195 files changed, 33016 insertions, 40021 deletions

diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2
new file mode 100644
index 00000000000..49a8fbf4ae1
--- /dev/null
+++ b/docs/README.Win2kSP2
@@ -0,0 +1,56 @@
+!==
+!== README.Win2kSP2
+!==
+
+Author:		Gerald (Jerry) Carter <jerry@samba.org>
+
+==================================================================
+
+There are several annoyances with Windows 2000 SP2. One of which
+only appears when using a Samba server to host user profiles
+to Windows 2000 SP2 clients in a Windows domain.  This assumes
+that Samba is a member of the domain, but the problem will
+likely occur if it is not.
+
+In order to server profiles successfully to Windows 2000 SP2 
+clients (when not operating as a PDC), Samba must have 
+
+	nt acl support = no
+
+added to the file share which houses the roaming profiles.
+If this is not done, then the Windows 2000 SP2 client will
+complain about not being able to access the profile (Access 
+Denied) and create multiple copies of it on disk (DOMAIN.user.001,
+DOMAIN.user.002, etc...).  See the smb.conf(5) man page
+for more details on this option.  Also note that the "nt acl support"
+parameter was formally a global parameter in releases prior
+to Samba 2.2.2.
+
+The following is a minimal profile share
+
+	[profile]
+		path = /export/profile
+		create mask = 0600
+		directory mask = 0700
+		nt acl support = no
+		read only = no
+
+The reason for this bug is that the Win2k SP2 client copies
+the security descriptor for the profile which contains
+the Samba server's SID, and not the domain SID.  The client
+compares the SID for SAMBA\user and realizes it is
+different that the one assigned to DOMAIN\user.  Hence the reason
+for the "access denied" message.
+
+By disabling the "nt acl support" parameter, Samba will send
+the Win2k client a response to the QuerySecurityDescriptor
+trans2 call which causes the client to set a default ACL
+for the profile. This default ACL includes 
+
+	DOMAIN\user 	"Full Control"
+
+
+NOTE : This bug does not occur when using winbind to
+create accounts on the Samba host for Domain users.
+
+
diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses
index 4646da83cf2..07f03360cbc 100644
--- a/docs/README.Win32-Viruses
+++ b/docs/README.Win32-Viruses
@@ -1,9 +1,9 @@
-While this article is specific to the Nimda worm, 
+While this article is specific to the recent Nimda worm, 
 the information can be applied to preventing the spread
 of many Win32 viruses.  Thanks to the Samba Users Group of Japan
 (SUGJ) for this article.
 ===============================================================================
-Steps against Nimba Worm for Samba
+Steps againt Nimba Worm for Samba
 
 Author: HASEGAWA Yosuke
 Translator: TAKAHASHI Motonobu <monyo@samba.gr.jp>
@@ -14,11 +14,11 @@ The information in this article applies to
     Windows 95/98/Me/NT/2000
 
 SYMPTOMS
-  This article describes measures against Nimba Worm for Samba
+  This article has described the measure against Nimba Worm for Samba
   server.
 
 DESCRIPTION
-  Nimba Worm is infected through shared disks on a network, as well as through
+  Nimba Worm is infected through the shared disk on a network besides
   Microsoft IIS, Internet Explorer and mailer of Outlook series.
 
   At this time, the worm copies itself by the name *.nws and *.eml on
@@ -36,22 +36,23 @@ DESCRIPTION
   veto files = /*.eml/*.nws/riched20.dll/
 -----
 
-  By setting the "veto files" parameter, matched files on the Samba
-  server are completely hidden from the clients and making it impossible
+  Setting up "veto files" parameter, the matched files on the Samba
+  server are completely hidden from the clients and become impossible
   to access them at all.
 
-  In addition to it, the following setting is also pointed out by the
+  In addition to it, the following setting are also pointed out by the
   samba-jp:09448 thread: when the
-  "readme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}" file exists on
-  a Samba server, it is visible only as "readme.txt" and dangerous
-  code may be executed if this file is double-clicked.
+  "(Jreadme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}"(B file exists on
+  a Samba server, it is visible only with "readme.txt" and a dangerous
+  code may be performed when this file is double-clicked.
 
   Setting the following,
 -----
   veto files = /*.{*}/
 -----
-  any files having CLSID in its file extension will be inaccessible from any
+  no files having CLSID in its file extension can be accessed from any
   clients.
 
 This technical article is created based on the discussion of
 samba-jp:09448 and samba-jp:10900 threads.
+
diff --git a/docs/Samba-Developers-Guide.pdf b/docs/Samba-Developers-Guide.pdf
deleted file mode 100644
index 0f2c716a6d5..00000000000
--- a/docs/Samba-Developers-Guide.pdf
+++ /dev/null
@@ -1,2228 +0,0 @@
-%PDF-1.3
-%âãÏÓ
-1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020930200402+0500)/Title(SAMBA Developers Guide)/Creator(Modular DocBook HTML Stylesheet Version 1.76b+)>>endobj
-2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj
-3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj
-4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Oblique/Encoding 2 0 R>>endobj
-5 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Roman/Encoding 2 0 R>>endobj
-6 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Bold/Encoding 2 0 R>>endobj
-7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Italic/Encoding 2 0 R>>endobj
-8 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-BoldItalic/Encoding 2 0 R>>endobj
-9 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
-10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
-11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
-12 0 obj<</Subtype/Link/Rect[72.0 684.0 197.9 697.0]/Border[0 0 0]/Dest[467 0 R/XYZ 0 734 0]>>endobj
-13 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[467 0 R/XYZ 0 696 0]>>endobj
-14 0 obj<</Subtype/Link/Rect[72.0 644.4 112.9 657.4]/Border[0 0 0]/Dest[467 0 R/XYZ 0 734 0]>>endobj
-15 0 obj<</Subtype/Link/Rect[72.0 618.0 356.5 631.0]/Border[0 0 0]/Dest[475 0 R/XYZ 0 734 0]>>endobj
-16 0 obj<</Subtype/Link/Rect[108.0 604.8 154.4 617.8]/Border[0 0 0]/Dest[475 0 R/XYZ 0 672 0]>>endobj
-17 0 obj<</Subtype/Link/Rect[108.0 591.6 218.3 604.6]/Border[0 0 0]/Dest[475 0 R/XYZ 0 201 0]>>endobj
-18 0 obj<</Subtype/Link/Rect[108.0 578.4 181.0 591.4]/Border[0 0 0]/Dest[477 0 R/XYZ 0 705 0]>>endobj
-19 0 obj<</Subtype/Link/Rect[72.0 552.0 167.0 565.0]/Border[0 0 0]/Dest[479 0 R/XYZ 0 734 0]>>endobj
-20 0 obj<</Subtype/Link/Rect[108.0 538.8 162.4 551.8]/Border[0 0 0]/Dest[479 0 R/XYZ 0 696 0]>>endobj
-21 0 obj<</Subtype/Link/Rect[108.0 525.6 225.3 538.6]/Border[0 0 0]/Dest[479 0 R/XYZ 0 529 0]>>endobj
-22 0 obj<</Subtype/Link/Rect[108.0 512.4 179.8 525.4]/Border[0 0 0]/Dest[479 0 R/XYZ 0 335 0]>>endobj
-23 0 obj<</Subtype/Link/Rect[108.0 499.2 181.0 512.2]/Border[0 0 0]/Dest[481 0 R/XYZ 0 734 0]>>endobj
-24 0 obj<</Subtype/Link/Rect[108.0 486.0 167.0 499.0]/Border[0 0 0]/Dest[481 0 R/XYZ 0 434 0]>>endobj
-25 0 obj<</Subtype/Link/Rect[72.0 459.6 200.0 472.6]/Border[0 0 0]/Dest[483 0 R/XYZ 0 734 0]>>endobj
-26 0 obj<</Subtype/Link/Rect[108.0 446.4 195.4 459.4]/Border[0 0 0]/Dest[483 0 R/XYZ 0 696 0]>>endobj
-27 0 obj<</Subtype/Link/Rect[108.0 433.2 204.5 446.2]/Border[0 0 0]/Dest[485 0 R/XYZ 0 718 0]>>endobj
-28 0 obj<</Subtype/Link/Rect[108.0 420.0 228.4 433.0]/Border[0 0 0]/Dest[487 0 R/XYZ 0 718 0]>>endobj
-29 0 obj<</Subtype/Link/Rect[108.0 406.8 225.9 419.8]/Border[0 0 0]/Dest[487 0 R/XYZ 0 493 0]>>endobj
-30 0 obj<</Subtype/Link/Rect[108.0 393.6 174.9 406.6]/Border[0 0 0]/Dest[489 0 R/XYZ 0 734 0]>>endobj
-31 0 obj<</Subtype/Link/Rect[126.0 380.4 166.3 393.4]/Border[0 0 0]/Dest[489 0 R/XYZ 0 700 0]>>endobj
-32 0 obj<</Subtype/Link/Rect[126.0 367.2 164.5 380.2]/Border[0 0 0]/Dest[489 0 R/XYZ 0 602 0]>>endobj
-33 0 obj<</Subtype/Link/Rect[126.0 354.0 217.0 367.0]/Border[0 0 0]/Dest[489 0 R/XYZ 0 491 0]>>endobj
-34 0 obj<</Subtype/Link/Rect[72.0 327.6 164.0 340.6]/Border[0 0 0]/Dest[491 0 R/XYZ 0 734 0]>>endobj
-35 0 obj<</Subtype/Link/Rect[72.0 301.2 149.9 314.2]/Border[0 0 0]/Dest[495 0 R/XYZ 0 734 0]>>endobj
-36 0 obj<</Subtype/Link/Rect[108.0 288.0 194.4 301.0]/Border[0 0 0]/Dest[495 0 R/XYZ 0 696 0]>>endobj
-37 0 obj<</Subtype/Link/Rect[108.0 274.8 189.9 287.8]/Border[0 0 0]/Dest[495 0 R/XYZ 0 568 0]>>endobj
-38 0 obj<</Subtype/Link/Rect[108.0 261.6 205.4 274.6]/Border[0 0 0]/Dest[497 0 R/XYZ 0 705 0]>>endobj
-39 0 obj<</Subtype/Link/Rect[126.0 248.4 196.0 261.4]/Border[0 0 0]/Dest[497 0 R/XYZ 0 630 0]>>endobj
-40 0 obj<</Subtype/Link/Rect[126.0 235.2 194.7 248.2]/Border[0 0 0]/Dest[497 0 R/XYZ 0 571 0]>>endobj
-41 0 obj<</Subtype/Link/Rect[126.0 222.0 218.3 235.0]/Border[0 0 0]/Dest[497 0 R/XYZ 0 513 0]>>endobj
-42 0 obj<</Subtype/Link/Rect[126.0 208.8 194.7 221.8]/Border[0 0 0]/Dest[497 0 R/XYZ 0 455 0]>>endobj
-43 0 obj<</Subtype/Link/Rect[126.0 195.6 192.3 208.6]/Border[0 0 0]/Dest[497 0 R/XYZ 0 383 0]>>endobj
-44 0 obj<</Subtype/Link/Rect[126.0 182.4 200.9 195.4]/Border[0 0 0]/Dest[497 0 R/XYZ 0 325 0]>>endobj
-45 0 obj<</Subtype/Link/Rect[126.0 169.2 198.4 182.2]/Border[0 0 0]/Dest[497 0 R/XYZ 0 266 0]>>endobj
-46 0 obj<</Subtype/Link/Rect[126.0 156.0 217.0 169.0]/Border[0 0 0]/Dest[497 0 R/XYZ 0 208 0]>>endobj
-47 0 obj<</Subtype/Link/Rect[126.0 142.8 214.6 155.8]/Border[0 0 0]/Dest[497 0 R/XYZ 0 149 0]>>endobj
-48 0 obj<</Subtype/Link/Rect[126.0 129.6 223.2 142.6]/Border[0 0 0]/Dest[499 0 R/XYZ 0 734 0]>>endobj
-49 0 obj<</Subtype/Link/Rect[126.0 116.4 220.7 129.4]/Border[0 0 0]/Dest[499 0 R/XYZ 0 675 0]>>endobj
-50 0 obj<</Subtype/Link/Rect[126.0 103.2 202.1 116.2]/Border[0 0 0]/Dest[499 0 R/XYZ 0 617 0]>>endobj
-51 0 obj<</Subtype/Link/Rect[126.0 90.0 199.6 103.0]/Border[0 0 0]/Dest[499 0 R/XYZ 0 558 0]>>endobj
-52 0 obj<</Subtype/Link/Rect[126.0 76.8 224.4 89.8]/Border[0 0 0]/Dest[499 0 R/XYZ 0 500 0]>>endobj
-53 0 obj<</Subtype/Link/Rect[126.0 63.6 221.9 76.6]/Border[0 0 0]/Dest[499 0 R/XYZ 0 428 0]>>endobj
-54 0 obj[12 0 R
-13 0 R
-14 0 R
-15 0 R
-16 0 R
-17 0 R
-18 0 R
-19 0 R
-20 0 R
-21 0 R
-22 0 R
-23 0 R
-24 0 R
-25 0 R
-26 0 R
-27 0 R
-28 0 R
-29 0 R
-30 0 R
-31 0 R
-32 0 R
-33 0 R
-34 0 R
-35 0 R
-36 0 R
-37 0 R
-38 0 R
-39 0 R
-40 0 R
-41 0 R
-42 0 R
-43 0 R
-44 0 R
-45 0 R
-46 0 R
-47 0 R
-48 0 R
-49 0 R
-50 0 R
-51 0 R
-52 0 R
-53 0 R]endobj
-55 0 obj<</Subtype/Link/Rect[72.0 684.0 149.9 697.0]/Border[0 0 0]/Dest[495 0 R/XYZ 0 734 0]>>endobj
-56 0 obj<</Subtype/Link/Rect[108.0 670.8 225.6 683.8]/Border[0 0 0]/Dest[499 0 R/XYZ 0 370 0]>>endobj
-57 0 obj<</Subtype/Link/Rect[126.0 657.6 174.9 670.6]/Border[0 0 0]/Dest[499 0 R/XYZ 0 217 0]>>endobj
-58 0 obj<</Subtype/Link/Rect[126.0 644.4 182.5 657.4]/Border[0 0 0]/Dest[501 0 R/XYZ 0 428 0]>>endobj
-59 0 obj<</Subtype/Link/Rect[108.0 631.2 198.4 644.2]/Border[0 0 0]/Dest[503 0 R/XYZ 0 734 0]>>endobj
-60 0 obj<</Subtype/Link/Rect[72.0 604.8 153.0 617.8]/Border[0 0 0]/Dest[505 0 R/XYZ 0 734 0]>>endobj
-61 0 obj<</Subtype/Link/Rect[108.0 591.6 182.2 604.6]/Border[0 0 0]/Dest[505 0 R/XYZ 0 696 0]>>endobj
-62 0 obj<</Subtype/Link/Rect[126.0 578.4 232.9 591.4]/Border[0 0 0]/Dest[505 0 R/XYZ 0 423 0]>>endobj
-63 0 obj<</Subtype/Link/Rect[126.0 565.2 262.0 578.2]/Border[0 0 0]/Dest[505 0 R/XYZ 0 259 0]>>endobj
-64 0 obj<</Subtype/Link/Rect[126.0 552.0 239.1 565.0]/Border[0 0 0]/Dest[507 0 R/XYZ 0 652 0]>>endobj
-65 0 obj<</Subtype/Link/Rect[108.0 538.8 138.6 551.8]/Border[0 0 0]/Dest[507 0 R/XYZ 0 223 0]>>endobj
-66 0 obj<</Subtype/Link/Rect[126.0 525.6 195.7 538.6]/Border[0 0 0]/Dest[509 0 R/XYZ 0 652 0]>>endobj
-67 0 obj<</Subtype/Link/Rect[72.0 499.2 193.6 512.2]/Border[0 0 0]/Dest[511 0 R/XYZ 0 734 0]>>endobj
-68 0 obj<</Subtype/Link/Rect[108.0 486.0 162.4 499.0]/Border[0 0 0]/Dest[511 0 R/XYZ 0 696 0]>>endobj
-69 0 obj<</Subtype/Link/Rect[108.0 472.8 156.9 485.8]/Border[0 0 0]/Dest[511 0 R/XYZ 0 595 0]>>endobj
-70 0 obj<</Subtype/Link/Rect[108.0 459.6 176.1 472.6]/Border[0 0 0]/Dest[511 0 R/XYZ 0 216 0]>>endobj
-71 0 obj<</Subtype/Link/Rect[108.0 446.4 154.4 459.4]/Border[0 0 0]/Dest[513 0 R/XYZ 0 692 0]>>endobj
-72 0 obj<</Subtype/Link/Rect[108.0 433.2 144.7 446.2]/Border[0 0 0]/Dest[513 0 R/XYZ 0 458 0]>>endobj
-73 0 obj<</Subtype/Link/Rect[108.0 420.0 164.5 433.0]/Border[0 0 0]/Dest[513 0 R/XYZ 0 145 0]>>endobj
-74 0 obj<</Subtype/Link/Rect[108.0 406.8 175.5 419.8]/Border[0 0 0]/Dest[515 0 R/XYZ 0 665 0]>>endobj
-75 0 obj<</Subtype/Link/Rect[108.0 393.6 167.0 406.6]/Border[0 0 0]/Dest[515 0 R/XYZ 0 537 0]>>endobj
-76 0 obj<</Subtype/Link/Rect[108.0 380.4 200.0 393.4]/Border[0 0 0]/Dest[515 0 R/XYZ 0 277 0]>>endobj
-77 0 obj<</Subtype/Link/Rect[72.0 354.0 200.6 367.0]/Border[0 0 0]/Dest[519 0 R/XYZ 0 734 0]>>endobj
-78 0 obj<</Subtype/Link/Rect[72.0 327.6 160.0 340.6]/Border[0 0 0]/Dest[523 0 R/XYZ 0 734 0]>>endobj
-79 0 obj<</Subtype/Link/Rect[108.0 314.4 162.4 327.4]/Border[0 0 0]/Dest[523 0 R/XYZ 0 696 0]>>endobj
-80 0 obj<</Subtype/Link/Rect[126.0 301.2 160.8 314.2]/Border[0 0 0]/Dest[525 0 R/XYZ 0 626 0]>>endobj
-81 0 obj<</Subtype/Link/Rect[126.0 288.0 157.8 301.0]/Border[0 0 0]/Dest[525 0 R/XYZ 0 516 0]>>endobj
-82 0 obj<</Subtype/Link/Rect[108.0 274.8 199.7 287.8]/Border[0 0 0]/Dest[525 0 R/XYZ 0 394 0]>>endobj
-83 0 obj<</Subtype/Link/Rect[126.0 261.6 151.7 274.6]/Border[0 0 0]/Dest[525 0 R/XYZ 0 360 0]>>endobj
-84 0 obj<</Subtype/Link/Rect[126.0 248.4 187.1 261.4]/Border[0 0 0]/Dest[527 0 R/XYZ 0 718 0]>>endobj
-85 0 obj<</Subtype/Link/Rect[126.0 235.2 170.6 248.2]/Border[0 0 0]/Dest[527 0 R/XYZ 0 235 0]>>endobj
-86 0 obj<</Subtype/Link/Rect[108.0 222.0 264.4 235.0]/Border[0 0 0]/Dest[547 0 R/XYZ 0 428 0]>>endobj
-87 0 obj<</Subtype/Link/Rect[126.0 208.8 189.3 221.8]/Border[0 0 0]/Dest[547 0 R/XYZ 0 366 0]>>endobj
-88 0 obj<</Subtype/Link/Rect[126.0 195.6 157.8 208.6]/Border[0 0 0]/Dest[549 0 R/XYZ 0 564 0]>>endobj
-89 0 obj<</Subtype/Link/Rect[126.0 182.4 143.7 195.4]/Border[0 0 0]/Dest[557 0 R/XYZ 0 518 0]>>endobj
-90 0 obj<</Subtype/Link/Rect[126.0 169.2 222.0 182.2]/Border[0 0 0]/Dest[557 0 R/XYZ 0 394 0]>>endobj
-91 0 obj<</Subtype/Link/Rect[126.0 156.0 258.9 169.0]/Border[0 0 0]/Dest[559 0 R/XYZ 0 522 0]>>endobj
-92 0 obj<</Subtype/Link/Rect[126.0 142.8 204.2 155.8]/Border[0 0 0]/Dest[561 0 R/XYZ 0 734 0]>>endobj
-93 0 obj<</Subtype/Link/Rect[126.0 129.6 229.0 142.6]/Border[0 0 0]/Dest[561 0 R/XYZ 0 433 0]>>endobj
-94 0 obj<</Subtype/Link/Rect[126.0 116.4 276.0 129.4]/Border[0 0 0]/Dest[563 0 R/XYZ 0 734 0]>>endobj
-95 0 obj<</Subtype/Link/Rect[126.0 103.2 203.6 116.2]/Border[0 0 0]/Dest[563 0 R/XYZ 0 501 0]>>endobj
-96 0 obj<</Subtype/Link/Rect[126.0 90.0 174.6 103.0]/Border[0 0 0]/Dest[563 0 R/XYZ 0 217 0]>>endobj
-97 0 obj<</Subtype/Link/Rect[126.0 76.8 210.3 89.8]/Border[0 0 0]/Dest[565 0 R/XYZ 0 639 0]>>endobj
-98 0 obj<</Subtype/Link/Rect[126.0 63.6 217.0 76.6]/Border[0 0 0]/Dest[565 0 R/XYZ 0 154 0]>>endobj
-99 0 obj[55 0 R
-56 0 R
-57 0 R
-58 0 R
-59 0 R
-60 0 R
-61 0 R
-62 0 R
-63 0 R
-64 0 R
-65 0 R
-66 0 R
-67 0 R
-68 0 R
-69 0 R
-70 0 R
-71 0 R
-72 0 R
-73 0 R
-74 0 R
-75 0 R
-76 0 R
-77 0 R
-78 0 R
-79 0 R
-80 0 R
-81 0 R
-82 0 R
-83 0 R
-84 0 R
-85 0 R
-86 0 R
-87 0 R
-88 0 R
-89 0 R
-90 0 R
-91 0 R
-92 0 R
-93 0 R
-94 0 R
-95 0 R
-96 0 R
-97 0 R
-98 0 R]endobj
-100 0 obj<</Subtype/Link/Rect[72.0 684.0 160.0 697.0]/Border[0 0 0]/Dest[523 0 R/XYZ 0 734 0]>>endobj
-101 0 obj<</Subtype/Link/Rect[108.0 670.8 282.1 683.8]/Border[0 0 0]/Dest[567 0 R/XYZ 0 281 0]>>endobj
-102 0 obj<</Subtype/Link/Rect[126.0 657.6 232.3 670.6]/Border[0 0 0]/Dest[569 0 R/XYZ 0 533 0]>>endobj
-103 0 obj<</Subtype/Link/Rect[126.0 644.4 214.0 657.4]/Border[0 0 0]/Dest[569 0 R/XYZ 0 141 0]>>endobj
-104 0 obj<</Subtype/Link/Rect[126.0 631.2 240.0 644.2]/Border[0 0 0]/Dest[571 0 R/XYZ 0 424 0]>>endobj
-105 0 obj<</Subtype/Link/Rect[126.0 618.0 204.8 631.0]/Border[0 0 0]/Dest[573 0 R/XYZ 0 734 0]>>endobj
-106 0 obj<</Subtype/Link/Rect[126.0 604.8 206.7 617.8]/Border[0 0 0]/Dest[573 0 R/XYZ 0 291 0]>>endobj
-107 0 obj<</Subtype/Link/Rect[108.0 591.6 250.4 604.6]/Border[0 0 0]/Dest[575 0 R/XYZ 0 705 0]>>endobj
-108 0 obj<</Subtype/Link/Rect[126.0 578.4 193.2 591.4]/Border[0 0 0]/Dest[575 0 R/XYZ 0 630 0]>>endobj
-109 0 obj<</Subtype/Link/Rect[126.0 565.2 181.3 578.2]/Border[0 0 0]/Dest[577 0 R/XYZ 0 734 0]>>endobj
-110 0 obj<</Subtype/Link/Rect[108.0 552.0 248.2 565.0]/Border[0 0 0]/Dest[579 0 R/XYZ 0 705 0]>>endobj
-111 0 obj<</Subtype/Link/Rect[126.0 538.8 198.7 551.8]/Border[0 0 0]/Dest[579 0 R/XYZ 0 577 0]>>endobj
-112 0 obj<</Subtype/Link/Rect[126.0 525.6 213.1 538.6]/Border[0 0 0]/Dest[581 0 R/XYZ 0 734 0]>>endobj
-113 0 obj<</Subtype/Link/Rect[108.0 512.4 327.7 525.4]/Border[0 0 0]/Dest[581 0 R/XYZ 0 433 0]>>endobj
-114 0 obj<</Subtype/Link/Rect[126.0 499.2 175.5 512.2]/Border[0 0 0]/Dest[581 0 R/XYZ 0 400 0]>>endobj
-115 0 obj<</Subtype/Link/Rect[126.0 486.0 163.3 499.0]/Border[0 0 0]/Dest[583 0 R/XYZ 0 734 0]>>endobj
-116 0 obj<</Subtype/Link/Rect[126.0 472.8 173.7 485.8]/Border[0 0 0]/Dest[583 0 R/XYZ 0 385 0]>>endobj
-117 0 obj<</Subtype/Link/Rect[108.0 459.6 174.6 472.6]/Border[0 0 0]/Dest[583 0 R/XYZ 0 128 0]>>endobj
-118 0 obj<</Subtype/Link/Rect[126.0 446.4 208.3 459.4]/Border[0 0 0]/Dest[585 0 R/XYZ 0 633 0]>>endobj
-119 0 obj<</Subtype/Link/Rect[126.0 433.2 211.3 446.2]/Border[0 0 0]/Dest[587 0 R/XYZ 0 665 0]>>endobj
-120 0 obj<</Subtype/Link/Rect[72.0 406.8 191.8 419.8]/Border[0 0 0]/Dest[591 0 R/XYZ 0 734 0]>>endobj
-121 0 obj<</Subtype/Link/Rect[108.0 393.6 145.3 406.6]/Border[0 0 0]/Dest[591 0 R/XYZ 0 696 0]>>endobj
-122 0 obj<</Subtype/Link/Rect[108.0 380.4 282.4 393.4]/Border[0 0 0]/Dest[591 0 R/XYZ 0 621 0]>>endobj
-123 0 obj<</Subtype/Link/Rect[108.0 367.2 191.9 380.2]/Border[0 0 0]/Dest[591 0 R/XYZ 0 361 0]>>endobj
-124 0 obj<</Subtype/Link/Rect[108.0 354.0 333.5 367.0]/Border[0 0 0]/Dest[595 0 R/XYZ 0 692 0]>>endobj
-125 0 obj<</Subtype/Link/Rect[108.0 340.8 284.6 353.8]/Border[0 0 0]/Dest[595 0 R/XYZ 0 630 0]>>endobj
-126 0 obj<</Subtype/Link/Rect[72.0 314.4 182.0 327.4]/Border[0 0 0]/Dest[601 0 R/XYZ 0 734 0]>>endobj
-127 0 obj<</Subtype/Link/Rect[108.0 301.2 175.5 314.2]/Border[0 0 0]/Dest[601 0 R/XYZ 0 696 0]>>endobj
-128 0 obj[100 0 R
-101 0 R
-102 0 R
-103 0 R
-104 0 R
-105 0 R
-106 0 R
-107 0 R
-108 0 R
-109 0 R
-110 0 R
-111 0 R
-112 0 R
-113 0 R
-114 0 R
-115 0 R
-116 0 R
-117 0 R
-118 0 R
-119 0 R
-120 0 R
-121 0 R
-122 0 R
-123 0 R
-124 0 R
-125 0 R
-126 0 R
-127 0 R]endobj
-129 0 obj<</S/URI/URI(http://devel.samba.org/)>>endobj
-130 0 obj<</Subtype/Link/Rect[139.5 617.8 243.7 630.8]/Border[0 0 0]/A 129 0 R>>endobj
-131 0 obj<</S/URI/URI(mailto:jelmer@samba.org)>>endobj
-132 0 obj<</Subtype/Link/Rect[347.9 617.8 434.4 630.8]/Border[0 0 0]/A 131 0 R>>endobj
-133 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
-134 0 obj<</Subtype/Link/Rect[72.0 565.0 223.3 578.0]/Border[0 0 0]/A 133 0 R>>endobj
-135 0 obj<</Subtype/Link/Rect[72.0 525.4 340.6 538.4]/Border[0 0 0]/Dest[475 0 R/XYZ 0 734 0]>>endobj
-136 0 obj<</Subtype/Link/Rect[108.0 512.2 152.0 525.2]/Border[0 0 0]/Dest[475 0 R/XYZ 0 672 0]>>endobj
-137 0 obj<</Subtype/Link/Rect[108.0 499.0 211.6 512.0]/Border[0 0 0]/Dest[475 0 R/XYZ 0 201 0]>>endobj
-138 0 obj<</Subtype/Link/Rect[108.0 485.8 176.8 498.8]/Border[0 0 0]/Dest[477 0 R/XYZ 0 705 0]>>endobj
-139 0 obj<</Subtype/Link/Rect[72.0 472.6 159.7 485.6]/Border[0 0 0]/Dest[479 0 R/XYZ 0 734 0]>>endobj
-140 0 obj<</Subtype/Link/Rect[108.0 459.4 163.0 472.4]/Border[0 0 0]/Dest[479 0 R/XYZ 0 696 0]>>endobj
-141 0 obj<</Subtype/Link/Rect[108.0 446.2 226.6 459.2]/Border[0 0 0]/Dest[479 0 R/XYZ 0 529 0]>>endobj
-142 0 obj<</Subtype/Link/Rect[108.0 433.0 179.8 446.0]/Border[0 0 0]/Dest[479 0 R/XYZ 0 335 0]>>endobj
-143 0 obj<</Subtype/Link/Rect[108.0 419.8 181.0 432.8]/Border[0 0 0]/Dest[481 0 R/XYZ 0 734 0]>>endobj
-144 0 obj<</Subtype/Link/Rect[108.0 406.6 166.4 419.6]/Border[0 0 0]/Dest[481 0 R/XYZ 0 434 0]>>endobj
-145 0 obj<</Subtype/Link/Rect[72.0 393.4 192.1 406.4]/Border[0 0 0]/Dest[483 0 R/XYZ 0 734 0]>>endobj
-146 0 obj<</Subtype/Link/Rect[108.0 380.2 192.9 393.2]/Border[0 0 0]/Dest[483 0 R/XYZ 0 696 0]>>endobj
-147 0 obj<</Subtype/Link/Rect[108.0 367.0 203.9 380.0]/Border[0 0 0]/Dest[485 0 R/XYZ 0 718 0]>>endobj
-148 0 obj<</Subtype/Link/Rect[108.0 353.8 226.5 366.8]/Border[0 0 0]/Dest[487 0 R/XYZ 0 718 0]>>endobj
-149 0 obj<</Subtype/Link/Rect[108.0 340.6 222.9 353.6]/Border[0 0 0]/Dest[487 0 R/XYZ 0 493 0]>>endobj
-150 0 obj<</Subtype/Link/Rect[108.0 327.4 174.3 340.4]/Border[0 0 0]/Dest[489 0 R/XYZ 0 734 0]>>endobj
-151 0 obj<</Subtype/Link/Rect[144.0 314.2 183.7 327.2]/Border[0 0 0]/Dest[489 0 R/XYZ 0 700 0]>>endobj
-152 0 obj<</Subtype/Link/Rect[144.0 301.0 183.1 314.0]/Border[0 0 0]/Dest[489 0 R/XYZ 0 602 0]>>endobj
-153 0 obj<</Subtype/Link/Rect[144.0 287.8 234.4 300.8]/Border[0 0 0]/Dest[489 0 R/XYZ 0 491 0]>>endobj
-154 0 obj<</Subtype/Link/Rect[72.0 274.6 159.7 287.6]/Border[0 0 0]/Dest[491 0 R/XYZ 0 734 0]>>endobj
-155 0 obj<</Subtype/Link/Rect[72.0 261.4 144.4 274.4]/Border[0 0 0]/Dest[495 0 R/XYZ 0 734 0]>>endobj
-156 0 obj<</Subtype/Link/Rect[108.0 248.2 197.5 261.2]/Border[0 0 0]/Dest[495 0 R/XYZ 0 696 0]>>endobj
-157 0 obj<</Subtype/Link/Rect[108.0 235.0 188.1 248.0]/Border[0 0 0]/Dest[495 0 R/XYZ 0 568 0]>>endobj
-158 0 obj<</Subtype/Link/Rect[108.0 221.8 206.7 234.8]/Border[0 0 0]/Dest[497 0 R/XYZ 0 705 0]>>endobj
-159 0 obj<</Subtype/Link/Rect[144.0 208.6 210.3 221.6]/Border[0 0 0]/Dest[497 0 R/XYZ 0 630 0]>>endobj
-160 0 obj<</Subtype/Link/Rect[144.0 195.4 209.7 208.4]/Border[0 0 0]/Dest[497 0 R/XYZ 0 571 0]>>endobj
-161 0 obj<</Subtype/Link/Rect[144.0 182.2 232.0 195.2]/Border[0 0 0]/Dest[497 0 R/XYZ 0 513 0]>>endobj
-162 0 obj<</Subtype/Link/Rect[144.0 169.0 208.5 182.0]/Border[0 0 0]/Dest[497 0 R/XYZ 0 455 0]>>endobj
-163 0 obj<</Subtype/Link/Rect[144.0 155.8 206.6 168.8]/Border[0 0 0]/Dest[497 0 R/XYZ 0 383 0]>>endobj
-164 0 obj<</Subtype/Link/Rect[144.0 142.6 214.0 155.6]/Border[0 0 0]/Dest[497 0 R/XYZ 0 325 0]>>endobj
-165 0 obj<</Subtype/Link/Rect[144.0 129.4 212.1 142.4]/Border[0 0 0]/Dest[497 0 R/XYZ 0 266 0]>>endobj
-166 0 obj<</Subtype/Link/Rect[144.0 116.2 230.2 129.2]/Border[0 0 0]/Dest[497 0 R/XYZ 0 208 0]>>endobj
-167 0 obj<</Subtype/Link/Rect[144.0 103.0 228.3 116.0]/Border[0 0 0]/Dest[497 0 R/XYZ 0 149 0]>>endobj
-168 0 obj<</Subtype/Link/Rect[144.0 89.8 235.7 102.8]/Border[0 0 0]/Dest[499 0 R/XYZ 0 734 0]>>endobj
-169 0 obj<</Subtype/Link/Rect[144.0 76.6 233.8 89.6]/Border[0 0 0]/Dest[499 0 R/XYZ 0 675 0]>>endobj
-170 0 obj<</Subtype/Link/Rect[144.0 63.4 215.2 76.4]/Border[0 0 0]/Dest[499 0 R/XYZ 0 617 0]>>endobj
-171 0 obj[130 0 R
-132 0 R
-134 0 R
-135 0 R
-136 0 R
-137 0 R
-138 0 R
-139 0 R
-140 0 R
-141 0 R
-142 0 R
-143 0 R
-144 0 R
-145 0 R
-146 0 R
-147 0 R
-148 0 R
-149 0 R
-150 0 R
-151 0 R
-152 0 R
-153 0 R
-154 0 R
-155 0 R
-156 0 R
-157 0 R
-158 0 R
-159 0 R
-160 0 R
-161 0 R
-162 0 R
-163 0 R
-164 0 R
-165 0 R
-166 0 R
-167 0 R
-168 0 R
-169 0 R
-170 0 R]endobj
-172 0 obj<</Subtype/Link/Rect[144.0 721.0 213.4 734.0]/Border[0 0 0]/Dest[499 0 R/XYZ 0 558 0]>>endobj
-173 0 obj<</Subtype/Link/Rect[144.0 707.8 236.9 720.8]/Border[0 0 0]/Dest[499 0 R/XYZ 0 500 0]>>endobj
-174 0 obj<</Subtype/Link/Rect[144.0 694.6 235.0 707.6]/Border[0 0 0]/Dest[499 0 R/XYZ 0 428 0]>>endobj
-175 0 obj<</Subtype/Link/Rect[108.0 681.4 223.8 694.4]/Border[0 0 0]/Dest[499 0 R/XYZ 0 370 0]>>endobj
-176 0 obj<</Subtype/Link/Rect[144.0 668.2 195.3 681.2]/Border[0 0 0]/Dest[499 0 R/XYZ 0 217 0]>>endobj
-177 0 obj<</Subtype/Link/Rect[144.0 655.0 200.5 668.0]/Border[0 0 0]/Dest[501 0 R/XYZ 0 428 0]>>endobj
-178 0 obj<</Subtype/Link/Rect[108.0 641.8 201.5 654.8]/Border[0 0 0]/Dest[503 0 R/XYZ 0 734 0]>>endobj
-179 0 obj<</Subtype/Link/Rect[72.0 628.6 147.5 641.6]/Border[0 0 0]/Dest[505 0 R/XYZ 0 734 0]>>endobj
-180 0 obj<</Subtype/Link/Rect[108.0 615.4 180.4 628.4]/Border[0 0 0]/Dest[505 0 R/XYZ 0 696 0]>>endobj
-181 0 obj<</Subtype/Link/Rect[144.0 602.2 250.3 615.2]/Border[0 0 0]/Dest[505 0 R/XYZ 0 423 0]>>endobj
-182 0 obj<</Subtype/Link/Rect[144.0 589.0 280.0 602.0]/Border[0 0 0]/Dest[505 0 R/XYZ 0 259 0]>>endobj
-183 0 obj<</Subtype/Link/Rect[144.0 575.8 257.1 588.8]/Border[0 0 0]/Dest[507 0 R/XYZ 0 652 0]>>endobj
-184 0 obj<</Subtype/Link/Rect[108.0 562.6 137.3 575.6]/Border[0 0 0]/Dest[507 0 R/XYZ 0 223 0]>>endobj
-185 0 obj<</Subtype/Link/Rect[144.0 549.4 213.7 562.4]/Border[0 0 0]/Dest[509 0 R/XYZ 0 652 0]>>endobj
-186 0 obj<</Subtype/Link/Rect[72.0 536.2 185.0 549.2]/Border[0 0 0]/Dest[511 0 R/XYZ 0 734 0]>>endobj
-187 0 obj<</Subtype/Link/Rect[108.0 523.0 163.0 536.0]/Border[0 0 0]/Dest[511 0 R/XYZ 0 696 0]>>endobj
-188 0 obj<</Subtype/Link/Rect[108.0 509.8 157.5 522.8]/Border[0 0 0]/Dest[511 0 R/XYZ 0 595 0]>>endobj
-189 0 obj<</Subtype/Link/Rect[108.0 496.6 176.8 509.6]/Border[0 0 0]/Dest[511 0 R/XYZ 0 216 0]>>endobj
-190 0 obj<</Subtype/Link/Rect[108.0 483.4 155.7 496.4]/Border[0 0 0]/Dest[513 0 R/XYZ 0 692 0]>>endobj
-191 0 obj<</Subtype/Link/Rect[108.0 470.2 143.4 483.2]/Border[0 0 0]/Dest[513 0 R/XYZ 0 458 0]>>endobj
-192 0 obj<</Subtype/Link/Rect[108.0 457.0 163.3 470.0]/Border[0 0 0]/Dest[513 0 R/XYZ 0 145 0]>>endobj
-193 0 obj<</Subtype/Link/Rect[108.0 443.8 176.8 456.8]/Border[0 0 0]/Dest[515 0 R/XYZ 0 665 0]>>endobj
-194 0 obj<</Subtype/Link/Rect[108.0 430.6 168.2 443.6]/Border[0 0 0]/Dest[515 0 R/XYZ 0 537 0]>>endobj
-195 0 obj<</Subtype/Link/Rect[108.0 417.4 199.4 430.4]/Border[0 0 0]/Dest[515 0 R/XYZ 0 277 0]>>endobj
-196 0 obj<</Subtype/Link/Rect[72.0 404.2 193.9 417.2]/Border[0 0 0]/Dest[519 0 R/XYZ 0 734 0]>>endobj
-197 0 obj<</Subtype/Link/Rect[72.0 391.0 153.8 404.0]/Border[0 0 0]/Dest[523 0 R/XYZ 0 734 0]>>endobj
-198 0 obj<</Subtype/Link/Rect[108.0 377.8 163.0 390.8]/Border[0 0 0]/Dest[523 0 R/XYZ 0 696 0]>>endobj
-199 0 obj<</Subtype/Link/Rect[144.0 364.6 178.8 377.6]/Border[0 0 0]/Dest[525 0 R/XYZ 0 626 0]>>endobj
-200 0 obj<</Subtype/Link/Rect[144.0 351.4 176.4 364.4]/Border[0 0 0]/Dest[525 0 R/XYZ 0 516 0]>>endobj
-201 0 obj<</Subtype/Link/Rect[108.0 338.2 200.3 351.2]/Border[0 0 0]/Dest[525 0 R/XYZ 0 394 0]>>endobj
-202 0 obj<</Subtype/Link/Rect[144.0 325.0 169.1 338.0]/Border[0 0 0]/Dest[525 0 R/XYZ 0 360 0]>>endobj
-203 0 obj<</Subtype/Link/Rect[144.0 311.8 205.7 324.8]/Border[0 0 0]/Dest[527 0 R/XYZ 0 718 0]>>endobj
-204 0 obj<</Subtype/Link/Rect[144.0 298.6 189.2 311.6]/Border[0 0 0]/Dest[527 0 R/XYZ 0 235 0]>>endobj
-205 0 obj<</Subtype/Link/Rect[108.0 285.4 264.4 298.4]/Border[0 0 0]/Dest[547 0 R/XYZ 0 428 0]>>endobj
-206 0 obj<</Subtype/Link/Rect[144.0 272.2 206.6 285.2]/Border[0 0 0]/Dest[547 0 R/XYZ 0 366 0]>>endobj
-207 0 obj<</Subtype/Link/Rect[144.0 259.0 177.0 272.0]/Border[0 0 0]/Dest[549 0 R/XYZ 0 564 0]>>endobj
-208 0 obj<</Subtype/Link/Rect[144.0 245.8 161.7 258.8]/Border[0 0 0]/Dest[557 0 R/XYZ 0 518 0]>>endobj
-209 0 obj<</Subtype/Link/Rect[144.0 232.6 236.9 245.6]/Border[0 0 0]/Dest[557 0 R/XYZ 0 394 0]>>endobj
-210 0 obj<</Subtype/Link/Rect[144.0 219.4 274.5 232.4]/Border[0 0 0]/Dest[559 0 R/XYZ 0 522 0]>>endobj
-211 0 obj<</Subtype/Link/Rect[144.0 206.2 219.8 219.2]/Border[0 0 0]/Dest[561 0 R/XYZ 0 734 0]>>endobj
-212 0 obj<</Subtype/Link/Rect[144.0 193.0 243.9 206.0]/Border[0 0 0]/Dest[561 0 R/XYZ 0 433 0]>>endobj
-213 0 obj<</Subtype/Link/Rect[144.0 179.8 292.2 192.8]/Border[0 0 0]/Dest[563 0 R/XYZ 0 734 0]>>endobj
-214 0 obj<</Subtype/Link/Rect[144.0 166.6 219.2 179.6]/Border[0 0 0]/Dest[563 0 R/XYZ 0 501 0]>>endobj
-215 0 obj<</Subtype/Link/Rect[144.0 153.4 190.1 166.4]/Border[0 0 0]/Dest[563 0 R/XYZ 0 217 0]>>endobj
-216 0 obj<</Subtype/Link/Rect[144.0 140.2 223.4 153.2]/Border[0 0 0]/Dest[565 0 R/XYZ 0 639 0]>>endobj
-217 0 obj<</Subtype/Link/Rect[144.0 127.0 230.8 140.0]/Border[0 0 0]/Dest[565 0 R/XYZ 0 154 0]>>endobj
-218 0 obj<</Subtype/Link/Rect[108.0 113.8 281.6 126.8]/Border[0 0 0]/Dest[567 0 R/XYZ 0 281 0]>>endobj
-219 0 obj<</Subtype/Link/Rect[144.0 100.6 247.9 113.6]/Border[0 0 0]/Dest[569 0 R/XYZ 0 533 0]>>endobj
-220 0 obj<</Subtype/Link/Rect[144.0 87.4 228.9 100.4]/Border[0 0 0]/Dest[569 0 R/XYZ 0 141 0]>>endobj
-221 0 obj<</Subtype/Link/Rect[144.0 74.2 256.1 87.2]/Border[0 0 0]/Dest[571 0 R/XYZ 0 424 0]>>endobj
-222 0 obj<</Subtype/Link/Rect[144.0 61.0 217.3 74.0]/Border[0 0 0]/Dest[573 0 R/XYZ 0 734 0]>>endobj
-223 0 obj[172 0 R
-173 0 R
-174 0 R
-175 0 R
-176 0 R
-177 0 R
-178 0 R
-179 0 R
-180 0 R
-181 0 R
-182 0 R
-183 0 R
-184 0 R
-185 0 R
-186 0 R
-187 0 R
-188 0 R
-189 0 R
-190 0 R
-191 0 R
-192 0 R
-193 0 R
-194 0 R
-195 0 R
-196 0 R
-197 0 R
-198 0 R
-199 0 R
-200 0 R
-201 0 R
-202 0 R
-203 0 R
-204 0 R
-205 0 R
-206 0 R
-207 0 R
-208 0 R
-209 0 R
-210 0 R
-211 0 R
-212 0 R
-213 0 R
-214 0 R
-215 0 R
-216 0 R
-217 0 R
-218 0 R
-219 0 R
-220 0 R
-221 0 R
-222 0 R]endobj
-224 0 obj<</Subtype/Link/Rect[144.0 721.0 218.0 734.0]/Border[0 0 0]/Dest[573 0 R/XYZ 0 291 0]>>endobj
-225 0 obj<</Subtype/Link/Rect[108.0 707.8 242.5 720.8]/Border[0 0 0]/Dest[575 0 R/XYZ 0 705 0]>>endobj
-226 0 obj<</Subtype/Link/Rect[144.0 694.6 211.8 707.6]/Border[0 0 0]/Dest[575 0 R/XYZ 0 630 0]>>endobj
-227 0 obj<</Subtype/Link/Rect[144.0 681.4 196.2 694.4]/Border[0 0 0]/Dest[577 0 R/XYZ 0 734 0]>>endobj
-228 0 obj<</Subtype/Link/Rect[108.0 668.2 245.2 681.2]/Border[0 0 0]/Dest[579 0 R/XYZ 0 705 0]>>endobj
-229 0 obj<</Subtype/Link/Rect[144.0 655.0 216.1 668.0]/Border[0 0 0]/Dest[579 0 R/XYZ 0 577 0]>>endobj
-230 0 obj<</Subtype/Link/Rect[144.0 641.8 229.8 654.8]/Border[0 0 0]/Dest[581 0 R/XYZ 0 734 0]>>endobj
-231 0 obj<</Subtype/Link/Rect[108.0 628.6 326.5 641.6]/Border[0 0 0]/Dest[581 0 R/XYZ 0 433 0]>>endobj
-232 0 obj<</Subtype/Link/Rect[144.0 615.4 192.9 628.4]/Border[0 0 0]/Dest[581 0 R/XYZ 0 400 0]>>endobj
-233 0 obj<</Subtype/Link/Rect[144.0 602.2 182.5 615.2]/Border[0 0 0]/Dest[583 0 R/XYZ 0 734 0]>>endobj
-234 0 obj<</Subtype/Link/Rect[144.0 589.0 190.4 602.0]/Border[0 0 0]/Dest[583 0 R/XYZ 0 385 0]>>endobj
-235 0 obj<</Subtype/Link/Rect[108.0 575.8 174.0 588.8]/Border[0 0 0]/Dest[583 0 R/XYZ 0 128 0]>>endobj
-236 0 obj<</Subtype/Link/Rect[144.0 562.6 224.4 575.6]/Border[0 0 0]/Dest[585 0 R/XYZ 0 633 0]>>endobj
-237 0 obj<</Subtype/Link/Rect[144.0 549.4 226.9 562.4]/Border[0 0 0]/Dest[587 0 R/XYZ 0 665 0]>>endobj
-238 0 obj<</Subtype/Link/Rect[72.0 536.2 183.8 549.2]/Border[0 0 0]/Dest[591 0 R/XYZ 0 734 0]>>endobj
-239 0 obj<</Subtype/Link/Rect[108.0 523.0 145.3 536.0]/Border[0 0 0]/Dest[591 0 R/XYZ 0 696 0]>>endobj
-240 0 obj<</Subtype/Link/Rect[108.0 509.8 283.7 522.8]/Border[0 0 0]/Dest[591 0 R/XYZ 0 621 0]>>endobj
-241 0 obj<</Subtype/Link/Rect[108.0 496.6 192.2 509.6]/Border[0 0 0]/Dest[591 0 R/XYZ 0 361 0]>>endobj
-242 0 obj<</Subtype/Link/Rect[108.0 483.4 336.0 496.4]/Border[0 0 0]/Dest[595 0 R/XYZ 0 692 0]>>endobj
-243 0 obj<</Subtype/Link/Rect[108.0 470.2 281.6 483.2]/Border[0 0 0]/Dest[595 0 R/XYZ 0 630 0]>>endobj
-244 0 obj<</Subtype/Link/Rect[72.0 457.0 172.8 470.0]/Border[0 0 0]/Dest[601 0 R/XYZ 0 734 0]>>endobj
-245 0 obj<</Subtype/Link/Rect[108.0 443.8 174.3 456.8]/Border[0 0 0]/Dest[601 0 R/XYZ 0 696 0]>>endobj
-246 0 obj[224 0 R
-225 0 R
-226 0 R
-227 0 R
-228 0 R
-229 0 R
-230 0 R
-231 0 R
-232 0 R
-233 0 R
-234 0 R
-235 0 R
-236 0 R
-237 0 R
-238 0 R
-239 0 R
-240 0 R
-241 0 R
-242 0 R
-243 0 R
-244 0 R
-245 0 R]endobj
-247 0 obj<</S/URI/URI(http://lxr.linux.no/source/Documentation/CodingStyle)>>endobj
-248 0 obj<</Subtype/Link/Rect[72.0 499.0 310.3 512.0]/Border[0 0 0]/A 247 0 R>>endobj
-249 0 obj<</S/URI/URI(http://www.fsf.org/prep/standards_toc.html)>>endobj
-250 0 obj<</Subtype/Link/Rect[72.0 472.6 263.0 485.6]/Border[0 0 0]/A 249 0 R>>endobj
-251 0 obj[248 0 R
-250 0 R]endobj
-252 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/cifsntdomain.txt)>>endobj
-253 0 obj<</Subtype/Link/Rect[226.0 637.0 433.6 650.0]/Border[0 0 0]/A 252 0 R>>endobj
-254 0 obj<</S/URI/URI(http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935)>>endobj
-255 0 obj<</Subtype/Link/Rect[72.0 386.2 451.3 399.2]/Border[0 0 0]/A 254 0 R>>endobj
-256 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/crypt.html)>>endobj
-257 0 obj<</Subtype/Link/Rect[72.0 359.8 250.6 372.8]/Border[0 0 0]/A 256 0 R>>endobj
-258 0 obj<</S/URI/URI(mailto:linus@incolumitas.se)>>endobj
-259 0 obj<</Subtype/Link/Rect[244.7 333.4 317.4 346.4]/Border[0 0 0]/A 258 0 R>>endobj
-260 0 obj<</S/URI/URI(http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html)>>endobj
-261 0 obj<</Subtype/Link/Rect[72.0 307.0 346.5 320.0]/Border[0 0 0]/A 260 0 R>>endobj
-262 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/crypt.txt)>>endobj
-263 0 obj<</Subtype/Link/Rect[72.0 280.6 242.0 293.6]/Border[0 0 0]/A 262 0 R>>endobj
-264 0 obj[253 0 R
-255 0 R
-257 0 R
-259 0 R
-261 0 R
-263 0 R]endobj
-265 0 obj<</Dests 266 0 R>>endobj
-266 0 obj<</Kids[267 0 R]>>endobj
-267 0 obj<</Limits[(aen1007)(wins)]/Names[(aen1007)268 0 R(aen1018)269 0 R(aen103)270 0 R(aen1039)271 0 R(aen1052)272 0 R(aen1099)273 0 R(aen1126)274 0 R(aen1137)275 0 R(aen1176)276 0 R(aen1207)277 0 R(aen128)278 0 R(aen1364)279 0 R(aen1387)280 0 R(aen1398)281 0 R(aen1444)282 0 R(aen151)283 0 R(aen1570)284 0 R(aen1573)285 0 R(aen1587)286 0 R(aen159)287 0 R(aen1648)288 0 R(aen1687)289 0 R(aen1692)290 0 R(aen1703)291 0 R(aen1743)292 0 R(aen1754)293 0 R(aen179)294 0 R(aen1798)295 0 R(aen181)296 0 R(aen1818)297 0 R(aen184)298 0 R(aen1841)299 0 R(aen1853)300 0 R(aen188)301 0 R(aen1897)302 0 R(aen1938)303 0 R(aen1942)304 0 R(aen1961)305 0 R(aen1972)306 0 R(aen1976)307 0 R(aen1987)308 0 R(aen2000)309 0 R(aen2002)310 0 R(aen2005)311 0 R(aen2024)312 0 R(aen2026)313 0 R(aen2029)314 0 R(aen2053)315 0 R(aen2055)316 0 R(aen2062)317 0 R(aen2070)318 0 R(aen2074)319 0 R(aen2101)320 0 R(aen2129)321 0 R(aen2133)322 0 R(aen2164)323 0 R(aen2192)324 0 R(aen2231)325 0 R(aen2239)326 0 R(aen2258)327 0 R(aen2266)328 0 R(aen2274)329 0 R(aen2293)330 0 R(aen2305)331 0 R(aen2315)332 0 R(aen2326)333 0 R(aen2334)334 0 R(aen2338)335 0 R(aen2345)336 0 R(aen2358)337 0 R(aen2362)338 0 R(aen2369)339 0 R(aen2381)340 0 R(aen2385)341 0 R(aen2389)342 0 R(aen24)343 0 R(aen2424)344 0 R(aen2459)345 0 R(aen2467)346 0 R(aen2518)347 0 R(aen2549)348 0 R(aen2561)349 0 R(aen2567)350 0 R(aen2602)351 0 R(aen2622)352 0 R(aen2626)353 0 R(aen2637)354 0 R(aen2653)355 0 R(aen2655)356 0 R(aen2698)357 0 R(aen2708)358 0 R(aen2715)359 0 R(aen2723)360 0 R(aen2725)361 0 R(aen2760)362 0 R(aen2811)363 0 R(aen2814)364 0 R(aen2828)365 0 R(aen284)366 0 R(aen2846)367 0 R(aen288)368 0 R(aen2895)369 0 R(aen2898)370 0 R(aen2924)371 0 R(aen2958)372 0 R(aen2961)373 0 R(aen3032)374 0 R(aen317)375 0 R(aen320)376 0 R(aen323)377 0 R(aen326)378 0 R(aen329)379 0 R(aen332)380 0 R(aen335)381 0 R(aen338)382 0 R(aen341)383 0 R(aen344)384 0 R(aen347)385 0 R(aen35)386 0 R(aen350)387 0 R(aen353)388 0 R(aen356)389 0 R(aen359)390 0 R(aen362)391 0 R(aen365)392 0 R(aen371)393 0 R(aen39)394 0 R(aen4)395 0 R(aen406)396 0 R(aen420)397 0 R(aen451)398 0 R(aen472)399 0 R(aen484)400 0 R(aen495)401 0 R(aen515)402 0 R(aen530)403 0 R(aen54)404 0 R(aen540)405 0 R(aen544)406 0 R(aen552)407 0 R(aen557)408 0 R(aen563)409 0 R(aen570)410 0 R(aen574)411 0 R(aen578)412 0 R(aen583)413 0 R(aen65)414 0 R(aen651)415 0 R(aen687)416 0 R(aen694)417 0 R(aen70)418 0 R(aen701)419 0 R(aen703)420 0 R(aen716)421 0 R(aen718)422 0 R(aen738)423 0 R(aen774)424 0 R(aen776)425 0 R(aen779)426 0 R(aen782)427 0 R(aen785)428 0 R(aen788)429 0 R(aen8)430 0 R(aen813)431 0 R(aen816)432 0 R(aen831)433 0 R(aen842)434 0 R(aen849)435 0 R(aen86)436 0 R(aen860)437 0 R(aen883)438 0 R(aen910)439 0 R(aen917)440 0 R(aen92)441 0 R(aen940)442 0 R(aen959)443 0 R(aen986)444 0 R(architecture)445 0 R(codingsuggestions)446 0 R(debug)447 0 R(internals)448 0 R(netbios)449 0 R(ntdomain)450 0 R(parsing)451 0 R(printing)452 0 R(samba-developer-documentation)453 0 R(samba-developers-guide.html)454 0 R(tracing)455 0 R(unix-smb)456 0 R(wins)457 0 R]>>endobj
-268 0 obj<</D[535 0 R/XYZ 0 734 0]>>endobj
-269 0 obj<</D[535 0 R/XYZ 0 639 0]>>endobj
-270 0 obj<</D[483 0 R/XYZ 0 696 0]>>endobj
-271 0 obj<</D[535 0 R/XYZ 0 439 0]>>endobj
-272 0 obj<</D[535 0 R/XYZ 0 292 0]>>endobj
-273 0 obj<</D[537 0 R/XYZ 0 626 0]>>endobj
-274 0 obj<</D[537 0 R/XYZ 0 343 0]>>endobj
-275 0 obj<</D[537 0 R/XYZ 0 248 0]>>endobj
-276 0 obj<</D[539 0 R/XYZ 0 639 0]>>endobj
-277 0 obj<</D[539 0 R/XYZ 0 413 0]>>endobj
-278 0 obj<</D[485 0 R/XYZ 0 718 0]>>endobj
-279 0 obj<</D[543 0 R/XYZ 0 679 0]>>endobj
-280 0 obj<</D[543 0 R/XYZ 0 438 0]>>endobj
-281 0 obj<</D[543 0 R/XYZ 0 344 0]>>endobj
-282 0 obj<</D[545 0 R/XYZ 0 639 0]>>endobj
-283 0 obj<</D[487 0 R/XYZ 0 718 0]>>endobj
-284 0 obj<</D[547 0 R/XYZ 0 428 0]>>endobj
-285 0 obj<</D[547 0 R/XYZ 0 366 0]>>endobj
-286 0 obj<</D[549 0 R/XYZ 0 564 0]>>endobj
-287 0 obj<</D[487 0 R/XYZ 0 493 0]>>endobj
-288 0 obj<</D[553 0 R/XYZ 0 734 0]>>endobj
-289 0 obj<</D[553 0 R/XYZ 0 467 0]>>endobj
-290 0 obj<</D[553 0 R/XYZ 0 375 0]>>endobj
-291 0 obj<</D[553 0 R/XYZ 0 281 0]>>endobj
-292 0 obj<</D[555 0 R/XYZ 0 626 0]>>endobj
-293 0 obj<</D[555 0 R/XYZ 0 531 0]>>endobj
-294 0 obj<</D[489 0 R/XYZ 0 734 0]>>endobj
-295 0 obj<</D[555 0 R/XYZ 0 199 0]>>endobj
-296 0 obj<</D[489 0 R/XYZ 0 700 0]>>endobj
-297 0 obj<</D[557 0 R/XYZ 0 692 0]>>endobj
-298 0 obj<</D[489 0 R/XYZ 0 602 0]>>endobj
-299 0 obj<</D[557 0 R/XYZ 0 518 0]>>endobj
-300 0 obj<</D[557 0 R/XYZ 0 394 0]>>endobj
-301 0 obj<</D[489 0 R/XYZ 0 491 0]>>endobj
-302 0 obj<</D[559 0 R/XYZ 0 522 0]>>endobj
-303 0 obj<</D[561 0 R/XYZ 0 734 0]>>endobj
-304 0 obj<</D[561 0 R/XYZ 0 675 0]>>endobj
-305 0 obj<</D[561 0 R/XYZ 0 528 0]>>endobj
-306 0 obj<</D[561 0 R/XYZ 0 433 0]>>endobj
-307 0 obj<</D[561 0 R/XYZ 0 375 0]>>endobj
-308 0 obj<</D[561 0 R/XYZ 0 281 0]>>endobj
-309 0 obj<</D[563 0 R/XYZ 0 734 0]>>endobj
-310 0 obj<</D[563 0 R/XYZ 0 704 0]>>endobj
-311 0 obj<</D[563 0 R/XYZ 0 649 0]>>endobj
-312 0 obj<</D[563 0 R/XYZ 0 501 0]>>endobj
-313 0 obj<</D[563 0 R/XYZ 0 471 0]>>endobj
-314 0 obj<</D[563 0 R/XYZ 0 417 0]>>endobj
-315 0 obj<</D[563 0 R/XYZ 0 217 0]>>endobj
-316 0 obj<</D[563 0 R/XYZ 0 187 0]>>endobj
-317 0 obj<</D[565 0 R/XYZ 0 734 0]>>endobj
-318 0 obj<</D[565 0 R/XYZ 0 639 0]>>endobj
-319 0 obj<</D[565 0 R/XYZ 0 581 0]>>endobj
-320 0 obj<</D[565 0 R/XYZ 0 381 0]>>endobj
-321 0 obj<</D[565 0 R/XYZ 0 154 0]>>endobj
-322 0 obj<</D[567 0 R/XYZ 0 734 0]>>endobj
-323 0 obj<</D[567 0 R/XYZ 0 507 0]>>endobj
-324 0 obj<</D[567 0 R/XYZ 0 281 0]>>endobj
-325 0 obj<</D[569 0 R/XYZ 0 533 0]>>endobj
-326 0 obj<</D[569 0 R/XYZ 0 383 0]>>endobj
-327 0 obj<</D[569 0 R/XYZ 0 235 0]>>endobj
-328 0 obj<</D[569 0 R/XYZ 0 141 0]>>endobj
-329 0 obj<</D[571 0 R/XYZ 0 692 0]>>endobj
-330 0 obj<</D[571 0 R/XYZ 0 545 0]>>endobj
-331 0 obj<</D[571 0 R/XYZ 0 424 0]>>endobj
-332 0 obj<</D[571 0 R/XYZ 0 247 0]>>endobj
-333 0 obj<</D[571 0 R/XYZ 0 152 0]>>endobj
-334 0 obj<</D[573 0 R/XYZ 0 734 0]>>endobj
-335 0 obj<</D[573 0 R/XYZ 0 675 0]>>endobj
-336 0 obj<</D[573 0 R/XYZ 0 607 0]>>endobj
-337 0 obj<</D[573 0 R/XYZ 0 291 0]>>endobj
-338 0 obj<</D[573 0 R/XYZ 0 220 0]>>endobj
-339 0 obj<</D[573 0 R/XYZ 0 152 0]>>endobj
-340 0 obj<</D[575 0 R/XYZ 0 705 0]>>endobj
-341 0 obj<</D[575 0 R/XYZ 0 630 0]>>endobj
-342 0 obj<</D[575 0 R/XYZ 0 571 0]>>endobj
-343 0 obj<</D[475 0 R/XYZ 0 672 0]>>endobj
-344 0 obj<</D[575 0 R/XYZ 0 319 0]>>endobj
-345 0 obj<</D[577 0 R/XYZ 0 734 0]>>endobj
-346 0 obj<</D[577 0 R/XYZ 0 622 0]>>endobj
-347 0 obj<</D[577 0 R/XYZ 0 264 0]>>endobj
-348 0 obj<</D[579 0 R/XYZ 0 705 0]>>endobj
-349 0 obj<</D[579 0 R/XYZ 0 577 0]>>endobj
-350 0 obj<</D[579 0 R/XYZ 0 492 0]>>endobj
-351 0 obj<</D[579 0 R/XYZ 0 239 0]>>endobj
-352 0 obj<</D[581 0 R/XYZ 0 734 0]>>endobj
-353 0 obj<</D[581 0 R/XYZ 0 675 0]>>endobj
-354 0 obj<</D[581 0 R/XYZ 0 581 0]>>endobj
-355 0 obj<</D[581 0 R/XYZ 0 433 0]>>endobj
-356 0 obj<</D[581 0 R/XYZ 0 400 0]>>endobj
-357 0 obj<</D[583 0 R/XYZ 0 734 0]>>endobj
-358 0 obj<</D[583 0 R/XYZ 0 385 0]>>endobj
-359 0 obj<</D[583 0 R/XYZ 0 128 0]>>endobj
-360 0 obj<</D[585 0 R/XYZ 0 633 0]>>endobj
-361 0 obj<</D[585 0 R/XYZ 0 603 0]>>endobj
-362 0 obj<</D[585 0 R/XYZ 0 351 0]>>endobj
-363 0 obj<</D[587 0 R/XYZ 0 665 0]>>endobj
-364 0 obj<</D[587 0 R/XYZ 0 594 0]>>endobj
-365 0 obj<</D[587 0 R/XYZ 0 407 0]>>endobj
-366 0 obj<</D[495 0 R/XYZ 0 696 0]>>endobj
-367 0 obj<</D[587 0 R/XYZ 0 141 0]>>endobj
-368 0 obj<</D[495 0 R/XYZ 0 568 0]>>endobj
-369 0 obj<</D[591 0 R/XYZ 0 696 0]>>endobj
-370 0 obj<</D[591 0 R/XYZ 0 621 0]>>endobj
-371 0 obj<</D[591 0 R/XYZ 0 361 0]>>endobj
-372 0 obj<</D[595 0 R/XYZ 0 692 0]>>endobj
-373 0 obj<</D[595 0 R/XYZ 0 630 0]>>endobj
-374 0 obj<</D[601 0 R/XYZ 0 696 0]>>endobj
-375 0 obj<</D[497 0 R/XYZ 0 705 0]>>endobj
-376 0 obj<</D[497 0 R/XYZ 0 630 0]>>endobj
-377 0 obj<</D[497 0 R/XYZ 0 571 0]>>endobj
-378 0 obj<</D[497 0 R/XYZ 0 513 0]>>endobj
-379 0 obj<</D[497 0 R/XYZ 0 455 0]>>endobj
-380 0 obj<</D[497 0 R/XYZ 0 383 0]>>endobj
-381 0 obj<</D[497 0 R/XYZ 0 325 0]>>endobj
-382 0 obj<</D[497 0 R/XYZ 0 266 0]>>endobj
-383 0 obj<</D[497 0 R/XYZ 0 208 0]>>endobj
-384 0 obj<</D[497 0 R/XYZ 0 149 0]>>endobj
-385 0 obj<</D[499 0 R/XYZ 0 734 0]>>endobj
-386 0 obj<</D[475 0 R/XYZ 0 201 0]>>endobj
-387 0 obj<</D[499 0 R/XYZ 0 675 0]>>endobj
-388 0 obj<</D[499 0 R/XYZ 0 617 0]>>endobj
-389 0 obj<</D[499 0 R/XYZ 0 558 0]>>endobj
-390 0 obj<</D[499 0 R/XYZ 0 500 0]>>endobj
-391 0 obj<</D[499 0 R/XYZ 0 428 0]>>endobj
-392 0 obj<</D[499 0 R/XYZ 0 370 0]>>endobj
-393 0 obj<</D[499 0 R/XYZ 0 217 0]>>endobj
-394 0 obj<</D[477 0 R/XYZ 0 705 0]>>endobj
-395 0 obj<</D[467 0 R/XYZ 0 696 0]>>endobj
-396 0 obj<</D[501 0 R/XYZ 0 428 0]>>endobj
-397 0 obj<</D[503 0 R/XYZ 0 734 0]>>endobj
-398 0 obj<</D[505 0 R/XYZ 0 696 0]>>endobj
-399 0 obj<</D[505 0 R/XYZ 0 423 0]>>endobj
-400 0 obj<</D[505 0 R/XYZ 0 259 0]>>endobj
-401 0 obj<</D[507 0 R/XYZ 0 652 0]>>endobj
-402 0 obj<</D[507 0 R/XYZ 0 223 0]>>endobj
-403 0 obj<</D[509 0 R/XYZ 0 652 0]>>endobj
-404 0 obj<</D[479 0 R/XYZ 0 696 0]>>endobj
-405 0 obj<</D[511 0 R/XYZ 0 696 0]>>endobj
-406 0 obj<</D[511 0 R/XYZ 0 595 0]>>endobj
-407 0 obj<</D[511 0 R/XYZ 0 216 0]>>endobj
-408 0 obj<</D[513 0 R/XYZ 0 692 0]>>endobj
-409 0 obj<</D[513 0 R/XYZ 0 458 0]>>endobj
-410 0 obj<</D[513 0 R/XYZ 0 145 0]>>endobj
-411 0 obj<</D[515 0 R/XYZ 0 665 0]>>endobj
-412 0 obj<</D[515 0 R/XYZ 0 537 0]>>endobj
-413 0 obj<</D[515 0 R/XYZ 0 277 0]>>endobj
-414 0 obj<</D[479 0 R/XYZ 0 529 0]>>endobj
-415 0 obj<</D[523 0 R/XYZ 0 696 0]>>endobj
-416 0 obj<</D[525 0 R/XYZ 0 626 0]>>endobj
-417 0 obj<</D[525 0 R/XYZ 0 516 0]>>endobj
-418 0 obj<</D[479 0 R/XYZ 0 335 0]>>endobj
-419 0 obj<</D[525 0 R/XYZ 0 394 0]>>endobj
-420 0 obj<</D[525 0 R/XYZ 0 360 0]>>endobj
-421 0 obj<</D[527 0 R/XYZ 0 718 0]>>endobj
-422 0 obj<</D[527 0 R/XYZ 0 688 0]>>endobj
-423 0 obj<</D[527 0 R/XYZ 0 515 0]>>endobj
-424 0 obj<</D[527 0 R/XYZ 0 235 0]>>endobj
-425 0 obj<</D[527 0 R/XYZ 0 205 0]>>endobj
-426 0 obj<</D[527 0 R/XYZ 0 151 0]>>endobj
-427 0 obj<</D[529 0 R/XYZ 0 734 0]>>endobj
-428 0 obj<</D[529 0 R/XYZ 0 665 0]>>endobj
-429 0 obj<</D[529 0 R/XYZ 0 611 0]>>endobj
-430 0 obj<</D[469 0 R/XYZ 0 734 0]>>endobj
-431 0 obj<</D[529 0 R/XYZ 0 411 0]>>endobj
-432 0 obj<</D[529 0 R/XYZ 0 356 0]>>endobj
-433 0 obj<</D[529 0 R/XYZ 0 235 0]>>endobj
-434 0 obj<</D[529 0 R/XYZ 0 141 0]>>endobj
-435 0 obj<</D[531 0 R/XYZ 0 734 0]>>endobj
-436 0 obj<</D[481 0 R/XYZ 0 734 0]>>endobj
-437 0 obj<</D[531 0 R/XYZ 0 639 0]>>endobj
-438 0 obj<</D[531 0 R/XYZ 0 465 0]>>endobj
-439 0 obj<</D[531 0 R/XYZ 0 265 0]>>endobj
-440 0 obj<</D[531 0 R/XYZ 0 197 0]>>endobj
-441 0 obj<</D[481 0 R/XYZ 0 434 0]>>endobj
-442 0 obj<</D[533 0 R/XYZ 0 665 0]>>endobj
-443 0 obj<</D[533 0 R/XYZ 0 518 0]>>endobj
-444 0 obj<</D[533 0 R/XYZ 0 279 0]>>endobj
-445 0 obj<</D[479 0 R/XYZ 0 734 0]>>endobj
-446 0 obj<</D[491 0 R/XYZ 0 734 0]>>endobj
-447 0 obj<</D[483 0 R/XYZ 0 734 0]>>endobj
-448 0 obj<</D[495 0 R/XYZ 0 734 0]>>endobj
-449 0 obj<</D[475 0 R/XYZ 0 734 0]>>endobj
-450 0 obj<</D[523 0 R/XYZ 0 734 0]>>endobj
-451 0 obj<</D[505 0 R/XYZ 0 734 0]>>endobj
-452 0 obj<</D[591 0 R/XYZ 0 734 0]>>endobj
-453 0 obj<</D[467 0 R/XYZ 0 734 0]>>endobj
-454 0 obj<</D[467 0 R/XYZ 0 734 0]>>endobj
-455 0 obj<</D[519 0 R/XYZ 0 734 0]>>endobj
-456 0 obj<</D[511 0 R/XYZ 0 734 0]>>endobj
-457 0 obj<</D[601 0 R/XYZ 0 734 0]>>endobj
-458 0 obj<</Type/Pages/Count 72/Kids[459 0 R
-461 0 R
-463 0 R
-465 0 R
-467 0 R
-469 0 R
-471 0 R
-473 0 R
-475 0 R
-477 0 R
-479 0 R
-481 0 R
-483 0 R
-485 0 R
-487 0 R
-489 0 R
-491 0 R
-493 0 R
-495 0 R
-497 0 R
-499 0 R
-501 0 R
-503 0 R
-505 0 R
-507 0 R
-509 0 R
-511 0 R
-513 0 R
-515 0 R
-517 0 R
-519 0 R
-521 0 R
-523 0 R
-525 0 R
-527 0 R
-529 0 R
-531 0 R
-533 0 R
-535 0 R
-537 0 R
-539 0 R
-541 0 R
-543 0 R
-545 0 R
-547 0 R
-549 0 R
-551 0 R
-553 0 R
-555 0 R
-557 0 R
-559 0 R
-561 0 R
-563 0 R
-565 0 R
-567 0 R
-569 0 R
-571 0 R
-573 0 R
-575 0 R
-577 0 R
-579 0 R
-581 0 R
-583 0 R
-585 0 R
-587 0 R
-589 0 R
-591 0 R
-593 0 R
-595 0 R
-597 0 R
-599 0 R
-601 0 R
-]>>endobj
-459 0 obj<</Type/Page/Parent 458 0 R/Contents 460 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-460 0 obj<</Filter/FlateDecode/Length 93        >>stream
-x
+ä2T0
-endobj
-461 0 obj<</Type/Page/Parent 458 0 R/Contents 462 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F5 6 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>/Annots 54 0 R>>endobj
-462 0 obj<</Filter/FlateDecode/Length 2062      >>stream
-x
ÕZÛnÔH}ÏWø$ƸÝn_s!,	lf–'$4'™Õ\Ø¿§ªoå
-¡¬ÀË$7Y﹃­ûVqôLÙpôꜞʀ\µœ)Ӣ蕉aD¤ÄäN™jÁZÑBspKC’�ÔrIƒbÅÂæ0`s"D†˜pc45ÓìF“‘Wà¢w#K,"’ÜðÖät—`k4‰,;YT4TˤVižX@z$'+I+X�ð‚¢ ãltŠ@ZA£8<¥BbHP@žÈQT‹¼°¨É	€‘ÏŠÜœ€P©‘V‘�âV‡'�Rk§R¤œg@œ€Pš‘��”RúD’•ê¦æ¨a(J
V!…›"I‰Á"­Œ`­Úšò	
`=¢ZÇ)Ä¥It %†ZøUÖª­g¤UË ªuœÊ)¯u %&µšX«ÖÔ<”JÍ DÖB
-U;ApP†‡U;À‚Ì!.”�
‡‡Aä”­Ù
-òЈHÊ«4³4¥³D	È:ý�A¬,ùq<És,FÁ°Õ¼‚‚£JŸ# 4RU�ÈZ@rÂwi$9h9VZ"x,, A
¡”}àYi„PŠBki•æ¶:¢fÂ4$( &x†`GN@(Õ”ã‘44¹²u“Ì#6•a–qÜÈÇ*ÉRÕ¶rÚrlQ$+[­¤bÉÒÕGT<�õ‡P$±XQ�£iÞðÒU’GšHš
-GFÒtì¡�Ø.'¶£õv%÷‰Ïß—¸õ»œÇ¸±:Z7jJžAß�ÕdiƒŽþ3,ªív~Çk-ÊAÙ¸Eq_Ñ܇vE´«ØïÓŒ÷åltÏõ
-#Öçm(qXU2ß?\¼:ûë5Å…ë°œo¿m»–?ì€B°ߢ£yPæp!ËÜuû/Ý€>¦*½{ïvÝç�í
¥×Ão«nü•îÖ8ŒÀÖ€ú§Ø¶Yöp€3Y
-±­�Mîºök燀öïG0)ú#ä̶¶…¾–ßÏ6Áp×f÷%Š¼ÙUìmn×›å¸û4k'»»O2îuC³å UÖš+ÖL…×4…ý¢y¾ö
&�’ùÔN†»»»vK½3§=NuÃòrÐð÷®´-³*ú;a¹§Áf Ý¬Æ;‡‹´>Æ

ù¦îûÑ¡ÈŠ{~?¦ó�vÃK Ž[�߉þ�}ÁÂípxY4G²µ=fy_¹Vdz•_
o{ŽxyÀUðAòÙ3‚Š‹k(`¼ÂqšÑ¡PíO‘æÜXãÄ*6¡“o]»ÞÌÚMzOƒ‰Cå}Ÿ!õí}$R|h0ÀË‹^Þ}8ÅŠ>Ùݾø¼ÞÚïƒ]ݼKÎfkQŠ÷¿¡ÍÃsiô‹/ã…
ö�·c.À°"Dw(
ýM2âÍl¦oºDû$Æé!¯fx³.öæკWQÝ?£}­`{BfP”¿3™¾ÃÁŠàìaþð‹cÝa/‘ãŒ;†æÍ&„µ$„wØËbapyðLvá­É’ho?…£ÁxƒzØ4VöˆÏÚíí篰÷°û>o­¨Á7½ÜµEß—CmpÖ²5!´7½ÔuöM1s¾ýbvó³ú€ÜgŸ
½·‚7?«
G2Õ^^Öî-<ΚŸ7¢{Žßˆo’ð-�Îð%ξUÖÐ
-2§EòÕèäÏ“ÿ
-endobj
-463 0 obj<</Type/Page/Parent 458 0 R/Contents 464 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F5 6 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>/Annots 99 0 R>>endobj
-464 0 obj<</Filter/FlateDecode/Length 2547      >>stream
-x
ÕZÛr7}×WÌÛf8`0·GYŠUɲlÒµÏ5Š¹&9Z^œøïsNãJ‰.U¥‘kWÙ<ÓÓ@ßÐh4æg*+ðWe�ÎÊ:›-ÏŠ¼À“ðϧ_ø$«M‡—Y©sãÀ"Ÿ%p™5MÞ¥´š|e•·à«Ú¼v€|	\fª(8¨¼IbŠA-Ë\¥ÔƒZ•ûNª5r`M‰ɬB,:̶ÌÚ’4
¤%ŒªÈ«„XR•ª«sMU:üg�¡�±Lˆ”ÀcPu�©#+
[Õ�Hµ|Q€Ø Â%”‡:‘–@¨¡Â ä³’Vµè�Ñ0�
-šŠµÌ ‹É,à –V6¢|Ëø0"MQRA4BLX˜=¢T)	º–©Åƒ–]+–i4´· ÒÚJÅzl³R€L!”ÐðD¤É|e£D‰†ql
ùHAK2Ê›qBÉZâŠ2+È„¶R¦H³šJlJ¾(@&Œ�®hɈ‹R¹œÛ�O€È!¢›i	¤¬‰)¶3¦¬œQÃ^’8+Ìh
gTBûDû%Øü ")Ó¦nl¾•x²@ø˜o4VQÙ:i$Æ!š€8fi“f­Z
-oš„*Z*D!7d¸	 @	#b™-#2»$7úƒiÞ­oúQ™ÆF8ýaA°s*­ƒÄ>
b�År]Bƒ!=„0È40¦T¬ÿ.‡M1¨£:òZE�õ$°—L�…$ª6B0b/�a1Å "
Ã)‘š`P[&–Hµ“6sZ+ˆVp4U0ª@L1EÒ°c¤Ê°ØQ%diLùu®ù"’ˆã*¡EZŸ
CÊdØÇX8‰
-ò;Læ(JW1�ˆ
±8«„ák†Aød²Ú%~j&¿ÃdŽb­H	¤­¸±šˆ¼åÊ
ütÖjØÒ=I˜ŒÛ*(…üLŽ¢°_%¤R
-Ù{ùÙd@„kp˜ü:Š!�ˆ
±= ir²½�œ½y×ÁzÙä
Ãf�šµ1Ùä^êw<žý4™Þ-úlxÈ.†Õ¶_m7ÿžü\Ö8¹FŽm¤ÉöÓxº¼›ò
ÄZÙU8àavÎõjºp¼QáEQŠ	GÈ…š¯]Ÿß�“Å6[Î÷ÓÕô·~Íç´—1îy:OÝi÷ôüöŠo²®:û,?ÆÕPŒQ× `ƒz·ÓõtÙÃbÓQ¾ç6qCª ï§~»[¯Ä#]ÞoãoÓÅ®—§u^'¤…jÅè,Ï«_÷VZ™æQ•ñ8û_Ìà
-ràÄRT>®¶ŒvÑÆ‘÷Ÿ›ëUŸ¨Ž¥Kkm„\++nòEäeÌ—�Óo³¼ËgÃêAÔCF
Š?Ì­v
-ÌÞ£¯ªËË“éÂjë“Äk>ÄäuÿÇ|6]ð
$˜®u‹<;Grù¾™ËÊBά�_NÁsV[«Ñh—¿NW÷‹ùê7qN¼ÞÈ´|„M¡S¥sç¾Ì·ýæq:OW8ãùÌú²9ÿî7œ2,š¿¨Îõ|e—<täî2_í¦Ûù 9Õƒi]Îù»uøÑx^7ô‡ÒäEEW{Ÿ<•å¬.<ñãn¾þjƒ±ÈÛÖ%—MûO=׊‘4bç#Ugü}µ�þ!K2ŸFŠ;h‚ ÿžøçwÃnKéqóUÂ#·ÖM>¥pø:¥´¦@{‰[‰.>wßôÛ·WÆ|­š¦ñél.K€9
-õËüQ‚]•ce¯}
rª 䃷ÓÍæ÷a}o}p¤d<üCÚs¿–f_]
€Í©ä¬çâ;Ñ­ŒÁè—ýê;UB3ºÕ>xÞ£Ø/àô¬pŽ<�̪åT©’Âe²ž>Þƒ=	 óY3û|u)ª Áõ1“<RI0í­�a-›âÞ1`µ[Þ¹ã&º˜Æ×ZÏ<ÖmA­—Ö’·ëa;Ì[å79:¾n{»–�œ
-endobj
-465 0 obj<</Type/Page/Parent 458 0 R/Contents 466 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F5 6 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>/Annots 128 0 R>>endobj
-466 0 obj<</Filter/FlateDecode/Length 2020      >>stream
-x
ÍYMsÓH½çWè´Ë"4�>Ž‰©Ô†b\¸GN´ØVPœ¥ø÷ûºç«
	¡¶*lËÓ›îéîéééÙSI†ÿTRå‰.“ùj/K3|	]Ó—¤,ü½J”IµËdº'à*1Ûœ€«¤®ƒ’Ó%AmÒ:“6' æSyZ	Rb²F“9¬Çš1غ‚~Á
-¼Jr•¥J°¦ “ò<-aRU�$Ò+ ™¤ÃHžT`°eF&Q«6kÒ"¨eÕ:NiMžRb¨-rš4°¬Ö4eš{µµžS�‰¤ÄPkÔ6+0ùB«eí¤5¹ïBdÄI§2#)1ÔêÑ�¬U[6œjà ªuœSH‰Im�
-%ŸaÀŽDA¬£¤5UU6°5	2`Á!¨(‘")1Xl‡F²ƒ­8‚bkm¦9ìˆ)$Фr×À!Bi^D‚¬´h2:k± (õ­�N")1©¥¢#X�Á
-‹Y_QU¼˜MƒÅ´€&0¨å‘Dºiœ¤Ò
-Aˆ¢Ó¤´f‚,j‹œVbÔÔÂJÈÚ(•'ŠBd!Ê(†‘vYÃQb9M¹„9BheD¤
C^pì
m݂
Fˆ­K{"r’Rª€‘´¦*ÚÏ ñ˜Êˆ´J B�eQÝÔÖKµ(ŠVSp#K«¯+Ån¢Z°—r‚$ÅÃC2–*J$9<qáO…¬”Î#]öꌬ4BRÊ‚<’H‰Ár¼­f[æ…`Ë$X�íi…(„y­3
ÕC™¯ЬòÁÛç°‡äíú(h•â#eª Œe@JDVæ¡À	H1`/)1Å@!þQTb°mÁ
-ŒðQY‰ÁB³”µÎd¶Å@õ‡3È
)
-9ªI$%[P+ X�Á",[²Ó¢Ñ^Š²”Õye[
ÎjÈ"
Wè¯àIä$k£¤ÌÍKÛ`¤r€8
!ÈeÆŽ$òp¶÷òuƒ &³N,ºIʪHf—ÜýáóüŬý´ì’a‘L†õ¦[onÿšý)+Hj߉íç$öâlF4ZB˜Žž_’£aÕökú\Àìܾ8ŸüétA*@VC§ÆR‘¶W³Ó·ÇoÏHÖÕ•v:Ç›9σƒ§©Ü·ÙØ®oÛùÆÍTæ~ðY»ê.é+š£j7ü¼¿éè#ÎïB;£Ò'þc͈�!>&ºy:=`K²´
-Q»è¾Üu·ìŒ®SÕäÎìÉu»\vë+¶½€ÿ^â‰M¿G½É­7ØRÕ#ÞÜm®‘;ý¼Ý°á¨ÀMé<b-p¤¤kýž™vóÉùS—Øy!ï[›i7þÛ�ä<º…ÂûqÞÞÞ~FÎ4ˆFùü›v¼Œ
-—‹ÆeßnŠ³m—
-ðc‰7=xÃɈ(Ô~k�Wï`´²u]<ó:Á-S°?TÃ[«ÜY,xý~/è.'üùˆ?oNN§§og?¢â¯XÊ)Fï|Ïcs‰Îxaì»»nüÆ™ƒN¤öU~1ð>Á�`ª°QŽ&<Ž
-ï3Øw…ø—sŠ�Ù°÷ýVÀõHÿ°ò&-K·Å…¢çû§)y]¸s�.\¼Ÿ¾çpãñÀÉÿ<*ÑÏáj½ûŒCîØ”#bi>suí�¯IÉôºí±Žjh
^­ïVœr¸œ¨çpàǬp.UÙ#þÜ{Ô;Ïq�Ñ®''ëÅÀ>f©É]·ðã´;úbj»`u±!'ã·›Íp5¶7×=÷o%ZýÂï¬ÛþÒ®\–•ëÐw’"[ñ8u-&ªL8ac‹¹Õ+‰®£·çW‰VE=Ñùå}Ækƒ¬‹GÝ¢_÷ÀÝnñLÀUa•ÎÇa3̇%Þ—½¤Ÿã³i8µ`Y°x2¬Vþf‚ÛñsŠ?‹„³É.óbzrÄ	á÷jÒ®¹uTrS_øAxV/Ýùù³©vÈ9¯dæ|è–ËýÏëá+÷Šx‚0¡ö~à±Õí÷šúýTeÆ)T«˜B›Ž%˜Òp<rú¥ú^ßîpÉHyûÆË]¾`ß¿§íêSË;7Ou㺫ä|ìqùZ_�wÓÚ§�M7®Û¥-Mx‹ÜÕMøÑ�•šŒ}ù:¼
ÔôÞ¶üÁ§ÛÍè.ûøé!Øyü¨<Àú±omæË
U„�²hçöz�¥Ò~møtÇIH/$öeå};öÃ¯Ò 6؇íü3§,ª†ñ9Э/y$Þ;ª]UHç<=éÉÒÇÞ³�ð&$).w춼TÏŽí+µÛÅï²Êίí”ÄËžeNŽx“áò-ÌôakÝ&ËÇ@x•LÚùµÛ¤x
-�ÝÍ==GÐ=Aà}1¼Q8®Zê6H½Ážyš†½´—À—@ùöó¡___m5Á‹ª¿%g³—ùßd~àŒ�ÜC^ØHòp4ì!ƒÏ†M¿à+&=CT»9G¬£¢ââA÷±rûáälÊÖã÷Úð†²]jñû©‰üµ:òÄ£JnØE¹Ý¾Fz�r<Eâ�Ø–Ÿ×m¿üC~Žò;ù‰MýUõÞ¥Ú½.ÓO\
~Û£�Þq»?<HŽº»åpÓ�·Éñ�»�è,KJë*khdß÷´œ¯f{ïöþ±dÕÔendstream
-endobj
-467 0 obj<</Type/Page/Parent 458 0 R/Contents 468 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-468 0 obj<</Filter/FlateDecode/Length 155       >>stream
-x
}Ž»Â0E÷|Åa ØiHÃØŠÇÄ€ð 6•Š¨€"ø~\Ú‰
Y–,ßã#?ƒ´¹CPu†,!d+ëác®³Óîš1pdÝoPŠYîÖpiÔò©¡ÒM5;‡²À&½ÓõvOýûW[§¹\¾WìÇ«EÆj–zÂ%�»‰`ž�àƒÜ”>’�ÑëŠñ`ØŠ9šÒ°7~endstream
-endobj
-469 0 obj<</Type/Page/Parent 458 0 R/Contents 470 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F7 8 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>/Annots 171 0 R>>endobj
-470 0 obj<</Filter/FlateDecode/Length 1633      >>stream
-x
…WÛNÛX}ÏWì·¡Ò`âKœ„§	¤e�€2$íS¥Ê‰OwlŸŒ}åïgí}û$ô¢J”åµï7›ÿ>
ñϧq@aLëb0ô†xÒýxºÄcoD£IàM¨ ì{ãå´ã‘7íØ0¼Èaa‡F!ÿ„æÈ÷±&?�¦CÈE^ܦXЈXAæXÐtŒ zÎ�ðN;¬èbŽf‚hzUƒ�ÄÈÒa\PƨHϺl<9JÂHt<ö$:‘¬pL–‹#)¢‡O
Ì9Ð&ƒ
-u¤U
¥'(:*$€ÅaÄ%êHñŽ!"�²ž
-`‡£S‡ƒÑ´Fˆ­Ñ0�r�ÎB€í!’Ÿrµ;Î�0r‡{Òõ'Ò
-kT@o´åü€OGØ‘.†YŒâéXkvÈ™ãBHpz³-ç‹JØ‘.f³CŽ¶cÅl0åHäðÄØb–�8ëÐ!Ç\µ`<µ;€	·ˆ5-ó€K�>Ž£žD
-r]å~‚˜ä¹
-pÇ8KÔ;j
Sl·Õ
-vjA,YÈV˜r`�£Ï&;Îfï‡öRñ>X[t€È!¡=i‡mÛ�@
-訠½n�‡
-Çãâä=q2;ø<•#ç~8Dø¢›L"|^àúÉ‹ÿýrðÏàp�-¦endstream
-endobj
-471 0 obj<</Type/Page/Parent 458 0 R/Contents 472 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 7 0 R/F8 9 0 R>>/XObject<<>>>>/Annots 223 0 R>>endobj
-472 0 obj<</Filter/FlateDecode/Length 1857      >>stream
-x
uXËRÛJÝó³»IUp¬·´t ªìÜl²²ºØ’#ËIøû{N�<Ó(IQ…}83ý8ÝÓ#ñý$0sü&M”šj{2ŸÍñ÷ëöýIÎæ&ÍSüÞš fñˆ6f9’X’“LãYaRAžLŠY*dD;‚HF4˜Æ)ÌmM’ÎÂ�SpkŠb)𸣀Å
-7j6	—gm&Q Èvù`C¤Nr.v‰]…¹5Ÿ%&u¬MežŠHñ	�T<¤Ùx–)Rcš-hÖme(I�ê�²@âI„x9ŒzNÁ­É·�û$Ò$Ÿ‹èiŽÈ)ÈHŸ“"]’fVº€AY$Ñ(Ì4ØŠUl–CvÏZÃIle·†)ÃGÖò¬Â03¸Ä³
-oMˆ| ¦c­Ûx.%+¦#€^„Ù$¤JŽÔlžÌÅZ}ÃLj–&ÌT
-Ú@‘…#ecT$6C~X =„CÎ:ÏÙ}�	B¼ÄDÄ¡‡pˆNŠɶˆR¦‚¶ hpŸ‚[“¦hCÏ)ˆX¨«ç¤?Î@OŠ?Lf™�ã@h’#„Ø,²çD
9�=gs�íí!Ý	�ÜYº#Q.Šy2°—[Y’ìc4·c]Œ€œ‚ˆfNed!9™=�¤'åô†E€lŒZà¢	3;ÿÜ(™±È“é8Æ©PI ”“Šâ³ƒ-��£•…äD¨húTmÔ,Z$ѬÂ`6žrJÕÃhœósvœEô(L·1ÝÊZ‰W¶b&KƒÌäÉÀÎÛ¼ B@SVñ䈊€œ‚ðˆGŠÔ,Îw Y…ÁÆÉÖ¬<¹xVªävVèÄ$ˆ1il
gš…£#›±�Õ^…y+…¨�g­[ô
Ï4z
É
-%<„Y(Q(Rc†”1`·ÕšÅÌ—Þ;¼Ù‘ðHƒh©1ÍrÞ+VafÊqáYë4¶·�ÍE€w:rö‘2p¤Æ4›QNÏ*
p¨Xë…ÒJ’©
-_uè'ƒ3Ë¡G1½Ýª-Êš‰Øo!BÝKsY£JÙç–ž¹û¸D>¦û�Ó-Ú=Ž¹B¡×æ¦ÙIOkÇv5™©>êr]÷“˜Ve³™ü‰ÞÞ4ÈîµýXT�RíÕêr¹ø[4jW]ïêÖÜt›¦’ÚNØO‡º2í}§Ö趦‰£p5\PÿõXèi†Îݲ®úz˜äEölÓíE²I—]÷xØ™åÅùrš+·�4U·•ÓŠ_½]]^¿¿¾2ý®ú›&z=
ÞÖßõ~0ghäºýö§˜‡á¡Æ<ªÊ¡6á’YÖ=›âx†Íò�)/ÿ7;Ð^¿Ãç\0
^ÛÒ·q.—V½Y˜óúG½év8¨æý¡YÛ�Éqåi6/xÏ,îö§7#Šñb–ç1þO	"â_Þ®N>�ü½°endstream
-endobj
-473 0 obj<</Type/Page/Parent 458 0 R/Contents 474 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 7 0 R/F8 9 0 R>>/XObject<<>>>>/Annots 246 0 R>>endobj
-474 0 obj<</Filter/FlateDecode/Length 1094      >>stream
-x
uVMSÛX¼ûWÌi“=`ô-ùhl ¨%†`\¸(¶J,‰•í¤ø÷Û=¤ÁÔ&U†¦ßôÌôÌ“üïÈÿ}I	YÕ#oìá/ýÇÝå(
Æž$Y‚ÏZ&Þ8|[YŽ¬Å÷£qlH‹ÁFTp:
B<ƒ¬ŸzUDÒåŒ'ã„9'ähÎ
2g<ö
i1Øpù!ÔÉ¢�ˆ²!~$
-Tv€"öÙ“®Ø0LµMZë
-˜Ô@&�Ç©!-E´¨u²^¢Æ;ƒìçûe{ÒbȆ);XƒÁÆ)�ïY50†å¨ïy bV‹Á>l0¬ÁL@ðƒ�²�ʃE·ž�5¸– æ eõ)Î<]öMÄ!:/Eœ¤º¾Ïíuh !ÇÁѵHbE$�¨.�S@Î@¬YÂF{Î@ˆzš ©³7È°+±"ªú#4˜³g]›¸º¼oG™ÐwMÀ„žåfƧ÷&¤0ÐÀZ’	3öœ�´ÇçÄzR퉲L½Ã…Å
Š:×�Ö¡îT"ä¤(Ÿ
-i1›ä5¬Á`ÎÍ°ƒEe™e
†	hÆå
-N|KœáG¤€¨�UÔÛsx¬¾C–ëÁá�t¢Xl,£{‘Š¨8¨ô.ß;¤(¼i1=8b
Óß•˜ÔbxàiŸ}Z‹Á:7{Ö5ƺCXqŒ[�Žt€H
-Y­'-…ÚÀÌ‚¹œ†5˜ó53°Üêöðòê;ÀŠÄÝÕ‚ô 9Y-ï÷èÚDÜ\ŒK¢€�20 =ÉbB¼
-endobj
-475 0 obj<</Type/Page/Parent 458 0 R/Contents 476 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-476 0 obj<</Filter/FlateDecode/Length 1556      >>stream
-x
•W[SÛ8~çWœ7Úâ\èPØÉi¦�i÷A±åDÅ–\I&ÍþúýŽ|Áx»ÝÝá’‹tnßùÎ'ùûÁ˜FøÓÙ„ŽO)ÎF>žM¢	Mggx?ÁŸ•”\­†·ç4Ñ*…ÉéÙŒV	aûßÄoÞËTiå•ÑdRº—þjþ°¤…5ÞÄ&#¡º¹|»úv0¢Ád
-ã7¥3Yl~7‰t¼È1ÆgUŒÁñy`ãýÍŠÝUëS�ëõÉYtÖëp¶ÔŽÌ³´ä·ÈÙd™Ù)½!o….Œõî‚V׋á|ñ.dxó8‰ÍŸ‡ËÅ爖"_2:ÛSé¤kË`—uæãã*¥ÊOD·ÆR"½P"ë·Zj�—Ò9†e)í³Šeûý{áÅÆŠ¼Y8ª@ªJéEcèÜ9)ɦñx4Gþ‡Õç	Žj«Éiðå.p�Ê‘ +vmèa%MsT^d2—ڋпpÍؽ �ÔÉ:ò†Ö™hO¦ô½<[ìwÊÊC’ùZ&‰Lh§üViº»»¦ÜE!™:;m<Hö½„
¶n¥üÜ·†FÁmk/`S*ÔçZ+SiÅ:Ö+NXiçQÐKÈ”·ÆBs)âÙ(¤Ø¯&E
-kT
-Ó㶯v IôÒôAcP#Zq™y‰ÒâL¨±�6/5’£¥ßû\8îŠ3Á²�"(Z"&w©E —8–B­eÌŠÐ*[ˆCnÂVd)*­u¯›s•(:»Þ‡Îv,¿¾e{qÓ&Å5ê‘H…ÛÚ1
èñwq¦X€x‚CÊÏcùOd¬Wä@Ä
5>¡ø‹Øc„¨ÈJ–ÈC¿/ ZíÃWñ
ÔR™°,Í^Ÿ#¦âÏ$’ÄÛ^MÜiÁç
…QÖ%´°³`X1Ã{
-C{ªv2B•&UôíÒ	:
-¥ti™
¯†µ-
-¡gº±2s{{¿»¼g
-}ÂxN°'ɇ©%‹{«¤
QÁáÚA…ˆŸ¤Çª5y}»
‚ãh||v„³�âøøüïDRЂ­Ù¡:–6)áÖ^"š§á<ߊg0Ž €I/™þô°w†�¥`gƒzõ
-òÈÎO¨�6×È´ê5yÓDŠŒ1âc§L܉ÒTÅ}éæÔÜ&
-endobj
-477 0 obj<</Type/Page/Parent 458 0 R/Contents 478 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-478 0 obj<</Filter/FlateDecode/Length 1463      >>stream
-x
…VkOãFýί¸ýHÁy�&a[­´´HÝìV‰„*Q¡ÉxŒ§Øwfœlþ}Ï�±C0HÕŠ°Ážû8çÜsçß“1�ðoLó	]ÎH–'£dD³ù,™Ðt1Çÿ'ø±Š²ð`2ú_{nÖ'û)�Ç´Îk¶˜Ó:%Ä�h-ÏÜNø\92m¬©Γ·"Ë´üáïä|ýŽ_ѧøøÅå4™"ÀÙòf¹¢¥ò7÷_Wñ¥×“y2ã—l&Ç£Ñ8ñß=¥ÊI«7Ê
H”¦zFƒÌ–|®ñm€ßŠtYªT•^›ŠD•RãŠÃ!:mÓÑR”ŠVÊnµT§¡D6¾(\Øzx½Â‰LYG§ºJÍÎÑ}å•­”{–v¹–9iGYS{jëNHT¢Eå´i<åÂá'%oÈ‹Å
¥tµ’x‘�¡ì�ö9Ie½ÐU‡U(Úþ`lÊ]*‰´ç‘>¡Ç³ÌXR߃0à'©…£èô²Zõ¬˜
-)AßÏcù)¨Ïm>Qœ3ÕŒp¥�Ø»„î!´¤Ñp·J¤`�UÀ_¿hi�3™§‡ûe ÷¨[
ü®Šš2] ).›
D½h¹p�ç)“YTËA#‘à‘c’‹Qdã�!ÀR	LíŒ}é„2tì3�(Ø™¢áÖÑLäç=B
-MKÈ,£Õq7ø*u�8«”\³AVbž^±€
	r8W¨�NšäÈÑÞ4–þ¸^‚Ô;×Ë
ËGÅÖè€.gnQXß~Þ;ª£òéûÀ=äªâ,Pß‘Þ`ĺüƒø@³bÐçïo�]Hƒ‰\À1úx€ÜöµuŒ5ä²4qr
,+Œ‰Ï
†2ê2†‡¡Æ(Kˆ-=—Svœ¸-°‡ÙV;�ŠZ÷ê|’¢zŠ8¶y íZ
	Š4EBô£YO‹�@‰�g�kÀù>È)ÙXí÷½¬Ð¾3Uà’JýœóŒ`P"lNó°Ö�÷,Ÿ
-A“,„.£OÃP¢[LyáÁ®_[Ô®‘hÚÅ=N¢å°SQ*J÷-è`r=“Kèk¥x°Èáv©°}<C¾œÅ‹ ;¶ÀO¨¦ï™¯È&®Šûd˜Úça
-¾
-SÛáíýÝjÈçyûðà§ÐåêËMØÃÚÂb¡{�ß1>a�º¿úxÎ
-zaá ù¾<¢ã<–„&Â*
cbMƒMvÒNØ48þ
LFpYʬ)©õ`žXGãËù
-endobj
-479 0 obj<</Type/Page/Parent 458 0 R/Contents 480 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-480 0 obj<</Filter/FlateDecode/Length 1643      >>stream
-x
uW]oÛ8|ϯطK€Äuçë^ŠöpòТ‡ø�—
-;¢³†hƒÎ•sÔrJº¿hô$!k
-M À¿ñ$�KÄ?;ô+±:hcÕ0€+B B»,'bñ?»A
·ºjUD«e<-¼Dé]×@ËIv
A†ÍÂ<νÙ0 ÈÐ
ãºÌÑT“z<BL`Îs7ªÃ¾¨^4A@’,AAÑ�-‘+EzTæóé xyÜÚ¨^qtV*±¦Žz´-à|>CkT‰^ÃŽÊ$6í‰;û]Öv

-”Õ†
-ònÙ…¸ƒí(:+Ëp¡	5M$ÉJÊ,u¡:Ø‹‰#;óAk—Ž/`PÐÇ‹ÖköB
ÓJ}bB¤k2›lEÍ1Ū@_¹º°Û:¤<öm˜Èóà¾^õKU¼dS
ž
KDì=ËIÏgCi£‘ÖÆÙxe·c[ÆÁvÒL¢…œ»;µ	W/,'iàPWL=´×Ù¨Yr
-ó‡þσFÿoin¡qðÃóLO(T£`åÃãTB-­~C"kªpp®¢?Æ“Dý�‰hŠîe1‰;›ô•šÿ70mV0DðUn„ˆÏ©Qö.‚Þ=d±s>ÂÃò韤ÂtD Àv€~
-¶ÉD¾9{1>	¦»Ù¨åiÉ£òfnÊ>s”ÙUeR7Ð_ýK¯|	dè"lBâBŸÈ£œ	¥Èœ.˜µnÁ$pØQ¼^%[�ÈC«VL„„š�iÝ)ž|ÃU§‚¿
0"’fO:T…xNTzƒˆpfÁ
Ž¹½8j‡9%¶k
ïЈ´ãåê>_@‡QλÈõ×d\O¨h�ÿ[äí'�ßÒp0Ðl;ƒ�eeÿÅÐ!ƨ©Õ¸Œ¥TÓTL·¤pßäŒ2å‡ÈâôhŽð鸆k”‡ƒÙŠé‰ðIP"Kß2vÀ|÷F×pç¡cÊRêPx³Ž@cZ—”)î°nà\¤¯’„nMËYi5€´]»Ä¡®:â{P»Įß'6† Æ´Ôƒä>Š™žÆ)“z€öõ+Lª’ªÀåöùjMJJ<O6Þ.•të¼/mwÃÏ�ti»á�&�žZÿ°™ßM'wwó|m½eÁ.Nþ:ù•Nbºendstream
-endobj
-481 0 obj<</Type/Page/Parent 458 0 R/Contents 482 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-482 0 obj<</Filter/FlateDecode/Length 1656      >>stream
-x
mWÛnÛF}÷Wò°XÉql¹/…’ôâ"MRXAú` X’#i#r—Ù]ZÑß÷Ì,©DD¶Éݹœ9sfôílAsü[Ðí½º¡ª=›sºž¿–Ïå->¯ð?0môÅby]ÜL_¼YŸýôÛ-ni½�­›å‚Ö5ÁÎ|Nëê|½ljë¶äÚ²¾XÅékZà�œž]ÝÂâºÆ1éàû¦¦’ÉÖlšK*ûD[N‘bïöT©ó!™Ò66Õ·ÞnÙ¥Xˆ]±vS\‹µ•«(Ë5%O‡`“¡Ä1QÒˆ"5¶&iãƒÆ†&QqÅ»æHÆE;{K•w1…¾B�ç}”L"§¯m‡šü.^Wâ·ñn‹7�}v°›zgÃVô-ÓÇŽTó†á&I¾È( ¢`«$f‡ÛpešF™‰Äˆ{œA)âïü�Ã�óèN1U}
-±ïä.!Zò}8…Õ5&
šåæ¡â;óûÈÚלKQú´£ƒÅ@Ö_|Ÿ&.‡€.õˆ„pš†ŒmÉoN
hØ–¬ôˆ:©áGÎ'Ò0¶Æ:0À¸#J䶳‰`ÃLÜ·8
-0÷›	T?è·£”hào��ÒÄ8µ
¦vlD¢ë^uCàG8¡õ=úŸP?€T­,¼�.v(QÛ5ü}â:«;*	§Ò�9óàSA_P_#Ģ播©v4J™(GNnpÙrë
F<BZNÏGäìÕuS®lkz§�&1ýï`üìÖ:ˆ(ä:O5�P'Q©µmU•	‡_’�eiDîìžlðN†ä%vAKǨ¶è<akŽTDw[=®ˆ¬Já½Ûä	XsÙo—ÌBt.FdAï{¨Û{¶Û]@˜¿h0Œr†W§†¾õÜëÅE	2ñºgî *I’±2A[“`ýâÚ©"ÌLs°Nüç¹mHæ3däTÓ!éæƒây”�
-:£³–ÁÔ‰)C“O7HÌÑŸŒýRv´LeY`3õò4ÈÊcòó]&‚!%•Ô‚îå‰!g+í&P/ñ�|E3'@!{gtªÞédDŸÉ.“ws�ˆyY“|CµÅ;plÐ^°†™^d–Ïþͽ�)çà$x*vÝ$€àz30Û¨s'K†®Uøá 1<“ô”¦C
e¢cŠ"3ÙßU9²\À%"ܤ$ómVÔ}âX„Zžc{ÂÁ2øƒnÛRè/÷Æ�rÐÓåð%bq»,nîîè5aý*ñ°úëÍ
-²šÛ
-ôü½G<âk6ž�ÝÎïò·a…HÒøåäz9/–Ëk|5Á:¿”K¿®Ïþ>ûD¤iªendstream
-endobj
-483 0 obj<</Type/Page/Parent 458 0 R/Contents 484 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-484 0 obj<</Filter/FlateDecode/Length 1221      >>stream
-x
�VkoâFýž_q¿A$p0oP¶Ò>È)›UµÞªRˆ¢±=€[{Æõ!lÕÿÞsÇ6¯Ujˆž¹Ï3çÞ;^ùÔÁǧQ—zCŠ²«Ž7ÓáQ¬ðÒ¡A§ã�¨?á·�ß>’–îÖÕÎ`èMÊ�
ïÁôþ
C7wêv(XÂãp4¦ vûX‰šÁZ’Y(èÓìÃ÷ÏdvÆÊì:øýŠµüQ©Õîõ½.ôšrK_76ßXú¶SV¼–’}òýJ²;ò†,é;ÒKËp³Z%jE©^Ñ2I%%Aç…4RY“0ÓÒZ‡&lÌ÷ú½.µ»oŒo˜$úÉYaå[š¾{GU+™YÝÒ߬Ý�‚_FP‹»M'^ª¯ãâ–‹…jTÚV¾ÚÛÊNØ)7̨̿ÑjÐýì×Ù=5žt7¿ÇÒ´A�wß>ó¯O0Þ„Èü
‹ëÆËÎëIi¢�×¥4Ê]Î:˜ý”	”xÕè·kÄF9>–Ì‚Œ-{E´…ˆ¬,É×(ÝļnA%·ìã àÕ‘½>ã_&
s,]Ò%•/2e«¼”IcÄJÒ¢)%8Ó•,ðíö
-¡°Óñ<¿³¸>7ì`uaÚF¬ÈòssåZ‰LÖ>‘–…Îh»N¢µóåH²�f+­¤’…
-¤28äˆ2ïáUØC|.ˆ
-ÇóX?“D"Mw-ä
-%§‰wd*”A®|ÐMÚÝêÀÞ_¨ºLÄ’69‡t‚•q.Û¨eô†¸é{ÄÀkÛï•õ?ÀøD‡‘;²'h-a½ ¡bbŠ{
-w$Ø[\{«¹�ª^ï«S=rJ´CÛÄ–tØsÊÅTÿ&o¥ŠRm8¢Fþ�Ö¸ð«:¨Ý3瘃­=]ZÎôñiã|„¬ã„Š´Ôiª·%>µI yæ…š%Ê
ÆQ¤S­J'„uEÁ´;‘gà
¢­¥ÁnS¤Ñº«Âä Ï\–„õè“Ì¥ría“£$ØV¤³Ù-÷¶¯ç<;
-Ñc¸¥,š‰erìk��6Îœ=?×}óùDŠ
-ÍôæR†®Ò–6*yA³bâS’å©+·(FKIlÕM˜´ƒ®ÇíÙ;Ðc¸ŸEõ8²ÁôgÈB“.(Ó®Œ‡i‘d¢Ÿb)ê¹ç£«’~é
sêPx?ËB6Àu�F%_ÑÎ0í´›ÿ9âˆýÉd|ÓÁ�üît0˜v-òŸHeaìEÓEs8˜,®kqg(‡#áïAÚ0Ñ
-endobj
-485 0 obj<</Type/Page/Parent 458 0 R/Contents 486 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-486 0 obj<</Filter/FlateDecode/Length 1218      >>stream
-x
¥V]sÛ6|÷¯¸ñLÇrÆ¢I}�’ûOìÔ“¸�N•æ¡êH‚#’`HÀŠþ}÷ÀIvÕ:­mÉ
îÝíí-ñõÌ#¿#ûåg®ã’?›;šÌ|áUIJ°0›Ñþ­Zá‹KÓÉØñÚ­ÞØ	º½.®Í�ùß®Œ'¾ãwðgº¿ÇóÝÍѦ£l¿p»àtQ@ÿ†¬®ïçä´HP—ïO�-b»Ã¥E4X¬%½»»ýô~9X^Ò£ˆ*u¹ørv}?!ÏknŽ¤·ˆŸjI*!}tKηPZ“)¢µ(V2v
-5dÒ¡·èa+°BU¹È¨ãÚLøŠÖhÉ:%tµUÕæyç~VZ‚
m–ª'Ù·‘CÚ";ÎÍq'jiÉszläˆæèvÙ%‘mÅ®nêbvê¼uÊÜ]QÚÌÇ‘ <$§U�ªH~5¨­Uë*S!¾=‰Ì´©}¼ûýîcÛ½>ßç¡…–¹,ì••Š€�Ñ{!ó^-¯Çl4º
%Õ
-³¹fn³t#oÙ�1áço>Ÿ]»Áõné߸îÍÔ»"÷Ϧ“ÑM7xË�7š-/»ìá—<Œ@°�n´¤Ù"öôRôw“Ø
üÞ¼¢J‚ž¨Bn1¥"–½1SÿæpB@Wl"S¸³—ËJ>¥ÊÀZé1»´[ŠÓ˜
-¥‰'n›ê5B]`d/ú¥Ÿ½cMsëKÁ­A¤J™ßs äÐ$	²lÌ{“ÌÔkl†V»gÑušË¦¸,-$#Ë"R¦€§²éŠ8v‹ˆU›i^êàeq`ÊXãJel5fÙJ¶,Ô)ÜîydQ–(ù¥¼Ç	Ùq3ý
úbàë‚>d&^a¦4mH`ø‚ÊLDÈQFÂàaÒóLkl	%²ÄeP¥/准N1\p݉»›ºÎ£›œ%+6y§è,»•ü&E»ìgÖ÷ÃENZd¸¸"ƒÑ¯{›gãŠpnŒD‘•Ô¦*�/[uç‚üÐ:PyÊfÏ»íãèÄ ´øÖtÏ•‘ç'ñdV÷Ïƃ0ÔqÙ`Ül;
rÏ>töñþið>Có`Ìê¬q+·FHXâ6/¼É™à¾ðž*�ê¬1žL©�5 ¦õ+ñz×Mýd¿h_7ft~Oœ“î†Jÿ´ï�(á_ò³=¬¤uq¡)7pKŒU{ì²OÑÎ%6vHáÙßø”Ævo3™·fí!ÐfŽ?Ÿã ì:ã‘=Aýööñö-½ã›*qª£÷&�mÁÃn÷0pq
-âÃÖá¨÷gÌI0qghÞã¹ÌÕÝâì׳¿
-endobj
-487 0 obj<</Type/Page/Parent 458 0 R/Contents 488 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-488 0 obj<</Filter/FlateDecode/Length 1264      >>stream
-x
•WýkãFý=Åppà€­èß)$Mî8ÈÑ–º¥.a%­d5Ò®o%åƒÒÿ½oV’-çÜØM°bI»ofgÞ›™|;óÈůG3Ÿ‚)EÅ™ë¸4�/œ1�ç3|÷ñ1’¼˜Ïiw1)n\šLæά[:v&ÝZ—ƳÀñÚ7ã)¾¶(.:Ý¥EOyëIƒ©ëø4ñg0ëïôg;�=ƒä�'hágóž“\ñ[¯·G¿^ž]|\�7£e‚hM§gNË؞åe4X®%ÝÜ^ÿöéêæf5X�Ó}¾üûÆäy;œžbßà³"ÇY•iE•¦
-»ò:Nå•:¯ûÏC£¤¢<S’6F‡¹,(–ed²PÆ$Bý(‡€àf%	Šr)ÔÅ!xÆn¸4òÄ
Æ÷ü,ØORòQJ¥’FT’aÖRÄÒ8ô¹¢§,ÏIl6RÅXøD•|®:¯£Ú©*xÖ)²,E*	hŠ²ä•]>e¢M!*
-ë$�A8,‹Mõb½¤òEUâ™tbãqÀK,gŒR’R5þ•M{<§ÉƒKNƒçŒŸF>Rˆ¿ˆáÇZ[
ÈÒjðn¹†©ÖZ’™²²áwV+õŽ�ÛÕù�Èa¦ÿ
-/©zÙHzÿÌ2#Å2y_JLY‡
-.ã†_<ió�]oð€)=<˜VYÀ!¥¹ÙäcÎÈhô¡�½o2êè_ï-ø꼕É[,æÄì¼–gš`B<Bë'Eu™©´S)2" ¦~…rAHtžë§òÔˆRÀb§£AíK’»UÆÎ�êPüß¡<#-¯¢ø_uä{̽ü
ì@ôO;˜ˈ~îzxoeïŠÊ¬Èra†(èP„Ikæ/¤²Z@Ç0ZDk[H52(wrëd۔禼4ê3²ª�*iij44Û
-:z¶í«k29ºLÎà9º7E ·üV‹¼ëN
oÛJqûõöŽE^3ƒõQ’d	¸a³a�¥ 	JçÌ–Dx‡)·ÉSéu¨Ÿô þ­Ž`�F§# 'ÓèÎ?¯·xµ²ãÔöü�{×£ìÄð¼É
-rL¡„Ü�mËò§˜YÑÑ0	þP‚yEÄ�“EÊ%œg-P¦ŒÖ²�–zG½�¨òh÷X²‘§,`F+pZs±fÇGæ0òÅÏ!¾Çív²ú]×�‡u( º™’€e�$]*+=0aÛÑÊ⇒Û¶”a(|ÝàB >ì;àï
-endobj
-489 0 obj<</Type/Page/Parent 458 0 R/Contents 490 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-490 0 obj<</Filter/FlateDecode/Length 823       >>stream
-x
…U]OÛ@|ϯØÇ 7NBA
ŠD+UuÛ—Hèì;'G�»Ôw&Í¿ïì�Ç
Uˆ|Øç™Ý™ÙÍŸAJcü¥”Mh:§r;'c:˦x�-2¼Nðß(ªÂ�Ù<Mïݘž�“yÿÆe>øt}NiFy’ù"¥\ÆcÊËáWµ§ëÖ”^[ãNò‡xx�¦˜Ë¡,Ö^ýõ«áê$ž™Q
-M€,‡ùF;ª: Ú5ÚxGR횶Ê9±VÄä-ù�êîTºV´
-#ig�ÓE}àîàj»^�Уáte›­ðT´U¥š„ò�â*À�N“	³?·N9ô(-
-€‹fÝn•ñTkçé¡ÅK­«X`Åý�mhÉu¦ü-€“6»Ö
-}(‰(KtPë´Ysa½*]ˆ¸ÇšN‰ûÃiC;áЀ;ºÝ¥M趢ƒmA hyuùãæîç]¨‘/îu]£ [ ±C�9Щ
-+d«ðù(|¬÷…‡I4©x2:Mð1½‘Íÿ|†2lâ±C|�;ûFû þk×7JH6ísx‡9ȱ±ž;)Èñ�˵³½6ñbÄd:vø*l#«íΠ:•ŠAltÞ5Eìèe[" rµ~'ô]1º¢Òn93¶÷
-x�jÚZ4£Meƒ <ó(ãmHópÚ8Õ\´5#ÁÏl¨*HݨÒׄ <ŒH*1!£�Š‹å2dõCßMW<ýþàB9AίËgWµ‰cš”¡&çÑm4>
-šu`ÑÞž‡Æx]“ö=E•)mk¼j¸£öµ6*¡_<-ŒÚ]¡r#Qâ›\á	yYÃJà‹?ÏO½Y0]¾zÄÏ3ÿÔñÓ¤°hY!a½Á(»w˜N&25ì—È
-”³h–=†j­�á�AT¢Ü ¦¿,z3ÊòE~�Ü“2®�jw˜�ä/
•9±$õ–é~£AVÖJ”¹ëi¯ñˆ„U±è6yš-’ùù9MgYÜùß/¾\^`5>ªÚîØŸ›VËÐÅèxv”�Ïyk¼ù™e³$›/ðó€»é„™®òÁ·Á?‹�0µendstream
-endobj
-491 0 obj<</Type/Page/Parent 458 0 R/Contents 492 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>/Annots 251 0 R>>endobj
-492 0 obj<</Filter/FlateDecode/Length 1882      >>stream
-x
}WÛrã6}÷WteV³eS–íø2o3^;ë‡Ä³–6•Ýr•"A1p
-®lÙ·(�6JëQì
2îÁî5AµÜä}Z‹´‘ÇÆ(�ãºK9@"ÐPŽT‹~%(RK
…þn+�Hò[üP?*aV’¼V«&hT¶f â4%Ñ~må솄G;8SOZ
-g°ƒXÚ>�]ú²wãÇrü"x „ˆ=f‹4
-Ê_;QÑLŽ\ûÍŽË;|vA?pƒ§Ih:Åro�5DÎý€èN›pYÈu|l܃5r»u¬Ë)SêÃ�‡uƒ˜À·VFÒÜ?ÏÒÓáj˜ö�¸6~
S
-
iGPX¶p´oˆä‹fWVœÛéã%rîÀºîö¹gä’§äÇÃÙ{×h¢à�]IÃg{ôn?´â��’6Ø�Š¿‹fo
£Ä¿Ëîºøqo­ç)Áéãíð]p6»Ã󳫋ÔÔt_Ý\7×·É7g—ñaqòï“ÿT.Fendstream
-endobj
-493 0 obj<</Type/Page/Parent 458 0 R/Contents 494 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-494 0 obj<</Filter/FlateDecode/Length 1702      >>stream
-x
mWasÚ8ýž_±ßš¦à
-y<ì$þóøÅgQ,}ýõ]fñ’äLÝ7çꞃ¾
-:BÓÄZòu³ÅìõþûOhmeiiÖèK™ª•Âõ,½>·ìÈÄöcÔš+“nȦ
.Od[aÂ!dÈ–u0¾v)ÐH­p¦aKËIhÂiÒýi¤é¹H–§è£¯aš=½ÎæóŸ¿,ÀW¥à·Š»«÷=>³'ŸÛJ£N$ßDÍ[%¨Ì–¯k’$y¹„Ã@æ'íäp€æ@“½?ƒSM:SJƒÐð¶[MCѺš4—é†�Ä»ƒ¶Ù“Xe@	æš-{$ôNì={]|_~m^�uDƒZ‰TFÊtØÙ¨K[ˆú-¨ÔÕz}Øÿ6é»sIŒ�¾„•…9�«ËÚß 3(jÕü
ãG_J뽂Š�±"«Fƒn &üoD0ÖBÓè…4ÁÓ5]ÁH@‘1·çŸ>u>»®ir…Ít@ß×µ´:çX…8�"ʳ±µò›ßݱ÷˜L¸¬GÞ¬fUmaQ̨Tš]0³QôÌ­2�
-g¤::;~PFGÁ-)¬
-bû�B�ýúÖ*¦†³e¸'ùVj°ƒ}9Òâ�wÔ¦Ã�Á•NÃ{Žr@Q7JÈ„
hƒÉ™:ŒA©úJàù$܆c¡-ѱR®ÐÌ>prM4 x;ÜáÞÕ@d‚D6ï£ÿA�¥J7PcU„èÁ¾í×Ò !ž8Œž¬
-4�9mªb‰0à°|«WÌê­:ꣃ^ë<êµ)ŸÃåÝ,opa%5W Çh°OKlcìNK>Þê

 *�¦–JòÄDŽõ†ä­(�»Ã—
>'ÈÔC5âöæÞ]Ç·5É`ËÁdG" ¼$jÄ]Ñ“¶Ð;NÇ0žú5}x–ÆÙrtåÄdéÅ}�ï, �€Ÿ˜;vmùÒ«µ
ãQ€g§Œ`Gðb.@
üf—*-n'aˆGÉÒmfjú¾ÀSC‹^ã5ë`1!Š�
Ž…s¼_uÜ´rôn×¹%·L|0Ül )'WXD÷‡FîXmÐûNiÍ×#b;ãþIÍ%cÉ˲ø· a¹aQgè/VÉßïPr׌TlÉðù3·¶WÁ3°'tÛO
-øR§¸ÆñG‡…¦?¼ÃêÞoj^ÀÈ<¶£¸›Ç%6®qž¡�P(Lúx¤GKБ
-endobj
-495 0 obj<</Type/Page/Parent 458 0 R/Contents 496 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-496 0 obj<</Filter/FlateDecode/Length 1889      >>stream
-x
}WÛnÛF}÷Wüäm]l)}kœ5Ð&h-?0`,É¥¸5¹ËpIËúûž™åÍrZ4E"r9—sÎ\öÇÉœ.ñßœÖZ^SRž\F—tµü­hµYãßü_kÊN>oO.n?Ñâ’¶>¹^oh›Ž_âIrv¯ÊXÑ�mtmUá?lÿ‘ãóu8>[®¢>8»ÉU­œ¢ß”McwáèŠæóîèb]óÑmn<y�4ÆYJµOjkOÉ`Áë†òÎ
-KÃ9)O¦¬
-]jD“/h‰TpšTì^4{½¤Ùâ™Â×�¥&×T)ß30œÒ‹®¤ÒYî’ÿpÑ}¢¤GM^»v—»¶[‰K5íñ†l[j¼BèªÐÀó|
-™&?ò>I4QÄò¯§4À¸ÓVת
-™}{øýwOú5ÑUCj¬4VqæœÙl~-7+t"T¯ê²
�†Ò£±¦õ,6l¹¬ð9ÊE”F7='çä]Ç»÷�²M÷ŽÅ?ƒ°nð-'ÉÏf ú°(b¨Â,ë­yQžö†ú�×vâZxGfüžÌ}Ž¯®¥¶¤\*pî~¨ÁOÓ‘lc
4NÙú/tµÙ
Ù¢ûäºÉÿ£«Q䙸ºF³.”»]¶+iö]wBÀÀ³0ŒƒàÈ-sOè[F*€,„¦Áålq56Ê[$¨_wöszØÞÎ6,f®´|´õÒAB“ŠSÞ Á‘= ë¥*Ã'¬ê‡›ûân.k/°:›4g÷qEð€
©(ˆN«¶E[Y›o"ž�g‹‘¶ùR†ßÀZ(G—Ö@••~·Yèé@‚‚¡‘†0YK{S#c€Áô‹¡‰RBß$…7
-9³äŽ�
Œ€ÈÖ¦ºæ^‚R€/ù(„-j•O»4x’{é(Sí�H5
-ÓIQÌU^9ÀÒËÃc^B»òŒ«ˆÃ„ËZÁØÇ�û?>cÆ'ÏX”úõ`POza戻ѯ”h’ëäYŒe…Â2’
—Ò¾  Þ80miq×CHuè×8!’î >ÁªðŒA¡dDOØSL­ìál¨jdq½"Éz%¡†ðíãgÿ
)ð>=+
%`8ôˆþvíQ®%6$l«Žë"	
-ëGf E¸ÝaµaÂ
-endobj
-497 0 obj<</Type/Page/Parent 458 0 R/Contents 498 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-498 0 obj<</Filter/FlateDecode/Length 639       >>stream
-x
µU_oÚ0çSœú2*5nœ„$<ÒuÝ&­ê6²=ñb’ñ³Z¾ýÎ…"A“­tLBä»óï_â_=>}8$
„1ä‹žÏ|ˆ“˜¥	ýè«ÊÍ‚Ïé¶ea,n[ˆÒ¨}TXÚÖ::‚aGG&,jÅ“a;\øípãà9Ú«¬wy
ç�•N¤8M +€„ò}Èò¾˜ÏaU(•[Y+VüDh”|
-¦k‹µ.P³jSÿ„Ó§Ž„8RuVI±A�&×rŠ²BXlXJ…ÅÁ@Y…fW$(�¡*|°¨Œ\á|í:Üœ±XL…@Ûò�$¤móº@¶#A¸K¢æ…|Cáí÷ѧIÚ”ËÚLÎ[À»m£� ´‡£
-ÂB]–-PÜK[9š²Dí. EÒ9s„òJh‘[’§Èç£�¬Ä¼A‚
 Æ>º¹^:û·¤²8û‚ñޜߩ?B
-Ö+ýv0~½
-endobj
-499 0 obj<</Type/Page/Parent 458 0 R/Contents 500 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-500 0 obj<</Filter/FlateDecode/Length 955       >>stream
-x
µVMsÛ6½ûWìä${LFüI¹'¹mZÏÄ©k©=i¦’ „–UŒãß@´¥Hò$ד 
ì¾}ûvÁÏãPR”PÑœ�ý1%qâ‡g)Æ!þ§ÊNLð*;:NýøØDœ0pÄT4=±#Š�îÈ2ûÃE­ð
-›	èAèµ�æp#ÝZ£ðÜsÂÕwîŸ1{Q
-7ýÁ‹bWkgŸè–If*xΚœÑìîæHcðCÄb-:êx¡E+©ä]¡DÎ�º«^Ú×Iî¨jØ?œíz¸¿û‘
-V×>YKBV­j˜µ¶f%åœKã{‡ú6×L˜¦“?ÿÂ!…\Ù
-rh‹¶„‰Ü ¨v]™n�P¨l‹¾áR[/>ÝhÓÖúº$Ùj8üÊ]Ñ¢.K›lìŠ×�hŵ`yÍ·ùÓÔpˆ^…ÜxáÄÏp7&®¿ØF,G舴Q…Ô—¦9Rù<lv^7Û÷œ	ÆmÿŠ5St±aŠ5—äJ¦Ù0¾P{SÊL.ÏØO�7 L-Ú!ƒC®Ù,yeùE³.j� ý²ÔwH,Úûüöš´b²c.ë¨
)«xÓj�¿§+áÎàçš«n2ì›Òf#±‹ˆáÜC‰Um]·Ý•Ù„ÃܧVKߕ͵웚E;Í5 b°c'ç+Ô™pŒ
GÎÁrødžñøTÜ6
'mZ!“ãÖÂCk.ÃÎ\þˆ¦oèe¨kQ¬Qæ´š#ƒ—{¸£#žv€¿àÉðM>âC–Ñ+äzÓšc^
‡øÓÐ@2=9´f 1fž2“šqÊÿÊÐ3D냀F-0m@[üú�a'#NÓ�¸Õµ•Ôõ©CðþC¶ýP
-&‘ŸL§”¤¸'#«ùìözF?ñϼn7°G¿ôè"ÎLšÙÕ^:FßÀÒS_bqûi‚oC«ÓÔlþyqöûÙ›Þ>	endstream
-endobj
-501 0 obj<</Type/Page/Parent 458 0 R/Contents 502 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-502 0 obj<</Filter/FlateDecode/Length 1568      >>stream
-x
•WÛnÛF}÷WüR°IVtÉ›Ò6…�$Hc¡EÁ’\Z›�»*—´¢|}Ïì…¢ÕmÄ ¤½œ9sæÌð¯‹	�ñoB‹)ÝÎ)«.ÆɘnW+ü�-ø;ÅÿZRáàoß¿Þ\¼x3£É„6Ÿ1_.h“Î�i“]e¢,?‰�z¸z¸¦ªµ
å_™L4’š­²TÉÊÔ‡äzóùbL£Ém2Å
Wu.ñŠíŒÒ�¬©1½û­Ê¶´WeI©$+þÙ­ä‡f+
ºik-sâsÚà+†‚ƒLáž"¨Á½ÿq„H#ÆeB¼{4}I£ÛU2gܸÈJàŒQìD-*	ø–<äƒiÉ´�[ØJ�ß�Òn©©sûTMb·“ج3tgQ
-ú¾¼â«Aøh:Of|óZS«­zä 'sJUƒ��|Ä©ëw¤Û*•uB
-2x–Tw
à·8)ô²ì$‰jŠ•Ó]†:ίn�7Eù¯5ãÜë6F×åŠkïæùŒ1WO’†í…3°tyï²sIB3÷Îð¤tV¶y”ÏeûV>Éò²²‹)Æ0;†9}¦Ž<Y�êI�¨o®<ÓCƒo`,œÁ´-
-gÏjQ!Po-3‰}¼bdäõS‹Ÿrš"›Ð‡ZÚ¶)„à,3Ô/’ÅZH”©­ò:ÓM¨/énáàNvÌA¹ó
-®×HÃË#3ÿEZ¶M;QE³ën?jŠî
-H�NWC3åáÆ…6Äé}�˯ o²6TJýØl¿ËãÜ£Z1e&wÊJ…âO2å^¬ë
-‘sp£ž{ñÅVã~í5Öó½BäŸ1?°‰×jdYzL¢2-¾
plô¡®Æ|iùö‡ìø#£«3ŒÆA	¹8BÕDàôZXÅÞæäËçå(ÕÎ
-l#ê&úÂ)†³ª	³Þ(zyC�‡„[Ðr�v´x6@˜€¦°	¢
¸Û´©Ñ?°²¨MÅkÑ%�$qâ “r~�›dm
¯bÔ»Fˆ3U0¹®£CôúÑËi²tc	¤Á¹	îè‡þ$KɹìrÔÙ_ÏG"gF\=ŠÒòœg­JK6?�9ÊÍ�â0ÊÌ]ª‚-—<^ìݺ;z(¾ÐéN¬äwfød”õÛíM¨;?|BŒ²Žý±?s(×)Ð�-vp¶÷²	5„H¹qâAÎyüV7W08i&%äpR{¨¬çºóz½ôC�·ˆ›ñÃõ¥Ë{LÙe¬D�çG�¡
-í(žƒþrzÊ”O‰i‰g�/B¥sÔwƽOz#†¥A`ƒ’‰ié{+íq»³`ˆ˜ŸÓV�.Œ€LžÔ”cÃA×u’¯æ`ƒ»SYÌ@X|Ž�³PN¬°“ìéÒ£€zoÜ{„ÊÙê|ɽf€Ûh@ÿ̽ºtsT¡¾~ʶ¢þ´kj÷J…ªíz[&4çËÅŽÀ|iìÚs6@”NÝÏ÷ÕOܳyŸ!ïx•Û"
®Æ¶nÜBÛ4^k!ëaÄ|:Î8m
-endobj
-503 0 obj<</Type/Page/Parent 458 0 R/Contents 504 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-504 0 obj<</Filter/FlateDecode/Length 546       >>stream
-x
•TMo›@½ó+æè ,Æ|äbÙNSEr#U¡ê%—³Þuw—¸É¯ï,¶œPT)2ÚµgÞ{óñüÛcÒà �`ž@µ÷ „8‹ƒˆÞ)�#úh„Æ[Þõ],…¢¡”$cPÔ@áaE5Û¨¡j¹æ•E
–—^¿('F¡.Ç�Ò ¡¬ÙµåBBÍ-cu_Ù^£
NL5šJ‹k(_`�\P
¬7÷÷¯.VÈ��JI@g:¾'6
- l;H b6§‚ˆøŸà§�êö£$ˆÝï?�ƒ}9 q[„NXÛ¡�²\B/�ØIÒ%¤Åj—ëSiT~=c
¸;]/\„U©^Z§ßôå»:�­¨ZhTשã&šÂÜL£zýiIó)Öš°†ÊžfGa[P+”äÝY'þ9Ð•È
XÍEç<´j±Ö<]�äÆSŠ×‘\Õ4-XEß>üØn�vc/$·Äqšåo1Åëþƒ'•ôOÐZ8·J#¬dŠU�ñMÒ°}çNœõé¤S
å6„< È9´Øng®²oÔËår$4›bl¡C¹£
‘Gܼ|+Ÿbµ û}Irh/XB6Jï¹›>ðg´³ëEX,Î[žð®ï²³‰Ù"XžCÄ¿<®¾­Wp‹ÏØ©j_{Q¦óYš	Eúi˜žùôí"Nã M²3aîZó¥ð¾{
lÝ^Nendstream
-endobj
-505 0 obj<</Type/Page/Parent 458 0 R/Contents 506 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-506 0 obj<</Filter/FlateDecode/Length 1286      >>stream
-x
�VMoã6½çWЃm`¥ø+¶³Åvƒ] ‡5ÐCu¡eÚf#‘^‘Nâýõûf(YþÚ´	âØ9óæÍ›G~»P¿ši4¡¼¼é§}Ý�Ó!�gS¼â¯Ò´’ÃQÿÚƒÙŒúióR­ñ¡O³ûô¾	1NïÚ£I:­Fx+Á¿Ì9> ^æöñž†}š¯€p2�Ñ|)ÏñMÞ�o4ùr‘æήhe
-Ý›ÿ{ÃÓ¸!q
óe÷I¿™\ôÙªbï��Ç4Ô‡Ót¿(Ï‹ý
-ˆÎAÉxÚV.×Þë%9KŠ
-c5-öõlñ)
ªP\‰ÛUö[íÉ­d�G0äa¥s·¶æ;B!
-ô[^ì¼yÑhUT�kà÷0ߘu˜
®RG…
-\
-ÇMFÕ�t¤*Ÿ+k‘lå*~r,¡„ö-ˆ‘ÉxO"	µ^n¸ÒÛã
/ªØ�¥¨[tN–�£„J£ˆƒ{Ös¨dƒ“é”Áˆ½t"œ¬[à
¾.yZÒs¨Ê)bàœq´4/fÉU®DR
-D§¡·BÔý‘:Ÿ:¢iñ"›S2Ä™ü�+Ó·¢¿³ÇÉnO‡‡°]À6iAúKRžàAt�ž‡AžÙ–ËLgݬG«��”u½Ö”³²îè!ëá!¦·�[Ån¬~áRñ e™Å(±£QóàD¨LÐBçj‡™@ ̳2Q”¤Á/,�»ÆQ…£c­qÄsqkS:¢U‘ÔEðKŽÓN?Gç=µ“+6ÖšÛÝjDÔJ¥Ú7IÆbxà³ÇySúæ[Ï$ö<æÏûÁú™jrWn1“|4@•0EtgF¬áÀê
rcóGƒÒxù×41À!y[†è—ÅòÌ]}ÑÕBS
-L!,¶›Ý„媪ŒZkè'ì*{Ž½±6»^¡ëDyØ-‡-¶Ò¥{ÑË‹ŽÜµ©á	ÎÒgæC¥ŒÌÁ™€]G‹c{ÒŽå!‡œPµ‘¶S&.qmΞ 6zÀÁgìt8©ôʸ=9€ó§§Í©JX·^T²Ð�|€¤y óÊy|
ß7[´7®‚1ðÔŠ_à ò…ò›Ÿ±IÎ2>¦ä¬!6ˆ¹¥ÑàŦi!G;ƒƒÄÚSY‚Û4Œ­ÇMáhɺÖÙ¤¥3|P`«ã³òaÐ
-N‘Ñ(:”$·!{Õ?Þê“ðÕ`nÀ{ð:Þ¡8¿³¹
-Ϊ
-endobj
-507 0 obj<</Type/Page/Parent 458 0 R/Contents 508 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-508 0 obj<</Filter/FlateDecode/Length 1074      >>stream
-x
µV[oâF~çWœ7’¼¾€
ÛM¤¤MªJÙ¬VK+UK3€ÛC=&l¶êßïÌxd7©*(ÆñœËw¾sóß�€||JBŠbJ‹Žïù‡‘7 Á(Á}ˆ¿JÒ£í.Õÿø4‡^ЈFC/r²>
’À7'Aä%»“h̆­ùC�hÀ‚öäP'ŒcoØœ„Ü6˜
-øÑMVòÁ螨28y4‚RË2û
-›"AÎØ\Ãy!áÝúñXùÍÕ˜ å$ö£`øÏûÀ?n²êN[…]Öû!gÝ%n³*¿ˆb�Ë·Vç1{€õ(¤>:g„_(Ró1À¨8:¥Ê{‘o�xS4�ºXÑ‹Nù‡9rá
÷M´|ß�I(€
³Tdóy.­r¦é¤Tõ	Ò T 1{iB)¦b£%e5At‘Uºf‡©¨U)ê&5h²‡êÖ›œužçæ5œ8þþCÄšIþºÕU¹R;(‘ÿ-ÀO­Ë§³)œÌ+²ˆ`�UHýBõ½–á@†k¸~=žh½¶	WRÌ›îë™ÊHs¥yÍ0îd�1Ó½íN�9!(%�Aš+�гE†ªbÙv†ôLSóüDIÕ<&øžç•ë7
-55“ÆV ‹¼P})>·ØÉöç--E5KùㆴœZQô²é`[çO7ï†
-̠Þo		 ÜPã‰që‚Ý™ÝÀQ‡�µÀ’°“K˜'šÿÓ¦ø—C¤ˆaâÅ|̳AG³.fR´@ãc` _vü½TvDïXçÌEÿoOO‰þ¡wM`gô/]~¸ú.²Ý¹S6Šî1Ùú:cK†‚vÖÃà“ÆZ-‹¢û¹K7çï/	•ø½Îc³VÇÊŸvé�óëß/éæú�HG7Ølè¾:KEž?p€¼BŠ’—³¨Y/d}·CEKp�Þ¡ÍšðUVŠ0«
-lOW Øμ7aÌ5:g†]Y2•è¬­¤»Rn�—é±$}¼¾àue~xd!�š7š`yñxLq2òÃÈ”Èùû‹súEÞË\­yƒÿºA²Z?€K÷‹®YüOìÏA2ð’o”,¬9é|ì|ó,þendstream
-endobj
-509 0 obj<</Type/Page/Parent 458 0 R/Contents 510 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-510 0 obj<</Filter/FlateDecode/Length 562       >>stream
-x
mSÁRÛ0¼ç+öF`ˆ°c‡CÉz
f:¸œrQd9QkKÁ’¡é×÷=% �Lflé½Ý}ûÖO£	ýR”¦T7JD‚"›Šù¬¤çŒþ½F/./S1û|±¨F79ÒUà ŬDUƒ€’•Ïáµ
-ÆY�NÖî�|;ßh:íѸ¶u/ºÆj‡?ºwp=:Gä[ÙËN*i�Õ^œV?Gâ#øzœ	ð;½NÒ©ÈøèÈx@&bSkLcöðÒÂmµ5v�U/Õ/ m
¢èŒ•a_6ªuþ]•@µÑL—Ù´å"j¹Ÿß]y<¸ÿ0ú›äW‰Ó£ê¬ ³£ê�s²]µy&á5Œ
Ž‹,Tâq~ûã:ÊÁYczΠŸÙ›5
g#;ÛE7hÿI7Ë‹€MïºXþ3>²‚�–HXýQÕ†@ïd9¾¿Åœ,—ödyúϤù~Ò‹›+¤4gƒIv‰Iž‹"½rCØ/ØÅ
-�Y"�3ŽÒ˜<ç’¸
-WÎ6f�Æ´šUJ¬LÀ`Ϙ;7@Rt^y×êßçØI¥Î©Ò;{”ÀÂ…
ßEmÒÊvçÍgŸ–c¯¤å¬,OcJ^¥0þV÷�ë»}`âþh�GÙšdQEë(Ü5ž�‘´+J¹JŠèœ:*ß�=;|Bi9Å»uÆÃün1ÇWý¬[
-mïñm PpÓäµvR&Wÿ·3/sQ³Ã·’q×u5ú>ú
%2âendstream
-endobj
-511 0 obj<</Type/Page/Parent 458 0 R/Contents 512 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-512 0 obj<</Filter/FlateDecode/Length 1691      >>stream
-x
}WÛnÛF|÷W(ê
-ãq
-¶®®oä¡Ø9Å“âøO›Þ}¼»׊‘Ï­{–|¨ËW_ôÚÙõpíõÅåü�?¶)ø²/’óípèRÎÎÆCç×ó+zX¹(ø1W>$)}Ñ7¶M’VÙX·°Q¢o¬ø
-�-ŽÇ�ôDáÛ*xœ7rÿÇ;qMW[Þ7ô*øé艘Vã<•×gCt+¿‘{Ó,Œ¾ƒµ�K+Zoæò°²[iÌVV¶î¤³6e³òb€_íý“k—‚èhúç׿~zH’
0ÌÂÕ.mçÌÎίæ—
-E’���àR²­$?˜ö=ãƵˆ@é RÒ¼Ê9ð<!ßÖÒuöBÆ¡WŸ£
­ilüîV
ë‚O¾ðµ¬Ÿoë-BŠÑJ?Ú ËÂvi.LÀ{ÂœoEy<Ž}±\~÷÷‡pæãO¿¾|k+­ÿÆ2±4u
k€yÕp8)jJ_Eô0lº$Š7iÖ,¨}<îLH®èk
¸JÏÁyÄBº	åBL²6µ+!òº¤PnÀamÔR-€h‹œn©à…‰¶„D|ß–;o:ãƇdÂÓ\~SÕÈÂ?Sð}]ÍrÌi‚ébk·£Š²dc¿ˆÉ´ ¥@±©Æs&Z!‘5„2É	ùv7ÄMd(i|L`´1­«lÀ.E[W�"EŠƒTø˜?S5³¸Ò*°k[ÏðjÌ¿ñ¥eáÅÌ«¥­L_§I
-<G±ð„©Ár‹$�ÎŒj“ú«€²‡8¶RùP NQ¯ªÖÃXü•¢²ùýO¼«Øk Ùñ6HÓœN�¶ÃcÍï EªŽI ­D—lœ¢ùña@c¤­�¦°DªÌ`WZ°Ís³hcd¿Š6õÝl§üY@¢¥Ç%¨d’L컎劂(
-ßtˆ‘úÍ‚Ó6–#€“6çð=Aô½âÙGÞÒ(R°ˆyh0ALü¢•ŠúvšË×þ²²
-4¹Ó�ãPfý„Æ
º)ÉØ;SCÄIöÏr
-tâ0ìR.^™T…‘>õ°qˆ3ÓFôdä¬Åš9¬ôh·l¼±Áv¾,Wö[ážù�Ы<’kìã1´‚``•‚ÝB”ᱚö
H
&Ü9¸Š-x>P�Ø&÷¯àk’þ$÷
ÝÝN¬Á^ǯ�ÂŒi 6¯_Ú³è|¬àF°¨†4Ƶ3O\÷»D+ãjí
-�N¼ë¾œ¦Ür•”›7·7û´‹Óá;é;_}—×—óë«|*âCîü‚>><ýuôŠ«ã9endstream
-endobj
-513 0 obj<</Type/Page/Parent 458 0 R/Contents 514 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-514 0 obj<</Filter/FlateDecode/Length 1794      >>stream
-x
}W]Oã8}çW\ñ²ÌªZªa(+$>f¡³h$¤•›8�g;c;-ý÷{®�”n†]!Míûqî¹çÞü<Ñ)~F4ÓÙ”²êàtxJÓéþNÎgø;Ư“TÄ/&ã‹áä£/F£épÚÿâjqpr3¡ÑˆœLÏg´È	NOi‘-J	ÿ^®¥šjë½Zj<°º	ÊOÁR(•§ÚY|Q
H™L7¹2+j¼tFT’*Q×x0 ar*¬Ëø[A¾–™*Töiñýà”ŽGgÃ1üí®á$Õ•5Z8ò%BñC>}rsA#ËQŸM�2î}Þo¬Ë}:ñž×ñx†Üqâ^˜-=ß_Q¦•4ÁSS×ÒeÂKøi/ÓRÂ/§lb¡”Õ�n©kIÆ’Ê¥ M¹EÖrKyÊL
-T/ße™\6ub7È�˜Š¦©–po‹”]†b¬¤¨Šà>Š*µ«ç8)´¶›½ Á*v®…V¨'³VÍccê•ÈJTŽ^�¶V.oÑL/Ê<,ÀZfÐë§��õ ¡u°Ì¸í`“&sÛ„Y%Cis.aÎéìµÊ�l�¸²ðm®2@èŒôÒÚ3‰bß«ÌYo‹@Ftè.�–"�êÑ™@‡ùrŸ�‡µLùHþlà
-[Oœyñ3_¶ù³Aèž
-g+€âO6­–t{OðJëȉ„	¨�]Ë ßú€Òö1Fê¨Ô—+öKCbÌÛ8»€5–¬¬#÷aLXÑA(R
-úÃ;^bé>c6%ï¤-k¸C»ðwJÁ/PLŒÈç]¬¬†)ç^q÷Dàä›à
9`Ë
-endobj
-515 0 obj<</Type/Page/Parent 458 0 R/Contents 516 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-516 0 obj<</Filter/FlateDecode/Length 1885      >>stream
-x
}WMsÛ8½çW`|i:»¶óáä²3éGvö�4�¸ÓK.´DYl(R©8Þ_¿ d»JºÓvšP$
<<<€¿Žf4ÅŸ-ætzAYu4�LéâôbrAg—ü<Ç¿FS!Χ—o˜Ÿ½ñáãòèÃÍÍf´,`äârAËœ``:¥evüÝ™*U çIÿjͳ²ÚEü�wZz2UmuÅ‹±4�TµRÔH›XꆬϞ¨0++tNÞa+¼•%ã|®I¹üýòçєƳÓÉ×VeØk)
-ºV�Š:]•›FgÑ7[ò
,Uƒ�•®xiç�ê„¡�ØK�Ke¶­Âö
»™w¡­àkÝøL‡`Üšw‰·À8ø¶Áò‰Dð¦Ùȳ
-Ñnq“.4ûÈ÷`9¶�!¯¶”ëBµ6R�Ðàjж!ê
-‡J)´uí›H&Nø쇛+š!_œ¸ñéÙäŒ�[6ªÎ=ÎÿçsH»öéÏàv]ÓÃíG
-Iøk™
ü\{€Ý9I¾\oý†Fº¯Ë\Ôètê!&úåÆ�Gz™q¨åÞEÝD_„ÙÖÀ´5(>Ç€Xój&¤pÄ!SzëC¤ûO�Þq¥õí‰÷£ø‘”å‡qwK€�{v©ð–£B
-­	N)¶3Y¬¦~Ö3dÁñö 
-½J
`rwÖ‚Ü6Œzª°îõß6‡³›d4ÈAÑ@iœÞPѺŒû‰²°KÌ6•çÒG
+º5Yãƒ/D¼12™ÒŒ$3²šN"ójo@hÌ…ÙøÍëŽ&<
Lîö
Ý‘~AîØÍ G‚5ß”©Z­\çÂíN÷Í�Ųã6§fwV!
-íj¼/ˆÇcÜ…êËï<H5�‘çùï�ƒ�'É‹Ï>܃©ñÛu.®ÌÞé�åWÅÌyìÞµµŒ!ü©(2™ú†¯™Ê¦üÉJå0Ú2ö¨
-endobj
-517 0 obj<</Type/Page/Parent 458 0 R/Contents 518 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-518 0 obj<</Filter/FlateDecode/Length 707       >>stream
-x
eT]oÚ@|çW¬xi"‚á1_TH!UWíC^Îö:¾r¾sïÎ þ}çŒ�TTdöövggfýgÓŸ˜’Ý,(¯GÓhJ·q-i¾Lð<Ã×2•£ûtt½žSSZâÊb™PZÒ§SJó_1�½iHñžÕ˜ÊVç^í"ÚxrmÓë­Ž´¤·g¨öí’LIáîëöÞ[¡R³É?—Ÿö¬é%¥Â°Ó_>*]¦¿GSšÄ7Ñ0B÷š„RQŸ-¢yˆ¿Š:”·Ö²öèü�£mÈ›®ñÅŸ·$ž�©±Æ›Ü¨+:T2¯Hº.ÇhÆ—Œ:eGú)õê–„.Îp þ’ÞD·=·ùN¢£¯Pc({"‡*áHÐ8�Ȥ’^²a’UÑ·u
ç
7üo¶“"üž5Ô|˜”B¿+à2MGx‡Ø±Ý³
óÚ#JŒŠUƒ�ÕbÇ]š¬Å5¸áêI‹ÿñÖm^�õeá$ÛsºÓŠá
-úŠ0w†út�¾êúAeê†Ë»†
-endobj
-519 0 obj<</Type/Page/Parent 458 0 R/Contents 520 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F5 6 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-520 0 obj<</Filter/FlateDecode/Length 1575      >>stream
-x
�WÛnÛF}÷WLý+€ÄH²l)
 iÀ@§µš¢€_–ä’Ú˜Üew—–õ÷=³\êBÇ}h.–LíÎœ™9sfôÏÙŒ¦ø;£åœ.¯)«Ï¦ÉjE‡¶Ä/Sš¿�&KZ¬–x?»Ä[+©8û°Æñ)ìàø›Ooi>¥u
»×Ë­óð9žd£µ™Ò%9Q§‚ÜÎyYS&ªÊ½^?{óiA³Yws2_%sÜ­7ÊQ¡*I¹t™U©t´1[ò†rC'FÈü$£é.ØÇ‘­±dZOÛ�ð¤¼Ã%°µF—	ã°¯�§ÂX1¥	®ýA
-¥=™‚6RX?¦¶TA;Ó’@¬9ÛóŒçõþ“ÆšT¤ÕŽa7Ò
-/“h~~�,8²_2ß"ô]€Å„£Täüžù¿HÍ£¤Z< håÉ™VçcúÞ:�8ô…'ùÔÈ̇³ˆ²
8�Jz”vG�•ÞïèÝäþõÀõíö:œn�ÒÒ¹„n5’Wc©*Iä�B{QÂ7ž¶Z=ÅŠ
CDB�qG™A…2SKÚ*¿Ùf˜ÒP¡Ö«J
Y°�{fëBÞ€½6Zycƒµc~ijˆÉ”VÔŒ
-GTþ  ¹LÛ²äÏ„Fž+gPÖªq`*çí.”ò„5;$½–(/.Á§ViLWé.ÿ	ý
>dxÖ:9ˆ8ÁÔdœæ£Ð°ŒÚ)²Ö¨Jx暆_Ü�+k�áÈ’¤>…ÀÄý#sÊUQH+ÁÖ€EÓGϺˡÈôYéö¨–hŠhÂ…ê}÷mð§Îò]«oïhÈ�w§)~þí�9¿C£F_t?R:«ÚÐ ÎTÂ*wÿúÔ@˼ëÔHÉ wî>î�qïF¿'0ûvâÊ¢5ºjq‹:äºBj׎{Ÿq?ijÀkfóÎ’FòÑh1Ãì¦Ó›Ð
ˆ�;¹rÀr‰R	�Þ\àŠp®ÿ��v	厎ï
-ÁFþ13¸ÿ˜\
aKÔJ#Óäò¤úQÝiîÕ§SdN6ÛB.ÛÊ'ô�EÂ摦�h©¡”ˆúkûæ?a*ŨJé©2
-ÛÍÎ(ô6<O�êÃJÃDу‹ØŸ��­ÖìÛÕ)ÔNHLQž‹ÃnÅŽnÈKP4‰¶Y’LTÎÊ`:BmLMõŽþÇx4ý•O°Ÿn¯rÒ¢a <5Ù
-Ü:Q‰–t> îv£²
w
ÔÑÍÇŽ
Y¥xZÁ?8 ²Mˆ*Z…bZŒ7ÐîH1ièëÍÇÓR�hg­ƒŒþˆnÁê
*p¼D(Û¯QÎcÚÙžX!�ùQ÷‚ƒneaÆÔÆlÄ~×:Q�J"¯‰7uS1pž¹

-¦%2Ò·P,¡½ÜÅ*O
-BÀ—+ìéï_ÅÒ'�¸Óø�î
\¿ˆýOGŽhþþÕìEo_Œï6ÖóIq—˜ÃfÆÝa¢í'JØÿÝ8ncÇk`˜…a-½ÅÜËZËÛÍ �±ºÝbÎÃ1Û¨*ÇAnTè
ƒjÍË9þ•ÐœðõÓa+i,¶{n˜�XÖ¼b€Ð9¥¼œJ–Q^ÿcíϾSÉW»¯]fV‡ï/WWÉååUøóŸ_zËE²¼ÆW.>:_²�ßÖg¿Ÿý�\eœendstream
-endobj
-521 0 obj<</Type/Page/Parent 458 0 R/Contents 522 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-522 0 obj<</Filter/FlateDecode/Length 841       >>stream
-x
�U]oã6|÷¯XäÉ
bÙRü¡(Šä.9h›61p(š¢`¤ŭ"U’ŠëßYÊJR¿ô`@_\îÎÌÎÒ�ršá—Óª ó%UÍh–•%½_ü3^f´ÈYNór…çbž-È3m;Ãî·Ë!v¾\fC,âSèÕz4½™SžÓzƒ‚ËrEë:í�ѺßÙŠiï:RˆV1ªjËuú·l©R–jG»­ŠüÊžt$ÈYÂ*UF³�xTék¥º í3µÞ=n)ÛgÚicN×�f4ÉϳõÇ•jc'�I©Â>DnPΘÐ'ÍSM�zá�öËl.{mÝN`	nm#ûÖ³à`P�‰áú–=²íé–+_m±î]÷,w&×Ŷ‹´qžBô@}¨zK/¹1©¶ÅÆ#à;QE2XÒVÂlÈè¹øÕ´†ÏHoPW5X}I¢ë 	ÒÆ-µì‚v6	©h£±tK;×™zÀ
-`G…“ÊȪ†Á;Á
-endobj
-523 0 obj<</Type/Page/Parent 458 0 R/Contents 524 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>/Annots 264 0 R>>endobj
-524 0 obj<</Filter/FlateDecode/Length 1642      >>stream
-x
�WmOãFþίõË�Dì8�„BÇÁ5*Ç¥$ÕõªHÕÚÞ$[ì]ßî:�/ýí}fíä \_@¼Ø;;/ÏÌ<3ùz�Pß	
{ÔPVt£.Þì~Ý8HNO¢.
º=ü.!•Dƒö© )ËSÿ4‰z|6EýöiwÖ;‰Îp–Ïp¯žø,ö¢!õFgÑ	N{ÝntÚ>ñéógœžœBª‘Ýêíá>ûÓžðÍð´;ƒü Ødïøö€øìÝì ¾Á͈z0<£Y‚Å›ìðnFïM)”¦ûÉÕw4û3ˆ'ÃF¼Ó?A”³üp¬½5y�yet#tBIÒ
-õ†0¡ÙJ9ÊMV—R{ÊŒöPìHé…±¥à«ä
UÖ¬U.Ih‚õGcœo•_Qa–ðÆI»V™tÇÄ/Míɯ$i)s‚2Üe'ºÔIú�ÐÄW¤�hì	n°¸[–á�cËfA+ï«·qŒp‹•q>ÊÒ$ÊLÿU<dEœ©…Ó>hDþɇ¬)
-M7t[?Ȩ5Û 9‹'ï
-HªŒs*-$éd!3Opt�ƒ—"g/DˆyiM]Ñü±²«/‘xãhv5‰Çèñ^饛!æ|/h±ðÒ†ë&-ÔRxc7dejœ÷›Jz˜«�Œ¥<¦J8ÀóãWþA9¹:ânQņӀÛ@Þ"¾}ËUee¦„ç4nh�¼¤"{ à¼1µ%ùTI«¤†¾�@8‰œ ólà˜C	÷
-ÞdÆB!—ˆkNó\…§=À6¨ÚVÙ~BfÀ²‚'Ò£¥Ë¬J‘½•´’2²$…Sˆ/‡k®&kJ¤!x!¸˜Šç)€¸µ† óÆ䀉˜í9t'}it$ŸdD_L�h‹¢©S¸
-äCzžÕ`#�·Âz"[
¡
-çzvûéç»c*œ°UÐsvíÖͬÐN +UIÑËþä^}JpÚtM8—ÉžQ†H
Ö�*W��çíÕBÑ6 Ò^¼¼	Ø­
oš‘·"“¡qµH”åãJe«€ážñB=È�*
ÒÄíd™�ÖŒ”ÿkQ\΄œ°	ÀÚT¸*«B¦Bä-	Þòia@Y¶D²­¶mIqà~f7•7K+*ø½çq%¬çvo»[ÔøG{•ªûN.Ä´„Ò“MI¢5ªÕèMf
-¹2=oXZFfµU~ié÷çj)¨é
-ÅÍœ(SpQ8Aû¡b—18²äаhËýNºD¢«
#ðÒ³·­¹-¶¤ª}Z/‘ѯ‘Í"4D&âéÕýx2›ÆŸ/£ëß®¼ì](��†Ý³óÛ‹�øù§‹ËóÉEoÔ?ý¾âbk†>Zù²Ø»¿;¡;vù
ˆƒüš¹Óp¹Òµ£;4Z*í²ISCP
ïÿuÀ52vgKÕI•ŽË…‹»IÜ@'£Ñ0
E½Œ»ýQò=ÿc(…01�ö£ä’½ ½¾MÔ\"˜žÌÜßFn[ÃW+‰¦~W+«ç|ôb7Ô,5ê�Õp£´†·ƒö¹
ºkɧ-g®•l¥$ó*f;»B,0FÍ#뼿þðÇôwŒ©¥BoèAn8†îS²_¡¾â,h»õ¢¶?ý|ûq>Ÿ~™Î®ñ÷ªÆÄÐþ
-[fôTzµKÃ|*Â
-´ùÛH¤fÝìñÍóÝ«ç�–gG‰â˜.îm©WmÝÞyD„ÍŒZ	p'󹱊7.^4]NÆð»h‚±U„µ�iƒ?-
{³æjCȵå�Mj¬€6ô]3Îs¹
-ŽwP¸Ø­óÃ$"†	�»5õsˆŸ~ÅFFã÷�f�®Çæ퇰†×/õEñÍY[¼�Þ)uúü

f¾M¯Ý
-‚ÃÁYãFoÄ^\Ï~9ø9ý-ñendstream
-endobj
-525 0 obj<</Type/Page/Parent 458 0 R/Contents 526 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-526 0 obj<</Filter/FlateDecode/Length 1735      >>stream
-x
�WMsÛ8½ûWtå²N•ÉèûcæäŒ'S©²ïJS{Xï
"[Æ$È@;š_¿¯AB¢äì¶R‘,@w¿~ýºùŸ«!
ðoHó�g”•Wƒt@Ó埓…|Žðß2mÃYšþèÁx6I——>¯¯>}™ÐpHë­Ü>[Ìi�,´Î®×{&þ®2O%+£ÍîSÎ[m´×•¡jK¯ÊêªqTª�Î(«ŒóÊxG•%6MÉVÉN—~\ÿq•À
-.ͯÇ)ÉoüL†ãt$KbÇr]ˆ­Åá¬Ê™”É©q,vü^ùþ£·=RôVÙXÞl8«JvX-¹Ü°•cŠòªTÚ󃓹çk_ц)g—Y½áœ
-åÙ>Lé‹ÒE4±Á²o¬�míÎlë¢@À/دû. ‚ÊúÖYíI;±Û3«
-Ë*?œ¹(w´NAÍÒ‰€29á4^¦3Y’Ý™=Ô¾ÚYUï�¹Ó@* ÄôÈޮؾ²}RÎÁ³|ÅX–% ¼¡7ìßÃá¦ÈIEõvÀ%LÀ Û+³cÒÈiÝÝ™ÒZ‰?¦d)Ävl$å-2Eev	P-ɱsB˜>¤ô¯¯‚ÕÖ6…
-u
-U|U›ê•Ÿ?ÆÐfé`6sMA·nï
†ìºoÀ¢{Ö;YùÊùµôáqMw�·@�¬
Hht¼åËJ ¾LGþ„2½u³Ô÷ïLþ�ÍàÏ(îïaÓ…>¥@
-yl3Ý7M†qe¸Z
-?z\°ö9-}7öÙÑÉùO«4´úzŠBz-f‰Ê–
-ºíhÑA]œð³‹Ç¤pÙ²Ñÿ úr)¢<²мª¢	}î@nC
½(•Òà;f(LnƒÁ
�Ë`%¯Bôp�¢í|I4T·èŸÜÛR<ºÊßµópAÑãï÷÷qµ‹—â1˜ˆç."
"�(Øìü> Ü3üµÅçGი»Ÿ
f
-"æ…M‰è,š“T!Ã{ÑAãZÉC£QÖªƒõ¹.Z
-ÔB‘”Ûí!äæ�üÉi×`æ"i^(ƒªy¬«åèÝt9L[Åï»
-diÛXà‡.'tÀG*!ß}æü˜7]ÍGóF£4tä–<]ú· ’²Ä`Ñ1¶•ŒÎqpé�‘+:vP’›ƒí9¤fƒ€^ª;áA˜"ƒ'Ô[�ì.íRÞm0ÅX”žF‡U[ÈR½Pî8öuãÑÙ]ÇÜO1ÕIó>ŽÄ‹îÕo8§³å’f£q:¶ƒñíÃç[ºkÕß¼jHPÉp¾»“ù`)×õfèÉ|’Îg‹îEo Û]_ýýê¿ßÆ´¿endstream
-endobj
-527 0 obj<</Type/Page/Parent 458 0 R/Contents 528 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-528 0 obj<</Filter/FlateDecode/Length 515       >>stream
-x
�”Ýn1…ïyŠ¹L#íÖ6[¯é$¡�Ô¤)l{[m¼Ü°?±½UÚ§ïx
UH©‰ÒŸ9ÌãˆÁ…œÁ˜ƒ¬G$%ÀÅ$Í 9þfø5
-VC!ïRq¬ÀOù±eôø	îá/®˜£·ó	ÐŠvŹÀ³EØ!Pȳ«¦¯•)�nû¦øÔ4¨–£öìf¹¸»€�ª¬”
÷«SA—
ý«ãø8Tʶ®Ë¦dÞ£V7à6
-jk:	])”ƒÍ€	þ/a¸ëûB=öʺ÷‡¡›	§ÌßDž9„$ÏË{ŒíðY*Îa'93ÝTqÆìUŒ©|ˆc.ç58;<‰‰àm˜Â]pQ7«6h�L¡ðž«²ÑÍÚ•�Å´m˵m¡oªVâ̧ªÃ®	$l7ȹ6ÖÍM¹Ž÷K
#øT¾†3ÿ¶uåé²H%ÊgàÄøD„qÛÞô[§»­zŠšAcyħÌ[s]©º‹BØ	Ȫ53‰ÆF!Yòµ×q;Äîü~mcÓÃ¥3½t½QÿÛß>__Ây0ôH8­þ­0”^uîã8fp¯�MÃ�}ò}w¹—›Òœ¢y�‡‰ç,±ûÑ\¤|2
ŽOvÇrz3›Â¥ú©¶m§Œ…èÈ°Ô’½6ÉÉį™—Û1˳4ç7)ÇCü¯ŠÑ—Ñ=}Cendstream
-endobj
-529 0 obj<</Type/Page/Parent 458 0 R/Contents 530 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-530 0 obj<</Filter/FlateDecode/Length 676       >>stream
-x
­UQS›@~ϯØGíå
-œ†Ä»^oÀ5 P®Cm·+@HO
ß{_û"}ý6B Ê°¥€=8DÉÑm4½º<Žž0ÉK²\jû˜VG�+ð\Xr­N€‹”'±æâ4ÏþÅ’B¤
-	‡<Å‚Œdž´HÊœ	ÍR“–ðLQ[¿h¸;ÂW4/xö)lâGvRýXÄö±¸çÜÛ5µË
kj³h�y6Ô©_Qÿw:0L`r}õ0ŸN°›´ÈclÐüQZ–‰.%»;®™ÓQ§³ÈsÛš£³ÞúeEª\Zq©W…äš3e$Üjƒ[û¯ß"|Ø�nXJöÌ•ÑK-™ü<Øÿ º ÷ýl),_56Ÿr¯{°`š¢±xÆ™„ó­H¯[³4’¿S…Ð…x@Y�ªj èNæÃCèPª•Y¡ÙèÛç‰öÛ¶VìÏŠIÖïêyôÓŒ‡–8`�…:æ²�f\C²ŠåâÎðQ”ëµ¥™Ì¹ˆÍôÕxÆT±J8¯RãT?“ÛÙôÇÄ�)OŠ”5 +§L6Ü­ql!Œÿí?Ò5�zeÈ´‘;´m6ÁG�yüŸ„D}VŠÝ
ˆUù«YGµ\nŸ^°Y—
-–e–¡a7Ç¥8¨a%~¿†må >“

