rec.next;
+}
+
+static void tdb_dump_chain(TDB_CONTEXT *tdb, int i)
+{
+	tdb_off rec_ptr, top;
+
+	top = TDB_HASH_TOP(i);
+
+	tdb_lock(tdb, i, F_WRLCK);
+
+	if (ofs_read(tdb, top, &rec_ptr) == -1) {
+		tdb_unlock(tdb, i, F_WRLCK);
+		return;
+	}
+
+	if (rec_ptr) printf("hash=%d\n", i);
+
+	while (rec_ptr) {
+		rec_ptr = tdb_dump_record(tdb, rec_ptr);
+	}
+	tdb_unlock(tdb, i, F_WRLCK);
+}
+
+void tdb_dump_all(TDB_CONTEXT *tdb)
+{
+	tdb_off off;
+	int i;
+	for (i=0;i<tdb->header.hash_size;i++) {
+		tdb_dump_chain(tdb, i);
+	}
+	printf("freelist:\n");
+	tdb_dump_chain(tdb, -1);
+}
+
 void tdb_printfreelist(TDB_CONTEXT *tdb)
 {
 	long total_free = 0;
-    tdb_off offset, rec_ptr, last_ptr;
+	tdb_off offset, rec_ptr, last_ptr;
 	struct list_struct rec, lastrec, newrec;
 
 	tdb_lock(tdb, -1, F_WRLCK);
@@ -354,6 +462,7 @@ static int remove_from_freelist(TDB_CONTEXT *tdb, tdb_off off, tdb_off next)
 		/* Follow chain (next offset is at start of record) */
 		last_ptr = i;
 	}
+	TDB_LOG((tdb, 0,"remove_from_freelist: not on list at off=%d\n", off));
 	return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
 }
 
@@ -366,52 +475,76 @@ static int tdb_free(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
 	/* Allocation and tailer lock */
 	if (tdb_lock(tdb, -1, F_WRLCK) != 0) return -1;
 
+	/* set an initial tailer, so if we fail we don't leave a bogus record */
+	update_tailer(tdb, offset, rec);
+
 	/* Look right first (I'm an Australian, dammit) */
 	right = offset + sizeof(*rec) + rec->rec_len;
-	if (tdb_oob(tdb, right + sizeof(*rec)) == 0) {
+	if (right + sizeof(*rec) <= tdb->map_size) {
 		struct list_struct r;
 
-		if (tdb_read(tdb, right, &r, sizeof(r), DOCONV()) == -1)
-			goto fail;
+		if (tdb_read(tdb, right, &r, sizeof(r), DOCONV()) == -1) {
+			TDB_LOG((tdb, 0, "tdb_free: right read failed at %u\n", right));
+			goto left;
+		}
 
 		/* If it's free, expand to include it. */
 		if (r.magic == TDB_FREE_MAGIC) {
-			if (remove_from_freelist(tdb, right, r.next) == -1)
-				goto fail;
+			if (remove_from_freelist(tdb, right, r.next) == -1) {
+				TDB_LOG((tdb, 0, "tdb_free: right free failed at %u\n", right));
+				goto left;
+			}
 			rec->rec_len += sizeof(r) + r.rec_len;
 		}
 	}
 
+left:
 	/* Look left */
-	left = offset - 4;
+	left = offset - sizeof(tdb_off);
 	if (left > TDB_HASH_TOP(tdb->header.hash_size-1)) {
 		struct list_struct l;
 		tdb_off leftsize;
 
 		/* Read in tailer and jump back to header */
-		if (ofs_read(tdb, left, &leftsize) == -1) goto fail;
+		if (ofs_read(tdb, left, &leftsize) == -1) {
+			TDB_LOG((tdb, 0, "tdb_free: left offset read failed at %u\n", left));
+			goto update;
+		}
 		left = offset - leftsize;
 
 		/* Now read in record */
-		if (tdb_read(tdb, left, &l, sizeof(l), DOCONV()) == -1)
-			goto fail;
+		if (tdb_read(tdb, left, &l, sizeof(l), DOCONV()) == -1) {
+			TDB_LOG((tdb, 0, "tdb_free: left read failed at %u (%u)\n", left, leftsize));
+			goto update;
+		}
 
 		/* If it's free, expand to include it. */
 		if (l.magic == TDB_FREE_MAGIC) {
-			if (remove_from_freelist(tdb, left, l.next) == -1)
-				goto fail;
-			offset = left;
-			rec->rec_len += leftsize;
+			if (remove_from_freelist(tdb, left, l.next) == -1) {
+				TDB_LOG((tdb, 0, "tdb_free: left free failed at %u\n", left));
+				goto update;
+			} else {
+				offset = left;
+				rec->rec_len += leftsize;
+			}
 		}
 	}
-	if (update_tailer(tdb, offset, rec) == -1) goto fail;
+
+update:
+	if (update_tailer(tdb, offset, rec) == -1) {
+		TDB_LOG((tdb, 0, "tdb_free: update_tailer failed at %u\n", offset));
+		goto fail;
+	}
 
 	/* Now, prepend to free list */
 	rec->magic = TDB_FREE_MAGIC;
 
-	if (ofs_read(tdb, FREELIST_TOP, &rec->next) == -1) goto fail;
-	if (rec_write(tdb, offset, rec) == -1) goto fail;
-	if (ofs_write(tdb, FREELIST_TOP, &offset) == -1) goto fail;
+	if (ofs_read(tdb, FREELIST_TOP, &rec->next) == -1 ||
+	    rec_write(tdb, offset, rec) == -1 ||
+	    ofs_write(tdb, FREELIST_TOP, &offset) == -1) {
+		TDB_LOG((tdb, 0, "tdb_free record write failed at offset=%d\n", offset));
+		goto fail;
+	}
 
 	/* And we're done. */
 	tdb_unlock(tdb, -1, F_WRLCK);
@@ -422,37 +555,92 @@ static int tdb_free(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
 	return -1;
 }
 
+
+/* expand a file.  we prefer to use ftruncate, as that is what posix
+  says to use for mmap expansion */
+static int expand_file(TDB_CONTEXT *tdb, tdb_off size, tdb_off addition)
+{
+	char buf[1024];
+#if HAVE_FTRUNCATE_EXTEND
+	if (ftruncate(tdb->fd, size+addition) != 0) {
+		TDB_LOG((tdb, 0, "expand_file ftruncate to %d failed (%s)\n", 
+			   size+addition, strerror(errno)));
+		return -1;
+	}
+#else
+	char b = 0;
+	if (lseek(tdb->fd, (size+addition) - 1, SEEK_SET) != (size+addition) - 1 || 
+	    write(tdb->fd, &b, 1) != 1) {
+		TDB_LOG((tdb, 0, "expand_file to %d failed (%s)\n", 
+			   size+addition, strerror(errno)));
+		return -1;
+	}
+#endif
+	/* now fill the file with something. This ensures that the file isn't sparse, which would be
+	   very bad if we ran out of disk. This must be done with write, not via mmap */
+	memset(buf, 0x42, sizeof(buf));
+	if (lseek(tdb->fd, size, SEEK_SET) != size) return -1;
+	while (addition) {
+		int n = addition>sizeof(buf)?sizeof(buf):addition;
+		int ret = write(tdb->fd, buf, n);
+		if (ret != n) {
+			TDB_LOG((tdb, 0, "expand_file write of %d failed (%s)\n", 
+				   n, strerror(errno)));
+			return -1;
+		}
+		addition -= n;
+	}
+	return 0;
+}
+
+
 /* expand the database at least size bytes by expanding the underlying
    file and doing the mmap again if necessary */
 static int tdb_expand(TDB_CONTEXT *tdb, tdb_off size)
 {
 	struct list_struct rec;
 	tdb_off offset;
-	char b = 0;
 
-	if (tdb_lock(tdb, -1, F_WRLCK) == -1) return 0;
+	if (tdb_lock(tdb, -1, F_WRLCK) == -1) {
+		TDB_LOG((tdb, 0, "lock failed in tdb_expand\n"));
+		return 0;
+	}
 
 	/* must know about any previous expansions by another process */
-	tdb_oob(tdb, tdb->map_size + 1);
+	tdb_oob(tdb, tdb->map_size + 1, 1);
 
 	/* always make room for at least 10 more records, and round
            the database up to a multiple of TDB_PAGE_SIZE */
 	size = TDB_ALIGN(tdb->map_size + size*10, TDB_PAGE_SIZE) - tdb->map_size;
 
-	/* expand the file itself */
-        if (!(tdb->flags & TDB_INTERNAL)) {
-		lseek(tdb->fd, tdb->map_size + size - 1, SEEK_SET);
-		if (write(tdb->fd, &b, 1) != 1) goto fail;
-        }
+	if (!(tdb->flags & TDB_INTERNAL))
+		tdb_munmap(tdb);
+
+	/*
+	 * We must ensure the file is unmapped before doing this
+	 * to ensure consistency with systems like OpenBSD where
+	 * writes and mmaps are not consistent.
+	 */
 
-	if (!(tdb->flags & TDB_INTERNAL) && tdb->map_ptr)
-		tdb->map_ptr = tdb_munmap(tdb->map_ptr, tdb->map_size);
+	/* expand the file itself */
+	if (!(tdb->flags & TDB_INTERNAL)) {
+		if (expand_file(tdb, tdb->map_size, size) != 0) goto fail;
+	}
 
 	tdb->map_size += size;
 
 	if (tdb->flags & TDB_INTERNAL)
 		tdb->map_ptr = realloc(tdb->map_ptr, tdb->map_size);
 
+	/*
+	 * We must ensure the file is remapped before adding the space
+	 * to ensure consistency with systems like OpenBSD where
+	 * writes and mmaps are not consistent.
+	 */
+
+	/* We're ok if the mmap fails as we'll fallback to read/write */
+	tdb_mmap(tdb);
+
 	/* form a new freelist record */
 	memset(&rec,'\0',sizeof(rec));
 	rec.rec_len = size - sizeof(rec);
@@ -461,9 +649,6 @@ static int tdb_expand(TDB_CONTEXT *tdb, tdb_off size)
 	offset = tdb->map_size - size;
 	if (tdb_free(tdb, offset, &rec) == -1) goto fail;
 
-	if (!(tdb->flags & TDB_NOMMAP))
-		tdb->map_ptr = tdb_mmap(tdb->map_size, 0, tdb->fd);
-
 	tdb_unlock(tdb, -1, F_WRLCK);
 	return 0;
  fail:
@@ -739,18 +924,18 @@ int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key)
 /* record lock stops delete underneath */
 static int lock_record(TDB_CONTEXT *tdb, tdb_off off)
 {
-	return off ? tdb_brlock(tdb, off, F_RDLCK, F_SETLKW) : 0;
+	return off ? tdb_brlock(tdb, off, F_RDLCK, F_SETLKW, 0) : 0;
 }
 /* write locks override our own fcntl readlocks, so check it here */
 static int write_lock_record(TDB_CONTEXT *tdb, tdb_off off)
 {
 	struct tdb_traverse_lock *i;
 	for (i = &tdb->travlocks; i; i = i->next) if (i->off == off) return -1;
-	return tdb_brlock(tdb, off, F_WRLCK, F_SETLK);
+	return tdb_brlock(tdb, off, F_WRLCK, F_SETLK, 1);
 }
 static int write_unlock_record(TDB_CONTEXT *tdb, tdb_off off)
 {
-	return tdb_brlock(tdb, off, F_UNLCK, F_SETLK);
+	return tdb_brlock(tdb, off, F_UNLCK, F_SETLK, 0);
 }
 /* fcntl locks don't stack: avoid unlocking someone else's */
 static int unlock_record(TDB_CONTEXT *tdb, tdb_off off)
@@ -760,7 +945,7 @@ static int unlock_record(TDB_CONTEXT *tdb, tdb_off off)
 
 	if (off == 0) return 0;
 	for (i = &tdb->travlocks; i; i = i->next) if (i->off == off) count++;
-	return (count == 1 ? tdb_brlock(tdb, off, F_UNLCK, F_SETLKW) : 0);
+	return (count == 1 ? tdb_brlock(tdb, off, F_UNLCK, F_SETLKW, 0) : 0);
 }
 
 /* actually delete an entry in the database given the offset */
@@ -859,10 +1044,10 @@ int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *state)
 	struct tdb_traverse_lock tl = { NULL, 0, 0 };
 	int ret, count = 0;
 
-        /* This was in the initializaton, above, but the IRIX compiler
-         * did not like it.  crh
-         */
-        tl.next = tdb->travlocks.next;
+	/* This was in the initializaton, above, but the IRIX compiler
+	 * did not like it.  crh
+	 */
+	tl.next = tdb->travlocks.next;
 
 	/* fcntl locks don't stack: beware traverse inside traverse */
 	tdb->travlocks.next = &tl;
@@ -895,8 +1080,10 @@ int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *state)
 		free(key.dptr);
 	}
 	tdb->travlocks.next = tl.next;
-	if (ret < 0) return -1;
-	else return count;
+	if (ret < 0)
+		return -1;
+	else
+		return count;
 }
 
 /* find the first entry in the database and return its key */
@@ -1050,7 +1237,8 @@ int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag)
 		ret = -1;
 	}
  out:
-	free(p); 
+	if (p)
+		free(p); 
 	tdb_unlock(tdb, BUCKET(hash), F_WRLCK);
 	return ret;
 }
@@ -1095,10 +1283,10 @@ TDB_CONTEXT *tdb_open(char *name, int hash_size, int tdb_flags,
 	if ((tdb.fd = open(name, open_flags, mode)) == -1) goto fail;
 
 	/* ensure there is only one process initialising at once */
-	tdb_brlock(&tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW);
+	tdb_brlock(&tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0);
 	
 	/* we need to zero database if we are the only one with it open */
-	if ((locked = (tdb_brlock(&tdb, ACTIVE_LOCK, F_WRLCK, F_SETLK) == 0))
+	if ((locked = (tdb_brlock(&tdb, ACTIVE_LOCK, F_WRLCK, F_SETLK, 0) == 0))
 	    && (tdb_flags & TDB_CLEAR_IF_FIRST)) {
 		open_flags |= O_CREAT;
 		ftruncate(tdb.fd, 0);
@@ -1135,27 +1323,26 @@ TDB_CONTEXT *tdb_open(char *name, int hash_size, int tdb_flags,
 	tdb.inode = st.st_ino;
         tdb.locked = calloc(tdb.header.hash_size+1, sizeof(tdb.locked[0]));
         if (!tdb.locked) goto fail;
-	if (!(tdb.flags & TDB_NOMMAP))
-		tdb.map_ptr = tdb_mmap(st.st_size, tdb.read_only, tdb.fd);
+	tdb_mmap(&tdb);
 	if (locked) {
 		tdb_clear_spinlocks(&tdb);
-		tdb_brlock(&tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK);
+		tdb_brlock(&tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK, 0);
 	}
 	/* leave this lock in place to indicate it's in use */
-	tdb_brlock(&tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW);
+	tdb_brlock(&tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0);
 
  internal:
 	if (!(ret = malloc(sizeof(tdb)))) goto fail;
 	*ret = tdb;
-	tdb_brlock(&tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW);
+	tdb_brlock(&tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0);
 	ret->next = tdbs;
 	tdbs = ret;
 	return ret;
 
  fail:
-        if (tdb.name) free(tdb.name);
+	if (tdb.name) free(tdb.name);
 	if (tdb.fd != -1) close(tdb.fd);
-	if (tdb.map_ptr) tdb_munmap(tdb.map_ptr, tdb.map_size);
+	tdb_munmap(&tdb);
 	return NULL;
 }
 