]O'_†àvM�¬_jöïa˵Ûl>´Æb`ôú�Û16oy7ÜnXâ»6��žúõ
1?¿º8‡	{fëbƒ^‡ï%O™iÈ"AXåZ�36WͼYÛÊ„ýÀ·âmin¡jS_F£›Ñ_”¥1Cendstream
-endobj
-531 0 obj<</Type/Page/Parent 458 0 R/Contents 532 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-532 0 obj<</Filter/FlateDecode/Length 660       >>stream
-x
­UQoÚ0~çWÜ#�–,	™At+S�­ÉöÒNU°
¸
-1uœ¶üû�“Ð-iK'„„9û»ûî¾»»m¹ààÇ…Àƒ
ºl9¶Äulü0Àß~‡Yið;Ä&/¼C—„Ï_ôãÖ—o]p]ˆgè�„
Äгã@LÛãÞè®Ú)Ïæza‰Œ	šhΠÈ•ŒC®•ÈæW''ñ
â�GË#¶�HíßÃqÜñ*³_›‘�åv�Ú+d�³=È]@kû‰�tÉåßàY‘¦–æj)²2Ú*Êm't‘¨„â•Ü®`6)(=yaüxÅ& IÅ<{/ï°)ÆU¦´„9×{ìÁ·¦kÍaãö^èè…Éw¢´!bѨž0®j›ü?KWS–ÉY…&X,$Å$-–<CɼRÐ&¨#£kÖȶ&J)?I¢A“þ�ë^_ $äô†S
‰Æ˜šçèçÁ
1_5Ñ«¶ÈÀÔ!Ad4-*¥`Éë3ÁSÖTô?“áàÓá1ÅQRj`B!	©ÖHh%JíÓØÓpë¼dÉ’¿ôµa¢}J3‚nëê£áæœJè50žS%VZHõã~„¿-°™Ñ
önÎÕ� ¼Af?'ç×gã
Æqõ`%SA×°H2–ò}¾˜œÍ¬5
-¾ôœ†Á¸ƒÔà0]GÃ�™|L.”#žÌ°/¨.ÿlŽž¥Â™ˆÖz4ÄöZ�¿b��½^Õ‰9j˜½gꌇgƒ‹†Õ´Å|wÝÕC·ÊßËa–‹ãpÿ„®ž„õ¢t}Ï&Ý.�€Ø¡Ù–QoÔïÁ€ßñT®pyÁ÷B°2_–àvÇ»VàtË«›båÓ|; !nxDétÌ_§qëWë@ýD¨endstream
-endobj
-533 0 obj<</Type/Page/Parent 458 0 R/Contents 534 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-534 0 obj<</Filter/FlateDecode/Length 748       >>stream
-x
ÕVÁnÚ@½ós¨RÅ׆öD’¦B" ‚›Ú¬Çx[³K¼kHþ¾³¶!‘(UQ…†±ß¼yïí.÷�6´èՆЃN
-
¸’I&¸�;4DikPHÁUŒ M.äRd1æÀd|¬*ŒÆ,
¦Á(ؤ‚§ö¢ÐH§ÑïFœv‡ˆFqSÈXpfvÀÊ…I]B%.‘e ©‰"6$ŒVÙc·ñ’‡@v#ÀtpæqE“Ô¸ú•>°å*Ã3b,L£A7˜eΩ6¹*V€†×�©y¬x±Di¨»VKÜX�ÊÆç×½�˜Ž×­(\�oæj>kÆjÉ„û…Ä*¸)rœ�ZÆû.8[î¿£¨ãUe¿Æ¥hìúÎ>QÐ¥ü8VͼwÖÔˆ0MÕ¦9ÔÏ;9ûXoéUȧÁIÿÔ“
-ï
-Ö�ZÛ4$d‰äXߣ«N[sJº[{†ãóÁèzLþ�nkÌ)	œ«Bš3à™ ›ßdV´L-”„
-$[Úð²ÜؼJúFÁÉlv<e9ãsZT´N(RÅjE¦q¦« ÑxÛTÀ5¥
-“î·¯jVs,›%¹Z–¥á´¼/P¸LYf×E¼dÁàI‹€ÔœD4ª�V£½å÷2£Ûñàês¥è±XîÇ¬€•´\ò×
¦Ñä•´H{¸ç¼ö@Ø·ÃÒÒl/k ‘ÏÉdI)¥Ë"æÑš.%få&ôƶ/O…|¾	WðGã~9Eóéäv/î{	Ò›õÿ)Yɵvì5ó»õ�Ñö=7èõ ðÊCuÚ¿¹èî1S´ãhøQˆm^œvØ-ïtÂVÏ�ÓíUîž~è»aÐ¥	Têøö‰ïQãgã/©q€øendstream
-endobj
-535 0 obj<</Type/Page/Parent 458 0 R/Contents 536 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-536 0 obj<</Filter/FlateDecode/Length 741       >>stream
-x
ÝVQoÚ0~çWÜc»
MBÂ^¦¶´R�­¤ÝC;!×1à5‰SÛ)âßª&¨/Ó4P$ˆÏßÝw÷ÝÙO-,üÚÐw ç
�[V×϶º¸~;øH‹|Á­[p¼Ú½Úq´N.`Û,Љç÷!
Xôèüúb8ƒû#*YÈÍI¤à#h3PšÄéýñq𼄎ãu]Ä8¢+"ïü_ź[®cü»‡�ƒ
-s¤³kuŒÆõ U(…Í–JŽáøE(çW“`>š\N¤¢˜|f²
4âÈiÈŒêL²—7;q5ЛÍ>Ãzņp W\UX@Ò”©€'@°4OSº
‘Aœ)
š<2\ "Ý€XàfV†Ó¡$¢YD4a'Ãͪ2'eü™…mx`”dŠ„
¬yáüÇ*{PÆ3’¬ €®}TÝÜg*™ÊâÜZ›êŠ�…žh|€$¯\“]¡)ÍC,™� N*‡$<ê–{¶JÈÓ?»¾-*ô¦ŠZ�$„¢<��˜©bÃV[û²Mÿ®A]_ð)	Cž,Û°ÜÎÃFcÚ#¾Lb“•5×+˜�Ï`ÅHÈdv%å=w·ÓÑðC}ü©À|ˆ­¬ªŒ«&ܼ¿êq�Öˆ±Ô°i‚¤Yþ;ê'”Š,AMþ·m
-3¸òÙ
Y©YÙÛM 8IzN=hJ$‰qT'ZŠè
-endobj
-537 0 obj<</Type/Page/Parent 458 0 R/Contents 538 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-538 0 obj<</Filter/FlateDecode/Length 786       >>stream
-x
­U[OÛ0~ï¯8o+Órk.ìa
-¬Òh7ÛRå&Në­‰;;�UÓþûŽ�¤AS±ÑªŽŸóù;ŸÏågÏ¿6¸>$yÏ2-D
®^¨V‚B†a‹˜ã\Ç1ÝÆtà›Qkk!¬Ù.­­íšÁSX<ÃŽ6 ›óNâÞṶ
q¦¸ùa
-endobj
-539 0 obj<</Type/Page/Parent 458 0 R/Contents 540 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-540 0 obj<</Filter/FlateDecode/Length 674       >>stream
-x
ÅVMoÚ@½ó+æVÕ®m\Ûô%"i9@Ô`z	Úx×°ÅÞ¥»ë üûŽ?’bˆU²„äÙ÷Þμ™ñÏŽþ\=è�äÇv pÛ?
-ñ¿‡�b�V/zQÏŽv_ÜÄ�w
¸.Ä)bQ1Äqˆ“ît<ü2xðE‘ÏKçTæÚr¿_Ä?ð˜ßCnËí!iL»Ä	£€±„(O$e �âb
KF(SºFx%¶¶!�s?¦hpÉÙøÐÁýh>Zù£kàáFt¿¹v%Ú‹l¿¼w‰?ßÝìÛèã"•ï!cÏ,ÓÐ"(|‚Õ0KLŠŸ]Ì.ÚŠ°¼ Æ›ÇqôxDáÕÕ¬	¥eN�„3à[O/†
ÉøBäLØp³Ä¼e@¦0Ý4Ùo³¶“�¼npZò›ŠfL,�ç¼ÿ€ûí~8¸<,·T&E™Œß†¬ŒÓh*Rô+¬%ÇuDÿ_ð c^M2Míý&‘ûúkÛü³n»·víÔ*lÓ
-g¢¬x²’çì‰Ö©(dDÐØógêzLˆ€dIÄËr^ÂÞ ó5ž†Y¯™Ã•,
±gÞŸ0Ϊýuøš«È2ø'µu¢øÚìl«óÕ¯•LyÆpàümÏ‚óÁ—÷+åŠ%Fª—cðQ³]ß³ƒ~‚ÐÃ
\Š“ëÑÍ5Ê(׸ôásÁiÕŒ–FU¬:ý*Ô¨"1…bÕ’õC߃?H¥–õ»�;_;¿
-endobj
-541 0 obj<</Type/Page/Parent 458 0 R/Contents 542 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-542 0 obj<</Filter/FlateDecode/Length 546       >>stream
-x
­–ßoÚ0Çßù+îmÝ$²Pž¦VÙX¤–j%쥚PˆðìÌ?Øøïw&©ÖVÅ
�xB9üõÝ×çûÝÀÇ_
-†³B
-JKÆW°¦9¡²a<íÔ™§Ó,oR‰•àPÃõ”eN Î•ú#$9
-6–4WTBštÈq&R˜ú<7XYŒrèø~Ÿ&Äp"
-³¡\SKS–x®Z0ü+A‹ï9ø¶x®s›©²ÊW.‘Å:—�AøáÓbUŠ¡~Ñ�KQ‡g;!o‹È“½zœˆMÎøÉðSjÕœ¢Ýˆ¡µ›¢9ò²OòÈw$yä£äg~¨sBì
^î4U”FI�þ­snëðɱY—-|èúw!ôšÊ…bD¹h‰™Îoo‘÷Rûï÷€6U³4QN?OÓYöà¸úÖÐ<Ƕ÷Ò:®\ƒ|§0¿UF·f/$«õ×R”¬¢ØPõú‚ØWÏÉå2ü
-üÖ;å*`G�;ªOÒäÑ:¾éØŽ[¸
-endobj
-543 0 obj<</Type/Page/Parent 458 0 R/Contents 544 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-544 0 obj<</Filter/FlateDecode/Length 679       >>stream
-x
­UßS›@~Ï_±�Ú)W�>´£FÛ<5b_´“¡p˜«rGá°Ú¿¾{@И¤Ž“aÈpû}»ûíÞîï
<lâl`\' >8¾‡ÿ-|
-i}à˜
¡«lêïùÁa8øtâ
-˜ùèëªãc¢ØJæð“kqæ·Löf·—îŒ'	ÓÇX†V¶E�¼ÐíûÙhø¡¯m·�jAS"ÊЖ[W?‚þÚ¯l¯	¯Fãж6�×Õ2 ~É´�/—
•Hd\e,yžG7ÆmR(Xwýb™iò–zC»_Öíþ¦¿�½I‡¥È•à±LX{y
-endobj
-545 0 obj<</Type/Page/Parent 458 0 R/Contents 546 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-546 0 obj<</Filter/FlateDecode/Length 879       >>stream
-x
¥V]�›8}ϯ¸�]©Éƒfß !«hdÀ3™jU!ÎÄ[‚Scš™ßk>æCênÜ6QPBÌ=>÷ûëÈß&Ì,¸šB~¦¦1±ÀvføÝÂ� °ydôçr
-¦	d��L��p¸a
-ß®µkÛàVÏ(šjˆ¦ª”¥['·ëþ¾—E¸«0�“x­AÈ��`ÇL<CÁ�J‘st7/K*ô±<÷FÎ4ÀËò/Íé—ÐÈ*ðÓ$º‹çþef–
�ï^Z©@²#­y#ÐܪÑ,o�üI?t‡»Ü\Ƴ
pO¸D`Éð²\òœ—½l:V	£{­!™c@È¿Q4¹¾
{O~àùñE.&†ñ¢sC@�;-'lbÍÛTÓì"ôêÔ‡¬Íî^%|mh£#Ébå®Ñäšpö+Ü°®
-†»D5˜àÿvƒ!#üpõ ‹è â­ØS/’ÆZ
-É%aPÔžè—Ü.·—j¢/R½Ù²ªàgn®“
�éåécOj#�
-·¦Å\ŸÍ&"~HPøÔ‹£-Â^à¦ÚõÂM2	yV©4hw§�@Š´ú1à¹ó›»�&¸êëKؽÅÒZM�›Üõõx¢»*ÈpðÓPC4´ˆ:ª|�†Ð{ÓG-nëhŽ®W	I£pý©ƒtú³�9s&Óëk<v§7ð\XPŒ;~¢¢†¿V´ù0FŽgÆu{P’¢Ée#h›µö̞̦1ñe
-Ä'£ÛÑwÞ]ãàendstream
-endobj
-547 0 obj<</Type/Page/Parent 458 0 R/Contents 548 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-548 0 obj<</Filter/FlateDecode/Length 1256      >>stream
-x
­VaOÛHýίõœ×NÒ$|„B¯‘JšB¨®ºœÐÆ^öήë]¸_ov�r!Tº�½Ì¼y3ïÍþ<H(ÆwBƒuû”.â(¦îñ1>{Ã
>;ø©$åáE—m½8�¼ýУ$¡iÎAúÃ
M3B 8¦iz?ôðѹ®²N’ÑÅ#Ií*%--DõCfô¦0©(ÞM¿#`¿	ØFÄvÒ�:ˆyxõõfúmr~söùâd4¾9__„Óéׇã‡aH»™÷Ì,„Ò6¢é�¤Òþ}%«¥¬HèŒÿ
-o©•XH'+@«­£¹¤ñõ§OÑd�~Ôcd×£ñ´ÛyÌ;Tߦ².7ÕâFe;b­ªüúytöÛË¡J£4°‘3¤
sO WA
ÒB|7�«Œþ±zKéÿ%–{,%ÍÖÝŽ¢ˆæÊQ®d‘ÍŽö€üuæR³X`üöĺ�®¦—{Zj—IœÜpPz­Uj2I­oÉädÃd½Ö¢×³Üpšï¾LÍ‘]Sºš,ˆáŸ…ªwi¦YÆø1[·ÒmWÕkÏ¡]Q¨[
½Þ+w‡‚Eå¸^A]]œÒ�™¬Ç”Àrò*îö‚V.®.'ïɰÐV¤ŽÆ 1£‰*›y^�ƒj:ƒ¨Ïû€Ùʤª°°�u¾!Z _RªrÛ�ÜCÓd@�Rs¸]»›lá¤ö9%>+çd—p•¥Ôè¬NpzìBûz×ù9NàDxa2)!,Ö›ãál6MÎg³çÙ#úfê`5¹ª`8fŽ25	Jú<ù|�V]ÌU!é–UÈÍQ¬öMŒÇ”Rÿ`pGJågô(¶ZÚeºˆ`R$Ä¢,d
-Ú}R}ô³ÂRuhçh­äaÞÊÚ@[ƒZ/?®o³[<üŒ‡ü°B`s)ÿÕ4œ;c‘ÒaÅøÑú“ɈÞÄyóB(M‰³C¶Ž;;B±>˳¶tÈ©ùØGï4­­*rSæp ŒÕI
-ÿE(àûçeÃÚÃÂô±?6—ÃYŠ¢f¶e¨x0ÿëƒ\Ž�^w›¸0>—Ò–F[\’X~Ô…Å…,<%ž.ðd•_=àRTÙ“×ç oÖÌGˆ»›»ðÎsÄ}	²ãnƒ9Ænk[¢«àÚÝ	(ÑŸ5Ë"kQ�–|ä`lRÀá:ÏWÉì°¬Ì\Ìq)KfvÄýBå­yƒiLq(³¬°8|ƒÇÎÞ,QX¯	+ÌXªÍv2s¿“³&EØc|`œXeŒs�m
V`c¥p¥Ó¢»ÿ¶¹9"ju÷Üõ'ÆÃ?zo|zÈýóܾý0l–D2Fýãcê¿4—Þ“‹Ó:“KYÀÜq'ý½F»\{u¶=ˆ�y]ˆû6koЋý!¶ Ž÷Žr>=ørð€Ã”¤endstream
-endobj
-549 0 obj<</Type/Page/Parent 458 0 R/Contents 550 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F5 6 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-550 0 obj<</Filter/FlateDecode/Length 970       >>stream
-x
ÅV]oÚH}çWÜ­ö!•jÇ_|¥OIZ¤”²‹[­´ìÃ`�Ã4fìÎþ}ÏŒ1E4´+­ª5’1öý8÷Üs¯ùÒ	)À'¤~Dq�²U'ðúvRøP7‰ý!%ƒ>®ã®“âTÀ6€÷áÔÚ:ƒÆ6‚½3½I;—£„Â�Ò	{ƒ>¥¹ó
(Í.FBi󊘤Ùû“Uò/ÂIò̈J’дb9'S‘YrOo'½dŠû”â÷‘åj­
-xc¾ÖB>—™ÚÕ†ç/ÓÏ�€¼0ö#侨™ÖÛJåúÉÊPVr¦<ߌ*[0UÍ
¦E
-ÚUk4Ú€òìÍÍ™a^ÚenÄ
õ…vŸà°Ê‘ÄÊ’ÏÊΉ=j.í̶¼îGw¸²1f­$r0U­eþÛ	º‚Ô†)Wg˜;ÔfU:Iïg×.Ëä.½ÿðöÃÄ©8wÒÕ�ãƒ�š¶Â,÷¢ìV™×[U(rÿ¼]u¨§iÁ3Ÿ˜l�]av5ÿÎñãx’~îkÙüηKžSýŠ}Æn¸Ò˜á³±Î!Ïzü:äØÐ
r!ÿòè@Žåä�CÖu%±”�ÜÍY$çX�Ïzü:Öc`Ÿ7oá‘b´ÆÛ
-Ô€XÕ»·Ž}2yݹz’³?¯'þ�|v
-endobj
-551 0 obj<</Type/Page/Parent 458 0 R/Contents 552 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F5 6 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-552 0 obj<</Filter/FlateDecode/Length 501       >>stream
-x
µUËŽœ0¼ó-å À›ÓìæyH”Éi¤ÈÍàl›U6_Ÿ6CÒb13«$ì.QEu—o�ºBH#Ø$PvNà�ät‹³”îý„Ú¹*œ§¯žABQ"ÉR(* ê €¢te]+Ô—Åw*‹ç2‚ì°òèE‰ÔýÊÎnZ}ßãà—·ï‹0YWL³àz`û…†Å^7à�)Å"ìÜ›{�jw
\”Ð «p
-�?ô?®ZiYZñ.V«ŽH™ÅN4:J&Jl¡”£Ð'“N­ˆõù9—4”È}ËQ]R{ô p¸Ãê9
=ÜŽ¨4mÉ^Œm+DxRaͪÓè’‹®øÓoýë,Ú¢4´I€)¶wî^R8PÈÕ’¢úÏp}›†kNóÛ²ùà	ÓÌOò’(÷#sØ|Þ¾»Ú¼ÃVö8(x=R
-endobj
-553 0 obj<</Type/Page/Parent 458 0 R/Contents 554 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-554 0 obj<</Filter/FlateDecode/Length 977       >>stream
-x
�VÛ’ÚF}ç+ºüâujQfta—MöaSή\~ˆS©A�¼ºY3à%_ŸîKÀ1 ¤ž¾œ>}f¾Œ80|sH|bÈêó„�ðbE‚×>~z>_ýÿ0¢ÐKœièEΖ¡[Ï}9Û0ö¸³=¸Å?8qféèç»	pi�)Æ"�4·N¤ÙÕãû›¿ÞËìY(ÚÃ~Y+m®ñBwm£Õ5,Ê&‰Ÿá"{nÚ¯•Ê—ªV�y—~F÷ñÞýØ�½\}¸ÿ-°Q½.Û¦–ŸÃpgˆ�yàùdÙ«®Ú‚–µ©]ð銽°èÓ»ã
-Òx¡z•{4œ[T‰{XÉ�jÞìŒj nÑȬ$6ç`¿ÖZå.Q;Û]‰SÑДë~£7Ù�7ƒ	é÷BìÄØ�<�¿(
-r¡±Ë™±:Î?¼»–éü6àqÂè:L¢i"¸O×BÌy<ŸÝYËL}¡Ž£Þ’WKœ‘%uS!¢[Ò
-Îo&üf>Û­s1±žb
-Î|wŸüú®Û{È]ò[†!¸·¸?~Ê<)�‹­QðøÏÓ”@“‘&6Í8vù�$"€;Ù=íô¨ÑGn÷U‘Ò:"QA¨-¤6àJrzõ/úœb¯,�‹–¶+%‰Üe±#0|EfY×åÀk·õÀ`yíìôª]W¸
Y-~5Ç´vš=Ãò*-šsD±–/F—ŸQr´(ëu=èK]jÚº¬tÑN´Ö‡ÇÁw‰ºÃÝïB@÷L•< Dþ@ì¶ÔºÍ–ç$ÌZ”ÒàH.ûvÝ¡ØJ.—�î‘tª²›ý™�Š5°“xêì¸ÜÀ¸!ø†±Øœ¬EÙy1çŠx½_9û½°ífúrA‚ÒÔ[Ü÷^Ô®±;”ð�k“	ĉï‰8"Áxš>̦p«6ªj;<ËÀ/kÜ	ˆicg=NJX~õ«¥5=
-<ËÅxÈ£ÛaH·æéè÷Ñ?–tÍendstream
-endobj
-555 0 obj<</Type/Page/Parent 458 0 R/Contents 556 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-556 0 obj<</Filter/FlateDecode/Length 804       >>stream
-x
ÍVÁrÚ@½ó:’L 6qlsètB›¶9$Ó2=”Ng±epk{�Ý%�|}%Ö&ÐÄæ’ét|ðjõ$=éÉwú¹àÔ‡(ï8}Ά
=½�Ÿú+„Ä8ƒ¾ÿÒ�8ÏF“Λ�¸.Löî‡
Lb Ç�IÔ5„b™ÏP�L@¯#V¨aÚ]
"{k
3ÄÜwÓ£i×Y¹Ó££É/rêWN{äµçžöä·{{y=	¿ÿ°;°[¯7[$Ïé¼È±0PŠ8N‹ù	ˆ¹Hmàæj1ªœc3m”ˆLJ>no.`üåýÏËDDØŒMy‚(b¸G¥ûœ.ÝEÅw ÊR&Õ°ÔM+2Á:Aõ:ÈF$q+Q\RÚ‚wË;û——“<�c…ZÃøÛ~”ô¾5c\2,æfÑ\{Î…à. rRæT“([2#ÔYT <-„‘íl”RY¬—fÌ$1“÷HxÀϸ1NöQ1æÂä*2F=J‰×º"ußíT„a©j¥,¨ÖTò2cÖEBém’·
ÇÁXË2[SgF¿Ñ*r.VF§�-m§ENPšðï–¨ÿrølzˆ7r©^Óåé€àµŒæiÜLÌ#*¹Ÿë^hÇ 1’ELÓª¶óVµb³S.&ßà~µ�As®!F©tFì¢PÔòm½õ¯eƒÃRHÁ.3SMaÝJ»ÇI=IfeNŠé¬œÿC«ñ·‘5“cÏmà¼EXšƒòN
ªPhY´yæó'Ï…¬®€.1J“ãV˜c¨5Ö.¤mÃxf¦¾Yí2H”Ì«¡Þ¿FuãÝ5)Îa-Éi[ÑŽªÕÓŠÅsEa]GZ8k�™ož/JÁŽ\1ƒ<µY&£í™æRsʬuÚ,g#XËXQ«FnÜÖDgI�@³mpÕÄF´"…I‰ÙÊÒ˜^1ŸÊ’ÝÊjÕ–²¤áiNH–¨,H5c›�Ž³ÚsX­E×£¯ áüÀ뇼oίFçð�j�±
Ÿ–ãôÜ ÜØögȦŸ·_Ýü�¾¾èµwÆÖ“Î×Χé²endstream
-endobj
-557 0 obj<</Type/Page/Parent 458 0 R/Contents 558 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-558 0 obj<</Filter/FlateDecode/Length 1005      >>stream
-x
µVÛrÛ6}÷Wì8/r§R¨K))}èØ­›x&Q\›™ö�3ˆ-ÔI dçës ]ÑVTû¡º‹XìåìÙÞ
)ÀsHÓ�CJÖGÁ  0ãs2›âs„·–”¹…Él>˜ì[‡?=ßq½ý=¤á�¢AÂÙ”¢” (Jz?�±õ’¾\ŸS´¹É­´'Ñ?Ø2i¶ ¡þp<aWOPå,(••,RYX*²+I•ª$b-)îUº\ŠeþàTa¥ÎD"ãEꮕõz)u|âcÍ›X}6š¡:»ºüõï+i¥^ÓÕŸÞðß:ú£Ð›}¹XDã‰</“¢}?û7dÔWIeæ’pe§Â
-R-¬4Ý.—¶p2©ÒÒ$%*º?†Í€�°
-è4ö¤.•)©
‘a¤„AOïjil‹C[Þ³Ø3JD‘È<)ëÃz3…Ý/Ü/pÎùê�LaPÍ–*Ð MUqs
-B0 nOUëª4µRSZrp»R†ðª‹Û¢Üƒ.€;MX”V¾sNØ?D¡pýéŒ"NJ$¶�,vdz賶ےjhFÙ
-<Ö˜D(”ñ9eJË{07Á(ü™3Ø©†�3�²
ÿËT.ia×ošL1"n
ù”�É¿v“2UYé*ûÏzÖ’5ÒÐZÜ[V®ù—vÆJêÚv£ð£i©ˆç…‰v‘Xd\Ö(óI1­ûf‡GòŽ‘ôXìBëm©m¹ïx‹Á�¸MÈvxö÷í1×&ŠG
-£�xB|
îx
_·+ázÄ2[¯�·-iéXý¤B5ê-%ô (Gn_âZTïQ›S2%eB£4'
;=R…²JäôØÕF»©Øw\î"ØùDY:ªpãá§-Ž�Þ˜MrÌ%í?Œ;Ö……±i¬÷#s´L¿Ô5߼ܳ—‰ÿÇ÷öÖ¼X¿’ö@hRŸ5·$ÃélÎç¸orw@קŸÎNé7¹‘9fÃù¾y¸IýÖ²?
æ|}�g/M¦“Á4œáî—'!_:�Žþ8ú–Wä:endstream
-endobj
-559 0 obj<</Type/Page/Parent 458 0 R/Contents 560 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-560 0 obj<</Filter/FlateDecode/Length 767       >>stream
-x
�UQo¢@~÷WLš{°I¥€´oZm¯Ikmá’{hrÙ œ¸KÙåZÿýÍ®pjm59�
Ù�o¾ùæÛáµå€M_º>ÄË–mÙàõ»–^/ {—~%Bjzž||>ŒZç×8D©Æð{
D	ŽmC·Ožé3½�Žõu2Žîn&'§Ño
-óë°Åu\ßò(²=
-/!š#<M¯~MY¼@iÉf9ò™šÃ—/XBÆáEÐ_E‡Oà	_+”
-Ý›ƒxÁÅ[ŽÉl‰\Á²¢ÅXpÅ2®ÓÛÐqº–«SjŒ]¤‘2*›@Â;£tq^%Ÿ™å-fsd	–Öº FÂnÊ©i]ê
Žåu]Z
-¬])ñG/w4%ß²ý‹f�‚u)fq?e!¸Äÿ…–
ôùuÒ>¥ôk†]·a8‰îÂ
D%ã’Å
-&l‰	L³÷Ö}oë¾IÝ	#�˜”IPl�'ù2	

-¢Â¸é®.Þ²ÚHœÊƒÇæ’•E|bA¨eÔNI³aN6Ëqû‡l<²µíŒ$!W2ÉÊ	á»

*W´
-oG‡¥õ€øR·HŸ†#HÇj3:X•m¯«êÕïÇs-¿ßŸ$ºpÌ$÷Ã
Œðæ¢ÀRÂMEÎÒa'è™Ý�Àîëwp$z
½#ý½Ti§gº=ŽZ�­¿à]
endstream
-endobj
-561 0 obj<</Type/Page/Parent 458 0 R/Contents 562 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-562 0 obj<</Filter/FlateDecode/Length 691       >>stream
-x
­U[oÚ0~çWœ·ÒiñâÜÓ—‰Šucj¡—tOH•I%]Hhì´BÕþûŽ“Ð
-¬«FDäØÇßùü�‹ï;Lz8øØÄóŽÉLð�Yà>�-ú—ÓzÁ	Cú|mÁt˜÷Ú‚½Êr9^î0ÙêUÞÒѱ™ÛZ!³Ÿésf¶¯ÖÔuX¸
zu>�„Àˆ¦tV/ ARo5!Š»§W=-0‡ó"KãåatGæpÞ˜–OæÝa¡ð¢¢6ƒ™È“!9LD¾T³4¿…eQA–þDÖà�Ûgœ€iÇÝK¼¯Pª—~¼fýÇhÐÿЬ:ínŠŒÁm
-	mŸTÓ)–Ä"Í–›(ƺáõpp]Z»‘$–„”‹9‚
UžÆE‚ U©Ï!•(•<¦jê±€ƒñø@îñ7:þ~Ó‹¢ËÝ‹ÉÆ
-„"“Já>´ëÁ0²÷�çD9A™–˜€ˆc”-ØJðZ
-ëYr¹(r‰›ìM0¬VóóÑéÍ·a7u�$�ß„Ú¾DU•ùn,òiž¤± 	@V›ìë,­ñlÞ$„ö}Qa¹„A>-Þš¦©¶�3!%9£’i€y%•NXE™,uä…¤±PÚHÏ•Mv¾?}ÿ«”:¸·[ʵCŽ»"“ˆÍ0}6»ß—©Å*OŠ¸š#Ubo/Ì9Ô*Fk'­ÃY÷�ña'BÝ­Ûa®P^»,°ëv!©~㌻
-Y¥\ËzÍÕ¯Ôât‰¡¦‚€~{j%h›#÷}fy>]Z³l[ï¿ê�÷ ¯I,%|­Ò¤®~ƒû
óÂß$ɒ׺¿ã;Ì'évHºN ¹}‰:�ß»!ã�endstream
-endobj
-563 0 obj<</Type/Page/Parent 458 0 R/Contents 564 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-564 0 obj<</Filter/FlateDecode/Length 457       >>stream
-x
åTMoÛ0½ûW=e{’-øã˜6]; k×Æ;šÌ )•ä!û÷£-§HQ/+ÐK�Â0`€ä#ýÞ##ŒE
-Yj±„AΫ¤Qô�ÒkVC@i’O2Ê�¬àÿ
-”-Nëèó—
-¸€zESå%}4@1µš]-çp®»
ZéjÛ9�
,ÌF¶Ú}ª…bŠã´ âÙ>vè|ˆ
-àOÑ<éÁgÚ
-endobj
-565 0 obj<</Type/Page/Parent 458 0 R/Contents 566 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-566 0 obj<</Filter/FlateDecode/Length 602       >>stream
-x
µUÁnÚ@½ós$Uíx
ئ7R’‰@N/I„Œ=(nm¯³ë�D¿¾³Ø�8à$(©,$‹Ͼ÷æÍì}‹�E׆ŽaÚ²Lf™6t=—Þmú	„Õ&Ðë1Ó;è4˜Ý3»‡¾ptñgGœù­Ó‹>0þŠP9ž~„ȲÀÛ3”9Ï$žø¿)ÏÙå¶CgøQûÇt¼ø>–ñn'ZëJ°$&\b9Oâp
wA%7í Ià/
-.oNt
C·-,°P"#HÄY‡A�¤
-C”²<�P�Úè°Íx>€1çTóÑp¾�Z³kOx�_ Sé³BÄT7ÎHð’)¤J°D�AŠÈý¼{…²0w*åÛ+1Ìp“°ö[Ó$jJÕKmTÚª{5šø»L8¤þ’/Tù5
?5QYÄC•’XÔȧ
ÉEòÂR­V(kLñ±õ3­þq\?!{M +´
-®»œ�[ˆ•Ê«†q8½\ßzýGšJm§¥Ö°ð.×̹mV;äiž`�ɺÎ�9°\Ó<s^94;ï½2®šÊìü¢ùôŠ–@ê,f!îæâ…öaBú$–ÚGÁ’?`9÷�‹¥&Õ1®|³SþÖÊ"vÍ#¯ªL¦’¤ÈJðªµñêúTÝ>è¥÷r)­S­¥÷îÛ	
lµ˜·`i1Û½p½êŠa®g:ý>8´ú7÷Ì|py6€!>`Âs¾©8ÚÜ[Æ6×p­¾ÞÿzÁ~Õ7’nP×íš®ãÑ-B‘ž¥ÿ:÷[?[ÿ
-endobj
-567 0 obj<</Type/Page/Parent 458 0 R/Contents 568 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-568 0 obj<</Filter/FlateDecode/Length 842       >>stream
-x
µV]oÓ@|ϯX!Z„�í¸vÊJ“
-¾Á¤;|ÙQìëÝÍh`¥€B.Äwj©*ì=äã%“_ö
-3™fšý�€‚Í2YýÈÕ¢ÖûÖ/œ=�°endstream
-endobj
-569 0 obj<</Type/Page/Parent 458 0 R/Contents 570 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-570 0 obj<</Filter/FlateDecode/Length 876       >>stream
-x
¥UMoÛ8½ûWÐC�ÂR%Ù‘�Þܦ]H²ÛÆí¥^,jd±+“.IEë¿CŠrb×q
-†
K¾ùzóæÇ …„>)L3çÀ׃$Nà<™Ä9LfSúŸÑW#”þ`|>ŽgDz$?~#M³8;¼ñv1xýai
-‹’¼ç³),
- ÏI>¼ÄRH4P*
¶6bƒ#J+Ê­�+z�ð£A½¦ñlñ�ðò^”åñ„‡W·søŒdg,¼«X]£\á›Î¼wOYGé˜b$ûä¿d²=>vp·¨ïQÃ_̘Vé‚žíiÀü9Àù5\©•’§a²_„)ËÓ8ãgpæ�­ ;�Q>ƒáÓ�wJZ­êÓP¡w�RÃJðå§'º·ï:�(sÜÞ(‹o vuÓµH²5‚±L[­ ¬l«àårùxÅ4ãµ
& ‚5›
5•3ƒ±sà`…óZ�½£ßšñŠh:©¬Ñ�ãã×�¹�Â
-VÓ×L²ùÛô$ª˜©FÀVLHbj[	NÑÒ
-´ã¬ó)Œi° 1Øs.ÍsOca
Ö%,‡µjCZ˳Ø!Ò ·¢®á9!÷˜dùµ—g!‹Â¡ù!aFP3*`LÒP6†&ò òe(~ï„~Tk`«°
-Xݲ­�©][(Qãzµ+Çr(bçáêú¨Òÿ
åöùR1©×”Û�W×@ÊÔ½}ý�8ô%Êf£‚tçGôâëŸ/_u§Çä¡‘…âÍš8€Ü5eéz¨=ú@$hO5¾Ü|¼]|ó{v�µ�\Ž¸:Tõ÷`gÖÍÆ·ÙßO!
-‘ím‹(‰íÝ2q²¡±ËnähÎ7ž¨}�4ú}ÅjgÏ+äÿ:‹õnÒéÁIþúÑí.G;Dºö€CsÚ­C­\~@‚ÓiÁFã½P�©·GqOüü9Œ0.»=q“¸ú§¬ÙŠä@úúÌz©ñÓÉœ+Fê×ÛøJ„Y›…YK§³8¿¸ �î÷ïíüúí.ñkEkà�†–¸K9ê-£irñäªv–“é$žæ3j1Éü¹ïÔûÅàÓàRV…rendstream
-endobj
-571 0 obj<</Type/Page/Parent 458 0 R/Contents 572 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-572 0 obj<</Filter/FlateDecode/Length 853       >>stream
-x
ÝVÛnÚ@}ç+æ1QcÇ6Ęö)wEJ“¶Ð§¦Š6ë1¸˜]g/Pþ¾³k !éE}ªÖ;—3sæ��"zÅÐO ›Ÿu¢0‚4íÒg/ëÓgBo…PøGñQ˜ízÐí¶Hâþn‹8醽]®’ÁsO'£ÎáE
-q£‚ÒM³>Œr T£F|ïF|Kiafµ
æ¸¬— 0^•(LÀYÅmÅæÀætT²J>Žåœ'¨ð
-J�£X.E!·�[F¦¾d_åõ…R½âøóÕÍ(ûòŠãšåy)Æ`$ô‚‡¥¡UåXP…Í´aʸn
ߟPXŽª-ݪ4[(\°nò2�ãû¢bc

ÐwI}vMoŽîö¬¶¬‚9«,B©!úND¢9ˆ‹ân¿qºj˜�ºn™®¥Ð¸]¢ÃªgüWÅÕ¨æ¨6É÷¯Pj6£‚j‡¶E^
-"¶ç˜�Ñ iÉ¥ÐX%h”ât´åµ¡`eeiè›Y1r!ÖL&úº)ºqËÔá1`˜Ö©rú½ƒÙnjÛauC)pAcÒP´Õ5r×'¢�ƒ³ó! àjYû™²Úó‡Le•¯Méö*á‡}ŠKŸìFc… Š< Y >U˜È©JM[àI6Dc³Yþ>Ÿ Ÿº3`cV
-'9O
-Š¸R†×çnÏLq­¤«¸íCÖ
-祴ºZ®E©ó
ÁºÛß�Ïõ9ÀQ+9ñÖ(ë«[(9Û
-endobj
-573 0 obj<</Type/Page/Parent 458 0 R/Contents 574 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-574 0 obj<</Filter/FlateDecode/Length 812       >>stream
-x
íUMo›@½ûWÌÑ©Â0^p{¨œ¯6Rê¨1î)’µ�%¦²YºNÒªÿ½3Ä$qÔC{,–�e‡y3of߸øó ôaÄ!Ù\æ8ó!ˆB¼÷ñ¯%dvcFû6¢\Ö�ô-.ð½Ðc^çÃ�ð¾ó‚€ÌmO�1÷Ù¸3îz—MönøþË�£xðöl^
-¹OáÿZ!£Ö«øŒO&Àù„q>&™À¢MáDnåZ•öc�§öáxøÕ'k'tQ`Ÿ¶VAu
€…¨¸ø•M‡ã€�ƃ/ƒß�ÐJîendstream
-endobj
-575 0 obj<</Type/Page/Parent 458 0 R/Contents 576 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-576 0 obj<</Filter/FlateDecode/Length 689       >>stream
-x
Õ•ooÚ0Æßó)îe+5YÒ$LÓ$º²
-	Â
-î«1Mir@¶`ÓØ¡ë·ßÙáOiiaZ÷b �áìós�9ß5\pèíBèA3€tÞpl‚0°=ð£�Æ}J„Ip\ú¹'pî{v°/àE-;ÚhêäO2]°Æ»Ï>¸.°	©
-¢X¤Èq€¥'%ªªä° çYž&
-%È*MQJ*ž‰´š#W˜Á$É‹Šd¯æå‚Û§ìeo�KIuv«éÛ>å?Ó«ßîöF½
�ãŽþb½ÁÕ ®—A–R•´$
-ßÃœ6‘…Pîó¢€Tp•äòK.—¸™qJÀý,Og f¸�Ë™¨Šn$é¶MP%åĨ.ºƒ‘–@ZÝ&mÌ“9%aع¾éŒØ÷¸Ýï|ðœ�g”©ÞÇÿëyz7³FLÌxž¤³œ#�eö4ÿ–xW¡T[‹È—Ú"·¶èºÂò
&¢„/—Ÿö¸²õ$fK,%ù}½~Ì”ø‰fè9fH²­>!ÁZ ÔE%Z¬ Ϧù¹žW;õDÙ
-
Ë‹jeÃZúsMA¿éÆÌ
êðš,}c¨ó‹à
-‰¨WJ´/±áËÙÖöjËw%Ÿã<¯$ÒÕE_¿½,h‘dYΧ?Ϻ}Päs‘O9
«f 	5DÆä
-endobj
-577 0 obj<</Type/Page/Parent 458 0 R/Contents 578 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-578 0 obj<</Filter/FlateDecode/Length 593       >>stream
-x
ÍU]oÚ@|çWì[R)vÏئ/(QÚ
-)A*¸OIT]ì®1wÄw†¶¿¾{¶qpìH‘ª‚�Ýzvvvgý8p€à×�Ð/€d= 6�áȳ}ð£Ï.þr‹òÂõ†ø÷ÙÅE<øøeŽñ±‚) !'§óók¸’K)>Ä?10
-÷¿Aï$œÜÞž@²¢9M4Ë•m€	Xn€¤Ài¼Å;.Å\]Oc-XytIylå X ^1P&9Ux–˜yÉ·L˜8s•³Ç‚)ýz®B±¼a^E·Ø«bMï3$ßÊAõk॔�BQUÒ¬ÊþRÁºäï“iìÕµ_Œí´Ïv�$ä!Ži†uÜVK
‰,„nSjãL'óxvœÔaËß
Óˆß�ÑÉ£µ5å™ÊdgM(´ç¯‰f™Ü1l6ÎQÒ+PX*‘‘€ùäÿÃ:ê3f¸Q<ýaâîŽÓ{B<¹@Ôê	4–f•�žÚî%R�n:�Çø�
MS.– %øcpÇ`` _
-Øq½¥i®Mê½Ö¥¡:’v‰ÝX¼C™¾anvû0ê¥Raà*,ý[
-è6®6B;ÍÁÖê#ZZØCÏö›U~“�ÿ±
‘âNæØi�Ût^(ý3ôЬG×¼Ú¾˜Óÿmd¢zœ0²ƒÑ‚°ÞÚؽ‹s¸d[–É
¾¬àkÁÓ²:kk…ddx«Ñ~èÛaá»o†åÚÿ¾
þ=2oendstream
-endobj
-579 0 obj<</Type/Page/Parent 458 0 R/Contents 580 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-580 0 obj<</Filter/FlateDecode/Length 742       >>stream
-x
ÕUMs›0½ûWìÑé
-˜
-,¶Z#I¤q}°èø£=Ö{°wõ´zïíê©ç‚CoB
$yϱÂÀöÀ�Bzö裲:pìGÛ~0°ým+<×±ƒm�AþÇgqïÝ•®qV•D!Ä)PIŽqÒÿxã9F~Gq£Ì!¸ÏÀ¢TkàS
qÚŸNî§÷ç+&4KŒYŽ)|â6‹6ðX^H¥Ñ’̸@
™T`\CAÙo�§(ÏV\Ìéo„§Õ
-˜Â“)XZ!Íæc40]P
-\Š2ïnXéˆ>ÚÑyq².H}†M¸†AõŒ
-®	q$2¹Ë=n¢ÄQ°áÃÝ]R»òŠáþX<
]W¾Äg\)èÜ$xfË�‹š…º�BcÅô«ÌÙãrUÇ4Q
LÓ³¤„߈7mìªÄ6SõŽ	Ï´b…g›³¾ÆÄp)àxv9[Á#‚Ì`ÉsnHC¦5׆‰a�
-kÄÚµ]*ì¨9òë-»·ö¾¿]¼ÙMh!¹0Dý¬o$èFAG{?;êBv4»�¦ñÄÛ
ÛBÚ3ÇÑ—¯»a
-–¦µ#%ÌÉ¥à‰L´QÕ¿¾õ¸2$Â’ÏQF.iS¦"³2òôæŒd)ª5‡?tD•ö�çÕ-γ¥å±=0)	6ýp:¹|�¯n܇óx²t{êf@´ûµéN}ØPê
-endobj
-581 0 obj<</Type/Page/Parent 458 0 R/Contents 582 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-582 0 obj<</Filter/FlateDecode/Length 895       >>stream
-x
•VQo›H~÷¯˜‡>àPÀp¥>Û©¬äÜ;›öJm—uà»”G¾_³,¶.­CtBHxgvæÛo¾™õ�‰>.„Ì ÕıüÀöÀ�Büöðmì{ÃÕ•kG—¾ãÛÁECôëúu2y3ׇd�Ƀ?2ÀÄŽ	56¬…k¬�Oø¹æ{1MþÆ-
¸®Þby!n16¢e dVB!¡ÍHR18�²c@$¼_lØ�ŽÉÖÖa0ó9Ld«ÜÆV;üš&Ðö/›õ.ÙzÚîû‘/Ë�!Q@j¼³¿bý×ëËz“ÌÆ¢<-Íõ�^bíÃxg´²\þ”É
Ë;ÁýßyNÔ¾€ûõózùÛëg®EÁ[,R+`·Ú~]mÖ››Ï®ãŽPpÑs„Ñ«©!xy’e,ƒbÛ½­nU{.¸õkD:UÉ5]
k»†£Ð,ÔCVPÒ2	²£”Iyfõ¤´hÍ|]ñEs¬[ñØ�:/(È"c ö°I`)*‚²Š;ToU´Bðs˜AÒÖÌAÙ£.–l_ðB¹©ND«jõŽ³,5b׌=
ýýÍ%6ÖÈt	ß�-Âh2Ö ÈFXᢢi˜EVðGðµã3zö-@š†%Ä.žA<ð„äEÉW©qk.Ç�,W;X-®�qª(“)
-Uæ§FEh^pöP)Åé>~„ÞTJ’uU
ï›PªÍõ³2œ7¿ÃÕÔè•AÊòØû¨´¨ŠÓDÑ
57/¨ÈØy{:UÏñv�HoÍ»'siÞ!Ä×Ϥ\*æPE,kÉøc›Ã]8™rèK©Ê}ZÁpøVÙ6O
³L§÷¯ç—Ýw‰Sƒ`߈ª�„J�n‚è%¦H‚Z÷�Dµ:v1úPÊ$l—7u­”ÿ-´íÐïÍþ‡cÛÁ½j,UÝ©¹A€b4Õùd,eRTX®1Þ‡&¥v.o¡Å
cG æb˜ —„9´-Kuù0"iŽÔaù–š[ùáÔ©\ÏçEÃ=çúžÌçø¯`®‡Ú.þý:†¥ºvEÍ	Ÿ:œ�
-½å†xߣ¯:óþ†¾|—û¡o‡A„gäU¤¶®’ÉŸ“
ÞbYendstream
-endobj
-583 0 obj<</Type/Page/Parent 458 0 R/Contents 584 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-584 0 obj<</Filter/FlateDecode/Length 1348      >>stream
-x
•V]sÛ6|÷¯¸§FI(V²eÉòL3£(I›IüQ‰ž<Dy€AÈdL4
-´F(—zEÊ€„µÊ¸Í€ÓtDdòÍàØò¼)<>	�¹ŸÃ1¤ìó0{ ¯
-ú®Ó"-î�(Ö¹HÿVf) Ò.Í2Ò¥ÃHD–íI8§òÒ‘Ó$QÜ)J�¥5wÚÄ$Š¸›HêÂ�eÊP.ö=œFm+«8SUƘ2Q¬JUÄu—ZgöàÄ9|gCŠ’ÔÖ˜Df5i)+C;¥îÚÖ)³&¶a¯Ëå9Ä‚ùFi®6íJ¾èÎ{%_GvÖÊüPæºii­(zD2èáFN˜Ø¯�Ã,CY®wÛÍÀ`
-PS“€2ñ}9øš¯ÇÌäy‡jàê�Ö
-\òÈú5>ÛDYæ2Ów¬ Ý•Áf�2�¡'‘¨d+™
-A4÷Ö	–—×N-À^¯:O¡ºø¹
û´^*÷Yßéb-rÿ¿eõ¦?ÚŸyOƒÂyj¯ÁÄxê—ó'öÕ �úOÌöšm··•�Åæ8Ë%Ë‚Ñ®5EO$Ðã©vºƒó´ošCØ=“[½€2ŒßJ“–.¸ùø.X|gåüFtiöÐ>:–/ÑÉÿ/‚ç]WžŒ'Öy‘xƒ~ÆÎaVÛÔX÷O–Õµn©«,¦[Õú:ÞÃ!Š½.epå=ãDçì|…r¬EÖ$>öºÌ…LRl9¡a¾o¼/ô® "«TH70õÌçk�À®ŒºÕúeóvê]��¬Øé^QUH³‡Ó^F~3>_
-pñ�…²µE­¨hy�+RÉ{[å} 
-endobj
-585 0 obj<</Type/Page/Parent 458 0 R/Contents 586 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-586 0 obj<</Filter/FlateDecode/Length 646       >>stream
-x
�•mOÛ0Çß÷SÜË"Í&NÒ$Ý»²„�ÑLlR¥ÉKÍšáÚàÄ”~û�“ÁÆœ6ª’ÖçßýïÁ—ǃ
-Å
-�P”ã,ÎçPÕÀä,DiMÕì
-�„)Íð^¬ÆF<Uu¥És²°?g¶Y³þ!ì"J©ÛM ,¡A2y³5xÎ_}úMÌ?*0(#T#wZ¹.ž^˜‹�µ
ê#N ÆTS‚
Þ+½UÀk¸’7Õ“ÀÌÔ˜š¼a&œêãÓ)°¸K/‰Ð·+¤$ÝfôV¿ØíË€rV_MÍ%lß³O^ÊF¤ãæVJW²Ø×›ƒ°ˆ¶_Ft=�¼¶¸ÕF®ü
-èOÇÎïpâ?¯¸´û‰¯H¹h¶ÚÜ!|E9áM¹øJp®axéÂfŸýwO¢k‡ªD$��w3¥Õn£m}¡iµó{Ê
	é~C-j7~‡ZdBR��k£Ÿ‡JN2 kûW
-WzÃ+¥V�ÑRâ)ãe©­j†…úü,Ç­7£‡Aò�|ïDgû£Áâ�&Ó)¾%CÊ"7¡³Ë“ÌÅ“�ú
G5œÙjÕŒ°4k�ILÿ3òã4¦i’á{QI;R?£/£?Ëpendstream
-endobj
-587 0 obj<</Type/Page/Parent 458 0 R/Contents 588 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F5 6 0 R/F6 7 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-588 0 obj<</Filter/FlateDecode/Length 538       >>stream
-x
½UQo¢@~÷WÌ#M\ŽEXð^.Ô�¨½̽˜N×–;d-Ëözÿþf{mÔ¶—šBH€™ùæ›ù&³w
-Þ<zVÛŽeZÀzÌdàø¾ÛøT6�Áe.~ž0ô<ß´O(µ�
ƒ¤óiÄ€RH6˜�ù$kÀÌ–ÉÊX³JQUæwŠCÊåÕUòƒœ6¹ÚCädmÄ„—XÔ%¦iîýàä©ãÒ¨¼¨I^ÂZl³¼|	U¶¨¶µGìu4ݱGMüXßyQ�_¥ø]Â<
-ãç- ¶.Ì´r	Hõƒdª¾U^ÿ�û¬P¼™„]VÕ 6Àóú–WèGaDÈÿÀ*“\ÛÇ•P;
'»�1Ú^OÓqj˜öÐYWjU«
-s´8‹x8O£Ùè:¥pl�Ä
ÄÁ&âF”¨ºÜ‰Rò¶¥Ø€V/bû§Ê%y%÷=pŸ8³½sC½Ì¶üóó6š|ÍÒ†––á4š�Åù‚ׄõ€³Ó*u"7¢‡Ð‘s6ÉÛÉŽÃ89‹sA²î>Éë2Üèy‡ãùõâkú(D;Õ'ºz±âì¤{U‰tõ
-þendstream
-endobj
-589 0 obj<</Type/Page/Parent 458 0 R/Contents 590 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F5 6 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-590 0 obj<</Filter/FlateDecode/Length 320       >>stream
-x
½•_kƒ0Åßý÷±{ÐÅ4&v/#µ®ÈÚê’HÙ“Œ6…m­vÝöñwû�=Á„€è9÷þ¸�ã‡Á‚ Ðç°Øx$ ÀhÀ�Å)ž�…•74ÞíCaf…0K@5!`=•�înÌjØYÓB)9½ûóù”�½ñ®Ùoë—�½²�ò©Ìf•œdRWX·*uªtk¡{\W5Èrµ7o¡
[›üƒv\¦Út‚K]àù<UÝ�¸ï‚Y&I^ÎL•�Ì™¹`ÖÏÚ¤Ó®�#ȅʺ2wA<”ÉcYt5dáY¥Å$K¤ÉUk5‡	ŸšÄçŒEðÁ
-endobj
-591 0 obj<</Type/Page/Parent 458 0 R/Contents 592 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R/Fc 11 0 R>>/XObject<<>>>>>>endobj
-592 0 obj<</Filter/FlateDecode/Length 1473      >>stream
-x
­WMoÛ8½çWz©[4Ší¸±³{jú�ÍaÛtëîöÀ (Êb+‰
-IÅ1öÏï’r'èmS$µ$jæÍ›™7㫃	�ñoBó)Ÿ�lÆÙ˜^žN³)Ís|žâ×**ÃããG,4Ά?v�¼Ç/F/Ù"Ú8[²xÜýÁé£w§4Ó²�“ù‚–ExŽ;rôI4¹ «[¯Û5�·^ÙVÔîÙòë
¿7™Ç÷�g@¼,F¯rç­�>˜Ñd’LçÙ	XVŠºÞvÆ)2%ùJ;*ŒìÕzÂgo¨³æZŠœiéÖéu…G-ž8ON$@eßJ¯
 i¿%ÑpFØÿ˜'ÇV¡œ´:W𻪈G: •õB·T*á{«Â½t[˜�#YkF5xË‹zÆAÝ'¨Žý-¬6½£3!¿‘j‹ÄÚ#¤Dš{÷‚¼ÈëÀÍuá*ÈqêZ
mŠÛeÄ„—L�7~Û±!TM¡Jݪäqà>ªmÈÉÀN°¼Ÿ³!“½dR`GÖ°Ý·2Ú‘Sí½ØBMNO²@’UÞj 9�µ>Ð-"ÃtÕ«>�”	äá<[p‹€ãËéÉœîûw9îƦŸ5‡Z@Q"Ánñk0ªVž�~59•Ö4
ï/	<ÚŒ™þ5`™�Úï3ÀÈ“—ŸÄíú¼ÑlŸM¢_¸70u‡ÓE69½­µ×½µ(¯zËFQÀÜ¦åË
ëKR�<5&馫+�`1� žyP‚֪UVKhˆgõÏQi,mŒýÆ2¹Ñ¾B÷@Ž„-èóûó/·>´Û:¯š¤?RébpÿúóÅ'r�’º¦[0—£ «�Ó´jYRн¬·ŠÂ[µÎ-ô	B±a‚j#…ÇáIš¦ÓuhÄ;
-êu£.Ÿ%	¼z�‘;:L†!/³¤þL=}äF§å›³§ÿ'‰i@ñÁº)¤²bŽÃì@R{ßõþ¶•žÔÝG
-ã�zZh×Õb¤
†'ç…nt«]¥
-Ò;Ù\uÒ‹Ûƒd/Q-µv¡Ôá;µ”éÐ÷1愶bizb|P7‚ý![w0ä‹|ZpUä·3ÆÑåh”SIppU)ÆÏм™$”#½Š2Ï
-3.lbÕ$®…®C�–û5n<�7E{¿í›¶P\
k�ï”:u#•*°a ØG°Ö(ÿ"\ÂwèÛ;õ”1€r±JFõÅDæ•lm,$±	ýØ`Ûâ�‹3„PSu@A©Á$à¬Ý±uÌܦҲÂûÃîÀ#$•<CѸX �âX%Øá"eT[
-ÕÙ‘ôÀË`…Çæ#3Y—�‡º»|v…TÇß5RFÜç¼ýs/ìj?ÜÇ<u
½[[çÀØ<›`é	ßû4›Ï²ù	¾‚ñÁ“c¦çíòàãÁj¦EXendstream
-endobj
-593 0 obj<</Type/Page/Parent 458 0 R/Contents 594 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 4 0 R/F4 5 0 R/F8 9 0 R>>/XObject<<>>>>>>endobj
-594 0 obj<</Filter/FlateDecode/Length 1704      >>stream
-x
�WkSÛFýί¸“/!~c’N;!�-„4qš|`Ƴ–ÖX�´ëh%ÚÉï¹wwmcBÌX¶çž{îS_v:ÔƇ»ÔRZшÖÕ5~´i0$ê�ñ½Óëâ{¥i¶ÓòïQ7éQ¿=HŽ6¯��ÕúêX¯ÛtDãu’~¯KC
-†5*ui«[–è[´¼-)t[•Þ¾Š% ‹Ê"‚ªF@
XdU°è+Õm»!Qo™)†_x-ó¢ …®€çpf‹Â.YIWë…C~!Of„¹ò¸ñeÂC!d¨dU’>—ãDà'bU_í^=ó�ÅêÚ¥«gÏù†c+Êýj®ÓϬµÓš›¥B’!Î^:D:_qsB¤ÚÉ°Y¹Çª‰m©=Ôªô±”¡áΖÐ|óñsµ­P4Ë]ïvÏ/_ý)Ãïàu7x¼+þéjÂýrË«„Îf˜4ûœÚY,eâ5�ºF´%8-ˆeë$bgVBœ[Ö
ÜʦÖ_	N SB]qÂpÊd$À¹–g	ý¸\¤1º&MµF7Ø']8d‹Ê‹•yìÙnwm;ÒyÏRˆqÏ�KÌ©r±ê^F/)U•
-_ù¬;%¨½û¨ï4&™ö5ž¤›\Ñ�.s«ï±ÖûMWÚq«;HFXtàCÜk�»”îõ †ûÎêòßç#Üö°Ž
{ŸRØAí¡ ¡‚Äf{–DŒxÜÀâ­bݽ§Šç7šbŽqÎ<Bê1ÒÑ๵Ÿ›…D±Ò)·ÎÐÎÅÔct#J ]x0ÎN¥Ÿ 
â±fÅx™磒?Kƒs÷]¢¡xÜ(9ž8q'5Åí#@߸.ç7—Ÿ†�žß�†ƒ�¤ï’ápÀÉy¢͹bn9ÊX(ýp”®ÏuªPk<JÃùpà™û½ÂnØMw]®Ò–Bm‡×ÖØ­U}Þ‡ÙÌ×õFÑ«kl0w
-:Üé ÒäPóq°Œ
sw
ù¸ÀzúƒDW;¶tFŒOëPùÆšV¦gª)ê-F'š×¬šH{gSØ-óz.nùp!)bzT&ñ”“´Lƒ©¼z3kxnÒ¢á
O‘·°eV†À_.´yë×åÓ¯<„Ñ´
)㣙:�9ijŒS×L˼fzJÚ'¯Â�
-¾s8J†GGx‹î&G]¼Vg»ï_^¿dÁua±'9ú½É3ñ¿ïn¶ý­ªœ*ÙY¾3~Y1ªp,Vÿ°Ÿâ½\Æä°Ï§NÇ;íüKÄÕendstream
-endobj
-595 0 obj<</Type/Page/Parent 458 0 R/Contents 596 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R/Fc 11 0 R>>/XObject<<>>>>>>endobj
-596 0 obj<</Filter/FlateDecode/Length 1545      >>stream
-x
¥WïoÛ6ýž¿â>-î–(þUÛ)Ö
­ÙP;sÃ<´DÛliÑ%¥¸Ù_¿w$å8^< KÓ(‰hݽ»{÷îôõ¤EM|µ¨ß¦N�²õI3iR¯×Áµ;èãÚÆ·•´ÍÖSƒ
5“úb—øÏñƒ/ÛݤEíæ #oS¶—»>~1êR«EéHzƒ>¥¹?oRš5&…¾§Âç¹\ˆJ—ôNÞ©LÒ“K
-*W2ÞùZÉJRúîmBܵ[åä™?Ö^¤ŸOštÞê$m8oxÛÊ‘™—B0¾°fý`NZœ|–YIÛ•n2­$<+ç*éHÐ{Yþj泆–wRÓë×Ôž½@€Ã•	{»]R‘rÈç�nÒe¿Ã•(–òúý@Ã`p(²•*–dtñÁõu±0v-JeŠ`è!wçí~ÒcC¦†æ¨™Òè‘
--ðè_GTEn¶ŽÆéEû·�§
-Ö~¢�wFŠ³C㜚k@3i
-õrÒÞ!°ÒPå$Mo†ü«“ENÂÝÙÊšÂTŽ
ìÕ(ó¹3
-)sïïKa¶ ˆ(T!·LAZ	CHŽÈsT
¨˜��Š!ü¥à.dÄ[àOåG6déÀµ‡Ž³�ù�‰<áBÉÚÁÿÜ’�e%ºÈØre–¦Ú§ÔB˜›Ô
-Ó
-k*C	K&.
-zê8Ÿ>j½ÑrÍÍòTÑÐìJ´³7•kÄ5CGʺ2¶A€¨yõ�f
šŽF7Ã1Í^°�‹Q弟Xãгv¯Oá´î¸ëûWcùí¿<�Ÿë‰Ãjãäá –Ñð¹¦r£ï'YDÏI
-,íc}†)ƒ>›Ê…•nõDྊ`Ë÷ñ¼=HZ—Œ™€ôè9Å	®³  Ä�PZ°ö ÈÉ¢sFh}>- 6�t~ïµV1·1FãŒÀàyÅá?âg
-IŠ!ÍßÇÁCøÜ@fSTëÐþZsA‚6¢•xêaúÉ]SE¦«\^ØMöɃu.Y1ʽ¦¬ƒ§�4×·%’1W«k	…€,¼ü² oüDý·Êî‰,ë&Z“I‡™¹ˆ®ëajåR9L¶Äñ©Æ‡šç(
×É!n­1Ž‚áÓá)ßfé‰S–ù ÓÛÝI¨fBo´>p/­å'Møà ›w(Öe©ÕZ�¿<Žä&]òDn%ÝNtz™ð“çò+òÿ&~€�4òÙa%ôÓ‹1Å;5lEl <N‘tt§„À•°$lN{�zõ�ùƒ)¤u­¬­hå6˜J”9ðÃVÐ�Ð*ßd¹&@+lu·~¬Öb7’`)ÀÇv…aËÓ".?GB‰Ið$v/daÖ@U¡Å2V-Lê0œ�XC.צPXåÎ8™³Æ–ÝL¯ÇéÕôÓx’^�þø4¹I¯'ã[¬|¶ÊÊ*Ì
-Þ	ÒŒjóÄgÆqPÞ3Ú
-{“7ºKȳw #èj	à‘kxõôÁ–Éâ§/.ô±š¥Àñó�Ø=ŒOÕ›¢ß—ŒÍüí.^yuH‡7È!Ž1Œ�“ˆ¼Ÿ5ÊUåü©¸�Ž sbÛÖ[Ì`£^��:/{¾Ë¶RkÎ2˜ÄËÖnÁ:H¦ ÃYâ	ZSçÄÃèkÖqô1h?“×Õì­[¨n*Þ¡V0Nî‘0ý‚JûHžÖÈ�Xb�;x®îƲ€Ln°Ç9rUæµ+Æ7‰ýu�¥ô “ØN¤
Õ‰Âå‹­Ä&�Žxg8€TËÂ^.²ÌV¡èkÚ›ß) É\ØH[™1µ·Îò'.Fƒ¸µúý„÷ŸÞ
-endobj
-597 0 obj<</Type/Page/Parent 458 0 R/Contents 598 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/Fc 11 0 R>>/XObject<<>>>>>>endobj
-598 0 obj<</Filter/FlateDecode/Length 1739      >>stream
-x
¥X]O9}çWøi7HÍ�òAß ,[¤.°iUmV‘3ã$ngì©í�fýžk{2I +Z	‘Œç~œ{ï9×|?ê²þwÙ°ÇN,-Ž:ÉhÄšf‰Öô“>ë÷Î’.ëžöð»lqt9Áù,l~àüÉu‡�³É‚u“³ÓŒ†I0b“Ìë°IÚzüÈü¿ÉJ0+Ì“0°WæRXö,ÝŠqŸ1|Íïïî>Ïnï&7×_f7·×w³«‹ÉÅñäëQ‡µ»f[ÁcÖ™*u•�•i+ÕÊq©DÆ$Œ½4Ôœž'Ñ`¯›Èà8†w³`¦+®–‚)íäB¦ÜI­¾ÊrÁ¤e"DŸnál¾¦W˜"CåØ“äˆèz|?¾EÚß+aÝï(Ba…Ê,N<
-H	;h:¿»Òc»ò"CT…1•xo9!ã.z$ÎXª*æÔB†ùò£‹©¢/òô+xØÏßè¶Ãû‡!ÝlûÍVÓÚħç¼dØ­Kâ|WŠ}¾Gʱ7÷ayl©ø�ªŸIowÿ BA#¼Tc($°…žÕôàƒx»ªŽg¡õÌ５"�«I%TU„�•~3¦¸Cuç•ów”·‚Péld²må¿?›ËXP—¸ÚSæÔÓ•ª—}|óv¦-Ž¥€\ËÌËMHÇ{ljJ
dš¯Âí�xþò}2‡â“IF,Kµ
-”î�qSiìÑq\9_·îIW”x3bä¢n9Ü¡Äh˜=N.°%ö"ñ2±ç5JZdWô¶Š‚S7n¼EÆ*¥°-U	‹}¸`;�ë@