@@ -1167,7 +1354,7 @@ int tdb_close(TDB_CONTEXT *tdb)
 
 	if (tdb->map_ptr) {
 		if (tdb->flags & TDB_INTERNAL) free(tdb->map_ptr);
-		else tdb_munmap(tdb->map_ptr, tdb->map_size);
+		else tdb_munmap(tdb);
 	}
 	if (tdb->name) free(tdb->name);
 	if (tdb->fd != -1) {
@@ -1276,3 +1463,10 @@ void tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key)
 {
 	tdb_unlock(tdb, BUCKET(tdb_hash(&key)), F_WRLCK);
 }
+
+
+/* register a loging function */
+void tdb_logging_function(TDB_CONTEXT *tdb, void (*fn)(TDB_CONTEXT *, int , const char *, ...))
+{
+	tdb->log_fn = fn;
+}
diff --git a/source/tdb/tdb.h b/source/tdb/tdb.h
index f09c6453b53..cc37825e781 100644
--- a/source/tdb/tdb.h
+++ b/source/tdb/tdb.h
@@ -94,12 +94,14 @@ typedef struct tdb_context {
 	struct tdb_context *next; /* all tdbs to avoid multiple opens */
 	dev_t device;	/* uniquely identifies this tdb */
 	ino_t inode;	/* uniquely identifies this tdb */
+	void (*log_fn)(struct tdb_context *tdb, int level, const char *, ...); /* logging function */
 } TDB_CONTEXT;
 
 typedef int (*tdb_traverse_func)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *);
 
 TDB_CONTEXT *tdb_open(char *name, int hash_size, int tdb_flags,
 		      int open_flags, mode_t mode);
+void tdb_logging_function(TDB_CONTEXT *tdb, void (*fn)(TDB_CONTEXT *, int , const char *, ...));
 enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb);
 const char *tdb_errorstr(TDB_CONTEXT *tdb);
 TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key);
diff --git a/source/tdb/tdbtest.c b/source/tdb/tdbtest.c
index 9e636eef83a..2cc7e887297 100644
--- a/source/tdb/tdbtest.c
+++ b/source/tdb/tdbtest.c
@@ -4,6 +4,7 @@
 #include <unistd.h>
 #include <string.h>
 #include <fcntl.h>
+#include <stdarg.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/time.h>
@@ -40,6 +41,14 @@ static void fatal(char *why)
 	exit(1);
 }
 
+static void tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...)
+{
+	va_list ap;
+    
+	va_start(ap, format);
+	vfprintf(stdout, format, ap);
+	va_end(ap);
+}
 
 static void compare_db(void)
 {
@@ -230,6 +239,7 @@ int main(int argc, char *argv[])
 		fatal("db open failed");
 	}
 
+	tdb_logging_function(db, tdb_log);
 	
 #if 1
 	srand(seed);
diff --git a/source/tdb/tdbtool.c b/source/tdb/tdbtool.c
index 27454f73dea..8c09c76df55 100644
--- a/source/tdb/tdbtool.c
+++ b/source/tdb/tdbtool.c
@@ -363,6 +363,8 @@ int main(int argc, char *argv[])
         } else if (strcmp(tok,"dump") == 0) {
             bIterate = 0;
             tdb_traverse(tdb, print_rec, NULL);
+        } else if (strcmp(tok,"list") == 0) {
+            tdb_dump_all(tdb);
         } else if (strcmp(tok,"info") == 0) {
             info_tdb();
         } else if (strcmp(tok, "free") == 0) {
diff --git a/source/tdb/tdbtorture.c b/source/tdb/tdbtorture.c
index 90dcc38aba1..1a3b715402d 100644
--- a/source/tdb/tdbtorture.c
+++ b/source/tdb/tdbtorture.c
@@ -4,9 +4,11 @@
 #include <unistd.h>
 #include <string.h>
 #include <fcntl.h>
+#include <stdarg.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <sys/time.h>
+#include <sys/wait.h>
 #include "tdb.h"
 
 /* this tests tdb by doing lots of ops from several simultaneous
@@ -15,13 +17,32 @@
 
 
 
-#define DELETE_PROB 7
-#define STORE_PROB 5
+#define DELETE_PROB 10
+#define STORE_PROB 3
+#define TRAVERSE_PROB 8
+#define CULL_PROB 60
 #define KEYLEN 3
 #define DATALEN 100
 
 static TDB_CONTEXT *db;
 
+static void tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...)
+{
+	va_list ap;
+    
+	va_start(ap, format);
+	vfprintf(stdout, format, ap);
+	va_end(ap);
+#if 0
+	{
+		char *ptr;
+		asprintf(&ptr,"xterm -e gdb /proc/%d/exe %d", getpid(), getpid());
+		system(ptr);
+		free(ptr);
+	}
+#endif	
+}
+
 static void fatal(char *why)
 {
 	perror(why);
@@ -41,6 +62,15 @@ static char *randbuf(int len)
 	return buf;
 }
 
+static int cull_traverse(TDB_CONTEXT *db, TDB_DATA key, TDB_DATA dbuf,
+			 void *state)
+{
+	if (random() % CULL_PROB == 0) {
+		tdb_delete(db, key);
+	}
+	return 0;
+}
+
 static void addrec_db(void)
 {
 	int klen, dlen;
@@ -59,12 +89,14 @@ static void addrec_db(void)
 	data.dptr = d;
 	data.dsize = dlen+1;
 
-	if (rand() % DELETE_PROB == 0) {
+	if (random() % DELETE_PROB == 0) {
 		tdb_delete(db, key);
-	} else if (rand() % STORE_PROB == 0) {
+	} else if (random() % STORE_PROB == 0) {
 		if (tdb_store(db, key, data, TDB_REPLACE) != 0) {
 			fatal("tdb_store failed");
 		}
+	} else if (random() % TRAVERSE_PROB == 0) {
+		tdb_traverse(db, cull_traverse, NULL);
 	} else {
 		data = tdb_fetch(db, key);
 		if (data.dptr) free(data.dptr);
@@ -82,20 +114,23 @@ static int traverse_fn(TDB_CONTEXT *db, TDB_DATA key, TDB_DATA dbuf,
 }
 
 #ifndef NPROC
-#define NPROC 8
+#define NPROC 6
 #endif
 
 #ifndef NLOOPS
-#define NLOOPS 50000
+#define NLOOPS 200000
 #endif
 
 int main(int argc, char *argv[])
 {
 	int i, seed=0;
 	int loops = NLOOPS;
+	pid_t pids[NPROC];
+
+	pids[0] = getpid();
 
 	for (i=0;i<NPROC-1;i++) {
-		if (fork() == 0) break;
+		if ((pids[i+1]=fork()) == 0) break;
 	}
 
 	db = tdb_open("test.tdb", 0, TDB_CLEAR_IF_FIRST, 
@@ -103,15 +138,34 @@ int main(int argc, char *argv[])
 	if (!db) {
 		fatal("db open failed");
 	}
+	tdb_logging_function(db, tdb_log);
 
 	srand(seed + getpid());
+	srandom(seed + getpid() + time(NULL));
 	for (i=0;i<loops;i++) addrec_db();
 
-	printf("traversed %d records\n", tdb_traverse(db, NULL, NULL));
-	printf("traversed %d records\n", tdb_traverse(db, traverse_fn, NULL));
-	printf("traversed %d records\n", tdb_traverse(db, traverse_fn, NULL));
+	tdb_traverse(db, NULL, NULL);
+	tdb_traverse(db, traverse_fn, NULL);
+	tdb_traverse(db, traverse_fn, NULL);
 
 	tdb_close(db);
 
+	if (getpid() == pids[0]) {
+		for (i=0;i<NPROC-1;i++) {
+			int status;
+			if (waitpid(pids[i+1], &status, 0) != pids[i+1]) {
+				printf("failed to wait for %d\n",
+				       (int)pids[i+1]);
+				exit(1);
+			}
+			if (WEXITSTATUS(status) != 0) {
+				printf("child %d exited with status %d\n",
+				       (int)pids[i+1], WEXITSTATUS(status));
+				exit(1);
+			}
+		}
+		printf("OK\n");
+	}
+
 	return 0;
 }
diff --git a/source/tdb/tdbutil.c b/source/tdb/tdbutil.c
index 6b4fe2d0245..0a2f1f84d45 100644
--- a/source/tdb/tdbutil.c
+++ b/source/tdb/tdbutil.c
@@ -46,9 +46,6 @@ void tdb_unlock_bystring(TDB_CONTEXT *tdb, char *keyval)
 	tdb_chainunlock(tdb, key);
 }
 
-/* lock a chain by string key */
-
-
 /* fetch a value by a arbitrary blob key, return -1 if not found */
 int tdb_fetch_int_byblob(TDB_CONTEXT *tdb, char *keyval, size_t len)
 {
@@ -107,6 +104,7 @@ int tdb_store_by_string(TDB_CONTEXT *tdb, char *keystr, void *buffer, int len)
 
 /* Fetch a buffer using a null terminated string key.  Don't forget to call
    free() on the result dptr. */
+
 TDB_DATA tdb_fetch_by_string(TDB_CONTEXT *tdb, char *keystr)
 {
     TDB_DATA key;
@@ -117,6 +115,37 @@ TDB_DATA tdb_fetch_by_string(TDB_CONTEXT *tdb, char *keystr)
     return tdb_fetch(tdb, key);
 }
 
+/* Atomic integer change. Returns old value. To create, set initial value in *oldval. */
+
+int tdb_change_int_atomic(TDB_CONTEXT *tdb, char *keystr, int *oldval, int change_val)
+{
+	int val;
+	int ret = -1;
+
+	if (tdb_lock_bystring(tdb, keystr) == -1)
+		return -1;
+
+	if ((val = tdb_fetch_int(tdb, keystr)) == -1) {
+		if (tdb_error(tdb) != TDB_ERR_NOEXIST)
+			goto err_out;
+
+		val = *oldval;
+
+	} else {
+		*oldval = val;
+		val += change_val;
+	}
+		
+	if (tdb_store_int(tdb, keystr, val) == -1)
+		goto err_out;
+
+	ret = 0;
+
+  err_out:
+
+	tdb_unlock_bystring(tdb, keystr);
+	return ret;
+}
 
 /* useful pair of routines for packing/unpacking data consisting of
    integers and strings */
@@ -208,6 +237,7 @@ size_t tdb_pack(char *buf, int bufsize, char *fmt, ...)
 
 /* useful pair of routines for packing/unpacking data consisting of
    integers and strings */
+
 int tdb_unpack(char *buf, int bufsize, char *fmt, ...)
 {
 	va_list ap;
@@ -262,7 +292,10 @@ int tdb_unpack(char *buf, int bufsize, char *fmt, ...)
 			len = 4;
 			if (bufsize < len) goto no_space;
 			*i = IVAL(buf, 0);
-			if (! *i) break;
+			if (! *i) {
+				*b = NULL;
+				break;
+			}
 			len += *i;
 			if (bufsize < len) goto no_space;
 			*b = (char *)malloc(*i);
@@ -291,3 +324,37 @@ int tdb_unpack(char *buf, int bufsize, char *fmt, ...)
  no_space:
 	return -1;
 }
+
+/****************************************************************************
+log tdb messages via DEBUG()
+****************************************************************************/
+static void tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...)
+{
+	va_list ap;
+	char *ptr = NULL;
+
+	va_start(ap, format);
+	vasprintf(&ptr, format, ap);
+	va_end(ap);
+	
+	if (!ptr || !*ptr) return;
+
+	DEBUG(level, ("tdb(%s): %s", tdb->name, ptr));
+	free(ptr);
+}
+
+
+
+/* like tdb_open() but also setup a logging function that redirects to
+   the samba DEBUG() system */
+TDB_CONTEXT *tdb_open_log(char *name, int hash_size, int tdb_flags,
+			  int open_flags, mode_t mode)
+{
+	TDB_CONTEXT *tdb = tdb_open(name, hash_size, tdb_flags, 
+				    open_flags, mode);
+	if (!tdb) return NULL;
+
+	tdb_logging_function(tdb, tdb_log);
+
+	return tdb;
+}
diff --git a/source/tests/fcntl_lock.c b/source/tests/fcntl_lock.c
index 32aecb87439..3dc12a38973 100644
--- a/source/tests/fcntl_lock.c
+++ b/source/tests/fcntl_lock.c
@@ -16,6 +16,10 @@
 #include <sys/fcntl.h>
 #endif
 
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+
 #include <errno.h>
 
 static int sys_waitpid(pid_t pid,int *status,int options)
@@ -39,12 +43,22 @@ int main(int argc, char *argv[])
 	struct flock lock;
 	int fd, ret, status=1;
 	pid_t pid;
+	char *testdir = NULL;
+
+	testdir = getenv("TESTDIR");
+	if (testdir) chdir(testdir);
+
+	alarm(10);
 
 	if (!(pid=fork())) {
 		sleep(2);
 		fd = open(DATA, O_RDONLY);
 
-		if (fd == -1) exit(1);
+		if (fd == -1) {
+			fprintf(stderr,"ERROR: failed to open %s (errno=%d)\n", 
+				DATA, (int)errno);
+			exit(1);
+		}
 
 		lock.l_type = F_WRLCK;
 		lock.l_whence = SEEK_SET;
@@ -59,13 +73,21 @@ int main(int argc, char *argv[])
 
 		if ((ret == -1) ||
 		    (lock.l_type == F_UNLCK)) {
+			fprintf(stderr,"ERROR: lock test failed (ret=%d errno=%d)\n", ret, (int)errno);
 			exit(1);
 		} else {
 			exit(0);
 		}
 	}
 
-	fd = open(DATA, O_RDWR|O_CREAT|O_TRUNC, 0600);
+	unlink(DATA);
+	fd = open(DATA, O_RDWR|O_CREAT|O_EXCL, 0600);
+
+	if (fd == -1) {
+		fprintf(stderr,"ERROR: failed to open %s (errno=%d)\n", 
+			DATA, (int)errno);
+		exit(1);
+	}
 
 	lock.l_type = F_WRLCK;
 	lock.l_whence = SEEK_SET;
@@ -90,5 +112,10 @@ int main(int argc, char *argv[])
 	status = (status == 0) ? 0 : 1;
 #endif /* defined(WIFEXITED) && defined(WEXITSTATUS) */
 
+	if (status) {
+		fprintf(stderr,"ERROR: lock test failed with status=%d\n", 
+			status);
+	}
+
 	exit(status);
 }
diff --git a/source/utils/make_unicodemap.c b/source/utils/make_unicodemap.c
index ff9bb19b6fe..3584facbf62 100644
--- a/source/utils/make_unicodemap.c
+++ b/source/utils/make_unicodemap.c
@@ -149,7 +149,7 @@ static int do_compile(const char *codepage, const char *input_file, const char *
   SMB_STRUCT_STAT st;
 
   /* Get the size of the input file. Read the entire thing into memory. */
-  if(sys_stat((char *)input_file, &st)!= 0) {
+  if(sys_stat(input_file, &st)!= 0) {
     fprintf(stderr, "%s: failed to get the file size for file %s. Error was %s\n",
             prog_name, input_file, strerror(errno));
     exit(1);
diff --git a/source/utils/masktest.c b/source/utils/masktest.c
index 3fc7431519a..a654b5bfd11 100644
--- a/source/utils/masktest.c
+++ b/source/utils/masktest.c
@@ -27,34 +27,130 @@ extern int DEBUGLEVEL;
 static fstring password;
 static fstring username;
 static int got_pass;
-
+static int max_protocol = PROTOCOL_NT1;
 static BOOL showall = False;
 static BOOL old_list = False;
 static char *maskchars = "<>\"?*abc.";
 static char *filechars = "abcdefghijklm.";
+static int verbose;
+static int die_on_error;
 
-static BOOL reg_match_one(char *pattern, char *file)
+/* a test fn for LANMAN mask support */
+int ms_fnmatch_lanman_core(char *pattern, char *string)
 {
-	if (strcmp(file,"..") == 0) file = ".";
-	if (strcmp(pattern,".") == 0) return False;
+	char *p = pattern, *n = string;
+	char c;
+
+	if (strcmp(p,"?")==0 && strcmp(n,".")==0) goto match;
+
+	while ((c = *p++)) {
+		switch (c) {
+		case '.':
+			/* if (! *n && ! *p) goto match; */
+			if (*n != '.') goto nomatch;
+			n++;
+			break;
+
+		case '?':
+			if ((*n == '.' && n[1] != '.') || ! *n) goto next;
+			n++;
+			break;
+
+		case '>':
+			if (n[0] == '.') {
+				if (! n[1] && ms_fnmatch_lanman_core(p, n+1) == 0) goto match;
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+				goto nomatch;
+			}
+			if (! *n) goto next;
+			n++;
+			break;
+
+		case '*':
+			if (! *p) goto match;
+			for (; *n; n++) {
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+			}
+			break;
 