‚
-Œàߘ7åúRA!Hl¢\¬
-šk¶e¿WJï½;%ƒslýC¼‚£cÄ°7Wì6é1uGÆM�ÝìŠËÙð,âoþ’2�Ýß&GýÜq~endstream
-endobj
-599 0 obj<</Type/Page/Parent 458 0 R/Contents 600 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 5 0 R/F8 9 0 R/Fc 11 0 R>>/XObject<<>>>>>>endobj
-600 0 obj<</Filter/FlateDecode/Length 301       >>stream
-x
5�KoÂ0„ïùsª@"Á©Ž âЗšÞr	‰C\‡Ú‰þúnxÈòʲg?ÏìoÀÁhqÈ3�ê°ˆAˆÕ$•TcÚV¡	–y0Ý$ày3hE*‘× =cÈ«QÞ*8ý§ ”ö­²(Fe1á¼Õf�N™½o¡
¾ß¶Ùûj�¦·÷G7!ýî¡¿‚v¯úæQÕÉjç?
CÈgQLFµr•ÕGßÛ	ˆVŒ*‚°+¹.}‰sÙ�”‹†®é¦ºe”r<E,$n‚ô.àÏ,zfsÄ×?¾¯ËVꬺþ¨¬ÃËI×jè¹L#1Ÿ#”¤&;Y[š½Ú®ð„¬ÓÊxdeÕé)Æ�ÁÓd¶†‚J¯{3@™DR¤äš
-endobj
-601 0 obj<</Type/Page/Parent 458 0 R/Contents 602 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 5 0 R/F8 9 0 R/F9 10 0 R>>/XObject<<>>>>>>endobj
-602 0 obj<</Filter/FlateDecode/Length 1265      >>stream
-x
�VßoÛ6~Ï_qÈËÚ-Q,Û±�ypÑf°µ[â®ÍÐ-s“H…¤ìØ¿ïHÉ¿¯ÅâÀ–È#ïîûî;òé$¥>)�û4QV�ô’É„¶_¶ÀK�.{WIJÃÉÏãIrIVÒ¶=/73ýáîÌ ½äù°f;óvÆËàtó7WÔïÑl�XFã	Íò0�‘ìÕ½¨æ‚>ß~¸§[í¥Õ¢t¯g�ðštל†I«^³¡J³’6Z
)M[«þ8±Õl))k¬•ÚSÜ>3¹œ'©6ÎIþ'ÏF¢sU*ÿLÞPƒùš¦vd1"'-±±ðä–°ÊLUÍÞ{tžbdZTÒÕ"nÆÒéßÞ~¼'–…rÞ
-¯Œ&¡s8S6üšÇŠ•(©怀ܳöâ+©ˆ]q†i2ôé¼™Lð‹<©ýcTïßßýñþîñ·éÝô×vüšâ }ÁOÌ>ÞµC�¿ÜÞÏèÏ.	Ä÷mxºVÚQ„åôÈêÖiÝæ÷š¦ïÞÝ}y3›þ|Ì1lìw®IÕ�"Ï-ýC‹§|þAÜØygÑöñš€¿ÒÅÑ€;p¶Køé:P-àóáÁýttqÀ=๻üûÀ¿¸éê÷¼£wh½SrªªKIò«¿¨JA+Qªœvh
-EjšH,ª½+у“­;È è²4k–,š–*…Åq@-ble±Ÿ9üÜŠ]죻R‡™1Ì]w
-°ÈB™{ÒhH ‡½Øq¸>КŠÐÌžK&>n˜ËüÀµ–.+	-BÿÌV¸KÄ”Xxà1¡[>˜+0E&Ã¥(0²Á.ëj™©…ÊvóçãMŒ/Þ3vZZ%ìß áåf�º0TÛØÒ�
�´>Á7ÈÑɯÛýbCxÇrŠÂó"ó2Oè#Ã}dÍ¥ÈÏZfC]g«MÈ‚÷ÙK€¯\/®ZÛÒp(\úØlJ«jhqà=íQ¥tã¥kÛÙd{·L/'ɤ®—Çn¬Ãñ0�p»æV>šðæïg'¿ŸüP¡xendstream
-endobj
-603 0 obj<</Count 14/First 604 0 R/Last 715 0 R>>endobj
-604 0 obj<</Parent 603 0 R/Title(Table of Contents)/Dest[461 0 R/XYZ 0 756 0]/Next 605 0 R>>endobj
-605 0 obj<</Parent 603 0 R/Count -1/First 606 0 R/Last 606 0 R/Title(SAMBA Developers Guide)/Dest[467 0 R/XYZ 0 786 0]/Prev 604 0 R/Next 607 0 R>>endobj
-606 0 obj<</Parent 605 0 R/Title(SAMBA Team)/Dest[467 0 R/XYZ 0 762 0]>>endobj
-607 0 obj<</Parent 603 0 R/Title(Abstract)/Dest[469 0 R/XYZ 0 786 0]/Prev 605 0 R/Next 608 0 R>>endobj
-608 0 obj<</Parent 603 0 R/Count -3/First 609 0 R/Last 611 0 R/Title(Definition of NetBIOS Protocol and Name Resolution Modes)/Dest[475 0 R/XYZ 0 786 0]/Prev 607 0 R/Next 612 0 R>>endobj
-609 0 obj<</Parent 608 0 R/Title(NETBIOS)/Dest[475 0 R/XYZ 0 738 0]/Next 610 0 R>>endobj
-610 0 obj<</Parent 608 0 R/Title(BROADCAST NetBIOS)/Dest[475 0 R/XYZ 0 254 0]/Prev 609 0 R/Next 611 0 R>>endobj
-611 0 obj<</Parent 608 0 R/Title(NBNS NetBIOS)/Dest[477 0 R/XYZ 0 758 0]/Prev 610 0 R>>endobj
-612 0 obj<</Parent 603 0 R/Count -5/First 613 0 R/Last 617 0 R/Title(Samba Architecture)/Dest[479 0 R/XYZ 0 786 0]/Prev 608 0 R/Next 618 0 R>>endobj
-613 0 obj<</Parent 612 0 R/Title(Introduction)/Dest[479 0 R/XYZ 0 762 0]/Next 614 0 R>>endobj
-614 0 obj<</Parent 612 0 R/Title(Multithreading and Samba)/Dest[479 0 R/XYZ 0 581 0]/Prev 613 0 R/Next 615 0 R>>endobj
-615 0 obj<</Parent 612 0 R/Title(Threading smbd)/Dest[479 0 R/XYZ 0 387 0]/Prev 614 0 R/Next 616 0 R>>endobj
-616 0 obj<</Parent 612 0 R/Title(Threading nmbd)/Dest[481 0 R/XYZ 0 786 0]/Prev 615 0 R/Next 617 0 R>>endobj
-617 0 obj<</Parent 612 0 R/Title(nbmd Design)/Dest[481 0 R/XYZ 0 487 0]/Prev 616 0 R>>endobj
-618 0 obj<</Parent 603 0 R/Count -5/First 619 0 R/Last 623 0 R/Title(The samba DEBUG system)/Dest[483 0 R/XYZ 0 786 0]/Prev 612 0 R/Next 627 0 R>>endobj
-619 0 obj<</Parent 618 0 R/Title(New Output Syntax)/Dest[483 0 R/XYZ 0 762 0]/Next 620 0 R>>endobj
-620 0 obj<</Parent 618 0 R/Title(The DEBUG\(\) Macro)/Dest[485 0 R/XYZ 0 771 0]/Prev 619 0 R/Next 621 0 R>>endobj
-621 0 obj<</Parent 618 0 R/Title(The DEBUGADD\(\) Macro)/Dest[487 0 R/XYZ 0 771 0]/Prev 620 0 R/Next 622 0 R>>endobj
-622 0 obj<</Parent 618 0 R/Title(The DEBUGLVL\(\) Macro)/Dest[487 0 R/XYZ 0 546 0]/Prev 621 0 R/Next 623 0 R>>endobj
-623 0 obj<</Parent 618 0 R/Count -3/First 624 0 R/Last 626 0 R/Title(New Functions)/Dest[489 0 R/XYZ 0 786 0]/Prev 622 0 R>>endobj
-624 0 obj<</Parent 623 0 R/Title(dbgtext\(\))/Dest[489 0 R/XYZ 0 766 0]/Next 625 0 R>>endobj
-625 0 obj<</Parent 623 0 R/Title(dbghdr\(\))/Dest[489 0 R/XYZ 0 655 0]/Prev 624 0 R/Next 626 0 R>>endobj
-626 0 obj<</Parent 623 0 R/Title(format_debug_text\(\))/Dest[489 0 R/XYZ 0 543 0]/Prev 625 0 R>>endobj
-627 0 obj<</Parent 603 0 R/Title(Coding Suggestions)/Dest[491 0 R/XYZ 0 786 0]/Prev 618 0 R/Next 628 0 R>>endobj
-628 0 obj<</Parent 603 0 R/Count -5/First 629 0 R/Last 650 0 R/Title(Samba Internals)/Dest[495 0 R/XYZ 0 786 0]/Prev 627 0 R/Next 651 0 R>>endobj
-629 0 obj<</Parent 628 0 R/Title(Character Handling)/Dest[495 0 R/XYZ 0 762 0]/Next 630 0 R>>endobj
-630 0 obj<</Parent 628 0 R/Title(The new functions)/Dest[495 0 R/XYZ 0 621 0]/Prev 629 0 R/Next 631 0 R>>endobj
-631 0 obj<</Parent 628 0 R/Count -15/First 632 0 R/Last 646 0 R/Title(Macros in byteorder.h)/Dest[497 0 R/XYZ 0 758 0]/Prev 630 0 R/Next 647 0 R>>endobj
-632 0 obj<</Parent 631 0 R/Title(CVAL\(buf,pos\))/Dest[497 0 R/XYZ 0 683 0]/Next 633 0 R>>endobj
-633 0 obj<</Parent 631 0 R/Title(PVAL\(buf,pos\))/Dest[497 0 R/XYZ 0 624 0]/Prev 632 0 R/Next 634 0 R>>endobj
-634 0 obj<</Parent 631 0 R/Title(SCVAL\(buf,pos,val\))/Dest[497 0 R/XYZ 0 566 0]/Prev 633 0 R/Next 635 0 R>>endobj
-635 0 obj<</Parent 631 0 R/Title(SVAL\(buf,pos\))/Dest[497 0 R/XYZ 0 507 0]/Prev 634 0 R/Next 636 0 R>>endobj
-636 0 obj<</Parent 631 0 R/Title(IVAL\(buf,pos\))/Dest[497 0 R/XYZ 0 436 0]/Prev 635 0 R/Next 637 0 R>>endobj
-637 0 obj<</Parent 631 0 R/Title(SVALS\(buf,pos\))/Dest[497 0 R/XYZ 0 377 0]/Prev 636 0 R/Next 638 0 R>>endobj
-638 0 obj<</Parent 631 0 R/Title(IVALS\(buf,pos\))/Dest[497 0 R/XYZ 0 319 0]/Prev 637 0 R/Next 639 0 R>>endobj
-639 0 obj<</Parent 631 0 R/Title(SSVAL\(buf,pos,val\))/Dest[497 0 R/XYZ 0 261 0]/Prev 638 0 R/Next 640 0 R>>endobj
-640 0 obj<</Parent 631 0 R/Title(SIVAL\(buf,pos,val\))/Dest[497 0 R/XYZ 0 202 0]/Prev 639 0 R/Next 641 0 R>>endobj
-641 0 obj<</Parent 631 0 R/Title(SSVALS\(buf,pos,val\))/Dest[499 0 R/XYZ 0 786 0]/Prev 640 0 R/Next 642 0 R>>endobj
-642 0 obj<</Parent 631 0 R/Title(SIVALS\(buf,pos,val\))/Dest[499 0 R/XYZ 0 728 0]/Prev 641 0 R/Next 643 0 R>>endobj
-643 0 obj<</Parent 631 0 R/Title(RSVAL\(buf,pos\))/Dest[499 0 R/XYZ 0 669 0]/Prev 642 0 R/Next 644 0 R>>endobj
-644 0 obj<</Parent 631 0 R/Title(RIVAL\(buf,pos\))/Dest[499 0 R/XYZ 0 611 0]/Prev 643 0 R/Next 645 0 R>>endobj
-645 0 obj<</Parent 631 0 R/Title(RSSVAL\(buf,pos,val\))/Dest[499 0 R/XYZ 0 553 0]/Prev 644 0 R/Next 646 0 R>>endobj
-646 0 obj<</Parent 631 0 R/Title(RSIVAL\(buf,pos,val\))/Dest[499 0 R/XYZ 0 481 0]/Prev 645 0 R>>endobj
-647 0 obj<</Parent 628 0 R/Count -2/First 648 0 R/Last 649 0 R/Title(LAN Manager Samba API)/Dest[499 0 R/XYZ 0 423 0]/Prev 631 0 R/Next 650 0 R>>endobj
-648 0 obj<</Parent 647 0 R/Title(Parameters)/Dest[499 0 R/XYZ 0 270 0]/Next 649 0 R>>endobj
-649 0 obj<</Parent 647 0 R/Title(Return value)/Dest[501 0 R/XYZ 0 481 0]/Prev 648 0 R>>endobj
-650 0 obj<</Parent 628 0 R/Title(Code character table)/Dest[503 0 R/XYZ 0 786 0]/Prev 647 0 R>>endobj
-651 0 obj<</Parent 603 0 R/Count -2/First 652 0 R/Last 656 0 R/Title(The smb.conf file)/Dest[505 0 R/XYZ 0 786 0]/Prev 628 0 R/Next 658 0 R>>endobj
-652 0 obj<</Parent 651 0 R/Count -3/First 653 0 R/Last 655 0 R/Title(Lexical Analysis)/Dest[505 0 R/XYZ 0 762 0]/Next 656 0 R>>endobj
-653 0 obj<</Parent 652 0 R/Title(Handling of Whitespace)/Dest[505 0 R/XYZ 0 476 0]/Next 654 0 R>>endobj
-654 0 obj<</Parent 652 0 R/Title(Handling of Line Continuation)/Dest[505 0 R/XYZ 0 312 0]/Prev 653 0 R/Next 655 0 R>>endobj
-655 0 obj<</Parent 652 0 R/Title(Line Continuation Quirks)/Dest[507 0 R/XYZ 0 705 0]/Prev 654 0 R>>endobj
-656 0 obj<</Parent 651 0 R/Count -1/First 657 0 R/Last 657 0 R/Title(Syntax)/Dest[507 0 R/XYZ 0 276 0]/Prev 652 0 R>>endobj
-657 0 obj<</Parent 656 0 R/Title(About params.c)/Dest[509 0 R/XYZ 0 705 0]>>endobj
-658 0 obj<</Parent 603 0 R/Count -9/First 659 0 R/Last 667 0 R/Title(NetBIOS in a Unix World)/Dest[511 0 R/XYZ 0 786 0]/Prev 651 0 R/Next 668 0 R>>endobj
-659 0 obj<</Parent 658 0 R/Title(Introduction)/Dest[511 0 R/XYZ 0 762 0]/Next 660 0 R>>endobj
-660 0 obj<</Parent 658 0 R/Title(Usernames)/Dest[511 0 R/XYZ 0 647 0]/Prev 659 0 R/Next 661 0 R>>endobj
-661 0 obj<</Parent 658 0 R/Title(File Ownership)/Dest[511 0 R/XYZ 0 269 0]/Prev 660 0 R/Next 662 0 R>>endobj
-662 0 obj<</Parent 658 0 R/Title(Passwords)/Dest[513 0 R/XYZ 0 745 0]/Prev 661 0 R/Next 663 0 R>>endobj
-663 0 obj<</Parent 658 0 R/Title(Locking)/Dest[513 0 R/XYZ 0 511 0]/Prev 662 0 R/Next 664 0 R>>endobj
-664 0 obj<</Parent 658 0 R/Title(Deny Modes)/Dest[513 0 R/XYZ 0 198 0]/Prev 663 0 R/Next 665 0 R>>endobj
-665 0 obj<</Parent 658 0 R/Title(Trapdoor UIDs)/Dest[515 0 R/XYZ 0 718 0]/Prev 664 0 R/Next 666 0 R>>endobj
-666 0 obj<</Parent 658 0 R/Title(Port numbers)/Dest[515 0 R/XYZ 0 590 0]/Prev 665 0 R/Next 667 0 R>>endobj
-667 0 obj<</Parent 658 0 R/Title(Protocol Complexity)/Dest[515 0 R/XYZ 0 330 0]/Prev 666 0 R>>endobj
-668 0 obj<</Parent 603 0 R/Title(Tracing samba system calls)/Dest[519 0 R/XYZ 0 786 0]/Prev 658 0 R/Next 669 0 R>>endobj
-669 0 obj<</Parent 603 0 R/Count -8/First 670 0 R/Last 706 0 R/Title(NT Domain RPC's)/Dest[523 0 R/XYZ 0 786 0]/Prev 668 0 R/Next 709 0 R>>endobj
-670 0 obj<</Parent 669 0 R/Count -2/First 671 0 R/Last 672 0 R/Title(Introduction)/Dest[523 0 R/XYZ 0 762 0]/Next 673 0 R>>endobj
-671 0 obj<</Parent 670 0 R/Title(Sources)/Dest[525 0 R/XYZ 0 679 0]/Next 672 0 R>>endobj
-672 0 obj<</Parent 670 0 R/Title(Credits)/Dest[525 0 R/XYZ 0 569 0]/Prev 671 0 R>>endobj
-673 0 obj<</Parent 669 0 R/Count -3/First 674 0 R/Last 676 0 R/Title(Notes and Structures)/Dest[525 0 R/XYZ 0 447 0]/Prev 670 0 R/Next 677 0 R>>endobj
-674 0 obj<</Parent 673 0 R/Title(Notes)/Dest[525 0 R/XYZ 0 426 0]/Next 675 0 R>>endobj
-675 0 obj<</Parent 673 0 R/Title(Enumerations)/Dest[527 0 R/XYZ 0 771 0]/Prev 674 0 R/Next 676 0 R>>endobj
-676 0 obj<</Parent 673 0 R/Title(Structures)/Dest[527 0 R/XYZ 0 288 0]/Prev 675 0 R>>endobj
-677 0 obj<</Parent 669 0 R/Count -12/First 678 0 R/Last 689 0 R/Title(MSRPC over Transact Named Pipe)/Dest[547 0 R/XYZ 0 481 0]/Prev 673 0 R/Next 690 0 R>>endobj
-678 0 obj<</Parent 677 0 R/Title(MSRPC Pipes)/Dest[547 0 R/XYZ 0 419 0]/Next 679 0 R>>endobj
-679 0 obj<</Parent 677 0 R/Title(Header)/Dest[549 0 R/XYZ 0 617 0]/Prev 678 0 R/Next 680 0 R>>endobj
-680 0 obj<</Parent 677 0 R/Title(Tail)/Dest[557 0 R/XYZ 0 571 0]/Prev 679 0 R/Next 681 0 R>>endobj
-681 0 obj<</Parent 677 0 R/Title(RPC Bind / Bind Ack)/Dest[557 0 R/XYZ 0 447 0]/Prev 680 0 R/Next 682 0 R>>endobj
-682 0 obj<</Parent 677 0 R/Title(NTLSA Transact Named Pipe)/Dest[559 0 R/XYZ 0 575 0]/Prev 681 0 R/Next 683 0 R>>endobj
-683 0 obj<</Parent 677 0 R/Title(LSA Open Policy)/Dest[561 0 R/XYZ 0 786 0]/Prev 682 0 R/Next 684 0 R>>endobj
-684 0 obj<</Parent 677 0 R/Title(LSA Query Info Policy)/Dest[561 0 R/XYZ 0 486 0]/Prev 683 0 R/Next 685 0 R>>endobj
-685 0 obj<</Parent 677 0 R/Title(LSA Enumerate Trusted Domains)/Dest[563 0 R/XYZ 0 786 0]/Prev 684 0 R/Next 686 0 R>>endobj
-686 0 obj<</Parent 677 0 R/Title(LSA Open Secret)/Dest[563 0 R/XYZ 0 554 0]/Prev 685 0 R/Next 687 0 R>>endobj
-687 0 obj<</Parent 677 0 R/Title(LSA Close)/Dest[563 0 R/XYZ 0 269 0]/Prev 686 0 R/Next 688 0 R>>endobj
-688 0 obj<</Parent 677 0 R/Title(LSA Lookup SIDS)/Dest[565 0 R/XYZ 0 692 0]/Prev 687 0 R/Next 689 0 R>>endobj
-689 0 obj<</Parent 677 0 R/Title(LSA Lookup Names)/Dest[565 0 R/XYZ 0 207 0]/Prev 688 0 R>>endobj
-690 0 obj<</Parent 669 0 R/Count -5/First 691 0 R/Last 695 0 R/Title(NETLOGON rpc Transact Named Pipe)/Dest[567 0 R/XYZ 0 333 0]/Prev 677 0 R/Next 696 0 R>>endobj
-691 0 obj<</Parent 690 0 R/Title(LSA Request Challenge)/Dest[569 0 R/XYZ 0 586 0]/Next 692 0 R>>endobj
-692 0 obj<</Parent 690 0 R/Title(LSA Authenticate 2)/Dest[569 0 R/XYZ 0 194 0]/Prev 691 0 R/Next 693 0 R>>endobj
-693 0 obj<</Parent 690 0 R/Title(LSA Server Password Set)/Dest[571 0 R/XYZ 0 477 0]/Prev 692 0 R/Next 694 0 R>>endobj
-694 0 obj<</Parent 690 0 R/Title(LSA SAM Logon)/Dest[573 0 R/XYZ 0 786 0]/Prev 693 0 R/Next 695 0 R>>endobj
-695 0 obj<</Parent 690 0 R/Title(LSA SAM Logoff)/Dest[573 0 R/XYZ 0 344 0]/Prev 694 0 R>>endobj
-696 0 obj<</Parent 669 0 R/Count -2/First 697 0 R/Last 698 0 R/Title(\\\\MAILSLOT\\NET\\NTLOGON)/Dest[575 0 R/XYZ 0 758 0]/Prev 690 0 R/Next 699 0 R>>endobj
-697 0 obj<</Parent 696 0 R/Title(Query for PDC)/Dest[575 0 R/XYZ 0 683 0]/Next 698 0 R>>endobj
-698 0 obj<</Parent 696 0 R/Title(SAM Logon)/Dest[577 0 R/XYZ 0 786 0]/Prev 697 0 R>>endobj
-699 0 obj<</Parent 669 0 R/Count -2/First 700 0 R/Last 701 0 R/Title(SRVSVC Transact Named Pipe)/Dest[579 0 R/XYZ 0 758 0]/Prev 696 0 R/Next 702 0 R>>endobj
-700 0 obj<</Parent 699 0 R/Title(Net Share Enum)/Dest[579 0 R/XYZ 0 630 0]/Next 701 0 R>>endobj
-701 0 obj<</Parent 699 0 R/Title(Net Server Get Info)/Dest[581 0 R/XYZ 0 786 0]/Prev 700 0 R>>endobj
-702 0 obj<</Parent 669 0 R/Count -3/First 703 0 R/Last 705 0 R/Title(Cryptographic side of NT Domain Authentication)/Dest[581 0 R/XYZ 0 486 0]/Prev 699 0 R/Next 706 0 R>>endobj
-703 0 obj<</Parent 702 0 R/Title(Definitions)/Dest[581 0 R/XYZ 0 466 0]/Next 704 0 R>>endobj
-704 0 obj<</Parent 702 0 R/Title(Protocol)/Dest[583 0 R/XYZ 0 786 0]/Prev 703 0 R/Next 705 0 R>>endobj
-705 0 obj<</Parent 702 0 R/Title(Comments)/Dest[583 0 R/XYZ 0 437 0]/Prev 704 0 R>>endobj
-706 0 obj<</Parent 669 0 R/Count -2/First 707 0 R/Last 708 0 R/Title(SIDs and RIDs)/Dest[583 0 R/XYZ 0 181 0]/Prev 702 0 R>>endobj
-707 0 obj<</Parent 706 0 R/Title(Well-known SIDs)/Dest[585 0 R/XYZ 0 686 0]/Next 708 0 R>>endobj
-708 0 obj<</Parent 706 0 R/Title(Well-known RIDS)/Dest[587 0 R/XYZ 0 718 0]/Prev 707 0 R>>endobj
-709 0 obj<</Parent 603 0 R/Count -5/First 710 0 R/Last 714 0 R/Title(Samba Printing Internals)/Dest[591 0 R/XYZ 0 786 0]/Prev 669 0 R/Next 715 0 R>>endobj
-710 0 obj<</Parent 709 0 R/Title(Abstract)/Dest[591 0 R/XYZ 0 762 0]/Next 711 0 R>>endobj
-711 0 obj<</Parent 709 0 R/Title(Printing Interface to Various Back ends)/Dest[591 0 R/XYZ 0 674 0]/Prev 710 0 R/Next 712 0 R>>endobj
-712 0 obj<</Parent 709 0 R/Title(Print Queue TDB's)/Dest[591 0 R/XYZ 0 414 0]/Prev 711 0 R/Next 713 0 R>>endobj
-713 0 obj<</Parent 709 0 R/Title(ChangeID & Client Caching of Printer Information)/Dest[595 0 R/XYZ 0 745 0]/Prev 712 0 R/Next 714 0 R>>endobj
-714 0 obj<</Parent 709 0 R/Title(Windows NT/2K Printer Change Notify)/Dest[595 0 R/XYZ 0 683 0]/Prev 713 0 R>>endobj
-715 0 obj<</Parent 603 0 R/Count -1/First 716 0 R/Last 716 0 R/Title(Samba WINS Internals)/Dest[601 0 R/XYZ 0 786 0]/Prev 709 0 R>>endobj
-716 0 obj<</Parent 715 0 R/Title(WINS Failover)/Dest[601 0 R/XYZ 0 762 0]>>endobj
-717 0 obj<</Type/Catalog/Pages 458 0 R/PageLayout/SinglePage/Outlines 603 0 R/OpenAction[467 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>4<</S/D/St 1/P()>>5<</S/D/St 2/P()>>8<</S/D/St 5/P()>>10<</S/D/St 7/P()>>12<</S/D/St 9/P()>>16<</S/D/St 13/P()>>18<</S/D/St 15/P()>>23<</S/D/St 20/P()>>26<</S/D/St 23/P()>>30<</S/D/St 27/P()>>32<</S/D/St 29/P()>>66<</S/D/St 63/P()>>71<</S/D/St 68/P()>>]>>>>endobj
-xref
-0 718 
-0000000000 65535 f 
-0000000015 00000 n 
-0000000245 00000 n 
-0000001811 00000 n 
-0000001885 00000 n 
-0000001967 00000 n 
-0000002045 00000 n 
-0000002122 00000 n 
-0000002201 00000 n 
-0000002284 00000 n 
-0000002360 00000 n 
-0000002442 00000 n 
-0000002501 00000 n 
-0000002602 00000 n 
-0000002704 00000 n 
-0000002805 00000 n 
-0000002906 00000 n 
-0000003008 00000 n 
-0000003110 00000 n 
-0000003212 00000 n 
-0000003313 00000 n 
-0000003415 00000 n 
-0000003517 00000 n 
-0000003619 00000 n 
-0000003721 00000 n 
-0000003823 00000 n 
-0000003924 00000 n 
-0000004026 00000 n 
-0000004128 00000 n 
-0000004230 00000 n 
-0000004332 00000 n 
-0000004434 00000 n 
-0000004536 00000 n 
-0000004638 00000 n 
-0000004740 00000 n 
-0000004841 00000 n 
-0000004942 00000 n 
-0000005044 00000 n 
-0000005146 00000 n 
-0000005248 00000 n 
-0000005350 00000 n 
-0000005452 00000 n 
-0000005554 00000 n 
-0000005656 00000 n 
-0000005758 00000 n 
-0000005860 00000 n 
-0000005962 00000 n 
-0000006064 00000 n 
-0000006166 00000 n 
-0000006268 00000 n 
-0000006370 00000 n 
-0000006472 00000 n 
-0000006573 00000 n 
-0000006673 00000 n 
-0000006773 00000 n 
-0000007083 00000 n 
-0000007184 00000 n 
-0000007286 00000 n 
-0000007388 00000 n 
-0000007490 00000 n 
-0000007592 00000 n 
-0000007693 00000 n 
-0000007795 00000 n 
-0000007897 00000 n 
-0000007999 00000 n 
-0000008101 00000 n 
-0000008203 00000 n 
-0000008305 00000 n 
-0000008406 00000 n 
-0000008508 00000 n 
-0000008610 00000 n 
-0000008712 00000 n 
-0000008814 00000 n 
-0000008916 00000 n 
-0000009018 00000 n 
-0000009120 00000 n 
-0000009222 00000 n 
-0000009324 00000 n 
-0000009425 00000 n 
-0000009526 00000 n 
-0000009628 00000 n 
-0000009730 00000 n 
-0000009832 00000 n 
-0000009934 00000 n 
-0000010036 00000 n 
-0000010138 00000 n 
-0000010240 00000 n 
-0000010342 00000 n 
-0000010444 00000 n 
-0000010546 00000 n 
-0000010648 00000 n 
-0000010750 00000 n 
-0000010852 00000 n 
-0000010954 00000 n 
-0000011056 00000 n 
-0000011158 00000 n 
-0000011260 00000 n 
-0000011361 00000 n 
-0000011461 00000 n 
-0000011561 00000 n 
-0000011885 00000 n 
-0000011987 00000 n 
-0000012090 00000 n 
-0000012193 00000 n 
-0000012296 00000 n 
-0000012399 00000 n 
-0000012502 00000 n 
-0000012605 00000 n 
-0000012708 00000 n 
-0000012811 00000 n 
-0000012914 00000 n 
-0000013017 00000 n 
-0000013120 00000 n 
-0000013223 00000 n 
-0000013326 00000 n 
-0000013429 00000 n 
-0000013532 00000 n 
-0000013635 00000 n 
-0000013738 00000 n 
-0000013841 00000 n 
-0000013944 00000 n 
-0000014046 00000 n 
-0000014149 00000 n 
-0000014252 00000 n 
-0000014355 00000 n 
-0000014458 00000 n 
-0000014561 00000 n 
-0000014663 00000 n 
-0000014766 00000 n 
-0000015007 00000 n 
-0000015062 00000 n 
-0000015149 00000 n 
-0000015204 00000 n 
-0000015291 00000 n 
-0000015358 00000 n 
-0000015444 00000 n 
-0000015546 00000 n 
-0000015649 00000 n 
-0000015752 00000 n 
-0000015855 00000 n 
-0000015957 00000 n 
-0000016060 00000 n 
-0000016163 00000 n 
-0000016266 00000 n 
-0000016369 00000 n 
-0000016472 00000 n 
-0000016574 00000 n 
-0000016677 00000 n 
-0000016780 00000 n 
-0000016883 00000 n 
-0000016986 00000 n 
-0000017089 00000 n 
-0000017192 00000 n 
-0000017295 00000 n 
-0000017398 00000 n 
-0000017500 00000 n 
-0000017602 00000 n 
-0000017705 00000 n 
-0000017808 00000 n 
-0000017911 00000 n 
-0000018014 00000 n 
-0000018117 00000 n 
-0000018220 00000 n 
-0000018323 00000 n 
-0000018426 00000 n 
-0000018529 00000 n 
-0000018632 00000 n 
-0000018735 00000 n 
-0000018838 00000 n 
-0000018940 00000 n 
-0000019041 00000 n 
-0000019142 00000 n 
-0000019471 00000 n 
-0000019574 00000 n 
-0000019677 00000 n 
-0000019780 00000 n 
-0000019883 00000 n 
-0000019986 00000 n 
-0000020089 00000 n 
-0000020192 00000 n 
-0000020294 00000 n 
-0000020397 00000 n 
-0000020500 00000 n 
-0000020603 00000 n 
-0000020706 00000 n 
-0000020809 00000 n 
-0000020912 00000 n 
-0000021014 00000 n 
-0000021117 00000 n 
-0000021220 00000 n 
-0000021323 00000 n 
-0000021426 00000 n 
-0000021529 00000 n 
-0000021632 00000 n 
-0000021735 00000 n 
-0000021838 00000 n 
-0000021941 00000 n 
-0000022043 00000 n 
-0000022145 00000 n 
-0000022248 00000 n 
-0000022351 00000 n 
-0000022454 00000 n 
-0000022557 00000 n 
-0000022660 00000 n 
-0000022763 00000 n 
-0000022866 00000 n 
-0000022969 00000 n 
-0000023072 00000 n 
-0000023175 00000 n 
-0000023278 00000 n 
-0000023381 00000 n 
-0000023484 00000 n 
-0000023587 00000 n 
-0000023690 00000 n 
-0000023793 00000 n 
-0000023896 00000 n 
-0000023999 00000 n 
-0000024102 00000 n 
-0000024205 00000 n 
-0000024308 00000 n 
-0000024411 00000 n 
-0000024513 00000 n 
-0000024614 00000 n 
-0000024715 00000 n 
-0000025140 00000 n 
-0000025243 00000 n 
-0000025346 00000 n 
-0000025449 00000 n 
-0000025552 00000 n 
-0000025655 00000 n 
-0000025758 00000 n 
-0000025861 00000 n 
-0000025964 00000 n 
-0000026067 00000 n 
-0000026170 00000 n 
-0000026273 00000 n 
-0000026376 00000 n 
-0000026479 00000 n 
-0000026582 00000 n 
-0000026684 00000 n 
-0000026787 00000 n 
-0000026890 00000 n 
-0000026993 00000 n 
-0000027096 00000 n 
-0000027199 00000 n 
-0000027301 00000 n 
-0000027404 00000 n 
-0000027597 00000 n 
-0000027681 00000 n 
-0000027767 00000 n 
-0000027841 00000 n 
-0000027927 00000 n 
-0000027960 00000 n 
-0000028038 00000 n 
-0000028125 00000 n 
-0000028231 00000 n 
-0000028317 00000 n 
-0000028389 00000 n 
-0000028475 00000 n 
-0000028534 00000 n 
-0000028621 00000 n 
-0000028712 00000 n 
-0000028798 00000 n 
-0000028869 00000 n 
-0000028955 00000 n 
-0000029020 00000 n 
-0000029054 00000 n 
-0000029088 00000 n 
-0000032144 00000 n 
-0000032187 00000 n 
-0000032230 00000 n 
-0000032273 00000 n 
-0000032316 00000 n 
-0000032359 00000 n 
-0000032402 00000 n 
-0000032445 00000 n 
-0000032488 00000 n 
-0000032531 00000 n 
-0000032574 00000 n 
-0000032617 00000 n 
-0000032660 00000 n 
-0000032703 00000 n 
-0000032746 00000 n 
-0000032789 00000 n 
-0000032832 00000 n 
-0000032875 00000 n 
-0000032918 00000 n 
-0000032961 00000 n 
-0000033004 00000 n 
-0000033047 00000 n 
-0000033090 00000 n 
-0000033133 00000 n 
-0000033176 00000 n 
-0000033219 00000 n 
-0000033262 00000 n 
-0000033305 00000 n 
-0000033348 00000 n 
-0000033391 00000 n 
-0000033434 00000 n 
-0000033477 00000 n 
-0000033520 00000 n 
-0000033563 00000 n 
-0000033606 00000 n 
-0000033649 00000 n 
-0000033692 00000 n 
-0000033735 00000 n 
-0000033778 00000 n 
-0000033821 00000 n 
-0000033864 00000 n 
-0000033907 00000 n 
-0000033950 00000 n 
-0000033993 00000 n 
-0000034036 00000 n 
-0000034079 00000 n 
-0000034122 00000 n 
-0000034165 00000 n 
-0000034208 00000 n 
-0000034251 00000 n 
-0000034294 00000 n 
-0000034337 00000 n 
-0000034380 00000 n 
-0000034423 00000 n 
-0000034466 00000 n 
-0000034509 00000 n 
-0000034552 00000 n 
-0000034595 00000 n 
-0000034638 00000 n 
-0000034681 00000 n 
-0000034724 00000 n 
-0000034767 00000 n 
-0000034810 00000 n 
-0000034853 00000 n 
-0000034896 00000 n 
-0000034939 00000 n 
-0000034982 00000 n 
-0000035025 00000 n 
-0000035068 00000 n 
-0000035111 00000 n 
-0000035154 00000 n 
-0000035197 00000 n 
-0000035240 00000 n 
-0000035283 00000 n 
-0000035326 00000 n 
-0000035369 00000 n 
-0000035412 00000 n 
-0000035455 00000 n 
-0000035498 00000 n 
-0000035541 00000 n 
-0000035584 00000 n 
-0000035627 00000 n 
-0000035670 00000 n 
-0000035713 00000 n 
-0000035756 00000 n 
-0000035799 00000 n 
-0000035842 00000 n 
-0000035885 00000 n 
-0000035928 00000 n 
-0000035971 00000 n 
-0000036014 00000 n 
-0000036057 00000 n 
-0000036100 00000 n 
-0000036143 00000 n 
-0000036186 00000 n 
-0000036229 00000 n 
-0000036272 00000 n 
-0000036315 00000 n 
-0000036358 00000 n 
-0000036401 00000 n 
-0000036444 00000 n 
-0000036487 00000 n 
-0000036530 00000 n 
-0000036573 00000 n 
-0000036616 00000 n 
-0000036659 00000 n 
-0000036702 00000 n 
-0000036745 00000 n 
-0000036788 00000 n 
-0000036831 00000 n 
-0000036874 00000 n 
-0000036917 00000 n 
-0000036960 00000 n 
-0000037003 00000 n 
-0000037046 00000 n 
-0000037089 00000 n 
-0000037132 00000 n 
-0000037175 00000 n 
-0000037218 00000 n 
-0000037261 00000 n 
-0000037304 00000 n 
-0000037347 00000 n 
-0000037390 00000 n 
-0000037433 00000 n 
-0000037476 00000 n 
-0000037519 00000 n 
-0000037562 00000 n 
-0000037605 00000 n 
-0000037648 00000 n 
-0000037691 00000 n 
-0000037734 00000 n 
-0000037777 00000 n 
-0000037820 00000 n 
-0000037863 00000 n 
-0000037906 00000 n 
-0000037949 00000 n 
-0000037992 00000 n 
-0000038035 00000 n 
-0000038078 00000 n 
-0000038121 00000 n 
-0000038164 00000 n 
-0000038207 00000 n 
-0000038250 00000 n 
-0000038293 00000 n 
-0000038336 00000 n 
-0000038379 00000 n 
-0000038422 00000 n 
-0000038465 00000 n 
-0000038508 00000 n 
-0000038551 00000 n 
-0000038594 00000 n 
-0000038637 00000 n 
-0000038680 00000 n 
-0000038723 00000 n 
-0000038766 00000 n 
-0000038809 00000 n 
-0000038852 00000 n 
-0000038895 00000 n 
-0000038938 00000 n 
-0000038981 00000 n 
-0000039024 00000 n 
-0000039067 00000 n 
-0000039110 00000 n 
-0000039153 00000 n 
-0000039196 00000 n 
-0000039239 00000 n 
-0000039282 00000 n 
-0000039325 00000 n 
-0000039368 00000 n 
-0000039411 00000 n 
-0000039454 00000 n 
-0000039497 00000 n 
-0000039540 00000 n 
-0000039583 00000 n 
-0000039626 00000 n 
-0000039669 00000 n 
-0000039712 00000 n 
-0000039755 00000 n 
-0000039798 00000 n 
-0000039841 00000 n 
-0000039884 00000 n 
-0000039927 00000 n 
-0000039970 00000 n 
-0000040013 00000 n 
-0000040056 00000 n 
-0000040099 00000 n 
-0000040142 00000 n 
-0000040185 00000 n 
-0000040228 00000 n 
-0000040271 00000 n 
-0000040314 00000 n 
-0000040937 00000 n 
-0000041094 00000 n 
-0000041261 00000 n 
-0000041450 00000 n 
-0000043586 00000 n 
-0000043775 00000 n 
-0000046396 00000 n 
-0000046586 00000 n 
-0000048680 00000 n 
-0000048837 00000 n 
-0000049066 00000 n 
-0000049265 00000 n 
-0000050972 00000 n 
-0000051143 00000 n 
-0000053074 00000 n 
-0000053245 00000 n 
-0000054413 00000 n 
-0000054579 00000 n 
-0000056209 00000 n 
-0000056375 00000 n 
-0000057912 00000 n 
-0000058078 00000 n 
-0000059795 00000 n 
-0000059961 00000 n 
-0000061691 00000 n 
-0000061866 00000 n 
-0000063161 00000 n 
-0000063336 00000 n 
-0000064628 00000 n 
-0000064803 00000 n 
-0000066141 00000 n 
-0000066307 00000 n 
-0000067204 00000 n 
-0000067394 00000 n 
-0000069350 00000 n 
-0000069506 00000 n 
-0000071282 00000 n 
-0000071448 00000 n 
-0000073411 00000 n 
-0000073577 00000 n 
-0000074290 00000 n 
-0000074465 00000 n 
-0000075494 00000 n 
-0000075660 00000 n 
-0000077302 00000 n 
-0000077468 00000 n 
-0000078088 00000 n 
-0000078263 00000 n 
-0000079623 00000 n 
-0000079798 00000 n 
-0000080946 00000 n 
-0000081112 00000 n 
-0000081748 00000 n 
-0000081914 00000 n 
-0000083679 00000 n 
-0000083845 00000 n 
-0000085713 00000 n 
-0000085879 00000 n 
-0000087838 00000 n 
-0000087994 00000 n 
-0000088775 00000 n 
-0000088959 00000 n 
-0000090608 00000 n 
-0000090773 00000 n 
-0000091688 00000 n 
-0000091887 00000 n 
-0000093603 00000 n 
-0000093778 00000 n 
-0000095587 00000 n 
-0000095762 00000 n 
-0000096351 00000 n 
-0000096526 00000 n 
-0000097276 00000 n 
-0000097451 00000 n 
-0000098185 00000 n 
-0000098360 00000 n 
-0000099182 00000 n 
-0000099357 00000 n 
-0000100172 00000 n 
-0000100356 00000 n 
-0000101216 00000 n 
-0000101391 00000 n 
-0000102139 00000 n 
-0000102304 00000 n 
-0000102924 00000 n 
-0000103108 00000 n 
-0000103861 00000 n 
-0000104036 00000 n 
-0000104989 00000 n 
-0000105173 00000 n 
-0000106503 00000 n 
-0000106687 00000 n 
-0000107731 00000 n 
-0000107896 00000 n 
-0000108471 00000 n 
-0000108655 00000 n 
-0000109706 00000 n 
-0000109881 00000 n 
-0000110759 00000 n 
-0000110934 00000 n 
-0000112013 00000 n 
-0000112197 00000 n 
-0000113038 00000 n 
-0000113222 00000 n 
-0000113987 00000 n 
-0000114162 00000 n 
-0000114693 00000 n 
-0000114868 00000 n 
-0000115544 00000 n 
-0000115728 00000 n 
-0000116644 00000 n 
-0000116819 00000 n 
-0000117769 00000 n 
-0000117944 00000 n 
-0000118871 00000 n 
-0000119055 00000 n 
-0000119941 00000 n 
-0000120116 00000 n 
-0000120879 00000 n 
-0000121054 00000 n 
-0000121721 00000 n 
-0000121896 00000 n 
-0000122712 00000 n 
-0000122887 00000 n 
-0000123856 00000 n 
-0000124022 00000 n 
-0000125444 00000 n 
-0000125628 00000 n 
-0000126348 00000 n 
-0000126532 00000 n 
-0000127144 00000 n 
-0000127309 00000 n 
-0000127703 00000 n 
-0000127888 00000 n 
-0000129435 00000 n 
-0000129609 00000 n 
-0000131387 00000 n 
-0000131572 00000 n 
-0000133191 00000 n 
-0000133366 00000 n 
-0000135179 00000 n 
-0000135345 00000 n 
-0000135720 00000 n 
-0000135895 00000 n 
-0000137234 00000 n 
-0000137290 00000 n 
-0000137389 00000 n 
-0000137542 00000 n 
-0000137621 00000 n 
-0000137724 00000 n 
-0000137911 00000 n 
-0000138000 00000 n 
-0000138112 00000 n 
-0000138206 00000 n 
-0000138355 00000 n 
-0000138449 00000 n 
-0000138568 00000 n 
-0000138677 00000 n 
-0000138786 00000 n 
-0000138879 00000 n 
-0000139032 00000 n 
-0000139131 00000 n 
-0000139245 00000 n 
-0000139362 00000 n 
-0000139479 00000 n 
-0000139610 00000 n 
-0000139703 00000 n 
-0000139808 00000 n 
-0000139911 00000 n 
-0000140024 00000 n 
-0000140170 00000 n 
-0000140270 00000 n 
-0000140382 00000 n 
-0000140535 00000 n 
-0000140632 00000 n 
-0000140742 00000 n 
-0000140857 00000 n 
-0000140967 00000 n 
-0000141077 00000 n 
-0000141188 00000 n 
-0000141299 00000 n 
-0000141414 00000 n 
-0000141529 00000 n 
-0000141645 00000 n 
-0000141761 00000 n 
-0000141872 00000 n 
-0000141983 00000 n 
-0000142099 00000 n 
-0000142202 00000 n 
-0000142354 00000 n 
-0000142446 00000 n 
-0000142540 00000 n 
-0000142642 00000 n 
-0000142790 00000 n 
-0000142924 00000 n 
-0000143028 00000 n 
-0000143152 00000 n 
-0000143258 00000 n 
-0000143382 00000 n 
-0000143465 00000 n 
-0000143619 00000 n 
-0000143713 00000 n 
-0000143817 00000 n 
-0000143926 00000 n 
-0000144030 00000 n 
-0000144132 00000 n 
-0000144237 00000 n 
-0000144345 00000 n 
-0000144452 00000 n 
-0000144553 00000 n 
-0000144674 00000 n 
-0000144820 00000 n 
-0000144950 00000 n 
-0000145039 00000 n 
-0000145128 00000 n 
-0000145279 00000 n 
-0000145366 00000 n 
-0000145473 00000 n 
-0000145565 00000 n 
-0000145727 00000 n 
-0000145820 00000 n 
-0000145921 00000 n 
-0000146020 00000 n 
-0000146134 00000 n 
-0000146254 00000 n 
-0000146364 00000 n 
-0000146480 00000 n 
-0000146604 00000 n 
-0000146714 00000 n 
-0000146818 00000 n 
-0000146928 00000 n 
-0000147026 00000 n 
-0000147189 00000 n 
-0000147292 00000 n 
-0000147405 00000 n 
-0000147523 00000 n 
-0000147631 00000 n 
-0000147727 00000 n 
-0000147884 00000 n 
-0000147979 00000 n 
-0000148070 00000 n 
-0000148227 00000 n 
-0000148323 00000 n 
-0000148424 00000 n 
-0000148601 00000 n 
-0000148694 00000 n 
-0000148797 00000 n 
-0000148887 00000 n 
-0000149018 00000 n 
-0000149115 00000 n 
-0000149212 00000 n 
-0000149367 00000 n 
-0000149457 00000 n 
-0000149591 00000 n 
-0000149703 00000 n 
-0000149846 00000 n 
-0000149963 00000 n 
-0000150101 00000 n 
-0000150183 00000 n 
-trailer
-<</Size 718/Root 717 0 R/Info 1 0 R/ID[<ee2e3d1648e40c359fbf8e3964570ce3><ee2e3d1648e40c359fbf8e3964570ce3>]>>
-startxref
-150623
-%%EOF
diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf
index 874badf995b..92ab4c71d32 100644
--- a/docs/Samba-HOWTO-Collection.pdf
+++ b/docs/Samba-HOWTO-Collection.pdf
@@ -1,6 +1,6 @@
-%PDF-1.3
+%PDF-1.2
 %âãÏÓ
-1 0 obj<</Producer(htmldoc 1.8.22 Copyright 1997-2002 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020930160555+0500)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.76b+)>>endobj
+1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020829040213Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj
 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj
 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj
 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj
@@ -9,713 +9,549 @@
 7 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Roman/Encoding 2 0 R>>endobj
 8 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Bold/Encoding 2 0 R>>endobj
 9 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-Italic/Encoding 2 0 R>>endobj
-10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Times-BoldItalic/Encoding 2 0 R>>endobj
-11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
-12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
-13 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
-14 0 obj<</Subtype/Link/Rect[72.0 684.0 223.5 697.0]/Border[0 0 0]/Dest[1083 0 R/XYZ 0 734 0]>>endobj
-15 0 obj<</Subtype/Link/Rect[108.0 670.8 174.9 683.8]/Border[0 0 0]/Dest[1083 0 R/XYZ 0 696 0]>>endobj
-16 0 obj<</Subtype/Link/Rect[72.0 644.4 112.9 657.4]/Border[0 0 0]/Dest[1083 0 R/XYZ 0 734 0]>>endobj
-17 0 obj<</Subtype/Link/Rect[72.0 618.0 224.5 631.0]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 734 0]>>endobj
-18 0 obj<</Subtype/Link/Rect[108.0 604.8 229.9 617.8]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 696 0]>>endobj
-19 0 obj<</Subtype/Link/Rect[108.0 591.6 235.7 604.6]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 568 0]>>endobj
-20 0 obj<</Subtype/Link/Rect[108.0 578.4 238.5 591.4]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 163 0]>>endobj
-21 0 obj<</Subtype/Link/Rect[108.0 565.2 289.8 578.2]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 734 0]>>endobj
-22 0 obj<</Subtype/Link/Rect[108.0 552.0 294.7 565.0]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 382 0]>>endobj
-23 0 obj<</Subtype/Link/Rect[108.0 538.8 265.7 551.8]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 280 0]>>endobj
-24 0 obj<</Subtype/Link/Rect[126.0 525.6 270.5 538.6]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 126 0]>>endobj
-25 0 obj<</Subtype/Link/Rect[126.0 512.4 319.1 525.4]/Border[0 0 0]/Dest[1099 0 R/XYZ 0 300 0]>>endobj
-26 0 obj<</Subtype/Link/Rect[108.0 499.2 342.9 512.2]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 718 0]>>endobj
-27 0 obj<</Subtype/Link/Rect[108.0 486.0 296.5 499.0]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 551 0]>>endobj
-28 0 obj<</Subtype/Link/Rect[108.0 472.8 492.3 485.8]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 383 0]>>endobj
-29 0 obj<</Subtype/Link/Rect[108.0 459.6 234.6 472.6]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 169 0]>>endobj
-30 0 obj<</Subtype/Link/Rect[126.0 446.4 221.0 459.4]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 652 0]>>endobj
-31 0 obj<</Subtype/Link/Rect[126.0 433.2 171.5 446.2]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 594 0]>>endobj
-32 0 obj<</Subtype/Link/Rect[126.0 420.0 252.2 433.0]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 509 0]>>endobj
-33 0 obj<</Subtype/Link/Rect[126.0 406.8 280.6 419.8]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 200 0]>>endobj
-34 0 obj<</Subtype/Link/Rect[126.0 393.6 162.7 406.6]/Border[0 0 0]/Dest[1105 0 R/XYZ 0 718 0]>>endobj
-35 0 obj<</Subtype/Link/Rect[126.0 380.4 217.3 393.4]/Border[0 0 0]/Dest[1105 0 R/XYZ 0 264 0]>>endobj
-36 0 obj<</Subtype/Link/Rect[72.0 354.0 214.7 367.0]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 734 0]>>endobj
-37 0 obj<</Subtype/Link/Rect[108.0 340.8 162.4 353.8]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 696 0]>>endobj
-38 0 obj<</Subtype/Link/Rect[108.0 327.6 165.5 340.6]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 529 0]>>endobj
-39 0 obj<</Subtype/Link/Rect[108.0 314.4 131.2 327.4]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 170 0]>>endobj
-40 0 obj<</Subtype/Link/Rect[126.0 301.2 153.2 314.2]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 136 0]>>endobj
-41 0 obj<</Subtype/Link/Rect[126.0 288.0 153.2 301.0]/Border[0 0 0]/Dest[1109 0 R/XYZ 0 705 0]>>endobj
-42 0 obj<</Subtype/Link/Rect[126.0 274.8 153.2 287.8]/Border[0 0 0]/Dest[1109 0 R/XYZ 0 501 0]>>endobj
-43 0 obj<</Subtype/Link/Rect[126.0 261.6 153.2 274.6]/Border[0 0 0]/Dest[1111 0 R/XYZ 0 573 0]>>endobj
-44 0 obj<</Subtype/Link/Rect[126.0 248.4 153.2 261.4]/Border[0 0 0]/Dest[1111 0 R/XYZ 0 422 0]>>endobj
-45 0 obj<</Subtype/Link/Rect[126.0 235.2 153.2 248.2]/Border[0 0 0]/Dest[1111 0 R/XYZ 0 298 0]>>endobj
-46 0 obj<</Subtype/Link/Rect[126.0 222.0 153.2 235.0]/Border[0 0 0]/Dest[1113 0 R/XYZ 0 705 0]>>endobj
-47 0 obj<</Subtype/Link/Rect[126.0 208.8 153.2 221.8]/Border[0 0 0]/Dest[1113 0 R/XYZ 0 343 0]>>endobj
-48 0 obj<</Subtype/Link/Rect[126.0 195.6 153.2 208.6]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 679 0]>>endobj
-49 0 obj<</Subtype/Link/Rect[126.0 182.4 158.7 195.4]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 528 0]>>endobj
-50 0 obj<</Subtype/Link/Rect[126.0 169.2 158.7 182.2]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 390 0]>>endobj
-51 0 obj<</Subtype/Link/Rect[108.0 156.0 202.1 169.0]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 253 0]>>endobj
-52 0 obj<</Subtype/Link/Rect[72.0 129.6 296.0 142.6]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 734 0]>>endobj
-53 0 obj<</Subtype/Link/Rect[108.0 116.4 142.2 129.4]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 696 0]>>endobj
-54 0 obj<</Subtype/Link/Rect[108.0 103.2 308.4 116.2]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 463 0]>>endobj
-55 0 obj<</Subtype/Link/Rect[126.0 90.0 167.6 103.0]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 335 0]>>endobj
-56 0 obj<</Subtype/Link/Rect[126.0 76.8 194.1 89.8]/Border[0 0 0]/Dest[1119 0 R/XYZ 0 454 0]>>endobj
-57 0 obj<</Subtype/Link/Rect[126.0 63.6 185.6 76.6]/Border[0 0 0]/Dest[1119 0 R/XYZ 0 317 0]>>endobj
-58 0 obj[14 0 R
-15 0 R
+10 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica/Encoding 2 0 R>>endobj
+11 0 obj<</Type/Font/Subtype/Type1/BaseFont/Helvetica-Bold/Encoding 2 0 R>>endobj
+12 0 obj<</Type/Font/Subtype/Type1/BaseFont/Symbol>>endobj
+13 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+14 0 obj<</Subtype/Link/Rect[188.4 449.8 289.8 462.8]/Border[0 0 0]/A 13 0 R>>endobj
+15 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
+16 0 obj<</Subtype/Link/Rect[72.0 436.6 148.4 449.6]/Border[0 0 0]/A 15 0 R>>endobj
+17 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
+18 0 obj<</Subtype/Link/Rect[72.0 383.8 223.3 396.8]/Border[0 0 0]/A 17 0 R>>endobj
+19 0 obj[14 0 R
 16 0 R
-17 0 R
 18 0 R
-19 0 R
-20 0 R
-21 0 R
-22 0 R
-23 0 R
-24 0 R
-25 0 R
+]endobj
+20 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
+21 0 obj<</Subtype/Link/Rect[369.9 587.8 471.0 600.8]/Border[0 0 0]/A 20 0 R>>endobj
+22 0 obj[21 0 R
+]endobj
+23 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+24 0 obj<</Subtype/Link/Rect[176.8 381.8 270.6 394.8]/Border[0 0 0]/A 23 0 R>>endobj
+25 0 obj<</S/URI/URI(#PASSWORDLEVEL)>>endobj
+26 0 obj<</Subtype/Link/Rect[73.0 118.8 154.0 129.8]/Border[0 0 0]/A 25 0 R>>endobj
+27 0 obj<</S/URI/URI(#USERNAMELEVEL)>>endobj
+28 0 obj<</Subtype/Link/Rect[73.0 108.0 148.6 119.0]/Border[0 0 0]/A 27 0 R>>endobj
+29 0 obj[24 0 R
 26 0 R
-27 0 R
 28 0 R
-29 0 R
-30 0 R
-31 0 R
-32 0 R
+]endobj
+30 0 obj<</S/URI/URI(winbind.html)>>endobj
+31 0 obj<</Subtype/Link/Rect[508.9 602.2 547.4 615.2]/Border[0 0 0]/A 30 0 R>>endobj
+32 0 obj<</S/URI/URI(winbind.html)>>endobj
+33 0 obj<</Subtype/Link/Rect[72.0 589.0 115.4 602.0]/Border[0 0 0]/A 32 0 R>>endobj
+34 0 obj[31 0 R
 33 0 R
-34 0 R
-35 0 R
-36 0 R
-37 0 R
-38 0 R
-39 0 R
-40 0 R
+]endobj
+35 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj
+36 0 obj<</Subtype/Link/Rect[120.9 89.0 222.3 102.0]/Border[0 0 0]/A 35 0 R>>endobj
+37 0 obj[36 0 R
+]endobj
+38 0 obj<</S/URI/URI(#OBEYPAMRESTRICTIONS)>>endobj
+39 0 obj<</Subtype/Link/Rect[238.2 649.4 332.9 662.4]/Border[0 0 0]/A 38 0 R>>endobj
+40 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+41 0 obj<</Subtype/Link/Rect[344.2 570.2 454.9 583.2]/Border[0 0 0]/A 40 0 R>>endobj
+42 0 obj[39 0 R
 41 0 R
-42 0 R
-43 0 R
-44 0 R
-45 0 R
+]endobj
+43 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
+44 0 obj<</Subtype/Link/Rect[72.0 590.2 183.5 603.2]/Border[0 0 0]/A 43 0 R>>endobj
+45 0 obj<</S/URI/URI(#HOSTMSDFS)>>endobj
+46 0 obj<</Subtype/Link/Rect[347.8 511.0 420.4 524.0]/Border[0 0 0]/A 45 0 R>>endobj
+47 0 obj<</S/URI/URI(#MSDFSROOT)>>endobj
+48 0 obj<</Subtype/Link/Rect[383.6 497.8 456.2 510.8]/Border[0 0 0]/A 47 0 R>>endobj
+49 0 obj[44 0 R
 46 0 R
-47 0 R
 48 0 R
-49 0 R
-50 0 R
-51 0 R
-52 0 R
-53 0 R
-54 0 R
-55 0 R
+]endobj
+50 0 obj<</S/URI/URI(#NTACLSUPPORT)>>endobj
+51 0 obj<</Subtype/Link/Rect[342.7 533.8 441.7 546.8]/Border[0 0 0]/A 50 0 R>>endobj
+52 0 obj[51 0 R
+]endobj
+53 0 obj<</S/URI/URI(#SECURITYMASK)>>endobj
+54 0 obj<</Subtype/Link/Rect[88.2 668.2 180.6 681.2]/Border[0 0 0]/A 53 0 R>>endobj
+55 0 obj<</S/URI/URI(#CREATEMASK)>>endobj
+56 0 obj<</Subtype/Link/Rect[358.9 589.0 438.1 602.0]/Border[0 0 0]/A 55 0 R>>endobj
+57 0 obj<</S/URI/URI(#FORCESECURITYMODE)>>endobj
+58 0 obj<</Subtype/Link/Rect[427.0 536.2 526.0 549.2]/Border[0 0 0]/A 57 0 R>>endobj
+59 0 obj<</S/URI/URI(#FORCESECURITYMODE)>>endobj
+60 0 obj<</Subtype/Link/Rect[72.0 523.0 98.4 536.0]/Border[0 0 0]/A 59 0 R>>endobj
+61 0 obj<</S/URI/URI(#FORCECREATEMODE)>>endobj
+62 0 obj<</Subtype/Link/Rect[358.9 443.8 477.7 456.8]/Border[0 0 0]/A 61 0 R>>endobj
+63 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+64 0 obj<</Subtype/Link/Rect[72.0 166.6 151.2 179.6]/Border[0 0 0]/A 63 0 R>>endobj
+65 0 obj[54 0 R
 56 0 R
-57 0 R]endobj
-59 0 obj<</Subtype/Link/Rect[72.0 684.0 296.0 697.0]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 734 0]>>endobj
-60 0 obj<</Subtype/Link/Rect[126.0 670.8 205.7 683.8]/Border[0 0 0]/Dest[1119 0 R/XYZ 0 168 0]>>endobj
-61 0 obj<</Subtype/Link/Rect[108.0 657.6 363.1 670.6]/Border[0 0 0]/Dest[1121 0 R/XYZ 0 347 0]>>endobj
-62 0 obj<</Subtype/Link/Rect[126.0 644.4 246.1 657.4]/Border[0 0 0]/Dest[1123 0 R/XYZ 0 295 0]>>endobj
-63 0 obj<</Subtype/Link/Rect[126.0 631.2 214.6 644.2]/Border[0 0 0]/Dest[1125 0 R/XYZ 0 734 0]>>endobj
-64 0 obj<</Subtype/Link/Rect[126.0 618.0 178.2 631.0]/Border[0 0 0]/Dest[1127 0 R/XYZ 0 456 0]>>endobj
-65 0 obj<</Subtype/Link/Rect[126.0 604.8 185.0 617.8]/Border[0 0 0]/Dest[1127 0 R/XYZ 0 358 0]>>endobj
-66 0 obj<</Subtype/Link/Rect[126.0 591.6 191.1 604.6]/Border[0 0 0]/Dest[1127 0 R/XYZ 0 221 0]>>endobj
-67 0 obj<</Subtype/Link/Rect[108.0 578.4 504.0 591.4]/Border[0 0 0]/Dest[1129 0 R/XYZ 0 667 0]>>endobj
-68 0 obj<</Subtype/Link/Rect[108.0 565.2 478.6 578.2]/Border[0 0 0]/Dest[1131 0 R/XYZ 0 734 0]>>endobj
-69 0 obj<</Subtype/Link/Rect[126.0 552.0 343.8 565.0]/Border[0 0 0]/Dest[1133 0 R/XYZ 0 692 0]>>endobj
-70 0 obj<</Subtype/Link/Rect[126.0 538.8 409.5 551.8]/Border[0 0 0]/Dest[1133 0 R/XYZ 0 440 0]>>endobj
-71 0 obj<</Subtype/Link/Rect[126.0 525.6 323.0 538.6]/Border[0 0 0]/Dest[1135 0 R/XYZ 0 734 0]>>endobj
-72 0 obj<</Subtype/Link/Rect[108.0 512.4 162.4 525.4]/Border[0 0 0]/Dest[1135 0 R/XYZ 0 172 0]>>endobj
-73 0 obj<</Subtype/Link/Rect[72.0 486.0 407.8 499.0]/Border[0 0 0]/Dest[1139 0 R/XYZ 0 734 0]>>endobj
-74 0 obj<</Subtype/Link/Rect[108.0 472.8 183.2 485.8]/Border[0 0 0]/Dest[1139 0 R/XYZ 0 672 0]>>endobj
-75 0 obj<</Subtype/Link/Rect[108.0 459.6 225.6 472.6]/Border[0 0 0]/Dest[1141 0 R/XYZ 0 127 0]>>endobj
-76 0 obj<</Subtype/Link/Rect[108.0 446.4 251.0 459.4]/Border[0 0 0]/Dest[1143 0 R/XYZ 0 679 0]>>endobj
-77 0 obj<</Subtype/Link/Rect[72.0 420.0 349.4 433.0]/Border[0 0 0]/Dest[1145 0 R/XYZ 0 734 0]>>endobj
-78 0 obj<</Subtype/Link/Rect[108.0 406.8 159.9 419.8]/Border[0 0 0]/Dest[1145 0 R/XYZ 0 672 0]>>endobj
-79 0 obj<</Subtype/Link/Rect[126.0 393.6 151.7 406.6]/Border[0 0 0]/Dest[1147 0 R/XYZ 0 652 0]>>endobj
-80 0 obj<</Subtype/Link/Rect[72.0 367.2 359.8 380.2]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 734 0]>>endobj
-81 0 obj<</Subtype/Link/Rect[108.0 354.0 425.4 367.0]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 672 0]>>endobj
-82 0 obj<</Subtype/Link/Rect[108.0 340.8 299.9 353.8]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 497 0]>>endobj
-83 0 obj<</Subtype/Link/Rect[108.0 327.6 211.9 340.6]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 330 0]>>endobj
-84 0 obj<</Subtype/Link/Rect[108.0 314.4 273.0 327.4]/Border[0 0 0]/Dest[1151 0 R/XYZ 0 665 0]>>endobj
-85 0 obj<</Subtype/Link/Rect[126.0 301.2 199.0 314.2]/Border[0 0 0]/Dest[1151 0 R/XYZ 0 432 0]>>endobj
-86 0 obj<</Subtype/Link/Rect[126.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[1151 0 R/XYZ 0 189 0]>>endobj
-87 0 obj<</Subtype/Link/Rect[108.0 274.8 282.2 287.8]/Border[0 0 0]/Dest[1153 0 R/XYZ 0 692 0]>>endobj
-88 0 obj<</Subtype/Link/Rect[108.0 261.6 372.8 274.6]/Border[0 0 0]/Dest[1153 0 R/XYZ 0 260 0]>>endobj
-89 0 obj<</Subtype/Link/Rect[108.0 248.4 364.9 261.4]/Border[0 0 0]/Dest[1157 0 R/XYZ 0 599 0]>>endobj
-90 0 obj<</Subtype/Link/Rect[72.0 222.0 224.2 235.0]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 734 0]>>endobj
-91 0 obj<</Subtype/Link/Rect[108.0 208.8 162.4 221.8]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 696 0]>>endobj
-92 0 obj<</Subtype/Link/Rect[108.0 195.6 169.7 208.6]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 278 0]>>endobj
-93 0 obj<</Subtype/Link/Rect[126.0 182.4 200.2 195.4]/Border[0 0 0]/Dest[1161 0 R/XYZ 0 702 0]>>endobj
-94 0 obj<</Subtype/Link/Rect[126.0 169.2 284.9 182.2]/Border[0 0 0]/Dest[1163 0 R/XYZ 0 469 0]>>endobj
-95 0 obj<</Subtype/Link/Rect[126.0 156.0 277.8 169.0]/Border[0 0 0]/Dest[1165 0 R/XYZ 0 705 0]>>endobj
-96 0 obj<</Subtype/Link/Rect[126.0 142.8 341.4 155.8]/Border[0 0 0]/Dest[1165 0 R/XYZ 0 332 0]>>endobj
-97 0 obj<</Subtype/Link/Rect[126.0 129.6 232.6 142.6]/Border[0 0 0]/Dest[1167 0 R/XYZ 0 155 0]>>endobj
-98 0 obj<</Subtype/Link/Rect[108.0 116.4 200.9 129.4]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 652 0]>>endobj
-99 0 obj<</Subtype/Link/Rect[126.0 103.2 204.8 116.2]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 551 0]>>endobj
-100 0 obj<</Subtype/Link/Rect[126.0 90.0 271.7 103.0]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 426 0]>>endobj
-101 0 obj<</Subtype/Link/Rect[126.0 76.8 212.8 89.8]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 341 0]>>endobj
-102 0 obj<</Subtype/Link/Rect[126.0 63.6 225.0 76.6]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 243 0]>>endobj
-103 0 obj[59 0 R
+58 0 R
 60 0 R
-61 0 R
 62 0 R
-63 0 R
 64 0 R
-65 0 R
-66 0 R
-67 0 R
-68 0 R
+]endobj
+66 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
+67 0 obj<</Subtype/Link/Rect[146.5 548.2 280.3 561.2]/Border[0 0 0]/A 66 0 R>>endobj
+68 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
+69 0 obj<</Subtype/Link/Rect[221.4 521.8 341.1 534.8]/Border[0 0 0]/A 68 0 R>>endobj
+70 0 obj<</S/URI/URI(http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP)>>endobj
+71 0 obj<</Subtype/Link/Rect[72.0 297.4 355.9 310.4]/Border[0 0 0]/A 70 0 R>>endobj
+72 0 obj[67 0 R
 69 0 R
-70 0 R
 71 0 R
-72 0 R
-73 0 R
-74 0 R
+]endobj
+73 0 obj<</Subtype/Link/Rect[462.9 705.8 540.9 718.8]/Border[0 0 0]/Dest[795 0 R/XYZ null 459 0]>>endobj
+74 0 obj<</S/URI/URI(#WRITELIST)>>endobj
+75 0 obj<</Subtype/Link/Rect[91.9 313.4 157.9 326.4]/Border[0 0 0]/A 74 0 R>>endobj
+76 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+77 0 obj<</Subtype/Link/Rect[192.7 300.2 294.1 313.2]/Border[0 0 0]/A 76 0 R>>endobj
+78 0 obj<</S/URI/URI(#GUESTOK)>>endobj
+79 0 obj<</Subtype/Link/Rect[163.3 273.8 231.3 286.8]/Border[0 0 0]/A 78 0 R>>endobj
+80 0 obj<</S/URI/URI(#MAPTOGUEST)>>endobj
+81 0 obj<</Subtype/Link/Rect[401.4 168.2 492.0 181.2]/Border[0 0 0]/A 80 0 R>>endobj
+82 0 obj<</S/URI/URI(#MAPTOGUEST)>>endobj
+83 0 obj<</Subtype/Link/Rect[108.0 155.0 130.0 168.0]/Border[0 0 0]/A 82 0 R>>endobj
+84 0 obj[73 0 R
 75 0 R
-76 0 R
 77 0 R
-78 0 R
 79 0 R
-80 0 R
 81 0 R
-82 0 R
 83 0 R
-84 0 R
-85 0 R
-86 0 R
-87 0 R
-88 0 R
-89 0 R
-90 0 R
+]endobj
+85 0 obj<</S/URI/URI(#PRINTERADMIN)>>endobj
+86 0 obj<</Subtype/Link/Rect[433.8 567.8 526.2 580.8]/Border[0 0 0]/A 85 0 R>>endobj
+87 0 obj[86 0 R
+]endobj
+88 0 obj<</S/URI/URI(#DEFAULTDEVMODE)>>endobj
+89 0 obj<</Subtype/Link/Rect[303.6 438.2 377.2 451.2]/Border[0 0 0]/A 88 0 R>>endobj
+90 0 obj<</S/URI/URI(rpcclient.1.html)>>endobj
+91 0 obj<</Subtype/Link/Rect[236.4 300.6 330.1 313.6]/Border[0 0 0]/A 90 0 R>>endobj
+92 0 obj[89 0 R
 91 0 R
-92 0 R
-93 0 R
-94 0 R
-95 0 R
+]endobj
+93 0 obj<</S/URI/URI(#SHOWADDPRINTERWIZARD)>>endobj
+94 0 obj<</Subtype/Link/Rect[108.0 541.4 306.0 554.4]/Border[0 0 0]/A 93 0 R>>endobj
+95 0 obj<</S/URI/URI(#ADDPRINTERCOMMAND)>>endobj
+96 0 obj<</Subtype/Link/Rect[453.9 515.0 526.5 528.0]/Border[0 0 0]/A 95 0 R>>endobj
+97 0 obj<</S/URI/URI(#ADDPRINTERCOMMAND)>>endobj
+98 0 obj<</Subtype/Link/Rect[72.0 501.8 118.2 514.8]/Border[0 0 0]/A 97 0 R>>endobj
+99 0 obj<</S/URI/URI(#DELETEPRINTERCOMMAND)>>endobj
+100 0 obj<</Subtype/Link/Rect[189.3 396.2 334.5 409.2]/Border[0 0 0]/A 99 0 R>>endobj
+101 0 obj<</S/URI/URI(#ENUMPORTSCOMMAND)>>endobj
+102 0 obj<</Subtype/Link/Rect[451.4 219.0 510.8 232.0]/Border[0 0 0]/A 101 0 R>>endobj
+103 0 obj<</S/URI/URI(#ENUMPORTSCOMMAND)>>endobj
+104 0 obj<</Subtype/Link/Rect[72.0 205.8 118.2 218.8]/Border[0 0 0]/A 103 0 R>>endobj
+105 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+106 0 obj<</Subtype/Link/Rect[303.3 121.0 442.9 134.0]/Border[0 0 0]/A 105 0 R>>endobj
+107 0 obj[94 0 R
 96 0 R
-97 0 R
 98 0 R
-99 0 R
 100 0 R
-101 0 R
-102 0 R]endobj
-104 0 obj<</Subtype/Link/Rect[72.0 684.0 224.2 697.0]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 734 0]>>endobj
-105 0 obj<</Subtype/Link/Rect[108.0 670.8 280.9 683.8]/Border[0 0 0]/Dest[1171 0 R/XYZ 0 357 0]>>endobj
-106 0 obj<</Subtype/Link/Rect[72.0 644.4 212.0 657.4]/Border[0 0 0]/Dest[1175 0 R/XYZ 0 734 0]>>endobj
-107 0 obj<</Subtype/Link/Rect[108.0 631.2 162.4 644.2]/Border[0 0 0]/Dest[1175 0 R/XYZ 0 696 0]>>endobj
-108 0 obj<</Subtype/Link/Rect[108.0 618.0 232.7 631.0]/Border[0 0 0]/Dest[1177 0 R/XYZ 0 734 0]>>endobj
-109 0 obj<</Subtype/Link/Rect[108.0 604.8 216.7 617.8]/Border[0 0 0]/Dest[1177 0 R/XYZ 0 272 0]>>endobj
-110 0 obj<</Subtype/Link/Rect[108.0 591.6 267.8 604.6]/Border[0 0 0]/Dest[1179 0 R/XYZ 0 734 0]>>endobj
-111 0 obj<</Subtype/Link/Rect[108.0 578.4 191.1 591.4]/Border[0 0 0]/Dest[1179 0 R/XYZ 0 301 0]>>endobj
-112 0 obj<</Subtype/Link/Rect[108.0 565.2 211.9 578.2]/Border[0 0 0]/Dest[1181 0 R/XYZ 0 617 0]>>endobj
-113 0 obj<</Subtype/Link/Rect[108.0 552.0 210.1 565.0]/Border[0 0 0]/Dest[1181 0 R/XYZ 0 264 0]>>endobj
-114 0 obj<</Subtype/Link/Rect[108.0 538.8 190.8 551.8]/Border[0 0 0]/Dest[1181 0 R/XYZ 0 175 0]>>endobj
-115 0 obj<</Subtype/Link/Rect[108.0 525.6 177.4 538.6]/Border[0 0 0]/Dest[1183 0 R/XYZ 0 734 0]>>endobj
-116 0 obj<</Subtype/Link/Rect[72.0 499.2 139.5 512.2]/Border[0 0 0]/Dest[1185 0 R/XYZ 0 734 0]>>endobj
-117 0 obj<</Subtype/Link/Rect[108.0 486.0 162.4 499.0]/Border[0 0 0]/Dest[1185 0 R/XYZ 0 696 0]>>endobj
-118 0 obj<</Subtype/Link/Rect[108.0 472.8 304.4 485.8]/Border[0 0 0]/Dest[1185 0 R/XYZ 0 465 0]>>endobj
-119 0 obj<</Subtype/Link/Rect[72.0 446.4 220.1 459.4]/Border[0 0 0]/Dest[1189 0 R/XYZ 0 734 0]>>endobj
-120 0 obj<</Subtype/Link/Rect[108.0 433.2 280.6 446.2]/Border[0 0 0]/Dest[1189 0 R/XYZ 0 696 0]>>endobj
-121 0 obj<</Subtype/Link/Rect[108.0 420.0 268.7 433.0]/Border[0 0 0]/Dest[1191 0 R/XYZ 0 362 0]>>endobj
-122 0 obj<</Subtype/Link/Rect[108.0 406.8 288.6 419.8]/Border[0 0 0]/Dest[1191 0 R/XYZ 0 155 0]>>endobj
-123 0 obj<</Subtype/Link/Rect[72.0 380.4 373.3 393.4]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 734 0]>>endobj
-124 0 obj<</Subtype/Link/Rect[108.0 367.2 145.3 380.2]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 672 0]>>endobj
-125 0 obj<</Subtype/Link/Rect[108.0 354.0 162.4 367.0]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 544 0]>>endobj
-126 0 obj<</Subtype/Link/Rect[108.0 340.8 214.3 353.8]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 231 0]>>endobj
-127 0 obj<</Subtype/Link/Rect[126.0 327.6 178.8 340.6]/Border[0 0 0]/Dest[1197 0 R/XYZ 0 560 0]>>endobj
-128 0 obj<</Subtype/Link/Rect[108.0 314.4 202.7 327.4]/Border[0 0 0]/Dest[1197 0 R/XYZ 0 409 0]>>endobj
-129 0 obj<</Subtype/Link/Rect[126.0 301.2 279.1 314.2]/Border[0 0 0]/Dest[1197 0 R/XYZ 0 294 0]>>endobj
-130 0 obj<</Subtype/Link/Rect[126.0 288.0 221.3 301.0]/Border[0 0 0]/Dest[1199 0 R/XYZ 0 734 0]>>endobj
-131 0 obj<</Subtype/Link/Rect[126.0 274.8 279.4 287.8]/Border[0 0 0]/Dest[1199 0 R/XYZ 0 292 0]>>endobj
-132 0 obj<</Subtype/Link/Rect[126.0 261.6 259.8 274.6]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 665 0]>>endobj
-133 0 obj<</Subtype/Link/Rect[126.0 248.4 193.5 261.4]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 488 0]>>endobj
-134 0 obj<</Subtype/Link/Rect[108.0 235.2 240.6 248.2]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 351 0]>>endobj
-135 0 obj<</Subtype/Link/Rect[126.0 222.0 180.4 235.0]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 209 0]>>endobj
-136 0 obj<</Subtype/Link/Rect[126.0 208.8 187.1 221.8]/Border[0 0 0]/Dest[1203 0 R/XYZ 0 599 0]>>endobj
-137 0 obj<</Subtype/Link/Rect[126.0 195.6 211.6 208.6]/Border[0 0 0]/Dest[1203 0 R/XYZ 0 330 0]>>endobj
-138 0 obj<</Subtype/Link/Rect[108.0 182.4 158.7 195.4]/Border[0 0 0]/Dest[1217 0 R/XYZ 0 217 0]>>endobj
-139 0 obj<</Subtype/Link/Rect[108.0 169.2 158.1 182.2]/Border[0 0 0]/Dest[1219 0 R/XYZ 0 679 0]>>endobj
-140 0 obj<</Subtype/Link/Rect[72.0 142.8 363.5 155.8]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 734 0]>>endobj
-141 0 obj<</Subtype/Link/Rect[108.0 129.6 200.0 142.6]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 672 0]>>endobj
-142 0 obj<</Subtype/Link/Rect[108.0 116.4 161.8 129.4]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 584 0]>>endobj
-143 0 obj<</Subtype/Link/Rect[108.0 103.2 296.8 116.2]/Border[0 0 0]/Dest[1223 0 R/XYZ 0 718 0]>>endobj
-144 0 obj<</Subtype/Link/Rect[108.0 90.0 410.8 103.0]/Border[0 0 0]/Dest[1225 0 R/XYZ 0 613 0]>>endobj
-145 0 obj<</Subtype/Link/Rect[126.0 76.8 323.7 89.8]/Border[0 0 0]/Dest[1225 0 R/XYZ 0 227 0]>>endobj
-146 0 obj<</Subtype/Link/Rect[126.0 63.6 353.0 76.6]/Border[0 0 0]/Dest[1227 0 R/XYZ 0 356 0]>>endobj
-147 0 obj[104 0 R
-105 0 R
+102 0 R
+104 0 R
 106 0 R
-107 0 R
-108 0 R
-109 0 R
-110 0 R
-111 0 R
-112 0 R
-113 0 R
-114 0 R
-115 0 R
-116 0 R
+]endobj
+108 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
+109 0 obj<</Subtype/Link/Rect[108.0 171.8 244.9 184.8]/Border[0 0 0]/A 108 0 R>>endobj
+110 0 obj[109 0 R
+]endobj
+111 0 obj<</S/URI/URI(http://www.cups.org/)>>endobj
+112 0 obj<</Subtype/Link/Rect[72.0 653.8 99.5 666.8]/Border[0 0 0]/A 111 0 R>>endobj
+113 0 obj[112 0 R
+]endobj
+114 0 obj<</S/URI/URI(http://wwwl.easysw.com/printpro/)>>endobj
+115 0 obj<</Subtype/Link/Rect[108.0 651.4 330.1 664.4]/Border[0 0 0]/A 114 0 R>>endobj
+116 0 obj<</S/URI/URI(http://gimp-print.sourceforge.net/)>>endobj
+117 0 obj<</Subtype/Link/Rect[124.2 585.4 376.9 598.4]/Border[0 0 0]/A 116 0 R>>endobj
+118 0 obj<</S/URI/URI(http://www.turboprint.com/)>>endobj
+119 0 obj<</Subtype/Link/Rect[108.0 545.8 290.7 558.8]/Border[0 0 0]/A 118 0 R>>endobj
+120 0 obj<</S/URI/URI(http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)>>endobj
+121 0 obj<</Subtype/Link/Rect[108.0 519.4 447.3 532.4]/Border[0 0 0]/A 120 0 R>>endobj
+122 0 obj<</S/URI/URI(http://hpinkjet.sourceforge.net/)>>endobj
+123 0 obj<</Subtype/Link/Rect[108.0 466.6 285.2 479.6]/Border[0 0 0]/A 122 0 R>>endobj
+124 0 obj<</S/URI/URI(http://www.linuxprinting.org/)>>endobj
+125 0 obj<</Subtype/Link/Rect[108.0 440.2 343.6 453.2]/Border[0 0 0]/A 124 0 R>>endobj
+126 0 obj[115 0 R
 117 0 R
-118 0 R
 119 0 R
-120 0 R
 121 0 R
-122 0 R
 123 0 R
-124 0 R
 125 0 R
-126 0 R
-127 0 R
-128 0 R
-129 0 R
+]endobj
+127 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj
+128 0 obj<</Subtype/Link/Rect[221.4 455.8 287.7 468.8]/Border[0 0 0]/A 127 0 R>>endobj
+129 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+130 0 obj<</Subtype/Link/Rect[353.1 139.0 425.7 152.0]/Border[0 0 0]/A 129 0 R>>endobj
+131 0 obj<</S/URI/URI(#SECURITY)>>endobj
+132 0 obj<</Subtype/Link/Rect[169.1 99.4 241.7 112.4]/Border[0 0 0]/A 131 0 R>>endobj
+133 0 obj[128 0 R
 130 0 R
-131 0 R
 132 0 R
-133 0 R
-134 0 R
-135 0 R
-136 0 R
+]endobj
+134 0 obj<</S/URI/URI(#WORKGROUP)>>endobj
+135 0 obj<</Subtype/Link/Rect[146.2 721.0 225.4 734.0]/Border[0 0 0]/A 134 0 R>>endobj
+136 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+137 0 obj<</Subtype/Link/Rect[224.7 641.8 343.5 654.8]/Border[0 0 0]/A 136 0 R>>endobj
+138 0 obj<</S/URI/URI(#PASSWORDSERVER)>>endobj
+139 0 obj<</Subtype/Link/Rect[188.7 602.2 307.5 615.2]/Border[0 0 0]/A 138 0 R>>endobj
+140 0 obj[135 0 R
 137 0 R
-138 0 R
 139 0 R
-140 0 R
-141 0 R
-142 0 R
-143 0 R
+]endobj
+141 0 obj<</S/URI/URI(#SECURITYEQUALSSERVER)>>endobj
+142 0 obj<</Subtype/Link/Rect[277.9 721.0 354.1 734.0]/Border[0 0 0]/A 141 0 R>>endobj
+143 0 obj<</S/URI/URI(winbind.html)>>endobj
+144 0 obj<</Subtype/Link/Rect[153.9 668.2 222.3 681.2]/Border[0 0 0]/A 143 0 R>>endobj
+145 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
+146 0 obj<</Subtype/Link/Rect[443.5 351.4 500.6 364.4]/Border[0 0 0]/A 145 0 R>>endobj
+147 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
+148 0 obj<</Subtype/Link/Rect[72.0 338.2 189.3 351.2]/Border[0 0 0]/A 147 0 R>>endobj
+149 0 obj[142 0 R
 144 0 R
-145 0 R
-146 0 R]endobj
-148 0 obj<</Subtype/Link/Rect[72.0 684.0 363.5 697.0]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 734 0]>>endobj
-149 0 obj<</Subtype/Link/Rect[126.0 670.8 269.9 683.8]/Border[0 0 0]/Dest[1227 0 R/XYZ 0 143 0]>>endobj
-150 0 obj<</Subtype/Link/Rect[108.0 657.6 242.1 670.6]/Border[0 0 0]/Dest[1229 0 R/XYZ 0 467 0]>>endobj
-151 0 obj<</Subtype/Link/Rect[108.0 644.4 233.6 657.4]/Border[0 0 0]/Dest[1231 0 R/XYZ 0 205 0]>>endobj
-152 0 obj<</Subtype/Link/Rect[108.0 631.2 224.4 644.2]/Border[0 0 0]/Dest[1233 0 R/XYZ 0 203 0]>>endobj
-153 0 obj<</Subtype/Link/Rect[108.0 618.0 273.6 631.0]/Border[0 0 0]/Dest[1239 0 R/XYZ 0 547 0]>>endobj
-154 0 obj<</Subtype/Link/Rect[126.0 604.8 322.5 617.8]/Border[0 0 0]/Dest[1241 0 R/XYZ 0 560 0]>>endobj
-155 0 obj<</Subtype/Link/Rect[126.0 591.6 396.7 604.6]/Border[0 0 0]/Dest[1241 0 R/XYZ 0 126 0]>>endobj
-156 0 obj<</Subtype/Link/Rect[108.0 578.4 411.7 591.4]/Border[0 0 0]/Dest[1249 0 R/XYZ 0 135 0]>>endobj
-157 0 obj<</Subtype/Link/Rect[72.0 552.0 459.8 565.0]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 734 0]>>endobj
-158 0 obj<</Subtype/Link/Rect[108.0 538.8 200.0 551.8]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 672 0]>>endobj
-159 0 obj<</Subtype/Link/Rect[108.0 525.6 161.8 538.6]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 597 0]>>endobj
-160 0 obj<</Subtype/Link/Rect[108.0 512.4 339.9 525.4]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 223 0]>>endobj
-161 0 obj<</Subtype/Link/Rect[126.0 499.2 354.8 512.2]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 734 0]>>endobj
-162 0 obj<</Subtype/Link/Rect[126.0 486.0 241.5 499.0]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 609 0]>>endobj
-163 0 obj<</Subtype/Link/Rect[108.0 472.8 306.6 485.8]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 524 0]>>endobj
-164 0 obj<</Subtype/Link/Rect[108.0 459.6 248.8 472.6]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 383 0]>>endobj
-165 0 obj<</Subtype/Link/Rect[126.0 446.4 300.1 459.4]/Border[0 0 0]/Dest[1259 0 R/XYZ 0 617 0]>>endobj
-166 0 obj<</Subtype/Link/Rect[72.0 420.0 425.8 433.0]/Border[0 0 0]/Dest[1261 0 R/XYZ 0 734 0]>>endobj
-167 0 obj<</Subtype/Link/Rect[108.0 406.8 143.4 419.8]/Border[0 0 0]/Dest[1261 0 R/XYZ 0 672 0]>>endobj
-168 0 obj<</Subtype/Link/Rect[108.0 393.6 162.4 406.6]/Border[0 0 0]/Dest[1261 0 R/XYZ 0 412 0]>>endobj
-169 0 obj<</Subtype/Link/Rect[108.0 380.4 220.4 393.4]/Border[0 0 0]/Dest[1263 0 R/XYZ 0 573 0]>>endobj
-170 0 obj<</Subtype/Link/Rect[108.0 367.2 359.5 380.2]/Border[0 0 0]/Dest[1263 0 R/XYZ 0 471 0]>>endobj
-171 0 obj<</Subtype/Link/Rect[108.0 354.0 248.3 367.0]/Border[0 0 0]/Dest[1265 0 R/XYZ 0 734 0]>>endobj
-172 0 obj<</Subtype/Link/Rect[126.0 340.8 240.6 353.8]/Border[0 0 0]/Dest[1265 0 R/XYZ 0 700 0]>>endobj
-173 0 obj<</Subtype/Link/Rect[126.0 327.6 212.5 340.6]/Border[0 0 0]/Dest[1265 0 R/XYZ 0 138 0]>>endobj
-174 0 obj<</Subtype/Link/Rect[108.0 314.4 262.3 327.4]/Border[0 0 0]/Dest[1267 0 R/XYZ 0 227 0]>>endobj
-175 0 obj<</Subtype/Link/Rect[108.0 301.2 231.4 314.2]/Border[0 0 0]/Dest[1269 0 R/XYZ 0 705 0]>>endobj
-176 0 obj<</Subtype/Link/Rect[108.0 288.0 306.0 301.0]/Border[0 0 0]/Dest[1269 0 R/XYZ 0 320 0]>>endobj
-177 0 obj<</Subtype/Link/Rect[108.0 274.8 299.5 287.8]/Border[0 0 0]/Dest[1271 0 R/XYZ 0 309 0]>>endobj
-178 0 obj<</Subtype/Link/Rect[108.0 261.6 155.7 274.6]/Border[0 0 0]/Dest[1273 0 R/XYZ 0 478 0]>>endobj
-179 0 obj<</Subtype/Link/Rect[72.0 235.2 209.8 248.2]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 734 0]>>endobj
-180 0 obj<</Subtype/Link/Rect[108.0 222.0 207.0 235.0]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 696 0]>>endobj
-181 0 obj<</Subtype/Link/Rect[108.0 208.8 228.7 221.8]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 515 0]>>endobj
-182 0 obj<</Subtype/Link/Rect[108.0 195.6 192.0 208.6]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 137 0]>>endobj
-183 0 obj<</Subtype/Link/Rect[108.0 182.4 216.8 195.4]/Border[0 0 0]/Dest[1277 0 R/XYZ 0 533 0]>>endobj
-184 0 obj<</Subtype/Link/Rect[126.0 169.2 303.8 182.2]/Border[0 0 0]/Dest[1277 0 R/XYZ 0 273 0]>>endobj
-185 0 obj<</Subtype/Link/Rect[108.0 156.0 221.0 169.0]/Border[0 0 0]/Dest[1283 0 R/XYZ 0 511 0]>>endobj
-186 0 obj<</Subtype/Link/Rect[108.0 142.8 291.0 155.8]/Border[0 0 0]/Dest[1285 0 R/XYZ 0 560 0]>>endobj
-187 0 obj<</Subtype/Link/Rect[108.0 129.6 265.4 142.6]/Border[0 0 0]/Dest[1287 0 R/XYZ 0 567 0]>>endobj
-188 0 obj<</Subtype/Link/Rect[108.0 116.4 245.8 129.4]/Border[0 0 0]/Dest[1287 0 R/XYZ 0 208 0]>>endobj
-189 0 obj<</Subtype/Link/Rect[108.0 103.2 257.1 116.2]/Border[0 0 0]/Dest[1289 0 R/XYZ 0 454 0]>>endobj
-190 0 obj<</Subtype/Link/Rect[108.0 90.0 246.4 103.0]/Border[0 0 0]/Dest[1291 0 R/XYZ 0 679 0]>>endobj
-191 0 obj<</Subtype/Link/Rect[108.0 76.8 191.4 89.8]/Border[0 0 0]/Dest[1291 0 R/XYZ 0 590 0]>>endobj
-192 0 obj[148 0 R
-149 0 R
-150 0 R
-151 0 R
-152 0 R
+146 0 R
+148 0 R
+]endobj
+150 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+151 0 obj<</Subtype/Link/Rect[182.3 603.4 254.9 616.4]/Border[0 0 0]/A 150 0 R>>endobj
+152 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+153 0 obj<</Subtype/Link/Rect[334.9 603.4 418.9 616.4]/Border[0 0 0]/A 152 0 R>>endobj
+154 0 obj<</S/URI/URI(UNIX_INSTALL.html)>>endobj
+155 0 obj<</Subtype/Link/Rect[339.0 439.4 443.5 452.4]/Border[0 0 0]/A 154 0 R>>endobj
+156 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+157 0 obj<</Subtype/Link/Rect[445.9 426.2 544.6 439.2]/Border[0 0 0]/A 156 0 R>>endobj
+158 0 obj[151 0 R
 153 0 R
-154 0 R
 155 0 R
-156 0 R
 157 0 R
-158 0 R
-159 0 R
-160 0 R
-161 0 R
+]endobj
+159 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+160 0 obj<</Subtype/Link/Rect[468.3 636.2 549.6 649.2]/Border[0 0 0]/A 159 0 R>>endobj
+161 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+162 0 obj<</Subtype/Link/Rect[72.0 623.0 92.8 636.0]/Border[0 0 0]/A 161 0 R>>endobj
+163 0 obj<</S/URI/URI(#NETBIOSNAME)>>endobj
+164 0 obj<</Subtype/Link/Rect[94.6 549.6 159.4 560.6]/Border[0 0 0]/A 163 0 R>>endobj
+165 0 obj<</S/URI/URI(#WORKGROUP)>>endobj
+166 0 obj<</Subtype/Link/Rect[94.6 538.8 143.2 549.8]/Border[0 0 0]/A 165 0 R>>endobj
+167 0 obj<</S/URI/URI(#OSLEVEL)>>endobj
+168 0 obj<</Subtype/Link/Rect[94.6 506.4 137.8 517.4]/Border[0 0 0]/A 167 0 R>>endobj
+169 0 obj<</S/URI/URI(#PERFERREDMASTER)>>endobj
+170 0 obj<</Subtype/Link/Rect[94.6 495.6 181.0 506.6]/Border[0 0 0]/A 169 0 R>>endobj
+171 0 obj<</S/URI/URI(#DOMAINMASTER)>>endobj
+172 0 obj<</Subtype/Link/Rect[94.6 484.8 164.8 495.8]/Border[0 0 0]/A 171 0 R>>endobj
+173 0 obj<</S/URI/URI(#LOCALMASTER)>>endobj
+174 0 obj<</Subtype/Link/Rect[94.6 474.0 159.4 485.0]/Border[0 0 0]/A 173 0 R>>endobj
+175 0 obj<</S/URI/URI(#SECURITYEQUALSUSER)>>endobj
+176 0 obj<</Subtype/Link/Rect[94.6 441.6 137.8 452.6]/Border[0 0 0]/A 175 0 R>>endobj
+177 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+178 0 obj<</Subtype/Link/Rect[94.6 409.2 186.4 420.2]/Border[0 0 0]/A 177 0 R>>endobj
+179 0 obj<</S/URI/URI(#DOMAINLOGONS)>>endobj
+180 0 obj<</Subtype/Link/Rect[94.6 376.8 164.8 387.8]/Border[0 0 0]/A 179 0 R>>endobj
+181 0 obj<</S/URI/URI(#LOGONPATH)>>endobj
+182 0 obj<</Subtype/Link/Rect[94.6 344.4 148.6 355.4]/Border[0 0 0]/A 181 0 R>>endobj
+183 0 obj<</S/URI/URI(#LOGONDRIVE)>>endobj
+184 0 obj<</Subtype/Link/Rect[94.6 301.2 154.0 312.2]/Border[0 0 0]/A 183 0 R>>endobj
+185 0 obj<</S/URI/URI(#LOGONHOME)>>endobj
+186 0 obj<</Subtype/Link/Rect[94.6 290.4 148.6 301.4]/Border[0 0 0]/A 185 0 R>>endobj
+187 0 obj<</S/URI/URI(#LOGONSCRIPT)>>endobj
+188 0 obj<</Subtype/Link/Rect[94.6 247.2 159.4 258.2]/Border[0 0 0]/A 187 0 R>>endobj
+189 0 obj<</S/URI/URI(#PATH)>>endobj
+190 0 obj<</Subtype/Link/Rect[94.6 204.0 116.2 215.0]/Border[0 0 0]/A 189 0 R>>endobj
+191 0 obj<</S/URI/URI(#READONLY)>>endobj
+192 0 obj<</Subtype/Link/Rect[94.6 193.2 143.2 204.2]/Border[0 0 0]/A 191 0 R>>endobj
+193 0 obj<</S/URI/URI(#WRITELIST)>>endobj
+194 0 obj<</Subtype/Link/Rect[94.6 182.4 148.6 193.4]/Border[0 0 0]/A 193 0 R>>endobj
+195 0 obj<</S/URI/URI(#PATH)>>endobj
+196 0 obj<</Subtype/Link/Rect[94.6 139.2 116.2 150.2]/Border[0 0 0]/A 195 0 R>>endobj
+197 0 obj<</S/URI/URI(#READONLY)>>endobj
+198 0 obj<</Subtype/Link/Rect[94.6 128.4 143.2 139.4]/Border[0 0 0]/A 197 0 R>>endobj
+199 0 obj<</S/URI/URI(#CREATEMASK)>>endobj
+200 0 obj<</Subtype/Link/Rect[94.6 117.6 154.0 128.6]/Border[0 0 0]/A 199 0 R>>endobj
+201 0 obj<</S/URI/URI(#DIRECTORYMASK)>>endobj
+202 0 obj<</Subtype/Link/Rect[94.6 106.8 170.2 117.8]/Border[0 0 0]/A 201 0 R>>endobj
+203 0 obj[160 0 R
 162 0 R
-163 0 R
 164 0 R
-165 0 R
 166 0 R
-167 0 R
 168 0 R
-169 0 R
 170 0 R
-171 0 R
 172 0 R
-173 0 R
 174 0 R
-175 0 R
 176 0 R
-177 0 R
 178 0 R
-179 0 R
 180 0 R
-181 0 R
 182 0 R
-183 0 R
 184 0 R
-185 0 R
 186 0 R
-187 0 R
 188 0 R
-189 0 R
 190 0 R
-191 0 R]endobj
-193 0 obj<</Subtype/Link/Rect[72.0 684.0 197.3 697.0]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 734 0]>>endobj
-194 0 obj<</Subtype/Link/Rect[108.0 670.8 166.1 683.8]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 696 0]>>endobj
-195 0 obj<</Subtype/Link/Rect[108.0 657.6 144.7 670.6]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 449 0]>>endobj
-196 0 obj<</Subtype/Link/Rect[126.0 644.4 169.4 657.4]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 416 0]>>endobj
-197 0 obj<</Subtype/Link/Rect[126.0 631.2 196.0 644.2]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 146 0]>>endobj
-198 0 obj<</Subtype/Link/Rect[126.0 618.0 295.3 631.0]/Border[0 0 0]/Dest[1295 0 R/XYZ 0 652 0]>>endobj
-199 0 obj<</Subtype/Link/Rect[108.0 604.8 173.1 617.8]/Border[0 0 0]/Dest[1295 0 R/XYZ 0 515 0]>>endobj
-200 0 obj<</Subtype/Link/Rect[108.0 591.6 150.5 604.6]/Border[0 0 0]/Dest[1295 0 R/XYZ 0 255 0]>>endobj
-201 0 obj<</Subtype/Link/Rect[108.0 578.4 151.1 591.4]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 718 0]>>endobj
-202 0 obj<</Subtype/Link/Rect[108.0 565.2 144.7 578.2]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 537 0]>>endobj
-203 0 obj<</Subtype/Link/Rect[108.0 552.0 164.5 565.0]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 409 0]>>endobj
-204 0 obj<</Subtype/Link/Rect[108.0 538.8 149.9 551.8]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 189 0]>>endobj
-205 0 obj<</Subtype/Link/Rect[108.0 525.6 155.4 538.6]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 734 0]>>endobj
-206 0 obj<</Subtype/Link/Rect[108.0 512.4 149.8 525.4]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 645 0]>>endobj
-207 0 obj<</Subtype/Link/Rect[108.0 499.2 152.3 512.2]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 477 0]>>endobj
-208 0 obj<</Subtype/Link/Rect[108.0 486.0 178.0 499.0]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 349 0]>>endobj
-209 0 obj<</Subtype/Link/Rect[108.0 472.8 187.1 485.8]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 129 0]>>endobj
-210 0 obj<</Subtype/Link/Rect[108.0 459.6 164.5 472.6]/Border[0 0 0]/Dest[1301 0 R/XYZ 0 639 0]>>endobj
-211 0 obj<</Subtype/Link/Rect[108.0 446.4 163.9 459.4]/Border[0 0 0]/Dest[1301 0 R/XYZ 0 511 0]>>endobj
-212 0 obj<</Subtype/Link/Rect[108.0 433.2 165.8 446.2]/Border[0 0 0]/Dest[1301 0 R/XYZ 0 436 0]>>endobj
-213 0 obj<</Subtype/Link/Rect[108.0 420.0 158.4 433.0]/Border[0 0 0]/Dest[1303 0 R/XYZ 0 388 0]>>endobj
-214 0 obj<</Subtype/Link/Rect[72.0 393.6 213.2 406.6]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 734 0]>>endobj
-215 0 obj<</Subtype/Link/Rect[108.0 380.4 190.8 393.4]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 668 0]>>endobj
-216 0 obj<</Subtype/Link/Rect[108.0 367.2 157.2 380.2]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 461 0]>>endobj
-217 0 obj<</Subtype/Link/Rect[126.0 354.0 481.3 367.0]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 427 0]>>endobj
-218 0 obj<</Subtype/Link/Rect[126.0 340.8 486.5 353.8]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 734 0]>>endobj
-219 0 obj<</Subtype/Link/Rect[126.0 327.6 437.9 340.6]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 520 0]>>endobj
-220 0 obj<</Subtype/Link/Rect[126.0 314.4 407.7 327.4]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 422 0]>>endobj
-221 0 obj<</Subtype/Link/Rect[108.0 301.2 223.5 314.2]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 165 0]>>endobj
-222 0 obj<</Subtype/Link/Rect[126.0 288.0 300.5 301.0]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 132 0]>>endobj
-223 0 obj<</Subtype/Link/Rect[126.0 274.8 299.5 287.8]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 652 0]>>endobj
-224 0 obj<</Subtype/Link/Rect[126.0 261.6 283.3 274.6]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 501 0]>>endobj
-225 0 obj<</Subtype/Link/Rect[126.0 248.4 249.1 261.4]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 403 0]>>endobj
-226 0 obj<</Subtype/Link/Rect[108.0 235.2 181.9 248.2]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 319 0]>>endobj
-227 0 obj<</Subtype/Link/Rect[108.0 222.0 243.0 235.0]/Border[0 0 0]/Dest[1311 0 R/XYZ 0 734 0]>>endobj
-228 0 obj<</Subtype/Link/Rect[72.0 195.6 284.0 208.6]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 734 0]>>endobj
-229 0 obj<</Subtype/Link/Rect[108.0 182.4 162.4 195.4]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 696 0]>>endobj
-230 0 obj<</Subtype/Link/Rect[108.0 169.2 222.9 182.2]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 581 0]>>endobj
-231 0 obj<</Subtype/Link/Rect[126.0 156.0 215.8 169.0]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 493 0]>>endobj
-232 0 obj<</Subtype/Link/Rect[126.0 142.8 190.8 155.8]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 382 0]>>endobj
-233 0 obj<</Subtype/Link/Rect[72.0 116.4 145.6 129.4]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 734 0]>>endobj
-234 0 obj<</Subtype/Link/Rect[108.0 103.2 162.4 116.2]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 696 0]>>endobj
-235 0 obj<</Subtype/Link/Rect[108.0 90.0 163.3 103.0]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 436 0]>>endobj
-236 0 obj<</Subtype/Link/Rect[108.0 76.8 165.7 89.8]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 295 0]>>endobj
-237 0 obj<</Subtype/Link/Rect[108.0 63.6 170.6 76.6]/Border[0 0 0]/Dest[1319 0 R/XYZ 0 639 0]>>endobj
-238 0 obj[193 0 R
+192 0 R
 194 0 R
-195 0 R
 196 0 R
-197 0 R
 198 0 R
-199 0 R
 200 0 R
-201 0 R
 202 0 R
-203 0 R
-204 0 R
-205 0 R
-206 0 R
+]endobj
+204 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+205 0 obj<</Subtype/Link/Rect[108.0 707.8 200.6 720.8]/Border[0 0 0]/A 204 0 R>>endobj
+206 0 obj<</S/URI/URI(#DOMAINADMINGROUP)>>endobj
+207 0 obj<</Subtype/Link/Rect[497.0 615.4 530.0 628.4]/Border[0 0 0]/A 206 0 R>>endobj
+208 0 obj<</S/URI/URI(#DOMAINADMINGROUP)>>endobj
+209 0 obj<</Subtype/Link/Rect[72.0 602.2 127.9 615.2]/Border[0 0 0]/A 208 0 R>>endobj
+210 0 obj[205 0 R
 207 0 R
-208 0 R
 209 0 R
-210 0 R
-211 0 R
-212 0 R
-213 0 R
+]endobj
+211 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj
+212 0 obj<</Subtype/Link/Rect[72.0 550.6 138.6 563.6]/Border[0 0 0]/A 211 0 R>>endobj
+213 0 obj<</S/URI/URI(#ADDUSERSCRIPT)>>endobj
+214 0 obj<</Subtype/Link/Rect[422.7 229.4 486.9 242.4]/Border[0 0 0]/A 213 0 R>>endobj
+215 0 obj[212 0 R
 214 0 R
-215 0 R
-216 0 R
-217 0 R
-218 0 R
-219 0 R
-220 0 R
-221 0 R
+]endobj
+216 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
+217 0 obj<</Subtype/Link/Rect[164.2 636.2 409.3 649.2]/Border[0 0 0]/A 216 0 R>>endobj
+218 0 obj[217 0 R
+]endobj
+219 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
+220 0 obj<</Subtype/Link/Rect[287.9 721.0 540.0 734.0]/Border[0 0 0]/A 219 0 R>>endobj
+221 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
+222 0 obj<</Subtype/Link/Rect[236.3 681.4 508.6 694.4]/Border[0 0 0]/A 221 0 R>>endobj
+223 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
+224 0 obj<</Subtype/Link/Rect[352.1 266.6 458.1 279.6]/Border[0 0 0]/A 223 0 R>>endobj
+225 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
+226 0 obj<</Subtype/Link/Rect[430.0 253.4 539.4 266.4]/Border[0 0 0]/A 225 0 R>>endobj
+227 0 obj[220 0 R
 222 0 R
-223 0 R
 224 0 R
-225 0 R
 226 0 R
-227 0 R
-228 0 R
-229 0 R
-230 0 R
+]endobj
+228 0 obj<</S/URI/URI(http://samba.org)>>endobj
+229 0 obj<</Subtype/Link/Rect[236.3 338.2 310.8 351.2]/Border[0 0 0]/A 228 0 R>>endobj
+230 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
+231 0 obj<</Subtype/Link/Rect[144.0 285.4 346.1 298.4]/Border[0 0 0]/A 230 0 R>>endobj
+232 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
+233 0 obj<</Subtype/Link/Rect[182.5 259.0 345.0 272.0]/Border[0 0 0]/A 232 0 R>>endobj
+234 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
+235 0 obj<</Subtype/Link/Rect[284.9 245.8 381.4 258.8]/Border[0 0 0]/A 234 0 R>>endobj
+236 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
+237 0 obj<</Subtype/Link/Rect[244.2 232.6 411.2 245.6]/Border[0 0 0]/A 236 0 R>>endobj
+238 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
+239 0 obj<</Subtype/Link/Rect[280.3 219.4 471.9 232.4]/Border[0 0 0]/A 238 0 R>>endobj
+240 0 obj<</S/URI/URI(http://samba.org)>>endobj
+241 0 obj<</Subtype/Link/Rect[361.0 166.6 432.8 179.6]/Border[0 0 0]/A 240 0 R>>endobj
+242 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
+243 0 obj<</Subtype/Link/Rect[301.1 127.0 425.6 140.0]/Border[0 0 0]/A 242 0 R>>endobj
+244 0 obj[229 0 R
 231 0 R
-232 0 R
 233 0 R
-234 0 R
 235 0 R
-236 0 R
-237 0 R]endobj
-239 0 obj<</Subtype/Link/Rect[72.0 684.0 145.6 697.0]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 734 0]>>endobj
-240 0 obj<</Subtype/Link/Rect[108.0 670.8 243.0 683.8]/Border[0 0 0]/Dest[1319 0 R/XYZ 0 287 0]>>endobj
-241 0 obj<</Subtype/Link/Rect[108.0 657.6 141.6 670.6]/Border[0 0 0]/Dest[1319 0 R/XYZ 0 185 0]>>endobj
-242 0 obj<</Subtype/Link/Rect[72.0 631.2 194.3 644.2]/Border[0 0 0]/Dest[1321 0 R/XYZ 0 734 0]>>endobj
-243 0 obj<</Subtype/Link/Rect[72.0 604.8 122.7 617.8]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 734 0]>>endobj
-244 0 obj<</Subtype/Link/Rect[108.0 591.6 137.9 604.6]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 655 0]>>endobj
-245 0 obj<</Subtype/Link/Rect[108.0 578.4 154.1 591.4]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 447 0]>>endobj
-246 0 obj<</Subtype/Link/Rect[108.0 565.2 135.5 578.2]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 333 0]>>endobj
-247 0 obj[239 0 R
-240 0 R
+237 0 R
+239 0 R
 241 0 R
-242 0 R
 243 0 R
-244 0 R
-245 0 R
-246 0 R]endobj
-248 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
-249 0 obj<</Subtype/Link/Rect[185.6 631.0 289.8 644.0]/Border[0 0 0]/A 248 0 R>>endobj
-250 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
-251 0 obj<</Subtype/Link/Rect[72.0 617.8 148.4 630.8]/Border[0 0 0]/A 250 0 R>>endobj
-252 0 obj<</S/URI/URI(http://www.fsf.org/licenses/gpl.txt)>>endobj
-253 0 obj<</Subtype/Link/Rect[72.0 565.0 223.3 578.0]/Border[0 0 0]/A 252 0 R>>endobj
-254 0 obj<</Subtype/Link/Rect[72.0 499.0 212.9 512.0]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 734 0]>>endobj
-255 0 obj<</Subtype/Link/Rect[108.0 485.8 230.5 498.8]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 696 0]>>endobj
-256 0 obj<</Subtype/Link/Rect[108.0 472.6 235.7 485.6]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 568 0]>>endobj
-257 0 obj<</Subtype/Link/Rect[108.0 459.4 239.1 472.4]/Border[0 0 0]/Dest[1095 0 R/XYZ 0 163 0]>>endobj
-258 0 obj<</Subtype/Link/Rect[108.0 446.2 290.4 459.2]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 734 0]>>endobj
-259 0 obj<</Subtype/Link/Rect[108.0 433.0 293.5 446.0]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 382 0]>>endobj
-260 0 obj<</Subtype/Link/Rect[108.0 419.8 265.7 432.8]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 280 0]>>endobj
-261 0 obj<</Subtype/Link/Rect[144.0 406.6 288.5 419.6]/Border[0 0 0]/Dest[1097 0 R/XYZ 0 126 0]>>endobj
-262 0 obj<</Subtype/Link/Rect[144.0 393.4 338.9 406.4]/Border[0 0 0]/Dest[1099 0 R/XYZ 0 300 0]>>endobj
-263 0 obj<</Subtype/Link/Rect[108.0 380.2 345.4 393.2]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 718 0]>>endobj
-264 0 obj<</Subtype/Link/Rect[108.0 367.0 294.7 380.0]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 551 0]>>endobj
-265 0 obj<</Subtype/Link/Rect[108.0 353.8 481.4 366.8]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 383 0]>>endobj
-266 0 obj<</Subtype/Link/Rect[108.0 340.6 232.6 353.6]/Border[0 0 0]/Dest[1101 0 R/XYZ 0 169 0]>>endobj
-267 0 obj<</Subtype/Link/Rect[144.0 327.4 240.2 340.4]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 652 0]>>endobj
-268 0 obj<</Subtype/Link/Rect[144.0 314.2 188.9 327.2]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 594 0]>>endobj
-269 0 obj<</Subtype/Link/Rect[144.0 301.0 270.2 314.0]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 509 0]>>endobj
-270 0 obj<</Subtype/Link/Rect[144.0 287.8 298.6 300.8]/Border[0 0 0]/Dest[1103 0 R/XYZ 0 200 0]>>endobj
-271 0 obj<</Subtype/Link/Rect[144.0 274.6 179.4 287.6]/Border[0 0 0]/Dest[1105 0 R/XYZ 0 718 0]>>endobj
-272 0 obj<</Subtype/Link/Rect[144.0 261.4 236.0 274.4]/Border[0 0 0]/Dest[1105 0 R/XYZ 0 264 0]>>endobj
-273 0 obj<</Subtype/Link/Rect[72.0 248.2 208.0 261.2]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 734 0]>>endobj
-274 0 obj<</Subtype/Link/Rect[108.0 235.0 163.0 248.0]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 696 0]>>endobj
-275 0 obj<</Subtype/Link/Rect[108.0 221.8 163.6 234.8]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 529 0]>>endobj
-276 0 obj<</Subtype/Link/Rect[108.0 208.6 130.6 221.6]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 170 0]>>endobj
-277 0 obj<</Subtype/Link/Rect[144.0 195.4 170.6 208.4]/Border[0 0 0]/Dest[1107 0 R/XYZ 0 136 0]>>endobj
-278 0 obj<</Subtype/Link/Rect[144.0 182.2 170.6 195.2]/Border[0 0 0]/Dest[1109 0 R/XYZ 0 705 0]>>endobj
-279 0 obj<</Subtype/Link/Rect[144.0 169.0 170.6 182.0]/Border[0 0 0]/Dest[1109 0 R/XYZ 0 501 0]>>endobj
-280 0 obj<</Subtype/Link/Rect[144.0 155.8 170.6 168.8]/Border[0 0 0]/Dest[1111 0 R/XYZ 0 573 0]>>endobj
-281 0 obj<</Subtype/Link/Rect[144.0 142.6 170.6 155.6]/Border[0 0 0]/Dest[1111 0 R/XYZ 0 422 0]>>endobj
-282 0 obj<</Subtype/Link/Rect[144.0 129.4 170.6 142.4]/Border[0 0 0]/Dest[1111 0 R/XYZ 0 298 0]>>endobj
-283 0 obj<</Subtype/Link/Rect[144.0 116.2 170.6 129.2]/Border[0 0 0]/Dest[1113 0 R/XYZ 0 705 0]>>endobj
-284 0 obj<</Subtype/Link/Rect[144.0 103.0 170.6 116.0]/Border[0 0 0]/Dest[1113 0 R/XYZ 0 343 0]>>endobj
-285 0 obj<</Subtype/Link/Rect[144.0 89.8 170.6 102.8]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 679 0]>>endobj
-286 0 obj<</Subtype/Link/Rect[144.0 76.6 176.1 89.6]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 528 0]>>endobj
-287 0 obj<</Subtype/Link/Rect[144.0 63.4 176.1 76.4]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 390 0]>>endobj
-288 0 obj[249 0 R
-251 0 R
-253 0 R
-254 0 R
-255 0 R
-256 0 R
-257 0 R
-258 0 R
-259 0 R
-260 0 R
-261 0 R
+]endobj
+245 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
+246 0 obj<</Subtype/Link/Rect[135.5 351.4 227.8 364.4]/Border[0 0 0]/A 245 0 R>>endobj
+247 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
+248 0 obj<</Subtype/Link/Rect[309.0 338.2 330.7 351.2]/Border[0 0 0]/A 247 0 R>>endobj
+249 0 obj[246 0 R
+248 0 R
+]endobj
+250 0 obj<</S/URI/URI(Samba-PDC-HOWTO.html)>>endobj
+251 0 obj<</Subtype/Link/Rect[213.2 616.6 317.8 629.6]/Border[0 0 0]/A 250 0 R>>endobj
+252 0 obj[251 0 R
+]endobj
+253 0 obj<</S/URI/URI(smbpasswd.8.html)>>endobj
+254 0 obj<</Subtype/Link/Rect[244.7 91.4 311.3 104.4]/Border[0 0 0]/A 253 0 R>>endobj
+255 0 obj[254 0 R
+]endobj
+256 0 obj<</S/URI/URI(Samba-LDAP-HOWTO.html)>>endobj
+257 0 obj<</Subtype/Link/Rect[72.0 189.8 184.0 202.8]/Border[0 0 0]/A 256 0 R>>endobj
+258 0 obj[257 0 R
+]endobj
+259 0 obj<</S/URI/URI(http://www.openldap.org/)>>endobj
+260 0 obj<</Subtype/Link/Rect[172.3 563.8 285.9 576.8]/Border[0 0 0]/A 259 0 R>>endobj
+261 0 obj<</S/URI/URI(http://iplanet.netscape.com/directory)>>endobj
+262 0 obj<</Subtype/Link/Rect[226.6 550.6 387.9 563.6]/Border[0 0 0]/A 261 0 R>>endobj
+263 0 obj<</S/URI/URI(http://www.ora.com/)>>endobj
+264 0 obj<</Subtype/Link/Rect[115.4 524.2 202.0 537.2]/Border[0 0 0]/A 263 0 R>>endobj
+265 0 obj<</S/URI/URI(http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html)>>endobj
+266 0 obj<</Subtype/Link/Rect[127.9 458.2 267.5 471.2]/Border[0 0 0]/A 265 0 R>>endobj
+267 0 obj<</S/URI/URI(http://samba.idealx.org/)>>endobj
+268 0 obj<</Subtype/Link/Rect[246.4 445.0 287.3 458.0]/Border[0 0 0]/A 267 0 R>>endobj
+269 0 obj<</S/URI/URI(#ENCRYPTPASSWORDS)>>endobj
+270 0 obj<</Subtype/Link/Rect[215.6 347.0 332.5 360.0]/Border[0 0 0]/A 269 0 R>>endobj
+271 0 obj[260 0 R
 262 0 R
-263 0 R
 264 0 R
-265 0 R
 266 0 R
-267 0 R
 268 0 R
-269 0 R
 270 0 R
-271 0 R
-272 0 R
-273 0 R
-274 0 R
+]endobj
+272 0 obj<</S/URI/URI(http://www.padl.com/)>>endobj
+273 0 obj<</Subtype/Link/Rect[284.3 575.8 380.9 588.8]/Border[0 0 0]/A 272 0 R>>endobj
+274 0 obj<</S/URI/URI(samba-patches@samba.org)>>endobj
+275 0 obj<</Subtype/Link/Rect[335.0 451.4 458.0 464.4]/Border[0 0 0]/A 274 0 R>>endobj
+276 0 obj<</S/URI/URI(jerry@samba.org)>>endobj
+277 0 obj<</Subtype/Link/Rect[479.4 451.4 555.8 464.4]/Border[0 0 0]/A 276 0 R>>endobj
+278 0 obj<</S/URI/URI(jerry@samba.org)>>endobj
+279 0 obj<</Subtype/Link/Rect[304.2 210.6 380.6 223.6]/Border[0 0 0]/A 278 0 R>>endobj
+280 0 obj[273 0 R
 275 0 R
-276 0 R
 277 0 R
-278 0 R
 279 0 R
-280 0 R
-281 0 R
-282 0 R
-283 0 R
+]endobj
+281 0 obj<</S/URI/URI(#LDAPSSL)>>endobj
+282 0 obj<</Subtype/Link/Rect[108.0 535.4 141.3 548.4]/Border[0 0 0]/A 281 0 R>>endobj
+283 0 obj<</S/URI/URI(#LDAPSERVER)>>endobj
+284 0 obj<</Subtype/Link/Rect[108.0 522.2 156.6 535.2]/Border[0 0 0]/A 283 0 R>>endobj
+285 0 obj<</S/URI/URI(#LDAPADMINDN)>>endobj
+286 0 obj<</Subtype/Link/Rect[108.0 509.0 170.9 522.0]/Border[0 0 0]/A 285 0 R>>endobj
+287 0 obj<</S/URI/URI(#LDAPSUFFIX)>>endobj
+288 0 obj<</Subtype/Link/Rect[108.0 495.8 155.4 508.8]/Border[0 0 0]/A 287 0 R>>endobj
+289 0 obj<</S/URI/URI(#LDAPFILTER)>>endobj
+290 0 obj<</Subtype/Link/Rect[108.0 482.6 151.1 495.6]/Border[0 0 0]/A 289 0 R>>endobj
+291 0 obj<</S/URI/URI(#LDAPPORT)>>endobj
+292 0 obj<</Subtype/Link/Rect[108.0 469.4 147.4 482.4]/Border[0 0 0]/A 291 0 R>>endobj
+293 0 obj<</S/URI/URI(smb.conf.5.html)>>endobj
+294 0 obj<</Subtype/Link/Rect[189.6 443.0 243.1 456.0]/Border[0 0 0]/A 293 0 R>>endobj
+295 0 obj[282 0 R
 284 0 R
-285 0 R
 286 0 R
-287 0 R]endobj
-289 0 obj<</Subtype/Link/Rect[108.0 721.0 202.7 734.0]/Border[0 0 0]/Dest[1115 0 R/XYZ 0 253 0]>>endobj
-290 0 obj<</Subtype/Link/Rect[72.0 707.8 278.9 720.8]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 734 0]>>endobj
-291 0 obj<</Subtype/Link/Rect[108.0 694.6 141.6 707.6]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 696 0]>>endobj
-292 0 obj<</Subtype/Link/Rect[108.0 681.4 306.6 694.4]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 463 0]>>endobj
-293 0 obj<</Subtype/Link/Rect[144.0 668.2 210.0 681.2]/Border[0 0 0]/Dest[1117 0 R/XYZ 0 335 0]>>endobj
-294 0 obj<</Subtype/Link/Rect[144.0 655.0 249.6 668.0]/Border[0 0 0]/Dest[1119 0 R/XYZ 0 454 0]>>endobj
-295 0 obj<</Subtype/Link/Rect[144.0 641.8 236.4 654.8]/Border[0 0 0]/Dest[1119 0 R/XYZ 0 317 0]>>endobj
-296 0 obj<</Subtype/Link/Rect[144.0 628.6 262.8 641.6]/Border[0 0 0]/Dest[1119 0 R/XYZ 0 168 0]>>endobj
-297 0 obj<</Subtype/Link/Rect[108.0 615.4 359.5 628.4]/Border[0 0 0]/Dest[1121 0 R/XYZ 0 347 0]>>endobj
-298 0 obj<</Subtype/Link/Rect[144.0 602.2 261.6 615.2]/Border[0 0 0]/Dest[1123 0 R/XYZ 0 295 0]>>endobj
-299 0 obj<</Subtype/Link/Rect[144.0 589.0 228.3 602.0]/Border[0 0 0]/Dest[1125 0 R/XYZ 0 734 0]>>endobj
-300 0 obj<</Subtype/Link/Rect[144.0 575.8 193.8 588.8]/Border[0 0 0]/Dest[1127 0 R/XYZ 0 456 0]>>endobj
-301 0 obj<</Subtype/Link/Rect[144.0 562.6 200.5 575.6]/Border[0 0 0]/Dest[1127 0 R/XYZ 0 358 0]>>endobj
-302 0 obj<</Subtype/Link/Rect[144.0 549.4 205.4 562.4]/Border[0 0 0]/Dest[1127 0 R/XYZ 0 221 0]>>endobj
-303 0 obj<</Subtype/Link/Rect[108.0 536.2 504.0 549.2]/Border[0 0 0]/Dest[1129 0 R/XYZ 0 667 0]>>endobj
-304 0 obj<</Subtype/Link/Rect[108.0 523.0 476.2 536.0]/Border[0 0 0]/Dest[1131 0 R/XYZ 0 734 0]>>endobj
-305 0 obj<</Subtype/Link/Rect[144.0 509.8 360.6 522.8]/Border[0 0 0]/Dest[1133 0 R/XYZ 0 692 0]>>endobj
-306 0 obj<</Subtype/Link/Rect[144.0 496.6 422.6 509.6]/Border[0 0 0]/Dest[1133 0 R/XYZ 0 440 0]>>endobj
-307 0 obj<</Subtype/Link/Rect[144.0 483.4 344.1 496.4]/Border[0 0 0]/Dest[1135 0 R/XYZ 0 734 0]>>endobj
-308 0 obj<</Subtype/Link/Rect[108.0 470.2 162.4 483.2]/Border[0 0 0]/Dest[1135 0 R/XYZ 0 172 0]>>endobj
-309 0 obj<</Subtype/Link/Rect[72.0 457.0 385.2 470.0]/Border[0 0 0]/Dest[1139 0 R/XYZ 0 734 0]>>endobj
-310 0 obj<</Subtype/Link/Rect[108.0 443.8 182.5 456.8]/Border[0 0 0]/Dest[1139 0 R/XYZ 0 672 0]>>endobj
-311 0 obj<</Subtype/Link/Rect[108.0 430.6 225.6 443.6]/Border[0 0 0]/Dest[1141 0 R/XYZ 0 127 0]>>endobj
-312 0 obj<</Subtype/Link/Rect[108.0 417.4 249.2 430.4]/Border[0 0 0]/Dest[1143 0 R/XYZ 0 679 0]>>endobj
-313 0 obj<</Subtype/Link/Rect[72.0 404.2 333.5 417.2]/Border[0 0 0]/Dest[1145 0 R/XYZ 0 734 0]>>endobj
-314 0 obj<</Subtype/Link/Rect[108.0 391.0 160.6 404.0]/Border[0 0 0]/Dest[1145 0 R/XYZ 0 672 0]>>endobj
-315 0 obj<</Subtype/Link/Rect[144.0 377.8 169.1 390.8]/Border[0 0 0]/Dest[1147 0 R/XYZ 0 652 0]>>endobj
-316 0 obj<</Subtype/Link/Rect[72.0 364.6 341.5 377.6]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 734 0]>>endobj
-317 0 obj<</Subtype/Link/Rect[108.0 351.4 422.4 364.4]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 672 0]>>endobj
-318 0 obj<</Subtype/Link/Rect[108.0 338.2 299.3 351.2]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 497 0]>>endobj
-319 0 obj<</Subtype/Link/Rect[108.0 325.0 209.5 338.0]/Border[0 0 0]/Dest[1149 0 R/XYZ 0 330 0]>>endobj
-320 0 obj<</Subtype/Link/Rect[108.0 311.8 271.8 324.8]/Border[0 0 0]/Dest[1151 0 R/XYZ 0 665 0]>>endobj
-321 0 obj<</Subtype/Link/Rect[144.0 298.6 218.2 311.6]/Border[0 0 0]/Dest[1151 0 R/XYZ 0 432 0]>>endobj
-322 0 obj<</Subtype/Link/Rect[144.0 285.4 243.3 298.4]/Border[0 0 0]/Dest[1151 0 R/XYZ 0 189 0]>>endobj
-323 0 obj<</Subtype/Link/Rect[108.0 272.2 280.9 285.2]/Border[0 0 0]/Dest[1153 0 R/XYZ 0 692 0]>>endobj
-324 0 obj<</Subtype/Link/Rect[108.0 259.0 377.8 272.0]/Border[0 0 0]/Dest[1153 0 R/XYZ 0 260 0]>>endobj
-325 0 obj<</Subtype/Link/Rect[108.0 245.8 368.0 258.8]/Border[0 0 0]/Dest[1157 0 R/XYZ 0 599 0]>>endobj
-326 0 obj<</Subtype/Link/Rect[72.0 232.6 214.4 245.6]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 734 0]>>endobj
-327 0 obj<</Subtype/Link/Rect[108.0 219.4 163.0 232.4]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 696 0]>>endobj
-328 0 obj<</Subtype/Link/Rect[108.0 206.2 170.3 219.2]/Border[0 0 0]/Dest[1159 0 R/XYZ 0 278 0]>>endobj
-329 0 obj<</Subtype/Link/Rect[144.0 193.0 221.3 206.0]/Border[0 0 0]/Dest[1161 0 R/XYZ 0 702 0]>>endobj
-330 0 obj<</Subtype/Link/Rect[144.0 179.8 304.1 192.8]/Border[0 0 0]/Dest[1163 0 R/XYZ 0 469 0]>>endobj
-331 0 obj<</Subtype/Link/Rect[144.0 166.6 298.3 179.6]/Border[0 0 0]/Dest[1165 0 R/XYZ 0 705 0]>>endobj
-332 0 obj<</Subtype/Link/Rect[144.0 153.4 353.9 166.4]/Border[0 0 0]/Dest[1165 0 R/XYZ 0 332 0]>>endobj
-333 0 obj<</Subtype/Link/Rect[144.0 140.2 254.3 153.2]/Border[0 0 0]/Dest[1167 0 R/XYZ 0 155 0]>>endobj
-334 0 obj<</Subtype/Link/Rect[108.0 127.0 199.7 140.0]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 652 0]>>endobj
-335 0 obj<</Subtype/Link/Rect[144.0 113.8 222.8 126.8]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 551 0]>>endobj
-336 0 obj<</Subtype/Link/Rect[144.0 100.6 294.6 113.6]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 426 0]>>endobj
-337 0 obj<</Subtype/Link/Rect[144.0 87.4 230.8 100.4]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 341 0]>>endobj
-338 0 obj<</Subtype/Link/Rect[144.0 74.2 243.6 87.2]/Border[0 0 0]/Dest[1169 0 R/XYZ 0 243 0]>>endobj
-339 0 obj<</Subtype/Link/Rect[108.0 61.0 279.7 63.0]/Border[0 0 0]/Dest[1171 0 R/XYZ 0 357 0]>>endobj
-340 0 obj[289 0 R
+288 0 R
 290 0 R
-291 0 R
 292 0 R
-293 0 R
 294 0 R
-295 0 R
-296 0 R
-297 0 R
-298 0 R
+]endobj
+296 0 obj<</S/URI/URI(http://search.cpan.org/)>>endobj
+297 0 obj<</Subtype/Link/Rect[195.1 558.2 293.4 571.2]/Border[0 0 0]/A 296 0 R>>endobj
+298 0 obj<</S/URI/URI(http://perl-ldap.sf.net/)>>endobj
+299 0 obj<</Subtype/Link/Rect[108.0 545.0 206.5 558.0]/Border[0 0 0]/A 298 0 R>>endobj
+300 0 obj<</S/URI/URI(ENCRYPTION.html)>>endobj
+301 0 obj<</Subtype/Link/Rect[72.0 137.8 176.8 150.8]/Border[0 0 0]/A 300 0 R>>endobj
+302 0 obj[297 0 R
 299 0 R
-300 0 R
 301 0 R
-302 0 R
-303 0 R
-304 0 R
-305 0 R
-306 0 R
-307 0 R
-308 0 R
-309 0 R
-310 0 R
-311 0 R
-312 0 R
-313 0 R
-314 0 R
+]endobj
+303 0 obj<</S/URI/URI(Samba-PDC-HOWTO.html)>>endobj
+304 0 obj<</Subtype/Link/Rect[72.0 90.2 176.7 103.2]/Border[0 0 0]/A 303 0 R>>endobj
+305 0 obj[304 0 R
+]endobj
+306 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
+307 0 obj<</Subtype/Link/Rect[305.4 662.6 381.8 675.6]/Border[0 0 0]/A 306 0 R>>endobj
+308 0 obj[307 0 R
+]endobj
+309 0 obj<</S/URI/URI(mailto:jtrostel@snapserver.com)>>endobj
+310 0 obj<</Subtype/Link/Rect[200.6 255.4 310.1 268.4]/Border[0 0 0]/A 309 0 R>>endobj
+311 0 obj[310 0 R
+]endobj
+312 0 obj<</S/URI/URI(http://samba.org/)>>endobj
+313 0 obj<</Subtype/Link/Rect[478.3 385.4 542.2 398.4]/Border[0 0 0]/A 312 0 R>>endobj
+314 0 obj<</S/URI/URI(http://samba.org/)>>endobj
+315 0 obj<</Subtype/Link/Rect[72.0 372.2 113.8 385.2]/Border[0 0 0]/A 314 0 R>>endobj
+316 0 obj[313 0 R
 315 0 R
-316 0 R
-317 0 R
-318 0 R
-319 0 R
+]endobj
+317 0 obj<</S/URI/URI(winbindd.8.html)>>endobj
+318 0 obj<</Subtype/Link/Rect[309.0 227.4 363.4 240.4]/Border[0 0 0]/A 317 0 R>>endobj
+319 0 obj<</S/URI/URI(#WINBINDSEPARATOR)>>endobj
+320 0 obj<</Subtype/Link/Rect[100.0 156.4 191.8 167.4]/Border[0 0 0]/A 319 0 R>>endobj
+321 0 obj<</S/URI/URI(#WINBINDUID)>>endobj
+322 0 obj<</Subtype/Link/Rect[100.0 134.8 159.4 145.8]/Border[0 0 0]/A 321 0 R>>endobj
+323 0 obj<</S/URI/URI(#WINBINDGID)>>endobj
+324 0 obj<</Subtype/Link/Rect[100.0 113.2 159.4 124.2]/Border[0 0 0]/A 323 0 R>>endobj
+325 0 obj<</S/URI/URI(#WINBINDENUMUSERS)>>endobj
+326 0 obj<</Subtype/Link/Rect[100.0 70.0 197.2 81.0]/Border[0 0 0]/A 325 0 R>>endobj
+327 0 obj<</S/URI/URI(#WINBINDENUMGROUP)>>endobj
+328 0 obj<</Subtype/Link/Rect[100.0 59.2 202.6 70.2]/Border[0 0 0]/A 327 0 R>>endobj
+329 0 obj[318 0 R
 320 0 R
-321 0 R
 322 0 R
-323 0 R
 324 0 R
-325 0 R
 326 0 R
-327 0 R
 328 0 R
-329 0 R
-330 0 R
-331 0 R
-332 0 R
+]endobj
+330 0 obj<</S/URI/URI(#TEMPLATEHOMEDIR)>>endobj
+331 0 obj<</Subtype/Link/Rect[100.0 711.2 186.4 722.2]/Border[0 0 0]/A 330 0 R>>endobj
+332 0 obj<</S/URI/URI(#TEMPLATESHELL)>>endobj
+333 0 obj<</Subtype/Link/Rect[100.0 700.4 175.6 711.4]/Border[0 0 0]/A 332 0 R>>endobj
+334 0 obj[331 0 R
 333 0 R
-334 0 R
-335 0 R
-336 0 R
-337 0 R
+]endobj
+335 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
+336 0 obj<</Subtype/Link/Rect[331.1 607.0 550.0 620.0]/Border[0 0 0]/A 335 0 R>>endobj
+337 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
+338 0 obj<</Subtype/Link/Rect[72.0 241.4 319.2 254.4]/Border[0 0 0]/A 337 0 R>>endobj
+339 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
+340 0 obj<</Subtype/Link/Rect[346.1 241.4 544.2 254.4]/Border[0 0 0]/A 339 0 R>>endobj
+341 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
+342 0 obj<</Subtype/Link/Rect[175.9 117.8 366.2 130.8]/Border[0 0 0]/A 341 0 R>>endobj
+343 0 obj[336 0 R
 338 0 R
-339 0 R]endobj
-341 0 obj<</Subtype/Link/Rect[72.0 721.0 205.2 734.0]/Border[0 0 0]/Dest[1175 0 R/XYZ 0 734 0]>>endobj
-342 0 obj<</Subtype/Link/Rect[108.0 707.8 163.0 720.8]/Border[0 0 0]/Dest[1175 0 R/XYZ 0 696 0]>>endobj
-343 0 obj<</Subtype/Link/Rect[108.0 694.6 233.9 707.6]/Border[0 0 0]/Dest[1177 0 R/XYZ 0 734 0]>>endobj
-344 0 obj<</Subtype/Link/Rect[108.0 681.4 218.0 694.4]/Border[0 0 0]/Dest[1177 0 R/XYZ 0 272 0]>>endobj
-345 0 obj<</Subtype/Link/Rect[108.0 668.2 270.2 681.2]/Border[0 0 0]/Dest[1179 0 R/XYZ 0 734 0]>>endobj
-346 0 obj<</Subtype/Link/Rect[108.0 655.0 191.7 668.0]/Border[0 0 0]/Dest[1179 0 R/XYZ 0 301 0]>>endobj
-347 0 obj<</Subtype/Link/Rect[108.0 641.8 213.7 654.8]/Border[0 0 0]/Dest[1181 0 R/XYZ 0 617 0]>>endobj
-348 0 obj<</Subtype/Link/Rect[108.0 628.6 210.7 641.6]/Border[0 0 0]/Dest[1181 0 R/XYZ 0 264 0]>>endobj
-349 0 obj<</Subtype/Link/Rect[108.0 615.4 190.8 628.4]/Border[0 0 0]/Dest[1181 0 R/XYZ 0 175 0]>>endobj
-350 0 obj<</Subtype/Link/Rect[108.0 602.2 177.4 615.2]/Border[0 0 0]/Dest[1183 0 R/XYZ 0 734 0]>>endobj
-351 0 obj<</Subtype/Link/Rect[72.0 589.0 135.8 602.0]/Border[0 0 0]/Dest[1185 0 R/XYZ 0 734 0]>>endobj
-352 0 obj<</Subtype/Link/Rect[108.0 575.8 163.0 588.8]/Border[0 0 0]/Dest[1185 0 R/XYZ 0 696 0]>>endobj
-353 0 obj<</Subtype/Link/Rect[108.0 562.6 303.2 575.6]/Border[0 0 0]/Dest[1185 0 R/XYZ 0 465 0]>>endobj
-354 0 obj<</Subtype/Link/Rect[72.0 549.4 212.6 562.4]/Border[0 0 0]/Dest[1189 0 R/XYZ 0 734 0]>>endobj
-355 0 obj<</Subtype/Link/Rect[108.0 536.2 280.0 549.2]/Border[0 0 0]/Dest[1189 0 R/XYZ 0 696 0]>>endobj
-356 0 obj<</Subtype/Link/Rect[108.0 523.0 267.5 536.0]/Border[0 0 0]/Dest[1191 0 R/XYZ 0 362 0]>>endobj
-357 0 obj<</Subtype/Link/Rect[108.0 509.8 290.5 522.8]/Border[0 0 0]/Dest[1191 0 R/XYZ 0 155 0]>>endobj
-358 0 obj<</Subtype/Link/Rect[72.0 496.6 352.5 509.6]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 734 0]>>endobj
-359 0 obj<</Subtype/Link/Rect[108.0 483.4 145.3 496.4]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 672 0]>>endobj
-360 0 obj<</Subtype/Link/Rect[108.0 470.2 163.0 483.2]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 544 0]>>endobj
-361 0 obj<</Subtype/Link/Rect[108.0 457.0 213.1 470.0]/Border[0 0 0]/Dest[1195 0 R/XYZ 0 231 0]>>endobj
-362 0 obj<</Subtype/Link/Rect[144.0 443.8 197.5 456.8]/Border[0 0 0]/Dest[1197 0 R/XYZ 0 560 0]>>endobj
-363 0 obj<</Subtype/Link/Rect[108.0 430.6 199.7 443.6]/Border[0 0 0]/Dest[1197 0 R/XYZ 0 409 0]>>endobj
-364 0 obj<</Subtype/Link/Rect[144.0 417.4 297.7 430.4]/Border[0 0 0]/Dest[1197 0 R/XYZ 0 294 0]>>endobj
-365 0 obj<</Subtype/Link/Rect[144.0 404.2 236.9 417.2]/Border[0 0 0]/Dest[1199 0 R/XYZ 0 734 0]>>endobj
-366 0 obj<</Subtype/Link/Rect[144.0 391.0 297.4 404.0]/Border[0 0 0]/Dest[1199 0 R/XYZ 0 292 0]>>endobj
-367 0 obj<</Subtype/Link/Rect[144.0 377.8 279.0 390.8]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 665 0]>>endobj
-368 0 obj<</Subtype/Link/Rect[144.0 364.6 211.5 377.6]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 488 0]>>endobj
-369 0 obj<</Subtype/Link/Rect[108.0 351.4 243.1 364.4]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 351 0]>>endobj
-370 0 obj<</Subtype/Link/Rect[144.0 338.2 199.0 351.2]/Border[0 0 0]/Dest[1201 0 R/XYZ 0 209 0]>>endobj
-371 0 obj<</Subtype/Link/Rect[144.0 325.0 204.5 338.0]/Border[0 0 0]/Dest[1203 0 R/XYZ 0 599 0]>>endobj
-372 0 obj<</Subtype/Link/Rect[144.0 311.8 228.3 324.8]/Border[0 0 0]/Dest[1203 0 R/XYZ 0 330 0]>>endobj
-373 0 obj<</Subtype/Link/Rect[108.0 298.6 158.1 311.6]/Border[0 0 0]/Dest[1217 0 R/XYZ 0 217 0]>>endobj
-374 0 obj<</Subtype/Link/Rect[108.0 285.4 158.1 298.4]/Border[0 0 0]/Dest[1219 0 R/XYZ 0 679 0]>>endobj
-375 0 obj<</Subtype/Link/Rect[72.0 272.2 348.2 285.2]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 734 0]>>endobj
-376 0 obj<</Subtype/Link/Rect[108.0 259.0 201.8 272.0]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 672 0]>>endobj
-377 0 obj<</Subtype/Link/Rect[108.0 245.8 161.8 258.8]/Border[0 0 0]/Dest[1221 0 R/XYZ 0 584 0]>>endobj
-378 0 obj<</Subtype/Link/Rect[108.0 232.6 298.1 245.6]/Border[0 0 0]/Dest[1223 0 R/XYZ 0 718 0]>>endobj
-379 0 obj<</Subtype/Link/Rect[108.0 219.4 412.0 232.4]/Border[0 0 0]/Dest[1225 0 R/XYZ 0 613 0]>>endobj
-380 0 obj<</Subtype/Link/Rect[144.0 206.2 341.7 219.2]/Border[0 0 0]/Dest[1225 0 R/XYZ 0 227 0]>>endobj
-381 0 obj<</Subtype/Link/Rect[144.0 193.0 373.1 206.0]/Border[0 0 0]/Dest[1227 0 R/XYZ 0 356 0]>>endobj
-382 0 obj<</Subtype/Link/Rect[144.0 179.8 288.5 192.8]/Border[0 0 0]/Dest[1227 0 R/XYZ 0 143 0]>>endobj
-383 0 obj<</Subtype/Link/Rect[108.0 166.6 244.0 179.6]/Border[0 0 0]/Dest[1229 0 R/XYZ 0 467 0]>>endobj
-384 0 obj<</Subtype/Link/Rect[108.0 153.4 233.6 166.4]/Border[0 0 0]/Dest[1231 0 R/XYZ 0 205 0]>>endobj
-385 0 obj<</Subtype/Link/Rect[108.0 140.2 225.6 153.2]/Border[0 0 0]/Dest[1233 0 R/XYZ 0 203 0]>>endobj
-386 0 obj<</Subtype/Link/Rect[108.0 127.0 271.2 140.0]/Border[0 0 0]/Dest[1239 0 R/XYZ 0 547 0]>>endobj
-387 0 obj<</Subtype/Link/Rect[144.0 113.8 340.5 126.8]/Border[0 0 0]/Dest[1241 0 R/XYZ 0 560 0]>>endobj
-388 0 obj<</Subtype/Link/Rect[144.0 100.6 416.6 113.6]/Border[0 0 0]/Dest[1241 0 R/XYZ 0 126 0]>>endobj
-389 0 obj<</Subtype/Link/Rect[108.0 87.4 404.4 100.4]/Border[0 0 0]/Dest[1249 0 R/XYZ 0 135 0]>>endobj
-390 0 obj<</Subtype/Link/Rect[72.0 74.2 438.4 87.2]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 734 0]>>endobj
-391 0 obj<</Subtype/Link/Rect[108.0 61.0 201.8 74.0]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 672 0]>>endobj
-392 0 obj[341 0 R
+340 0 R
 342 0 R
-343 0 R
-344 0 R
-345 0 R
-346 0 R
-347 0 R
-348 0 R
-349 0 R
+]endobj
+344 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
+345 0 obj<</Subtype/Link/Rect[225.7 661.0 434.8 674.0]/Border[0 0 0]/A 344 0 R>>endobj
+346 0 obj[345 0 R
+]endobj
+347 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj
+348 0 obj<</Subtype/Link/Rect[357.1 577.0 500.7 590.0]/Border[0 0 0]/A 347 0 R>>endobj
+349 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj
+350 0 obj<</Subtype/Link/Rect[138.6 354.6 283.2 367.6]/Border[0 0 0]/A 349 0 R>>endobj
+351 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj
+352 0 obj<</Subtype/Link/Rect[394.3 230.2 498.2 243.2]/Border[0 0 0]/A 351 0 R>>endobj
+353 0 obj[348 0 R
 350 0 R
-351 0 R
 352 0 R
-353 0 R
-354 0 R
-355 0 R
-356 0 R
-357 0 R
+]endobj
+354 0 obj<</S/URI/URI(x1242.htm)>>endobj
+355 0 obj<</Subtype/Link/Rect[201.6 408.2 258.1 421.2]/Border[0 0 0]/A 354 0 R>>endobj
+356 0 obj[355 0 R
+]endobj
+357 0 obj<</Subtype/Link/Rect[72.0 684.0 277.3 697.0]/Border[0 0 0]/Dest[693 0 R/XYZ null 798 0]>>endobj
+358 0 obj<</Subtype/Link/Rect[108.0 670.8 249.2 683.8]/Border[0 0 0]/Dest[693 0 R/XYZ null 730 0]>>endobj
+359 0 obj<</Subtype/Link/Rect[108.0 657.6 255.0 670.6]/Border[0 0 0]/Dest[693 0 R/XYZ null 593 0]>>endobj
+360 0 obj<</Subtype/Link/Rect[108.0 644.4 257.7 657.4]/Border[0 0 0]/Dest[693 0 R/XYZ null 178 0]>>endobj
+361 0 obj<</Subtype/Link/Rect[108.0 631.2 309.0 644.2]/Border[0 0 0]/Dest[696 0 R/XYZ null 739 0]>>endobj
+362 0 obj<</Subtype/Link/Rect[108.0 618.0 316.7 631.0]/Border[0 0 0]/Dest[696 0 R/XYZ null 379 0]>>endobj
+363 0 obj<</Subtype/Link/Rect[108.0 604.8 284.9 617.8]/Border[0 0 0]/Dest[696 0 R/XYZ null 268 0]>>endobj
+364 0 obj<</Subtype/Link/Rect[108.0 591.6 280.0 604.6]/Border[0 0 0]/Dest[699 0 R/XYZ null 768 0]>>endobj
+365 0 obj<</Subtype/Link/Rect[108.0 578.4 328.6 591.4]/Border[0 0 0]/Dest[699 0 R/XYZ null 266 0]>>endobj
+366 0 obj<</Subtype/Link/Rect[108.0 565.2 364.9 578.2]/Border[0 0 0]/Dest[702 0 R/XYZ null 686 0]>>endobj
+367 0 obj<</Subtype/Link/Rect[108.0 552.0 315.8 565.0]/Border[0 0 0]/Dest[702 0 R/XYZ null 509 0]>>endobj
+368 0 obj<</Subtype/Link/Rect[108.0 538.8 514.3 551.8]/Border[0 0 0]/Dest[702 0 R/XYZ null 332 0]>>endobj
+369 0 obj<</Subtype/Link/Rect[108.0 525.6 259.4 538.6]/Border[0 0 0]/Dest[705 0 R/XYZ null 768 0]>>endobj
+370 0 obj<</Subtype/Link/Rect[108.0 512.4 236.0 525.4]/Border[0 0 0]/Dest[705 0 R/XYZ null 577 0]>>endobj
+371 0 obj<</Subtype/Link/Rect[108.0 499.2 186.5 512.2]/Border[0 0 0]/Dest[705 0 R/XYZ null 505 0]>>endobj
+372 0 obj<</Subtype/Link/Rect[108.0 486.0 267.2 499.0]/Border[0 0 0]/Dest[705 0 R/XYZ null 407 0]>>endobj
+373 0 obj<</Subtype/Link/Rect[108.0 472.8 295.6 485.8]/Border[0 0 0]/Dest[708 0 R/XYZ null 768 0]>>endobj
+374 0 obj<</Subtype/Link/Rect[108.0 459.6 177.7 472.6]/Border[0 0 0]/Dest[708 0 R/XYZ null 643 0]>>endobj
+375 0 obj<</Subtype/Link/Rect[108.0 446.4 232.3 459.4]/Border[0 0 0]/Dest[708 0 R/XYZ null 175 0]>>endobj
+376 0 obj<</Subtype/Link/Rect[108.0 433.2 232.6 446.2]/Border[0 0 0]/Dest[711 0 R/XYZ null 768 0]>>endobj
+377 0 obj<</Subtype/Link/Rect[72.0 406.8 348.8 419.8]/Border[0 0 0]/Dest[714 0 R/XYZ null 798 0]>>endobj
+378 0 obj<</Subtype/Link/Rect[108.0 393.6 161.5 406.6]/Border[0 0 0]/Dest[714 0 R/XYZ null 706 0]>>endobj
+379 0 obj<</Subtype/Link/Rect[108.0 380.4 327.7 393.4]/Border[0 0 0]/Dest[714 0 R/XYZ null 463 0]>>endobj
+380 0 obj<</Subtype/Link/Rect[108.0 367.2 177.1 380.2]/Border[0 0 0]/Dest[714 0 R/XYZ null 325 0]>>endobj
+381 0 obj<</Subtype/Link/Rect[108.0 354.0 203.6 367.0]/Border[0 0 0]/Dest[717 0 R/XYZ null 435 0]>>endobj
+382 0 obj<</Subtype/Link/Rect[108.0 340.8 195.1 353.8]/Border[0 0 0]/Dest[717 0 R/XYZ null 285 0]>>endobj
+383 0 obj<</Subtype/Link/Rect[108.0 327.6 215.2 340.6]/Border[0 0 0]/Dest[720 0 R/XYZ null 768 0]>>endobj
+384 0 obj<</Subtype/Link/Rect[108.0 314.4 382.4 327.4]/Border[0 0 0]/Dest[720 0 R/XYZ null 268 0]>>endobj
+385 0 obj<</Subtype/Link/Rect[108.0 301.2 255.6 314.2]/Border[0 0 0]/Dest[723 0 R/XYZ null 210 0]>>endobj
+386 0 obj<</Subtype/Link/Rect[108.0 288.0 224.1 301.0]/Border[0 0 0]/Dest[726 0 R/XYZ null 660 0]>>endobj
+387 0 obj<</Subtype/Link/Rect[108.0 274.8 187.8 287.8]/Border[0 0 0]/Dest[729 0 R/XYZ null 371 0]>>endobj
+388 0 obj<</Subtype/Link/Rect[108.0 261.6 194.5 274.6]/Border[0 0 0]/Dest[729 0 R/XYZ null 260 0]>>endobj
+389 0 obj<</Subtype/Link/Rect[108.0 248.4 200.6 261.4]/Border[0 0 0]/Dest[732 0 R/XYZ null 768 0]>>endobj
+390 0 obj<</Subtype/Link/Rect[108.0 235.2 526.0 248.2]/Border[0 0 0]/Dest[732 0 R/XYZ null 529 0]>>endobj
+391 0 obj<</Subtype/Link/Rect[108.0 222.0 500.6 235.0]/Border[0 0 0]/Dest[735 0 R/XYZ null 633 0]>>endobj
+392 0 obj<</Subtype/Link/Rect[108.0 208.8 353.3 221.8]/Border[0 0 0]/Dest[738 0 R/XYZ null 581 0]>>endobj
+393 0 obj<</Subtype/Link/Rect[108.0 195.6 419.0 208.6]/Border[0 0 0]/Dest[738 0 R/XYZ null 304 0]>>endobj
+394 0 obj<</Subtype/Link/Rect[108.0 182.4 332.5 195.4]/Border[0 0 0]/Dest[741 0 R/XYZ null 594 0]>>endobj
+395 0 obj<</Subtype/Link/Rect[108.0 169.2 181.6 182.2]/Border[0 0 0]/Dest[744 0 R/XYZ null 639 0]>>endobj
+396 0 obj<</Subtype/Link/Rect[72.0 142.8 463.4 155.8]/Border[0 0 0]/Dest[747 0 R/XYZ null 798 0]>>endobj
+397 0 obj<</Subtype/Link/Rect[108.0 129.6 202.4 142.6]/Border[0 0 0]/Dest[747 0 R/XYZ null 706 0]>>endobj
+398 0 obj<</Subtype/Link/Rect[108.0 116.4 244.9 129.4]/Border[0 0 0]/Dest[750 0 R/XYZ null 179 0]>>endobj
+399 0 obj<</Subtype/Link/Rect[108.0 103.2 270.3 116.2]/Border[0 0 0]/Dest[753 0 R/XYZ null 726 0]>>endobj
+400 0 obj<</Subtype/Link/Rect[72.0 76.8 402.3 89.8]/Border[0 0 0]/Dest[756 0 R/XYZ null 798 0]>>endobj
+401 0 obj<</Subtype/Link/Rect[108.0 63.6 179.2 76.6]/Border[0 0 0]/Dest[756 0 R/XYZ null 706 0]>>endobj
+402 0 obj[357 0 R
 358 0 R
 359 0 R
 360 0 R
@@ -749,59 +585,9 @@
 388 0 R
 389 0 R
 390 0 R
-391 0 R]endobj
-393 0 obj<</Subtype/Link/Rect[108.0 721.0 161.8 734.0]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 597 0]>>endobj
-394 0 obj<</Subtype/Link/Rect[108.0 707.8 341.1 720.8]/Border[0 0 0]/Dest[1255 0 R/XYZ 0 223 0]>>endobj
-395 0 obj<</Subtype/Link/Rect[144.0 694.6 373.5 707.6]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 734 0]>>endobj
-396 0 obj<</Subtype/Link/Rect[144.0 681.4 259.5 694.4]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 609 0]>>endobj
-397 0 obj<</Subtype/Link/Rect[108.0 668.2 309.0 681.2]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 524 0]>>endobj
-398 0 obj<</Subtype/Link/Rect[108.0 655.0 248.9 668.0]/Border[0 0 0]/Dest[1257 0 R/XYZ 0 383 0]>>endobj
-399 0 obj<</Subtype/Link/Rect[144.0 641.8 318.2 654.8]/Border[0 0 0]/Dest[1259 0 R/XYZ 0 617 0]>>endobj
-400 0 obj<</Subtype/Link/Rect[72.0 628.6 403.7 641.6]/Border[0 0 0]/Dest[1261 0 R/XYZ 0 734 0]>>endobj
-401 0 obj<</Subtype/Link/Rect[108.0 615.4 144.7 628.4]/Border[0 0 0]/Dest[1261 0 R/XYZ 0 672 0]>>endobj
-402 0 obj<</Subtype/Link/Rect[108.0 602.2 163.0 615.2]/Border[0 0 0]/Dest[1261 0 R/XYZ 0 412 0]>>endobj
-403 0 obj<</Subtype/Link/Rect[108.0 589.0 219.2 602.0]/Border[0 0 0]/Dest[1263 0 R/XYZ 0 573 0]>>endobj
-404 0 obj<</Subtype/Link/Rect[108.0 575.8 357.6 588.8]/Border[0 0 0]/Dest[1263 0 R/XYZ 0 471 0]>>endobj
-405 0 obj<</Subtype/Link/Rect[108.0 562.6 246.4 575.6]/Border[0 0 0]/Dest[1265 0 R/XYZ 0 734 0]>>endobj
-406 0 obj<</Subtype/Link/Rect[144.0 549.4 258.0 562.4]/Border[0 0 0]/Dest[1265 0 R/XYZ 0 700 0]>>endobj
-407 0 obj<</Subtype/Link/Rect[144.0 536.2 230.5 549.2]/Border[0 0 0]/Dest[1265 0 R/XYZ 0 138 0]>>endobj
-408 0 obj<</Subtype/Link/Rect[108.0 523.0 262.3 536.0]/Border[0 0 0]/Dest[1267 0 R/XYZ 0 227 0]>>endobj
-409 0 obj<</Subtype/Link/Rect[108.0 509.8 230.8 522.8]/Border[0 0 0]/Dest[1269 0 R/XYZ 0 705 0]>>endobj
-410 0 obj<</Subtype/Link/Rect[108.0 496.6 306.0 509.6]/Border[0 0 0]/Dest[1269 0 R/XYZ 0 320 0]>>endobj
-411 0 obj<</Subtype/Link/Rect[108.0 483.4 299.6 496.4]/Border[0 0 0]/Dest[1271 0 R/XYZ 0 309 0]>>endobj
-412 0 obj<</Subtype/Link/Rect[108.0 470.2 154.4 483.2]/Border[0 0 0]/Dest[1273 0 R/XYZ 0 478 0]>>endobj
-413 0 obj<</Subtype/Link/Rect[72.0 457.0 200.6 470.0]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 734 0]>>endobj
-414 0 obj<</Subtype/Link/Rect[108.0 443.8 205.2 456.8]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 696 0]>>endobj
-415 0 obj<</Subtype/Link/Rect[108.0 430.6 229.3 443.6]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 515 0]>>endobj
-416 0 obj<</Subtype/Link/Rect[108.0 417.4 193.2 430.4]/Border[0 0 0]/Dest[1275 0 R/XYZ 0 137 0]>>endobj
-417 0 obj<</Subtype/Link/Rect[108.0 404.2 217.4 417.2]/Border[0 0 0]/Dest[1277 0 R/XYZ 0 533 0]>>endobj
-418 0 obj<</Subtype/Link/Rect[144.0 391.0 321.8 404.0]/Border[0 0 0]/Dest[1277 0 R/XYZ 0 273 0]>>endobj
-419 0 obj<</Subtype/Link/Rect[108.0 377.8 219.2 390.8]/Border[0 0 0]/Dest[1283 0 R/XYZ 0 511 0]>>endobj
-420 0 obj<</Subtype/Link/Rect[108.0 364.6 288.0 377.6]/Border[0 0 0]/Dest[1285 0 R/XYZ 0 560 0]>>endobj
-421 0 obj<</Subtype/Link/Rect[108.0 351.4 262.3 364.4]/Border[0 0 0]/Dest[1287 0 R/XYZ 0 567 0]>>endobj
-422 0 obj<</Subtype/Link/Rect[108.0 338.2 248.2 351.2]/Border[0 0 0]/Dest[1287 0 R/XYZ 0 208 0]>>endobj
-423 0 obj<</Subtype/Link/Rect[108.0 325.0 257.7 338.0]/Border[0 0 0]/Dest[1289 0 R/XYZ 0 454 0]>>endobj
-424 0 obj<</Subtype/Link/Rect[108.0 311.8 249.5 324.8]/Border[0 0 0]/Dest[1291 0 R/XYZ 0 679 0]>>endobj
-425 0 obj<</Subtype/Link/Rect[108.0 298.6 191.4 311.6]/Border[0 0 0]/Dest[1291 0 R/XYZ 0 590 0]>>endobj
-426 0 obj<</Subtype/Link/Rect[72.0 285.4 189.9 298.4]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 734 0]>>endobj
-427 0 obj<</Subtype/Link/Rect[108.0 272.2 166.7 285.2]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 696 0]>>endobj
-428 0 obj<</Subtype/Link/Rect[108.0 259.0 144.0 272.0]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 449 0]>>endobj
-429 0 obj<</Subtype/Link/Rect[144.0 245.8 186.2 258.8]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 416 0]>>endobj
-430 0 obj<</Subtype/Link/Rect[144.0 232.6 212.1 245.6]/Border[0 0 0]/Dest[1293 0 R/XYZ 0 146 0]>>endobj
-431 0 obj<</Subtype/Link/Rect[144.0 219.4 315.3 232.4]/Border[0 0 0]/Dest[1295 0 R/XYZ 0 652 0]>>endobj
-432 0 obj<</Subtype/Link/Rect[108.0 206.2 171.9 219.2]/Border[0 0 0]/Dest[1295 0 R/XYZ 0 515 0]>>endobj
-433 0 obj<</Subtype/Link/Rect[108.0 193.0 149.9 206.0]/Border[0 0 0]/Dest[1295 0 R/XYZ 0 255 0]>>endobj
-434 0 obj<</Subtype/Link/Rect[108.0 179.8 149.2 192.8]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 718 0]>>endobj
-435 0 obj<</Subtype/Link/Rect[108.0 166.6 143.4 179.6]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 537 0]>>endobj
-436 0 obj<</Subtype/Link/Rect[108.0 153.4 164.5 166.4]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 409 0]>>endobj
-437 0 obj<</Subtype/Link/Rect[108.0 140.2 148.6 153.2]/Border[0 0 0]/Dest[1297 0 R/XYZ 0 189 0]>>endobj
-438 0 obj<</Subtype/Link/Rect[108.0 127.0 154.1 140.0]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 734 0]>>endobj
-439 0 obj<</Subtype/Link/Rect[108.0 113.8 150.5 126.8]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 645 0]>>endobj
-440 0 obj<</Subtype/Link/Rect[108.0 100.6 152.3 113.6]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 477 0]>>endobj
-441 0 obj<</Subtype/Link/Rect[108.0 87.4 178.6 100.4]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 349 0]>>endobj
-442 0 obj<</Subtype/Link/Rect[108.0 74.2 185.9 87.2]/Border[0 0 0]/Dest[1299 0 R/XYZ 0 129 0]>>endobj
-443 0 obj<</Subtype/Link/Rect[108.0 61.0 163.3 74.0]/Border[0 0 0]/Dest[1301 0 R/XYZ 0 639 0]>>endobj
-444 0 obj[393 0 R
+391 0 R
+392 0 R
+393 0 R
 394 0 R
 395 0 R
 396 0 R
@@ -810,8 +596,51 @@
 399 0 R
 400 0 R
 401 0 R
-402 0 R
-403 0 R
+]endobj
+403 0 obj<</Subtype/Link/Rect[108.0 684.0 161.2 697.0]/Border[0 0 0]/Dest[759 0 R/XYZ null 673 0]>>endobj
+404 0 obj<</Subtype/Link/Rect[72.0 657.6 412.7 670.6]/Border[0 0 0]/Dest[762 0 R/XYZ null 798 0]>>endobj
+405 0 obj<</Subtype/Link/Rect[108.0 644.4 447.4 657.4]/Border[0 0 0]/Dest[762 0 R/XYZ null 706 0]>>endobj
+406 0 obj<</Subtype/Link/Rect[108.0 631.2 319.1 644.2]/Border[0 0 0]/Dest[762 0 R/XYZ null 525 0]>>endobj
+407 0 obj<</Subtype/Link/Rect[108.0 618.0 231.1 631.0]/Border[0 0 0]/Dest[762 0 R/XYZ null 348 0]>>endobj
+408 0 obj<</Subtype/Link/Rect[108.0 604.8 292.2 617.8]/Border[0 0 0]/Dest[765 0 R/XYZ null 686 0]>>endobj
+409 0 obj<</Subtype/Link/Rect[108.0 591.6 208.5 604.6]/Border[0 0 0]/Dest[765 0 R/XYZ null 443 0]>>endobj
+410 0 obj<</Subtype/Link/Rect[108.0 578.4 233.6 591.4]/Border[0 0 0]/Dest[765 0 R/XYZ null 187 0]>>endobj
+411 0 obj<</Subtype/Link/Rect[108.0 565.2 301.4 578.2]/Border[0 0 0]/Dest[768 0 R/XYZ null 673 0]>>endobj
+412 0 obj<</Subtype/Link/Rect[108.0 552.0 394.8 565.0]/Border[0 0 0]/Dest[768 0 R/XYZ null 232 0]>>endobj
+413 0 obj<</Subtype/Link/Rect[108.0 538.8 386.9 551.8]/Border[0 0 0]/Dest[774 0 R/XYZ null 594 0]>>endobj
+414 0 obj<</Subtype/Link/Rect[72.0 512.4 277.1 525.4]/Border[0 0 0]/Dest[777 0 R/XYZ null 798 0]>>endobj
+415 0 obj<</Subtype/Link/Rect[108.0 499.2 181.6 512.2]/Border[0 0 0]/Dest[777 0 R/XYZ null 730 0]>>endobj
+416 0 obj<</Subtype/Link/Rect[108.0 486.0 189.0 499.0]/Border[0 0 0]/Dest[777 0 R/XYZ null 302 0]>>endobj
+417 0 obj<</Subtype/Link/Rect[108.0 472.8 209.7 485.8]/Border[0 0 0]/Dest[780 0 R/XYZ null 693 0]>>endobj
+418 0 obj<</Subtype/Link/Rect[108.0 459.6 294.4 472.6]/Border[0 0 0]/Dest[783 0 R/XYZ null 450 0]>>endobj
+419 0 obj<</Subtype/Link/Rect[108.0 446.4 275.7 459.4]/Border[0 0 0]/Dest[786 0 R/XYZ null 686 0]>>endobj
+420 0 obj<</Subtype/Link/Rect[108.0 433.2 287.3 446.2]/Border[0 0 0]/Dest[786 0 R/XYZ null 403 0]>>endobj
+421 0 obj<</Subtype/Link/Rect[108.0 420.0 350.9 433.0]/Border[0 0 0]/Dest[789 0 R/XYZ null 684 0]>>endobj
+422 0 obj<</Subtype/Link/Rect[108.0 406.8 242.1 419.8]/Border[0 0 0]/Dest[789 0 R/XYZ null 401 0]>>endobj
+423 0 obj<</Subtype/Link/Rect[108.0 393.6 220.1 406.6]/Border[0 0 0]/Dest[789 0 R/XYZ null 211 0]>>endobj
+424 0 obj<</Subtype/Link/Rect[108.0 380.4 214.3 393.4]/Border[0 0 0]/Dest[792 0 R/XYZ null 713 0]>>endobj
+425 0 obj<</Subtype/Link/Rect[108.0 367.2 281.2 380.2]/Border[0 0 0]/Dest[792 0 R/XYZ null 575 0]>>endobj
+426 0 obj<</Subtype/Link/Rect[108.0 354.0 222.3 367.0]/Border[0 0 0]/Dest[792 0 R/XYZ null 477 0]>>endobj
+427 0 obj<</Subtype/Link/Rect[108.0 340.8 234.5 353.8]/Border[0 0 0]/Dest[792 0 R/XYZ null 366 0]>>endobj
+428 0 obj<</Subtype/Link/Rect[108.0 327.6 300.2 340.6]/Border[0 0 0]/Dest[795 0 R/XYZ null 459 0]>>endobj
+429 0 obj<</Subtype/Link/Rect[108.0 314.4 383.0 327.4]/Border[0 0 0]/Dest[798 0 R/XYZ null 707 0]>>endobj
+430 0 obj<</Subtype/Link/Rect[72.0 288.0 290.8 301.0]/Border[0 0 0]/Dest[801 0 R/XYZ null 798 0]>>endobj
+431 0 obj<</Subtype/Link/Rect[108.0 274.8 284.0 287.8]/Border[0 0 0]/Dest[801 0 R/XYZ null 730 0]>>endobj
+432 0 obj<</Subtype/Link/Rect[108.0 261.6 270.3 274.6]/Border[0 0 0]/Dest[801 0 R/XYZ null 632 0]>>endobj
+433 0 obj<</Subtype/Link/Rect[108.0 248.4 537.9 261.4]/Border[0 0 0]/Dest[801 0 R/XYZ null 277 0]>>endobj
+434 0 obj<</Subtype/Link/Rect[108.0 235.2 528.0 248.2]/Border[0 0 0]/Dest[804 0 R/XYZ null 768 0]>>endobj
+435 0 obj<</Subtype/Link/Rect[108.0 222.0 316.8 235.0]/Border[0 0 0]/Dest[804 0 R/XYZ null 768 0]>>endobj
+436 0 obj<</Subtype/Link/Rect[108.0 208.8 355.2 221.8]/Border[0 0 0]/Dest[804 0 R/XYZ null 204 0]>>endobj
+437 0 obj<</Subtype/Link/Rect[108.0 195.6 293.2 208.6]/Border[0 0 0]/Dest[807 0 R/XYZ null 633 0]>>endobj
+438 0 obj<</Subtype/Link/Rect[108.0 182.4 270.6 195.4]/Border[0 0 0]/Dest[810 0 R/XYZ null 768 0]>>endobj
+439 0 obj<</Subtype/Link/Rect[108.0 169.2 189.9 182.2]/Border[0 0 0]/Dest[810 0 R/XYZ null 234 0]>>endobj
+440 0 obj<</Subtype/Link/Rect[72.0 142.8 272.9 155.8]/Border[0 0 0]/Dest[819 0 R/XYZ null 798 0]>>endobj
+441 0 obj<</Subtype/Link/Rect[108.0 129.6 299.9 142.6]/Border[0 0 0]/Dest[819 0 R/XYZ null 730 0]>>endobj
+442 0 obj<</Subtype/Link/Rect[108.0 116.4 288.0 129.4]/Border[0 0 0]/Dest[822 0 R/XYZ null 383 0]>>endobj
+443 0 obj<</Subtype/Link/Rect[108.0 103.2 307.9 116.2]/Border[0 0 0]/Dest[822 0 R/XYZ null 166 0]>>endobj
+444 0 obj<</Subtype/Link/Rect[72.0 76.8 416.3 89.8]/Border[0 0 0]/Dest[828 0 R/XYZ null 798 0]>>endobj
+445 0 obj<</Subtype/Link/Rect[108.0 63.6 219.2 76.6]/Border[0 0 0]/Dest[828 0 R/XYZ null 706 0]>>endobj
+446 0 obj[403 0 R
 404 0 R
 405 0 R
 406 0 R
@@ -851,44 +680,56 @@
 440 0 R
 441 0 R
 442 0 R
-443 0 R]endobj
-445 0 obj<</Subtype/Link/Rect[108.0 721.0 162.1 734.0]/Border[0 0 0]/Dest[1301 0 R/XYZ 0 511 0]>>endobj
-446 0 obj<</Subtype/Link/Rect[108.0 707.8 165.8 720.8]/Border[0 0 0]/Dest[1301 0 R/XYZ 0 436 0]>>endobj
-447 0 obj<</Subtype/Link/Rect[108.0 694.6 156.6 707.6]/Border[0 0 0]/Dest[1303 0 R/XYZ 0 388 0]>>endobj
-448 0 obj<</Subtype/Link/Rect[72.0 681.4 204.6 694.4]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 734 0]>>endobj
-449 0 obj<</Subtype/Link/Rect[108.0 668.2 191.4 681.2]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 668 0]>>endobj
-450 0 obj<</Subtype/Link/Rect[108.0 655.0 156.6 668.0]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 461 0]>>endobj
-451 0 obj<</Subtype/Link/Rect[144.0 641.8 500.6 654.8]/Border[0 0 0]/Dest[1305 0 R/XYZ 0 427 0]>>endobj
-452 0 obj<</Subtype/Link/Rect[144.0 628.6 503.9 641.6]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 734 0]>>endobj
-453 0 obj<</Subtype/Link/Rect[144.0 615.4 457.2 628.4]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 520 0]>>endobj
-454 0 obj<</Subtype/Link/Rect[144.0 602.2 426.3 615.2]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 422 0]>>endobj
-455 0 obj<</Subtype/Link/Rect[108.0 589.0 221.1 602.0]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 165 0]>>endobj
-456 0 obj<</Subtype/Link/Rect[144.0 575.8 318.5 588.8]/Border[0 0 0]/Dest[1307 0 R/XYZ 0 132 0]>>endobj
-457 0 obj<</Subtype/Link/Rect[144.0 562.6 318.2 575.6]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 652 0]>>endobj
-458 0 obj<</Subtype/Link/Rect[144.0 549.4 299.5 562.4]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 501 0]>>endobj
-459 0 obj<</Subtype/Link/Rect[144.0 536.2 268.4 549.2]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 403 0]>>endobj
-460 0 obj<</Subtype/Link/Rect[108.0 523.0 180.9 536.0]/Border[0 0 0]/Dest[1309 0 R/XYZ 0 319 0]>>endobj
-461 0 obj<</Subtype/Link/Rect[108.0 509.8 241.2 522.8]/Border[0 0 0]/Dest[1311 0 R/XYZ 0 734 0]>>endobj
-462 0 obj<</Subtype/Link/Rect[72.0 496.6 270.6 509.6]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 734 0]>>endobj
-463 0 obj<</Subtype/Link/Rect[108.0 483.4 163.0 496.4]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 696 0]>>endobj
-464 0 obj<</Subtype/Link/Rect[108.0 470.2 221.0 483.2]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 581 0]>>endobj
-465 0 obj<</Subtype/Link/Rect[144.0 457.0 230.2 470.0]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 493 0]>>endobj
-466 0 obj<</Subtype/Link/Rect[144.0 443.8 206.9 456.8]/Border[0 0 0]/Dest[1313 0 R/XYZ 0 382 0]>>endobj
-467 0 obj<</Subtype/Link/Rect[72.0 430.6 140.8 443.6]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 734 0]>>endobj
-468 0 obj<</Subtype/Link/Rect[108.0 417.4 163.0 430.4]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 696 0]>>endobj
-469 0 obj<</Subtype/Link/Rect[108.0 404.2 163.9 417.2]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 436 0]>>endobj
-470 0 obj<</Subtype/Link/Rect[108.0 391.0 165.1 404.0]/Border[0 0 0]/Dest[1317 0 R/XYZ 0 295 0]>>endobj
-471 0 obj<</Subtype/Link/Rect[108.0 377.8 173.7 390.8]/Border[0 0 0]/Dest[1319 0 R/XYZ 0 639 0]>>endobj
-472 0 obj<</Subtype/Link/Rect[108.0 364.6 244.3 377.6]/Border[0 0 0]/Dest[1319 0 R/XYZ 0 287 0]>>endobj
-473 0 obj<</Subtype/Link/Rect[108.0 351.4 142.8 364.4]/Border[0 0 0]/Dest[1319 0 R/XYZ 0 185 0]>>endobj
-474 0 obj<</Subtype/Link/Rect[72.0 338.2 183.8 351.2]/Border[0 0 0]/Dest[1321 0 R/XYZ 0 734 0]>>endobj
-475 0 obj<</Subtype/Link/Rect[72.0 325.0 119.7 338.0]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 734 0]>>endobj
-476 0 obj<</Subtype/Link/Rect[108.0 311.8 137.3 324.8]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 655 0]>>endobj
-477 0 obj<</Subtype/Link/Rect[108.0 298.6 152.9 311.6]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 447 0]>>endobj
-478 0 obj<</Subtype/Link/Rect[108.0 285.4 133.7 298.4]/Border[0 0 0]/Dest[1323 0 R/XYZ 0 333 0]>>endobj
-479 0 obj[445 0 R
-446 0 R
-447 0 R
+443 0 R
+444 0 R
+445 0 R
+]endobj
+447 0 obj<</Subtype/Link/Rect[108.0 684.0 181.0 697.0]/Border[0 0 0]/Dest[828 0 R/XYZ null 608 0]>>endobj
+448 0 obj<</Subtype/Link/Rect[108.0 670.8 316.1 683.8]/Border[0 0 0]/Dest[831 0 R/XYZ null 726 0]>>endobj
+449 0 obj<</Subtype/Link/Rect[108.0 657.6 430.0 670.6]/Border[0 0 0]/Dest[834 0 R/XYZ null 607 0]>>endobj
+450 0 obj<</Subtype/Link/Rect[108.0 644.4 333.2 657.4]/Border[0 0 0]/Dest[834 0 R/XYZ null 232 0]>>endobj
+451 0 obj<</Subtype/Link/Rect[108.0 631.2 362.5 644.2]/Border[0 0 0]/Dest[837 0 R/XYZ null 359 0]>>endobj
+452 0 obj<</Subtype/Link/Rect[108.0 618.0 279.4 631.0]/Border[0 0 0]/Dest[840 0 R/XYZ null 768 0]>>endobj
+453 0 obj<</Subtype/Link/Rect[108.0 604.8 261.4 617.8]/Border[0 0 0]/Dest[840 0 R/XYZ null 392 0]>>endobj
+454 0 obj<</Subtype/Link/Rect[108.0 591.6 252.8 604.6]/Border[0 0 0]/Dest[846 0 R/XYZ null 739 0]>>endobj
+455 0 obj<</Subtype/Link/Rect[108.0 578.4 243.6 591.4]/Border[0 0 0]/Dest[849 0 R/XYZ null 686 0]>>endobj
+456 0 obj<</Subtype/Link/Rect[108.0 565.2 292.9 578.2]/Border[0 0 0]/Dest[855 0 R/XYZ null 303 0]>>endobj
+457 0 obj<</Subtype/Link/Rect[108.0 552.0 332.0 565.0]/Border[0 0 0]/Dest[858 0 R/XYZ null 277 0]>>endobj
+458 0 obj<</Subtype/Link/Rect[108.0 538.8 406.2 551.8]/Border[0 0 0]/Dest[861 0 R/XYZ null 482 0]>>endobj
+459 0 obj<</Subtype/Link/Rect[108.0 525.6 431.0 538.6]/Border[0 0 0]/Dest[873 0 R/XYZ null 274 0]>>endobj
+460 0 obj<</Subtype/Link/Rect[72.0 499.2 518.1 512.2]/Border[0 0 0]/Dest[882 0 R/XYZ null 798 0]>>endobj
+461 0 obj<</Subtype/Link/Rect[108.0 486.0 224.7 499.0]/Border[0 0 0]/Dest[882 0 R/XYZ null 706 0]>>endobj
+462 0 obj<</Subtype/Link/Rect[108.0 472.8 186.5 485.8]/Border[0 0 0]/Dest[882 0 R/XYZ null 621 0]>>endobj
+463 0 obj<</Subtype/Link/Rect[108.0 459.6 364.6 472.6]/Border[0 0 0]/Dest[882 0 R/XYZ null 196 0]>>endobj
+464 0 obj<</Subtype/Link/Rect[108.0 446.4 369.8 459.4]/Border[0 0 0]/Dest[885 0 R/XYZ null 726 0]>>endobj
+465 0 obj<</Subtype/Link/Rect[108.0 433.2 256.5 446.2]/Border[0 0 0]/Dest[885 0 R/XYZ null 588 0]>>endobj
+466 0 obj<</Subtype/Link/Rect[108.0 420.0 331.3 433.0]/Border[0 0 0]/Dest[885 0 R/XYZ null 490 0]>>endobj
+467 0 obj<</Subtype/Link/Rect[108.0 406.8 273.6 419.8]/Border[0 0 0]/Dest[885 0 R/XYZ null 339 0]>>endobj
+468 0 obj<</Subtype/Link/Rect[108.0 393.6 315.1 406.6]/Border[0 0 0]/Dest[888 0 R/XYZ null 411 0]>>endobj
+469 0 obj<</Subtype/Link/Rect[72.0 367.2 484.2 380.2]/Border[0 0 0]/Dest[891 0 R/XYZ null 798 0]>>endobj
+470 0 obj<</Subtype/Link/Rect[108.0 354.0 168.2 367.0]/Border[0 0 0]/Dest[891 0 R/XYZ null 706 0]>>endobj
+471 0 obj<</Subtype/Link/Rect[108.0 340.8 187.1 353.8]/Border[0 0 0]/Dest[891 0 R/XYZ null 423 0]>>endobj
+472 0 obj<</Subtype/Link/Rect[108.0 327.6 245.2 340.6]/Border[0 0 0]/Dest[894 0 R/XYZ null 567 0]>>endobj
+473 0 obj<</Subtype/Link/Rect[108.0 314.4 384.2 327.4]/Border[0 0 0]/Dest[894 0 R/XYZ null 456 0]>>endobj
+474 0 obj<</Subtype/Link/Rect[108.0 301.2 273.0 314.2]/Border[0 0 0]/Dest[897 0 R/XYZ null 581 0]>>endobj
+475 0 obj<</Subtype/Link/Rect[108.0 288.0 255.6 301.0]/Border[0 0 0]/Dest[897 0 R/XYZ null 551 0]>>endobj
+476 0 obj<</Subtype/Link/Rect[108.0 274.8 227.5 287.8]/Border[0 0 0]/Dest[900 0 R/XYZ null 652 0]>>endobj
+477 0 obj<</Subtype/Link/Rect[108.0 261.6 270.5 274.6]/Border[0 0 0]/Dest[903 0 R/XYZ null 727 0]>>endobj
+478 0 obj<</Subtype/Link/Rect[108.0 248.4 287.0 261.4]/Border[0 0 0]/Dest[903 0 R/XYZ null 523 0]>>endobj
+479 0 obj<</Subtype/Link/Rect[108.0 235.2 256.2 248.2]/Border[0 0 0]/Dest[903 0 R/XYZ null 320 0]>>endobj
+480 0 obj<</Subtype/Link/Rect[108.0 222.0 330.7 235.0]/Border[0 0 0]/Dest[906 0 R/XYZ null 602 0]>>endobj
+481 0 obj<</Subtype/Link/Rect[108.0 208.8 324.3 221.8]/Border[0 0 0]/Dest[909 0 R/XYZ null 581 0]>>endobj
+482 0 obj<</Subtype/Link/Rect[108.0 195.6 185.9 208.6]/Border[0 0 0]/Dest[912 0 R/XYZ null 739 0]>>endobj
+483 0 obj<</Subtype/Link/Rect[72.0 169.2 431.7 182.2]/Border[0 0 0]/Dest[915 0 R/XYZ null 798 0]>>endobj
+484 0 obj<</Subtype/Link/Rect[108.0 156.0 170.0 169.0]/Border[0 0 0]/Dest[915 0 R/XYZ null 706 0]>>endobj
+485 0 obj<</Subtype/Link/Rect[108.0 142.8 187.1 155.8]/Border[0 0 0]/Dest[915 0 R/XYZ null 569 0]>>endobj
+486 0 obj<</Subtype/Link/Rect[108.0 129.6 239.1 142.6]/Border[0 0 0]/Dest[915 0 R/XYZ null 246 0]>>endobj
+487 0 obj<</Subtype/Link/Rect[108.0 116.4 193.8 129.4]/Border[0 0 0]/Dest[918 0 R/XYZ null 581 0]>>endobj
+488 0 obj<</Subtype/Link/Rect[108.0 103.2 227.5 116.2]/Border[0 0 0]/Dest[918 0 R/XYZ null 417 0]>>endobj
+489 0 obj<</Subtype/Link/Rect[108.0 90.0 294.1 103.0]/Border[0 0 0]/Dest[918 0 R/XYZ null 292 0]>>endobj
+490 0 obj<</Subtype/Link/Rect[108.0 76.8 236.3 89.8]/Border[0 0 0]/Dest[921 0 R/XYZ null 768 0]>>endobj
+491 0 obj<</Subtype/Link/Rect[108.0 63.6 294.4 76.6]/Border[0 0 0]/Dest[921 0 R/XYZ null 313 0]>>endobj
+492 0 obj[447 0 R
 448 0 R
 449 0 R
 450 0 R
@@ -919,3919 +760,2913 @@
 475 0 R
 476 0 R
 477 0 R
-478 0 R]endobj
-480 0 obj<</S/URI/URI(http://www.samba.org/)>>endobj
-481 0 obj<</Subtype/Link/Rect[367.1 584.2 468.3 597.2]/Border[0 0 0]/A 480 0 R>>endobj
-482 0 obj[481 0 R]endobj
-483 0 obj<</S/URI/URI(mailto:samba@samba.org)>>endobj
-484 0 obj<</Subtype/Link/Rect[164.2 193.4 250.8 206.4]/Border[0 0 0]/A 483 0 R>>endobj
-485 0 obj<</S/URI/URI(http://samba.org/samba)>>endobj
-486 0 obj<</Subtype/Link/Rect[233.0 180.2 338.7 193.2]/Border[0 0 0]/A 485 0 R>>endobj
-487 0 obj[484 0 R
-486 0 R]endobj
-488 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-489 0 obj<</Subtype/Link/Rect[174.0 508.6 270.6 521.6]/Border[0 0 0]/A 488 0 R>>endobj
-490 0 obj<</S/Launch/F(#PASSWORDLEVEL)>>endobj
-491 0 obj<</Subtype/Link/Rect[73.4 245.2 154.4 256.2]/Border[0 0 0]/A 490 0 R>>endobj
-492 0 obj<</S/Launch/F(#USERNAMELEVEL)>>endobj
-493 0 obj<</Subtype/Link/Rect[73.4 234.4 149.0 245.4]/Border[0 0 0]/A 492 0 R>>endobj
-494 0 obj[489 0 R
+478 0 R
+479 0 R
+480 0 R
+481 0 R
+482 0 R
+483 0 R
+484 0 R
+485 0 R
+486 0 R
+487 0 R
+488 0 R
+489 0 R
+490 0 R
 491 0 R
-493 0 R]endobj
-495 0 obj<</S/Launch/F(winbind.html)>>endobj
-496 0 obj<</Subtype/Link/Rect[503.4 113.7 544.6 126.7]/Border[0 0 0]/A 495 0 R>>endobj
-497 0 obj<</S/Launch/F(winbind.html)>>endobj
-498 0 obj<</Subtype/Link/Rect[72.0 100.5 115.4 113.5]/Border[0 0 0]/A 497 0 R>>endobj
-499 0 obj[496 0 R
-498 0 R]endobj
-500 0 obj<</S/URI/URI(http://rsync.samba.org/)>>endobj
-501 0 obj<</Subtype/Link/Rect[118.1 67.2 222.3 80.2]/Border[0 0 0]/A 500 0 R>>endobj
-502 0 obj[501 0 R]endobj
-503 0 obj<</S/Launch/F(#OBEYPAMRESTRICTIONS)>>endobj
-504 0 obj<</Subtype/Link/Rect[235.4 632.6 332.9 645.6]/Border[0 0 0]/A 503 0 R>>endobj
-505 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-506 0 obj<</Subtype/Link/Rect[338.7 553.4 449.4 566.4]/Border[0 0 0]/A 505 0 R>>endobj
-507 0 obj[504 0 R
-506 0 R]endobj
-508 0 obj<</S/URI/URI(http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp)>>endobj
-509 0 obj<</Subtype/Link/Rect[72.0 586.6 183.5 599.6]/Border[0 0 0]/A 508 0 R>>endobj
-510 0 obj<</S/Launch/F(#HOSTMSDFS)>>endobj
-511 0 obj<</Subtype/Link/Rect[345.1 507.4 417.7 520.4]/Border[0 0 0]/A 510 0 R>>endobj
-512 0 obj<</S/Launch/F(#MSDFSROOT)>>endobj
-513 0 obj<</Subtype/Link/Rect[380.8 494.2 453.4 507.2]/Border[0 0 0]/A 512 0 R>>endobj
-514 0 obj[509 0 R
+]endobj
+493 0 obj<</Subtype/Link/Rect[108.0 684.0 274.8 697.0]/Border[0 0 0]/Dest[924 0 R/XYZ null 673 0]>>endobj
+494 0 obj<</Subtype/Link/Rect[108.0 670.8 208.5 683.8]/Border[0 0 0]/Dest[924 0 R/XYZ null 483 0]>>endobj
+495 0 obj<</Subtype/Link/Rect[108.0 657.6 265.4 670.6]/Border[0 0 0]/Dest[924 0 R/XYZ null 332 0]>>endobj
+496 0 obj<</Subtype/Link/Rect[108.0 644.4 195.4 657.4]/Border[0 0 0]/Dest[924 0 R/XYZ null 221 0]>>endobj
+497 0 obj<</Subtype/Link/Rect[108.0 631.2 202.1 644.2]/Border[0 0 0]/Dest[927 0 R/XYZ null 567 0]>>endobj
+498 0 obj<</Subtype/Link/Rect[108.0 618.0 226.6 631.0]/Border[0 0 0]/Dest[927 0 R/XYZ null 285 0]>>endobj
+499 0 obj<</Subtype/Link/Rect[108.0 604.8 183.5 617.8]/Border[0 0 0]/Dest[939 0 R/XYZ null 206 0]>>endobj
+500 0 obj<</Subtype/Link/Rect[108.0 591.6 182.9 604.6]/Border[0 0 0]/Dest[942 0 R/XYZ null 713 0]>>endobj
+501 0 obj<</Subtype/Link/Rect[72.0 565.2 228.8 578.2]/Border[0 0 0]/Dest[945 0 R/XYZ null 798 0]>>endobj
+502 0 obj<</Subtype/Link/Rect[108.0 552.0 159.0 565.0]/Border[0 0 0]/Dest[945 0 R/XYZ null 730 0]>>endobj
+503 0 obj<</Subtype/Link/Rect[108.0 538.8 499.0 551.8]/Border[0 0 0]/Dest[945 0 R/XYZ null 700 0]>>endobj
+504 0 obj<</Subtype/Link/Rect[108.0 525.6 504.2 538.6]/Border[0 0 0]/Dest[945 0 R/XYZ null 348 0]>>endobj
+505 0 obj<</Subtype/Link/Rect[108.0 512.4 455.7 525.4]/Border[0 0 0]/Dest[948 0 R/XYZ null 768 0]>>endobj
+506 0 obj<</Subtype/Link/Rect[108.0 499.2 425.4 512.2]/Border[0 0 0]/Dest[948 0 R/XYZ null 639 0]>>endobj
+507 0 obj<</Subtype/Link/Rect[72.0 472.8 342.4 485.8]/Border[0 0 0]/Dest[951 0 R/XYZ null 798 0]>>endobj
+508 0 obj<</Subtype/Link/Rect[108.0 459.6 187.1 472.6]/Border[0 0 0]/Dest[951 0 R/XYZ null 706 0]>>endobj
+509 0 obj<</Subtype/Link/Rect[108.0 446.4 247.6 459.4]/Border[0 0 0]/Dest[951 0 R/XYZ null 582 0]>>endobj
+510 0 obj<</Subtype/Link/Rect[108.0 433.2 230.8 446.2]/Border[0 0 0]/Dest[951 0 R/XYZ null 484 0]>>endobj
+511 0 obj<</Subtype/Link/Rect[108.0 420.0 205.8 433.0]/Border[0 0 0]/Dest[951 0 R/XYZ null 359 0]>>endobj
+512 0 obj<</Subtype/Link/Rect[72.0 406.8 97.0 419.8]/Border[0 0 0]/Dest[954 0 R/XYZ null 503 0]>>endobj
+513 0 obj[493 0 R
+494 0 R
+495 0 R
+496 0 R
+497 0 R
+498 0 R
+499 0 R
+500 0 R
+501 0 R
+502 0 R
+503 0 R
+504 0 R
+505 0 R
+506 0 R
+507 0 R
+508 0 R
+509 0 R
+510 0 R
 511 0 R
-513 0 R]endobj
-515 0 obj<</S/Launch/F(#NTACLSUPPORT)>>endobj
-516 0 obj<</Subtype/Link/Rect[339.9 526.6 438.9 539.6]/Border[0 0 0]/A 515 0 R>>endobj
-517 0 obj[516 0 R]endobj
-518 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
-519 0 obj<</Subtype/Link/Rect[493.0 707.8 545.8 720.8]/Border[0 0 0]/A 518 0 R>>endobj
-520 0 obj<</S/Launch/F(#SECURITYMASK)>>endobj
-521 0 obj<</Subtype/Link/Rect[72.0 694.6 98.4 707.6]/Border[0 0 0]/A 520 0 R>>endobj
-522 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
-523 0 obj<</Subtype/Link/Rect[356.1 615.4 428.7 628.4]/Border[0 0 0]/A 522 0 R>>endobj
-524 0 obj<</S/Launch/F(#FORCESECURITYMODE)>>endobj
-525 0 obj<</Subtype/Link/Rect[424.3 562.6 549.7 575.6]/Border[0 0 0]/A 524 0 R>>endobj
-526 0 obj<</S/Launch/F(#FORCECREATEMODE)>>endobj
-527 0 obj<</Subtype/Link/Rect[356.1 483.4 468.3 496.4]/Border[0 0 0]/A 526 0 R>>endobj
-528 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-529 0 obj<</Subtype/Link/Rect[72.0 206.2 144.6 219.2]/Border[0 0 0]/A 528 0 R>>endobj
-530 0 obj[519 0 R
-521 0 R
-523 0 R
-525 0 R
-527 0 R
-529 0 R]endobj
-531 0 obj<</S/URI/URI(http://imprints.sourceforge.net)>>endobj
-532 0 obj<</Subtype/Link/Rect[143.7 544.6 280.3 557.6]/Border[0 0 0]/A 531 0 R>>endobj
-533 0 obj<</S/URI/URI(http://msdn.microsoft.com/)>>endobj
-534 0 obj<</Subtype/Link/Rect[218.6 518.2 341.1 531.2]/Border[0 0 0]/A 533 0 R>>endobj
-535 0 obj<</S/URI/URI(http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP)>>endobj
-536 0 obj<</Subtype/Link/Rect[72.0 293.8 355.9 306.8]/Border[0 0 0]/A 535 0 R>>endobj
-537 0 obj<</Subtype/Link/Rect[488.0 69.1 534.8 82.1]/Border[0 0 0]/Dest[1171 0 R/XYZ 0 357 0]>>endobj
-538 0 obj[532 0 R
-534 0 R
-536 0 R
-537 0 R]endobj
-539 0 obj<</Subtype/Link/Rect[94.2 719.6 125.4 732.6]/Border[0 0 0]/Dest[1171 0 R/XYZ 0 357 0]>>endobj
-540 0 obj<</S/Launch/F(#WRITELIST)>>endobj
-541 0 obj<</Subtype/Link/Rect[91.9 354.5 157.9 367.5]/Border[0 0 0]/A 540 0 R>>endobj
-542 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-543 0 obj<</Subtype/Link/Rect[184.4 341.3 285.8 354.3]/Border[0 0 0]/A 542 0 R>>endobj
-544 0 obj<</S/Launch/F(#GUESTOK)>>endobj
-545 0 obj<</Subtype/Link/Rect[160.6 314.9 228.6 327.9]/Border[0 0 0]/A 544 0 R>>endobj
-546 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
-547 0 obj<</Subtype/Link/Rect[501.3 205.0 536.7 218.0]/Border[0 0 0]/A 546 0 R>>endobj
-548 0 obj<</S/Launch/F(#MAPTOGUEST)>>endobj
-549 0 obj<</Subtype/Link/Rect[94.2 191.8 174.1 204.8]/Border[0 0 0]/A 548 0 R>>endobj
-550 0 obj[539 0 R
-541 0 R
-543 0 R
-545 0 R
-547 0 R
-549 0 R]endobj
-551 0 obj<</S/Launch/F(#PRINTERADMIN)>>endobj
-552 0 obj<</Subtype/Link/Rect[451.3 604.6 537.1 617.6]/Border[0 0 0]/A 551 0 R>>endobj
-553 0 obj[552 0 R]endobj
-554 0 obj<</S/Launch/F(rpcclient.1.html)>>endobj
-555 0 obj<</Subtype/Link/Rect[233.6 636.2 379.3 649.2]/Border[0 0 0]/A 554 0 R>>endobj
-556 0 obj<</S/Launch/F(#SHOWADDPRINTERWIZARD)>>endobj
-557 0 obj<</Subtype/Link/Rect[108.0 223.3 299.4 236.3]/Border[0 0 0]/A 556 0 R>>endobj
-558 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
-559 0 obj<</Subtype/Link/Rect[453.9 196.9 526.5 209.9]/Border[0 0 0]/A 558 0 R>>endobj
-560 0 obj<</S/Launch/F(#ADDPRINTERCOMMAND)>>endobj
-561 0 obj<</Subtype/Link/Rect[72.0 183.7 118.2 196.7]/Border[0 0 0]/A 560 0 R>>endobj
-562 0 obj<</S/Launch/F(#DELETEPRINTERCOMMAND)>>endobj
-563 0 obj<</Subtype/Link/Rect[189.3 78.1 334.5 91.1]/Border[0 0 0]/A 562 0 R>>endobj
-564 0 obj[555 0 R
-557 0 R
-559 0 R
-561 0 R
-563 0 R]endobj
-565 0 obj<</S/Launch/F(#ADDPRINTERCOMMAN)>>endobj
-566 0 obj<</Subtype/Link/Rect[200.6 721.0 326.0 734.0]/Border[0 0 0]/A 565 0 R>>endobj
-567 0 obj[566 0 R]endobj
-568 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
-569 0 obj<</Subtype/Link/Rect[451.4 681.4 510.8 694.4]/Border[0 0 0]/A 568 0 R>>endobj
-570 0 obj<</S/Launch/F(#ENUMPORTSCOMMAND)>>endobj
-571 0 obj<</Subtype/Link/Rect[72.0 668.2 118.2 681.2]/Border[0 0 0]/A 570 0 R>>endobj
-572 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
-573 0 obj<</Subtype/Link/Rect[297.8 593.0 437.4 606.0]/Border[0 0 0]/A 572 0 R>>endobj
-574 0 obj[569 0 R
-571 0 R
-573 0 R]endobj
-575 0 obj<</S/URI/URI(http://imprints.sourceforge.net/)>>endobj
-576 0 obj<</Subtype/Link/Rect[409.9 112.5 549.5 125.5]/Border[0 0 0]/A 575 0 R>>endobj
-577 0 obj[576 0 R]endobj
-578 0 obj<</S/Launch/F(#SECURITY)>>endobj
-579 0 obj<</Subtype/Link/Rect[73.4 613.6 116.6 624.6]/Border[0 0 0]/A 578 0 R>>endobj
-580 0 obj<</S/Launch/F(DOMAIN_MEMBER.html)>>endobj
-581 0 obj<</Subtype/Link/Rect[430.0 586.1 554.1 599.1]/Border[0 0 0]/A 580 0 R>>endobj
-582 0 obj<</S/Launch/F(ADS-HOWTO.html)>>endobj
-583 0 obj<</Subtype/Link/Rect[223.0 559.7 317.8 572.7]/Border[0 0 0]/A 582 0 R>>endobj
-584 0 obj[579 0 R
-581 0 R
-583 0 R]endobj
-585 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
-586 0 obj<</Subtype/Link/Rect[218.7 452.2 284.9 465.2]/Border[0 0 0]/A 585 0 R>>endobj
-587 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-588 0 obj<</Subtype/Link/Rect[350.3 135.4 422.9 148.4]/Border[0 0 0]/A 587 0 R>>endobj
-589 0 obj<</S/Launch/F(#SECURITY)>>endobj
-590 0 obj<</Subtype/Link/Rect[169.1 95.8 235.1 108.8]/Border[0 0 0]/A 589 0 R>>endobj
-591 0 obj[586 0 R
-588 0 R
-590 0 R]endobj
-592 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
-593 0 obj<</Subtype/Link/Rect[146.2 721.0 225.4 734.0]/Border[0 0 0]/A 592 0 R>>endobj
-594 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-595 0 obj<</Subtype/Link/Rect[224.7 641.8 336.9 654.8]/Border[0 0 0]/A 594 0 R>>endobj
-596 0 obj<</S/Launch/F(#PASSWORDSERVER)>>endobj
-597 0 obj<</Subtype/Link/Rect[188.7 602.2 300.9 615.2]/Border[0 0 0]/A 596 0 R>>endobj
-598 0 obj<</S/Launch/F(#SECURITYEQUALSSERVER)>>endobj
-599 0 obj<</Subtype/Link/Rect[275.2 69.0 351.3 82.0]/Border[0 0 0]/A 598 0 R>>endobj
-600 0 obj[593 0 R
-595 0 R
-597 0 R
-599 0 R]endobj
-601 0 obj<</S/Launch/F(winbind.html)>>endobj
-602 0 obj<</Subtype/Link/Rect[151.1 681.4 219.5 694.4]/Border[0 0 0]/A 601 0 R>>endobj
-603 0 obj<</S/URI/URI(http://www.linuxworld.com)>>endobj
-604 0 obj<</Subtype/Link/Rect[438.0 364.6 495.1 377.6]/Border[0 0 0]/A 603 0 R>>endobj
-605 0 obj<</S/URI/URI(http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html)>>endobj
-606 0 obj<</Subtype/Link/Rect[72.0 351.4 186.6 364.4]/Border[0 0 0]/A 605 0 R>>endobj
-607 0 obj[602 0 R
-604 0 R
-606 0 R]endobj
-608 0 obj<</S/URI/URI(mailto:jtrostel@snapserver.com)>>endobj
-609 0 obj<</Subtype/Link/Rect[197.9 304.6 310.1 317.6]/Border[0 0 0]/A 608 0 R>>endobj
-610 0 obj[609 0 R]endobj
-611 0 obj<</S/URI/URI(http://samba.org/)>>endobj
-612 0 obj<</Subtype/Link/Rect[151.1 438.2 262.3 451.2]/Border[0 0 0]/A 611 0 R>>endobj
-613 0 obj[612 0 R]endobj
-614 0 obj<</S/Launch/F(winbindd.8.html)>>endobj
-615 0 obj<</Subtype/Link/Rect[306.3 232.9 363.4 245.9]/Border[0 0 0]/A 614 0 R>>endobj
-616 0 obj<</S/Launch/F(#WINBINDSEPARATOR)>>endobj
-617 0 obj<</Subtype/Link/Rect[100.4 161.5 192.2 172.5]/Border[0 0 0]/A 616 0 R>>endobj
-618 0 obj<</S/Launch/F(#WINBINDUID)>>endobj
-619 0 obj<</Subtype/Link/Rect[100.4 139.9 159.8 150.9]/Border[0 0 0]/A 618 0 R>>endobj
-620 0 obj<</S/Launch/F(#WINBINDGID)>>endobj
-621 0 obj<</Subtype/Link/Rect[100.4 118.3 159.8 129.3]/Border[0 0 0]/A 620 0 R>>endobj
-622 0 obj<</S/Launch/F(#WINBINDENUMUSERS)>>endobj
-623 0 obj<</Subtype/Link/Rect[100.4 96.7 197.6 107.7]/Border[0 0 0]/A 622 0 R>>endobj
-624 0 obj<</S/Launch/F(#WINBINDENUMGROUP)>>endobj
-625 0 obj<</Subtype/Link/Rect[100.4 85.9 203.0 96.9]/Border[0 0 0]/A 624 0 R>>endobj
-626 0 obj<</S/Launch/F(#TEMPLATEHOMEDIR)>>endobj
-627 0 obj<</Subtype/Link/Rect[100.4 64.3 186.8 75.3]/Border[0 0 0]/A 626 0 R>>endobj
-628 0 obj[615 0 R
-617 0 R
-619 0 R
-621 0 R
-623 0 R
-625 0 R
-627 0 R]endobj
-629 0 obj<</S/Launch/F(#TEMPLATESHELL)>>endobj
-630 0 obj<</Subtype/Link/Rect[100.4 721.6 176.0 732.6]/Border[0 0 0]/A 629 0 R>>endobj
-631 0 obj[630 0 R]endobj
-632 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-633 0 obj<</Subtype/Link/Rect[153.2 599.8 225.8 612.8]/Border[0 0 0]/A 632 0 R>>endobj
-634 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-635 0 obj<</Subtype/Link/Rect[303.1 599.8 389.9 612.8]/Border[0 0 0]/A 634 0 R>>endobj
-636 0 obj<</S/Launch/F(UNIX_INSTALL.html)>>endobj
-637 0 obj<</Subtype/Link/Rect[333.5 442.5 438.0 455.5]/Border[0 0 0]/A 636 0 R>>endobj
-638 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-639 0 obj<</Subtype/Link/Rect[440.4 429.3 541.8 442.3]/Border[0 0 0]/A 638 0 R>>endobj
-640 0 obj[633 0 R
-635 0 R
-637 0 R
-639 0 R]endobj
-641 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-642 0 obj<</Subtype/Link/Rect[465.5 659.0 546.8 672.0]/Border[0 0 0]/A 641 0 R>>endobj
-643 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-644 0 obj<</Subtype/Link/Rect[72.0 645.8 92.8 658.8]/Border[0 0 0]/A 643 0 R>>endobj
-645 0 obj<</S/Launch/F(#NETBIOSNAME)>>endobj
-646 0 obj<</Subtype/Link/Rect[95.0 572.0 159.8 583.0]/Border[0 0 0]/A 645 0 R>>endobj
-647 0 obj<</S/Launch/F(#WORKGROUP)>>endobj
-648 0 obj<</Subtype/Link/Rect[95.0 561.2 143.6 572.2]/Border[0 0 0]/A 647 0 R>>endobj
-649 0 obj<</S/Launch/F(#OSLEVEL)>>endobj
-650 0 obj<</Subtype/Link/Rect[95.0 528.8 138.2 539.8]/Border[0 0 0]/A 649 0 R>>endobj
-651 0 obj<</S/Launch/F(#PERFERREDMASTER)>>endobj
-652 0 obj<</Subtype/Link/Rect[95.0 518.0 181.4 529.0]/Border[0 0 0]/A 651 0 R>>endobj
-653 0 obj<</S/Launch/F(#DOMAINMASTER)>>endobj
-654 0 obj<</Subtype/Link/Rect[95.0 507.2 165.2 518.2]/Border[0 0 0]/A 653 0 R>>endobj
-655 0 obj<</S/Launch/F(#LOCALMASTER)>>endobj
-656 0 obj<</Subtype/Link/Rect[95.0 496.4 159.8 507.4]/Border[0 0 0]/A 655 0 R>>endobj
-657 0 obj<</S/Launch/F(#SECURITYEQUALSUSER)>>endobj
-658 0 obj<</Subtype/Link/Rect[95.0 464.0 138.2 475.0]/Border[0 0 0]/A 657 0 R>>endobj
-659 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-660 0 obj<</Subtype/Link/Rect[95.0 431.6 186.8 442.6]/Border[0 0 0]/A 659 0 R>>endobj
-661 0 obj<</S/Launch/F(#DOMAINLOGONS)>>endobj
-662 0 obj<</Subtype/Link/Rect[95.0 399.2 165.2 410.2]/Border[0 0 0]/A 661 0 R>>endobj
-663 0 obj<</S/Launch/F(#LOGONPATH)>>endobj
-664 0 obj<</Subtype/Link/Rect[95.0 366.8 149.0 377.8]/Border[0 0 0]/A 663 0 R>>endobj
-665 0 obj<</S/Launch/F(#LOGONDRIVE)>>endobj
-666 0 obj<</Subtype/Link/Rect[95.0 323.6 154.4 334.6]/Border[0 0 0]/A 665 0 R>>endobj
-667 0 obj<</S/Launch/F(#LOGONHOME)>>endobj
-668 0 obj<</Subtype/Link/Rect[95.0 312.8 149.0 323.8]/Border[0 0 0]/A 667 0 R>>endobj
-669 0 obj<</S/Launch/F(#LOGONSCRIPT)>>endobj
-670 0 obj<</Subtype/Link/Rect[95.0 269.6 159.8 280.6]/Border[0 0 0]/A 669 0 R>>endobj
-671 0 obj<</S/Launch/F(#PATH)>>endobj
-672 0 obj<</Subtype/Link/Rect[95.0 226.4 116.6 237.4]/Border[0 0 0]/A 671 0 R>>endobj
-673 0 obj<</S/Launch/F(#READONLY)>>endobj
-674 0 obj<</Subtype/Link/Rect[95.0 215.6 143.6 226.6]/Border[0 0 0]/A 673 0 R>>endobj
-675 0 obj<</S/Launch/F(#WRITELIST)>>endobj
-676 0 obj<</Subtype/Link/Rect[95.0 204.8 149.0 215.8]/Border[0 0 0]/A 675 0 R>>endobj
-677 0 obj<</S/Launch/F(#PATH)>>endobj
-678 0 obj<</Subtype/Link/Rect[95.0 161.6 116.6 172.6]/Border[0 0 0]/A 677 0 R>>endobj
-679 0 obj<</S/Launch/F(#READONLY)>>endobj
-680 0 obj<</Subtype/Link/Rect[95.0 150.8 143.6 161.8]/Border[0 0 0]/A 679 0 R>>endobj
-681 0 obj<</S/Launch/F(#CREATEMASK)>>endobj
-682 0 obj<</Subtype/Link/Rect[95.0 140.0 154.4 151.0]/Border[0 0 0]/A 681 0 R>>endobj
-683 0 obj<</S/Launch/F(#DIRECTORYMASK)>>endobj
-684 0 obj<</Subtype/Link/Rect[95.0 129.2 170.6 140.2]/Border[0 0 0]/A 683 0 R>>endobj
-685 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-686 0 obj<</Subtype/Link/Rect[108.0 62.1 200.6 75.1]/Border[0 0 0]/A 685 0 R>>endobj
-687 0 obj[642 0 R
-644 0 R
-646 0 R
-648 0 R
-650 0 R
-652 0 R
-654 0 R
-656 0 R
-658 0 R
-660 0 R
-662 0 R
-664 0 R
-666 0 R
-668 0 R
-670 0 R
-672 0 R
-674 0 R
-676 0 R
-678 0 R
-680 0 R
-682 0 R
-684 0 R
-686 0 R]endobj
-688 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
-689 0 obj<</Subtype/Link/Rect[494.2 641.8 530.0 654.8]/Border[0 0 0]/A 688 0 R>>endobj
-690 0 obj<</S/Launch/F(#DOMAINADMINGROUP)>>endobj
-691 0 obj<</Subtype/Link/Rect[72.0 628.6 127.9 641.6]/Border[0 0 0]/A 690 0 R>>endobj
-692 0 obj[689 0 R
-691 0 R]endobj
-693 0 obj<</S/Launch/F(smbpasswd.8.html)>>endobj
-694 0 obj<</Subtype/Link/Rect[72.0 548.9 138.6 561.9]/Border[0 0 0]/A 693 0 R>>endobj
-695 0 obj<</S/Launch/F(#ADDUSERSCRIPT)>>endobj
-696 0 obj<</Subtype/Link/Rect[420.0 260.4 486.9 273.4]/Border[0 0 0]/A 695 0 R>>endobj
-697 0 obj[694 0 R
-696 0 R]endobj
-698 0 obj<</S/URI/URI(http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp)>>endobj
-699 0 obj<</Subtype/Link/Rect[139.8 132.9 387.6 145.9]/Border[0 0 0]/A 698 0 R>>endobj
-700 0 obj[699 0 R]endobj
-701 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE)>>endobj
-702 0 obj<</Subtype/Link/Rect[285.2 259.0 540.0 272.0]/Border[0 0 0]/A 701 0 R>>endobj
-703 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE)>>endobj
-704 0 obj<</Subtype/Link/Rect[230.8 219.4 505.8 232.4]/Border[0 0 0]/A 703 0 R>>endobj
-705 0 obj[702 0 R
-704 0 R]endobj
-706 0 obj<</S/URI/URI(http://www.tcpdump.org/)>>endobj
-707 0 obj<</Subtype/Link/Rect[349.4 483.4 455.4 496.4]/Border[0 0 0]/A 706 0 R>>endobj
-708 0 obj<</S/URI/URI(http://www.ethereal.com/)>>endobj
-709 0 obj<</Subtype/Link/Rect[424.5 470.2 536.6 483.2]/Border[0 0 0]/A 708 0 R>>endobj
-710 0 obj[707 0 R
-709 0 R]endobj
-711 0 obj<</S/URI/URI(http://samba.org)>>endobj
-712 0 obj<</Subtype/Link/Rect[233.5 602.2 308.1 615.2]/Border[0 0 0]/A 711 0 R>>endobj
-713 0 obj<</S/URI/URI(http://www.skippy.net/linux/smb-howto.html)>>endobj
-714 0 obj<</Subtype/Link/Rect[144.0 549.4 346.1 562.4]/Border[0 0 0]/A 713 0 R>>endobj
-715 0 obj<</S/URI/URI(http://bioserve.latrobe.edu.au/samba)>>endobj
-716 0 obj<</Subtype/Link/Rect[179.7 523.0 342.3 536.0]/Border[0 0 0]/A 715 0 R>>endobj
-717 0 obj<</S/URI/URI(http://samba.org/cifs/)>>endobj
-718 0 obj<</Subtype/Link/Rect[282.1 509.8 378.7 522.8]/Border[0 0 0]/A 717 0 R>>endobj
-719 0 obj<</S/URI/URI(http://mailhost.cb1.com/~lkcl/ntdom/)>>endobj
-720 0 obj<</Subtype/Link/Rect[241.5 496.6 408.5 509.6]/Border[0 0 0]/A 719 0 R>>endobj
-721 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/developr/drg/CIFS/)>>endobj
-722 0 obj<</Subtype/Link/Rect[277.5 483.4 469.1 496.4]/Border[0 0 0]/A 721 0 R>>endobj
-723 0 obj<</S/URI/URI(http://samba.org)>>endobj
-724 0 obj<</Subtype/Link/Rect[358.2 430.6 432.8 443.6]/Border[0 0 0]/A 723 0 R>>endobj
-725 0 obj<</S/URI/URI(http://www.samba-tng.org/)>>endobj
-726 0 obj<</Subtype/Link/Rect[298.4 391.0 422.8 404.0]/Border[0 0 0]/A 725 0 R>>endobj
-727 0 obj[712 0 R
+512 0 R
+]endobj
+514 0 obj<</Dests 515 0 R>>endobj
+515 0 obj<</Kids[516 0 R]>>endobj
+516 0 obj<</Limits[(aen1003)(winbind)]/Names[(aen1003)517 0 R(aen1022)518 0 R(aen1025)519 0 R(aen1046)520 0 R(aen1050)521 0 R(aen1062)522 0 R(aen1089)523 0 R(aen1134)524 0 R(aen119)525 0 R(aen1198)526 0 R(aen1203)527 0 R(aen1236)528 0 R(aen1242)529 0 R(aen1281)530 0 R(aen1324)531 0 R(aen1343)532 0 R(aen135)533 0 R(aen1378)534 0 R(aen1387)535 0 R(aen1402)536 0 R(aen144)537 0 R(aen1450)538 0 R(aen1494)539 0 R(aen160)540 0 R(aen1608)541 0 R(aen1634)542 0 R(aen1653)543 0 R(aen1661)544 0 R(aen1669)545 0 R(aen1677)546 0 R(aen1684)547 0 R(aen1720)548 0 R(aen1733)549 0 R(aen1736)550 0 R(aen174)551 0 R(aen1746)552 0 R(aen1782)553 0 R(aen1786)554 0 R(aen179)555 0 R(aen1794)556 0 R(aen1797)557 0 R(aen1800)558 0 R(aen1803)559 0 R(aen1807)560 0 R(aen183)561 0 R(aen1836)562 0 R(aen186)563 0 R(aen1867)564 0 R(aen1888)565 0 R(aen1919)566 0 R(aen1924)567 0 R(aen1945)568 0 R(aen1947)569 0 R(aen195)570 0 R(aen1964)571 0 R(aen199)572 0 R(aen1992)573 0 R(aen20)574 0 R(aen2008)575 0 R(aen2013)576 0 R(aen2033)577 0 R(aen208)578 0 R(aen2103)579 0 R(aen211)580 0 R(aen2111)581 0 R(aen2140)582 0 R(aen2144)583 0 R(aen2157)584 0 R(aen2164)585 0 R(aen2168)586 0 R(aen2173)587 0 R(aen2177)588 0 R(aen2193)589 0 R(aen2201)590 0 R(aen2205)591 0 R(aen2208)592 0 R(aen2212)593 0 R(aen2225)594 0 R(aen2241)595 0 R(aen225)596 0 R(aen2254)597 0 R(aen2267)598 0 R(aen2289)599 0 R(aen2306)600 0 R(aen2317)601 0 R(aen2358)602 0 R(aen2411)603 0 R(aen2419)604 0 R(aen2433)605 0 R(aen2435)606 0 R(aen2450)607 0 R(aen2459)608 0 R(aen2463)609 0 R(aen247)610 0 R(aen2479)611 0 R(aen2484)612 0 R(aen2487)613 0 R(aen2492)614 0 R(aen2520)615 0 R(aen263)616 0 R(aen279)617 0 R(aen28)618 0 R(aen290)619 0 R(aen298)620 0 R(aen310)621 0 R(aen322)622 0 R(aen327)623 0 R(aen335)624 0 R(aen340)625 0 R(aen343)626 0 R(aen355)627 0 R(aen365)628 0 R(aen393)629 0 R(aen4)630 0 R(aen401)631 0 R(aen418)632 0 R(aen425)633 0 R(aen430)634 0 R(aen435)635 0 R(aen456)636 0 R(aen500)637 0 R(aen507)638 0 R(aen527)639 0 R(aen56)640 0 R(aen562)641 0 R(aen582)642 0 R(aen591)643 0 R(aen60)644 0 R(aen602)645 0 R(aen622)646 0 R(aen637)647 0 R(aen651)648 0 R(aen658)649 0 R(aen680)650 0 R(aen74)651 0 R(aen744)652 0 R(aen765)653 0 R(aen787)654 0 R(aen798)655 0 R(aen8)656 0 R(aen80)657 0 R(aen833)658 0 R(aen851)659 0 R(aen862)660 0 R(aen873)661 0 R(aen898)662 0 R(aen90)663 0 R(aen906)664 0 R(aen911)665 0 R(aen921)666 0 R(aen924)667 0 R(aen928)668 0 R(aen950)669 0 R(aen983)670 0 R(aen999)671 0 R(body.html)672 0 R(cups)673 0 R(cvs-access)674 0 R(domain-security)675 0 R(install)676 0 R(integrate-ms-networks)677 0 R(migration)678 0 R(msdfs)679 0 R(os2)680 0 R(pam)681 0 R(printing)682 0 R(samba-bdc)683 0 R(samba-ldap-howto)684 0 R(samba-pdc)685 0 R(samba-project-documentation)686 0 R(unix-permissions)687 0 R(winbind)688 0 R]>>endobj
+517 0 obj<</D[798 0 R/XYZ null 632 null]>>endobj
+518 0 obj<</D[798 0 R/XYZ null 277 null]>>endobj
+519 0 obj<</D[801 0 R/XYZ null 768 null]>>endobj
+520 0 obj<</D[801 0 R/XYZ null 204 null]>>endobj
+521 0 obj<</D[804 0 R/XYZ null 633 null]>>endobj
+522 0 obj<</D[807 0 R/XYZ null 768 null]>>endobj
+523 0 obj<</D[807 0 R/XYZ null 234 null]>>endobj
+524 0 obj<</D[816 0 R/XYZ null 730 null]>>endobj
+525 0 obj<</D[696 0 R/XYZ null 266 null]>>endobj
+526 0 obj<</D[819 0 R/XYZ null 383 null]>>endobj
+527 0 obj<</D[819 0 R/XYZ null 166 null]>>endobj
+528 0 obj<</D[825 0 R/XYZ null 706 null]>>endobj
+529 0 obj<</D[825 0 R/XYZ null 608 null]>>endobj
+530 0 obj<</D[828 0 R/XYZ null 726 null]>>endobj
+531 0 obj<</D[831 0 R/XYZ null 607 null]>>endobj
+532 0 obj<</D[831 0 R/XYZ null 232 null]>>endobj
+533 0 obj<</D[699 0 R/XYZ null 686 null]>>endobj
+534 0 obj<</D[834 0 R/XYZ null 359 null]>>endobj
+535 0 obj<</D[837 0 R/XYZ null 768 null]>>endobj
+536 0 obj<</D[837 0 R/XYZ null 392 null]>>endobj
+537 0 obj<</D[699 0 R/XYZ null 509 null]>>endobj
+538 0 obj<</D[843 0 R/XYZ null 739 null]>>endobj
+539 0 obj<</D[846 0 R/XYZ null 686 null]>>endobj
+540 0 obj<</D[699 0 R/XYZ null 332 null]>>endobj
+541 0 obj<</D[852 0 R/XYZ null 303 null]>>endobj
+542 0 obj<</D[855 0 R/XYZ null 277 null]>>endobj
+543 0 obj<</D[858 0 R/XYZ null 482 null]>>endobj
+544 0 obj<</D[858 0 R/XYZ null 225 null]>>endobj
+545 0 obj<</D[861 0 R/XYZ null 684 null]>>endobj
+546 0 obj<</D[861 0 R/XYZ null 446 null]>>endobj
+547 0 obj<</D[861 0 R/XYZ null 289 null]>>endobj
+548 0 obj<</D[867 0 R/XYZ null 605 null]>>endobj
+549 0 obj<</D[870 0 R/XYZ null 698 null]>>endobj
+550 0 obj<</D[870 0 R/XYZ null 603 null]>>endobj
+551 0 obj<</D[702 0 R/XYZ null 768 null]>>endobj
+552 0 obj<</D[870 0 R/XYZ null 274 null]>>endobj
+553 0 obj<</D[879 0 R/XYZ null 706 null]>>endobj
+554 0 obj<</D[879 0 R/XYZ null 621 null]>>endobj
+555 0 obj<</D[702 0 R/XYZ null 577 null]>>endobj
+556 0 obj<</D[879 0 R/XYZ null 196 null]>>endobj
+557 0 obj<</D[882 0 R/XYZ null 726 null]>>endobj
+558 0 obj<</D[882 0 R/XYZ null 588 null]>>endobj
+559 0 obj<</D[882 0 R/XYZ null 490 null]>>endobj
+560 0 obj<</D[882 0 R/XYZ null 339 null]>>endobj
+561 0 obj<</D[702 0 R/XYZ null 505 null]>>endobj
+562 0 obj<</D[885 0 R/XYZ null 411 null]>>endobj
+563 0 obj<</D[702 0 R/XYZ null 407 null]>>endobj
+564 0 obj<</D[888 0 R/XYZ null 706 null]>>endobj
+565 0 obj<</D[888 0 R/XYZ null 423 null]>>endobj
+566 0 obj<</D[891 0 R/XYZ null 567 null]>>endobj
+567 0 obj<</D[891 0 R/XYZ null 456 null]>>endobj
+568 0 obj<</D[894 0 R/XYZ null 581 null]>>endobj
+569 0 obj<</D[894 0 R/XYZ null 551 null]>>endobj
+570 0 obj<</D[705 0 R/XYZ null 768 null]>>endobj
+571 0 obj<</D[897 0 R/XYZ null 652 null]>>endobj
+572 0 obj<</D[705 0 R/XYZ null 643 null]>>endobj
+573 0 obj<</D[900 0 R/XYZ null 727 null]>>endobj
+574 0 obj<</D[690 0 R/XYZ null 730 null]>>endobj
+575 0 obj<</D[900 0 R/XYZ null 523 null]>>endobj
+576 0 obj<</D[900 0 R/XYZ null 320 null]>>endobj
+577 0 obj<</D[903 0 R/XYZ null 602 null]>>endobj
+578 0 obj<</D[705 0 R/XYZ null 175 null]>>endobj
+579 0 obj<</D[906 0 R/XYZ null 581 null]>>endobj
+580 0 obj<</D[708 0 R/XYZ null 768 null]>>endobj
+581 0 obj<</D[909 0 R/XYZ null 739 null]>>endobj
+582 0 obj<</D[912 0 R/XYZ null 706 null]>>endobj
+583 0 obj<</D[912 0 R/XYZ null 569 null]>>endobj
+584 0 obj<</D[912 0 R/XYZ null 246 null]>>endobj
+585 0 obj<</D[915 0 R/XYZ null 581 null]>>endobj
+586 0 obj<</D[915 0 R/XYZ null 417 null]>>endobj
+587 0 obj<</D[915 0 R/XYZ null 292 null]>>endobj
+588 0 obj<</D[918 0 R/XYZ null 768 null]>>endobj
+589 0 obj<</D[918 0 R/XYZ null 313 null]>>endobj
+590 0 obj<</D[921 0 R/XYZ null 673 null]>>endobj
+591 0 obj<</D[921 0 R/XYZ null 483 null]>>endobj
+592 0 obj<</D[921 0 R/XYZ null 332 null]>>endobj
+593 0 obj<</D[921 0 R/XYZ null 221 null]>>endobj
+594 0 obj<</D[924 0 R/XYZ null 567 null]>>endobj
+595 0 obj<</D[924 0 R/XYZ null 285 null]>>endobj
+596 0 obj<</D[711 0 R/XYZ null 706 null]>>endobj
+597 0 obj<</D[927 0 R/XYZ null 753 null]>>endobj
+598 0 obj<</D[927 0 R/XYZ null 598 null]>>endobj
+599 0 obj<</D[927 0 R/XYZ null 298 null]>>endobj
+600 0 obj<</D[930 0 R/XYZ null 691 null]>>endobj
+601 0 obj<</D[930 0 R/XYZ null 530 null]>>endobj
+602 0 obj<</D[933 0 R/XYZ null 417 null]>>endobj
+603 0 obj<</D[936 0 R/XYZ null 206 null]>>endobj
+604 0 obj<</D[939 0 R/XYZ null 713 null]>>endobj
+605 0 obj<</D[942 0 R/XYZ null 730 null]>>endobj
+606 0 obj<</D[942 0 R/XYZ null 700 null]>>endobj
+607 0 obj<</D[942 0 R/XYZ null 348 null]>>endobj
+608 0 obj<</D[945 0 R/XYZ null 768 null]>>endobj
+609 0 obj<</D[945 0 R/XYZ null 639 null]>>endobj
+610 0 obj<</D[711 0 R/XYZ null 463 null]>>endobj
+611 0 obj<</D[948 0 R/XYZ null 706 null]>>endobj
+612 0 obj<</D[948 0 R/XYZ null 582 null]>>endobj
+613 0 obj<</D[948 0 R/XYZ null 484 null]>>endobj
+614 0 obj<</D[948 0 R/XYZ null 359 null]>>endobj
+615 0 obj<</D[951 0 R/XYZ null 503 null]>>endobj
+616 0 obj<</D[711 0 R/XYZ null 325 null]>>endobj
+617 0 obj<</D[714 0 R/XYZ null 435 null]>>endobj
+618 0 obj<</D[690 0 R/XYZ null 593 null]>>endobj
+619 0 obj<</D[714 0 R/XYZ null 285 null]>>endobj
+620 0 obj<</D[717 0 R/XYZ null 768 null]>>endobj
+621 0 obj<</D[717 0 R/XYZ null 268 null]>>endobj
+622 0 obj<</D[720 0 R/XYZ null 210 null]>>endobj
+623 0 obj<</D[723 0 R/XYZ null 660 null]>>endobj
+624 0 obj<</D[726 0 R/XYZ null 371 null]>>endobj
+625 0 obj<</D[726 0 R/XYZ null 260 null]>>endobj
+626 0 obj<</D[729 0 R/XYZ null 768 null]>>endobj
+627 0 obj<</D[729 0 R/XYZ null 529 null]>>endobj
+628 0 obj<</D[732 0 R/XYZ null 633 null]>>endobj
+629 0 obj<</D[735 0 R/XYZ null 581 null]>>endobj
+630 0 obj<</D[687 0 R/XYZ null 647 null]>>endobj
+631 0 obj<</D[735 0 R/XYZ null 304 null]>>endobj
+632 0 obj<</D[738 0 R/XYZ null 594 null]>>endobj
+633 0 obj<</D[738 0 R/XYZ null 271 null]>>endobj
+634 0 obj<</D[741 0 R/XYZ null 753 null]>>endobj
+635 0 obj<</D[741 0 R/XYZ null 639 null]>>endobj
+636 0 obj<</D[744 0 R/XYZ null 706 null]>>endobj
+637 0 obj<</D[747 0 R/XYZ null 179 null]>>endobj
+638 0 obj<</D[750 0 R/XYZ null 726 null]>>endobj
+639 0 obj<</D[753 0 R/XYZ null 706 null]>>endobj
+640 0 obj<</D[690 0 R/XYZ null 178 null]>>endobj
+641 0 obj<</D[756 0 R/XYZ null 673 null]>>endobj
+642 0 obj<</D[759 0 R/XYZ null 706 null]>>endobj
+643 0 obj<</D[759 0 R/XYZ null 525 null]>>endobj
+644 0 obj<</D[693 0 R/XYZ null 739 null]>>endobj
+645 0 obj<</D[759 0 R/XYZ null 348 null]>>endobj
+646 0 obj<</D[762 0 R/XYZ null 686 null]>>endobj
+647 0 obj<</D[762 0 R/XYZ null 443 null]>>endobj
+648 0 obj<</D[762 0 R/XYZ null 187 null]>>endobj
+649 0 obj<</D[765 0 R/XYZ null 673 null]>>endobj
+650 0 obj<</D[765 0 R/XYZ null 232 null]>>endobj
+651 0 obj<</D[693 0 R/XYZ null 379 null]>>endobj
+652 0 obj<</D[771 0 R/XYZ null 594 null]>>endobj
+653 0 obj<</D[774 0 R/XYZ null 730 null]>>endobj
+654 0 obj<</D[774 0 R/XYZ null 302 null]>>endobj
+655 0 obj<</D[777 0 R/XYZ null 693 null]>>endobj
+656 0 obj<</D[687 0 R/XYZ null 616 null]>>endobj
+657 0 obj<</D[693 0 R/XYZ null 268 null]>>endobj
+658 0 obj<</D[780 0 R/XYZ null 450 null]>>endobj
+659 0 obj<</D[783 0 R/XYZ null 686 null]>>endobj
+660 0 obj<</D[783 0 R/XYZ null 403 null]>>endobj
+661 0 obj<</D[786 0 R/XYZ null 684 null]>>endobj
+662 0 obj<</D[786 0 R/XYZ null 401 null]>>endobj
+663 0 obj<</D[696 0 R/XYZ null 768 null]>>endobj
+664 0 obj<</D[786 0 R/XYZ null 211 null]>>endobj
+665 0 obj<</D[789 0 R/XYZ null 713 null]>>endobj
+666 0 obj<</D[789 0 R/XYZ null 575 null]>>endobj
+667 0 obj<</D[789 0 R/XYZ null 477 null]>>endobj
+668 0 obj<</D[789 0 R/XYZ null 366 null]>>endobj
+669 0 obj<</D[792 0 R/XYZ null 459 null]>>endobj
+670 0 obj<</D[795 0 R/XYZ null 707 null]>>endobj
+671 0 obj<</D[798 0 R/XYZ null 730 null]>>endobj
+672 0 obj<</D[693 0 R/XYZ null 698 null]>>endobj
+673 0 obj<</D[798 0 R/XYZ null 798 null]>>endobj
+674 0 obj<</D[948 0 R/XYZ null 798 null]>>endobj
+675 0 obj<</D[816 0 R/XYZ null 798 null]>>endobj
+676 0 obj<</D[690 0 R/XYZ null 798 null]>>endobj
+677 0 obj<</D[711 0 R/XYZ null 798 null]>>endobj
+678 0 obj<</D[792 0 R/XYZ null 459 null]>>endobj
+679 0 obj<</D[753 0 R/XYZ null 798 null]>>endobj
+680 0 obj<</D[942 0 R/XYZ null 798 null]>>endobj
+681 0 obj<</D[744 0 R/XYZ null 798 null]>>endobj
+682 0 obj<</D[774 0 R/XYZ null 798 null]>>endobj
+683 0 obj<</D[879 0 R/XYZ null 798 null]>>endobj
+684 0 obj<</D[888 0 R/XYZ null 798 null]>>endobj
+685 0 obj<</D[825 0 R/XYZ null 798 null]>>endobj
+686 0 obj<</D[687 0 R/XYZ null 753 null]>>endobj
+687 0 obj<</D[759 0 R/XYZ null 798 null]>>endobj
+688 0 obj<</D[912 0 R/XYZ null 798 null]>>endobj
+689 0 obj<</Type/Pages/MediaBox[0 0 595 792]/Count 93/Kids[690 0 R
+957 0 R
+960 0 R
+963 0 R
+966 0 R
+693 0 R
+696 0 R
+699 0 R
+702 0 R
+705 0 R
+708 0 R
+711 0 R
 714 0 R
-716 0 R
-718 0 R
+717 0 R
 720 0 R
-722 0 R
-724 0 R
-726 0 R]endobj
-728 0 obj<</S/URI/URI(http://lists.samba.org/)>>endobj
-729 0 obj<</Subtype/Link/Rect[132.8 615.4 227.8 628.4]/Border[0 0 0]/A 728 0 R>>endobj
-730 0 obj<</S/URI/URI(http://lists.samba.org/mailman/roster/samba-ntdom)>>endobj
-731 0 obj<</Subtype/Link/Rect[306.3 602.2 328.0 615.2]/Border[0 0 0]/A 730 0 R>>endobj
-732 0 obj[729 0 R
-731 0 R]endobj
-733 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
-734 0 obj<</Subtype/Link/Rect[210.4 613.0 317.8 626.0]/Border[0 0 0]/A 733 0 R>>endobj
-735 0 obj[734 0 R]endobj
-736 0 obj<</S/URI/URI(http://www.openldap.org/)>>endobj
-737 0 obj<</Subtype/Link/Rect[169.5 560.2 285.9 573.2]/Border[0 0 0]/A 736 0 R>>endobj
-738 0 obj<</S/URI/URI(http://iplanet.netscape.com/directory)>>endobj
-739 0 obj<</Subtype/Link/Rect[223.9 547.0 387.9 560.0]/Border[0 0 0]/A 738 0 R>>endobj
-740 0 obj<</S/URI/URI(http://www.ora.com/)>>endobj
-741 0 obj<</Subtype/Link/Rect[112.6 520.6 202.0 533.6]/Border[0 0 0]/A 740 0 R>>endobj
-742 0 obj<</S/URI/URI(http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html)>>endobj
-743 0 obj<</Subtype/Link/Rect[125.1 454.6 267.5 467.6]/Border[0 0 0]/A 742 0 R>>endobj
-744 0 obj<</S/URI/URI(http://samba.idealx.org/)>>endobj
-745 0 obj<</Subtype/Link/Rect[243.7 441.4 287.3 454.4]/Border[0 0 0]/A 744 0 R>>endobj
-746 0 obj<</S/Launch/F(#ENCRYPTPASSWORDS)>>endobj
-747 0 obj<</Subtype/Link/Rect[212.8 366.2 332.5 379.2]/Border[0 0 0]/A 746 0 R>>endobj
-748 0 obj[737 0 R
-739 0 R
+723 0 R
+726 0 R
+729 0 R
+732 0 R
+735 0 R
+738 0 R
 741 0 R
-743 0 R
-745 0 R
-747 0 R]endobj
-749 0 obj<</S/URI/URI(http://www.padl.com/)>>endobj
-750 0 obj<</Subtype/Link/Rect[284.3 602.2 380.9 615.2]/Border[0 0 0]/A 749 0 R>>endobj
-751 0 obj<</S/Launch/F(samba-patches@samba.org)>>endobj
-752 0 obj<</Subtype/Link/Rect[332.3 487.4 458.0 500.4]/Border[0 0 0]/A 751 0 R>>endobj
-753 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
-754 0 obj<</Subtype/Link/Rect[476.6 487.4 555.8 500.4]/Border[0 0 0]/A 753 0 R>>endobj
-755 0 obj<</S/Launch/F(jerry@samba.org)>>endobj
-756 0 obj<</Subtype/Link/Rect[271.2 254.5 350.4 267.5]/Border[0 0 0]/A 755 0 R>>endobj
-757 0 obj[750 0 R
-752 0 R
-754 0 R
-756 0 R]endobj
-758 0 obj<</S/Launch/F(#LDAPSSL)>>endobj
-759 0 obj<</Subtype/Link/Rect[108.0 721.0 141.3 734.0]/Border[0 0 0]/A 758 0 R>>endobj
-760 0 obj<</S/Launch/F(#LDAPSERVER)>>endobj
-761 0 obj<</Subtype/Link/Rect[108.0 707.8 156.6 720.8]/Border[0 0 0]/A 760 0 R>>endobj
-762 0 obj<</S/Launch/F(#LDAPADMINDN)>>endobj
-763 0 obj<</Subtype/Link/Rect[108.0 694.6 170.9 707.6]/Border[0 0 0]/A 762 0 R>>endobj
-764 0 obj<</S/Launch/F(#LDAPSUFFIX)>>endobj
-765 0 obj<</Subtype/Link/Rect[108.0 681.4 155.4 694.4]/Border[0 0 0]/A 764 0 R>>endobj
-766 0 obj<</S/Launch/F(#LDAPFILTER)>>endobj
-767 0 obj<</Subtype/Link/Rect[108.0 668.2 151.1 681.2]/Border[0 0 0]/A 766 0 R>>endobj
-768 0 obj<</S/Launch/F(#LDAPPORT)>>endobj
-769 0 obj<</Subtype/Link/Rect[108.0 655.0 147.4 668.0]/Border[0 0 0]/A 768 0 R>>endobj
-770 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-771 0 obj<</Subtype/Link/Rect[186.9 628.6 243.1 641.6]/Border[0 0 0]/A 770 0 R>>endobj
-772 0 obj[759 0 R
-761 0 R
-763 0 R
+744 0 R
+747 0 R
+750 0 R
+753 0 R
+756 0 R
+759 0 R
+762 0 R
 765 0 R
-767 0 R
-769 0 R
-771 0 R]endobj
-773 0 obj<</S/Launch/F(ENCRYPTION.html)>>endobj
-774 0 obj<</Subtype/Link/Rect[72.0 553.4 176.8 566.4]/Border[0 0 0]/A 773 0 R>>endobj
-775 0 obj[774 0 R]endobj
-776 0 obj<</S/Launch/F(Samba-PDC-HOWTO.html)>>endobj
-777 0 obj<</Subtype/Link/Rect[72.0 509.8 176.7 522.8]/Border[0 0 0]/A 776 0 R>>endobj
-778 0 obj[777 0 R]endobj
-779 0 obj<</S/URI/URI(mailto:jerry@samba.org)>>endobj
-780 0 obj<</Subtype/Link/Rect[302.7 431.7 381.8 444.7]/Border[0 0 0]/A 779 0 R>>endobj
-781 0 obj[780 0 R]endobj
-782 0 obj<</S/URI/URI(http://www.thursby.com/)>>endobj
-783 0 obj<</Subtype/Link/Rect[91.9 621.8 131.3 634.8]/Border[0 0 0]/A 782 0 R>>endobj
-784 0 obj<</S/URI/URI(http://www.umich.edu/~rsug/netatalk/)>>endobj
-785 0 obj<</Subtype/Link/Rect[72.0 503.0 109.3 516.0]/Border[0 0 0]/A 784 0 R>>endobj
-786 0 obj<</S/URI/URI(http://www.cs.mu.oz.au/appletalk/atalk.html)>>endobj
-787 0 obj<</Subtype/Link/Rect[130.7 503.0 154.8 516.0]/Border[0 0 0]/A 786 0 R>>endobj
-788 0 obj<</S/URI/URI(http://www.eats.com/linux_mac_win.html)>>endobj
-789 0 obj<</Subtype/Link/Rect[72.0 476.6 258.1 489.6]/Border[0 0 0]/A 788 0 R>>endobj
-790 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj
-791 0 obj<</Subtype/Link/Rect[325.6 367.8 544.5 380.8]/Border[0 0 0]/A 790 0 R>>endobj
-792 0 obj[783 0 R
-785 0 R
-787 0 R
+768 0 R
+771 0 R
+774 0 R
+777 0 R
+780 0 R
+783 0 R
+786 0 R
 789 0 R
-791 0 R]endobj
-793 0 obj<</S/URI/URI(ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/)>>endobj
-794 0 obj<</Subtype/Link/Rect[72.0 661.0 319.2 674.0]/Border[0 0 0]/A 793 0 R>>endobj
-795 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/lanman.html)>>endobj
-796 0 obj<</Subtype/Link/Rect[340.6 661.0 538.7 674.0]/Border[0 0 0]/A 795 0 R>>endobj
-797 0 obj<</S/URI/URI(ftp://ftp.cdrom.com/pub/os2/network/ndis/)>>endobj
-798 0 obj<</Subtype/Link/Rect[173.1 535.7 363.5 548.7]/Border[0 0 0]/A 797 0 R>>endobj
-799 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/fix.html)>>endobj
-800 0 obj<</Subtype/Link/Rect[220.2 464.1 429.3 477.1]/Border[0 0 0]/A 799 0 R>>endobj
-801 0 obj[794 0 R
-796 0 R
+792 0 R
+795 0 R
 798 0 R
-800 0 R]endobj
-802 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-803 0 obj<</Subtype/Link/Rect[218.7 347.8 275.0 360.8]/Border[0 0 0]/A 802 0 R>>endobj
-804 0 obj[803 0 R]endobj
-805 0 obj<</S/Launch/F(smb.conf.5.html)>>endobj
-806 0 obj<</Subtype/Link/Rect[493.6 595.0 549.8 608.0]/Border[0 0 0]/A 805 0 R>>endobj
-807 0 obj[806 0 R]endobj
-808 0 obj<</S/URI/URI(http://samba.org/samba/cvs.html)>>endobj
-809 0 obj<</Subtype/Link/Rect[354.3 597.4 500.7 610.4]/Border[0 0 0]/A 808 0 R>>endobj
-810 0 obj<</S/URI/URI(http://samba.org/cgi-bin/cvsweb)>>endobj
-811 0 obj<</Subtype/Link/Rect[135.9 397.8 283.2 410.8]/Border[0 0 0]/A 810 0 R>>endobj
-812 0 obj<</S/URI/URI(http://www.cyclic.com/)>>endobj
-813 0 obj<</Subtype/Link/Rect[391.6 286.6 498.2 299.6]/Border[0 0 0]/A 812 0 R>>endobj
-814 0 obj[809 0 R
-811 0 R
-813 0 R]endobj
-815 0 obj<</S/Launch/F(Diagnosis.html)>>endobj
-816 0 obj<</Subtype/Link/Rect[185.0 350.6 229.3 363.6]/Border[0 0 0]/A 815 0 R>>endobj
-817 0 obj[816 0 R]endobj
-818 0 obj<</Dests 819 0 R>>endobj
-819 0 obj<</Kids[820 0 R]>>endobj
-820 0 obj<</Limits[(aen1028)(winbind)]/Names[(aen1028)821 0 R(aen1036)822 0 R(aen1040)823 0 R(aen1050)824 0 R(aen1053)825 0 R(aen1057)826 0 R(aen1079)827 0 R(aen1125)828 0 R(aen1141)829 0 R(aen1150)830 0 R(aen1158)831 0 R(aen1186)832 0 R(aen119)833 0 R(aen1197)834 0 R(aen1209)835 0 R(aen1212)836 0 R(aen1215)837 0 R(aen1228)838 0 R(aen1239)839 0 R(aen1272)840 0 R(aen1336)841 0 R(aen1341)842 0 R(aen135)843 0 R(aen1394)844 0 R(aen1398)845 0 R(aen1411)846 0 R(aen1418)847 0 R(aen1422)848 0 R(aen1427)849 0 R(aen1431)850 0 R(aen144)851 0 R(aen1447)852 0 R(aen1455)853 0 R(aen1459)854 0 R(aen1462)855 0 R(aen1469)856 0 R(aen1482)857 0 R(aen1496)858 0 R(aen1507)859 0 R(aen1526)860 0 R(aen1559)861 0 R(aen1575)862 0 R(aen1586)863 0 R(aen160)864 0 R(aen1622)865 0 R(aen1624)866 0 R(aen1641)867 0 R(aen1648)868 0 R(aen1654)869 0 R(aen1671)870 0 R(aen1704)871 0 R(aen1711)872 0 R(aen1721)873 0 R(aen174)874 0 R(aen1741)875 0 R(aen1747)876 0 R(aen1786)877 0 R(aen179)878 0 R(aen1829)879 0 R(aen183)880 0 R(aen1848)881 0 R(aen186)882 0 R(aen1883)883 0 R(aen1892)884 0 R(aen1907)885 0 R(aen195)886 0 R(aen1955)887 0 R(aen1999)888 0 R(aen20)889 0 R(aen200)890 0 R(aen209)891 0 R(aen2113)892 0 R(aen2139)893 0 R(aen2158)894 0 R(aen2166)895 0 R(aen2174)896 0 R(aen2182)897 0 R(aen2189)898 0 R(aen2225)899 0 R(aen223)900 0 R(aen2238)901 0 R(aen2241)902 0 R(aen2251)903 0 R(aen228)904 0 R(aen2287)905 0 R(aen2291)906 0 R(aen2299)907 0 R(aen2302)908 0 R(aen2305)909 0 R(aen2308)910 0 R(aen2312)911 0 R(aen2329)912 0 R(aen2350)913 0 R(aen2370)914 0 R(aen238)915 0 R(aen2399)916 0 R(aen240)917 0 R(aen2404)918 0 R(aen2416)919 0 R(aen2418)920 0 R(aen2435)921 0 R(aen246)922 0 R(aen2463)923 0 R(aen2468)924 0 R(aen2488)925 0 R(aen252)926 0 R(aen2558)927 0 R(aen2566)928 0 R(aen2577)929 0 R(aen2581)930 0 R(aen2590)931 0 R(aen2597)932 0 R(aen2602)933 0 R(aen2637)934 0 R(aen2656)935 0 R(aen267)936 0 R(aen2674)937 0 R(aen2684)938 0 R(aen2693)939 0 R(aen2711)940 0 R(aen2714)941 0 R(aen272)942 0 R(aen2732)943 0 R(aen2738)944 0 R(aen2740)945 0 R(aen2748)946 0 R(aen2754)947 0 R(aen2758)948 0 R(aen2765)949 0 R(aen2770)950 0 R(aen2775)951 0 R(aen2779)952 0 R(aen278)953 0 R(aen2784)954 0 R(aen2787)955 0 R(aen2790)956 0 R(aen2795)957 0 R(aen2799)958 0 R(aen28)959 0 R(aen2806)960 0 R(aen2811)961 0 R(aen2815)962 0 R(aen2818)963 0 R(aen2850)964 0 R(aen286)965 0 R(aen2871)966 0 R(aen2880)967 0 R(aen2882)968 0 R(aen2897)969 0 R(aen2906)970 0 R(aen2910)971 0 R(aen2920)972 0 R(aen2922)973 0 R(aen2927)974 0 R(aen2932)975 0 R(aen2936)976 0 R(aen2941)977 0 R(aen2957)978 0 R(aen2981)979 0 R(aen2986)980 0 R(aen2989)981 0 R(aen2994)982 0 R(aen3029)983 0 R(aen3036)984 0 R(aen3042)985 0 R(aen3059)986 0 R(aen3069)987 0 R(aen3072)988 0 R(aen3119)989 0 R(aen312)990 0 R(aen3124)991 0 R(aen3128)992 0 R(aen329)993 0 R(aen334)994 0 R(aen340)995 0 R(aen345)996 0 R(aen362)997 0 R(aen384)998 0 R(aen4)999 0 R(aen400)1000 0 R(aen416)1001 0 R(aen427)1002 0 R(aen435)1003 0 R(aen447)1004 0 R(aen459)1005 0 R(aen464)1006 0 R(aen472)1007 0 R(aen477)1008 0 R(aen480)1009 0 R(aen492)1010 0 R(aen502)1011 0 R(aen530)1012 0 R(aen538)1013 0 R(aen555)1014 0 R(aen56)1015 0 R(aen562)1016 0 R(aen567)1017 0 R(aen572)1018 0 R(aen593)1019 0 R(aen60)1020 0 R(aen637)1021 0 R(aen644)1022 0 R(aen664)1023 0 R(aen699)1024 0 R(aen719)1025 0 R(aen728)1026 0 R(aen739)1027 0 R(aen74)1028 0 R(aen759)1029 0 R(aen774)1030 0 R(aen788)1031 0 R(aen795)1032 0 R(aen8)1033 0 R(aen80)1034 0 R(aen817)1035 0 R(aen881)1036 0 R(aen90)1037 0 R(aen902)1038 0 R(aen924)1039 0 R(aen935)1040 0 R(aen970)1041 0 R(aen987)1042 0 R(aen998)1043 0 R(bugreport)1044 0 R(cvs-access)1045 0 R(diagnosis)1046 0 R(domain-security)1047 0 R(groupmapping)1048 0 R(improved-browsing)1049 0 R(install)1050 0 R(integrate-ms-networks)1051 0 R(migration)1052 0 R(msdfs)1053 0 R(other-clients)1054 0 R(pam)1055 0 R(portability)1056 0 R(printing)1057 0 R(printingdebug)1058 0 R(samba-bdc)1059 0 R(samba-howto-collection.html)1060 0 R(samba-ldap-howto)1061 0 R(samba-pdc)1062 0 R(samba-project-documentation)1063 0 R(securitylevels)1064 0 R(speed)1065 0 R(unix-permissions)1066 0 R(winbind)1067 0 R]>>endobj
-821 0 obj<</D[1167 0 R/XYZ 0 155 0]>>endobj
-822 0 obj<</D[1169 0 R/XYZ 0 652 0]>>endobj
-823 0 obj<</D[1169 0 R/XYZ 0 551 0]>>endobj
-824 0 obj<</D[1169 0 R/XYZ 0 426 0]>>endobj
-825 0 obj<</D[1169 0 R/XYZ 0 341 0]>>endobj
-826 0 obj<</D[1169 0 R/XYZ 0 243 0]>>endobj
-827 0 obj<</D[1171 0 R/XYZ 0 357 0]>>endobj
-828 0 obj<</D[1175 0 R/XYZ 0 696 0]>>endobj
-829 0 obj<</D[1177 0 R/XYZ 0 734 0]>>endobj
-830 0 obj<</D[1177 0 R/XYZ 0 272 0]>>endobj
-831 0 obj<</D[1179 0 R/XYZ 0 734 0]>>endobj
-832 0 obj<</D[1179 0 R/XYZ 0 301 0]>>endobj
-833 0 obj<</D[1099 0 R/XYZ 0 300 0]>>endobj
-834 0 obj<</D[1181 0 R/XYZ 0 617 0]>>endobj
-835 0 obj<</D[1181 0 R/XYZ 0 264 0]>>endobj
-836 0 obj<</D[1181 0 R/XYZ 0 175 0]>>endobj
-837 0 obj<</D[1183 0 R/XYZ 0 734 0]>>endobj
-838 0 obj<</D[1185 0 R/XYZ 0 696 0]>>endobj
-839 0 obj<</D[1185 0 R/XYZ 0 465 0]>>endobj
-840 0 obj<</D[1189 0 R/XYZ 0 696 0]>>endobj
-841 0 obj<</D[1191 0 R/XYZ 0 362 0]>>endobj
-842 0 obj<</D[1191 0 R/XYZ 0 155 0]>>endobj
-843 0 obj<</D[1101 0 R/XYZ 0 718 0]>>endobj
-844 0 obj<</D[1195 0 R/XYZ 0 672 0]>>endobj
-845 0 obj<</D[1195 0 R/XYZ 0 544 0]>>endobj
-846 0 obj<</D[1195 0 R/XYZ 0 231 0]>>endobj
-847 0 obj<</D[1197 0 R/XYZ 0 560 0]>>endobj
-848 0 obj<</D[1197 0 R/XYZ 0 409 0]>>endobj
-849 0 obj<</D[1197 0 R/XYZ 0 294 0]>>endobj
-850 0 obj<</D[1199 0 R/XYZ 0 734 0]>>endobj
-851 0 obj<</D[1101 0 R/XYZ 0 551 0]>>endobj
-852 0 obj<</D[1199 0 R/XYZ 0 292 0]>>endobj
-853 0 obj<</D[1201 0 R/XYZ 0 665 0]>>endobj
-854 0 obj<</D[1201 0 R/XYZ 0 488 0]>>endobj
-855 0 obj<</D[1201 0 R/XYZ 0 351 0]>>endobj
-856 0 obj<</D[1201 0 R/XYZ 0 209 0]>>endobj
-857 0 obj<</D[1203 0 R/XYZ 0 599 0]>>endobj
-858 0 obj<</D[1203 0 R/XYZ 0 330 0]>>endobj
-859 0 obj<</D[1203 0 R/XYZ 0 192 0]>>endobj
-860 0 obj<</D[1205 0 R/XYZ 0 692 0]>>endobj
-861 0 obj<</D[1205 0 R/XYZ 0 285 0]>>endobj
-862 0 obj<</D[1207 0 R/XYZ 0 705 0]>>endobj
-863 0 obj<</D[1207 0 R/XYZ 0 557 0]>>endobj
-864 0 obj<</D[1101 0 R/XYZ 0 383 0]>>endobj
-865 0 obj<</D[1209 0 R/XYZ 0 503 0]>>endobj
-866 0 obj<</D[1209 0 R/XYZ 0 477 0]>>endobj
-867 0 obj<</D[1211 0 R/XYZ 0 564 0]>>endobj
-868 0 obj<</D[1213 0 R/XYZ 0 640 0]>>endobj
-869 0 obj<</D[1213 0 R/XYZ 0 574 0]>>endobj
-870 0 obj<</D[1213 0 R/XYZ 0 335 0]>>endobj
-871 0 obj<</D[1215 0 R/XYZ 0 357 0]>>endobj
-872 0 obj<</D[1217 0 R/XYZ 0 217 0]>>endobj
-873 0 obj<</D[1219 0 R/XYZ 0 679 0]>>endobj
-874 0 obj<</D[1101 0 R/XYZ 0 169 0]>>endobj
-875 0 obj<</D[1221 0 R/XYZ 0 672 0]>>endobj
-876 0 obj<</D[1221 0 R/XYZ 0 584 0]>>endobj
-877 0 obj<</D[1223 0 R/XYZ 0 718 0]>>endobj
-878 0 obj<</D[1103 0 R/XYZ 0 652 0]>>endobj
-879 0 obj<</D[1225 0 R/XYZ 0 613 0]>>endobj
-880 0 obj<</D[1103 0 R/XYZ 0 594 0]>>endobj
-881 0 obj<</D[1225 0 R/XYZ 0 227 0]>>endobj
-882 0 obj<</D[1103 0 R/XYZ 0 509 0]>>endobj
-883 0 obj<</D[1227 0 R/XYZ 0 356 0]>>endobj
-884 0 obj<</D[1227 0 R/XYZ 0 143 0]>>endobj
-885 0 obj<</D[1229 0 R/XYZ 0 467 0]>>endobj
-886 0 obj<</D[1103 0 R/XYZ 0 200 0]>>endobj
-887 0 obj<</D[1231 0 R/XYZ 0 205 0]>>endobj
-888 0 obj<</D[1233 0 R/XYZ 0 203 0]>>endobj
-889 0 obj<</D[1095 0 R/XYZ 0 696 0]>>endobj
-890 0 obj<</D[1105 0 R/XYZ 0 718 0]>>endobj
-891 0 obj<</D[1105 0 R/XYZ 0 264 0]>>endobj
-892 0 obj<</D[1239 0 R/XYZ 0 547 0]>>endobj
-893 0 obj<</D[1241 0 R/XYZ 0 560 0]>>endobj
-894 0 obj<</D[1241 0 R/XYZ 0 126 0]>>endobj
-895 0 obj<</D[1243 0 R/XYZ 0 599 0]>>endobj
-896 0 obj<</D[1243 0 R/XYZ 0 423 0]>>endobj
-897 0 obj<</D[1243 0 R/XYZ 0 196 0]>>endobj
-898 0 obj<</D[1245 0 R/XYZ 0 734 0]>>endobj
-899 0 obj<</D[1247 0 R/XYZ 0 428 0]>>endobj
-900 0 obj<</D[1107 0 R/XYZ 0 696 0]>>endobj
-901 0 obj<</D[1249 0 R/XYZ 0 531 0]>>endobj
-902 0 obj<</D[1249 0 R/XYZ 0 449 0]>>endobj
-903 0 obj<</D[1249 0 R/XYZ 0 135 0]>>endobj
-904 0 obj<</D[1107 0 R/XYZ 0 529 0]>>endobj
-905 0 obj<</D[1255 0 R/XYZ 0 672 0]>>endobj
-906 0 obj<</D[1255 0 R/XYZ 0 597 0]>>endobj
-907 0 obj<</D[1255 0 R/XYZ 0 223 0]>>endobj
-908 0 obj<</D[1257 0 R/XYZ 0 734 0]>>endobj
-909 0 obj<</D[1257 0 R/XYZ 0 609 0]>>endobj
-910 0 obj<</D[1257 0 R/XYZ 0 524 0]>>endobj
-911 0 obj<</D[1257 0 R/XYZ 0 383 0]>>endobj
-912 0 obj<</D[1259 0 R/XYZ 0 617 0]>>endobj
-913 0 obj<</D[1261 0 R/XYZ 0 672 0]>>endobj
-914 0 obj<</D[1261 0 R/XYZ 0 412 0]>>endobj
-915 0 obj<</D[1107 0 R/XYZ 0 170 0]>>endobj
-916 0 obj<</D[1263 0 R/XYZ 0 573 0]>>endobj
-917 0 obj<</D[1107 0 R/XYZ 0 136 0]>>endobj
-918 0 obj<</D[1263 0 R/XYZ 0 471 0]>>endobj
-919 0 obj<</D[1265 0 R/XYZ 0 734 0]>>endobj
-920 0 obj<</D[1265 0 R/XYZ 0 700 0]>>endobj
-921 0 obj<</D[1265 0 R/XYZ 0 138 0]>>endobj
-922 0 obj<</D[1109 0 R/XYZ 0 705 0]>>endobj
-923 0 obj<</D[1267 0 R/XYZ 0 227 0]>>endobj
-924 0 obj<</D[1269 0 R/XYZ 0 705 0]>>endobj
-925 0 obj<</D[1269 0 R/XYZ 0 320 0]>>endobj
-926 0 obj<</D[1109 0 R/XYZ 0 501 0]>>endobj
-927 0 obj<</D[1271 0 R/XYZ 0 309 0]>>endobj
-928 0 obj<</D[1273 0 R/XYZ 0 478 0]>>endobj
-929 0 obj<</D[1275 0 R/XYZ 0 696 0]>>endobj
-930 0 obj<</D[1275 0 R/XYZ 0 515 0]>>endobj
-931 0 obj<</D[1275 0 R/XYZ 0 137 0]>>endobj
-932 0 obj<</D[1277 0 R/XYZ 0 533 0]>>endobj
-933 0 obj<</D[1277 0 R/XYZ 0 273 0]>>endobj
-934 0 obj<</D[1283 0 R/XYZ 0 511 0]>>endobj
-935 0 obj<</D[1285 0 R/XYZ 0 560 0]>>endobj
-936 0 obj<</D[1111 0 R/XYZ 0 573 0]>>endobj
-937 0 obj<</D[1287 0 R/XYZ 0 567 0]>>endobj
-938 0 obj<</D[1287 0 R/XYZ 0 208 0]>>endobj
-939 0 obj<</D[1289 0 R/XYZ 0 454 0]>>endobj
-940 0 obj<</D[1291 0 R/XYZ 0 679 0]>>endobj
-941 0 obj<</D[1291 0 R/XYZ 0 590 0]>>endobj
-942 0 obj<</D[1111 0 R/XYZ 0 422 0]>>endobj
-943 0 obj<</D[1293 0 R/XYZ 0 696 0]>>endobj
-944 0 obj<</D[1293 0 R/XYZ 0 449 0]>>endobj
-945 0 obj<</D[1293 0 R/XYZ 0 416 0]>>endobj
-946 0 obj<</D[1293 0 R/XYZ 0 146 0]>>endobj
-947 0 obj<</D[1295 0 R/XYZ 0 652 0]>>endobj
-948 0 obj<</D[1295 0 R/XYZ 0 515 0]>>endobj
-949 0 obj<</D[1295 0 R/XYZ 0 255 0]>>endobj
-950 0 obj<</D[1297 0 R/XYZ 0 718 0]>>endobj
-951 0 obj<</D[1297 0 R/XYZ 0 537 0]>>endobj
-952 0 obj<</D[1297 0 R/XYZ 0 409 0]>>endobj
-953 0 obj<</D[1111 0 R/XYZ 0 298 0]>>endobj
-954 0 obj<</D[1297 0 R/XYZ 0 189 0]>>endobj
-955 0 obj<</D[1299 0 R/XYZ 0 734 0]>>endobj
-956 0 obj<</D[1299 0 R/XYZ 0 645 0]>>endobj
-957 0 obj<</D[1299 0 R/XYZ 0 477 0]>>endobj
-958 0 obj<</D[1299 0 R/XYZ 0 349 0]>>endobj
-959 0 obj<</D[1095 0 R/XYZ 0 568 0]>>endobj
-960 0 obj<</D[1299 0 R/XYZ 0 129 0]>>endobj
-961 0 obj<</D[1301 0 R/XYZ 0 639 0]>>endobj
-962 0 obj<</D[1301 0 R/XYZ 0 511 0]>>endobj
-963 0 obj<</D[1301 0 R/XYZ 0 436 0]>>endobj
-964 0 obj<</D[1303 0 R/XYZ 0 388 0]>>endobj
-965 0 obj<</D[1113 0 R/XYZ 0 705 0]>>endobj
-966 0 obj<</D[1305 0 R/XYZ 0 668 0]>>endobj
-967 0 obj<</D[1305 0 R/XYZ 0 461 0]>>endobj
-968 0 obj<</D[1305 0 R/XYZ 0 427 0]>>endobj
-969 0 obj<</D[1307 0 R/XYZ 0 734 0]>>endobj
-970 0 obj<</D[1307 0 R/XYZ 0 520 0]>>endobj
-971 0 obj<</D[1307 0 R/XYZ 0 422 0]>>endobj
-972 0 obj<</D[1307 0 R/XYZ 0 165 0]>>endobj
-973 0 obj<</D[1307 0 R/XYZ 0 132 0]>>endobj
-974 0 obj<</D[1309 0 R/XYZ 0 652 0]>>endobj
-975 0 obj<</D[1309 0 R/XYZ 0 501 0]>>endobj
-976 0 obj<</D[1309 0 R/XYZ 0 403 0]>>endobj
-977 0 obj<</D[1309 0 R/XYZ 0 319 0]>>endobj
-978 0 obj<</D[1311 0 R/XYZ 0 734 0]>>endobj
-979 0 obj<</D[1313 0 R/XYZ 0 696 0]>>endobj
-980 0 obj<</D[1313 0 R/XYZ 0 581 0]>>endobj
-981 0 obj<</D[1313 0 R/XYZ 0 493 0]>>endobj
-982 0 obj<</D[1313 0 R/XYZ 0 382 0]>>endobj
-983 0 obj<</D[1317 0 R/XYZ 0 696 0]>>endobj
-984 0 obj<</D[1317 0 R/XYZ 0 436 0]>>endobj
-985 0 obj<</D[1317 0 R/XYZ 0 295 0]>>endobj
-986 0 obj<</D[1319 0 R/XYZ 0 639 0]>>endobj
-987 0 obj<</D[1319 0 R/XYZ 0 287 0]>>endobj
-988 0 obj<</D[1319 0 R/XYZ 0 185 0]>>endobj
-989 0 obj<</D[1323 0 R/XYZ 0 655 0]>>endobj
-990 0 obj<</D[1113 0 R/XYZ 0 343 0]>>endobj
-991 0 obj<</D[1323 0 R/XYZ 0 447 0]>>endobj
-992 0 obj<</D[1323 0 R/XYZ 0 333 0]>>endobj
-993 0 obj<</D[1115 0 R/XYZ 0 679 0]>>endobj
-994 0 obj<</D[1115 0 R/XYZ 0 528 0]>>endobj
-995 0 obj<</D[1115 0 R/XYZ 0 390 0]>>endobj
-996 0 obj<</D[1115 0 R/XYZ 0 253 0]>>endobj
-997 0 obj<</D[1117 0 R/XYZ 0 696 0]>>endobj
-998 0 obj<</D[1117 0 R/XYZ 0 463 0]>>endobj
-999 0 obj<</D[1083 0 R/XYZ 0 696 0]>>endobj
-1000 0 obj<</D[1117 0 R/XYZ 0 335 0]>>endobj
-1001 0 obj<</D[1119 0 R/XYZ 0 454 0]>>endobj
-1002 0 obj<</D[1119 0 R/XYZ 0 317 0]>>endobj
-1003 0 obj<</D[1119 0 R/XYZ 0 168 0]>>endobj
-1004 0 obj<</D[1121 0 R/XYZ 0 347 0]>>endobj
-1005 0 obj<</D[1123 0 R/XYZ 0 295 0]>>endobj
-1006 0 obj<</D[1125 0 R/XYZ 0 734 0]>>endobj
-1007 0 obj<</D[1127 0 R/XYZ 0 456 0]>>endobj
-1008 0 obj<</D[1127 0 R/XYZ 0 358 0]>>endobj
-1009 0 obj<</D[1127 0 R/XYZ 0 221 0]>>endobj
-1010 0 obj<</D[1129 0 R/XYZ 0 667 0]>>endobj
-1011 0 obj<</D[1131 0 R/XYZ 0 734 0]>>endobj
-1012 0 obj<</D[1133 0 R/XYZ 0 692 0]>>endobj
-1013 0 obj<</D[1133 0 R/XYZ 0 440 0]>>endobj
-1014 0 obj<</D[1135 0 R/XYZ 0 734 0]>>endobj
-1015 0 obj<</D[1095 0 R/XYZ 0 163 0]>>endobj
-1016 0 obj<</D[1135 0 R/XYZ 0 437 0]>>endobj
-1017 0 obj<</D[1135 0 R/XYZ 0 288 0]>>endobj
-1018 0 obj<</D[1135 0 R/XYZ 0 172 0]>>endobj
-1019 0 obj<</D[1139 0 R/XYZ 0 672 0]>>endobj
-1020 0 obj<</D[1097 0 R/XYZ 0 734 0]>>endobj
-1021 0 obj<</D[1141 0 R/XYZ 0 127 0]>>endobj
-1022 0 obj<</D[1143 0 R/XYZ 0 679 0]>>endobj
-1023 0 obj<</D[1145 0 R/XYZ 0 672 0]>>endobj
-1024 0 obj<</D[1147 0 R/XYZ 0 652 0]>>endobj
-1025 0 obj<</D[1149 0 R/XYZ 0 672 0]>>endobj
-1026 0 obj<</D[1149 0 R/XYZ 0 497 0]>>endobj
-1027 0 obj<</D[1149 0 R/XYZ 0 330 0]>>endobj
-1028 0 obj<</D[1097 0 R/XYZ 0 382 0]>>endobj
-1029 0 obj<</D[1151 0 R/XYZ 0 665 0]>>endobj
-1030 0 obj<</D[1151 0 R/XYZ 0 432 0]>>endobj
-1031 0 obj<</D[1151 0 R/XYZ 0 189 0]>>endobj
-1032 0 obj<</D[1153 0 R/XYZ 0 692 0]>>endobj
-1033 0 obj<</D[1085 0 R/XYZ 0 734 0]>>endobj
-1034 0 obj<</D[1097 0 R/XYZ 0 280 0]>>endobj
-1035 0 obj<</D[1153 0 R/XYZ 0 260 0]>>endobj
-1036 0 obj<</D[1157 0 R/XYZ 0 599 0]>>endobj
-1037 0 obj<</D[1097 0 R/XYZ 0 126 0]>>endobj
-1038 0 obj<</D[1159 0 R/XYZ 0 696 0]>>endobj
-1039 0 obj<</D[1159 0 R/XYZ 0 278 0]>>endobj
-1040 0 obj<</D[1161 0 R/XYZ 0 702 0]>>endobj
-1041 0 obj<</D[1163 0 R/XYZ 0 469 0]>>endobj
-1042 0 obj<</D[1165 0 R/XYZ 0 705 0]>>endobj
-1043 0 obj<</D[1165 0 R/XYZ 0 332 0]>>endobj
-1044 0 obj<</D[1317 0 R/XYZ 0 734 0]>>endobj
-1045 0 obj<</D[1313 0 R/XYZ 0 734 0]>>endobj
-1046 0 obj<</D[1107 0 R/XYZ 0 734 0]>>endobj
-1047 0 obj<</D[1189 0 R/XYZ 0 734 0]>>endobj
-1048 0 obj<</D[1321 0 R/XYZ 0 734 0]>>endobj
-1049 0 obj<</D[1275 0 R/XYZ 0 734 0]>>endobj
-1050 0 obj<</D[1095 0 R/XYZ 0 734 0]>>endobj
-1051 0 obj<</D[1117 0 R/XYZ 0 734 0]>>endobj
-1052 0 obj<</D[1171 0 R/XYZ 0 357 0]>>endobj
-1053 0 obj<</D[1145 0 R/XYZ 0 734 0]>>endobj
-1054 0 obj<</D[1305 0 R/XYZ 0 734 0]>>endobj
-1055 0 obj<</D[1139 0 R/XYZ 0 734 0]>>endobj
-1056 0 obj<</D[1323 0 R/XYZ 0 734 0]>>endobj
-1057 0 obj<</D[1159 0 R/XYZ 0 734 0]>>endobj
-1058 0 obj<</D[1175 0 R/XYZ 0 734 0]>>endobj
-1059 0 obj<</D[1255 0 R/XYZ 0 734 0]>>endobj
-1060 0 obj<</D[1083 0 R/XYZ 0 734 0]>>endobj
-1061 0 obj<</D[1261 0 R/XYZ 0 734 0]>>endobj
-1062 0 obj<</D[1221 0 R/XYZ 0 734 0]>>endobj
-1063 0 obj<</D[1083 0 R/XYZ 0 734 0]>>endobj
-1064 0 obj<</D[1185 0 R/XYZ 0 734 0]>>endobj
-1065 0 obj<</D[1293 0 R/XYZ 0 734 0]>>endobj
-1066 0 obj<</D[1149 0 R/XYZ 0 734 0]>>endobj
-1067 0 obj<</D[1195 0 R/XYZ 0 734 0]>>endobj
-1068 0 obj<</Type/Pages/Count 129/Kids[1069 0 R
-1071 0 R
-1073 0 R
-1075 0 R
-1077 0 R
-1079 0 R
-1081 0 R
-1083 0 R
-1085 0 R
-1087 0 R
-1089 0 R
-1091 0 R
-1093 0 R
-1095 0 R
-1097 0 R
-1099 0 R
-1101 0 R
-1103 0 R
-1105 0 R
-1107 0 R
-1109 0 R
-1111 0 R
-1113 0 R
-1115 0 R
-1117 0 R
-1119 0 R
-1121 0 R
-1123 0 R
-1125 0 R
-1127 0 R
-1129 0 R
-1131 0 R
-1133 0 R
-1135 0 R
-1137 0 R
-1139 0 R
-1141 0 R
-1143 0 R
-1145 0 R
-1147 0 R
-1149 0 R
-1151 0 R
-1153 0 R
-1155 0 R
-1157 0 R
-1159 0 R
-1161 0 R
-1163 0 R
-1165 0 R
-1167 0 R
-1169 0 R
-1171 0 R
-1173 0 R
-1175 0 R
-1177 0 R
-1179 0 R
-1181 0 R
-1183 0 R
-1185 0 R
-1187 0 R
-1189 0 R
-1191 0 R
-1193 0 R
-1195 0 R
-1197 0 R
-1199 0 R
-1201 0 R
-1203 0 R
-1205 0 R
-1207 0 R
-1209 0 R
-1211 0 R
-1213 0 R
-1215 0 R
-1217 0 R
-1219 0 R
-1221 0 R
-1223 0 R
-1225 0 R
-1227 0 R
-1229 0 R
-1231 0 R
-1233 0 R
-1235 0 R
-1237 0 R
-1239 0 R
-1241 0 R
-1243 0 R
-1245 0 R
-1247 0 R
-1249 0 R
-1251 0 R
-1253 0 R
-1255 0 R
-1257 0 R
-1259 0 R
-1261 0 R
-1263 0 R
-1265 0 R
-1267 0 R
-1269 0 R
-1271 0 R
-1273 0 R
-1275 0 R
-1277 0 R
-1279 0 R
-1281 0 R
-1283 0 R
-1285 0 R
-1287 0 R
-1289 0 R
-1291 0 R
-1293 0 R
-1295 0 R
-1297 0 R
-1299 0 R
-1301 0 R
-1303 0 R
-1305 0 R
-1307 0 R
-1309 0 R
-1311 0 R
-1313 0 R
-1315 0 R
-1317 0 R
-1319 0 R
-1321 0 R
-1323 0 R
-1325 0 R
+801 0 R
+804 0 R
+807 0 R
+810 0 R
+813 0 R
+816 0 R
+819 0 R
+822 0 R
+825 0 R
+828 0 R
+831 0 R
+834 0 R
+837 0 R
+840 0 R
+843 0 R
+846 0 R
+849 0 R
+852 0 R
+855 0 R
+858 0 R
+861 0 R
+864 0 R
+867 0 R
+870 0 R
+873 0 R
+876 0 R
+879 0 R
+882 0 R
+885 0 R
+888 0 R
+891 0 R
+894 0 R
+897 0 R
+900 0 R
+903 0 R
+906 0 R
+909 0 R
+912 0 R
+915 0 R
+918 0 R
+921 0 R
+924 0 R
+927 0 R
+930 0 R
+933 0 R
+936 0 R
+939 0 R
+942 0 R
+945 0 R
+948 0 R
+951 0 R
+954 0 R
 ]>>endobj
-1069 0 obj<</Type/Page/Parent 1068 0 R/Contents 1070 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1070 0 obj<</Filter/FlateDecode/Length 94        >>stream
-x
+ä2T0
-ä
-endobj
-1071 0 obj<</Type/Page/Parent 1068 0 R/Contents 1072 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 58 0 R>>endobj
-1072 0 obj<</Filter/FlateDecode/Length 3160      >>stream
-x
Õ[MsÉ
½ëWÌ-›ªˆšïæ’’í8q•íu,ºœëHI\“…¤äÝ¿@7
-Ï:¶.X&+Þ+Ž
Qˆ�)8Ñ@9±˜¬•r’²)-—’ƒ-Ù!Æ:LÊÖ²¢,ž«÷˜²�í”sKÝ’{”sf%M¨¤Ç`±Å]Æ:vÜl²Ï“<k &+¦à!%ñ;3%p¢»rÂï-ͨœƒd
-%	#=[æäõlE™É±ƒm9˜¬Ã0éÁËŠ¡iá¶'34pb™rbÊ”×EI�Áæ)ùÁX‡Á–
ímc[W´A�uì˜w‹²U‰õ*Ç42m�	 cÄÊP:2ÎAR·�ï�ô,'wÇ:L
-µXUcE¡¦áí+00…�³¤TÎAZV�7Òc°m¶!ê1)D¹ÚÉ:Œ`H3x×X�‰“1ª”Ç`±N^e¤².móÐ@ŠGŽqb]*š‘!9aJF'¨‘ƒ-(êë0ØšÇ:L†–ØÆz6£óű“2ŠUÙc°
ÛÆŠ“2šVJæ¤À‰W”s0:I9qR�Ë0<¨¤ÇpCÕ’�u,Š¸ÐX‡Á"_ÂPc†¡8Åü¼bhAI5äÏ’�8±L9£¡Ê‰¡A.¦¤Ç´Þ)­¨±KgŒg
“¡g&ë0-2Š$e=ýý¼£K7Gö,"É�ì1XT0^g�Á"b3ªV£vDÂÝ”¥uÆŠq•Ã©�
/ŽA”dcŠ^å„›�u¡®’ƒÍ7E=¦È)7«¬¤IœˆTéÒá
2"�<ËŹ±,Z íRÍÑÒn@’¢® dfœÈ!¤h'ŽkˆHÎAL˜åPËH�Á¢ÚÝ`
üÀ2i“ñ®À¡…°²iR:¼Œô,ê±Ö³“JÔb8Y‡ÁÂõ²ƒEe
sT)�Ý(d½VbrÅ–&)�9ÂñÉŽŽé‚
û× S!8�¤óªÈ¤ƒ31Ó ŽwJGÆ9ˆ1Ñ¡xA�iF*�L”s•ìE6à�JS2—Ã+lb�`\#ýJ°éž
-ˆÚ:
Ä9ˆ�¥Mo»-¯¤±“20¹À‰œr"‡•{Lž��ÉN䔹\™��ÉNä”9D)íX‘c`r�9åD=‡ù…�ÉNä”c¹m(mWžO€ÊEŽåŒ9T^ê—Œ�ÉNä”9œ\I’?éH©ymeúÀ‰œr"‡ÒHýBõ­Ä„ÈŽ›0ãD®�êI~ÈÀôœÈ)Çñ™å¡  ÎR
-&þ[œï_HmEÂcˆT¤ ”ƒàp,ᾆ† 1Ááô¯g6#®hTΠdN7&%Ò
-VRta_–ÕÁŽIßÍI)°mË'ÕÛkÁ"[°4OŽ¡)¯×éùj½ìÂÒ´£¦:0å·Íá'9yû¸`…Õ–Ÿyò°*ë� jÅqb*yµX­»ÙŒž£lÒø¼[\²h:*Û(>éW±ØM6€Æ7¶WÙ†8þŠ’û~Ü�Ê'/¿ªëþ–€â±jƒOÒ¿ó#ô¥i|ô¾ïÄxdß*¬²¾éù‡õe^��w¼Gq Ôú춻î9#Pè�Ÿ2zØÇ8ÅÜfÝå�lÛÏËéâš,¦F«Žyk—žMÝr*F#
-£,ÔU[É.&‚d:¿–ënÁ[
åx•Çä½²‰ò'[øèT�ù ØöÁóeß­9ÐqX—1›ïZõÕüœ¢ƒŠ©¶	ûábX\M¯ï–zz¡ŠH³¸­®¦³~Ä{n‚ÌžSBKóÓ-ßcÎ(·�¡ùÎïï?†»%î“ N�QZô�Ål0ŠZ͸Ÿ§ë›0€¥œ5Rëm·ä3{(�yx¿î‰ÞA!ý˜{ªm÷œ­»å:$	Ü¥T_	É©ØšúÃpÈàŠ°.B‘�,æçñ‡?¼rþ§¨V8¶­íب:qˆ?¾ê�«å ÕP9ÊÔÐé¢__Ž(r(ðª¨i~èéŒ-¿eñÏeßRZ•úõt¶î—ìóûžý€<Ç4€ŠÂ£r™“S&Ú–:&–ŽOÊ�‚¤#oàå“úé²ëçRã
•#{Ùcšû7÷�õöf˜,ÿ á�PžMWº?Ðv=xˆ®nºe8BñÓ")Ý}7�Q¿Á1‚¶1zN<âÏ¥�‰iÕ/ï{ÉW¸—/¾û©”¥â2¼9Ç
ùð‘Û|›×°#h�Bb¡t=Av§Î…ÙÝbú;)†JÕrìÅlŠÎŠ£SDSÇ¡¼—@’Aƒsp¿òˆgÚÿÛ3;3ÌÖVzñëÙßØ~dë°‘?^}¼æg´¹ŠXæ}œ.Æ¿ëã2Ö»xüv"�Ç£­±$<Î?mÿú׳“œŸ¢»¶Î°__À;¬î™òÏ‹ƒO;¾¾8Á«^ÔúSëãM'këG}Ź•¾ÀhâD“D§ĬÇ‹añ‘G"ŽMÐÇaùé¤*Z£*°ÇxÙ=tŒ"Ü‚¸öbÚ]/†UÜ%¸NöwHs¶Ù=�õéîá÷ý4ãnû\	âb¸åœæ/’W/ä<À¦xDì[½o?˜�zßÝó›A×
-Äx÷E¢£D‹#­x8·ÈY´êæçeÙÝ•AÔ{†Xþ!îš$+(¼ýE¤Q÷j±^—w(‚¤ÌCLÂ%‡zlƱh§ÊŸ®Vwó[R�“y¼JÙå‡'z&î?†fª4µú¬nþ@åñDêúiƒêå¦æœ,[¼Fˆ…Ÿ¹x‡o9ýðw°ÅßÆl™Á©í€Í(IcdªGÌàmòó›ÁÖ°Õ·­ÿìç7£&k~3øºú€Í`7?¾Åù2íç7ƒ/ÀØy¹ñh•–_-è}í
z¦B&fà
ËÈÖ
(MÉ¡B}„�g멼OÆ]hQÆ—?7Ý}ìGðy˜¾-E�{‡ËŠß² ƒŽ÷›æ¬'øKÖÇ÷$ø>Óµ$(Ïûë%.¿å)>]ÁˆîÂÞœñ"òÛ7éHp;v9|æâ’.ùõ×ÿŸq¿	{1 ·œø€.ÞÝ$gÚ×àBœm�¾É8£ùÅßbž^÷‹ËÐf^_Ü"&…Åæ[´¾´>h.ó:†æû~5Ìî´×ÂørGÖnÊï÷ñ~â�+ŒÛ»¥Œ‰&M_�|ÀôÉëé⎯¡é[$}é…EŸÅÏÆñÛŠ=­dp
¾¬5œàöäfý}•tp­e\9ÖM[V/I†Ù½¾6«ñŸÃˆú™¼=�6•&o«ÊÕ}Ë÷``‰Ê'/ÛðmÇ)>äsã·]ñ[µdëÛ´ÿÕTI·º
Þ˜áçSÚZÿœýçèO	ÿ…endstream
-endobj
-1073 0 obj<</Type/Page/Parent 1068 0 R/Contents 1074 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 103 0 R>>endobj
-1074 0 obj<</Filter/FlateDecode/Length 4072      >>stream
-x
Í\MsǽëWì!ç@û‰Å)¥+V•%+!¥*•‚",Ë
-æôtîÌ
-†™°[T$Å\€ro¬b°�™ØgVvÊP™Ÿ«FÄ>‡}¬b°po•Y1LŒ}…
écÃö('°{Úçhb.mäzn½
-æ0¼ÉXÁ`'zb+fBt�ªÎ*ùUä ê˜Aªš0U3ÄCË’â;©˜,#±²ƒmÍcòXÁTgLu2+,B!Ôɬ`¨ƒ0osV1Ma[ ³‚Á¨:³bxf†¡|¬b°µ…
-gÍŒÍtl
~Ú
ÐŒ¡N]ÂM3©,b@¥¬`°pâ½±‚¡¶V#cƒE¤k�¼�ã0�CnŒ4@�™5ö}‹ñm¤,B&�âØÉ
Bö8®3jeRqФWš$vÒRŸX14�«M„UÌEÍRP(Å\6¦Nyæ`¬%½#§ˆ¶)pUô
—Ô9�;Š;&EæÆ<F�ýD%H+ÔœÕÉ0³ÙáÊÐÒàÀ6CÄXÞIÅ`¡$¦Í¬`°¶É3ËÅ®!%C˜DÀg
-DŒl`�ðErá?5”Ìœ@*™ŸÀ�Š)Íxo¨b,&âr/+[MöDRa°Ö±‚Áš³g‘ÍôµÅF¬™ÍkÀLÏX\#dq=a=˜È
-‚ÛŽ¢ñ Læ-‰CÑW'ÕL4óÀ0)ö§U„6©�<iäÂ,Î	Ĥ؋¢g1	Û´XaŒ…µœ€)¬W‹
˜@ôÖÄ•0Ú7I†�pn&¤íÈ
-æCY»	+F0Ìl©Š•&•�(R‚‰{#“ŠÁ¢i
-+‰
å¬b(‹ŒKEVûfô±<úJ–8°¬€ºÂ鄘\fN …²Z8<!AZ�Éi¨,\¿ÖL_"xÐõ-Ÿ
ÀÄ¡g•]LÎy@Îöã åÁ,& ‡È� Åa
“É05w·¥¾,ð*‹9�ý´L*Á[eƒE&¼7V0V«©l	!—ÄG¥
ê"Ðb
-žébJ‚—Ùl&ƒÅ)Õ)+¬õ	d¬`ˆkñ?³AÜqH¾Í‘J&.ý*@L‹˜
�T‹·Ç
-¦H܆2V0XzX0Ï,#Õê…UÖêì<V1X¨ïõ™MYìE«	qìgSÕäAÕÔeJ 8dGµpRK:·Oi›
iŠÕ<ìg>çHDðÿ™LF˜¾>•AÖk¥û#ÿår!	ŽžŽY³3Qr¦(N™)ÚPqسŸM+æü=R1!ÊE´GœËšgèS$ÎÖ°”��û™3Z¦–p%J&|Í–!&lä�³	aK]ìçÏ>adJœ*8B%�ÒódwîñɃ‡ÏXÇÅÉ8¤ÐmÑMšâäÔÞTàãùw'³7‹b8+žëÝb½Ûþõ䌂ۗu‡UöÝs|çíf¶[®ßò{\ó®Æ‹PÅ‹c~„„´jã'¯—ëÓá½ÍˆöȤãK~s½Ø½6ï�
-
±¯'�Iæ|¸ØÍ®·[Ì0?͇õGLàMQ˜ÑWü¯œR˜#&Xmùålµ0eñq×Ge7‹ípqµ[kR´Z2æÌÌ÷™–ÉâWÛÅ©Í€`íÒ†K�¦cßuqâ¸:p›&ͨ˃<ÆgˆË“Öx<šÔU˜ålX�ÍU-–897C ¯XÂCƒ�¼\ì?ÿÉ\
-�ªn%(Üjðæ2YíÉl¦@«¼ë¿ÆŠW¥©ÅfåûñÅ?Ÿ˜bÜðý$*|¶¼V@,GÅîÀÞŸ7EU™:=�oßc.wÜ|a¡Dnw¡Ï{è]�ªjS]"l"×âéK³}•êÇaxwuÉo2Éú¾s‹ÞIüý¨ñúy”-!ß,¢ú¸ÓoE‰¨
ZRbÿ†÷46rÁºOqÿÍÇDŒ7{»ýìj=g0ÜrÈ3[[èC�¤óããܧÎñb7p(¦oªâtqy1ün+ŽœÈ#ËvÇ£ÐdëG�GÃCÂ‹õiú:ê…¾ù *WIAT|­ïz?ܹ¦}Ö×¢j(ÕQ�DJ�ÒÑòI+^ÜÒ·‹ùÕf¹J#©�¤ca¸tó"ëC"F£CZ¤yyø.ß^mÌ”læŽÓVse‘µe»Ÿ
["´³]¬íb±ºXlò#wj“\Ë”€Ä/öËNU̇@ ~øóöæ¡ó	‡äËÕ]öwï„žÙAŒ$%ç8³«Ý9ò¬åYTPÝƱh¾ùuaA‘Ú¶1eºîŸ�«ÎŒQ•è7‰5^ÌÞׇ,M:’¯—åb¨Õ|Û­«7Adܳ˜LÓèÁR°™ãÏ™üV¿>V³˜¡ºmc}ØŒÉ\(sÔ\H–÷|¼óP|‹ÍîØ5�ü|©¡šDit·@áùBXÅl‘|+§Œ,b�]ªÞ€—#äZù’–-¥¶Ø½mJ¦_=zAű벧Є4ÜÝút¹Ým–o®v!÷F7§9ð©EͲçØì›ÙÅ…Å^„ÃÊgZÍÖ³·at{sÁs3BðUVª‡DÝ�ü±²òãá3¯ž*²²ùÝgy5)Z:’‘ðu¤%€)ÄýZÐðwªô||º¿R详SäÑÍ|ËÑûEÅN“ס&*“eU’­ÑxD¥’íäÀùìÀ+¼Iª«CÀÛËu¶«7^
#ò”+=úþ­­4’M‰ÖXÞ’?ÛÔM@oɽª°S&—ïÅ‹å|3l‡3Û`M?j»´˜×–ß+ųXT¡QšÍtüûv·Xq£â‰µ§»Í"�èrúäá„æ ¯¤}· ‹™bÝé.¨­ðÒ½ŠŽ·:õó5ÂÏ•$ÅîÕ÷°”ÿˆ Ç®¤ˆG¿v;Ñßù�ªW×tñV4"õùùåóÛ9¡õ׫ÅfµÜòt$…#!g·�—¡¥Æ–¸gý1´Ò+ûn5u×fYL4ûÑ8�
-Ų¶�O—›Å|7lB†‰쩸¿¾IЇùRUÃ
óÕ¡ìæ…l�	éHf··L’æ
-ƒ¿ÇôzkŠ·£¡@Ëî ÝTtKF¿ÙÂã�Oû5çúz/àZÑ	Ù§¡¾ Àßh£'¨q¤óW;7«cv|ï,ݽͱ>éó(9nxÈyò„á"yž&Êÿ¹¤Oþ忶KðÊ;¡ŸôÈ;ÿrú×ÅãÅÎuÀí…Ô*žn–èh‡ÄMgOáSsMûþßÿ†Z%QÁ÷•íÍ4®h¤RêÎuÛŸ°‰¯uq>º—I4Ø{z#•¾˜mÞ†3
-endobj
-1075 0 obj<</Type/Page/Parent 1068 0 R/Contents 1076 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 147 0 R>>endobj
-1076 0 obj<</Filter/FlateDecode/Length 3487      >>stream
-x
Õ[ÛrÇ}×WlùÉ©
-à½/ö!•¢¥È‘Ë´‘*å—äÚ
-â‚#§+ç &…Áà#Fz±
{i¬.)n_? KFÈiKœ¾ÊH�9-ÏfduÚ´á Æ9"à´°f€˜Í¸çFÊÀçƒ."ò(0y—¥Œ‘äi+kžò1*à8	‡�ƒŸUãƒÂñX–Øk†Q9–
-"W4¢„œŸR€ÈÂó£�{ÃØI�ÁVtÇ:¶®©‡Mì1#SIùŒõl‘Œ•=È2ñW)’R€èá
-êpÂ_EXç Ä	ˆjâD€Ð£È`³HzVbudÅÌE˳�HÀ#«€¢:q2ì]ä„8ŒÚ‘s�â4pÈHzÖôKz�ü`¬Ãš,j7³ª2«ÄƒêŠ"	U"”�Å8ã°³
bɼ¥žFzLqé׎u˜âÖˆ‘U�šLÝ–I¼ n¡D`¬iœœ…¶æç Ì
-ji¤Ç`‘d¡XdÛT%²ƒ�ÉÎGÖaì<’‹Ÿ™î^”8ò%ÔU î!Â3·"rª.PTfá@ê0X9õŽu˜º048Öa°ðdzCû`ëz¶bžw¬ÃÐ5ejˆ¬±€‡	û	N€lã[�”iñMAäGY³©fÈ9U° 6ÅH�Á–¬"#çL“\Š!øQßTÀiä´5–Ž¤è‘7cÝEOU òD(¿v66@LŠÔ†e(Ò ÈJÝ%³ ×FÈ�%W4Òc°ˆ<˜6²3&0ÚDV· ºÛ“�-ˆÓÂ¥±YFz彪Ó"�Ñ`Ð#ˆ.b ä„<Fz¬ÒBScuÚ\Ë2Ô°‰
-„“È“-!  ÛÇ¡�‹2=DR=(Õ
-Áœ
-Ñ2ó1R‚ÃYAj\„àš–Š\„40�²q"b¥e
-¼•
–äjaBq`£W2
D.Bp8mì»Æ)„ RÄç`°MäÄTÁA0·žƒààwn=™¥Ã²8HÏ–~#pr>¡Ž'Xü-Ö1å`ì<RrSml˜ƒÜzDä"ä¦ðÀç 8ô#MäDHˆ@�d‚h¡=€8J„àP% l!84ሆÆEˆå2I™�sÜyϸÁA¤ À}{þì›—�-Mί¤rJ+4ùer~)WøyñõùübÙ%ÃUò|Xïºõnû—óŸ1
-ç/ã¨	.›äöõëM¿Þõëk>Ç€î¸ÃïÉÙþövØìø;v0¯y]Æßû5BƒÒb‚ñÑùêb. 2—Õø+j¥éøë7/ËumÄ�²¬!+TÌvÚ_oæ»~�9Ë0ßn—(ÒÙ8ÙÕfXñGœ7„Ú�ÖÅ­P›Ûº©®‹g› ÌSš|˶Ðô¡ÿ)+Ý3GŽ°Dk°ÑÃŽ¼è.ö××£AxV½¼¥èÓu°ÔëÍ
-géR�§L¡
àg…gÅxoæóG¸u›Ž3>¾ýtÅ 4²
œÌÌxÖí,ð!é"Šª2û[
-ŽeÁC̺˜Ëï¬Úf|t¾¾”gž-(Éâz1­òÑÒɶۼï6º—Å´QöQ¶¤l)ŽÄ}§þ÷Ã…È^MÑÈ�úl‘.þ:Êžç!â¯?²÷°ßÝîÅcxÉùÿrpG=ÑÌü!5·»Í|}ÝQ}óUROTiØÂñ£XîÎEªTÍyRßÌ?ˆåÒiV‡cøzØîΛþVÓx3mg!›h¨÷E'R£ ï¿sÅGùñj�\¾Ÿ¯�ŠWUŽék_¸@³§Ž2¶I£"‡nø¦›/?2Ï¥ÏõlÅfc`±¹žô�*£Ä¾rD“Á,j•³n±ßô»ßøkÇàDɲ{ß-%Øá§U„OªÌ'¯rÕÑ*T
h–$þ$…Šªq\¨œ	gi}1¬n—ÝN¼2‹EÊe·•P1Vãè�bR®¸M,ú-Åo½ññÂÇŠ�ãç�‚
c=�—$LóÁI�äÌë×ÿF•Ð
-…ˆx9¬æÚÜ Ççiˆ¡ŸÑïH·“¡icÔ'|î¡®Ê#ŸÎ²4–=ßý:ô{h|ÚPÕ͵¯Ãu€•2?ž‹ÕÑD›Õ_øMÂKœ±pøÐïnø¬o¥’3kÛ39rئ"t0½!SÝ‘IÖ¤¾40ùðž -ƒ*wÕtïúõåðA,|:`»�ëKIƾÓÔÒg]ßüà:r�JšËãJïÝ�DhÜãÖ©ô" .%Ò�s’ÝÍø#ªYkâ/P$kCƒHßÝ�ºæŒ�÷ÑI‹AN^$V!wk5,
ú¤:{”âC7Ç¥³>èÓÙÛuÕk¥�pV„*ÿ‡ázXË~¡
Š¶æC×éÍ]„"Ú;.vìâd<M¸Ó´®`ô5ÜK—V˜½ýñÕ¿y”�ˆfÖrí·ã‘…f™[éžÉ§ñ~¨mï§ÏªŽ›÷¼.cø8¹`�¼Ð⿲éQÜû³Q5&x3ú'¼x…?ºx¸³M‡»™HæÓ.—Bï{¤tq%¼î—uŸµ‡÷ùð¨Þ–¸îì|¾¹îÄ—Ø[…†óíVåæû’§M¥GPéõ	îû½OýsÐÎËÇ×OXåÝ°ùEM‚ÓýhéïH‹8ªÔðÍ�U½§ýb3l‡+±ŠÄ˜7Þt«AkGÆB³¼
=Ú^ËM¼&+B	”<Ÿ/ÇN
-­º½Ô�y9’ñú4Þ\X·�ŽÀ®$¼w”ªT繘6CšŠmÁ�PxWÏ«ùFšjô]xŸ­#ãÝÿ»Í×ð›a¹ÔL«XKxÝH²qoØñ�[<~¯7݆ñbÛkÍÆr¨m-®¤/Cæq^÷ ÔL¡úL𕸯t¾�/~¹F ½®vE²ç_°Ò½E?êÙ‚CŽ;�`ÞØë6j£óÅ›´è¦þÒ,ºî&ãÃG®…ÃÅͽk'lÆ؈‹£]6Ââø	®(ìžéTÊ­Pý%Éùf¿ÕbŸo[q²XÀÈúÅ
-^öäÿóE«¿ÈôGúù²É‘ßØ…Æ7±hsÎ]p[ý%o•‰+~4å²÷é|½×Aþ¥[ò\¶oÍø°*T�øŠGÄß»ÁŽòn÷¡ŠáQ_~(ïôýê§õ›<y¹üí+jRãš*d÷ÇÒ'W÷Úw6Uùæ%¾•¿¨ÂÇu�ïå‹h|ÄsvrúíI‚¦øçn±K^‹=ë5+ƒf—6K&MÚò›Ÿ¾ï9ã?ΟýëÙ
7 á>endstream
-endobj
-1077 0 obj<</Type/Page/Parent 1068 0 R/Contents 1078 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 192 0 R>>endobj
-1078 0 obj<</Filter/FlateDecode/Length 4177      >>stream
-x
Í[]wÜÆ
}÷¯àS›>H&—ß}é±%;uë¯JÊñcÏjEYLvEe?lçß÷^ÀJ[–"¥í9Žï^ÎÀ
-¨¬ƒã¾$'ûF£@t™„œƒH "ªr"p¸Ù8éJÚVzLË_c†i¹­ˆÃ`3É
-:³Ç´�$c‹u€ë0Ø–¨c�£a`Á¢¦åu¬Ç`ƒSËÜZÂ…d¯âþ
-
¢ŠA)àÊ¡*ˆ\MyŒ3ˆ5™lqRM‰%è1ØŒ	Ô¦õ˜Fà¦ìX‡ÁÖ¬º�
.”±v‰Ñ"€j†h9¤襜ƒP¥¤*Ê9ˆÂ�X1%=+–cÆš 
-!¬Žõ,2 ‰[ZŽÂ�Á€ÅlF@M”Eɇ5Š0/s$�1X$ëÖ³C<ëY�ÁJÑä£HƒÅ&ˆCžH/¬ÃÐF²‘±ƒE m)Ë� ‡2¥H
@!D¡WKÈW0c"@Y–äÈ93`�®é1Mȳƒ
•@ÊåìqRŠ*€Ó:ˆW2î�s�“2§é1XÙŽë0Xø1VX_ê1Xä}¬š±ÓÇr˜ÊX�Ábý½ÈAUœ˜%sc͈
⥨±0PI�Áâ½Æ:Lu˜l¬D0=B
-à¤b z˜UI�Á"öSÏ:VN½n¬Ãð"d'?6ˆ„z]â·Dþa{£‘31\9BIÉQ¤qdH´6ÔcŒÅŽŽÕµ±“+9Ö0ƒ‚nocƒÀ“pD±
- 
™”'¨*y¾‡M`z
¤ÄšÑ	�s�z|Ÿô¬ÆŠ4ÌÔ\QqÐ
-?Ôc°8ŒÖnlxiJz¼.‡#ˆ&9-Íldˆ”)›ºˆ'@Ä@´i0PI�ÁJÞ1VÒEoåbJq€LËm#rRJç e¥ƒé1Ø’îX‡Áb&˜O$àK=¦[R2c=f”Ñá�
6Âé[ŸU%›g©'Š¥®n‡º:Bp̧6ÎA‹ü
“褃•ž­±AIÁÈCò~
TÓÁ(ŽrAœq\†°ƒó)é1^)�âX‡)�¬ �uÖ“ÍÈÆŠ¸8Âqãñäï*ìȈpÊÂÛDR¥Œr'bŽ3)�!#ײy£œˆˆºEb€	Hþ.¾ª/C;-3ÊAp¨s
-Ǥ¬yuJÁ<hgœ¤
åDHìÊQKþ®BŽL�J))$ëWã‚“ÝÊ8ƒàPk¢ýËWóu"‚�Ñ §ù;Cp>®¸2†0Ý„Õ›R‚«ØQ9yl"©TN2ü»è¬ƒ$|ä1RÏOž<}ÙbHNÎe{JÑl¯‹ääL¾‡àçÙ'ÓÓy—çÉÁp¹î.׫¿�üŒQˆˆŒ£ö¸«aØÞ„Ã~øçð™üd‚O,€Éz ÄY£Íòñ'ÌsÞÜ,;2h€ÊO§SþŠ}>9>�ï2£0L:à8å¤�?ñ˜=>ò~Ù/¦Ëßøk
«ÆLJŴ¿”_‘Üu4U[óy·$õô%2̨[ây-y’€BÿúËþò#Cq›·ñ}ëQÝ°¬�ºÌ{Ø‹�b+ÕGM’§Í(Ö®Ñ&*¬QWã£û�ñ¿:§Ð²²XبúÁ°XÑvm—óýr€ƒ,dI°µ™RÓË3N“!›çŨè‹årXÊ£<fÂmdAC'÷ŽºêåSîø·Õº[ð÷­e}?ÌûY߉ÄȘeS�ŠìR–8ïçãÃðਵ{õ#ýµ.ƒ†¬
-Ü
-~¸˜wD‘5‰!1ÀùÄí‘{ó2úóE7¿âØh+uèÙT–+šfÑu_ñ)” Ä»õ?d$>„µãKIíí×ÔU0¾Ö8l…UQh¬†ÀȤy­s>ˆm8GûÐ_ž
Ÿ£Ã[bk¿<}óBfÀ¹)ãc[¦Au-jóç˜d§ë>Ä,Gõ„Ÿ¾™•_]®ÖËÍŒÜêïŒíŽÈ·Ýúó°ü…?c£`ö¿¿>âqÑ»1¢ÿx…š4hƒºÃûî=:îÖ똳±b£
+690 0 obj<</Type/Page/Parent 689 0 R/Contents 691 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 19 0 R>>endobj
+691 0 obj<</Length 692 0 R/Filter/FlateDecode>>stream
+x
}SMsÚ0½ó+vr"3‰±lÇN%iK;“4´8ÓK.²-ÀÔ¶\I.åß÷I6�Ði‡Á kwõ¾ôsÀÈLJÑ8 0¦¬Ü%ƒÑÇ[
+|JV؉È’œ|Ï÷ñ&.g�w3Z(¹™¡÷2k+Qn
+Y_&[×ÊÐa[¯Ç¾7Asß“^Ù’É
+Õ‚¡4ÀeXV¼€UEí%8¿’PD‰	˜tÏÁ€ =»ó	é€õÄìãÛ|À˜•!bä¯(`cë¡[•´´Ùñ±¼9óæÀß�Há³lëœÀÒQ´“�g¨5
7Æ4ÓÑh·ÛyÚ
+èIµ½­u
¶ÿ‹7Q¼ †¯x.JÁµ -p`ë̇\òH�"Ÿ!m�/·80ù¸ù
ªOïÃV(µ÷
+ó(=÷þ,DYÜå±iÊd¸€·êc2ÿòLsQÅKZ´iYdôPÀ4ÐzÎ/—ôj_
+endobj
+692 0 obj
+652
+endobj
+693 0 obj<</Type/Page/Parent 689 0 R/Contents 694 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 22 0 R>>endobj
+694 0 obj<</Length 695 0 R/Filter/FlateDecode>>stream
+x
�V]sÛ6|ׯ¸¦�‰:cS¢>,Éov§NóÐfë¥�	Š¨H€À(šé�ïÞ‘´å4êÔ�eK{»{þ5JiŠŸ”V3šßPV�î·£ÉÆfSÚøæfµ¦mNÓd:Å'Ùø§R5Q{JúÅ):zoCTUEÊæ´Õ!Òãݯ÷w?nÿ”:颫s=O“*�Ó[£nhzKµÊ)–šje©Q{º}JÓ~ßlÅ»¶çk(7!z³k£ÎéhbÙI™³QKT¹ÈÔ]´[8œ¢"h©«†�ïu¤“k	ð=*%Dïþ€!Lé:�w€sgßF:Xt[v{Fý„˜ñ[ŠþD\­ciìž*sз]/`÷©—›täã¨û*í¿[®¹f¨wy²¦¿©v^˺Ÿ·#¦_4
+&ê+¡é%.¿§1•16·“ÉñxLïHœßóÚmHCXŽ¿´\ÌñºX¯ð:Ã/N/öYN7¢Æ³a§ÞGé-Ý·¦Ê™wöÒ½±Ê›ËVr”³L¸¢ÂxÖ·Ðïö^Õ½8ËAœdcfßözLfÇ°–ì숄/½Î¢ó§„¶¨O¡tm•“j£cj3Œ	\òTM|6ZÇ/d`zr�öØ„¦Â)D]'½=©TŸ4µ¶
­ªˆ¬Öy`VÌ\«\J}u>ûŠ½sñû/mxÞéõµÌIW`hc1ë=ÜQ‡S‚Ötäá
+�Î ¹†]NGk«v•Æxm¤þ¬³–Ûz´ZôE,2ÖÆ2j‘c×; ¡6Ódâ[hÑf°z@tÔ�©ào
+w¢BLøïøØ.k)�­‘šÿ�¬›…ÜIçÁ:ïƒuvË#K|¹›ºq>*‹)ÇÕýoQå’¾‹(ŒÄ^wiÔ"^³’ßú «P‘€E�Ô€Äìyʽ±Ù �…h궒ìKè�Ž‚L³çǶ
+endobj
+695 0 obj
+1091
+endobj
+696 0 obj<</Type/Page/Parent 689 0 R/Contents 697 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+697 0 obj<</Length 698 0 R/Filter/FlateDecode>>stream
+x
�V]oÓH}ﯸËA¢ÎG“4©´ÀªÛ¦ÚEtµÛc{¨=fÆ-ù÷{îŒÝÓò° BZ_ßÏsνߎ¦4Áß)�ÎèdIYsôrsôzs4IV+ÚØ?Lh¾^&+š¯Nñý”¿ZIl'ðqÿÑÙ.WëdÞÙÎ`Lá|üfMÓ9m
+„].É’6yx{B›l4Mæ	]z¹¥“3ze¥ð’|%É5)eFªl­ðÊh*T-“g›¯p8§é4:<ž�ÂÝhSI„øçD³­å¯:R:x–߃‰#rmš++3o쮚+ç­J[™Ð9lÊR:O;Ó¢"‘³‹†³˜Ðñô$™qô�‹¶®wäL0Ì„&'%Uæ.„4[vç¨4äM)áÂr<ÚZ‘y•It
+¿�»Æ N¥á¹‰B'RƒŠ�ÌZ«<4Ez๠	œ%u$"W±â�ÿÂIp¡`XBa¸“µ�ÔCd\}8ÿûßËׯ®.Î7Ÿ9!Ÿ þ:™­ïµþ1ýž­‡ê½èÔ{~F›N'm§BqN�Uäñø
ʹç(�<PôÜ?…>7[c½
+v°:6hU#à\ä·�>¥ !
+endobj
+698 0 obj
+1435
+endobj
+699 0 obj<</Type/Page/Parent 689 0 R/Contents 700 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+700 0 obj<</Length 701 0 R/Filter/FlateDecode>>stream
+x
•WaOã8ýί¸×ÕÒ´iK[¸O¬v¹Cºe9èiµÒJ'7qZC÷l‡¶ÿþÞØM[²ôX@
+E±Çã÷Þ¼™þ{S¿1�zÔRR}˜}šu£ñ˜v3Ã?]÷¢1
Æ#|¢
I–â¿áîM¿
ÄÂKÄß>§suNñ€&ŽŽñ!õï»4IZq4Œâˆî�\Й¸Àaœ*g”]�*¥K£D—Ù»ÉÃQçj@qâ´{#ÄiÝ|™|ú�&sd¥ó\/yçRå9M%¥*ˤ‘¥#•­uE••ts}OÚðŸ÷ä4YgÔ´r2%+Í“J¤¥B,lÄ'v©ÝâÖ8éO­I8Žc(d}6­ŽtI§Þý<ÓVDôuŽ}ÊR*3\(å(mÅýóŽK]gTj7çä÷–‘›Ë’DŠ
”c#�r“UÜ�zœ6Ù‹pb¼‡Í&g 7UÚ¶­-©>íyz{´ªP¹0ùP¬uªtáa³s]å)ÍÅ“$Q5kŸÌë'—¶Žtðܹr$Sõ?Ð’Aé
+á…)‚³Y®ý2P_J,.×à‹
+뫱kè6‚HlhŒ	�¨ÒI“	¸×	é…Sš	bMz÷äµv!•­ýúë[®#­m€ÁõÜaYEÞìv¡#º«jÀÏjóSû³šj‡FiÚP10_öÞT—¿:zD-Ñ’ý�Óž-ÒD
+¢a7—@¡`¯�8Ä ]rª�§‹§L¨Ü a“تü^­L<nxâ¤õ]ˆO;yYßl3:e”àê©÷îpÓšœTã’ê‡Fr||üõòîæúæw|¢ÏLo¨7$óI"HÞh�ΈFÁ÷ò™3l‰. ŠÔÞpP{hE$Ô ¼�ÆŸgšXWvÁjÚz„e½ë"ÃYU@¹ö”«`·ßod£îÔ¯µÜÔ™ñÆÑa
àå^H­où[4ˆnÉXâÈ?±õ”ÒÌÑ×é�ëÝJàçEBü}ë;0ßÀ·8U"jžs£F³CGT0¾'àÏEµµÖm¢Þ›‰ò]K�I]­¼`OÅÐê#�)Þ×Q)K™çþv~ëR/b¤
+sWÓ–»0\í�R±ŸÍšÃT¯¦¦]æ�M)œz’ä¡ò2…ºÀ!¥Bº|ž9Ï¡§À0jÖü`övíó�ÀÀá͈¸áó…m£k
+Ð=1Ð̘€p|íÞ{ùÓá_ÏókmŒáõ^þËqhÍóù-ùpCoôÂâœÞ²×SºÙ»›XwÝÚK÷
+endobj
+701 0 obj
+1365
+endobj
+702 0 obj<</Type/Page/Parent 689 0 R/Contents 703 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+703 0 obj<</Length 704 0 R/Filter/FlateDecode>>stream
+x
­VaOãFýί˜J­$â$&$!*ÝwÒIwÐ6nQÕôÃÆ^'Kì]Ÿw
äß÷Í®]BôCv=óÞÌ{³ûídDC|�hÓù„Òòä}r2ø4¦Ñˆ’+“Ù”’Œ†Ñp8¤$í%†¶ª(H9²Rg$ÂG«ÖZä¹�¤ª6©´VZ:Mîî¢
×#]®²ð¿.E�Âì³ÇÛ"Þ2¤~<‰Æ@Ô»¾I>ÎésN;ÓPc¥O¼øý×1Y·+$)ÍwÖÉ’—4ù�¥ØQ¡¶Øm¨0fKÂñjH�:´¬û£ó(æ,òQ”U!íÀÞ×ã¾u¢vMuHÀ¦µªÇP)z!Ê• é•öAŽ
+-Öxµ±´ìÙ&Ý�°­2»ä·ùízyÚAêôÚ*5ݱ"}M…¼—¤M­Ü.¨”ÕÌ"Í\(=Õò[#­C{©Ö>˜:�Ü
+ñØå)gi]6¾¸Ä¸xÛeãøNÜr£hÖºl\–­!7ë“r­[-„Âí��5VxãÉUƒ
µóÕ@0•¾n°dW©TÐÿSCãΣû¡B¢Î¢=TŽM	ð{ìa6$?sn8ABOÜ_¥1ìŠ&	žFøK³íédõŠ—9ôà_ŽˆaÑùEhv±çëSoĽ„Üà
+Ùœ–ø
+ó‚åžá·ö�}íuƒ‘T5tÌ€ÿCQ¹ÑœŽqTÆÏÌ¿§Æ®õo³ô(q~Ò+?èFd!WµpòŒ [™Ã4´jÖ¸ŒT¦vßíig‚™ø¢tfíÔM¦_#qKÜ»..Þ}}ÿŽ~®Í\FW&mJÜ+ŽƒCüV?¼ÖûÏ·›ñl]âÖŠ[͸ÿËÉß°œ6‚endstream
+endobj
+704 0 obj
+1189
+endobj
+705 0 obj<</Type/Page/Parent 689 0 R/Contents 706 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+706 0 obj<</Length 707 0 R/Filter/FlateDecode>>stream
+x
�WÛnÛ8}ÏWòpT_â\
+,Îma qÓÚc�¼Pm³¡HW¤âøï{†”GmÑE�À‘HΙ3gÎÐßúÔÃOŸÎ4<¥¬8¸œ|¼½ þ	Í—xszŽ9õ’^¯Gó¬ÓOú½„kái²¤ùZ™•£kkŽ<-lùô÷‡ù7ì?¡~?î?œak�õ¼š¶XæH˜œv¶"çEéÉ[â—Ot¸][Ú–ÖKâ'Ž6JK²Kò¥pëC<“†&äªÕJ:NÈ-‘�X	e豃³F�ŽûÃdÀáÛÇä•ÖaS&tA¹Ýš¤^98M8ÑÎœ0°B­ÖžJ)rJKÆq=ÿ3ý<›ÌÿâC
+üŠnÇ_fƒ·‰R‡q¾Êž"`_îÂ!…Pš)Ð
+ØmÙiäÖ­J[m�‚¶ö‰�Ÿÿõf|}CK[R.=Žp�š‰"´ŽR	È $ˤsËJëv‚W­eN¨“_ÛÊ�Ç<:å¥kFEt¾U¹ì’³Tˆ]Š¤œ-¤5’¤v2„Y«ÀwI›Ò¦Z!ŽoŸe™a5)ŸÐà ³•Î‰„Æivs‹Å¢•‘pá]&¥\)ç*PòÇ	çŠݮҢ©ÒR½„ãLw7ãÙ
9	y
'AÕ&H:Š™å6«
+i¼ðʲ\À«³U™I
+�@Iá”,â
7óô�gÐÔÉù>ðe,Ûíur1LNn°~B×J¬Œu,—‡Hx(Û¯{‹•·Ï(A,|L­&™3]+de¾�·èøП�÷’fðo
:�1–®�yrUšê‡ŠÔ‰žŒFÉùŸp#¶|d
+æX8»¿d!ÅÅì!…0(´ZfÞáÔª,Ñ¡ ½®º«6G£.Á»ÙÙ®>½é†¿wÿκt7žÞ�§ýn‹ÐøÃ
ÙOçý¶“¿‚
eœ‡¤-÷}!^TQoÁh
€SŽÉ½öÑ~5÷;ˆÇ‹S¾ªbõô@4®ØOF“òtã’2­Ïÿâ›-•ß½šx;“‰!«sYìØACÁHã”`UÂÖ£E,mU{–‘<1DìpÖ)SÊdFÄZ*š$#RfÝÛ¿ArA’…u\±0ŽàË2‡CzÆn±×9̽'‰á0Æu½ßYaÞ›¦œŠ5z׊[JLSÃÊù3zS¬`NpM‘W fð©Ë*˜0šý{±\¬PbédùwLg,à��p=”·'e˜È(X£Ý.#ù<§ ¾Ñ ÕŸ˜ò¡ÚP0æ$À¾ÐÛ¯!@ r#›é´ÒDý‹.qçʬí™Êas
+øEÇýuHÑ?X¥!篭–#“·Çrn5
+ó׈ž)$mÙe g#
+ä°U~]ÇÐ
+½ê0IåêûZ´qQ›ñtŽ:•„/F|‘©n.`3/MG=v°
+pM%˜4T™ÑÌX}j§7ÅíñÍßzvS*x÷÷JV\|ö‘†JnŠ0Âß4Ý5úöüêáãä�P^nÃf5ÅoU** È*¡[`¨Å¦âíPKÒSLY©ö¹|�`@)ö„‹#dö+àÖ´"‡@n‡[p
﬛Ž•]"E¿‰¨õ´Zªê©=ýævr^_ú§g	1À½opÏÆ÷—cvúo°jÜü÷îRë8î:ŽÛþ××…“ó^r�¯¸}�øàûrðìñrendstream
+endobj
+707 0 obj
+1505
+endobj
+708 0 obj<</Type/Page/Parent 689 0 R/Contents 709 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+709 0 obj<</Length 710 0 R/Filter/FlateDecode>>stream
+x
•WÛnÛ8}ÏWò²)�hm'q’‡>äV Ø6é&n»‚.h‰ªÙJ¢JRqõ÷{fH9®ÒÅbQP,q.gΙ~ß™Òÿ¦t2£Ã9åõÎÅbç÷Wg4=¢E‰7óS<4É&“	-ò½i6�dG½s¦	¦ùB¥³5½¿yýKŠ.+£›@ï._,¾ÂÐM§ÑÐÁì†ö–:¯ñaË´£°R�Œ'õ¨L¥–•¦G£ðÞ×˃¥òº òÚ=âKñ¤¨kÌZY¨·­MUQ£ñÜç¶n
,„•f÷:˜f3vkyŒ¬uö‹SuFŸp6›Ó¦ñAÁ~$Ÿ;Ó¢]”Hw3ºÓ
+^ð’?t]ŒmðÌ‘Ê'TZGµucß…HÍg”bšÍ3Æto±ÒÆ�zåºûO÷ȇ	$÷‚Maµ§ºËW#S5'ÈÐ爉þ3ßûÇŒ^àÐÀeã·#õ»¿^ì ”t|vˆŽNOð<ÃÄQŽ+||–ÍŸ×þ8£76ÿÿÿRáÛåuZÑze´·µ¦F¹Bå=g;.3¯¢!‰ÅúØ °¶ú§l9|�ì5_j¢V;`_‹eÏ@¾½HœÉ SiØ»NçÖƒ¥ÝIbÀ
+vÆLÙ-tÓƒ…ö»ø
Lç¬|«sS]<ó[J¬[`Ûclî~Ê
+:Ì=dQ@#ïY8
+½ôD…)Kpzíüœ}:ñÑ4òÍèƒvŒö„G�Ý«z©h©
²_f´R�(ŽC
+,;4gÛ¨`ð;•yª‡½‡Q« eе°•¿6u[隃‚Q9�OŠ2Teä{©ÃZ—§\b4±:ˆ{±B¾¹‚Ž-:”]UõЀƒá@E‡à,€$ª‚3å‘d$†—XÀ�¡^¥ÊÃȬ%˜RÀ¥ð$�ø!¼H,éZö:û|8#t…ÙçùÑ>-X¹hXbÝÞK<#ÏÒè’Dp9ù®m­~Ë
+/žØÕ4£{à+Tg0Zë½a©!’A•|É:‰¼vú{§ý8mµ´(e4
+
¡îÌ\��錧M=rí÷áÀÆwð„
+T/ˆ��ù‹ÇR�Iô²a„¸0d-½ÒA#nðTðcæ@ƒŒŸp¾êQ
‹"ÕÐKR#4Y³©6R.©ëV ÿJµ¨l©äy€9….wQÿ“FeŸb&+¤�3hȼ IÐS3òž,ˆ<‡ ÏaÛ®“:ÀÈ@b è™òhf’@_«þ’Ð_
+™W¢&ž�UÍs]U°Í­Ñ`—W®ùW¼Ls€&
•uÁ«`Þ¢	‚¯Õ7Ð1ŽÉscÀÇ h�™ÌÓ¤1~äL2è¸ì	¥ÃqÑC×¥ê*t‘H	‘*;Þ¸äyÍÛ†þÑV&7R8ÿ
1³)[1¥}ZvPpÉÛÍÈ»×
‰”}“ÓKêãl�i(_Ö¡§¬#†]
þÁ€g«	ïF\FÙL
+ãe/C�Q
<±n%qb°—ÝáÕKtc¬LÒ›Q]LteácÀêr¬P7æ‚7žÂ6¿…¡ÓmÒ‘ãûHôaÏóJÄL(°�ú‡`R“„˜coLÅ(¥¢^:× £`o­#ŒY"}ù«
ͤ[t 8EN·Œ¹€,ÒüÏ+ªo--8ÀAl/Òóh¤0jË,
+endobj
+710 0 obj
+1723
+endobj
+711 0 obj<</Type/Page/Parent 689 0 R/Contents 712 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+712 0 obj<</Length 713 0 R/Filter/FlateDecode>>stream
+x
…’ÁnÛ0DïúŠANP³¢cXò1i’"‡¢-¬c.j1I—¤Ýæï»´Àè¥, ÌÛ™ýª4jy4šnV0®ºëªÏ�kè%ºA¾¬ZzÔª®ktf¦•®U£ð=�ñe¤H&˴ᜮ»7Ñ.¡õI;_4¢�=
x{Œt`ìbx™Ø%ì“õ¯ìÄž'ü¶yÃ>s˜p‚õ�]ϳÉn¹ÌøÊÑ‘ÿ„ÇÈÞŒ±l®1×7jQ6nùÞz:Xò,$1ù|]Oˆl‚sìû£½)„-(ùWšl4‘®€°Ë6øb$¹e‚ |Д2mùŸí„KÖUâ$`GfK¯|ŽþCn7IøÞŠ—â»*¨‡®’sc¥×ªÅ²md^Èé�ö|a½jTiNŠ¹hhsûíî?bx&îƒÙKÆL%B¡ÏOªùIöß>—m­ÖòÈU›³¹ŸÕ_Éf© endstream
+endobj
+713 0 obj
+355
+endobj
+714 0 obj<</Type/Page/Parent 689 0 R/Contents 715 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+715 0 obj<</Length 716 0 R/Filter/FlateDecode>>stream
+x
¥V]sê6}çWì#™)66ÞhÚLïL“¹í¥s_ò"l
jlɵdÿ¾gå0é�¶sÃLléh÷œÝ³úkÑŸˆ1Í攣7£Ÿ7£i°\Òå_µÇ,[̃%%˾Ç1¾V’v¼/
ÓÿÃòðé�â)mv@Ÿ/–´Éü{<IÇ�Q:YQÐ'íä¾Né==¡¯JgæÝ’–îÝTo–Þ•;ÜmþMi'
+8]|ßX,µQŒ‘‡OÔþÎM*ræ“úo�ÿÖ4ËÄþ�
ÊÚ£<`>Í—˜Q
ÎVí·æ
+ùÀ#r©÷ý½¥¿ â8Mw.9/l)Q‹Ø*1Aw¦®èuœ¼ÞaÎ¥ª@æ¤köã
E¥Àm	;¶g¨–AŠ×1‚,e¥Lözç‹™|�q­Q›w%àd.=
+endobj
+716 0 obj
+1213
+endobj
+717 0 obj<</Type/Page/Parent 689 0 R/Contents 718 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+718 0 obj<</Length 719 0 R/Filter/FlateDecode>>stream
+x
�WÉrÛ8½û+ºr¥Ê¢Û’œ99[Uª&‰'Qj.¾@$("&