+		case '<':
+			for (; *n; n++) {
+				if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+				if (*n == '.' && !strchr(n+1,'.')) {
+					n++;
+					break;
+				}
+			}
+			break;
+
+		case '"':
+			if (*n == 0 && ms_fnmatch_lanman_core(p, n) == 0) goto match;
+			if (*n != '.') goto nomatch;
+			n++;
+			break;
+
+		default:
+			if (c != *n) goto nomatch;
+			n++;
+		}
+	}
+	
+	if (! *n) goto match;
+	
+ nomatch:
+	if (verbose) printf("NOMATCH pattern=[%s] string=[%s]\n", pattern, string);
+	return -1;
+
+next:
+	if (ms_fnmatch_lanman_core(p, n) == 0) goto match;
+        goto nomatch;
+
+ match:
+	if (verbose) printf("MATCH   pattern=[%s] string=[%s]\n", pattern, string);
+	return 0;
+}
+
+int ms_fnmatch_lanman(char *pattern, char *string)
+{
+	if (!strpbrk(pattern, "?*<>\"")) {
+		if (strcmp(string,"..") == 0) string = ".";
+		return strcmp(pattern, string);
+	}
+
+	if (strcmp(string,"..") == 0 || strcmp(string,".") == 0) {
+		return ms_fnmatch_lanman_core(pattern, "..") &&
+			ms_fnmatch_lanman_core(pattern, ".");
+	}
+
+	return ms_fnmatch_lanman_core(pattern, string);
+}
+
+static BOOL reg_match_one(char *pattern, char *file)
+{
 	/* oh what a weird world this is */
 	if (old_list && strcmp(pattern, "*.*") == 0) return True;
 
+	if (strcmp(pattern,".") == 0) return False;
+
+	if (max_protocol <= PROTOCOL_LANMAN2) {
+		return ms_fnmatch_lanman(pattern, file)==0;
+	}
+
+	if (strcmp(file,"..") == 0) file = ".";
+
 	return ms_fnmatch(pattern, file)==0;
 }
 
-static char *reg_test(char *pattern, char *file, char *short_name)
+static char *reg_test(char *pattern, char *long_name, char *short_name)
 {
 	static fstring ret;
 	fstrcpy(ret, "---");
 
 	pattern = 1+strrchr(pattern,'\\');
-	file = 1+strrchr(file,'\\');
 
 	if (reg_match_one(pattern, ".")) ret[0] = '+';
 	if (reg_match_one(pattern, "..")) ret[1] = '+';
-	if (reg_match_one(pattern, file) || 
+	if (reg_match_one(pattern, long_name) || 
 	    (*short_name && reg_match_one(pattern, short_name))) ret[2] = '+';
 	return ret;
 }
@@ -95,6 +191,8 @@ struct cli_state *connect_one(char *share)
 		return NULL;
 	}
 
+	c->protocol = max_protocol;
+
 	if (!cli_session_request(c, &calling, &called)) {
 		DEBUG(0,("session request to %s failed\n", called.name));
 		cli_shutdown(c);
@@ -157,7 +255,7 @@ struct cli_state *connect_one(char *share)
 static char *resultp;
 static file_info *finfo;
 
-void listfn(file_info *f, const char *s)
+void listfn(file_info *f, const char *s, void *state)
 {
 	if (strcmp(f->name,".") == 0) {
 		resultp[0] = '+';
@@ -169,14 +267,32 @@ void listfn(file_info *f, const char *s)
 	finfo = f;
 }
 
-static void get_short_name(struct cli_state *cli, 
-			   char *name, fstring short_name)
+static void get_real_name(struct cli_state *cli, 
+			  pstring long_name, fstring short_name)
 {
-	cli_list(cli, name, aHIDDEN | aDIR, listfn);
+	/* nasty hack to force level 260 listings - tridge */
+	cli->capabilities |= CAP_NT_SMBS;
+	if (max_protocol <= PROTOCOL_LANMAN1) {
+		cli_list_new(cli, "\\masktest\\*.*", aHIDDEN | aDIR, listfn, NULL);
+	} else {
+		cli_list_new(cli, "\\masktest\\*", aHIDDEN | aDIR, listfn, NULL);
+	}
 	if (finfo) {
 		fstrcpy(short_name, finfo->short_name);
 		strlower(short_name);
+		pstrcpy(long_name, finfo->name);
+		strlower(long_name);
+	}
+
+	if (*short_name == 0) {
+		fstrcpy(short_name, long_name);
 	}
+
+#if 0
+	if (!strchr(short_name,'.')) {
+		fstrcat(short_name,".");
+	}
+#endif
 }
 
 static void testpair(struct cli_state *cli, char *mask, char *file)
@@ -186,6 +302,7 @@ static void testpair(struct cli_state *cli, char *mask, char *file)
 	char *res2;
 	static int count;
 	fstring short_name;
+	pstring long_name;
 
 	count++;
 
@@ -201,20 +318,17 @@ static void testpair(struct cli_state *cli, char *mask, char *file)
 	resultp = res1;
 	fstrcpy(short_name, "");
 	finfo = NULL;
-	if (old_list) {
-		cli_list_old(cli, mask, aHIDDEN | aDIR, listfn);
-	} else {
-		get_short_name(cli, file, short_name);
-		finfo = NULL;
-		fstrcpy(res1, "---");
-		cli_list(cli, mask, aHIDDEN | aDIR, listfn);
-	}
+	get_real_name(cli, long_name, short_name);
+	finfo = NULL;
+	fstrcpy(res1, "---");
+	cli_list(cli, mask, aHIDDEN | aDIR, listfn, NULL);
 
-	res2 = reg_test(mask, file, short_name);
+	res2 = reg_test(mask, long_name, short_name);
 
 	if (showall || strcmp(res1, res2)) {
-		DEBUG(0,("%s %s %d mask=[%s] file=[%s] mfile=[%s]\n",
-			 res1, res2, count, mask, file, short_name));
+		DEBUG(0,("%s %s %d mask=[%s] file=[%s] rfile=[%s/%s]\n",
+			 res1, res2, count, mask, file, long_name, short_name));
+		if (die_on_error) exit(1);
 	}
 
 	cli_unlink(cli, file);
@@ -267,6 +381,8 @@ static void test_mask(int argc, char *argv[],
 		    strcmp(file+l,"..") == 0 ||
 		    strcmp(mask+l,"..") == 0) continue;
 
+		if (strspn(file+l, ".") == strlen(file+l)) continue;
+
 		testpair(cli, mask, file);
 	}
 
@@ -341,8 +457,17 @@ static void usage(void)
 
 	seed = time(NULL);
 
-	while ((opt = getopt(argc, argv, "U:s:hm:f:aoW:")) != EOF) {
+	while ((opt = getopt(argc, argv, "U:s:hm:f:aoW:M:vE")) != EOF) {
 		switch (opt) {
+		case 'E':
+			die_on_error = 1;
+			break;
+		case 'v':
+			verbose++;
+			break;
+		case 'M':
+			max_protocol = interpret_protocol(optarg, max_protocol);
+			break;
 		case 'U':
 			pstrcpy(username,optarg);
 			p = strchr(username,'%');
diff --git a/source/utils/nmblookup.c b/source/utils/nmblookup.c
index 4e85f6ac456..0f978a6cf3f 100644
--- a/source/utils/nmblookup.c
+++ b/source/utils/nmblookup.c
@@ -118,7 +118,7 @@ static void do_node_status(int fd, char *name, int type, struct in_addr ip)
 		for (i=0;i<count;i++) {
 			fstrcpy(cleanname, status[i].name);
 			for (j=0;cleanname[j];j++) {
-				if (!isprint(cleanname[j])) cleanname[j] = '.';
+				if (!isprint((int)cleanname[j])) cleanname[j] = '.';
 			}
 			printf("\t%-15s <%02x> - %s\n",
 			       cleanname,status[i].type,
diff --git a/source/utils/smbcacls.c b/source/utils/smbcacls.c
index 4803da9f33d..028eb481a65 100644
--- a/source/utils/smbcacls.c
+++ b/source/utils/smbcacls.c
@@ -92,7 +92,7 @@ static BOOL cacls_open_policy_hnd(void)
 		/* Some systems don't support SEC_RIGHTS_MAXIMUM_ALLOWED,
 		   but NT sends 0x2000000 so we might as well do it too. */
 
-		if (cli_lsa_open_policy(&lsa_cli, True, 
+		if (cli_lsa_open_policy(&lsa_cli, lsa_cli.mem_ctx, True, 
 					GENERIC_EXECUTE_ACCESS, &pol)
 		    != NT_STATUS_NOPROBLEMO) {
 			return False;
@@ -118,7 +118,7 @@ static void SidToString(fstring str, DOM_SID *sid)
 	/* Ask LSA to convert the sid to a name */
 
 	if (!cacls_open_policy_hnd() ||
-	    cli_lsa_lookup_sids(&lsa_cli, &pol, 1, sid, &names, &types, 
+	    cli_lsa_lookup_sids(&lsa_cli, lsa_cli.mem_ctx,  &pol, 1, sid, &names, &types, 
 				&num_names) != NT_STATUS_NOPROBLEMO ||
 	    !names || !names[0]) {
 		return;
@@ -127,10 +127,6 @@ static void SidToString(fstring str, DOM_SID *sid)
 	/* Converted OK */
 	
 	fstrcpy(str, names[0]);
-	
-	safe_free(names[0]);
-	safe_free(names);
-	safe_free(types);
 }
 
 /* convert a string to a SID, either numeric or username/group */
@@ -146,7 +142,7 @@ static BOOL StringToSid(DOM_SID *sid, char *str)
 	}
 
 	if (!cacls_open_policy_hnd() ||
-	    cli_lsa_lookup_names(&lsa_cli, &pol, 1, &str, &sids, &types, 
+	    cli_lsa_lookup_names(&lsa_cli, lsa_cli.mem_ctx, &pol, 1, &str, &sids, &types, 
 				 &num_sids) != NT_STATUS_NOPROBLEMO) {
 		result = False;
 		goto done;
@@ -154,9 +150,6 @@ static BOOL StringToSid(DOM_SID *sid, char *str)
 
 	sid_copy(sid, &sids[0]);
 
-	safe_free(sids);
-	safe_free(types);
-
  done:
 
 	return result;
@@ -347,7 +340,7 @@ static SEC_DESC *sec_desc_parse(char *str)
 	char *p = str;
 	fstring tok;
 	SEC_DESC *ret;
-	unsigned sd_size;
+	size_t sd_size;
 	DOM_SID *grp_sid=NULL, *owner_sid=NULL;
 	SEC_ACL *dacl=NULL;
 	int revision=1;
@@ -458,7 +451,7 @@ static int cacl_dump(struct cli_state *cli, char *filename)
 		return EXIT_FAILED;
 	}
 
-	sd = cli_query_secdesc(cli, fnum);
+	sd = cli_query_secdesc(cli, fnum, ctx);
 
 	if (!sd) {
 		printf("ERROR: secdesc query failed: %s\n", cli_errstr(cli));
@@ -495,7 +488,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
 	if (!StringToSid(&sid, new_username))
 		return EXIT_PARSE_ERROR;
 
-	old = cli_query_secdesc(cli, fnum);
+	old = cli_query_secdesc(cli, fnum, ctx);
 
 	cli_close(cli, fnum);
 
@@ -589,7 +582,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
 		return EXIT_FAILED;
 	}
 
-	old = cli_query_secdesc(cli, fnum);
+	old = cli_query_secdesc(cli, fnum, ctx);
 
 	if (!old) {
 		printf("calc_set: Failed to query old descriptor\n");
@@ -817,7 +810,7 @@ You can string acls together with spaces, commas or newlines\n\
 	char *p;
 	static pstring servicesf = CONFIGFILE;
 	struct cli_state *cli=NULL;
-	enum acl_mode mode;
+	enum acl_mode mode = SMB_ACL_SET;
 	char *the_acl = NULL;
 	enum chown_mode change_mode = REQUEST_NONE;
 	int result;
diff --git a/source/utils/smbcontrol.c b/source/utils/smbcontrol.c
index c5462ea1fb7..631bcf9bb90 100644
--- a/source/utils/smbcontrol.c
+++ b/source/utils/smbcontrol.c
@@ -32,6 +32,7 @@ static struct {
 	{"profilelevel", MSG_REQ_PROFILELEVEL},
 	{"debuglevel", MSG_REQ_DEBUGLEVEL},
 	{"printer-notify", MSG_PRINTER_NOTIFY},
+	{"close-share", MSG_SMB_FORCE_TDIS},
 	{NULL, -1}
 };
 
@@ -69,7 +70,7 @@ a useful function for testing the message system
 void pong_function(int msg_type, pid_t src, void *buf, size_t len)
 {
 	pong_count++;
-	printf("PONG from PID %d\n",src);
+	printf("PONG from PID %u\n",(unsigned int)src);
 }
 
 /****************************************************************************
@@ -82,7 +83,7 @@ void debuglevel_function(int msg_type, pid_t src, void *buf, size_t len)
 
 	memcpy(debuglevel_class, buf, len);
 
-	printf("Current debug level of PID %d is %d ",src, debuglevel_class[0]);
+	printf("Current debug level of PID %u is %d ",(unsigned int)src, debuglevel_class[0]);
 	for (i=1;i<DBGC_LAST;i++)
 		if (debuglevel_class[i])
 			printf("%s:%d ", debug_classname_from_index(i), debuglevel_class[i]);
@@ -112,9 +113,9 @@ void profilelevel_function(int msg_type, pid_t src, void *buf, size_t len)
 		s = "count and time";
 		break;
 	    }
-	    printf("Profiling %s on PID %d\n",s,src);
+	    printf("Profiling %s on PID %u\n",s,(unsigned int)src);
 	} else {
-	    printf("Profiling not available on PID %d\n",src);
+	    printf("Profiling not available on PID %u\n",(unsigned int)src);
 	}
 	got_level = True;
 }
@@ -127,7 +128,7 @@ static BOOL send_message(char *dest, int msg_type, void *buf, int len, BOOL dupl
 	pid_t pid;
 	TDB_CONTEXT *the_tdb;
 
-	the_tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
+	the_tdb = tdb_open_log(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
 	if (!the_tdb) {
 		fprintf(stderr,"Failed to open connections database in send_message.\n");
 		return False;
@@ -171,7 +172,7 @@ static int parse_type(char *mtype)
 /****************************************************************************
 do command
 ****************************************************************************/
-static BOOL do_command(char *dest, char *msg_name, char *params[])
+static BOOL do_command(char *dest, char *msg_name, char **params)
 {
 	int i, n, v;
 	int mtype;
@@ -186,7 +187,7 @@ static BOOL do_command(char *dest, char *msg_name, char *params[])
 
 	switch (mtype) {
 	case MSG_DEBUG:
-		if (!params[0]) {
+		if (!params || !params[0]) {
 			fprintf(stderr,"MSG_DEBUG needs a parameter\n");
 			return(False);
 		}
@@ -200,7 +201,7 @@ static BOOL do_command(char *dest, char *msg_name, char *params[])
 		break;
 
 	case MSG_PROFILE:
-		if (!params[0]) {
+		if (!params || !params[0]) {
 			fprintf(stderr,"MSG_PROFILE needs a parameter\n");
 			return(False);
 		}
@@ -271,7 +272,7 @@ static BOOL do_command(char *dest, char *msg_name, char *params[])
 			fprintf(stderr,"printer-notify can only be sent to smbd\n");
 			return(False);
 		}
-		if (!params[0]) {
+		if (!params || !params[0]) {
 			fprintf(stderr, "printer-notify needs a printer name\n");
 			return (False);
 		}
@@ -279,12 +280,25 @@ static BOOL do_command(char *dest, char *msg_name, char *params[])
 				      strlen(params[0]) + 1, False);
 		break;
 