+ñ$Ihúx÷†D–Yé\BwΙT	/3:*_‰ásò…„+•8ÑN’Ñø±/·ß/æ4]\%KŸT>Ü·'Jœ¹
›”£OŸ	‘”Â+£]¡8Ä¥ÔìE¿WÙ¹ÙKeI®NΩ½®¤öndXÀ®°;åb6–2åR+ÙßPš´ðµ•ÑsTä`'œJ©”O²6ºd¥¦ªj­Òè+yñ(JN^í”Þ�Œrˆ‡	}U+ùnŸˆ˜uäm_š:ü¨%¢CÀ{©¥
w­¬„ÒŽrõr„‚§‘Áƒ°^¥u)lƒ+<»qõ"“�2[…0œÔNåÖTÈsK�Jh±—œY:Hë2õêI&#»^_
+f „sH¬€q“‚øt`yC=ð2V€ÐGZ�>-B°Í›Ô”¤ªC’ˆBÈ,86¦fð•ýzÑ¢E%_°/
+¦!¸É×›Mù„HàÊyU 4
'4hÂ
+Xe °ÊO¦AY¶ö!{‰ä1DÑ@pžó¨A”¹‹RHô…¡¨ƒ£÷
ܱTa\ŒÌî¬Y*
+ÀµJúÂÀC†Š�uôíí==L¾1÷Þ
+/öVTÔžüð’GerØVBps
+ºÈ(êAz±Ùèòô'ÛS¨­£nÔ­+X9&@[À”ç¯Î¿C§ˆuK‘>¦¨Qš1Ùns$ D3x”•�þ¬1
k‰š¤wLã-v²ÙAQü¾&¸˜—¹©uø
LZ¿iõ<ûKéú™š’„Â{à"ñŒ;þ˜_Wu•�Q�"çxâA:xç9þµÕÇØ6ùïrÁšƒª;ѱPHŽ=<jF�»ÿïM·j˜º;ÍÁ²<
åls—@Þëê@Üá*gízÀðDÐÕ7ù¬¸1KÔâXÍЩãX\íƒ#°Îñ>	UŠ]#NaÔšÓÕæÓT3Xa¸ßÃ\5{Ktž¢®nx�駨eŸ†‹fÙ$!Ø}JX^#OúYlºäYlÒgÇ˲Œ-,„=p¹T;+ î‚épÚ¶+&`XÝŠ§áÑ€YÕaÖ"ÁÍ·4zïGÓFƧkŒi0›<,Wëæaë&?ë&·ÖØÃÄA�`‘Ó�‹ì7
+,Ž\d‘	ò1h1¯gÑ´£æïú9{vP
+!²–ô6f”>1¿J‹‰¹	¶r…{ŒJˆy”¬"?õ�NÕ¼ÚŲF]šÇ%ñbhº¼º
-ÿ› Ëù"ÌÚç½ú5E9½‚¶ÝhD‚v‚6XÔÒ#4úPÆ͈VIÇ’1àŸ“
}ϣ׸&ÀÍð¢ òÓ¤ÌúÆ–q÷L­
+LÍ)a²
+L3¸Ä*26C#í}WÛF/Ke†ÏÜö§Ó•ÁpÑy[§üb
+endobj
+719 0 obj
+1684
+endobj
+720 0 obj<</Type/Page/Parent 689 0 R/Contents 721 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+721 0 obj<</Length 722 0 R/Filter/FlateDecode>>stream
+x
�WÛnã6}ÏW܇zÑD¶¼Þ8»oIÛè^ŠèK€‚’h‹‰TIÊŽÿ¾gHÉV”¸ÛHli8sævføÏEJsü¦´ZÐÛkÊë‹»õÅïë‹yrsC§?v‹/sZ¦i² åÍ
+Ÿé
+Ÿ­¤
Á[è9þ�üìã{J—´Þ@ýõ
>áýœÖùt‘,’eBoÖß/fÓNl:“>ŸiçöÊçe’½‰KJÓ¨çj±‚žéºTŽ6ª’!oMåÈ—’Dî[Q‘µ.gªÖ+£É»•Þ%´†L<æ�ÊEU¨.Êî¤%“}—¹'×È\m ÀÇ	Ç0æt•¾…Ã0¿1UeöîCD7§÷.¥«Å»„ÝœR÷ó½î«BhŸ‰ö&ÆÏé{s/íNåøBÃ^oÔ¶µ
`ð(9w¾{¾H“롽F ÌŇ)4Ö�ðç”Ðmå¥Õ0·“$q%c)¨1¶ Ñ"
Úw1#aeˆÎkžÆCGÛÑrp‘F^«B4´W:Sº8È•¢0ûÿ‰~kMÛœdŸ»:ŽKiœwa.²«ÐÇ2x‘£sáam/Êñ?cóÜ~´Ë!0Î/T¢®UAEÖùq×9tZú½±�G§8ÄG½gªC"™öx‚‚õpæL>k¼Éц]äŽ6ÎÈÛ&ÄøÇú],ÿ^ýs<³�=?\q^ÇýºA€Zëä%I‘—d6LNR-óR
+´Mî
´1òàË„qLFXa1¾0;PD§¡<¸ôc&‘ò&À§LÔ
ž0ü`3˜Æ!H·ÜÆ ¸Æ(íIyNê1Ç°1Ω®VŽÐ‡a}Ô †“ äçS½ cñî%×feø42ÊÒ¿N¾Ò£ppΙŒÃH
+M°/È)3¨~éBGõj8¶ütP¸ý«L²áÐ�aY‹ëØM¿š¡ûÅl¸†¥/Ö°·I\0ëœiò=ïè	ñz^˜òq/
+9�9îvL­­/#ÚôÚ—#W�Â\(R,l…0Jñ Ô)âä@E Ì,nYÌî�¨ZN
zŒ*ÏõÓ&w²"¼À[w+tŒàÈøÐ�NƒØr‘¡ áìq�ôÑ8–,Bd%p€ûq
+ò6Ò�<ÜC"Ì‘eø†Ed§˜'ÁA!»qØÍBìx¯‘‘x-	l³Ýçˆ�3ó="Ø�Àâ%¢¿ÌÜt¬Ÿ^¯’׶4^Sîo?ßÝÒ7kÂýè7“‡9bÇȯ¢øÕj�Û]Ñßî^¿ü,WKèr霃¿þ¼ø&wÂendstream
+endobj
+722 0 obj
+1574
+endobj
+723 0 obj<</Type/Page/Parent 689 0 R/Contents 724 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+724 0 obj<</Length 725 0 R/Filter/FlateDecode>>stream
+x
¥X]S7}çWÜÉéÔÆëP �´3@œÔS›Ix‘we[aWÚHZÿ¾çJ«µÙÎ4Í4aØÒý8÷Üsïòõ £þgt:¦w'”W‹ƒÉâ`4<;£Ý‹]ã—ýtz†×ã³S¼fc~ÇJZñü;ÝÎ}ÑÏ´XÁö	l-Šðñˆù!µÿîµúÚHº–þbz3§kQI÷ËÛÅ—ƒ
28Ç¥îlº3;¿ü}z=¹>ŸMÞ�F¿Ñ¯4—öIÚðMå’”#Ûh­ôšŒ¦½ãßcøþ$µ´*§™È7J#NÄG‡)\�_Þ~‡Õq÷Jè™Ð)j‡àÿOÔŸoîþøtwsû>[rÌL%ÒΓk¶ðÐÆ8Ά'û�~²¦©ÿê;7£WÐH¬\+v'Z¾�(Kªdµ”Ö‘YQwó@uçÞgù^"—F{kÊ’­1SJ³FYcÍÝ·Y°Í+“‹²‡ÍwØ�lcª‘©–>²áN:S‚}ÁÊÑÇcÊ2¦ü £Áød8f´§žÜÆ4%À‘¤�J~#|À)Q©Šs[(qD*Kf«‰˜gŽ„£Åû$–æIi±
ÕùKÓÊ�°xÝæÞ&ohqy{4½%œtå^íh»Aɇ
+Åoàƒ—`Þ½ ˜‰¢RuµÂK[…²R!‘<ÞF—épöHúühcœï`lÝãJ{äÃõœ
+áÅR8	ŸÈ<&DÞ…s&W‚AÙ*¿!	 ¡Š¢°Ò¹abîÉ𘱼�çUc
‚¥Ú(í™ay)¬Z©<¤ÕÇúÇ&›a=ŠÕ9|õ®l‡´R%‚Ò\"I¹•¹±…£Âpí¨¶æI²‡5N¥ääÈ¿ÔÑÊØ*F{H|6§ÏJèI­¤ö°+k	w 4êT‚Ÿ·a.X@rIø~Ïk%^(pJÊBC:×$ŸEU#\ô-;âQÃM(¹Fzÿ„h+8œ])³”ôœÆö㨤¸½BBÑY
+5ÁÇŒkëÈ
‰�K 0 h�{=‹¨Í`±hÀ`!L‡OJ�è�p^Z#ŠxK¸JR7•WÁäà�U(uU
+ŒœœZëЂ|Ĭz€!¡;a$°1¢óÆ*‹
ëeÌZîÊ}ŠBm9VV<
+œ
+4ΣæÉ�‘1ÿýünB³›“ÎäÃÛ�DÑFÝ|ÓNƒ¨¿¯RnJ¼‚ó8çx;ke~»1LÑ{©uıáDé…Lz&PG›.ÞH<ˆ	²­�‹p!Ýز÷óÉ]H¡ô£×%Ù+(«ÃÝøµQ–ó`
+ÓŽæa˜lq"õY•}d ,9ïÚínØ›�ƒe¶�÷Ü{*NÀ°ч‡Y¬~'#,ÆñÑu¼÷àzôñgÊ°\®ø);;ï™»'ÕñðÝ0‹�—йæ•á«Eè™ÝòUŸò’zŽjî‰E‡“@ÏGšÉŒ'$ƒ‘´lV+Щc7gâ°o#g.gò„»xzÛ+c»aaü%y‘ ¸Å:OIWx[€È†—$Ið%«Í£9A*ÏŽYt<e£Aöa+k<ï(ÓþŠh‘º|…õ›÷YžQfé±6rš»
‡bp) ZYS…yã-Áu Éñ
š8„
­
ÞÀv²ÞÍDP½Äy3QklÅ¿Q­½ÔöpÊ{hÂ
+endobj
+725 0 obj
+1991
+endobj
+726 0 obj<</Type/Page/Parent 689 0 R/Contents 727 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+727 0 obj<</Length 728 0 R/Filter/FlateDecode>>stream
+x
•WïOã8ýÎ_1*_X‰–¶Ë–Z�T ÜU‚.G³·Z©ÒÉM\ê%±³±Sèýõ÷ÆNÚÂ)pR)‰í™yóÞÌøç^�ºøíÑIŸ>(Îö.¢½Q´×휞Òö£xÀ?]ê÷ñq|zŸŸÎ:}*$-x^â˜Í–]S¯GѧNO(Jüû.Eñ�Ð	-ÒÒ.%þ&#·”‹x)ù«&š„s2Ë9Cò9^
+ý IP&­øö¤Ük…£û”æ'iJsI¶œÿ�±#lüýØëR»÷žFÉ�S™l›ÒQ"S±¶RÙ9§±³¤E&IYRz×k`Ñ¿*¤5ié”�o©1�eìÙ2Ž¥LiŽc9ŠÚ›XèWÖµq€ËæF'Š–0†5ì0 (­+„Sú�¦ ÒÊÂRÛŸ©»%
+¿gwJ["¢5ò‡À�ó¬&ä�ú]�Zù<]C#›7|º<ŸÍ¾�'“h6›~ŸF£Û�ýÙìê~ü×è~:›�¢Ë—Þ€Õ	ÅF;¡4�aºŒïh˜$ rŒ—»
+”Ô`”ƒ0’WPçB`0g"X©ý; 
+�×Æ}ø¹,À°ÌR�ko…5ODåI&òœ¹h
+…TÊä5»Æ ú:WÌFÑ<ZJÕ£<¯9ã¤õ¨ÝÿØHÕÏ>]š|]¨‡¥£ÙA<û@½³³SºUqa¬Y8¼.òÚXqÊ©Ûl®
xý<h	ydE–#Ç»„`1%4gîCKP†¥Ë”ãƒ+�ÌJ]Þ�ïà4D?z¡Vú:;mÚÙô<øì3²áCȽGÞ²|¶	‘–bÆ&ËKÔ
+µR	„�TjÙ˜O¸­g;‡å©ˆƒ˜8�ØéàoZfPqÉÙ¤¡ÑñØU�döíˆ^ó³V
+¯¨Ðh<s­•9J(l@ßH¥€‹�Ãæp�ïÄ<Xjí·¶·ñlpîAjYxxž!M‰D¡—žn Já+!ʷɲÀ5+ÃKô4À�êۜȹl³�ÉhtìE¹c”Pæç†oš[Ü't+4ÚiAýÎsÅpJ³¥±®Ù-¦m(Wf±àNåîsÌy“ÏNjË�ù‚Àý÷µd÷bß¿»½³âêËíùçÄd(¤¿½³t<¹¼ùz5¢Ïì6Ëá½
£ßÇ“¿‡7Ñè~2ŒÞód4¹ú¿kg³î³Ö(7Úèv^(íþ¦±cpÉsS¸Ù‡¦ˆšžÓõ|¡×•Ì«IÆטjXÂŒUO–Zs+L1±
+ÃC@JXkb…*Âa7"ÐÚœˆŠ2#cµP¡
+£¹îð¤`j”ÝæL²ô›P“P7’€Ó!…©TKص=4)OËIB›¡ðµê‰ÇKÙŽï2¾›ÔHø97}Â`^;
+¤DêЮ–lÑø`K£ÿ<ü@MO|‡xÉK>}¥$ºÐ¯3eê·æâÖÚÿo=©D„¹
+]„­Þ__næ+4㋨YÒÄsÏó¸ 5<ú¶LÙV-Ÿr/
+ÆBલð È7¤ÅnÚÙ)}ŒÂ¶e	ú:¹lÏëŒEu¸Ñq8Îæ$ÆLn‘ª°©êa²F
+/=¿­yüOqéã‘°5)Ót
+Í¡»NÙ–õFL‘ HF'mu	屑
]ŸV——Þ`ÐéÑà¬×ðl=Þ^é®0þÂ|eâ’‹…¿ò¾vop‚åí“>níÉÁW®ã“cLë~U¯Ï[q·ûsï_A×Æ#endstream
+endobj
+728 0 obj
+1741
+endobj
+729 0 obj<</Type/Page/Parent 689 0 R/Contents 730 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+730 0 obj<</Length 731 0 R/Filter/FlateDecode>>stream
+x
•W]OÛH}çW\%›• $!å£o@Ân$HYânµ’¥jb�É´öŒ;cù÷{îØqZïBiil�ïç¹çžü8Ò
+;Í/œ?¾Ð	lŸÂVûÇ
+¢Õº´”$–©¤ÂÀ’ˆ©XIJ³•q…£Dá�+£H:—”iºîS°RŽ¾Ë5á¿RÇÒþ|;ÐÑ‘ÂÃŽá0ÌD´RZ†¡[»Bfa•ÖJ]DFÖ¤Nx$í“‚ý0L…΄ækiÃ0Vd²�O4\;„ Œv+a¥kõ©´�ßÊGå
+‹p*ËÓ5‰8¦N^.Su8SŸ$ŽPb�_ZÙo³Úvµ�Ô½šþ1›%
3Ýé|òõò6˜>Ì/ƒ)WéÙØØ‘HSóLY™*GA»³ùõíçÉ´Õ®+Ê…B9Ž
z´¦Ì%â4�’cíÓ¥^“Súq¯?¤t”–±l5ü¬Ò”"Q:´±{³ì·XÆï¯À�ÒHn}HÚè£Ü*] &ŠÐ$qïàLs2[Ê8FhP&ò§-×­�&Ê¢9páþ°MŽw.‹«Ù§i ƒ-ý(
*Ũ8äçšJ.	l5†ƒ­nõ¢O>—‘J€ZÉzi‰�2׿NêýU
+{bž|À$HÓ E«=BÈ$9Z#_
+©=Ø?¶åÑvŸ†ƒQÿø�¿g~Ä-&Ðl¦�º÷SêN>Ý}Ô²
+
+ÃÉÃìïéÃ"§�çÿm0=?ÍÄú.Îîé2Ž!Ä0^•|"Üb͸YÍ™(¢Õv6j×¹À^ïÓ¬™lld²\WØൣ&-y©#‡Ä
+lÈ2*Jn¯ÞÉ÷�b™£1~áì
+‹Ç7¸¾?žÝoZY»•úIY£¸Œä’¨G˜Œk9»©0<�„ú\Ó³¨B’?JEÀ/Vë™>kõr|«tùBûîË":öºy¿›½Ÿ@3\@,ÿ7h†g§?AfܧÉ|A·~äö�@�ï@&¹XªT^¦oóån«6.Êœ	RlÔª€šyyE‰ˆ¼5´.!©y²btþu™A@†õL%Ðv:éPG‰)&.¥„`€#
G
+šGßcùy¥@+ÊUý\y�›5=Õð•ç¹‰Ñúu{›¯
û�†Îƒf¦í98P&ñ}ƒ!H�´\Z샨£°
+²ôyòMÍ‘ðwŸŽ—ªÇ5uWŠÈ3*Òå,]¹ü&#�!¨J†yE›ü>óUõ-¤nN�¢?÷*ÏŒ+}¼õœïhÆÅaÍ'<‘·w· ·Pã2úÎXGïÐq–¼;…8¯¥³Ø”à•KàýU9xøV•¾ãÙ¨”´² …—a|Ï,yÁ�Ýël—Ooc=ÜÚì�zbAcM™ió:ŠÅeÞ¥ß-ì{^óÞðô¬Ï߬ñ¥wçÛïâòîê’î­ñ]™˜¨dnðXçô�ª·Žª×z¿dëñÙ3Ìf{Ã~	ᯃ
§Ç•Ìendstream
+endobj
+731 0 obj
+1654
+endobj
+732 0 obj<</Type/Page/Parent 689 0 R/Contents 733 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+733 0 obj<</Length 734 0 R/Filter/FlateDecode>>stream
+x
�WËnÛ8Ýç+.ºr�D¶\ÇNt‘ô�hÓìA1@6´DGlhR©8þû9—¤YM�Á4¨a‹Ô}žs.ùë$§	þrZLéÍœŠíÉÕêäÓêd’]\ÐóGs�:ÏgÙŒf|ŸN³j$m°+‹9~Æ•|Ša¶°‡~KùŒVø�_àKÖ'´*FÓìMvžÑ�ë›%}µö¡­_¯~žŒ?Ï(ÏãgÓÞ]Æ=w£Ê”vçèÚxÙééFl%-eó(›»×äðE’”#_I’¿Zõ(¤ñd7á
5›"ŸLò1>¦äjY¨�’%Ý\Ý,Ùõ„Îò7Ù”]Þ�n¤¿ºþ¾<v‘QŠ…]Ɇœ·�t¬ÄâH˜’®oI”%øJx¨P#ï•CÜp¸Þ“ ”ÌÀq¡GL*†¼úp;†9'}[S%­¥4t¯ñ	»Z
+‡ôŒŒŠ•`ÿ—Ñ–¬Oçh%ÒZY*¬Ù¨û
-Åv-È[Øäp¸
)-®ÞÆjmwÊÜS-¤†ÈÉHYr¶ñ•²D*øλc瀭й‘Û®3vw
ÑFiù®Ûû–›œÓÙô<Géœ:rm]ÛÆÓ{úGºc3güÎ<öéå„Z÷3B¿Pˆ�rQ&äÒÿ¿¢½±,#	„â’gaóžžžž²Þÿ?'¸«€˜TÞiWÞÞ›låøíQ‡ÿgRÇ€^“4ù'4[¼}¦z�Ï}öÎfçÙ	õù;Ëè‹ÝѺ
))›Ö^Y´�iPa	ð(e­íTk�¶`�ISòï®X,((ÖÁRì„g‡Ê&Q
+ñ°ß�„�.º$
+�¾ø}
‘1dkÙÎÚc
‡ÀR[C%´³§º‡TéIžÀ§Ê!ØUª¨D+øŽ!G»ÿ^< §Z‹¨q%sr‹<“˜Gº±>äÔ«H”•qâ÷oJÒgÿÀiR²Sû¾~ûò}¹Z’Ê
Ár$
·´<å _!(\É~ÕÑguËE;zCúb¨Uב�…
+ªöLÈÔÂp€è0Ä€Š„ "pŸ“�«Ònäï8”È–AÉÓ΃¬ó	aBœQŒ‹”Ñ0•“jä÷xŒãôà«3
�±€ªpõ^t=pú#…ɳ�­AvÙm¨@¬å @yØÆã™{àÍa^BÂ6�Ýv”†Øcˆ
|ʧ¢æžß9";ÆyÎ%-Ù�ˆÇýÐu¨:V¨®õžìÚs‰"ßÖBß#£Öç‡qw8kK\­ÇŒ>Ÿy~–Ÿ&°~<ÖâJê S‡±’$¥Œ�cÀ„Ý�pµ�Þ…çc&Ê~P^ Ï²Q"clë³�DßJÝWÜnk¯¶îè
<
Üo-v8iVA'o«	™:p)¼¤�+�?Œ0Ö/�ãáùð"®†,þÎæ\‡àÔì^±Q
ð—E*Ü:PXVÑSZ·ÌNÎC8üàHÃ�Bi±VšÁ Ú4�ƒAª/HûÄ4Å-Æã:À‡þîÖ1î
‘d§»
+J�{Īñð»Ð
çcÔö@_è˜SOV®%ýž“møfRNqíÃê …J J�¾F! �øܵÄdéU8=Ä*`S2Ô!8\Lpµ‹Â:þ|‘NÂù|‘å4Ÿçñ±¼üvuI·�å�FmÑnÁ¨�'s·Ÿ-¦¸–¸Î3œEÆ|ÆoáŒü×É¿¨=ífendstream
+endobj
+734 0 obj
+1695
+endobj
+735 0 obj<</Type/Page/Parent 689 0 R/Contents 736 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 29 0 R>>endobj
+736 0 obj<</Length 737 0 R/Filter/FlateDecode>>stream
+x
¥X]oãF|÷¯hì“X´)ëË
îa}ÞMX{“XÁÞ
û2"GÒÄ$G™!åU~}ª{†frÉáòr8ÝS]UÝ£_/RºÆ¿”V3ºYRV^Üm.Þm.®“õšú·Ç×X„�ùz…ÏÙ,Y“Ó´ãð»tX}õ~NiJ›6_®W´Éåù5m²É“*·Š|s<ZW{R´Óªn°W}P5©¢°/žvÖe:'®²ƒ­ŒWµ±‘ÝÑÖṦÂx~9sÖ{r¶©±ºÒõ‹uÏžoª=öÓßl~¹¸¦iz“Ì�Ãä�Ó¥­5µ›ðöo訜*u­™Š_"_n“ÌV;Ú™B'´9O™j¼ö’§ÚÔ*«å…Âfª RyÞ$$èF¡‘½`>æIªÊ‰·rú×FûºÍŠ�NÇ,ôn§³ÚœtqÆj“ï‘áÐýÑÄQhl½æS2HÛs€ËyÞ¨ãí–ÀR�
¢&m€‡IåŽG[åhà…—¼-©‹uôùÃãÓ(½¤mS“Á
¶)�Ž¦
+%ÉCõý¿+ÒÑÙ“Éqð
F‘…6=x4�P3ÁPË
+µÛ9[†Ã 
+*Ïq$�©;×%Â
+båþ’yI�s¾Ù®Q`II¸gi× ³6³Î¡j(Ž�ð„(ºª
((ÿ)P©³ƒ‚
+Þ/ÍZhOFÑýãÓ%ñÒ«÷Pºˆrr¥ëìê`!¡ð Uëä’*oÉV	?3¸¦Åú‚�Ú‡þ[é_½¿¥t„¾X@ß¡Ï’EBOôÙT9kÚë¬q¦>“=2.P/ø°/QM;³gˆÐíñ–ˆñz­Ë‚dªZïAfìñ:{(}Æ^3Í
+¬=Ä]eî|d•÷RURž= fwQDÀ»(t¥÷ú
+T8"QMª
P²,øPis]´éEoù2QÉs¢zÜ||8¥_¾!Pvf+}É_³B+Gµþ
+êד#oÊc�ÊÆd¢ÀF
ú0ŒÓª0¿é|”��éŠOzz¸#&Lm3ËDÄ
+0ú~·0tãęʗÙ#Z}0ÖÂ1l’üƒá‰Êîjf5ŠÀ³ óV€îÏT�äP†ëÚb1V–ámCvíktŠ.—`‘¥VEŠ6VŽíô#¢;3íº»
î
+�ë¡ »‘÷}ãq™…�&2K‡†ÓYÝ �’VKô1ùþߤ³âQ®¿â·�þϹôyšÊÄ&×÷»Î~ã%At
+w¸_…ù¡
+endobj
+737 0 obj
+2022
+endobj
+738 0 obj<</Type/Page/Parent 689 0 R/Contents 739 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+739 0 obj<</Length 740 0 R/Filter/FlateDecode>>stream
+x
½WMoÛ8½çW|r‹F±ÇNÈ¡Ý6ØštÝ´DÙLDQ%©8þ÷û†”äXM�Ŷ-RÙ"çãÍ›7“G)Mð7¥Å”Nç”é£Ë£OË£Ir~Nûv�8vzšÌiv¾Àól–ÌÈJ*pŸ¦i2mß„Cá
lá%ô?`èäjJiJË~ççZæáý„–Ù¸qÒVBK*å“,ß,ŽN®fíé1ÕÂâ�—–”#+¬,w„sURæ2Oøü„Ž§sD¶Ìǘ-ÞÚw¸çÜÖØœLEwןÿ"·s^jG¦ð¸­Å£$xÆGÒêYæ”	|Ê6p—Á›Kˆ–¸ÔRTŽüFxRÁ ")Œmݦ§@
+Ö—.ÑV®@+kŒU�¬h&umÍ|£«`�ƒí±óåE/;�¶F]¬Éð!j´	�²7¢]ŽPZûSÏe&—¯5¦FuìAô‹ÞÐ8äï€ÿÜsH À ÂSl�®hV
+g0³â”	ÚYËùÎ
+¯è(öÔǵ5M
Áq¿
@¼ôó•[}÷´ÝwIo!(-s$*‹¤ÑÛ†íºÑíz:Efg‚︰®2câ"cãÉì-æhƒî¬áâ	¬s d¸8ÒvÈšóÞ²U î
å®—ÃîùübùŽ<Ço<Ca•ñ¦#©Z<ø„àôÁÀ8{~IêŸùÅKˆNŠ.DL„H"×ÎÚóv'Nç‹$¥ùü4ÜÛ÷_>¼§¯Öýûh²
+endobj
+740 0 obj
+1525
+endobj
+741 0 obj<</Type/Page/Parent 689 0 R/Contents 742 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 34 0 R>>endobj
+742 0 obj<</Length 743 0 R/Filter/FlateDecode>>stream
+x
�VïoÛ6ýî¿âÐ|ñ€Z²äŸí–
I“t»›C7´DÛl%Ñi;þï÷Ž”,ÇHV`	àXy¼{÷Þ;~oEÔÅoD£˜zCJòÖõ¼u;ouƒñ˜š�r…‡.�ûAŸú㾇ø(%-±´KñÉ›¨‡}þbá-8~ Pxק(¢ù’ŽG4OÝ‚.Í“ö´ »–t?£ÏªHõÞÐdN©Î…*(Ñ…-u–É’¶F+rKg²Üá?÷¢+üiJ‚r‘¬U!I$‰Þ––ºäÅ?Í¿¶ºÔ‰zAŒSÛ3‘/  ~Þ%Un�Š¨þGÕû:w~݉‡À�&òѾ&ísÿ¨Ší#™ƒ±2'ù(“­•o«Ýƒ*z›L¾Øcö)uJútóîŸÉÕý-u¾ÒÍôþêÃÄ=>“@JÛϤӉǨé˜Ðƒ‘¤—(YÊuêÄV%Â*¤šjiÐ¥ï[….â
jZH|ÆŠ"eJ…z<àgôC—)¾X}†*ªR«Q¶*&‰‹~²‡H¼oÒ‘)-®™¥Ìµ•ÇÞß¼ˆæ\DÝÈDØ~vâ"ÓÉ7Aþ›RîP$ez¥œt Ò\¢cç	­’La�[
”Š•!³Mք쌴–Ù…õªØ‰U˜µÌ2.¹âPxÉ8
+Ÿ°)”6	}O}ãjª´	'•‡€ÿë¤U+"bYüñ¾Õï
ƒ74ŽÐÂœú£
XåŸ2š± »xäþž*å
+fV–Ú¹s½óÀsên£Qkˆ;f˜Ÿ‚È“>—ù¨xî
+Í#–†.éOy¤^m0BJeXÄB~!f5$+ãû¯x?3Õ§3Ê`•�‰^^Ž9�rPe)�ç²H¥S9;\UU��6ÕÞKl­Ò‰£`ÈX}™ÜÎ?NßO'/Õ¾àú%…Fçr¿¥UrC?2_(¯”‚§	ÈyIUs‘èpχΠÛÇÁäg>
+u˜hðý.¿uöT…”,/¥œÆ\çW	‡ûk–G-¿úM�mu£80“ywáïõ]IJ!µ±å6±ì@s7‡ÓS‹1^ô·jøÄ]Ïôs‹z`Ïçô˜NxåJ:ŽUgT¹8`è�Â}AÐý¡—ƒÄêò€¨·æ4ô^¡s^ÐGc
+±žáƒv“=lpqÄsjÄ‘‰LÕ¯ÆoåX¹çò®ùxáŠá›_ÇPˆñ.„YS'¥�«_±lTúŠ:9ÕßëÄΨ
Ã𷲬#ºÅ°ÄÍ�WÃ
ßÒ/›ý¯UÐZM~'·=ñ£^í/„ûÁøÙ¹‡«ãE„›ßèù²Ø0cvu}EŸJý-¥�l!rë.ƒœwÇïêømíÿ7'û£>rs—ÔhÄQ‘òï­
")¥Qendstream
+endobj
+743 0 obj
+1423
+endobj
+744 0 obj<</Type/Page/Parent 689 0 R/Contents 745 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+745 0 obj<</Length 746 0 R/Filter/FlateDecode>>stream
+x
•Tßo›0~Ï_qêöÐIÃByLÛU{é�-H}©49Æ$nÁN±IÖÿ~w’(ê4
$ØwßÝ÷Ýç·Qc¼#˜Å0IAÔ£«|ô-�Y–ÁñѬñcÓyÆH²¾O&,…FBI¸ˆiÜÞÎ!Š /1{šÍ /ºõ1äâ2fS6a1ƒ»%<)]˜½…ûî¸Ø(-a!„iµ³_ò—Qx›ÒqŠèyq™o¤•À¼‘o­jd
FWï°ßH
K^¯8(­Åÿ܇ÂÔ\i
+endobj
+746 0 obj
+736
+endobj
+747 0 obj<</Type/Page/Parent 689 0 R/Contents 748 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+748 0 obj<</Length 749 0 R/Filter/FlateDecode>>stream
+x
�W[oÛ6~ϯ8@6ÌùçÒ{h»õi:Ä{�Ñmq•H—¤â¸¿~ß!EKV4,›
+(5ÅsûÎw¿�Íi†sº]ÐÕ
åõÙ‡ÕÙ¯«³YvwGÝËnñcF7¼–w·xÏ—ó솬¤
öÎh±¼ÊéÓõ"[ÆOP†¯°p|AÓôÓ[ZÌhµ�á›Û;Zá;VòÉÇRì¼´t•ÑG£7jÛX¥·ôåýgÚK…rÞªuãeAx¿Yýu6£ËÅ:&¹ÔÞŠª:ÕB‹-¶ˆÆ—XU¹ðÊhÞͶçØζ/¯æð’WÙ<£{Q¯	]°±¸uIóy»uqËß“nê5Ü3úC«grçeíèa"·ïè¾Ñto*a•{xsAÂÑ^Vÿ…DÏx>ÜÿBQ+xɦ~Sºy¾ möÔxU©ï’·¶aÍRXýR5Û­XW’ÞŸÄCôÙM%Ù<|~xÍ9”øyC;kžT!	ˆp¸ °`¬úp	žXéLcó¡íÜ
+˜fíÒâÌÌCÙ…(
+�LP-óRhåꈊôÐ2÷�àHT‚«‹‹6ÖðvI�.¤­¨æ�ÝÓ"�òÏŽšJo¬@̓a�•`<RŽ`7ôÔ¸TÐB–Ö4Û’ŒFKRUàñôSbŠ=USË�:cò#¼`Z¯~	<_HÊsRºP¨¨FTÁ@K
ŠU
®(ݦ'™MD­³a††H¯€ÐÆT•ÙS@[“|õU�Ñ9£È›XÛŒEF´*�ZRX
+´F�Þì¸l­¥äè¡ÔèÜÔ5z'‡å8Ÿkt :•GA‡fÄ}Myr^ä_·Ü›f°¢NôëÐ}bH ;Ú‡Û4vqX¡c eØÀT	a±M–ÈèW縉‡ÖÎn÷¬ä€i-ùX`—
+â|µŽ3ŽPV“i<"ÏåÎæP�Ü™ST{¡ïDý¸Ûë̵{ŽôIcR½åSaŽƒç:ÖÉù�àåå<›¥`prrýœw8›Û%%´ŽöÏîO©ÅU~syPïiÛB�{ÊPzhCààZ�^#®Mðè¥ðy87’%J-öÄv�<5»—�ÜC-õü®…ª^J¾Æå6_ä@mœ¥uq=€
®ç¹i´oÍØœò8–ÃðyUËó'rãA÷èÒÃÚ�½|¦g,Uã’ç C_v¬
+myzéðùñ<�†ÇÌæE[)æ8²èíáç«
`éL~…óÔ»Óø’Kä¦bиQyfïÂ@€sØÊ]%òÐJê8Çd(ÃÓˆ>
+endobj
+749 0 obj
+1567
+endobj
+750 0 obj<</Type/Page/Parent 689 0 R/Contents 751 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 37 0 R>>endobj
+751 0 obj<</Length 752 0 R/Filter/FlateDecode>>stream
+x
ÕXÛnÛF}÷WPQ
+K£v¢’aãÍÞ©ê9sy*¡gD(«¨òäeÒ†�9•
+ŽWƒøiÍËR±*¶¤IÊA0T^f2—ˆf¥p.�ʃ®
ý^¨ÇðgUÔ�d¶’9ÇKžÙò|*s×™$„¶4z§bws &¥;i,T왳`ÊŽgˆ«	è}E‘(h#)Òy©2/–2RÉ��cŒø-Ž�÷Hà¸gœ?Ñ�L—쮚dA¦.
+å öÊú³mÖ{9èµ­�J³‘QeÝÁð BÚÉÜÇ´	ÿ©Ø~Åù°]’•Ò¹ë¨îRDÀçSi=#-²Éðßced¨H'N~Sbþ&ÅÊVFmjPЪ¹æJžÒx¶æ\Cß}ÿáæ~<
&|€µ£¿¸ÏJðéòÁjp…Ì9pqºþÌôV¯àŸÙ©È¹Ò1)ê*¥Þ�‘_jx·õ<E7¡BÇ2‡¡�(ÒuQµwÐì¾AZ#öŸ	i›R+åå–t}eÌ™XúnÆU™è,Ó{†0J�#üLÚ¢©TTgÂ�Wx,Qg¨:�æáz·âmK?6SŽ~¹�7ç�ü_ÂŽk¼ß€�“8‡™Ú„VFµQÕÁÕJã5Bù¹EÙTÄzO¢F,ž†Ôe;)­è�´¶^(íë@ïÁë…róxá“Ü6É>ÈÞû	ÒáL>
+¾=¡»ºÀ`E£FCÍEŒGš‡¸;AÇ×Í[¹ÃA7˜ê*"—Ö6&Í æÊÇdR‘ë!
=Ô ÌZ…¨é,&‘¡ì1 œV–Èàâ
+`ôÖˆœDÓÞ�ÆÓÚâ
+†Tv†¶�DA9éQ*Š-ºNmÛ©Ó¨huü¿ðÞ8ú¢ŽùB ý·à}î £�§ÒCð§Oƒÿ]É·®¥:Ô0OÑgF
æç)F)—ŒesðKP´cÏRctl¸`´ƒæ)AØ0—•CžÊÇÛyÃ¥ªÔèz‹�AŒóB>Ví3ÏÜigb@2ÉœÙÈl¶¹qÊ&P/ƒpô¯7#<ý£¯ÅXÂîÌBüVÇ4Ù"ÏÍPÒ n¥Ø¨S\±b7œ�ÊÍ“i‘ÅN]0ÉA™ë\6ƒ‰•™W-*½å’Î}Ÿµ–«yRÅÙ9Gm�ªTT¾ü]8?HgSú-ïs»� î
+º�!Ž{…H)2õè•Ñ9üj#Î çmd£Š†à'ý蔓ž*]ží+ nŸm�<¶üåv·éÕŒ±‡"â§>lÍþ
J>¡ß~º˜_×´˜#|9M“à�ÿ'£þV £’ ô+Z,Œ.–ôqÄ«Ëîvz'‹ý(­ªòm:õ�Û�6Ûðô´»Ç§?¾ö±<\’èM›LÙ”۵ж’²àTLÙËnñÕÀ‹Çª[áA,h›_ï;Ná
+‚×Å–àœ[9÷”GrûÖ7X&öàj8Ú
H‚(ˬ!ÍWαNµ0†‰€3Þ­¦©Ø1Ýh95œ(QÃpMÄ;ܱnw…*p®B æFè‰Ýw7Q¥ é¶ÝÎXoxwÕ,µÓå
+{ñòzê÷¯‡›ûw7ôÁèOXå趿 ò½±?>^Íð…K<zAqÌWslpîôÌ-u@Õ¯©®*endstream
+endobj
+752 0 obj
+1701
+endobj
+753 0 obj<</Type/Page/Parent 689 0 R/Contents 754 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 42 0 R>>endobj
+754 0 obj<</Length 755 0 R/Filter/FlateDecode>>stream
+x
�UÁnã6¼û+Þ­°b$Ù–�=8ÍîžRlk
{É…–(‹[ŠtI*^ÿý)9¼
Z1DÓä̼7óôï,£­sZTu³ÇrvÿiIYFeƒ�b³¦²¦”¥iJe5ß	û*+A/óíÓî厤&g¨á–¸#²¢î+/�&ÓÐIÖ‚¸œ´ð'cÿ!ÞûVh/+ã-oY±»òÛìc9ë‚å´Ü¬ñœãß
+jJ”-GJËœáqBjÁŒ¾lŸé£yèípàÖíY…/¯�-”…�¿?ϲ"
+÷U8‹X‹†÷ÊÓ^´üU{ƒ
+ÝPÛ»Aj(g¥’ãÅw›
£Õ9ÂâɃ6(×øj¤„Ã?bô§ñ(iË}€F¦òu(øj±ÂgG‹,eëq5Ú;Å2$`§¡S\�ø™À]lOà|bØ=8¥â�…Ð�¸S$஫�EÀ�®±[lÞ8ÆÝÉ»›A¸ž}7™·J`­Êž�¶p#¨vô;�Åd
#Ë¡Ñ¡]c%“
àÍîaÖt¦î•€•¹º87£
¹×q�
+endobj
+755 0 obj
+822
+endobj
+756 0 obj<</Type/Page/Parent 689 0 R/Contents 757 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 49 0 R>>endobj
+757 0 obj<</Length 758 0 R/Filter/FlateDecode>>stream
+x
¥WÛnÛF}÷WЇ*€D‹º;@
+ØIÕä!(Z«ŠªKr%nBrU.)Eß3C.))M‹ à˜ÜÙ¹ž93üë.¤1þ…´œÐtAq~÷´¹ûqs7V+ê•{<Œi2›3š­–øûa…?KM;¾�C¨é~Aü~ý@“1mvоX®h“È9Þăש:Tº¤Y@o­«L±'EïM\Zgw½1®*MTW:¡µÉô‹ÍÇ»1�&3(<Ÿ]¥sªJ­Éô¬òH±
+ó™(Wqj
+MÛ
ç#uRHTœø
+†gLA׆»šzPôa{¯¯kŠØe¢ç0Šûµ§‹
q§çš©Ë4ÍÖ$ü)|2pypøµ¸àz‚lÁÝù’³&OmžzÝÈØbŠãËœ1uô»­	œcö…ª8i.e)&!^‰–m$•nN)ÓG�}‘½àÎj†^¹r§þËìMÑ�Ë­“$©7­]
þ5
=vÞó506«ïÑså™Y­ÁžÊÉ­ÌŸœ/
Ó¡;ç‘ÍLLÍ©pêÁš¢"n¶–×…®!.ýYå‡LÝâxoüJ“@ï~Ý•˜>Ö…Ì’ÑùË–+ÃíVr²²¾®vó¢2}`àvÔLÀ³…ôz}Ó{Šþ�ê‚ZéDU˜ƒ‡ŠƒS1ø¿ÑäµH†¬üLŒ—R7–Á|ƒ�z’÷C\%¨6·ã)Ñi‹ŸÛX·/¼·ž09žÍ2Ž„“ˆ‡QCE˜F‘x*,U±ç‰ÒŒ½¦Hxd=ÌÙÏÉx<¾5ñV—ú{©àc© T¿%�úÐö…_T‹Ð3�(ãr>ðb«`òÓGÎIÛÀ2¶_z\`b‘?Vúóæ5µ?˜»‘±Ž
+P½¢çÇ÷O�_•ÁÑ4AôÜmî6•ìÜ×ìXýÝcÙ²º‡$sÀW,õÝÙÛéÑ9B¦²
½køìFi·³œé„äh0Í�°nŒú>³tÝ\~ñk;Ö÷ïqíle¯¿kÛ+ô'ÿØ7ÜÇh.R¼‰åýHs›Ðr>ÿîd�\C‘ž(¥‘˜Ä%…íöê	æ¿t¥Q ýÔ)6ݽQ¹Ÿbx´¸ÔÖYâk˼pÐeno}ÍÞŠ„b3M
*�u—%®HL¶÷žÆd¹:æÅ[­-²³‡f»ívÃTÔ,½¼Ä¥Æ|bÔe°$‹ebvg1Ø Xˆ“#s–
+¡ÆèšO¤ïœ�KØæÆ2va]2›hv,v™ÉM³‚JðÑ�õœ“ª#,þ® u´&
Ÿ�%H°GÏ
+°gå‘ÁD–,áÒ½�pE ó¦%›Und~Ú²Í7~
ùoOjâ7[ÎÀMø¨J“	¿ÀÖñËÝßgc!uendstream
+endobj
+758 0 obj
+1534
+endobj
+759 0 obj<</Type/Page/Parent 689 0 R/Contents 760 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+760 0 obj<</Length 761 0 R/Filter/FlateDecode>>stream
+x
uTËnÛ0¼û+æVˆUKvý8&MskÑ¢.zñ…&鈉Eª$eAß¡$'¨‘Z0 ˆ\ÎÎcùg’cÎ'ǺÀbYMîw“��Kä9vG®¬6kìæÙ|>ÇNN�§S‡ #š±Ô]up'#q2ö% :ÔÎؘ^Ò2¬Ž­ó/¥ð: s
Zaã-„UQøˆŸ¢:ˆìf÷<™cV¬²%1§¿‚ö
Îâáf¢e1äÉh¤°°®ÅÁ»6膛½&+n&ûôgí!"öü…„³ß«cÈp'¥ÁØ'��èù"+z"#à|¿xÀ~Ú–F–u­ÏPÆk�7ä4RÚÛß
+qáúªÅ˜íåvËD¿—mZÙßFùj�¥›*Iùv#ý¼ûz‡ïÞ=sñàdSÑM‘¬K\gCÕl(›^ÏÂr½dzsŠEÚÏn~Lþ©p�endstream
+endobj
+761 0 obj
+687
+endobj
+762 0 obj<</Type/Page/Parent 689 0 R/Contents 763 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 52 0 R>>endobj
+763 0 obj<</Length 764 0 R/Filter/FlateDecode>>stream
+x
•XMoÛF½ûWrb
+Ñr®eÿªÅ?ÆÇLy½íJ²÷e®ª½Cç4‰�X5r[¹–"®i)Ô|g-Çàì)GëÛçÑ´¦,Émônñ‰Û±5¥¦C§`¡Ô\I„§z»¤òÊX Á«UÍ”åBIZ·'Œ:�ÍùÓ×'‹õ,]ÓòêºZÑâj�Îû«’î»3\^I˘ýh{o¡«Qµqh™ë­êÊ–žUÙé˜>ÕÊ«J3Ð9O„2vUÑÅâ"½9_ãîêj2†uœ‰¢ó»E�˜Ó4l²¨SVRÓÕµó­|0#¥3Ì	ª¡�Ö–„+:§-Z̯�ß�â‚ø³àl€ßV•��ì
+É*²ÐµVm 
.ˆ5§1ÒÁÖÕŒ&ÿp™dx?Rôó»
¦)ÝH]¤,ˆ\¬ƒÚ{ׂëF3Å=þ‡ž5§SÓ_cä'É‹GéºË
+ø‹YO&!ÞYí›ÂÔ“‡_–üE?â&ÂNËQž@£X{ U¯êIÓ5xô£Ó
 G5Àˆâ[”ˆÅ¿ÐeŽÎ…Ñ`&qœ£n¨ºÖÊ“	Ã
+~Þ
+2ä§
¦$àîq‹ÐP
+{¶ílÆÂ¥ÊIúBüHbQ‘@#¼ØšJcþ7Ζ{â(x²Œ�ŠÿÐöËÈÑë�á¼Gíä¶`iñÈ’íõ¥¢c„�ÄÆ9ûƒÒ3ÀíXN˜‹«ÿ�ÓÅj9�—éÅaÕ
+zö:|ñâ…]àµtßð
+1p6¦=’™
6²é²d»Ìá]áÈíl¨ô$ÓJ󹕀 îh?)�ÅÈÌGmúE»ZE¿÷ƒóè¦7÷·_ÿ¸ýúø(PzL~cub;�o'±�^‚LcP›qˆ'ÁÐ4_FãQ·ï?~¾˃½D;Ÿµ�r3˜ãx~bLB•\£šË¶&_£hüÖˆÊC	¹³²¹M#?Êú'>sÝdÞÔa¥myF�É�Wì¨ü™sì+Fp¼ÅðËû­zÓ‡ÛckXŠú>…­^5ÍÎùœr5ÇæýøöHåcÑbÝ”B8�¹ŸÐà¤#ìyèC Tà€�AâŽ÷½Ãn–¼ÜÁÆ,†Y¬«ÌÆC\³’×÷ª8Þ$p.èTè×

+endobj
+764 0 obj
+1797
+endobj
+765 0 obj<</Type/Page/Parent 689 0 R/Contents 766 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+766 0 obj<</Length 767 0 R/Filter/FlateDecode>>stream
+x
•XÁrÛ6½û+vx3£Ð’lËN/Û±;î$N«I¾@$h¡&	€,«_ß·
+ÚhóŒOnE¢\
+ÂöŒDQè
	Z[iÂâeVªJYg„Ó†j£^T!Ÿä›ÅßGz;=If¸<NuUÉÔÉŒÈi|?9K&É)᨜&,­¯§+Q=IÄ"	±IcWª&�å8Û’®h©— B§¢@·aik�,I›ÁíF–ÚI*õºâü~ìj¢È³Lh±$ŒÊ‹P…X’#ª…q|3‡Â‡ßÎ\ã™jÙü¶E;fD­L×F¹-aݳ¥
~rQo�ýŽJ”[º,
+e‘§È7tR”ãN8¹Ñ¥_.…ªš=¹«É*'>øfq„"ÓüdžÌéôâŸ�0¡ØyàÄ;šž6œ˜Ì’‹+Î’Ó„¾*¹QÕ““
Ê”AÕ4R¨¥)•µJW6àÐfŒ"Ϙ_L+D§LF˵sÈXîa;ka‹>ïOŠúGÅÍ7º.TúÌ�àœiiið“¥u�¢gJú	xÅØjA`ì`Fð…ˆ;�{sHÞßý˜ÕÖ–‰ÕK8!¢¡g’)[bö
+½¾Òü­NK£3C�;ðê0ˆ¼—õî̤M�ªZ� "\s•ÉÊ©|ËŸéÁ
+€C~¶@~�»B1ývs
0r%‹¬­¬O¡ÖBÏ2Ê„KaQß1ìïB“£á
€ƒ
’©‰´ »®kmÜw²±ÒkWX�{õ�sQXOɽ"ÇœUC"O;–¸ ¹´
+^�¡=œ;Ôd_°ÍZ]�n �[]É
©â×»�.éÞ�ó£Û5ÔþZWÎè"²@Ý
+Øö"Sy«œ¯�iDÚÐꇒvLVÓÝW…’#
+Np#PPF¡sÉ ¨¶o¿\ëºrwòî-÷s¹;9{IìA–»iB·|uG‘úuezì´Í:P\€C»¦8~2z]ƒX ¸[óÌ
+½ôCš<\
áïP¹er¿ñýΦƒ­²ç¬0,ýPî]Ýì�,‡ùè:Ñ6zÏ8ìâè¨Yï¬áЉÁ(õ#�;�ÙΘŒŽÇú»_	veWü7™1¸CßKMNÝ´!kƒrõ"ï ÀHí¨êcòyü’éPmÃÖýY01 J¦«‘cº@nÙ—Á$"?¦�	5LaÃl£•mQãÀöƒB
Œ‚Ï;�.”p°5Ê¡Qƒ¼�´W¬Á5Ì„¸¶k?,…}Vv§€µ‘¹z
Å{x:äAÑÊ
»A—i*­=ˆ´ñÀ£(ÏÍ!ÄWkXjv*+nbLMf�×½à«t/Fo²™ïLfá=¨J×…h˜í硯%;ÏóhJ+¯t[i26Ö��úF¼ÄSA9n�RCÓ"ðX6ö_cÒZ
+)Œwž
+¢!–èÔ0ð{6­É¯½À3èøö¢1ªÓùy2ÅŸ
+ØKáùòpùñê’>ý7ƽ×éš
†pà&‡ò6l{>Ã_²øÿ½OÏOñöô_œ�ñix·þqô©B6¦endstream
+endobj
+767 0 obj
+1783
+endobj
+768 0 obj<</Type/Page/Parent 689 0 R/Contents 769 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+769 0 obj<</Length 770 0 R/Filter/FlateDecode>>stream
+x
•WÁrÛ6½û+vtRfÙRlÉéÍ©›i&�Ý6ê´_ ”“�¦õ÷}»€$
+r:ÓñØÖˆÀâí¾·ËïgSºÄÏ”3z7§¬:û°<»øxEÓ)-<™ß,h™Óåäòò’–Ùx¹ÑäufëÿZ²åÆ鬵nK�v•ñÞØÚÓFyª-9­Jª´ªM½&25µØÿ×ý§Ž÷Ö•9)ÄtºqÚëºõo–ßÎ.éíôÝd
+SjÊ
+�Ò(§*
”±ïf»¾«!Ƭ$ß5�umZ9V!Œ
áØ‹Xɸ
+¯+mï»8_~|¯Tö$ß¿ryÙ:ƒbxãF¡ß¸q˜Gଙ*97ª"³Uck$™ªèÖ‡
'ú£jä¼GntN£~$ý7zÑÊ´x\pCF¸sAd|ØáÀæ}—ÁïÒit§Kø5¢‰íáôƒÇwÏ;ˆ'lGJpG™umžˆÖ@‘È’’㨣n¿4ÿ9\ºewª
›Õàbçœã¬ÈË9Óáj8]Ðßñ<‰{Uå†öè-¨TBA®Õ•¸†"h¹ìp3`¾ór—J`Xõ~ÈeˈÄÙ�{¶r¦½W0*þPu°å®Î6šÕì©HÿÔ˜>²ôB¦„è¸;FÐœÈZ¢ÃãØöøôÂÞù4&F8õnPI�?mý”˜Ð½¨€ß°Üƒ–¹7Žê.¥èÔœi¯é )ŠÚR´¿�YoJüÊ
˜0rØÉŠ¤ðƒr{�T%\•çpn'JáÊB"¾rBƒò#ßè·Å	AKÌ6	°‡¾Æ%»1ÍÉ™Þàð‡ÉŽsRøÓÑ
ÊÜ—CçÂCœ±§73¼±ü÷Œ=½º‘ŠÃkÕõd‰fBQ±T0™Ãë‹LƒDûM¬à0Wíçî{äò“é0g\slˆ�-¢°¯ý <À‚
+N"“:G–¿]Ìð&›�ÿïkÍÕâ
+ÇÈÖÙœã�ð?Îþ²ãÓcendstream
+endobj
+770 0 obj
+1613
+endobj
+771 0 obj<</Type/Page/Parent 689 0 R/Contents 772 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>/Annots 65 0 R>>endobj
+772 0 obj<</Length 773 0 R/Filter/FlateDecode>>stream
+x
¥XM�Û6½ï¯ä²°«•ü½zHФŠ4mãc.\™^3+‰Ž$¯×ùõ}3¤$Jv�¢E€$’Èá|¼yóèoW	Åø“ÐbL“9¥ùÕÛÕÕÝû1%	­6ø2_.hµ¦8Šã˜VéhcËTÓÚ”:­my¤J§ûÒÔGÊíZ¿^}Åæi»ùv<�¦Ø>úT`“¢}¥KJ3“>UäÖÎüÚÑ«O¿½êoQmIívÙ‘ê­&Úé27UelQÑg•?(ÊÕ®’o�æY½¦àÍl0¦Ûd�Ù>þî±´ûÝÝÁ–Ùš¨¼;ܽP]š]¦J}CªX³É‚&Ë(ÝêôIŽH·ªxÔëÞ!È‚¢�Áfõ¨LQÕ²öÁÔ[#S°ïVWœ>É!%ü¿¿~½Jæði>aÏrZŽÛ‡Œ>s	�øÉT¼îRÏYðö‚
9%ñ2š{[Íöþyå#u5õ'­•TÕ“d®5"î‹‘¦¶#Ú©RåºÖeDoŠ#IÌõVÕD]jdÎåK^)¼(l-9A]®“k¤©2Ug†xQ¦75}+N¶…S™-€
+IYká"*Ù×]iŸ�c¥[g¼ETjó�ªÍƒÉ˜»¦ÞzNG1(‹[±ChË;>Û´Q©ß‡ðÁ4¥]ïS½ŽhÎáú6TwRd�¤ÙyQ[Ð!¨&[ÀsË�Ë}¿[8¾x±Xø9ó³j>‹!”©ü랺ÊÇL3!™ÿ®_j·0�cÓ¦uCgÕõ˜N"¨.ÄAx~NSÁcß›¶Š§8@(dè+¹ÉÓô«0@ÓåRà.ÃÆ=´1O—÷½ˆ›)ÕòE܆ð@n§Ü–Ú²ÔÕÎòÜðLã[å<Í	ÏI,gH
+"S¸SŠ7Ìd2]gW[ð�S“UC‚¨j¾oŠzä¾å«*Kë–Y)�¢8'r«�0	\ãòh÷¾ÏNíw|‰awÀØ-çVþÔÍžo¾–um&—.GîžNN¼@€pΔ¢UÁNÅzP‘ÑFËW�—ÕUq]{E§p{DçÔ&Ýgªôw*()‘B"nø
+endobj
+773 0 obj
+1658
+endobj
+774 0 obj<</Type/Page/Parent 689 0 R/Contents 775 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+775 0 obj<</Length 776 0 R/Filter/FlateDecode>>stream
+x
­•MSÛ0†ïù;œÂqãHÚôc¦Óii3í�‹"+X`K©$“É¿ï»ò®n.1’vß}ö]é÷$¥9þRZ-èü’d5¹Î&o>-)M)Ûbår½¢,§y2ŸÏ)“Ó+O¹òÒé�ÊÏHºÕFÐ"™'K
+…¢�p¢RA9OïN³G[ôÁf‹KìÊò©tJE•ðO¼gNýÊÖ:©¨[·¹­çÚ)¬;¼~x°¥=?,¨Ï´WNQíUŽ*|P"'»W�k/kÏ{
+ìNXËÇlt±\&Z®Wø�â	±¶
»·”¢Ffw‘2”!½‹d•Ðg:Bm
íu(bR„É…Ë[ž[]*!€s
P(v·Óæ¡
úÒ�Ù‚»3mz€=ž¼­TWȇ›ÛAŒ�žî§¾–	O'hANdMy8¹?ƒ`£�»oŸÑN¹J{…žƒ	b=	e…öm?Òs”�Ô•؃Æ€†hÝ$­Ù–Z|…½R¦áÚ¥¨Å«@ÏZ4å+Y;D¹¥} Ð8vh”�ClqãˆX,¡öDç¼£h/øˆöQ°/ìžêáSw•R
@ÆRd9	)•÷D°gÌf÷F9Ò

,KêbôX#U0Éåù虾ôÅCÕHèÎ Y¨
¥lõ¶l 5Šð44PáCf¬Ü,µ<G4bòÐ
+c¹eœ2šz0€?9VO‡ÛËhbðá
+šÚe!̃j²
íBð‘(K@ÅÞÊ«ò›†k#óâH›ï,ÐTyFzò±�o>]´—È”Nn¾œðÑ—¡žrζ‚�Oü›Uöœû)Š„;ƒ�u3¯ä9–Ë FÂ;½È
+ÿËZO@눾êD2“C	ã4„=í™<9îC´|‹æý‹®QpÚL(u3‰@b‹»†0&�¡ÿ5×<a1¯4@{ÈÇŠ?ÂxèÞÖ›[�ð`8ê2‡'0vž
+ÌÌ8Ù{a¤*ÿiª¨”Ç
9î
e|�{(¢„G�IIàßð<ÙgåœÎse†—ùyúÚe¾nm—^®~$ñÃÛ«¯×WôÝÙG¼IôÁʺRB¾ÙYð¬95kŽMÿÇå¿\-“5žܼ‹5çÀsôcòY.jµendstream
+endobj
+776 0 obj
+853
+endobj
+777 0 obj<</Type/Page/Parent 689 0 R/Contents 778 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 72 0 R>>endobj
+778 0 obj<</Length 779 0 R/Filter/FlateDecode>>stream
+x
•WËvÚHÝû+j‘9Ç$0†ìœ‡g2c;N '‹q�Ô@g$µ¢–ÀÎ×Ï­~ð2™™ÛÇ GwÕ­[÷V?‹©�Ÿ˜.Œ(-Î^ÏÎz×Jú4[àÎèrL³ŒúQ¿�+içÍJT�¬iÑ}­ÊF•Kš¶U¥ë†TISQÌ%Q=¾œ}³+ÅC·RwG	Öꌢ8¢÷eSë¬M¥K÷ä�âØ?™\òs¯åR•%o°QÍŠš•´÷©–¹FžûÝŒÛÞ�}¤�ZKú¢ÊLoÝͨ
+q2]‰R™Â�*ª\²ldÆ»÷©\tk%ˆn§ÝO÷oè¡£"Ùe§÷>ÜL§TŠBfT©J>¼Œȵҭ¡µ¬
R1¤äãÒeþD>8¼s#Ê[Qn£9Ú6yn"1E
+Ü
K‡š-tM
+ w-IvíðЩå» [»ÃUë%uVMS½êõ@8¦¡‰ŒnëTö¥ŒJÎ.û‰ßbr�€1�ôgHžª.Ãà›ÂÓÚFÂÅ&Ë:p4]‘04mDݼÕé=G*ëszW¶ÅznÏ9É&�"pþ¡3•¨ÖõXÆÃ	ø:�PL@7šD±ÿ¶ƒn8æRï+Éíôí¨—¶Ü†hZH4ÿ�ba²2*TZk£M”ê¢wû@bbº–h
|,Ü؃á€8’ŸuâÕý{ðçø
ÜŸ�?˜D#¦ù~k1IÓTCo4+^N7Ê _@Ó77؆‘-8¤çßdŠ{'¶þ_íÃT×kBh~† ,þ½•­$ô§ªÚÜ�
(jÝ.�²¶F²tA líYn2ш9tÖX,M…z¦–ßôœ>ü¿�¶›ŒÑPÝ€Ül%Q°¨8—²$£.äѤº\´,±$æºmh³[ šÈB*¤€öB}p]¢Ä@³¦RÓð‹ðŒï­ª­äs:–5;å	(9Õ³z7ÅUil
Hy[/ë+m¬Õé:s�උp[-j]le*H$çŠæíòhgù>`ƒïì#…ž,D¶ïd‡’R
+:‘ÖR°ºv^h=ÖjÖUÿš]߆�rË$tj¸ï”Í0X{»Èш®�©·Ø.'¥~Z6
+endobj
+779 0 obj
+1754
+endobj
+780 0 obj<</Type/Page/Parent 689 0 R/Contents 781 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 84 0 R>>endobj
+781 0 obj<</Length 782 0 R/Filter/FlateDecode>>stream
+x
�XÛŽÛF}Ÿ¯¨##�Hê#ÀÚÎÎÂv6™Y,™<´È–D›d+Ýä(úû=UݼH#g7
<ÓÓ·ªS§ªNó�›ˆ¦ø?¢eLÉ‚ÒòæÃÓÍߟn¦“ÕŠúìƒ)%Ód² Ùj‰ß£Õl²"«iË[0‹sº°þþaFQDO[Ši±šÓS&óSzJGO{í4”U¥®µuw”WiÑdyµ£·O_oîâ°wt°y…%”Ùü?¶y¡ýŠöôQÎ)سÑ|L¦V§ªÖ©*#·7M‘QejÌó
âcksĆÿú�›d=�¬i±„ãTÒ,YN–aTÐ#»	W–&‡Î4wäUúˆ®VE¡êÜTnBô`,•FåÕÖØRþN¦¢zŸ;J÷ªÚé;¢“iZ­ÞÂËÚ`…(`çÐXµXu6«zÜÅ€ß:riëç|g½N§l$CÑo—ß°}DfË3ãdÅ—�£dÃ瑘�™´)uUO^Á(Û
#~ÒbOfBšÙœ
�7ž8×fúpPèåW±ƒ27K€ºŸ‰qzK»û‡5E3&nŒÀ­
É“xMè£ÕðŒøM¨ôæw6»'ç”Æñ’}ûT‘±™ß5‡ƒ±µ¡9F	3Í–.Ø(t{9€eãjŒ-þMMµÍw
ŒT²ÁebV`{Ö™!ðáö[䄬
+2�bEžæu
H€T(ÔbÊí•�gèGú[0;,�#”	x8LÓÃ9Øxß8{_˜T÷Ž“á>œ|ÍÚÂY“ù†m§«îl,È®©ï.
Ë2m¸ù½CÞ!šUÊL,]Þve
+™p8I²Èf©\¦pÛ'_�®šÆê4c¡ŸVc¡C88ø–×-QŸé?áÆÕÓ€ËÿC�„ åÍ_̧^måÑ�+^®�M%Íדy„–9l
+Þ‘”àk¢¬Í׶‰x¿\«sÖb²mE+¦”Œzœ’õ…6ä¦nõMn5K&¹ºEgppOX%õç
ǘ�Í8FÝmÃ1fÁQ ÛÍ^Åîþa$uðãÒT_)ÏKå+ðú´±ÂÖU‚ h÷àf×Ö˜¶-˜:ó…)êÐ#‹œv
´?Úfm�±XÕ‰!á/mKê–i"~p™«C¥‘ª†ë|)B1l´Ä«w¯šq«@Þ7õÞ°ÖøbjýCxjt	49Å«%…F·åÔóÎ
´‘÷‡eÝ™/áu1Ð
+w"ô¹‹@aq¥õ~°Câ>�Z¹¡(3¥Bªú¤——;ØIæS}¯º^”¹*¸¿œp=Z¤FΞQ¸î'êGSÕ:	w⎾fÇoÿèè}ä¸AD�) Yôž0¡¼0\ü¸ª4W¨$Dýç^má:EGc¿y‰¢«—ÜšJRâ¸×¶k[ÁÖÓ_YOYÀ° føWiö"¶LƒÆÚ'¬Úð}¸@ŸîJ¡H5�6h¦'ovȾ$æ²%|aI	+xHÈ(d3h%³‹²×‘Z‚è=:p€e†ÇžCéÞ‚3ÐQ(‹Sç+ÚÖ€Á•0`1;3`8Æìšß<½yÃ1ÞK(¬Ñ`v8Æ,Êûpïÿ(-.—ž—J:¾÷óGú D¸ ó&>^.AŸ]uƒ
Œ1¾zÇ¿@{¡Ö_V0†¥•ÁHy¯²’:ê¢
+�fð„°éJ0­á('©ýC3<}\³ÉÐ[ÒÚX¨uÉŠ8É“7¿K
Ás äxÓ¤ÈíP±¹ð’Vø“D\\@	ñVá	4°c
+˜tAq°îÅ›R¤�O8¯­¼_ôŸP�ý{­µåÐB5l4‹	xg·¼™¥cŠ™C$àÇÜíX‡²¿
+].Z,‘´y{>¾ÿüá=ýÓš¯
+Ÿ0äSˆ„Ù//cþ†0ú«O³%÷’eÉ”÷"	~¹ù/Óœ¥…endstream
+endobj
+782 0 obj
+2100
+endobj
+783 0 obj<</Type/Page/Parent 689 0 R/Contents 784 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 87 0 R>>endobj
+784 0 obj<</Length 785 0 R/Filter/FlateDecode>>stream
+x
�WÛnÛF}÷WL…Q
+Ø^››Ê“®$Z§Åi�/‰mµîü<Ú‹!¨	âÍÇî`hož€×aÚ¼Þ ƒ…—(‘EÔïô
£ûÖ
ìñºže|Uÿ'¢ÇÉhhBD�'÷Ø>¼¹ì#“'ÞTÕj°%ÛÍC.B©»h¦�×HÅl©:Å~³§4iR¨LêÕáìõ:Þ°hÅ-Gâ2Íkp"KŒ<·Á�œa¤»È½¥‰IUÒN#�á[ü
0ýÖ*”öƒc²U œ …«+K‘n©P$φ5ê¹BšËÛt+@ØàÓÈlE‚Ýx##-Ý^$R€TqxxA«r-²0µÇ�pÅ‚”Z4*Å´Óé€-E¥Abuèb_—ΖIìãÀ1%òK†˜‚2
+8•<),q€T£}eWŸFNFE;i¨7pý¸hj0ðyÈzfT¼Á�®\›:ÉS[ЦYð£¤G•×&êªÈÙ:ÑŽ9Ró¾×nu?“*è†Gô°“15¦š�|®y3•j³]�[­ƒT‡o”¯¥Y(�ý†�}• Y Ca	Ué
[8Á3Ô~‰§‹ö¼f5Ojƒ5…¸4fÜÄdb<ÏkÀDíóè7$ÈluÕ2’@*†ž‰Ð–Ç*ÍQ)™U‘Hý-3ø9‚Õ<
+íø˜m»Dïd’² r©ˆóýVù[¤ƒÉÉÈ9U+,RQ³nSy„þ1þÖ’LA•ÅƵòÖ]
5(ïé7ÒÊ4•}5ä‹8FcF“”Ù…â $˜‰–³ÁúË¡˜�ôÕZ
Õ‚/ð—÷ªØ¤Ðmœ[uÆB­C™Ô|>BÀº_³x£­òîf

+ Ðe–pVý­�…D"нBãúN÷vNαÚÌa¶lHÔ⮆²*鎔§;˜Ž‡®wÌG¸eÞç"aåo•¥)dé°ˆ§¾"ÎrP´Œg†«
+¼ÊêZÈ�g;Q n›ˆ�_ï²�ÕW×";@ÈÿiâD½Î™Ç’Q®ŒÃ7CÊ·3_åVmD™¬óä£bÇiè®´\#.7aËÑJÓ�f´áFý!ç¼Ê,ePË Z‘à¤,0– n”ŠU1
^1Ü1«uŠÚ“a¦ÛXknÆ(g-KµÓ)ùÈ+Í5*V�"¨õ!�ç_Œ›ÌßÖB€¼Œ_ÝcœÕƒš¸‘é�+ˆ•þú�ë´ÕüPÛùÄ×Q„
+q€Û�¼�ò¢@Œû
+Æž!Ö];<q.´ëCyÆìøó’�å³@ÙƬpò|Èd»9+—@
¡åë‘øÌåÄÊj[¬õË\³½”½fŽódYƒ­t¤wBíŽÇqbϦù?Å#Ú\éN¥“ÜùÜ‹øh~`wO“M­<LÚkw¹ç-î­»Q¾¬3züpÏOèÿ‹ñ›ë1z“þÄez£ýŒÓ
+–endstream
+endobj
+785 0 obj
+1861
+endobj
+786 0 obj<</Type/Page/Parent 689 0 R/Contents 787 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 92 0 R>>endobj
+787 0 obj<</Length 788 0 R/Filter/FlateDecode>>stream
+x
µW]oâF}ϯ¸ŠZ•JáËB#íi’.Õ&¡�ÝV"û0ظ±gÜ6ÿ¾çŽÇÆa³R+µ[•]ðÌý<çÜë¿NúÔÃ}ºh0¢0=¹ZœÜ,Nz�ñ˜fƒ/=
+|ÇüÏþŸFÒšoà!ÌÔ8Þ½R¿O‹5¬�Æ´ˆÜó-ÂÖDé|+
Å*—FÚ<V²q$	¿KŠ-å[‘ÓﱊôÞÒý‚Â$–*·i>B…•8"i~wE™qVÈn…‘g´*r2ÂY…úqñçI�ÚýA'@
+ã"ØʼnÜÀ‚àgF¦\
+çÜJ³ãëü»ÏÖÅ )’kQ$9eÒ¤±µ±VöÈ7B‹7JF´ziÖ“3¯lÑ&Þ¹à%�θ˜§M{\$v|z³“æE+yJ{™$íg¥÷Š6FY‡}:È ÓƒQgT!¤��îíOÔz4ô‚ÎøF� 3èеÜÅ¡¼ÓÂ*¢{¹'‘4.¯&¤Ú
Cª5U¤M(­µi¤„ W€ˆ)Ðå®A�tƒçî3ß’3ŠsJ4:ÓÖJ{É�
í`ÔAÐQKÐN$qä#$‘6RI ­¬-—(2(dI£Ug.6ؽ
=#Ú(
+–D‘ƒôìÀ%YzøÁÖÔ.u‹ï @@gE€£‚ß/@‡úÚAÉc°0cOk£SªÉSi1ò¸Ï€e�Àz’qˆ!ºÎ2¶’ù^JEv�ß½x9u¶µ9d
#¡¨¤½4ä‡y�NC®Ù]–ˆPÂ÷dwÅgœåø@/‚Zá º1nåO}ç�¼‹(�Õ)=µ¸8À™E
íV	¤8[íb]XšB�3ùôcCâü˜ëó¬{üå$ôYðz<aR
+FC°·ü–ÐÜMF|ºñs˜s‘®àË
VaR8ÁC{¡óŽ>;™ ôF¤à=�¿—¡±M)
zç°üÚ]=ƒ]„ÄU„ÇATÃ#’»zæêS_v£—[NX=Ðíꡃ{mu·]ú©•ë• £as�,<3÷q’кP¡Cï:F¯ö�›²�U\^ïh„‘tËXJ�f„åÒò‡ãÑg3­”Ï—·?ºµ
H9ÔÖ¹ê8�MAWŒžd/^„¹ú@åV€9O_ó¾,Ÿ0®z|³’§
+¹n�uÁ}ÑEj480œÊ}ëÓtð 9`‹gé°Có"Ë Œ m"H¬ŠtÅr¾®BùÖD}@3°KžY¼¬[p9*°”k–‰ÎR(e8âfD‰ê
+endobj
+788 0 obj
+1827
+endobj
+789 0 obj<</Type/Page/Parent 689 0 R/Contents 790 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 107 0 R>>endobj
+790 0 obj<</Length 791 0 R/Filter/FlateDecode>>stream
+x
�XÛnÛF}÷W„P
+/–ݯï™Ù%EÉv[4Ûë½Íœ9sfV_/|â¯O³S
+Ó‹7Ë‹wË‹¡7ŸÓñK¾Å`HÓñÈ›Óx>ÃÏ“‰7¢\Ó†w`Ç4_°|p5¤KZnpôt6ÃÒe$†´»ßЫåÝ|†I¬³’öfk¨ÿ‘rcÊo溤Պ
©ïÃlï~owQ?¤N¡Ë(�ïuN»}ŸÇ8cµêütKïU¡óŸ±}<„Iw:�uA·w˜ìœ÷Ö¤*Î^¾Yüvs½øBî^þ˜Å_xN~ýùN¥kE#oä
û*ÙïTðå쌻*uQlª$y$Øt´¦4ä|Ù(�O°
m0HZÜ× ;¸º$Ì@bÍpèáÇ�SØ6ñhEq¶¥} [ÆBçÝÇŠÊ�¦Oq™CA7KZÜ~âWcò}{d4chß<R¤7ªJÊY¯Ífç¨$!�H;•L,Œ3QœI<8Ðö´n‘®½Ðd›ÓKº¼’-éÔ¶yž×¡�I"�{D‹¤0¤â¢d⬆8ÒtË]\¸Å„ŸÎ]Š¢Úexú—ÊaLÀ±K܇éÃ…µ†õæ@&Cœb1lï�¦‚g—×bW¦ÃŽU`_¥Ö‰&ıh–ê°*5©Œ>ìuæ|z÷°ê®ð[A�Õ+\[îHEiœÁ±\•à*;Ög>;Ï€ë}œè-0]ucO{B2¹ÃuTãZ@Ž;wõÊsËC·¼?CºÔw¬FÓ™Ì[š¹$õ9Sûñ"˜r"…”¦—Í ¡»‹Ö0%Èœ´+y²=ÆìdŒ+[³­qJ£!®kͶǘõ™÷ǽí1f‘í½'R#^ˆÔÔH!¦“áì,G$ðEÔù`‰òšu!lk„K$LŽ¬S¤‹Ø0ç\z¼
+g­v|£u·Îµ.p”X�×HiÉö�ŒC®÷*g[ÐOq~±€0ŸKDg_òÆÄ„/›”¡â�8
 
-mÄÑÞTõ£aºŸDÓ3Õhÿi5†:¡êù[áŽ"ù~ÉlT{ÒT¶ˆ‡ïÞ<{õö¿ïÞž½{½¿þ"ÑËÚÄâ/,ß~£{ÉïyçÛÚc-T], k˜�»¡¬´�…¿Èhè»lÃFEØŒ±ôÝ.ÑH>v%Ežó›ÌªÙÛÖÏfÁ4¸À þz‹*áùtöKð¼±É¢§›]Пù½*
=U{W¨)Xæ¨wI!ã+T<s)Hø¹OÓ¥™Ð×<Z�ÈŠ
-³¨cìšpÜ�b	ó-£75ÏU69ŽJpYÝÝß/»e÷ë¦_õëP˜¡ºBB	‘rÔMÏbA¥GÌm_Ñ+¨´‡~–Ï\Ò�ËaŠ.Òýâò+Ü�EÒéìÜžÝLçýùX‚À­–«ÝÎ3v„óXÜ¢+Ѫ/…­ÁgÀ]•èeØdWG1ݤ£+Þ]ÿ#GƒLjŽx”@ÂibÊ>By…N¯…Ð
C|ÀöµZëÖ‡ÍMk±ä›7C
Í‹©>œj`;vœéQ�õwÜgzRæÀ×Θ6n(u§š†Òí±×çÝúÃE'µ~žÄ³@ÒËnœ!GéNµkýވƅÓî²ëκ3Ñ
iD3ú�D¾û QYÜù²e?‹LT$Z¯X’DCS÷©Ópä¢ÅJ;¹á
-.Ãc+Óòö›¡"–a|â– äÀ»+ùÕ‘ÑmcØíø\B©7
-ïUö@\ÄÒ
-|‹g—’7Êp¯5gÆ%œ‡/XÚñ;
n…ù8ä—žø¥÷Iâ~s�€€¡­´÷]qŒk¼T"ÖƯWËáÓX‚ “¨­þÓ%š÷±Ë‹ïuúanG1+«Âå@]¢Ý¾Pæ–S¶×»xühíWîê¨O}'ß`hyÍpN-¶¾ÃnÙ
÷/ªkéßR;<Üã}6×›|îW«¬ÕÆ*Ô™²@®I£iņ.$R–6Ào/×÷ä¨a†�h^Åñ+ªh‚{*ªá²[
óMüˆãKé?N¤;Î4j‚°»ÍRMgËaöT“zè\mNÑ^¿ã
-AÙmù¦¦mè¾!úÅÙÝuØщT·¾¥ei]©›lÅŸßã×·­I¤í€?|`4@vmôŸÐpµWD~ïÚ��íë·Ç¢;.)kO
}d*þŒ‚4�}‹o.Ï<€J1pÜÛZlrÑãöoe'|'ŽŸd’iè¦uÞýûÇ£w?I×oµÄx
-endobj
-1079 0 obj<</Type/Page/Parent 1068 0 R/Contents 1080 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 238 0 R>>endobj
-1080 0 obj<</Filter/FlateDecode/Length 3360      >>stream
-x
Õ[MsǽóWìMRUîì7N)‰ŠlU™%Ed‹.+`AÁ°È �üú¼×óÕ !Y:H€’*›oz¶¿¦g¦wüŸ3“¤ø¿Iê,É«d²<KG)ž„¼û…O’ªãŸË$ÏF…‹äúLÁe2.G•â\&&+G¹"óŠƒæå¨Á ãbd�A…Ë2Œ¶„^£:©�+Ê¥ch
¹šÊ\9®F¸¦•‰ä¤2%’2hÙäba�RP
-–•8¶lð¯R€8/B8½¡gåŠ\œŽ§0Z€ÈE¹1ß8+—§	d)€r–3µø¼2Œ‡
-S"J‘´‚˜œnÖB
ñ�Ž“H�³rÆ(ψrŽ*8‘ËÇ�õßÊU"òrä¬\SZÏx- ï‹­ RäX¾r±Ë•/(&åËs¥¼[~(CF(AªÝ ä39Ë8[â ƒ-�¬µ¢(Åk
«i.@†��ajh~ ­ 4fB•,µ¹
-#°†{•(+�ÍPmeÿÃíˆØ<ÎôÈ)ˆð.
‘Ôl>ÞÕlÅâ¬d‹mO£Y…<.÷QVc°WsÅ*¶¡«0CË¥F±
-ÃÅp¢–Õ,RHk¥1XlÝ´Eƒ•=U|¯
¶:ÜȼË„yg!
-1wC‘SPB?9„ÎC†Že ’ƒÅö
-ÊQ�Áb›µÇ*JYŠ²ƒÅÚ‡‘5+U±
-38,NŠU˜.÷,’µ,«ìN›M„F€¸0B¸‰;ºÈ)S±õ�Ó‚ �¶„Ü9¡(À÷dÐ1h½Ç)ˆA1çá¿ ¨1_)ÊEVa°XÎáƒÈ*aa€º�µêbò„_ÂN
TWA›r}�¤Æ`‘ÙZÕ,ŽmP)²
-ƒ…?+Í*L…k*d­Âx˶o�@…¤J\“"©1XY'«0^ŠÜ‡Âa`ûRÔ²8ÙHP¹™ÉgPÚ¡Q 5¦JâüÈ*L•$#kÓ3uç	¹
- N–Ëíy«äOŒ
-"s™`‘Sê ,•"5[¦tJVÜ‰Ý Žìº�
-Zd•›1É˹
öâ)U@48%Çó²l¾º#uÒ•Ø*oUeíúc;Ø
-€MM¨jË~êVqÌ›ò$jššD>¥Ê¨ßz	
-´“›!8Úù�…P…æ`éZYüO¹r9cö+×í0ßþy¾DkNo¶pâ„Èqq<¬ÛÓùįò8àšSZW¼8Žé»ê–ýð_©¿8<6~²l×k_—Ñ‘4n©Brœ?½8Å2¼èe>py÷Š&—‹¹?¢ñ
-ÍûgãÏq»%nì†ÛNù%fEð<rJÜ8›�äl­º<éõÆÇíмÂG¾ôœWyt¢?·™Ê›�_VXiíîŸîrÿ´]Ù]
-ÿ¢¤EIí×ÑDµ�ѾöG¶äác'µ?æÍA¯½ê^†�®D¸ÕÝÆ
:>ïŸÑ~S
-ÌÜæ2:T¾å�ì6¶m…âlùúœ—LF»©ø¶55x_Öþ*³§½d
>ø)ù§brgÛ^N¨�ÉzÀbaWBl'Ó0
§Ãâ�P;¨iÿ°Zô¶ëă@ÝC?„~‡.2‡Òì`�ö'4ë/ÎùC9éžy§1Òa+};_Au‰+:¸±¿tH½[˜r7ô»µüœ_lð‰àh[:oî•è‰ö¯�L)´6Lèü-Ð\ÝØ"ƒ{°¡ÈÜ\¾½xýV²ßBCw³m'Ÿ$Àz²Í†~)q9÷j>úM?“±y¡õ{7¼Ñü~«­~Ù-:wÒÆ„õUt´~°¿6Îæ×1£*¬3íÌ%:'qXG×ífƒä•"ØX&ÛÕ�8W¾o
-#+êùc‹±xïm
-endobj
-1081 0 obj<</Type/Page/Parent 1068 0 R/Contents 1082 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 247 0 R>>endobj
-1082 0 obj<</Filter/FlateDecode/Length 597       >>stream
-x
ÍUMSÛ0½çWì‘",­>¬czhI‰™öj\fb;
N§ý÷Ý•G½1Ó¡%™±çi÷IïiWò÷™„Œþœ´Pµ³Ld42=n.y¬öôlA;á"ØÀz–À
-›ÄÐ2�ȉç¼Ð0/�-øŒç‰K År�iì[�DIƒ)¦¨“Óú<í(G)ÒØ‚õ,5
-MÃÕIQÞmjèïá¬ï†ºžßOÄ2 %³æ‘6WL;¹©·ýnhº΢&°©‹(
-endobj
-1083 0 obj<</Type/Page/Parent 1068 0 R/Contents 1084 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1084 0 obj<</Filter/FlateDecode/Length 159       >>stream
-x
…ŽA‚0…ïûï¨g;æ˜Gˆz3Ѹ?@ÆH$
"ÁÿoN^LÓ¤é{ïk_ŠARŒÜ sˆ�"MpÙA[XŸËl¤Ç„fió+”Aí/GBh„år�PC8$›¸yײÀmÚ'œ†øîR?UÓsè·¡ýFÙ.Ñ]Æ‚õš	©ê‹ójqÖéùÀ?®õ¤½·ò�xyÆœƒº«•ã;Òendstream
-endobj
-1085 0 obj<</Type/Page/Parent 1068 0 R/Contents 1086 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F7 10 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 288 0 R>>endobj
-1086 0 obj<</Filter/FlateDecode/Length 2196      >>stream
-x
m˜ÛrÛ8†ïý]s³ž*›æQ”|³ëØ›Œ«<‰w¬”÷bn(	²™ð %©8~ûý»A-E•ªX??4Ð'€�þwQˆå1%3Z×gaâ‰ûï¯OgQ”3ʳ ¤šâ(棪è‰ÇS6�ñ¬¦|¤£p(á
5EY$”‰šX:Kí”!¬­`{YS‘bJÖ4K`î픬	ÅŠ)	_¾xC­AÓ0X(špÜiÆNÕ”¥ÌD°«JÂ�Ù
S²¦…¸ãì”dwæH›ŸTkP¤p¦Zƒfó SÔ:›ä(Øä¬ïìȬwŽ)Éå<©ƒZƒÆI�kª4(ª ©u(Náä�ïÐȬŽ)‰bÎ8Ž)ÉΆ쬃Zƒ¦3¤BQ¥ÙÙü`bël¡u&gExgGf½sLI”zÁþ8¦$Œ2ÎŽƒZƒb}4­§Jƒ.æÜ_ž*ÍÛRšÈQ	%ÁÞ|Ò¦V¸P&&¾{¦$òžcEÏ”äPx›x¨5h!³Š*
šN¬5h¾@Í”­Ò4Ž�_Om óÔoÏD„td62ǔĒaÆî:¨5(–L4U4ÍQ5e«4(Ö�»~f¥A¼[<ÍcÔ+É#Ù¾I°FIÊ™aG2Ôš]â®WTiÐœOE•æF‡Ý²Ö%3¼�­"¼K#ãS"¥ÄA­±è,æH=U»ä€*
—,Âq¶ZÛ†@8ž¢:“fº8ðJkPÛÎÖ6Sšù á›idÖÎ1%±køáí”D 8
-'ÍI’º9[­9
!·°§Jƒ¦	·°§Jƒæ	§ÐQ›$¼‰ýÑ"Â'id6+Ž)9%É1›¤Ñ.J2ΠƒZ#
8<Ð
ž*

-g‘O•]d¼=Uš“$=ê¨
«{ó'"| #³‘9¦ä¨c6ÐÑnÌA­9Pi]O•Å»[ÆS¥9Д“ä©Ò(_U<ÕtØj
º�ãÎͬ5®k¸­ ýŽj
Š�†.ôTiP¹¤)ªtMix˜
[œÛrÓYpÿŠ�âx‰kÙœó䘒HSqk;¨5hÌ—+E•æHšœ­”1nv|Pò%)A®X±GZ³)çÁSkŠ×ß;ðÎÁ–J‡óBAkˆ~“+v”b>ÒB»¦Ò0EeRM••ó^Ù*

-'ôÌvÙÌ^úùÕ“S,JBUš—囯¢JƒJUÚ:…hýÌpjÒ óðpf¥Ñ¦h—¹²ÕÚn€™¢6 „ï˜X^d±(ÈBl),nXˆV”D«4ÇÃßh<åï>1¾>É}’Ïv+ØP¾M,O$r6Úñ]+Š²ùõ+Ê>ðÔJ܉¹#¯/‚-…E¸=óy6CYx†ÃR¶¿où$�	“p©Æ+@"u³��Á$¥ua'yNk'×!0(‚™’“�cÖ.±_í@Þnbâ§cÖN¾>Në‰ðv;ǬªÎ±ÛõDx»‰‰�cb‡ƒÕ¥E>;«‰°‘#b3·ß0d)ùìl&Â6Žˆ
Ž))§Q>;›‰°�#bƒ{¿”šmä³³™Û8"6¸¨»4Ègg3’(Lq…qHŒp0º$Ègg4käЇåÙÕGlå�–[üü0Ëç´Üȯx²>¿YõCW¬‡ß—ß0-Ùq—˜ ÆÈó‡¢èënSÆŽIÇ1çtMË×=Ýì_ðþÄ1|�ίӌnï–¼bÒ¥l_̳|-{ZµíwÂß‚ÖmU™õP¶
µ[úãËóòo6fCCKOE½*hÓ®÷µi†Âûa:^
½›¢ëº§¡{çÁ¦é÷�
**ªj\W61Ö-€Öû®Ã<´ÚÔ·µÊÚô2™8SÝ&ÿÖ®xxÔÚ™®‡skȺ(áDÙˆ×PÝ"!�YcB‚Ký€øŽ–žü—IV†¶í¾Ù¼|†ÝõÕÕÛÛ[Ðs¤AÛ½\aUñè·;öo´+^L@�•)zC½Á{©üo�üfºîý_nÊàT	&§lRþ¦D”ÈRÿÆ$úü•>™ÆtEE�ûUU®é¡DÌðáïóO�ÿî‚�ºA=wï\IèÈ)˜Š–*›uµç¿•Ã«kÝ·ûnm¼'H©›“àr×6—U‰âү让Ê*£Û~+ù×í¯^vU0üœ,¦~¼}5(ÞIÎØå«�¹ê~~q׫Êp\·m3 âRâƒ}2yðGûÆÍxßôš�
-ÔiiÐ)O7~¸áùñ›Ÿs÷i0;
-¯é/S ß¹©%ú¸…d`tMöeµ)›ü¡lŠ®<=6æM‰Á…²ÞµÝP M{,wT™8¹¦ÛÎ`gË´}½B›mù²ïlwlËÊLM4Å)†)VáàÞQ¸Ñ†x°ö0™ç4`ä®èjû|:b.UõdÎìšž†¢¦(á6ÒØàÃÉf…2Ùvm�3Ã&à Øà×%Vh«j0]ƒø~˜k$f\°ÄÑÁÇÒ¦0uÛˆñ/õš!hœ8ö‹óñÇì~ee;¥±9éM‡³á¤¹�N6|
-FZYŽN²Sñtà÷Íе›½¼³d"Už›¾ß×;~M'ƒ·‰<ÓSÉÞ‰Ž¼•‡Ó[sÚmò0952=õ0;õpvêa~êáüÔÃÅ©‡Qxò©Ätõq>¤’kùUG©¾i¤ø1Ÿ§¸�
-endobj
-1087 0 obj<</Type/Page/Parent 1068 0 R/Contents 1088 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 340 0 R>>endobj
-1088 0 obj<</Filter/FlateDecode/Length 3005      >>stream
-x
�ZËrÜȼó+úàƒ|Яy�”´ò*BäÒ;”å‡àHb53 
Œ(þýfVcºX‡íØ-“‰ª®Ê®®.@ú÷Eêü—ºeæò…Û.’Y‚ß„?~ýëE¾˜%n±âŸ7ÏgË
ìÝæBàÁá‘B8�—æÉÈ+¸Å2›­à³XÏæ O�·XÌÖÂ	„Ï4z¡¡b°óläV1Øe1ËıâƒË’ñ²^‚ùz¶@¸þoa€«z®`îàRfi€œ@†›2 @*›QaƒÍS
-mƒÅ6@¥È
-öÉ ÕÀ2¹3›L'°Ø,”çx„Ë®b>žÌ(;Èå’–†"	çÜÓtQ°r¾ÎMÁt�à!�Hš„óU%ô€œIxæÒd�¥#©kf)Ü+lQ@~a3™;'¬`°ël–*+˜ΡV´Uvµ­kÎKxµ"g€É
-Ä¢82…�ŠÁÎWÔ0˜*»b‘FÖ/:/lãü*⢗æ<Œó@*梋Y.¬w[p7A&snŽ!úU›�xëM3–ÐÁANph)�†¦Q ½aÊò‚á’»fÀ#„!ŠúÒWY’šðH+ ¡@&’Pƒ@*[°ˆ…va©D[Á`W<¨b+ìÚê(Ú
-FA
hXÅ`ýÎDV0Øå|³âƒË3;UÁV1X�#+ìz=ŠJ1:{În"¶¼D
-ÔŸ]%¼<°-ˆûšc{"'2¡÷åB*æ,°yÑT17`>ZT1d²vmƒMWhÂ
-»ÈCnLG1Xl¥&«"âfÐŒƒµ‹,®«'¼È"kÇ£@÷â‘D@Ä“@H�d!T ƒÅ-¼PV0Ežs¢­`°ËÓ‰¬`°Ö;…¡ÐÖ
-±U¥£QùdqEXá\`²ë±(JJR1Ø|92UÌtxxÄV0XŒ9ke#`´µU„ó¢R¿×˜ƒÅí‘£­`VT1ŠJ1+j•—± òH(]0dCÔQ1XÔ
–�¬`°uYÁ`½p‘Œ„Š”!V1Óå
Ykæ…]¼è¼(=`ÄO
-ŒOüŠ€�Â`t†·´šœ@¸ä8íRöéH*¦\YXÁÈ#‰0 ÅÔÀŠ)„¤˜›Ê©,zö$œ0yΩž
úˆ6`ñN ÂÅ�6Hsš£]ñH¡–S´x:Ch¹Ò®2+"œbpLöa˜ñ"’ŠÁbOeƒE•ãM%8æVçÈ9¬b�]
€k
-äEÄDìAr‘¤8�XE9CÅ`mk£[Å`¡[®¶À|ËòÑfé|’b†žµØ*‹c¥Qyéqã³â}ü˜ª�í¼ðoZ— ƒ
r¦:#·:ãÅ›ßoµ@”%ƒ	œ@›À zà°ÂB�tÉý	¤bª—0šÈ
-»ä¨)¬`Dk/‘UÇH×ULõ8âF[¯º»Ÿµ™ÜÀ B¸5oéÈ	D¸¾Lƒ¡b¦ÊQ4š*F@¸ }°UÌd¬Œ"+˜ÉX)DV0XlÕȳ`ö“±gÅþ’И½Lh_<k(/l³
Ê$�ˆcRä¢Zø9�)±Ú	NƒEÚ'²‚Áâu\ULùy¿‹­`ˆ„;Zmƒµ±;Úšnž5«Bµœ9œÃ5æ>>HN ÂÀ1Ò;E…³“{§¢Ó�ó^'N1¢Ørz¡¡b°öº+¬`°ãWbk]ƒ#¬Ýk‘–I„tËcIoˆùÂ�lÉ™!‹SÉÃtÉóY/”a�­øš–°5#DqjŠœ@8Åu¶R1X»³¢©b‚mYXÔ”
/ͨ2P„p‹Q‹R1X\çÈ:²‚ÁâCÉÈV0XôShmûÚT[ÖêƒÅ{ƒ†¬Çoë•OêÙ{ƒeg &;pCr�T’�¬Oölë“‹¬à�ld}²ƒm†âIÑ+!ƒRÌd­´"+,^P2�塤´¬n$¾
-ÄQ, ¾�œ@T(§¢È	D&èèj¨,.àBLMút5|Ñ`‡ô`'…‡•¯,šüîÃVį‰é€H*æ’Ûý³Ñ-€»�&S1d¦‚ÁâàZYÁ`¡ó\YÁ`ñâŽe£gÁØ|@È�µÞÁ·ynËj…ʼn|PƒµéIXÁ`1µÁq´— ä�¬`°è©¨‡È
-FÈÛ]d}ÈØmkw¸œ²!rÄpSYÁ`q rd3(K(²‚ÁÚ9[ÁŸÜ�n°UW7ö>²‚Áb�ʧ‹ÎÁjäýÒ�O7b°øÞ—)+ìœã¦Ø
-‹ù*Ïv@ð™À^èøUß~æšöid`ð?a"b,ƒ‚‘e�o¬}›Éígº‹FX>w�ÈðÙ…gñÆeukçЀ‰!Ì0³ð¯Î%!8Í"!«Ž4p¶2gÍ¡:ñ©’?sµˆàpøn:P¿}<>›™C|øµ‹—íçàp`ض0¼ñ1Ë,BFÏs8Û0Ô·½�Ø…ÌŸÍa@6â~:3˜w8Θ�Δ@pøB€{ p2Nä"‡o­¸ƒ]„£'Gœ!Èww—y*ÜÝîL´Kw·³¿KÜÝöͦ¯÷{÷T~¯��®o›Óý¾êþòç»ß.Þâé·öš~·{óéØW�mÙó©ë�ûZwÍKçŽUÿÒ´ß:÷R÷OnSîKšªåÕcuÜÙoß&ÑßMy¨Ü¯U×ìO}Ý]}t¥{>µ•ûr¬\~®�§®÷;ú»üˆãwÎ ÄtYõÛ˧¦ë;>#Î�héüûlÛ,›)OÃÀNÉc×!£íSx j8’ÅÒ°•|eçN]µ39�Ò•‚~S�îž*wSõï>ý²qæï}¹}ª&)ñ¡Ï×?ÿ²¹Û¸‡zo´ê9f$�7÷¹i¾�ž'¿~1£´~n^Ü}‹
æv?œŽ[îQçÊãÎ=�ê·«ž÷Í«ëúõb~Ã�&¦'sÊBÂeºj{jëþÕ5ÏX†»W?²,̉{hZ×UÕ
5Ú¡f†šlŽSM¿t•Šsç°3%jìÔ?UǾޢ’Qu]Õ~¯Z«–×å·óz¥;T‡ûªuÍÍ%j¸�ïšCY[’áûIèÿ+
-uÞ}sÏe‹k6Ó ÿGXÙ矟¯ÝóÛm‡‰lNÏÏMÛóæòÇ'›e³Sõ°rÛì|u’“ìFGej÷žiq™>sÁ?ýkb¼©z£?´5:Xg]à§(RÚXŒTáqéöeûX¹ãéÜÚl�Á@;áÕnG7¨Æ³OÔfiŬgåöë4<Nv.;w­l[FuÁkíÓÁ–ïÜ]Ó컪ŸJñõ©„Ê]xΆÕñ,Õy)¯‰»-·ßÐû¦µ0Zò?_
-:¨ïcï÷5:*E]ÛH„£‰3ûÐ6‡P	ÉìJâò#_¦8‚ñ}+Yå˜Ã2Ìao6W×ï® nóN¢ûÐlO¬d«ÚrüÜÇÇß.“5Ÿ¿ºG³Ã‘ Yà_™¬Vþ͈œ¿ùéîâo¿=Çx}endstream
-endobj
-1089 0 obj<</Type/Page/Parent 1068 0 R/Contents 1090 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 392 0 R>>endobj
-1090 0 obj<</Filter/FlateDecode/Length 2764      >>stream
-x
•ZkoÛÈýî_1ØE
-Ԋć…ã$[/b'µ¤ß
-š¢mîJ¢—¢ìøßï9wÈ™#%
Zl`ûøð>æ¾æRÞ?N&nŒÿ&n–¸têÊÍÉx4Æo—ë_ø7�Oñuã²ùhуµ»9¸qóù(NàÆMÒt”™RÝt–ŒæPº˜@¥žË£)¸yFƒÈ	„ÒÉœJ©ìtr êÕfÓQµ��¤
ªw¦ð*rir·"©˜ìŒ'	jƒÅï•õY`6n:¥^tH b0f`'J“CR1Ø”QŒ¢ŠÁNÓÑLYÁ`–Ï`Ö»s¬ƒÜbkÀâáÆÍòÑÄM'Ðjéjd€08YÐ�@zƒcfc0h ì9o!p©tL�T6›Ðd`Íd¾H­ôòß<0“Bpœá�‘T6�Cmd½Zä�¥7[à[n€jÒÛ9NI/8�¡X‚)¾åÌŸéON­�d–ò<³\y%('e—ÒÞ—�-äÖ–¹�(—Ì|l”3`¾DH_Ôk$ƒ…±\YÁ`§ù�bÅ—ŒSž2˜U6�0@�µL2zšQ­
;K„˜i9ƒ8�Öz*‡¬
s"a	9�8G-Рb°*J+ˆú”Œé>R² ;()îp`FN Ü9”ƒéŒ¾¥ŠÁæVu‘u€„EV0S2?p׎’¡¯9%�Ì®;J„8JŽÓFN L&=‘TLwS(V0ÝÍánd½C3¦-dœ
:$Ðœ�º,pð}€p6£?�ƒ“ÍIÅ`SV—°‚Áâ¬X™kùYÁˆ<fœb¹g¸óxkbh€jâœs”‚Ð’!,b"c¦Åü6�6Œw2eó,úÈ
-æYÒ»ŠÁ¢]pÒ «,šRYŸpl&6lS&΀‚7p†°Ñl¾y¹$Á(î™
r­Ñ 3ph´áQ
-¢HäÑ#¬¾	z’†,~‚Á&¡ÀÚ9RT3ŠÙ?w˜?ŸÈ	¤ÒŠ3
-š?)êˆÁ™`
-äq¸FÒbçœgÀ"È‚›,üJiœäB©•f$ƒµu[XÁ`q’Eo…Š3
-¬…(kîrXØíÁ7(i/7±>‰¤bEW§"ª,.¿LYÁ,ÁM5+‹ËPe3mÜTDV0XØ™*+å�ëh.¬b°°‹dYd,¼Ù8¬ÿ‘Ÿ¤GcÁwÿ¬±‚ÁârÅ�L“±‚®Ê‘UÙ;`ƒÅ5‚@Í6•8eýTbÙydfÑ»†SÖÀÂ
-‹ŠG¤L“É
-†YÌ	„&°ŠÁÚï…ìs€PYï2®
¿?p—ä¥2·}š/}†S	s!¬`FÙ\Ž²‚ÁN9¡DV0Ø×qaã@h„\XßAxãFË (�tØRHÅ`q�¡m#+˜.YŒë�b#fÛbñ„ChT }sR1]​¢ŠÁÚYoI`ØŠÈŒ$–�ý»NäÐuHT/ÇQ†sAÅtˆK¡°‚Áâü²‚Áâ½4›»xKeõ£'2¾Àú³ˆ …T(�ô†á	bÁ᳇‰p‚³9ÈYîPCVÓx3O�
ß…
RŒÛ{ä"d“pÁá'�rfÎ^ç Ò̈æÎôG.B¨´Á8�àl"G.BpöʹÙëöi!G2}Èi›á×AÎR—÷[{6ÃéØ"Äñ�ò…p2š4å"„›xÿâG'È<u
-‡Ïúø¡ËÀEÈã±X"!8{#ˆ\„8F¤ÈñfA{‡ýË~6G8´zƶ¯ÀD„plá¥<e"Â$`…™ˆÐ
-*m�¼Ÿk_,âëU±©Ü
Z¢.ñé)èŽçÓ=^ ©ÝÙ¾{@�ÔeÁ.v—èçµ÷Q4ÂíÖøKÛ /Þº³õºñ"G	¿®vûu¿Ê„Ùìj]lw\öƘ’óf{Wßï[ûÍqÔ~õëê�}ÝVø~\FËjg³bIvî£oûƒ�¨7ug&�…áO¹F‰ø‰v Ä<uMð±íû$qÅÎlüMѾ}
M�ëuÕëS[µtW#—˜«>Rñ7Eùû=‚í+Tˆ!^¬ad®÷¡oÅC“*ÕV8-D.-/•[¶û]çÎÊ&:8�LÍ}¾®T•¼êã#\Û=æÙ¹éõ£æûª­Ä“Ÿ>nO¡öôýúå§ÿQ\¤é˜÷ó[7rvÞl6p
c7˜ô]Û6ß\7/»®Ú`̯벮|D uW÷Ý ÝcßÀ‡Ö=TëGWbF]8ô÷ñ­u˜w×´a"-¾¾¾|wÕ!¹¾=Ø+­¿]w?»«ª{Æpè'%%.?”«óº)6¬ëçƒÓi�¾ýxyvqõŸó�WËë�FÝ×ÎýüŽs¿/6÷_ƒ–hUÓ·ËYÙùö`IcxÆÝÁ̓i¶~é˹W½Æ@ÿ~ùý·zý¯ö¶Øðõj<çÿÓ�`½yusvùæŒeð[Þ6åž“#�S¾
ññÓÙxÁçõÈø—Ãy†]	DÆs¾[žüëäObçªæendstream
-endobj
-1091 0 obj<</Type/Page/Parent 1068 0 R/Contents 1092 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 444 0 R>>endobj
-1092 0 obj<</Filter/FlateDecode/Length 2482      >>stream
-x
�YËrÛH¼ë+úæÙƒd¼	ž6ô°¼Šµ,­¨	�A°%aD
-¶&ŽÊ³X‘ƒÍŠ³T³
-ƒ�çg¹fnMÍl5›Új¶˜¨B\H‚*êœ;ÀP„¤8?›)Rc°IÊLˆšj¶ŒN`f8Ãñ¬Æ`ãôÀVc°™T'Ø*Üš4Šl]°ÈtÆ`gŒ\€ G3fÉ“»`!8°~�ÁfR÷À*ÌTÌ(ɳ®
Ó=†VËèG€´Z€hQÑç9)7b�zRc²%ÖlÀ”›Ú*L¹É�$�‘ýôP”&Á9c0›I€`kfÒžS\ÁN
-\€¨Y|À)È0¥A½¡Æ`ÑFÚ­ÆLB�6Õì±$93ÚŸ
ÒFr„&.ÆÿQlOjLI	%Va°hä/°
-SRÌî
¬Â¨‹;�žÕ˜g¦`Å=ËråóT&@š U`4
-¢01@à„t‚6Ô˜j¹c0Õ˜]!�Õ˜j“[�Á¢Ëöê)Xc°ïz_�1ÒÀ¤{sŒ&NŒ
-+@!Û3¸“.Äž‡òÈMsG
äÊ
-Ê寞Ã]¶‡Îi©Hn²Ç`17cÍ*v–ãìǃ�—¬šßVcdX(VcÖ%?`]¨ÉLZPîâ\€d�W³ƒØ4Iœ'5+£K±
-3œŒ-êmå2Ècþ%s„;Ä]5+Ï„À:S\.ì†÷-
-r¦
ƒÍK*ö¬„š•¥4ŽEj�ªˆ&cŠ§ œ¢sµ¡Æ`ç¼Oƒ©ÛÑs\‰ôL€lÉQæ ô5ì<‡éº‡.ŽR‘ÎiKÉ
-^Ñ™
-Ò$%
Hòœ¦MàdÚ8§ò	¤8M¥uÑyôâ€wºçbÃ\‘S+OT0Õl>CŸÖm*éĦ¼õS
²i€tˤ3Äû˜§Ú©ÔN\Œ÷w�/\IRc¸ÍrT2°râR¹§P> ¥‚0”v 5¦[ž#Å*�ÆšU�ó­l5OGR”Æd9€버d£|6¥h© …S(p
-‚có).@¦��Ê@jÌ4°©ëä$îû‹Û_@�3qnÏ)§h08õ¤Æ`±š3°
-S«bv™G0ÞÖÉE98£œ\
AîÄ9}žSÐËõä$w²œäÖÉݳN^`†g¹:RÏ:¹‘ûv‚úZ
-ƒÍSøŽ5‹<S¬“�<0ò¥(@I
-âPd”ë9áTnü@jvÆ/•�u[âæ—zL„"@Ê ã9RHæ-ÉÝ=;Ÿ
-á_ÑÉÛÁ´Õ¦z±­ÝŒ\®*¾°5Ä�Éâ�£QëDØ°µuS­áyûf¹ÑÊ(”ÑvÇIüò³j·k‹ˆo®ÍT„g‡FÕ�ÙÇ0[ªo§:º›vÛw?P¸eß½ì$4ˆ ½ò%ýÑØwÓ=ûÅGÑ_ì}®|©èïûn¹¶-Z}èÖ»}?é:{OUÝwÃ`†ÝS@äkM~èU^�áÔ0OóÂŽ##•ùtó}�óɆ=ŠF-órxzÌÓÝÃ?¿>Üý~ÿÿ\ÝÝžß|çjãu××”!Ùæ)Àlá¸k«aü æ¶zSk±jn¿\ü½Ãô¨–Ýnd.ªU
�¦Z­�ïÁwÔín=6l©fƒmŸ«Ú­8蒅̾-hΑM�Åðsu=.»v[õÍÐm\§©šßm×]ýö¡‚û®:Jå7û´«õÊ|z®Þ¬éœÓOø £ÿÔ¬ìC
ÓS®›Ã °?æ°[zœ…[­ÌÐü[†ž®ÒmõÓül›ãƒþ
ÎP�#ًתG
»Õ”C%ú[÷bÖŒêÈä©YY³Æ´þ¥¢¾z?n›'Ìk&Bm  øUó«	}k[zôÖv;ÉÖA.Ö¸J/×Í~D|¾.§�O²¨Ä¿2•ri/Îo/Î
Îï¸9p
Ö;Ž•0YcüÊÍ姳hÎKþ|9Œ}UKö2<kÊ2Ã?´‚ÈÖ—Ç“�üõ²´endstream
-endobj
-1093 0 obj<</Type/Page/Parent 1068 0 R/Contents 1094 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 479 0 R>>endobj
-1094 0 obj<</Filter/FlateDecode/Length 1915      >>stream
-x
}˜]oÛF…ïõ+æ®ÐÈüI]ŽÓ$ÞÔn¤Ô½È
MQ6[‰ôKRvóï{fVä)@Q4ÀñÙ���]RÿŸ…à¿P²HâTÊý,˜øËôÏ—�³8�’æúï^Ù<9Š�¬f$÷²æ!1g—Eóvi4_JjBíHÂ.Æ#ž9»ÅržêzER¶ž—{É<♡$E|{‰–ºœ	5#¹—d9�ˆ‘ÜK¶8a$÷¡æ79e
GÍD]qˆ4Òª™ÐpHÂ0\ž@gi6H?Ñ<LXú^ŽéOµE¥‚ÔʽԪ;¡v$uÁP´'²Vš�˜²Eã2¶%
šgóSÒèI˜œØ²Eª¨îkÐ4ÕêzJZ»}šë½Äa~bË4ÒŠyϬAãå<fJ4ÉN=“Í’SϤA1-ÜÖØ£ÑiÌÖÜEgºéÄÔÜ‘¹fzÈzl.SmödkÍ$Jzl.Qkîhëšé)k4(Òñ'J4‰Q
-¢¤As�W¢¤QFlª€(kP9oË£Ÿ±-iPd3%
šåØ®ä™4(:uâ™4š‡'ÕpÍÍu?`ª3e&´¹$µ}zœxÈÔ¹�LYƒâ¨F«=%­ÍMO–e�„zœx[Ö ±N
QÒ 8»9!Ö Ë\5EÅeò“uYƒ"_¶e
š$'µb
ºˆpRùuYƒæz
xê”føã8}&üôYˆ
-n'ÈZÛgSà)iP\RØQž’ÅîÃŒxJG‰-imP®éL¶¬A³L'ÈSÒÚ ½Öˆ’F¡pYpT¬µÈ‰NÐäÙn¶þ¨7[–*3¡e$‰Û|LŒ$RÅ�"Õ	ºÞ$
6
-†Ç˜	/a.t»L�5(6ÜzJ5Ažž’F�‚@·øDYƒâ•
-ÉDu+ÄK-
Þ?tvœP·$ñ�¦7®g¶©cû^±cv&ÔÎ1ÛrØBZ‹Ø„2’ÇãÜ3g·pß“é×@lBíHÂ.Få<sv‰ûžÄMpÇ«°õ¼tuË:C\§š<ÞÓ� 	3ôêöôŒ$X®�Nv$µØzþxÈÅ`SNM=M3½¸bŽµ)p�ø@&‘43”{bð2J¬‡³>'¨,B.ºWqôeG¡>-”shŸèÚ
-'<KÝ'”ã#L…2’*=’<s>ñÝ®éa¸±ž	µ³Pp#`@ñb‹°ðWÉvön=»ü�"tYoõ‡ˆ4Ïd½±ß!Y—«]û*ÿk릳þkö6�·ö.¼Þ\\ïêªd84uó¨�Øçïò¥ê»ÁYÁñd¶*ö…ÍFÚá©êäúæÃJJóe󳟋²n†¶øål�ÛU$.lú	q—E#7R¶Í¶~< ÝÛÕe$÷E÷,×mÓTå mGL¤è¥8.%[0‹ÕÖäÄÿÛu,ß.šv—øöæg·nÓŸ%D§á7šÿsæŸjw…Hµ2ŠôýX¤ºïU/¯OUã¼}»PøRu}Ý6ßÞHÝË¡¯6œÁy­4ìM‹‚<Vƒ<w(,ª¿éj8Áß_›][läµíþF;-:+×±3®\àûº�UoOÞÃê±kÏ?tðk_É®ª~�õõÝåÍ�ôCQþ-Û®ÝËçºìÚ¾Ýg]}_íª¡’ùóëN¶õ‰[
ö¹è{¸‘ò©h+µâ¾ ©ÇFßoïýÃxv³;nÑ“ÇÄ6Bi·“Å�{vÌõ§åâò§e~¾ðˆñþȪê^ê²’;M3²G¹lŸnï×·rU–Uß»ý%}{è`P¶›J^êB®ÿX©[Ý4C×nå€nŸ¯ŽÇGC+½Ž×¼íl"ÙÅqÉã¯ÕƒúámçBR^¾¸à·Éil¿TÏm7èÖxwxü¡ÍÿßǪ©ºb'u³mÏÖ|_=eW½T;·"Å—U×À®êº¶3LôjÀ6zÒp�s!Ý¡ÑSÛºÕž-sWåSåVà’|Ô-+ûâùYm­3ç–ȹx¨wõð]	ºûúçÙÓ«ë[ùÚÔÿœýùýo7öäå‡üxÐê/AK‚ßRœ·««Ïï®ä®kÿÒSé}[ö8[‹©Ý!¾åÔàm,õù«‡~èŠÒ'Á=�ç	~MHuí_׳ßgÿÍ}ÿ“endstream
-endobj
-1095 0 obj<</Type/Page/Parent 1068 0 R/Contents 1096 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 482 0 R>>endobj
-1096 0 obj<</Filter/FlateDecode/Length 1048      >>stream
-x
­VMoÛF½ëWLÓq
‹ú¶$ßl IshƒÆºä¸"‡âVä.»»´* ?¾ov)[v¨Á‚Èý˜7ïͼñ_ƒ	�ñ™ÐrJ³+Ê›Á8ãÍÃק÷ƒéz‘Mh1_gSjh¶¾ÊfýSMw²Ÿ³u6§ùj‰ßSü9¦2.LfsúÆÂlš]=»ŒÞ­i:¦M	LWËmŠoò‹_í�‚¥ÆUפLAö�în~»½ùyóg<<Y¦ÃÃxS\Üni|MŸX*¦FjÕŽ}:2§É¤?2]ŽlÎwQ¡}pzÛ.è C•âQnMPÚPmƒ'[Rç¹ìjÒ¦´£ödÅu+ wèh;t‡‹2úPʳ@Óp2I\Xó6ÐÞ Ñ*%ëõbÁo(¸#yÛp¨´ÙQ­÷|�R�Œ©\AÜøSZ™ô+ël¶
-Ñ@ûK*µC…¸¬áhëìΩ&Å[ôœ\P6‚˜¥ÞuÏÓ¿€œñ`J¥à8Ö3Úàzò•íê‚T¬��£,�R�w�‰›˜
-§Í>î�p}ÐMWGcÌè=‡è�B¤“Q…å÷YÛ�éæ¢âÒÕq:ê3
-Êaxçûã%^Æ(Ñ30¶pªcôWøD&iI2ý KÓ9YqÚÇ�…+Q~Ño’'Ç€{�1G8Š·�Þ­Çñ|–Æñ¿þ3_�³ÕjžfôRPý²ü1ø*åyendstream
-endobj
-1097 0 obj<</Type/Page/Parent 1068 0 R/Contents 1098 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1098 0 obj<</Filter/FlateDecode/Length 1477      >>stream
-x
�W]oÛ6}ϯ¸ëK]¬‘¿'ÃÚ.-‚¡IW»Ø‚f(‰’ÙH¤CRIýïw.)Õ®švKÛ‰.ïç9‡7wGcá{L'š.(«�FÉrIû[â—ÍǧÉ)Í–'ø|²Læd%°áô——Öv:Ÿ|±�À¾3¥É|œL['_=8]|{àåúhøú”Æ'´.�áb9¦u‚�h�
V^nizF¯¬^’ßHruJ™Ñ…*+¼2š
-UÉäÙú<Íhìéxr’,àk°ÞH¤&ðãD½­ä#‡)|ËÏÁÄ‘kÒ\Y™ycwÝÃ\9oUÚpÌ„.`S–Òyڙŋœ=Ôœ‚�§É„ƒgˆ[4Uµ#g‚a&49)icBD³ewŽJCÞ”.,ÇÛZ‘y•É„V0æ²kÜŠó0–DUžÅsÉ‹dÖ–LNq±H¯qœÁ#UÓƒiªœR4ÆÔˆ¬tI•ºåpÊ�Å~Žè”Û9NfÓ	üÏ“%ÞQµ_Ëʤ¢ú»+ˆ:|«coKkš-ýJo¯ß¼¿úð®5žŒã€:_xÿ¸A&îÞ`S6\•¹…?m¾–a(F£ù�é ÇmIÓe2‰%=lT¶i{‚þb>@™Â|Ò	½3ZÒƒò|&‘e¦ÑÈ$BÇI{/ís´›û(a„IâEYªL‰‘jQK2¶Ë¸È“Pñ.”½`ìÁ8¡›Á¥	¨x0䤆û¶ú
ž®D�
-R±H©ˆ¸yùþêÏÕÅå›Äö½¸Œ¢\z¡*wó¬HŸ/AùïÃ×ó–S`èPÚyô'>ëø6@[€Im|÷œEÈN ä
-ܲNVEáo9×€Ô̾m›ÒEŠÐѬ—´­ºÊ¶n+3U(Šœï%ÉŽ9¡~’7&a.ÑT¨Ó2˜«¹e»¾s[‘6\÷üg‡•ÉD5DB©V*ö‚Ü<ë—ùîjƒ*•†ç:Ê�H
êu2k¬òé= ç‚0p’-‰ÈmXô ÂIp¡`<Be¸“5µÔ}L|¸¼øëŸÕù«ï/Ö׌™VT÷ò|<�E…	º<;£u+€¶Õ—Øù@�G@cPÄ=ï„ùÂ?…ðÖ[c½
-ÿ¹¡ÔøÍOtuÓîÍ„ïÍ–æõ#ô
-1UîìF`.h@Á!ڹĕŠëoñã|ŸsqÎp‡nûê{ù¶
-¬1Q\vKK-àZä÷Ð^uÀûàø퉱Øk#»oö-Ðí
Í|À‚‡±HͤŽ iýÆànàë8ÒqD ×N+ÝÖ
-endobj
-1099 0 obj<</Type/Page/Parent 1068 0 R/Contents 1100 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1100 0 obj<</Filter/FlateDecode/Length 1403      >>stream
-x
�WmS7þίXè‡:S|öù�|#“¤e¦!)¸Íd&3ùN¶¤üïû¬t‡�1y)0‡Á«Õî³Ï>»þz”Rß)M4œPVõ“ÙŒ¶»Â}§ÓdL£Ù¯‡ãdHVÒ¶}œ~x4¶ƒi
-ƒh;€}czÈm::KÒÆt4ÁË`ûj~ÀsïíˆÒ”æK„;™Miž‡›û4Ï:sCÂÓÆÔ–^Ì¿õÞ"§`ÜéIŸõœ´·*“.¾×:ê$ôq�cÊQ.—JËœ�TÆzJ‡g=ŸU	],I¿Vzµkæ×R“ÈaOÎáq#ÙwŸºé0 ¸θ—ñ¾ô!ðî`’Œø]-ýB×uN·w=Ž
žZ[§JU[lhi,¬§½:¯8WrkS9­Å­$¡Ijo7!–ï_¬]ëéÙ{/å½'™«oàŠÜ}ždF/{é €€ü�	9r¦”HF‹vðéÓ×5MFÃ
Ò'3üH´÷µšóVŠ’P#ÔçN HkŒ§^íl¯0™(zN”Ñ[(Ýså"§ðà(¹Fà÷·.
-n(7úWO7h'ºcYä:.¬y&€>D’å'܇û½·í%;
r/ìßù‚s	J@O("î°µ&¯JyJ‹ÚÓR¨Â€a­x ÷µŒ:™Ôðþ‰—γ&óe'‰Íbcr†ÊžýŽi¶…ÉMРýª<¿º¼¸ü¯è—6öâ‚‹,“B·§1U:ÁI…¸²Ì” DTï
-4ÖVë¹BÌ(W1‘”€ï�œrQyíª.AYwÊìßg¹ÌªÊŸSçæìÝmhiM«Ù–º%e¯Äû0^¡@pü#GO©’v-*G_¸Í�xÌúãïa
-Iw*1õ-o²u	åøí>Öå	6\¹f�û"eàbð-Û÷ô¸´àI
-š£9c,!,£ÊfIØi×h'p(°¹…öñO§VZ<ZX *k ®Ý‚·ùêD÷$™§ÂX²G\°3s‡µ“ïúŸ« Ü
-endobj
-1101 0 obj<</Type/Page/Parent 1068 0 R/Contents 1102 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1102 0 obj<</Filter/FlateDecode/Length 1277      >>stream
-x
­VmOãFþί˜žZ5HÄy%/|hÅ•£Bºƒ^“
-UM?lì�½‡½ëó®	ù÷}f×NIàÚª-0YïÌ33Ï33ŸOÔÇ÷€¦CM(.NúQŸ&³y4¦ñlŠç!~*Ip>D³×FçãhøÚÁ`4yãíò¤w=§Á”–xŸLÎñÎ2!øî÷iwN–4¹ eµ£\Y§tJ.“d3QIKâQ¨\¬sIFÓÎÔYY=Êêtù	†Î î§Ñ†;_‡“As2�Fçð‹[¬ã\Ií¨ûžÂK£æ¥ÎŒuZ2�›£®7ÐN�%ùÕÔ@fê<¡T:Z‹ø�„ÇMfów˜#ºÙp”ý­ã(5YSH—qÐÊ’Ò±©*»|‡0]]F¦OÝÁ)‡û[ã$î	¾Œ÷ùªI(šDn
­%ÕV&ä®KÚò‹mQ؃\¸¯è½Ð„)Cr,­:¶Ž3öÈ÷ýæ>]�¶ˆÚ„4Å™1Ö{¯(—�2€¸®”Û…09êBìh£4à1®…(Ötû\KëPg*…µ[S%ˆbc€V9Úª<ÉØ#8!®ˆ´9í]Ÿ·¥}µËÙ