+	case MSG_SMB_FORCE_TDIS:
+		if (!strequal(dest, "smbd")) {
+			fprintf(stderr,"close-share can only be sent to smbd\n");
+			return(False);
+		}
+		if (!params || !params[0]) {
+			fprintf(stderr, "close-share needs a share name or '*'\n");
+			return (False);
+		}
+		retval = send_message(dest, MSG_SMB_FORCE_TDIS, params[0],
+				      strlen(params[0]) + 1, False);
+		break;
+
 	case MSG_PING:
 		if (!pong_registered) {
 		    message_register(MSG_PONG, pong_function);
 		    pong_registered = True;
 		}
-		if (!params[0]) {
+		if (!params || !params[0]) {
 			fprintf(stderr,"MSG_PING needs a parameter\n");
 			return(False);
 		}
diff --git a/source/utils/smbfilter.c b/source/utils/smbfilter.c
index 5d11c74d149..db83873e694 100644
--- a/source/utils/smbfilter.c
+++ b/source/utils/smbfilter.c
@@ -26,11 +26,11 @@
 #define SECURITY_SET  0
 
 /* this forces non-unicode */
-#define CAPABILITY_MASK CAP_UNICODE
+#define CAPABILITY_MASK (CAP_NT_SMBS | CAP_RPC_REMOTE_APIS)
 #define CAPABILITY_SET  0
 
 /* and non-unicode for the client too */
-#define CLI_CAPABILITY_MASK CAP_UNICODE
+#define CLI_CAPABILITY_MASK 0
 #define CLI_CAPABILITY_SET  0
 
 static char *netbiosname;
@@ -179,7 +179,7 @@ static void start_filter(char *desthost)
 		fd_set fds;
 		int num;
 		struct sockaddr addr;
-		int in_addrlen = sizeof(addr);
+		socklen_t in_addrlen = sizeof(addr);
 		
 		FD_ZERO(&fds);
 		FD_SET(s, &fds);
diff --git a/source/utils/smbpasswd.c b/source/utils/smbpasswd.c
index 524cd5b8ad0..839ce6f046e 100644
--- a/source/utils/smbpasswd.c
+++ b/source/utils/smbpasswd.c
@@ -29,6 +29,9 @@ extern int DEBUGLEVEL;
 extern char *optarg;
 extern int optind;
 
+/* forced running in root-mode */
+static BOOL local_mode;
+
 /*********************************************************
 a strdup with exit
 **********************************************************/
@@ -59,7 +62,8 @@ static void usage(void)
 	printf("  -U USER              remote username\n");
 	printf("  -r MACHINE           remote machine\n");
 
-	if (getuid() == 0) {
+	if (getuid() == 0 || local_mode) {
+		printf("  -L                   local mode (must be first option)\n");
 		printf("  -R ORDER             name resolve order\n");
 		printf("  -j DOMAIN            join domain name\n");
 		printf("  -a                   add user\n");
@@ -261,8 +265,11 @@ static int process_root(int argc, char *argv[])
 	char *old_passwd = NULL;
 	char *remote_machine = NULL;
 
-	while ((ch = getopt(argc, argv, "ax:d:e:mnj:r:sR:D:U:")) != EOF) {
+	while ((ch = getopt(argc, argv, "ax:d:e:mnj:r:sR:D:U:L")) != EOF) {
 		switch(ch) {
+		case 'L':
+			local_mode = True;
+			break;
 		case 'a':
 			local_flags |= LOCAL_ADD_USER;
 			break;
@@ -319,10 +326,13 @@ static int process_root(int argc, char *argv[])
 	argv += optind;
 
 	/*
+	 * Ensure both add/delete user are not set
 	 * Ensure add/delete user and either remote machine or join domain are
 	 * not both set.
 	 */	
-	if((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && ((remote_machine != NULL) || joining_domain)) {
+	if(((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) || 
+	   ((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) && 
+		((remote_machine != NULL) || joining_domain))) {
 		usage();
 	}
 	
@@ -595,7 +605,14 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 
-	if (getuid() == 0) {
+	/* pre-check for local mode option as first option. We can't
+	   do this via normal getopt as getopt can't be called
+	   twice. */
+	if (argc > 1 && strcmp(argv[1], "-L") == 0) {
+		local_mode = True;
+	}
+
+	if (local_mode || getuid() == 0) {
 		return process_root(argc, argv);
 	} 
 
diff --git a/source/utils/smbw_sample.c b/source/utils/smbw_sample.c
index 999dcaef477..db92af95108 100644
--- a/source/utils/smbw_sample.c
+++ b/source/utils/smbw_sample.c
@@ -34,6 +34,8 @@ int main(int argc, char *argv[])
 	char *path;
 
 	charset_initialise();
+	lp_load(CONFIGFILE,1,0,0);
+	codepage_initialise(lp_client_code_page());
 	smbw_setup_shared();
 
 	while ((opt = getopt(argc, argv, "W:U:R:d:P:l:hL:")) != EOF) {
diff --git a/source/utils/status.c b/source/utils/status.c
index 06abd09d929..4d7792e515a 100644
--- a/source/utils/status.c
+++ b/source/utils/status.c
@@ -186,9 +186,13 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *st
 	struct session_record *ptr;
 	struct connections_data crec;
 
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
 	memcpy(&crec, dbuf.dptr, sizeof(crec));
 
-	if (crec.cnum == -1) return 0;
+	if (crec.cnum == -1)
+		return 0;
 
 	if (!process_exists(crec.pid) || !Ucrit_checkUsername(uidtoname(crec.uid))) {
 		return 0;
@@ -306,7 +310,7 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *st
 		return profile_dump();
 	}
 	
-	tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
+	tdb = tdb_open_log(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
 	if (!tdb) {
 		printf("connections.tdb not initialised\n");
 		if (!lp_status(-1))
diff --git a/source/utils/testparm.c b/source/utils/testparm.c
index 20f36fcffe4..ae4a12a8825 100644
--- a/source/utils/testparm.c
+++ b/source/utils/testparm.c
@@ -93,29 +93,37 @@ to a valid password server.\n", sec_setting );
 	if(lp_security() == SEC_USER && lp_unix_password_sync()) {
 
 		/*
-		 * Check that we have a valid lp_passwd_program().
+		 * Check that we have a valid lp_passwd_program() if not using pam.
 		 */
 
-		if(lp_passwd_program() == NULL) {
-			printf("ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd program' \
+#ifdef WITH_PAM
+		if (!lp_pam_password_change()) {
+#endif
+
+			if(lp_passwd_program() == NULL) {
+				printf("ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd program' \
 parameter.\n" );
-			ret = 1;
-		} else {
-			pstring passwd_prog;
-			pstring truncated_prog;
-			char *p;
-
-			pstrcpy( passwd_prog, lp_passwd_program());
-			p = passwd_prog;
-			*truncated_prog = '\0';
-			next_token(&p, truncated_prog, NULL, sizeof(pstring));
-
-			if(access(truncated_prog, F_OK) == -1) {
-				printf("ERROR: the 'unix password sync' parameter is set and the 'passwd program' (%s) \
-cannot be executed (error was %s).\n", truncated_prog, strerror(errno) );
 				ret = 1;
+			} else {
+				pstring passwd_prog;
+				pstring truncated_prog;
+				char *p;
+
+				pstrcpy( passwd_prog, lp_passwd_program());
+				p = passwd_prog;
+				*truncated_prog = '\0';
+				next_token(&p, truncated_prog, NULL, sizeof(pstring));
+
+				if(access(truncated_prog, F_OK) == -1) {
+					printf("ERROR: the 'unix password sync' parameter is set and the 'passwd program' (%s) \
+cannot be executed (error was %s).\n", truncated_prog, strerror(errno) );
+					ret = 1;
+				}
 			}
+
+#ifdef WITH_PAM
 		}
+#endif
 
 		if(lp_passwd_chat() == NULL) {
 			printf("ERROR: the 'unix password sync' parameter is set and there is no valid 'passwd chat' \
diff --git a/source/utils/torture.c b/source/utils/torture.c
index aaeb55eff7c..7fef427f364 100644
--- a/source/utils/torture.c
+++ b/source/utils/torture.c
@@ -22,8 +22,6 @@
 #define NO_SYSLOG
 
 #include "includes.h"
-#include <sys/ipc.h>
-#include <sys/shm.h>
 
 static fstring host, workgroup, share, password, username, myname;
 static int max_protocol = PROTOCOL_NT1;
@@ -35,7 +33,7 @@ static fstring randomfname;
 static BOOL use_oplocks;
 static BOOL use_level_II_oplocks;
 
-static double create_procs(void (*fn)(int));
+static double create_procs(BOOL (*fn)(int), BOOL *result);
 
 
 static struct timeval tp1,tp2;
@@ -155,13 +153,17 @@ static BOOL open_connection(struct cli_state *c)
 }
 
 
-static void close_connection(struct cli_state *c)
+static BOOL close_connection(struct cli_state *c)
 {
+	BOOL ret = True;
 	if (!cli_tdis(c)) {
 		printf("tdis failed (%s)\n", cli_errstr(c));
+		ret = False;
 	}
 
-	cli_shutdown(c);
+        cli_shutdown(c);
+
+	return ret;
 }
 
 
@@ -202,6 +204,7 @@ static BOOL rw_torture(struct cli_state *c)
 	pid_t pid2, pid = getpid();
 	int i, j;
 	char buf[1024];
+	BOOL correct = True;
 
 	fnum2 = cli_open(c, lockfname, O_RDWR | O_CREAT | O_EXCL, 
 			 DENY_NONE);
@@ -227,11 +230,13 @@ static BOOL rw_torture(struct cli_state *c)
 		fnum = cli_open(c, fname, O_RDWR | O_CREAT | O_TRUNC, DENY_ALL);
 		if (fnum == -1) {
 			printf("open failed (%s)\n", cli_errstr(c));
+			correct = False;
 			break;
 		}
 
 		if (cli_write(c, fnum, 0, (char *)&pid, 0, sizeof(pid)) != sizeof(pid)) {
 			printf("write failed (%s)\n", cli_errstr(c));
+			correct = False;
 		}
 
 		for (j=0;j<50;j++) {
@@ -239,6 +244,7 @@ static BOOL rw_torture(struct cli_state *c)
 				      sizeof(pid)+(j*sizeof(buf)), 
 				      sizeof(buf)) != sizeof(buf)) {
 				printf("write failed (%s)\n", cli_errstr(c));
+				correct = False;
 			}
 		}
 
@@ -246,22 +252,27 @@ static BOOL rw_torture(struct cli_state *c)
 
 		if (cli_read(c, fnum, (char *)&pid2, 0, sizeof(pid)) != sizeof(pid)) {
 			printf("read failed (%s)\n", cli_errstr(c));
+			correct = False;
 		}
 
 		if (pid2 != pid) {
 			printf("data corruption!\n");
+			correct = False;
 		}
 
 		if (!cli_close(c, fnum)) {
 			printf("close failed (%s)\n", cli_errstr(c));
+			correct = False;
 		}
 
 		if (!cli_unlink(c, fname)) {
 			printf("unlink failed (%s)\n", cli_errstr(c));
+			correct = False;
 		}
 
 		if (!cli_unlock(c, fnum2, n*sizeof(int), sizeof(int))) {
 			printf("unlock failed (%s)\n", cli_errstr(c));
+			correct = False;
 		}
 	}
 
@@ -270,20 +281,25 @@ static BOOL rw_torture(struct cli_state *c)
 
 	printf("%d\n", i);
 
-	return True;
+	return correct;
 }
 
-static void run_torture(int dummy)
+static BOOL run_torture(int dummy)
 {
 	struct cli_state cli;
+        BOOL ret;
 
 	cli = current_cli;
 
 	cli_sockopt(&cli, sockops);
 
-	rw_torture(&cli);
+	ret = rw_torture(&cli);
 	
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		ret = False;
+	}
+
+	return ret;
 }
 
 static BOOL rw_torture3(struct cli_state *c, char *lockfname)
@@ -295,6 +311,7 @@ static BOOL rw_torture3(struct cli_state *c, char *lockfname)
 	unsigned count;
 	unsigned countprev = 0;
 	unsigned sent = 0;
+	BOOL correct = True;
 
 	srandom(1);
 	for (i = 0; i < sizeof(buf); i += sizeof(uint32))
@@ -347,6 +364,7 @@ static BOOL rw_torture3(struct cli_state *c, char *lockfname)
 
 			if (cli_write(c, fnum, 0, buf+count, count, sent) != sent) {
 				printf("write failed (%s)\n", cli_errstr(c));
+				correct = False;
 			}
 		}
 		else
@@ -358,6 +376,7 @@ static BOOL rw_torture3(struct cli_state *c, char *lockfname)
 				printf("read failed offset:%d size:%d (%s)\n",
 						count, sizeof(buf)-count,
 						cli_errstr(c));
+				correct = False;
 				sent = 0;
 			}
 			if (sent > 0)
@@ -367,6 +386,7 @@ static BOOL rw_torture3(struct cli_state *c, char *lockfname)
 					printf("read/write compare failed\n");
 					printf("offset: %d req %d recvd %d\n",
 						count, sizeof(buf)-count, sent);
+					correct = False;
 					break;
 				}
 			}
@@ -376,9 +396,10 @@ static BOOL rw_torture3(struct cli_state *c, char *lockfname)
 
 	if (!cli_close(c, fnum)) {
 		printf("close failed (%s)\n", cli_errstr(c));
+		correct = False;
 	}
 
-	return True;
+	return correct;
 }
 
 static BOOL rw_torture2(struct cli_state *c1, struct cli_state *c2)
@@ -389,9 +410,11 @@ static BOOL rw_torture2(struct cli_state *c1, struct cli_state *c2)
 	int i;
 	char buf[131072];
 	char buf_rd[131072];
+	BOOL correct = True;
+	ssize_t bytes_read;
 
 	if (!cli_unlink(c1, lockfname)) {
-		printf("unlink failed (%s)\n", cli_errstr(c1));
+		printf("unlink failed (%s) (normal, this file should not exist)\n", cli_errstr(c1));
 	}
 
 	fnum1 = cli_open(c1, lockfname, O_RDWR | O_CREAT | O_EXCL, 
@@ -412,7 +435,7 @@ static BOOL rw_torture2(struct cli_state *c1, struct cli_state *c2)
 
 	for (i=0;i<numops;i++)
 	{
-		unsigned buf_size = ((unsigned)sys_random()%(sizeof(buf)-1))+ 1;
+		size_t buf_size = ((unsigned)sys_random()%(sizeof(buf)-1))+ 1;
 		if (i % 10 == 0) {
 			printf("%d\r", i); fflush(stdout);
 		}
@@ -421,56 +444,70 @@ static BOOL rw_torture2(struct cli_state *c1, struct cli_state *c2)
 
 		if (cli_write(c1, fnum1, 0, buf, 0, buf_size) != buf_size) {
 			printf("write failed (%s)\n", cli_errstr(c1));
+			correct = False;
 		}
 
-		if (cli_read(c2, fnum2, buf_rd, 0, buf_size) != buf_size) {
+		if ((bytes_read = cli_read(c2, fnum2, buf_rd, 0, buf_size)) != buf_size) {
 			printf("read failed (%s)\n", cli_errstr(c2));
+			printf("read %d, expected %d\n", bytes_read, buf_size); 
+			correct = False;
 		}
 
 		if (memcmp(buf_rd, buf, buf_size) != 0)
 		{
 			printf("read/write compare failed\n");
+			correct = False;
 		}
 	}
 
 	if (!cli_close(c2, fnum2)) {
 		printf("close failed (%s)\n", cli_errstr(c2));
+		correct = False;
 	}
 	if (!cli_close(c1, fnum1)) {
 		printf("close failed (%s)\n", cli_errstr(c1));
+		correct = False;
 	}
 
 	if (!cli_unlink(c1, lockfname)) {
 		printf("unlink failed (%s)\n", cli_errstr(c1));
+		correct = False;
 	}
 
-	return True;
+	return correct;
 }
 
-static void run_readwritetest(int dummy)
+static BOOL run_readwritetest(int dummy)
 {
 	static struct cli_state cli1, cli2;
-	BOOL test;
+	BOOL test1, test2;
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 	cli_sockopt(&cli2, sockops);
 
 	printf("starting readwritetest\n");
 
-	test = rw_torture2(&cli1, &cli2);
-	printf("Passed readwritetest v1: %s\n", BOOLSTR(test));
+	test1 = rw_torture2(&cli1, &cli2);
+	printf("Passed readwritetest v1: %s\n", BOOLSTR(test1));
 
-	test = rw_torture2(&cli1, &cli1);
-	printf("Passed readwritetest v2: %s\n", BOOLSTR(test));
+	test2 = rw_torture2(&cli1, &cli1);
+	printf("Passed readwritetest v2: %s\n", BOOLSTR(test2));
 
-	close_connection(&cli1);
-	close_connection(&cli2);
+	if (!close_connection(&cli1)) {
+		test1 = False;
+	}
+
+	if (!close_connection(&cli2)) {
+		test2 = False;
+	}
+
+	return (test1 && test2);
 }
 
-static void run_readwritemulti(int dummy)
+static BOOL run_readwritemulti(int dummy)
 {
 	static struct cli_state cli;
 	BOOL test;
@@ -482,13 +519,87 @@ static void run_readwritemulti(int dummy)
 	printf("run_readwritemulti: fname %s\n", randomfname);
 	test = rw_torture3(&cli, randomfname);
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		test = False;
+	}
+	
+	return test;
 }
 
+static BOOL run_readwritelarge(int dummy)
+{
+	static struct cli_state cli1;
+	int fnum1;
+	char *lockfname = "\\large.dat";
+	size_t fsize;
+	char buf[0x10000];
+	BOOL correct = True;
+ 
+	if (!open_connection(&cli1)) {
+		return False;
+	}
+	cli_sockopt(&cli1, sockops);
+	memset(buf,'\0',sizeof(buf));
+	
+	cli1.max_xmit = 0x11000;
+	
+	printf("starting readwritelarge\n");
+ 
+	cli_unlink(&cli1, lockfname);
+
+	fnum1 = cli_open(&cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(&cli1));
+		return False;
+	}
+   
+	cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf));
+
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (!cli_qpathinfo(&cli1, lockfname, NULL, NULL, NULL, &fsize, NULL)) {
+		printf("qpathinfo failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	if (fsize == sizeof(buf))
+		printf("readwritelarge test 1 succeeded (size = %x)\n", fsize);
+	else {
+		printf("readwritelarge test 1 failed (size = %x)\n", fsize);
+		correct = False;
+	}
+
+	if (!cli_unlink(&cli1, lockfname)) {
+		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+
+	fnum1 = cli_open(&cli1, lockfname, O_RDWR | O_CREAT | O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open read/write of %s failed (%s)\n", lockfname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	cli_smbwrite(&cli1, fnum1, buf, 0, sizeof(buf));
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
+	}
+	
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+	return correct;
+	}
+
 int line_count = 0;
 
 /* run a test that simulates an approximate netbench client load */
-static void run_netbench(int client)
+static BOOL run_netbench(int client)
 {
 	struct cli_state cli;
 	int i;
@@ -497,6 +608,7 @@ static void run_netbench(int client)
 	char cname[20];
 	FILE *f;
 	char *params[20];
+	BOOL correct = True;
 
 	cli = current_cli;
 
@@ -510,7 +622,7 @@ static void run_netbench(int client)
 
 	if (!f) {
 		perror("client.txt");
-		return;
+		return False;
 	}
 
 	while (fgets(line, sizeof(line)-1, f)) {
@@ -584,15 +696,20 @@ static void run_netbench(int client)
 
 	printf("+");	
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
+	
+	return correct;
 }
 
 
 /* run a test that simulates an approximate netbench w9X client load */
-static void run_nbw95(int dummy)
+static BOOL run_nbw95(int dummy)
 {
 	double t;
-	t = create_procs(run_netbench);
+	BOOL correct = True;
+	t = create_procs(run_netbench, &correct);
 	/* to produce a netbench result we scale accoding to the
            netbench measured throughput for the run that produced the
            sniff that was used to produce client.txt. That run used 2
@@ -600,15 +717,18 @@ static void run_nbw95(int dummy)
            4MBit/sec. */
 	printf("Throughput %g MB/sec (NB=%g MB/sec  %g MBit/sec)\n", 
 	       132*nprocs/t, 0.5*0.5*nprocs*660/t, 2*nprocs*660/t);
+	return correct;
 }
 
 /* run a test that simulates an approximate netbench wNT client load */
-static void run_nbwnt(int dummy)
+static BOOL run_nbwnt(int dummy)
 {
 	double t;
-	t = create_procs(run_netbench);
+	BOOL correct = True;
+	t = create_procs(run_netbench, &correct);
 	printf("Throughput %g MB/sec (NB=%g MB/sec  %g MBit/sec)\n", 
 	       132*nprocs/t, 0.5*0.5*nprocs*660/t, 2*nprocs*660/t);
+	return correct;
 }
 
 
@@ -620,7 +740,7 @@ static void run_nbwnt(int dummy)
      must not use posix semantics)
   2) support for lock timeouts
  */
-static void run_locktest1(int dummy)
+static BOOL run_locktest1(int dummy)
 {
 	static struct cli_state cli1, cli2;
 	char *fname = "\\lockt1.lck";
@@ -628,7 +748,7 @@ static void run_locktest1(int dummy)
 	time_t t1, t2;
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 	cli_sockopt(&cli2, sockops);
@@ -640,30 +760,30 @@ static void run_locktest1(int dummy)
 	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
 	if (fnum2 == -1) {
 		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 	fnum3 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
 	if (fnum3 == -1) {
 		printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli2));
-		return;
+		return False;
 	}
 
 	if (!cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock1 failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 
 	if (cli_lock(&cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock2 succeeded! This is a locking bug\n");
-		return;
+		return False;
 	} else {
-		if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return False;
 	}
 
 
@@ -671,9 +791,9 @@ static void run_locktest1(int dummy)
 	t1 = time(NULL);
 	if (cli_lock(&cli2, fnum3, 0, 4, 10*1000, WRITE_LOCK)) {
 		printf("lock3 succeeded! This is a locking bug\n");
-		return;
+		return False;
 	} else {
-		if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return False;
 	}
 	t2 = time(NULL);
 
@@ -683,42 +803,48 @@ static void run_locktest1(int dummy)
 
 	if (!cli_close(&cli1, fnum2)) {
 		printf("close1 failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (cli_lock(&cli2, fnum3, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock4 succeeded! This is a locking bug\n");
-		return;
+		return False;
 	} else {
-		if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli2, ERRDOS, ERRlock, 0)) return False;
 	}
 
 	if (!cli_close(&cli1, fnum1)) {
 		printf("close2 failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_close(&cli2, fnum3)) {
 		printf("close3 failed (%s)\n", cli_errstr(&cli2));
-		return;
+		return False;
 	}
 
 	if (!cli_unlink(&cli1, fname)) {
 		printf("unlink failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 
-	close_connection(&cli1);
-	close_connection(&cli2);
+	if (!close_connection(&cli1)) {
+		return False;
+	}
+
+	if (!close_connection(&cli2)) {
+		return False;
+	}
 
 	printf("Passed locktest1\n");
+	return True;
 }
 
 /*
  checks for correct tconX support
  */
-static void run_tcon_test(int dummy)
+static BOOL run_tcon_test(int dummy)
 {
 	static struct cli_state cli1;
 	char *fname = "\\tcontest.tmp";
@@ -727,7 +853,7 @@ static void run_tcon_test(int dummy)
 	char buf[4];
 
 	if (!open_connection(&cli1)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 
@@ -739,7 +865,7 @@ static void run_tcon_test(int dummy)
 	if (fnum1 == -1)
 	{
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	cnum = cli1.cnum;
@@ -747,7 +873,7 @@ static void run_tcon_test(int dummy)
 	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) != 4)
 	{
 		printf("write failed (%s)", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_send_tconX(&cli1, share, "?????",
@@ -755,35 +881,38 @@ static void run_tcon_test(int dummy)
 		printf("%s refused 2nd tree connect (%s)\n", host,
 		           cli_errstr(&cli1));
 		cli_shutdown(&cli1);
-		return ;
+		return False;
 	}
 
 	if (cli_write(&cli1, fnum1, 0, buf, 130, 4) == 4)
 	{
 		printf("write succeeded (%s)", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (cli_close(&cli1, fnum1)) {
 		printf("close2 succeeded (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_tdis(&cli1)) {
 		printf("tdis failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	cli1.cnum = cnum;
 
 	if (!cli_close(&cli1, fnum1)) {
 		printf("close2 failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
-	close_connection(&cli1);
+	if (!close_connection(&cli1)) {
+		return False;
+	}
 
 	printf("Passed tcontest\n");
+	return True;
 }
 
 
@@ -798,14 +927,15 @@ static void run_tcon_test(int dummy)
 
   3) the server denies unlock requests by an incorrect client PID
 */
-static void run_locktest2(int dummy)
+static BOOL run_locktest2(int dummy)
 {
 	static struct cli_state cli;
 	char *fname = "\\lockt2.lck";
 	int fnum1, fnum2, fnum3;
+	BOOL correct = True;
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	cli_sockopt(&cli, sockops);
@@ -819,13 +949,13 @@ static void run_locktest2(int dummy)
 	fnum1 = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	fnum2 = cli_open(&cli, fname, O_RDWR, DENY_NONE);
 	if (fnum2 == -1) {
 		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	cli_setpid(&cli, 2);
@@ -833,66 +963,89 @@ static void run_locktest2(int dummy)
 	fnum3 = cli_open(&cli, fname, O_RDWR, DENY_NONE);
 	if (fnum3 == -1) {
 		printf("open3 of %s failed (%s)\n", fname, cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	cli_setpid(&cli, 1);
 
 	if (!cli_lock(&cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock1 failed (%s)\n", cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	if (cli_lock(&cli, fnum1, 0, 4, 0, WRITE_LOCK)) {
 		printf("WRITE lock1 succeeded! This is a locking bug\n");
+		correct = False;
 	} else {
-		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return False;
 	}
 
 	if (cli_lock(&cli, fnum2, 0, 4, 0, WRITE_LOCK)) {
 		printf("WRITE lock2 succeeded! This is a locking bug\n");
+		correct = False;
 	} else {
-		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return False;
 	}
 
 	if (cli_lock(&cli, fnum2, 0, 4, 0, READ_LOCK)) {
 		printf("READ lock2 succeeded! This is a locking bug\n");
+		correct = False;
 	} else {
-		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return False;
 	}
 
+	if (!cli_lock(&cli, fnum1, 100, 4, 0, WRITE_LOCK)) {
+		printf("lock at 100 failed (%s)\n", cli_errstr(&cli));
+	}
 	cli_setpid(&cli, 2);
+	if (cli_unlock(&cli, fnum1, 100, 4)) {
+		printf("unlock at 100 succeeded! This is a locking bug\n");
+		correct = False;
+	}
 
-	if (cli_unlock(&cli, fnum1, 0, 8)) {
+	if (cli_unlock(&cli, fnum1, 0, 4)) {
 		printf("unlock1 succeeded! This is a locking bug\n");
+	} else {
+		if (!check_error(&cli, ERRDOS, ERRnotlocked, 0)) return False;
+	}
+
+	if (cli_unlock(&cli, fnum1, 0, 8)) {
+		printf("unlock2 succeeded! This is a locking bug\n");
+	} else {
+		if (!check_error(&cli, ERRDOS, ERRnotlocked, 0)) return False;
 	}
 
 	if (cli_lock(&cli, fnum3, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock3 succeeded! This is a locking bug\n");
+		correct = False;
 	} else {
-		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return;
+		if (!check_error(&cli, ERRDOS, ERRlock, 0)) return False;
 	}
 
 	cli_setpid(&cli, 1);
 
 	if (!cli_close(&cli, fnum1)) {
 		printf("close1 failed (%s)\n", cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	if (!cli_close(&cli, fnum2)) {
 		printf("close2 failed (%s)\n", cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	if (!cli_close(&cli, fnum3)) {
 		printf("close3 failed (%s)\n", cli_errstr(&cli));
-		return;
+		return False;
 	}
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("locktest2 finished\n");
+
+	return correct;
 }
 
 
@@ -901,17 +1054,18 @@ static void run_locktest2(int dummy)
 
   1) the server supports the full offset range in lock requests
 */
-static void run_locktest3(int dummy)
+static BOOL run_locktest3(int dummy)
 {
 	static struct cli_state cli1, cli2;
 	char *fname = "\\lockt3.lck";
 	int fnum1, fnum2, i;
 	uint32 offset;
+	BOOL correct = True;
 
 #define NEXT_OFFSET offset += (~(uint32)0) / numops
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 	cli_sockopt(&cli2, sockops);
@@ -923,12 +1077,12 @@ static void run_locktest3(int dummy)
 	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 	fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
 	if (fnum2 == -1) {
 		printf("open2 of %s failed (%s)\n", fname, cli_errstr(&cli2));
-		return;
+		return False;
 	}
 
 	for (offset=i=0;i<numops;i++) {
@@ -937,14 +1091,14 @@ static void run_locktest3(int dummy)
 			printf("lock1 %d failed (%s)\n", 
 			       i,
 			       cli_errstr(&cli1));
-			return;
+			return False;
 		}
 
 		if (!cli_lock(&cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
 			printf("lock2 %d failed (%s)\n", 
 			       i,
 			       cli_errstr(&cli1));
-			return;
+			return False;
 		}
 	}
 
@@ -953,22 +1107,22 @@ static void run_locktest3(int dummy)
 
 		if (cli_lock(&cli1, fnum1, offset-2, 1, 0, WRITE_LOCK)) {
 			printf("error: lock1 %d succeeded!\n", i);
-			return;
+			return False;
 		}
 
 		if (cli_lock(&cli2, fnum2, offset-1, 1, 0, WRITE_LOCK)) {
 			printf("error: lock2 %d succeeded!\n", i);
-			return;
+			return False;
 		}
 
 		if (cli_lock(&cli1, fnum1, offset-1, 1, 0, WRITE_LOCK)) {
 			printf("error: lock3 %d succeeded!\n", i);
-			return;
+			return False;
 		}
 
 		if (cli_lock(&cli2, fnum2, offset-2, 1, 0, WRITE_LOCK)) {
 			printf("error: lock4 %d succeeded!\n", i);
-			return;
+			return False;
 		}
 	}
 
@@ -979,51 +1133,63 @@ static void run_locktest3(int dummy)
 			printf("unlock1 %d failed (%s)\n", 
 			       i,
 			       cli_errstr(&cli1));
-			return;
+			return False;
 		}
 
 		if (!cli_unlock(&cli2, fnum2, offset-2, 1)) {
 			printf("unlock2 %d failed (%s)\n", 
 			       i,
 			       cli_errstr(&cli1));
-			return;
+			return False;
 		}
 	}
 
 	if (!cli_close(&cli1, fnum1)) {
 		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
 	}
 
 	if (!cli_close(&cli2, fnum2)) {
 		printf("close2 failed (%s)\n", cli_errstr(&cli2));
+		return False;
 	}
 
 	if (!cli_unlink(&cli1, fname)) {
 		printf("unlink failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
-	close_connection(&cli1);
-	close_connection(&cli2);
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+	
+	if (!close_connection(&cli2)) {
+		correct = False;
+	}
 
 	printf("finished locktest3\n");
+
+	return correct;
 }
 
-#define EXPECTED(ret, v) if ((ret) != (v)) printf("** ")
+#define EXPECTED(ret, v) if ((ret) != (v)) { \
+        printf("** "); correct = False; \
+        }
 