-
W)hn*J¤½l„ !'ÇÞ9’È|dãm·
-ù®Ý
ØÝ.‘$-…MéXÛýå®Û‰M
ÿ	kÑ’kècÔÁšê
ÿ¹Œ´ÑÝ�žÀu»:
Qü©£îhéå3
ò‰�Ö »÷vØc­ÕSSÚ`ãßI&ÜÝë…z=äk/™ž` *þkí,w¥ŠEn3°`qØì¹¹pÔ*°ƒÌ°Þ@n¾Çe­ñ3K,—`—Oië`_&ÁÀ
šÏöF9û/@¼FÒd‹Ït(4Ô‡ì=gâQ‚L`7Ô§ô³
-ªç$‡ç—Â
-w÷S‰a••ò°þW@yé¯`*�Éß°{ìÆï±c6äò•
|lRær]	'ÏܵÌDC´®SL“ÒTî«Cê |-mîyð`b¡ñêÔÒ•Ã÷è»ß‡+¯To£9û
Í
ƒ*H�Ðj*îëJ?Лmfh[…ùi”Æ·©JØì
7M7dë4ŸóšI0¤y÷’HDµêÀtCÑvÞû“Õ)9„,4ôÏëÃVÝÌïGT¨4sÈ„à9‹)Ç8®n.¼½[Ü,"÷„é…øèúòã~#Á®4ìź;�Çë@+~±ÀŒä¡âÇ¡ñ«×³N£åÖ¦•©KD�óÐö¿Ÿß]^}x÷|Ìb{hÆ~&ÐY$¯?uKk75�…}ÿ&¿à˜Úªõ‹•rÒ÷àÞõ¬™ƒ	VÖÙˆ&Óf7Z\~x{I?Uæº#j×–=Á�’³Úm/t§ý9ïRÿañOÇÑt2{å Ïæß-O>žü
³gkšendstream
-endobj
-1103 0 obj<</Type/Page/Parent 1068 0 R/Contents 1104 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1104 0 obj<</Filter/FlateDecode/Length 1497      >>stream
-x
}WÑrÚ8}ÏWÜÉKé¸@H;³„¤;̤”-îf;“Ù Æ–XK†ð÷{®d'ÄIv2!€%Ý£sÎ=Rþ=P?élDiqÒ�ú4žEçt~9Æû!~KI+ÿàbt��o<8¿ìG÷ƃ×3®â“O_Ïi0 x…ê£Ë1Å¡r¿OqÚÙ›2Ïö*“]²†
-qH$ÞÒhI2·’6ÂÒF9:˜ª¤mi’\$tæ˜�,SŒ&å"úe*JM•g$r¬Ua²ÛHº»»ûÿ>éSopÜqÖ±Êá‘!›
-M‰HHY[IKfågXQ$¢—©µ´.ªçG`	sï6R3Z©G?¸�´¸½™,oÈJ@ ÞUÛL8¬‹ZŒ$3iUHí„SFÓ}Ç”V•©ìLÞdÜF8Ü‚¬å££­,-&îUž£<ê€)¬’¥Gùéëg
-p‘3©ÉéVîdþRkø.x)ÆÀå·+Ö9æ..„†jJä2u6¢iU–h°´ÕvkJgé¢K)ØUÓï?nºþuqûsÙ¥ÛÉüÛd>è¶ø	_}*ÌãA»e}. ÓSÞ†¤=wX!UQÏ
-ñÛ”Ê8…8¡‚ Li=3M&ÏdI=Cø¼
-ܱÃ��ÈD4ïÊT!´L¥µ"ôÇ!óÉL¼¹*TÈ"R˜rgZäzùucY­D"�~2ƒŸ¢†Úc®µ”«‰~±'Ó÷ˆ…Ǻ‘2 1:?´Ê–²J³‹E¶C—‰µdbšpY_†=î³Ö$6­px¡39$ïVwk¨+­,wœÀÐ' 
-f+“N¨ü•ÿçÆÉ/?7ê¶Tˆß+Y±ì
�Üõa_3³!!CRÇÓŧق ,Ý´m#{K¤ =Û)¢¯@蹯M¦Â‘™Kn»9²\Vª½,ÜÁhLyðõÞFmt«®¯cÖÉa�ý\"A�‰àð¤Z{¢ß<ûÌS²*MA?ç³Ø`‚¦^EZL¹äs–=§ws y¨p¾ï4˜Fì Ê#±”ÀBв—Àõ8E¸ÍÊP‡±Æåhƒ¸^º]üð¼8qþla¹Ö®Y�'Ÿq'®KQ„«ijNÐú‚â	µi©¶ŽN1Ï>�臈2¬ÅãÊ*õ.nœz{­Uùÿœsp×ø‹¥ å¯åßdÝ
DÔÅ=C™ñ÷‰t`ñQŒôÿõqÖT� ëÎkŠÃVG’á|åû¦s¦?˦a¸W”Ækîh"1•{:ø«-¨;Öþ•$~-o€
-¶øŠÖ溬/zƒþM¸<£Ñø’¯ŒËÉ·«	ß~ãH§ëãë-¯Ök†÷ÆýÏ<þ�Ëèùø<�.qmŘÁ€§ÞÄ'�ü§%
Îendstream
-endobj
-1105 0 obj<</Type/Page/Parent 1068 0 R/Contents 1106 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1106 0 obj<</Filter/FlateDecode/Length 1472      >>stream
-x
mVÛnÛ8}ÏWü²	k}«í<ô!iR Ø\º±»E�`´DÕl$R%©ºþû=CRŽ«EY"çr朙ù~2¦þ�i1¡éœòúd”�h¾¼Èf4[.ð<Á+©&Ó7øù›ãùôõ�«õÉŸï/h<£u	'óù2[Òº ¸�h�ŸÞšüYé¯gëo88£ñ8N8vú %	+í¶*ß’3µôª–ŽrÑ:üñÖ´›J’rTEC[Ñp2G0°°ÞJ„äw†ü¾Á-Sv§“]-eAÞÐFR#mil�ß›=	ZÝ]‘“ö‡´Á•Ê:ÏîVæÆ�¡Ar;žfvãUevfòJIíÙ‡‰V诒Ùì="RïL#5T2ºrp öåáxPH½§ÚÒ
ðBø�“kd®J%‹WîaJcl€-÷�yü%~$YíUî¨Õ…´ôI«Ÿ|™ï©Pe	‘AiM
.§ž.|Vº@²ý#­SF3̽¨V¢Þ€€%H5¡­ø�ºXÄÏР¢!U-¼Âû2×¾z:}:ƒÄâöÎË…¯*>¬ê¦’5‡ÔX¤g{Aõ<o¤ßI@ò’HŒ%ÖA¯·È5š´ñLƒ²­ª=!Mäê©h™
F@CTp%Le
-‘DRp¡J‘ûž÷X.Jud€ÃÀ�˜|âÓ!‘£mØçäßé„ŒÅßùìœ
-‰JаJÄzX…`z~nI¸€„\Û4Æzhý à�£qF+ øÍ84Æ9ÅòB	
-¶�ò¸’Åb¶ò{+]?e±1(!‚‡Í	‚bÌaT¿+D.Ý9Ì
-ŸàØW
-•.ˆ…Û'm¬SG@ÑÉ�	®Ç
ÄÌ$ñAƒœ
:&TÇ…
-<¯öæÁ2úP’è
yT•�s((ÛHð'Ý @P¬
@T¥ñÄ£ÞGCFäœb[äÀâ’
‚‚tÏw2ô5�Ñ%L˜µ¡¿×1ÍѺBJ€{'ö¯@„ârPŽÛ¹­i«‚ò­Dƒ‚B“é¤Vfþž‰Ô�üÎ*ð4hDŒ�&CÏÀ=ßB¿ùNù-çÞË
I{gìs€Շê;´Ìà£ÆA�ýÖJ› mòŒP J�¥¢r*ª
ô'*˜æö¥%Xåâ®ç<é=öNÖ‚‹ê;¢"¯Å3XçIHz‰M‹
€l;ø‘&õ2QTß'ø	TÐ\™À£Îè
--U–¢­|¢B'»=̱äw·E9åϦR¹
-%sÏ1â0�b:ç´i�FI{ÓöòuÒÓ
-d:dëÏšà⢇ÃûoJߧÔÓâ˜Àõ(”Ü5b¤ý
Ê=¶Ž}º/oÑw©C˜hÀ�…~‹�œ˜àÌ
Ño4…Ñø®¯r}ã‡0Ù‘åÓ©k±@h¥ÀsOg ·ÐÐöá!J²%‚•¾µ-÷haèáAâºJ Ø±+´‡
-:GÏãõÍý—ÿîîoÎ)<>Þ\^§ÇÏ�Ö7<݇ËÛÛãa¸Œ\nåHs£*åÓÔsÃ¥€4‚¥÷ﮂHÃ�kG>{¼‡1—Âzx¹DŸ°äi�Í2ž|µˆb(@]qaéf—gžÆ[Ý8þø.v®^*awäj‚lÜVxjl€€ž+ÜY€›
0åJvLévÉ•Œ{‘«7VÂ’g%5û#·iT¨Ê¥—iƒϱ¸/§ôf:÷éêòîê’>Zó�šk“·¼<æpÊÃîÂp1ºàö6¶?þ6[̲Å|‰õïÇ~u³>ùûä#4dendstream
-endobj
-1107 0 obj<</Type/Page/Parent 1068 0 R/Contents 1108 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1108 0 obj<</Filter/FlateDecode/Length 1381      >>stream
-x
…VÛnÛ8}ÏWü²-ÐÈ×ÄN�>¸�ÓHìl¤n·Øî-Q67©%©¸þû=CIi*X$q,q®gÎÌðß³1�ð3¦ù„¦—”–g£hD³««hA³Åß'ø³’r,ôãÃîñ€ãÅ8ºhEg—Ѹ“ÁlÔ}´²ãÙ(ºê›}Ÿœ
o®h2¢$G$—ó%YÐÅ›ôÕµ{mœÒ{:™Ú’åN�“öIÚ×É?Aw<otϧ³híWkí­ÉêÔ+£¡�Ç­Ðd]²PrPŽrUHJ�öBiG‚
-å<™œ¼tÞ±GJ…¦JÚÜØ’¼¡'Q¨LxÙD¿ˆ&¢µ'Q8å¢h”�áÉ$ì>ÊâıŒè|<mÂLEídð‰Êš]!KBP*'å)
-V„>‘Ñ�Ä�—•ƒ¯ S	ç$„Š‚½à´‰ß5›€-6+vʼnŽÆ>Å^¹Ò2jßM.£óY»ƒ©‹Œ2CËÛÛ�A°ü†”OÆfÅ8˜£F,tOðm•Ì£TX™×œ¦c8ª0€³mŒFãù÷JE%vªP^!/ÔXål´õ*…-Tg¡6áz9©3*%€#YB0æÄì
-Ô¹ô|–*µÆ™­“VCU�ó"}ŒhY€>Zxõ„^zÓÀ
-Ç¥81ö�ó/­ó«‚ûî		~{õÉÀ£Œ³ž×8Ì”o¯û¼Jšæli€,�*U!lȘ1OØŠ\RÐS{×7ñ3^\©GmŽ¡ŠZ vÐ]ÅèŠ^�è &}`Ž+wFTθZýw¦um5{9
|Y
"ú
-�<ÇD–
ÿð²Uä¹D»ŸpḔM„'C�ï·lxx3¢+ž¢ãh6�Ðùä"Zà?FÆ_ðówç;‚ß¡ÀeÉ…~ª–•±ÂžÂ¼uÔ—¬ˆñŽ†°Ò?²Rd€˜ïè${½qÞ2
ñPÿ´ŠW�ª1-ãøóÝŠÀùx½Ýð"Ãàß>Ðí2AloÂ/ïÞ/)þ¼NVÅ[ÈØÞÝ-7×qI;¬ãOÛ/º^_Óf›ÐêÏuœÐzC«åÚç¡óÒiu³ô¾�°E…÷@ƒ©‡É@KkAÐR:'ö Ó‚[ìã�'ÿO"8ŠXKž·JC�ÀYn½�DÅz!×:ÇHÖÀcãí¨Ê•Å`K2}|¶Dë{
-L´Ò™¢QÂhj,"òÐwÒS]E$÷oéN€3˜tÍ`ëùJŸƒ•§@ÚfÃVF¡-8ñà¥Yßm"¨0¯
-¬ùÛ·ß;KlT¬�f¸Cˆ'm˜s×›¸½�HS ²ŸEÕàEº=ÒñÀ«Qa${Yt´o¢G:u�ðÑ�ƒ×,…ïÌGmÐ[	ÌíxUQc^~-°€¿aä
xTWˆÎî€ýýr$|ñx>ÅjàKÑù”©ËôfGãæø§Á‡Xœ[¦¸f͆x�•šêãU»Šº(BvoxpEîWÞ‰¿7´c ¸ÙC,0•+Š›GCÍvjñí*WûÚ6c7\¸
-endobj
-1109 0 obj<</Type/Page/Parent 1068 0 R/Contents 1110 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1110 0 obj<</Filter/FlateDecode/Length 1629      >>stream
-x
½WËnÛH¼û+¼¬X”õ°äÈÁNœ…
¯ã�…ø2$‡ÒÄ$‡™!-éï·º‡ôƒJö¸6,Kä°U]Ý­ŸG:Åï„–Sš-(-�NãSZ,ñ”æçK¼ŸâÏiÊåÆ|9�‡7ÎÏé4î_Ü`r¶ˆ—ÝÑÙY<{1rö>>ëmÌñV¬_®Ø
by~��ñ—9M&´Êââ|I«LîŸÒ*=¾µ�þ@ßmëÈ—IœÚ*§ÜšJµ§DSaSÕèŒLõ�Þ­~�¿ &±u<ÖM.õæ�é«ûåÉÖ»1[*Æ^•‰&	O¾§É<6šMb¼ÍŽWÚ74}kø”FSŽûø[[Q³Ñ”Ú²TUFQmª5]^ÿyõퟫoåΖrâøts}u»zu»­ÌŽ»‹é:§½m)³Õ
­uÞáo2wð¨èI&¼¾¶•×l¼â'­>Ý�¯ïÈÛ¼Ù*Ào<U¶AlÎé´)ö€Â7ª(twF§‹�#£Cª×[STi ÜX®!EQf=ÕȦn"Úš*³[²!y¤†ƒPpöCÛ]>ÈVJí½ZkòjÏ@Ep9ÈܶU‘í¦4…r¯òú|{ÿ’N0Ñc~Ò‡ÒypzÉÚ릭�kÀÔÖ{“ žºˆ…äÓllÛ{ÒU㌆ixbj½vOÚ	yiap÷„½&å}[ꎬ�÷�zâ¢à,:]*
-Me’õ‚'C�)Õið¹™?7^2¬§Aœ€»É¨;$Xg†ç�4g„Ïû_ÛWà™2äD¸¥LJ°ÀÚ{ZÜËYΑ%Æú‘÷h[ÁþÍõýêê–§&GG#óg©è??òè

Xé"ÒÊ_É^`
=·ž¯£™ö|HÖH3ÄSybf„ó¯&ß
-]Êœ‘l ôÆà†L׶æv¡e1]Þv„‰Øx
2ÜÌÑfŽ{1>¼“ñä÷è;’FâÅøÀ{4P+‘Á|‚ºl‹€‘6VæÝ-„3ö!zÔ
�Ñ),š9lK�…'½C¼’§yëPTµe†[˜\a–n7&ÝH–²Ën¹©d�¾­‹˜`•J^˜”³Í	"0¢l�6Áƒƒ[ªEa´¦~$õØ,»)ÿ�íñùž·>l|³)V»³øÿ±lQ÷–
n—ô‘.nnú(°“…s»Ý.~õ7ÞïóX‚e
-endobj
-1111 0 obj<</Type/Page/Parent 1068 0 R/Contents 1112 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1112 0 obj<</Filter/FlateDecode/Length 1506      >>stream
-x
…WkO9ýί¸›/Ð	y‘À~JWH[6£•VBBž'qñØ©í!Í¿ßsíÉ£SZ„�Âd|çžs|ùz4 >~4ÒhBEuÔïõé|<î
i|1Åç!~�¤yübt9ê�ßúb8¹Ä{­×ÙÑÙ§1
”Í‘dr1¥¬$$è÷)+Næ¢PZ…Í)YGë¥D_å…VҪĆŒ”%K¢(¤÷¤m!4yé^U�‚pȈJ¢8ou”5‡§ùyí
-ù!ûrÔ§î`„–²ò¤°ÆÈ‚_÷=z:¹·AþAa)©“+S’2A:T&=Y£7Z	‡,xH¥œ«Å›¦Zh­´&c	­íš‚sáÛÊ®­]å¢x!Q–(Ч
-È`"
-ÄgÀöT¤»]5|9£ë]²ý³ÇTÕgTõ«ÔMâXxLçÎxp+Ö¤¡:(²‹ÜR©im=SåqT‘œgŸ.i
-Ö¨Œf¶e«¶ÄÚC51Zù £4Aôº\må9mWþ·
U’¬œi!DT@@Ê5³*UµÂ7°ÐÈVÄFDßÚù\Ät;�
-endobj
-1113 0 obj<</Type/Page/Parent 1068 0 R/Contents 1114 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1114 0 obj<</Filter/FlateDecode/Length 1612      >>stream
-x
…W]oÛF|÷¯X(*‘dÙŽäi€8IMâÆj‹
-[Ç™�ò(HžÛ­>R”û ¶£ÈûHñ:vº~6à/e¬¥ �v‡ñq1CÝ×…BŒøö6
-Äéë˜ØòWy_¢ðö�T{X;^Ú{µð7éQ�¦&¯vž"SnTn*u
þ=£±¿–ú\
ƒ0#Ô bdAôƒs:®óy]7¨Æi8nˆIlËTÚ
>•
åz+•ôdøÉ̓†½X¡ži,ðCz#ŒH¦6°¨ÄnÅÆÓý™z‹â	{ëäw¾ÖÅý)­šš“0PàceÀ„웪²®–D¾>c�ÆÃÎ+VÒõcèK×�³	ñ1|2ÍQÔâÈLòü”©Y7NI_
-4V`;¦$€Ter¡TÈA©xèA›ÛAõÝcLÙ|Vd4Ey4)ÔË0ë¨Um_œ^D+S	žlÞtRÂÌZmÊ5¸ÅY¡ä ›Æ7-#XOZí
-\À΄tw<b»azÄ^]ª<þ¦xç”Õ›I	Åvµ‰4À*Ôº©Á+‰Fmžà‡Ýv3g¯Z÷#]c¨±žÃÌZûûÓàºZïro_0£¹k˜î²%‰F¦*æe	j)òÇv¸­@G©–Ó?*Éñ<ç1Xr
ÃJ’µƒ.Ï�ÒV5ö�
->lw£„‰]IcËtÜf&ÎD}Ãênyu—üÿ
L+TœÉý

ØicuäQ�“”
-endobj
-1115 0 obj<</Type/Page/Parent 1068 0 R/Contents 1116 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 487 0 R>>endobj
-1116 0 obj<</Filter/FlateDecode/Length 1597      >>stream
-x
�WÛnÛF}×WLõˆiI–u	`´Nb~°ëÚJƒ¢.‚¹”6&¹wiEß3³”,1î%AJÜ�Û9sfü­3 >þh2¤“1Åy§õi<šESM'xâ_¥)•£Ù_xq2D£—^‡'/š‚רßü¸ûØ™
£!
N§0’Ó`2Å�ð)£ûÎ
-ë‘z¬Í“)–xúVkç]—lEÎä&S8婬ìB-²
åZŽüJyüд²Î7V^Ï¿vút48Aó¤Û«Øã’¦'£ÈÇ%9]=™X»ˆÞ¯tüHÞâ+M&=°UÕEÁ±ð�u¥ÊRWî
©"áƒÎ’J|"]øjC¦à»-ß•‹T–Ù5¥
¤Èu¨(ÎîÑC�Ó«…öoHû8zxÍ&Ž/g¨y¨äÑ	ƒ�Dæ¨ÍÂëçB
¹Ð½»ZüsEsDN�6pôö©vš¾¿¥üywõñþâî÷‹»‡‡ùõí¡É^D
-c¶j¹•âº|
öôà^D¹zÔp{rª+è� ÓX-¼Ü4KÊL¡Ù-í¬q$MQãv8Ø\ùW–@ŠÒ:g˜k;j2Ùج*^yBåÉÖx`æ’Š
-•ã´e¿ò“’*Ps¾GJ.
-j¬(7|O@ñ-`þZC«šÙáXü‚MȤZ*S/L»4Λ,ûh¥”ÓÙ¶PAŒ5R/I²å@‡@£•zBo£H{
Ñõ~Ç#ü'!òñå³0–•N5tEsO¾š‚žÑF»C>õ8Y]ˆŽH€<¶•Bê+
ÙD¨�¨Ê×å±uph!A¿„ꆙ
=‡B¢(\Œõ ,ÂL‘}R5êÍ3‹çfÀ³¹™`Þ3«¬Å•MÂxb~YÈ
-7òóèÞ«óÃëªbdÈ°E¬‰­Y
-1ìÀ\H›Úk•–ß�Ž4D˜ÛHÝ
-ÒEÜ["0ZLñ¤2“ìR—
-q[³_/dˆm	[ï�G'£0‘ïEMÐò‚ äDt?ÖHš-ËrÅÍ%BBÔÃpÖk'b.9B9¥­2ªá…‘C`®0icæF4&8wNššØàhèÏò‰ˆZuoXxÝ‚Ýx…yÈÂ-ý‹üŒlµ”•@F)/¹¥Õ‚ƒifÚŠµ±ÔWÖšŠý›[Ù€ÙçL­õmµ„}O+ïË·ÇÇ»(ÂS“Àvÿ9çÕg_¤Ã*•ØX¨Ï–ïEŸJÌ0þ)
-endobj
-1117 0 obj<</Type/Page/Parent 1068 0 R/Contents 1118 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1118 0 obj<</Filter/FlateDecode/Length 1355      >>stream
-x
­VÛrÛ6}÷Wì£<QâEûMMãif7mÔÉ‹_ Q“
-‘^dü¸�Es0ç�6…9œÎ¨Ñ2H8‘¯lÉWQ*-ïyšë�¢”À¶¦h87RQT
Äý]«×ÙÏJ7¯´}ÿyöñ3Ò9ªÚhN‚a¦`
rd“0 þŽ¯C2—°H®±2óÊàˆkÑ�Øft�ù“y¡]
¡™„^�¦3ʱ¾[’É:O;/à	ëÌ*[0H0¤_9ŠÓÊ´©•;‘©˜¨³sS£÷êÀ¤yTÚC/+eYHkÁhgV£Ï2L®�{ßáÀÙ�¢÷		{%Û†“ÔÙTFKœUeݢσx�´ºˆî„öÑ ÍæŒÿÇ-ÅÁë,Au)f¦P©”宇í¤Þ]
8Q8YkD}„Ù
<:àÇiºÚE�=
-9mñ§ñ2X†KZDè,pØ¢}üVÉÓhAS´"_ËÞl¿ý�‡ÑŠŒ)š=|¯Þ»ï•lØ+(H©
¹ð.q¹²L“×GÔm9ÍÐ+}ÖLºt–ël{hÚ½3]ëŽÌ§h¹ò•ó†à¥<†/ÎcÀ‘ýG$ŽæÿÀÑ֢æù?Æ
-)D3ڣ묃ðŽ¦qØ6§KŽÎ„aÝÙ)p"wFøÝ©”
-e}E;Úd¸±Pˆ+]£‘Ù€äÁ×
-3zÇGâ¤8ÂÁQø�Ôý„hõ8AØ}/L*
-fˆ†O�ÿÔSÏÍ#íå.
-Â%²êpvê°3¯
 2YT¶ðísB¥(a¼rîÄiæʇ‹0·0$Úpe¬äFоÞûlòWÄMþDVµ9b~�6¦eÜ߇ÉEÖÀÎÂq_¶”ÒÆa‚ÂçÎôÉv“©–m' �.zÒ/Íc;|©é³tˆ‚±Q"(žy(!?«üdèé‡5¹¯25x'¼ÊÊFã'}HG%ÎÎ¥]ã§Ïhrâ&�cgÛ×yZ’vmÒ”ûo×múÈßšó§Íûþ{Àè#+!b4úA'‚ev
-É ô©.¿`†�Ç9ºSÅIaGKb/hÄÈÛ›¦¦§Iòt‹A”ª’Ón¸§žÑS	$€
»ôÊ ÂÓ!V²V&{ºõ–&ï1öZv!ôžSybâzÕía–€uÒ"‚ëXq¥G‹Ëeê å¸-\|‘¸•£¨SÜ<t[{”Ìï×ò~.îÃè>NîË‹p?À§A|ž�õ¾©¤²Aéå„ÇÇXŸ�µ&Už"±ãe6(ʼnv¨CãáÈ¥ÁgÖ%Tž¡VAq¾ÛÛ\UÀp/Rb¢éÑŽ–ºñ©ïPÈÙ&Í!³U'ò�~t.CÔð�@ÆP4S6­%�~
-endobj
-1119 0 obj<</Type/Page/Parent 1068 0 R/Contents 1120 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1120 0 obj<</Filter/FlateDecode/Length 1616      >>stream
-x
�WÛnÛ8}ÏWÚ‡M�Z¾Ä±�îSÚl�›n¶q±/y¡%Êf#‘.I%ñßïR”%ÚK.9·sÎÌøçÉ”&ø;¥åŒÎ”×'“lBóÙy6§ùj‰Ÿgøo%•áÅ�V/_¬V4ÉÒ»Å/0¹<Ë.ÒÑyvÞ�¿lÒ~IgÏVdzGÉb°Ý�q<1²ù$[F«×ÝÀðøóœ¦SZ—Èo±ZÒºŽ'´ÎO¯/?‘(
-+�Sz›Ñ­Ò¹¤ÞSé¨nœ§�¤me6¢ªÔhõ³‘ïI肶RKžZY¥•êIT‹÷‡wë'Mϲüžî…õ*o*aIi/m)rØñ;I
lu-µ'Sâ&}¹I�Q-ڡüÖÔ$HKÿhì=^i±•áÚ^Z·—¹W2¸½6
-é¼Ò1ŽŽ³´—B‚Æ5j\D`b‰s(O
-ÿ€�K4HW`¼*C%úÌc°w/ìVú£X2¶IÎCzPÀ¸l©õ�Qh 76
-×bàtc�(r
�Uð�Àjéwñ1A©£ïW7twú�9w%¼ØZQS2|÷Ž±†9g+Ñ`ŠÑ±»qÅ_Á·2¨M'_'·A»
wŸ�0Û˜þáúµÈèk«öžq
ECW
-Ë<Ü„„@Ð)?ïhFW‡?Ù�‚¢uÛÐ:¡s_ãâ'á—å‡çÿ"ƒXi/ò{ û’fx®S�‚î™Éè’Á|/&'º|ÙWÊ:>–vÈÞ5be§¿%… �¢4�.­�GÞw­žÆ+Ý<Q«C4tHÂ9‰Ç7᛺©c/ks¤Í`‡nÁ7ŸCßaÙÓx7,·Hí@�;…Àê�û{ÍÀq³SúWžSûc¸8cn;YíCÏäJ·�±©÷äÀ&¿ �p*§J>ÈŠUÈ
ÄÕÅ#C>©0!ÀaÿÂÌ£¶÷FI½bb#Ñ°9ס*±©â¼žÒ
ŸÇôèl{hi±ÃfÜ#ÌÇy>šñ<?=æçeUÅ¡3¼R+ w÷��`Ç¥
Ãü	§SË3<É™]ÑS)Ñô*£·mƒÍÛÎ;Â2Äû"¹›-–-S”áe·$gw§}¹bEðÈq·3M…ñ
-öö©"˜@G8ì™oÏÎÛ&Ǿ&VÐ÷Ú+„z6C�γ¾£˜Ôþ‰ŽÃ:ò~£tÇI,ñýcuSy…YY˜
-:Jf—Á<Ì¢ºØUÑZÒXB9*%-“ÝTR`O¶²ä­‹»šäsj‹­	Gp¿•�Å	Ë{š‘£å×�H;‡–›ïz<Iw<9ö¢g8”�'ÿ �Ƨ¿Ôµ
-‰^™¼áÝ($ÊwGÓ>†®Îh´œ€y­j³a¾œgË>…ò�éßûk}òïÉÿØï®>endstream
-endobj
-1121 0 obj<</Type/Page/Parent 1068 0 R/Contents 1122 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1122 0 obj<</Filter/FlateDecode/Length 1702      >>stream
-x
�WmoGþî_1"JTûàÀR¥•ì4N­Æ/�‰òÅRµÜ-°ñ±{ÙÝ3æß÷™½àj”´‰dnvæ™gfžÙûvSÿch8¢duÔ�&Úþ°|èÓYGgt:ãïx2ÂßVÒÆ}o~TÆÃxÅ•ñ
-¿Ä•ÀÆhVþrÐÙ~ì22ÍUŸZ9ÊR‘ÓZé™Òé
n)R³þAôkŠ|k»Ÿj›—¥qÞíoa¥Ú@s˜öFZ¬$ŠéLV|Ÿ›ýøetDÄ€œŸi	G*¥tVåÑÐu�–~mìc“SÜø­2j³ QLÛœ =œ9À@n�7‰Éê#MŒö6Ov8þ¾'í“Jdí~Oïò”â˜Çᤜ‡“Á8Ì:øvš
-ëä1I‘,ÉÌ	©9I+™,`®Jó­P¨žÏ�IäH(·JxL¶HT¦<7¼Ði=_ƒá&‡wkeâ³M�é0ðè$FÏÕ¢°2�jŽGÑ)?¹òä–¦ÈRšIÒÆË´\h
-H~¹×JÂ.@7£­r_‰Ç`¿BgÑCW•šÙ»<«ú¹KlÑ*¥†p3K½LÍð÷ßPJ9ÃVÛIè>¼Fhe$Tdž‹	s‹Ö͇>×ÜM8íEÆxCº’JGØma¤º¦å›RŒKâ
œ1pž˜£è´�æÂBú°8Ð>[~ÐÜòeõ;¥Þu€N3–à¬�@ú¤Wgñ`µñ°4¡ëyx!n¹QÚ“òuO´QçTÕ%9#ôf·3VÐ	3ÛÀÇOÛN©¿ç†=æžÌF1Y6꧈ÏuWº•Ibˈ³_/:}fÐ#üÌ…9ª½Ô´î4lýh&9nÃÞåŠÇ,|XðÃÓR^nÚÛÆQáªn¿;+�
û|òma\Þ^´&æÂÆ2ÇbfŠR6Ã(™­ÁÂr�+ƒæ^ÄßÁ
-+)ÊnDe (¨è¢œh®–|Nd–9T…n½W…Mpkú)2Ö¯­Øµ—i§7°a8DjV,@Œ«œäV§i¢N¾Ni‡J+1ÉúÊ‹B`¬8>{hÅÊT6 ‡ª	De°LÂ{/-¹Ø—IŽ!Ÿ¯;ŠqE^bÀàr<¹X=¿,±Æ#¿lÅlŒ¹} JØèÛŸC‡‚#Q�†cñðüaû>‰¬`ö1aîÐq®^Àˆø$3|�‹èª¼vò•µBï&Qùbn.^ÐtÞ¬ƒš
-&��Á™•ðÊÜÖöå"ãÛD½¶ü&/A¶Ã
.OŠrÂ\—ûªÒ·íe:…ÁÜd™�šBZž‘tÖàc\á0nCü°ÆeCþ.ܹ[o'ƒ³h‚·„�ûüg­¾�Öš—8-�bôÛwÿú
áúüÝW7ïoί߿í÷£_éžKhÃ/FÃe-´fä¸	ì˜×¤´^*^t<dǤ–V%t])1ãÃz¬á2¯ÿƒ×A€ûQèke…º.ÝÿEýåöÓŸ>Ý~¾{Ïóïå¸^ãÚN.,îÒVÛ·ëüBB?Äú6L�š@ÉNK¢»0ú­ÕŒÇ¢ÒœüQ�ÝÛ8ÙIä�Á[Z‘½õ¸S2³@YKöš+Ñ�’îøLÙçGÃ=¼ÏMðÑ»œT÷Œxt�Îb¼Ë£É,µ´{~}qNwÖ|Åe'áò�s:‰GxŸédÜÇËpÚ­8Ù¾gýàæ;ŸFc¼>ã½9íúìûýô诣
-endobj
-1123 0 obj<</Type/Page/Parent 1068 0 R/Contents 1124 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1124 0 obj<</Filter/FlateDecode/Length 1989      >>stream
-x
•X]sÛ6|÷¯¸ñ“Ó‰hI¶%§“vÆNÜÖÓø£–2éC^ “€’õﻀ”BÏd¦MÆqe····wô÷£	�ñgBó)�Í(­ŽÆÉå%í¿˜5þgL³ËóäŒÎ/çø~r–ÌÉHÊqvŒ§û/ñìt6K.âÙ)ÎwGi6MÞ
?¿^�þ1¦w´Ìi’œŸMjž\Ì.i™ù«Ç´LOhðß—‡§¿ÿ|zøüø~"§ßè¶vÒÔÒѽ¨$=I«Ë�4öÍòn?§É„¯…ûGÓ¹�³ÌNnÙB·eF+Iµv2#WG¢,é^ºëÛ‡U"-T--ÒX+‹08"•!½­©F4KÂR>&±Ò™Ð²P–øoMaÃ#üY2EV'©®�ÁÇä4-?<žÞ>â u*œÒµ¥m!ÁÎdŠ?Àv”ìñ+Y¥j@1ÂiC[°™0|*9$=•.=-´u–´Ä�G>Þ/(N¬„•‰´c:ˆ-¬Õ©LÈV¹‚$H àYf¤µI¼q:KÎ9£Î[ƒÀ†­jG:§´Få*õI
y~ëQ†ú@Q¾>'{Ðá]áN(W%@Õ\IÜÈT›ÌR¦¹nÔ½Q™$ʇ»2rnäv
3”kST¾Úwú¢êLo-0+Yƒ³L6Ñ4ÈÔTj䀇q›¿
-ÃÓ]ˆQ|¹k$G¯pÐV0˜=�|+¡êAž¥^)c’&!ˆ:G:!V´ãn_C†#âC>�ŽDÈÖÑjÇšf¢T½Æ¹Rë綡¯'%Hâw¯ŒY
-e}Cx”dÝV*…†}4µï&Ï|!6²ï+ß|hþP¿¼Ÿ¤¿ƒAG~ƒ˜F~o%z]†ÂpöP˜(5d†CFº‘u
ÒaÃ'%z‰ñí¹‘6¡/…‚æ%(DŽ)€dƒçŒl ™š±š‚™9;<�Ì«ÞYâ„Ïùx«ÍóÚè¶9FÏÒq(õ1"xH¡¸Ì#o-_�/^�íë‰äXhPddÕºö­Ç't>H
-¢hå¡6a³Œ”]

-6�’¹¶³vÜò�ìt‚Bè0ۆʶЬ
gty�XŸ¿ŸVÁ‡v¤ß)^3µîÑP|Þ@�j£m 
-¹ú£Ÿ7Oÿ€ã=??Vã ”ìö-÷à÷VÎ"’'øäÏ%àŽÇíš:
-‡£æÀ$XñRA„ÆÀuã(ì«Ô5lo\y×»zéëmd…ÑßYÓ ;x+Ö�-J
-\Aõèo§S0
øpÌ
܈ïÞ‚é.>s�Éñ
,î®áˆÁ‚q˜ÿò@`‘ã¡ÐÍã ò}\@ú`_Oð·]«R¨¿i=´ŽÿYøÝ€Õ=
CÖ©hl‹Ý¢�õéÓ ú¤×°�aÇ|Rõ3}Bè>øˆ�së=¦!ª-�¯VGÈž†qóù�~D}óâ`“2dû™…à׸\¤r˜‡(­f÷3-&	,^ý/nîÖ>&…a<ŠôKàÍKZˆz�[öøÑ�¾X«Ý ð=îëÞ˜Dp
-‹[\èù¶Ã®Šòƒâ<<®W/¶î8ŒÍ…¨VÃU‰W‚�(Yñëçàùjˆ;Žvrß'3ü&âòŒfgÉtvÁN±¸º»¾¢G£}?ê/5‚,“:êÍÇømÃÏlè|~žÌñˆ1›Nøé›åÑ?Gÿ
\¦Ÿendstream
-endobj
-1125 0 obj<</Type/Page/Parent 1068 0 R/Contents 1126 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1126 0 obj<</Filter/FlateDecode/Length 1742      >>stream
-x
�XaOãHýί(…/Œ™$0!ŒV'w‘ Ñì�V²têØí¤§ÛÛmr¿þ^uÛ$p×3·7Œ±ÛÕU¯Þ«ªÎG}êá§O—:Rº9êuG#Ú_ì
-z4àr1ºÄõËpØ‘•”]/°¼o,ÿ|wEýZä°;á�Ì?ïÑ"=Y¬%Ý?üíÛ|1§\òÓâ÷£ÏwÔï‡õgƒK¬Ç2åüsÂïÚÕ¢(vT˜TT2#¥éaNß•ÎÌÖÑlApÊXôà	›ˆÉÛ<¹ùš$ߧ³Ù"Iæ¿Í“‡óA’Ü>Mÿ1yš'ÉdqóÞ‡:ã[=:ëŸwìNjt%”vTÁýé#�³ÌJçx¥¿µéZiIZl${°Uº†§¥PÖu‰ƒþàTƒÁÇ­*¥Í�Ý 4Y]O¿Í½ÙU†ý�Q–J¯
-U„ÃŽ"Ðz³ˆŠ2#S•«P[ör½áÞ%¥•£µÙþÐòÒbT
\³Bôøô¢R`¼”kñ⧆ЩÓ‹²FsÝáÙÁ´(GÝæÈYú
á·P³P7’€Ó)©Š®–Ø×	ôÐ@—,#µÏŒã¥¼�ï2¾›´Hø^lÅεŽ)QThW«5ïè©
-¶D탛(÷[MÛµìßó’­¿(‰.ôç™2÷‰Û±¾:ÇÿYOa @áØžînÞF.4ãëE\ÒÄsÏ–ù\О½�=SöU˧܋‚±˜xrŠü�´xÐ-º¥�QØ·,A¿ÎnΖ‚uÆH�nt_G¢ §LnQ¨ᥦS„

 
\’yÄÅSž,<=¥�bN˜(áÓøþûø7̧‡„*­ÁD"a£�Jyäb|æ4W܉:Ëâ€ZPlùÕÀ¼6ƒ�òZã›ÄGô;x¦fÊB“êåÓÐ!f™¯Bì˜C-Gñ(ëe¡Òð|W¾†±Ô·sòû
-�š²•$…СC¦’„g´�D¹wI¢±µÑzdã#Iƒ´•+ eáî\á$€Æ�zô–Ž&ÿÌÜ ÎŽ�g7áI=c‚Wåñ»!
-endobj
-1127 0 obj<</Type/Page/Parent 1068 0 R/Contents 1128 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1128 0 obj<</Filter/FlateDecode/Length 1663      >>stream
-x
•WïoÛ6ýž¿â�|˜$²%;qR`’ØÝ$n«+
-h‰ŽÙJ¤*JNòßï%ù×â-]ÃfÈãÝ»wïŽ?Ž|êáŸOÀúgG=ïò’6Å~ôhÐ?÷®hp9Ä÷à"ð|*$-°¹‡ãë�vs0ôúífh·R?¸zûþ•ï
ÿ}â-OpykÛïã�3~¾áJ÷c�®(\�ï
ú
]Àùó‹K
-çq�¸CÍ'E½­I›R”Êh*
Ù\ÆjñJ‚–ò…V"­²)ð[}–J—J?Q¼…ˆKYx¿†ßŽztæ=ܲ1~h�Â%[LSó̆ä‹ÈòT’JÓÊ–…(¥%‘¦dT.¥•ØPJmá�ýpÈä¡uò{�w>ð®ðÿÐ],•6mütòð8¦“ѧûZ–ϦøÎÑ	~ÐSaªüK£ÛwÇ5lóXä¹™$‡«?8^_´õåÄ
,RÂf²²XÉâ=7}¶‘›¼JE±e®ŽagÁšªˆåOØö6©‰Ej‹Õ–-‡ÏÖo†F&2q„@vHé8­y(€Cëtr3þ}2ýûú.?N¯Ãñá�“éíÝçшFQëaåÕ<U1V²¥±¥}ßq—ûŸ8;žŽþßÃWOPM@HÌÍŠ9ìH~ê–Zš7)¢ØèR(
Þ×Õ'ÒƒV×eèI•–˜o�Ù†Ç$tBÇ-Xë[x'®(f‹òB¦F ¿§Î»ì@Û±AÊ6"¡ÀkàÅBÓ\ReerÐuhKŠê.è¤Í© Xj”|š¾R
-š,C– �RÄKJ�ù^姇�4ô]ÊœÏ2¼ºÊæ@Z·–
-ƒßÄmeYå,f¢ýCÓÁ×ÔÍBÄÎò²
-ý£’(8v¦žYpžý€VÆ
-Ó‰.e@íy© 
-ݺĂ(Z9ßçIªœŽÕ-§Ò—ÂbÀ�šžÔ
-Ÿ0›Jf»Ñr'�¹v�s‹¹¨å'4ki
-endobj
-1129 0 obj<</Type/Page/Parent 1068 0 R/Contents 1130 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1130 0 obj<</Filter/FlateDecode/Length 1774      >>stream
-x
�W]oÛ6}ϯ¸èS
-8òGÛ°‡diÑ
-YziêÆHE}Lü!ìeˆ�»cp.\á„å¡Cw†ËZ‰ÁO."kµ+$(Ýì�ª0ÉQ8x¯NX©¾‚FÎd¦$äiÁ!IZY¬X»|t]<@ãYD
Éû—™˜"ʶÐ�}îUµ
-µ<
-endobj
-1131 0 obj<</Type/Page/Parent 1068 0 R/Contents 1132 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 494 0 R>>endobj
-1132 0 obj<</Filter/FlateDecode/Length 1936      >>stream
-x
•XßoÛ6~Ï_qè“ÄŠå8þ1`É’¬š¤[\tòBK´ÍF"]‘ŠãýõûŽeGi±-œH&ï>Þ}÷Ý1ߎRà_J“!��)+�É
-�h_Â6ηF¦Òïr²Â‚ÅÎ;Åbà¶ÆÍÖÐVìì/ìåÖ�~/4Ý^�ØØšSΨ?ß}øíþê:>¶Ñ
-¹Jh¾†uüÒf«™/¼énîmøc�Þd

û“5
-\"3"Ï9wÈ\UƒŽai:B$œ´
ЀšñòžN²Ìj¶áÉr6òÁï>üÈì¯D†à†ò´›B9²–>¢çcZàÕÕõ=É<˜uŠeO÷®+•½£©÷AÏ¢¨%#dÛºp¨JaŽ‘ûj
-P©ºaÆkeòèd~â·„#€î}i�XÊ"x²°ékµå£¡
‰l
o™Ù a‘Šñ‹Ð#¯<ô[•UÆš¥c*#�n¢¼O:³ÀcC8ŽX3Å‘b¯ì?zlû@t%(c)ú¹Ä–UŠ]Wr¥ D;ø®Ð|qAá"8㣢rÏÌÖ[‹¢Ûm6œ
yBf¸ÎBOò^E{¤†t˜ÆJB€TÉ„M_+´D!“
-Á­diðÕë¢èœšË‘	]°�\Û ÷¸%>œBW�¥•“ÅÎ[´2&'•KÁb¢ø�t§ˆZçèt¶ÎÖ˜0ü Ó%Ç©•Ëyms�L@e1N€Ý¾Ûø	@T¦ÆPÆéSÖÖ^/âø6{i\ì[ärÑÈo—Ö<ÜE–ÀÈ…*ª@“R9¯üp‚Ž™Ç•&¸>“¡f¦×iñg<½ÐŒç>L²gCt÷ódŠŸÐ}vë';*äsÔzôkÓˆ‡aSÏ�‘AµZK˜ 1ûÞ�õÓ&âÚ�p&à\¶b†ÛÀ=HiÓÝ}¸[M¨ær„£Â˜§zÓ.Œ³È,xbäâ)L&ºêow2F"Ë�VÌ_t)3
O<îüµÏËÏ3�·Fcô…Üh|àúœ†Ýg;qcŽžÞ›±§OСn›‚ýÔÛÓ�K¢Â¸‡H•†¤KŒ&]¿ÞÉžPh¾þá„�õ¥ÃîR<µbRª–OŽN‹;ÎG‡U©Ñrd‚Õ¯;Àð‘¸Ï‹ö³/d¥QmN�hRÛ�ø?øûÝøÅbù™ø•µu\¼VúáŒëµ/ª¬KÒu¹`ÔË}™J�ý¬¢íZeë�¶qLN�‹Ex9Ü£ ²œ�ýŽ«
+$«|#–1„æð÷L­ð
-Ÿ«@,?2Æ	ðü5ì±÷xì£ÁA ZBÅ€ìKð�B°0
•†I®	Îv®oÚzv4è/|¸Ob¨«LÙæ–³£no–%™GU¶æüXáÁ)H_ü}Õ�«Ïž åS‡fù²vþþÈt
ïâ Ú쬙Ü1½4âæÈsÿ@ñ¢Q	äØAèm.vý{ÌÚ7S_fÊ…Ò�/nr�Ç�dN›´§cÜë§g4O“ÁøœUóáâöò‚>Uæ+æº2Y]BÚ{v?néO�ÝWwìÿq³÷uö£»üh2J&cü	ƒíÏ9 ×ó£?Žþhs—fendstream
-endobj
-1133 0 obj<</Type/Page/Parent 1068 0 R/Contents 1134 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 499 0 R>>endobj
-1134 0 obj<</Filter/FlateDecode/Length 1478      >>stream
-x
ÅW]oG}çW\ùÉ�šÏWòƒ'­¥Ú¤5VT©’5ì0βCffÁüûž;3fƒª*RÕ$&à�¹çž{îå[«KüíÒ¨Gý”²U«“t(MûxŒGxíáÇHšãÁxL‡³À‡
ÓA2ŠGûä_ŸíÀlR¿Ä³ƒn'¹üwfû�îþè Mº'ÍþñKkÐï&�Ê£^’†=†L†É�Ÿôq*å÷ñÁ‰è†Ã}"ûœo¦­‹Oêvi:LéxDÓÜ'Ö¡iv>]JšIëH¯�Ò%9M"Ç{R–ßËRÌ
-I¶Z¯µq4׿ÊÌnídNkaíV›ÜÒv)
°ÜHC�b5|»²2OöñDùÓô¥Õ¡v·ŸôÀ¹[))Óå\-*#¼ïµ¶VÍT¡œ’Öûªýêù)·?³Í‹O—Ô„äÚJX²’îé‹*s½µô0%aI”$*·”¥SYph¥AÈÁÊ
¢v�!2Hb%ÝRç¤Ê�.6
-×�OŽui	añ/æº(ôV• b®HcqÅ?³«YÂYÒ\2Ü¡KŽeï÷¨Ý&cü�ÿD„ßà{EJ[#¿=meVåvtE‡|éƹºZñŽŸ=Hws7y|.ô³ž?¾ýpvŒF»räƒõ°Ä‚’ÛjÚŠ�‡Aåë|Ç €@ŸRjG‚™`Ø*p 
²S÷-mD¡òx:¡I)ù‚‡ºÎ8rÆÈu±°`á*2Æè
\ç\^`‡Š4ê¼’ÖŠ…/�Ñ>¼÷µÑ>Lïì¥BpxÒÄ�é\&Ñ{/Eã…Ä	l*Ûƒ#&Nò‡c&só01DæðF„ÆÙÊHa™>¡U¶ª(PøÆ•FÆÍš	šéEå{ë€hýËýaÎC Œ\i‡þõDG<ªðmmä‹ô¡y¬½©†çïK…èÐ@øW€ß%ðßÈ}ö±üu_
_ÔP¤½|	Z@V!${rÃy¡³¯¤+Td_`P&�訲Z͘Yh'¤Âu?nháœ\­£¯Y#mU@ÎJOCbÓ°l›Õ}‚bxò¼©iÃx®ÁJ#¿U
-ŠÆÔÁ«†x">뀗09=•ê•D–éªEg UÃŒƒéø¨‘oXagÆÁ!)X]ˆ)LzÁL™í(�d*ß*[V(ÙœTÂ{ñUF¢	¨Y
ß±èãžœ¹^
iðíØø'MôzˆÑááûN
ÿ71<$rB1¶¾.Œ®Ö,ƒ^›=`—¼ž¸UÓµî§+zwÔI¹äú×àœ½;Ã0\T+..ê|Ö0yH›	¾cý(Å)ðB e˜K!@–g0vÐ`¶`npJ”‚ɱ€
¾‰#�ƒ a®¡²[J±éaÚl‹;”Õäð“ß38NDe½å cQcJ)±àñ‹†qv|<ˆDã


©ýt‹Zï#„ª‡ÙjýäÄv×®ÕxrÊö÷àT–UŸ£xx\¬)9ăV"èàãŽm@ù6?Ðŧ,.TíQ2îR½ÔüÕKGtÌÿ|õƒ|uï‰×,Dô›*«W²;Í"ùŠ1îê
aÍŸöO‘œÚ†0ŸŸ®ï?Rû…n'÷×wþcðx–»üüD<íÞ8é^pü¯u�éätVl�jÁä­xü—Y x]Š%Š?“<rm„2vq®ÕÞí‡È£úvPÔ†Ã××àT²X…³%¯V:ÇÜ‚’b;ô+Œ]JŒòÀúP|-‰{÷~ñ½�.»%
gêÅó+®3»f^O\4VÀ�}?ÝÝúV«aàAƒuŒ1
œ�‚[}†¹‚Uƒ—÷Øœ¸:ÖÜ@j‚µx£ä–²¥ÀªïEÆwÿ¯“/Ó	ÔÊ“ñÛaóì¦ø¾5îS:è%Ã>Sðñúþæš>íŽ[�yéó‹
ûl×7Ú£–âØÜ#|{KñµŽo÷R6úqÚú½õ7=iCendstream
-endobj
-1135 0 obj<</Type/Page/Parent 1068 0 R/Contents 1136 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1136 0 obj<</Filter/FlateDecode/Length 1317      >>stream
-x
�VkoÛ6ýž_q‘îCT’%9–Ü-Òç>4I·¸(†vhŠŽÙJ¤+Jqýïwø�íxq‹.
d%&ïóœsï—“”FøM©È(ŸoNFqYÒîÑÞâ��Ï&qNã²À{šgñµ‚8<Âõíc8<*ã4Îp!}Èn6)âi8Š×b8û�Ùìlº�á;fÓ³4³ùn}#ÚtœÅåa´Ïf'É«)¥cš-PŸI‰—Êe:¢ü\«…¼íaõ†5sFÌSÄún)T'9ë¤VdD{'ÚŸgŸ`jLiêMEY
S�gKi¨Ñ• ½8¼X‰†©ÊP·dnæ8§ì;½SòkòFªþ+™�éDCsÝ-‰¹/Èt›Zã\÷ªCXÖûˆ¢4�3ëu-ê:kšùŠ³®!·ZèÖÙïvL³àið1XäH±ÔšÉ
-û¥—-ÞQ­ê�µqàT(ÞnVÎ8‡º­h-ìÀYå<ß\>#^K„rPŒ8Ë&hè¶n¢[j¸Wwº¾¨}UIWrÔÒÖh¡ëZ¯¥º…Ç–5¢-ª©ÝwÈ;æh-d-žúîŒhj›ÌäEÙY\âÎ=¢U-˜Hs!PoÂ÷üí‹çôûõûÙ5ñ%Cz-ÕÌ>¥¢¡
-šé dÙ‡\T6+[ WFKe+°^×B†ÇX;àþ‘KÚ@‘¡d˜Ì™YRTQb3IN-duJQCÃû]àáÎTÐÊïœ#z©¬¼µÊ
-
-endobj
-1137 0 obj<</Type/Page/Parent 1068 0 R/Contents 1138 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1138 0 obj<</Filter/FlateDecode/Length 269       >>stream
-x
��1OÃ0…÷üŠË׎ƒíŽ)…­TK,,®ã@ªÄŽSàßsnʈ„,ßpwﾧ÷Q0 øÈ
-¸
-endobj
-1139 0 obj<</Type/Page/Parent 1068 0 R/Contents 1140 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1140 0 obj<</Filter/FlateDecode/Length 1448      >>stream
-x
•WÛn7}÷WàU€du·ä
-;¨\e
‹°¿ñ¢ö÷n:Ë&,~'ʵ a
-vSKÍh<n¤&‹ìŠ¥>�©Êµtd7ô§QOä�>ÈÒÓý@nßÓ]eèÎjᔿ󖄧ƒÔš?=áõñî7ÚˆRécôõ»2ÕÓ[2ö@UPZ}—,Ùä1žÖ¡Ýêj»k-éó\è‹-*-Ù9b¾Ã9l„#K{gU!	¸œA€¸`Æ:õ="ãpÒÛÊåçžsd­&/ݣʥÏèÖ)T
--RãtΖ2cÕúY´Áý Óµà÷úH²P�‡Ž2…B#UBGû
KØ¥-F
-"QæU§ç=Çy€6Vk{ˆ®€µ!ù$Êý¿$Rûøq‚¦îi†"£Õ˜%{;�YºÛ=·«§µ”‘*“۲İä¬<s�±sÄx
-hä8�0ÊT DþÕFì‘3TµIŒç8rê„Àt
¿©4¤8©fPœ1�isb�¬�ÑgïyfóP�AwœäÀh-y	p@Ø
-æ0ƒºÙçÔèä½åÃþP¬3ßÈ$ŠbÁ†7#ºæE0ÎfÓ	öË<[âëàògóÝ8¥Œ°!ã9 —‘´‰±mYâÜá”ÿŠ9ÿ’†ë¹‰³ïÜÔy53®HGœClC±I„Sl"úuccD/•/ãÆHž(Í×g¾«Úÿ·nM?tSóâ¸K¡ôKÍ	¹©y°;´,æg°!ô<·•	�»›WAvÜUÊ÷Ïôú“î�¦ƒµ…yý¥W_©ú5/A†®nXsuzðåi—ÖŽûÜæ�«3Uîøëô°´� ø3ÔÛMŒŽ¨e?Ñ(<¿Ñ…öàã�
-wú6É+Ò<¶ÏÙ¯.D·D1£Ò†¢•ê±âD¡ªä:âR®¹ñNJ|Ʊ0?küz¬vRòÜŒ)µ‰‡mFõe¢=VpCwqõ%t™d5�ÅXšÙÔ˜Þ,›kj÷ù2›Ž¦¼ÿ>ýŸ_m|�xå—Úl1ËWøáÉF'×ýçÕÅÿ
-endobj
-1141 0 obj<</Type/Page/Parent 1068 0 R/Contents 1142 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 502 0 R>>endobj
-1142 0 obj<</Filter/FlateDecode/Length 1629      >>stream
-x
ÕXÛnÛF}÷WPq
‹º_ Ò
ê"­Õ·
-?I1ÎŽh:_Ó³O&ãq°Â“Up{únFõ—Úþí2XÔF&0ÚXïžüõÇ«Ù"ÓtL(£ñ|„{Ý/)=\½Z_
ßÌh<¦uŒ€«%­#wψÖáõ:�¿:Mõ^å[’�"+RþÄP‰'©Þªœ
-£·Fd¸¼HE(­{TYI:v?~·þ€;�,wÇu!²ß‹}´	¬öOšÛ¯)ÓQóûD…	Á‚3ŇF4Oáþ:º¶[ÊŒ
-aí^›ˆ"QŠ�Àmï¯{
eݹ¨wÑ
�;jéýEG·FWEïäûïh¯ÊÄ…ì9½¤§ÀföíLNç‘mD¦ê¼*÷¹¾W¡ÑVÇ%Ý¿ž‘ÌCs(JsÄ~tnO„M¤
h�(ÛÚÅ϶Ô¯¡¤�Hó$K•5ÃT‡"ZvjXµ¥Ö±ìŸäùÙ¸Úx#ϾL@|9µqݾDÏ_L‘,d1huîJâÒØË„b4g©,Ž1¬º2ô[®‡?©¼z$7N–ì{òù*ÖXFZÑ;!±›C]Ì�4ö¼A¢MáCŠœš€Þ–Šœ6’B�*õl!C82ÔÈ'gÞô
ŒÁAÇ5¢í1]p¬M&s2Už³%—œÖŸm:µÀ-VÛÊÔ÷µÖlhTQông@
-†,f>ŸuæO­ºþ¯kÞ÷Íç솬”®f‘«¶<ÀÂ1â3>ZT.”høcoõÍGÊÈ?4ÌäÂ&ÿ"EÊ–Fm*NOÐø|Ë´8fÓ	
&ó`…ïà o¾}ww?#>Æiï»ÏLðó	«�…âIóÇš/¤Ù©Ðe´k¢gRT ”Î?#?U#j>ê„*¡\G2‡¾‘0ÔU^6¿Âè˜AûÏŒi»6s¹'í”Bâ}=–î;êÁÍÙN)´pBŸ)ƒ
-Sÿc(òÑD…Œ<�®m;+�éžµÌ.´vó¤]h§1‹æ¾Ô
Ë=ÅÛ[?RZÈ5ˆq�Ÿ]£`΂¼Á²™ˆÀgš�CæqâµÓWîpŽç¤Œ
-ÉÕ¶IL-|˜	0ªTè8% ‡
-"	 ¹-žF$R°
-©Š™¢J7Nv÷{:ï%%y=5 ö�ŽcѪyy
-endobj
-1143 0 obj<</Type/Page/Parent 1068 0 R/Contents 1144 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 507 0 R>>endobj
-1144 0 obj<</Filter/FlateDecode/Length 872       >>stream
-x
�UM“â6½ó+ú¦*̇
›Ê�Édrɤ6�ª½Ì¥‘e¬�,9’<,ÿ>O¶™&‡5ÔÈ­î~ïõkóÏ(¥>)åsZd$êÑ,™Q¶Ü$kZ®sü?ÇŸ“TÆ
-endobj
-1145 0 obj<</Type/Page/Parent 1068 0 R/Contents 1146 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 514 0 R>>endobj
-1146 0 obj<</Filter/FlateDecode/Length 1435      >>stream
-x
­WßoÛ6~÷_q@æ¶bÉvìè€d�×<ÃÅ0ï�’h›­Dz"e×ÿý¾#%ÙÑæ
-S7”V@E"�µE0=÷|1ýÃCR‹”ËðÃÃ8Uùnõä‘õF”½U»šáptRnï³ÁÊoVISpÃñ˜Oƥͷ½Z’9pj#úYg’ÒZn„˜ºÚ¾*ÊÈfBS*pŽJñP4ée亊Ü™£Ô˜5K=—”_õˆëº”¦T¨­pÍîÛghË4â°Ãë«®jë‹k?¢ßMMèµÓ±§vÏùÜDœ¿
-U2ᧅ<Ê—]öÞú‹ÏM©s9¢ûN;]Á×öá™[Æãë1°^¾Pú³mãå²ö-~.SS¨ŒÂ©o׃QÚq55=ãsbCWÈ/¢<ù뙶׊šLtp~ªµg©ñ÷>¾7MÆ›�Ç$îÇÚ$%
-¤
hQèLiÀ·UÛÖt›œ�{©Y ×Â�f>2‘�W‚¢V‰G`ĺÏÄY¬d0Œ~
-N„†óºnVºã©‚É9M0šæÑ¿Ád¯h͸4Í⛶.0SYä�Уö^Só
§§ÊXÒhGzKO÷î_õÄúƒ zîfMÂۛʷö%;
ÚzK7`[S¹Hrs¾`éÒ„;7«–Æ
Óe”‡ô”wSñL'€$AÂD#oÛ­×cýIÇþ1ú—¡ÞŒvþU8�›Ó)v¢9V
-T¨R…
	Ì„¥1`ýG¬"¼ö’8ò­Î>BP!cÃ÷±‘”©ÂÌõáÒÍ…Xù¼ó¥¡®å¥y¦Øã§sn�ÿ°–_Ö•Ùb-nñOkš&ä�ëÁ/ƒ¿
\àûïendstream
-endobj
-1147 0 obj<</Type/Page/Parent 1068 0 R/Contents 1148 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1148 0 obj<</Filter/FlateDecode/Length 680       >>stream
-x
u”ÍnÛ0„ï~Š½Õ
"Å’\K9&M}kÑ".zñ…&׋TI*‚Þ¾CIN[#µa€àÏîì·³þµÈh…oFeNņd³X¥+ÚäEº¦uUb�ã瘎ãÁÇ,Oó˃ûÝâf»¦,£Ý±6UI;Eˆ³ZÑN.·ÚˆÓi Ï�º–BÍä‡æ`OZÒI›OÁRkµ	q�
‡Þºòµpìi°õ„kF‘ÂzÍA¤W»çÅŠ’|µ;µüáÙy²†Ž>=“<i6Á“†ŒíéàlïyÌ‚Ks|³Ž!¡Ò½²#h���iö{uô)ÝIÉÞkó4©žsg€ w¬D�uãá�ö˾ֲ&Ѷ,ΓҎe°N£¢¹ÎIÜþŠ‚xÁn7ÊŸî�×|	œm�
Ü& “à
3´‘ÉÍö–2 ‰íHŠl¢óÕöñÑŸf¡ãI»µü©�™7^†YEFóOé#	j¿jÛyllgâ¾±&
¡IiO�PŒ«qÏái¤òª%_f/€9B
-ΪNÆ †û9pl~P¤aôë~®XÎLÊ´ÊèÜ–}¾)éߢÇó7Ï|꜃C"ïšðÈ	Ó§eÐ#hX¡ñc}C»LF4è–¯mwRkGH'Û³“Âó»j0jù_)g­[pò,;§Ã@mçZëÙ_OµÎæH@,CEÞã¸~8ûyVV‹Wx»7À\ë6ÎÎEZv�†£­A5N§ÕZŠ½~20�š}'¨±JGR—#¬§:›|xùпHTsײ¢J«Û‚²2O«HëñîËý}söSCVv
Ú$bObI¶ÁŸSUPR®nãý7w¯ËuZn*8»E/Þ-¾/~Ùˆendstream
-endobj
-1149 0 obj<</Type/Page/Parent 1068 0 R/Contents 1150 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 517 0 R>>endobj
-1150 0 obj<</Filter/FlateDecode/Length 1685      >>stream
-x
�W]sÚ8}çWÜÉ�!é¾¥™¤›™NÚmh»y¶ÚÊ’+Ùaù÷{®dc’��N3€ìûyιW¿Sšàß”–3º\PV&ã	~iÿ|ý8˜-–ã÷4?/¨ ÙÕr¼l¾izt¿t9��§�Óîwœ.­%~nh¾¸‚Ý9¬Nh†ÿNÒ&\N¦|||ða5¸¸{O³	­6ˆ{±¼¢UÂÅ/ÙðÛÃý_ôEºBy¯¬¡ªò$LN?”ÉíÎÓÊ®³Lzÿnõ÷`Bç³9ÞÞXS9«é“òU8aÓeôq~9Ïø©ïJî”yö²­0Ïü%x,[�žjÏ?W[	_ÉÉdÜx™ÕNU{Ê•Ðö¹ñ4§é´ñ4[¢ðô w¤L0ò(ŠµàÂÀ„“Z
-/Iùp$ÖJ³µ�uÝü2­¤AÚ•E,’ŸTŽŒ¨Ô‹¤6/«
-q¦2L/cŠ10ZÛøõ$²-l®6ûà´6¹tzÿZêã”î"¦û`+v/*üAÈ)\|Ì„“›Z“±8³”Ù¢t=Ñ‚´›à2”xk}E±0àjc8kF!@_)­÷)»–{xÕ:Ù(-éÐ'XВˈèDcWä…2@€*š	ƒHª~R÷¦y:¶„±%Ö¥åŽçr#j]ые¤&üR8QÈJ:â
-Ok)
¬Éœ6¨Q|„M�IÙn„ö²oµ=~aX¹ºÿÔˆ¼¥BUÖ(
kø¡R>À­vàl
ôÆ,CeúD	8ÿÃîZø„º·°ƒ�Tm¿Žf>6¸C®è,óuˆ˜F¤hº–çøšý¤�ª¶¡ìN=o+*,Ã}]W§
-�¸±J]	dÜ�/@2dÀòJ¬A•«W‘Ê–À‡ûKuqwHï±´ã6Çts¨	âÆA”½­{É|qøÛåG'…;(jÏøÉ£×u®XËúϱ0ôÍ~ÞéüV•½‡OË}ÒÊ7Ü$À…¼2Á”À%°ôJ瀠ãF<Kº†€ÿª¥æ¨Ê€MüŠú°n¥Î™\Œ¯ˆvPˆ£ì@S”¥ŽT”E¸Âçø6¿Å£­«`#F¯HxØmU¶åÇ0
Ï™¡GP�½Nò>/DSæ�è”Æ!#"{Qa¾=GÅ€Œ½Þ˜¦›‰ò0ç›Úd,A¢/æ�뉸A:"wð^¥
-‰)½X£÷<öxºDl�Ø{l÷o-/¯czw¹m„#ô‘‚Qí�"Ì5U"�Ù
-~Ýmû¬lëÇ}�ëH/ßp™KŸ9UÆ-­b¡'•Ø»ø3gØÔ/ê>p¹ÁüÊ›=‘­v”âãí
J±Q,*ÝJáýκœr
QÆ.ùôîH¬Oˆr£íéZÑP˜‡ÄÝMˆLNJšºÅêÍ%è¿w ˜ÅÆìŠeK‹Ïðõu'
èÃZ¬ú-ú”TRyè~R…NùÎn
˜½5²Ða?;Ð$–Œi%~Júü:»‡‰š­ÊDma*"Ǹè…^îñ ŠíCBNxÏ:/õ†ž†aóhB…ý±“Cp‘+_j
	Kc€€×m-°ê\5+H
-endobj
-1151 0 obj<</Type/Page/Parent 1068 0 R/Contents 1152 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1152 0 obj<</Filter/FlateDecode/Length 1798      >>stream
-x
•XÁrÛ6½û+vt±2#Ë’íHN/;±;î$Ž«I¾@$h¡&

-Siv 쇫чË1-V€ƒy*Ë\²?¥°žÏ…#lòøzVC:¤{™äjÿ·
zÈ`:™TVù
aÙ
-»¡5Þ¼„Ï›ž[¿"	ņ.ò\9ÄÏ©½ZHQŒZÎdÖ
�B(]ïÉ|INy9Ž^¼£)²Ìé>:=¬
-t�]åeÊ:¿/(V¯i,¹k¶u·Ó–n–8ÙÜÔ‚J9Â
-0bKñãGkªò4
yÀÄ’=47‰Fg­t¥Ñ)“r`¥H#°NK~�/�p<þ �hÝ
¢,¡#ËM-ËJ‡çWVJ’¹,
-TaöG¼úEœ!¶§ïƦ!…™*hš�´P¯ÆÜËSÇíŒÒ–¡» ûuzÁ<Л¸ug“’}è™'ÐLž”0´!:p�•ÞAÑFuOo²9¬IÞOa¼Aœ»öä'TÇ×-{„¦5P²Ó;…µA#/U�{†`’Û
-eie¦^vdb}ß�â™À¬@I"�Ûó³nå
-Ǽh,
…�&+`Œ³€AŸÈ�H›¶²—Ç…xêkÇçfŽÞC�uIx(¦<IÃõJ�C5…:´qèøð&8e%·M” ó/†¥­L/|@»ÏÍ p»ØsûóžoE¦}=ž¯a
wh0,'¦²­Ç žp›ñ¸˜'¤/‚þ–ÖŒ¨qŸßzÞ´X8¦O†ÕEzÌþá~Á4MÁ5�‘Ž•
-­­²éº�Ð^A
-¿ßÁ>lÇí»mcÍ^ôWž‘ãÅl{³!¯6À¯
^7ê¨
-€£Ïþ‡öÊËVkão
-Ž–YöÆY¦i÷àêdž�À?„�¿M%ïúx3As;ßž‡Î¨a×!œz=Ž|{Iÿò­—õ–þ£’�ßäÍõìQ‚6Η»V&ù"žd8>ǃ0�(¡ÀyøüÃÊh;áàâ»DÙÅvÝ™êèû}µáLàJˆa£�fm;)u½!Š|ËÚÚthí½QeXPˆèO@ú•”î!­4î#˜qÒàÃ;Â
ŒÛOÐÃVþ-@p'ÄÞÜ"צÂxUÛ­ë༖§3üãü”fóp™¼¿øtyAwÖü‰fJLRñ\$<
-Œ=j¶Í'ïþ×Õõl~6žÏÎqíÅ0xú–�]-~;øÇIzendstream
-endobj
-1153 0 obj<</Type/Page/Parent 1068 0 R/Contents 1154 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1154 0 obj<</Filter/FlateDecode/Length 1504      >>stream
-x
}WMsÛ6½ûWìè¤Ìز¾"9½9u=ͤ±ÛF�öà‚"b`
-í½¶ÆSj=lh»‡ÓªvF›	OÂð··¿þÁ—韇OÿõnQaõnóíbJW³Åd÷ã*	2ª¡T犤S‚}ÁpȘҞ|&^cë<�K©ô‹š°­ëû4C$ÒÕb‰°aõ‹MtºgLÁ(°&—*ëö=<¾½JÉÕ|=Y�¹/LrÞ
-Ç…KºB�ØA…ðÏÌ…OeÉaؔ¨*§�6�…g‚}Iä¶ÏÊ€|@J[›*Tuž¯Ú:J’R8Q(`¤63óC®¸%sòuYZWÅicV©Šý·oÐ_¡7Æ)ð0§~³#ƒ˜ö„*Êp�¯{%kôÇbQ£óœR¡ó(¤�<aZ§’Žn¥TÞÓ�2Z%£h�wb×ò½ý4Jµó€’®X2¶BÇrë"»@<t”Í·ôi1Ã@×ÑèÊ\Ã6JÇŒñ(DWiH
Òÿ4ÖU{g‡^Df¢P•sè»:¬ 0|§
-F\:+URƒ…Rt‰1˜@‰N8(R¯Hs¥âÔ<½›Ð†å¡PªÂÞÛfY“ï#L…0º¬s('‡P8§ÀŽïzçl]^7ÖA`N\ö!	
-¡
-€^4†žúHìDÑÀ6*�q:”pŒ€ï?l†1
BJs±ƒ`zJ”—5•D˜ÄÉ>�$ÏmãxP»ä-öB>‡ïÏL+k¤
-÷2�&;T(‹¶Œ"òÚÑAÚ¢´Æô¹õíTî$Ñ·4ä¨GntI£fÚnô:¢­®ð:Åÿ{3zœ’Åù0þ�Ú×v_Ëy‰p�îT…f!
à]àñ•äas¡Î]5À	½3ÖáM Ù� ºEE9Œº8¼ÙT¹b=ìÓw}X8`€·PÖpDÙ?iky
è°)ß6Ô6Ö—D¥¢Î1t:J‡Ñ†A€Íƃi,ÓÒ|D4]ï™(�€2ñCQC…k#3Å49Óp+¬2žžý€½z…˜sV˜
�ƒu4÷AçŽý�±Œ]ZÙm$ÃÖ´{\”¶e¿Çâ`;cæço’TIµøHå–&!#bO�Üez—åø;N»ÞnyºÉ“$ð“ü±.RÒŽÅ ¢aM
-?Ìn´z¿œÜpò¾Þ~ùxK:û
ºGwVÖ%lçŒöêpáj=ýpægÈÿýŒY®—“õê?‚àg±bs¿m.þºø
–º…“endstream
-endobj
-1155 0 obj<</Type/Page/Parent 1068 0 R/Contents 1156 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 530 0 R>>endobj
-1156 0 obj<</Filter/FlateDecode/Length 1440      >>stream
-x
µXÛnÛ8}ÏWúH_%w�}H±í¢Xt»»õc_h‰ŽÙH¢*Òq¼_¿gHÝ̤vZ` 
ÅÛÌ™9g†ùv1¡1~&”LiSZ\Œ£1¾t¿þùýb>�DcŠ“i´¤‚æÉý(§Ï¼žâÅ›(ÆÜ4ŽæÍ€§¦Ëy4¡ÅrŒ¯ͦ³(iF<;cvÏ.¦ÑŒÓÄ<[.º‘Û;äùœ÷ºµ<;³ÁÉѬ·j>_z«&	lô#wò`«âîÌƘ}Í2“dMá-Њ›
ûvuqó~N“	­6À;^&´ÊÌcZ¥£Oe*IÐÎÈšÒ\¥÷æõê+v,š#zõé�Wþ[{ʈ¬&QUù�ìVR%ëB£tiè³(Ö‚
-Q7u§dy´@•¼×ÝwsWë]u³×užñcºžÌàÂ*Õ7û›G²µªrIFÚ+eÆ'–´WyNéV¦÷î†t+Ê;™ݱÑ5®Ø(ìwB•Æº¥ke
FªtcïÔ´uÔÈtW+{L)„¹ݯD-
-ieÑmy w°Ý
-K{YKçMr_>”Úº{áùåäÒ_¯u§/ÊåÆ’Èu)[ûØ�À˜
ÔQ3å2�½3F–V‰<?\Ñ¿²ÖÞ¬Ó¾"RO½ão˜€_!�Â^a€(c§7­»Ò'�j9çRlÄÁ*½Ç1Vy¬|xÙu%Ãa·Úðïî`ÓžÑ "ðaÓ!-+ä²².C� Æ€Ý@(ølƒ0ÒƒÈwÈŸ±Þò.)Rçÿ³0õáÃaU­T†+ÕE%¬Z«y…̵ۆ Óˆ•i¿åt±[6°ãPãmDÚlƒe`M­³]*³ˆVàCѲö	¦…ÎÔæÀ‹:ü†TÜeH—
S®<,Ζ6»¥qRíOùhG=rmÚ÷®ú9&bD©å#ÁìPÆ:¥è¢pžŠ©®ki*ÍJÒ°£I…ï³Ò™â×;!
-¡8bÝ�9ëÖh 	çù' ŠÈ 2`”�¾*ïz
-�8}_Óý…ÑÀXΓÖv�jÂ럪c%k»„kW`K_YÏ)Y³±%ánx(È}C@Y:ã}åœ{$Q¾�E‡�ªTÐ.

-S*J
-ÆrÃî:f+?4pk'¥œ4ƒû]	åFÉõ­è¨…‰ŒÊtÐ;8Uº~ŽmÚUܦ²5p»Ýµ¦¹t³ã—ƒæV*g	ë+åsFÀ=|Vµ{G@�Êð�Òf²’n–2-MyiY§øI…w
øbUºËEÝôÌè:\á
-íŸï¡äû7š›:†¨£÷}¼ˆ£yó/¼æ
×5?¦XGphóe´øòÚ¯êßhîýÓÂè11•LÕF¥LÖYúÅojÛ]ˆy›2½2ñkàW×Yåí‚s¼0XÕÂt°óÌ‘Ïm~Ô¶öÞ
-Æãæ3Ó7ÚŒï
-endobj
-1157 0 obj<</Type/Page/Parent 1068 0 R/Contents 1158 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1158 0 obj<</Filter/FlateDecode/Length 810       >>stream
-x
¥•_oÚ0ÅßùW}¢R�ð§„>¶ë�ªi릦Úúâ8†¸Mlf;E|û;	i÷PM‰`ûÞs÷\ç÷`J>SŠg4_/Ñ8¢Ë8/i±Šñ{†¯´	óËh<ë/Ü$ƒÉzFÓ)%ÄZ®bJ2Bœ(¢„¹Ì	*™}9Ož�fËñ[†m¸ v]g¢·žI#¸ÓæðïÃ�-ÍùÉzq”rÌ´(¡²"#©¬,#½!—Ú1ÃJᄱ”IË+ë÷äØ=öZ&ë+š¢_Öh¾¨Uß)lgÜI­h/]âXÇTÆLF¬Lmd!ˆ9gdZ…Úw;©¶uÈ®¼˜
¢>T²�%«KÑŠ»½èI¥³ô4´ωY:V”¡ŠÃÙÓ9Êr:yüv÷‹v”ÒZ(´>V­gLI.mƒx:G‘¹{@|8S”B6q­6…äOn/„ªIcRPb…£WÉêꯌt0d…ÞX¼w¦—ÛGHaãû¼B:~¹W‚öÌŸ�6¨µ¹ÞSµ#<ʶLÊ
Gi
- #ƹ°–à¶�Kï•0$šWÔ†8%
-ž=±Þ,Ç&ŸÊ?–¦ðM]ý˜r¹JÁöE£¶
¡!<‡Ö	<0çq;_ÖK
Ê^z‰�²Ú7ËgìÓùécÑøÆz.!àø´uå<gj+êl]£À@¬(
-t�—ɇùv°6ž<誇3QÜ€a³”ˀŸ˜â¢xÓOÃP§Ÿ2ÆçäÈûíÊV¸zG1Ôº“á_x�ô«0Ff™PÁï“õªqÔt‰·ÓjNóÅ*\¡×_o®é»ÑÏxeЭæU)0Vþ–öÕ�Úí£8ºòûÿï_Ä‹q¼\áµ€Pó•Ïð9üü
ñNendstream
-endobj
-1159 0 obj<</Type/Page/Parent 1068 0 R/Contents 1160 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 538 0 R>>endobj
-1160 0 obj<</Filter/FlateDecode/Length 1729      >>stream
-x
•WÉrÛ8½ë+ú�ƒ]eQ¢$kÉÍY<“Ûq"¥rå
-�8í.øЛE§w	+}Z¬÷x2¥EêÂÅ�ää¶RºVzCó¦,MU“Ò4ÅJÀú º;]|wÇãI{¼»8ù ëʤMR+£Û—FÇþ¥Áâ¥7r£´fë;UgTgÒYå¨s)¬<ó®lëÛº7´¨ÕVÒW¥S³³t³ 2ÄXÈ$ZÙÂ’*Ê\R×2e÷}êÆ(œn• ëy÷óí[Zž¨HFÎêüöãÇ«ùœ´(dJ¥*åò4¢ÛJn•i,mee‘‰%³ö1�ß“'®„¾zÊ‘ÏDä¹�üÍÁ8q ¤+ÒT1D"§u£Z"Wõ=™­Jaxußf-wbô^QŠ$oRi_³ap­,‡Z­ME
-íîaÿR†(
-‹û%šiùÆ@a6ªr
-Éé±+€Ô
-…Óˆ»¶5<
-á†Ì�K‘ƒÓÊ‹Esoê!€V�üŠf¡¥"íº}P´£�×�†Öî ‹L‰cyä°~+
ñx1
-[Û“¥Ä”�´3'(aì—]¿p— <
-endobj
-1161 0 obj<</Type/Page/Parent 1068 0 R/Contents 1162 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 550 0 R>>endobj
-1162 0 obj<</Filter/FlateDecode/Length 1866      >>stream
-x
�W[oÛ6~ϯ8(
-ÄbÅ’mÙ^P`½,CÚ]â¡š>Ðm+‘D—¤âØ�ßwHQVܘ‹:¦HžËw¾sÑ·³˜FøÓ,¡qJYu6ŠFxÒ}ýùëY’D	¥óI”REÓq4i%ÝðiJgãhL“ù¿ü×’ÖؘÏ!&|é
ˤñdÍÚ£ñ<�¦þp¼ˆ4Æ÷”5$Ý‚5ô–ͧ�öâ8�5ãQ
-ýÅé&úß쯱»áTo··®(‰ÇѼ·;gQÉŒíÂÕxŠM¿r‚{kìŽGQÜßí­yw
ôzw{kìNÓNKž$Ï«Š&ð}Þ®Üno�Ý”±ôgy×…‰Îù*Ëõwó¸ÀS¾çò^oYÑl@�{½%Œ%pô¸ÉFBé(„¾çÛå)‹þËkŽi¹æ;É(‰¦Ñ4�Ó2wtÑ2™ÙBÕ¤Öd·…¡\eM%k½ZÞ�]^/(ž°„a+b8@ã"ï´¶¨7ôe§‹Ú¾üêo�#Ü™ñ¹®s©É*2Ín§´…*IÍ®T"g
ÐíDàL®‹üY¥4tP
U�±Xk|gª^›lî™­À¢•Ì;+œáPz93—PÅ':ý%¸ŠË9dæ¸\Ôt#ª•87øi¥®EiÈ(g§»Œã°ë@EÅö‹ÚÒíÀ»MØbwŒÔE&„žöÆ@úê@Ÿ‹:W{CŸ–ÞUw\j\Ux ŠZpÖJŸâ�»5£uû*¸—¤ 
Ðý™­jÊœ*•ëCgŒÔðÆT«ˆaóxA™ÈswbSª•(i'4°�džD�E‡Uº3kU–jÏâxœxæa¼ x™j´‘
-gÊù ×ôskv{4‰Q™àa?OOç�àâecôe©2Q^N‡ËVòSÖnTKê×Oº³Ò ¼d¤ž=ªå¤j¸ùœ�+ĴΘŽ€¥ËÜ®äL¨Nʳ¶¦=â&eþPWç^ƒ%TÆžGDï¶2»÷lÇÉŒ•!HUa
-£ËÐJÜwô0ÃÅÈÙ&2d
ÊB&jäÃîàRÆ]vÅ�´}ðUöIÓØAiA3æÕª::´‚[ß
-Xˆ
-¥H~‡OJ.ÿ‡:G0‚À›VÌR�dÒÝʧ×U&i»Ìà(ìñå
sÚUBv�kŠç2l×h!ˆ†|�%
Ë=�º­Àž—ŠÇÒpu>6“f—£ïÛrï:8åBêÑ�ôõ,ÃÛÁôöUˆÔNl0:¡|T
-�,jü¬`÷C£o7¡
-Ì@hù­)´äÆÉâ¼ûÓ€ý˜+Gd”Ë�¬s ´ƒÒ-Àéjã¬�yÄôaŒêbY
-å¦AýFq@©´ê	|Ìl1q}jŒm)åèEžs`}#Ûæ½?™…ú¦±[Åýå“ò8úÕ%�Fé”KcÃLvR}§¨pkf�w³×½kܹÅ~
-è¶E†€»~Š¥ïØìô°×p¹
ƒE·ƒÐnFšJ€7¾´·�×w;ACv´Ûr”\JPˆ*‚ÞR0¿:uï�˜�ß©Új´I¨ìS³T†Û=L£Jô¨{OŒÀm¬,j3M1¢ßºÞz¢º핾÷�IÖ…Vµ£ß~+� ONw<9íyV�!"—bütEݵVÕà€ÒúÀ+^0ëp¢­KI×¥eÖ ‚Z:zÎ%Tß³ˆ0¥œ#âh+Xqè¬Â4º.¯ÕHK®€ü´V/î5½EÃø1ö·Â¬‰ã>ôvDÙ�µˆê^–eDQÂ1‚´Ð45Rƒ9#ÆŒt9ÐÍB`̱£µue%‘×ZÑŽ6„*þ7›mDÃá�€ÎÞóäC(W\cÄsS %Lì0í±*"ý™˜gɪ)m±C,³²@R°ê^�mÑà2_1uÁT7A·c�iV9
-Uf•ÆâH s´xùÕ%Y
-endobj
-1163 0 obj<</Type/Page/Parent 1068 0 R/Contents 1164 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 553 0 R>>endobj
-1164 0 obj<</Filter/FlateDecode/Length 1895      >>stream
-x
¥XÛnãF}÷WT„ÆX´î—ÍÃB¾eز"i’]¬ƒE‹lI�!Ù
-›´FA>>§º›4¥d˜dŒ±-’]—S§NýËE›ZøjÓ°CÝ
…ÉE+�èí[¶Å‡
úí`L½Ñ¿÷A›2I<ÛÂéêÛ⻋îpt©?J¨×é}ÿ)¦åEý3îú0äžå»o†ìoÞs¯Ë¶œç¼[Ç7«‹ë‡�iµ¡vÐëvh€Ðúƒ­"P‹Vá%ù¿5œÎz­ò#ÿü–?ª4ÒCãþõxÔx¿úù¢EÍ62‡�úÑngò8ÿ0©N׎ÎV4‰÷;ñ¿É¿ç_´ð4�/+uç°°èµZ­/žžÏoߟ�žëƒÌæ·öüõCŸÚmƤÓ
-†ƒ15;£`4èsB“Õê~¶š>Ͼ¡Åý÷§‹û;šß/ž¦Ë%..9ý뇞?Þd$AË�¦¤³Hf”k
-‹,“iID	Jå�¢L½º»G]ÐR$kA;mò+Ò©$½¡ü€ƒ:�T®tj()LŽâˆò¬�ÿd× ^³3zéj'I„¡.Òœ
-#ñ”=�Ê0ç_sÜ~óá�‰Wœ¡BEì®E/—*�
®dZ祱—÷.É°LrŒ˜ýpùÒé{³Ùî�¿Óš#Jd²4Œ
Âv:Þÿå>SiŽ»"JTzêý’beòàkæZ·¹äÆç
0/2#¯¬oàÏÎ[[“«8¦½6F÷øPæênT,íŽÝëHe° 3…«k™J‘ï8@抇é¿6¥üÐBúÔó�@àƒ­‘Ù‰§ñ�Œ´å|—I�ª¥ññ­�É�(b—y³Ó	:­6RB1Ðâ(ÔsJb–í¸â!ÎrF_&)_Dep�½*<.RälŒ•}ø4‘+2*كαÞ"Š:¿Îrcs(VaTº-™õr©³¯©êËû
-ýM¦˜)E:ÐZ×�OÆ
-
Ðó^¦Ô˜I4Oöé,–™TÛÝÕÝi5Ð�Ôx:’–æ±@6ñu‰ƒTã‘ÓÆ�ƒ,cVXºT¯Îœ¦âUmñLÙ„�¹ã¯	‚ 
1$" ÿ 8f§t·‘>©}/bËhÆÍà™r1;‘‡;fÊXö„#ÊY ‡JQb�2²šøNSÂ
-Ðìb,0c–2ÏÙë�)c‘¸ÿŒæâ‹eìçMýpº3,»þKÑ«ôÔw¦2é
¡÷—ekªARàP¦èeÔT[Î*×gé�$ ›ª)®
-jŽN™o1M 3¾h…_EÆÅ=ƒa¶ºî`BúÆ0
Mò\&{[@ø{UAuêì3½—YÎ*Å´à‡�
-w¨3��sRSXÖáÌ»­4¢Äð³#™e°›@)ÅÖ�¯ë‡iæŽà;iå:Ç¡
-Ešba.DÊìcq”Q@+ØóD({Ôìe¨6
-�–LA°|R¥&‡’ʈ+$Ë쵎evp-}û©¿;måó 0\
ž7iÓòa¤úð¯Óš×rº�Uø	ª¤§`Dhp(K-«séxà fHå òÝÿ«ÒÁ.b‹ƒ8"®³”\iPI¢eY
|–°ï ¨¯™p@2zð
-`Åj]ä9D¤€ÛdJ›Î`¶à^?ü••a)cÞXª ­às0{½/öV
Y
-«¢úäÀï©LTØò”7�
-Q&þñoíÓ�/‘AAÞpšºk7ŠˆÛIØv3GƒÖ3¤lDu¯ÖhL°Ï£Aãê�
-lM[ëÍ-Õ‚c¹vºûÕ¢±ÑÜ„b�}$Ñ‘Ú}>âÜáùŽù˜Ü>b‡
×£³wË�S×kýù¡Ólcm7‰P'	ZÄ
nOÐÊ
-µGË»›)Ž„=Ùl¸vËáZh7d|Æò}çËšª3ç~pW3Ê
-#/e,3vôBšÜ’iè(_NÄ'n&N;=m�åx²S’cfóVœÊ@Î
-endobj
-1165 0 obj<</Type/Page/Parent 1068 0 R/Contents 1166 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 564 0 R>>endobj
-1166 0 obj<</Filter/FlateDecode/Length 1777      >>stream
-x
µXïOÛHýÎ_1Šît©DŒí' qRôÊ©Ž¤íII?,ö&qk{}k‡Àýõ÷f×›˜H=©GUè²?æÍ›™7“þu��?

CêGç¾çS4Œ¼�£!þ⯖´à
Ý~»ûí ˆ/¢Èp8§0èã§]e49h¯±{<ò‚önk�SßzýÖ®ï�F°å¾é%¦~xÇVâ½—€¹Ã~è�¸Ã·~„£Œå„Í‚ñ¶–9áȨµ×ZæØmû
-_l¯±ÖÚWÛkÐ
-5g
-‡ìu˦„À‘õÖP%rIí!¿e©Bª™PwI—qœ¥pX+Y7~Å*ÏE‘<çµK1ßóë
²6ðšKȧ¢–æ^Ù&­W„«iQÕ"ËpÙÞðhŠtY¨,S&,ÈG‘—™‰ÁJmð:~«u†Ô“$bà*AÆJ&§›O'œ-È”~H½ðØá'ðñ~wë•j©¨÷‘´RõÏ•Œ5°÷bêHd“ESuø
-Ætñ*iq6»ß]_�¿ÐÍälö±H¿ÐDjDÿl¶MÏï‰ÙÓÿÒ¼²Èà�Y+Ð�£Èm;¦R�G6�®Š…¢À¸ÖÂAüÕœ¸F8Oiöî–Þ#UõïðbàCÙ�(EùÝNœàGX‘Êÿ¯…Á$=Âß¾àÁ
-eS?4–.X&‹L,«Ó™ÿ8í¾ïè~v¦à Íæøº½ùíf>_•=ƒëÅɬb�–5dòtfÏïß;¼¾¡‹»«O—w4þ4¾z?>IooîhúîjB·wW×ÓË»Ã_çBFqŸÎܮˋïbu>ß+‰_mY™ÊÙ©…ó�æóÎ뙉ÍYaŽñÉ:ŽeU-ÖYöÄ
-F[4�k[Ùô:¨½®Ók„¤�áÂ
-É8IXš®å†šRªè!F÷Zµ
gªÚM´iBçO”È…XgõaÓVÔb!5ZQ–¹FÕ
-ª]ñÁ”ÛlZž�Þb°:]å÷^¬ŠÅs#]>¹k¹xÕó¼+j"µGã¬RPT4£®…&OzÐ&#®ö¬ksm�’ÄyŒžÿ7w¤¬fsÏÚ¤p
-y†éç»kpAHph�ÐO&i`ÚÀç¦ÍÝ4Æì/´ÊÁ��ºQ4Æî»d1z€é)\¨ÚÖð¡E¾Ý 	ÿšÐLQºRb†ì¥mʃGþM‹Çè+ac´,…æü±¤Û'ÏÝפ‰ó¨FtJ‰Š23½©€–:«ÆQ3Úšp²B!ö B¿ 5LD#�‡¬RkÄÃzgld„.d‘ʤÃ
-ƒén­YIÈ–l�®•Á€)ûen®=
-ÑV�x¶]õ~þLWÒ0Â	ó¯änŽ<Û�k"3	×­¯“?–h™«îxÈÌŒ&©ýܶ×D¬ÏøHl$3ˆðŸ
-#|Ö�Þ(²ŸÎÆÎÇèê+Dž.T¼6yžá»=w¥7ô1ª粒Ápà
#ü/_„üÒåôà�ƒ
-endobj
-1167 0 obj<</Type/Page/Parent 1068 0 R/Contents 1168 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 567 0 R>>endobj
-1168 0 obj<</Filter/FlateDecode/Length 1261      >>stream
-x
­WmOÛHþž_1Â5Õ%~K⤠…WtÀåÀÒ©ºØq±wÝ]›$Òýø›YÛiä´À•)‰½;Ï<óâ�Ç_[.8øïÂ؃�aÚr,ïl>®o¹ÞÄòÁŸø–)¸Ã‰5¬®¸im_§à9®åm­n_ãêhˆ%Ù:Öd‚¾êõ@ŽÁ­1'cü=rkŠÃ}“X½Ùó-·Úì¡�Ùz´ì³!¸.÷�?C™ Ân°@<™$r‹ˆ50
|ÅÒ,áð>ø‚¶^eÛeQ™ŠE΄2M™ˆÊ5zt¨â,·à<Ü­!Gt–eJ¢Ë9p‘«˜ã}YZb€¯¾;ÀdQ×æyh7!ˬD†,iz¹í†&8³±`IßkY€à<º}�1D|^(�ñ@òÞ�HÁßáæ8\P¤´™G½"l(ëåBb�yÈ5ñ…¥T�VÍú€’éZÃ�}odMð©ïýbßÅÂÖ‹
-Ïs±Wè>ܘ¼L,4W˜ô¾Üd“Ò²Æ%\ß�œˆa_ šh}
··A,å=(4ÆÄÊÔG¼,HüÄ�VwͽèÃFÙ5®KM+”$¸ˆE±Ú… ‰!}ßÁ°‘Bÿêë£P�óXŠŠ;¹¢
-Dü)ÑsŒuÀêÑ­ŠÒ.¿Ø¿«
VµeS�“KöÈAù’SÎ~ͤl¬k}ľÂEmâ7½Xs@z÷º�:¿>¿
->ÌæÓôðV%OfÁéôsDÏÄoûŸöÓý¨¿ÿqÿrÿæsób>M²Æ½ëÓ›`vLÛØJ&GIFý®s¦òvµw9üÁy†ýÊlÝÀ	3èÔœ¿ý²:D®±uføôoÕ€zycÜØÌÃ…„vþëßÑÑ�{x‹¯àPGSû‰)[gR&6fÓîxϺy
hºš:‡i‚zñ,X�¦×€&ÙÔ.´²M/Úš¥wÌ07O†ÝY™‡ß’óȺ1rYà1Ø~­
bçiVÊx¬[�xG¿º�ªcÑ—:óÿ´f™>F±‚�âì¸NecÖ/ï¬I¾´sÏtqÇ¥ð_‘¥£ÊÚ{“õàMÖÃ7Y�Þdíÿœu§:Ù~Îz®d^žé1Íñ›)ß(OÙü;½ŸÄw¶Nï¬PŠû†Å^ó>UzƒNÂRlà)ûÄ’‡ð]‘Ã9°DÍÈH”8‡”3¡�ŽØšMðò
-endobj
-1169 0 obj<</Type/Page/Parent 1068 0 R/Contents 1170 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 574 0 R>>endobj
-1170 0 obj<</Filter/FlateDecode/Length 1583      >>stream
-x
¥WËrÛ8¼ë+¦rRj#ÚzX�½lååĵÇ›0å=ø‘�„„´¢|ýö
-Ê�´¤�#ÛT•©ÞIÊŒÎdåȬèÙM­´“5ÝS(½~Fþ£E±#©°ºN(Ý(KøÞn¤&A…Y«LÏÓ¯½sÁ4ïWíAX'¬Uk-sr†Ê¦pª*$qt~…V¦.9xaDNKQ�!4™šVBdî´=}ĵÃéW+Ú™EøÞ(TÂßðè襤\®ÇE
-�#š}äh­äo$Þ�â©›Ò_¡M,^;3e)t~|Òv£²
eBÒjlÀ"¤Gx(
-vgE“£[pÛ‡ŒÇ‚0|,å
-�Pmò&ljo¶’Â55`ïã-ꎇ:CoYÁPR\ùlj"zYÄZ³ê€zQ´©"
-WÔ)í3�äµxa|Ö°ÎAÔØ�¯<¯ÂQ@¬?k	M(gê Û�ר5/í�
2 ÅÅÙbx‚©äµ‚–©Ù7±–6\"k%5˜%s6q0ñn4�µ‚‹bô/÷æò�_ ÜLËZÈyQ©{ÁÐè‰DZà-ÈXiëà”�ZY¡X$Aù�*K'd\Ú•GÈ 
-X–lÚÁ¯[+é�©ð$l‡LkÀjOÞ"úRRø„ç×`4O†L¸­
-JÀc®®/©}Ä`�²3þ!i)Ùˆ–»`C�©ô´=¤]«lx N¬äë¡òÜà1'–lÃá¤ã)ÅŽÛÖ÷FÂÜrºWh<7€äé}šÞP)³�ÐÊ–6¡·"ÛU(2�=„}Ã_piÃ3
-Mã@ÁSÙaÑú(�R3/|B^$h?M­ÜŽ²�̾qeУIJ�ù0¤K©×Þ�î%ýáH)H$ú;ßy£S~Ç
-“»>ðXE�»çqÆa/,¥ÐÞìÙvÑôb5™÷cÑ%ö#L}Ù†wò`ËÀ~Ó�ø¾–&—iÁ…éŒs14‰ŽpÐN™�Á{;­ô(ò¾±vgoQG�tÞJs8Åÿ|ó1Mgþ_�Ï/?¼z‰)×|ÅlEoºã$GÄåƒÙù"öÇ=4�|2›$³é<L<“	ï}›öþîý¬á®œendstream
-endobj
-1171 0 obj<</Type/Page/Parent 1068 0 R/Contents 1172 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 577 0 R>>endobj
-1172 0 obj<</Filter/FlateDecode/Length 1861      >>stream
-x
•X]oÛ6}ϯ¸ë“ÄŠ¿?ú2¤kƒµ[·xè´DÛl$Q#©8Á°ÿ¾sIÊvØÚÂŽ*‘¼çžsϽʟCàï�æ#Ï(+/ÉbAdzÅÅ€¦³A2§ÉbŽŸ‡ÃA²$#iƒ‡X~øˆ�GóÃÃ#,8÷è¯.Æã9ö™Ï“)•4ñßþ£ »‹7«‹ë&8ŠVÄ7[Ìi•û“´Êz«�¤µ°*#UY'ŠB8¥+ª�Τµ¤ð¯¢�nY'kK¢Ê©–¦ Lç’oï�¨k™“0º©òËÕ77�ÇõÈ–ë¬P²ráFG�÷é>kêìì³Ixp@K†0L&ãõGÓd�ïUÞÛh#E¶£´g›ºÖÆù`²�r2s
gL´U²¢Üàˤ—¼å€úÈÿ‚÷ø«sMüg˜bzM¤#‡l
®ÑµQÂIjêB‹œrep–6OtnÞ)åµF–ˬ4ˆâܳ#œyÈÙkú-ìÏKCä´Q…´çVŽŸG{km#™.ºÉó/FUNšw
|/½¤Ïwý_¿¼íìów¼
“gerfËç;¾L�»‘Ó$�rˆè©³3§ MÀÎX�=Ž‡:j³ß2;÷ãüŸ+IzWèu!KK²Ê 3,ËûUe�P˜ª¶þÑÛÒooŽ.�jG{�[‰¹¯EÆÂõéYK·—²j£'^QÂ(ÝX:ê)è?ÊÊ&ô„%pE_U•ë½¥ŸV¨˜¬hrÎ~ËŸœÓ«›�vû$ †¯j5t{‹å¿ÓÃt˜,^ùRkw]N)C^Q�δc¹H}nP‚Qa{z¹á«xäh–L˜×•§À'”+x§÷LÝ}…ïýN8Šhö¸/àHS”;�„’Š4&t¨Ö5`ç
-¨Ã²âP)µp;XðGH¶ÛŠ¶V¡M�ÍdÅn½QÎ|͇b6;”ÞíÆ+-×^KjÅk®’ûS¾|2ÚÊ‹]áŠ×ì8ÔJÊÜg�.
_‚A4-’ÐZØÄ�ÉI›{šeã
-¤dÑtúód1¤¶TÓÑlîG‹£�øû] {�ÒËNÜ#+ù.ÁËrê0aкqˆÚ' ]2±|Œ¸a”ðÌ	¸ºòPÀ3šßhñǸ[7íÅ0l’ËMÀ|
-y¸Iè+·uA˜)œ¹FǦBg<>:DÔ‰†»ÜâŒn¿z÷ÆwÒ�P¾}úÞLºì=:‚†Ó´³Ãip7»l
-åàtàË/Xwm†‡KT ×_`æÑQ)¾ëï¬Æ¦£0ÿ«Æf~Œ¥�4´Íæ@Çó¡€'^¸¸‰´Óh4i/†æóÁ99é%+GfÚØ�T>Ëàe®×4ZO&sÌ€¸a˜ng$$^ൄ§JÞõHJ›)RÛ
-
†
+xµŒŸg¾N	�íÕ«
3X
Œ>/̶±ükÒÆËà¨1mÝÊ:uº°ÿ®ÐËþ²ô²0Ž„‰Éê¢á9ÞüD®¡Áµ�µ¥æpóå+WBK/oè@mW’ÇÒƒóúу{5\ÏfFÕgªÃVÀw¬ˆÃëM¸q¬þÿóJHw �£<ôæzPL;¯cq®~}}Íí	‰³‰…&3ž6¶2©¤»æ Nùgñìø±þ,ù-·'ä·èúÓd¹XRvx‡¹Év®©¶ß°‹hïÃÉ¿ÑlŽ—ž%¿‘÷în>¿¹á
ø^%é�Î�qˆ=‹1õç¼ç½ÿÞê'óI2ŸáWþ�nÊ»½_]ürñ�ÐAÄendstream
-endobj
-1173 0 obj<</Type/Page/Parent 1068 0 R/Contents 1174 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1174 0 obj<</Filter/FlateDecode/Length 559       >>stream
-x
­SM�›0½ó+æHxù†=nÔ�ÓV­‚ÔƒMâ­±©í„Ýß1�U6½ôP¡ˆhð›yóÞóï �Ÿª²ú1ˆIEž�òºÂÿ)þ‡!Ø7Á×’š
Ò”¤qe]�¢¬¡a€¸8†¦›žÖRêY¨#ìš„á„Ú±#½VÃZ¾va¢†ŽÜqc�â4<bã†3p:ŒO†÷Ôa�*³�Ò—
õkVkEà“¥�oC”d$E^áÙrp'>‚P øŒ/먔Ô	œ±ÒH7v(@”–$÷°É…t€qÁ× $‡6üÚîVH¿A¢ŠÔ^BD´iYmë^.ߙܵlÃÃì&5ªƒ+!Él{?*b’=&¸:ÒÍͼ…'zá(1WàfÔ•»õˆ1¯ç�ŽÅ„àã}´A„ó²Ùó4iã@ï‡bò
-íÍÔ°Eø“z:ÑNHáÞ�ÿGSB&,íP};i-ífÙ•|Øî–@øÑgëç…�°im7ÿ, 2?…bz¶ð­yH}V{)¸rö»­G·f+¿öÚ�ü®4Œ›ž–p-IfÜöFt˜QÔ?Ãz„Ú°@ò#U(ì‘/[øèoë2èÞîH0>гtd�_o	LJ¼¥uIQ’º,|OÏû'ønôïÞŠþ<â¢K<<6ºB¢*~ôçŸÅѬáñ&=~ðkÞáWÍ«œTxß—Àç¥/}n‚Áf;Úendstream
-endobj
-1175 0 obj<</Type/Page/Parent 1068 0 R/Contents 1176 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1176 0 obj<</Filter/FlateDecode/Length 1439      >>stream
-x
¥WÛnÛF}÷WM
‹ºX•Þ€¦�Ñ<uyHú°$—ÒÚK.½»”¿ï™]êÆÄI€Ú‚$’;3gÎÌžY=]Li‚ÿ)¥3ºYP^]L’å’Žov�‹	Í'ÓdJóeŠï‹4IÉJ*±vB77éáÉlžÜŸÌæ“dÑÛÜ.’—‡'ˆ˜Lú·½ÿ4™õKgp¼¿Z]Œï^ÒlB«é’VE0Å�üÅï2k×kU¯éÞªÚÇ/&Ó²r߯‚é4�¦£›9ܯŠojoMÑæ^™:.šÓtÚ/š¥€‹E«�r„— ·1ÖS!]nUÃ6dJÚ˜yƒ»OÍ>tcchÚ)¿¡·¢ÊDBÁS4Ϥ;³äèMo"°sóƒ×Òš
-8ÞþùŠr­dí92®Ù=9i·Ò^Smp{#ÉàÍÒNt$¬ië"¡;cÃ+±ÐIXH¾Ä–EÕhéƇ°…²2÷ÆvI¿t¶HæLÍ_�×äu¦Eœˆ&}
-‹t,´tÿ3�~QÖ1R®{¨¥,ØP�΋º`ÖýFø
À˜na@!ç*rß
-­;*ÀEÝk ¼“º¼&åé¡E(,D¹�•*
-4†¨)“~'eÍ
-®ñQS#œ;]ê'?zik¡é2°7š›
-H‹Ë„Þ�‹žú›�¸¥SmÃì
õ°JLönc
-I+Om…­ï
Çc�õKhÌJLevR¶(ƒx®‘¹*³Á¾¬E%Ý5�“(oEiëÂ@Š0 z¹±<8éþ×Õ´º•n¨Íïx(ðôëZÁDnñ%“ý+ÂÛ)­ç‘eƒ§1VØqšŽ�"Ì_”ÛÃĆ„íQ«pÄ99d0ð£
A8%¢˜¼¿H#�V™B�DLÙ\KQƒHä±ß8q2 	 
-~Y‰ÜwÉå	Uthľ2V6ZäÎœ¢Á!¡„—}ïá€fZ>JÌ}‰3!‚0^9ž}u9uÇIrÏsŸñ÷8Ã!'T:’•C<Î7Ì9¯‚–~Ù× 6Ûz¤�Íuõðœƒ3Æãa;±g..º´A£r˜ñÝòx¸¿]â'G8ÞåwÃ<�'é?�øÈ1OÙÑëÕÅßÿ
ýE Fendstream
-endobj
-1177 0 obj<</Type/Page/Parent 1068 0 R/Contents 1178 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1178 0 obj<</Filter/FlateDecode/Length 1323      >>stream
-x
•VÛnÛF}÷WL‘¤v€ŠEêbvá 	�EÜZEQÄyX‘+i#’Ëì.-»—ï™]R¶n-ÛâeîsæÌ~=ˆi„OL³1%SÊʃQ4ŸÓÝ?³Æ͈&É$šP:Ÿáz~%d$­ ;¢$žEÇí›xšâº{ÃѨýך§	tƒ™1”[ÑÇ<Æéq4ïì&Ѭ“Ñ4Æ]°�¨îByÄß$‰â¾»7‹ƒáûcŠg´X!õé<¦EîCÑ";z+—Íz­ª5ÕFUN|ëe!Kûzñš)ÅP`ÍÁxM¡{ô±’´·ä4å¬4ƒ‰ JÊò[ë„q´¼E.u!2–pi%eº,E•ÓN¹
Ù�,
-²™QµƒÚF8ÈgÚä,ÌAÀuœDcv-̺)e9VÇ{˜BÐü@¯ü½Ï‚Vª��“Ue]H’7Â{ĶUÐ7ÕÚR©ÖÄ)OBÊ#:æŒã(MÆÈzÍñ
çÔþ]§4te=´âZ†¯jzå‹Ç%‹CÉXóÅwÃ¥ªî»Ô
-‘E>ªG¼3ÓTmCG¸¬œŠ(�цJi­XË.¥øA¼¡³A¼«ˆï*÷F(¢ž‚p˜ X»Õ�!{k�,‰iŸDQà÷âeL/Ç4>;ûþÛ„îÐ9èš5óMC³Y±³
-9F³Ï=e$sBWWgm+|ÿ¿I¾nœãFòćID¡„E¹ñl’¤tuÄ´½]íÕkÜ
-ôDè	Ï“	ç˜/¢�+l-ª¥æõ´aÂíÖnÐBjÏòmÒC鲡·”‰:Ä
B­¥A½¬Òv`E×Â(
¾¹G_¡z÷
ƒ$Å ƒ%焽¨4–rM|0?>lü½ÝßKÈêývµ©ì!'°6¢d>Ì62Û¶ÄxW—p¼¨D)=1óVk,¥â�¿®ÔŸ`%à“B¿ðï‘l»Èð
-endobj
-1179 0 obj<</Type/Page/Parent 1068 0 R/Contents 1180 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1180 0 obj<</Filter/FlateDecode/Length 1581      >>stream
-x
�WmoÚHþž_1ßH%py�Hý�ªÍµU[媻J‘N‹½À¦¶×ÙµC�úãï™YÛ8$§žªB0»óòÌ3Ï÷'#â߈æcšÌ(ÎN†ÑbA‡·Á‡!�ÍGÑMsü=šDsršÖ8;Äíö¥>;ž�Û³cœ¯�¾dv4žE“gfß._°üúêœFsZ®îl1¢e"ž‡´ŒOotYš|CUA…3y«‚Tž„äµ{ÐοZÞ�¼¾šÒwÙÈ`<�f0súÃV”©=åZ'TZœ/Ù’·™nÍyZ[G{[9ºQÙJ‘ßûRg|¼ò:¢�%O¾t6ߤ{¤Û,Óy·ªä›ì^�Þ˜½â¾Š*6©)�öpf_Yíå+É…|amª]'²ûJW8ÞfÈéš
fª46�jOÀvÊžBÀNßWÆáš6pëHµ¹2ƒë�S’O¢S¼_wMÓr‹<[�;_ÑVyŽú(ÍÕE
-ém½´JÊm¶cŽ�UøB\:àóõ·V3çÙD/-bèºÓ*yÖüÐzc�[‚3^XÍÌkÔ¾C¾†°/„)ROAÞû¤Ë8Âë£AÒl~« 
-4T×.3ÞC"¡:K|ñ,ò#%�x«ãŸÈe°î±èý.òï›È –9Íom•&˜—NÑÍÇ?>|¿&o6¹Jöæ³à
Ì�$HRÀQN´mÝ!@Ÿ4nÝ(‡@H9™†éöÉ®8‚²��ŠVT¢M/Nz^¨>G&SbíÀ(©EÁ�µÕ<ˆˆóäÅ@¢frñήú„|ÌÚ4Ó�íá1íв�MpS¼~½V(Ú9U tP9‹™"6;u4Ù Ë\ŸVA£AV6Þ¦Hkg1­q¬Ö»c½âìƒØ(¶¨.÷ÞÓ¦àˆ¿½¿üüùžM½CÕ…sf³­Å4²íbnœÊ3bŠÞÞ¼Ãh<J4°PâjZ®/ýcJai*¬SÎ`žøÒb"49°E4$¢›?á•ø<T“óÙW«Ì”�““=†]š9Ï­Ló€
-¤ç»×¿]>¸³×5�=0èù¢ñ•Ù/

„�)£)"ÀúÝgÁ¸?˜íq¼ÆLͺ
-vpS›sé8JUt‚ñË]£Öò€Y<ßwÛ}½d¤nq¬ )‹…DÏt¯­7Mþã;”�[`§˜ýöÀ'NeÇ›­Pµ^©A&yc
-endobj
-1181 0 obj<</Type/Page/Parent 1068 0 R/Contents 1182 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1182 0 obj<</Filter/FlateDecode/Length 1490      >>stream
-x
…WÛnÛF}÷Wv
-A›ûú ymÀ86»ÕäÊ�—=|p`²ˆæ|à½�5ÛF�ŒˆÜ%bc·YŠ•å›
-áî]QTX$µ†qÆ“?˜ÐTÜšX§•„È~˜¶ð³‚å…BÒYæ,öºu
- 
³þŠP)W[í™7uÀ7´VÖ¢$õ{Ô`�*ûÐ|DÝ8Tm“¾Ÿß7²By·:Ž¬kh@ñNǤ@°Ø ä«œ\¢îò
-q4o/ʶ1[(éšËd]ãÏGÔÄ"È"AnØ tXÁ{¼ñ;º¿`ÞÚ{Úi•°³¢õýËÆ{DG÷|Ê·qiêöR{Š4?èñ&ÕŠ¢ˆ«Yöý¦êæ'951¸\
-endobj
-1183 0 obj<</Type/Page/Parent 1068 0 R/Contents 1184 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1184 0 obj<</Filter/FlateDecode/Length 266       >>stream
-x
e�Ínƒ0„ï<ÅÜšJÁÁ@1µ•z¨Ô6~
~BìLU޾뒞*k%KóÍÎî~?	#ÉPA$"dq!R¤¹âÌ5Úà ƒÝs
© [¶d¹„nÀxA×›*/h¨š»®7ݽ>3�B2äé0V"c~óÒÂ�ee¿hÅáúë„Æš;‡]®[åR;Ã5pÕÈ�ћߜƒn6ÓÓ29àƲf]àHäÓ9S&"ö™ú&¹o·Ú{ÎëGª�±ŽšßF•/�'¼žÈ½÷¸=ìñ6Ú3ãx´õ<�q¥ë­ñÆð�UTxþÿR•
-•å|–¤w=éà=ø
)l,endstream
-endobj
-1185 0 obj<</Type/Page/Parent 1068 0 R/Contents 1186 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 584 0 R>>endobj
-1186 0 obj<</Filter/FlateDecode/Length 1816      >>stream
-x
uWÛnÛF}÷Wô°iëf)ò�ÀIkŽÛX@¢¢X‘K‰	Éev—Väã{f–¤h:E€Ø4wçr朙á÷³	]ãß„–SšÝP\œ]G«�þ³;<\ÓbyÍh¾Zâ÷é<Z�Õ”âì5nwÿ}úýlÍqvÝPAó9~„‡œÏf‹ZL¢	¿\Mñ3<ñÛ	þŽ·°½ÄÛé|­š'~{ò!¿5AÍgœn‚Âm‰éÝúìêÃkš^Ó:Ef7Ë­	‰Ç�:®mæ�”ë'�»óõW9>Y†ã—³y4Å…ñ]é­IêØg¦‡æ4™4‡¦Kd†C�ªØ*ruUëù=@1ynY¹#Sñ]üÕÈ‹]n¶*'Wl£Ø”)UʪB{mƒõkzÍÆ�ßlJ—S¤�Ÿpñ%Üû'œš†S×t9A‰ø½kòyfeLoè‹Û+«ÖNÛÍ8Ñ©ªs¿9ÿ™˜BeåO•¸Æd›Öeëz)!Àô_¹VNÕTÛ6‹.üB•HaÇ	[ªÿ–•ø½Pœ5©2i¯$&®]zº}¸{÷ñßû÷÷ïÞŠö¾È9hÎe0gSim
£¥­Š¿í¬©a'Ñ^e¹#˜
ÑSaMmæ­�ûç¬LÌÁ¡î äŸÚnµ5®=ß•‹C¯›C \6ç”á¦v±Í¶:AZR¿··�—<|^?HäQúô„V©R[ó¤/hÔ9|ƒ0퓶#*´b2앧@«ÖŠó
-Ðá0ñëŽ×MdR¥\AvT´€#ŽWj›k GºŒí±ò¨z›Ò
-±ÔÂÛô­4Ù3=f9oU¹ƒŒ!6Æ2ED¬ÃCæ÷½Œ®wIU•5* ƒ²Áx)åÃ|±Gx`ó}¨¼K¤5b`¼ä9·ÇAþ'\/ä,?7®˜Ø¦̉^(�ð¢žÐ)…Ì\ÂÃ^ã²Ë ã@ÐÌA'Ãv÷
-Û¦‡†ŽkRûgÓÌ:���ðpSÜJ¶¿:}ʸÁ´ÓH1W�ã
á4ø;ätƒ¹‚Ž*7+•m
cob“S©w†‘„‘¦[1˜˜iHMâ.1V¸V¢€„¼5ÊÊ Å±®<·«¿‚lð
-fqjlðª5ÆÚÞfÜ;ØÿG‘ËAœ6A™…qS³=
-ò„ŒièÇ�[‚‚«©4"nšm·‚@äAÏ„ò;‡aw
-Uº8ÄÒ®+Lt»f¹�fÔ4öÞÊìäK‹{)\`ÕüF,SYº {MÓb‹1xÄ2Ð�_Üd�GÉsš³é!ýüÔ#z4)<œ´E^ø í¶3ÂED\Ø1»Uëp
-endobj
-1187 0 obj<</Type/Page/Parent 1068 0 R/Contents 1188 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1188 0 obj<</Filter/FlateDecode/Length 1040      >>stream
-x
…VMoÛ8½ûWtj�Dñ×ÚΡ‡Ý
-/JöZw.Þ»Ö¯#œeZø¾K{$V(¬”O]v�³æÒs¬)Ð`w!¯‹%À¨==?=ôv™è-ü@±©ÿq-—k+ÈÎ�Ž¸ºËfÍ1ß qT^&há©	7ÔÍaÞÑKuUu„{7�¸c÷sQæö„ª±7ãœyƒgBÛt^×6óç†g“”KbWQ·ßc^Ó0±D{8ËÕèD¢½è3Æä©Ì�¤É“;
-endobj
-1189 0 obj<</Type/Page/Parent 1068 0 R/Contents 1190 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 591 0 R>>endobj
-1190 0 obj<</Filter/FlateDecode/Length 1413      >>stream
-x
•VaoÛ6ýî_qÀ0@bŲ;)Ú
IÓ
�t«½}™÷�’hK�$z$Çÿ~ïHI¶åØ� ­DÝÝ»wïîøÏ ¢~"š�i2£¤ŒÂÞt¾þ2ˆ¦³pNÓhŽ©¤q4oš§‚ƒñü:œP4…SœN®F8õO|z3#š�ÂkœEÓœ¹>:zÄÙlÒ~ÈgwËÁåÏ74Ñr
x³ù5-S‡
-o’ÀȤֹÝÓGJU)òŠð»e,h¾¾[~sÖÑÜ['S _¦Á¯*¯òjC¢¢§%Ý{Ë]n³Îvìm§E�íxÎØöÖ˜º”´W5eâE’èl^ÉHý"59O‚ž¤½{ø² Jà{µ&ï;—Áâó×?£Ó0
¥$´¤o'›ÜQ2=u3¢a4ñYÝyì¹» ]–'€àüíþÓ„Oø¸çÌa³;E±HžëmKx¢*«€iã½7i³õ8&Áô)@œ»ûOß%á4ËÀÙ«J@ae<ƒèPœ‡Š”NQ«…d3Ù
-¦Œ·Â˜]JÃoà4ÔüÓ?üÃ[¡O¼nÓR4V«ô�Î	ø�Zñ
½ï.:Š¹ƒîŽTrÈÒÅã\øG\+�‘	Û–kð‰ªŠ=•"ÉòJúc–È­ÇI"�
ƒŒâ¨‚GA·�”
-+baäêå¦É/¤%œ{ôãÿ“bÀ>8@¡6è`×1È¢‡ ¥Ç%…ÞRUWöHä좒Œ_è=muþ’rƒ‰4m3æä\4ßW!=¬ñø5µK]½àÜð»º1’)“=±‘o«¤ÓÁ{â�#Ó¶ƒîåÏm‰�´…ô
-E“Ò‚V©Ú…´hâvnWÁ5ȇRiŽ”RA©´"/L¿7P"Eù
-ÁñøKå‹,Ô¶”à0Q©£‰fE3qx’©Úò¤cЖh) G@«]£¯Úb(×C=òX‰±„e†²²L€Ã…t”fj+Á84C/@/âB’Qp8ZJ£X‹*É0F\Åy†Î«k^Ú(|h3­êMv·Ú©)
&ð·ÕʪDüuå›Á‹²’;ZVVïz©µ]tæÖwù}Ô솼b-b!?¤Æ<Þi®e‚°ç·~j£°]­�A/òNÕEÊŒa¤i¨kH•Ò%FÛžÞåemôe¡°J.7—Ü$¨(ûþ®u¾:r×£…RφŠü™‘›&lÛúGªþÀ{öËãíÃ=Ý>~þɇëvaÓ­aðÁs¶ðûô	�Y€÷71CêýUž} ××ë[Û¢²Æ÷O#éób¢^hAÅÕá¢Ü¢„"V/ò@
-u5ñ»úí:ðp7€s`G´‘?æ(P“SOëXB¥Zn‘ øÍ�cy©.yðatÜf´3㚥}fp‡ÒҚЦñ)¡ÁwûË+Ýë
n+X6jÇÓ-Þ/F÷@+üߤ®•q&ª=)è]S�^ÀеíЖûÓ‰<,x21š£ýÓÝõ¸±Üˆ4{ceyáÌ)ß
¶ŒX’~®€/A&˜¤˜–XÎزŽÊ~ŽOjwÑŒ* ‡4´•Ü§^“í…�÷AɃO¦¹õxz¢F󆸭WÁ•Ÿ‡þ
-|y
Éî*7>‹^â0ƒ²v&·<ô‘òcl€,;¬G’ÕuVkMýA»�t1î�7§úצP±(þƲKlŽ)Œë«§¼É‰ëÅÅm~Õ,û#é5À}¼ë׸ָKÛÙ—ŒÂ“Ý\â§ói8Ÿ]ûëÕÕ”=}^~ü=’×€endstream
-endobj
-1191 0 obj<</Type/Page/Parent 1068 0 R/Contents 1192 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 600 0 R>>endobj
-1192 0 obj<</Filter/FlateDecode/Length 1674      >>stream
-x
­W]oÛ6}ϯ¸ËK½!Qý)ÛŠ!ëP`N»ÅE1,{ %Úf#‰*IÅñ¿ß¹¤äÈrÖ§¡­Sšäý8÷ÜÛogêãÏ€¦CÅ”ägý¨�oþv6GCŠgqÔ§œãþa•ÑýY{�ÝÉ(×gýîdM)îÇÑŒïÎgѼ^ùÝÖ:§a<>Þĸ;‰§ð‡»ñ<šÔ+·µÆÝÁäp–wÛkìÙo°Ä»ÈŽF£>dz)>‡øg$­ýÆ`8A°��a„(Fc„9@0
ïëeÉ{óã½Ã{Óy4z¹w½<{û~Lƒ
-×(A<›Ò2õÈ÷i™ôîä³£d+Š�$·•ôãò+Îëó=Úió¸1º*é]ØjLõ(S…$Uøko2½Ù?deâ”Æ—¹Šôçpirð9ŒQºeÚk¦Û�‹cã}:œ”%üåø
-‘KÒkÿÿTçþw’pýªU¡ŠMÄ–Z÷ÿÒå•u$2«i+žBž¥0°ä¤éf,‹ÄìKG¥°1¦ö8²2tœ]øœöÀööòä BÃ}xXkC{]ª¬4HC“¨�KáT"œ¬ãpé�v9Ï»%}º½é&ó^"Ëö$Ò”z°›ëT­÷?’è&Ò$€€Í¢øŸëwbž«ˆ�ùÇõíÍ þ9<†¯U˜åVÚP9η4*fO¢Hi%’G®.o¢gt–1t÷"_	Ú©,#áœÌQ'àÅ'D☋
ðï#쫵m98nÙ‘"ÙÖC„
>°¶~AàÊI¹ØÓN>pݘº‰ÀÔL�pÍ…ÓÛ’{ƒt…»È½Ån�LcOäºØ¼A—W8\§ž$óB­}h>,›¯Òšlh&¨C)“>çÖe×>P´Ómh¥6Ö
-¬¢[·:½ ÝV¡<;è‚bb¤U"SÆ:p"Åè�,Ó»†/u&ò$
œ·eÉ%Ÿ²9¾®“%0ÕÒF´ä”‚s’
-—
­J”ë,Ç(Y´ß—w÷”
-'V°5Åç¬Hý
-›�îøl!Vl nÖu~�
-®aˆõ
”¨d¾B	kQ„׎ͺNº”=ƒá6Wψ¥�Æ¢+¯Í{¶1#¨R�žh¤5 F7¯¤ÛI^ÉD™¤ÊQ¶"
e˜t€â[¥pQй÷rî�sšÃG‚š2äP<¼8¯<ÒÀ·Iu«¡3‰`/dwÊ%[ĉlÏC ÁXDW¯?!$¯4H!eÊ=µnÐîЭ
…çLá]>×Zwh«`8¢k›µ¨2‡~|Éx…äÜ:u[•¥6'­(Ýõ‡�÷‹»å�çt«[h”2¯’=5d·\	½áÌü¹6A˜°š`ëŒî+lYêÚä¾s<yK@Àim.½B²N–6›z¾‹ƒL
É�©YcS„g™–>8d˜}&dc£¦ð©Š®Ãl
-Š†ËçD–~LCÉ=
Ùáù}дb#Í9­�Îy£w-(Yf‚wµï�Â[¸Âð‡
ëŒNœÆ«úA¢ë@â�—ž{N‹Å
†—…JŒ¶zí(8d˜qª°:“˜gʬ‚NyPß¾E‘¾l÷a&D
-è1žä�I�ÆZFïêÿ%ˆZ3·¶Ôé¦2Nùݬ±?\IƒŒðP¼qÀBJÿÒyP0FzõÂì
�…6e¯+}.ÔóË�¬ Ñœ°é ågža0jÔ–ü„jzxtÄÜ×½X‡È7»Ã'F®‡D˜§Ú«°Öø‘Å4Fš<;Q…”C5¨ÈbàïCbD7O†ÅN;W¨š2)<(k•I»G;äun'R†uOVå*¨d‚uÆãsU]WßÓ*ó\Àá†Ã;]e©á~{Ùl9”€Î¬Ùø•¯?Q<
/ÜÕâúŠ>ýÔÅáFéðè‚ï]6Ç/§ý9?mÁÑ÷^Ä1~£�Æ3<£8>™°•_—gœýs’«ïendstream
-endobj
-1193 0 obj<</Type/Page/Parent 1068 0 R/Contents 1194 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>/Annots 607 0 R>>endobj
-1194 0 obj<</Filter/FlateDecode/Length 1294      >>stream
-x
}VMoã6½ûWÌÑù3²] ‡d½)4ÙtãEzè…–(‹‰ÔŠ”�ô×÷
)ÛŠŠ-›„"9ófæÍþLi‚SZÎhSR&Ñ_Î?¾þ>X®£)Å‹8ZPIÓٿê çAw�ÝÅ2ºîìÎã8šÐ|¶ŽbÜ]Ìæ°V|^h>
vg|1,x«³Ä½y´ììu–%­¦Ñº³×YÍt
¿£Þß$Æ·Åj	ß3ü¯%eƒÛí`|·ÀyÚfÈF¼ZÒ6õI˜Ð6ŠÆåR;•§ŒÆ•�´Žœ!A/J§æhéqKVÖY“Ò„ãdE)é(ÞIØαõ5™ú|i½j/ý²ý>˜ÐÕtÍàyx4M‘FíÇ'Ÿ
-)¬„÷Nà›�Àû
-²ïÖÉÒƒmœá�Dòj¯éÛãý_Ô¨ agÏ8ÓƒÓ‰q°A¬í�Ú4•�h›+K‰I%á·8Uˆ]�…¦Tdaª¤]-t’KKF3äA”†÷F=§»ÆÑQíøÄA¦B-CÎv¬1ºŸ¨-lŠô ´{É·Rúª` HxÒÔʽ3N—·zfÔ?»S!q
-AÎk]åÁF¢ª
-…)ÃS#•A<^�HôÎÑ7­ÞÚ1vš2g^yúô<Äþè^¢¬,²ÁƇÙéeŒ
voUn'’× s|€Yvd†Š¶B}IïÔY¦#*Å+ÓE|¬2Ô�WEƒ~xp ��p­8J}PµÑ<dÑÉ¡ÜÜT>+<±{‘žGêø.>?‰®N¯�Ç/ÛÏ¿ò�®R>0…YÉ¡žáo”?5Iãÿ-œ©|ªšx•_êý"wn/þQZÒJ7o/¦.Ò%ýP+ú 7Æ÷òøxÿ<%}}|‡ŽïV-ìiŒWÞjNóõo><¡žonoè©6ß!Õ´iÁùÁÈ!]�.\-'kÞO\Nìé	4›àu¼ñ“Õ×k±\DËx…G#Ì_Çlåóvðçà_“!Ÿ©endstream
-endobj
-1195 0 obj<</Type/Page/Parent 1068 0 R/Contents 1196 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1196 0 obj<</Filter/FlateDecode/Length 1596      >>stream
-x
¥WMoÛF½ûWzrP[±YrzK‚0Ð8n­ =ä²"—âÖä.Ã%Ũ¿¾ïí’M§(ÚÂ6l“»óñæÍ›Ñ׳¹\ák.ë…¼ZIRž]Í®äz~=[Êòf�¿ø©µdáÅâj1[M_¼Ýœ½|ÿZW²É`kµ¾‘M*°s…'Éù'k2£SùÅíœõ²ÕM§µ•ÏƦ®ór·eSùtwûû‹ÍgWr¹Xâþyë�ÝñÔù†>æëèãòÕr¶à©7[ßÔ*iâ�¥Ìçý�Å�âÀ­mô®V�qV\ÜLR;ï²fH“×®Ý墤íƒ.´äŠq#è˜T×HGɹ+ã¦ø¡}þ*†epG7ºv;mµk=.–UÛ0#m÷¦v¶Ô¶ñ’¹†
-‡ç�)õL>k©jíñ2f´ê3:—nŒÄ�èù®Ó¶³¸Â›\˃*·j‘oM£y BPµ*½ '%Þ)6.\}š7În]"¬è\Z¯y‹ÅSVx·¸�'„»'‰*
-!÷E»Û)•7-Bµ�Iâõ.m�$“¸S%2ÑõÞ$øÝ™&É$̸nT³‰ÓÔ•
-à#ÎÚ‡ãU¥0†QWið@3ï<ƒÔû|J•äÆ¢›Üx©ŽKª}R›-’fH£€¦C­ýÁ7º¼ý­*à›5æᬵ	‘U…ib¿w�bŽð
-y´®C±sÕüC+äj¯%5Y²ƒY¥KuùZëž¡Ì” ÝIvè£
-	€ße¬/+€Ã#“�NrëÐ`𲎄ê!ïB)2ôwhÁR¥šÀ1,“´Eƒ
-O3¶»5h:'±<D“tG0žö\}�RY«ë€-ÁZAò ­fG• Ʊ9"£à-U‡“€�I­ée
LF©Ä‚·!Uà’$®e›ÃÖÖ5à/x¸÷1tX�Ã!Ü
/^	ý,Ï;
ô¤’Ì ¥x§ª
� *웓ÚÒÐ’¸ð=¥‰: Y²Ú•ögš¸»Nïu
z¢ñÓ”¥¡°A9;vQHÐkf›
ÚÐKô,©“:%¹ÃP¡¥P£þZ¥¼÷SœÇÛZm
¥6˜†Õ.7�DY)´ÂM×&ÐlkþŒ,ëëIÞÏþG
#Î~ÄàA½HÈ�Û
-ÌÈ¡Ñ0o&­Åë/ß'ý ¸\Ïn8ÓÁä/‹ÕZâÛAÂË£r�%u�xóÿÝð}_GIrewäáü?ö/7³ùëF·©¦0rü
G_�ª‚u¤r@[OÆx�¸t®-Ò^œ(¡”jë`á8L=ä¾É]ñHîÓ¶*†¡NŽ5´9vø±òäxo)ÊEh!tRÒ(­'>¼ÉHäG.UZb®pÑ�n¡°ˆpÊ
,‰-H?�An4bÇ¢9êèqzõÏåà8÷Ay¿#ãhò�¢œŒ¶„‰<‚
-@0úïvÃ߯ÏC`7<¹ïÇãSÂŽ¦Øp0:é‡8³ñªW\J»Ú…åD¶¡Â®°Gõݺo�¨MÈ?k‹by©Ë-ðC^Šj\+fòÑbi¸à;ÅÒu*8�v\ò€¦oX€{ª
-Ô˜Òa¨bP�²¿£Íät,çÖÃˆò1ž˜¥!åx+[®H$W§8Ýð?0¾»}ø‘óäÄ!©‰»ô{é,æ×x?�ji¤‘6TN_XæÉH	d{ ¯¸_ræ1–±b†€ê|w1&ÊL
-ç±4`÷ÆôšD	ÚGÝãt½&¾¶3< ¾å¬
-³­U}øòÿwŒEŒÆ°ö;ž9Ñb”+Ž²M1¬5j±¾ÂlµMß•7§OLËë?¸ý‹Ïk¨�î“,×ËÙzuçÏõš�~ÞœýzöäÁÂœendstream
-endobj
-1197 0 obj<</Type/Page/Parent 1068 0 R/Contents 1198 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1198 0 obj<</Filter/FlateDecode/Length 1655      >>stream
-x
…WMsÓH½çWtq2U‰cçÃ1GC–Z	Yb
-¹´¤±4Dš3’µæ×ïëÉv”Tm

dÍt÷ë÷^·ŸÌi†_sº¹ Ë¥ÕÉl:£ëË9~^-oðóœ¢Møàr9›^¼õÁÅâzzõÖËåë×'矯h>§õÁËZg„À³­ÓÉw¯œ'k¨)}¿ÿò“*Nm¥j½¢ûµüåˆMF¹³mM†+剽ÜQgÛ2o¾3Üè­z/oM߯�Ìèl~‰ôÖÙd-'äú´°�¡�.q“·¸‰›x|¤2Jv;³ë�‰$ëHm•¡ÒæxÖȹQê’¥kÍ(,Ç”~žýÐ&³yå½Få¨��#é^,€rL
-?Po²ÙN“2/#®ë²OÑÇ¦\s¢KÝìÀòr‹ðÂXÄñŠìY˜´pÖè?žš½ï¬Ë„MM§Àô˜%4¢�£ôùè‘Šo,z0^õ'r`RÚ§I/õWÍ~zúsþùÍA{ñŠ38ST
-Ê¬p|•,Ê)g›˜©D]{À-07¢{\æ+%, whÝ©Ø–ŽwB¨ˆ|§Ð¯Ö±‡å&jotÁBSHÕ±pÓ¡ó›˜S$ ¯B³`%â	ŸDz2”¡Ü¥vÈ*´Ò‡,ÝéÔYo7MÏ•Hc(´YÀ‹0У|G°�¼â
-Ž¬Då2‚ìE¢û´#åQ$éA*`”ÊU”Êß,ƒ~HVv$˜éb+]?9z‚iÂùt.ƒ�1ea®Li©
ìy$2c:7è´1¥”�îcÖ° †ºîgýx„¹”½LaB«
-E– •2!Á£áŒúAÙëÑÛôâïf�X2	œúÝ‚&¡ìh)„1í?[Ê•Q"‚0żûÇÇÐS¸ç¨±H1ýLŒQŽy‰ÿ—	1çx*‡ÂXÙÀt;zˆ–T…cCýÀ}S>u:Á+ 5æ"ëÆÀ<´rìzž}^Ðòƒ$–‰)}BFouVúú
ì)ábjÒN±ó§¤6À LÄ×Ñ`åDhØr¶ìÂrñÈU´+©RU"ÛŠÊTj35¼4�½H‹Qdíÿä�Ùw÷øíáÓ~úõftà`@Rú\YTÐËkÓ©2tÖÖÒbhæ0­@¬W^Œ½ß%E\iÙf±¬ØpÚt*�ÃvñblF{#¨­-q¸_Šÿæî3…"@]6¨l…”¬,>˜×¼
-endobj
-1199 0 obj<</Type/Page/Parent 1068 0 R/Contents 1200 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1200 0 obj<</Filter/FlateDecode/Length 1819      >>stream
-x
•X]oÛ6}ϯ¸ÈS$Nœ¤IÚ·4]�>$ËfÛÛ@K”­†U’Šçýú�{IÚ²œ¢Š ŽLÞÏsÏ=Ê÷£)]àß”n/éꆊæèbrA—7W“kº¾»åÏøqšª£�ó£óÏïizMó
-Wnîð¡$¿¸ yqò¤M3í^ëÿ¯ëP¬~™ÕkšN㕳Ë[\9™¯4½qú”¬£§Ùì”jOŠ*­BÇa¥?éœöºÅÇ–ÕnèëÓ—¿ÈvÚ©P·Kòtã'ô%�2Æ®={¿ ³éÕ䒽Ƹ^Y×àŽmÉ÷ÅŠ”§•õ¡Eøþ¦kƒûµòA´%õ^»½KÁÒB£"ÞšW]RålCe]UÚ!º±OÛ»B#¨ÏHMÿ£šÎèSäæL+c[ÓX[÷‚gT£6ÙzJjϽøƒíjDh+ªŒ»­jƒï|°
"Ï€‚[(Cò�TjB÷ÔêÀžqh@U;�:”´„”S¾oD4JYâ8Cº¨""h©°­ï
ÌÒÓ—•*¨ÊLèÇa•ñLѧ§'úŠð¡Ü¦‘ÇAG'é«ËÀ7#m6#Õu¦.b};g—N5
ƒ¦nƒv•`#dh]·‹šãµ;¼¯MÅ0AÕ¥Ÿ\õˆ¦GBkÎ8V�=	ZK‚3©ÉÒÙ¾6þL>ñ­G¡
-@ÕœJ‹
n©3=ûÚPp=h¡ÌÏÑÄ°²ýrÅ!mh�™MƒÁ­3{LMzW�«ÉÚ¶ÁÙ8ZSPó_9ÿjò;9ס8o½bœ`ªx ³ã	€À�I5"¶Q/LF@Ó÷^c,ƒ•¨´øÖXûÒwRëÊ-ᇌ§ÿ�d£Ü—õªO‚3‹• T¸˜ææÓ`Ãæ¥Puy*†õIpÇ�BÊã}#(Z
-s§á�	S2­°j)Ó‰š­yóXWj‡­RIð1öäXª3jEí?ľ¾l½ÄFñò‡HÂyì£
-R…¶Ë&ñ/Ï4vÛ†´ò #ì}ÞryÀò
-ÓËË úklpÀA€Üj]2³�â Kfcä]ÆIàH{ØÉ·˜ƒñ±¥..
ZV–tœLÇ°ã¹ Æ�P£Rq�ݪ ÁìØÖoLb`È+˜e‹0Ê–Ï#¥H£†Šöìjeóé—KµÀ`Ý÷l6díð(ã&{b7D<³¢kv
ÛÜxK/­]£Zžžï“ÖMÚ”Û¯>8lcm«}ïˆT>`]ýoT6A«Ö»ó±¬·ì$³Du´õ¾æÜ
-ïÐ\ÜÁ‹Õ-,¾NSò0–‰¼:D�*ò•K=ÈŸ‘Xj¼¦abYŠB’
Ö¼È >‘Öð~ŒÐ«Å‹
-endobj
-1201 0 obj<</Type/Page/Parent 1068 0 R/Contents 1202 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 610 0 R>>endobj
-1202 0 obj<</Filter/FlateDecode/Length 1778      >>stream
-x
uW]SÛ8}çWÜ7è1ùjžviYZv·¥é°�ÙQl%Ø’+É	ù÷{®dcètÚ¡Xº_çÜs¯~�hˆ?#š�i2£´<&CšMfÉŒ¦‹9~㯕´¦ïÏ“é[&ãQ²xãŒ'ÃæŸÛOG£ñûäœÆ³s˜/i<Y$£æÝ£ÅðµëË£³«)�F´\#ÚÙbNË,XÒ2=16“6¡e®)í¥]‹TR)¥#‘eJoH�–;µÏ¥ö*^MNÚ­Âɵ±t¯ôJ錶ÒîI
-·?%QäsáqUfŽ¼¡•|·|8Ò`4IÆá$3Z¼†c°Müýì
-
¡žT¢üo-'ÎÄ�m'Tš¬.ÂýÔTJfì¢gà¬P«3'ÓÚ*¿?똽~»øB©ÑÞš‚Öª@ÚH‰wBµ²�[¡}›5JXë*>zFºæU‰¶JP›
-* r v�¶À c^¬®þ8¹½¾üñ.ò©WDØr…Úä¾ØS¦Ökiq�aûþõú_Úå*Í)(-Y¡7’Ìš�­¤m(Jîb½—û�ŠÝ0�(e¼Þw®ðw¸òw	]{N´�êØуYq\`í	)‡8UvˆŠ�†À)'âêöÜ66Ù<¬­Õ¦¶H
-m¥¯­†;˜ôíòcègÄÕrPÓr§|ŽS½pz´…ãº<›å,`8
-gÿ2»S"ÍC#úìP{Ù‘ÜBG=<H{Ï©ê¤Äü5PaLNè+
-Ð�†
-÷Òáˆ,´èt7—DèùMM	•Ã9±
,!Üý=¸	ìF{㬘¤Á=À“æ!¾@ƒ¾Û˜P/ëL¹T`çA4Ð@ÌM´�qøðÙe¨BÊ
}1Š��]a,c°ò^5˜L£T\#CˆOdûøØøM¼Ö®1a0ceÃhþÂèaÒ�aÖüirMK‹6‘=`9á~wZT`)ÀNPÔ ÌЭ
-kWêóÍýò¦l$�凗µì5÷x4“.µj…˱À é�Ç®°ã9.gbk­Yñp¬éèC”o|í,ˆØ�xÌô
-æxÛC—q@–ü
…ÿp�…šÿ4v;âEDJ¡«_¹3…°\€J¦ yú]Ýß±�¹3��~h.Ðc¼ÖB¥ÿä_‚wÒÆÑ.´W5ú™çÄV9TýyR´û2ÁTB'[™ ¡a÷í0ï™Výmïš7Tè(ãù2Ž@"¦PØáû°2+Â�ÍÂ
.aUîÂÜC0•{º•Ùg¬ïs<2¢ø÷³mª¥°+,ãèág:¾Í~:´Üá½¢Õ±Ë Ï‘6h,¦¨¨†r÷IîŒÿ
-2ÌŽ­ÜÔ@ûl�t=…öc—„„¡g4øŒ­"å+ì‰Xó$0à‹‘Qí¥6½gRz„Åp%±«íð�Àp�B è8Öh�²fªô8ŒŽ'&bÀ¢¹fÂÇ·B`º€jåPjˆn¬jó´— ß(K0–tZ�i––(\‹
-endobj
-1203 0 obj<</Type/Page/Parent 1068 0 R/Contents 1204 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 613 0 R>>endobj
-1204 0 obj<</Filter/FlateDecode/Length 2021      >>stream
-x
¥X]oÛH|÷¯èÃ=¬H”(Ù’Œ{88Ùø6{òâ—!9gMr´3¤µú÷[ÝCÒ4“Üa±b[æ|tWUW7ýûELü‹i³¤ÕšÒòb-èj³ˆÖt¹Ýàç%þ;M{~€¥ý—Ïÿ¹Ø\G1].VÑ’JŠñýºýTЗ‹ág<½¼Š6çƒÏxº^GÛáÓÁg<½^D«ÁSŽpµˆñõÛqÔ*ºüöÁv‹Ð»/îÀyÐrÅáK’ë
¢“,ßîƉbõüö’â˜v{Æh½ÝÐ.$´K'»ÜxREaOžê\Ó—›»·7¤²ÒTÆ×NÕÖQmqzq&[ÉÕ`aU›TÕ¿*uš+,.}·àÓnþÕTË�ov¿],h3Ä»lòðó;Úóq¸ft†ÝSfKeø´2ÑÎGÔB�Çgª,¶:hG•Ö‡”«gM^‚Ô|Õlp—JSÛTuRH'=kñâùíºe°ëknÉç¶)2J4rV™©ˆe6mJdýï°¹C”ï\®Áò(¹ÿº»'Þ ½9T•Sög_ëò5¬ÈñÞζ!îLy,4_À7†h�­¢½)$¹A”!RUF'ãsÆâq²WÆ�"­¼)Î�oÈTµ>02¤ÿ
-œîk‚=z79”þã¤ûÕ2Â?R°Ô=€Ã�œa_y|3EÅŸPZ4p=6­¦J¹FðáT	ê=£LéÒVR3{(Pîìµ{ Øæ,� \Ò	dp`¦ F,â¬a'L,¥…EAÔm¨¥qŽ½Ö
-‰ÙQ‰)LÝùôÛ†âs $ ¶	?eÜNº(øûÑr­‰–ŠS2ú’IµxÑ
-qX²Zµ?C÷´ŒAÇ‹œ0“糯ßÿo¿øIŠÆ×BÃ_8Áuãn”bʸúTþÂ1Ѽ£RÓlÆã ¾Håý�ÔþÎÞN¶áŒm«Ùx…?\áµm»ŒÖ«ãœàÁÙßðb‚q+¼s‹yï,ÆŸ:ÛÍ6ГMÆ/r—›Ëh³Æ_Køá:æ=ïw¿^ü	«~Yendstream
-endobj
-1205 0 obj<</Type/Page/Parent 1068 0 R/Contents 1206 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 628 0 R>>endobj
-1206 0 obj<</Filter/FlateDecode/Length 1508      >>stream
-x
�W]oÛ6}ϯ¸@QÔEcÉ’¿‹m@º.CÚn‹÷´%Q6IôD)®�ýø�K‰²ìØk;±MóòÜïs©¿¯á/ yHãÅùÕÈÑl6Æûd1Ç{ˆÿRRŠ�Å‚oå‹�§s/hEÇSoìdG€õÜ[+Ng�lÖIYùß~¾
-Çà˹·¤œÂeàMÚUFw̯18˜,œá‚�†3o
-  ya»b fs4±Zàê‚»èöcàäd·ì÷ngxs‹8õfdÝÖtdñ‚q
-—/&Ðe¼õfÅ!?‰–»Z¥ÈÍl1§Ub£9¢U<Xm”¡�ʲkŠö”ÈTÔYuMª0•È€xóþÍ
VôrõéÊ¿En-ÎÀ¯Még:™oD‰fÛ©xt'%UI¹Àá%Ñq�Ë¢•Ò©”öºæs#cs•v¢¨¨Ò'ê�Îån#Q723Ò£w•µ˜Df4EµÊ«j§ŠHIBò³ŒëJD™$Q$”©¨¥’Æk¬\vÁÚ¬Aï�ºHÕº††F$p~ÆìTo¼ÇÇœ}l5‚.ðE3aÿV�îÌ¡BÊDÂvMe]°͹©Sc¼
%Bæaµ)u½Þ�3Ò2\$)Ö[Õ`W•´-õV–Ô7'�“a®ÉèF‰ËpÏèRëêÙ©iñ–<¯É½ot]ÆÒwføðßÿjÃâ!IüÓ±=üwM"S]#Yª‚±4F”{v%M!¥:Ë4 ×döy¤3#’ÅÃëo3;+hh¬9¬|ú³^´ü¦H¸UlõÅÂHÒ)Ý!•Fg(8óÿl³�¥¢§†PÓt綼à8ã`
-˜£ßQtgógÁ‡†N¶kÂËjç÷T}8	¼Å(ü’úÜ“Š±–9˜§–�¨¿œ¡zwMÂÇ€ù¦k™ ÒŽƒ6ðewUÜëx×È.H°¢ÞQmdiû�ÜX�	¦í½Ge“OZêüi[÷úÏ1VcÇAMÓ߽߻‰©‚æLë´‡mð»H+˜Ë.£ºª\òDÀ8‡ ¨©·À'ª…Ú×V€ú’×vŘ<%,¿²±ì†w_ÞlD¢w}ù‚6b�=
>Œª¡³ln-¼DžZ}
-n™‘³ ¨+�ƒâ0§²=g	CS �gè6K˜åÕú4±ˆÁÛ¬¦�Ÿ+çV;²*•K®¬¼d*™ãÊ¡Ø@©Q]1�!þ©ÀNI÷G\…‰.^0ѵìoOÜ¿lg"vù\.ŠšÍîòåFx7MÎ6¶o0}ç
-
éZ—rÛOß!Ê=¶7
¦[sZtÇÝyñ(Tf‡-¢ê*Úö†Œ7ÚP$â„â"ðÿk±É£3-س÷N>ÊRd´¥È%â‹:Ç
-Ô
|\ãÞó”.é²$°†mèñM®•¶×UÄY�œÎVGdmøþXg:ÙŸddÌ…®Ïs‡wjûñ�çy?œÛxpÎa…À Y¡™»„	¶@^QQÕ†^¼zqÝðÙÛ�ïoÞ}xå¶0œب
�ƒÔöÆ3 ïéKû¢–Ùž±"ªU‚&e¶Fxq�„öKŠâh�b�6ž}§
-Y‘ˆùÖxÿ’cÒO(y›qqm𑨮 |^û°¶¨üçoýç¿óAÿÏmö	'/¼Ù4 ÙŸK~f4O1¿”úš�ÞöŸfl¦ƒžpcÎGh\ö¥áyK ÖbmècmGÇd>ñæ3<û²ÈÌÞ\~Z]ýzõ/•óa{endstream
-endobj
-1207 0 obj<</Type/Page/Parent 1068 0 R/Contents 1208 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 631 0 R>>endobj
-1208 0 obj<</Filter/FlateDecode/Length 1174      >>stream
-x
­V]oã6|÷¯Ø^ââ,Y’mÉ	P¹|Rà.×F‡C)‰¶™H¢JRv
ôÇw—”GqRZ$“\îÎÌÎòÏQ
þ„�D0‹!¯F�¿\Âӵƈ—sóe‚ŸÃ™Ÿ€â°Â½
ž~üóûÇQ´ôç¸9öc¨ æö(ýWÂÝp{:Y`<:Âý}dX`°ÅË…cé…‹à1Fœ¤…tÁã¨_ø�ÉezÀ)¤+ fV‘ø‹x	iaK ÍdžWMÉ½áeùSz?ÃÏ0ÍD=͘ÞÐÓëSCŠãu�¼èÔL‹ñ¯RÔ`6îÎ?}8ÍÕ–+0Ò~÷åò
-Y1Q»8ó.N€‘b„Ï_Õ†öc€•,K¹õrYU¬.(JÅøËð÷ý¥OL`·á´»(ê._Þ~:¿ùüüö1mc֬ⴄé "JG®`/[ßD]È�î²Êfù¼¨D-´QÌHuäÖŸmLN†i`O§Ä–C£ÄV”|Í58é8ð|ujY8@OIi~t«‹¾d˜¶ZMK™³rªY•1KfÍ
¨&�§��ó¾ÂU\“"=�’
¢¸nd­‘GqÏ•Þȶ, ãgðŽ4Á‘><å
-bw”•wßÉ ñ4€ËÅâµÃ¬W.C�Œß¦´�Íõ†R/
-(¯dm‰6\æ‡ë1ÍnymZV–û	©v¢,aÇjc+±Ú;é*M×ám:W¢±;Xk°'Œ@‚Ê=ò¾•�ÆÉŠC}»N“¬‚Ãj@½v�G×L k)ux#µY鈢Š$.Ý·ø�xé®Â]ʬ{%”6>¤Òå‹ðow@Ù9×@^í\T:IóÌAøŸ„Ûƒò*7'°rÇöX3S¬–¢°4–‚`í,D·è
V�ŽgHq‹¿jëMÇ÷¿³Ë
ãð7¬oz<‹W³L7xå Y°¥Š6çÄLƒä¸„qßÄj˜¬Ë²#¥7ÏY-à‚3ûû,‹ƒöý,wX¬3Z*Hä0jO­Ñ´¬8Š7‘6©2RaF†R«�¨Ñ9þZ±íV¼ömÄ:[á9úgÆò`‰y5Èê[gØ/rõáëæ1œs|7¶XªêqÞt ö# w¸GñÚÚ�çE‰“mäâêöý÷DÐC|iôëY«ŠnªV>¶ˆñÁ‰{ã1+¢Áþ•™õ±©¾¡>D{ÿŠ,=Óë“Núi}›m…l5×
Î#œ@ä•TûÞ©O°®Û?ø�÷8L{ÓÐœíøØ;ybé@~ Eæ¬Æ¬šp&ák}‡H4ø�×J¢Qjp¥de¡èþ…�ƒQºWÏ,BÃÇGN1>:w�×®Êî©äÙSÏX¼´/7*õκuÂÿ�eËøë²BèBL¯—Ý8ã…/Bˆ“Ä?�­òœáQòžç.eÞVèŶi);/Ä÷b°œ�—(Ýbœ¢Ôe´ z­á¶µ:š's?ÁÇ (žÑÉ«tôÛè(#Eendstream
-endobj
-1209 0 obj<</Type/Page/Parent 1068 0 R/Contents 1210 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1210 0 obj<</Filter/FlateDecode/Length 1206      >>stream
-x
½WmoÛ6þž_qÈŒÆÅbÉ’ßCÇ]±æe�±aXö�–èˆ�D:$×X÷ßwGJ‰ãØ]°·0,ñx¼{îyŽç»½ÚøÁ †N’b¯‡ðø¡oð¡
ýnDÐð{¯Œ@s˜£mw?|T¶ÝA÷Á6FûÊt›Û(¡i/ŽƒÄÑpÍ/à»6tG=\é
‚ž÷r<Ýrf8iæsˆ‚n'†>ÙëašºÐÚ0Mš'§ߎUÁ„„%­Vyεy=ý´×†V„Ù¢µ3:áÚÂe9˅ɶ[\%/¥…�Û<œJËõBÃwÛ¼Óª\À¥ÊE²‚Í™U.–²:1œt!Š(£–O©\jä4CàK™X¡$ÜpË¥=€„I�j	3¥á)X¸¥s��˜�5 æ0S6ƒ\%,&S¸Ÿ�½6î醢2
Lõ
-lÆkt:ALèÌ3µòU¸û
ö>T2î]2ÕJÙoüj¯ZmR<*,˜1ËÔ/ÖY®mýE•`2Uæ©K€¹Ð1f1lukðù–ÃJ•žß¹MÂmÞ›Þ‡�Á˜¹ì õtðé/â‚9
’/É3ñ¢Ê¼©9„÷™©‚C*4O°d‚{àR>gen1pžç&¨¶×hPÅÃm6sèa©°L©’XH,»GêjtŸf·†Ð×Àu¾üÎÑZY†¾,ñ™r!…
R0–i‹44‰ë¨NF^It^×ïú dùÙû|R/*4¦æWËŒ™	™nT¸	)ã2Vrž¢§;ðx6G½P\›žL1{æi·i&·˜ùð8Øzt)%⎴VÀäî‚´MÅxPoUgËÌí!qËEIA*sO—
´HLŽ…fe,/Ð{ÆWî<R—Eš!c}¨µ@<C=ø!&çWkL›Xz³Æ»�<ý½�P¿æ‰3öÜŒùL0Tå¥lXšÖìr%ò^¡˜‰º<؉!­\o„cø]ÉeÂ8[m�Ç?,§ä‘[Šx¸i³¥‚‡”õ¦Ý.j͵*\Ø~Ã#ޥѡkv!êoÆB$¦7©A_»ÖôªRw¾r5…WøƒÇž[AäU³Þ”LJž¸vµâ^0Ä{	õâ|]7¯_Ãï_Ý=Pýýðþ|üvÿêìx‡
O2-	�ý+Ò/u”mlã÷"áæ
ìÚZI0Üñ1…ž;¾¸œ¾¿8¿ÚqüÇÓéOGÞ6¾Û±NáíXò©�ÿ墳 �ç¾(µøäö³ï}»ðÿ�J·.‹-Œòëü­´~…†ß-~‡cb‹Õ/âgo:Õ›ßàÕ+ì6e’AxÏœ
-endobj
-1211 0 obj<</Type/Page/Parent 1068 0 R/Contents 1212 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1212 0 obj<</Filter/FlateDecode/Length 987       >>stream
-x
­VkoÛ6ýî_qj�3D’%¿[C'@Ñ¥Ýfcûw¨,Ñ6ItD*^°õ¿÷’’?¢6fÃ2HÞǹ�s©ûš‹6}]<túâZÛñôH—´h£×íØ#tG=»·×µ]¤n“úöQ
-w´Xw8 E�~…èsv=}žKv½¹0²—Óg,;×mŒ0]Àµ»}2ßë1