 /*
   looks at overlapping locks
 */
-static void run_locktest4(int dummy)
+static BOOL run_locktest4(int dummy)
 {
 	static struct cli_state cli1, cli2;
 	char *fname = "\\lockt4.lck";
 	int fnum1, fnum2, f;
 	BOOL ret;
 	char buf[1000];
+	BOOL correct = True;
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 
 	cli_sockopt(&cli1, sockops);
@@ -1040,6 +1206,7 @@ static void run_locktest4(int dummy)
 
 	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
 		printf("Failed to create file\n");
+		correct = False;
 		goto fail;
 	}
 
@@ -1168,8 +1335,6 @@ static void run_locktest4(int dummy)
 	EXPECTED(ret, True);
 	printf("the server %s have the NT byte range lock bug\n", !ret?"does":"doesn't");
 	
-
-
  fail:
 	cli_close(&cli1, fnum1);
 	cli_close(&cli2, fnum2);
@@ -1178,21 +1343,23 @@ static void run_locktest4(int dummy)
 	close_connection(&cli2);
 
 	printf("finished locktest4\n");
+	return correct;
 }
 
 /*
   looks at lock upgrade/downgrade.
 */
-static void run_locktest5(int dummy)
+static BOOL run_locktest5(int dummy)
 {
 	static struct cli_state cli1, cli2;
 	char *fname = "\\lockt5.lck";
 	int fnum1, fnum2, fnum3;
 	BOOL ret;
 	char buf[1000];
+	BOOL correct = True;
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 
 	cli_sockopt(&cli1, sockops);
@@ -1210,6 +1377,7 @@ static void run_locktest5(int dummy)
 
 	if (cli_write(&cli1, fnum1, 0, buf, 0, sizeof(buf)) != sizeof(buf)) {
 		printf("Failed to create file\n");
+		correct = False;
 		goto fail;
 	}
 
@@ -1285,21 +1453,28 @@ static void run_locktest5(int dummy)
 
 	printf("a different processs %s get a write lock on the unlocked stack\n", ret?"can":"cannot");
 
+
  fail:
 	cli_close(&cli1, fnum1);
 	cli_close(&cli2, fnum2);
 	cli_unlink(&cli1, fname);
-	close_connection(&cli1);
-	close_connection(&cli2);
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!close_connection(&cli2)) {
+		correct = False;
+	}
 
 	printf("finished locktest5\n");
+       
+	return correct;
 }
 
 
 /*
   this produces a matrix of deny mode behaviour
  */
-static void run_denytest1(int dummy)
+static BOOL run_denytest1(int dummy)
 {
 	static struct cli_state cli1, cli2;
 	int fnum1, fnum2;
@@ -1324,9 +1499,10 @@ static void run_denytest1(int dummy)
 		{O_RDONLY, "O_RDONLY"},
 		{O_WRONLY, "O_WRONLY"},
 		{-1, NULL}};
+	BOOL correct = True;
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 	cli_sockopt(&cli2, sockops);
@@ -1379,10 +1555,15 @@ static void run_denytest1(int dummy)
 		cli_unlink(&cli1, fnames[f]);
 	}
 
-	close_connection(&cli1);
-	close_connection(&cli2);
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!close_connection(&cli2)) {
+		correct = False;
+	}
 	
 	printf("finshed denytest1\n");
+	return correct;
 }
 
 
@@ -1390,7 +1571,7 @@ static void run_denytest1(int dummy)
   this produces a matrix of deny mode behaviour for two opens on the
   same connection
  */
-static void run_denytest2(int dummy)
+static BOOL run_denytest2(int dummy)
 {
 	static struct cli_state cli1;
 	int fnum1, fnum2;
@@ -1415,9 +1596,10 @@ static void run_denytest2(int dummy)
 		{O_RDONLY, "O_RDONLY"},
 		{O_WRONLY, "O_WRONLY"},
 		{-1, NULL}};
+	BOOL correct = True;
 
 	if (!open_connection(&cli1)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 
@@ -1469,16 +1651,19 @@ static void run_denytest2(int dummy)
 		cli_unlink(&cli1, fnames[f]);
 	}
 
-	close_connection(&cli1);
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
 	
 	printf("finshed denytest2\n");
+	return correct;
 }
 
 /*
 test whether fnums and tids open on one VC are available on another (a major
 security hole)
 */
-static void run_fdpasstest(int dummy)
+static BOOL run_fdpasstest(int dummy)
 {
 	static struct cli_state cli1, cli2, cli3;
 	char *fname = "\\fdpass.tst";
@@ -1486,7 +1671,7 @@ static void run_fdpasstest(int dummy)
 	pstring buf;
 
 	if (!open_connection(&cli1) || !open_connection(&cli2)) {
-		return;
+		return False;
 	}
 	cli_sockopt(&cli1, sockops);
 	cli_sockopt(&cli2, sockops);
@@ -1498,12 +1683,12 @@ static void run_fdpasstest(int dummy)
 	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (cli_write(&cli1, fnum1, 0, "hello world\n", 0, 13) != 13) {
 		printf("write failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	cli3 = cli2;
@@ -1514,7 +1699,7 @@ static void run_fdpasstest(int dummy)
 	if (cli_read(&cli3, fnum1, buf, 0, 13) == 13) {
 		printf("read succeeded! nasty security hole [%s]\n",
 		       buf);
-		return;
+		return False;
 	}
 
 	cli_close(&cli1, fnum1);
@@ -1524,6 +1709,7 @@ static void run_fdpasstest(int dummy)
 	close_connection(&cli2);
 
 	printf("finished fdpasstest\n");
+	return True;
 }
 
 
@@ -1532,14 +1718,15 @@ static void run_fdpasstest(int dummy)
 
   1) the server does not allow an unlink on a file that is open
 */
-static void run_unlinktest(int dummy)
+static BOOL run_unlinktest(int dummy)
 {
 	static struct cli_state cli;
 	char *fname = "\\unlink.tst";
 	int fnum;
+	BOOL correct = True;
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	cli_sockopt(&cli, sockops);
@@ -1553,38 +1740,44 @@ static void run_unlinktest(int dummy)
 	fnum = cli_open(&cli, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli));
-		return;
+		return False;
 	}
 
 	if (cli_unlink(&cli, fname)) {
 		printf("error: server allowed unlink on an open file\n");
+		correct = False;
 	}
 
 	cli_close(&cli, fnum);
 	cli_unlink(&cli, fname);
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("unlink test finished\n");
+	
+	return correct;
 }
 
 
 /*
 test how many open files this server supports on the one socket
 */
-static void run_maxfidtest(int dummy)
+static BOOL run_maxfidtest(int dummy)
 {
 	static struct cli_state cli;
 	char *template = "\\maxfid.%d.%d";
 	fstring fname;
 	int fnum;
 	int retries=4;
+	BOOL correct = True;
 
 	cli = current_cli;
 
 	if (retries <= 0) {
 		printf("failed to connect\n");
-		return;
+		return False;
 	}
 
 	cli_sockopt(&cli, sockops);
@@ -1613,11 +1806,15 @@ static void run_maxfidtest(int dummy)
 		if (!cli_unlink(&cli, fname)) {
 			printf("unlink of %s failed (%s)\n", 
 			       fname, cli_errstr(&cli));
+			correct = False;
 		}
 	}
 
 	printf("maxfid test finished\n");
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
+	return correct;
 }
 
 /* generate a random buffer */
@@ -1630,29 +1827,34 @@ static void rand_buf(char *buf, int len)
 }
 
 /* send smb negprot commands, not reading the response */
-static void run_negprot_nowait(int dummy)
+static BOOL run_negprot_nowait(int dummy)
 {
 	int i;
 	static struct cli_state cli;
+	BOOL correct = True;
 
 	printf("starting negprot nowait test\n");
 
 	if (!open_nbt_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	for (i=0;i<50000;i++) {
 		cli_negprot_send(&cli);
 	}
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("finished negprot nowait test\n");
+
+	return correct;
 }
 
 
 /* send random IPC commands */
-static void run_randomipc(int dummy)
+static BOOL run_randomipc(int dummy)
 {
 	char *rparam = NULL;
 	char *rdata = NULL;
@@ -1660,11 +1862,12 @@ static void run_randomipc(int dummy)
 	pstring param;
 	int api, param_len, i;
 	static struct cli_state cli;
+	BOOL correct = True;
 
 	printf("starting random ipc test\n");
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	for (i=0;i<50000;i++) {
@@ -1682,15 +1885,19 @@ static void run_randomipc(int dummy)
 			&rdata, &rdrcnt);
 	}
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("finished random ipc test\n");
+
+	return correct;
 }
 
 
 
 static void browse_callback(const char *sname, uint32 stype, 
-			    const char *comment)
+			    const char *comment, void *state)
 {
 	printf("\t%20.20s %08x %s\n", sname, stype, comment);
 }
@@ -1701,46 +1908,53 @@ static void browse_callback(const char *sname, uint32 stype,
   This test checks the browse list code
 
 */
-static void run_browsetest(int dummy)
+static BOOL run_browsetest(int dummy)
 {
 	static struct cli_state cli;
+	BOOL correct = True;
 
 	printf("starting browse test\n");
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	printf("domain list:\n");
 	cli_NetServerEnum(&cli, cli.server_domain, 
 			  SV_TYPE_DOMAIN_ENUM,
-			  browse_callback);
+			  browse_callback, NULL);
 
 	printf("machine list:\n");
 	cli_NetServerEnum(&cli, cli.server_domain, 
 			  SV_TYPE_ALL,
-			  browse_callback);
+			  browse_callback, NULL);
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("browse test finished\n");
+
+	return correct;
+
 }
 
 
 /*
   This checks how the getatr calls works
 */
-static void run_attrtest(int dummy)
+static BOOL run_attrtest(int dummy)
 {
 	static struct cli_state cli;
 	int fnum;
 	time_t t, t2;
 	char *fname = "\\attrib.tst";
+	BOOL correct = True;
 
 	printf("starting attrib test\n");
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	cli_unlink(&cli, fname);
@@ -1749,42 +1963,51 @@ static void run_attrtest(int dummy)
 	cli_close(&cli, fnum);
 	if (!cli_getatr(&cli, fname, NULL, NULL, &t)) {
 		printf("getatr failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	}
 
 	if (abs(t - time(NULL)) > 2) {
 		printf("ERROR: SMBgetatr bug. time is %s",
 		       ctime(&t));
 		t = time(NULL);
+		correct = True;
 	}
 
 	t2 = t-60*60*24; /* 1 day ago */
 
 	if (!cli_setatr(&cli, fname, 0, t2)) {
 		printf("setatr failed (%s)\n", cli_errstr(&cli));
+		correct = True;
 	}
 
 	if (!cli_getatr(&cli, fname, NULL, NULL, &t)) {
 		printf("getatr failed (%s)\n", cli_errstr(&cli));
+		correct = True;
 	}
 
 	if (t != t2) {
 		printf("ERROR: getatr/setatr bug. times are\n%s",
 		       ctime(&t));
 		printf("%s", ctime(&t2));
+		correct = True;
 	}
 
 	cli_unlink(&cli, fname);
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("attrib test finished\n");
+
+	return correct;
 }
 
 
 /*
   This checks a couple of trans2 calls
 */
-static void run_trans2test(int dummy)
+static BOOL run_trans2test(int dummy)
 {
 	static struct cli_state cli;
 	int fnum;
@@ -1793,11 +2016,12 @@ static void run_trans2test(int dummy)
 	char *fname = "\\trans2.tst";
 	char *dname = "\\trans2";
 	char *fname2 = "\\trans2\\trans2.tst";
+	BOOL correct = True;
 
 	printf("starting trans2 test\n");
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	cli_unlink(&cli, fname);
@@ -1806,6 +2030,7 @@ static void run_trans2test(int dummy)
 	if (!cli_qfileinfo(&cli, fnum, NULL, &size, &c_time, &a_time, &m_time,
 			   NULL, NULL)) {
 		printf("ERROR: qfileinfo failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	}
 	cli_close(&cli, fnum);
 
@@ -1818,19 +2043,23 @@ static void run_trans2test(int dummy)
 
 	if (!cli_qpathinfo(&cli, fname, &c_time, &a_time, &m_time, &size, NULL)) {
 		printf("ERROR: qpathinfo failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	} else {
 		if (c_time != m_time) {
 			printf("create time=%s", ctime(&c_time));
 			printf("modify time=%s", ctime(&m_time));
 			printf("This system appears to have sticky create times\n");
+			correct = False;
 		}
 		if (a_time % (60*60) == 0) {
 			printf("access time=%s", ctime(&a_time));
 			printf("This system appears to set a midnight access time\n");
+			correct = False;
 		}
 
 		if (abs(m_time - time(NULL)) > 60*60*24*7) {
 			printf("ERROR: totally incorrect times - maybe word reversed?\n");
+			correct = False;
 		}
 	}
 
@@ -1842,10 +2071,12 @@ static void run_trans2test(int dummy)
 	if (!cli_qpathinfo2(&cli, fname, &c_time, &a_time, &m_time, 
 			    &w_time, &size, NULL, NULL)) {
 		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	} else {
 		if (w_time < 60*60*24*2) {
 			printf("write time=%s", ctime(&w_time));
 			printf("This system appears to set a initial 0 write time\n");
+			correct = False;
 		}
 	}
 
@@ -1856,11 +2087,13 @@ static void run_trans2test(int dummy)
            when creating a new file */
 	if (!cli_mkdir(&cli, dname)) {
 		printf("ERROR: mkdir failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	}
 	sleep(3);
 	if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time, 
 			    &w_time, &size, NULL, NULL)) {
 		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	}
 
 	fnum = cli_open(&cli, fname2, 
@@ -1870,33 +2103,96 @@ static void run_trans2test(int dummy)
 	if (!cli_qpathinfo2(&cli, "\\trans2\\", &c_time, &a_time, &m_time2, 
 			    &w_time, &size, NULL, NULL)) {
 		printf("ERROR: qpathinfo2 failed (%s)\n", cli_errstr(&cli));
+		correct = False;
 	} else {
-		if (m_time2 == m_time)
+		if (m_time2 == m_time) {
 			printf("This system does not update directory modification times\n");
+			correct = False;
+		}
 	}
 	cli_unlink(&cli, fname2);
 	cli_rmdir(&cli, dname);
 
-
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("trans2 test finished\n");
+
+	return correct;
+}
+
+/*
+  This checks new W2K calls.
+*/
+
+static BOOL new_trans(struct cli_state *pcli, int fnum, int level)
+{
+	char buf[4096];
+	BOOL correct = True;
+
+	memset(buf, 0xff, sizeof(buf));
+
+	if (!cli_qfileinfo_test(pcli, fnum, level, buf)) {
+		printf("ERROR: qfileinfo (%d) failed (%s)\n", level, cli_errstr(pcli));
+		correct = False;
+	} else {
+		printf("qfileinfo: level %d\n", level);
+		dump_data(0, buf, 256);
+		printf("\n");
+	}
+	return correct;
+}
+
+static BOOL run_w2ktest(int dummy)
+{
+	static struct cli_state cli;
+	int fnum;
+	char *fname = "\\w2ktest\\w2k.tst";
+	int level;
+	BOOL correct = True;
+
+	printf("starting w2k test\n");
+
+	if (!open_connection(&cli)) {
+		return False;
+	}
+
+	fnum = cli_open(&cli, fname, 
+			O_RDWR | O_CREAT , DENY_NONE);
+
+	for (level = 1004; level < 1040; level++) {
+		if (!new_trans(&cli, fnum, level)) {
+			correct = False;
+		}
+	}
+
+	cli_close(&cli, fnum);
+
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
+
+	printf("w2k test finished\n");
+	
+	return correct;
 }
 
 
 /*
   this is a harness for some oplock tests
  */
-static void run_oplock1(int dummy)
+static BOOL run_oplock1(int dummy)
 {
 	static struct cli_state cli1;
 	char *fname = "\\lockt1.lck";
 	int fnum1;
+	BOOL correct = True;
 
 	printf("starting oplock test 1\n");
 
 	if (!open_connection(&cli1)) {
-		return;
+		return False;
 	}
 
 	cli_unlink(&cli1, fname);
@@ -1908,7 +2204,7 @@ static void run_oplock1(int dummy)
 	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	cli1.use_oplocks = False;
@@ -1918,27 +2214,35 @@ static void run_oplock1(int dummy)
 
 	if (!cli_close(&cli1, fnum1)) {
 		printf("close2 failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_unlink(&cli1, fname)) {
 		printf("unlink failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
-
-	close_connection(&cli1);
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
 
 	printf("finished oplock test 1\n");
+
+	return correct;
 }
 
-static void run_oplock2(int dummy)
+static BOOL run_oplock2(int dummy)
 {
 	static struct cli_state cli1, cli2;
 	char *fname = "\\lockt2.lck";
 	int fnum1, fnum2;
 	int saved_use_oplocks = use_oplocks;
 	char buf[4];
+	BOOL correct = True;
+	volatile BOOL *shared_correct;
+
+	shared_correct = (volatile BOOL *)shm_setup(sizeof(BOOL));
+	*shared_correct = True;
 
 	use_level_II_oplocks = True;
 	use_oplocks = True;
@@ -1948,7 +2252,7 @@ static void run_oplock2(int dummy)
 	if (!open_connection(&cli1)) {
 		use_level_II_oplocks = False;
 		use_oplocks = saved_use_oplocks;
-		return;
+		return False;
 	}
 
 	cli1.use_oplocks = True;
@@ -1957,7 +2261,7 @@ static void run_oplock2(int dummy)
 	if (!open_connection(&cli2)) {
 		use_level_II_oplocks = False;
 		use_oplocks = saved_use_oplocks;
-		return;
+		return False;
 	}
 
 	cli2.use_oplocks = True;
@@ -1971,7 +2275,7 @@ static void run_oplock2(int dummy)
 	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	/* Don't need the globals any more. */
@@ -1983,6 +2287,7 @@ static void run_oplock2(int dummy)
 		fnum2 = cli_open(&cli2, fname, O_RDWR, DENY_NONE);
 		if (fnum2 == -1) {
 			printf("second open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+			*shared_correct = False;
 			exit(0);
 		}
 
@@ -1990,6 +2295,7 @@ static void run_oplock2(int dummy)
 
 		if (!cli_close(&cli2, fnum2)) {
 			printf("close2 failed (%s)\n", cli_errstr(&cli1));
+			*shared_correct = False;
 		}
 
 		exit(0);
@@ -2001,6 +2307,7 @@ static void run_oplock2(int dummy)
 
 	if (cli_read(&cli1, fnum1, buf, 0, 4) != 4) {
 		printf("read on fnum1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 
 	/* Should now be at level II. */
@@ -2008,6 +2315,7 @@ static void run_oplock2(int dummy)
 
 	if (!cli_lock(&cli1, fnum1, 0, 4, 0, READ_LOCK)) {
 		printf("lock failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 
 	cli_unlock(&cli1, fnum1, 0, 4);
@@ -2016,6 +2324,7 @@ static void run_oplock2(int dummy)
 
 	if (!cli_lock(&cli1, fnum1, 0, 4, 0, WRITE_LOCK)) {
 		printf("lock failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 
 	cli_unlock(&cli1, fnum1, 0, 4);
@@ -2027,107 +2336,121 @@ static void run_oplock2(int dummy)
 #if 0
 	if (cli_write(&cli1, fnum1, 0, buf, 0, 4) != 4) {
 		printf("write on fnum1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 #endif
 
 	if (!cli_close(&cli1, fnum1)) {
 		printf("close1 failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 
 	sleep(4);
 
 	if (!cli_unlink(&cli1, fname)) {
 		printf("unlink failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 
-	close_connection(&cli1);
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+
+	if (!*shared_correct) {
+		correct = False;
+	}
 
 	printf("finished oplock test 2\n");
+
+	return correct;
 }
 
+
 /*
   Test delete on close semantics.
  */
-static void run_deletetest(int dummy)
+static BOOL run_deletetest(int dummy)
 {
-    static struct cli_state cli1;
-    static struct cli_state cli2;
-    char *fname = "\\delete.file";
-    int fnum1, fnum2;
-
-    printf("starting delete test\n");
-
-    if (!open_connection(&cli1)) {
-        return;
-    }
-
+	static struct cli_state cli1;
+	static struct cli_state cli2;
+	char *fname = "\\delete.file";
+	int fnum1, fnum2;
+	BOOL correct = True;
+	
+	printf("starting delete test\n");
+	
+	if (!open_connection(&cli1)) {
+		return False;
+	}
+	
 	cli_sockopt(&cli1, sockops);
-
+	
 	/* Test 1 - this should *NOT* delete the file on close. */
-
+	
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
+	
 	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS, FILE_ATTRIBUTE_NORMAL,
-			FILE_SHARE_DELETE, FILE_OVERWRITE_IF, DELETE_ON_CLOSE_FLAG);
-
+				   FILE_SHARE_DELETE, FILE_OVERWRITE_IF, DELETE_ON_CLOSE_FLAG);
+	
 	if (fnum1 == -1) {
 		printf("[1] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[1] close failed (%s)\n", cli_errstr(&cli1));
+		return False;
 	}
 
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[1] close failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
-    fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
-    if (fnum1 == -1) {
-        printf("[1] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[1] close failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+	fnum1 = cli_open(&cli1, fname, O_RDWR, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("[1] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[1] close failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	printf("first delete on close test succeeded.\n");
-
+	
 	/* Test 2 - this should delete the file on close. */
-
+	
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
+	
 	fnum1 = cli_nt_create_full(&cli1, fname, GENERIC_ALL_ACCESS,
-			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
-
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_NONE, FILE_OVERWRITE_IF, 0);
+	
 	if (fnum1 == -1) {
 		printf("[2] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
-
+	
 	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[2] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[2] close failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
-    fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
-    if (fnum1 != -1) {
+		printf("[2] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[2] close failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
 		printf("[2] open of %s succeeded should have been deleted on close !\n", fname);
 		if (!cli_close(&cli1, fnum1)) {
 			printf("[2] close failed (%s)\n", cli_errstr(&cli1));
+			correct = False;
 		}
 		cli_unlink(&cli1, fname);
-    } else
+	} else
 		printf("second delete on close test succeeded.\n");
-
-
+	
+	
 	/* Test 3 - ... */
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
@@ -2137,7 +2460,7 @@ static void run_deletetest(int dummy)
 
 	if (fnum1 == -1) {
 		printf("[3] open - 1 of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	/* This should fail with a sharing violation - open for delete is only compatible
@@ -2148,7 +2471,7 @@ static void run_deletetest(int dummy)
 
 	if (fnum2 != -1) {
 		printf("[3] open  - 2 of %s succeeded - should have failed.\n", fname);
-		return;
+		return False;
 	}
 
 	/* This should succeed. */
@@ -2158,34 +2481,35 @@ static void run_deletetest(int dummy)
 
 	if (fnum2 == -1) {
 		printf("[3] open  - 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[3] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[3] close 1 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum2)) {
-        printf("[3] close 2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+		printf("[3] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[3] close 1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum2)) {
+		printf("[3] close 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* This should fail - file should no longer be there. */
 
-    fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
-    if (fnum1 != -1) {
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
 		printf("[3] open of %s succeeded should have been deleted on close !\n", fname);
 		if (!cli_close(&cli1, fnum1)) {
 			printf("[3] close failed (%s)\n", cli_errstr(&cli1));
 		}
 		cli_unlink(&cli1, fname);
-    } else
+		correct = False;
+	} else
 		printf("third delete on close test succeeded.\n");
 
 	/* Test 4 ... */
@@ -2197,7 +2521,7 @@ static void run_deletetest(int dummy)
 								
 	if (fnum1 == -1) {
 		printf("[4] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	/* This should succeed. */
@@ -2205,346 +2529,373 @@ static void run_deletetest(int dummy)
 			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
 	if (fnum2 == -1) {
 		printf("[4] open  - 2 of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
-
-    if (!cli_close(&cli1, fnum2)) {
-        printf("[4] close - 1 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+	
+	if (!cli_close(&cli1, fnum2)) {
+		printf("[4] close - 1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[4] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+		printf("[4] setting delete_on_close failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* This should fail - no more opens once delete on close set. */
 	fnum2 = cli_nt_create_full(&cli1, fname, GENERIC_READ_ACCESS,
-			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
 	if (fnum2 != -1) {
 		printf("[4] open  - 3 of %s succeeded ! Should have failed.\n", fname );
-		return;
-    } else
+		return False;
+	} else
 		printf("fourth delete on close test succeeded.\n");
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[4] close - 2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[4] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* Test 5 ... */
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
-    fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT, DENY_NONE);
+	
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	/* This should fail - only allowed on NT opens with DELETE access. */
 
 	if (cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[5] setting delete_on_close on OpenX file succeeded - should fail !\n");
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[5] close - 2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+		printf("[5] setting delete_on_close on OpenX file succeeded - should fail !\n");
+		return False;
+	}
 
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[5] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	printf("fifth delete on close test succeeded.\n");
-
+	
 	/* Test 6 ... */
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
+	
 	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA,
-			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
-			FILE_OVERWRITE_IF, 0);
-								
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+				   FILE_OVERWRITE_IF, 0);
+	
 	if (fnum1 == -1) {
 		printf("[6] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
-
+	
 	/* This should fail - only allowed on NT opens with DELETE access. */
-
+	
 	if (cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[6] setting delete_on_close on file with no delete access succeeded - should fail !\n");
-        return;
-    }
+		printf("[6] setting delete_on_close on file with no delete access succeeded - should fail !\n");
+		return False;
+	}
 
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[6] close - 2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[6] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
 
 	printf("sixth delete on close test succeeded.\n");
-
+	
 	/* Test 7 ... */
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
+	
 	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
-			FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, 0);
+				   FILE_ATTRIBUTE_NORMAL, 0, FILE_OVERWRITE_IF, 0);
 								
 	if (fnum1 == -1) {
 		printf("[7] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[7] setting delete_on_close on file failed !\n");
-        return;
-    }
-
+		printf("[7] setting delete_on_close on file failed !\n");
+		return False;
+	}
+	
 	if (!cli_nt_delete_on_close(&cli1, fnum1, False)) {
-        printf("[7] unsetting delete_on_close on file failed !\n");
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+		printf("[7] unsetting delete_on_close on file failed !\n");
+		return False;
+	}
 
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* This next open should succeed - we reset the flag. */
-
-    fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
 	if (fnum1 == -1) {
 		printf("[5] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[7] close - 2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
 
 	printf("seventh delete on close test succeeded.\n");
-
+	
 	/* Test 7 ... */
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
-    if (!open_connection(&cli2)) {
+	
+	if (!open_connection(&cli2)) {
 		printf("[8] failed to open second connection.\n");
-        return;
-    }
+		return False;
+	}
 
 	cli_sockopt(&cli1, sockops);
-
+	
 	fnum1 = cli_nt_create_full(&cli1, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
-			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 0);
-								
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OVERWRITE_IF, 0);
+	
 	if (fnum1 == -1) {
 		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	fnum2 = cli_nt_create_full(&cli2, fname, FILE_READ_DATA|FILE_WRITE_DATA|DELETE_ACCESS,
-			FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
-								
+				   FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, FILE_OPEN, 0);
+	
 	if (fnum2 == -1) {
 		printf("[8] open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (!cli_nt_delete_on_close(&cli1, fnum1, True)) {
-        printf("[8] setting delete_on_close on file failed !\n");
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("[8] close - 1 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+		printf("[8] setting delete_on_close on file failed !\n");
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("[8] close - 1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
 
-    if (!cli_close(&cli2, fnum2)) {
-        printf("[8] close - 2 failed (%s)\n", cli_errstr(&cli2));
-        return;
-    }
+	if (!cli_close(&cli2, fnum2)) {
+		printf("[8] close - 2 failed (%s)\n", cli_errstr(&cli2));
+		return False;
+	}
 
 	/* This should fail.. */
-    fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
-    if (fnum1 != -1) {
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_NONE);
+	if (fnum1 != -1) {
 		printf("[8] open of %s succeeded should have been deleted on close !\n", fname);
 		if (!cli_close(&cli1, fnum1)) {
 			printf("[8] close failed (%s)\n", cli_errstr(&cli1));
 		}
 		cli_unlink(&cli1, fname);
-    } else
+		correct = False;
+	} else
 		printf("eighth delete on close test succeeded.\n");
 
-    printf("finished delete test\n");
-
+	printf("finished delete test\n");
+	
 	cli_setatr(&cli1, fname, 0, 0);
 	cli_unlink(&cli1, fname);
-
-    close_connection(&cli1);
-    close_connection(&cli2);
+	
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+	if (!close_connection(&cli2)) {
+		correct = False;
+	}
+	return correct;
 }
 
 /*
   Test open mode returns on read-only files.
  */
-static void run_opentest(int dummy)
+static BOOL run_opentest(int dummy)
 {
-    static struct cli_state cli1;
-    char *fname = "\\readonly.file";
-    int fnum1, fnum2;
+	static struct cli_state cli1;
+	char *fname = "\\readonly.file";
+	int fnum1, fnum2;
 	uint8 eclass;
 	uint32 errnum;
 	char buf[20];
 	size_t fsize;
+	BOOL correct = True;
 
-    printf("starting open test\n");
-
-    if (!open_connection(&cli1)) {
-        return;
-    }
-
+	printf("starting open test\n");
+	
+	if (!open_connection(&cli1)) {
+		return False;
+	}
+	
 	cli_setatr(&cli1, fname, 0, 0);
-    cli_unlink(&cli1, fname);
-
-    cli_sockopt(&cli1, sockops);
-
-    fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
-    if (fnum1 == -1) {
-        printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("close2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+	cli_unlink(&cli1, fname);
+	
+	cli_sockopt(&cli1, sockops);
+	
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
 
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	if (!cli_setatr(&cli1, fname, aRONLY, 0)) {
 		printf("cli_setatr failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
-
-    fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
-    if (fnum1 == -1) {
-        printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-        return;
-    }
-
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* This will fail - but the error should be ERRnoaccess, not ERRbadshare. */
-    fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
-
+	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
+	
 	cli_error( &cli1, &eclass, &errnum, NULL);
-
+	
 	if (eclass != ERRDOS || errnum != ERRnoaccess) {
 		printf("wrong error code (%x,%x) = %s\n", (unsigned int)eclass,
-				(unsigned int)errnum, cli_errstr(&cli1) );
+		       (unsigned int)errnum, cli_errstr(&cli1) );
+		correct = False;
 	} else {
 		printf("correct error code ERRDOS/ERRnoaccess returned\n");
 	}
-
 	