€6¦AŇ+q:ýRkÃr)’Ù½÷a|^ÿpsY¯к°4ë“U¦O–ņÖZ’¥<`ò
ªôïx­S ‰ça…�߯¦\üâ�7®øa
-ÄÿÄ&÷óý@:Õ�Ü¢™‹ÝS£Y~¹áítŠ�Oxýik
çÁO�HwŽÌæòQ:2ž'e¨W%$e*K©ˆ9˜_õÚ¹åíeåýeyÓgÔ;ù)—¹T®«»�bñúº³>&�¹ÀE†„±J !_<B­rM¢™Ñl9LO¸²CGúñÜ·u[±tßARù©ÊÖ�AÊ×ÊÆ;…Lf~=B$ô0ç–nôŽíi8”¡~šþÃ<S�+‘E´›\eQ	¥ «{å?04à	YŽ"
-ƒ'ûÐwü8™4¥ñ£<‡úñ €3ü‚G��ˆDùd�3µÒÜŠø#1.ß”žv8ny={H\§°
}®ý„n4r´;¹Û;-Ä=×6UâÜâ¬8�ŧ‹T©¤œ »ÿ
£BùSTÓ,Q¬Š
ìo®l.ø
Žr<ÌZ³Sü³ïFŸ™”%~LÉ×S„I9k19;=°[*®yxþ¹ŒÈYK¢þ­�5:[ÙeÊÖ°6hº/T�‰¬ŸHç/à'Ç9)V°õâs…Ó[Ô›²ŽWçÄNn›8õî�Žá!±¬YÍ
-endobj
-1213 0 obj<</Type/Page/Parent 1068 0 R/Contents 1214 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1214 0 obj<</Filter/FlateDecode/Length 1489      >>stream
-x
¥WÛnÛF}÷WÒ¹°HIÖÍ	‚"ij4@ƒ¤±Š¢€�bE®¤�H.³KZÚþ{Ïì.%Š܇:€#“s=s梯WCàß�f#º�R’_
¢ùœŽ¿Ìh:¼‹&4žÏðy6ÇG#iÙ
´¿²ƒè.ÈŽ ߈Òd<‰n/½¸L¢Ùù‹K�ŒFã£�q+çÑ(ÞÂÞÁït|ˆçøâíâBøñý€îh±¢a4¾ÑùN¦sZ¤.Ë
-’mU–•F'´SÅRiz½ør5 þ°A–E^½
-ÏFÃhÊϾ¼>—’ÉFӋ߬XË—Ë*‰U¡ª(�­È—"²Ò<IC‘­„©èoü¯KúçŹ¡ƒ»&iEÂbñý�O¨ï3ê�f.3DôY:³ªX{Á1äÔ‘ÈÈ…ü~E{]Fï¾ÚH/8	‚=²ùÒåß7ʽ›®LqA†DôŽ¶ÚX¶ìQ*d®K¢¢j£,•ZÕ�‹Ìnt�¥´”$–™¤JS¢‹B&�ÔvárYnÁ$ì@¥
-¡™šLZUŠ¢ØêÚ$2.¬…�dsJ£¥Ê€åÚìi¹¦OÚ
•��üÐ\-ÛMvFëê;oîØzñÆW4ÿD‰¬>uífƒÇietÎÉw+rˆþT³´ç�Ý„Ø{ÎkÏ“ŽížèRy¦q
-ýÃfà¾Pc¤	†ç,7$Z¤M\[óœß0—([5ºXí¤$®o˜.Ï:µ§^Ã:i9ùEõ·øÞHùöá]ß–2Q+•ðô;�§h9<;ç:6µóT3°!Õ<ptÕ:”lD±–)&¡æ™\5c�Ç£ÓTØ—
À­UßM¢9V>"⑈Ž‚|­Ñh)æŸ4TXŒÉMÒËמB}¶À>˜á&I¢kÌåÿoô¸Ïw:ƒy:ŠÀ>Pû=³eñM#²ÌíÉk�Gl³x)Ý•À‹€Ü>d.Úä"kòË5Әτ
ÂØ
Vc`>ö°Naöçnx[i-¶Ìã5šBf…¬Ð»PC�ð¾\Ue$*c&ÅÂF�…ßïnÒ†p¬;4à
-endobj
-1215 0 obj<</Type/Page/Parent 1068 0 R/Contents 1216 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1216 0 obj<</Filter/FlateDecode/Length 1343      >>stream
-x
µXÛnÛF}÷Wâ>È€E‘º«€�:m
øÁh륀
cE®¤�I®²»´Ã~}Ï,©‹)ß*;2 XÖî\Îœ™9Ì÷£ˆBüD4êRoHqvã1mßÌBzÁ€ã(ÑhŒ_�¤9ΆÔ{ADýñ¿GQL6_ÁpÖoµ™^—ïV‡»¸P[yÊc—¿¯O†“µÙÏSvڰܹèÃ5MçÈd8Ñ4ñžCšÆ­ÂJcš.¥•‹œf’¤°*-ÉJG…Uù‚ÜRÒÉôÛQç‚s`C-›Í‚XçóêÏkû-Z¤z&R’¹3eõÝ`}…œÌV©p’–:“‰2�»
©Ý}ÄØBLM¯éâÎJdAÒ™»Uã>ÍUºÉ!^Š|!ršDšêzPùLå	á‰8–Ö’ÊIP&ò\²*S©0|ž³µ"›‰:ž¨t96ÐUy@PÂÒND©Öw”ª;	_ÊþZåÒ„‘�‚~¯Áÿ­(Ü’ª—‘ße�¿:©šu¬Œ£\ɠܦÊ:¤Õ¤
-õ)uá•â¨53È{ÊFž¶€;”Ã-5+Y/ÿ˜æ±@J,õ8pÍ:ßa '$!¢O¥
-endobj
-1217 0 obj<</Type/Page/Parent 1068 0 R/Contents 1218 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1218 0 obj<</Filter/FlateDecode/Length 1189      >>stream
-x
µWkoÛ6ýî_q�C
-Ô²e;²²oîº
-ƒÙtBÐ΢˜V©‡Ó*9MM!3Q³&Ǿ/V(žÑÈj5*Äz¤yb•0»ÑO—ËŨfå�­Ä×@KÐ3jw·J›»šiýnõy0¦a_`âô¤÷Yé¸ôK*—Úè;ÇÍì!J“sÕ!j»ÙˆDðÊàîhoEµU
- ç`~¨'´HiA±dËx	¶=2}Õšè@µvã#7½šOãô¬¯}8ﮆ{°gîdÁu÷烠MýǹÔÃìë°ÏÓãèЇ;ŠA�¬Ã>ç�£Cî(:=²'´äZY½¾”:ZºÝø¨Ô�–¦'tƒN¸•*}=¯“Ž˜k¢~k¯ÈßXãOàzŽ>…{¹SÓ©öýAñ¬*‘´u-•¡�Tô;Wk®¤¦¿ÏüI�)f\ oOm•ÈÒ5M2’¬æûÕ·ï^2¢s²vx¬@ÔŸáÿŸZŸ½æ˜k»Ÿ×å¸È]?i{ó°Ð¦Ê@îsoÛÕ^ ×ß�iÇöˆX]Vƒ×¾|ßv`ˆ]Ì(ÝÜ6l·ádî8LU—Ä
--‰¥)Æ4ÖÛL…¨8±�ÁX„ÙˆFžæ
ª&㆔HInˆU•Ü‰*£TÚuÁ©V²¬�veØ)?
&n”ë<ÓAûb3÷âZn14jÃP½;i-Y¹fô³ãE‰¬*žgÁäJÚ,oÖ°º.ºš69ó;Ýâ�Ȭ;%0�:ò˜c÷­·9º8§pî$Á„‰qØ[ÿ$Ja|oð³çƒlXÅ"ÇðŸf꣜iÈUÙÝÅ9_<ìuüÆœ«\oQ¼àLƒÈ=Wþ„ñ$·œrYs×y$^ q·qc
H÷ôjô/î{LùÃN¯Ž�Ø[+v$+<Ø=sap]ÐùÿITö+Á¤‚‹ÐPï´áå{Äßä^L×3µçãçàýÊ™f¼Ç­ áÊ0áìÕ§'Ìt
{Ú&9¾jñÖ 
Üë÷¿ÛóóúÊ­Cx!¢£‰Ø#§z6÷\ZÖŽ¥n»¼ÛtÍ Þ’«{‘àïV˜gUJ7…Í2¯Â3ÿ£Þ%S‹ñ³g¦u- UEñ»æˆ‹«”Î[87ùëå²Á_\Q
öddô×õ忈v•JÕ¤øè"é*pÄ!MÏ›lº�Dsr$rÍ¿žMšKÏ
-ΕHppÐN!<•[XÑŸ—}´¼1‘z¾•tW�5[d·¬¼Da. FÊkPŒ¯‡žë˜0�Èðd›ˆg+g9‹SQa‹¢W7QלW´ÞíÛ
]:«;¨E©p·&[øUA=¤¶kãã÷"„m7x$BܪNã >ŸRÍ‚qä‹s¹¸ú° %?£ÐG™XwpûjuàÃ0ÂÕ6žÒp>Æ5=íól>渫⒚žF±ÛòÛjðÇà_´Ð¼endstream
-endobj
-1219 0 obj<</Type/Page/Parent 1068 0 R/Contents 1220 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1220 0 obj<</Filter/FlateDecode/Length 575       >>stream
-x
eSÁr›0¼û+ö˜Î
|tÒf¦gÜ–N{èE‘Vz®$âúïûö¤ãŽí±@Oo÷í®~/rdüÉQ-q[B‹,ÍP«´FQW¼^òÏi´ÓÆ]Q§ËË�ûfqóX ÏÑ´±IYWh¸Q–¡‘WƒØï�í<¨…3
-�ðýéóOðò´Ó"ìÄô’lÆò	~g<ŒmÉ
"²àGIÎ�û ÈAiµJ?4/‹$C’ß2ÁF]=ŒÎiúãÔø`ì³±
-Ûõ©‘aiK
A¼jaVBJmÀž¼7Ï\s ÷êÃ-øxO“fÐî4y9z�';âYóW[xÀ3àS ƒÇSƒÑkç'Ò7�ò$]R¥uŽó
-endobj
-1221 0 obj<</Type/Page/Parent 1068 0 R/Contents 1222 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 640 0 R>>endobj
-1222 0 obj<</Filter/FlateDecode/Length 1684      >>stream
-x
¥WÛnÛ8}÷Wú²	P+¶|ß·\Úm°mš6îv,hŠ¶ØJ¢–”âúï÷)Ù²ÛÛAlK"93gÎœýÛÒ
-\H“ã¬J¬2E[]¥| �öi%œ–M$ÃQpt­3åÈ)û¤%~ÀœËWï"Q$””TáOä;"Éu¡|¡R8·56!UH»++m
->ÀÑ2U'V[œK-݉åàîpJB”ŠB`°Gè¬õäñlòx~ŒÞ
-Sà”göÝß\“÷øÇÆ'ƒxmºšuwˆ—ôòòݳˆ®RÝÚƒ50ÁÕ¥²N%@wµ8˜BùÐûûpfÑ<„óÖǘWJ«�å
-±*0Ž+#	€·’‘¥XéLWšÓlHÈ*”ÎG]$fh–4F±³’Ú€µD�gýñ<¢�LÜ= Ñà9m‘gÄT"5‰7ØêB*¸»ÖRÄ[‚øöc×~ßU»L�à˜øª¦Ìl8èµ5ùÉ.Ï«ö x
-ž\jê,ñ�ò¡`µ¯^ôË~<E+‚Ÿ�ã+F]ñ�£¾x)¥è£¤¸
ã˜Çx:k$­}ÿp_Ìe&$;(öÜ[|ihÆ®ÕH4eêI�ÝJÖ©ûy[VUV«§`.ƒ~s¥³PªÎ¢êúB
ÏXˆÀÁ¶_.î–G¡ÿ‚7Æ{òxf�@;Ù<ž‡hÁß�~þäÖÛ =¡öÉíP™9•&ƒX(߈þoÆúñ<.Ü8¦V©¹ÖÊc’±XqaéBf5KpC_ÖÐFO¿b]×sh9OTÙÚU?äï1Ã.ßÀ^‰°Cãñ#A×ä98<5C�ƒëHEàe&‚oý{.Ü-9C�Š»ÂÔ	qr¢mØÇuѪþwK£-ÁË„Å !è“^™>pA¼*Þz¡®ÿ>—PE.@nÐ-,¾¸¿¥ÅäOeWÊšP5¼}£YÍŒÝ};èï‰Á)µîCŸoš¡®õh¯
-Üv±@Ì€*‡/ž~¢e÷?ÌŽÎ÷òЛöš–:ɧmÐa/7ÙÊH“y„Û¶zp¥)©† MõòÎm¨RõD¯×8“�ד»åø„-Ç›™Z)R°RªØ7tÓØFõpPÎä€Eç{±o©rÛm]ÊJt?òŠÌwø…™Ë#d-¦Ä'	=Û#Òm
¨†ýØÌ ì�#éc>õIF^ßq¹×ôk€ï9•™b0%ŒÙHb`©m>LР]3Q°È²�€Ê‘�8èÇ“#	˜¡OB?
O¢*¡3LòµL™Ï¾y´rúüT
Ÿ“ªdE„· 4¼VÀ
¼U´ôj‡�ù–ÓáŠ+•Ô˜¹üv€…Mæ�iµó'AéDÅSÅ¡‰@–…W‚0Ï`$�ª3ölu–�'dñ“
FׄLÁyD[ã›9ÛòóÎ+Õ$š�&Ü}ìý®#l~<G³é<dy6à[/–½w½ÿ
-endobj
-1223 0 obj<</Type/Page/Parent 1068 0 R/Contents 1224 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 687 0 R>>endobj
-1224 0 obj<</Filter/FlateDecode/Length 1463      >>stream
-x
•W[sÚV~÷¯Ø—NOHÂ’h&Óq.NüPÛ�yéÄy8HP¢[¤ƒ	ýõýv�„¸éÔ™€V{¿/ßÏ\šàŸK¡G~@q~6q&D3gJÓ(ij‡ÿµ¦%#@ºÿøôáÌŸùÎ%Þ$9M'3'l¡ŒΆ0°—¾ã±ØpêD¬áNð.'�¿
X, ftõŠm¢™ëÌZƒ§aMb²çué³9Á›¨XŽÅy�ã
ºN@—ìqSxÇú&±@�‹XrN.|æ@1Ô#CO„‚Œô¸ÀCkÌT€çÍD¨U(ÀçÏX….ÊB=2˜ö
-}
zœïŠ!Á`�ó¢H„Fl²@�{/|ž
-½÷–Ò†LI›"Ñ`QE":+U«\¼¢BǺiT½cIM¾pbØçÐ
mÓ,c#&4r¹d¡º(
)ct^Zë‘þQel7;2ºÖh4Ík½#…ç¼Ä‡Y+ð'úûF�í(.Ÿ@—°bæï”S®Š#Å•Zi‡®Ë<Å“.R]Äúå‰Võ¤i¡uAYZ|ƒàmjÖB¤b³QY¯!ÑM\§•IËÂiU¡~¦ìãG6ASé*¯2M6‡’ŠóÎNûºËÐ9-aI"ÀOˆþo댓ˆð=y¨|C×çUV.Tö¥5A†^þ^ÑÕ¤15ºF�ðeXpÔ×ô¨#.´Y¤%òˆ„2öœ^·{$ZÏïï>ÜØÁåé	U\/«ºÜTϳÞ^}º½¹:`Yõò¹·u‹ì­ËM–p
-�áa «êr™fºùýÔvËͺ3ú¿Ü>>vL€6Œ{Ö«�ûX4ýÚкÌ5%ˆZý˜J(KKÔVnjXØ †l.xxm
-΂2ÿjgR§Oûöû(m?�d}a†¾0lÛû§ž4•ŽÓ%¦•.t�™`ÅÙ	fÓŸeâåqXÌa�HÔ:âÀ�¼¸xw÷pq!áåIÎã÷3&‰Hþ‚^F™±©‡ý9ÔÛ9"ïœ8OøÅQ&^
–‹ˆcÛÂÁ lºA°z;N-–ÃxÓÔciàqÃ+tœ¥‹qç³dbA&TÙ®3ûtblÑ׋£‘28�¢…QIžÊb_ã²ä�~âoï%9o‚ƒ2?²êsWɲ
-6g¹¤ªL#7Ά5vÚßX¯vá«
-endobj
-1225 0 obj<</Type/Page/Parent 1068 0 R/Contents 1226 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 692 0 R>>endobj
-1226 0 obj<</Filter/FlateDecode/Length 1719      >>stream
-x
�WÛnÛF}÷WÜ‘
‹ºÙ’Ü7ÛiÚq’&*úPÅŠ\YLÈ]ewiYýúžÙ‹.ŒœI“KÎåÌ™3Ã/'êãÏ€&C�)¯OúYw¶?>ürr1fC÷ÇÙ”jº¸œfýxUÑG~ž.¯FÙgÃIv/øhﲦËËìjïÌ¿6ÁäÅtCü3’ÞÞàjòõÁÍì¤÷ê‚š-8ÖñtB³Â‡Ú§YÞ™-%Yi¥¡º±Žl³Ziã¨Ðµ(UúA+KB$èlö	Æ�·7ÖùKIçÏÿÉK‡ìRnæñé.bcÔfEç~8žD[éØŒ€hÇ4—äf©Ö!Ú¹ÑkNR›¿,´¡?KUà6åU)•#§‘@.\x?¦)�ÇÖ§­Ã—·½¯¤°h.`/²ÇGaJÝXz+ÝZ›ÏtÃ>Kõ€Pò¦†áJ­B^5…,h]º%^,-¥u¦œ7þ‘µÒ‰²²Ù1Œ†ãì☺Ãi6¸¢îå…P×–>Šz.Àƒ!b’–”v¤œ‚ \׫J"ù’ÿß…«ô`t³¢Z¬VœÍéI©¶è½�…|Ý[‘ÿ¡Ê§tzßñ¹"]#EUmèKSÂ�÷[2ì)ŸVS	˜Áä²+‘Ëû³sÚè†o5Uq|(u˵(jØ¡ÛzžåZ-h%Œ¨‘d¨©€uª‚4sÄå8ÃÓ—�Î×lž’u›J’ÈsÝ(—ÊpEôÆ$íŽ.B
n“�;‘/K%if¸I®ã‹¾/~Ó¥b·žs6r'Æ>ìCÁ(w"=ü ×Ǿ�¨Ep༃
ZKœn¹¥p|¿±
^Ñ€©Êy¼¹è�ùÉÜ}ÇœƒÑKÁøã-s†[Ø2Û•B—dôzÇ Ø4z}sè
ÿŸ•^Ã"xz¦5\ƒLvšÒ�\žÁüJX‹.*ÀO¼“<ÌWä�!ž÷"R@œPE绿6P;ð«n'ÌÍ{NÒâ½Î¾ÕÊ]UÒd4ãÆôˆzC¥ÛÐü`“ éÊÈGÖÀÔ(U›ò_@œÝú±à+ÂÍëwIñÅÂ躅ç§H
-N$�Ùså
�À\A1¥õT‰‡\—^ v,´Íöû‘xØÇŒ	õõåo¹L� jÏ	"´µtõ´5Ph‹Œ~•*—ç¨HÒÎí3Œ•(¬%0*©–õWzÑò,RŠs™dB%Ï�¨F+m-çúLÉ᩹%Tv‰Â+ݪûö
-lj�½þÁö‚µq
%‰;"`GŒ¥¾õ›4Ó÷îè2h™:IùKÁ/ã‹Òð§�“+Ö¡Y¬�³çDÕSóðùþW]ÝB.I
ü…À¶ŸÏ÷Xñ9¤ÈûZÃëz0p™¾[è±\­³íà‚ÐÐÒ¢ð’f^øE#L§°r)Þ-™iP<^m[!ÇTr} Sä F|Ö0^AÖbÁk¹_l½)UóDs|�{˜ïÜÅN¥7Z»Ú™õkzv^*ü"
gÒ} 
Ö†nA½B>öT�ëæÓQ‚ä4µ֪ϼÓø®÷j‡Y×R�í.Deã§]z{�ïÑÌ?l¢Û�á:•‘ù—ã™ɦnÕõû.¦1«ÁŸÈÓ�/á»òãõÝÍ5½7ú“ÌöŽo8®›^èNúWLýÐ3¨Øñ†ñÃïøö¿·Œ^L.²Éx>}'Cvôóìä÷“ÿ
-endobj
-1227 0 obj<</Type/Page/Parent 1068 0 R/Contents 1228 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 697 0 R>>endobj
-1228 0 obj<</Filter/FlateDecode/Length 1655      >>stream
-x
�WioÛFýî_1uRX
,ê .;m�Ø®ÛuÒÆ*Š¢.Š¹’6!w.iYýõ}³Ü¥ÛAQuDîìoÞü|Ô£.þëѸOñˆ’ü¨M&´ýS,ðÐ¥QÜ‹†4˜Œñ»Gc*$Í!ÛÅíæχø

!pF9�FÑÈ?dt{(ìÇýQ4ñŠû¸ìôƃ	~öûÃh
-½�õëP-§´1U¤»¯2Nþ#ù@V˜¦UŠ ؼ{½Uì€îf+»aÁÎö½ax‚Sš)®K¤Ð勳“ÏdaGwÂq³Ø2¤dªF3Q,°\¯æ@~*�n“‹R!7ÁVÉòÀf
™�èSÕ£×µ¶µ(ÐÿbáÎõõÐ çà«çmܼ=~¯Ûˆ°}�mŽé’û!›‚ù¿dL¹ÿÒ›ºãºlî.7¨
-^7�¹µžV~0x„G~ôã;±ÙÂèèw»ÝÚ¡ÄKµ1'ùã‘ÜõGcîÄŸöâI49‹ñ�8‰FC,ïiëöÍÍ:la>âûƒ®LRñ:ì(Κ14ññ9‰©=î:ùÿÑÆãA4áó–í�cVûýôè×£
 _—oendstream
-endobj
-1229 0 obj<</Type/Page/Parent 1068 0 R/Contents 1230 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1230 0 obj<</Filter/FlateDecode/Length 1763      >>stream
-x
­WÛnÛF}÷WL�
-‹ºX–ähaËq!�ÝX�Q@/+r)mLr™]ÒŠþ¾gvI™bì4É
/;3gÎ93ür4 >~h2¤³1…éQ?èÓèlŒi4�àç!þIñÑÕâ¨w3¢Á€1?;žNhžï÷iv62£b#©´Ò�LdXX*4}ÖÊ_%³‚/	Št*TvJ*‹ôÖRntšãùX‰0Ô%žYD¹°v«Môvñù¨OÝÁY0DÜN±)~S=©D®etÌè’îEº$¢TeÊFêIî,;*�Á)2ª«»Ó7¶‚­‹çˆ–´¯Ì¿‹²Ÿ¤Y¾¥´´­$¡Zi�×ÿþæ Ñ¹äðÚV%	ÅB%¤b®ªL˜�C¯µFÕ®‘|Ð0׸8ÌŠ
nÖÏÙ�.“ˆ3°²Æ[Å1²
-=ífhúZZJeVz~¾€š×e"•§´*¨•2?ÜÈðÑ5k¥¿ÒñÌaéÌ ÝT§ËJ=•à¯�ȃcšs. h(,Nü¶M"îàËâMxÊ¡¾÷Oj—P%÷ª!5Õ¾N…½ÖÛŸ„ØO‚�}µ80+3e
¥Œ¼PV.Çâ¨é5d›®ín§KïR¶Ìód÷l.Ù
-UÛË–�Þ¶Œ–o�À{7aÅìî$˜ðó4˜²Ú—Ãñ¤2’`bÄp‚i0¸€“ŸWVþ¤0ƒ;£W‰LYå½7Fg¿Ï¢ÁÐé'˜L8w2eLJ•…IÁÑéäÍ	þ‡jn0�«ìjQ5|è’Nšºw—�b—C+P|ÜëñGü¯e/ÖQlª¬DžË,’Q@7FÊ«ûk>™õ]³e‡kÖh¦!Ü&»³�øIluvéÕZsõq´—š2N­®ØF‰U•:C«+mâòÚˆt/¬T<Âñ|eå:%€Œ Wxæï#F­41¦z²è^ïSjײÏPÃ9øDî—‡Ñóz¢Ð“Ê·þZÝ ‹RFˆÙHFDŽÎßù°€nM�ÚntRåíA¯Om
-Cendstream
-endobj
-1231 0 obj<</Type/Page/Parent 1068 0 R/Contents 1232 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 700 0 R>>endobj
-1232 0 obj<</Filter/FlateDecode/Length 1833      >>stream
-x
�WmOÛHþž_1ªZ5•ˆ;!/ýr¢´¨z�
-�„T­í
Ùb{S¯MÈ¿¿gv×ؤPU!ÎÎÎË33ÏŒõBá_H³ˆÆSJòÞ(˜Ï©ýUÞáû`DÑx,h2:ÄïhR)iá®?ý‚0(œM!0™Ïøþ¿$zõ¹7�sZ°ÚœÂqŒÝCF×½Î#Φ‹ggí#Î`dѹ×>æE‡pÃ`��Gœ!(oÜžµ�8›‡Á¬s¯}ÄÙb„�³ö1§qxLÛ³OËÞðtBaHËc;�Ïh™Z´F´Lú±¬¶Rô K£taª`v@Ë‹Ï$Š”ªµ¤/'GÇ—¢HÖ”èTÒm¿Ð
-C7<
Š
-Ý´
ãiÊ4˜Ÿ?ß±
–â],'Ûè+qÛ™
-ý¥‹ð(Ó¥
-ûÀèÛq\æ–TS]ȃ=ÿ¶< ˜$›ÉQ4´õĬ�×gæ{ÊÄ¥mé¡?°0Õu£Kðè€;g¥îšñáhF[ßç¾mîT¥Îh•	®&wŒõÕnlzòd“éÐ0
ïë±|�Éæ’olR†§#Zðæ“q„?æø‹%ÿã�BIÿªU‰jõ?\
Yæª
-ŒÝåZ˜^ÙxDN™Ÿë[
ÖPX×xy‹Er¿%.ÔU¥bËð,`ý·›æ#§ÝSEsÿ¶‘bÅÛŠÈœWÝ)¸Ñnùb¯iݦñoñôíî
-Þcî3L×h_T‘›Ý~S{Ea]¨ÇßÂIw¹�2å<uÝäÒ9à>o»€•säý�5™Ùß/ä¤W®Ø8½/rn4™óéáï.ðþÉDó \ð,âNêÚí0ßt¦^@˜Ó¿•š
˜çEÅ”8ÃÛêå¼Æòo}ÁÐ-0rËÁTÀ[�¯[gUŽ)‡7‚Š^²q¥íšø}þd�ÉÈ>›î”»g4´#ƒŠA~ø3¦$¥'SLé�
-ú�oÖ–l±8Úôt̲±íZ@Š¨:kBb;
J²?„°gJ<•Yb³Óë\%¥6zUÙü1¨þeà‹ìV^Ås�_d
M73¯oOWyk'7ï:ÆmNwtbw.»ÌOŸOh¼ô=›ÏsO4!ºy¾Ót5Õt}tþéˆcþÉ/nÇ:©9µ6í¶¦C¼:�æcÌFà˜´ÿRÎÄøÂd6	fS¼Ö³ðì�¿:Yöþéýø‚ë(endstream
-endobj
-1233 0 obj<</Type/Page/Parent 1068 0 R/Contents 1234 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 705 0 R>>endobj
-1234 0 obj<</Filter/FlateDecode/Length 1838      >>stream
-x
¥XÛrÛ8}÷Wô›<[6uµ$çe*{×µ±“‰”Éì_ ’0&
.
ZÖßÏi€¤(&µ;S—/"ÀîÆéÓ§ùÏŘFøÓbBÓ9%ùÅ(áIûãËß/&ãi4¡Éd�(§Ù|‰ßáSF«‹ñÍ2ZÒx9‹f¼:�¶Ÿx†h¼˜Esš-ü¾KIÛ‹wë‹áýŒÆcZoÙó|¹ uê�h�\®
%¥N’)I¦ÊÑOëßñ
-ÌùW.µKŒÞª]T˜,,5Ö.éh*Ê+먲’Ü^ÒÓšV²|‘%}6™JŽt‹¦¼
-/Þ46	¶ØW$_eßæa¯’=)ËϯGtíAY§—J'Y•Ê”Êí;Ž6•&æ­umoøfÊgë„SF÷œD´ÞKÀ£,‰óHÉh<zZ,Á0
ì�½~4¶RNl2 Ø<€Jïúq|0¹P:8Pҟ蔋ˈî« •W$2·7Õnï1ü¦tjàÿö¦Z"4m<^g°àˆÐô‘ëÞ¹‡!W|�ƒÊ2>
-€K‹"2¡ˉhÒXÊ�²®<Ò³<"&ñÝñÀ³Òц—%§““íd^d ’�èæ Aƒ+¿¼UlK“û�'’ø�ÊJÓ^…ÊŽ$µ‡�“àsÖ9(ç$¢�qZâ´
ë–¥B]QbòÜèH¤y/ï°úÝ›¥µûÁÞˆ|òÁþ©•ÔŽœ¡¤à»ƒaÛ�øþÆ6(IïÅ—¼‰cï)Ž•ÞöÃj8OOKv°QZ 
¡Ì˜gO4,äTi iL†œãIyPVF½hž*ZdÖ ZÁ!ãGªJ™ �ÌéÁ^¥©ÔƒæÅɺ‚2[ÃwÃ@$ªÎ,+ˆÎõÂ6Ïk‘Ãež©DÒg‘<Ó”âKFš¹PÆ?ùÐO6{‘Bí"º{u¥H´
Âʶu’
¼p¢E.iøÚCD�dä�;¨ëíôö“›Ùb.°ãõ¯ú(kÄh.¼N°‹®�AòW”�!a¬„µ&QÀ늩y_z
2=@~7’d€›…¥ƒÌ²š˜=}^
-c­bUS¡!:3‚“�öJ´vÈêõi»Eæn¾8v(j�*Žd¶Ý¶4¢üzÂzí83‰\¦ŠjöýoYz›æJ³ª„õB‘Ä‹PY«¢MÀA(URk¶Î»Þ7êÞ©¸÷ÐCÐ
-:™šVd>g'®¡öƒöRéOµ+MU4 ì‘™§`4Ø૯t
-`Og'd2¢�\Œ(>o^Òû(ˆà¶Ñ£N”qìŒÉl—Ò>+ÇZ:(…Òq\‹ÖyÄèM ç®Ck
-ñ%™¤Í±Ç‚ÔTHÿ5–“gÔO_…¼Ax�¾× >Ø9ßz°
--v²øŒ
X ;9âÓ,Ò)’´]ÂN
-Žb1ÖÕÅÃ'×%aÒòµÂ¼Á
+”|�ìo3sCöh¡¾¶¡L£hkœ!ãù¦nt¾•`xn¥äÍ
-´˜³…»õÅ/
-endobj
-1235 0 obj<</Type/Page/Parent 1068 0 R/Contents 1236 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 710 0 R>>endobj
-1236 0 obj<</Filter/FlateDecode/Length 1943      >>stream
-x
ÝX]oÛF}÷¯¸/…œB¢>(Kv_
-'Ž»ÆÆI7RÐˈJ“3,ghÅØÝÿ¾çÎ�M§(Ú>uD°HÎý8÷Üs/õëÙ”&ø7¥åŒâ%ÅÙ$šàÊñããg³å2šÓ|~‰Ï‚âËøø-§ÕY|1‹.h_D3Ü�/æÑ¢ùÆw_¯ÏÆ·sšNi�±ƒÅå’Ö©·?¡urþAK2¹½¤­´ŽR%vÚX§rÆä–2SQ*·õn§ôŽÊÊlsYXR–V¢Ø
-RÎÊ<‹èSS"4ÕVzk£”Lé”ѯ֟Ï&4šÆˆo�ž³½­q{²Å6%¡SÒü‡3dK™¨ì‰{áhà}R.e> \8ìU²çǪZG´’ÁK
�¥ØIKF{‹Cv7êøóÖÙ
üE‰Ñ™Ï¨0•$¥L!8H>~Ê2n#Z–N >ÁJè�¤¬2M{¹mÎÇTf¢ÎÝæG;�Ðæ|ŠŠöpÖL•ÚÍ«¨12[ ¬
-òZmèqf‰bj6,eö§t-û�¸2¨
䌛0´‚“¢c�À!™jêéÝwvÔö±Ã½RT¢ ÿË
ßß&M[Ž¦ÓhÇ�~´üfv1¡p¿mÐæöQ6�V’{f�ÞÑxüo-ÝVKZ Hhƒ•Õ£¬þûÇœŒfóèj±<‰óµ¦Õýk’Z@åS‚EëÅ")Óº(™åâQ¨œ"¸w®ün<>‘¨ŒLµGôÖ³Iä\,¯h[§
vªVŠä
Ô°ZeºžEò'­¾x6~R:žÑÃȽò‚‰Ü{¹)‚ó
-Üq™{E‘/ú¥¼…]W‰$0Ÿ~^à
-Ý­΂è""€^
ž>Cá«í}²{Ã#íV­¾¹ #ö~ò‰‰Æ§ e�ã77mG¢"+|„qÔ±S¡ÌBxì^•¬ë )ŸöúÜŒr‘QÀÛc«	ýDÈÙÏ”bb‘³ŠŽ=ÑNï2oA”Œ†	ª"«L$<PyA(”MjS[°>•˜o~Š
*Ù~™0ËM/?£¡>|XóµààÁ÷Ö9ªÊš‹½¥‚„ƒ�0ç&9O–fîòmÚ$Ðãcéý#=¶ÞÂrD¯!zá…p¶Tó_Š°·*in`s±Ip
-]ÌûfiÚÜï?ü|Ç~‡M>æ¿G«7	ý?5x·&¹ËGñ,Z.—Obü¶ãß°´ò^6;�/£Ë«˜â%ÿJ„gV×÷¯¯ñ:k>³ÄÞ˜¤.0ü[²'Öt±Œ&—1�–“+~þï�§_üªsÇ/Ò~ɘ/çÑrq^W–K¶ðv}ö¯³ÿ
g’ß?endstream
-endobj
-1237 0 obj<</Type/Page/Parent 1068 0 R/Contents 1238 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 727 0 R>>endobj
-1238 0 obj<</Filter/FlateDecode/Length 2177      >>stream
-x
­XÛrÛF}×WtR’S"x/òË–.‘£ªÈvLf]®å>€!10Ã`
-g‹Ÿ¢Ÿ¨r¯æõ¨ÓÂàyzòw9+Ê>ºòÞWª2xV6%¯+Zë²0Þã•'åiëjJµ.”¨õºtëÒ¨
-¸’·•äM¥#ú„“çdµNI¥…±ÆW%´<h*Í*«<5úálìᕵÅ~ö*j4	Âpg„À·²�+úhlê6žÎED»……œ
#3lS+m«'„÷N^]¸µ8Y,ÄbÁ¸r.÷;´_E4Ït©É
-Žv¤6«×kW¾ ´ÿ}NXù³–?Çàä°ÙÞ ÂÖ0YÚ¿H`üàj`ÍùÛ7(§=×…QX]§²+¦ý.Ýr¡{�<+µH~B”/Û^êì1ff‡'½*vu4vX#Ô'�%LZ�9×CÀÚÐd¢õhïÁ,ÃYéY,JÒ:×Êã],ä!:žšãª6)o´`šýï"ߨ­‡{…–tùRxpym+�®pÊâA{H2ëà±ç5�Ü¢1bNàÐìqܪV¥â³l:ZRZ'œŸkUV&
íc®Ðªª9i«çï+S`»°˜/ñ_ã+>ŽYZ!¾þ˜µíç$ÛÃ2wáJý…>ЖÌWzÖð<ÔeƒQÛZ7Ü)á&O–\^R4)6­ö¬˜��}S(&¼ò2ôJÛÀŒhñê
-endobj
-1239 0 obj<</Type/Page/Parent 1068 0 R/Contents 1240 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 732 0 R>>endobj
-1240 0 obj<</Filter/FlateDecode/Length 2134      >>stream
-x
�X]sÛÈ|ׯ˜‡TENQI‰_wWII¶ì¨*’‘w¾½,�±€…w¤ùïÓ³» !Ä©ŠÏ¾‰ý˜ééîèÛÙ„ÆøoB‹)]Í)­ÎÆÉßœþ÷üél>N–4[Ž“kªh2›�>•´>›^]'W4›/’)žNgód?ñSœC³É;®—ü<Å?#)?»Ýœ]~¼¦É„69ß=_.h“ù{Ç´IÏ_Ο´µj[_ÞÑ}NGÝR!ö’¥ºjJé$ÕÒUº&gD*éåœr£+r…$ÝÈZÕ;Ò¹ÿبF’ÓþgiŒ6ôòîÝæëÙŘ.&Wˆ{“�óù©¨ÉÊ:óÿ–¼¿y¢\•¸ÒÒA–eÂ{.?¦1è‹É$_]QwÂËt6¦°¤Ë+®¸˜Î
.y*¥°¥Põ+n32oËòH[™k€"œ)í�c¦Ó¶’µã°•¬„*z¯k«2i¨ÖñBNÖÈRîEíøê^B�0Î’ªcÞ[�;<*i­ØÉ„6ØnEµÄçó�¥²ØµV¸—Šv”Ûj‹+�e#5€!¸!zˆãH¢,Q™ù5þ6 jÈVÛ$ÕuŽ`8`eb¦”)#S§Íñ?G¶ƒ­‡ì¼z�¬æº¸Z%s†öŸú€¸èžvÒ!ÖPø7YÅKºÚ
-ZÜQ;•
-_žLàk¶tìÖjàÀ’ñ˜³‰sÄ#Ï´E¤¥FåH¤ž‰Þcc`	Ý”V�þëò䶠òš;Ä°3ð}܇ƒZ+
ìÞûÞ‘lë—‡öÒ‹	ì˜N8¯Ã¡Ôؽ—fpûËùã&>ñö¡‘;ìüh�¨'šüXdƒõ
-®'ÔÌbiCQ†hß[Û¢8�Ëc¹
ˆ—ò"ìì4SéL–^hCÚZ¶ÄÉUîŒ*‰Å�àÊ3÷ÙúcÁŒîà`jTã˜0
-Û5«
-‹NÍã7Ö0?òê²®mT†�§FâºÜú}´¾„}gkÁauðÝAÊ!/‚û€
*ÁTŠŒ1L²­Ãü °½§²GC‚È2Ää”O[*+Ë=€�=ðè«RÕ@·¡tcÜÕ0ó³’0Ø]`Œz€¥o­Bª]³@³å
F%-5®ån»×¸=:´�¡âB[D¨è9ÀC?°~Àa7¯Ä«M´?ˈ«Ü÷4LÌA){%<¡¤
µ_ÃÖŽè¦?µÝ
-òûW™ÚNŒ²ïÉŠÂÈR— 1/Ã͘)b‹D}2i_�FÓÅ:ðÅð,W·ÃDoÃûL)à�±Ç{ø5@íZ`Ü°·ÞB¹öŽ�uvÔ
-â•ZóHˆöá«rr
?NE˜™beÃb¿ðs¼Öþõ¡¦Ø_NJåA1ÆwÿÔp7FÆ·HÛn
SSÕP�à–ð/ß?£ØÁ�Ç .¼UúW9@Ê{nï?¯É¿h„	î·Iúwn“ýÇ¥8JŒ"œlŽ¼jÀÝáü$ñb%!Àœï4Gö¯ðÄ좇Æ	4 âàñì”ÜyˆzÁŸõÝówϾäx¦Î)'‰�ñÍé•lókÜêgÙzö~é[v ðˆK'®Q†0/x¿E¦VÂoþd A·Ÿ1Ìûþéý_‚Ñðèï�!x·Cú8çt÷¢0
A_~\Æ·§É5~A±¼¢9~�1ŸÏx®_ß<ÜÞГÑ_;}ˆïåžÀ\ä‹	–ò–‹Åxõÿ¾\/®“Å|‰ß»à‚ŊϹۜýûì?¿µ…endstream
-endobj
-1241 0 obj<</Type/Page/Parent 1068 0 R/Contents 1242 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1242 0 obj<</Filter/FlateDecode/Length 1897      >>stream
-x
•XioãÈýî_Qñ"ˆ°i]Ö |îXÛ“‘f'
ô¥E6Í“l-›�þ}^U³)™v2»3°!ñ¨ó½WÕþý¨O=üïÓd@Ã1ÅÅQ/êÑÅ°�ߣé¿ø©4¥rc6‰†ÝëW‹£ó»õû´HÙÆx:¡EB°ÓëÑ">YdšâÜ貦:Ó%%V;Rô¨ë//®VŸ�®~µÏ¶„—ß7ÚÕ§´ÍLœák]ý
ã5*U¡É¦òyƒWþæ(ç·>,¾õè¬?Œðzââʬ눯ž!¢py_•³Á8ñ“Ý°b[–:®áÍŠÄçÃr™BþªLÈiUÅJm…gÒÀU“’©	_R»ÁW¾«’V¨ä´ ž‰ùgõwoj�Ðj'~}©"ºLkí½œ\§Ä¸6Ò´²Å;±¾É~ôãì�.“¦+Ü�Ÿu}_¦6´$Ôw¾é
-ñðßñß4$³è‘”«éáÛÜñd¯ûRJ!וMM®]DsSÆZVÚ­méð¥mÆ{a	”J[JR+SR±‰³ŽÓ¢{Œ w‚®%Ž/¦œý»Aª£‡Ïó’t&ÑÃÁ
-<–
@°¾Èîqòy~ûé5N$²e¾{mµÙ1¤m¨0*A\g¥‰U+Î1ýÝÖÕü—ËO·_Ò0¾vPœ�J`{kàæéáòþ±k�»Ýõtûé·7iylãBÍ‘äW
:}S•ñÚ
ù˜?\Éð£ÛTÞÖA€È‚Ñ,D—q½a¬u0è[Š‚ê8<`�‘ù�–´�(QÌW]÷´(8lAò¨o³r§D
¬E)�Ê­x®,€	³%Ùµf,Ÿ=«n®#ú’A[…BD¡[ˆÞ˜úf…Û¯§:>•ƒ{y¢dÛBú§žfâÍH|à²j¢àÄ——0D×pôµ¦tƒ+,ÑËa0²º®Ÿ­ÅΘhÅ:Ñ0©]f7y‚&ºX19¡¶R8µÔ±ÒÏð)w4yìüÔ_ñ,¸ºšËvÌP7"‡Ó
äÈxÇ�”53(“_5Er3½ùQ©p3Â�®ú¼Ÿ7Æeí4Á+�â6ÃEl=\ù]B åéŠ%ÙÑÖø%o/üšÛñÑßÀLã$ õÑni¥bQ~¥U `I:¸·„b#}¨¢¨ªH
-W¹¤ã–Eÿ–Ë`o´½“Yf
iT4øð\»h5ës­
$@ÎZ½ý¦r“p™y[a#|àà
ßœ|œ¬%�ÝñË,¤”'‹
-e³,OøÛñ:hÒñò½”<îe)V+ì�>©^éøõ}à¬#šÍþÎ_µ)0þ¤¥>ŠPø‚Ü=�ˆ;uXOh™Dž]§Ò Ð¿x·špŒý´ÂQ�©ÆiÔÅŸO‰
å�‹ÕòDN–*ç…m'óî�N©2ÏYýÏå~�© ¸«@‹‡CÌ­ì÷ XÍÔh‰´08Å¡/Ñ©)�à€G®ß'¸ãîö:ÁÊÉâ…kæ´ßExÝoDDå[µ;À¨
-Õh2HÕj®­YMöi³›a7¹~µ¾ÞK纙†p²ªàZ|fœlÎwœÉùݸ»÷L£‘ß{Ÿ·ñ…¿&œ´–Ú…۬׶H/¸†vãøÆŸM.ÓÆ]›õt: ñ¸MƲgÍ/®.9º¯`!ÝØxÛ’LMétŒ?L‡t6éÍxµú¹¿ÝÉG“Mý6;í±ÅÛÅÑ¿Žþ’aœ
endstream
-endobj
-1243 0 obj<</Type/Page/Parent 1068 0 R/Contents 1244 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1244 0 obj<</Filter/FlateDecode/Length 1524      >>stream
-x
­WïoÛ6ýž¿âV h
-ت­8²]`šnÝtY׺؆º(h‰²¹H¢+RUóßï)ú‡ÜuÁ°Mlét|w÷îÝéÓÙ˜FøÓ4¦Ë„Òòl�èj:ŠšÌ¦øã-)Ç�ÙŒö¿ê5¾Œh2ŸFW�éø2šÛÜFáWg{9gƒ¹�“i4{ Ûq’ìlÿm2ߘ
-‹sLÔÙÅI4a;ï­ó�3àVЭ´ïŒ¬’ö¦Ê5’ñ©‘ž4;ƒQýYÖüm-�{Y?6;ìTèTX¥«ˆ~Ö­„ñ€ì!˜­®
-”É\4…Ϫebê­‹
-Ÿøüó[ï¹ó: J”Ôæ{F”+á{n¹džó½*.­tv·ç칩?«´ßl8'­!
à¶h¬.Q�T8aåûç=wŽál»§#ºÉé^7®/§X`"qè~N73/dnàÌ?–�±{-Å�t¶®1Éleª@æ,”ú «,’bUHǵ8ŽâÑ•ƒæûʽ/îÒ‚âD4ëyBCj¡‰¬,­BÃñ1&x(Ñb¸À$vÜ—Š
-ݦ\ßÁ„ª:Šy}ë¡ße†ÉÀ�WÒ¶RVè¹5×çÿ؈“@·¿.8èÚKÿJ²Hº�>ÖxbòD<}BS
w1ÏCÌ!
-2X1ð ð¡3ZU”5Vaã€4 qœlUþpÎ 
-­Ñ#…‚>"‹½³÷:é&„+²“ÝÃ~ùæH>Z&Bó™Îa8J¹ƒWÓ·ÑÉúɃ¼w�æì8‡H]’ü…^ ,ƒâI}¹ŸåÿK3ð^Œ”¯Ž~îž%÷ƒÛ¯,ñ(š&sL Y4K®ØÁ�8¼¯¦™ÞA[.i`%u´t[-+æPuœ‹ÔQ¬@Å®Š³n±O&x¥Š)IðwŽwŠì;äõsz]ë¿0«è�6¼Ûïv¬á¯E£Ù%
§#¬<ÙÅQµé¦ÂfÛ¸=Ê<£·]™š-½éÞ:ÞAÙ»{õàL¦Ž×:v6ó¥g¿�ý
 0xSendstream
-endobj
-1245 0 obj<</Type/Page/Parent 1068 0 R/Contents 1246 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1246 0 obj<</Filter/FlateDecode/Length 1915      >>stream
-x
�XýoÛ8ý=ÅÀ¿8l7IóY`qHÓ.¶Ø&Í]ÝÛ[¬‹‚–h›�DjIª‰�ýãïÍP”½jwq8E?$rfÞ¼yó”ߎ鿎éâ„^œSQ¼š<ÿñŠŽ�i¾Â“óËš—t4;::¢yqø‹±¥{tõº÷ne*Mtl›gó/8wÚŸ›žœÏNqòð—�¶¤¨
ÚÓÊø©rë@Æ’³´»mBq£ñîãWg¯¯çd^«¨Ë	©@ÊãW•Ú}ˆÊGºÕ¶M8öM�_ÌN8âèµÑ5£	��ãÚ«:ŒHÙ’Fw:nœ+G3šotÐT¯‹è¼Ñ¸/ ã©p6j=šª¢¥¦Zûµ.ñϸ‘4+W¨jõ+Ò2Î
-¸/£Àâåbñ˜ðZ,š„VX,¸>«jÍ
-nˆ#ÿ?A˜Y’ œžœÑôìdvÉâöÑò”íh3ÙµžõÚl+§J´Xƒ›þ§Zú¡Ø(Œò7�¡³ƒòö
-§;ÖT=îcíDä,o2�2ֶ›&ö":L
“éó�X•|žúL¡n|ÿ2Sg¤MßM'Kø‘ð<s4­hi"©5+L"ô¦Ð¨æO##û’m’Ψð€U‘«È]„Z',†g…u°cÙ·ÔaÂA—îI¶�(Üo,?j:
˜ ÉÌÝO�е*9§/mÎûàØ'P}ÛhÖ]îzPõ’u�q‡l¦+Ipqˆ)mÆ‹>?z@ú2<úÉ„˜”a©•Ç…ð '{5rò=T‹+m4/õ=|1]<.=—†”1ˆ¬eJÓûƒÐñ¤*ìÖ¦ÁbꉋgY©@ŽÁiñºè@6í=º-8Iú¸�¥†�	­Hûª­ª-}U•)“;aD3¯z)OeÞ:µ,"I|<ÇËýµÖok`³�
ZjœÔc)p+È×òNyŒsA;åûG·hŒ=?þË
-÷ò.’ÊBÝá‡Úùw†§LŽj"`‡·UɾH-a× §ú‰—H¬7O`%`—
×–B£³2¨´cä(5¯Qq3�°T`
-endobj
-1247 0 obj<</Type/Page/Parent 1068 0 R/Contents 1248 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1248 0 obj<</Filter/FlateDecode/Length 2001      >>stream
-x
�XaoÛ6ýž_A–¶â؉gŸÒeÝ4AÖx†º(h‰¶XK¢JRvýï÷î(Ù²Òk‘6u$ÞÝ{ïÞûýìRñûRLGb<q~6Œ†b<›áÏ«›)þáË*±:{??»øp%./Å|EÏNn¦bž<?Šy|¾7•Øé,+]$BBÞîûbe¬P2NEå”í³ÏÖ¬t¦ž¥O#ñd¼>U"6…Ç+Žžð©vb£öbqžé�Êö±TïæßÎC1¸G#Ä>�o‹¢™�[,Êp*¾£@…ÌÕâ]ŸN.D¢2UG¡C[ñ9;ŠnÕ÷J[•p–BœÑ$º¢8Ÿÿø¡='iÕZ;”%T¢½±_øÉ‹“–Vn¯wŸžžþ¤“Ž°�‹
Ê
-¬‹²†œ„'œ—Ö‹\UÔ&á”êv¹§ærCI±”ñ¦*)CÊ‹IRR�°ÈJ%*Y¼ë²8'Q±B¹Bb]­VÀ™´*7Û†ŽÌÄ2ƒö¬’ÉÀ�_ª“Br{°‘säÅ» •û»yÍŽ¶�djEÙì‰zSü¨WÙë‹^¡|jLBßÁë¡ìDôpÞÚÊÜõ Ú,QÖq…tätb	Ê
Ÿf£ ]§¤EóQRDê�_�ˆž_?ŠR:·36ÄhOª�m¤ÖRÎI
H¤n'íña
-Ès£ŠÙµˆ3�N?}ûúíÛqªbÖfÇ”h�-a!àÉ)%zˆeÒ'=Rflõb•K³e# [>@8DÄ�é²Æ?y¼{
-h´që‹Ÿ²1ŽC5Mí“PÐ`t-ãY4!ˆ `°¯2ùJ�¹>àŽ!3üÛÉ|)AM¢–ÕÊÀ—ÚâÉ`}~§ ¿1ár!¡œê<[h�
¢`QVÆŒ餣FWA¤»¸Lªœ»bËM©*˜³a¥P—)kéxE”ÖrDB~¬"Ž•ã4aúOs
d·äô�[
­óøÈô¯52'�Õô¹cÈ„ùƒû§;œÃ¸¶íQnàN'c¨`Äü ³Ã(¡ïKH¹�Š£¨[
g€¡šC€P:Ih—Jvùp‰†KXU JAþ¯³{`dle)òüœðŇÙq$ŒnB+¾Ö€Ð¯ÆnÐß^£Ü«hH�S¢…ó+a(¹kk(
“ã5øüç'2ô
È(ô uø‰
%s˜AÍC§^2%N,ŸKø©Ù	WªX¯4Àó©5Õ:e39é¹RBs³–
�¢Ñ64šF7cÖŸ³Mœ‰Ë¡¬Ö³)æ \t ´áãå~ƨ_à÷à ˆi±HM®ŽC>p–h£»i&ù@
-ä¶êT´T±
-ŽŒÑT`$/ȃXþÌ¡¿—2ù©F%ZøZÿ^f/&-�b!)ˆ£¥
-mKPG#HtìœÏýó¶Ø_>Ö™>T‰
-ƒPeDÇÑ~Ó©²¦V¬¬ÉßfV•Á[^ œ�£©©j
-žøŒ¸—[8•\¢ŸÈ	Ǧ�žë•ë¶qßÄê­ê‘¸ð®KM•%¤ jTÛKo{�œq Ot”…}‚Þ®Ûñð.âñúb¾UE`æÐ�…Ú5¡‰¥Þ±‚Æ6šU†…ô0	х輦
-Ñë�ÇAÙ)“ÐÍœiº/
->ÊzÙY�e¶T6׎Þ#h÷ÌúªÊ²Nø:_ Ãã’fé(lG?;MÎÛ–]qëÔ݆��Ü„R¨W2:¡û€(w¦J¿©D
-í´¡ª\¦ãžjݘm	9ÑâDs½ôÉá	*”«r¨fYx:á‰E¯h‡&Wþ.¢†Ä
-£¥.-îŠÅþ�
-lf‘xð‡zwe™ézÜK/Ãj¨W±¸WÙNͽûp/ öé¸Î¾ð]àw�z�…{„uöd
o§²a^ß7€oèÃÖ(kÚ»Y¶p‹ä
V–%ö]^FÈwÂ…�ÜYÞ-,¨
L”•-áá1®,½‡«bï+š8��ü‹¥‡Æ"¹ �ù.¿ãîjM&že¡2¶)÷È:ì÷
xˆ†6¶zKª—WÐòWÇ[n‘[؃‹È’
-‘`½"ƒÀnEÙÄéã>s˜àuå?Í’�÷$Þšø@fÕ	~ju@)¬r­íÅÕÿ¢íÙW¾ˆ™¼]ÂÅ£gÉ7[(šÑ½øpS¯J—ü‡ÃÍXL¦ãh2¹¦…ùåîñý]Ø¿Q]÷&F¯cZ“çP~ƒæ•Át8£çAÄJ¯+\é¡À]½â™ánÅK½h
-endobj
-1249 0 obj<</Type/Page/Parent 1068 0 R/Contents 1250 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1250 0 obj<</Filter/FlateDecode/Length 1706      >>stream
-x
}WkoÛ8üž_±0pw-+¶ãWôCÚ´@€ÆÉ%.ŠÃùг–HU¤âøßß,))Šúh µ(îîÌììúûÑ�ø;¤ÙˆN§gGƒh@“Á0šÑx>Ãï#ü’6þÁx4ˆ&?{0L£Óîƒ÷Ë£“Oci¹¡Ñ(
†4�O¢ÉtNË„i0 eüæßt§4ˆòñlF}R¤�S±$·ŽKújŠ�uÂ)£ÉÉ4µ”U•#e)1{�‘(ýH‚òÂlTŠ”“‘x»üv4 þð4!蛚=¥Jï"Úo¥ÛÊQpþ‰Ø•"Mø@R,¬<&S´NIÀ€cÖ xlôF=–EÈIY[â´°t�Žö[K½ÓÈï8T“‰�´Ýš�‚Þ=„�ô)‘Ï×hYP&œãŒ
­e§°BZ“>É俨z0šFc®8 ;jоŠl-(Q�Ò:TSàõÜèDê˜ËF¼ÒâÔÆ”:Aa:Á�ñhùÊ‹L&Ç�<Yöøi¼€4‰‰‘IÅFw?áúR§ÒZêY—…rzçÃö|Àr)ùxæÂÚ½)‹Ói{´zc%Ë
Œ3íîþ¹]^Ý,"÷ìVo™Äv„»ŠQ_FáÓNIïHå‘H€c#2›è`Êb±ln€ 
-óB­39A4ds«ÍÁ”F.ÂmQ.Ü�¦j‡š€5×–š8˜
-
-MÕüŸ‘6ë'eJœ±4€Ëg…-…m«S;ÜùlÒ7ç·ÆºæÒj8©Xñ�êë¶ÒQ™‡�'vé¡ûfçËöº°
ùiÂëOk¸ðô
tXEQ¡§µRb'¹¦0/”f´4Ý_-fÍÐÄuÐ
-ëů˜~©�†Õ.¥½ëbD´†é1[ýZ¬ƒHÓIÇËÌ©Lž°%b É0RTð0¿é¡"¿p7sŒhé7µ¼òÑPuk‹!¿Or¬öªÁÐlT
Ö8b¸7ìê±ÉUhz>ÃÓ.m/E͸zA/È©
-endobj
-1251 0 obj<</Type/Page/Parent 1068 0 R/Contents 1252 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F6 9 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1252 0 obj<</Filter/FlateDecode/Length 1770      >>stream
-x
�W]oÛF|÷¯X¢
-UÑ…®œÑE!ÍO>dm%Y‡<œ&åð+“†ÿו$[ËDe*¡RâÙ”‹áZeåT"œÒ‡¤ìrá(5U*
#SÑúú¥>~Dßåa©6Jûx÷ªJõÎÒMLki‘Äq´ ƒcuá±}x¸±£ ‰.kQ)‰þ
-w­£­ÎܬGg'Zð!£T¡åjÛ8U=øH�EˆCÄ(Np’Ê”ty{}~u¹oŽ)€dEY(Eg£°¹Þu$b|kaÐUs�h,ÞLŒäOhÛ'(l.˜�ÿ‘Ù$—%Ç8ž…‡­|)hÖçמ’xl¹ŠN˜«Ã»¡yœå–“³áè–¤â$¨.˜Ž™*¤ïZU9VÜõÍäþöî�_ïn?}¤�6_ð>3
5Ž	Ïo^qõ8\ìð$
-(ÂÊŒO~�–¶ƒÈd[¸Z‰ö¶kº™û^ùÀbjr‰¡¿Ì
‡À)蔵Ï]$•6�}=@F9%
-õO`“ª ·2üÏÂcT™P*ÁY›	W#¿6p�
ïO|ÿRÈF‚,=ÉLSydÁ/¼0Š>�„¬•ÑU‰£Eú2D
4Ÿ­ð#%Lœ¢³Zàž¹„ŒÖ³)ù–9Šš¶•(ñ�¥B‹TlÑÏBm
¬³C‰s®’g5µ®"º‚Eâ¦|ë0Æ‹
Õ±
Kî´Ëƒõa€OáW)Zªd0_*Ø2‡Þ¥AÄ@ÌÕzœùÿÀ‘1•âanì=9�i\ŸY<@¾	2’<˜5êåäð.Áö”}¿¬9Q̾¶Æ½n‚bAðëÀÀß.Þn6÷W77ñfó#þ´3Làú†^¬=­ï´v/6›ðãx¹Ù°lÔC×£½Yr!J�5ߧá)¸ZÀ?:Õ[f;JD!?œë8S™äú ÓgòBOÔ£ôóÅ�´ÐšN‹žô­n`-v ­„¾2P®P0
o3LQ~mß"vÿ· M&šÍ�Žx»'7îw+’•IÓo?ƒV€«¢[(†(N©ÌC„ÍÃK,l>Ø8g§‘OƒÎ9s¸QzÌ‘õû‹OwWñß]a®Çƒ�ƒ¼?ž1†°Ï2@ãÃ=qÐ¥JÃÅïÕ fF4}ŽîÏ–
-mã“÷vW´†{
³Žg�¦›ÛxÄ3΢Àó“ˆÇlÖ Œ~6öAB¯à²xðY>ïþi3{X)»
-ÇÈÆhê!WÀ’<•‚à1ôûjÏl
vÿ�
-;<
C½Åëü÷
x~§aü©ZœîŸ“99=‰Nñ�Oçtrö†/½��þ:úþá7Úendstream
-endobj
-1253 0 obj<</Type/Page/Parent 1068 0 R/Contents 1254 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1254 0 obj<</Filter/FlateDecode/Length 702       >>stream
-x
mT]Oã0|ï¯Ø·	Ò¤”6ðÖò!ñp…£9¡“xq’Mkˆã`;ôúïoì´GÕ;5•{wggvì�AB1~	MGt1¡B
â(¦Ëd¥4N§xáo˜ªÁ<ïÇ”$”UH™¤SÊJBxSVœˆÂIÝ� Î²¡µ°ÈúèØ:.IZjÙ(éüÇFºµlÈ­™j‰5KºÂ—p!óB�ü”5¯Ø¾žF§ÙÛ ¦óÑ$î$CÖR¨\�c¡
-ÑPÙ©6@½È¦ÔK‹Œ–³ï$§Éª¼ÖnJª´QÂ]“eÞ
&ÑÈÞ-nž=e�‹Èýv>¹}¸§‹ç«ŠhJ¶]>´¾Ãa»	èÙêÎPÃÂ@Ž]ûJƒZ¨tèuÙш([CºJ=+¼Cܪ«)ï�^£åL,¬¬·~¯$Ð’ª­Yq(05ÜÖ²a8Øìų[ÌEÙcu÷"y–/Ú¼¯ŒîZ{Fûõ«Ë3ò$÷ßÓ‡YÊÛ°·dóÉÆúö¨ÆÉB¶Â1T#qDõV+�eËEgüÔú®úá�k¡gt]ƒU¾=Ä„ÁD0M°@ÎÜ Þ.”@f%W�árÏp?ÎY­4fÀÈßRÙãod]÷Nz\ÜÑ“‘J`s×Ü;	C¯'O·7°$=8ïè’­4"¯¹o˜E±>¬xÄ5´	�×–ƒm˜æ¢xïÚÿâÌή¡õÑ@
ÖÛú‰§ŽŽLP
-'ra™¬>èöˆ¢lVGMÿ�¼ô¥‹¾á%TíËZµ ¢Âáö§ÚðJZg¶aÃûtws$Ü*é%iÜiô7ŸAvý†áAŽ¢óÞ
ŽòíœïΧñ•?‘˜Hnoé‡]¸{ì5-Ù9Ððý=k¡üëO¡z…+Åú‚ãé8šNR\a(–NüÒ]6ø1øl©yendstream
-endobj
-1255 0 obj<</Type/Page/Parent 1068 0 R/Contents 1256 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 735 0 R>>endobj
-1256 0 obj<</Filter/FlateDecode/Length 1515      >>stream
-x
•W]oÓJ}ϯ‰—"%n¾Ú¤Hµ”^x
-Q°½;gÎœ™>vÔÇŸ
M†4:§´èô“>Þì~üø«3M“1�M¦IŸ
-ŽÏ’ixÊiÆçéì|ši<�àÿCü5’–ø0�ÂPüaVl×ÉE8::KFñì3§áìàb”LŽÍö	¡D;wWóÎéÍ
û4_"£óÉ”æ™KoÒ“ÏzCµ¦Ë´&aIЕHšŠ®u!TIuY�çÒžÄÛù¿�>õ†c˜8¹mŒÌ·4ÅBìfá*e¿ƒ‰÷Û�
_3ÒÈÇFYUKú!E¦Ê•?<¦Á N’s>|%— muC)BQe#
Œ»Ã
Õke)]‹ª–¦KU.…•TˆIÁ᳨Ý]�‡T°U‹E.i£ê5\ªUcà—Ù`äƒôIÝ^dP2iS£2ó.¥O¹‡¯½Ïßïæß“—ru1˜+£›2{5Ã;ŽYˆcÈ?Зð©éZ•!!>ÌI j¢´”&×+]—ÇFÚÚÒÒè‚6Ú<ØZÔJ—ö°v1Ã;UfzcéÛ<8Nèn-Kù{‚ëÍòUöCÇïö–»€hî_0¨¥Lßâ¤A—èò˜S¢Ì
- ¥äT¬þ;Ó%
¬cˆ™fîj4´�”!�V²hBvˆ QÏWSôÝþ¬¥Yk}ŽÂÉ[O—PÖv’`ø¿6bKÊ«DЦø–“m©‚ëµñAFS
íõtD�SVÍ8W¢+Ä“P9ËLB×^"…V¾µB‡–V‡pœVik™6Ê
Fx‡'KÚ£×%°™@ƒ–?ô¹TO>Öhɉ]¾Mö™*Ñ«P4Ä
-9íµÞ•.†àÚ¤å°)¶œ]`nŽ† /ám»s¼5ЛÁÂk>€‘.Ø,‚Òò÷œÛHcƒãÐ'ÂVÌB„å�gêÏå–ÊtØ.Ê­‡-r‹íÑ^Ñ•]Z„Uã«J�¶zY·¼_{QR¼}0�üŠâÖgÄ}¨"¡ùB€¡µÖ–©È„(Ï(vvz3ÝoÝÓ‹d2:ã–þ_¿Ðÿ&0žŒ“É9~íaãÓ	{þ4ïüÝù­†Iendstream
-endobj
-1257 0 obj<</Type/Page/Parent 1068 0 R/Contents 1258 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>>>endobj
-1258 0 obj<</Filter/FlateDecode/Length 1673      >>stream
-x
�WMoÛ8½çW°‡¶@¬ØŽc;½ùhКva/Šr¡%:V#‘®HÇuý¾GJŽ¢$ÝÅ¢j[ä|¼yófôã` }üÈd(ÇcI˃~Ò—“i?Êh:Áç!þ*-Ëð`tz’Œ^zp|2z~ã|~ptu*ƒ‘Ì—p2žâC&pÐïË<}ûÉn%³Ú‰’o¶ºw^ùÜYæ&“Ü;<+Un$µÆW¶(tõáÝü;,Žd0ˆ{Ã	,¾=“›¹l[&p˯tc`vöùü?(/[e`XIaSUÈÆéJ¼•…µÁãóTy�ÉJ9þ"y4Dï}é
Ž‘)¼>Æ%K[Ið’ȵ�9ùUîd±Ã—ÜÜÁã�öç×_fbT©åÇFW»p‹Öï*»YÇÁȃ”v:î”s›`…<´JWb—!ËŸsƒ'¹—;�ô*½—eeËð˜¾r>eÞÏ °Seð¿Û�ÂÞYÓñ\iØpÞ%2·b¬»ÖFœN7Uîw²²Ì/¬_í:Ð83tºÐ)�½};ÿrùå½°ôˆÏ./$]Y§Íí»Žß‚mUI"0Q%r¶ô,%KL›í`9‹žXî7NÒJg,µ*âa™X“ŽoF¾䰔ݾ#h÷YD‡¢Ü=L¨õº²ªHh«MüÞñ
-×ã/_*Çò¤v½ëÀ\Sæ`§pì/•‚Ïu
-‡‘cåÆoTQìž´l 1Ï5x4
"ñXµ¨w<Š%¹
-Ãèøsr·B“ç­d®@s8~Dóš*Š¶
-òÆšx=Ù0.©Fþ¨[ÃEé¸ãWpŠÄó
-Bed¸GWÓZÁc¼ðN�ñ¢Z¿â…5W¾Vö;jŒ¥0Å–R–›7{Í…Þ¤J
-ÿ¿7ÚÑd”LÆSl¥01�ÒòÇùÁŸÿ
-endobj
-1259 0 obj<</Type/Page/Parent 1068 0 R/Contents 1260 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1260 0 obj<</Filter/FlateDecode/Length 822       >>stream
-x
•TMoÛF½ëWЃ� bDJ¦èCØù@}hêÖz(rX‘Cqr—Þ]YÕ¿ï›%ÅØJ.…
Y¤fÞ¼÷æãq–Ò)­3ZæTv³ERôýÃíð° <Ï’5­Š5¾/¯’%9¦±dOcìUQ$é›!þJ«å™ÈôÃíföæÓ‚®iSSš¬–å¨r•´©"ö‚6ååÁºo;g÷=½%¯º­zµù:[Ð<S^V¶SÚP§|`‡cÐÚ�5
GöñæÓŠÒTjχâólI
-endobj
-1261 0 obj<</Type/Page/Parent 1068 0 R/Contents 1262 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 748 0 R>>endobj
-1262 0 obj<</Filter/FlateDecode/Length 1992      >>stream
-x
�W]oÛF}÷¯¸ðKe@¢D}Xò}pã¦k m¼±ÚôA/#r(Íšä°3¤ýû=÷)ÑJR`‹ A¨ù¸_çžs篫˜&øÓrJ³[JŠ«I4Á/§>ýru·Œ´˜.¢)4�gÑ]û•ÓóU¼ˆù;žF¬ÎâÅé‹Wç“è–æ«þ-h5Á
áƒ×zŸÅ3˜ì-.fQLóøNÆwx¾Äæ2Ž–4ŸÜFsñhÍÚ/^å‹f«Öæ«%þÏž9MÙUoV4›ÅH¼Ša"|É¥½o„9eÓçÕþ7Vg«·«½o¬ÞNàîùìOë«ñû;šNh�!×·Ë­SI1~Iϵu¦Üѳ*¶êO¿{íÆ¿ªdoJM÷Ib›²¾Yÿ÷jB£é'¦Ì¬+TmlI¦$UÒ‡‡û'z0N'¸ëÈ›Ù`¼G³9"ÆÁ§ÆUÖë°>§8nקKDƒõõÞxJmÒº¬)Õ>qf«=íí�jK�×'cigŒàù~¼Ï‘
-ŽÃÁ“³m
-v:ƒ%¤›ó�Ù<·öÅã¤�øF´éhÊÐGÅ>Vº”(F´¯ëê_ãñápˆ,~ÍSUEÖíÆ|dü>i«=ZF+nyœÝLo—V;,Èâ¨+�yÊU©ë“—Gzi83•ìˆ°Ë'ªÒQb‹ñ)kÿ�åÑtÅwçÀ~³µ%þøÃ'm!OÍ67]±ct5Bªí“b»
�Àˆ|>úZtŸ¦4PBqho’}[dv½Ô);‰Îêbv:T!U°o3ÒÊ18›¢ÐnˆžL¥Ü‹m	ÖK*í�ºEô¶q	ÊLêH•³¯âäVÓ^çUÖ䤜tc¿¤k”]¨`ôôðnÄÅýûãçõG*”)küö·GzÜ•*1–ÞÙ¦Òª¯þY™Ùàok*ÌYbNá¶ç†Èœ-èñáçû†RÀ[Ú!#Ü}þ”j§¥Ûšw¾pûYVœÙQ/µ!(Aëƒå`à{Y; xGff×¾LW¡l;ŠëÀ3oy쑯M›„£yp®[Gv}ú¢Nº<yÁ»ÖeâŽUMBDÖ¥ž~¤£ö×aÇÕávè§Pé
-=¤¿ŽQ ÎÆï^ƒŽQ²W%*Q›‚fbéØ7ËÕü­
-~›ÆQD€ Á°ðü¨rP¦Wé«Pw
-jÛŠÓ%ÍxŒú;±YL1“ÉìÁ BJR&Êmò†‘P¼K·<›`
-Ãe¡Ï“Æ ŽÕô—Ê´ŠÄÌ6dăeXï?éR…&xL¹o3ó•ŽoŸZj¸Ääß$ªS’•÷ÜQó&—ô Y˜ÐRLh‰�<ÈئÂøÌ2¯Z•B[ÝH†ásàÒ6Ðoä1¥fÕ1å˜ØR)j�Y—ïŸÛ	F!ýp'ÁT!Ìnc¶ô>†¯Â– '!Ûö€.±WEºEy
éL�6ƒÊéWˆåò^èÙ*aÏqå8çáNÐA¦2ò–X£Nƒû»?ž©vZ3-Óc+”x‚M£ÙˆQáx˜mªÊº:Ðâ^‚§[•¼hàt3ÐÑ.jÇÔi×u£ËLjg\l¿l<à$üt¹¿N·_oÇóÂ�ÿA'ˆØž¢¤�“]Y:Ô|ƒoäPžùÕÆ”aÊ$ox
-E¶¿mþ;¶<4�­X†
›�è¸÷61 7¦:°œ= í—)cÝ2ôfÒ
-endobj
-1263 0 obj<</Type/Page/Parent 1068 0 R/Contents 1264 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 757 0 R>>endobj
-1264 0 obj<</Filter/FlateDecode/Length 1974      >>stream
-x
•X]sâ¸}ϯ臩
-©
-ÌgöiÙ0™Í½I&7�ÚÝ*^„-@ÛòZrþý=-Ù`ØÌTmÛR÷é¯Ó­ü}Ñ£.^=‡ÔQ”^tƒ.î>^¾\„½0èÓp4BJ©ß�7ÕUBs^OÃÁ
-wÓÎJҰǘOuþ¶¸èÜ
¨×£Å¾MÆ´ˆ�‹º´ˆZ±ŽÊTfVX¥³àjñí¢Kípe‹¸µØJ8Cð›ÖrG¹V™5d5[HcH¬tii·–ìVoïÜ…•²V»½SvÛNb‘‘ú‡5’ÅZÊ´¥¼Ðï*–
A=̦ÏdÊ<×…­ÐôúpÐr-‹BƬ_eN¡Ý*A
ŽbU%e,a)HŽƒQSJ¥Èé5m%ßU¶¡ÒÈ‚Dé2³�¾ÖEê\BëB§$2úCe±Þ
-»È°idÕ»¤™*ddu±'ì~—…ó_ç.ªÐÎP`_†£qåžÚîa»6îUžˆˆAu¤�:¹0fÿ+ÑípônŽ&³c�Œt“²2¥ö¬T˜›æ‰2[8uµ‡X©‹ÀÓ|£czž>Rªã2‘& ‡/Ï3
RÅù17ò,J‰Z^5µ½²BeÐà<ù<�=Ð\¯íŽÓjÙÚZ›ÿÒéìv» q
-ÈÁfSB=”¢€‘apt’ 'l=|nZ‰vuãWwh°'#útû㽟䤥Âíy‘‰£	³U9Ëç0¾ÜÝRØïŽA—F}ŸzNùaæÌQ•(e
)Äd2Å
-&¯oÍ„]§y‚,ó²ÑÇ·äw�ª–¦Ã¹Ôñ6z§ ZÎBä|ÍAËÖ“¶ðž§s0kSñ!‰Aj­�¸`‹ˆW#¬ßsY(×F’š¼eÜ¿wqƒ||E„\àˆüYdÒÊ]¤Wß@­Qò# Ù€n3âväø¼s×¥®Ø^0è‡ ºa0Á_bsß²…çý ñà=î�†¨H¼èiúø™.›*/iþúŒæ4_¼¼Þ.^_¦5BôlNü3û<¿¥K¶
-íåGë_ç•*¦OTàsyõáºé_Äë¢Ë’ô™é^#s?Qfù.~ÆÎ¥åez£³<NŸ>ép’[µ^ûeô¦¢7}¸‚´[‘ÝnE¶�Âåciìá�ÁÞ%bc~*?V�jÿÄÔó‰Lºú]»o[ü™Ü q7*T;@>PShNbõà±ôÛÐg°‹[ó 0ã‡`‚ •¢2¾ºÌïg¸ëMö>>rt»Î�±Ë”Šª›EA®®éí;?óy©y¢ýz?{rwÑ;îjè›\>Rð°׶U“øߔі9‘‘0S€«Ð	2”G^®|f¶#æ7[`@
±øꪪÐï�3âS.§Ù¼&À3µ¦\¥ÊOfÇ¢mp	`	OŽèŒþ*Yõ(ø¤aÛŠHû¡Ä»V¥˜¨X†Á0Ä�Ï;‘÷Û*Î]"™ X%>d
\Èm5†ÿ¤”Z„}Åþ=æÌ@hvx˜BO‰Ã!‚é€tPíÖ¾>Ýÿé
-«qnRÑMÿèNú4Œ‚ÉhÈÝ}>}ümJÏ…æɃfÍS%Ãl×[Úã.f¬ÿáa0ãŽú¼ì¦Ç»?/.þwñ ý,Yendstream
-endobj
-1265 0 obj<</Type/Page/Parent 1068 0 R/Contents 1266 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1266 0 obj<</Filter/FlateDecode/Length 1124      >>stream
-x
�Vßo£F~Ï_1RB¤ìØÎcr×T‘Úܵqß,U¬í½KØåÿ÷ýŒI¬öŽHŽñÎÎÏ׋€&øhÒtNqv1ñ—K:~”[¼Lh:[úSš-øÜÎü€JIã5Xø·íÑ|æßuGÐìO܇ÓL–hô„¸\kyX]Œï(XÐjgæË€VI}wB«Øû¤ó�ÚV¥Ê·ô"²HÐ^Ùýöùþëõê[suÖ\M'þ—½/…ÌY€bwYX¥óF|—�x“‰·Ò¤ò8­I¦*
-]ZÚè’ìïlï>Žu•[ÒÑ7[È’È©³�¨¿êò@F–ßeyCUËÅ�u°Ñ	�‚©²±Z£oâ�Ì$SIV“IE‘\™So©Óì7Žs®[Çç>BN¼Rk{ٜ޺S�â¢ñ»µ2–6kd$MD1nL�ßç©|–oö¦K'áÔúI§Z¼& $hx…ãó¹ƒ>­ÎdÂV¨Ü�ÝkÖ–*ª¬4|¿—ÍýNÅ;J$‚K¨*tN—Ô˯il\U*¹:*"epm£r™pAþÆÚàÄåoà2ŠŸ|P׫D™"‡g‘Éóv>H'
=ÛB–FçgL2N|z@l¤7lÜHÊ*€,’m¥’Af"	\?^¿mw¶ÀŸMC…·þÿ
¹ËK
-c ²ö¸MÚ¥þ¢ÞÚ9‚“�¹úø×RÈ0´—iº¾þ/Ò“‹lÒªu`D�úëF&ï@9”onÀÕ!€mòÕ	õˆÔB¥ˆþÞJ‹ø‹}.²µ÷
mY!zT”ÒÜtZ[Æp—p
-…^æ6BÇ•¥S̱§.§4ŸOü»c,ñ^¯¥®W¸Ï:®¸'v[ᨽ2ZLjùw)9]:g‹™¿˜cQfÝw!{÷Ëêâ�‹
Ð_9endstream
-endobj
-1267 0 obj<</Type/Page/Parent 1068 0 R/Contents 1268 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 772 0 R>>endobj
-1268 0 obj<</Filter/FlateDecode/Length 1541      >>stream
-x
¥WßoÚH~Ï_1
-º‘‚Á@œ”ª^Úžš\®ðvÜÃb/àÄx}»v)ÿý}3þ
A´§*‰¬wgæ›™ofÖÿ^øÔÿO£>

-·=¯‡'ÍÇ—ƒÀëQ0æÏ-ݽIµHhvq´ÜR0ñG{¥Ü¨ï�9Y䪽ñÐ(höJ¹Û	Öödq�«öÆ·^Ÿ‚fïh¹¥É˜q6{¥Îaà
�²8è¬öÆ	š½Rn0€¡‹,rÕÞhâù4{¥\qlädq�«öF·l¯Ùó}Žïíd Îû#ZËKö¼ñ¹©?ìšEý^à�h8á÷
-Î#xàÞlö™L–Ç&¥“í%E�Ÿãß9Û-Z´¯Ìjuu^äÊæ”'t�+“^a·òcqý#ð.
òFþ<裂áËqá&U±¥Š£sìIcU¢`²oçñ—dÂ0“^þ
-­‰{ƒy9 jfÕ1@X´]´‹8ºû¥@*Ûfù–„	úlIùiˆ±�‚¡‹k¡}÷~B>n+tèr&p3*gBuÖÉàúÀ�Õñ0C1muZÍÎúÚÁm{T¶í©“¾±Ò~`H–‚¨ã�-¤¢„û•	:ÂyC{S�ÛÈôÚšˆ+�Ÿèo±c¾×a¨n8Ò^°c•GnL"lŠ´JÊÉøÊ�ÊsŒê"×®î"õ<PœtýØ2c¹Í¿Òö
-ö3wá$~Ñ'î�õ8Gó(²P!ì ¾ªæŸ£‰Aí(Ì—Õ
-—„eµ&³!©'nE.S¡þí8v¨ºCLÐ2�Üù²DÅ鳑vÈ]°
@2DË´³ÈSÓ5¿/“Þyôbpb”/Bñº
-äF:›>¼›Ò“5\óôÞ„שċe;µHgÔÃ%0jÿ}GCoà݇�O¬å÷ùÅ_ÿ

-(?·endstream
-endobj
-1269 0 obj<</Type/Page/Parent 1068 0 R/Contents 1270 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 775 0 R>>endobj
-1270 0 obj<</Filter/FlateDecode/Length 1748      >>stream
-x
½XÛrÛF}×Wt)/ô	ó&^\¥EŽ7©’e¯É”�ZîÃ�c3ôÌ€4ÿ>§g
-çÆfd,iz'<N­+/i/Š
- L!%Ti©S{Üy™ÑÃË»·€�PŒ®a¤5ŒÞ4™1·€t5œL)¢h@†‹§P¾	S…9�6º'²¨œ´!—{%ÿö¿­©ko8KósQ\'i×di+>ÅN),yùÅ“ü\)ä	Ã%Ð&E¢Ö’1g\~Pà�H'g�c¡ƒò[SyʤUûš­«6Jƒµ®ê¢7.¡W(Xi@:¥scKáQÂv�I/T�¢åôðúùã²�¿äÀ
-r0/i-דð”…(zÏ¢Ž†€ðÍNjF÷ÑxC—”'åàÂY „aF„œ4¿^X¿|XD‰�bRgà’
�b¡cO ]!RÊ�‹„~	!^´		–!›©pÈúÑT�¹à�Ñ›â:‘©¬ØDž¢1‰
- Ydké%OÅŠo9c#0õ3±&Ø4<Xš¦b¯‚]äTÀ{˜=·>…rÁ1:6÷
G¹5%m¸‡p
-²¬h×C)'ѤÞ^¶ò˜ªÃ-N´ •ç¯žîͲs±B4LŒ+D3sžVþœÅ΋C{RÄ_ÆOˆ[±ü?ðïÙƒp~![[&ðsÓÀ)7H¬W%¿©›˜Òhÿƒù´G‹+±ISç«•Öá?JãÅ@9SŠ¼ö‚„<ÞýÿV?ˆÚ¿*Ħ%„³ËÔsOãÞm±Ê‡©a»Ïïßèòé'‰¥áŸÿ:“�›ìó
-Oyãã""W¥[fð¯´êp‡]=ëÒûUKñ'ÌŸ|Xu4šs³Ê/;G1_äžÿr…�<ÌÏìôxñ_²¹0£—¨u,ϹÇb¾G"„¥œð b¡2òJy�?uÚ^Áb<]ÁÙcžW—ŸTúé{û„Ìî…¾ß
-½ù~¹…ÓוóßÙëÖ”ò%ž,¾ŽÓñ0ÊùÁ2¬|†
-é¹qc¨¶
-rÀ‹Ë9øõñ´÷èõõ}OÒ`þÉ#è…¢¸ee—vKÄÏDgõþÊO.týá&mxˆþÀóŒ½Ö€ê‰�EP	½«Ÿ]¾E÷oLŒY½»F³d6Ñd2M†“Þ%w¯¼£·Öð<¥—&­Êfj±ñÞ
-endobj
-1271 0 obj<</Type/Page/Parent 1068 0 R/Contents 1272 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 778 0 R>>endobj
-1272 0 obj<</Filter/FlateDecode/Length 1692      >>stream
-x
µX[oÚH~ϯ8ŠT-•‚kƒ
)H©ÙtªvµìÃ`àÄxX_Bòï÷;36‡v›î.(àxfÎå;ß¹˜¿N²ñvÈw©Õ¡`ub[6îl?>½ç;äùžÕ¥9¶gùå1Ýé5·k[.y]û\ü¥’æXèv!¦úH,“Ú=«]îtڞ嘽“ºVlwé‘ãÐdÎvuº>MBm–M“ ‘/%�Æj¡
-ÓèQžÒZ¤b%s™R”/g«™¨d>m´§oi%lYÀ2•ÒJÁÄ(ÁåJä‘J¬·“û“w—€A볩é´àÑ$ldA­ó�"_š-•I�>MXÇv™Ö©ZË4¦l-ƒhÉL[±ÆQRs}]d2ý%#c¶9zFÖðf„Ïñ×ñ©”µì©·.šG±´Œº<�’ðe&))âØÜ×J¢`ÆðçQR®´ÂD楲¥H!ã“œŸr±„ÏØqZSü ”h6}«ë�Û±<têv|:„[¯7[=«Ã€#;|ò´Á°¥+%°åQÆ`<Š¸�VB£E™ðŒ‚ˆ˜Ä,Sq‘ËÞçKŽö}þu¨U��x=õjÚ^ñ'¡ã¯ÔJ;³Kž’©K,Œ¢T¹JŸ„¬|€Âí	NÎ*†Z“®æ„A¶‚ÛPózNZ-'(!"™ÌI$á^†“½Ë™{f¶oufKUÄ!S]Ç�56÷’ƒÁßãÿªÈr³´ß¨ôa»*ÿ8ßiŠ|x”)¾9-¦Ó­—G™Ss”]+ytœìòë9q¤² Ê�o&PÛE�Fq„¾Àý,×µ�Í?`C
->›¸—=ZBGšW·_&·º/†2QœA2qÃÕ•h´(`€Ñhô0idÔU’§*Ž‘Qo�•†9ÖÔ†­œ«55Gž¡èî9–¡*±k×tî«ìÞ T‘ä dE¦‡j²š“‰Jš¡œ‹"ÎM±Ïúì#¦…-´ñÇ¢cºQEå]ƒM„eè¼ëg?cƶŒ¾ÆŠ#<¯þGø-º|1ÁÈ'±ZÇ-7Ë
-t”Éàîj2~KKP)
ÉftÞÒ,Ü1™;E¾¹q¹]N�r|Òíé\Wó7¦Ó7…ÙVåXƒ6"ã[{ŒW¢,CfDyVBÕ¸X—c¦¯/œtBw?J0g†t:“ÁÃó©1³ž™¸Læ�iIne¸™ÄØ²GuƒåÓ @„sÛª°›Nµn‹Ð`u¶˜¾¿-ɧ(ƒ‹å$¬¨Æi…çZÌ™*Î×Rq�Âà\g_¨tqÊ~l')\è¾@Wj#Ñ>ÏLJr
ª2…Y�(ä, aHjŠÙ`ÓqÊ©ø‡aÚ›I�)U$×±0Ýš
-µ‰ÐŸuµÜ  b†¾��F³	VÍ°íP3À›ð2Cä
-™å.Fä}ê Qr¯4�Àž
-^<òÑOQYóÂ>uýî¨k;^ÇîG·×ñý�ç�/N«Ýºúµ£ëMxƒánÀ²O®ƒ‡Ñn«ã½ØwÐäû丶S¯vV´ÛnÏví–s1�{Ð>µ.¼Vû¢íx¶7׎Š"ËïdÉ6Þ~Ïq½Ú&�ä“h3íÚ’Ay¨Q~^.S%PÀ·Oàš„‡(xPó¹ÿMDä—±Xd}úãóWª^Ö„±¥ÿ(“œíÙv§v`ERED»º2›o|Íÿ%QÃPÓÛ™ò 'h;Cné¤:˜
-endobj
-1273 0 obj<</Type/Page/Parent 1068 0 R/Contents 1274 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 781 0 R>>endobj
-1274 0 obj<</Filter/FlateDecode/Length 700       >>stream
-x
…T[oÓ0~ï¯8�CZS;vn•&Ñë@bÖ �€7qÓtIG£ þ;ÇYËDVF"Y¶ÎwÎwîßþ˜I9 NÂÓ¡3|à^àxÀÃ
-/¥E
-³Ž¡,Ê[Ñ4J§cð<7".atº˜/¢År2™³)gÞÔ£œðÅ¢§Zë¼z©U[¿���º„ö j½“‰™H1†Z5ù÷I’¨¶2/áQ®ÅiœH³,D†Ö>øÇïkÏ\ÛHýÖÏDïkókZ_¹rÞÝÿÀ´õrÿP‚ç¢ë¶\K=†ˆ�~ž,ß‹éUY^­¶²(Æ0ZçÕh-šm�Á–q³y¬£KyÀCæó Êòôè}æÅ}žÜÿßDý�¾�YIƒµ"ø¶v�GÛLБnU)ç¹Ær*½Ç`ì{d0#35:�;dœ‰j¶Uv¢GQzÕ6æ(þgè•yªe„ó�Pî6Ÿ¸‘αU)óØrÖem´Œ€vì†�s7d^7823U–²2��z´ä@©ÅáL¹�ãÛ™º-¤h$”"/@$\™Ði^e`¶yon>Æ7`ì¤Öû×]Ï:8¢ÄVœª¤íˆàA4€ýo ­SadŠ:Ç”3ǵ”Zn
-L+Ú•°²½®ã:;_œ/Ô{t7<¸K}\o!ær‡ûÜÚXM®¦¸ÕÊÎÌìÂ䪲ºÃ£Ê0 ¸�þÎvœàZÂ}”žE¾Å/âÁûÁo\€›endstream
-endobj
-1275 0 obj<</Type/Page/Parent 1068 0 R/Contents 1276 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1276 0 obj<</Filter/FlateDecode/Length 1584      >>stream
-x
…WMoÛF½ûW|±
È´üQËÉÍnÀ‡È)¬¢‡º(–äR܆ÜewIËú÷}3KÒ•¦+ÖrgæÍ{o†ÿ]Ò.iqE×·”ÕGódN7w·É-þ]àóþzM…|q9_$wÓ/VGŸ?ÐÕœVîº]ÜÑ*'Ü3Ço²ÓǺñîUç”z·	Æ®ÉX
-ªNÕÙêoyòrŸ<¿¾I®ðìéÓ«ö¯FoÈãSñð
]^ö‡¯È‡Ÿ¿<�ÕíÆùo|93¹¤¨ÖY©¬	5¥[Ú”&+)«Œ¶m LYRY¦Ÿ«Lh9T­²ÒX<ŠÕpçŒ$Ï9�_^Çì‚;ÏTU¡¢c)IËÇ	­Jâe™³­26¼_Ù–ª% ½Vù–Z‡€…öT˜J“²ù…óHÝØ–׎ÌäL[jϕܘéŽ¹r
-Òo)w¸Àº¥dU—ë÷D"ÈÄž´”uÚjK*EÈ*w’
-`ö‚D}³Y=IÅlÂp$ÒÓÖi΂cêª*8b­z'z{]ÃÕ³L*æ…:Mp¼ˆª}9
úýw/§?½œ½œM))í vã`ƒŠjZ¶
È_	;×Þu�$ÈUj*Ónå{ñLî߀UîjîcåÖÈx’.W2o˜*e¼Ô«2ë<¡g$þééËýã2ißZ¹½v0§]€{
~Pè²¾¼þ¡¾°höf	#Tƒi‰J3´B�·lÊ�X—“ʪCø¸],$Ü
-ýÀ Mê‡êá?Þ!_`�OÖ8O,8†(vÇÆg”vhµt›ç«Õ¼D(/#=4:3…áí@æáÐùÀpM'ÚÎ¥	-W÷ϲ”DÊì�‹±Û˜7d‡^qe€Jô.Ö¨í«ñβéO@F;1’X"÷,LîÇr—[ÌeÊŒ�NÂÞPËT-Êè ú:X–8§óH’÷Äþ7&ÓˆK’ù?Ѷ#�»ü9méÊÑò¦
û¥}®Æê8q}gǻЩ*vUüg83T~<rö¸‡³aœÖ�pòŸí	œò䇯(j†�+¦ÙÇq!s‰Õ*ËæÜ9Ê:ê��q“4mÐFD2ÏKYK¡K±%£GLÝ	1lK4G!Ûšt
€ärûIg´j:ß8ìFÅ:¬EšY‡óÌH¦
lY{„�ñƒ“ úMÕÍ0ŒŽûme¸ç8ÚëûxÅ‹Q­µ öÝ]âk\ wö(Žxñù;KÄcA¼P¢L/v¼M�µ¥Ò5:n\ækúÅ¡/)uÕˆ¶^eßpÁ&®áý
-‹á?P”ë´[Oª®`•hgAWEt-€ò8é_]x†�îy¢¢q½ýsýª>ì
òÎ"m€Õ€ðØrZLð8–tœé5ƒ8¤¼pôï/q&¹Š›óÅç»÷׫ëy|ÛùñëÛÍâ&YÜÞáµëö‡ûËêè×£
BÉÆNendstream
-endobj
-1277 0 obj<</Type/Page/Parent 1068 0 R/Contents 1278 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1278 0 obj<</Filter/FlateDecode/Length 1757      >>stream
-x
­WÛnÛF}÷WŒ•I%Y’óRøÄq][m^+r)mLrîR‚
|ÏIY¢ã¶(ªØ/»;3gÎœ}?
-h€
M‡4šP˜
ú:ŒûϦ¸â·ÐË‹áø‡/f3ô›?Å
-7ØÇ«#‚Á¤?«¹œó90¹ûƒå§ŸÆ4�áÉd6¥y$ï4;wÖkòkåÉÄd<EV»ìgO[[<Qlz¶etÆWäÖ¶L"rÞ$	-5©e‚í–üsÎÇhrºØè‚2•â¥£>�7Ü<�ÉNæߎÔFý!|èÄ&Ñ©ÊÔ
-ëÅÀöuæq«²ˆö_×f#ãòD=‹¡Ä8O6&µQ&7ÜZÚõk+ÃIÌV-<ɵÍáhlpî²°[g²ÅØèD¨J'Î?#zŽ}­6U0«Ä.UBÇ«RØ
-C[fþ1zŽYÑF%&jž7†›ðtªÓ¥Ät›Ûû«Ÿ(´Y¦Col†gxÁq8y]ùOƱ‚žØí
-~]:É@ZÂñ°±/«ZØÖ¾6>5`\$Îâ<J¬`WÃØh¥½gP–Æ{äzY�œ	Ngo-![Ï”«ÉE–I!¥x!¸�¥YºŒZþ˜ù×>ê#ü¸Oó5¢ô…	Ÿ8\`™Á!΂ËU¨9)~«á£fs
‹
ðíÎ<-:zõ‘zÑG;¯UĶ{
'Ý–yÙüj…Ïé]
-®½»Ú€ëÓ�ÞÈë�ÄVÅANf·`KA©ÅMbžtx,â.
-¤7B,ÔGѲ®©(TL¸
-ç	ÖHÕŠšÕ™^0¢Ì,,2XõêBc~¤Ê=ªûöžjo8Û‚‹ŽËuhb£ÛYÜ¿–$.Ó˜suÜ$‘¸t)	^œ0§ŸÎ)€Ú°ìôFãª/›êSaa�#W.ᎫֿÊTo8…B¢|¿6&�h`ÄyyTéRQÐ?ïÓEG%ùZ°ZÚ�^œÔÖП%³¨Ì#å5èc!/"ܸ2Ïm!@µòVè<1¡âÁ HgžKõÀqZB"U�ð'´ˆdW´uU©Š
-Ÿ7S(Œ¦ìQëP,¨‘
|† 
-›Šw?#Ò¸Ö2-|M5ÐÄrxQ/“ÞÀ‰­8E[žXä÷fh MêNËó‚hîþ~…
,tÕ-ìEà"ºF•¯}ÕKò7�¸+XJ1Ëžâtˆ:ïT½‚±q¨Ë®Ã�gúŠ)#�Ÿuw×wó6‘µJ§*V»Šû»Ñb�‹ ×a~WfýOè‘r^AüÏW¨O©�.ë6¢å–*i¡ÂíÕ¬J”+‹“þžŸ‰&á
-Ž"
-$�ª[Wÿ}as]x(Y— iÀDQAóyVËnëȦÈ'Lš
²ªU3øUã�“ö3Q‰'HŒÿ–ö'X´nW{íãu¢R<�Tò�Ú‹Tê.O]^™LˆŒ
-1<
¦vÃ÷7ñ¾å©
-$VOÀþ‹a�lì[a:Èv�‰ðY+Œ?ÈÆ&)‘})€ZܹàLM¦j†«ø�¨÷%ÔyÄp<Ÿ¢ã+ø
-³�á䫦
€v•^C,K«£�UNtÎ	E2GCê
Ïú3ü�ÔÐ?�ë/—Õ˜Àú‰o7o6Þ^Táê²9×Wõ5.¯÷ß4€ýè0ziVÒþåþõÞ
-zy÷¬Þû¼{Þ�;µX¯¾\½ïÕxõá`í»7²ô]w^`ò MßZß|ê7C¼xyþ
Nÿ›G
-endobj
-1279 0 obj<</Type/Page/Parent 1068 0 R/Contents 1280 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1280 0 obj<</Filter/FlateDecode/Length 1780      >>stream
-x
}X]Oã8}çWÜ7@j3¤-m‘V+QV£]
-Œæiä&.õ�ƬíÐe5?~ϵ�4
eŠÒؾŸçÞ{ÒR:Á_J“

Ç”­N’锶ó„/'4¥IJ£é÷§ã䌌¤%öâèÙ°Y™L“Ó°2{àEˆn.ôéê„ÎèaIi2hi§ã)=ä~Û	=dGÔúü$²Õ¢”Ž­§¸�O‡Û§?�~œP?…á�1ý?ñԇ뭅wRa>íkü…6‹í›�-ï,�¾Ÿá:óלė˭@šy?ò¦xÇýO/é�¥õêöÿãÑ·/óûÇcÞúéjDiÊ©è‡\ôŸÄîB—VY§Ê'ÒKÆh[z<J{4èÑðñ˜2]–2s2§Å¹�&£+'
oºÃ®»
öôÉ­¤•”k*µ£a--Œy&¬³	݇ܦµéÃdÀ©[	K§´ÙJ•Ò’.I¹^�ò
ñò¨Yn†�…„έ­Ö
-ægº(„“Þ";¨@ÒlãocáŽ%
-�¢Ìë`‘FMxz"#Ÿ`
ö`£24—nöåæžJÄËÂh·êjvI|2'#Ný¹­µÁ��d,´f°U/=’€§€Qïê:)„
-
ÜùJ‚™\òWQ:ñĈíh…Y%×56r4ö)jûÉû
-dt¹Uå³/èÐÈ‘ù¡GÝ!Ú²Z*±(
-c:‹“ ³þʲ¶¤cWJ‹¿û¡¹â)/N‚ïú+K
Ë
áü˜¹ÎAÂ=ÈÄÔM"ôöÐú¬Äƒê!UMÙㄯ|‘
¶*Ê·ºéÆ£]dÎõ†ä¿b
ªZÓ»
	²šñaQàÁŒêñ¸·õ
Q¯ÀjD=f	¨óË;Ô x–&ûVf+£Kõðö×*OO¹úâ@À1<}
�¬ÿSIóëy‡ë=q¢ÀÛ#Ñ /·½"ÏÑqku¦»Üëð>Í[l�¾ÝÜýùÇÝÍ×ÛßÓÙo±Í2
¤
QÓÄðê€þEG×.ûAI3faóH¯p‡¦nã�0²’À»Ùº)ÁšÄ\+ŒÖÚ©H#½é¨‡T'‹Â³!ßA
î,{3‰øuœ	àÁ[,âoe™søEä÷çe©+ØåßN^Dö¦}½¼EÃ3ŽÒá}†|6¡¯Û¼nÍiÑeB9ú%kBrî=¡ÿ\Vë
ÈAQĬ¯Ø•½¼ÎC³ô¦ˆÂ«A õxîCÙqØ�„|¼YxÞh:Qm†3o¹ötw_4 Ãf+™W`ì	ק«i|{MÇøAb:¤ñd�¤CߠίgçtkôŒx•á%l˜ßØÈ~}¢?9ÁOù‘ï¹>L¡æc¡óÞÑd”Lðû~˜È�ÎÎøÑ燃¿þVAVÁendstream
-endobj
-1281 0 obj<</Type/Page/Parent 1068 0 R/Contents 1282 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1282 0 obj<</Filter/FlateDecode/Length 1035      >>stream
-x
íWËŽâ8Ýów	#Hå
�š�ªÕtiF�4›’�IIØÝq
-ªÎGÉBõ銑�šs^µËz·ÃZ˜öw²l)5ÚüqÀ´ß¼9k6
-ú!Îœ­:g×Ûeõße¨÷žŠoç÷nÙ¿{œUÆ žxñ$ xzïÝÇî:6ÿ´˜Óï…þ"“’V:9áööÈ8
-b\dg�¦>îsiÁ·5–‘ÚàÜåÍ<vÏ€âZŠq�ïsÛú÷GïoJ»èFendstream
-endobj
-1283 0 obj<</Type/Page/Parent 1068 0 R/Contents 1284 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1284 0 obj<</Filter/FlateDecode/Length 1626      >>stream
-x
�W]oÛF|÷¯Xø%NaÒ’,Ér�°ãðC·ZMQœÈ£x	ÉSyG»ê¯ïìò(ÑtŠ �™&�û1»3»úóhL#üŒébBçsJÊ£Q¼XÐá£Þà�Íç“ø‚¦‹\ŸÏâsª5e8;ÂÛû�pvº˜Ä³pv‚órôfutv7¢KZe4Ž§çšÃØl¾ U*&F´JNè[ÿ–“?®?�|÷éí)áòæpùîpy+—oWŸ�FMÆñ.Nuý¤kGÏÆç¤HŽ�ʼ®Éçº$…(+[Eªñ¹­�WÞ<áŽ*µ‹ÙÔÙÝ”ÆcŽ>jÃ�&’ÛÞUI^ÛÊü�·låh­ý³Ö[¦Ô–ÊTT*Ǿֵ}vø­ª”
-›¨bð€,
-JlåMÕhò–l’4õ)­RŸÇNÉçÆ‘ËmS¤ðˆ¤àA¥;üR^“3¾‘p$|FbOùµûŒ4@@µm8¦ŸÆdñ9¡L™ÂIЙ-
-ûlªMŽ„ð=»G�ì
-²¢-·l	T¤U’Ãyªù	`*•$Ú9³.
-Í�Ï•Å­�çC0ô¦²o¸(
-š�£Ð›P‘V¸z˜~h.°ã—ØŸ|ñ“ã–ñ_´æ†gidF±Û>?ºÁ3]#g™”ª<…0Y ¾j�
�åú…•áÄù•	s*0Á²ò|\¾‡nÑ¥˜n--?®:Üè$zˆ–ÊQ±F‚n‹¼†g�lF¶ºðŠ×Œ@ŸÁÒ•Z(fÈ�»`OU“hŠðD·�¶\
BImÒð”I-H¦S°@K/-¦¸h_O_Äp+2PydWëmaøˆ@f¯E
-‚Nºz2`‡Óµ£&©­³™‡ã¬A¿ÂB—Cèà."oàv[[o‹£­
-xÝ-º‡Î„<æˆmÍ{*³
‚­ÒÉ`Ñ•;@
-�è„©W$ a¢`�½kô+<ö¶;Eá¡…M@vGÑõ=]tÝIyý"R¨ò`òžò@+º
PÀ8îfÛýÃÞ_è–ã‡Ú”
-:ÝcÓ1ìi,Òai=~‡
¼¶ÅÀ惪t]Aí8Ûèê¡ëèèjõî!ºza05ª°Ç1v¾œñ¨èþZ®dð‰|µkÁLÞؘXÔK#ÄØCí+k
-endobj
-1285 0 obj<</Type/Page/Parent 1068 0 R/Contents 1286 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1286 0 obj<</Filter/FlateDecode/Length 1404      >>stream
-x
ÍWÛnÛF}÷WòR'�iÝ%m
»¶£ð¥1ƒ<4}X‘K‰	¹«ì’Võ÷=³KR"-¥íS#4dîÎåÌ™3£¯'êãg@³!�¦å'ý O“Ñ
-<`>ãK÷žCzxéꆞoBJ•³oóEi•P’f°ì�>‹|!j¯"*Rµ$a»ñTN£`È)"$™%
Ý%´Õ%n´ÐÅÊÝzã�©¡­�,×km
-@¹•¶�ÜéÒë"ÕŠ„Š¿a¡U‹ú;ÀU‘Êq'âMše”ˆ4£B“-„)º@†®l¥+6šÖÚÚt
˜l$•0©¶” þÈÔ!T®)28B¶\(ÎÞè�t
Áð5¶ XðÇ,:x§`m�‚Í�6_å‚ÅEù˜ªNèbÒ#_4Æ«þëCHe¸v`'¢tÁ’tY£¬ŸkÀÀ<ûf®u�>+q=þ»Lšì9ö*ò*Š*þŽ_ë½XW„óÛ ý¸ÏFcßEÏ;Ô®*p™Çõñý¯¿¼üðÄFÛ
8¦ÌÎFMŽÕè(Â
€ðƒË ÊBv|ö¦BKȵƒ’
-z2i.̶B–~sŒÎ2iz$²b¥ËåÊ%£¨�ßu›³PËÍ:[ë{—¥ýôÖ¡ã˜_yÞø2‚z.
Ça$€x‘cïÂå!=C$ÔÉBÌ£sÊt$²ÎEëJƒFu™¹ÎêRÖq{%^�tMxb§Qº®5+±ãöY]®�›ÓÓQˆ:ÑV[ÀVì+áé¤[§%¡ÉuÃot™ÅÌ¡�®æDcj|ö¨T‚Õñ€mkÏ>G|†^*¯PÒf:~…5f�T¶‚»e*Ïô{.¾H{X”vbÆ&vav%ðŽ5x×`$ÕKj´Ê¥âé"Û 5îóbÇH´XÖy9‡¹ZeÛN‚¸Ä59œÕè4€º9	*6MÕvæ;à �^Ç'7%ç’€�S~YOŸŠ7¿/3½Ùè^CZ5'ÛÃó{¶º¿?4ó¸Ä�y·7»Ã£˜Zü™Å(22‘Æ€O[†™ƒ?Ô<n>ñ® 7jG+Äob Yè¼_H´‘ÛŽ�bëÕá_¡Ò§óA0
±¨L‚9~C—©úw"
-©º+´q‰f4r¡1îP9�”u‚“=íÓâ;릭-!»‚–ZÇ”ÆR°¨–l’
»
¥�úu÷èd]ãñß2_5]ùÿ#þµvèWåvêâ*¢ATº;
„ro<öø»ê³õÙH9†pÅe¼0¤ù›Õf•¢¶¯ŸÛ¼p¬UÁzàT;ã¼úæ5˜âëâ|DÓÙ,˜�X=ž/ï¯.±éÏ�pìCQÉÛ�v{ÛY}ãlÖ‡Páü?Z5Çøb9�±£âÊ ?dBÝ„'¿�üWÙ²wendstream
-endobj
-1287 0 obj<</Type/Page/Parent 1068 0 R/Contents 1288 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1288 0 obj<</Filter/FlateDecode/Length 1413      >>stream
-x
½WMSãF½ó+:œ *hmË_›JR…ùÈr
-¡�¬Ži-*QH|%‘çj£éA‘ £HĆ„&AÝU0’U@Ö׺’©¬*™´þbQk©O—ÏG:†Á	œ”E”°ËTU±„Gï„d.c“©’ð§�¨L½&Q”óTšrù*ónŽZš&ÃUö´"YªZa‰0”™^`½RužÐ&+áwû&®¼ýhŒ9Ñ›”¶ª¦•xEš%Ý-±¯x••’3ä¬t•Ò¸hl¹ÉôŠwIûú½Rñ‹Òº�á2É´ˆrÙËÓ=­T
O±*²òé@á)Úª`Ø‚Jß©5—RöÊ/þ|ÊU$ò¿`íkœòó^`]DA¬Ê”Ò,—ô¿ýp= �ŒŸa0Gt6šs|¢:äUDq¢_¨T�W¥k¸WŽoØõaô-Ÿ
,`3pé~¤!`žn.ápb?‘ðƒ/`µ`Ür™
-ty{~sç–ïèr6šÓ¨*’„W¹ð_e¥-;èkV&L€äÒ¤=è¢ÖU1|RĘÞ[oYÕTÌ3d¿¤-É[Jd*êÜü'�ˆŸ«¬Õ¶‰|¡JS
	 18Æt•à6e qn)Ò?}oå²a%{°tâÕˆBÌ"<i@>ÏÁ$)^(Kû[«äSÆ�5�ÿÞV{Ñî¤YÜÜ?�MõñÄ�̯ÃÅÏ�§eVôõæî
§¯"!eALŸ//úÔ½FÖŽ�š‚Û=8*(ð 7
+\[¬ß±Mð£�¨2¨Œ„«c=Vr�çžÙPg!�Þê,ÖQ‡Ë
+Éœ_&)ˆÏ¥4q™³R?Kˆ3æ5XL8Pï
ñz­vcùA¯©ˆQ@ÀbÉ£'%¨K»²Ü7į0Uj\±Õ^¦ËÁ龺Øt¡ÍtÐè,ðžËªcÓ™°b5+	é&UVÈ#‘�ª¯Cúðuñ£1^Wì•h:t
+ªìO{x¿
Gh‹\FŽÖPI­r|nƒn7,+V­Õ+ûÀ¨O$fö°—õê›i8‹•4lü±K‰ÿNå¬Ár_>“ðñ0ÀgFó‰$_÷nñË›j§=îmH¹o—÷g#y‚ý¯ÏCÆ3~¾Êþ àCÁÂ_/þ•Ö�ìendstream
+endobj
+791 0 obj
+2079
+endobj
+792 0 obj<</Type/Page/Parent 689 0 R/Contents 793 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+793 0 obj<</Length 794 0 R/Filter/FlateDecode>>stream
+x
¥WMsÛ6½ûWìQžF´EÉ””K'_v2m5a&_ ’“�vÕþù¾@ZVœdÚÚczD‚ûñöíÛÕד	�ãwBó”¦Éêäy~ò*?9Oº¿Ø->œSšâ2[Ìq½X&YE~
Ï`e¸àôÙåŒ&Ê70ž-æ”þù9årT×’®c[Q·äntYiG…’
+7eK’¦Ðõ–D]à�tÝ*«øµšÞ~X½ µpª Æâì_?Šj-¢7Ú›î4ÿrrNãÉ4IÀèN˵†nMÙÁž²O¨)ÌÀ™±p'ZůYR›
‚sdjjwŠ[·Jîj-b­„.Ù]©]›»ñ�!Õl: ÄXõ
+�d<@—²ÜC•
+Ñ
+Vèh¡CÛ ›{š¾vÊj¤t«¡?ê¢B¯ó|E4VÔÚUà8½rw„oO b¡bqò˜ÎvŠˆÎsÎHí¡ýôáw/Ì
+jŽ×RàÇRÝv¼%s�h‹½±Žà]Ÿö˜ákÛøûè3ñÖf¢yJWhƉZ8y£ï{(Äϯ´�Ùa[qÛ�‹Yص;‹½ˆ´žÒ§`ÿ¾ìa–ó›g—‹ï$Ë’	eqÏ}|ööù3ZYó1Ñ˸áxã÷Æ“lŽããyê÷ä}?˜Ígý:=�ñ»Øþ8ùï	Hâendstream
+endobj
+794 0 obj
+1503
+endobj
+795 0 obj<</Type/Page/Parent 689 0 R/Contents 796 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 110 0 R>>endobj
+796 0 obj<</Length 797 0 R/Filter/FlateDecode>>stream
+x
�X]oÛ¸}ϯ˜í“$²e'vÜ—Eú‘6ØíÝÞ��îƒ�-Ñ6IÔ’Tœ<Üÿ¾gøá5n[8V$rfÎ9s†ê?g9�ð7§Ù˜&S*ê³w‹³�‹³QvsC‡³Áň¦Wã솮nfø~}��ÉHZó
+ÜÄ6û<>¼Ñœkl=ÅV‹ÒßÑ¢ÿ™dD¦-ŠJÉƽ¥{k;iI4t[–_�jœ4Œz’f9XžÓ—‡Ë?¿¾?_|?ÑeŽ¼°áàñzœgS¾¾zeËÓ?>íFN“(\'ªê¥·3'X)œ$·•Ô†|ø¡áÝå9×u™Óåx
+ù�F’^Çgõª’µ%Ùºã2dI»­lHÕ-n ZÕlÈ?{_û�-2ÑYéh'p�ˆ�¨%ÙV’”G&%8	
WÒí$ö¤'a”î,Ù®mµqˆ%aŠ­rõi
Ì�6$ŸçpAßTSê�%úÏ‚TST]ÉØSé
÷ÁKzsÛâÙ^Üß…•æ›ÁƆîï±ü/zºÎ³›7 Ëý¾ók*
+Ýg_¬“5²ß(ëÌ	Ç[pÓu¢M|ŸûýËrùà,—ï;c Á÷ºqFWÒáWáûrékZ.?6OÊ膥Jaפù£]0„’¢
+øa#ª�x±ÔY€Â°
®(-¯-¼Ø‚HüC�Pü�K�nO¸¨$Ø=t´öDh?@�h-vDQˆÿYï�º¹ Q¯ |�Lí‚v�r/nLÇ#â­©aÓðu ¿Á-zŠeYÀ¿^tÇ•÷
+÷
­Ö^¿¨˜c‘¨X|/Aªª±›Êò×;ÑÇêœÜ>V¡O�l[vÇVªVN8n/\¡+b¦Q³Ø�ö&Ó“ÌåQlPw4
+î×^ž¥ö„˜ÐcL95rwÌp
+N²_ì„й‘að¸~a­.ò)!ÈÄêò<a,ú:Ò9¨ÁÉß1©WÊög?EDeÙ¸j�̹˜œi'$VèÂW+U)Ÿìü�;âÃ/‡òjîÇ4-ùì¨ßÍcxw"¶k>ÍÂ	~&¶©?VƦ‰&&ÒÈÙëäôxAôÜf&šÑVcV-‘£~–ç, ÕŸrª

+uðµP¡—7¦W!K+¡ﳬ9#¡ö
+tð•·=ð	:jÓ`D±�¯Çs}fýúÔ(^s˜)ÌlPë	li2ý¶É<œÇ#pý;ö½°û¾O¢Z~Ú&à÷õ,©&œ½¬®:‰¼ù‘X€L£9‘ÈFqûõwCb˜›i?ÀÒP“lɼà±Ï{àk£Z4EÔÐ^¡Æ}[ ÅÃ=üþàLjïÙýRïYÄ
+ìµ
+³B7?ØùQò Æ#|lãöƒÄX-¥äNö&Ê”û?²0«u~?„
¹z�fÐç~˜	�ì$YϹ·‘áÝ8úïñÜ�}•ú›'ÌàÓò<ÔtÒÝxE?rÄxLóÙŒa¼Ét
ÊWnЮÞû¨«á¦¼ƒÎ§³Œÿã�#@¸ýòî–_«¾ãå0Ä|…œíeXu–
üYðÿ?^Í® __âäš·C}ÿ=ûUË;÷endstream
+endobj
+797 0 obj
+1917
+endobj
+798 0 obj<</Type/Page/Parent 689 0 R/Contents 799 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+799 0 obj<</Length 800 0 R/Filter/FlateDecode>>stream
+x
�SMs›0¼ûW쑬
+ˆ"·ÿ¾O|Ôq’N;ÌØOûÞjwß�U„�žyŒMѬvÅêúCŒ(BQa³E¶MQH„,C"èzÝ:ÕCöú‘þÁþpuU<HÌ uζԳ�Á!ÎrLÅ¥£¯­£
‹}ýY¯Úî´iÿ³éûbåY�Ô¦Ÿ¯ýdYÊ2ÿ›˜%èö«d›ÿ¥rF4xzª&ÔXK=rªÄôFíªI¥7ˆ¯MŒ§�eÊXÂ"†[ÞóF‘^º�¥ˆfX`›’	ÓV‡ ]4\Z¨L�ßO¼—oMÓ‘6¥®µû5)šÌr‡XǹW³8*ù£B©Tw2hÕ	Ý™
—Ò³Øó¦äˆ=pfDçMµC×™ÞÁTN…ì'Ê…‡ŸLóÿïøD‰,»ô9�Úò²V°�1µµ—œƒÃx+ÇÙƒÕí=¼÷5æ@Ø9]†oº•æd�ÏÅuìC(j­Zg_Ž¬zNp<:w{A�agÜÑ_‚é|ü,8y,•½.Õ(•1¹¥g»Ðð–´½Wã=<
+endobj
+800 0 obj
+529
+endobj
+801 0 obj<</Type/Page/Parent 689 0 R/Contents 802 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 113 0 R>>endobj
+802 0 obj<</Length 803 0 R/Filter/FlateDecode>>stream
+x
•WýO#Éý�¿¢²)Fƒ=lVÚHûÅR6·	�½Sˆtí™»—™é¹îÿ}^õ‡mæØ#aãéׯ«^½ªþí`Jü›Ò<§“3*šƒwׯ&ÙbA»f…?&”/γœf‹9~?_d32’*^�
³ý�×�/Î)ŸÐuô³ù‚®Kÿ9ž£÷kÑ9ihžÑ£Z§Úm”[Óû›/W¤ZºÍRPžåÙÃáõ·ÆšÎÖød
 
-¢•Z®+K­©¶ƒ½O$1d(Ès•ÕÚõÎ`-â´GßÀY�–5#‹�ÕªWŒ¥UmpÜC¢B±Ld	ÕùxeBc¨Z)Œg/
mq’©·IÛQÛMa/–¸ðèl¹tÃ8ùZóÈ`£Æ‰ÕÏ,D¤j\Ë-O%™ky€`Q½fƒ;¾ùÖ[38:jÙé>/øíT€lýÅs5lb7BýÆ ‚VoØ„
ýaÏ*ÓÆ*i;Ó2cóaïrRL$fÓÖ�_½ÅÈ.PwùO,צyÊ€ëUÚYêOðæžÃ)þ¿š‡4�‚IÈýßõ­Ï•z†¨…¼ˆëBb®³ðå¥gÍŠ³Ù
-endobj
-1289 0 obj<</Type/Page/Parent 1068 0 R/Contents 1290 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1290 0 obj<</Filter/FlateDecode/Length 1586      >>stream
-x
•WÑnã6|÷W,üÒ`ûlÇv’}HРõµˆ‹ À½ÐeñN"]’Šë¿ï,I%6ãCQ\.‰‰;»3;»ú{0£)þÍèfN×+*ÚÁt2¥Å|9YÐâö¿ÏñßJª›ÁÇOšÍhSá‘Õí
mJÂíÓ)mŠ«{G�|‘Í�LEs:˜®)©ß$)O[)<=WÏ;º¤g¥ï–#Úvž´ñ´ÞÜ?Mè>ü¤Ò´Bi*ŒöÖ4�´Ô9™Žþ°ù:˜Òxv=™#úÕõ|’®ÌW@Œ+›Z"ä?ªíZêñ�r4_.³;+:šŽB{r¢Ý
-ò†*c	„$Yxe4áËya}·‘¯%>IÏ¿Ðpoe%­•œ£óÒiט­hÈìÓÈÁµÛ	ò¨pt†|x”n8¡§ø š&^‹„'ר]íI”/@'v’ÌÊ`ÖÒÞx©½Bœ–¶Öœ´' ÄdqI_Ñe�³‡&ô§“x%Ú+Z‰Dè |MN‘p¤b¡40Tç}¹:Ô2
-¥Kdì¥U¦T8¡
‹U£tÇŸ³ð
f¨ô{’A•±%2Çñ[YÀb|ÚyÅrÁ]”Ñ–I&!Ÿ??LÈѨ¹å`­Ô%TècIŠÆ™P„·ü³\â‘C†›ª
Ôm’”Òd¤dDßTçXXî!ÑCmˆ,mé×û5Ê‘…|ÆE(!Âæ£Jq±F̯‚FÌA³:EY A�®i„G¢‘ëw…ÙçÔ`�wŽÚu4Ë.ö(„ŽV€Ö
	ïe»G3žqv±è!Ѿ}àÞD6`ºRãá‘�£n�f@s‚PÄÅÃa\¸#6ç9Èðè̬¢'B»x.ÁKí‘–ÔBÐ^º	
é1â©Ðj§
-]Gäêàð\˜¢ƒÂHÏÎÎâ&Ÿ¢Šðß>~º£¦�“ñõ"øoâ›Ò»”ýîÈÓ)4žßLV½ïŸÝ»Ëí�Žzb©'ÈÇóÁ5ŠíÚo»Æ«=¤õé]z2ÜÈO¦@®yfÒ$�†`b ê/t1߆_dFhöè,#ڹתÌ1~"¤t®Ÿ*z8R)+
àܘ']û9«F¯ù~L®1Dbrl8‰ÈõçM°�§~^T=R`¸Ûo;kСDuJ
¹büð7\9ðõ†~Ã=‡ókÙ½¯‹“¯föÕçÌ¢üŒ,Ý!´6�.$¬5̪V”y
->}*¾¼ß)\�3V9Ž¦GàØí$üëlxðÝ'+Y��‚$ª‚p̨Lxk†1”T»×ýÇa@ñyéy›F©Ê§óGîpOÔ:>€‹ï.Ry¾obÄØæ$PÙdó_®”.š®|µ0Æ|£³I¹jçøAÏ�ë§ô8çi%¦ˆ]Kÿðøù)Ë–•Šv�‡?¤Sy‡2Úˆ‡‚«8‚s¼;3èu
-dð¤Â6¥w.¶c°‹9,Öëqß~!ÇKÛEzŠóÑ"�ÁàõY?÷K_\ÐRëÈx´1†=4Ë5í\§ëV bŒ�¾…³	ñS¸ò
-3_¤ÂP-ö{	q$²±4”lœ=¶ñ
ÃâTÙQ;‚÷wxF×qt…t0ˆ°K&ƒŸìõÁS¸«G¯¾vV’žUÖxb6ºÐD?ÂŽú.»yÌn<_bÜÜŹñX�
-endobj
-1291 0 obj<</Type/Page/Parent 1068 0 R/Contents 1292 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1292 0 obj<</Filter/FlateDecode/Length 666       >>stream
-x
�TÏoÚ0½óW<õR*�4	è±ÕV©‡v›@꥓8à’ØÌvšõ¿ß³)-e;L‚òÙï{?>û× CÊO†YŽq�²¤IŠbr•Ì1™Ïø?ç×JÔ±0-²dò¯Âd^$ùiáf9¸¼� Ë°¬z1ŸaY�ÒËrØo¤†@Ù(©=›”R½HÇ7•i…Ò£^U+kz'Ñ(ç¿@èŠåÎIá½lwÞÁˆ²”.lÜç¡4üFø·-Ê_,Ÿ££lLŠËjØ«¦Ai´¥çJ‰Ç»‡ˆùBX¢YéLó"céAú›»ïhÑJ˜zº$�ÑëðŒíbï�p¡ÝQ7+פ.­¬ Èö`¯ü&¶q
þˆÆ—ø6êŒlWbÕ�’!ÏÀŒò"‹¨�çs¡¶<Axuy{…Œf×åSŒŠ”q²ú`|
-endobj
-1293 0 obj<</Type/Page/Parent 1068 0 R/Contents 1294 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1294 0 obj<</Filter/FlateDecode/Length 1512      >>stream
-x
}V]oÛF|÷¯Ø—"`1’¬ÈN�>4A]híà¿É¥tõñŽ¹;ŠÕ¿ïìeÉLQŽeñ>fgfgùýbAsü[ÐÍ’®×TµóbN«å¼XÓêöŸ—øñLMz°XÜ«éƒÏ›‹wŸh9§Mƒ³Ö7·´©	çÌñMuù¨ÚRQǾq¾U¶bÒ!ôÞoþNû7yßìzU,±óò‹k;åupv\³¢Åb\³¼
0¬Ùì˜òÁ�ýž=õ�m¾|£è(*ó’~cQe4ÛXÐf×Ò
\O
-õDÐv+«QC:1ؘ´2ì\ojA:§Ùâ:ãó¬Œ9P•`bo”S:ï¶^µ�âNEAƒLAµ,�¢«œL­„ªZãµWÚ¨Ò¤Ey?X¢Fã›è•

ûÉí¯çK±RI;Âenô‰ƒR®éñÏÏ(NØ)Æ3–k¨ö¾feöÈ€¤¶J[ü®å¸nŒ~aRt¿‘㟚§íxšTf=ƒO;µXGµ©�Ceg'èY'�øoTFÎAÒƒ<4¸•ZuÈB”>�Â5мպ
3ö•\z¾}µ#èžcɽ~~N¦ÚeÑ’·Ò �pþ^]OYú�-ût�ÀÉV€4¶Î¿ñu  [Hé
\ˆ&°�WëŒ:溠¯ 8¹êh7úÞë¢'L•ðU£B„¤�ÜÒýÝã)±w»ÃW:”=P+U×ܱ­¹¤=`c;-葱C\ì:,	W;)N6âÀÐ7—éÞíÑW‚ 9AÛû
ê°É*TÁk!¯žT0¶<œ(r—0ÙiKɦÒ'Lƒó
½ù•Bv*˜QêíVÙ¨*¨SDÊpöàþÌgŒU&³aãäö�òõ ý!%Ô^£ô }YIrÏã
-™«PÐïXƒ¢²Ž`gÜŸo5«ØGô	T.§
-‰uÄ)Rf’›øý
Ú�D‘¼<Ͻԕ�qÕË)ñ¥äéìZÂ]û€öš)ôÃÝ›PL�óöœnB.ú'……ä@ŽÁ@[N1×"‚5xh¼kÑVc†Â¸@�ÃMU8"å�ƒŽ*b5(BpWOèFxÙ@6Á[(ýèºÎùØ[¢®ää´$˜ÏôgD"oã‘À¸[a,@Û„æÇ‘É	ÙbRUUÔÚ#´	ûR(©­—Å0.‚úTK­¢*èIDÉ>ÊX㡃‡åØ•dšÅžïöCe\˜
-NÐFú²[±
[Œ<ñØùô++�ŽÙ�÷Ê	•`ðlME®]¿(>‹[„!:a@³z�^Aa¡Oƒñ)Ñ�*!{o³éKä&7ª7ñê?˜ÐHÂãò¦‘>�ØèžQy˜¥O„Ñ‚CqTà�b`\cÐITýœÍùñlb�3'Û"Ð/t§Læð­‰ÇuOB
-·jkuìk&°PhÎx¡÷
ò–qfXϵWäÀ¬–MÓÿ›ç}
-<p�3môŽAL RÑ»Faè�<¿Ãiü±Òü‚úhÃM¢&Áp€ŠW—I¡¥ª^˜LiÄD]j£ãAÞäõ.E·ŽïR0礤NT‚š1,•Yé11ûº"šSåÎÔ8×Öz:ågŒ΢ö5JùèxÇ,éá<qÔÔ�™)¼A�eôŸêÔXÆ¤ƒž/å�˜2îhS4ÊØ¢hÀç˳á-³R³C«•‡	qc£ÒLl›„mYTΊ5,uâ5yS¬ãÈ„ç÷Ð�>ºcDuÄ�(>µòÛNÚîþßξ=uöê:“™):�¸Óþj}[¬?.1Æ0Àóµ”ùÛæ⯋
T1endstream
-endobj
-1295 0 obj<</Type/Page/Parent 1068 0 R/Contents 1296 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1296 0 obj<</Filter/FlateDecode/Length 1584      >>stream
-x
�WÁnÛF½û+ºÄ
$Y’eI9ôà$N´®ÓZ‡P,É¥¸¹Ëî.­¨_ß7CJ–h(#—»óæÍ›7«¿/¦4Á¿)-gt½ ´º˜Œ'´˜]�ç4_-ñ<ßהËÂ|u3^½¶0›½²ð~}qõ醦SZç²X-i�L&´N/Ký¤Ë¹ºté6ÐO}£ß®¿cÓü¸i4[
-¶1¡Ñôz<ãÐß.�wKíùˆ•±Ýù4¾ûz×…=O÷&õ.¸<ÒCž›T·G|{ËÁ
@–¥ÛJKƒ<8ƒ^X¯U6RÿG©J�pµAŠ.
-PÎxÜRöŽ¦à‰y]O[ÊÀ×›\mõ�ã7x�tG”éÚk$¯³—Œs™.U•(ĵÀ@îÉ1CJö´ñÊF¦Lu§Ó®Ð%õxÓæ„<Q×Üyr®ƒ¼‘0Èó®,QÇ&ð	H¦—z¨’1>Ëx§ácúœÓÞ5¨Z¤³%ˆh¯Ã€O´ò!ê²ì€‰HP‚Jí{‘ÕõÊÜw¤ã,!š2•dƒÂ
˜¶-õ ü Ñ;«	Õg�I,ÑF(¨È±•�™îI
-š«¦Œ¦Æ–ƒ Aî3þC
Ú&&¸'
0rµ(( ?ÂgÙmP\¡<uÞ7¢Ûg©C¢­Ôç­Ôa!ø¾*ý{n"Ëñ‚E½¤,
-E¶©ˆÍÎ60	ÀŒ(‚Ês�¶0O‰ÄNEë_(Q
åaÁy¥ÙöÕ,­$ØO´(¯nû®	èsÆ	‰G)DâbÁõb²ØÖ”ÍjØ,ðÛÑC—ÿ�…wÂËžHŽ}Åex
Ñàœ‹
â§â­çÐñ
-01¹È5§ÊýÌç@Ç|çiIá{©\ÍDì{ Ý
UÜÜTôYñ|’8G‰«)hÑ2ez ÎÏgØ€‡-	w0¨çR�$dê_âg‹ÎæsWJìŸ.®WóÖÏ@ü@;ã�ë­Øþ‘°ŒãîÙ×CЊgË3·‚E%Ã~æ
^Š€<¡IqÞ&ôµÊ’ËÊ“‚‰JBrí‰;.S؇ÈÎÇÚ©ý˜n»¸´¸¹ÁO];cÁ`虃ËÙ©Â<•{Ðóµ›/¾TéÊ!fc-4‚ò¦ÜwWŸVÝï�é?�V×´X¾k/�·÷ïoé‹wßy
-|tisäŠ36Œ–“w|áøÿWðùb5^ÜÌpǶédÉÇÝ­/~¿ø�è{\endstream
-endobj
-1297 0 obj<</Type/Page/Parent 1068 0 R/Contents 1298 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1298 0 obj<</Filter/FlateDecode/Length 1460      >>stream
-x
mWaOã8ýίõË•Õ6Û(å$>Àí"­´p{j¥Ó�úÅMœÆ‹Ûiéýú{c'´„
-� ‰gÞ¼yoƼœMhŒ¯	]OébFiy6NÆ4›ß$—t9¿ÆïSüXIyxp5ž'³S.æãÓ&³q2=ub~…À½÷˳/74¹¦eT³ÙU2§eFÀ4Ó2>ŠWz-•?_þ›—4™Ä7GÓk¤_fÃ;OÎ뛚|!)ÕJVžD•‘“v+-Urc¼^’ A)^Uٔ䭨ÂÈ©ÿägÚ*-H+|äBþ˜LŽÓÂê=	­iñxÏ(Æ4š\ BäNMY"“KèÓP**äôáx—'„ñ…ð´åZÐN!Ð
QãTµ	Y(”ni@¦öÊT¤ª^BW®“ÔTyBO…À¾PŽðÍÕ¿Kô€ŒV¾4Ò1¬÷(DšÊÚ¦uã©2ï`÷³2m.IŸ"ÅŸb-1JBË÷+S©¶20Ì
-íÓl
-Û™Ê dT'·Ê4®Ç"*w�º[�'ô=§=|$+Á�é%[
£Y½Ïoi/Ý`uÎÄTá<70W
-ŽÎÜB¦ƒfèÄF|˜œ,
åBÎ ·-–·DªM±p†!D)aØ  Õ'â„`F¥Qì"íLõ›'Ì
-h‡å…áœ<m{¥ƒ,¸e×súÀç™‰ŒæÊÂÏ…
-ªÛ�P»ÏÑGv6Ã.O·(D”‹DN(¡G9ÃFfçÞçÊ$0eTH±U@
‰¿Ó@¯ò�±!sj,‚Ç
fY
+×åhžMÿÇåþ8‰ß”Iþó3¦³é"[PCù<;�Ôtõô<þ}žM§ñ<Ós¬{r"g¦»øß°nDÊ’ Vn
+ÝàÌ8�[KºùûåÏÔ¥ÃÛB¶òˆ6kU¬i-,º½Wm!KjDûH�Ô]-©ïtK•2Ö‘3JÔ$j#Eù˜ù­i<=	¡ùQoä½4G¤œGû­WN‚D%7Lÿ×iÓŽ�¸“ün©ªJÙ:ªŒnHƒ(@�,;#Jå”n±k¢=ØÕ>Z'ëÉ„�Óé"Ï΢^r<Ée?¡§3NÂ~0çÈ;½×m¥V="´¢ �iÔÀÈ6Ë
ªÂã$�UÚx…ç»t�ó9æy©q2�ˆ.…UEÜ
+áS=Ø*AŽÈJ×w¥’nëGÄW––ÜFó;¬lû:‚ž&Ð?z3ˆ`Ñwö)ù‰¶|v}!:zCϬÈèëZA,¡–œ•uE¥–¶ý‹óä O€
 -ÎîK2lœN>Ù©‰÷(÷¾‹'�s$X&v½kõ&¿TFNÝKK·#ù (øw¡ð9a&ÇÒlj×31�R÷Ø%„máèÝÕ‡ÁêÛÃ$sÐuFפ*²=
+
Á”íZ÷uIKIªÉ¡æXH¬,¸—­’(DÒ)SR'Œ{ä=öHˆ®«UáÃ`3úÌådQ`\S¨~áO~TJ'TÍä0§(sŸÌçÍ"ðÕè³:6²ö<K]ô
ÊÕoœL ?ƒ/Cî—]½ýüî-3€õt8jIb%T±×jÉiõ‰o‡\Rž×õ)åðx…½ýrIN¨~¡4€µý²Áá¿é¥=Ä
+‰Îè'¬7e}ˆÑ
P{Ì+o"ô/¦Œ˜ ”|c@tD¹5 �á<ÕÓX±d�tD‰°{Z¨Dlú›j{ßVö¼ëˆuO6Ã=�€šd7ªËr¸OäÉü+Åiêá£1Ï·¼
+¾î§ÍŒ`˜üC±»¢1~¯ýòXòlû�†�•‡7_éÞë`h½¨1$ #WJ¥·d&Ó�ÃxjÕ¢K—û“UŽ™uñÂd5=çF°»çÙIF7–©{ëÆœ)3)šU§52±
+¤@Ï <4Ó+8ë«­�z/N”Ï‚= A–ÜÚ:½±˜46m­ÅÀ&a'aû%úk˜ŸÂ˜Ï!†ïú
+ÿäŒ5Z®ó-!ù°çë}œ[KpkúÖ£çàlÚßÃc¯¶gß»yÌÃQ7Èî
+OØ;’U¥
+®¹:\%ãímÆ×üpÙzy[lo¸ÎïÌÿ{¯ŸÍg0Æ�ÌùTØøÿ—§
+endobj
+803 0 obj
+1807
+endobj
+804 0 obj<</Type/Page/Parent 689 0 R/Contents 805 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+805 0 obj<</Length 806 0 R/Filter/FlateDecode>>stream
+x
¥XÑrÛ8|÷WLùe•+I¶GNrO^g½å­$«;+µ÷àª+˜%& Á@;úûë@Y¦“§­8)E$€™žîž�ÿw´�SüYÈÅ™¼^JÑýº>:¹~'‹sYWx²|‹¥œÎOOOe]L.æçs¹ú²ºåEI«Ã£ußde}¸-\Ýù÷ÍJf³ôNéêí¼ð�ºÝˆm_­¿�Êl±œ¿Å¾¯^˜Êeiïõá.i¥<Öa·š­V¼”ö±5V•º”`¥0µnƒç–'×ç²X¤�ggÜ:Y{é´«tÌNÔ½Ñ\×{µú Um´—»ÉAð+W·A;ù }̦¶­¿{5çë^
+ÕJaÛà¬eŒt|YJýPzÈëõüŒ‡Û.pé\Ö[�ƒ�Æ¡=Öì°È>ÔLà~'a«¥Qm_©"ôÇ·º’�í‰ÞYD5žE¤ÂV©±ó>ƒÑÑ<L™Gµc}
+Ût¶Jb«Cxóv2ȶòéVþª[ ìÅ:¹ì:€õIòç­ø�º9ÈftäåíÕÍM†“
+9Ã?ñS*g›øÊPœ»Éç5 NÝ‚Kw¯j;
+7#À¨·ø‡
+Àö‡ü_°�’G}/÷õGQ eÔ<«4“2�µ
¡{rbl¡ÌŽð~ùzqW"·dQR³Å7ø
+¥4,^�âS$
+ƒeô?âJa˱ê�:¤ÆÅ©8…qÀ¥M3mÆÊØK&²3ŠòDÌäó0gÌ®Ò
+¿Ì£@×qð~Ò¹o£*é÷µ�¤6hҜΡ!¦ˆÙ~:åYT”$:g$C?hÁÄhJŸHRq4hì3Êvšô…³n°=úGÜ9Ê)m�KKœ÷'àý/ÞK_YNæ2ˉ/‡7?ÿ¹þíý�I ‡Ç2·6 2Pe›éØ©ÇãÌò¯öƒYìÓ£Pó¨ítƒ©uINBH(•RW˜…é?,Ó@§Ÿ•éõ»ù’“c¢í`
+“	Ðnzê€ÏsG½/áN¡¢ÁƒU¨—ëã€UÃQ’éý"
+ôàê &Ù©Gg7°d'&�5ÅPãbçádtq,¤Ž}šs$†LbTeŒ
+M«�Ñg
+^^0<·þ-ŽA
+ûÓ4m¦£ièn„*=LÙ£¬ŸI
++ÞÍòø.lŠ£/Â5À÷-
+$endstream
+endobj
+806 0 obj
+2103
+endobj
+807 0 obj<</Type/Page/Parent 689 0 R/Contents 808 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+808 0 obj<</Length 809 0 R/Filter/FlateDecode>>stream
+x
•VÛNãH}ç+jÑ>‰8#ñÑ Áà%aW«a:v;i°Ýžî6™üýžò%	Ñ&Ì‚ˆˆÝ]—SuNÕ�£µñÛ¡‹.��S�]O�n§Gmo0 Í‡™ãK›o@½Áÿ{á�“‘áh›ºý>¾–oºg|ªx[xëj�{ÔéÐ4‚ßóÁMÃâ}›¦AÃ-¤2ÊwHK�Îã�BMI,h&�“æ”TD¡Qï2¥ÙŠ…*Š¤‘©+ŸšßN¦¯GmjvϽl7ž­Jç$R†z&É×ÖM£²úü)ÉTÌbÒR¹Þ<û“¦ï�NÉJ™Xr®ñü]šÉXÎ|-ÅŠ_h<t"+Ÿ�3¯Ë>ER±’ìB‡ˆÁz4]üG
+ÍkQTl›�Í.3°Á�É´ÆýŠœ� Ϭm2+Ÿ×¤mPîÊŽ|i؅ʲºÝ¸éƒÜT,¼£„VéM‡f~C5»èŸ9é5Y¡áÐ
+hݵޅi}ß²"™‰}9ÏŒ^ZY¨ÄÄjß±,ŸÅ*8ŒÉ<G8ˆÜÒ((Dé ;N²:õYXNBÈ0­kú~„÷÷_
+ÌÆHÅ 9ˆÍ<ßL[»=m1ÜÒbÚaè„plÔ,‡b–³Wb
+‘�†Ãìc‡­1– j)iÖc|«dTˆÛÈÀidŒvâ\…
+…ãe¤~õÒÈm9[U²Z›o´rÊAe‹yÞ*½¯Õ•'ô�Î0JÖ ¸î RJÞ³ïß>Ý'·ö¬<®4îb¢nbÁŒ‹
+-´{E¯·áhüøm:ñƵÇQŽ¯oýIÏ=ýùÙ‘¯÷þá#}otøÈó¯Ùïht;öŸ¦O]ëÏGw7�ßîï®k?›Roà;ɺ¹o'~©°øÔduä–¨'Õ&UM3.#6Ú㲋+Ñ8Æ^¼‰ùÖú“å&ã…«ØA7Ä®8Pí~Û;B¯½Y¸?¬ƒª�;ç¯õׄÉðázÈQ¿¢…i¤ƒœ‡†p˜ÓŒN³¼Õ,¯5þÏRÑ»èaP²·ÆÙ%ÛÂ2óÇÑ¿€ùšlendstream
+endobj
+809 0 obj
+1367
+endobj
+810 0 obj<</Type/Page/Parent 689 0 R/Contents 811 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 126 0 R>>endobj
+811 0 obj<</Length 812 0 R/Filter/FlateDecode>>stream
+x
•XkoÛHüî_Ñð)Qïì}J6±ã½<t‘Œ]`½8ŒÈ‘41Éaø°¢ûõ[ÝCš´âÍùÀ9ÃyTUW÷Ì׳€†øÐ|Dã…ÉÙëõÙÛõÙÐ_,¨ý“ïð0¤éÂ_Ðd1ÇÏÑ?sM[þ
+›hGs»CneýÞöLIØ"ÏäuDsÈMYê”6¬G]k\ßëØf,s¼K
+ßcžÁ”ŠEº×qÆzVi¨I>ÝV9z繯�òæOvÆRï“’�
›Ôøˆu KËò&þdpÖAåÍÀSŽbHüv4›K;$Šw#šN‡"È`2帗'V$„ÕÆ%5�'‚âÝòL©ûqBãáÄùx¨Ö2�Ö“Ÿze’Ì™â¯ý¢C`þ Õ7Š@ýB\ªÙiñCµ^-ß÷‰%
+/Ú–•³V!ñ{1+¹­ÒHXElŽZ7FC±(Ìß1�T«<>b�CÂbP�˜Ø‘8ŒËR¶·øûµR±)�gUɶƒ—
mƒ4ÛtW`'ü2ªÔ¢àôT;×?ŸbvĆr¬XÍ4€­ÃjÄÅÝÛy„�øPÛø¤�<ÖAˆ’Z—_WùÆ
+eª`+~É
Ž.„Ó)ZíÁ
+3Óú	“Tã^8Úí
;£S(©JÀZy‚œ¢¡„žô·PÇ1‡QMÅ“
+�g@¯¢×ºT^Qr¦P¢…®/g¹.@ýíÅ“¤�_ú³'£f2Ð’ÐlsBzûÈQÃCÛøÒÇ#™¯�šwËë_WÖ÷™Iï¾èòÿr¶×«7Øÿ1Ö›0år¥ÎÄ�ãÜ�ØË
+ä
+Æc
+éðÃÛ}¾sæ m}¾C¶în¹sim‚r.„U†´Î?ÛDÂî$1$ÛÁ}$’çG�h[”Ùý™DÔþX„œeB.v$t²\…XŒŠagHôùv¿GY¸*ÒY=Ý
ZI%ìxü8rñˆºhº¥ºâ˜ðŸJ	ßÁ?¸œ5ÅÀh
 ¼Fþ?­ßþ\Ñá=ž²ƒZ™›ðÎÅó÷{F(²-ñ#³ÝêœÝ¶‰}²
+õŒ«ø}úm�òü	SxÔ�Ju'�h§SxEèR`®`-9(„*£*„EÀ¦�,hÊ
+Ô>®K§$ÿ|½„á¹b	%’I‘‡OKÅÎNÏïL”ª¬8—<ÓǤœ©eº>28ÊMÛCÌîú\¯U¢”@�Ë‚'êo|nAeÙaö;#„qűœ8°«ÃÞ„{qÜ�F²Ä`ÌB½~Ô�;šd‚

+l™ÅÁÂ�í–
µ3×â(.M±×‘I:fïyî[>†á¼ƒŽìÕ��Sq
+PL× |
+U£<W;¤ -€IžéÌŒSòƒw`0»‹åþ-¹ÙHvÁXçxÂÜ`ù¼»
 
-úíIú{Ya,þüƒÂ/¥ˆxc4†\¨¼2;
-endobj
-1299 0 obj<</Type/Page/Parent 1068 0 R/Contents 1300 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1300 0 obj<</Filter/FlateDecode/Length 1209      >>stream
-x
½VÁnã6½ç+¾48®í¸vrÈ!A[`Ù¶‰� @.´D[\S¤BRVÕ¯ïRN%Ù=,P	hÈyóæÍ>�ÌhŠŸ­æt¾¤¬<™N¦´œ-'sZ\¬ðÿ¿NÒ6~X,.&Ë÷>œÏ§ï˜M§o¯ºYŸüüû%ÍV´Þ"ûòbFëœ�y:¥uvú rIZé?­¿"rA3päÙ|…4ëüt]H5]ÜÞ�ÈVAYCÊ“±
I#6Zæ´i)—[Që0¦MHm©µ5åÊówR�O·ÖÑF† y™ÕN…öñ…Bš[Š–Q ÷ì• ·¯·[ª¤ÃáR˜LR�»”
SÞêƒ2;Ú*
¥ôb°ýXm½g¤Zz/
`v°
-q@U;šœ2‘áÔÕ u+ýhLM¡²âX*€kœ$º^ˆ=;_LùNŠœœh¾Í§ë¢˜MéÄ‘Ð\zµc˜Á‚(&’]*/ó1iÛœi¤ÉÚX2@ªçóº«î
-ÛHœ™ YN÷¢ÜßKÿÄMõñ2X¡Á�
- &
-�"L/%$¸žª’Ʀ3áÈ@wÖí'ô9P™®â"ÆÐ
ZM ]Ð(0	YHç{ÅNè"‚ô�‹ÎP0zÅÜ°õ±L0|òû:mŽa?$ÔtËÿ£ÔWˆ¿)Õ
Á/ö¶éÐi	—`ŸäáÂøaXF½T>©0
-ΰQiŠ_ÇìTÉDXèG›Ãìø‚§1ƒBwQ¡¢
÷¬/¹ìÇ
¼ãᯜÌUÆU~h7i¤Y¹Mê~9Ä‚ŒCh·<&t{ƒi(a³9¼t��J) a”:Ÿ`S€O`ŠTÊ‚”‹ 8߬…É´0–|ŽIÁˆ7BEݲÉpœÁÑ>æH8§2—�°hþ•EJë†ÉŸj•í¡ÿ†ãžïŒ9�|ª1(Ý�o†{�.°×w;«¿Ó&ô7–§O>}¯íL$Í~�Ö+âí1”Ñ‹‰‹ôE0½xä´<Å5|žã…Ö1
[€!À=ð%ãÀáÍw¯µ@¾°µ†:„*«µp¸»�º¢D3o¯Ø#Ž¶ûˆM‹='<�xâGT›®úe�ýœäõh‡¶ÛA³£5{(^G€ÑåD,a3I±A清b9¢`ìÜƤ—£e“(mm°ª*™©­âÍ�º™Èöê_€ìf„mTèF´>!
-/†47ïìñ[	P-¦½ª`¬)ì�×Qª©[¨)?ûpêàAa™¾º‡Y²g£¼ýž]… êk­ãÁƒ¦Á6ØÚXcvPQÏÿǬ‹[¤‹mW7ïø\ñÓ	�ÜÆô`aó†GtLc[ð•×ˆè]Ø1rÑ=gK¼L/Îi¹êžd÷×·7×ô§³_yýj³ºÄòŒ/Fyv<p¶š^ò{èõs±Ä«ö—9Þ—ø4›^ò‘ßÖ'�üS
‘”endstream
-endobj
-1301 0 obj<</Type/Page/Parent 1068 0 R/Contents 1302 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1302 0 obj<</Filter/FlateDecode/Length 1540      >>stream
-x
…VïoÚHýž¿bÄ—¦Rq1PBNê‡4!'¤�p�(ê]N§Å^c7¶×·»Æpý½YÛù᦭‘YïÎ̾yófþ=òi€?ŸN†4šP�
¼
Mü�7¤ñôÏC|µ¤È½O‡?x1à½�_ÖG/Çäû´Žàd2=¡uHp0Ð:8^+’¹Ø¤’ªtßXì$Y�ÊŠoV"Ûª“�%õ/îV³‹³%©Â&*'|øÅåÕÙï+J“\’ŠxåýúÛÑ€úþñ®Ãã…x”zÍúpâ�yýZYxŒ…¥LfJ(E‘ä[JL§*�Ù	ÆR!süÖRðbzø@"yo®l½uspñôÜ-ª^'XЂ#÷h—Æ];؇¡ïc@L’dÉÀ&À&‰Ü�01·g/pÎQ?-ÐçŽß\õÜÝ?^ž’�<pBú£q�Â*U�§‰Ì­ás/³Öžx†êØ"x0ba€A¡´=#­å
-i7Õ>LòŸìQ–lcK"5Šb™¿`À•‚§À±$u{H0ni¦[¯ÄÁPXºÒuÆTJ;Ї­M2éÑ�ã(ï
-í¨áv×l…�ôî.Ï)ЇÂöZµHjµx¥oVD]d˾~\‘•9©©
-¢BÌ2
-@q¤Þâr\
-
K
-\uqÑ·ÏLgPNîEV@éî!
-j‡¡´"I
žS!4rR‚ÚÀw'ɱȦ.3UjTË%ßé>ºß6È:Ö¼Ð[r?¿¾¸¹_Íÿœ9šce5û}1»^»%ÉÙF…ÞBÚ²d`©ýÉΘÉÐÚF³�ÊX“ãçŒEª„Œ¾R¤‰2µ·Á®FÅå‚ÿk±BH£4AAx}³m¬¾®Ö³…7¿ž»@°”ݽ‘×Ñ
-O�ݤ.Á5:WA¬�à>	HrDµ�<iÄP«
ZH芘Wy�Àԃߵ`D*Ôü&Py�¢¿«ÜüÖ ÚrhŽF! �®‡è2eáÉ=¦5ž�pUUyYhe °¡!âƒ
-,4;ìòlîŒ
-	FñŸ#*m’&6‘Ýú®âDløþ³Š=Wy”lK´‹ÆÁé'V©ùdØ&Æbäjš£ké\M¯ø]ëŠ	ƒh‚´n1.@ÓT†Ž-Öw«ålvá ¨#DÕ`2S‘›	)—hkp¦ðÝ	�€·Tgöéªu~
�£D¤¥�ÄÉC—3Ðqܶ÷Ú§»ßvãzܳ×#†óí‰�»ßfr!öŸn1…îÜðÚÇØŒ19<ö=bwøù4ÍÞB[ßÚŠÒà­/§ÍÐí�1¾OG½›9xu¶ørFK­¾ñxt¡‚’'+7�òɾ?Á�ý“Á);ïN†ãÉÔ›|6‘ù>4[ýqô?Ö5ì…endstream
-endobj
-1303 0 obj<</Type/Page/Parent 1068 0 R/Contents 1304 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1304 0 obj<</Filter/FlateDecode/Length 1508      >>stream
-x
…V]sÛ6|÷¯¸>9™Z4)êË~óg£i”¨‘:I§îH‚"’`
-ñÑtHñ„Òò$BŠÇÁˆF³)ž‡ø3’rÿE_àcï‹ëõÉùýˆ¢ˆÖ9o2™Mi�6
-CZ§oë?¯§o•Mõ£4„‘òíúëÉ
-£tc±ku1¦´P(ËúºÝ~&†‹k²Ò°Røp½BR#êú@¯T—µp
-ûmt‘ÑüöŽ2ÃÜ?¼ù]¢´‚EÄáÃÛ€ÖÀù˜á
-6RXí…B¹6…”+×A¯Úûù—Å�ß"W›ÆH¤nä%-�ÏoÀt!ÿ¶(ŠotI©0Ù%�†á`4
-w×ç–Æa8ÛçeÄù{^„÷ª�/°8jŒð<îžo¿ŒÓ#„—OÃA<k£ãÏcÿÜ+cî«óZ²@CZÈ
<vl‘ÛkÊUÁÕÑ(ƒ'ŸœÕQ_rX‹)Àh
-æÒT§ûg`¦²*“FU›^M¬õ- Ù=Z‰2¤ÀASUˆE*,ÊS>�©†¼Ó­ªäOÄÇ\6u{]ù<‡”Ýl¶A^úÏ2ï–rŠ¾6\=‹
lxŠÐuVÃ@:uö5pE•ÜiCÚ‚–qsµ,Ê·¶ÀKì¶`ÂY>›m“üD}]n‹�öè^Úh�]öð�Á{—ˆª};f4	Ã_}Æx·‘®Ÿè{­wŒ§pd¬ƒ¹_/�„G»œ}_P¢Wh$�¶9bÑÔà(³Ü8s²M]kÌ–EÂ¥ö	ÿH0ê¼Ëzvk£�Nu
#@î*‡Ó
°½Š¼=;ÚäûÆѦ)©–&×¥`KÛûðDÒ·6Ém6^[¾ìóûŠ0urL“A<j½vq O­*Ïï#
-!Ãi0a;^1ѵÔ5ìc/`±pN+%ûAAUS&ÒX.îz4áBíeÏ òP
-|úÀŒgNðôa}æsÝ_І[åqY	¡öâÐJÝûFÛ=­:s�]­ëQÐ�OÐÃ7�‡7<½Kùð–kˤûú¨&ð *ÍØPÁ¢DC\q€¯ÌO±�Èx*²Éç™opž™8Ptn3ën»ÑWäYLc\˜ý¥uuµ¸¾¢¥Ñ_ý}µ3
\PtÅ™£Ûƒixá/¹¯<j4™“ñ°½GQÄKîÖ'œü\˜Rendstream
-endobj
-1305 0 obj<</Type/Page/Parent 1068 0 R/Contents 1306 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 11 0 R/F9 12 0 R/Fc 13 0 R>>/XObject<<>>>>/Annots 792 0 R>>endobj
-1306 0 obj<</Filter/FlateDecode/Length 1638      >>stream
-x
¥WÛn7}÷Wôb�VÖź䥰]»_)q
-¸+JbÌ%7K®½ôÛ{†\I¶(
-C‚vÉáÌœ9s†þvÔ¡3üuhØ¥Þ€²üè,9£AoŒïþhˆï.>¥¤/`ëîëÃoG�q2¦óÑ QNçã¤W?hš†cúƒŒsê
±xé|”ëÇœF]Xï×Ø{¿ßI0ëàäNý´;²×áýo#ëž÷`ÐëñQ9õ‡Ýä¼~Úš!¸ò¹œµoÆÔ=£Ù†#šÍC‚x“�LEž
-fNÖ¯dIW“›)eZIãÝéì+lûÔéDÛVw”ta}2[)GÙJ™5^(ƒÁªå
-™©…ÊH™…-sá•5I<jL�a}T¯Ÿôù¨[‘)ã­[m�þò£×!ÒÆÖ¿¤Kh¶ªJ—nÈØ5­Ä‹$C¾
-ΩMSY¾pTBk9§_/>]S‹œ”|쵺ƒèw¶’òÒyRžÄ’ðô¨ÌÜ®�Ï›»ßw³€Ž8!!ä›H*UZù
)ç*ŽëÂð#¯rIvAëRye–ÍÚk§�ᬅ#á	Q:@C�ä,épb2ü<#oã;ªŠ¹ð.H¼¥Eª‘.hQJIˆÔh+æx²yp¾Åf-Ó¿NᜧŽå
.q�dCù
-%°t”JihYJáõ†¤Y	“Éy3¤Kt‡À'­–­…úe2]Íåüé4”÷¸Ä0
-H¡ˆã:kPŸÃDæ6«v&¡©àÛ‡Ù4¹þ|ÝäëFöÌŹÿãÕCzPkÄû‹‡i#xÜmmpK°L`vw=D¼ÿtýaGDÄvüPZo3«Ý1<’ã8y w�xá&µt|U•%”Õ(xS6±Ø
egÓÃûÄ>²+Lë¥$Så©,cØ˜Ï ŠŒN¸#ÔWè6ŠÄh«ˆÁßaÍÀ;fuœ(<eùtÂ*^	Øa‚–¤-t´JA²(>,·¶ˆ³U $h€y=[ñ¢”Î…
Ä>Üaí¢7ÀÄ¢É�Lß+çM–êxÇÄÉô8¹›†){~+	Á „|Ì$ằÄ}¸¹Â¥¯Ì•±Ú.7û›ËV®x¾™|GÈî›AOíþÖ…ëû_WöbÉ1§PÒ%È8~H·$�ŠæÁò“Vïs©C7.of31u1&@‘‚'¡8í›Ñþ2>¿F!»Ÿßàù¿ŽÁy7êu§¸{=;úóèZßbendstream
-endobj
-1307 0 obj<</Type/Page/Parent 1068 0 R/Contents 1308 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 801 0 R>>endobj
-1308 0 obj<</Filter/FlateDecode/Length 1640      >>stream
-x
­WÛnÛF}×WüR�–"u±À(ìDnÄŠk©1Šº(VäJbBrY.iE/ýöžÙ]Z²£}h0¼ìÎœ9sffõW'¤>þ†tÑ`LqÞé‹>Þ<_îâ74ŽÆ¸æ
ÏDäŸ2šw¢ñDŒŸ¿Çcqvðµ/&Øj/Õš
Óhp.BNÎp?ã¶R´ê„ý·£~àç<#ÿÄ~ö€ì�·4<ï‹so)‚5gh8
ÄaÄNrŒÎÄÀ?yC48�¾ßÆÈÂÁ^²g{W‹Np}Ná�+P5žà&±õiŸþ¬·Ë‚n(ÖÅ*]7
-’T4µÙ¨,ë’JÒÚ‘fŠ
ïóô&ìËJëú(Ú$­�]íH¯ì›²%R)«:µXسLû=KeÞºtô霳Šá ¢^4ü
-éèOÔ¿0ªnJ¡¾©Ö?ªá•¥…ª·_²0;óŸV?%I»v/‘žG5@8TKví ™–R–LËäeft—]üP{š9!qÖ$*¡Ù4ê£$Uú)-U,9à©X6ëõNв=·´îÓ½Íæ‡&Xx´—ZœàÙʬl–�6QÀ,èêkP$©	,`%áxßao€0™ÇKDï¸Ê¹ä[`3�2´Ý¨Â©ýñ”?"…=¾að¹5‘ãáµB{`#L]¢±v6]Ðç›éWm[z'×,9–Ê]•¢Æ\¡Ð½2º©bEW•ÞU�t©Ðd‹šðÈ`È°Ò!�#Ò:ZÊ…�~ÐåÎKYÇT:ü·š3Ü;ìµe‡!?nû6EEÁn›á#×(I™¬Á¢§‹ëâFÍÕ$!‹É2§›¡c�㽬ô2S¹é’i€ì–•âXÓbM™Æeª
-™ûäùÖË/(IF2“J®×ÜFËêz€&ÊL‚Ï9W<÷~}Èçë"á�üÝÐZ¡¼9KˆÏk:ÑÛ"Ó2!V}î‘Næ5e\§•©»W
-t�5³aà1:pÿ~w3[¼¿ÿü`J[.°Ÿ%=¬N$X˜厕å;²‡Ã§hA3
˼ÿˆ)Ž\L/ÿ´|ÊS“©}f�B$dA[åÚ”
-¨@Z«Z]¥ë´�ÙsK°Ž»VÇ<¯bF	úŽ¡’#-\V#–ÙU«¼U3¶Bo|gгEKûŠÙ³\[~|R¬R à¦kÑWdò%D±²PA<H^—Ð*ZS¹,é‚á×Ñ~N†íXó’sÚAzzÒºò#‚Ã'Sª8]¥®à^Z<m¥{d§Kìžcc]·Ãd§}ëÅÊ$ñvò�§Ñ®B½¬t–¡[ø13ÚGÓ’‰þr¸åÂòprðêDœ$ê)E�°Í“ïÐ*±oéç;ú(Q™P£�t�Ã|zÿaº/¿x´­÷öÔ±‘O
-ªËê”ëßy‡eY‚:K(ö�VV‘ºÈvžl7;¬|¢Øë�™=¨k©vâ‘5ÔVbìk·/b»Ü«#¢mȸnPŸ»—ë½ò—�;AX,®öÉßðØç	ÂU"Ÿdš¹rþäŽFA«ÇÅâ‘vypZ“ÜkX€0c™âoÒ¼4nõIÂ�è(ô¶å1ÍøŠVÜƶ›½öÐðQä8P±¥œí[%N“|¨í
†®ZÒd²+Ûsך¼=Žž�{ƒ>Ný¿¿â4Àãµ¼xwÜÜ¡Éø«ëÛÏçÑ—*„7wˆåÍíUÏQJ�p¸{"dÂc¥-`WÉ
-„â2´A§Ï4¦¦0Æ31ñ¥Žñ£d2À!?Æ#q~y{u‰Ù®y:Ñ{79ŽÒö°Êqá¼î¶ôÎú8&ÿßï
7Üìøò¯¬Q„DÁAØñtÑù¥ó¾Z,Hendstream
-endobj
-1309 0 obj<</Type/Page/Parent 1068 0 R/Contents 1310 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 804 0 R>>endobj
-1310 0 obj<</Filter/FlateDecode/Length 1639      >>stream
-x
•W[oÚH~ϯ8êK©Ìý’Jû�
-éz»÷–žëÈèKn€ô˜Û{­_Ü2¼³©ÌÕ
µ¬¨�1÷x?)m`¦îKnÅ“›²Æê´¨Vì(ñ”1ÃLÇLlN±ƒ˜=F%÷¸Ji×ü¬‚;•S<¥«Q.à:¯
-øF³c¤ªPa#¶äé	¸\Ûß—Æõj"-V´ÌqµÙ®u¶Õ0ÊÄ}¦d…aIÙ­>þ72ìP¿×+vìÅõÃÍ5aòüâ6k?w=wC
«R >h^ýÏE±Ûzý^»„e«Ëú&Ë‹?/þ¦b
endstream
-endobj
-1311 0 obj<</Type/Page/Parent 1068 0 R/Contents 1312 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 807 0 R>>endobj
-1312 0 obj<</Filter/FlateDecode/Length 1210      >>stream
-x
…V]Sã6}ϯ¸³/
3ÁÄ&_ì�,-3»Ûd¦M[ÁZlɵl(ýõ=W’xËB†€eݯsÏ=Ò߃˜ÆøÄ4OètFi9Gc¬¾~ÿu0IâhFÓ©¤É|-ÂSAkì_,°¿ûªïؘ&É4Ši²˜ãÿÙ<šS-iß÷ö&“Itö&Øï¶^l'WgÏi³G‚³EL›Ìå5¦M:üCéÌ<ZJÆÈv-ë•Jºé=%G›ï0�P6=NæH“
7¹„k�_+d-
-Z›'¡SiéQ59½öz›Dt£%™==æ*ÍÉèâ‰DUIQà —šZ«ô	Z‹r'80ÂŧQÂá,²’55†rclÅCU›½*«ý`”JêÆ’ÒðؽÍL)”Žh“+KÂÚ¶dë\4>&ñj/p)Ëb!í&—äŒh×6î)ì
-Y¢à¢ BÝKÔdÒ´­IíI5ìP›&
->“Y4áb®5™:ó儵Ø6‚vßpõ³Â¶CÜ“©Ð€Æ�‡èvu¹=ý/Œeðrñ }_§¡¯CÒ
‰´ ÛV•©:GÚ~K×ú!‰,“§Ä@0ðdsî¿ognÐSRmDÉÉt5EtÍè
PÔrÔÆÚYw½òd¼MB'=Ä©)«-$±3h
¿“®p´�s=ç(„§ípéWR+™m�z‘…Î(­¥h$•mѨ
-žRS)Tƒ®£‰FS¦ì=­n¾,¯¿FÌ>Ìt<¢×Ɉd“FQ´=Š0GHhØr¥Fï·Ãé¡K¡©w€ÓÔT€™ÉF¨‘ÀeªF0vYXÃå²OÐŽÞÁ~ó*Q‹R6àÜ£°®L0Aw…Ù‰¢Éón@]ËB
-îmU+¤	�Ý€Rñ'XvÔÞ07LQ˜Gî
+P碜q·=86—=Ý«�@†ÝË—;�/R}
+BD½»ÊYƒb‡î3ð©5€Õg¦F)Åš�jñ¡”ÞëTÐù
×APÕ`uñ©]í{-�‚{ƒ{#¤ßš�Zï‘*’„ŠT‚£†e�çô‡àö�?�|zEÆ]ÅGÑ*§vXAaqÂ¥ëâ'¼4øƒ
+Ùöľë°Á͜܀õºt5Ë Ë¢�k|È̼¨f=ÂààrH/ùæ,
+endobj
+812 0 obj
+2439
+endobj
+813 0 obj<</Type/Page/Parent 689 0 R/Contents 814 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>>>endobj
+814 0 obj<</Length 815 0 R/Filter/FlateDecode>>stream
+x
íY]sâF}÷¯¸!I™©2	!„S~ðg­·lÌœIÕ0åRc+–ÔŒZ2㿧»%X³;I%—=¨[÷öéûÙ}ø²gR?&õ-ê:äÇ{'“½óÉ^Çp]ZÿIðÐ!«ë6Ù®k8dw»†E)£¹Á,ô¬þàýö…M¦I“9Ô;nŸ&�šïÐÄoŽR>ófѽðœ–^’QÆI0FËG/ÛôÀÃä�xbÐ�`”=2ú0ù}¯}a›­g=P.Ѥ…—z1ËX*U=°Œ<Š9Ð=³tÆ¡„çÙ"ϵX‡˜I-«‡
M‚fÊyö£Z¥I~¾^ˆxF­gjÝ‘œ¤0™óŒù÷—c«cõ¥žµL˜HŠþ�<!–<
hÎS-’²/y˜²@Bò|Ÿ	A÷½è‘‹ŒžC�ÆÇ×'Ç
+Ó–®Û<I¤	|Ç^ÀøQÈ`©v{¥£½HÃ$›N¢Ö8÷%ΟóS–íS˧ýø)Súص~s�_°}j?{i[,8�Úr—í,^´»~`ú¾ãtûŽß)^noîÖ�δ|. ÿè¥LËi‹öñÙÍÉùhÜ3ή®JÕ±]„ïj„ÕØnÂÿºm­|g`l¿ÆSp.œÓ±tîùŒÂÅi:ò×°{4ó=‘•C]Ó°z=JbO<á“|2,±¾£æ�µ®aºø¿T]«QŽvUÞ—Ê
«è¥îõÐîªÏxì…ÉѧÉÝo­áùä3ÝŒ�>Ý%á×Ï4f)\|ôiìÅ3�,Ã2ºž\ÐêØ–ƒTèùÏâs�)†“ûñäxr7¾¿9ù÷ùéä~x|}~zsuu9¾¼Rì=ÉOYŒ´"Ä)ó3ž¾ÐtªãµF%"8“2ó0b;„²'VÊj♦M³ßØ(eO³¶˜~À€‡�zŒäœ\L¼‹d—¤¨‚©f†„Ñqû}”¡×0Ì®ÝEÙÕß	C§W
=1mö:•=WŒ1°�%ºï!Ó´„œ˜6]×r�þkS,»�ß°„eÂwEñýcæåÐîìZ/å»5áõNѺ¸NÆÆõÅ5}T
+ŽÏV#ïHªBkg·¿®D×C»ÉªRY,[Èb蛲gç£ÛÉ­%;A±nu蛲—§7ëË]ÞÕ²•‘oJŽÆ×7ÊÜêù—ÊúF;z£cü½Êºtý»õãÝŠ.*Œ^RPAP­¦Ñ{]Bä„…ãÚF
©à6ÛË›E}•¨E+i=ŒŠnZ¶,N5Ý5-cðÝÖ¿	¢2ŽƒcJ
+ÛéŒî…b]ÒS¬kŠìn¦åöêQXîÚQïÆþ¨V¡ª-6ÆÑW¬n]L˜ÖÀ¶¿»ÃVÊYBuvXNj51Ñ5�Áªçý¿vX•Æ*‚õ ÖwÇYµÐJ7»&Êž[¬ÿÍÞš.üâ2²ºŠ¼uÁQ[ߨñ1L¾4œÐW×iPc3}«§¢ÃÍ9ÙuÊyu\Y? ø‡wWW‡·ÇÕ‡F]kð『è/
+(݃»$(Ÿð‰I…íðl!Ö2ÕïÜ’µÜšå
+@Ì–Œ�›<²⾟ÂŒù^^PeåU:ÄÚ›ë6Õ]c['ø¥Í×$UÀ[_Å×~i’¥Ì^ˆ}
…´#PI+~RtÔOŸK¯£Ú'÷R„:Î<å1x¹EÊžCž‹ò½¢ÊyYÈ“é‡bcpƒDUÁÖ)Ž$‡£³UAa#]4äKí|…
ž	…\¬ ðIBNÔMáÀ	Æ2èBãÑÃ0bŠöº‘«—OïFã¶&=„¢@ˆ/X²Jªm]4ôN(
³ôúO`1¡N¡ÑeæÕ�í Æ¥®ï†a4§<I0¡ž§Í€a½@3¡ÒÖÒe?•,§²Û’”Ö€
+Ø,Ì°ú¢¡ƒËYÇ>2Zûìfr~X„h¯dv+ì«\ÿ2Dªó}1eQ¨øcð­O"³G’“t¯2†ià§'�ú_ ¤Ùµ7UJË6èr¾eÔ0£€3‘ìg$uÃ祹
+/ÏÀ’e¡¿2bQÝVq^DNf¥"ÕÒY 
+L–�È°“­…Aóæhõ«ž¯–T[*]&oÞ2˜ø‚¸Ftp8v6yì§áÐõ‘o•ä¶		-@©ƒfE«
+endobj
+815 0 obj
+2014
+endobj
+816 0 obj<</Type/Page/Parent 689 0 R/Contents 817 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>>>>>endobj
+817 0 obj<</Length 818 0 R/Filter/FlateDecode>>stream
+x
M�Á
+Â0†ï}Šÿ8«í,í®ê<ÕÕ�®ƒ	®Úv>¿ó !H¾/É›p°ªÂFÂ>ÉÎ�õQ€s˜>wd­`:0ʃ±…ö1µ6¯„ëI£ŸF›?Fº2r0$B*I+ˆZåºÊúÅ[ÿ¼\*:ïÌÊ?w»=ï¶ÐÁ?œMh¼�žnL÷Ù?ÛË…*¬PTQ´~
+ÖEøû›nÑ…áãBÄZ7q¦„´Î�˜®ÕïÈùU*@endstream
+endobj
+818 0 obj
+189
+endobj
+819 0 obj<</Type/Page/Parent 689 0 R/Contents 820 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 133 0 R>>endobj
+820 0 obj<</Length 821 0 R/Filter/FlateDecode>>stream
+x
•W]oÛF|÷¯X (À
+šÆ/ß] dî�fI<E¨è<Nbú]•MÙ¬H4t¿ kÿø¦´E`êÌ)Iº
+”òh¥ìOš$4ÕÔéZ³Éiô�€˜Fšÿaæiô—�5‡/ó*4V«ôÏî9 ÷‡B}ƒ„èázˆcW™ËÅðù+ζT  64‰#þI5Õ–j‘e#ýï,�
Æ‘³LÚ:Bƒ¬Y.ï(V¤ÂÈÇD¥éª‹i�èúôGê‹8†C]©æ×