-    printf("finished open test 1\n");
-
+	
+	printf("finished open test 1\n");
+	
 	cli_close(&cli1, fnum1);
-
+	
 	/* Now try not readonly and ensure ERRbadshare is returned. */
-
+	
 	cli_setatr(&cli1, fname, 0, 0);
-
-    fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
-    if (fnum1 == -1) {
-        printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
-        return;
-    }
-
+	
+	fnum1 = cli_open(&cli1, fname, O_RDONLY, DENY_WRITE);
+	if (fnum1 == -1) {
+		printf("open of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* This will fail - but the error should be ERRshare. */
-    fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
-
+	fnum2 = cli_open(&cli1, fname, O_RDWR, DENY_ALL);
+	
 	cli_error( &cli1, &eclass, &errnum, NULL);
 
 	if (eclass != ERRDOS || errnum != ERRbadshare) {
 		printf("wrong error code (%x,%x) = %s\n", (unsigned int)eclass,
-				(unsigned int)errnum, cli_errstr(&cli1) );
+		       (unsigned int)errnum, cli_errstr(&cli1) );
+		correct = False;
 	} else {
 		printf("correct error code ERRDOS/ERRbadshare returned\n");
 	}
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("close2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	cli_unlink(&cli1, fname);
-
-    printf("finished open test 2\n");
-
+	
+	printf("finished open test 2\n");
+	
 	/* Test truncate open disposition on file opened for read. */
-
-    fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
-    if (fnum1 == -1) {
-        printf("(3) open (1) of %s failed (%s)\n", fname, cli_errstr(&cli1));
-        return;
-    }
-
+	
+	fnum1 = cli_open(&cli1, fname, O_RDWR|O_CREAT|O_EXCL, DENY_NONE);
+	if (fnum1 == -1) {
+		printf("(3) open (1) of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* write 20 bytes. */
-
+	
 	memset(buf, '\0', 20);
 
 	if (cli_write(&cli1, fnum1, 0, buf, 0, 20) != 20) {
 		printf("write failed (%s)\n", cli_errstr(&cli1));
+		correct = False;
 	}
 
-    if (!cli_close(&cli1, fnum1)) {
-        printf("(3) close1 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
-
+	if (!cli_close(&cli1, fnum1)) {
+		printf("(3) close1 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
+	
 	/* Ensure size == 20. */
 	if (!cli_getatr(&cli1, fname, NULL, &fsize, NULL)) {
 		printf("(3) getatr failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
-
+	
 	if (fsize != 20) {
 		printf("(3) file size != 20\n");
-		return;
+		return False;
 	}
 
 	/* Now test if we can truncate a file opened for readonly. */
-
+	
 	fnum1 = cli_open(&cli1, fname, O_RDONLY|O_TRUNC, DENY_NONE);
-    if (fnum1 == -1) {
-        printf("(3) open (2) of %s failed (%s)\n", fname, cli_errstr(&cli1));
-        return;
-    }
-
-    if (!cli_close(&cli1, fnum1)) {
-        printf("close2 failed (%s)\n", cli_errstr(&cli1));
-        return;
-    }
+	if (fnum1 == -1) {
+		printf("(3) open (2) of %s failed (%s)\n", fname, cli_errstr(&cli1));
+		return False;
+	}
+	
+	if (!cli_close(&cli1, fnum1)) {
+		printf("close2 failed (%s)\n", cli_errstr(&cli1));
+		return False;
+	}
 
 	/* Ensure size == 0. */
 	if (!cli_getatr(&cli1, fname, NULL, &fsize, NULL)) {
 		printf("(3) getatr failed (%s)\n", cli_errstr(&cli1));
-		return;
+		return False;
 	}
 
 	if (fsize != 0) {
 		printf("(3) file size != 0\n");
-		return;
+		return False;
 	}
-    printf("finished open test 3\n");
-
+	printf("finished open test 3\n");
+	
 	cli_unlink(&cli1, fname);
 
-    close_connection(&cli1);
 
+	printf("testing ctemp\n");
+	{
+		char *tmp_path;
+		fnum1 = cli_ctemp(&cli1, "\\", &tmp_path);
+		if (fnum1 == -1) {
+			printf("ctemp failed (%s)\n", cli_errstr(&cli1));
+			return False;
+		}
+		printf("ctemp gave path %s\n", tmp_path);
+		cli_close(&cli1, fnum1);
+		cli_unlink(&cli1, tmp_path);
+	}
+	
+	if (!close_connection(&cli1)) {
+		correct = False;
+	}
+	
+	return correct;
 }
 
-static void list_fn(file_info *finfo, const char *name)
+static void list_fn(file_info *finfo, const char *name, void *state)
 {
 	
 }
@@ -2552,17 +2903,18 @@ static void list_fn(file_info *finfo, const char *name)
 /*
   test directory listing speed
  */
-static void run_dirtest(int dummy)
+static BOOL run_dirtest(int dummy)
 {
 	int i;
 	static struct cli_state cli;
 	int fnum;
 	double t1;
+	BOOL correct = True;
 
 	printf("starting directory test\n");
 
 	if (!open_connection(&cli)) {
-		return;
+		return False;
 	}
 
 	cli_sockopt(&cli, sockops);
@@ -2574,16 +2926,16 @@ static void run_dirtest(int dummy)
 		fnum = cli_open(&cli, fname, O_RDWR|O_CREAT, DENY_NONE);
 		if (fnum == -1) {
 			fprintf(stderr,"Failed to open %s\n", fname);
-			return;
+			return False;
 		}
 		cli_close(&cli, fnum);
 	}
 
 	t1 = end_timer();
 
-	printf("Matched %d\n", cli_list(&cli, "a*.*", 0, list_fn));
-	printf("Matched %d\n", cli_list(&cli, "b*.*", 0, list_fn));
-	printf("Matched %d\n", cli_list(&cli, "xyzabc", 0, list_fn));
+	printf("Matched %d\n", cli_list(&cli, "a*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(&cli, "b*.*", 0, list_fn, NULL));
+	printf("Matched %d\n", cli_list(&cli, "xyzabc", 0, list_fn, NULL));
 
 	printf("dirtest core %g seconds\n", end_timer() - t1);
 
@@ -2594,31 +2946,43 @@ static void run_dirtest(int dummy)
 		cli_unlink(&cli, fname);
 	}
 
-	close_connection(&cli);
+	if (!close_connection(&cli)) {
+		correct = False;
+	}
 
 	printf("finished dirtest\n");
+
+	return correct;
 }
 
 
 
-static double create_procs(void (*fn)(int))
+static double create_procs(BOOL (*fn)(int), BOOL *result)
 {
 	int i, status;
-	volatile int *child_status;
+	volatile pid_t *child_status;
+	volatile BOOL *child_status_out;
 	int synccount;
 	int tries = 8;
 
-	start_timer();
-
 	synccount = 0;
 
-	child_status = (volatile int *)shm_setup(sizeof(int)*nprocs);
+	child_status = (volatile pid_t *)shm_setup(sizeof(pid_t)*nprocs);
 	if (!child_status) {
 		printf("Failed to setup shared memory\n");
-		return end_timer();
+		return -1;
 	}
 
-	memset((char *)child_status, 0, sizeof(int)*nprocs);
+	child_status_out = (volatile BOOL *)shm_setup(sizeof(BOOL)*nprocs);
+	if (!child_status_out) {
+		printf("Failed to setup result status shared memory\n");
+		return -1;
+	}
+
+	memset(child_status, 0, sizeof(pid_t)*nprocs);
+	memset(child_status_out, True, sizeof(BOOL)*nprocs);
+
+	start_timer();
 
 	for (i=0;i<nprocs;i++) {
 		procnum = i;
@@ -2635,14 +2999,14 @@ static double create_procs(void (*fn)(int))
 					printf("pid %d failed to start\n", (int)getpid());
 					_exit(1);
 				}
-				msleep(10);
+				msleep(10);	
 			}
 
 			child_status[i] = getpid();
 
 			while (child_status[i]) msleep(2);
 
-			fn(i);
+			child_status_out[i] = fn(i);
 			_exit(0);
 		}
 	}
@@ -2658,6 +3022,7 @@ static double create_procs(void (*fn)(int))
 
 	if (synccount != nprocs) {
 		printf("FAILED TO START %d CLIENTS (started %d)\n", nprocs, synccount);
+		*result = False;
 		return end_timer();
 	}
 
@@ -2674,7 +3039,14 @@ static double create_procs(void (*fn)(int))
 		waitpid(0, &status, 0);
 		printf("*");
 	}
+
 	printf("\n");
+	
+	for (i=0;i<nprocs;i++) {
+		if (!child_status_out[i]) {
+			*result = False;
+		}
+	}
 	return end_timer();
 }
 
@@ -2683,7 +3055,7 @@ static double create_procs(void (*fn)(int))
 
 static struct {
 	char *name;
-	void (*fn)(int);
+	BOOL (*fn)(int);
 	unsigned flags;
 } torture_ops[] = {
 	{"FDPASS", run_fdpasstest, 0},
@@ -2710,8 +3082,10 @@ static struct {
 	{"TCON",  run_tcon_test, 0},
 	{"RW1",  run_readwritetest, 0},
 	{"RW2",  run_readwritemulti, FLAG_MULTIPROC},
+	{"RW3",  run_readwritelarge, 0},
 	{"OPEN", run_opentest, 0},
 	{"DELETE", run_deletetest, 0},
+	{"W2K", run_w2ktest, 0},
 	{NULL, NULL, 0}};
 
 
@@ -2719,9 +3093,12 @@ static struct {
 /****************************************************************************
 run a specified test or "ALL"
 ****************************************************************************/
-static void run_test(char *name)
+static BOOL run_test(char *name)
 {
+	BOOL ret = True;
+	BOOL result = True;
 	int i;
+	double t;
 	if (strequal(name,"ALL")) {
 		for (i=0;torture_ops[i].name;i++) {
 			run_test(torture_ops[i].name);
@@ -2729,20 +3106,30 @@ static void run_test(char *name)
 	}
 	
 	for (i=0;torture_ops[i].name;i++) {
-		fstrcpy(randomfname, "\\XXXXXXX");
-		mktemp(randomfname);
+		snprintf(randomfname, sizeof(randomfname), "\\XX%x", 
+			 (unsigned)random());
 
 		if (strequal(name, torture_ops[i].name)) {
-			start_timer();
 			printf("Running %s\n", name);
 			if (torture_ops[i].flags & FLAG_MULTIPROC) {
-				create_procs(torture_ops[i].fn);
+				t = create_procs(torture_ops[i].fn, &result);
+				if (!result) { 
+					ret = False;
+					printf("TEST %s FAILED!\n", name);
+				}
+					 
 			} else {
-				torture_ops[i].fn(0);
+				start_timer();
+				if (!torture_ops[i].fn(0)) {
+					ret = False;
+					printf("TEST %s FAILED!\n", name);
+				}
+				t = end_timer();
 			}
-			printf("%s took %g secs\n\n", name, end_timer());
+			printf("%s took %g secs\n\n", name, t);
 		}
 	}
+	return ret;
 }
 
 
@@ -2790,13 +3177,19 @@ static void usage(void)
 	extern int optind;
 	extern FILE *dbf;
 	static pstring servicesf = CONFIGFILE;
+	BOOL correct = True;
 
 	dbf = stdout;
 
+#ifdef HAVE_SETBUFFER
 	setbuffer(stdout, NULL, 0);
-
+#endif
 	charset_initialise();
-
+		
+	codepage_initialise(lp_client_code_page());
+		
+	codepage_initialise(lp_client_code_page());
+                                                                                         
 	lp_load(servicesf,True,False,False);
 	load_interfaces();
 
@@ -2886,12 +3279,18 @@ static void usage(void)
 	       host, share, username, myname);
 
 	if (argc == 1) {
-		run_test("ALL");
+		correct = run_test("ALL");
 	} else {
 		for (i=1;i<argc;i++) {
-			run_test(argv[i]);
+			if (!run_test(argv[i])) {
+				correct = False;
+			}
 		}
 	}
 
-	return(0);
+	if (correct) {
+		return(0);
+	} else {
+		return(1);
+	}
 }
diff --git a/source/web/statuspage.c b/source/web/statuspage.c
index 27a40d16958..f3b07425b78 100644
--- a/source/web/statuspage.c
+++ b/source/web/statuspage.c
@@ -1,6 +1,6 @@
 /* 
    Unix SMB/Netbios implementation.
-   Version 1.9.
+   Version 2.2.
    web status page
    Copyright (C) Andrew Tridgell 1997-1998
    
@@ -76,6 +76,10 @@ static void print_share_mode(share_mode_entry *e, char *fname)
 static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
 {
 	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
 	memcpy(&crec, dbuf.dptr, sizeof(crec));
 
 	if (crec.cnum == -1 && process_exists(crec.pid)) {
@@ -92,10 +96,14 @@ static int traverse_fn1(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* st
 static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
 {
 	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
 	memcpy(&crec, dbuf.dptr, sizeof(crec));
 	
-	if (crec.cnum != -1 || !process_exists(crec.pid) ||
-	    (crec.pid == smbd_pid)) return 0;
+	if (crec.cnum != -1 || !process_exists(crec.pid) || (crec.pid == smbd_pid))
+		return 0;
 
 	printf("<tr><td>%d</td><td>%s</td><td>%s</td><td>%s</td>\n",
 	       (int)crec.pid,
@@ -114,9 +122,14 @@ static int traverse_fn2(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* st
 static int traverse_fn3(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void* state)
 {
 	struct connections_data crec;
+
+	if (dbuf.dsize != sizeof(crec))
+		return 0;
+
 	memcpy(&crec, dbuf.dptr, sizeof(crec));
 
-	if (crec.cnum == -1 || !process_exists(crec.pid)) return 0;
+	if (crec.cnum == -1 || !process_exists(crec.pid))
+		return 0;
 
 	printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%d</td><td>%s</td><td>%s</td></tr>\n",
 	       crec.name,uidtoname(crec.uid),
@@ -174,7 +187,7 @@ void status_page(void)
 		refresh_interval = atoi(v);
 	}
 
-	tdb = tdb_open(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
+	tdb = tdb_open_log(lock_path("connections.tdb"), 0, 0, O_RDONLY, 0);
 	if (tdb) tdb_traverse(tdb, traverse_fn1, NULL);
 
 	printf("<H2>Server Status</H2>\n");
@@ -278,4 +291,3 @@ void status_page(void)
 		printf("//-->\n</script>\n");
 	}
 }
-
diff --git a/source/web/swat.c b/source/web/swat.c
index 54b8b27a6dd..2a141e9898e 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -344,6 +344,7 @@ static void write_config(FILE *f, BOOL show_defaults, char *(*dos_to_ext)(char *
 static int save_reload(int snum)
 {
 	FILE *f;
+	struct stat st;
 
 	f = sys_fopen(servicesf,"w");
 	if (!f) {
@@ -351,6 +352,12 @@ static int save_reload(int snum)
 		return 0;
 	}
 
+	/* just in case they have used the buggy xinetd to create the file */
+	if (fstat(fileno(f), &st) == 0 &&
+	    (st.st_mode & S_IWOTH)) {
+		fchmod(fileno(f), S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
+	}
+
 	write_config(f, False, _dos_to_unix);
 	if (snum)
 		lp_dump_one(f, False, snum, _dos_to_unix);
@@ -419,7 +426,7 @@ static void commit_parameters(int snum)
 ****************************************************************************/
 static void image_link(char *name,char *hlink, char *src)
 {
-	printf("<A HREF=\"%s/%s\"><img src=\"/swat/%s\" alt=\"%s\"></A>\n", 
+	printf("<A HREF=\"%s/%s\"><img border=\"0\" src=\"/swat/%s\" alt=\"%s\"></A>\n", 
 	       cgi_baseurl(), hlink, src, name);
 }
 
@@ -984,6 +991,7 @@ static void printers_page(void)
 	char *page;
 
 	fault_setup(NULL);
+	umask(S_IWGRP | S_IWOTH);
 
 #if defined(HAVE_SET_AUTH_PARAMETERS)
 	set_auth_parameters(argc, argv);
diff --git a/swat/help/welcome.html b/swat/help/welcome.html
index db3b2ae0914..1c23d35a27c 100644
--- a/swat/help/welcome.html
+++ b/swat/help/welcome.html
@@ -57,6 +57,8 @@ Please choose a configuration action using one of the above buttons
      <li><a href="/swat/help/OS2-Client-HOWTO.html">OS/2 Clients and Samba</a>
      <li><a href="/swat/help/printer_driver2.html">Printing under Samba 2.2.x</a>
      <li><a href="/swat/help/UNIX_INSTALL.html">HOWTO Install and Test Samba</a>
+     <li><a href="/swat/help/Integrating-with-Windows.html">Integrating Name Resolution and Authentication Services</a>
+     <li><a href="/swat/help/CVS-Access.html">CVS Access to Samba code</a>
    </ul>
 </ul>