+9ÀÈquah�Uµ�È›Q6’+zK´ÖåsYɪT$ò<Íõ¹t~¤b¢Û%>DiršÖ²l+rã¾)¡#™7I�²+ù¾<z%|tf#óÐ	ÈÁIöËâˆ]ÍY%ü¿o¿%ó¨x>�ÄçTÓ49‰ÏºO«÷Æ�2æÓdžîaLè¼Ô�–¨0ŽM®61=t°]‰ûYõŠ"êÑ>Fç�öO9”î‚Ö¨Úu¡VPb.­(+s8ƒ~©òúf£Í峬Ժ–hZ¦r×ö8ØRgnÎ:TkÙVù	ô)ÓR@˜Žï YÝb€CûUsÐ3>ê†-•˜
+Õ?£
+x–›¼ªz]¥ë|‚V
+m¡U»*ö¬½„),�¸ÖʪLUÇ|¼ñCÈ!XÇÌ+²ƒš®;—Óâ¢#0G7óÀä—`·�ʆ'
+Í5~Ž:e¿ÑO´£«¸?<ÕòEÔktQ¤êYîh¡¾+þ~ð~'ØzÜ­#~…l@Ü€þ)g� œxxS¤JÕr]‰íï.:‹ë+‚^l¹ðœëÝ‚pÏqÛòCnpyÓÒšØæé>¥QìŽð¸éõòÅ;KÀ	»NmN·Ä«Ø}¨
þ„"w3�E³%Õkj11ÝZ6&ƒ'¹ÝߣŠ]Šñ }Xý5“WªsW³5VÖÇ.£)ÂHØ€ ±¤½Á°u2…€•Ëi°¦çIŒëÃdOàø³“ßêŠ�œì¹ü½Ú£lp¨RÒÎb¹$/âp¡áKjÍ~I2/­ïª{µ
Æ7ý`À
+endobj
+821 0 obj
+1500
+endobj
+822 0 obj<</Type/Page/Parent 689 0 R/Contents 823 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 140 0 R>>endobj
+823 0 obj<</Length 824 0 R/Filter/FlateDecode>>stream
+x
�W]oÛF|÷¯Øú%JaÓ%Kr€ ðG¨�´VuNäIbLò˜»£eýûÎÞiŠ6š¢HàYÜ����]}?ÑÿF4‹i<¥¤8¸Xüº8FC¼Î_Füå�³IÓt>�†TÐh2�æá·œîø¡“ë	�F´X!Üt>£EêžÒ"ÜÊ'KÉF”kIv#éíâ'éFAÌÓq4Ù�ÙC¡×tr‡,
Ï~"Ú*ý°Öª®è='yà~r
˜ʳRRV:H­sµùßddb3…i)ÒwìÉõiH{ìòÇS`]¤ƒN>ºútÃ9»D´ïY2CøÏ”¢�¤VîçT ¶’„–ôMeeV®£–£Ó8šÑtÈ|�âh~¼ƒíáìòý§ª©¨�%‘Eñèi¯„F^+u¼Ág£è´|_{
dýä$ËDï*K•0ü¤æÇ�0Ò2áž>hÎéh°“&¼ôÜ30…�(a¥4íT­©6RƒUÅ{PÇ£1ÄŠöˆl—6K„Êñ}» ÏW—¿�58š‚ßÓé@ƒsfÛÿÖò{:�»hÏz¾ÎJ‘ç»#iJ÷ )Tš­v÷oI4ÜvC�Ûx�uwÇ_ǧ`~?í¿10÷aµŒCÄúýßøáxÖZu7�nóò,€dþvqu9
+ßcßߦ™Cj,6ÒxýótT:+„Þ‘(SZŠä
Ó†$Q¥Õ*Ϲãw¢X
+¢m–ç$¬•$‡ó[Dby®½PðZWŒ
™…8õD!˜‹E©;�¤H6aV�Ñ3‹Aá�R!v´¥ÃÀΡu°;Œ|ža›'z
+vB—ÜA…3]yWêŽGÁ^¯„}ÀG- ‹+r >ž_JzçEÐøiúKýìßûª`^¶Qém7Z´…Çf,�´NdÊt{…ÄÑ0š�Á<WÛF6¡ù©€¦Ý°'’×Tf
+¼$l¯N8Gª¤‰hÁ5…ô$3<­i©Ñ§Dk ;&ÊÀ¾~¼½£TX±`®Q
+í°m¬±+Œíw½5$-�Úzgôõ§BB;@ƒ|k4„µ¶söIIžÁÙ<Ñ™5àÕ»§A…MXëÌî~büM@ãñÀd>ÃW‹`´òÛÿG�ßþñÙYÏ/aT͈1Š¯(�[qZx¡¹±¿9y³nD¹£Jª*—~�	ó€æj¹:e¬®s–í¢u¿A©Ë,p®;JÏ*~
+DK^&oØl<¡ÑMÌëZ,‘�ØS 0�¶Kô;X,²öb†žªJj "m‘=
5tá'“×…l²6§Ä*FȺ†š1x+tó¿”v+¥¿R’L'u�—	ôÅßë
+:tY]p.3~ X0.0".Bæwñ³ýmœ)œ…Ì6³É8Qí¡êƒEDç¯E¡^F¯JÌS)eÊ3¸jè~9IØ\*Ò˧`�íúÀH{Áþ´un±kŸk£{
+ÇØ@g¢–U.ؤ—»eŒùð8NÖ+È:±
+ÛøPbô dºTEUcc™Cº¹¹Äñu“%Zµ²ä32ÑxWiT.q�Uy
cs´ãÛ%þ�…áäóþùâ›G㈾nvþ€GÁ˜J>¤Qw	+ðFIïƒ+üÂU½âf—µÖ€Ç‹9ô©}’v�
S¾± MJ·Il~ÎîpàÀÀaf¹Âþ¦/eöÔ^ÀÌ+
+endobj
+824 0 obj
+1710
+endobj
+825 0 obj<</Type/Page/Parent 689 0 R/Contents 826 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R>>>>/Annots 149 0 R>>endobj
+826 0 obj<</Length 827 0 R/Filter/FlateDecode>>stream
+x
}WMsÛ6½ûWìQ�‘i}KîLNœt<Ó8n¬Œ{è"!		0iÙýõ}@$D7�eÁ°oß¾ýà�‹)Mð3¥õŒæ+JË‹wÛ‹Û‹I2ÁÿùcÊ_~¿˜M–É5­6«dB%Í«dV=ò©«�šNi»Ç}«Íš¶™»`BÛtô,ëW²ªT…¨©1Ôä’L‘ÉšE¹deÚÖªy¥Òd’~Ù~c±
X\.Ï,Æk<ÝÌ’é9ž�õ�N.œcë�ÿ†¯5 ²ýþ´û†Ó£1Ñ1—µ˜�¦-2ª„µp§6í!g·øì¥7t9�ñ6‰t£RÑ(£©–?ZiæAГҙ9Z¢ûm°NJ;~¬(%Å+	í»^’©»S×›2u¶äDäfÊ‘›3š’¦³93åV!rˆ×|á ö{(¤°X÷RˆXˆK|î[N’ùà¾sñ€»€`hÎïà?�Å꧴Ó+�ÏÒó
+¡˜WÛÈÒqØ6†Ÿ¤¢(^	lYuÐôõþî/jUî`àÀ_ã‚ã°tL�øý·¸Ü·A8…¨V6!ÚæÊRÊÒÄ_ñ, ã]�…¦L>ËÂT%ÂK»Zè4—–Œ�
+ÚñŽg™±#µôœw÷XctNÎVÉ‚µ´Å�"{ºɧ2‡ú²` ½”�³Éè�aÿìËh I=€ÌÎDa}yxOi.´†e\*_DÚÀsÞىס:’·Ï›Ì�jÏ,•RhëÓj`Õ'¤%mŽI�(«J4žz®¦n‘KàΉÃ檲æ¿ÑtIfá"ý=R‰LÆôjZJ�QdÙÀü©:qUàkÁ7´WKkÚ:•�F§°\<#çq²Bñm_›2>|:ýpû>HsÒ„Ѥ©i!++¶¡îdÅEe95¹Kø«�ËP‡G]Y�+[_§GÑ 0{/)²NŸ^®RŽÚŸ¿KY
zjêÔÕ0SIT)WÈ”EQúpªiœÃ¸«0øßÉÚö
+a$™Ï1ø�Õœ…ŽËÈà‰sÎ.@ù¤ÒÚX³oÖ»
+÷
+¹92�cÙq9
+âø¼qD¯Þ!ø®\Ä1CH`p-­àG´z�q™;/¡:fÍT``º÷@›¼u 8©86¬¼~C'k;ÔÙ
*è^i®¯°
à,BÔåyÉ%ÀÅ÷,ÑcÌ|„½p6}ºûÊ`]ZsPÞ‚�|æTÀŠ°Ý81é –”t¥›Tƽvê¶qç°mšs‡è7?ÞÝú…*böú §ƒký‰ê½>pZŒI6iB7(ãxŒ€Å¦\uc¨[+¼G±—/�ÔŠgàoß6-&ŠPYÖÝ0Ä~….Ã5sR
ÿPf¹ß‘¨ªB¡ípÉdB(	
+¯qm�rØH_µz	�íÔw:y9
L{ÌnëA"¸\s݃žêŠCŒ}5o'Òï¾êñÆ'NÞ';°…[fc*ÅwV�8�5Ê=|¯ŠO ˪À€Ädzå…Z)õ³ª�æ΋¬
¢Îùå˜á6>0ÜõÙ«�«n„½<uÜûÏÛ¿ò	Œ¤óõ4YÒ|Ê͸¤Ål“¬ÂêÍ<Ÿ&<[»¶ÝÏUô‰5èåN
äà¿C=™I[7G`è³È·‚¬Ú„™÷zy’;sÿ(íçä~Nuƒ:Ï©ô‡ÒíË“©ßκi¬›dO)àjáèð3?Í'~JœóPçìY´„ÛטûgѲ¤
ûÛ?‹–˜AF|)ÞÞ¢ŸàôpL¼5,—‚÷w�WHʾʾuÎU¯àÎìz<À˜Ð¿Hµ½WÙ„@OWkŒÃë^S¢÷•Ç›Oïnè¡6ßÐï0úȸ	ƒ•péO]úc£M2K‚JY“§‘r6Á›Ó­›RœÔë$Á†F‹eÔŸÿ9%{endstream
+endobj
+827 0 obj
+1490
+endobj
+828 0 obj<</Type/Page/Parent 689 0 R/Contents 829 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 158 0 R>>endobj
+829 0 obj<</Length 830 0 R/Filter/FlateDecode>>stream
+x
�XMsÓH½çWtqY§*V,ù+æ–²P!³ì!U[cilH1’ãõ¿ß×=’,;pÅÅŠ4ýñúõë~œ„4À¿�¦
'g'Wó“óÛEš/ñf2½ yBƒ`0À_âÞõZ•v4è­ÝReéÚæK³Ú8M*[(Š‚ˆTIêtþíd@ýh„ó½{g2åvtc3er>S9›¦ÚñWì/Ägì¯?q'fAнÓNÿؘÒTš>k•˜|åOŒ(ëÑ”¿¿ÒK‹vvC1¬›|£Éù�ÕÚ”ûàϨHµ*5e껦’CÇ{UÉa…§Øf0V©Eªikª5[”ឪ4q�\8ôÁ.MªK*µ{21~À_™->E*Ohí‘Ò¹X俨$3¹)ÉB•åÖº„Hç±Û•±9[4¢ùZ—°Ym-;}3?áZHA(ä_Ÿÿ<	ÃA0¤ñä"QFáEÌ꧔¸¢<Îð²[ÉÊ&F�$ß'àœxœ4Ir‡NÜŠÎoÁÁ¼×$÷Ø?žÖQE“½×Œ†á(ÅÐZ”ÄbSÅ&äãQ¡¼P+-(Vk 蚇³ÑäY­3ÁΚøŽ]¼Ùƒ^Óã0ý&ØÙ¥gÑÛ�_çAaÐ7æbûºÐx|Lht1
h„
H˦¥Š�£QpØT³ 
+èJÅßWÎnò„í�ߎk´Ñ–}Oñ;[é×R�óÛIS‹ËMµ¶î�’ä­?ÚÀÚy@ûÄÆ›Lçá·br/L®„fœÓ�z2	¼ç¹ÍaæÕ¾‹ïo®ê7<—Ô_I5êïîæMOß^~zº^YôKãÑÓ«ÜÚ•:
Ã;�¡ÍµÀÖ—ì&BÍÞßø
+x–•�¢pÆ:§}Dz¸¬U^¸’H)V…Z˜ÔT†{Ä’Š+QújòÄn
ËœF(Ä¡
+$íg±,š]?ÐËgërÉÊ:
+Ÿ Gx7%èu©PÏŸ€Ü|þ«¶hP¾LX”jv>%êû…›áƒÊ!N¦Ÿý÷ṄòsïñTjP‘¶~†IƒÈ_Ú-´³¾cˆÏcdÝVUëv?ÏùW:pD¬{¿}€5Ùâ¦ÐDÔ
+¼Ö´-p³Ðbò©†/¼àFRʆã§uͽýµì”Œv~@þyñ¨llS
¸Y5ö¡ÔýTÓ³^*dÊð\®4fKb–KXÄ.(Zr7qåð°\^P‚…Öy»äÀLí½ÃI•6ã”ÉüNÇ—¾º!ßu‚.cc
¹H©T&Ã*½M‹h
åIü#�tÕÛZ{cTö}À¹ôqG‘ªâúÈÏxláð«2¯±,‘´0vÆkZ™Óýfq1ñê5yY!x
Ì�líò�÷)KÅ„~bC?
Q¢+eR\7ñš9-³£‘Ó³c	<#]ÅA€¹�;6Œ;ãpam8Ö¬f&Ýq
+çñ\h^ðŸGûøÑŒ¦|C’*Ž&ì
ëÖ§“ÿ
0àñ‡endstream
+endobj
+830 0 obj
+1783
+endobj
+831 0 obj<</Type/Page/Parent 689 0 R/Contents 832 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 203 0 R>>endobj
+832 0 obj<</Length 833 0 R/Filter/FlateDecode>>stream
+x
•XMsÚH½ûWôek‰k
I	6•Úr’u’Ã:ÙØ·8‡A D_
&Þ_¿¯{HÄ@bW	µ43ýúuOw�¾]øäáߧ8 QDI~ñòîâï»o0™Ðþb–<Šñ„ÂIŒÛ0Ž!Mž�—XfwÁðáuH¾Ow¬Mbº›Ë{�î’^®›–…žSYd�43©^àw¥�<»ûâôcT�º
+8 �°ãd<™v©ÔRóÔ}xÊ4÷àƒëÒÀÈâA©.ýÇ4©M3­ÊÒâ+˜Ø¤v%ƒTb×*Ûù“æºNLZqdK{Ôx�  Þ2×U�þ®ò*ÓÂæð;OöHok'ÝGd�€Ez˜Oˆ·?Ý�`æ;·Œ�–Oˬœ©ì³K}Ÿ¹�rÂßsz©ê4¡Zø?–—¬y$6{ÀKc?Ä5'ìî°¶”îöõÖeÍ„1&tbOÛYZ"Þøb7qÇ8½h,üÞ‡÷oÞw`x#ÀÎ)樋pó'$8<^(ïóoÕ¥)×ÕÏ‚¹¹úxóîŠGï–î>¬t×™Mõª\gsöM³‰hî²ïÿ¬L¹Bú0Hoå¼·�a]#£1;ᨑb[¦9Ðœé-Ùã‰ÈÏQØQyâ^ß›röéŒÎˆ-oû·2z¡
§gÚqZu'¶Âp*N�l¯gt�]ðî}Ù°û«ŠGlmÔ¡g‡¨P­RÕöäYsŸŒ•Z'¨Cöq·éè¾—¯Q[Ö
+<lÞ¾ùþYÇg^$>sa"ÂôçÛ6þíúDZ3~û$x¤DóXYx¼Ru�ý4Gâº�Âòm�Í¥Ü%)NMmð£8”ºå#¯„ä¤ÓèG1W¸6úFý^ùq3šˆ{ÒŠz]U¥±Ûš•Ë²èÄç(ô÷ñé„3PÑvprý!>÷k?½)OÁÜHIFÑ®-—b‰�Ê”‹4Óõ_j±‡9} ?Šh$¸¨Ý.Ip‚W»:Né=þ~»¹¿ßb€´æÑOrìÀs�à¿×´*sMsÄHsÐb /ºAMêL­¨>,T3îDÖÇœ²³ƒˆûAlfn�pÚì ŠÊ™=7éÉõV*ì¶.c.¯
ÙN8£uìªþ>6œVæã4Ù<ÂUè“TוNÒ¥¥.´AYw
+\ûávc–‰$Êшt{
»‚ŸÄUFgèkÑá\^¾~{y)Á}#7‹Ÿ
+meåϨvØõ~ÇŠÏíZ“Xΰâ�žô…}œ
0Hò99ˆ¼ç­ÎZŠíM¥@S×êò[ìÍjäG®R„œµœpÚ ?îVŠÓ{i¸®ÍPŠÉ°æ³È0KgÃ-¿h¨™Xé|ÎàOˆÅYÅ�¬Ž³zPŸý�›¾&Æ�pFi89H(Ô8�¹v»ú':¿ÂªyžJW¬ÛzîOÜÊI‘ÛàNZ÷áýi›ª¤Þƪ�ÆPNPâZÎXç¢3ÎÅõeˆ&~XØCÛ©Ó‘£—{Z¹?­Ê³]\~£EÙVˆ)½<gJ¹?­p2:h伋D¬ê¯ÇƒÈ‹<¯­!Ë�û”XîO+EK{PBwµâŒÞØéÝŸ“úÒ$óq‹û>¿s�"}J‚öÇ­rAU™VŽê8¯púg2w,V3sù(
�›#ÜðzÒÐ|”_$Ø‘Ðp{õÏË+ú`Ê/¨nø®�¬¹’‰ÌHß
ïÇ
çˆÞ¯~’Ñ:áëO
ã†á/þUï†vendstream
+endobj
+833 0 obj
+1577
+endobj
+834 0 obj<</Type/Page/Parent 689 0 R/Contents 835 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 210 0 R>>endobj
+835 0 obj<</Length 836 0 R/Filter/FlateDecode>>stream
+x
­WkoÛÈýî_qáX°¨·%ï7ÙY·)6�MTE]#rd1!g´œ¡eõ×ï¹ó I®’î‡"	"¾îãÜsϽóëÅ„Æø3¡å”f7”–w›‹ÑÃœ&ÚìøÖÍjI›ŒÆÉx<¦M:øI¥Õé`eFaÌQW™¡²6–¶’¤ÛBf	у®¨Ô•¤LZ‘†´¢½>YM™&»ÏÍ5Ur'+ܹÚ|¹øisÁ.œšð¯O¹˜Ý$cºYN“•4™®„ã®
+úÌ�ö¾¨ž\ÀËÞï„üþþÓ??nÞ~xŸìmY°»×/Ý/|9HˆŒÒ�ûp	3“Y2…­ÁãôfžGløñpz“Ìùùf/ÉÈêù80L}8èÊ"×RäŠ
+ý¤•!¡2Á@wè_JZ÷¿}
+cí¶ÒGN¥Ä�*÷�\e¸M”¹T–‹VèTXo ä)��ƒ’†Ñã›{”þc!…‘Mq�ÏgQ庆Á÷Ò‚2_éŽÝæê	Ѥu	Âæ H®Ò¢ÎÀ­cn÷Ž%”åÆVù¶vÏ\Ïeà×ÙâÅâœ)ÞdšÒpÁÔ”kCŸE¹4ÅÝLKCJ[Ò;槠T—‡B"ûœÿ�Vïè©Òõ�Jq8p2[d'¥jð{¿ñ/¸Êsà`ù|º
+ž¢¹JÏÔ!–KpùÆwÜš-›K2öTHiªkeMÒÎb±ÊóÕMñ�¶óêwK4õº¸˜Î 9íˆo“yB÷ÑÛ;‘îs%iS±®ƒ×çÓ¹â€î]®	wŸ�ÃxUÙ1t„Ev°“¼Aë†°¹Ö"4Þ²{aù~m|½E
ëÊ:0e}ãFs�ƒJà9Äv/˜øªz¼r�¿voˆÐ7‚or´óÛW:{€ª¡U§kßœà«ÒG˜ä/ïÑ(5W( ‘\±7@ Ž
´¾‰v©…A€Æ²Ê"˜A]Qcëä	?kTŒ/kųtÅh#\£2Ýke+]²BJ›Ð?h¶”Ûí@¶	•|fÑPµbXu•ÿ
ÄHGtdA»{ûá3)¾ØUºì�ú%Ѐ3	ÊËSà	½Éì@9¥qä¹2#¯*¡ÔGA† ð×SžÅ¾ÄŽ
=Ÿ1Ò¦˜·ÑÆÒíKc
+/Núè!n"­v�èºÏ2ÿF³‘<^%èÙÓ"
+……qö‰ xßÃdbûœ�Ô±MÏLêΚµFÓ#vsÐ*ãöqs±
ÇžP‰®¦nŠI›ŽÎæ–
+endobj
+836 0 obj
+1882
+endobj
+837 0 obj<</Type/Page/Parent 689 0 R/Contents 838 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F3 6 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 215 0 R>>endobj
+838 0 obj<</Length 839 0 R/Filter/FlateDecode>>stream
+x
�WkoÛ6ýž_q—vˆIJå·Óm@Ó.[‡¥Ýð-Ñ6[‰tE)Ž÷ëw.)Ê�$0±-‘¼ÏsϽü|S1�{ÔQ’Ÿ\ÎN¾Ÿ�t£É„vÅ]šö£
&cüìóÏBÒ[»4Âc¯^‰{xáV 
+‹�ß|@Nçj@qL³ÔŽ&cš¥n½K³¤5[Iz1ûxÒ¹‚InO«#ˤ³ÖnR¿N·Hê²ØÒFeeÊ–Tât.’•Ò’´È%a­\‘ Óç§$Ök©S™žÓÆè³’VâNbÉI6¿f9ü–Õt©³G³´%HWX±+‰O¡SÒ†he >U…LJSl#º2É{‘¯3ºoDJg©Y¯·gÐ[ei­Wz¹§î?ýÍÔ'	W•½2¦̘ڽa4`‹�¾ç÷Ãîÿq½±Gnc«¶îo­’O¦1­‹N*ï:ìòEg®tg!2[o	‘o³®‘�Ϋ¹¹“çuÒz!i�«ç[”MsDJo)•6)ÔºTH‡KÚ¡äL&™B‚ÏIE2:§KaeŽç×&_W¥,"ouиÀFwãÚN¯˜[“áx¶¥¼b`«z'ËË·ïo¼~³ØSO¥áM
0•òoOM.”Žˆfx
+ÅéB
jؤ^ÙZëu„ˆ&f¶ùðƒã¥a<Må4áË?dt÷ã$·ßÓ°!¦aÌö©ÉæsÏB·­ÉíçlÃjNÖ
µ
â&Ï™-8uvÅήd!›š
Ødª0¦|V×Q°£Õ(¥¶ v^/÷”Ù¨ïA`ÃzŸ,Ð'[.×HS]Ggö <jÔxû†êBÑrö6‰C®–RË‚¡t„‹Earƒß¼÷ûidÖu"FQðžxxÿ„ºôY„JóJ*Ïeª`C¶}
+)‚S¶B�}¤,²ð‡©üÀŒ{¤z#
+tš¯\½zV£~<ù©kÊÀwð€©ß�6Àݺ:WSŠÁÿ<bõÆCשwCÖ4D½ˆNßë6ÂԾʶ§ôšSÎÖÂ…ëz„šq›¡W¾±¸íê�ù…G77±Yô*¤û¶ÅIçÆ…ºãQëömÄö
+�~ÂÛå²aöø £ÃïÊz~²Õz
~L_".xݸ€¬-Ô²K×™g!µ}ûúaÍ´{`ÍþsNƒx
pÎò`kÓCw
î{ ÒÔ�]VšÃ¡±¶È`B<•«—Ýõ íÅ6Ã:fÄn±˜Z[a€Ø±¯Ÿ±\.1ì ?KPåË/äÔ
,cvá㉆ï"îšÖ^¾”Œh„co¸%8`Йþæaúg¥«{²[Ì[¹À^�ö.33Ù_.L¸£à†ÆUHDÏè›(Š
+É£)³%
+y-
+P †e‹•ï9
+=}K�ÊËc?ó¯·Sj.Ô^RŒÙªmiw5 ö5}]Ø0+M†O�Ò¤ž[âÑ8â'®|{w¿›W×— çÂ|Ä¥ŠÞ˜¤âyßa“MoûSm¬õÿIl0 h¬»5˜²dTã¯'ÿ;f€Sendstream
+endobj
+839 0 obj
+1657
+endobj
+840 0 obj<</Type/Page/Parent 689 0 R/Contents 841 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+841 0 obj<</Length 842 0 R/Filter/FlateDecode>>stream
+x
¥WÛnÛF}÷WL�
+‹¶dE²S …#Ç€
+4MaA
½¬È•´1¹«ì’Vô÷=3KÊ
êdr9—3çÌ¿œèßšéjLiqòn~rqCƒÍW¸3¾Æ‡Œ.“ËËKš§½›d”\%ô»3ÖØ5•MÓÜh[Réä¿;W(c_Ï?Ã̈ƒh¦?œÀLoŽã[ïR�U^ÓÊyú\R”™ÉÄ=)ot �)7býIû`œ%·¢OÆfn’èj\»Býá8á {õ	"öx*­Oõ'É5’ÙÅp<¡ãhùÞ³��¶â¹
+Ú“ÎuZN•ã–ëÏa+ŠAŸ7¡qªÅç9QR–Tšº
+P)›ÑV…°s>cß—Ô\%CŽ§Ü¨’LÀ£æÉäz­³#oÑCBtKô Š¥"•(E(½*Í“>¸XôL¢“sRͱڵØߨÐqë�+éÙi `̵�>�:€_¼¦¢
+%-5¡ÞÚ#´
þþ"Ém5‡€çv&Ïi¥LNfÅY#Ic•ßCØñÛ ‚Œ×ß"3áH
Ž Wnp·96®Ê3Ž�‚Ò
v³Z!
+’ü8s™–µÚ:	®½*Ý«©ô\©µD@=¾×
+ëîcU¡ÏiY•P6YVHºÑé£Ôsé¾ÒéT@ƒÈ¦zMÐm­³º;ÜIKN‰fˆœª
+,‡j­�j\FÄ2%!D¨Lp…ÆÆ
+endobj
+842 0 obj
+1535
+endobj
+843 0 obj<</Type/Page/Parent 689 0 R/Contents 844 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>>>endobj
+844 0 obj<</Length 845 0 R/Filter/FlateDecode>>stream
+x
�W]OÛH}çW\U­šJÁù
+ׇÁTküUNÎlH,„ªz7û¶38ŸD‹CÚO’}˜ìÍ–’ìÆ:YR&*o¯ÐÚèštE÷½÷C|FG§÷ï|‚™,šÙ�"Ä“÷îÇ“iôÑDÍ϶^.è›V•DHp—ë1‘­³LZ;¯‹bCiíHÌ9�zµ0"WÕ‚ÈiTÉ5¾}”Æ*¤çÞÄ­(SA™Î%]ÐB:þ’cÛEf£=”1•0.²O¯Z9þ)É>]RXjG\<Òž*[ŽËb(Ö‹ýµÜ‰¼T•²Î§Í+tCVÄ�)WŽ“A.¨«Ž­à8Ÿ; ,é,«�
·Z5º½8#{¨	ÕØ<,z´2êQ89¸»ºùôñæêËu‚óáPÓ…Á8eKQ-dž�#ù$ÊU!û�¸åF–úÉ£KsUH�¢`ð ñjË4ïúµCO�Ê÷’2#–
͌$_�)
ÀÛµX­¸&©È¼‹¹6nÙ	'•n-Qæõ–ÆÉ0™öivù1 AþýáäŒR#ªlÐpßcF™é²”U.sà–ˆ
€8ÛZlЊŽ«LÜð BMuZ€(Zf¤¯¾/ˆ6j¡*Q4ø%nÊÙªYDvV(Y9š]6Àl
%b‚É´ø;K‘-Á ²¶ I–éš�ó["Jdºª™8R¡mæYÐgÀ‘#Ä)®
+®‚
+éýoß1ª/<9PÞ—&¦´¥"Eîê5	4¡ÿ>öNo8ð—y•Ðdï-0¾6ºZüå9Ò%W«§™¨-È”ÀÄõÙ{_™¥xd<
+h’r‚¦þ¢è@ÒÅ|ãÚz^áœ�ŸµµQ ‘çw†lfÔÊuYSJ·Ô�D	CMs
=®³oïZד?¹3S8‚ú/EèéZ›»S´P+�SŒ­!/O1š ÷@ßF
€­ª�
+m�V˜Ò¥°
eç"„&€#ð[U¿œ¡ÕACÙrÇY¤°gGd6:ØAlcˆó´iEá…ǧ­s¦Á÷o48j^œå\xr>ÞNBüga£ñ‚/èr¶?¸òì²,ÒUÊá÷±•F‘jì<妓]ƒŠT2¸reYŽÁç?,^�ʼ´{í%“°á�é¿”@A×'Ÿ1„
+(4±^0uBFㄧ-ON\öO ±sõ„s8ÃOGxz…2›Nvƒ�G—<˜X¹€¶ºBRqò�]¢)Øw*B�|™JY¦¬‘–Í30¢nù)‡eD…^£"gÒžoUXÌx5IÐœc"†ržÑ%ÿ•dÇøëk¬í}o<9¼ÇÉÓ—ËO—Ww—ôáææêÆä"9îøyÃ2þ¦;\N0†•	”’Qr5˜å''Á·¢Sˆ-³˜íÎÛËT$Ý.6”à%Ù.p}”=ÀÿJ›ÒklŽ•ª»½ù}“53è,S<zÐnoœ¼Óæ,cÚƒ<ÁNÁÂ×FJhó°Ïš«E3PBxÍ´ë5^:Qó%gtAóB0¬ÂãfumiUž2É–—ú®�°†Úˆ
+endobj
+845 0 obj
+1799
+endobj
+846 0 obj<</Type/Page/Parent 689 0 R/Contents 847 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 218 0 R>>endobj
+847 0 obj<</Length 848 0 R/Filter/FlateDecode>>stream
+x
�XMsÛ6½ûWìMJÇ¢õ-+—Œ“8�§ušÆJ3íð‘�„˜T‚´¬ß·
+S�¼‰Áx
ýû*Ù‘ÙP¹“¤ôƹ(•Ñ¤e"­Å‘JC*ßg2—ºü®‡OæIé-}¶²h½Á	zùZ°ã!
F“hÌS“,*ë\Z‘Kü]”ïtòÅ6••ä6)ÜÌz³_”NÍÁÒ‡M
�·ýn*²;Se)ûôpf@D#þøôãÅrŒ(æÃ>sÍæÑ¢~Êè�A´CÞB[H‘º`;A{±ÇEk¡	\NÎ†Ï9�Gãh¸Ÿ±:]FËp5xÆêœCö�s¨ásN“á<«á3VÇ“h®ÏX�,΢b¬lÅ–jغÈÜ5¼à\5Dó¬k(ˆTŸ§ËÑ¡uà¼ÀAŸÄ“P™Xg`{arºWIa¬Ù”¸
+b½›=¼hnÈWÏ4/¡!à+÷l�ˆöø‡rj÷s�Ïß9ë¬= yâ"sá5ƒ�„*p†Ê72Ç ý�Î1,|Ga­IàÁc];õ½ã¾#PóI’ôð`7F�ƒÌ2Äå(ÚÁÒego¬UÜŸ@YŒ:3‚”ÝÖ�·.kŸ<Ïü²Ù �Ë…«“-*\ –öÇfä:»²kuA
+o . Ìמ)3‰Ϙ×,ÝìýYºIs¥YbüúOЧ £"�&d§�û�šm�ÚFý¿�b€lPÑÔ´æÿn•w^e]üÛÂTûÃR™áÎŒ»{v
+¡Àìñ;ýVt
+}ßIòyø¸×g÷ËJ£\Ð(Ê8Å}
+¿vÚ‡æfý:®«9Aø×U»M�Æfûé¡›re�…Ü#,K¶Ún¥ÅTMÉèqŽ«}êªRÈcùKw‹¨kw?3E[ÆÍ:1!Sî¥aùñ¼R‘¡dX·…X¯Q;§^É2¹rö|ø§Q2(4d.…;Ž�zîíç^h±•EÏå¬çGj~é‰õߧÊ´	7&ש9?Õ^‚ÎÞks¸¤]–Ãì,6WX~’²=7Ltpê†ýª›ÀV,Ðú 7
+ƒ³�ÀËoŽþe’ç®4Jü0¥åse�s”§›°¼Pá@›™Y÷k»BÈùòÖ,°®Û¤oCálx-e-à˜Áë)~6¬×š*ÇRû~&2뚻ŤSÒoJê—Æ«wÿÑu=Ô�üÝõÌ¿ð<ÜÜ¿¾á7¬¯˜5è­I*~o§ñÁh¾Àà`1v7üW˜.¦Í{ÍlÌÀûò¯
¤:÷
endstream
+endobj
+848 0 obj
+1793
+endobj
+849 0 obj<</Type/Page/Parent 689 0 R/Contents 850 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 227 0 R>>endobj
+850 0 obj<</Length 851 0 R/Filter/FlateDecode>>stream
+x
•XÛrÛÈ}×Wôé*$HŠ’ö%å‹”¸Ê²“^ïVéeȱ€,f ZµÉ¿çtàRRI¹L‰¸ôõôé3úã"¦)þÅt5£ù’’ââÝúâv}1�¦¸Î1|ýëÅ,¾Œnhy½Œ¦TÐby�ŸÍ·œVüÖänAqLëŒ
-¯¯h�Š…)­“áûÜ$�´Ó•¦à(u{›;•RØiRU²3O:¥ÌäšÞ¬ô�W[f¡üe2ÁgT˜¤rÞe!J\1Yá—Ül&÷«Ow?Ý®&Ÿoû¶Šn»=7$©ÀДƳe´@lÃ5|7±xú¼¦òyÒ•7Î’Ë$²Á7¯+ºWVmñ3sÑW(cý€”Mi°Ò^éžÀE¤§ž”ÉÕ&×
+ºïR¥'£ÉÉõóÔ¤AÿW�V_]ùòéP¦³~*Åý•h×Wø}†ÿH/kZ}C1Š˜¡žËé,º>ëõMtÑ÷�
+äÐß
+]ÏKJ”¥�´Õá/ý+܆
+·ƒ«‡ÿ…²Ïä]]%Ús+ŒEé¸3‡êâªôˆo?…¾äÆn)7>ø}½{?ðÒ¥Ô%u¡mI
iÏ£»ÆÆ0 ¥‰ö&ìĸWÅFQ
+‹•ÙÔ@â`	¾Ñ÷gÚ:—’þYæ€ß•p‘¤Õ•Bwïß
ì¥�q_';R¾çwS
{ˆ9jJ²<ŽÏ
¤RF.ŠçÈR£¶ÖùÀ&ƒs¹GI¹°µoÆJoê­ž
+L)w[ÔŒÊÊ¡”M5öRæ¦Ðß	
+Ú%m8ã+ô·+ÕÃly%3zì ßÏo
+V8¦Úï
+v@/&ç#º
+=Û¦þÆUáæYPº?!éM‹wñ±�ŒôÂz.£ÂuÅEìÔóÑ7ä1Šª
+sÈá&¡ÊÇ*ãTç:€÷�êÖñÞ�]víoÜOâ	ñu–™Ä€ËÐ} 8×ʇã¥èym"
¬ÁÅû
Ûsc²AQËT잟¼ºµu±®jtÚí¹ˆé²Ò*ºõ“î¹äÍÈÜÈ�ìj$u©�$C„Yi”VÊ„O�dž³ï•¿ë*Òô¾.ªÐsȉíÔ“¶ƒ@=QXPÀ–ÇÎU¸Ä<@&”¹®æá¡•ñîØè°×±<íÐÊ’Ž4
«$Ôl‘ŸR@x.9&ØAø¢™»‘Ԛɕ!Ú¢•[Ë[ÃØZ¿˜ÊÓ:è›'²™7L((Åì ‡\<�GÍûÅn‘aƒ`8쇀›¥ªTAÿ$áŽtrwàn2è¯tø0»œö&·”†R%¹
+@UÎͶäG‘Óü’Õî,¾n4Ü’ÕZóí¨áfñMOÉ:(Uòhzk²¬‘߬ù)ã
+g1WgMy•‘Žjöï`Du0ûþÃ
+È?Sà Ûœ{éx:X'1LxŒ>,ýîêžGYñV£ù"Ò_gîg‹{>†·8øÓnŸ?ÒÁ	gùãCŒÍãï—ÂÆÃÕÛûwo¡»ÜŒ
Žï'gAŽtƒÌ±¯f‚�ÿá躸ZàÀ#O_ÎÙöÃ?.þ
–Fb¯endstream
+endobj
+851 0 obj
+2019
+endobj
+852 0 obj<</Type/Page/Parent 689 0 R/Contents 853 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/Fc 12 0 R>>>>/Annots 244 0 R>>endobj
+853 0 obj<</Length 854 0 R/Filter/FlateDecode>>stream
+x
ÕXMoã6½çWLEÜ"–-ÙñG/E7Û ›ÝíÚÅ¢€/´DÛj$QKRqréoïRòW’nºè¡E€À²¨!gæ½yOþ|R!
#ê
(ÎO.g'�ë>…!Í–üÕ`4¤YBÝ ÛíÒ,nÝ©ME–=Ò£ªh“fR&d¥…±¸C§ï¤Ý(}G·
+‹•¦™R™!Q$t±’…=%RÙµ¤w3šJ}/u@XD‰Â·©¡ïfœ`ëv4úؼõF!úÔ
+m©�¬M‹•ÁÇ+UX­2ú 
+™ášš�y•¾OcÉ«.’ÄEì\ÇuZmd‡d’Ö<:ïÖ÷š”q«ö‚ˆoOe&cëNúåœ8=Š³4¾ãìNßÿr|å¶W.GØÖ©.èAÂ_þ¦0•äúJ‹Dm̮ԺÛ>^Mˆ6kYP©U^Z™ü“ÛÑù®�¼[ª´ð;£S9Ê´L3ôȬU•%$Rc±{]6ÀÒ�°EßNŸÎ~ºýøþýìÛù|úh¬Ì{Ñ|^¸ óù÷Á÷™n[Œ§�â/ÛÝ]?MµHR�–*�b[¿Ÿ0´‘Yvv¼k)4êdæó£Ð(I¯)öïêXH@ÍýH“·oO
-
z~8­ïs¶hï4¥ˆï¤%Jª¼<sìð;móŽEi+-ŸÁ÷
¡‚ܤt"õ>¿|•­ãÊ-
+nõ'pLµ©*Îv,F/4ÊLfÓ€ÿ¸ž
¿kV/
«Ý´‡&ìÿ:±ëd˜ÎžÍÿK:ïõø€ÓRÿ;œ~§6 Aùè:îy¼Àv®3›_Á^p�Øñš§jÙÏ•Ûf˜U¥Ôyj0å1äpžH™m#J·R§ÂJÇZˆš&“ZÐïúF"ÉÓJƒ8÷’tºZ[³Ð3Z¨¦Ÿ®
+pˆéþ„¥P¸F"ëñÇ”Üáñƒ‹Ñ,aâ!�RDsB*X>‰¶unæ7½še6oÍçîÌnNº°�˜ßñ|\K-	CY�–X(Ó˜2£	¤Ý®÷†%iëzbו˜ÒåѾlÜA²˜ƒ¹›3\§5
+uVKšŠ|!ÎÜ^GéµhmmùC§cxe ôÊ•y{ ÷¯蓤µ
+íðþÍq–¯ô=\TÞ®s=h4x"ïe¦Êøów¿ÔBC㊿ߺ:Ÿœ?ŒÁ¡@âà"Ò¨Õ"“y@7K2êá‚îicóË®…·‰?4™�Ûà„!b=0^ãâ^0y
‚¦õ4§±²–n¥ÖìiMšWxÀô¸œ\ÑB¢Æ)Š+ÜQ
Ža«ÿ‹
+$ûAX_ÕHxÚS ":�¥Ý!¢nóf³	Ì]Z–�
Hß
H«‡ŽÉmͪ`móìE
+›àóW%uG¿á¨ïH×�Ñõl£ó#²]Ï>ø¡Ë)¨Œóôö’L)ãZž²¶EK7ˆñ?ÈÓX+£–H	)ÔIw½êpO¿"©Ýˆ=xaú	ByC+x²�æsUÉ,sæG.ã^矕±h4ùÂ^è[?`û«'Uƒ9{ÑQë½Sà™+¨¨òª¶•0-yJ&tpª€ÞàM^½„�W*ÛÙîmÚ©Ëš4nüî¿ÔÕ¢ç^  ðÅî)_›óF¦UY*ýD¾Ø1þísµX?›©ßb«…^†x^DcèÁ˜%d;ï¡¢î¢.8Ê<îÐë€ü\!=gXÝ^ÜdÑ«éìÝL°¿)jãœ�°ghÛbžáP¶è†Ç¼�²¡fZºÍùwÈ­ãæîµ™]¢ŠS‹÷whÃî˜b¡*ëØæâ´¨$1
+‚S–"¯�ïÀÔqå…úshæ…ß W’ƒ¨Â™$Žå¤2“Âà»…ûn“�é[UiÂhGãë
+Œendstream
+endobj
+854 0 obj
+1869
+endobj
+855 0 obj<</Type/Page/Parent 689 0 R/Contents 856 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 249 0 R>>endobj
+856 0 obj<</Length 857 0 R/Filter/FlateDecode>>stream
+x
¥X]sÛº}÷¯Ø>YéH´%[–s_î8ŸõƒßX·™NÝ�„(Ä  ‚VÔ_ß³Ò’Y·“™;™$â€ÅÙ³gøÇÑ”NñgJ‹�]PQ½[�|:§é”–+¾{q¹ eI§Ùéé)-‹Ñ•Ýª]CA׺Îu ¸Vÿh*õ“¶~£CC*hzò¶uQãrÌ�wr“œ�´Q¦$åÊtÛaXx³ü~tJ“éY6Ãb£ªUAñ`Šž6Á—m¡Ia`ˆ¦h­
+´Ò*¶Xk¿|M­3ºr;â_d�Ó)žã\7‘ªV7Í1/79X�ƒAdkã*ª}ÀüÆɧ¢ƒa4fÙ9Çö0›Ÿv�{”ðtrö6»àÇ<µvÑxG[Flø¯¨Qu®hç[�£mxE^]Þ#FOE¾×욨k2H·ÎáÖ
+ù,é^P|2Šèýßï©[X¨¢šÚ	È{î§XëⓘH¾}5➆ÿ#Õ=–
¤Fîjõ¨ª€]²�hy˜£Wc²™øÖ»jLè¹>"ÂèÇ4Téˆ"²wÉÎõ
+¬LõµUøzÃï!ÙA«’þBôÁ»c”–G×±¶¤]áKL_ƒïªB
<Œ:åÀË™+¼‹yT—g¨1ÿÖÂ@žðáÍŸÉmʘLÞiÆ!®}£É™UÜÑñõq�û´ö֔Жc<á›”ÆçbQÐ�q»áÒGm"gB›
+Ï -^¤F¹f�ª•�TRÍkûøÉŒ'�‹à›F Îè›�L#ÄjŠ5™Fˆ+R“ÊúÅ9A<B‡š&µ¾V›�vÐF“AnJÎÞ`7ý¸”tcâbéë4WÀ$êbíL¡lFt£ yíAR¨ö'àì$¤A…æMLΚ:X‰%�ð*ˆÁé‘À™ØLHåœß%@9v.1h˜îyEqë	Œ‘)Xq
/}YEíx�C�m|­yö­±üc=ï¸)â”?rŽP–[Ñ3Dšë‘¾R+>n
€ÀžKµc™j°ÔÉV…TÜ<LŸ×2>Ÿe—ÿGÎ/DÌY]kS­#´¯°m©;á¿èúÂH:’²ľiŽPå•+(¶€˜�$ö‘· !÷I  ¤P
Õ-ˆƒÿg§€îŽe½ô>4)aü¹µ a¼HæiçÛjÍ«8éü
+!êÐ7.4¤V‡À9ê¤à58~²
+«ªgM"§cÍÌ
+MûaD«
+Òõ=Õ Ú@ø±7ÞgßuÔd®4 R·ãÜ—»>A]f2Zbx²/5‹*À„•iÝV�ÍVœpLõ>¢V
+¨èN(5§Q½œž�,'ÝßþÑÓ²A¯’ÍR	fчݯ¯ Ú7¾ƒ¾ØWÂd6ß{ ¿ù-
+ž¿n ñbÿ8tËv¸èqÙL§÷A~×M:ÄwÀâg‹ÂÀïŒn,¢Uëä´¯¬Áé
+u”BäøÀ‚ž¤HËðü'#,²ò&؃ÝX$&	Õ»¯_¾Ý_ß~æ²ÎèÒwd†\—ü™˜ödîú‚Î{H(ª˜Inî¿ðí“O—]Çš^,²)¾@Í¥§Žî¯nÞ]Ñ]ðßùðú¡³d�›¤×'ÅÑOkáùâ¼·ó9O„6öÛÑ
+endobj
+857 0 obj
+2246
+endobj
+858 0 obj<</Type/Page/Parent 689 0 R/Contents 859 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+859 0 obj<</Length 860 0 R/Filter/FlateDecode>>stream
+x
�WMoÛF½ûWÌ¡@]Àb,Ù‘ì¶(`'q  NÜHirðeE.­�I.³»´£ß7³KIf\mŒ$––Ü™yóÞ||;Ó1~Æ4›ÐÉ”òúàryðâê”ÆcZ–8™žÍhYÐqv||LËüpî}§=9]© 
+–ÂZ“7Í]¥G•½³
5:<ZwOµ-tEÊi*ŒÏ;ïñ¼ið¼ñäuŒm2¢…ªWŠ|׶ÖO…­•i~Y~=8¦Ñø$›Àú¡Üë�¶7G;>w¦
øZ5u^;j�-M÷JëèzAŸMSØÇø‘]ºs¶k½<¿wzþåÅõ›�ż2º�;�k“¯éÑT­´„ZZ„B¶|Gz}2ÍNÙáÏkÝÀ-®/)^Å‘«îókx	ðb$&ÐÊYUäÊ@û
Ã6¡ÒˆîA;ÀµÚ¥qxÎ6pÈüvº­6t§ñ:çå«]ExTe
+dÌ“ÁQ«¼Œ‡ q‚ë©ÖùZ5Æ×òrÌŒ*jƒ¯‚S
þ¬•X4�ªªt‘Ñ<RÛZïͪÒt{¸êáÞ
ùе¦¸ý…CÎ�†¹=0Öao%‡ðR­”×|Ucù5T
+XJ ×9ÜØŽrp¬V÷š?¸Ä4Ï�›rÃp—øó`Ô^N#¿ÅW{ª»$w¥èÏšI@iA8r6)¿;kZk*Ð8Yn�–¨s�ÚßÛŠö@@¶¦z©AzM•êš|s�ìä¶)Í]¬Y†½“ÂÉÞq¦Ã‚…³•µ÷x]…˜–m!8ÿ©'œ¡¶ÚÁv
DÈ~ås”ÄQ¯é%š´¼«É“ƒó›=
«¢@ŠR™@yìVÀ)ùiè
+ËJ–‹`½FÝù¸™�ŒÐðŽaìó›W?ÅŠƒ»bqŒ—ØÆE;·ûÖ4Ù¹ÝG2t;úĹù|êJOߣìtpu8¢,èÆ>+ãÏ>¢<HWì‚?:vòïŽ=ÅSï)57JU+—s¯âf$�[¾6e"si;@Ëðr)Z
ñD©/ OžblñYý]ç�+©RIV(²e@b;GBèÄ]žúÜKE*·Þñà~±ƒ£OÊ鎢„V°ü‘(ÎÑ[æMiû~ÜK0rîñIJ¨%Ý9Z[HS
+“
+ô_Œ‚i>Ûû(c—æŠKÈs±öUuc}³<ÀâA“ÉcõéÙŒÇ_F.î)ç4ƼÍ{ÊøüDšÆnS9ÏÎ24•WO‡ùÞàð++�ÇC’¨eºÛ_}F^}¤ñN²�â Ï4�‚#7¯_I8joÆHÝ°o‡Àytáò®#»?]Üô#¹nr·iûù‘eÍó
¤Uˆ<Ÿ±{q•§Õm4ƒÎ°²‡·“éLÚí.8>ÛnWý–´?ñ"&ã7Oó<ÉÔŠ2&×a÷PyŽÂü2:šœa�ÛŸ§0 ¢.aCI[ ƒ)»–ª¼…₼sð)²2=¾¸z™"O�3L°";VÌΙ°‘=TrTc½BíÂôöÌ$ß‘aX�±ßÆ>¾ÎM§ Z¤Üønƒs‹§»1fP
+endobj
+860 0 obj
+1910
+endobj
+861 0 obj<</Type/Page/Parent 689 0 R/Contents 862 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+862 0 obj<</Length 863 0 R/Filter/FlateDecode>>stream
+x
­WÛnÛF}÷WL]•
™–dY—
+EŠH„ѹ!eÈ›®Ý·¦ï¯oî¼éÚQpx£CgÝ‹ ‡�[7®î'ÍË"�^8¹}üóER‡^84D™"Ão¥±$èYJX¥säMÓ‡k*�,(•Ï2Ý‚àbCD½AÐ爮B[²�6Ù•1@Dj4…©6ö­’‘ƒ�Fr!,# ¥Mà€tလŠl!(ãX@“ÏêL¨œ2a¬,8ë=(…^sx1n+k\–….Wl¬d�\ò%	C7oQÑωJœ…AÄT—
+ñÁÝJ£xŒ*†:�Õ²™DÃ)>Ã'Lš$˜·DŒÈ�lÚ&�sˆrT‘§zÉ$0eך"eRhá2Rq,™[ŠKüÐÍü´ÍÁ
<¦• ¥ÖQÿŠ¤à�F:ë’L¢Ë4B3™-‰M„uÐݼõHr	§î‰$OŸŸ»šH{}ÿaJ”‹L:²»âñUvy¶4Ÿ`&D´ØÐg•GÀ•UˆÝp,©¹ \/F¹y"Ò.Ÿú²T&
Üv-Q#…@ßFšîÁÃu@w(®ã•o§Ô`ƒ4�jñ5O"d�Õf*ë5e'zM>ÕŒôœÕñ¶î®ˆ;KÈé£ ®ÿ5¬:œs:®–~u­r ïctA4rJ4x
�·ärÁ†
€7Ê-W1y#p_»ÓhÎTE´kJXÉ¥£
¡øßKi¬áªžBMæÆ"db€F£žÞa&ÂD宫uáa^ó×ã•0?DUPÇóSzʹú™æÞXèÒúh`×Wó¿h<>!@Ìv­Êd5.|54¢ndg�¦²
+s^n:ÓJ`4·D=jŒ4Þ
“½Š³fòdVû™·üð)ømˆa~_É¡M…Z&ö·ù)ŸåÖª™8•$˜Ü²bŸzý£^nÊmM»2bèø Е‘ŒU®ÜäFD àG&>˜'6�(�n‰a°ÈùÚ´Ù�‘®Åf�ªšmg
ªj>߀°õüõÏɃÓë
~|Ç’Lý~:ÆŸz—ƒ`æÒôÈË÷«�vw²Jåý±×ܳ‹^0¨žìËÿùݘº�§«ÄÅxOûr?FA/ ·Õ”÷ŠwŸ[”~¿¡©´N; &�Zdâ'›�…Ž¡!®èçw—õFÑëAÏzcÄÏ¢Èqž
÷8`�¹ØFÙ
+16ÍÕÃ[«•ÈHd*XظR綠Ïc]Ïƺ½«éŠ�–Üóhxž¦¿ªc÷j5è½^có)Ü
+­_´’+…
Ù´©²¡‹Í+`bνszõð;/1ôøñm�f»Ú�yLc?C¤"ßø´ Bp¦eÄ
T¾ÂÁ%ýÚ$B
ÜáÖN/�šÔëÉ�-ëyølKÈv-ÀOtÛï€î¸³íÉ“ý&`_¿Ä¤8h?9º»%�Œ‘ÃvÝŸôh‚ªSÕiôŠ/Ò—eª"ýˆyY‡™lp›á7OÖš¨×Œì¼Å	Ê‚{e~úÆ;îFPŒ·§³Þ¥_ÏÝ
+ɳ	v”9þ«Ñr‹ìî+Ónû��Ïç'Ÿæsúêÿx˜Þûø“ÊeŠ…‘¹¥M¯œ$¡.ìùdâmVöÚNk±	ó3ë¿oÎùœËÏ:¼�Ç@ºƒ“6Ò辨B÷ÚB¹Diñî`ùUŒ÷{¬ûð·˜aˆÝù€—5V=îŸÒÍ6Ö½„øPªLðrPM['’
ç_y‹øŠxò;°ë`2+*p>ªë»Wÿæ"œþzDG•tàKƒAÜ„” ÷®¯Xs¾�t£Ã’§¢Ó+¾wæ�Ÿ
{x‹�Zÿ“¬õ‡}°ÞY¼²¨ØGÿ¼�ðmendstream
+endobj
+863 0 obj
+1800
+endobj
+864 0 obj<</Type/Page/Parent 689 0 R/Contents 865 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+865 0 obj<</Length 866 0 R/Filter/FlateDecode>>stream
+x
¥WïO9ýÎ_1é•Â’„R?@9¤ê
+åŽTí©©*gãM\víÔö6�Ô?þÞØ»ÉfÛJÕY{~¼yófòù O=|÷é|@§#J‹ƒëÉÁ“ƒ^2Óî—]àŸ�öɘ†ãs¼ðK+)ÃÙ�õÉ°z‚—½ø¶ð¶¿`èäöŒú}šdìp4>§É<èÑ$=º7^^ҳɧƒ“Ûauìè}þ”æ4‰rq1¢cZKZŠ/’æʥ拴rN‚VÖÌrYÐz‰7è­Òs³v”æJj�¿BS!”öø!Áö{tÜ?Mð~”­eê•Ñä
ù¥¤÷KSH÷�ÜRÀ®Ì¤_K©)7¥]B4ùîTQ:O÷¯'lÀÊÌXÉnŽ~f’J‡`9Ž7S¹¤•ðËä
°÷h4¼Ø�Ü@òäö¢gú{°áF2À÷6ï‹wôÂèL-J+8±}DÓ`„z!÷‰!W®VÆz¾‹kb]Ú˜’BNˆ9€ÒAò€ˆ¡é l+
+é¥MèQ3�Š8Òf
¤
+O-}rØ<‰†øÎÚØ'G0°–yÞ%¡�‘"¡„Ž¸6€ü'1TÖ뤮7
+y£ÂȾxåG�ÃtD³ØäæjÂ*š¢� Ó˜hK4,s.­£Î£_wR—�n‹�éž¼YuºÔAŒ-×	îÜK¿4fÞ‰ÃjPK�æU%lFû°BéÃ/¤]pYjÎqæRÖr‹¾vèdÔ
‡¡èéåt
+uç§ÓC8A�IʲéäçÞª=@lõ�
+¼0søqfMAR¤K�îjy‘j	¿i¬sævš˜‹`[aö±¡7qæ9m¤c˜Ü’—�=Œ¸…ÓNj§¼Âåç-çÚt8]cQö¿ÝºR±R^䔣¡¹l8\¥%ö3üÃJ[égO]á¶àO�Ζ�&†¼Ù¡nOœ-?ƤFf°N%ïlÕÀ]+‡Ê’J™J’»®§yïe�1e[)îûŽÛäîê>®.R<‹xµÊÃ~
+÷�|Þ†@c8d„õw»†½Žƶ΀[ºTZvi�{†•Ö[“ÓƒÐ2§oøë†Ù<RäXBêo�:Uý¯b†ÌÃãVŒ“ß°ÈÌQ•/°ÈQðÌm 
 ‹£×Æù:7ôõ‘ñÆþÆ–RS`€kŽÖÊ™1>	‹ü1–ýzÓîÇ·ðÎÏ}ËSЋ°Ý‡1r§RkœÉ°‚Ç玾q¾Íý94Ø1¡ÃWf¶KC5½1LØCd<�XuAÇËAØc9Í«
+a7„[èX”ópDßïCb³; £ÆÀ„Wèÿ_D²^z°ë³»“Ûqõ¡ ?$}�Îã`z¼º»¾b|b^ܘ´, ÛÏÇ}DÎøØ5?Š’¾?Îé¥Æj\†ÏEîŠs¸\ÑßCö˜ÆÑχð,ž�ù
lü,é†Xendstream
+endobj
+866 0 obj
+1680
+endobj
+867 0 obj<</Type/Page/Parent 689 0 R/Contents 868 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R>>>>>>endobj
+868 0 obj<</Length 869 0 R/Filter/FlateDecode>>stream
+x
•W]sÛF|ׯ˜âå*’–d}X~¹’eû¢:Yqb:.W�J-�¹&€ev¢øï¯gÒ°“«+éA±;3Ý==ƒ¿ŽNé?§tuF/.)¯�^Ï�ž¿;§ÓSš—øæòåÍ:™�œœÐ<?þÔÚÑgÓvëéúbBœ-M¥=)§	ÿm*«
+]PélMa¥ñ€©•Ûѽ]ÚfFw%ílK+õ¨¿ÿš”6ÿztBÓÓ³3D>ßVF7�JëèÁ>ꪢ¶Ö­ýxÂ4r˦Ϣ)¨âHäsg6�¶Gߧ†$ú?j÷¨ÝlúeJ㄃”öÃtRô!(•ÍUEµÊW¦Ñ4DV´0�ÔR™Æ©/·M®Q�-ÉYU›fI©ä	™©òkªuªâìrvÎ
+�è`Óg p6!û�œ
âl
0¢0Ý)Oª"ßn6ÖO&dÏ&$‰H�ƒ?¡î„ê�µŸA·à$§VÊ£VHÝ·y®½/ÛªÚÑ£ªLÁ…H4e¯+áÝ4è�ZšNÏÑ”éÚAþ�
Ü=K€ƒZhœÔcp
¬üÚË�ضƯ˜
Ÿú8ät©�Fúþ_Du¥ó@ã�öã¿-1uÑõå±Ùs[ÃPÚ
xˆ‚|í×Án&’‚_Ù¶*¸©Õ¢L¬	{Ö%Ž*,ŒCF~ä7:7¥A©�$G‘½�
+«—Ïqe*8@®¦Üá»®‡Fobf£	�>å½×M;šÂŽ`“K§j?’[F𰕵žVÁQ}ôCá8wšIÂÖ¼îO¾’ÃAP�Ø	$ÑeaœH¨v#¡m²J¡¥2@%š­#”
¹h§b jBVÅÔ6²àò!ÆWÓìÙŒzÙ{‹´H§±X�§²u8äúÐâ Ñ…iÞÏîðŒ©Гjkí–‘á®?Å¢„郱Ó+f ƒÔÔ´€ª¸¦4Áp8
Ôš-P£·¦œxãÞاž)°¶0¤ðî`ô1Ìr_ºè9Ì™ÇèçH°›x<@“¥¤�³P?o·×ƒ*Ò˜Á…Qâœ4ÿÕÂÏ`-<kBÐõMƒfÚ§?Í•;]Û �ðó×ÊÃIaEýb
‚³‘w):Í~¹F2MV5!è8_KœO�y0h£]m¼7cˆ³À@¯¬Ì†œY®¸Å¿™þƒÈ{¦“&éÀa[ÿKP¦ö$2f	H÷¤
í(W
°
ß’}烺ζHÚT°†V0ƺ²Û8­:Ÿc‡bIé±F?‰#ƒ¤FÈßõ³,À91öÍNÖ/pŠñ½dCñÂĬ•Æñaj=’€Xó¦i78˜àG[Ùñøì`†ïGaLbÀ8"ísµÑ3b¦X±*ǧñ3>öËœk#_Nc˜0ÓO"'6ÆhV•µkdÿêÛ›Îö7¥ÌúÏÛ/Þÿ|{sÿçû›ÛŸîÞfY7G²ì¶u˜@á7hÒÉ2x/÷Ö=ö¹ëeº§ï$q/‰szfô¤�™
+ȦL{îLHÿ�;�!Ú›�Œ�·Ö;¸jeÖ^‰vZHGLvÚüU–mã
+�eIKYÆ¡x?àe�ïn0õ*ÝÅá[»:8I�ã;ýW‹‘ŠˆÓAy¿¿}BsÇç–(c��·ë“õüÝe¿ê÷˜|¾ùõáîáßñûô*pLÓnˆY%;L­ÕM[:ð×
+
ãt•³ÏŽÃ
+PáwˆÓÿ	ï¼(¯Žk0’÷
+öS³Ù(~u_õ¨ÙDÇ0X+ãÜ&Óß­�¸�x™ç5æ9?àbXóÞh¾¡(;®ãØÀ:¯ò5ÖFÙke1‰y
<‹_¢­ñų5õÓ‹ëÙ%·Ô‹}#\Ê?挢L‚þ}J—%¯\P#ûõcâ)úQv¼/+SÐùhª%›ì™XÏìÍÍœ=DP$ØÉuO³¸Ú–ßË0IXiq¡Q0/FM·íàÏ=¦Ý&„»Å¨›„]Ù*öXó1Q“£u;ûðù¾ßŸ§ì°\+“ÝåN}v Ëè4�0¡eq­ó=ÄÉ—át²*qq]ÛâÍ·ÛUÇ/âççï^v}uz~6;¥Ë«ëÙKfðãÍû×7¬’¯LÒ›·�WP
>ɾ¼ÂãÓ«3I‡f0¿[Û”fÙ:yŒîðÚåÚœ�øWØ°Cມ®_»ÃOüÆÓu›¼NŸ_�#ºÜxqÍaÞÎ�~9ú/ÎeKªendstream
+endobj
+869 0 obj
+1802
+endobj
+870 0 obj<</Type/Page/Parent 689 0 R/Contents 871 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+871 0 obj<</Length 872 0 R/Filter/FlateDecode>>stream
+x
¥X]oÛÆ}÷¯¸¨HŒäÏØEÜ:A
4¾¹µ.‚¢*Œ¹‘»ìîÒŠþý=3KR2�>Ý$šÜ™9sΙ¡ÿ>YÐÿt}FçW”Ö'?/OÞº Å‚–9_ºúpMËŒæÉ|>§ezš:ÝR(4¥Öm‚'›Ë÷ÆÙ¼¬45*´:õZÓ¤²käÊ„2íSW®uF¤ÖöE¯ÞMI™×+´Ñzí’û»%Y÷nùídN³Åyr†ø§ò›Ïw�$!rë†û§DµÚ–fCŠÖ*ݶ
•99ýw[:�%ÄÍPNÒUwéì’fç7ÉŸþ�“ª*Ò•×”«²òS*Mê´Âw¯êµúÁ#Íu»!D•~Á�,­uØimè\
+YÌcAï‘>¹Ö ¡	é@Á©À8»qªUæÛ´ …ãÒ&k놟5:ÔÖ$ú»ŽVÖn‰kVfOÚ9>^7ÖŸt‡�]%]!{ÛR¡^4©4Õ^ÒT†—l_´›2p0:p)ðrVÕ`×A/ÕHÈDZˆ&A|8§�ÜÃúYmòUÁS®Eç³c{ùs#9 â9êK™�»ÄÄÒ™E»B
ÂB�€ËÊ<×NTIÊá6~œ‰É­Q¸›á—„?.OÀdº¼ž£ñ®ñù?x:�Ì¿é˜�{@Ž¯¨�ïÉYr™Ð×Òdvç9ׯÖm}P¡>ÉœS<Èüíó•AWÄ4î°®,c©8QzÕwÑy”ž˜��ùMK”Üun„PeÓ˜Y
+¬5»#ßè´ÌKÀ
+gÛM„ì•P–B’.*åý§Ëƒ=Ú oE\‡zOÿ¬¶iE‹¹j77×4£Ðs(ð,0Á¸;b(z…¢­Y$æjUØZûÕª«Eú?*(+}
+瀮q”�Hˆ`Q^ª€°dØ 4XŽ
Ôª4
?PC4.£SiòÀŽ2;2›?%“¿È«¢„B3š=ž)­,�
†û×{€´ME4eP!"°G…¼-þ_¿U¾+Pc$
+äœùtƒ®ô}§ÜÙZ~ó*Ù¿„å3øöШ¥œ…cXœ]cñ ÐÃ5f„z�ã©5tÉÃöBüÝßöFž¹òEO„sxض­2&û
+�·“Q¡�iYÔàHït=<‹€ãˆqò­5±-ƒ”�Þõ±¹'“C	½ÿôC™Å»½TÁ�A�Pd/
®VÑs†¡�ëöϨ=à
+Ï“NDx Ð««œjœ	ms€˜¢áùQ�|zåíЩ@Qòåþ	ˆ9éqJ‡{9…«ñ°aÀ˜

+Ï}ÚÃÙ/㨠· ºàêÚÁºµðýŽÑ[Š˜ý»›Ë)e-Æ•'l€è‰v!]`º…W!èºþZô6þ­ä.”È3‹ñÄS[7Ö€k?ö}~}9êúhž<ÄqÜ·}hÁ”ióðT[lB
!°¡L/zÓ»¦©ÊnJÜ« &2ûE®X‚€ÍŽ[¢ü¨èɽöÛ`›É”&�:Öfüñ)(è³6m<gá•ÇGÏæ÷ºÊY“bŒµx4æz‰÷+FN!{^ÓhåP/`G0á…àGh°ŒšÖ5ìÚˆ˜¶[C
+š`Wã²±¨q6©Eúi�°2Ã@ÎÌ’9�Q´zw°8ÉA¶h6¬Qô×v˜âbx´z ºîoã¡uðFL–n÷ǘåê!›L±ËÂKµÀû-Px	ň¸�âñÎ@O½ûe2OæʪL¸Ò§6*TÆ'ÚTa
+È>{¸‹G4nó˜K<¼òrÓ:Y·8Ôñ:
oy“÷´ç};’®ó*¼º`¯õÌ<ß>Ç‚9:g()Å„
ª|ÕT³!‘LÓV/:{ãÑñφMåüPäkVn`¤‘b†”±S¡lÄc£†—`«Šö®ÐFK*w5Ìw”�t«ãD#µ�õÊ��àûðÛU¯“ÖTüÆ2ñ-Þ~’°�— ·oÆzi”÷;ë2�›÷ÚO:±1jBò��¿üþÇ—åÿ“ð=`âAÇ
âòÙ…è•ïA€²IT–
Z¬x6O ,÷¸Nˆ+¯ä1Ï€M™pÛÄ%bW²™VL:Nðq9¦
+*^'XIÝ+î}e(­gnÿ
BijƒP8
+endobj
+872 0 obj
+1999
+endobj
+873 0 obj<</Type/Page/Parent 689 0 R/Contents 874 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+874 0 obj<</Length 875 0 R/Filter/FlateDecode>>stream
+x
…W]O#G|çW´�.á$¼ØÆŸHyàŽ\Bt‚}º‡8BãÝY<ÇîÌffãŸê™õ¾p
aïzº»ºº«öŸ£µñÛ¡a—Δ–GfGgŸzÔéÐ,ç�£!Í2j'ív›féÉ_ÅSZP·/êÇñ�ZT+)5e)µwde*Õ³ÌH,Líi2£Êš\Ò]�_âFá$™<¼o®¼Ÿ};jS«sžtèä¡ÞKë
+wñ—顬� P8~2«�´ÉÕ匌=¥ÜXT
+�	oìzôtsßÍåäï„ý:;B%4œãµ7ⵋ?”�ÇÊÇMå¸ç¼2Ú•>NFI7$ôUé̬—7•öYZ>z‡ªé’W3[Jœ­iã—J?’7伩hmjr•LU¾æ�…FÒÂ/Q²ðáb¡ž�êbØ
+“
+¯Œfè¸p÷ó¦D˜BÜ*O°ä ©©‹l*Ï'6à3¤ÈÇRœ.ȉr�×PÔ) 
‰!uiizóa{A8¤Äi»x"®„ŽG�««ÊXCêÔ®+�8•pnelæöÒŒ’Áÿ4¤>LF¯¸2Lhº–a¼kȆ²üJJM_Ç}”À|¡¯Æ>9aì%íز~ÓîNwˆø­î(¶íÎxÐY�kk�Á*È’Ò©±à¸×@RÜ€¸ÀÇEraž0+ñåþ·@·~›ÉéÖã-81}=i¸<|=h×€Vé'~uÌ $CóX»SZ`´–âY2«(“…äô”Oh~r¯R`‘D*9¿Ë
ÚÀ/f
n÷¶Y`z”¿?æàNÎE]x´úäôDsü¼›Ìç_Þ�z¸®’äù-+ÏTO­NàU¦5Œæ
MŽù´@ºVdÌ|ÎüÖ¢”ÉÝÕô˜T¾?*
+ û£Èóy3_Ç	CÔÐmo˽
ÔŠÙp9¥Õ�f^„ÌÛ\ålë4Eâa¸öÑuÄøiZ	ºãÀ EÀH/¬§©k:£+éžxO1E§oãr¼×�_`~»½ÛzŽ)JJ§%%ð}‰Î*¬�ÌŠÕB¤O�Õ°	ÚBn‰¥’b
+P°—…–>‘/ß­¿QCGl*C¶Ö”[S†¢Ó‹ù|¥´ö`àÚ�³çÝOƒú
+)çj‘–ÎØP�?K]‘ñŠ†‚a"š´Ü¡báó…XD&g¦™_UÊ3^ÁP*Ì+žŠë/75P	’¹gÐ(-!Ê€²YÜ
�ƒæ@‚¶r r,ó€Y®,zé1«<÷=5•Š» î˜Úÿ~SÍŽ,
{8dkoêqz“í­à0(�'kM‚§‡ÌH÷@¸ª]ŽŒÎš¶pí¨ñÊÎt»½·Õ>$g‹7æí¿¿âÇÉ8¡«Û›ËëÉÃÇÛÉìþösâ_<]ìû›+S
+äü‘s6ýDSv‘Öt†£V°;fÇsgœSÜÁÛ�nÞ4RÉ_jüW§ßß&ü¦ vºã Æ;6c)U%u¦^°Æ0‘V=*tZÔ[
mZ¬é³Ôô;ͤ­ÐdÒ…ö†äñ±(ƒ+ýH‹:÷B°àhRap!ô~�„QØäßa¥´Ç¥ì}°5�£þ
à“ÛÙ¯t±Û8ìvoØa¶¤ã×XÒ‡,QL³•p‚RZÉü
+9"ñþ<€Œ°:g	s)e3&a<öL
+Ö	»îÝnÑn·Ã"è1äíUﶉ�K—²~ÁŽsسO£�}
P|T;™^Þ|¸d+ü��ê•Ik~6Æ—¿Õê„›[Ã.žç²“è¡yÀsõXC]ø1ãZ¡:å÷PÞ©ô
*HÓ½%£ìBÁáS{ÃØNtøLÊŸGÿsÃ�endstream
+endobj
+875 0 obj
+1723
+endobj
+876 0 obj<</Type/Page/Parent 689 0 R/Contents 877 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R>>>>>>endobj
+877 0 obj<</Length 878 0 R/Filter/FlateDecode>>stream
+x
�W]OÛH}çWÜ—ª©,PV¢@WhE`‰ª”—±=N¦ØwfœÔûë÷Ü;¸&ZU•hÏǽçžsîõ�ƒc:¿c:ŸÑÉ%ÅÁ—è`úõ”Ž�)Êðäì✢”Ž&GGG%#·%¹µ$zQeª·–æ-®î'Ÿ¢ïGt8;›œbèÿTš�4”`c,I•Ö‰<—)	KRá(C‚ª\¨’2•KeJ•Q¥#6.G/OÿõôðüH[m^±ß)]’6í�Ç'“ßÖ/?á	.º³£J§U	'-‚ ]ð•×ºtFç´Ý<Ü_ÝÍ©�E,͘�*„iºuIX—#Úw÷~Ék]½_¹ü4¡PYQ oKÎÔ’2÷°˜ÎèE˜Š>Å1ݨ•,ô(ÜÚçèaЫ
+•‹a²•Ñi�8;& I:£íZ%k�r/Õ=™Š\—+Úù^	‡å‹4¢l¨’ºBM‡Å_i
+ÛÕ€dµUåjLVS.ÝGN°!§)É¥0ž$B™áÉ·àBÓ»™lc�,P€_kÛÕ\ûZ¹R–/H…±°2`»û™„‚‚S(¨B�¹ê‚¤Ò&F�„ÈÈ(§D®þ
lR%*S„Ï\#F•	¥œµï%ɵڈ0ÞÏ¥úI7Bº´ˆÒ“ÌÔ¥GĆÁí=IÈr£Œ.5HCä@so.€!‰ªÊU´:s[a$J/ñÈgÐäàÖ´)E�yÞP®E*bÔ3W±;”8Và*+	éÕ•.'t1ŠÄ�=Rÿ�16TíàfÉ•vkP$€>…o…h¨”p
+Ô<øyŽõ{
úëÅîn‡hw qXÌ}o4p—î÷Ïcé¾ã5í�DZqøjô.Q´¯K;Ïk{Ž/&K§k§~ éÝ	)`l›�§D,%{‚a‹.؉�ˆ[–Ïpúõ¢¶ŽÏÎ'Çtöù„_íÀ‹/Wx'Óß±oZIÍú1˜=‹ÏgxIMGŸ'“Ù„ßíüÑaZ¾Ã‹'wG(Á^âÅË9þ`ÎOÓ
+>>#V¾Â�)|êéùéäïÀ8ñlÆ?ÜFÿüQn$£endstream
+endobj
+878 0 obj
+1722
+endobj
+879 0 obj<</Type/Page/Parent 689 0 R/Contents 880 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R>>>>>>endobj
+880 0 obj<</Length 881 0 R/Filter/FlateDecode>>stream
+x
mR»nÛ0Ýõgt³’,Hj7; C›¤Q·,7e1¥H…¤äïsi…
÷ò<õšÈù+ДØÔ�S¶ë²o7ŠÝÀ“ºmÐõÈEžçèäjk&"Ô›òèÝDÚâ]ƒ‘Þî~]ãÞë‰xxµ/��Þ£<žV÷W—O·: WA{z6
+q$†$9ž#^t/YŽu±%+XñyÍ(b~gv$ÿæÿòìŽ<'„²UBèF
+endobj
+881 0 obj
+383
+endobj
+882 0 obj<</Type/Page/Parent 689 0 R/Contents 883 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 252 0 R>>endobj
+883 0 obj<</Length 884 0 R/Filter/FlateDecode>>stream
+x
�W]oÓJ}ϯ‰—"%nœ¦I@B¨)ôÂÐK"õJ…‡�½IöÖöºÞ5Áÿž3»¶ã¸å^Z©ª½3sæÌ™ñã ¤1~CšOèbFQ:X®ï׃q°XÐñO±Ã¶½šSš.æø>THÚò	,âšö¶Ÿß¼¢É˜Ö[Ü>›/h»u¼‰Î®÷"·² pÐ} «é*²$	ZŠè¡Ìé�N…Ê^®ÿŒi4™âøÙµÎl¡“U†�·e!“ŠV"ÝjãÎQö!ÄYöat¾FÀnYÈÇRe%}•"VÙŽ­�ßL)ë#“9XÊ­Fœ•.)‚*+%âv'Ø»W†"Ñ�òD
+#)’IJ°î¬ÀC¤SÜeÅ&‘tPvÏnÕ®,`�ÛwÐ7X†è׿á”}¿\„ÁŒRšL/�¼JhåàÇã‹]�=.·ï®×Xš¨P{�%9dÛ|9CHÚ™;4¡ч/wë/§»\~yWpô”.ç!¼ñ”˜€
#ºØ_^œæ)˜.Ó»B—YÌ×=üCpE�Òc’‹·ô±^JE´WY�3oflA(‘™˜’è�ÎàÔc)�5´-tJ]<+¬Ò™qTraÒ(¼ð¹SY¬†>¯kÃ
Ýíe&à>A¥ñ×òQ¶C�íwÇ›‡È<’||Á¹Îd'øTϤ§{'@ø#q†ö
+ï%n+Ü•l?©t;ralÄí
+Ù*÷YfVꢀŀh½—ÿk±�y¢¤ñÄ@Î’Þ"H06u`
[]ÚÖÔ�°Bò§HAz÷6OD„˜á©fWMÏn^è­Â~¸g,ê*ö@¹­´-“„\p°Ìøñ뀮ðÖ•Y×™ö‚†ÒHo§X ÀP„îâžu£G‘€„Ä´ºúähÌò2ƒ¨¡Ð
ç:µM`�ažæÆÉÌM¹ s`ÃœóÛ^Ó´E¥¢¨žì9óí…öí¥K¤…�fÊJs"�Núv¶ä
瓸´Y� “à^¤Â°ªF:¯Øo~Õ‰²ewCåz�öÐP–í
+Ù œF>¢/÷“šæ>àcNvG:ƒê÷ƒ"ªOµƒ¨Hy™¨E�)^q°=YpÅVÂ?È{$Ð<‘çˆÕ¼vœ�ËPâ‡P	ëL@ï¼t3
+½x­B‰f
¬ápfX®�aÚt¤¥
îuw2–tDoHà/�={(t©~x_››œÚÕÎ÷ɾRj’f ƒ4�òù†¡·[)بпòÝ
+ÝÃ5c4<e¢ê’ÙVÿ®¡™5CÔc””MCE}µÌ«uu2F[cÈÿ¹e&U+rû7e
+ýa‡k‹€lbAp»¼Â~÷ªUùfl
+*àãzŽœl�µB‹šˆÑÀëy¢ÑO©ŽèØ—\š\I÷–™ÂHÖ:æz~íÄæY'üÝn�8ô"Üx=ÆpÂbUHçlÜ€Ò³wZlã€íÐR‹&rÇ}\a6sùǺž„²Ê¿Ã×ZF-ŒoÇ^
ÒÆ�E=›ŸTTh£·¶I�âI‰9çÇ)÷
¿»ŠW«Aí`-C5Ö†§¾†Ü´ýPw~³8~²\øÏ€?ÿÄêÌ<HýÉgÕt>…ÖáK.>›M9f|´ü=ø -Òendstream
+endobj
+884 0 obj
+1597
+endobj
+885 0 obj<</Type/Page/Parent 689 0 R/Contents 886 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 255 0 R>>endobj
+886 0 obj<</Length 887 0 R/Filter/FlateDecode>>stream
+x
¥WÛnÛ8}ÏW°ë±bÉ×ô¥È­[?4éÖŠòBI”­F]‘²ë¿ß3$«JÓ.°(Ò8&5—3gÎŒ¾�…4¿�æ�g””g×볋÷
+CZg8™-æ´NiŒF#Z'ƒO·7Á›õ׳»õ¾£Ù|D4YÌñ9ÂO-)s&.)œx“(ÀÇŽ‘pŒƒ0 ê@©’š}Qõ“6Â䪢,¯RÊ�ÆY)òŠU™Z…¬ß±ënxÈÃ\ÑýšxÊlek`uõñú
+_CQÁ° B%¢ FËšŒ¢X’hð@eòD™ÒVhþÞFr2ÄÞG4ÇÈ^OqQ¦j²^Z—“Ùæšâ#þÈ«
<ÞKs½|XQ%JIßYíSl}S«f笑?„íôÜ	­›`Ù<¤H¶¤2›e‰Ïy…“ÜÐF"½X$O”Õª´Çì+çSÎû¤$
+è8É…cßh=ª$BO_k¾-÷ÀA8f;²#ôd+ª�$NµÍé6ñ§': U•$tŸwekýÌøæú uaö�ü
+Í=¯cÆ4fĬÏ]âF7øq©–Bs9µ;öÊâ)s°WhîG‘€ÿ>…sÇɲ1�(Šã-niÏ÷Z<ZŒ€	#Ñ-ád2úm	'£ÙËNºAg­D«1t�ÎD«ß:a»ù­°}ÉÑT¨¨f]Œ‚èí篠•{ɺ, »»‚¥‹¯�ƒF%
+äÞ
+Üà~=Jÿ RÖ0y¹+d‰�©5ÖÃØÅ»–¢dêq�¹\°ÜT)B1h
+i¬Ò­%WPÀÙ:ø
÷¢·`‰Æ¡p=`Y®·î¡N²¶ÐÛhfçÇ€±\²ÂÙÇàzÆS”t�æ80X6øwDÿH–+ØŽ�Z
+�ØÁ!»£Ø‹¼q^@ÐZ¿­Î/�ÌrÿñM_OÏ\š•P
‡[ËhÖT´•F¸¨8šâ³ÏésšJß´=P<‡ÙcªU—�Ñâ\ûõÐ�¦³¾ LÛ�}Tm.@ï5MY± `T¢’ÕÆS
+ÉxÁxËQcqx®#žå…$>¸x�ÕÂ.ƒ]�ï1Y/>^Ý|XÞ߫孻Ѯʭ(g<ª8y'µ^�±m""”
¨d9¨H`c
ŸóìËuC½�æ¨<[ÌXP§²ÁƒN(‘†oü”ÄúÃœ±Æ‘ÂIùiÐÕÇV@z.�ä9‘vÓ¢“lÇT-g²·ó™yåÇžˆî•‘£Ì¯1T 
ÝßÝ 
+Áw°©
+¯_x·¢�ÿûü×Y8�‚9Myâ•�/ƒ±û£ ¿WAj§óÞÛÏ»×vÚžI*¹TŽñÖÅÉO½¡‹÷¿ Àéºýd¯ŸJF`kÂ:ÉÓ´´š"±ºaß°:ËêÙT	SPØiêñZxÊ…ã0i6‹e]O|ªÕW¼ `1JðŽƒ5Žg�†álŽëÃy„×ÏtðÿÞ'sÞ³­¡ÙÔ—àï³
Œ“ùendstream
+endobj
+887 0 obj
+1660
+endobj
+888 0 obj<</Type/Page/Parent 689 0 R/Contents 889 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 258 0 R>>endobj
+889 0 obj<</Length 890 0 R/Filter/FlateDecode>>stream
+x
•W]oÛ6}ϯ¸Àê‘9‰�>CÒ4[€®íj}Xö@Ë´ÅV"]’Šëýú�KR²¢&æ
+çv+zEáycM³…É™l"˜m¥
+áŸ1y°XÍN®ŒZª…nDUí‰v¥Ôò
Ñ¥ÐéH WµXÉc2¶‹î;é	Ž tAïïæØã<ŽáwËÇÙ_ÖÞAh|ÂUDÜ�œ˜öÊþ1Bšà
+ܼ6v`וÂ*½�o8¨46ÔÂ+£ÇÄOn‹µlLN§\óûÉt–V[ òb6{1±@Nç¢^
 
-.(DëèàYóÑ'8¦3Ö•8šœ&Жi´À_L…Ÿ?Cÿê„6¾|ßí«çœNä?Lß“`õŽQ×t�ÞžÓx6¿c�©Z¦�©Ÿ¨6ówmÞ,–¶7j
3¯Ž?Náq‡ÔÜ!æu„a9ÒìZ}Ç–¿äžÖϳèíè)¡VªyólZ«
-åGòÐ17á6A�Ai0Uû‰÷„ðRö‹¥õõj„ã sóÉA¼lò:k/Æˉ3¦¬Ó‚jॼ^~¹Xn·Náᣥê_˜xqÍÔ~�s Š…¶°´«;íÕÊ�¨wÑo�ÏkÐ$}Ê‘9‘øЋsÂbNûl¿
-¸‹„um=¹Z„bܱƋSšLÁõÙ”õÆ‘’nkó
-endobj
-1313 0 obj<</Type/Page/Parent 1068 0 R/Contents 1314 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 814 0 R>>endobj
-1314 0 obj<</Filter/FlateDecode/Length 1443      >>stream
-x
­V]oÛ6}ϯ¸ÈKS –#ù#O뺥-´[ã6К¢,Ö’¨‘”5ÿû�KJŽëÛ†À±d’÷ãœsïåŸg)]â/¥«ŒfK’õÙer‰_ÿ>½=Ë®³dF‹e–Ì©¦yv�\
o=ð~Z,²dIóë+<gøXEEX˜/çIvº°œ%7p–%×0—¥)vÄ·ÑÜl1ƒ‘s³ô>²EŠÿÅÇâûyu6½»¡ì’VòY^]Ó*iàyñîããê#½–R9G¢^r¦³R‘4¹¢�ôæËÃËÕ·`%½ŠV&3Ž~•_¼o¼5y'½6MÜ4§46eWˆ›¢Yí(W;U™Vå¤
á±!Õì´5M­ŸÐ/Ãë¨sŠ]Ó׋7¦‘�µØ@_”up¥›
=ì�Wõ×—ä
{¾¤I:‹A�ËRÉ­nÎqVTÎж1=::—¦®µ?Ç©FõÇ™&1ùŽvÂjÓ¹à{mEcŽ$¢]+
'Ä\NœŠÆ4ûz<Ø9Ñ—
-™:o#@€ºŠùûˆÈR´^Ùd0îæŒØŠ×r#;F…ð,¨6¹.4»Ž�)~´_˜®ÉIx*½oo§SÇ„&ÆnâÓTî\RúºŠTÝÐ1ŸÁ1>ˆÁ:�ûŸ¡v…k!Kݨ§Ýd»†Cn»u¥eµ`Óë*2jUkœöÆî©0vX�!Ÿcõ!EAX>b¸r+6ʽ¼²êr;ûŠ¬Û7âÊé›ö€vÝmB˜¨<��ï
†üz±wŒa¤td‹ówÊÂ'™ñhwBsiœlqQ¥ÀŒ‹j2K#otCÕôjýpÌ漣ŠÎÈ›ÏïQ…Tˆ¾´WôøøHkkzÇé°$ª
-¯¼�¡;²$Mã!Îî$xÝäz§óNTT@†ŽË�5zDj6+c¶,¦¸e§¹ò®s¼1Vöm”§æGU�uyÈškR¸mdŸ ë‚*˜eÖÊ÷
-]A4ûÀÕ vØ?
u´>ÖÌgôŽôó§{ºý±
-¦ê×—	}0
-geöìq?ák�ÑqcõÔHÍLØ}@}‚+nsùEš;Åëá2ô©‹�s¨_^žÞ-Ž.iÕƒ-Orºmãø»ÅûO‡ùËmÓ”-z½¥2½¯À1Åǽt¡»Çö<µÂ¹ÞXp·oUqz—1\ÀtŒj4xqH
-·g¾®^dOy-ÕòÎJw�ïã`XÇÄf1‚éÝõö$[Ðd1�7Üÿ~‹ž/¯“å"èJ—ìñ×ÕÙïgì
ðHendstream
-endobj
-1315 0 obj<</Type/Page/Parent 1068 0 R/Contents 1316 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1316 0 obj<</Filter/FlateDecode/Length 591       >>stream
-x
u”Mo›@†ïüŠW=90`;>ÕiåR%UPs‰­—Á&‚]gw±•ßÙ·ùP…@†�¯÷™¿FR¾2,rÌ
-È.J“糌Ÿóå‚Ÿ9߆PG—e4½™#ËPÖÞ¶X.PV`û4E)'å®±86miH8‚@Õ’N›7HѶTÁŠn# µr¢Q�ÚÂí-[7žYÝIlRž&MBI°¹½^_�•/QŠ8›%9'ž8±ÝrHy°Ø¡äîé,A(BöÆ�r-§ÕüË,œ‘f¬§¢µzß±œ!J|è˜cçE2÷±ü~ƒ’…æ"
|,CaCÐ_?'ß¼¡·'>Èô&	Mb3|8!›@¨ŠS׃r

-endobj
-1317 0 obj<</Type/Page/Parent 1068 0 R/Contents 1318 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>/Annots 817 0 R>>endobj
-1318 0 obj<</Filter/FlateDecode/Length 1601      >>stream
-x
uW]oÛ6}ϯ¸0,ù+vÜŶ¢kW`[k`(ÐZº’ØP¢FRqüïw.)9®’!±,[äý8÷Üsé/4Çß‚î–´ÚPÞ\̳9ÝÎï²[ºÝÞá~‰—c*å
–ž.Ÿ?^,+<\-ÖÙ†Z¬ï²ÕðÉЗhh¹ÙdË熶[/®«ôz‹ÝÉåj�ÛèóÝnê«g^ÓrN»�o+bXø&¿úÌ�uA·½ë+ÿj÷ýBV/îÒê›Õ-ÂÙWŸÚàlÑçAÛ6-º¥ÅbX´¼C>X´«™¸QÚ�*
-ÇÞSiíû
-±‰OÚ“WÍ^ý¯™u•›ÓÍrü`â/ÃÊ3u�ÌÝàba@øûKm˜öËLGÛ“ï÷�¤Îüdô›ñöšºdÌ3“.	‹jå)¯U[q
áÀ“�&æé8îñׄ¥¦F±2m�$¦§„䛆Ţö
©@ÞJ¸ˆ9{9/…¸¨°b¼éóZÞ%‡\µòî<›R²­ÙtœÊï±øÐŽ^3ú"à	Š@¹
xI"G$_p¡s¸üŽùTÎöÙ’:¶€ƒµ¥kú60;±«qE¼×äïµ1žT[—@7øŒþa
-�êÈmn›.ëœ
6·Æg¾ÙSË?À‘�H	CŒŽûa@€ò$ìÈm2ú4dÚûŽóˆmˆ´ 8Ún¤ð1ƘßP¤-uÕ;%�yZˆ[)6€çAJmÉ‚R3;	@JÌ’âŽ!ÇÀ#Ô\áõíJppp	ú|{Eë9ôÍÊ
-@ËÎHhŸÚG!ú¯QÌ)ö_Ѳ4¶‡ÑÒû–Œµ÷°gûªŽ�Ûð#ªÊå5؉v=ÔZú	�‘nÁ„ äËsèxzÅ>š¤žÒ>ðž:U1Ø‘¡{3›�*ÝÍdãT£d}ä–�2¤Û2;ûð‚4¾K‚•Ä*Êí¹`¡½.04*§WŽÄÎY‡füSðÐI(
-uŠñI¤…<­ˆ¸ïÁ$¢Z4´Rz!nàG•YÒô)ôŠ'VpI¢Ü½„,Ò:I?£pž’G‚½�ôˆÁˆË‹zÏ­U&ðBòbQVÊSí1•
-	a Ä<™÷‰•`�S*Œô�'š
-å�ŒBc`“ôÅõçDÄ¢Ö ±ã|Œuƒ”½Éè=ÃZq×(_*šˆyJ݆	L«H·Åœ|mØö‚ëѨ'¾èœF1ëi#Ép%z'UÁ˜�æ�‰jE¤�«M£§Ðþž|§òg£z'J™*[<FvK`³ëáàsu–ÍÛôh,ÛÕ©OÓ÷8/ƳÒæD&
7YžÑ×s,uê¨ÔgHJÓgÇ–

iÆï=ÚÔ¶2¨¡�xbÞ3w0‚ŽÞÃJÒ
Æ’q]FHLŠ‡,x~3†þZNy‹ìvµÄ1m�mñŽƒÚ)zK‹ù©ãÃxN{K³Þ»™±¹2ƒŽ½Çç*û©™lÛúöŒÐ
ŸTöfŒ
Gð›ð—rŒUäšHMc2C^Œêäa@.íyªé!ÎÂËáé¥è•´E«p^
-ë>#aê–IP‰T¨¶Hn¸Ê{HÎ!?â`…!ô-ŠJ¡Ëê…�žóÞé€@�>pƒ¡‹.Œ A»ˆC.9Rpây
-endobj
-1319 0 obj<</Type/Page/Parent 1068 0 R/Contents 1320 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1320 0 obj<</Filter/FlateDecode/Length 1648      >>stream
-x
•WKo7¾ûWLu©IJä‡ìèÁAlÀ@㺎Z €/Ü]TI®eýû~3ܵÙ>A€„Krf¾ÇõïÁŒ¦ø3£‹:�SÙL'SšÏ¦“:»¼À¿Oð7hªåÃÉùÅäò½³óùû'æïø²88¾9£ÙŒ5‚Ï//hQO§´(Ç‹¥¦ÃÅOìAb²gÛbRzWçåá蘴Ka›χ½d}CV?iK¿ïï7‘âÖy·m}icÒ’¢½{M¥‹®ùàž´T‰–*R¡µ£.ꊌ#o+8䔎f§ÀcQ�ŸtˆÆ»H¾¦ïª-)‡Í|Ò¸È&eŽ×>P¡ÊÕF…*RéÛµJ¦0Ö¤-
-h‘²wCr7¨¬õ1½Úí×:ÈÞ(a[µ%ç9�<W§Äw.M³Ô
•)G§ºÓ* …A0Âr¡) Æç©=쇋�élú	§X½V¡‡\Ñ?×?ȪÐhzò¶k5ÃͪTRRËñÍgšA¢¬Õ£Ó³ù­K:8eI‡àCÌØÂľ“‹Éœ©¹­¥ÄF#=ÝÞ-®î®þ ë‡‡?FÔê"C<À?H\a˜LÂG݈Բr`„¢;§Ÿ×ºL(�)Rv¯ìÍ¡Ð9't›˜èuð…*?àÛ´P¼@µê,ß
-
-ÔÁãD[TüÉ1¢Í—*À£*Å%Î
-0ò–�^w–ÑÙ±J+¿Áÿ�?çf¥NZ[öÔ^DXÍv¸=ÝŒ,ÔèCL3`ònŒKßYæ%ú¾Zú
%Ïg‚¯ºêßþD¦¦µ�Ñ �	ÝKÔªïBìsïD]½•Í(!kQˆúú�
-¶ißA›ªÈrã‚ò®×fîw©ªbÊ�Aðë`Të*-‘�ϧÙG‚(ã+¹Gõ8êVÌÍ òîW°oBi¬§-�ªâyÄâÓnžT,:†”ÇRƒ¾Èåñ\ÐrÜ‘@<â\¨™�žÐE©ÒÔ2|d�ª/Ë.€Ld–ŹVt3ˆµ…�öÓ´rlå œuËmÆ*×tÜÚÏ1þKe"¾�qß¡Ïkú8/zCÓ&ñœzÓÝ­)‚jÃ59�„à28»�˜%f+7=JÇcÌ�ÖƇ!ÒϪäQ÷6!°�wÆ«Én½_‰’Ð�¤ïœ¤ôxý„Ê‘ SÎ8í ’„Ñ:9ÓcÍ-'½k{¬ôƒ/AywB]%ÐÕ4\£æ
s_¢¿Õx?°þæIž:qŠèÑŒ;gžud2ô’);Ìü�{§Kd�ëži…‘¨m¼è
-¢Ot®®]#ü®ƒ
-
s+—9Py¤ ­øñPì-FÞp ("m–V?nõRhO³<ß�ǽè=8ðã6zé
-÷·_G½,ø^žæXz™R0Zêbv®ørTŠñd…ÂñÒböi”
-Àì…å„ 
+—5k
-Fó{qxæû�‡Ì=ߣ?ÖÃ
-�çÛ€ïN—2a`ýx‹àº6Ï¿½.j”Ž·6ú$‡éG#ƒ”3zñ³¢®é¨ËËCós�Ç»²÷ѯk¦]ŽÇnÍÓý"}"pÂÆ M~­<Û7¡o<0afV!OdHN5x
	¨ÃUžü¶ïûßôª=D¼ç0 ™y¹ÀFâþ]�AQý�¡9æy||sÙÿ”™áÇÓôò”æ§Óüèü~õíËÝÿc–¾úÏÕþ!ÇÑ�†GÓÏòø|ûH=›_Næç'xÊâq:›}æs׋ƒ¿þAÐ…eendstream
-endobj
-1321 0 obj<</Type/Page/Parent 1068 0 R/Contents 1322 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1322 0 obj<</Filter/FlateDecode/Length 1453      >>stream
-x
•WßoÛ6~Ï_që‹ÀVl9Nœ¼ÛúcźtC=òBK´ÅD5’Šãÿ~ß‘b,Y·¡¨[K<ÞÝwßwwþëlN3ü™ÓuJ‹+ʪ³Y²ZÑñÃìð<™Ñb~�Ìér¶Lnh¾H®ÉHÚâðæ/8Œ/ts�,èru�ÿ¦øëOþ¸>»xCéŒÖ[8¼º^Ñ:÷¦x’�?Ý6T‰¦QõŽ~þüuýù|ý
-osÊDYÊ<¤±ìÒ“­6Þ@æÊ�¦8N:éUrɉrp[e¬#UU8/œ˜Â"DÐÚžûèðNÐoošp<®ŽCÆ�ëJ(Ì+|úh‘�Þ†' F„?¢€’L×Ý�XŸ1û«5`×µÇ_a@•†öÂr¼9ǽSO!ðRY‡Gxn,•puµ+œ%N³�Êt¨Dÿ{m­\L›ÐGç/·º’À`§2²®ÝnCêVU

-Ép´iå*¯GŽ,œIz’/eYÒVBÙšR>“•®mì°Ÿ$„äsS2t2Upͱp w닯é/ί>?äâÙŠ\’Ø‹CB_	Öˆ¾,™ÀÁŠíÅ I¦r¸$èL
-Ãxô—Xá´±£p*áó¨…¸F
-ž7þ®à 1êI•r‡¬
­Ø¨R9V	]ø§9s”ov
-h
U¼~T@XÔ>“ÖBaw©™ÀZߟ0m]3:¡þ3*‘*0k˜ÒÈS(诒Õ0i&ÀðÜiê®h‡™�T]H£ÜèÆH"b
òm!¶Ñƒ–ÇBar�ÁF¢Œ€ÄéE5Èö´</Õ	·Ð�|™ëji¡'êä�WÛ!g=ÝDdY‡ ãô 
¥£ Ð&”·†A÷¥Gµ2PïÍÛÐ+^%Q‡ó #t_Œ<>þ¹±N=I'ôÎË2@mu•|=Œ�ç@ÙÓ2Æfò-FО…Yêݮǻ~P�ŸØ˜ÿÔ-	Œ5îw{]ç 
 ãž
-ñºDìÝBÕ0¢– Ô×sä2ü{Ì*áF–'@	:`|Á1¶§1°À>0®­Õs:ÔÖÚÖ› o±“‹÷±«�/¤Ë.^
-÷M]·G¹ô8ëÃ;¡Ÿ¾OÂ(ÝvUÇríwA.ºÿ�€5Cl0£â:¢:iü+ÛŸ‚`W½µv¶Jæ¯Ë'¿^~„\^­’«eÚõ¼tÆW¼[Ÿý~ö7£"2cendstream
-endobj
-1323 0 obj<</Type/Page/Parent 1068 0 R/Contents 1324 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 11 0 R/F9 12 0 R>>/XObject<<>>>>>>endobj
-1324 0 obj<</Filter/FlateDecode/Length 1433      >>stream
-x
…VaoÛ6ýž_qÀÄ
dÅ’ÇÙ>mI³hq° óPÐes‘H•¤âúßï%'©šv	âXâñîÝÝ»G~>Jh„ß„ÎSO)«ŽFñˆ¦éY<£ÉìßSüYIEX˜$³xúÚÂx4~mÇlF£øða7x€CöØú¾˜Æ“ÖùïKö(O°>½¾ tD˧ç3Zæao²ÁÂX/ÖªT~²ü÷èôzBIÒšÓYœÂxp+ªµ �±ŽŒ&|U¹$+ôF’)¨.…/Œ­­O~+Ii/m!2I¢,Ûg›ÚšGÞ®iãa°{Ç¡G4LÆmÀÌTµðj]ʘ–[Xf[QÃ%eF{¡´{Š9tµÌT¡2ÄdØÅ×HØÓ:§Æñ7Ç©Äm¦”œw™Ž'( 2}»¸»ÿ¶çèUX<v¤ªº”•Œ	黦>¼²{ÚXÓÔ0sI!E=tñ…Íi5
-hAxÃ|.D;„¨Q¯3(™m0­LJ®"ô 
úi¨vÊo̯Ê	‰1;™·zÔO ¨ ç&kxjaŸôíð5W T«Ñè$9ùDüµæ	«…s»|5˜€[�Õôḽ¼¡;­¾´/5´�®’!_M¦Ìé)³XAB»˜¯Äž´Zæ·Ûªš…Z{Z^.Nç òÙ°y,Z}†%Kt¯‚™
O2ð$¦¿P>ÖÅÐ&Þ=…zn0Û7µ§\xAïŠgÕxVÏYr×Ù]ð@£àw7WãÙ]­žó¼²ŠS¦Ûw·1Í‘’#ñnp‰
-kªPh¤¯c—™#Q®½±ápzqBÀIÔ*"5&G$Ý:<•ÞÆÔ±«óïK=/†Q²ãÌù@Ù(�¡ã?oÚç áŒF‰•Fg˜û\
4ñ›&A:º¶¼&¿hОv,
¥,<“�IÂm¸.¡Žk+pØ°_g*
IŸü×XÛ.w<Yï)—…hJ4Y
*»®Df
}¸ùôf~u˜‘Îuý¥[i‰·�Ø„;A�qÀØ°ÏN(Ø�
-ˆÀµ´GV¯ÃaŽeÅdch…aÙà+
Î[*HŠ®µÐ5Iô‚ ò�J…Aìå	×–ž{�Z‡C»*$ŒicÙ[‡
DÞ�ñ©N­jàún^ƒŽUq¸=ßÈ¿ì.øÚ’Ä“q
-©Æÿ!ÖÔýÄ›úLô©ósÀ�$›^o<RÝûÃöÊ<ÊÏxøirå£ÞæFˆ
-endobj
-1325 0 obj<</Type/Page/Parent 1068 0 R/Contents 1326 0 R/MediaBox[0 0 595 792]/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 11 0 R>>/XObject<<>>>>>>endobj
-1326 0 obj<</Filter/FlateDecode/Length 651       >>stream
-x
ÅUMOÛ@½çWŒFŠ¯¿S© !JE­„„6ö&1¬½awÝŠÏì:NŠS‹c)¶wfÞ¼7Îë„B€_
-YQ
-E=	HžÃáG­ñ!€4¡dqžá}œ
-ŠÃ
-}ñ)›ï-4
-Ir0EAFò]�Hv°„IŒŽÜÁr±°ˆÈgÿƒÙÏ®˜Ãb”ÄQ)RHÒ¥s`Qx°û<×[wWp¥¤:]<Oð)jAo�ž|œôa…PÂÞ—Áˆƒ2ÚZήc ÔRñ;.~˜9Nˆ¾m
˜M¥¡jðŠµ©‡.«ë‚<Í
o«’À<Çk Ó’£\„îi’µ�K$ú´Ã�í�ÇTÖò7E¬iœÍF•¢“+Å”ÁŒ�ÕcÌJ: Ñ³í‘âGOoOglÌÑ(æº6�� -‹B[Tz2âðÛÎV†+(g¦jÖ®ól‰…vý×ð&[{Ö
-endobj
-1327 0 obj<</Count 24/First 1328 0 R/Last 1549 0 R>>endobj
-1328 0 obj<</Parent 1327 0 R/Title(Table of Contents)/Dest[1071 0 R/XYZ 0 756 0]/Next 1329 0 R>>endobj
-1329 0 obj<</Parent 1327 0 R/Count -1/First 1330 0 R/Last 1330 0 R/Title(SAMBA Project Documentation)/Dest[1083 0 R/XYZ 0 786 0]/Prev 1328 0 R/Next 1331 0 R>>endobj
-1330 0 obj<</Parent 1329 0 R/Title(SAMBA Team)/Dest[1083 0 R/XYZ 0 762 0]>>endobj
-1331 0 obj<</Parent 1327 0 R/Title(Abstract)/Dest[1085 0 R/XYZ 0 786 0]/Prev 1329 0 R/Next 1332 0 R>>endobj
-1332 0 obj<</Parent 1327 0 R/Count -10/First 1333 0 R/Last 1344 0 R/Title(How to Install and Test SAMBA)/Dest[1095 0 R/XYZ 0 786 0]/Prev 1331 0 R/Next 1351 0 R>>endobj
-1333 0 obj<</Parent 1332 0 R/Title(Step 0: Read the man pages)/Dest[1095 0 R/XYZ 0 762 0]/Next 1334 0 R>>endobj
-1334 0 obj<</Parent 1332 0 R/Title(Step 1: Building the Binaries)/Dest[1095 0 R/XYZ 0 621 0]/Prev 1333 0 R/Next 1335 0 R>>endobj
-1335 0 obj<</Parent 1332 0 R/Title(Step 2: The all important step)/Dest[1095 0 R/XYZ 0 216 0]/Prev 1334 0 R/Next 1336 0 R>>endobj
-1336 0 obj<</Parent 1332 0 R/Title(Step 3: Create the smb configuration file.)/Dest[1097 0 R/XYZ 0 786 0]/Prev 1335 0 R/Next 1337 0 R>>endobj
-1337 0 obj<</Parent 1332 0 R/Title(Step 4: Test your config file with testparm)/Dest[1097 0 R/XYZ 0 435 0]/Prev 1336 0 R/Next 1338 0 R>>endobj
-1338 0 obj<</Parent 1332 0 R/Count -2/First 1339 0 R/Last 1340 0 R/Title(Step 5: Starting the smbd and nmbd)/Dest[1097 0 R/XYZ 0 333 0]/Prev 1337 0 R/Next 1341 0 R>>endobj
-1339 0 obj<</Parent 1338 0 R/Title(Step 5a: Starting from inetd.conf)/Dest[1097 0 R/XYZ 0 179 0]/Next 1340 0 R>>endobj
-1340 0 obj<</Parent 1338 0 R/Title(Step 5b. Alternative: starting it as a daemon)/Dest[1099 0 R/XYZ 0 353 0]/Prev 1339 0 R>>endobj
-1341 0 obj<</Parent 1332 0 R/Title(Step 6: Try listing the shares available on your server)/Dest[1101 0 R/XYZ 0 771 0]/Prev 1338 0 R/Next 1342 0 R>>endobj
-1342 0 obj<</Parent 1332 0 R/Title(Step 7: Try connecting with the unix client)/Dest[1101 0 R/XYZ 0 603 0]/Prev 1341 0 R/Next 1343 0 R>>endobj
-1343 0 obj<</Parent 1332 0 R/Title(Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, Win2k, OS/2, etc... client)/Dest[1101 0 R/XYZ 0 436 0]/Prev 1342 0 R/Next 1344 0 R>>endobj
-1344 0 obj<</Parent 1332 0 R/Count -6/First 1345 0 R/Last 1350 0 R/Title(What If Things Don't Work?)/Dest[1101 0 R/XYZ 0 221 0]/Prev 1343 0 R>>endobj
-1345 0 obj<</Parent 1344 0 R/Title(Diagnosing Problems)/Dest[1103 0 R/XYZ 0 705 0]/Next 1346 0 R>>endobj
-1346 0 obj<</Parent 1344 0 R/Title(Scope IDs)/Dest[1103 0 R/XYZ 0 647 0]/Prev 1345 0 R/Next 1347 0 R>>endobj
-1347 0 obj<</Parent 1344 0 R/Title(Choosing the Protocol Level)/Dest[1103 0 R/XYZ 0 562 0]/Prev 1346 0 R/Next 1348 0 R>>endobj
-1348 0 obj<</Parent 1344 0 R/Title(Printing from UNIX to a Client PC)/Dest[1103 0 R/XYZ 0 253 0]/Prev 1347 0 R/Next 1349 0 R>>endobj
-1349 0 obj<</Parent 1344 0 R/Title(Locking)/Dest[1105 0 R/XYZ 0 771 0]/Prev 1348 0 R/Next 1350 0 R>>endobj
-1350 0 obj<</Parent 1344 0 R/Title(Mapping Usernames)/Dest[1105 0 R/XYZ 0 317 0]/Prev 1349 0 R>>endobj
-1351 0 obj<</Parent 1327 0 R/Count -4/First 1352 0 R/Last 1366 0 R/Title(Diagnosing your samba server)/Dest[1107 0 R/XYZ 0 786 0]/Prev 1332 0 R/Next 1367 0 R>>endobj
-1352 0 obj<</Parent 1351 0 R/Title(Introduction)/Dest[1107 0 R/XYZ 0 762 0]/Next 1353 0 R>>endobj
-1353 0 obj<</Parent 1351 0 R/Title(Assumptions)/Dest[1107 0 R/XYZ 0 581 0]/Prev 1352 0 R/Next 1354 0 R>>endobj
-1354 0 obj<</Parent 1351 0 R/Count -11/First 1355 0 R/Last 1365 0 R/Title(Tests)/Dest[1107 0 R/XYZ 0 223 0]/Prev 1353 0 R/Next 1366 0 R>>endobj
-1355 0 obj<</Parent 1354 0 R/Title(Test 1)/Dest[1107 0 R/XYZ 0 202 0]/Next 1356 0 R>>endobj
-1356 0 obj<</Parent 1354 0 R/Title(Test 2)/Dest[1109 0 R/XYZ 0 758 0]/Prev 1355 0 R/Next 1357 0 R>>endobj
-1357 0 obj<</Parent 1354 0 R/Title(Test 3)/Dest[1109 0 R/XYZ 0 554 0]/Prev 1356 0 R/Next 1358 0 R>>endobj
-1358 0 obj<</Parent 1354 0 R/Title(Test 4)/Dest[1111 0 R/XYZ 0 626 0]/Prev 1357 0 R/Next 1359 0 R>>endobj
-1359 0 obj<</Parent 1354 0 R/Title(Test 5)/Dest[1111 0 R/XYZ 0 475 0]/Prev 1358 0 R/Next 1360 0 R>>endobj
-1360 0 obj<</Parent 1354 0 R/Title(Test 6)/Dest[1111 0 R/XYZ 0 351 0]/Prev 1359 0 R/Next 1361 0 R>>endobj
-1361 0 obj<</Parent 1354 0 R/Title(Test 7)/Dest[1113 0 R/XYZ 0 758 0]/Prev 1360 0 R/Next 1362 0 R>>endobj
-1362 0 obj<</Parent 1354 0 R/Title(Test 8)/Dest[1113 0 R/XYZ 0 396 0]/Prev 1361 0 R/Next 1363 0 R>>endobj
-1363 0 obj<</Parent 1354 0 R/Title(Test 9)/Dest[1115 0 R/XYZ 0 731 0]/Prev 1362 0 R/Next 1364 0 R>>endobj
-1364 0 obj<</Parent 1354 0 R/Title(Test 10)/Dest[1115 0 R/XYZ 0 581 0]/Prev 1363 0 R/Next 1365 0 R>>endobj
-1365 0 obj<</Parent 1354 0 R/Title(Test 11)/Dest[1115 0 R/XYZ 0 443 0]/Prev 1364 0 R>>endobj
-1366 0 obj<</Parent 1351 0 R/Title(Still having troubles?)/Dest[1115 0 R/XYZ 0 305 0]/Prev 1354 0 R>>endobj
-1367 0 obj<</Parent 1327 0 R/Count -6/First 1368 0 R/Last 1385 0 R/Title(Integrating MS Windows networks with Samba)/Dest[1117 0 R/XYZ 0 786 0]/Prev 1351 0 R/Next 1386 0 R>>endobj
-1368 0 obj<</Parent 1367 0 R/Title(Agenda)/Dest[1117 0 R/XYZ 0 762 0]/Next 1369 0 R>>endobj
-1369 0 obj<</Parent 1367 0 R/Count -4/First 1370 0 R/Last 1373 0 R/Title(Name Resolution in a pure Unix/Linux world)/Dest[1117 0 R/XYZ 0 515 0]/Prev 1368 0 R/Next 1374 0 R>>endobj
-1370 0 obj<</Parent 1369 0 R/Title(/etc/hosts)/Dest[1117 0 R/XYZ 0 387 0]/Next 1371 0 R>>endobj
-1371 0 obj<</Parent 1369 0 R/Title(/etc/resolv.conf)/Dest[1119 0 R/XYZ 0 507 0]/Prev 1370 0 R/Next 1372 0 R>>endobj
-1372 0 obj<</Parent 1369 0 R/Title(/etc/host.conf)/Dest[1119 0 R/XYZ 0 369 0]/Prev 1371 0 R/Next 1373 0 R>>endobj
-1373 0 obj<</Parent 1369 0 R/Title(/etc/nsswitch.conf)/Dest[1119 0 R/XYZ 0 221 0]/Prev 1372 0 R>>endobj
-1374 0 obj<</Parent 1367 0 R/Count -5/First 1375 0 R/Last 1379 0 R/Title(Name resolution as used within MS Windows networking)/Dest[1121 0 R/XYZ 0 400 0]/Prev 1369 0 R/Next 1380 0 R>>endobj
-1375 0 obj<</Parent 1374 0 R/Title(The NetBIOS Name Cache)/Dest[1123 0 R/XYZ 0 348 0]/Next 1376 0 R>>endobj
-1376 0 obj<</Parent 1374 0 R/Title(The LMHOSTS file)/Dest[1125 0 R/XYZ 0 786 0]/Prev 1375 0 R/Next 1377 0 R>>endobj
-1377 0 obj<</Parent 1374 0 R/Title(HOSTS file)/Dest[1127 0 R/XYZ 0 509 0]/Prev 1376 0 R/Next 1378 0 R>>endobj
-1378 0 obj<</Parent 1374 0 R/Title(DNS Lookup)/Dest[1127 0 R/XYZ 0 411 0]/Prev 1377 0 R/Next 1379 0 R>>endobj
-1379 0 obj<</Parent 1374 0 R/Title(WINS Lookup)/Dest[1127 0 R/XYZ 0 273 0]/Prev 1378 0 R>>endobj
-1380 0 obj<</Parent 1367 0 R/Title(How browsing functions and how to deploy stable and dependable browsing using Samba)/Dest[1129 0 R/XYZ 0 720 0]/Prev 1374 0 R/Next 1381 0 R>>endobj
-1381 0 obj<</Parent 1367 0 R/Count -3/First 1382 0 R/Last 1384 0 R/Title(MS Windows security options and how to configure Samba for seemless integration)/Dest[1131 0 R/XYZ 0 786 0]/Prev 1380 0 R/Next 1385 0 R>>endobj
-1382 0 obj<</Parent 1381 0 R/Title(Use MS Windows NT as an authentication server)/Dest[1133 0 R/XYZ 0 745 0]/Next 1383 0 R>>endobj
-1383 0 obj<</Parent 1381 0 R/Title(Make Samba a member of an MS Windows NT security domain)/Dest[1133 0 R/XYZ 0 493 0]/Prev 1382 0 R/Next 1384 0 R>>endobj
-1384 0 obj<</Parent 1381 0 R/Title(Configure Samba as an authentication server)/Dest[1135 0 R/XYZ 0 786 0]/Prev 1383 0 R>>endobj
-1385 0 obj<</Parent 1367 0 R/Title(Conclusions)/Dest[1135 0 R/XYZ 0 225 0]/Prev 1381 0 R>>endobj
-1386 0 obj<</Parent 1327 0 R/Count -3/First 1387 0 R/Last 1389 0 R/Title(Configuring PAM for distributed but centrally managed authentication)/Dest[1139 0 R/XYZ 0 786 0]/Prev 1367 0 R/Next 1390 0 R>>endobj
-1387 0 obj<</Parent 1386 0 R/Title(Samba and PAM)/Dest[1139 0 R/XYZ 0 738 0]/Next 1388 0 R>>endobj
-1388 0 obj<</Parent 1386 0 R/Title(Distributed Authentication)/Dest[1141 0 R/XYZ 0 179 0]/Prev 1387 0 R/Next 1389 0 R>>endobj
-1389 0 obj<</Parent 1386 0 R/Title(PAM Configuration in smb.conf)/Dest[1143 0 R/XYZ 0 731 0]/Prev 1388 0 R>>endobj
-1390 0 obj<</Parent 1327 0 R/Count -1/First 1391 0 R/Last 1391 0 R/Title(Hosting a Microsoft Distributed File System tree on Samba)/Dest[1145 0 R/XYZ 0 786 0]/Prev 1386 0 R/Next 1393 0 R>>endobj
-1391 0 obj<</Parent 1390 0 R/Count -1/First 1392 0 R/Last 1392 0 R/Title(Instructions)/Dest[1145 0 R/XYZ 0 738 0]>>endobj
-1392 0 obj<</Parent 1391 0 R/Title(Notes)/Dest[1147 0 R/XYZ 0 705 0]>>endobj
-1393 0 obj<</Parent 1327 0 R/Count -7/First 1394 0 R/Last 1402 0 R/Title(UNIX Permission Bits and Windows NT Access Control Lists)/Dest[1149 0 R/XYZ 0 786 0]/Prev 1390 0 R/Next 1403 0 R>>endobj
-1394 0 obj<</Parent 1393 0 R/Title(Viewing and changing UNIX permissions using the NT security dialogs)/Dest[1149 0 R/XYZ 0 738 0]/Next 1395 0 R>>endobj
-1395 0 obj<</Parent 1393 0 R/Title(How to view file security on a Samba share)/Dest[1149 0 R/XYZ 0 550 0]/Prev 1394 0 R/Next 1396 0 R>>endobj
-1396 0 obj<</Parent 1393 0 R/Title(Viewing file ownership)/Dest[1149 0 R/XYZ 0 383 0]/Prev 1395 0 R/Next 1397 0 R>>endobj
-1397 0 obj<</Parent 1393 0 R/Count -2/First 1398 0 R/Last 1399 0 R/Title(Viewing file or directory permissions)/Dest[1151 0 R/XYZ 0 718 0]/Prev 1396 0 R/Next 1400 0 R>>endobj
-1398 0 obj<</Parent 1397 0 R/Title(File Permissions)/Dest[1151 0 R/XYZ 0 485 0]/Next 1399 0 R>>endobj
-1399 0 obj<</Parent 1397 0 R/Title(Directory Permissions)/Dest[1151 0 R/XYZ 0 241 0]/Prev 1398 0 R>>endobj
-1400 0 obj<</Parent 1393 0 R/Title(Modifying file or directory permissions)/Dest[1153 0 R/XYZ 0 745 0]/Prev 1397 0 R/Next 1401 0 R>>endobj
-1401 0 obj<</Parent 1393 0 R/Title(Interaction with the standard Samba create mask parameters)/Dest[1153 0 R/XYZ 0 313 0]/Prev 1400 0 R/Next 1402 0 R>>endobj
-1402 0 obj<</Parent 1393 0 R/Title(Interaction with the standard Samba file attribute mapping)/Dest[1157 0 R/XYZ 0 652 0]/Prev 1401 0 R>>endobj
-1403 0 obj<</Parent 1327 0 R/Count -4/First 1404 0 R/Last 1416 0 R/Title(Printing Support in Samba 2.2.x)/Dest[1159 0 R/XYZ 0 786 0]/Prev 1393 0 R/Next 1417 0 R>>endobj
-1404 0 obj<</Parent 1403 0 R/Title(Introduction)/Dest[1159 0 R/XYZ 0 762 0]/Next 1405 0 R>>endobj
-1405 0 obj<</Parent 1403 0 R/Count -5/First 1406 0 R/Last 1410 0 R/Title(Configuration)/Dest[1159 0 R/XYZ 0 331 0]/Prev 1404 0 R/Next 1411 0 R>>endobj
-1406 0 obj<</Parent 1405 0 R/Title(Creating [print$])/Dest[1161 0 R/XYZ 0 755 0]/Next 1407 0 R>>endobj
-1407 0 obj<</Parent 1405 0 R/Title(Setting Drivers for Existing Printers)/Dest[1163 0 R/XYZ 0 521 0]/Prev 1406 0 R/Next 1408 0 R>>endobj
-1408 0 obj<</Parent 1405 0 R/Title(Support a large number of printers)/Dest[1165 0 R/XYZ 0 758 0]/Prev 1407 0 R/Next 1409 0 R>>endobj
-1409 0 obj<</Parent 1405 0 R/Title(Adding New Printers via the Windows NT APW)/Dest[1165 0 R/XYZ 0 385 0]/Prev 1408 0 R/Next 1410 0 R>>endobj
-1410 0 obj<</Parent 1405 0 R/Title(Samba and Printer Ports)/Dest[1167 0 R/XYZ 0 208 0]/Prev 1409 0 R>>endobj
-1411 0 obj<</Parent 1403 0 R/Count -4/First 1412 0 R/Last 1415 0 R/Title(The Imprints Toolset)/Dest[1169 0 R/XYZ 0 705 0]/Prev 1405 0 R/Next 1416 0 R>>endobj
-1412 0 obj<</Parent 1411 0 R/Title(What is Imprints?)/Dest[1169 0 R/XYZ 0 603 0]/Next 1413 0 R>>endobj
-1413 0 obj<</Parent 1411 0 R/Title(Creating Printer Driver Packages)/Dest[1169 0 R/XYZ 0 479 0]/Prev 1412 0 R/Next 1414 0 R>>endobj
-1414 0 obj<</Parent 1411 0 R/Title(The Imprints server)/Dest[1169 0 R/XYZ 0 394 0]/Prev 1413 0 R/Next 1415 0 R>>endobj
-1415 0 obj<</Parent 1411 0 R/Title(The Installation Client)/Dest[1169 0 R/XYZ 0 296 0]/Prev 1414 0 R>>endobj
-1416 0 obj<</Parent 1403 0 R/Title(Migration to from Samba 2.0.x to 2.2.x)/Dest[1171 0 R/XYZ 0 409 0]/Prev 1411 0 R>>endobj
-1417 0 obj<</Parent 1327 0 R/Count -9/First 1418 0 R/Last 1426 0 R/Title(Debugging Printing Problems)/Dest[1175 0 R/XYZ 0 786 0]/Prev 1403 0 R/Next 1427 0 R>>endobj
-1418 0 obj<</Parent 1417 0 R/Title(Introduction)/Dest[1175 0 R/XYZ 0 762 0]/Next 1419 0 R>>endobj
-1419 0 obj<</Parent 1417 0 R/Title(Debugging printer problems)/Dest[1177 0 R/XYZ 0 786 0]/Prev 1418 0 R/Next 1420 0 R>>endobj
-1420 0 obj<</Parent 1417 0 R/Title(What printers do I have?)/Dest[1177 0 R/XYZ 0 325 0]/Prev 1419 0 R/Next 1421 0 R>>endobj
-1421 0 obj<</Parent 1417 0 R/Title(Setting up printcap and print servers)/Dest[1179 0 R/XYZ 0 786 0]/Prev 1420 0 R/Next 1422 0 R>>endobj
-1422 0 obj<</Parent 1417 0 R/Title(Job sent, no output)/Dest[1179 0 R/XYZ 0 354 0]/Prev 1421 0 R/Next 1423 0 R>>endobj
-1423 0 obj<</Parent 1417 0 R/Title(Job sent, strange output)/Dest[1181 0 R/XYZ 0 670 0]/Prev 1422 0 R/Next 1424 0 R>>endobj
-1424 0 obj<</Parent 1417 0 R/Title(Raw PostScript printed)/Dest[1181 0 R/XYZ 0 317 0]/Prev 1423 0 R/Next 1425 0 R>>endobj
-1425 0 obj<</Parent 1417 0 R/Title(Advanced Printing)/Dest[1181 0 R/XYZ 0 228 0]/Prev 1424 0 R/Next 1426 0 R>>endobj
-1426 0 obj<</Parent 1417 0 R/Title(Real debugging)/Dest[1183 0 R/XYZ 0 786 0]/Prev 1425 0 R>>endobj
-1427 0 obj<</Parent 1327 0 R/Count -2/First 1428 0 R/Last 1429 0 R/Title(Security levels)/Dest[1185 0 R/XYZ 0 786 0]/Prev 1417 0 R/Next 1430 0 R>>endobj
-1428 0 obj<</Parent 1427 0 R/Title(Introduction)/Dest[1185 0 R/XYZ 0 762 0]/Next 1429 0 R>>endobj
-1429 0 obj<</Parent 1427 0 R/Title(More complete description of security levels)/Dest[1185 0 R/XYZ 0 517 0]/Prev 1428 0 R>>endobj
-1430 0 obj<</Parent 1327 0 R/Count -3/First 1431 0 R/Last 1433 0 R/Title(security = domain in Samba 2.x)/Dest[1189 0 R/XYZ 0 786 0]/Prev 1427 0 R/Next 1434 0 R>>endobj
-1431 0 obj<</Parent 1430 0 R/Title(Joining an NT Domain with Samba 2.2)/Dest[1189 0 R/XYZ 0 762 0]/Next 1432 0 R>>endobj
-1432 0 obj<</Parent 1430 0 R/Title(Samba and Windows 2000 Domains)/Dest[1191 0 R/XYZ 0 415 0]/Prev 1431 0 R/Next 1433 0 R>>endobj
-1433 0 obj<</Parent 1430 0 R/Title(Why is this better than security = server?)/Dest[1191 0 R/XYZ 0 207 0]/Prev 1432 0 R>>endobj
-1434 0 obj<</Parent 1327 0 R/Count -7/First 1435 0 R/Last 1450 0 R/Title(Unified Logons between Windows NT and UNIX using Winbind)/Dest[1195 0 R/XYZ 0 786 0]/Prev 1430 0 R/Next 1451 0 R>>endobj
-1435 0 obj<</Parent 1434 0 R/Title(Abstract)/Dest[1195 0 R/XYZ 0 738 0]/Next 1436 0 R>>endobj
-1436 0 obj<</Parent 1434 0 R/Title(Introduction)/Dest[1195 0 R/XYZ 0 597 0]/Prev 1435 0 R/Next 1437 0 R>>endobj
-1437 0 obj<</Parent 1434 0 R/Count -1/First 1438 0 R/Last 1438 0 R/Title(What Winbind Provides)/Dest[1195 0 R/XYZ 0 284 0]/Prev 1436 0 R/Next 1439 0 R>>endobj
-1438 0 obj<</Parent 1437 0 R/Title(Target Uses)/Dest[1197 0 R/XYZ 0 613 0]>>endobj
-1439 0 obj<</Parent 1434 0 R/Count -5/First 1440 0 R/Last 1444 0 R/Title(How Winbind Works)/Dest[1197 0 R/XYZ 0 462 0]/Prev 1437 0 R/Next 1445 0 R>>endobj
-1440 0 obj<</Parent 1439 0 R/Title(Microsoft Remote Procedure Calls)/Dest[1197 0 R/XYZ 0 347 0]/Next 1441 0 R>>endobj
-1441 0 obj<</Parent 1439 0 R/Title(Name Service Switch)/Dest[1199 0 R/XYZ 0 786 0]/Prev 1440 0 R/Next 1442 0 R>>endobj
-1442 0 obj<</Parent 1439 0 R/Title(Pluggable Authentication Modules)/Dest[1199 0 R/XYZ 0 345 0]/Prev 1441 0 R/Next 1443 0 R>>endobj
-1443 0 obj<</Parent 1439 0 R/Title(User and Group ID Allocation)/Dest[1201 0 R/XYZ 0 718 0]/Prev 1442 0 R/Next 1444 0 R>>endobj
-1444 0 obj<</Parent 1439 0 R/Title(Result Caching)/Dest[1201 0 R/XYZ 0 541 0]/Prev 1443 0 R>>endobj
-1445 0 obj<</Parent 1434 0 R/Count -3/First 1446 0 R/Last 1448 0 R/Title(Installation and Configuration)/Dest[1201 0 R/XYZ 0 403 0]/Prev 1439 0 R/Next 1449 0 R>>endobj
-1446 0 obj<</Parent 1445 0 R/Title(Introduction)/Dest[1201 0 R/XYZ 0 262 0]/Next 1447 0 R>>endobj
-1447 0 obj<</Parent 1445 0 R/Title(Requirements)/Dest[1203 0 R/XYZ 0 652 0]/Prev 1446 0 R/Next 1448 0 R>>endobj
-1448 0 obj<</Parent 1445 0 R/Title(Testing Things Out)/Dest[1203 0 R/XYZ 0 383 0]/Prev 1447 0 R>>endobj
-1449 0 obj<</Parent 1434 0 R/Title(Limitations)/Dest[1217 0 R/XYZ 0 270 0]/Prev 1445 0 R/Next 1450 0 R>>endobj
-1450 0 obj<</Parent 1434 0 R/Title(Conclusion)/Dest[1219 0 R/XYZ 0 731 0]/Prev 1449 0 R>>endobj
-1451 0 obj<</Parent 1327 0 R/Count -9/First 1452 0 R/Last 1465 0 R/Title(How to Configure Samba 2.2 as a Primary Domain Controller)/Dest[1221 0 R/XYZ 0 786 0]/Prev 1434 0 R/Next 1466 0 R>>endobj
-1452 0 obj<</Parent 1451 0 R/Title(Prerequisite Reading)/Dest[1221 0 R/XYZ 0 738 0]/Next 1453 0 R>>endobj
-1453 0 obj<</Parent 1451 0 R/Title(Background)/Dest[1221 0 R/XYZ 0 637 0]/Prev 1452 0 R/Next 1454 0 R>>endobj
-1454 0 obj<</Parent 1451 0 R/Title(Configuring the Samba Domain Controller)/Dest[1223 0 R/XYZ 0 771 0]/Prev 1453 0 R/Next 1455 0 R>>endobj
-1455 0 obj<</Parent 1451 0 R/Count -3/First 1456 0 R/Last 1458 0 R/Title(Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[1225 0 R/XYZ 0 665 0]/Prev 1454 0 R/Next 1459 0 R>>endobj
-1456 0 obj<</Parent 1455 0 R/Title(Manual Creation of Machine Trust Accounts)/Dest[1225 0 R/XYZ 0 279 0]/Next 1457 0 R>>endobj
-1457 0 obj<</Parent 1455 0 R/Title("On-the-Fly" Creation of Machine Trust Accounts)/Dest[1227 0 R/XYZ 0 409 0]/Prev 1456 0 R/Next 1458 0 R>>endobj
-1458 0 obj<</Parent 1455 0 R/Title(Joining the Client to the Domain)/Dest[1227 0 R/XYZ 0 196 0]/Prev 1457 0 R>>endobj
-1459 0 obj<</Parent 1451 0 R/Title(Common Problems and Errors)/Dest[1229 0 R/XYZ 0 520 0]/Prev 1455 0 R/Next 1460 0 R>>endobj
-1460 0 obj<</Parent 1451 0 R/Title(System Policies and Profiles)/Dest[1231 0 R/XYZ 0 258 0]/Prev 1459 0 R/Next 1461 0 R>>endobj
-1461 0 obj<</Parent 1451 0 R/Title(What other help can I get?)/Dest[1233 0 R/XYZ 0 256 0]/Prev 1460 0 R/Next 1462 0 R>>endobj
-1462 0 obj<</Parent 1451 0 R/Count -2/First 1463 0 R/Last 1464 0 R/Title(Domain Control for Windows 9x/ME)/Dest[1239 0 R/XYZ 0 599 0]/Prev 1461 0 R/Next 1465 0 R>>endobj
-1463 0 obj<</Parent 1462 0 R/Title(Configuration Instructions: Network Logons)/Dest[1241 0 R/XYZ 0 613 0]/Next 1464 0 R>>endobj
-1464 0 obj<</Parent 1462 0 R/Title(Configuration Instructions: Setting up Roaming User Profiles)/Dest[1241 0 R/XYZ 0 179 0]/Prev 1463 0 R>>endobj
-1465 0 obj<</Parent 1451 0 R/Title(DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[1249 0 R/XYZ 0 188 0]/Prev 1462 0 R>>endobj
-1466 0 obj<</Parent 1327 0 R/Count -5/First 1467 0 R/Last 1473 0 R/Title(How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain)/Dest[1255 0 R/XYZ 0 786 0]/Prev 1451 0 R/Next 1475 0 R>>endobj
-1467 0 obj<</Parent 1466 0 R/Title(Prerequisite Reading)/Dest[1255 0 R/XYZ 0 738 0]/Next 1468 0 R>>endobj
-1468 0 obj<</Parent 1466 0 R/Title(Background)/Dest[1255 0 R/XYZ 0 650 0]/Prev 1467 0 R/Next 1469 0 R>>endobj
-1469 0 obj<</Parent 1466 0 R/Count -2/First 1470 0 R/Last 1471 0 R/Title(What qualifies a Domain Controller on the network?)/Dest[1255 0 R/XYZ 0 275 0]/Prev 1468 0 R/Next 1472 0 R>>endobj
-1470 0 obj<</Parent 1469 0 R/Title(How does a Workstation find its domain controller?)/Dest[1257 0 R/XYZ 0 786 0]/Next 1471 0 R>>endobj
-1471 0 obj<</Parent 1469 0 R/Title(When is the PDC needed?)/Dest[1257 0 R/XYZ 0 662 0]/Prev 1470 0 R>>endobj
-1472 0 obj<</Parent 1466 0 R/Title(Can Samba be a Backup Domain Controller?)/Dest[1257 0 R/XYZ 0 577 0]/Prev 1469 0 R/Next 1473 0 R>>endobj
-1473 0 obj<</Parent 1466 0 R/Count -1/First 1474 0 R/Last 1474 0 R/Title(How do I set up a Samba BDC?)/Dest[1257 0 R/XYZ 0 436 0]/Prev 1472 0 R>>endobj
-1474 0 obj<</Parent 1473 0 R/Title(How do I replicate the smbpasswd file?)/Dest[1259 0 R/XYZ 0 670 0]>>endobj
-1475 0 obj<</Parent 1327 0 R/Count -10/First 1476 0 R/Last 1487 0 R/Title(Storing Samba's User/Machine Account information in an LDAP Directory)/Dest[1261 0 R/XYZ 0 786 0]/Prev 1466 0 R/Next 1488 0 R>>endobj
-1476 0 obj<</Parent 1475 0 R/Title(Purpose)/Dest[1261 0 R/XYZ 0 738 0]/Next 1477 0 R>>endobj
-1477 0 obj<</Parent 1475 0 R/Title(Introduction)/Dest[1261 0 R/XYZ 0 465 0]/Prev 1476 0 R/Next 1478 0 R>>endobj
-1478 0 obj<</Parent 1475 0 R/Title(Supported LDAP Servers)/Dest[1263 0 R/XYZ 0 626 0]/Prev 1477 0 R/Next 1479 0 R>>endobj
-1479 0 obj<</Parent 1475 0 R/Title(Schema and Relationship to the RFC 2307 posixAccount)/Dest[1263 0 R/XYZ 0 524 0]/Prev 1478 0 R/Next 1480 0 R>>endobj
-1480 0 obj<</Parent 1475 0 R/Count -2/First 1481 0 R/Last 1482 0 R/Title(Configuring Samba with LDAP)/Dest[1265 0 R/XYZ 0 786 0]/Prev 1479 0 R/Next 1483 0 R>>endobj
-1481 0 obj<</Parent 1480 0 R/Title(OpenLDAP configuration)/Dest[1265 0 R/XYZ 0 766 0]/Next 1482 0 R>>endobj
-1482 0 obj<</Parent 1480 0 R/Title(Configuring Samba)/Dest[1265 0 R/XYZ 0 191 0]/Prev 1481 0 R>>endobj
-1483 0 obj<</Parent 1475 0 R/Title(Accounts and Groups management)/Dest[1267 0 R/XYZ 0 280 0]/Prev 1480 0 R/Next 1484 0 R>>endobj
-1484 0 obj<</Parent 1475 0 R/Title(Security and sambaAccount)/Dest[1269 0 R/XYZ 0 758 0]/Prev 1483 0 R/Next 1485 0 R>>endobj
-1485 0 obj<</Parent 1475 0 R/Title(LDAP specials attributes for sambaAccounts)/Dest[1269 0 R/XYZ 0 373 0]/Prev 1484 0 R/Next 1486 0 R>>endobj
-1486 0 obj<</Parent 1475 0 R/Title(Example LDIF Entries for a sambaAccount)/Dest[1271 0 R/XYZ 0 362 0]/Prev 1485 0 R/Next 1487 0 R>>endobj
-1487 0 obj<</Parent 1475 0 R/Title(Comments)/Dest[1273 0 R/XYZ 0 531 0]/Prev 1486 0 R>>endobj
-1488 0 obj<</Parent 1327 0 R/Count -11/First 1489 0 R/Last 1500 0 R/Title(Improved browsing in samba)/Dest[1275 0 R/XYZ 0 786 0]/Prev 1475 0 R/Next 1501 0 R>>endobj
-1489 0 obj<</Parent 1488 0 R/Title(Overview of browsing)/Dest[1275 0 R/XYZ 0 762 0]/Next 1490 0 R>>endobj
-1490 0 obj<</Parent 1488 0 R/Title(Browsing support in samba)/Dest[1275 0 R/XYZ 0 568 0]/Prev 1489 0 R/Next 1491 0 R>>endobj
-1491 0 obj<</Parent 1488 0 R/Title(Problem resolution)/Dest[1275 0 R/XYZ 0 189 0]/Prev 1490 0 R/Next 1492 0 R>>endobj
-1492 0 obj<</Parent 1488 0 R/Count -1/First 1493 0 R/Last 1493 0 R/Title(Browsing across subnets)/Dest[1277 0 R/XYZ 0 586 0]/Prev 1491 0 R/Next 1494 0 R>>endobj
-1493 0 obj<</Parent 1492 0 R/Title(How does cross subnet browsing work ?)/Dest[1277 0 R/XYZ 0 326 0]>>endobj
-1494 0 obj<</Parent 1488 0 R/Title(Setting up a WINS server)/Dest[1283 0 R/XYZ 0 564 0]/Prev 1492 0 R/Next 1495 0 R>>endobj
-1495 0 obj<</Parent 1488 0 R/Title(Setting up Browsing in a WORKGROUP)/Dest[1285 0 R/XYZ 0 613 0]/Prev 1494 0 R/Next 1496 0 R>>endobj
-1496 0 obj<</Parent 1488 0 R/Title(Setting up Browsing in a DOMAIN)/Dest[1287 0 R/XYZ 0 619 0]/Prev 1495 0 R/Next 1497 0 R>>endobj
-1497 0 obj<</Parent 1488 0 R/Title(Forcing samba to be the master)/Dest[1287 0 R/XYZ 0 261 0]/Prev 1496 0 R/Next 1498 0 R>>endobj
-1498 0 obj<</Parent 1488 0 R/Title(Making samba the domain master)/Dest[1289 0 R/XYZ 0 507 0]/Prev 1497 0 R/Next 1499 0 R>>endobj
-1499 0 obj<</Parent 1488 0 R/Title(Note about broadcast addresses)/Dest[1291 0 R/XYZ 0 731 0]/Prev 1498 0 R/Next 1500 0 R>>endobj
-1500 0 obj<</Parent 1488 0 R/Title(Multiple interfaces)/Dest[1291 0 R/XYZ 0 643 0]/Prev 1499 0 R>>endobj
-1501 0 obj<</Parent 1327 0 R/Count -17/First 1502 0 R/Last 1521 0 R/Title(Samba performance issues)/Dest[1293 0 R/XYZ 0 786 0]/Prev 1488 0 R/Next 1522 0 R>>endobj
-1502 0 obj<</Parent 1501 0 R/Title(Comparisons)/Dest[1293 0 R/XYZ 0 762 0]/Next 1503 0 R>>endobj
-1503 0 obj<</Parent 1501 0 R/Count -3/First 1504 0 R/Last 1506 0 R/Title(Oplocks)/Dest[1293 0 R/XYZ 0 502 0]/Prev 1502 0 R/Next 1507 0 R>>endobj
-1504 0 obj<</Parent 1503 0 R/Title(Overview)/Dest[1293 0 R/XYZ 0 482 0]/Next 1505 0 R>>endobj
-1505 0 obj<</Parent 1503 0 R/Title(Level2 Oplocks)/Dest[1293 0 R/XYZ 0 199 0]/Prev 1504 0 R/Next 1506 0 R>>endobj
-1506 0 obj<</Parent 1503 0 R/Title(Old 'fake oplocks' option - deprecated)/Dest[1295 0 R/XYZ 0 705 0]/Prev 1505 0 R>>endobj
-1507 0 obj<</Parent 1501 0 R/Title(Socket options)/Dest[1295 0 R/XYZ 0 567 0]/Prev 1503 0 R/Next 1508 0 R>>endobj
-1508 0 obj<</Parent 1501 0 R/Title(Read size)/Dest[1295 0 R/XYZ 0 307 0]/Prev 1507 0 R/Next 1509 0 R>>endobj
-1509 0 obj<</Parent 1501 0 R/Title(Max xmit)/Dest[1297 0 R/XYZ 0 771 0]/Prev 1508 0 R/Next 1510 0 R>>endobj
-1510 0 obj<</Parent 1501 0 R/Title(Locking)/Dest[1297 0 R/XYZ 0 590 0]/Prev 1509 0 R/Next 1511 0 R>>endobj
-1511 0 obj<</Parent 1501 0 R/Title(Share modes)/Dest[1297 0 R/XYZ 0 462 0]/Prev 1510 0 R/Next 1512 0 R>>endobj
-1512 0 obj<</Parent 1501 0 R/Title(Log level)/Dest[1297 0 R/XYZ 0 242 0]/Prev 1511 0 R/Next 1513 0 R>>endobj
-1513 0 obj<</Parent 1501 0 R/Title(Wide lines)/Dest[1299 0 R/XYZ 0 786 0]/Prev 1512 0 R/Next 1514 0 R>>endobj
-1514 0 obj<</Parent 1501 0 R/Title(Read raw)/Dest[1299 0 R/XYZ 0 698 0]/Prev 1513 0 R/Next 1515 0 R>>endobj
-1515 0 obj<</Parent 1501 0 R/Title(Write raw)/Dest[1299 0 R/XYZ 0 530 0]/Prev 1514 0 R/Next 1516 0 R>>endobj
-1516 0 obj<</Parent 1501 0 R/Title(Read prediction)/Dest[1299 0 R/XYZ 0 402 0]/Prev 1515 0 R/Next 1517 0 R>>endobj
-1517 0 obj<</Parent 1501 0 R/Title(Memory mapping)/Dest[1299 0 R/XYZ 0 182 0]/Prev 1516 0 R/Next 1518 0 R>>endobj
-1518 0 obj<</Parent 1501 0 R/Title(Slow Clients)/Dest[1301 0 R/XYZ 0 692 0]/Prev 1517 0 R/Next 1519 0 R>>endobj
-1519 0 obj<</Parent 1501 0 R/Title(Slow Logins)/Dest[1301 0 R/XYZ 0 564 0]/Prev 1518 0 R/Next 1520 0 R>>endobj
-1520 0 obj<</Parent 1501 0 R/Title(Client tuning)/Dest[1301 0 R/XYZ 0 489 0]/Prev 1519 0 R/Next 1521 0 R>>endobj
-1521 0 obj<</Parent 1501 0 R/Title(My Results)/Dest[1303 0 R/XYZ 0 441 0]/Prev 1520 0 R>>endobj
-1522 0 obj<</Parent 1327 0 R/Count -5/First 1523 0 R/Last 1535 0 R/Title(Samba and other CIFS clients)/Dest[1305 0 R/XYZ 0 786 0]/Prev 1501 0 R/Next 1536 0 R>>endobj
-1523 0 obj<</Parent 1522 0 R/Title(Macintosh clients?)/Dest[1305 0 R/XYZ 0 721 0]/Next 1524 0 R>>endobj
-1524 0 obj<</Parent 1522 0 R/Count -4/First 1525 0 R/Last 1528 0 R/Title(OS2 Client)/Dest[1305 0 R/XYZ 0 513 0]/Prev 1523 0 R/Next 1529 0 R>>endobj
-1525 0 obj<</Parent 1524 0 R/Title(How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[1305 0 R/XYZ 0 493 0]/Next 1526 0 R>>endobj
-1526 0 obj<</Parent 1524 0 R/Title(How can I configure OS/2 Warp 3 \(not Connect\), OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[1307 0 R/XYZ 0 786 0]/Prev 1525 0 R/Next 1527 0 R>>endobj
-1527 0 obj<</Parent 1524 0 R/Title(Are there any other issues when OS/2 \(any version\) is used as a client?)/Dest[1307 0 R/XYZ 0 573 0]/Prev 1526 0 R/Next 1528 0 R>>endobj
-1528 0 obj<</Parent 1524 0 R/Title(How do I get printer driver download working for OS/2 clients?)/Dest[1307 0 R/XYZ 0 475 0]/Prev 1527 0 R>>endobj
-1529 0 obj<</Parent 1522 0 R/Count -4/First 1530 0 R/Last 1533 0 R/Title(Windows for Workgroups)/Dest[1307 0 R/XYZ 0 218 0]/Prev 1524 0 R/Next 1534 0 R>>endobj
-1530 0 obj<</Parent 1529 0 R/Title(Use latest TCP/IP stack from Microsoft)/Dest[1307 0 R/XYZ 0 198 0]/Next 1531 0 R>>endobj
-1531 0 obj<</Parent 1529 0 R/Title(Delete .pwl files after password change)/Dest[1309 0 R/XYZ 0 705 0]/Prev 1530 0 R/Next 1532 0 R>>endobj
-1532 0 obj<</Parent 1529 0 R/Title(Configure WfW password handling)/Dest[1309 0 R/XYZ 0 554 0]/Prev 1531 0 R/Next 1533 0 R>>endobj
-1533 0 obj<</Parent 1529 0 R/Title(Case handling of passwords)/Dest[1309 0 R/XYZ 0 456 0]/Prev 1532 0 R>>endobj
-1534 0 obj<</Parent 1522 0 R/Title(Windows '95/'98)/Dest[1309 0 R/XYZ 0 371 0]/Prev 1529 0 R/Next 1535 0 R>>endobj
-1535 0 obj<</Parent 1522 0 R/Title(Windows 2000 Service Pack 2)/Dest[1311 0 R/XYZ 0 786 0]/Prev 1534 0 R>>endobj
-1536 0 obj<</Parent 1327 0 R/Count -2/First 1537 0 R/Last 1538 0 R/Title(HOWTO Access Samba source code via CVS)/Dest[1313 0 R/XYZ 0 786 0]/Prev 1522 0 R/Next 1541 0 R>>endobj
-1537 0 obj<</Parent 1536 0 R/Title(Introduction)/Dest[1313 0 R/XYZ 0 762 0]/Next 1538 0 R>>endobj
-1538 0 obj<</Parent 1536 0 R/Count -2/First 1539 0 R/Last 1540 0 R/Title(CVS Access to samba.org)/Dest[1313 0 R/XYZ 0 634 0]/Prev 1537 0 R>>endobj
-1539 0 obj<</Parent 1538 0 R/Title(Access via CVSweb)/Dest[1313 0 R/XYZ 0 546 0]/Next 1540 0 R>>endobj
-1540 0 obj<</Parent 1538 0 R/Title(Access via cvs)/Dest[1313 0 R/XYZ 0 435 0]/Prev 1539 0 R>>endobj
-1541 0 obj<</Parent 1327 0 R/Count -6/First 1542 0 R/Last 1547 0 R/Title(Reporting Bugs)/Dest[1317 0 R/XYZ 0 786 0]/Prev 1536 0 R/Next 1548 0 R>>endobj
-1542 0 obj<</Parent 1541 0 R/Title(Introduction)/Dest[1317 0 R/XYZ 0 762 0]/Next 1543 0 R>>endobj
-1543 0 obj<</Parent 1541 0 R/Title(General info)/Dest[1317 0 R/XYZ 0 489 0]/Prev 1542 0 R/Next 1544 0 R>>endobj
-1544 0 obj<</Parent 1541 0 R/Title(Debug levels)/Dest[1317 0 R/XYZ 0 348 0]/Prev 1543 0 R/Next 1545 0 R>>endobj
-1545 0 obj<</Parent 1541 0 R/Title(Internal errors)/Dest[1319 0 R/XYZ 0 692 0]/Prev 1544 0 R/Next 1546 0 R>>endobj
-1546 0 obj<</Parent 1541 0 R/Title(Attaching to a running process)/Dest[1319 0 R/XYZ 0 339 0]/Prev 1545 0 R/Next 1547 0 R>>endobj
-1547 0 obj<</Parent 1541 0 R/Title(Patches)/Dest[1319 0 R/XYZ 0 238 0]/Prev 1546 0 R>>endobj
-1548 0 obj<</Parent 1327 0 R/Title(Group mapping HOWTO)/Dest[1321 0 R/XYZ 0 786 0]/Prev 1541 0 R/Next 1549 0 R>>endobj
-1549 0 obj<</Parent 1327 0 R/Count -3/First 1550 0 R/Last 1552 0 R/Title(Portability)/Dest[1323 0 R/XYZ 0 786 0]/Prev 1548 0 R>>endobj
-1550 0 obj<</Parent 1549 0 R/Title(HPUX)/Dest[1323 0 R/XYZ 0 707 0]/Next 1551 0 R>>endobj
-1551 0 obj<</Parent 1549 0 R/Title(SCO Unix)/Dest[1323 0 R/XYZ 0 500 0]/Prev 1550 0 R/Next 1552 0 R>>endobj
-1552 0 obj<</Parent 1549 0 R/Title(DNIX)/Dest[1323 0 R/XYZ 0 385 0]/Prev 1551 0 R>>endobj
-1553 0 obj<</Type/Catalog/Pages 1068 0 R/PageLayout/SinglePage/Outlines 1327 0 R/OpenAction[1083 0 R/XYZ null null 0]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>7<</S/D/St 1/P()>>8<</S/D/St 2/P()>>13<</S/D/St 7/P()>>19<</S/D/St 13/P()>>24<</S/D/St 18/P()>>35<</S/D/St 29/P()>>38<</S/D/St 32/P()>>40<</S/D/St 34/P()>>45<</S/D/St 39/P()>>53<</S/D/St 47/P()>>58<</S/D/St 52/P()>>60<</S/D/St 54/P()>>63<</S/D/St 57/P()>>76<</S/D/St 70/P()>>93<</S/D/St 87/P()>>96<</S/D/St 90/P()>>103<</S/D/St 97/P()>>112<</S/D/St 106/P()>>118<</S/D/St 112/P()>>122<</S/D/St 116/P()>>124<</S/D/St 118/P()>>126<</S/D/St 120/P()>>127<</S/D/St 121/P()>>]>>>>endobj
+À0vuÀ!¼ç,¬œ‰Ð!
Ë£­U@ȉ«—Pq½51êaø8ñ�¬Îèº87´Tž¼UÅ×ý1ʉl3æµüîñT<zøç‚Ÿpû"9Wz�Ë|e6F'·ß{ÏøýDçõú
+‡îÓ†¶Ö€ãê–ÝÈ‹ÞK}÷aN±4aC� œgAB÷š�QÐlë  ¨
º
+M£Õ·r�‚îÃs+C. ¹­FYU»§›ˆ¯7F{kªJÚPÑ0'œBàsà5NLˆ*'·¯(߬1`œMч	 ?_Œó1ýnvÐQºÃ¡$¾mÙ“^3	ÿú>è÷	Ï£Oé” ÅGG‘½““Ú)¯�Ù;ߣgVïU:±1rÖ	vµÇ1o!Ëû€ö®k‘Äft?Rº¨š«Uª(x¼qžµœqhªv0¸É€
+Þ¤^èb2èÏ겆!!F¡Aæ†˜Ï(›¡‘z…Ö"³†ô²u-YÇQè6Ö–#¯"È:�bVÑ�tƒè+fϲԩ¨üÖ@"+hº;fZ¯9ø48 vtât�áÝ:ˆt§xTàFXJœÞ	ðl7ÖœébDýŸ™Ž‚›®¯*f«¨‹VÕ-ëÆý(¿ùi£D\íÆ
+‘Áî aljp½såS—ÇVôãëÖXß3­±Ž

`Ò’Õº•Ê4:">Ä@Øqû´
‹Iqà
+=éwða�Ö4èAÓÈ5,N˜Ùmû­Ä¤Ò£Ý'Éwð*‡�
+Eü¡`I
+endobj
+890 0 obj
+1615
+endobj
+891 0 obj<</Type/Page/Parent 689 0 R/Contents 892 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 271 0 R>>endobj
+892 0 obj<</Length 893 0 R/Filter/FlateDecode>>stream
+x
�XMsã6½ûWtå¹J¤$J²ì­ÊÁ�WM2Þ±vgº@$$!&	 -ëßç5@ˆ”ìÙÌnM�mŠ
+äØÈ
L!ᜉ�Îs½gg,vÚ˜Oü¸¼`49HÑ„ÿúòËÅd<Ž§4O®ãk*(A–oÚ§œž“
+ëúþªÇ\”²>æí@O¾2翪ÜÆ›m**§ºëûÿ3›Æ3š]ß
+z/,ß3@w©•�("|­È^èhòt:‚eSò„²ô‚�µíU½#ìqª±×³¹0ˆ¥lŠ5Ä7+:K«�Ó �»õN7±ÚÕ¥ct°RGé¬]´ÏO$yN¹ÖÏMe©hð­]IÃzGZùgÕ©X"ª_Ô²$^ áUAþJL·z¯9%}¿ÛÓq*d¬#›\oA…«�.™G ©dýœÃžµÌ’
+FV¹Jy¼‹N»»Æs3ƒÕ1Nqäõ"âªxBoõõ^be.7öþ¾!_‘[Üð¦ngŒmcœr7öP¦«ÁduyÞ$܉þ³ãbkwß\º7¬ÊR SóŠ«2b¼çÓ»™~3Î2*q¿6Ê]}7È[áîwh¶>yåƒt<
|oG„Ž1$ìi2³8?s½§­D]ãR×pû	\ð
+ÙM½­É×Jµr‚©mȀ˰Tü"!ç¸2îÛ�ò€íUw5øòpjx‘ÿ%O®0I‡É[î'hÁ&¯™Š�+” Ã)UîÞ$üýˆeZ)¤(k…[©¿�vq»ž�H;ÇE±v"¶«Ø€ö¸Kf8ÇÕ'ª58+®ÛLJVžÂ%¨?8›B²:Úõvý=Øñ®….A]î†×¶,pý­(²5j¸oXc5¨Œ|Q
+߸9œe	�úêå/äPžø«¦U¦y÷dû}óßpW4µf]Aºâ91üà¬NX«SZd’~ºnó„f™Î=õ~ï·Bô¿|4Ã�¢½„_-8f(Ë^ü«ãŒûendstream
+endobj
+893 0 obj
+2089
+endobj
+894 0 obj<</Type/Page/Parent 689 0 R/Contents 895 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 280 0 R>>endobj
+895 0 obj<</Length 896 0 R/Filter/FlateDecode>>stream
+x
�X]sÛ8|÷¯˜J¥ÎJUD‰”,)ûtJg}g{}‘RÙ­òDB"b’à eýûë
Hê#ÙÜÞÅe[4ñ1˜éîiäß!
ñÒ4¢Ñ„âüâýêâãêbÌftøQmñ0¤(š�gS|žN‚U’6</±L÷Ã×c
+CZm°úd6¥UâÞi÷v*ËÈX�Ù¢H(Óú©.©6²"Ǻ.¬!UàÝ.攨Jƽˆn
+ì)2e÷oɦ
+ã=ËjOR˜=YMu‘ÈÊX¬Ë£7´×õ›Õ·‹!õÃb_%=�mc�oteÅ:“´S6ÅæªØòŽ&_—˜]B•É·dT^f{lZf"–ôª{ÿÊO|uâ+8ŽgSy¶o¢ã:—…Vé"h^F“`ÌA­RÉÙàoÚÈ•Zqp c+i‰µ®-íRayiâéƒë¨Iq¯ßçSô³D”Fäþe›ÿ%Z*´¥²ÒÏ*‘ÈöóÉ5uY"g±Vr#«J&
+PÔoO5§\ŠÂ�Þ �¶Rò™³|\h¬ŽBä.'´©tN\„¯ªHôÎP4¬æ±UÏ’-
+8AɃ&q“ƒþx¼’Þc4™6/Ûð»
+XGʤÈézßÀÍAç~¹t,x˜ßQ®“:“õ¹ýôpËÀ6ÀŠËJ`¢9[¶…L¹ÏŸ.¢0
+Ft5c)§Ñp¼kž2Z:‚â1ÄËcfj]	Å´Q굪@„®óÅ--õÆî–�=‘Žângð¼—Z[þ2ìv» Ià ƒÓ¡NxèãœìW½“8ÓWR"±c戜mÔ¶®PŒ30º£S)â'±E°ÍZî9ż„‰u)a'
+Á>–¨ñŒix�¨0F
-=9�Wª¥žáðŽå­±¼1…J‰<YCbÉ܉.M*‚–Nü,3Dœ¸¢[i,>zõáÓüVÊÂíÅ�z »�q¦ g‰é
+ØÔgiþ&Õu¤
y,q`ñNWO^±î¥5±(å¥9â”?ÚÑV´\ü3èŠu¶qR»5A�'—yœ‚9d4m„¯,×	bîD‘0 ©aÑʈëzË`GæL3ëF§¢r7ê%€Žs
+#q¼iGXh²Ú(�
€Ã”/¥¬”ë噫͡·4í@SV
I{9ôFô¯‘SA@ž\tM¦H¯¿Áäļ{š-Z^Al
+\S\é+UˆVså-ÃñŒÇ±`…Á¾Çøž†“+KÏýüî#]ovIË/(\Ió/¿ßÜÎ?ÿÑž‚û¤Œøßâãò]úZ5Q^þhÜÝ—å
+¹¤Z%ôš*ü||óÃqó?8ç–åì²4øöš
+{ôPî’[aìRZ¦·ºX!ÕôúGKº8É�Úlü0zRñ“îž°ÚQ|HE±Å„Ç»ÚØî}Ù^gbk~º~¢lÂþžåõ5;Ä_µû”â×¢bs‚¿Æ•*qxIlSiF®úIà‰ôÓÐä1‹}ÑWÈ4Ü+[DÄ„…T:|ªt]Þ,ð‡DçhÑÈ°Ïñ�\}FÆÄ;\ïʨñéý„	Îè”·cÜ•¾ãÝßÀÙ°é5¿Ý,Ð@XãõŽ-L
SÃÁ¥=qc¸WRäN7ÐM§ŒïLnL²f
F7,@”²^{ƒÄzϾ�ló©ñ¬kØéç WÉi;£Åò-oÌ]bäS8½‚Øy74ižZõÅ#+áqÇo‚©×¹òûÀü#1„o?iI™q%i}ò²“]©­*�šJº…ÈasÃ%á3{ì›÷w(ÄRÆhc_ÅŸØÿßæ¸uß{ƒÆ�Ò8xqÕ¼Âo�²¿dÁÏŒr*@çˆ|Æpl	š~à䲜E]A|ADÜ"Öµ»AázÇÆÕÝk`”5²Áe°0…égHÄ�Jn+ÙpŽ‘}‡›QÅPëÃM³±^À««Ì
è�py«TxÛ©qm‚é©qe ìvÍÏowÿ€æ�Ãê.�žwàBŽ;¯áoÄÇ¢]ª@î)™äS1öX%PpŸùŽßG×ÿ¦½ùôó*Ü–�>OF7ãÓ.ä"R·µ‹ýËýÍï.€öžŽry½à+-Ñü´§©Æ*Ï
+'Ó ÄÿÌõzËùÝû9=Tš;-Ž¯ÇjßïO#w«ûoŽ|<£y¹¡“χüëâ?­È
+Êendstream
+endobj
+896 0 obj
+1970
+endobj
+897 0 obj<</Type/Page/Parent 689 0 R/Contents 898 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+898 0 obj<</Length 899 0 R/Filter/FlateDecode>>stream
+x
�WÛNãH}ç+Jš‚œ8@�fÙEšeg!H³R¤UÇî$=cw{ºÛþ~OµÛ1 ÑKIºërêÔ©Ê�£˜Æø�i6¡³)%ùÑÇÅÑo‹£qtyIíÃnðbL“	ç—3<g—Ñ%YIkÅýé/«Oâ‹It^}[øš�nÎ)Ži±†ßéåŒiø|L‹d ÍŽ„¦“Å·£Ñ
̆cƒùã×ÛÏóûª·÷·dVßdâ“L8GÎ�ò”àòJ’óÆÊ”DfôÆ©T’ Â8õ<OSjOÆR!­3úÀ„Òä·’�Œé4>‹&m�*ƾDDwÆKžÏ!w�'Ÿ¤­•ÌRGË�Œ6•*]žÐn«’-ÈDA;å·|±J›Cϳ)}¦4Ò@\÷7ד³ñ1,¶ÊþV/”J§6:¼')‡Z[“#ׇÅýãõâñ~þù ?oÛ
+/à&•Y�˜óÂKW
ÃR{û*�í¢6:{Á£é;á¡"•�N–Ì©×Æ&À
)3|R‡€&Qø-à�jè&S0E»…o›ÂR\
+d–}�¨FU*‘\JeÁ…ˆ-uðuõ¤9Æp;n-1‘S¹ÞOª^À	Æ®–u™z1‡ö†~»3ˆŽSåŠL¼Ü‰\¾ïç
<áƒzSMöw\2Q�ÇGdÍ`jBÃ(am¨k„¶ÐJ‚ÅUóö²ûY¾]qWÆ ÛE5 >| ™
+ËÄŒ£)÷Nvk€YÜÊØ[ù£ÄŽÆ#ê ÊÌ/Oö�bƒc#{RûÓsÚhÔ1][è„¡¥Lá†;ºË³_vÕ#þ?Ã}¯à¿`ª_ÉÃ
+`™<Ç‚Â
+T]XÐÌÁ?»{­Va—Ç‘å ^œx\¿lP=§Í‚õ»5p‚v'³›I͘^µÝÖ£j{(öFk¢6ݶjF¦mï$ГÏ[6‘üQê4ÏžÅjõ/v)¤Þ¬SoZ„ƶ½J…•nؘݷ	KCͺ"mÍZ|÷À–ÆfG7—õÉ_Ðbš^…õøaþçÇ9}±†¿>Ñ'“”Ìíf²ŸÆÓŸÎ&í*ð³Åá|v©	ç§Wì»ÊßGÿ
4–vkendstream
+endobj
+899 0 obj
+1507
+endobj
+900 0 obj<</Type/Page/Parent 689 0 R/Contents 901 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 295 0 R>>endobj
+901 0 obj<</Length 902 0 R/Filter/FlateDecode>>stream
+x
¥WMsÛ8½ûW`’ƒÝ™X¶lY²9¤›¦Ý™6Ûm¼§Í(‰¶ÕJ¤JJuýï
+¡?Å¥ÛÂýÐí -ÜDÝšÜMaë
:
ÑÉ:åí)¬“Q¦RùL–BÿG~}µþ<˜Âxæ£Ùu:º¼„Z%º(¤ª ÚI+!ÛÀA× Ž­´ÉÔJm³ï7I¢k<%TÚA˜ä’Œð‰·F×% %“I™"ƒ�fF&hç
+�҆̀=ØfãYA¿w´,`µ<Ù{A Ñâ9á"-Pf©ú•@Bªm ¼èiö–sªlÝÞÀ†ôŸë£Þl²ï¿6 ÂÚ‚åE¶Ù‹VžA·÷°Á’Ëê‰l²_õ¯€�ý{xуmö¢1Ûí½
+J±EË*«±ôå9(]A,±¢—RTèg'�ô
+¹SÃhH¡°
+èÃ8_aÆÊ�4Ÿ¹¹ÊÙ²^•Æ,H„ûû†¹`¢Û‚~
ßD^wI~BK²j+í^D":‚Ü3‘HB㧂1òP€:91qâ…r‘¨k!àƒPøðÌ•®¯K©ñ9]¥É5+œþ£Íöâ|æÁ–2É6Ž…_•KìÐÂNÛŠù8B}ˆ:¯,
¤ÇC[M8‡Ð™@|b'b�Qxá<‚Û^{ïA—U¦ìI|8ƒ)gÏéï|âGC½Ù¯P•08cçX;†Z
¡‹ãñÕ�ÀÛ‘w÷σ>z0T‰*O�Z­¥H:¯Ì^ˆ³
Åv¿Žcˆ@«‹ d¯×0_®Î<NkLB~ò®-VÊdÇÌÿl8Ë
^<�äþ¯Â¶RI#r¤¹€8%¹òä@ЃŽMµA!
+endobj
+902 0 obj
+1414
+endobj
+903 0 obj<</Type/Page/Parent 689 0 R/Contents 904 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 302 0 R>>endobj
+904 0 obj<</Length 905 0 R/Filter/FlateDecode>>stream
+x
�Wkoã6ýž_q‘bw –-Ù±Ó
+ôkÏMu{(Ç»kI°÷ªDY¨Ðµ¤Ö²»‚ž¥)ÉæF5ŽjQÉèi·í˜†é$ÉØ)åƒüï1¤¤)ߺ? Uçe[ÈÈí之ò‹¨šRÚÑÇŸžGç‹eP*m¤7~õ‚ëEV·&—T F­[§t�ðÒžgË�‚þÜ^S%`ÝÈ¿ZìW!i6ì§lóŽW¤Ãl†’#°‡²D:¤±ä4g*Š(pËQœ«Zëh'^aŒ^E©
+ÒH‡`©Ô¹@.ÖÉ*!Zî`2&_œyܽ.eEjs,D%ò�ªåÌm6ˆ§v¡ÒìAÌ„4¯À
»\ôÞ
ú2‰™Î#†óä–ºº­²Ù<>ï@Á��á#{o\§~”{mþd ¨Ú:€Gpú»ú<IwwÇ¥¤†AD•.ÚRÒ~§ò]œÃö2Ðñ:erÿþËEšM’”npͨ¢,KQŠpWÒ‚¥
+¯r¬mΑË
Yi8 Ñc—Ç
áÕ
+…²GRCFûœ 
%„sWi0±�(Ui=Uh:ŸÀT�ý¯iìt
+mïå
+;K(Š¶…ìô‹ÑmcAóZl=ÁßÖºDôÁFV‹ ùX
¿Â2p{gÚàx¯+P¯]\ÓA·dwº-†¶Úü7�(³Õž‰¢R5kTÈ•ÓºôzRHh‚Gj¿ý�pAÍdÈ;ÕèSÐ
xûžÛ~'Ÿï¯ºýÂ"Uª?YãYÔº}úUï%äš”û—o==ÿÛ†‹Î!㟅³þí´•§
XÕEOžœ‘’µ€yàþa‘Ë»~îàÅY®.u{ªx]ä÷M	N¿hÉŸÁÑË£´
•æ¢ó’g©Ñ=¾½Ä‡œÐ¿‘ƒ3£¹®7jÛð×ÐÓbáÑôüðÉgÈ >HŒáÁ¶Ü&‘¥ ë#éòs?á-¨Û'Ô™ÕwuÕ5¤®†ê(ÙFVeI–L®=Þ|P=ôƆAhkз“F[õ%†Ÿ„FRINƒÛ	¶>‹®¾Þ`D§Î~Ÿå>ªzCk½÷Î 0[kzZ=b‚s¡…õ}\
¶¥^ßð{ a—B×¥Š™ˆ|ÏæcÌ·ùžA)¹	Ÿ4ŒŸ'´�yk”;øõ™ÃqŸ˜yã'&41Ó�
+´ÐF+ž
+¯ËºuhV<×Û³úru´Q[UCÃ{¦x­·3“É·;U£óUq<
+º; óñã§ÑÓò<€ë7½–MGÞ¤cnÉÎR F¸á±¡w‹™b<Å;§‡oOÝL�!~Ì-·O¯ŸŸ~üý?ÏËŸŸ(ß	 ȃó4�œf¢þ>üõóËÏÃuYbFï�àÇ‚�Š�2èA¶#•²¶•Aý.ýqÍÚò’p�ŠÚƒÆÁç·BnD[v|õ<Ãýöˆó³:­�`7ÝY¨3‚¡®Ã³ZƒÕU¹¹ºÑ dÂ8.ÔÔõú
+endobj
+905 0 obj
+1869
+endobj
+906 0 obj<</Type/Page/Parent 689 0 R/Contents 907 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 305 0 R>>endobj
+907 0 obj<</Length 908 0 R/Filter/FlateDecode>>stream
+x
ÅXßoÓH~ï_1
+NI¨C›´H}
H´ôh•.÷°±×‰ÁöšÝuCþûûf׎·Ü�zE
+‰w½3óÍ|óc¿tˆ
�‡ô|Davðrvðjvp889¡æC/ñã�ŽGÁ`HG'c|?:‘–óXÄ1Ûlöúˆ‚€f1N�Œi¹õCš…ÝKe%Ù•°ø�ôn:¹º¦B+«B•Rb(’…–¡°2¢$§XÜ*M*Þn¾}N×Vh;{wMò›•y„�ª�ZØDå¢7j-o¥î=�}>8¤~ðJÏ¢.{_ÈœRš,´Ð26IS–~›DÒ�)‹BiK1Dò~•FRS&íJAFLF†¥Nò%…*ËÊ<�–�Ii×R榉̭i	y„5T2ƒji8zÐi8S¹|´Ý@_ºs
†UüàÇR®ò¾ˆ²$OŒeco%•8×P¬UF+
	0ʘµÒž™¬âõ–Nl\”@’UzÌf+È
+›B‘Êùd>‰·Å*MÕšMÎß±Gø¨g¯5ο]“Š"À†Ø/Ԏﾨ7žrÔ{«Ÿ<!Ágºã;i$
+rvQ”wH„¡4¦G‹Ò"ò
±/7¬’L�¬Í@l2~~3ƒ$¬Õæ,Í®*Û{¹­¿¶Þ!þ[l ì¬æg×"[š0®=UžR©ìEáY‘Š$ÿ¬Üw¥—ZÃ=mêÃ~gï¸EÇpåx8U\‚/5Už½>¥
+è‚*~‘ÖÐ_ï!';`ŠQ\Ù±Õ”áŠCø#Í»œ‚çO{ôiÞEÎýb|ó“›y7Gö®“±üV$¾Fñ"šÎ»QbÄ"•ÑüéOÁ‘ª¥Êgpö�hx[E­HKI¨1,K7TæÐ<º�B(ÒQ÷!þÔüb�qü˜¿$á—G	’�‹ü|%òå£
™¥±�+t¥29Õè(î„�+Cq‚âãZÞC©´œ´Qu׫LÀ—5œ7ÐÇËs„¼E¢çú…ÛÜùÛvƒ…ì°‰óU´{pû¹iŽ@ãÓQÿ2êܼèg/Ð÷†«¯T*UõÌŸæÕÐ;m[bùµŽã�—Þ�ÞZ ×ÃæJ™lá:›y÷xþFæسtzP†:†}¬RÕxzìöªQ]1bÓóS4	`›	uR a±«;`tšenUÑê¢M¬Áñö;Èa½ƒSÒo†¼mþÝ
Î/¦ø|uóªGJ·°¼œÌ(NR9@'y®¾Öý`^¦©î¤0äZ¦¾
ÆŒc.m%
%‡l1w«å–H¯×ÿ	: d“ïE½AWøp®­ ­^­ç*·úöYVaˆD?„èYĨ]\†”‚}5uÚðÕQÊ[ïÁë;1Ú’÷Ë"6[¼AÒàÓ÷ª/‡ÏÛ(bù�fÙŽ_Œ¶‹¼–÷ÅçÛØËu‰!ŠÃÙÆ“€x7ÍôZzš•*Sd+é]Á"û;YŠÑßaA�£àm(ü;©¯ÊB.[Íñ+0Ãà&Ç|¾3w¹±k?zZ¦îÄR;.ªäÅØýû°ønêªSÓC©ó�ÁØGŸšÆçN@l;°:«Ü߈ÜÛýüP'¢“ª)mO—uêøîhÁ«"ò6‘a¶È-×+#óÓ²R©ÐSôæô›ÅÛéHXþ}‚+¹õTV�BK>†ê§žþ̽ZÓÖ¬†£?<ÁÈvða‚fâ³rw
>R�lJæ2Ô5•s‡Èý¡›üŒRaZs½1OoWÓsÖ	¤R&e ¦«BËð³‚~®n†¾úðßa8†F‡Gƒ±ÿ‘ÒõþE’ÛÎ÷N¸ur÷7Í�ì´éC|ÿÍûO³÷,©¹{rßð^×%‘HZ‘`†ÆÍŠïFß<N–%lôF¹AôÊû‹¦Þ’s•[�[nìïK?͸«™{;37ØUcâ:A'ÄîÞ�Ú	‘†«§ÄÏÞŽu¾à‰d,ÊÔ’\
ákÝ]K0�Ý�=¹x9¡+­x´‡êa™Õó3CÒ÷›ûã¡Œÿr³p4>ÇÝëãaåÐ?þ
§"endstream
+endobj
+908 0 obj
+1840
+endobj
+909 0 obj<</Type/Page/Parent 689 0 R/Contents 910 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+910 0 obj<</Length 911 0 R/Filter/FlateDecode>>stream
+x
¥VÛnã6}÷Wȱ¬›%Ù@|MHvÓÆE[Ô} %Zf"“^’Šãý÷)+N”ì®Ó�C©™3çœêKË?Ä>¤ëÖpÖšÌZ®“$pø’9þpÁñ+Lbs$N’Â÷º¸¾î—¼®¹¶KW1ÃÓFêLCð<˜-MÆ(‰a–Ù
.ÌÒSµ^\Š5…³»Vgšî7¶cL†ëÙéÜ�âýbŬµ½ÀñͺJ%Ûè¢Wÿ;D!rÁ(Â
++Köð®2Ú~‚%´ýÉÃBf+ª(­%[”š* ȨàÅ”’f°eX£^QPd½ ƒ4%×@¹–;`K»ò@Šrÿ$¼�Ñ%)
Õm`*¤áÙ=ÐGÉzSÐ3 J•(Ãlp{9›\|†QÀÅ”rH_²¼4(ð6�›ñÏ0'Ñ{Ú»{åN-›`�s˜ãßOWø_Vú֞–¨DË8f`˜Vû°hUëãÇÀhÆY²‚:ðÛ
+Q(•ÀÉ£œ,hz¿;
G�– L¬	ãgöºŠä×	¸›)JÂs`MÀôqƒ$`.n
+­¹›Ïmn>VªÔÒè#SX"Vjô´6È8)YvnÃœ‰ò|C…)KÏ­öæBÈüÄÔÁT%/Â3åg¨ò¥ØÒ*Ï*WàýCâL =¸@Û–ÞÈlYÀ¨àÍÓ†H¤^£{,µ”›‚¤(Üã¢�‹¢2öV2M-„UêJ®²ŒIšb/ìjÓ£¬O`1¥BÏ!!(•ÀûIEpÝóSêäŽÕêúóð�½NóŽId‡ ÝÀ;Ì<¼ªÇZgÚu‰c)ìÅvø¦˜ç9=&U3ÁÕøã&ؘÙ^
+‰Î|Þ³¡u+`3úf$š
€›‹Bl+·áS[!ïÍð©ÿO‹R1Ák…6B±Çz ˆÅ²”ØÐý*“=ƒÛÃDÝjÖd¼Æ`9NíŸÁ‹¡ZŒß	k7tY-%ÇY«Ëú�ÄÉ8q½0r£Ñxà÷¢8„ád:ð‚n0Å�G7ÛìºTz„²ä´¾ÆaDá«}’­‰Ü]HQn>Žûàù®×U¬(º]¿çúnà
'ãI³ÆÁ0ºÃ®ºádÒxQ\¥o©ÆÈ.~âžç‡�MvÌØaº�¥Šß‘å÷•¬f²î‰B~ûP܈pÏÒ{±\Vá¿ÊIS=-H®úð篿Cý÷W#˜AúÝXÒ`ñz®5žF2F„׊ØR§uÛ8&ªŽÙ×æä•+«óǘ-‰V]`ïÙ¶|îx{X|Í¥ôŸ¦Dâ\y—Q¿!aÆš|÷	§U.¨$E#›¡AÏ�Øìû&~á¤çì4P¼Ø÷œÖƾ#cÉC÷ü“ÊÝFÿ;Ü\ûô.ùåþoôS#nåäJ‚×KŸÊõ‚Ê> »š­’â˜ù&½"güvE‹¢�ã�Q«F†£ü�³¬†á½Bq\»½1ü YÐS5ì`}<a1æwGc5šæ¢“¿Éݽ÷l|àêQÃò½ó¸3Möo<^9D=ûöy;¸àF
+sxÀX¤ø2È5ÑxÊAÚ^ãævìÛ—òww8éëú80
ñ´ý¹õ¡éŸ�endstream
+endobj
+911 0 obj
+1228
+endobj
+912 0 obj<</Type/Page/Parent 689 0 R/Contents 913 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 308 0 R>>endobj
+913 0 obj<</Length 914 0 R/Filter/FlateDecode>>stream
+x
m‘Ënƒ0D÷|Å,é"®m »&}nª¤�¥®]p(‘	­!ªú÷½&–úP„Œ@¾3s<þH8=…D–£ê’•NnuÂG^.˜‚*ú–´¼Å.l_Þ- ôŽ„ù|Îrè$àºJ…`‚3\÷]gãp¡÷Ñ�rh"¼žï™eäžË‚ô2¾`eüsØžb„ˆ1²ü³qÖ�iŒs¨bQ6Æ×í¡ÁøÖxX¿è5Æ
dø¡ð
Ò½õþëj0Ý«a½oþNM£aŠ
:¸Õ}uœŽ…O3À™aÄñ½6£­)bÒb&2&©‘ÔÛ�³ÕHÛàO%J6'À	�ý4ƒœ+:Þ¹¦ËX�È.‰*þÕõvù¸Zbãû}º‰pflûCpŸ�T³“ìÜͨBQíÁ4-TzJ¾
Êã‰
endstream
+endobj
+914 0 obj
+314
+endobj
+915 0 obj<</Type/Page/Parent 689 0 R/Contents 916 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+916 0 obj<</Length 917 0 R/Filter/FlateDecode>>stream
+x
¥WMoÛF½ûWzrP[¶dGrzK‚0Ð8n­ =ä²"—âÖä.Ã%Ũ¿¾ïí’M‚"Ž
“»óñæÍ›áד¹\âß\V¹ZJRž¼[Ÿ\ܾ‘Å¥¬3¼Y®nd�ÊåìòO’Ó÷¹ª]Ë|1“OÖdF§ò‡Û:ëe£›Nk+Ÿ�M]çå~ýjýÏÉ¥œ/®aâTÙT>Ýßý-­7vËSäú›ãý�_Íg‡ƒùLÞn|S«¤‰Ç®e>ï�-V<tg½­Ucœ—EóôóÁ$µó.kFÁH“×®Ýæ"JÚ>ò‚‘K®<"O�†Iu�œ”ü’»b/°nŠ_úDæW16ƒ;(¸­¶Úµ^p³¬Ú†yi»3µ³¥¶�—ÌÕ°T8<oL©gòYKUk�—SZö)�J7dÈôô÷iÜYÞAŽM®åQ•5‰É·¦ÑÂâªUéi)ñ®@`ȲqáîóÔqvSè�Eï‚êh^•2e…—p†ñ‰Ó#Î=¼—D…?“‡¢ÝnÌÊÛÑÚÆ$ñþ—¶…Æ	–ˆyÜ«!?êzgdÕ™&É'ì¸n(ÝÄåýZRW*”
+¡q¥T©&ÐÌ$mÑ€ׄ˜2¡CÍšÎI,'Ág‹ Oƒ®ÞìY«ëPµœõúh5û°“9w©ÚEüMjH"ö£¶bÁõ´Ç&I\Ky€±�k@y0)°õ%jèË ¦CÀ�?ÄŒw‚Hìüqã#„ž‡’ô!�®j  (
{
Š5¨5í
+‘Ý?>†5câ3ä¿
°²qgq™Ê{)̦VõþË+ü
ð‘sŠ±6GÈCGzŒÒÅY¶7&½F…Úc}…Ál›Pá‹Û›ã§ÚÕeüjú©OÇ@õž½D¾oX¦v½ºfØê5`eþóä?—†Õ±endstream
+endobj
+917 0 obj
+1671
+endobj
+918 0 obj<</Type/Page/Parent 689 0 R/Contents 919 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+919 0 obj<</Length 920 0 R/Filter/FlateDecode>>stream
+x
…WMsÓH½çWtíÉT%Æ_$áhÈn-‡„,1‡\ZÒX"͘ÉZí¯ß×3’?IJ@ÖLw¿~ïuûûÅœfø5§›-¯)­.Þm.^ÿ±¢ùœ6[|r}{C›ŒfÓÙlF›tòÙ+çɪEŸ>|¥ŠÓBE)‡‡†¯èa#9b“Qîl³#2\)OìådG­mÊ,¼ú›áZïÕoñ¶ðÖôÕæÛÅŒ®æËéÑ'9!÷§…m
mu‰›È[\Åu¼��"|¦2J:‰žÙŠuÈEÒu¤öÊPis<«åœ¢óì%QטQ`Ž/}½ú¢Mf[òÊ{�âQŸ†^\OW}ÂÀ¨ìÈ&{mO8®SÔ€Cθ/Á3Òž¥M.H„ÿÅ’FØEèj~Q!ó­uÕ(Ñ»�÷ëÏχƒ4<	èOiS ~•¢v�Ô kâ²´­?äl2U+WIGc.NeÚ©4æn‰G‘{ SkjgË=G”–M�z�(pÚ±«uÚ”ì°/ ƒ Ý:-¨v�—Wûkx8µUN™Tecl×Y¦%dÞ]ß9»×™ÝiÐ_ƒ˜pðp¯Ó¡œH?z<–MžsR*ZŸ�Uyo³FH÷<y\ß?¿"ß!ë
+Yê#�£î5£ö#ñ&›Žpœ”‘€ïveŸ¥�-…Mylj.uÝ�íå	sç+²[äaÒÂY£ÿ
jï[ë2aUÝ*P>&êÉk`)Ý>yG4ãk‹�‹9`AËzŸ'½ìhùó«Ð¤ß7ð	z³œãçêö?øƒ(Ûh+oiyˆ­¬ÞÞi�e¾˜.§s À.W5}†ÔŒS/ºZˆMN´S‡—‘?$e]ÎÀ!ô\p£‚÷¨Ù©¿µ¯!ô#a‘ÚÀ7³uìA´n�g EOLxΨ­öElyƒÅû€õ‹¯û� »P
þ8=вÕ@<hL:c§)zÛ•¶÷�ã�ÞÞ꺰ˆ‹š¤Ð	΋|Åå�¡2®QmšÚÆԨ䴰^ÿ¹S\ÕÀ†
+ÌÛêH¨QXΠ~à…ûàËdQQ¡8ºÅ\%~(ÿ¼þ
+MÛÁvPJʼn:e°à2w,œv À6f¢�k¥1$€Þ¬ÿînP°Ì•`M;‡¼B3áà’¥{�:ëí¶îéc /éQè0ò
+‚7áÀ£Ø_ñáÉ+®`'Á‡T.@CZÈ?È;¸‚äé(Š�l=ÙòZäõÿ"[.ãü<ÙjJb’
I}‘*$áÿÚ‘Û~Põ††Éê\-c®ÃÇ™ÒR£¯#ùájA�ÖAQ@¾`¶áMõ¦ß/&ýõÙyÊXU€„JðP™�àÉ>€OúÉÜËØÛô¦Ñ2&‚ÈÜqê{b¡CÀ��•E¢ÁÃGb€¹2J”Áúáé)�
+bÉ¡AÖ3[ƒN Ù�O+ytº’5ï.,£"ß·5l4w‚m–<ëøZv)Kb!f[bßî´*3Г)±¶Û-…þEËúàЂr°øQä]ãv³}¬”Á�€˜ø@¡Ÿ¸´¶(ÓTA«Ãôx!pÑcXs£4ñ¦MÂ\Œ
+B¾˜†Ø™6£|8‘¡*ë9ÖÇ£$ô,|eˆWNé#
+endobj
+920 0 obj
+1691
+endobj
+921 0 obj<</Type/Page/Parent 689 0 R/Contents 922 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+922 0 obj<</Length 923 0 R/Filter/FlateDecode>>stream
+x
…XMsÛ6½ûWìøäÎØ´%»–“›ã439Øu+eÚ["A‰1H0
+
=-úâužý?Î~ |pzöµ*�9�°$¦òÜv7ÝtµÌ˜mú²öõMF$;KR3ÕÒ)·�0Ó
+Ncã+—_@­Â†gt©C~Ùx/T™a*Êx¢çË3ƒ'ÕeÞZ½0;
V?:�
vjañÔXûÒµ
+Š†I
+qRm‹Îð܃¸£­
ð€„Küöþ’]�y�Ï~UŸ¡C¼Bqy¹�ø‰&M
–+Ûëm¦-wl•„u7Š¼Ø¢™`ec¶1~
ˆÍÀÂO¹`¡x°1…|šcD�v“£²krÞ¢ès�ÕŠáá�Ó`—I63úµa#Ê~²€ÁÝ¢çïwÁ¹çè˜O�!nð†ƒþï`p{í»É€eͳçùž�yº±ñ¶¤•3ñ6øûÁ¦×˜c¾�Œ…V;P!xn´.8óQÄÀu!ò!ÀHÛ…1RFå÷ó-aD”ôà=ã"€ÅŠ‚N“©Ów<·æût$rRy�ùª€A4Xâf»F
R	ÄÀ°ÙÕ9÷­�ä²£÷È.Ò«_'Pº4½½†’¸¹›ñgüí”ca<�~Èn�¥ñuFϦ[­Ôyßq-B¯AeN…²öÃÇÃ.:ù½k�‘Æ[ziìåõô|ÿ•€nBŸˆ¼‹„½ôÁ)Lv¿:t�„G˜àÖUÿD‰DAçëÆ»kf(\€Xf7=ÁT¢Ì[ë}ÅÙ¡¢B±åv/‡1¯‡Nk
À#à<r¾“Ð}øƒÁ‰Ãl�QZ«WÎÎœÎmÝBç2Â@Ãó¨:âäbp�°<ÊΈ|9Ým
©˜Ü¡;�QŽZ­Çî ,#)¿¯¶* &+®6D·hÛ€Ó€9»ye
l7—¤!r™¶PR쉷¢†–�•#;‚–¨ÂÞ²`w@RbA
ÅõÈ;JÇ<½–E5QzóSÏ7ˆ-RÛ¸™ªQ+Y¢BË»8‘ýî�ôa'°á›5-¤wУ°à¬W¬±Bn*éÊé¸ã{™~tcŸ>%Ý„X¢ äù^Ž�â¿‚\äw¼Vx1A‹ž“¬û¥$=Dygxý/v1X¹‚µ|­š•@²ˆX× sÀáÑ°
ÈØ"óû;�u¤ñ"™Là€Ÿôî6ŠcFªc¿Tð£òÁ+´,ñ(óäø~§OãZEÿ£7‹}ÃÆŽdj«ê¬8âuÞHƒeÝ‹7FÊSó>EF#6
+endobj
+923 0 obj
+1820
+endobj
+924 0 obj<</Type/Page/Parent 689 0 R/Contents 925 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 311 0 R>>endobj
+925 0 obj<</Length 926 0 R/Filter/FlateDecode>>stream
+x
�WÛrÛ6}÷W웕›¶(Å’ßêÄMⶹ4V&}ðL"A	6	(
+SjªåºÖ¾2VÓv­jª\Þ”:ð7¥S¹œp¸ª‰Tƒlm2Ug)[ë쎔ÍÉX¹ûjq{pJÇãI’"�‘ó¹ö	-Ø«±pR¨LS¥î`]å¹±+˜$«·CÃAû{ƒ£…óôÝØ¥�‹{�L´
+»#Re‰xªÕ:GBˆt©¾s‡|àWÎqðüýÉ;À'`�6ªú{M'ÁÅ/;$G-Ä2·1ZPX8
¼'Ag�7õîdh�Qa·_.>>E<pV|º”×¥¾W¶¦6qÀã5
+–«:ºFÆnûÿ{£¨Ë�®5ŠÙ:Ì]ÖT(T,“ÀX9ÿ"]+S†„ƒùuq
+Ÿ3Mƒ»7£¯W—7¯"
¸Ã…Ò¬Öu¹£Ü…ö¸Ç|úöéê/PÚdkZ+”ƒ¼²+M®`oKí[bq™8xáGët'Ùд¥@P•Ž÷‡î¹kØ>^Ž„„®j¦_[ßÃ@·nÉѽh…š�•ô¨DjòǸØ+I÷àXP	c<ðÜZ�ü¶…Y59
+˜£ðÀØ焱Êv¯16‚þÑhGQr(4BD´÷rÇR˜»J=k°v¸—¨5ZÿÛS]µ p‡‚×uã-²1E_.ߊ $|†�:îªÒ�E[S¯qª‹hÀó6>UǽنΖ£ö>Þîò
K�…Ðó¤ŠNûM±…jin-e£¢œî§E/+&¾ƒ�cb‹|´(Ã:|``-׃
+It]F½˜<Ãzô¤aàšÁb~d®‚Lâ Z¡,@,ƒªµÊÅîÂ@a m/¨)Y°EÊÖC9Á…HŽÖ–é%ÎÅËMÈV.ăàxÝÃnÇÌîĹ}‚9€ÈX
¢
+våâtÛ… �§è¸Ÿwe:�‹=éJôä �ÒE¾qHo]5òÉÞ	–Zl¬4濾¾?§sìiz
+£¥“y2n+éz¸ò¦éxàû#ó[ŸÅÊ
+Ö`YÝ?ßX+K3ε}A‹3
+_÷¶ó¡±¤a6XڹƷQ.Ýfz´‡º†tWstiÙ0¯D8aÈÓ›lˆLŽEÖ/-µ�´'ûåx†*ÿ�Æ“Ùs‘�Œ™P(¤—ê/o�ˆðZŽX†y.£
+`ȾևÝÂy<B¨†Jþ
¯Œ/SñÍ0¨)º*SµÄƒ
+Eß“ãåêÈÛ©{„Å'Ž,—"èq}…±¯ º–µþÙ“
q¤¿‹lóZrèõª)•?„üDÎa\`³„Þ�ؤâôŠzƒµK¥Æ²�2ßaÄ™Œ“Ÿ¬°µÛ‡	ãƒT¯UµT2¸Ÿl @ ÂλÔPª-ÞEX6¢´(:Œhg¬Ä&;”udùÁº‰`±
ÌÎøòZ*(á
+endobj
+926 0 obj
+1830
+endobj
+927 0 obj<</Type/Page/Parent 689 0 R/Contents 928 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 316 0 R>>endobj
+928 0 obj<</Length 929 0 R/Filter/FlateDecode>>stream
+x
¥X]sÛ6|÷¯¸>U™‘h}ÙrŸZ§M[OêØMÔÉCÝé€$$!&
 Mëßw
+¿+e¶X]ºvÅ»õùG¥çoùÞ)Mf‹dαÜÿô#mø<Ü38ƒÌ†rS
+ÅÇ•©´.!j�¡Úá¤
Fo¥%-eÎQíÄ“$'÷qJ¾lÒ»Md™©uÕ2ÃIOÒ&’^l;¢kZtS‰¼E®ôÖcŒ
+ʌިm�\™±âU‡mV[`�Ní
+[0™òD-E¶SZ&´F�¿uÔ솥`A5BW¼ñŸ‘¯tqzŸÏÑâBö"*
c
+'–4÷ùú|pï#n�ÁÇÂÂöR|¼òÝîˆE#S�{\³ÊG† F¨ä4¬*¤x�Õ8p)+£…¯TÖr“P¨4;ªÒ(j�±™ùþ–›F¦mUè‰pìLBN9t
+�ÊÑožmñP˜´Ž¤
CQ?doÔ³Ì=‹z"_›0[ÐO¡·‡FÎç‹Tª±"Ëà‘(nJ‚—л´nmdQðß{þ¥|ا
+c™Ÿ
+8º8 ò#ˆ«Qánpôñò�섹°¹WîóÜžçm2(N¨êêý¾`Uó¶
+endobj
+929 0 obj
+2008
+endobj
+930 0 obj<</Type/Page/Parent 689 0 R/Contents 931 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 329 0 R>>endobj
+931 0 obj<</Length 932 0 R/Filter/FlateDecode>>stream
+x
¥WÛnÛF}÷Wà‡0ˆE‰Ô=h8MÓh’¶Ö[S+r%1!¹ê.Åß3³$EɶZ 2@‹ÚÝ™33g.ûÏUD#üE4�i<£¤¸zµºúiu5
+:>ì/#Šc<&‹9žÑ$d5m°+ó8œ4Kãq8;®Ì¢¯þÐqZpª»Tß,)Šhµ
¢ÙbN«TÖG´J‚(§á8ŒBúÑ”›l[Cµ*S¼û,×twûîÕíóÕ§«á›I'dÏ€j•«�¦¤9§ªÌ”r6‘³þÝl¼Ê¹Êªl»«6Æ”MC/vDK†Ñ žz©Ö˜êÚ/F~qÌ^
+ö²<¿¡õ=¥z£ê¼ºi�¶.*©âÃkg‡¹IT>tªX«SAHwZS… *+)©IêB—•÷¶¡{Só¹
¢±GsPeE•9SïL¡;
èÜé�ÞV‚˜Tî­ë,OEUãî”ôW�Ô•Zƒ%̘÷ww”gk«ì½DVØ>¢éŒáyÊ4jƒ¦}RN­Üô€–qŸ–Þø¨aaP:‡ð'»�	á×ZšˆýÒ€m€eÚ�z>éSÙÃÇ.*µN5ì5dëRÌö§­öÖ§òJ•.�ÕΚz»£¤dqkN˜}æeafioÍ^[Ô�ÊuYÒfp‡¸Gê%ûNçæ@ÿß
ÔQäŸ<bT©
=.fW˜”æÓ©y(éÔìžAšR'Ú9ЀíåìÿmLž@Ù’»/Ö&Ï¥üüòNOÒ£¸ò’î	LOüÆO‚åòuª?8߀æ•.×6¤pZÃ#}ÑV~E…Û­	ÕQÅ6䛥_³²þJ;ãª�Pï¨À7<RmK8ÀUºp7Þ/¨²Œ¡û�‰±V'�B¿˜ƒ†ÒâD%òXbæ€'âÕFè�É•Ôùp
¶ñ'‚èGa9Eï™ÊT;Hñ%cD¥‚
+·35’”µzŸ«æqÁ=w³cxJ´0zÒçïÍᆔÚ‘N³ê�8]%,î<¹ÛÊp
+o£F¹1ŸIí÷ZÙŽÆ罌šÏ^Á¢ô¥¼±ƒ¹tm‹Á4�ªÝïv*5‡Þþ6`gûÄr¿�ÈmJpŒ¼ø��Ç�àñ…ìŠu¯ö¶áéeðÓUå´Wt‚)”ÿ¦¶¢a11[)‚žC‡r^Y“ËâZïÔ—éƒ$;�_ðDÔzxý�¶ÐõÞªä
ÞEÍÀñÔôÇÏWñXF±%OÅËÿ#yËéŽ'¹ã04åq-Zr�ë÷/Zí´C_„¹H­Äfk$,.ŒüR©,çWv€¶×f¶Î¾�ÁâãóÓ=2ÜñT×ÞÝ¢YÓ»ûóDê›yxG”´Â�àï¨lÓ4§¬Lò:=/ÞmŽ5àÿÜæf­ò¿È¡F¡F>™íF±äŒîß…aøÃc×Ëä©àE##œõRŸ¤={ñì�]æõ‡w·oß¿h—Y ¢/xªŽ9„zÞ’Ã%oM(�“rëú˜wpèû
mèÖ2¾_wa;†ä{zÁšñüÌÊkNu–:_’¢>LøX¾p“hŒd$:-ü%£.„	É÷‹ØG¾D‡©;t‹—E-p‚åþíÿÀ/5éÄ€ùƒgc€|¿dÀ|)SêCüÐýMø}ÓÐ%ÆcnšhÕ(+�sØéÇf"ðÏëò5|醹4s2þ"�Ú}›ªƒ‘~�¾Œˆ"?“®»÷+÷5Zªrïx`à*Ж3ØÊ6öã)øæâr„«$¿\òîš�±–m–¼ñf=J€{?·z㉄,�0šËË%½‚îIÍGB³­Ÿ1�êádžL¥ÑxF4[NÀ{\ßäJ¿Yó	U†^÷/8ÂÕh6ÇöÁ<–+bs¥¥•Ì4[”b´mGêŠ7Oæ,T6.F�£¿úáÙ]áendstream
+endobj
+932 0 obj
+1559
+endobj
+933 0 obj<</Type/Page/Parent 689 0 R/Contents 934 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 334 0 R>>endobj
+934 0 obj<</Length 935 0 R/Filter/FlateDecode>>stream
+x
•V]oÓH}ﯸ‹Db'i¾¨„V…¶Ð• ,ñÂËÄž$Sl�wfÜiüž;c'MÐ.EQâß{î9÷ëï“
õñ7 é�Î&”'¯““«ä¤Íf´û0KüèÓd�h4›†¯}2’¸Ê£íÉÙY4	'0…CØß~ÀN|ݧ—”,àsIæ�û”¤âOi©î%­U9WeFµ•Æ’€A‘“]É<§o]æ*¥ÌdFjAn%7´xËɼ”.¶v•ÅÒ¥Q‘HSií·çÏ“»XhÀ¨>½=Î8€é$RAƒ
~åô™ÙØ¡÷o „á7¦¸ÿ¼“E•'i¥™)Ãþv¯úoxµC¯(æ1,]üì2~ö¥�€LÆ
+}¹K á§5�á¤>þ×”—?}¼HÞ½ú�?Ï�Á¾ÍŽwô¨zZ.Ãå#"Þœ$òµØ€*aD©UæÕÏ«Ñ´,[£ùÌé
^yšA6S—%šÆÔ>œuv´ª+K=!éZYµ2d?E™¬àò *Q»Y�J´‚¦
0îu›�Úæ2ƒ
(Ùü`g}Ì�?ˆúýsÿƃ{4f¢[	‡!ŽT!™>Éì~£eº6£Ú„œážßÒΨÊ4¯ýœß-(t4œŒ{®Bºrö	ûˆÄ¶“W"ý.–0×<|y»ˆÂ>m/Åþ5¯�5ô{w—œÙ°ÆK‰(0Ñ
—¸&Ìœ+…_ùY‚ûeÛR�J½Î…¦^½ó
@¯nÓkeŠÙ2G´ ;9\Úû
+endobj
+935 0 obj
+1316
+endobj
+936 0 obj<</Type/Page/Parent 689 0 R/Contents 937 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj
+937 0 obj<</Length 938 0 R/Filter/FlateDecode>>stream
+x
•WkoÛ6ýž_q�}¨‚Å’íÄ�†4i»+’­†aZ¢l6©‘R\ÿû�KJ~¨N¶¡…™ä}�sÏ¥þ>ÑÿF4Óå”ÒòìÍâìíâlÏç´Ø^†t5�çt5ŸáÏÑ+)ÇÖ!M¦ãøª[¾ŽÇa	¶°
+»%ï®h4¢E¿ÓùŒ™_Ò"�~7
¥BSf¨^Kr¢ÄÃØšLŽ”^Qmh%kZYÓT¤tnl)je4åÖ”þÐýíÍwç‹ÏgÉ»!½f7#Œ'o‘EÖ˜ú›°8
+‹—8|gQÒ8›&E¿K‘,•N6x䆫#‹j0B�øäÍÛ»ooM)”¦ë¬TÚñæ!�ZÿÕIûÂòûFºú…õSVMý¢‰£kkŠâô¦‰bÞ7ËB¹õéŸÒµ,Åó‰¼Õð_Yåäó{Þ{tîM¡Ò-ÝX)jcén£[�{›)è‚*.
+ K]¿òlÐfCKI�“Y‡£U®ðŠ<jÇìXšzM=:#�€÷[çß<[\L»eŠtð\Ç9ªe6L®Ô”%NïèÓÑ”cìógÒ’8b>"Tª„s›,ðdÏðÝQ¦¶[›¦È<�…шa›G‡÷GI[ÓXê¸ÜG‰¬Óä”õ(Øñ£KŸšÇS1¤¿Q¨rV–´Üô2oTæ.håŸkƒ^Ë”•)ÀR2.“¹hŠ�Ë¢@
éCÎ!rjS_Г´*g¯È‚¶’¶TΡ
ŠæŸzµÔÎý…j£±²Ø¤°´¸ˆI/q»ùbü?üÞ5Š[£*‹N*‚D°€€.™Ñ ˆЧ®ÊÇÎЮ�¹‘ø
+do‹Oz�Òå|IÜ)"d/y÷z'r—“‘gÏ^æ ž“ø2žÆ„nÍÕªAî¿…’ö^<Nù ºk®´rTÒm¤/¨è"Ý…ÞÖºÇÌÈ;êmuåòëmˆmcìc_pº±'ÂF h2Ȇ{PñÊfYÿÚ«¬yR"mpX×*mØ k¥%4ê“J%¸ø(e…Ù!2¸ƒF¶% ejªüÔ2È
 4	o`®MϽ«e[Ñ­Ê<{­,e¹„_^
+tÝR¤�MåuÄ7 `¥´(ú„l;±Œ¿ªÒC„dB51ýtëú¶Œ9ú°¶£ðÃ9åÈâ÷çè©^À¾µÐbªF—mâ‡óv½#(KÉFE(� ûë�Tš¬)dEðö¯èZàáK’µV½3ÔúX!j.t/dÀØO?Ž5Ke‚Ž‡§t¢ÚÕ`§6[V.¥ŸL LµBt=h‚“-ê¡ì|A0Ë™9v}`iwm8öí¢?>íƒnéÙ;÷’ÛÈcÞM
_ÏŠ‡hÈõãéå‡ÆY !7Û?ì%tƒ“icU½máa]¾Óô“ÒÍßÕŸL!0 ÉmAý]å?œ@)�þ&�Áçs=Îò ~'‘H+z:á¯Ã7¢ÓÆÖ`!Í&“ã³ÿà;.â�¸&]“µÐ|{,Pxt{;¯XjœA'ùŽaÁ�›œôsíáå”…ÆÔCuù¾‘×Uç㢇X;Ž�D¸²
+endobj
+938 0 obj
+1458
+endobj
+939 0 obj<</Type/Page/Parent 689 0 R/Contents 940 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+940 0 obj<</Length 941 0 R/Filter/FlateDecode>>stream
+x
ÍWMoã6½çW°=¸@,Fv
+ä�Å6@€î¢íºhZ¤ln$RKRñêß÷‘”lÅö~ï¡Ä5ófæÍðÍû‹	�ñ3¡Å”f)eåÅËÕů«‹q²\Òá—ÙàŽ¥WÉ”æËþžÏ“9A9ÎŽi6]âk|2_ãÔþÑ|±h_šÑ"M–‡'éÕu’v/Ma%¼
+æðL£�PÂô
+l¹N2­òç)ЦÐk¸G¦¡øðª­Ú`�ÔG€
+i]ÀjJäùÆTVÜp¡À€¿	éCâBÕA2aÌ�­‘Á»XÑï¾zžm�ç2“ž–D§žÛ¼&6t §Ö©‰Ï€·Že�0Ðuß�m,bzÇõ9£[Qö¬,Óuˆ…¾9²ƒ‰Ï�øòÈ,)Ñ÷ø|§ÑÃœìO¸OwS¡7REvãqp¶Ÿ”`˜†]�Ú±=qïH¡Ç<­íåu ¹p®9SÈCs|s!¿ØD­äÏPtÎC.�u³û)þÿ`¼Ò¡Šg2uàë7gê`â;ÙÙ›>…¸dýLûqF\õ�öŒêÊ¡MqÅùÏé8Ä�h5î‰8Ϸ⽿Ý%.fÅ%ÝãÜ‹‰ýu·¿0Ãî•ìÔÝóé{p7@*h\;k

?ëÚEé²wû½óæÃmåȾþj9nÁ¾¶Ö^÷¸KoriãUk´v˜˜(–ð<ª%œT~Xôa°c‘p·ý-¨Óà?Þ”}Œ>Är×âxôàÓ	ôam ƒŒä¤s‚TÐ�D\וG
+YÁnjx½nºu"ñÒ§d�_›¸ôB¹. “9ö¿nöùëGå·‘ÀR˜dÞ6 zŒÐ‹c\ÄB›¢íÊ8
ð5ÓÆÔ•^4#ÖÝž´S%kW§á´è6«§é¢}¾lŸOfËäšÒtõÿÛÛ×/oéw£ßa�¥W:«K<øôÑ'éL.¦Ø¾ùà,Åæ‹9l…çË™	,þãâ?û�#endstream
+endobj
+941 0 obj
+1484
+endobj
+942 0 obj<</Type/Page/Parent 689 0 R/Contents 943 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj
+943 0 obj<</Length 944 0 R/Filter/FlateDecode>>stream
+x
m“_oÚ0Åßùç‘I�&!Mè#e«´[Sm{1Î%¸Mlf;0¾ý®**T%±¬Ä÷ßïœü%ˆùJP¤˜å�íè±Ý=eH”»ð*Ÿ(+ÄQÇ(åxÙYKÚ7gø=á¤ôVé
+݁
+­©º†PrÐÆË7”öBJÓi�ƒqNmùÐÉØ7ç…WFCp|cjÞyÕÒ—òucšÌ¢”ëŽ-9o•¸¤ðhÅ[â›4yìŒÅ/nÂœÖ%:GÖEyîžäe�iÍñžóOšý÷oåˆçBžÏxÍæ¯)?–°8< É>“>ô
]A$iTDX-›Îq{CÁwr<BÀ�Ë”ÜÙyj'<†5]½ï	r»0»~»-á™ìQI÷|R^î'Ø4]]‹
+ý]T¾¿OØŸ©ÌÎèÝžäEþöùÃ?/V�l¬y%éñÕÈ®ez*!ûtˆšaãÏ\‘WYÇóìÒÑ�Ñ}Ù©endstream
+endobj
+944 0 obj
+521
+endobj
+945 0 obj<</Type/Page/Parent 689 0 R/Contents 946 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 343 0 R>>endobj
+946 0 obj<</Length 947 0 R/Filter/FlateDecode>>stream
+x
¥W]oâF}ϯ¸â%‰6ÈJ«*‰’.j¾v¡ÝVâelà�=ã�‡å¥¿½çŽmHP»«¶‰DbÏ×�sÏ=çòõh@}ühÑðœ’âèj~t3?ê“	í?Ì
+˜
‚ˆF“1þ�‚IK^�Al³ûÀôðö‚¢>Í—Øý|<¡yêÇñ&9¹^‹ÒICƒa@�³ˆ®óL*G?ÏOç_Žxí`T¯í
ùÈyz‚Ƀ€n/?ZžÒ§Þ{5¯1ðAo(Š¦”hµÌVB{œ…}¦¤k­”LiC¯ÞŽHXÍvƒó€£<Iê`–˜:E,~âq�H{Å
ßóÓÏGÑÙE0 ³q4
+�'ø[?å4cTÂÛ
õ=ÎÆÃ7\R¡b¢‹2—N’PvHœ&·Î,}­¤u™VþN±$ZêJ¥„>ÜÒ>À}BkçÊwa˜£ó`“)T/"Pyøg.eµ	-_&Ü
+hæ„qD÷OóYpóûM—  É3gèñ—WHP#Kw—O³Ž?²žÊs;\¬W¸=ÜÌ=»ù´£#¢ã'£�Ntn�¢9kÇŠ‹Y†_A^^¸V5_WÆ°¾¶øÀ±ªN	fç×vÎÞ]¤ÁV+Iª*biêÐ3•€4Èuæhit�ÂÅYâ™@Ž½†í”¸FªÙ½	0�Éï5–¬4(°Å‰…(4¹(PC¹†þ€^1ÈV‹�×D]2ü¬L$Ò” J\†äà…‘ÖâIûCìa
+ëã,qÈDçÁ¯½Ë¬ëtÙ$l)“l‰­‰>OfM|,
+?ÎÊY·1ámŸ.¸cÀ®Ïêˆ~¢þ{˦Èo»ŠC«Ì<˜‰œ½g�|†¥°î6ÐïÎ~IÓvîžã=Ä3ô$�%•Þ—[œ½ËÜê.$D»]
+endobj
+947 0 obj
+1596
+endobj
+948 0 obj<</Type/Page/Parent 689 0 R/Contents 949 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 346 0 R>>endobj
+949 0 obj<</Length 950 0 R/Filter/FlateDecode>>stream
+x
­V]oÛ6}÷¯¸È“8ôgl7H3$­³ºÈÒ,6ë0Ðe±£DU¤âùe¿}çRrb;ëÛÄ�-òÞsÏ=ç’ß[}êá¯O“

Çe­ëe«{ó–ú#Z&x3žâ!¦žèõz´ŒÚý¡è‹¡ «R‘O>e¾%Ë�¤�«”£Mªrú¼èèk›_>©Òi›}CXA•S1IGòÍò[«G§ý±˜"C;2Zåþ'þµ{3¢~¿Î:˜ðÛGŽ¹µÅ–$ÝÍ–ôe>{$[r<B'7Ú0˜˜îK�{¢÷! =(g«2Rt]Ú�SåI‡rK™­$á+ƒ#—Ú
U…àä³e‹‹
SŸŸ~nõφbBãÁXô(Q`®¿Z0e *
+P�uÛ‹Ò®ŒÊ\‡\…ÒÐÛ¢TL­Î×d,>°Õ¨\f�8Ž²ÛÕ7yD†˜âR®× *ðÃm}´å_…‘èß"U(‚¼
íÞo LÖ�£³é[4g4� Uü#hr,ê³³ñkQ�}„ °9­•G�‰K
Rðû&7VÆ´
"®Œ¨/ȼ–®û‘voté|‡¢R�aðçR®4’Æ ÐßïæwË_þ@YÒ³C8ƒ‰O±<– �|o‹-«¿É× bR]mB¬¹³bÑË,ŠÙÕŸ¡	Ž²Êyr¾„S…,
½³Á_A)¹2fzg.[êµÎ¥�€œð:V'Ø-·’
+éD×î>ŒÙþA¤1
+ÏÊxv/¯¯±„O2òô½=ÜÀP1ÞVbaÿžé)lóa2ññôž�ÌÖ�OR›ÆÇŸkå8}Ïàl‡4ή•M"¾øq:+
+‡²å)OlTe8è¥Ç•€!àÀ»Nëmÿãý‚ön£É‡ãjOÇœ‡Å¯­
EuÂjendstream
+endobj
+950 0 obj
+1117
+endobj
+951 0 obj<</Type/Page/Parent 689 0 R/Contents 952 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 353 0 R>>endobj
+952 0 obj<</Length 953 0 R/Filter/FlateDecode>>stream
+x
�WQoÛ6~ϯ8ä¥)ÐÈ–ìÄNž¶uK[ h·Æm0 /4EÙ¬%R#)kþ÷ûŽ’ÅéТhmYGÞÝwßwwýç,¥)þ¤´ÈhvM²:ûmu6¹»¡lJ«o®KZå4M¦Sü"/^oE”£tžÐÛ�«�ô«”Ê{ºÕZ�·�“Š¤ÍÕËÕ·³)]fsœ¿ØkA¯¿Üóo|{ŠùöËYšdü×¥	½3ÁÙ¼‘A[Ó™Î)M{ÓlÁ†�í)W{UÚZå¤
	CøjH™½vÖTÊ„„è÷ÞÄyj¼bÿôõâµ5²qôE9OÚlèþàƒª¾¾¤`û¸ÓYÙ¹Ü*¹ÓægEé-íŒmáÑ�K[U:œã˜Qí8w8��¾ð´NÛÆGïk'®ó$ðZ‘ˆÐ!ÀsâVkÕp°ñdØ*$ëƒëb‚ÐeAØÙU'áËþX�qÕbé(åoŸÞœeË«$¥«y–L©¢y¶LýSI÷\û)gO*¾â‹s+F•ð]Pes]hŽ»C�lñ<¸Â6&'(fö4·¡‹mõídâ™7‰u›îÛDî}²
Uù,…˜â“®fª3_.ð�SqŠŠ�¹·æ7Ë„¹÷È]�,Kb!zÎKG÷ìor÷Œo+`^	¹ÕF=Ú’kãP7ëRËòÐR¯ËŽeˆ§¶^ëTX׿·"J#�0p,u"æA´«…܉�ò¯%—e“3
b°¯Èùƒ‘à|Nßt€×Í&!
+þ†Ö"d¨¢Ï†ðz
+±¼rðJÖ "íc…}o­#
+Ñ|à~„ötú=´!êë¾´jý?Hÿm›¨‹NÏ�âót¢Bìñ©ƒ¢‡‡Z;Û"€¹Y–xdCF{t•´&€¿ŒÇI¶Úäz¯óF”T@Lžû	+mTC†:jw–Öî˜Õ�É^s!‚ïXm¶ìº7ýÓû#²£Jóææ"ü®cAa¨\‰{¹òkZ…'Ì!Ö·œ;îú:¹¦Yzƒ+ÊRî³ÝÓQè³lŠ—c�|F—ä¼>zO·?­[¹Ñ—kmX¹}uŸ´ž±ngÓ›dù&e‹§AEÕB·#ÁÓ�HÁì&g4Ö3Ië*Ôw‘,u71"‡6z0…ªFnÑì )¦�³%YV
¿B?áQn©Õaû}îŒYŠmµ[‹†Ñ‡œ‚רê�R5_SQƒOK¹
+[›s3è5¡‹˜÷qœ¥èT௱�¾5>à…žu1hŒ=£¶³,Kf”Þ\�S<D®ñÙ=¹•Þð�cn­�giEƒ+‘|pô£â¼¢ÚjŒ@ì·ƒÚ~†•mÛ&ò€zÊ2œD¨Ž£g`âEód«Ý	˜½œ^¼µ-#¿Q1ÂСÙu£Ø(‚.BËðaÊ�1§7>Ó›?ßó¦€6ÒïD__bø`Q°íúcî†ýhhøý �õVK Î}ºc¦U4¨X;‹NÅ{´ZÊKâí¨Žbë
+dªšÀÜÂE'ir‹êøò‰�-ñ¨Ç™Áa$FÑ+†àÉV8[Q?µŸâ<´40!n{¨õ†Pϵ(¸ã>ÃçuŒc-,÷ë8Ú‚ªA_ºÃ¸ä‘Dê_QÕðª»�Ã{ìÌ@ÈúkXrº4I[˜ã‘üqXŽ¹•ô—+²0pãW�Í^³û±H>n…�|³F+M¬ãiñ¤…Êd ~j“U4ÁJ}9€ò›ÆŠS^¥†h
ºÞp^NÁæ€}’·:Þ1ŽfœTÔzlV„Ž+Ü!‰]úK2¶s¬ÑÝ3�‹Ä§¦›}ÉŸÚ£­23&wWýžÍ'‡€ÙÙeN·u·,Üâù—ãºtËíÞY´
+Ì9{áänÙßrÉyÏhõˆéçÿÇ{\OÖùbŽã1©å‚cDßùëì?d\ì*endstream
+endobj
+953 0 obj
+1482
+endobj
+954 0 obj<</Type/Page/Parent 689 0 R/Contents 955 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 356 0 R>>endobj
+955 0 obj<</Length 956 0 R/Filter/FlateDecode>>stream
+x
�TMo›@½ûW<åD¤‚
›øTç«í¡’›Xí%R´†“
+‚´•05“K±4(ýr‹Ní¨8uâ]ã|y*—Ó›œŽ<Q@ËJ�êŠDÅKGm©v¢#,áÚŽ‹»¡rSI–­í6|	Ui—ȘD´gy$ïL¨‰¤“£wÒž˜T—¼æL¹îPÍVìLt5ÉÀ‘‹–ŸÊQˆº#NïËs#þÿFô%žfßof/ñKü/W™ÒŒ)#í¨m˜é¶@Ã%éS9ézóY¿e+Ö–ÔîŽ(Zî@!EC.×+÷ù™ˆNì½í§û9Üy69WÀŒâè:Cºunf‡&ÒŸðûÅ€v’QJ1I:¡û˜.ÉQ¸]s�ˆ6LA“ž„Q�ÎaÙ|ksþû€B«ŠÖ"ó÷øeÅ&ïhbÆ©A”Žƒ¨ªñäÀǽ“C:HìÔÀç²j�ö�hhpKC-©ß\~rËÉd9ä“%<ܰ쭔ƸV·}„
£ˆáCºÛP㉩&¹²Œ<ÛnÌ¥x¥}B³ÎL.Ó•³±ÙpÛ}·§�PÑ©Û�iÚëðcðsü©Òendstream
+endobj
+956 0 obj
+734
+endobj
+957 0 obj<</Type/Page/Parent 689 0 R/Contents 958 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 402 0 R>>endobj
+958 0 obj<</Length 959 0 R/Filter/FlateDecode>>stream
+x
Íœ[s¹…ßý+æ-›ª„æp8¼ä%åK6ë*_6+m9¯45²ó¢�”7ûïsh
+u„ËátÎí`2ý¨s•ˆââÉ«§O¤»¬Kzù»Ñü¯UËéfb•]?ZÀ*û^Z?\¨U>þ~ª6ˆ
1Cá…1ÃvDVTÄÉŠ˜¤lO¸8·©£¥h]±b&èmOÿ)éI‚>l§þaô¾ü4¬Š�
+Œn<šÚJ$¬‡œo†T
V��á¯Á’
+xÆnµÏR��Gw“°žq»z?4™>¤9‹µ†…ñ<ˆ.Ô°Äœ&n²WkG“│9©>v=ë£9U„Úœ”ûž	ʬêàÌIõÒgèF(ÒžÞm¶W›ýûÜ•¤DWNg☓ÐÄ&E*0�ZÃОñt³_7Ñ"`‚Ó‡s0É"¬=Œ—¨Cr4á‚ì¡•Ñfí¡sö úØw¬�öPj{PBì<&DfE˜8{P};^È$Àˆ¬
+ŒÙBLÁ0"¶blv·‡ãyµ§	«hŨzÿ@€7³Šs‚Ç–É£�¡ö6_©9kê—3¸Eµ¦xQ¬©_ŠÏ´Ö4µÖ”ô¡ç�>XSM¨¬)Bׂ2}:kMIßNÆð
+ HxvVç2Õ�]ˆù¹·”öö-¤£—øÏÔ$a=ã´{—}©û´ËŠ¡<c}Ø_oÞßWçÍ!O~¬­›ÃÄM�R
O»Þl‡Q°Íùמü&?õÁ!'CdˆïÔzg†ªŽ&Ãêh†N_¡ê£Å°^‰öïO�	ªºÅ@Gdz\�VnB^Òˆùub~LHP‹øõp—W.,b6•q`Jµˆh7ÙüHÈ¢…'³-`!b.A"‰Þ§bs¦ZÀ"~Ùœo‚E@L§¾(
+pq^Ï›‘†ƒE †
+€é	•5’P,©b0ZÀƒ®�‡]òB,G&1ž…(×C6ûá|5Ç*¶
+xÄꔬ“E@LZ¯Ü6©@…ÈÒ€†‡%h
O¸Z
»Ã>L³²3ôuV.Ö’±ò/ë“pA–Üa·Ãø$D-Ù†âªú8²^o{Û1‰0d3­g‚Þö„Y6<’ÀîÆsqÍÐûpyü5õ‹€@�¾fD*àÛÍÉLÒ¤”ñB3ÃўÓ4©ÀXˆغôWU—œnVÇ!/ËÄxgâŸME”ë+²ú¸ÚlÃ9�::Ö‚4•�CJ<‰I$ž
ŽŠ+“¨ÁÑ7Ë
+Ø*¬·Ç³þbj"—pamv,õK6.Èf±®´µÄ9 ³ZÕGc}´ÚŠPÛ­¢™1A™¾g¹ªW+c€"= ¶Ý„ˆöňDõŒOZoB-äT¯7(¥{”	‡I&ööÙDxÈ*™kÄ~Ã4f
+õ„ço.þ� ,¤ïdþaH*à!o¯ß¾/Ò�‚Þp-’Àe³_þ«`H¸kºIõD‰|æõeÆ°˜™œ$šgJ<¦y»ÙO>)ÁY†°’Ûh€=åÍÅãIa�JN×ÃúÙ0´€§ç5Æpê&ƒE|cR
�1ÎæÞéÐ8‰)L&¬xÅ#Ç‹â$¦K¬i\dˆ�¶TÇYÑ °›£† ·=âíÍ*Çñ$Ú5ðÎSKÐÛžðâ:Õ€$Ræ ÷=àò;/%˜"(Xæ¸j$°Ç<?ì—…u  êž¢`Oy{8~øs˜dì+Nõt1õäLá•åL<ã&^�-Ì%ºâ�¹ã$²XCQáùÃÑ�aÌ–`zÆóÍêýþp2ar•ª"Û°®.	íQ?ÈÙ…#ç©dÏ<Pþ‚kVÛ¢¨¾¬»b‹†jQdaøuZ”¶B‹*b¹ÀPœ2B´B\¬·y+™4謒ѰLÐû¾/ž‡FDù{ý‡{à‡º´
Û#—)7l¸ †íïiÖr~;C
mÛ!$›2AÚ՞ݬ‘’
+-ÒZFÂÚŠp,J°ê	ZÀ`äçÃú°M�…À,¥+Íäórø8l5 �=ìP±ÝÖËi|„êFBøã£�ÆŽT„DsxvfHGVŒ�›½Y™�Nº²•iŒ)	ì+cb;’
2o!ZÀC~~ýâï¹/I&&!kÑRRØXDñæa”ê%Æ$�Ę²od	ZÀž…ENz²c&𘟉YâÄà!¦Â™™ýpè"¡àuÃÙâDòðªÙ¯œŸF[TD‹”;D"Ì[¬/ë˜ú¤!+ë[ÍY÷ºpÛ8mK¡A¸ ÆAwÝ”SºØ8Šhñ/¬’Ò8ãÕêö–ã’É“å“�$®¯ËÏØ Ú¯v1óhº€ì›5³iÒ³oŽ
âEiÒn)‡w•½•mÙФ	�ì“–+ÂSZ´F¼Áü“�»IƒæëCÐû¾H÷=®Ö”ðËÒØ/3[•TÀ“.†˜¡ŒÒ73æê$%º›Ë!€¦DÇmNN€îàBí´t_
+tb…”eÃ
+)Ð5¤„}$AƒâØ}j¦•Ñû¾/�ôýþˆ3Jø#1PØM©¨D÷¬WÉ‘³ˆ¹,7MmP
+Ù놤·=áÉûaŸòºÊ{§¤ðKÛNSI%Õ=Î.\h;!­·C*ª�—pÔèZGõ8.éP^`i”I(]^c&IcƒD�dÙ„Þ÷•øi8¶wœfÆZ�PmŒS®L*àQ›}ª‹€Àöœ<?=
+Üó8%î#…Œó^F¨Ñk
_…Û»cn–a`aãŸC¹ò36Ù¿ÜìïÊV;‰�‚­ºÆýžç�³ØÆÙ×üÂ#4Ù¤µÀNί5e¤d�H³Ó¸X`¡! ŠÐèˆÛÆ ô¾‡<Æ^áã›Ã)N ˜P¾Ú£¦GþmÿÚÂ9KXªKNM.¨�ä…&z›Hš§Ñøøª—¥L˜
ñ¾C„ÆÁYéaû1ç�`Ûö+ÙÂoj˜¥qñèn‰6âC„j—±�BÚ…ö0Bc*¡Åò
+†Ã…zH6œÜ2Ø”üâ3Ùoj*lšGŽ€s*V¼(Í3A†ˆŸ÷÷gß?ZœÓM‘ò,9w½ï!¡yö§‚…õMn¢ùüO;f»™ÌéÍ…xA
ƒÕ¹ŸòŠÕ„?éÃìdôñvE¨¦¼D�9Fü$õÑ*Dh…ÃÑMyE+Sžlvà8WòOSòwX
+VIP(ù
+†‘
+xF9Îc8¤vÕH<âj¸Ýrú3�A�`ìñÓ¤ƒÌ}ù¤ˆ®>XŽ|m”ì1Ô°¬BxŠ¹
“©Šb=£Á#ɾ$Õ‡Õ’­¢
f¥žåm�¥ØýDZ¢CR¶ݱ³”�æm((
+1i@À*Ø5i‚ZûÒ€6(LÔÈ3�
+"؃R
_;æH
+¢GOÑžBΚD@àÃA˜¦ME´@…(ΚD°0³ÎBTˆû�5
€ÃÀs•þ‚Ç‘³–ÃÛÿÂPò’þ?´)C)|O
d=íá‚	I„~¥_’ðH‚FÇwšÐèÐû
3Zo±ÐÁ
+[|¶KÝ*åõ~˜_·é¨YR
$S7çoÅmÎߊ9O<µÝ—¿•X!ÙÊ°BþV
)ã•$hhl/!5ÓÊè}ŸùšÆ+oŠ�(l¢bè3*Ñ=ëÇ'¯òÌB*0pÞ‹‘bZÀ3(<g†GHÕ´ÅzÆÞŸ>nÞÝ�Ë‘«eäÊ1 a¥žJz&V��¤L¸üL(€_xÂQÚ0ËJVbvYÊ–£hOjð�D|Þ0Ÿ#² Ä.˜U¸B©€­Œ;’
N�>Ã�´æ´—9],üœ
	_nE>æ»gÍGlaø+kê¥l°æýêxÓËͼP4â]dëœ
ñ®Кš$Ð#ùgjôzÛ`çÒfxÙ諾Vû™¾Ìv	"þœ™~.Ž¢�ðùˆ,´µŠÅ†ú†Õñ®×?¯ÇIÑ !íŸ9zÛƒžÔö(ÉŸa�ŸÙFŸ]lb’0›çi/ü\™ÐvÒã3®Ð\*Æãã+‚”$oz9ù΢@b‹Ïe’<ÞõòäÆÍb�Ä ÁY⛣DÒÛE	E=¶HmM”èõø¬SNb�“ÿÔ¦ÆgwÉ眤ób™–1aæY9üœ}‚,ýª4r5ìžÌ}s²‚ÂüÉ ü,oW8�q„7ib-�U$ï
 ¬Ö"Ò¼ø$×ÑD\Th~ìËûïzDYe�˜‘쎱Zy^þj³>N‡ë<é‘s’½ðŠUBo{Ì=ž�´
+endobj
+959 0 obj
+5350
+endobj
+960 0 obj<</Type/Page/Parent 689 0 R/Contents 961 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 446 0 R>>endobj
+961 0 obj<</Length 962 0 R/Filter/FlateDecode>>stream
+x
Íœ[oÇ…ßõ+Ad ^ïÌìõ!dÉNÄcÒQ€8+r%®ÍåÒ»KÉþ÷9U]Ý}ª†òM"�8ê>ßö¥ººú2óý£¶㿶™wM?kη�>={ôÉç˦7g¯švºµÍl>iÎ.šñh<Æ¿ž?>[½¼Z7»WÍÓÝõq}}<|töí£ÏÎIÍÕ´ò×W}ÔÏFãf6Yâÿ·Í¬Míáª9•
+‚ýëæ“Ï'MÛÊO£4³)~Ž~w2jñ_c¿F¸m³XŽ:ÏNÉ�ðåî¸ÖÒv“Ñõ>»x<ú?ú_××–lf]7š¡Ù&íhiÖlŸ|>µFBãv=rq+=½\Ý×ûÜL$ß6Ó.²,9B¦¥™I‚fîGs_KŽú¯¿|þï\m›¶_Œ&aéq²Þo7‡Ãfw�A¬	¶	{ÒV²†É"êÓÍñP $d
Ë!«ë‹Â Õ¶éºYl`
�„›ë‹ÝÛRÖ�2“tÕÉ"ç˳\
1_Ä‚äñäü|}¨%!á¶éÛ…znØLŽq
+›‰ÄîçñaÔ
ãüruýšŠÂR±ý¹X—Å2@<œY&fÛ‹±8Hâ 7e@WÃ#5X³¥³?`ݨZ¬e1è(Ë0 /×¹—XÓ÷£>”$aŒ:Y$Ö¯¾’+cˆæ°>¿ÝoŽ?æ°¤ùT\¦#%ø€t±Y]í^ë×�a%¿x$ùÁ3]Î0jlð¤<˜•§Ë9ý�éêt!ã-ëç2�^‡Ì�ð·ÝÛ\wÒ`̉q
+]¬Gߎaé‘Ás‰€ÀN�+’©‘a[ì•”b¯²aà9–aÀÁXwÈ°lü}¡K§�Ru%Óëu)�·³E%$Ù6\h
Ö[r$œÕ›.¤‘î,=žoÕcט†”Ò§rgÌ•$£#èl·»:¬�2p~÷õCèlÿ–°^¨WÅh›eÇ3�$#à’	Zƒ	–/.Weo†Dhбìå:„¥GĦv	i¤KÌzB†FDîÛ¿H§àÖÞƒLÇ%dþÑ»«|½^”ÉþO¨[t�äý–\¡[Œ�Ö´‰çà
+Ìa½Ç_ãq32^Ž Ÿü—ÐØ}-»Q½>PoŒÅÒcÄe•Rë1!õÇ€1è´½l ¸23–âù5ÎU®®t³¯ô©elÉ)·ce|„=½Úà-í9Cü}zÆwJ‡ W¶±t:OµSºe¼?
‡^<IÐ
+ãñ´XzD|±y½÷ÍIR€ôB™�
räÔ›˜,

+6º`”\¡œ!‚Nõ¤Z)Å
+’3D„÷Á$ 8¹ˆå0n„x{ü ‡¯Áq'º¬Y[} Ô}>êÁ:-X é5Rsúd€B¸K:1cÙ’sK—w>¹·7¹«Y‚Û:BÎÜO,“a ‹1n„ðÆ-©dH<ï–!2¼;g¡˜®LBcä
æ]!ç;÷ôß7¡w/AÈž²\NdI¨{\.ÓN¬¼‘õ8ƒAÃ)ÌôÉ’„ÓÝíŸ,ʆ@:±$Ù˜uK�å {‹¤KÒy•Ë‘¡á-©Ê
+ŸÛÙª“ÉC
�¨Í•/7
{Åïy“
+ž!]hŽŒ�Å°÷ß°Z}ÈÛË8Á©§²8ç*Q„þ]Œ’ÎQðI?‹ã‚`µ(�†Ñµ*ctÈÿ¾Û\Ó³ªÄ˜ä<…)5–`u]m©( ÇqÔÒÉ
õõ¾0IĆä#™üó–õϼ!V™‘¼¨â)92x9G"˜öìB)3œ’JâñŸ\KŽøK±Øà½_E˜8ËÓÙšþm–‡#—E|k«[oo&ÆÀ[6,V{È]3U�X›ü0 ¥ÆßçûÏU"æ"¯Ð°ÞˆWoU¶C:IÉÏ2.V_Eb/²‰áŠ‘’#!Y­†	¸1X77z{¯Ô‰»ÿ‰è§¼o«×NÇK>:À™“ïtëÅk§ä/.Ë'’ªB¿.‹�6J1ì§Sbüñzˆ½èç4I�R£úxYõ¤

+|•.;ã¾Òo[\Mò
²t{‡^˜Á­ÉY¶h÷Ápus"0«Cü—Jaør*ÎЈ£óÁ@²Ç¹ô÷·›Ã¦~ë„´
+endobj
+962 0 obj
+5308
+endobj
+963 0 obj<</Type/Page/Parent 689 0 R/Contents 964 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 492 0 R>>endobj
+964 0 obj<</Length 965 0 R/Filter/FlateDecode>>stream
+x
Íœ]sDZ†ïõ+P¹8ñ¹0„° 7)™’rtÊú8"]Î]
+!	
Ð
+DÊóýv¹ÙõnãéT|Û=ŽˆñóÃþæf}�&šN†Ó‡ó›é̹Áx<ìz7Ðrƒñ7}™70ý¢“±>yAE8;¬—'r
Âò“™˜Œ1v?Väõru½Ù' ¡8Á$b29r.wÇSß~¤Cû�fhW™Ž”g«:ýé˜A,h¬QŠŸ*ˆ åî²g�
+Œ®‘àæctÔʾÿ»ßìȼ¬ÖöÍbMÎn6yûÚ�r;˜ŒºhšŒŽœÓ>#X„>Š{ \ B”ÎÎ*0Z
l”\ 2RGÏGüì¨<�»>ƒÑ`Š>oi�^PŸiF¸ûLÓ÷m‹…ô&¤Ûãõrw·¼É–$œ}:ŠÕH÷+Hêzû®H	†+¸;WÆÐ#³ÙƒE@,Ä쑨"ö_RÂM›EÅI*Žë¿¬ë»?�¨(¹ÿªHFò
+ò#¨˜b*åX¬c.ãºg$lÅxq8ì:-·Ð<NZ³†¦l;ôàÜ”zAMÙÎpÓ7ešÒôˆpxvÖ§¦¬ç¿Oëmî„$ƒ
u*æ v?VãÝþf³Ú¬Kc’R\BžÉq€ÆÃMIiJñaO°‘
¿ú¸¹YkcN$zÔÆD›¶c×5uö—ÛS/¨=ò|0Zg¡=M�¡`}jÏŠðãõ²Ÿ
+ÄZ\­O–FmdùØþ$.5q.5i®™@/È¥&2±ô!b\ÊôHÁ"XoÄHð«"$Ð“!v?BlM¤oŠGHØuuÉäÈù¸/®I*0›0ðpU262~Üì.÷ŸJ´"¥$ª#q#DZ‘³øùéëÒ4Y}à…Á¶uN
+¢hx¢\ bÂÀÊJp0̆¶Ê"ç¿ò±léEÂxqOÛ茄Q¤r³ÏuÙ®±ÁMzÙ´“n²Le˜.ÌQŸ¾lm»OJÉÊ/{ìÙõòöTúÉ‘Ï‘`8–ÝŽ,&fC�f;ÀBBã
v;þgÿ)HƒÉµö}4{»
eEƒ$è$Xd�g1`�>RYáÙªô2’
+éê2-ðU0d¬Â»»Ãúæ—ü$,”þ.©¸Ãäãö\Y‡®;šG_Ë"¥7m¿UÆb 0­=/ˆ(ZŠ“©`Håº)'ÐÓ‡$
Ó�D/ú Cg
+¦­�1”I­ôOÙLX#ÛÞÖ‡õOw›ãæTö;I6Yü¹N€ãz¿^^"_Ñ̵}´•Ç{#‡Á²Ø¼ÕW­£fE˜NÄ18jâ”ß�XTT§LH­_ñA�`›ñTs°ôzA¶Aãs0؆úÕ6˜Ï$X0À�áÖƒŠÖÕ5:‡0hDü„½ÊÍÇjy/I
 €†åºÈÌaZ=M¸X
=B·˘1r�XÍYˆø9–é›Ç9bú�S¢9‰�ÂÁñ¸F™Qe2Ì" Ð{ч¨A)¬c!‡9<ð‘±Ka]¥ú’ÛTÁ{q8HwÊ5%ÔòÞFV[CÏFÒÔ§SXÌG|4V‰ÔÑ!׫”L‘BBƒ[ÖÛýX‰Ë=-K“J:ÀDšˆf«J¿%ôiŠáôV VâG,RO~í„Ôhê‘NË
+DÖG,^å¡›e€ ^bèfH.!:
+B*ñ[Í"Ã
+DÆ¥;,ÅBq]|UŒ1«þ°Tò^92FîûÆœßþ¬sflbê½xaº(¾;Á–\5òÒ¸TTÈä%×søn�øñz½Ë
E8’£Æó{
+X‹êS¿‰^�+Ì«!¸œ‘Ó16)0#”å`'·ÛpV¶0H
ëé\Äéí¾×»,›Eâ²Nê¹€g|(™&I
+K
+¤èSÏ°ãýË~Q…U``…·	Œ„­ãÉh–G–ÉP)#Œ{+PA®7?Û®1IÙwý-8.öYuéMW/Èq14ú|
©V˜
ËVª
+DÈ‹4°õRŠ#É& çX�Èa •ø�4¤gX�ÈègŬ’	�'4؋ļ¨ìC-2ÌÜûcò›:š&ɤ*]�á
Ù*MÂ~N6ºÎ½2!m6;„Ý�yaX~Dç91)q[}1ˇBe:(ÛáýCº0ËðƒNóCÞ};™¥Û
Ž¥;5SöldÒè¹qø¤ÖÌ*c·c-~ØÉ!½~õLwr-¬XŠÝ�”ô:T®	ë¤�‰}\]r�ˆù€iërþ…•è%úŠ�ç:rª÷5äå¼üT2çÉ­f¶ÉèÈ¡÷5H$VÕ\U@Å@™k@З=Á ‘ñÛWÍ–e™,ØÈ‘ 1n„ÜiºÁ:P𽈥ì+¹@¤À®p�Lú#ìñÙ�gæÎV58=Y2½èû
í64cßmàñeW-
PÂlíÊ »í
Ï>àUÂåJsc4Ø×URœ	FÂöZ¿ß /M÷c/öd%;ŒÞHÏú€�žÞ
+º,Çk�¿Þ¬ûãþcqjÝÎL
š„³
+Ó×áýz»çãB½Í€SÊò£.¨U&$¦' ²¬Ö—xÅ«ï[E'¹WOÌ�tÛCΖ77�ص|‹!Cî×ÆõïÒbÓx:N»
�”Òf¦×,‚õh²Jÿf¹í
U0¶d5ÎhWjÙ$Þ¬z
+endobj
+965 0 obj
+5148
+endobj
+966 0 obj<</Type/Page/Parent 689 0 R/Contents 967 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 513 0 R>>endobj
+967 0 obj<</Length 968 0 R/Filter/FlateDecode>>stream
+x
ÍšßsÓFÇßóWè1Ì´Šõ[zê„Ð@fÚI!nyÉ‹±˜Úø¡ÿ}¿{Ú=í­Ê”Pf
+²îûñjwooïä'I4ÁŸ$ªÒ(+£ùúäñôä첉ÒI4}%E'QYåÑtMâÉŸÎO§³W«6ê^GÝfßnö»GÓw'¿NOh€%ô¯OO²2žDeÞàÿ먤¿ú‹UtC_dÛ7ÑÙe%	}5¬)|�úÞ$�sü‰øëo5i\„ð²
þܵ[Q+Á_™Äi(ïïf›…èµ€<µÇáé¶;¼÷¥£(ã<4ØÑC\=ñr%X#bi\y?À˜p¾ZuóÙ~ÙmÈ‘y—È€éâ4þÿÿ«jŽ]ŸY
‹%1Ü'Cêqø~F4MŒpk…„xÑøO‰à}Fiß·v\Ìæo—›7ô$Mèû8ï¾ð§¦)
+§N(Ü…rjšá¦™SÊ¥ƒ†æDF)­	Ì´Œ«Ín?[­\J‰oµšœ›à{à‹ÒLi@h2šÚ�ZªÒëå›ÃÖ§x™|ß(™€LX.Yî.T@’	nŽ’˜,gDÁ	šAi>b\möÛnq˜Ë/RT·‡NS—¾¡kŠ¦„aìšþbpMÑT¸9rMºFI6A�\3f¼h?–Ûv-ËRºø
\S5º05M=ñ‹»P~©�$Lf¼Â€d’£
+ô8&�WaÚîö(h~ê*MÝš«�jhÇ”ŠâÎC”�‚V™ÂBÈõaOŽH(/,aM0Ðg¸UŠŠcá.T0*úÔ$i9cÐÀ	h2Š�à
+j1bü¶\/÷®|¹Ö
+ýÓ��£¼þÔY�ªh1ürS¸å�¢/7•ñT1¤¦&ôÞ1Pßç«ÃNú—Ë99;­mT &QyËz2wÁ¾9»,¸Í¥QÔ{êºx;{¿:U%_caX|ÛB°zË\TšuT'qø¶\ߤPJcê3ø¾%\¬–(³Ñ:ªÔV`1Ï®_N¯É­xÒœuä}Rõ%ÚÍpwác«¶0EbªC«µ}Ð".Ä+4¨O¸<îjBJ…ýÁ*ä}­hlœ4É`¥¬cîB·Ìè¼GÊ¢Sóiëöw#ÐþaÒZÈFˆgÝ�ä›Rôµ7
õ|Ÿü¨�˜Ï6BèwpbA‚Ø`
Ó&È
+J¹
+Ì®‘7–»Ý¡õ®–arc_DA qP0àäîmë[L-"«h:j„°O£ë¥–
‚}ƒ‰¬°�ÛSåX­‡ßÆ%2ÀR>¶[ÚŒß>çj-æŽ=ìC5ÇR-ZzÏj
XÉ1³µ[d€µå°ký-$/©`æZˆn©hI);U„…:Bˆ/´£Y#j	}Kå™”¦êñFÆnÄêRoRó2‡RÊ…»PåÅ1<wp��y¿&ˆ¾
Ñ*#Ĩ±a’‰[h´ž‰ÖˆE'®Óš¾àÀùš ,Bõ5nÕЖcÉxd‚Z›֯à‰RÁ
+¼KÀœ<À2Þo—x;:T¥Ç-¹!‡XÎb»ÄóNQB*.?sxÀÓÝmVÝÌÏ-½~>—° »nû·:-ÖJ*´žKXN¤VP-Ã,IèÄ5„0×BtÔ2š¬®+Ñ®‘
ÒOµ]¿iÀ;æ/œkjîùiGÇ~9ª8�z¸ƒ¹þ‚g�>öËqþž<;ö–;£XL·�d˜¿Jƒ„›Ð«Ê€À÷-Á·ùtS2@2·(¸ç“%ŽXÊù|Þî|=×B`**K�-€,ÄõGÞ¥B¢M*J´À`)»î°�û.Fi¹ù¬12ÀbæÝb€( 9ïÀáZÈÇåLžG«ÀÀK
+l—ÿCùýº$?2:ŒgÖPÃÅmS1Ä3CclÚ&T3�ïT#‘àG9
_1}Ó˜a¡TTúV`‡`­)ª¼h(öµa0Ö2�[wí+w€F»‘/ë;�øô?2!©é¬ZBâ.TH°Í2å[ðð=BÆ
+KÁOB—ô‚Päj³h?¹5ë
ßß}îÙŽÜ«ÝOÕ†_(º¹_(Ö˜‘îÇ‘øõæeÞÿLåôæü÷ÇçÑÛî½æxÒÍô#ÿ#¤,I£Ÿ+úYåâtù‘—Ùç'ÿãø°Ãendstream
+endobj
+968 0 obj
+2396
+endobj
+969 0 obj<</Count 16/First 970 0 R/Last 1122 0 R>>endobj
+970 0 obj<</Parent 969 0 R/Title(Table of Contents)/Dest[957 0 R/XYZ null 756 null]/Next 971 0 R>>endobj
+971 0 obj<</Parent 969 0 R/Count -19/First 972 0 R/Last 990 0 R/Title(Chapter 1. How to Install and Test SAMBA)/Dest[693 0 R/XYZ null 750 null]/Prev 970 0 R/Next 991 0 R>>endobj
+972 0 obj<</Parent 971 0 R/Title(1.1. Step 0: Read the man pages)/Dest[693 0 R/XYZ null 726 null]/Next 973 0 R>>endobj
+973 0 obj<</Parent 971 0 R/Title(1.2. Step 1: Building the Binaries)/Dest[693 0 R/XYZ null 589 null]/Prev 972 0 R/Next 974 0 R>>endobj
+974 0 obj<</Parent 971 0 R/Title(1.3. Step 2: The all important step)/Dest[693 0 R/XYZ null 174 null]/Prev 973 0 R/Next 975 0 R>>endobj
+975 0 obj<</Parent 971 0 R/Title(1.4. Step 3: Create the smb configuration file.)/Dest[696 0 R/XYZ null 735 null]/Prev 974 0 R/Next 976 0 R>>endobj
+976 0 obj<</Parent 971 0 R/Title(1.5. Step 4: Test your config file with  testparm)/Dest[696 0 R/XYZ null 375 null]/Prev 975 0 R/Next 977 0 R>>endobj
+977 0 obj<</Parent 971 0 R/Title(1.6. Step 5: Starting the smbd and nmbd)/Dest[696 0 R/XYZ null 264 null]/Prev 976 0 R/Next 978 0 R>>endobj
+978 0 obj<</Parent 971 0 R/Title(1.6.1. Step 5a: Starting from inetd.conf)/Dest[699 0 R/XYZ null 750 null]/Prev 977 0 R/Next 979 0 R>>endobj
+979 0 obj<</Parent 971 0 R/Title(1.6.2. Step 5b. Alternative: starting it as a daemon)/Dest[699 0 R/XYZ null 262 null]/Prev 978 0 R/Next 980 0 R>>endobj
+980 0 obj<</Parent 971 0 R/Title(1.7. Step 6: Try listing the shares available on your  server)/Dest[702 0 R/XYZ null 682 null]/Prev 979 0 R/Next 981 0 R>>endobj
+981 0 obj<</Parent 971 0 R/Title(1.8. Step 7: Try connecting with the unix client)/Dest[702 0 R/XYZ null 505 null]/Prev 980 0 R/Next 982 0 R>>endobj
+982 0 obj<</Parent 971 0 R/Title(1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT,  Win2k, OS/2, etc... client)/Dest[702 0 R/XYZ null 328 null]/Prev 981 0 R/Next 983 0 R>>endobj
+983 0 obj<</Parent 971 0 R/Title(1.10. What If Things Don't Work?)/Dest[705 0 R/XYZ null 750 null]/Prev 982 0 R/Next 984 0 R>>endobj
+984 0 obj<</Parent 971 0 R/Title(1.10.1. Diagnosing Problems)/Dest[705 0 R/XYZ null 573 null]/Prev 983 0 R/Next 985 0 R>>endobj
+985 0 obj<</Parent 971 0 R/Title(1.10.2. Scope IDs)/Dest[705 0 R/XYZ null 501 null]/Prev 984 0 R/Next 986 0 R>>endobj
+986 0 obj<</Parent 971 0 R/Title(1.10.3. Choosing the Protocol Level)/Dest[705 0 R/XYZ null 403 null]/Prev 985 0 R/Next 987 0 R>>endobj
+987 0 obj<</Parent 971 0 R/Title(1.10.4. Printing from UNIX to a Client PC)/Dest[708 0 R/XYZ null 750 null]/Prev 986 0 R/Next 988 0 R>>endobj
+988 0 obj<</Parent 971 0 R/Title(1.10.5. Locking)/Dest[708 0 R/XYZ null 639 null]/Prev 987 0 R/Next 989 0 R>>endobj
+989 0 obj<</Parent 971 0 R/Title(1.10.6. Mapping Usernames)/Dest[708 0 R/XYZ null 171 null]/Prev 988 0 R/Next 990 0 R>>endobj
+990 0 obj<</Parent 971 0 R/Title(1.10.7. Other Character Sets)/Dest[711 0 R/XYZ null 750 null]/Prev 989 0 R>>endobj
+991 0 obj<</Parent 969 0 R/Count -18/First 992 0 R/Last 1009 0 R/Title(Chapter 2. Integrating MS Windows networks with Samba)/Dest[714 0 R/XYZ null 750 null]/Prev 971 0 R/Next 1010 0 R>>endobj
+992 0 obj<</Parent 991 0 R/Title(2.1. Agenda)/Dest[714 0 R/XYZ null 702 null]/Next 993 0 R>>endobj
+993 0 obj<</Parent 991 0 R/Title(2.2. Name Resolution in a pure Unix/Linux world)/Dest[714 0 R/XYZ null 459 null]/Prev 992 0 R/Next 994 0 R>>endobj
+994 0 obj<</Parent 991 0 R/Title(2.2.1. /etc/hosts)/Dest[714 0 R/XYZ null 321 null]/Prev 993 0 R/Next 995 0 R>>endobj
+995 0 obj<</Parent 991 0 R/Title(2.2.2. /etc/resolv.conf)/Dest[717 0 R/XYZ null 431 null]/Prev 994 0 R/Next 996 0 R>>endobj
+996 0 obj<</Parent 991 0 R/Title(2.2.3. /etc/host.conf)/Dest[717 0 R/XYZ null 281 null]/Prev 995 0 R/Next 997 0 R>>endobj
+997 0 obj<</Parent 991 0 R/Title(2.2.4. /etc/nsswitch.conf)/Dest[720 0 R/XYZ null 750 null]/Prev 996 0 R/Next 998 0 R>>endobj
+998 0 obj<</Parent 991 0 R/Title(2.3. Name resolution as used within MS Windows networking)/Dest[720 0 R/XYZ null 264 null]/Prev 997 0 R/Next 999 0 R>>endobj
+999 0 obj<</Parent 991 0 R/Title(2.3.1. The NetBIOS Name Cache)/Dest[723 0 R/XYZ null 206 null]/Prev 998 0 R/Next 1000 0 R>>endobj
+1000 0 obj<</Parent 991 0 R/Title(2.3.2. The LMHOSTS file)/Dest[726 0 R/XYZ null 656 null]/Prev 999 0 R/Next 1001 0 R>>endobj
+1001 0 obj<</Parent 991 0 R/Title(2.3.3. HOSTS file)/Dest[729 0 R/XYZ null 367 null]/Prev 1000 0 R/Next 1002 0 R>>endobj
+1002 0 obj<</Parent 991 0 R/Title(2.3.4. DNS Lookup)/Dest[729 0 R/XYZ null 256 null]/Prev 1001 0 R/Next 1003 0 R>>endobj
+1003 0 obj<</Parent 991 0 R/Title(2.3.5. WINS Lookup)/Dest[732 0 R/XYZ null 750 null]/Prev 1002 0 R/Next 1004 0 R>>endobj
+1004 0 obj<</Parent 991 0 R/Title(2.4. How browsing functions and how to deploy stable and  dependable browsing using Samba)/Dest[732 0 R/XYZ null 525 null]/Prev 1003 0 R/Next 1005 0 R>>endobj
+1005 0 obj<</Parent 991 0 R/Title(2.5. MS Windows security options and how to configure  Samba for seemless integration)/Dest[735 0 R/XYZ null 629 null]/Prev 1004 0 R/Next 1006 0 R>>endobj
+1006 0 obj<</Parent 991 0 R/Title(2.5.1. Use MS Windows NT as an authentication server)/Dest[738 0 R/XYZ null 577 null]/Prev 1005 0 R/Next 1007 0 R>>endobj
+1007 0 obj<</Parent 991 0 R/Title(2.5.2. Make Samba a member of an MS Windows NT security domain)/Dest[738 0 R/XYZ null 300 null]/Prev 1006 0 R/Next 1008 0 R>>endobj
+1008 0 obj<</Parent 991 0 R/Title(2.5.3. Configure Samba as an authentication server)/Dest[741 0 R/XYZ null 590 null]/Prev 1007 0 R/Next 1009 0 R>>endobj
+1009 0 obj<</Parent 991 0 R/Title(2.6. Conclusions)/Dest[744 0 R/XYZ null 635 null]/Prev 1008 0 R>>endobj
+1010 0 obj<</Parent 969 0 R/Count -3/First 1011 0 R/Last 1013 0 R/Title(Chapter 3. Configuring PAM for distributed but centrally  managed authentication)/Dest[747 0 R/XYZ null 750 null]/Prev 991 0 R/Next 1014 0 R>>endobj
+1011 0 obj<</Parent 1010 0 R/Title(3.1. Samba and PAM)/Dest[747 0 R/XYZ null 702 null]/Next 1012 0 R>>endobj
+1012 0 obj<</Parent 1010 0 R/Title(3.2. Distributed Authentication)/Dest[750 0 R/XYZ null 175 null]/Prev 1011 0 R/Next 1013 0 R>>endobj
+1013 0 obj<</Parent 1010 0 R/Title(3.3. PAM Configuration in smb.conf)/Dest[753 0 R/XYZ null 722 null]/Prev 1012 0 R>>endobj
+1014 0 obj<</Parent 969 0 R/Count -2/First 1015 0 R/Last 1016 0 R/Title(Chapter 4. Hosting a Microsoft Distributed File System tree on Samba)/Dest[756 0 R/XYZ null 750 null]/Prev 1010 0 R/Next 1017 0 R>>endobj
+1015 0 obj<</Parent 1014 0 R/Title(4.1. Instructions)/Dest[756 0 R/XYZ null 702 null]/Next 1016 0 R>>endobj
+1016 0 obj<</Parent 1014 0 R/Title(4.1.1. Notes)/Dest[759 0 R/XYZ null 669 null]/Prev 1015 0 R>>endobj
+1017 0 obj<</Parent 969 0 R/Count -9/First 1018 0 R/Last 1026 0 R/Title(Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists)/Dest[762 0 R/XYZ null 750 null]/Prev 1014 0 R/Next 1027 0 R>>endobj
+1018 0 obj<</Parent 1017 0 R/Title(5.1. Viewing and changing UNIX permissions using the NT  security dialogs)/Dest[762 0 R/XYZ null 702 null]/Next 1019 0 R>>endobj
+1019 0 obj<</Parent 1017 0 R/Title(5.2. How to view file security on a Samba share)/Dest[762 0 R/XYZ null 521 null]/Prev 1018 0 R/Next 1020 0 R>>endobj
+1020 0 obj<</Parent 1017 0 R/Title(5.3. Viewing file ownership)/Dest[762 0 R/XYZ null 344 null]/Prev 1019 0 R/Next 1021 0 R>>endobj
+1021 0 obj<</Parent 1017 0 R/Title(5.4. Viewing file or directory permissions)/Dest[765 0 R/XYZ null 682 null]/Prev 1020 0 R/Next 1022 0 R>>endobj
+1022 0 obj<</Parent 1017 0 R/Title(5.4.1. File Permissions)/Dest[765 0 R/XYZ null 439 null]/Prev 1021 0 R/Next 1023 0 R>>endobj
+1023 0 obj<</Parent 1017 0 R/Title(5.4.2. Directory Permissions)/Dest[765 0 R/XYZ null 183 null]/Prev 1022 0 R/Next 1024 0 R>>endobj
+1024 0 obj<</Parent 1017 0 R/Title(5.5. Modifying file or directory permissions)/Dest[768 0 R/XYZ null 669 null]/Prev 1023 0 R/Next 1025 0 R>>endobj
+1025 0 obj<</Parent 1017 0 R/Title(5.6. Interaction with the standard Samba create mask  parameters)/Dest[768 0 R/XYZ null 228 null]/Prev 1024 0 R/Next 1026 0 R>>endobj
+1026 0 obj<</Parent 1017 0 R/Title(5.7. Interaction with the standard Samba file attribute  mapping)/Dest[774 0 R/XYZ null 590 null]/Prev 1025 0 R>>endobj
+1027 0 obj<</Parent 969 0 R/Count -15/First 1028 0 R/Last 1042 0 R/Title(Chapter 6. Printing Support in Samba 2.2.x)/Dest[777 0 R/XYZ null 750 null]/Prev 1017 0 R/Next 1043 0 R>>endobj
+1028 0 obj<</Parent 1027 0 R/Title(6.1. Introduction)/Dest[777 0 R/XYZ null 726 null]/Next 1029 0 R>>endobj
+1029 0 obj<</Parent 1027 0 R/Title(6.2. Configuration)/Dest[777 0 R/XYZ null 298 null]/Prev 1028 0 R/Next 1030 0 R>>endobj
+1030 0 obj<</Parent 1027 0 R/Title(6.2.1. Creating [print$])/Dest[780 0 R/XYZ null 689 null]/Prev 1029 0 R/Next 1031 0 R>>endobj
+1031 0 obj<</Parent 1027 0 R/Title(6.2.2. Setting Drivers for Existing Printers)/Dest[783 0 R/XYZ null 446 null]/Prev 1030 0 R/Next 1032 0 R>>endobj
+1032 0 obj<</Parent 1027 0 R/Title(6.2.3. DeviceModes and New Printers)/Dest[786 0 R/XYZ null 682 null]/Prev 1031 0 R/Next 1033 0 R>>endobj
+1033 0 obj<</Parent 1027 0 R/Title(6.2.4. Support a large number of printers)/Dest[786 0 R/XYZ null 399 null]/Prev 1032 0 R/Next 1034 0 R>>endobj
+1034 0 obj<</Parent 1027 0 R/Title(6.2.5. Adding New Printers via the Windows NT APW)/Dest[789 0 R/XYZ null 680 null]/Prev 1033 0 R/Next 1035 0 R>>endobj
+1035 0 obj<</Parent 1027 0 R/Title(6.2.6. Samba and Printer Ports)/Dest[789 0 R/XYZ null 397 null]/Prev 1034 0 R/Next 1036 0 R>>endobj
+1036 0 obj<</Parent 1027 0 R/Title(6.3. The Imprints Toolset)/Dest[789 0 R/XYZ null 207 null]/Prev 1035 0 R/Next 1037 0 R>>endobj
+1037 0 obj<</Parent 1027 0 R/Title(6.3.1. What is Imprints?)/Dest[792 0 R/XYZ null 709 null]/Prev 1036 0 R/Next 1038 0 R>>endobj
+1038 0 obj<</Parent 1027 0 R/Title(6.3.2. Creating Printer Driver Packages)/Dest[792 0 R/XYZ null 571 null]/Prev 1037 0 R/Next 1039 0 R>>endobj
+1039 0 obj<</Parent 1027 0 R/Title(6.3.3. The Imprints server)/Dest[792 0 R/XYZ null 473 null]/Prev 1038 0 R/Next 1040 0 R>>endobj
+1040 0 obj<</Parent 1027 0 R/Title(6.3.4. The Installation Client)/Dest[792 0 R/XYZ null 362 null]/Prev 1039 0 R/Next 1041 0 R>>endobj
+1041 0 obj<</Parent 1027 0 R/Title(6.4. Migration to from Samba 2.0.x to 2.2.x)/Dest[795 0 R/XYZ null 455 null]/Prev 1040 0 R/Next 1042 0 R>>endobj
+1042 0 obj<</Parent 1027 0 R/Title(6.4.1. Parameters in smb.conf\(5\) for Backwards Compatibility)/Dest[798 0 R/XYZ null 703 null]/Prev 1041 0 R>>endobj
+1043 0 obj<</Parent 969 0 R/Count -8/First 1044 0 R/Last 1051 0 R/Title(Chapter 7. Printing with CUPS in Samba 2.2.x)/Dest[801 0 R/XYZ null 750 null]/Prev 1027 0 R/Next 1052 0 R>>endobj
+1044 0 obj<</Parent 1043 0 R/Title(7.1. Printing with CUPS in Samba 2.2.x)/Dest[801 0 R/XYZ null 726 null]/Next 1045 0 R>>endobj
+1045 0 obj<</Parent 1043 0 R/Title(7.2. Configuring smb.conf for CUPS)/Dest[801 0 R/XYZ null 628 null]/Prev 1044 0 R/Next 1046 0 R>>endobj
+1046 0 obj<</Parent 1043 0 R/Title(7.3. Using CUPS as a mere spooling print server -- "raw" printing with vendor drivers download)/Dest[801 0 R/XYZ null 273 null]/Prev 1045 0 R/Next 1047 0 R>>endobj
+1047 0 obj<</Parent 1043 0 R/Title(7.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe PostScript driver with CUPS-PPDs downloaded to clients)/Dest[804 0 R/XYZ null 750 null]/Prev 1046 0 R/Next 1048 0 R>>endobj
+1048 0 obj<</Parent 1043 0 R/Title(7.5. Windows Terminal Servers \(WTS\) as CUPS clients)/Dest[804 0 R/XYZ null 200 null]/Prev 1047 0 R/Next 1049 0 R>>endobj
+1049 0 obj<</Parent 1043 0 R/Title(7.6. Setting up CUPS for driver download)/Dest[807 0 R/XYZ null 629 null]/Prev 1048 0 R/Next 1050 0 R>>endobj
+1050 0 obj<</Parent 1043 0 R/Title(7.7. Sources of CUPS drivers / PPDs)/Dest[810 0 R/XYZ null 750 null]/Prev 1049 0 R/Next 1051 0 R>>endobj
+1051 0 obj<</Parent 1043 0 R/Title(7.7.1. cupsaddsmb)/Dest[810 0 R/XYZ null 230 null]/Prev 1050 0 R>>endobj
+1052 0 obj<</Parent 969 0 R/Count -3/First 1053 0 R/Last 1055 0 R/Title(Chapter 8. security = domain in Samba 2.x)/Dest[819 0 R/XYZ null 750 null]/Prev 1043 0 R/Next 1056 0 R>>endobj
+1053 0 obj<</Parent 1052 0 R/Title(8.1. Joining an NT Domain with Samba 2.2)/Dest[819 0 R/XYZ null 726 null]/Next 1054 0 R>>endobj
+1054 0 obj<</Parent 1052 0 R/Title(8.2. Samba and Windows 2000 Domains)/Dest[822 0 R/XYZ null 379 null]/Prev 1053 0 R/Next 1055 0 R>>endobj
+1055 0 obj<</Parent 1052 0 R/Title(8.3. Why is this better than security = server?)/Dest[822 0 R/XYZ null 162 null]/Prev 1054 0 R>>endobj
+1056 0 obj<</Parent 969 0 R/Count -14/First 1057 0 R/Last 1070 0 R/Title(Chapter 9. How to Configure Samba 2.2 as a Primary Domain Controller)/Dest[828 0 R/XYZ null 750 null]/Prev 1052 0 R/Next 1071 0 R>>endobj
+1057 0 obj<</Parent 1056 0 R/Title(9.1. Prerequisite Reading)/Dest[828 0 R/XYZ null 702 null]/Next 1058 0 R>>endobj
+1058 0 obj<</Parent 1056 0 R/Title(9.2. Background)/Dest[828 0 R/XYZ null 604 null]/Prev 1057 0 R/Next 1059 0 R>>endobj
+1059 0 obj<</Parent 1056 0 R/Title(9.3. Configuring the Samba Domain Controller)/Dest[831 0 R/XYZ null 722 null]/Prev 1058 0 R/Next 1060 0 R>>endobj
+1060 0 obj<</Parent 1056 0 R/Title(9.4. Creating Machine Trust Accounts and Joining Clients to the Domain)/Dest[834 0 R/XYZ null 603 null]/Prev 1059 0 R/Next 1061 0 R>>endobj
+1061 0 obj<</Parent 1056 0 R/Title(9.4.1. Manual Creation of Machine Trust Accounts)/Dest[834 0 R/XYZ null 228 null]/Prev 1060 0 R/Next 1062 0 R>>endobj
+1062 0 obj<</Parent 1056 0 R/Title(9.4.2. "On-the-Fly" Creation of Machine Trust Accounts)/Dest[837 0 R/XYZ null 355 null]/Prev 1061 0 R/Next 1063 0 R>>endobj
+1063 0 obj<</Parent 1056 0 R/Title(9.4.3. Joining the Client to the Domain)/Dest[840 0 R/XYZ null 750 null]/Prev 1062 0 R/Next 1064 0 R>>endobj
+1064 0 obj<</Parent 1056 0 R/Title(9.5. Common Problems and Errors)/Dest[840 0 R/XYZ null 388 null]/Prev 1063 0 R/Next 1065 0 R>>endobj
+1065 0 obj<</Parent 1056 0 R/Title(9.6. System Policies and Profiles)/Dest[846 0 R/XYZ null 735 null]/Prev 1064 0 R/Next 1066 0 R>>endobj
+1066 0 obj<</Parent 1056 0 R/Title(9.7. What other help can I get?)/Dest[849 0 R/XYZ null 682 null]/Prev 1065 0 R/Next 1067 0 R>>endobj
+1067 0 obj<</Parent 1056 0 R/Title(9.8. Domain Control for Windows 9x/ME)/Dest[855 0 R/XYZ null 299 null]/Prev 1066 0 R/Next 1068 0 R>>endobj
+1068 0 obj<</Parent 1056 0 R/Title(9.8.1. Configuration Instructions: Network Logons)/Dest[858 0 R/XYZ null 273 null]/Prev 1067 0 R/Next 1069 0 R>>endobj
+1069 0 obj<</Parent 1056 0 R/Title(9.8.2. Configuration Instructions: Setting up Roaming User Profiles)/Dest[861 0 R/XYZ null 478 null]/Prev 1068 0 R/Next 1070 0 R>>endobj
+1070 0 obj<</Parent 1056 0 R/Title(9.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba)/Dest[873 0 R/XYZ null 270 null]/Prev 1069 0 R>>endobj
+1071 0 obj<</Parent 969 0 R/Count -8/First 1072 0 R/Last 1079 0 R/Title(Chapter 10. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain)/Dest[882 0 R/XYZ null 750 null]/Prev 1056 0 R/Next 1080 0 R>>endobj
+1072 0 obj<</Parent 1071 0 R/Title(10.1. Prerequisite Reading)/Dest[882 0 R/XYZ null 702 null]/Next 1073 0 R>>endobj
+1073 0 obj<</Parent 1071 0 R/Title(10.2. Background)/Dest[882 0 R/XYZ null 617 null]/Prev 1072 0 R/Next 1074 0 R>>endobj
+1074 0 obj<</Parent 1071 0 R/Title(10.3. What qualifies a Domain Controller on the network?)/Dest[882 0 R/XYZ null 192 null]/Prev 1073 0 R/Next 1075 0 R>>endobj
+1075 0 obj<</Parent 1071 0 R/Title(10.3.1. How does a Workstation find its domain controller?)/Dest[885 0 R/XYZ null 722 null]/Prev 1074 0 R/Next 1076 0 R>>endobj
+1076 0 obj<</Parent 1071 0 R/Title(10.3.2. When is the PDC needed?)/Dest[885 0 R/XYZ null 584 null]/Prev 1075 0 R/Next 1077 0 R>>endobj
+1077 0 obj<</Parent 1071 0 R/Title(10.4. Can Samba be a Backup Domain Controller?)/Dest[885 0 R/XYZ null 486 null]/Prev 1076 0 R/Next 1078 0 R>>endobj
+1078 0 obj<</Parent 1071 0 R/Title(10.5. How do I set up a Samba BDC?)/Dest[885 0 R/XYZ null 335 null]/Prev 1077 0 R/Next 1079 0 R>>endobj
+1079 0 obj<</Parent 1071 0 R/Title(10.5.1. How do I replicate the smbpasswd file?)/Dest[888 0 R/XYZ null 407 null]/Prev 1078 0 R>>endobj
+1080 0 obj<</Parent 969 0 R/Count -13/First 1081 0 R/Last 1093 0 R/Title(Chapter 11. Storing Samba's User/Machine Account information in an LDAP Directory)/Dest[891 0 R/XYZ null 750 null]/Prev 1071 0 R/Next 1094 0 R>>endobj
+1081 0 obj<</Parent 1080 0 R/Title(11.1. Purpose)/Dest[891 0 R/XYZ null 702 null]/Next 1082 0 R>>endobj
+1082 0 obj<</Parent 1080 0 R/Title(11.2. Introduction)/Dest[891 0 R/XYZ null 419 null]/Prev 1081 0 R/Next 1083 0 R>>endobj
+1083 0 obj<</Parent 1080 0 R/Title(11.3. Supported LDAP Servers)/Dest[894 0 R/XYZ null 563 null]/Prev 1082 0 R/Next 1084 0 R>>endobj
+1084 0 obj<</Parent 1080 0 R/Title(11.4. Schema and Relationship to the RFC 2307 posixAccount)/Dest[894 0 R/XYZ null 452 null]/Prev 1083 0 R/Next 1085 0 R>>endobj
+1085 0 obj<</Parent 1080 0 R/Title(11.5. Configuring Samba with LDAP)/Dest[897 0 R/XYZ null 577 null]/Prev 1084 0 R/Next 1086 0 R>>endobj
+1086 0 obj<</Parent 1080 0 R/Title(11.5.1. OpenLDAP configuration)/Dest[897 0 R/XYZ null 547 null]/Prev 1085 0 R/Next 1087 0 R>>endobj
+1087 0 obj<</Parent 1080 0 R/Title(11.5.2. Configuring Samba)/Dest[900 0 R/XYZ null 648 null]/Prev 1086 0 R/Next 1088 0 R>>endobj
+1088 0 obj<</Parent 1080 0 R/Title(11.5.3. Importing smbpasswd entries)/Dest[903 0 R/XYZ null 723 null]/Prev 1087 0 R/Next 1089 0 R>>endobj
+1089 0 obj<</Parent 1080 0 R/Title(11.6. Accounts and Groups management)/Dest[903 0 R/XYZ null 519 null]/Prev 1088 0 R/Next 1090 0 R>>endobj
+1090 0 obj<</Parent 1080 0 R/Title(11.7. Security and sambaAccount)/Dest[903 0 R/XYZ null 316 null]/Prev 1089 0 R/Next 1091 0 R>>endobj
+1091 0 obj<</Parent 1080 0 R/Title(11.8. LDAP specials attributes for sambaAccounts)/Dest[906 0 R/XYZ null 598 null]/Prev 1090 0 R/Next 1092 0 R>>endobj
+1092 0 obj<</Parent 1080 0 R/Title(11.9. Example LDIF Entries for a sambaAccount)/Dest[909 0 R/XYZ null 577 null]/Prev 1091 0 R/Next 1093 0 R>>endobj
+1093 0 obj<</Parent 1080 0 R/Title(11.10. Comments)/Dest[912 0 R/XYZ null 735 null]/Prev 1092 0 R>>endobj
+1094 0 obj<</Parent 969 0 R/Count -16/First 1095 0 R/Last 1110 0 R/Title(Chapter 12. Unified Logons between Windows NT and UNIX using Winbind)/Dest[915 0 R/XYZ null 750 null]/Prev 1080 0 R/Next 1111 0 R>>endobj
+1095 0 obj<</Parent 1094 0 R/Title(12.1. Abstract)/Dest[915 0 R/XYZ null 702 null]/Next 1096 0 R>>endobj
+1096 0 obj<</Parent 1094 0 R/Title(12.2. Introduction)/Dest[915 0 R/XYZ null 565 null]/Prev 1095 0 R/Next 1097 0 R>>endobj
+1097 0 obj<</Parent 1094 0 R/Title(12.3. What Winbind Provides)/Dest[915 0 R/XYZ null 242 null]/Prev 1096 0 R/Next 1098 0 R>>endobj
+1098 0 obj<</Parent 1094 0 R/Title(12.3.1. Target Uses)/Dest[918 0 R/XYZ null 577 null]/Prev 1097 0 R/Next 1099 0 R>>endobj
+1099 0 obj<</Parent 1094 0 R/Title(12.4. How Winbind Works)/Dest[918 0 R/XYZ null 413 null]/Prev 1098 0 R/Next 1100 0 R>>endobj
+1100 0 obj<</Parent 1094 0 R/Title(12.4.1. Microsoft Remote Procedure Calls)/Dest[918 0 R/XYZ null 288 null]/Prev 1099 0 R/Next 1101 0 R>>endobj
+1101 0 obj<</Parent 1094 0 R/Title(12.4.2. Name Service Switch)/Dest[921 0 R/XYZ null 750 null]/Prev 1100 0 R/Next 1102 0 R>>endobj
+1102 0 obj<</Parent 1094 0 R/Title(12.4.3. Pluggable Authentication Modules)/Dest[921 0 R/XYZ null 309 null]/Prev 1101 0 R/Next 1103 0 R>>endobj
+1103 0 obj<</Parent 1094 0 R/Title(12.4.4. User and Group ID Allocation)/Dest[924 0 R/XYZ null 669 null]/Prev 1102 0 R/Next 1104 0 R>>endobj
+1104 0 obj<</Parent 1094 0 R/Title(12.4.5. Result Caching)/Dest[924 0 R/XYZ null 479 null]/Prev 1103 0 R/Next 1105 0 R>>endobj
+1105 0 obj<</Parent 1094 0 R/Title(12.5. Installation and Configuration)/Dest[924 0 R/XYZ null 328 null]/Prev 1104 0 R/Next 1106 0 R>>endobj
+1106 0 obj<</Parent 1094 0 R/Title(12.5.1. Introduction)/Dest[924 0 R/XYZ null 217 null]/Prev 1105 0 R/Next 1107 0 R>>endobj
+1107 0 obj<</Parent 1094 0 R/Title(12.5.2. Requirements)/Dest[927 0 R/XYZ null 563 null]/Prev 1106 0 R/Next 1108 0 R>>endobj
+1108 0 obj<</Parent 1094 0 R/Title(12.5.3. Testing Things Out)/Dest[927 0 R/XYZ null 281 null]/Prev 1107 0 R/Next 1109 0 R>>endobj
+1109 0 obj<</Parent 1094 0 R/Title(12.6. Limitations)/Dest[939 0 R/XYZ null 202 null]/Prev 1108 0 R/Next 1110 0 R>>endobj
+1110 0 obj<</Parent 1094 0 R/Title(12.7. Conclusion)/Dest[942 0 R/XYZ null 709 null]/Prev 1109 0 R>>endobj
+1111 0 obj<</Parent 969 0 R/Count -5/First 1112 0 R/Last 1116 0 R/Title(Chapter 13. OS2 Client HOWTO)/Dest[945 0 R/XYZ null 750 null]/Prev 1094 0 R/Next 1117 0 R>>endobj
+1112 0 obj<</Parent 1111 0 R/Title(13.1. FAQs)/Dest[945 0 R/XYZ null 726 null]/Next 1113 0 R>>endobj
+1113 0 obj<</Parent 1111 0 R/Title(13.1.1. How can I configure OS/2 Warp Connect or  OS/2 Warp 4 as a client for Samba?)/Dest[945 0 R/XYZ null 696 null]/Prev 1112 0 R/Next 1114 0 R>>endobj
+1114 0 obj<</Parent 1111 0 R/Title(13.1.2. How can I configure OS/2 Warp 3 \(not Connect\),  OS/2 1.2, 1.3 or 2.x for Samba?)/Dest[945 0 R/XYZ null 344 null]/Prev 1113 0 R/Next 1115 0 R>>endobj
+1115 0 obj<</Parent 1111 0 R/Title(13.1.3. Are there any other issues when OS/2 \(any version\)  is used as a client?)/Dest[948 0 R/XYZ null 750 null]/Prev 1114 0 R/Next 1116 0 R>>endobj
+1116 0 obj<</Parent 1111 0 R/Title(13.1.4. How do I get printer driver download working  for OS/2 clients?)/Dest[948 0 R/XYZ null 635 null]/Prev 1115 0 R>>endobj
+1117 0 obj<</Parent 969 0 R/Count -4/First 1118 0 R/Last 1121 0 R/Title(Chapter 14. HOWTO Access Samba source code via CVS)/Dest[951 0 R/XYZ null 750 null]/Prev 1111 0 R/Next 1122 0 R>>endobj
+1118 0 obj<</Parent 1117 0 R/Title(14.1. Introduction)/Dest[951 0 R/XYZ null 702 null]/Next 1119 0 R>>endobj
+1119 0 obj<</Parent 1117 0 R/Title(14.2. CVS Access to samba.org)/Dest[951 0 R/XYZ null 578 null]/Prev 1118 0 R/Next 1120 0 R>>endobj
+1120 0 obj<</Parent 1117 0 R/Title(14.2.1. Access via CVSweb)/Dest[951 0 R/XYZ null 480 null]/Prev 1119 0 R/Next 1121 0 R>>endobj
+1121 0 obj<</Parent 1117 0 R/Title(14.2.2. Access via cvs)/Dest[951 0 R/XYZ null 355 null]/Prev 1120 0 R>>endobj
+1122 0 obj<</Parent 969 0 R/Title(Index)/Dest[954 0 R/XYZ null 484 null]/Prev 1117 0 R>>endobj
+1123 0 obj<</Type/Catalog/Pages 689 0 R/Names 514 0 R/PageLayout/SinglePage/Outlines 969 0 R/OpenAction[690 0 R/XYZ null null null]/PageMode/UseOutlines/PageLabels<</Nums[0<</P(title)>>1<</S/r>>5<</S/D>>]>>>>endobj
 xref
-0 1554 
+0 1124 
 0000000000 65535 f 
 0000000015 00000 n 
-0000000250 00000 n 
-0000001816 00000 n 
-0000001890 00000 n 
-0000001969 00000 n 
-0000002051 00000 n 
-0000002137 00000 n 
-0000002215 00000 n 
-0000002292 00000 n 
-0000002371 00000 n 
-0000002455 00000 n 
-0000002532 00000 n 
-0000002614 00000 n 
-0000002673 00000 n 
-0000002775 00000 n 
-0000002878 00000 n 
-0000002980 00000 n 
-0000003082 00000 n 
-0000003185 00000 n 
-0000003288 00000 n 
-0000003391 00000 n 
-0000003494 00000 n 
-0000003597 00000 n 
-0000003700 00000 n 
-0000003803 00000 n 
-0000003906 00000 n 
-0000004009 00000 n 
-0000004112 00000 n 
-0000004215 00000 n 
-0000004318 00000 n 
-0000004421 00000 n 
-0000004524 00000 n 
-0000004627 00000 n 
-0000004730 00000 n 
-0000004833 00000 n 
-0000004936 00000 n 
-0000005038 00000 n 
-0000005141 00000 n 
-0000005244 00000 n 
-0000005347 00000 n 
-0000005450 00000 n 
-0000005553 00000 n 
-0000005656 00000 n 
-0000005759 00000 n 
-0000005862 00000 n 
-0000005965 00000 n 
-0000006068 00000 n 
-0000006171 00000 n 
-0000006274 00000 n 
-0000006377 00000 n 
-0000006480 00000 n 
-0000006583 00000 n 
-0000006685 00000 n 
-0000006788 00000 n 
-0000006891 00000 n 
-0000006993 00000 n 
-0000007094 00000 n 
-0000007195 00000 n 
-0000007519 00000 n 
-0000007621 00000 n 
-0000007724 00000 n 
-0000007827 00000 n 
-0000007930 00000 n 
-0000008033 00000 n 
-0000008136 00000 n 
-0000008239 00000 n 
-0000008342 00000 n 
-0000008445 00000 n 
-0000008548 00000 n 
-0000008651 00000 n 
-0000008754 00000 n 
-0000008857 00000 n 
-0000008960 00000 n 
-0000009062 00000 n 
-0000009165 00000 n 
-0000009268 00000 n 
-0000009371 00000 n 
-0000009473 00000 n 
-0000009576 00000 n 
-0000009679 00000 n 
-0000009781 00000 n 
-0000009884 00000 n 
+0000000244 00000 n 
+0000001810 00000 n 
+0000001884 00000 n 
+0000001963 00000 n 
+0000002045 00000 n 
+0000002131 00000 n 
+0000002209 00000 n 
+0000002286 00000 n 
+0000002365 00000 n 
+0000002442 00000 n 
+0000002524 00000 n 
+0000002583 00000 n 
+0000002635 00000 n 
+0000002720 00000 n 
+0000002773 00000 n 
+0000002857 00000 n 
+0000002923 00000 n 
+0000003007 00000 n 
+0000003045 00000 n 
+0000003097 00000 n 
+0000003182 00000 n 
+0000003206 00000 n 
+0000003252 00000 n 
+0000003337 00000 n 
+0000003382 00000 n 
+0000003466 00000 n 
+0000003511 00000 n 
+0000003595 00000 n 
+0000003633 00000 n 
+0000003676 00000 n 
+0000003761 00000 n 
+0000003804 00000 n 
+0000003888 00000 n 
+0000003919 00000 n 
+0000003973 00000 n 
+0000004057 00000 n 
+0000004081 00000 n 
+0000004132 00000 n 
+0000004217 00000 n 
+0000004265 00000 n 
+0000004350 00000 n 
+0000004381 00000 n 
+0000004499 00000 n 
+0000004583 00000 n 
+0000004624 00000 n 
+0000004709 00000 n 
+0000004750 00000 n 
+0000004835 00000 n 
+0000004873 00000 n 
+0000004917 00000 n 
+0000005002 00000 n 
+0000005026 00000 n 
+0000005070 00000 n 
+0000005154 00000 n 
+0000005196 00000 n 
+0000005281 00000 n 
+0000005330 00000 n 
+0000005415 00000 n 
+0000005464 00000 n 
+0000005547 00000 n 
+0000005594 00000 n 
+0000005679 00000 n 
+0000005725 00000 n 
+0000005809 00000 n 
+0000005868 00000 n 
+0000005930 00000 n 
+0000006015 00000 n 
+0000006072 00000 n 
+0000006157 00000 n 
+0000006250 00000 n 
+0000006334 00000 n 
+0000006372 00000 n 
+0000006477 00000 n 
+0000006518 00000 n 
+0000006602 00000 n 
+0000006648 00000 n 
+0000006733 00000 n 
+0000006772 00000 n 
+0000006857 00000 n 
+0000006899 00000 n 
+0000006984 00000 n 
+0000007026 00000 n 
+0000007111 00000 n 
+0000007170 00000 n 
+0000007214 00000 n 
+0000007299 00000 n 
+0000007323 00000 n 
+0000007369 00000 n 
+0000007454 00000 n 
+0000007501 00000 n 
+0000007586 00000 n 
+0000007617 00000 n 
+0000007669 00000 n 
+0000007754 00000 n 
+0000007803 00000 n 
+0000007888 00000 n 
+0000007937 00000 n 
+0000008021 00000 n 
+0000008073 00000 n 
+0000008159 00000 n 
+0000008208 00000 n 
+0000008295 00000 n 
+0000008344 00000 n 
+0000008430 00000 n 
+0000008494 00000 n 
+0000008581 00000 n 
+0000008652 00000 n 
+0000008716 00000 n 
+0000008803 00000 n 
+0000008829 00000 n 
+0000008881 00000 n 
+0000008966 00000 n 
+0000008992 00000 n 
+0000009056 00000 n 
+0000009143 00000 n 
+0000009209 00000 n 
+0000009296 00000 n 
+0000009354 00000 n 
+0000009441 00000 n 
+0000009535 00000 n 
+0000009622 00000 n 
+0000009686 00000 n 
+0000009773 00000 n 
+0000009834 00000 n 
+0000009921 00000 n 
 0000009987 00000 n 
-0000010090 00000 n 
-0000010193 00000 n 
-0000010296 00000 n 
-0000010399 00000 n 
-0000010502 00000 n 
-0000010605 00000 n 
-0000010708 00000 n 
-0000010810 00000 n 
-0000010913 00000 n 
-0000011016 00000 n 
-0000011119 00000 n 
-0000011222 00000 n 
-0000011325 00000 n 
-0000011428 00000 n 
-0000011531 00000 n 
-0000011634 00000 n 
-0000011737 00000 n 
-0000011840 00000 n 
-0000011942 00000 n 
-0000012044 00000 n 
-0000012372 00000 n 
-0000012475 00000 n 
-0000012579 00000 n 
-0000012682 00000 n 
-0000012786 00000 n 
-0000012890 00000 n 
-0000012994 00000 n 
-0000013098 00000 n 
-0000013202 00000 n 
-0000013306 00000 n 
-0000013410 00000 n 
-0000013514 00000 n 
-0000013618 00000 n 
-0000013721 00000 n 
-0000013825 00000 n 
-0000013929 00000 n 
-0000014032 00000 n 
-0000014136 00000 n 
-0000014240 00000 n 
-0000014344 00000 n 
-0000014447 00000 n 
-0000014551 00000 n 
-0000014655 00000 n 
-0000014759 00000 n 
-0000014863 00000 n 
-0000014967 00000 n 
-0000015071 00000 n 
-0000015175 00000 n 
-0000015279 00000 n 
-0000015383 00000 n 
-0000015487 00000 n 
-0000015591 00000 n 
-0000015695 00000 n 
-0000015799 00000 n 
-0000015903 00000 n 
-0000016007 00000 n 
-0000016111 00000 n 
-0000016214 00000 n 
-0000016318 00000 n 
-0000016422 00000 n 
-0000016526 00000 n 
-0000016629 00000 n 
-0000016731 00000 n 
-0000016833 00000 n 
-0000017194 00000 n 
-0000017297 00000 n 
-0000017401 00000 n 
-0000017505 00000 n 
-0000017609 00000 n 
-0000017713 00000 n 
-0000017817 00000 n 
-0000017921 00000 n 
-0000018025 00000 n 
-0000018129 00000 n 
-0000018232 00000 n 
-0000018336 00000 n 
-0000018440 00000 n 
-0000018544 00000 n 
-0000018648 00000 n 
-0000018752 00000 n 
-0000018856 00000 n 
-0000018960 00000 n 
-0000019064 00000 n 
-0000019167 00000 n 
-0000019271 00000 n 
-0000019375 00000 n 
-0000019479 00000 n 
-0000019583 00000 n 
-0000019687 00000 n 
-0000019791 00000 n 
-0000019895 00000 n 
-0000019999 00000 n 
-0000020103 00000 n 
-0000020207 00000 n 
-0000020311 00000 n 
-0000020415 00000 n 
-0000020518 00000 n 
-0000020622 00000 n 
-0000020726 00000 n 
-0000020830 00000 n 
-0000020934 00000 n 
-0000021038 00000 n 
-0000021142 00000 n 
-0000021246 00000 n 
-0000021350 00000 n 
-0000021454 00000 n 
-0000021558 00000 n 
-0000021661 00000 n 
-0000021763 00000 n 
-0000022132 00000 n 
-0000022235 00000 n 
-0000022339 00000 n 
-0000022443 00000 n 
-0000022547 00000 n 
-0000022651 00000 n 
-0000022755 00000 n 
-0000022859 00000 n 
-0000022963 00000 n 
-0000023067 00000 n 
-0000023171 00000 n 
-0000023275 00000 n 
-0000023379 00000 n 
-0000023483 00000 n 
-0000023587 00000 n 
-0000023691 00000 n 
-0000023795 00000 n 
-0000023899 00000 n 
-0000024003 00000 n 
-0000024107 00000 n 
+0000010035 00000 n 
+0000010122 00000 n 
+0000010169 00000 n 
+0000010256 00000 n 
+0000010297 00000 n 
+0000010383 00000 n 
+0000010425 00000 n 
+0000010467 00000 n 
+0000010554 00000 n 
+0000010603 00000 n 
+0000010690 00000 n 
+0000010737 00000 n 
+0000010824 00000 n 
+0000010866 00000 n 
+0000010919 00000 n 
+0000011006 00000 n 
+0000011050 00000 n 
+0000011137 00000 n 
+0000011194 00000 n 
+0000011281 00000 n 
+0000011377 00000 n 
+0000011463 00000 n 
+0000011513 00000 n 
+0000011560 00000 n 
+0000011647 00000 n 
+0000011694 00000 n 
+0000011781 00000 n 
+0000011830 00000 n 
+0000011917 00000 n 
+0000011964 00000 n 
+0000012051 00000 n 
+0000012101 00000 n 
+0000012148 00000 n 
+0000012235 00000 n 
+0000012282 00000 n 
+0000012367 00000 n 
+0000012411 00000 n 
+0000012497 00000 n 
+0000012539 00000 n 
+0000012625 00000 n 
+0000012665 00000 n 
+0000012751 00000 n 
+0000012799 00000 n 
+0000012885 00000 n 
+0000012930 00000 n 
+0000013016 00000 n 
+0000013060 00000 n 
+0000013146 00000 n 
+0000013197 00000 n 
+0000013283 00000 n 
+0000013332 00000 n 
+0000013418 00000 n 
+0000013463 00000 n 
+0000013549 00000 n 
+0000013591 00000 n 
+0000013677 00000 n 
+0000013720 00000 n 
+0000013806 00000 n 
+0000013848 00000 n 
+0000013934 00000 n 
+0000013978 00000 n 
+0000014064 00000 n 
+0000014101 00000 n 
+0000014187 00000 n 
+0000014228 00000 n 
+0000014314 00000 n 
+0000014356 00000 n 
+0000014442 00000 n 
+0000014479 00000 n 
+0000014565 00000 n 
+0000014606 00000 n 
+0000014692 00000 n 
+0000014735 00000 n 
+0000014821 00000 n 
+0000014867 00000 n 
+0000014953 00000 n 
+0000015147 00000 n 
+0000015194 00000 n 
+0000015281 00000 n 
+0000015330 00000 n 
+0000015417 00000 n 
+0000015466 00000 n 
+0000015552 00000 n 
+0000015594 00000 n 
+0000015642 00000 n 
+0000015728 00000 n 
+0000015774 00000 n 
+0000015861 00000 n 
+0000015895 00000 n 
+0000016010 00000 n 
+0000016097 00000 n 
+0000016123 00000 n 
+0000016205 00000 n 
+0000016292 00000 n 
+0000016377 00000 n 
+0000016464 00000 n 
+0000016519 00000 n 
+0000016606 00000 n 
+0000016662 00000 n 
+0000016749 00000 n 
+0000016799 00000 n 
+0000016847 00000 n 
+0000016934 00000 n 
+0000017008 00000 n 
+0000017095 00000 n 
+0000017163 00000 n 
+0000017250 00000 n 
+0000017304 00000 n 
+0000017391 00000 n 
+0000017459 00000 n 
+0000017546 00000 n 
+0000017620 00000 n 
+0000017707 00000 n 
+0000017755 00000 n 
+0000017842 00000 n 
+0000017899 00000 n 
+0000017986 00000 n 
+0000018068 00000 n 
+0000018123 00000 n 
+0000018210 00000 n 
+0000018291 00000 n 
+0000018378 00000 n 
+0000018412 00000 n 
+0000018464 00000 n 
+0000018551 00000 n 
+0000018577 00000 n 
+0000018625 00000 n 
+0000018711 00000 n 
+0000018737 00000 n 
+0000018790 00000 n 
+0000018876 00000 n 
+0000018902 00000 n 
+0000018958 00000 n 
+0000019045 00000 n 
+0000019114 00000 n 
+0000019201 00000 n 
+0000019252 00000 n 
+0000019339 00000 n 
+0000019426 00000 n 
+0000019513 00000 n 
+0000019569 00000 n 
+0000019656 00000 n 
+0000019705 00000 n 
+0000019792 00000 n 
+0000019858 00000 n 
+0000019910 00000 n 
+0000019997 00000 n 
+0000020052 00000 n 
+0000020139 00000 n 
+0000020186 00000 n 
+0000020273 00000 n 
+0000020320 00000 n 
+0000020407 00000 n 
+0000020457 00000 n 
+0000020497 00000 n 
+0000020584 00000 n 
+0000020627 00000 n 
+0000020714 00000 n 
+0000020758 00000 n 
+0000020845 00000 n 
+0000020888 00000 n 
+0000020975 00000 n 
+0000021018 00000 n 
+0000021105 00000 n 
+0000021146 00000 n 
+0000021233 00000 n 
+0000021280 00000 n 
+0000021367 00000 n 
+0000021441 00000 n 
+0000021496 00000 n 
+0000021583 00000 n 
+0000021639 00000 n 
+0000021726 00000 n 
+0000021773 00000 n 
+0000021859 00000 n 
+0000021901 00000 n 
+0000021953 00000 n 
+0000022038 00000 n 
+0000022064 00000 n 
+0000022118 00000 n 
+0000022205 00000 n 
+0000022231 00000 n 
+0000022293 00000 n 
+0000022380 00000 n 
+0000022406 00000 n 
+0000022455 00000 n 
+0000022542 00000 n 
+0000022591 00000 n 
+0000022677 00000 n 
+0000022711 00000 n 
+0000022758 00000 n 
+0000022845 00000 n 
+0000022894 00000 n 
+0000022981 00000 n 
+0000023024 00000 n 
+0000023111 00000 n 
+0000023154 00000 n 
+0000023241 00000 n 
+0000023290 00000 n 
+0000023375 00000 n 
+0000023424 00000 n 
+0000023509 00000 n 
+0000023575 00000 n 
+0000023623 00000 n 
+0000023710 00000 n 
+0000023756 00000 n 
+0000023843 00000 n 
+0000023877 00000 n 
+0000023956 00000 n 
+0000024043 00000 n 
+0000024125 00000 n 
 0000024211 00000 n 
-0000024315 00000 n 
-0000024418 00000 n 
-0000024522 00000 n 
-0000024626 00000 n 
-0000024730 00000 n 
-0000024834 00000 n 
-0000024938 00000 n 
-0000025042 00000 n 
-0000025146 00000 n 
-0000025250 00000 n 
-0000025354 00000 n 
-0000025458 00000 n 
-0000025562 00000 n 
-0000025666 00000 n 
-0000025770 00000 n 
-0000025873 00000 n 
-0000025977 00000 n 
-0000026081 00000 n 
-0000026185 00000 n 
-0000026289 00000 n 
-0000026392 00000 n 
-0000026496 00000 n 
-0000026599 00000 n 
-0000026701 00000 n 
-0000026803 00000 n 
-0000027180 00000 n 
-0000027283 00000 n 
-0000027387 00000 n 
-0000027491 00000 n 
-0000027594 00000 n 
-0000027697 00000 n 
-0000027801 00000 n 
-0000027905 00000 n 
-0000028009 00000 n 
-0000028090 00000 n 
-0000028143 00000 n 
-0000028230 00000 n 
-0000028284 00000 n 
-0000028370 00000 n 
-0000028437 00000 n 
-0000028523 00000 n 
-0000028626 00000 n 
-0000028730 00000 n 
-0000028834 00000 n 
-0000028938 00000 n 
-0000029042 00000 n 
-0000029146 00000 n 
-0000029250 00000 n 
-0000029354 00000 n 
-0000029458 00000 n 
-0000029562 00000 n 
-0000029666 00000 n 
-0000029770 00000 n 
-0000029874 00000 n 
-0000029978 00000 n 
-0000030082 00000 n 
-0000030186 00000 n 
-0000030290 00000 n 
-0000030394 00000 n 
-0000030498 00000 n 
-0000030601 00000 n 
-0000030705 00000 n 
-0000030809 00000 n 
-0000030913 00000 n 
-0000031017 00000 n 
-0000031121 00000 n 
-0000031225 00000 n 
-0000031329 00000 n 
-0000031433 00000 n 
-0000031537 00000 n 
-0000031641 00000 n 
-0000031745 00000 n 
-0000031848 00000 n 
-0000031950 00000 n 
-0000032052 00000 n 
-0000032365 00000 n 
-0000032469 00000 n 
-0000032572 00000 n 
-0000032676 00000 n 
-0000032780 00000 n 
-0000032884 00000 n 
-0000032988 00000 n 
-0000033092 00000 n 
-0000033196 00000 n 
-0000033300 00000 n 
-0000033404 00000 n 
-0000033508 00000 n 
-0000033612 00000 n 
-0000033716 00000 n 
-0000033820 00000 n 
-0000033924 00000 n 
-0000034028 00000 n 
-0000034132 00000 n 
-0000034236 00000 n 
-0000034340 00000 n 
-0000034444 00000 n 
-0000034547 00000 n 
-0000034651 00000 n 
-0000034755 00000 n 
-0000034859 00000 n 
-0000034962 00000 n 
-0000035066 00000 n 
-0000035170 00000 n 
-0000035273 00000 n 
-0000035377 00000 n 
-0000035481 00000 n 
-0000035585 00000 n 
-0000035689 00000 n 
-0000035793 00000 n 
-0000035897 00000 n 
-0000036001 00000 n 
-0000036105 00000 n 
-0000036209 00000 n 
-0000036312 00000 n 
+0000024286 00000 n 
+0000024373 00000 n 
+0000024446 00000 n 
+0000024533 00000 n 
+0000024583 00000 n 
+0000024661 00000 n 
+0000024748 00000 n 
+0000024774 00000 n 
+0000024837 00000 n 
+0000024924 00000 n 
+0000024987 00000 n 
+0000025074 00000 n 
+0000025128 00000 n 
+0000025215 00000 n 
+0000025257 00000 n 
+0000025298 00000 n 
+0000025385 00000 n 
+0000025411 00000 n 
+0000025516 00000 n 
+0000025622 00000 n 
+0000025728 00000 n 
+0000025834 00000 n 
+0000025940 00000 n 
+0000026046 00000 n 
+0000026152 00000 n 
+0000026258 00000 n 
+0000026364 00000 n 
+0000026470 00000 n 
+0000026576 00000 n 
+0000026682 00000 n 
+0000026788 00000 n 
+0000026894 00000 n 
+0000027000 00000 n 
+0000027106 00000 n 
+0000027212 00000 n 
+0000027318 00000 n 
+0000027424 00000 n 
+0000027530 00000 n 
+0000027635 00000 n 
+0000027741 00000 n 
+0000027847 00000 n 
+0000027953 00000 n 
+0000028059 00000 n 
+0000028165 00000 n 
+0000028271 00000 n 
+0000028377 00000 n 
+0000028483 00000 n 
+0000028589 00000 n 
+0000028695 00000 n 
+0000028801 00000 n 
+0000028907 00000 n 
+0000029013 00000 n 
+0000029119 00000 n 
+0000029225 00000 n 
+0000029331 00000 n 
+0000029437 00000 n 
+0000029543 00000 n 
+0000029648 00000 n 
+0000029754 00000 n 
+0000029860 00000 n 
+0000029966 00000 n 
+0000030069 00000 n 
+0000030173 00000 n 
+0000030551 00000 n 
+0000030657 00000 n 
+0000030762 00000 n 
+0000030868 00000 n 
+0000030974 00000 n 
+0000031080 00000 n 
+0000031186 00000 n 
+0000031292 00000 n 
+0000031398 00000 n 
+0000031504 00000 n 
+0000031610 00000 n 
+0000031716 00000 n 
+0000031821 00000 n 
+0000031927 00000 n 
+0000032033 00000 n 
+0000032139 00000 n 
+0000032245 00000 n 
+0000032351 00000 n 
+0000032457 00000 n 
+0000032563 00000 n 
+0000032669 00000 n 
+0000032775 00000 n 
+0000032881 00000 n 
+0000032987 00000 n 
+0000033093 00000 n 
+0000033199 00000 n 
+0000033305 00000 n 
+0000033411 00000 n 
+0000033516 00000 n 
+0000033622 00000 n 
+0000033728 00000 n 
+0000033834 00000 n 
+0000033940 00000 n 
+0000034046 00000 n 
+0000034152 00000 n 
+0000034258 00000 n 
+0000034364 00000 n 
+0000034470 00000 n 
+0000034575 00000 n 
+0000034681 00000 n 
+0000034787 00000 n 
+0000034893 00000 n 
+0000034996 00000 n 
+0000035100 00000 n 
+0000035462 00000 n 
+0000035568 00000 n 
+0000035674 00000 n 
+0000035780 00000 n 
+0000035886 00000 n 
+0000035992 00000 n 
+0000036098 00000 n 
+0000036204 00000 n 
+0000036310 00000 n 
 0000036416 00000 n 
-0000036520 00000 n 
-0000036624 00000 n 
-0000036728 00000 n 
-0000036832 00000 n 
-0000036936 00000 n 
-0000037040 00000 n 
-0000037144 00000 n 
-0000037248 00000 n 
-0000037352 00000 n 
-0000037455 00000 n 
-0000037557 00000 n 
-0000037659 00000 n 
-0000038084 00000 n 
-0000038187 00000 n 
-0000038291 00000 n 
-0000038395 00000 n 
-0000038499 00000 n 
-0000038603 00000 n 
-0000038707 00000 n 
-0000038811 00000 n 
-0000038915 00000 n 
-0000039019 00000 n 
-0000039123 00000 n 
-0000039226 00000 n 
-0000039330 00000 n 
-0000039434 00000 n 
-0000039537 00000 n 
-0000039641 00000 n 
-0000039745 00000 n 
-0000039849 00000 n 
-0000039952 00000 n 
-0000040056 00000 n 
-0000040160 00000 n 
-0000040264 00000 n 
-0000040368 00000 n 
-0000040472 00000 n 
-0000040576 00000 n 
-0000040680 00000 n 
-0000040784 00000 n 
-0000040888 00000 n 
-0000040992 00000 n 
-0000041096 00000 n 
-0000041200 00000 n 
-0000041304 00000 n 
-0000041408 00000 n 
-0000041512 00000 n 
-0000041616 00000 n 
-0000041719 00000 n 
-0000041823 00000 n 
-0000041927 00000 n 
-0000042031 00000 n 
-0000042135 00000 n 
-0000042239 00000 n 
-0000042343 00000 n 
-0000042447 00000 n 
-0000042551 00000 n 
-0000042655 00000 n 
-0000042759 00000 n 
-0000042863 00000 n 
-0000042967 00000 n 
-0000043071 00000 n 
-0000043174 00000 n 
-0000043275 00000 n 
-0000043377 00000 n 
-0000043802 00000 n 
-0000043906 00000 n 
-0000044010 00000 n 
-0000044114 00000 n 
-0000044218 00000 n 
-0000044322 00000 n 
-0000044426 00000 n 
-0000044530 00000 n 
-0000044633 00000 n 
-0000044737 00000 n 
-0000044841 00000 n 
-0000044945 00000 n 
-0000045049 00000 n 
-0000045153 00000 n 
-0000045257 00000 n 
-0000045361 00000 n 
-0000045465 00000 n 
-0000045569 00000 n 
-0000045673 00000 n 
-0000045777 00000 n 
-0000045881 00000 n 
-0000045984 00000 n 
-0000046088 00000 n 
-0000046192 00000 n 
-0000046296 00000 n 
-0000046400 00000 n 
-0000046504 00000 n 
-0000046608 00000 n 
-0000046712 00000 n 
-0000046816 00000 n 
-0000046920 00000 n 
-0000047024 00000 n 
-0000047128 00000 n 
-0000047232 00000 n 
-0000047335 00000 n 
-0000047439 00000 n 
-0000047543 00000 n 
-0000047647 00000 n 
-0000047751 00000 n 
+0000036522 00000 n 
+0000036628 00000 n 
+0000036734 00000 n 
+0000036840 00000 n 
+0000036945 00000 n 
+0000037051 00000 n 
+0000037157 00000 n 
+0000037263 00000 n 
+0000037369 00000 n 
+0000037475 00000 n 
+0000037581 00000 n 
+0000037687 00000 n 
+0000037793 00000 n 
+0000037898 00000 n 
+0000038004 00000 n 
+0000038110 00000 n 
+0000038216 00000 n 
+0000038322 00000 n 
+0000038428 00000 n 
+0000038534 00000 n 
+0000038640 00000 n 
+0000038746 00000 n 
+0000038852 00000 n 
+0000038958 00000 n 
+0000039064 00000 n 
+0000039170 00000 n 
+0000039276 00000 n 
+0000039381 00000 n 
+0000039487 00000 n 
+0000039593 00000 n 
+0000039699 00000 n 
+0000039805 00000 n 
+0000039911 00000 n 
+0000040016 00000 n 
+0000040120 00000 n 
+0000040224 00000 n 
+0000040602 00000 n 
+0000040708 00000 n 
+0000040814 00000 n 
+0000040920 00000 n 
+0000041026 00000 n 
+0000041132 00000 n 
+0000041238 00000 n 
+0000041344 00000 n 
+0000041450 00000 n 
+0000041555 00000 n 
+0000041661 00000 n 
+0000041767 00000 n 
+0000041873 00000 n 
+0000041979 00000 n 
+0000042085 00000 n 
+0000042190 00000 n 
+0000042296 00000 n 
+0000042402 00000 n 
+0000042508 00000 n 
+0000042614 00000 n 
+0000042718 00000 n 
+0000042896 00000 n 
+0000042930 00000 n 
+0000042964 00000 n 
+0000045748 00000 n 
+0000045797 00000 n 
+0000045846 00000 n 
+0000045895 00000 n 
+0000045944 00000 n 
+0000045993 00000 n 
+0000046042 00000 n 
+0000046091 00000 n 
+0000046140 00000 n 
+0000046189 00000 n 
+0000046238 00000 n 
+0000046287 00000 n 
+0000046336 00000 n 
+0000046385 00000 n 
+0000046434 00000 n 
+0000046483 00000 n 
+0000046532 00000 n 
+0000046581 00000 n 
+0000046630 00000 n 
+0000046679 00000 n 
+0000046728 00000 n 
+0000046777 00000 n 
+0000046826 00000 n 
+0000046875 00000 n 
+0000046924 00000 n 
+0000046973 00000 n 
+0000047022 00000 n 
+0000047071 00000 n 
+0000047120 00000 n 
+0000047169 00000 n 
+0000047218 00000 n 
+0000047267 00000 n 
+0000047316 00000 n 
+0000047365 00000 n 
+0000047414 00000 n 
+0000047463 00000 n 
+0000047512 00000 n 
+0000047561 00000 n 
+0000047610 00000 n 
+0000047659 00000 n 
+0000047708 00000 n 
+0000047757 00000 n 
+0000047806 00000 n 
 0000047855 00000 n 
-0000047959 00000 n 
-0000048063 00000 n 
-0000048167 00000 n 
-0000048271 00000 n 
-0000048375 00000 n 
-0000048479 00000 n 
-0000048583 00000 n 
-0000048687 00000 n 
-0000048791 00000 n 
-0000048894 00000 n 
-0000048996 00000 n 
-0000049098 00000 n 
-0000049523 00000 n 
-0000049627 00000 n 
-0000049731 00000 n 
-0000049835 00000 n 
-0000049938 00000 n 
-0000050042 00000 n 
-0000050146 00000 n 
-0000050250 00000 n 
+0000047904 00000 n 
+0000047953 00000 n 
+0000048002 00000 n 
+0000048051 00000 n 
+0000048100 00000 n 
+0000048149 00000 n 
+0000048198 00000 n 
+0000048247 00000 n 
+0000048296 00000 n 
+0000048345 00000 n 
+0000048394 00000 n 
+0000048443 00000 n 
+0000048492 00000 n 
+0000048541 00000 n 
+0000048590 00000 n 
+0000048639 00000 n 
+0000048688 00000 n 
+0000048737 00000 n 
+0000048786 00000 n 
+0000048835 00000 n 
+0000048884 00000 n 
+0000048933 00000 n 
+0000048982 00000 n 
+0000049031 00000 n 
+0000049080 00000 n 
+0000049129 00000 n 
+0000049178 00000 n 
+0000049227 00000 n 
+0000049276 00000 n 
+0000049325 00000 n 
+0000049374 00000 n 
+0000049423 00000 n 
+0000049472 00000 n 
+0000049521 00000 n 
+0000049570 00000 n 
+0000049619 00000 n 
+0000049668 00000 n 
+0000049717 00000 n 
+0000049766 00000 n 
+0000049815 00000 n 
+0000049864 00000 n 
+0000049913 00000 n 
+0000049962 00000 n 
+0000050011 00000 n 
+0000050060 00000 n 
+0000050109 00000 n 
+0000050158 00000 n 
+0000050207 00000 n 
+0000050256 00000 n 
+0000050305 00000 n 
 0000050354 00000 n 
-0000050458 00000 n 
-0000050562 00000 n 
-0000050666 00000 n 
-0000050770 00000 n 
-0000050874 00000 n 
-0000050978 00000 n 
-0000051082 00000 n 
-0000051186 00000 n 
-0000051290 00000 n 
-0000051393 00000 n 
-0000051497 00000 n 
-0000051601 00000 n 
-0000051705 00000 n 
-0000051809 00000 n 
-0000051912 00000 n 
-0000052016 00000 n 
-0000052120 00000 n 
-0000052224 00000 n 
-0000052328 00000 n 
-0000052432 00000 n 
-0000052536 00000 n 
-0000052639 00000 n 
-0000052742 00000 n 
-0000052846 00000 n 
-0000052950 00000 n 
-0000053054 00000 n 
+0000050403 00000 n 
+0000050452 00000 n 
+0000050501 00000 n 
+0000050550 00000 n 
+0000050599 00000 n 
+0000050648 00000 n 
+0000050697 00000 n 
+0000050746 00000 n 
+0000050795 00000 n 
+0000050844 00000 n 
+0000050893 00000 n 
+0000050942 00000 n 
+0000050991 00000 n 
+0000051040 00000 n 
+0000051089 00000 n 
+0000051138 00000 n 
+0000051187 00000 n 
+0000051236 00000 n 
+0000051285 00000 n 
+0000051334 00000 n 
+0000051383 00000 n 
+0000051432 00000 n 
+0000051481 00000 n 
+0000051530 00000 n 
+0000051579 00000 n 
+0000051628 00000 n 
+0000051677 00000 n 
+0000051726 00000 n 
+0000051775 00000 n 
+0000051824 00000 n 
+0000051873 00000 n 
+0000051922 00000 n 
+0000051971 00000 n 
+0000052020 00000 n 
+0000052069 00000 n 
+0000052118 00000 n 
+0000052167 00000 n 
+0000052216 00000 n 
+0000052265 00000 n 
+0000052314 00000 n 
+0000052363 00000 n 
+0000052412 00000 n 
+0000052461 00000 n 
+0000052510 00000 n 
+0000052559 00000 n 
+0000052608 00000 n 
+0000052657 00000 n 
+0000052706 00000 n 
+0000052755 00000 n 
+0000052804 00000 n 
+0000052853 00000 n 
+0000052902 00000 n 
+0000052951 00000 n 
+0000053000 00000 n 
+0000053049 00000 n 
+0000053098 00000 n 
+0000053147 00000 n 
+0000053196 00000 n 
+0000053245 00000 n 
+0000053294 00000 n 
 0000053343 00000 n 
-0000053396 00000 n 
-0000053483 00000 n 
-0000053508 00000 n 
-0000053562 00000 n 
-0000053649 00000 n 
-0000053703 00000 n 
-0000053790 00000 n 
-0000053823 00000 n 
-0000053871 00000 n 
-0000053958 00000 n 
-0000054005 00000 n 
-0000054091 00000 n 
-0000054138 00000 n 
-0000054224 00000 n 
-0000054265 00000 n 
-0000054310 00000 n 
-0000054397 00000 n 
-0000054442 00000 n 
-0000054528 00000 n 
-0000054561 00000 n 
-0000054616 00000 n 
-0000054701 00000 n 
-0000054726 00000 n 
-0000054779 00000 n 
-0000054866 00000 n 
-0000054916 00000 n 
-0000055003 00000 n 
-0000055036 00000 n 
-0000055155 00000 n 
-0000055241 00000 n 
-0000055284 00000 n 
-0000055371 00000 n 
-0000055414 00000 n 
-0000055501 00000 n 
-0000055542 00000 n 
-0000055588 00000 n 
-0000055675 00000 n 
-0000055700 00000 n 
-0000055746 00000 n 
-0000055833 00000 n 
-0000055879 00000 n 
-0000055964 00000 n 
-0000056008 00000 n 
-0000056095 00000 n 
-0000056146 00000 n 
-0000056233 00000 n 
-0000056282 00000 n 
-0000056369 00000 n 
-0000056417 00000 n 
-0000056503 00000 n 
-0000056568 00000 n 
-0000056631 00000 n 
-0000056718 00000 n 
-0000056776 00000 n 
-0000056863 00000 n 
-0000056957 00000 n 
-0000057043 00000 n 
-0000057145 00000 n 
-0000057194 00000 n 
-0000057297 00000 n 
-0000057340 00000 n 
-0000057426 00000 n 
-0000057474 00000 n 
-0000057561 00000 n 
-0000057602 00000 n 
-0000057689 00000 n 
-0000057733 00000 n 
-0000057820 00000 n 
-0000057864 00000 n 
-0000057950 00000 n 
-0000058015 00000 n 
-0000058061 00000 n 
-0000058148 00000 n 
-0000058173 00000 n 
-0000058222 00000 n 
-0000058309 00000 n 
-0000058363 00000 n 
-0000058450 00000 n 
-0000058501 00000 n 
-0000058588 00000 n 
-0000058639 00000 n 
-0000058725 00000 n 
-0000058779 00000 n 
-0000058864 00000 n 
-0000058921 00000 n 
-0000058971 00000 n 
-0000059058 00000 n 
-0000059083 00000 n 
-0000059133 00000 n 
-0000059220 00000 n 
-0000059270 00000 n 
-0000059356 00000 n 
-0000059420 00000 n 
-0000059507 00000 n 
-0000059548 00000 n 
-0000059612 00000 n 
-0000059699 00000 n 
-0000059724 00000 n 
-0000059766 00000 n 
-0000059852 00000 n 
-0000059903 00000 n 
-0000059990 00000 n 
-0000060037 00000 n 
-0000060124 00000 n 
-0000060165 00000 n 
-0000060214 00000 n 
-0000060301 00000 n 
-0000060349 00000 n 
-0000060436 00000 n 
-0000060478 00000 n 
-0000060564 00000 n 
-0000060605 00000 n 
-0000060648 00000 n 
-0000060735 00000 n 
-0000060785 00000 n 
-0000060872 00000 n 
-0000060920 00000 n 
-0000061007 00000 n 
-0000061061 00000 n 
-0000061146 00000 n 
-0000061195 00000 n 
-0000061240 00000 n 
-0000061327 00000 n 
-0000061384 00000 n 
-0000061471 00000 n 
-0000061567 00000 n 
-0000061653 00000 n 
-0000061694 00000 n 
-0000061756 00000 n 
-0000061843 00000 n 
-0000061868 00000 n 
-0000061917 00000 n 
+0000053392 00000 n 
+0000053441 00000 n 
+0000053490 00000 n 
+0000053539 00000 n 
+0000053588 00000 n 
+0000053637 00000 n 
+0000053686 00000 n 
+0000053735 00000 n 
+0000053784 00000 n 
+0000053833 00000 n 
+0000053882 00000 n 
+0000053931 00000 n 
+0000053980 00000 n 
+0000054029 00000 n 
+0000054078 00000 n 
+0000054127 00000 n 
+0000054176 00000 n 
+0000054989 00000 n 
+0000055145 00000 n 
+0000055868 00000 n 
+0000055889 00000 n 
+0000056063 00000 n 
+0000057225 00000 n 
+0000057247 00000 n 
+0000057398 00000 n 
+0000058904 00000 n 
+0000058926 00000 n 
+0000059086 00000 n 
+0000060522 00000 n 
+0000060544 00000 n 
+0000060722 00000 n 
+0000061982 00000 n 
 0000062004 00000 n 
-0000062029 00000 n 
-0000062077 00000 n 
-0000062164 00000 n 
-0000062214 00000 n 
-0000062301 00000 n 
-0000062345 00000 n 
-0000062432 00000 n 
-0000062476 00000 n 
-0000062563 00000 n 
-0000062613 00000 n 
-0000062699 00000 n 
-0000062749 00000 n 
-0000062834 00000 n 
-0000062883 00000 n 
-0000062968 00000 n 
-0000063041 00000 n 
-0000063088 00000 n 
-0000063175 00000 n 
-0000063200 00000 n 
-0000063248 00000 n 
-0000063335 00000 n 
-0000063383 00000 n 
-0000063470 00000 n 
-0000063520 00000 n 
-0000063607 00000 n 
-0000063655 00000 n 
-0000063742 00000 n 
-0000063791 00000 n 
-0000063839 00000 n 
-0000063926 00000 n 
-0000063974 00000 n 
-0000064059 00000 n 
-0000064104 00000 n 
-0000064190 00000 n 
-0000064233 00000 n 
-0000064319 00000 n 
-0000064360 00000 n 
-0000064446 00000 n 
-0000064495 00000 n 
-0000064581 00000 n 
-0000064627 00000 n 
-0000064713 00000 n 
-0000064758 00000 n 
-0000064844 00000 n 
-0000064896 00000 n 
-0000064982 00000 n 
-0000065032 00000 n 
-0000065118 00000 n 
-0000065164 00000 n 
-0000065250 00000 n 
-0000065293 00000 n 
-0000065379 00000 n 
-0000065423 00000 n 
-0000065509 00000 n 
-0000065552 00000 n 
-0000065638 00000 n 
-0000065683 00000 n 
-0000065769 00000 n 
-0000065807 00000 n 
-0000065893 00000 n 
-0000065935 00000 n 
-0000066021 00000 n 
-0000066064 00000 n 
-0000066150 00000 n 
-0000066188 00000 n 
-0000066274 00000 n 
-0000066316 00000 n 
-0000066402 00000 n 
-0000066446 00000 n 
-0000066532 00000 n 
-0000066579 00000 n 
-0000066665 00000 n 
-0000066713 00000 n 
-0000066798 00000 n 
-0000066999 00000 n 
-0000067049 00000 n 
-0000067136 00000 n 
-0000067186 00000 n 
-0000067272 00000 n 
-0000067305 00000 n 
-0000067354 00000 n 
-0000067440 00000 n 
-0000067487 00000 n 
-0000067574 00000 n 
-0000067607 00000 n 
-0000067722 00000 n 
-0000067809 00000 n 
-0000067834 00000 n 
-0000067916 00000 n 
-0000068003 00000 n 
-0000068088 00000 n 
-0000068175 00000 n 
-0000068208 00000 n 
-0000068263 00000 n 
-0000068350 00000 n 
-0000068406 00000 n 
-0000068493 00000 n 
-0000068526 00000 n 
-0000068574 00000 n 
-0000068661 00000 n 
-0000068735 00000 n 
-0000068822 00000 n 
-0000068890 00000 n 
-0000068977 00000 n 
-0000069031 00000 n 
-0000069118 00000 n 
-0000069186 00000 n 
-0000069273 00000 n 
-0000069347 00000 n 
-0000069434 00000 n 
-0000069482 00000 n 
-0000069569 00000 n 
-0000069626 00000 n 
-0000069713 00000 n 
-0000069794 00000 n 
-0000069849 00000 n 
-0000069936 00000 n 
-0000070017 00000 n 
-0000070104 00000 n 
-0000070137 00000 n 
-0000070190 00000 n 
-0000070277 00000 n 
-0000070302 00000 n 
-0000070358 00000 n 
-0000070445 00000 n 
-0000070514 00000 n 
-0000070601 00000 n 
-0000070652 00000 n 
-0000070739 00000 n 
-0000070826 00000 n 
-0000070913 00000 n 
-0000070969 00000 n 
-0000071056 00000 n 
-0000071106 00000 n 
-0000071193 00000 n 
-0000071258 00000 n 
-0000071310 00000 n 
-0000071397 00000 n 
-0000071453 00000 n 
-0000071540 00000 n 
-0000071588 00000 n 
-0000071675 00000 n 
-0000071723 00000 n 
-0000071810 00000 n 
-0000071859 00000 n 
-0000071900 00000 n 
-0000071987 00000 n 
-0000072031 00000 n 
-0000072118 00000 n 
-0000072163 00000 n 
-0000072250 00000 n 
-0000072294 00000 n 
-0000072381 00000 n 
-0000072425 00000 n 
-0000072512 00000 n 
-0000072554 00000 n 
-0000072641 00000 n 
-0000072689 00000 n 
-0000072776 00000 n 
-0000072849 00000 n 
-0000072897 00000 n 
-0000072983 00000 n 
-0000073008 00000 n 
-0000073061 00000 n 
-0000073147 00000 n 
-0000073172 00000 n 
-0000073226 00000 n 
-0000073313 00000 n 
-0000073338 00000 n 
-0000073393 00000 n 
-0000073479 00000 n 
-0000073547 00000 n 
-0000073633 00000 n 
-0000073708 00000 n 
-0000073795 00000 n 
-0000073865 00000 n 
-0000073951 00000 n 
-0000074030 00000 n 
-0000074117 00000 n 
-0000074174 00000 n 
-0000074256 00000 n 
-0000074342 00000 n 
-0000074417 00000 n 
-0000074504 00000 n 
-0000074577 00000 n 
-0000074664 00000 n 
-0000074742 00000 n 
-0000074829 00000 n 
-0000074878 00000 n 
-0000074926 00000 n 
-0000075013 00000 n 
-0000075038 00000 n 
-0000075086 00000 n 
-0000075173 00000 n 
-0000075198 00000 n 
-0000075261 00000 n 
-0000075348 00000 n 
-0000075411 00000 n 
-0000075498 00000 n 
-0000075552 00000 n 
-0000075639 00000 n 
-0000075680 00000 n 
-0000075727 00000 n 
-0000075814 00000 n 
-0000075839 00000 n 
-0000075873 00000 n 
-0000075907 00000 n 
-0000080020 00000 n 
-0000080064 00000 n 
-0000080108 00000 n 
-0000080152 00000 n 
-0000080196 00000 n 
-0000080240 00000 n 
-0000080284 00000 n 
-0000080328 00000 n 
-0000080372 00000 n 
-0000080416 00000 n 
-0000080460 00000 n 
-0000080504 00000 n 
-0000080548 00000 n 
-0000080592 00000 n 
-0000080636 00000 n 
-0000080680 00000 n 
-0000080724 00000 n 
-0000080768 00000 n 
-0000080812 00000 n 
-0000080856 00000 n 
-0000080900 00000 n 
-0000080944 00000 n 
-0000080988 00000 n 
-0000081032 00000 n 
-0000081076 00000 n 
-0000081120 00000 n 
-0000081164 00000 n 
-0000081208 00000 n 
-0000081252 00000 n 
-0000081296 00000 n 
-0000081340 00000 n 
-0000081384 00000 n 
-0000081428 00000 n 
-0000081472 00000 n 
-0000081516 00000 n 
-0000081560 00000 n 
-0000081604 00000 n 
-0000081648 00000 n 
-0000081692 00000 n 
-0000081736 00000 n 
-0000081780 00000 n 
-0000081824 00000 n 
-0000081868 00000 n 
-0000081912 00000 n 
-0000081956 00000 n 
-0000082000 00000 n 
-0000082044 00000 n 
-0000082088 00000 n 
-0000082132 00000 n 
-0000082176 00000 n 
-0000082220 00000 n 
-0000082264 00000 n 
-0000082308 00000 n 
-0000082352 00000 n 
-0000082396 00000 n 
-0000082440 00000 n 
-0000082484 00000 n 
-0000082528 00000 n 
-0000082572 00000 n 
-0000082616 00000 n 
-0000082660 00000 n 
-0000082704 00000 n 
-0000082748 00000 n 
-0000082792 00000 n 
-0000082836 00000 n 
-0000082880 00000 n 
-0000082924 00000 n 
-0000082968 00000 n 
-0000083012 00000 n 
-0000083056 00000 n 
-0000083100 00000 n 
-0000083144 00000 n 
-0000083188 00000 n 
-0000083232 00000 n 
-0000083276 00000 n 
-0000083320 00000 n 
-0000083364 00000 n 
-0000083408 00000 n 
-0000083452 00000 n 
-0000083496 00000 n 
-0000083540 00000 n 
-0000083584 00000 n 
-0000083628 00000 n 
-0000083672 00000 n 
-0000083716 00000 n 
-0000083760 00000 n 
-0000083804 00000 n 
-0000083848 00000 n 
-0000083892 00000 n 
-0000083936 00000 n 
-0000083980 00000 n 
-0000084024 00000 n 
-0000084068 00000 n 
-0000084112 00000 n 
-0000084156 00000 n 
-0000084200 00000 n 
-0000084244 00000 n 
-0000084288 00000 n 
-0000084332 00000 n 
-0000084376 00000 n 
-0000084420 00000 n 
-0000084464 00000 n 
-0000084508 00000 n 
-0000084552 00000 n 
-0000084596 00000 n 
-0000084640 00000 n 
-0000084684 00000 n 
-0000084728 00000 n 
-0000084772 00000 n 
-0000084816 00000 n 
-0000084860 00000 n 
-0000084904 00000 n 
-0000084948 00000 n 
-0000084992 00000 n 
-0000085036 00000 n 
-0000085080 00000 n 
-0000085124 00000 n 
-0000085168 00000 n 
-0000085212 00000 n 
-0000085256 00000 n 
-0000085300 00000 n 
-0000085344 00000 n 
-0000085388 00000 n 
-0000085432 00000 n 
-0000085476 00000 n 
-0000085520 00000 n 
-0000085564 00000 n 
-0000085608 00000 n 
-0000085652 00000 n 
-0000085696 00000 n 
-0000085740 00000 n 
-0000085784 00000 n 
-0000085828 00000 n 
-0000085872 00000 n 
-0000085916 00000 n 
-0000085960 00000 n 
-0000086004 00000 n 
-0000086048 00000 n 
-0000086092 00000 n 
-0000086136 00000 n 
-0000086180 00000 n 
-0000086224 00000 n 
-0000086268 00000 n 
-0000086312 00000 n 
-0000086356 00000 n 
-0000086400 00000 n 
-0000086444 00000 n 
-0000086488 00000 n 
-0000086532 00000 n 
-0000086576 00000 n 
-0000086620 00000 n 
-0000086664 00000 n 
-0000086708 00000 n 
-0000086752 00000 n 
-0000086796 00000 n 
-0000086840 00000 n 
-0000086884 00000 n 
-0000086928 00000 n 
-0000086972 00000 n 
-0000087016 00000 n 
-0000087060 00000 n 
-0000087104 00000 n 
-0000087148 00000 n 
-0000087192 00000 n 
-0000087236 00000 n 
-0000087280 00000 n 
-0000087324 00000 n 
-0000087368 00000 n 
-0000087412 00000 n 
-0000087456 00000 n 
-0000087500 00000 n 
-0000087544 00000 n 
-0000087588 00000 n 
-0000087632 00000 n 
-0000087676 00000 n 
-0000087720 00000 n 
-0000087764 00000 n 
-0000087808 00000 n 
-0000087852 00000 n 
-0000087896 00000 n 
-0000087941 00000 n 
-0000087986 00000 n 
-0000088031 00000 n 
-0000088076 00000 n 
-0000088121 00000 n 
-0000088166 00000 n 
-0000088211 00000 n 
-0000088256 00000 n 
-0000088301 00000 n 
-0000088346 00000 n 
-0000088391 00000 n 
-0000088436 00000 n 
-0000088481 00000 n 
-0000088526 00000 n 
-0000088571 00000 n 
-0000088616 00000 n 
-0000088661 00000 n 
-0000088706 00000 n 
-0000088751 00000 n 
-0000088796 00000 n 
-0000088841 00000 n 
-0000088886 00000 n 
-0000088931 00000 n 
-0000088976 00000 n 
-0000089021 00000 n 
-0000089066 00000 n 
-0000089111 00000 n 
-0000089156 00000 n 
-0000089201 00000 n 
-0000089246 00000 n 
-0000089291 00000 n 
-0000089336 00000 n 
-0000089381 00000 n 
-0000089426 00000 n 
-0000089471 00000 n 
-0000089516 00000 n 
-0000089561 00000 n 
-0000089606 00000 n 
-0000089651 00000 n 
-0000089696 00000 n 
-0000089741 00000 n 
-0000089786 00000 n 
-0000089831 00000 n 
-0000089876 00000 n 
-0000089921 00000 n 
-0000089966 00000 n 
-0000090011 00000 n 
-0000090056 00000 n 
-0000090101 00000 n 
-0000090146 00000 n 
-0000090191 00000 n 
-0000090236 00000 n 
-0000090281 00000 n 
-0000090326 00000 n 
-0000090371 00000 n 
-0000090416 00000 n 
-0000090461 00000 n 
-0000090506 00000 n 
-0000090551 00000 n 
-0000090596 00000 n 
-0000090641 00000 n 
-0000090686 00000 n 
-0000090731 00000 n 
-0000090776 00000 n 
-0000090821 00000 n 
-0000090866 00000 n 
-0000090911 00000 n 
-0000090956 00000 n 
-0000092166 00000 n 
-0000092327 00000 n 
-0000092496 00000 n 
-0000092689 00000 n 
-0000095924 00000 n 
-0000096118 00000 n 
-0000100265 00000 n 
-0000100459 00000 n 
-0000104021 00000 n 
-0000104215 00000 n 
-0000108467 00000 n 
-0000108661 00000 n 
-0000112096 00000 n 
-0000112290 00000 n 
-0000112962 00000 n 
-0000113123 00000 n 
-0000113357 00000 n 
-0000113561 00000 n 
-0000115832 00000 n 
-0000116016 00000 n 
-0000119096 00000 n 
-0000119271 00000 n 
-0000122110 00000 n 
-0000122285 00000 n 
-0000124842 00000 n 
-0000125017 00000 n 
-0000127007 00000 n 
-0000127219 00000 n 
-0000128342 00000 n 
-0000128530 00000 n 
-0000130082 00000 n 
-0000130279 00000 n 
-0000131757 00000 n 
-0000131972 00000 n 
-0000133324 00000 n 
-0000133503 00000 n 
-0000135075 00000 n 
-0000135245 00000 n 
-0000136792 00000 n 
-0000136971 00000 n 
-0000138427 00000 n 
-0000138606 00000 n 
-0000140310 00000 n 
-0000140489 00000 n 
-0000142070 00000 n 
-0000142249 00000 n 
-0000143936 00000 n 
-0000144130 00000 n 
-0000145802 00000 n 
-0000146000 00000 n 
-0000147430 00000 n 
-0000147618 00000 n 
-0000149309 00000 n 
-0000149497 00000 n 
-0000151274 00000 n 
-0000151453 00000 n 
-0000153517 00000 n 
-0000153696 00000 n 
-0000155513 00000 n 
-0000155692 00000 n 
-0000157430 00000 n 
-0000157618 00000 n 
-0000159467 00000 n 
-0000159689 00000 n 
-0000161700 00000 n 
-0000161913 00000 n 
-0000163466 00000 n 
-0000163655 00000 n 
-0000165047 00000 n 
-0000165217 00000 n 
-0000165561 00000 n 
-0000165749 00000 n 
-0000167272 00000 n 
-0000167475 00000 n 
-0000169179 00000 n 
-0000169382 00000 n 
-0000170329 00000 n 
-0000170541 00000 n 
-0000172051 00000 n 
-0000172231 00000 n 
-0000172986 00000 n 
-0000173207 00000 n 
-0000174967 00000 n 
-0000175173 00000 n 
-0000177046 00000 n 
-0000177243 00000 n 
-0000178822 00000 n 
-0000179033 00000 n 
-0000180548 00000 n 
-0000180736 00000 n 
-0000181621 00000 n 
-0000181852 00000 n 
-0000183656 00000 n 
-0000183868 00000 n 
-0000185809 00000 n 
-0000186040 00000 n 
-0000188010 00000 n 
-0000188232 00000 n 
-0000190084 00000 n 
-0000190287 00000 n 
-0000191623 00000 n 
-0000191845 00000 n 
-0000193503 00000 n 
-0000193716 00000 n 
-0000195652 00000 n 
-0000195840 00000 n 
-0000196474 00000 n 
-0000196653 00000 n 
-0000198167 00000 n 
-0000198346 00000 n 
-0000199744 00000 n 
-0000199923 00000 n 
-0000201579 00000 n 
-0000201758 00000 n 
-0000203323 00000 n 
-0000203493 00000 n 
-0000203834 00000 n 
-0000204037 00000 n 
-0000205928 00000 n 
-0000206088 00000 n 
-0000207203 00000 n 
-0000207433 00000 n 
-0000208921 00000 n 
-0000209133 00000 n 
-0000210882 00000 n 
-0000211075 00000 n 
-0000212444 00000 n 
-0000212633 00000 n 
-0000214304 00000 n 
-0000214483 00000 n 
-0000216213 00000 n 
-0000216401 00000 n 
-0000218295 00000 n 
-0000218508 00000 n 
-0000220361 00000 n 
-0000220601 00000 n 
-0000222697 00000 n 
-0000222909 00000 n 
-0000224492 00000 n 
-0000224713 00000 n 
-0000225962 00000 n 
-0000226150 00000 n 
-0000227431 00000 n 
-0000227610 00000 n 
-0000228672 00000 n 
-0000228860 00000 n 
-0000230424 00000 n 
-0000230612 00000 n 
-0000232030 00000 n 
-0000232219 00000 n 
-0000233483 00000 n 
-0000233663 00000 n 
-0000234313 00000 n 
-0000234526 00000 n 
-0000236285 00000 n 
-0000236498 00000 n 
-0000238036 00000 n 
-0000238258 00000 n 
-0000240052 00000 n 
-0000240292 00000 n 
-0000242022 00000 n 
-0000242229 00000 n 
-0000244067 00000 n 
-0000244298 00000 n 
-0000246206 00000 n 
-0000246428 00000 n 
-0000248341 00000 n 
-0000248553 00000 n 
-0000250571 00000 n 
-0000250774 00000 n 
-0000253026 00000 n 
-0000253248 00000 n 
-0000255457 00000 n 
-0000255664 00000 n 
-0000257636 00000 n 
-0000257815 00000 n 
-0000259414 00000 n 
-0000259584 00000 n 
-0000261574 00000 n 
-0000261762 00000 n 
-0000263838 00000 n 
-0000264026 00000 n 
-0000265807 00000 n 
-0000265985 00000 n 
-0000267830 00000 n 
-0000267990 00000 n 
-0000268767 00000 n 
-0000268961 00000 n 
-0000270551 00000 n 
-0000270731 00000 n 
-0000272479 00000 n 
-0000272658 00000 n 
-0000273555 00000 n 
-0000273777 00000 n 
-0000275844 00000 n 
-0000276057 00000 n 
-0000278106 00000 n 
-0000278303 00000 n 
-0000279502 00000 n 
-0000279715 00000 n 
-0000281331 00000 n 
-0000281553 00000 n 
-0000283376 00000 n 
-0000283598 00000 n 
-0000285365 00000 n 
-0000285559 00000 n 
-0000286334 00000 n 
-0000286504 00000 n 
-0000288163 00000 n 
-0000288342 00000 n 
-0000290174 00000 n 
-0000290343 00000 n 
-0000292198 00000 n 
-0000292367 00000 n 
-0000293477 00000 n 
-0000293665 00000 n 
-0000295366 00000 n 
-0000295554 00000 n 
-0000297033 00000 n 
-0000297221 00000 n 
-0000298709 00000 n 
-0000298879 00000 n 
-0000300540 00000 n 
-0000300710 00000 n 
-0000301451 00000 n 
-0000301630 00000 n 
-0000303217 00000 n 
-0000303396 00000 n 
-0000305055 00000 n 
-0000305225 00000 n 
-0000306760 00000 n 
-0000306930 00000 n 
-0000308214 00000 n 
-0000308384 00000 n 
-0000309999 00000 n 
-0000310169 00000 n 
-0000311752 00000 n 
-0000311947 00000 n 
-0000313660 00000 n 
-0000313872 00000 n 
-0000315587 00000 n 
-0000315781 00000 n 
-0000317495 00000 n 
-0000317707 00000 n 
-0000318992 00000 n 
-0000319195 00000 n 
-0000320713 00000 n 
-0000320891 00000 n 
-0000321557 00000 n 
-0000321760 00000 n 
-0000323436 00000 n 
-0000323624 00000 n 
-0000325347 00000 n 
-0000325535 00000 n 
-0000327063 00000 n 
-0000327242 00000 n 
-0000328750 00000 n 
-0000328928 00000 n 
-0000329654 00000 n 
-0000329713 00000 n 
-0000329816 00000 n 
-0000329981 00000 n 
-0000330063 00000 n 
-0000330171 00000 n 
-0000330339 00000 n 
-0000330451 00000 n 
-0000330580 00000 n 
-0000330710 00000 n 
-0000330852 00000 n 
-0000330995 00000 n 
-0000331167 00000 n 
-0000331286 00000 n 
-0000331417 00000 n 
-0000331572 00000 n 
-0000331715 00000 n 
-0000331896 00000 n 
-0000332046 00000 n 
-0000332151 00000 n 
-0000332260 00000 n 
-0000332387 00000 n 
-0000332520 00000 n 
-0000332627 00000 n 
-0000332730 00000 n 
-0000332896 00000 n 
-0000332994 00000 n 
-0000333105 00000 n 
-0000333249 00000 n 
-0000333341 00000 n 
-0000333447 00000 n 
-0000333553 00000 n 
-0000333659 00000 n 
-0000333765 00000 n 
-0000333871 00000 n 
-0000333977 00000 n 
-0000334083 00000 n 
-0000334189 00000 n 
-0000334296 00000 n 
-0000334389 00000 n 
-0000334497 00000 n 
-0000334677 00000 n 
-0000334769 00000 n 
-0000334949 00000 n 
-0000335045 00000 n 
-0000335161 00000 n 
-0000335275 00000 n 
-0000335379 00000 n 
-0000335569 00000 n 
-0000335677 00000 n 
-0000335793 00000 n 
-0000335903 00000 n 
-0000336013 00000 n 
-0000336110 00000 n 
-0000336293 00000 n 
-0000336510 00000 n 
-0000336641 00000 n 
-0000336796 00000 n 
-0000336925 00000 n 
-0000337022 00000 n 
-0000337228 00000 n 
-0000337327 00000 n 
-0000337453 00000 n 
-0000337568 00000 n 
-0000337763 00000 n 
-0000337885 00000 n 
-0000337962 00000 n 
-0000338156 00000 n 
-0000338309 00000 n 
-0000338451 00000 n 
-0000338573 00000 n 
-0000338748 00000 n 
-0000338850 00000 n 
-0000338957 00000 n 
-0000339096 00000 n 
-0000339254 00000 n 
-0000339398 00000 n 
-0000339567 00000 n 
-0000339665 00000 n 
-0000339816 00000 n 
-0000339919 00000 n 
-0000340056 00000 n 
-0000340190 00000 n 
-0000340332 00000 n 
-0000340441 00000 n 
-0000340599 00000 n 
-0000340702 00000 n 
-0000340834 00000 n 
-0000340953 00000 n 
-0000341062 00000 n 
-0000341186 00000 n 
-0000341351 00000 n 
-0000341449 00000 n 
-0000341575 00000 n 
-0000341699 00000 n 
-0000341836 00000 n 
-0000341955 00000 n 
-0000342079 00000 n 
-0000342201 00000 n 
-0000342318 00000 n 
-0000342418 00000 n 
-0000342571 00000 n 
-0000342669 00000 n 
-0000342799 00000 n 
-0000342967 00000 n 
-0000343088 00000 n 
-0000343218 00000 n 
-0000343346 00000 n 
-0000343540 00000 n 
-0000343634 00000 n 
-0000343746 00000 n 
-0000343905 00000 n 
-0000343988 00000 n 
-0000344143 00000 n 
-0000344261 00000 n 
-0000344380 00000 n 
-0000344512 00000 n 
-0000344640 00000 n 
-0000344740 00000 n 
-0000344908 00000 n 
-0000345006 00000 n 
-0000345118 00000 n 
-0000345222 00000 n 
-0000345333 00000 n 
-0000345429 00000 n 
-0000345624 00000 n 
-0000345730 00000 n 
-0000345840 00000 n 
-0000345979 00000 n 
-0000346182 00000 n 
-0000346309 00000 n 
-0000346456 00000 n 
-0000346574 00000 n 
-0000346700 00000 n 
-0000346828 00000 n 
-0000346954 00000 n 
-0000347124 00000 n 
-0000347252 00000 n 
-0000347398 00000 n 
-0000347538 00000 n 
-0000347752 00000 n 
-0000347858 00000 n 
-0000347968 00000 n 
-0000348156 00000 n 
-0000348292 00000 n 
-0000348401 00000 n 
-0000348541 00000 n 
-0000348693 00000 n 
-0000348803 00000 n 
-0000349011 00000 n 
-0000349104 00000 n 
-0000349216 00000 n 
-0000349338 00000 n 
-0000349490 00000 n 
-0000349655 00000 n 
-0000349763 00000 n 
-0000349866 00000 n 
-0000349996 00000 n 
-0000350121 00000 n 
-0000350263 00000 n 
-0000350402 00000 n 
-0000350496 00000 n 
-0000350661 00000 n 
-0000350767 00000 n 
-0000350892 00000 n 
-0000351010 00000 n 
-0000351171 00000 n 
-0000351280 00000 n 
-0000351404 00000 n 
-0000351538 00000 n 
-0000351669 00000 n 
-0000351799 00000 n 
-0000351929 00000 n 
-0000352059 00000 n 
-0000352164 00000 n 
-0000352327 00000 n 
-0000352424 00000 n 
-0000352569 00000 n 
-0000352663 00000 n 
-0000352777 00000 n 
-0000352901 00000 n 
-0000353015 00000 n 
-0000353124 00000 n 
-0000353232 00000 n 
-0000353339 00000 n 
-0000353450 00000 n 
-0000353559 00000 n 
-0000353669 00000 n 
-0000353777 00000 n 
-0000353886 00000 n 
-0000354001 00000 n 
-0000354115 00000 n 
-0000354227 00000 n 
-0000354338 00000 n 
-0000354451 00000 n 
-0000354547 00000 n 
-0000354713 00000 n 
-0000354817 00000 n 
-0000354965 00000 n 
-0000355126 00000 n 
-0000355306 00000 n 
-0000355479 00000 n 
-0000355627 00000 n 
-0000355787 00000 n 
-0000355911 00000 n 
-0000356050 00000 n 
-0000356181 00000 n 
-0000356293 00000 n 
-0000356408 00000 n 
-0000356521 00000 n 
-0000356697 00000 n 
-0000356795 00000 n 
-0000356942 00000 n 
-0000357045 00000 n 
-0000357145 00000 n 
-0000357297 00000 n 
-0000357395 00000 n 
-0000357507 00000 n 
-0000357619 00000 n 
-0000357734 00000 n 
-0000357864 00000 n 
-0000357957 00000 n 
-0000358076 00000 n 
-0000358211 00000 n 
-0000358301 00000 n 
-0000358409 00000 n 
-0000358499 00000 n 
+0000062146 00000 n 
+0000063722 00000 n 
+0000063744 00000 n 
+0000063877 00000 n 
+0000065671 00000 n 
+0000065693 00000 n 
+0000065826 00000 n 
+0000066252 00000 n 
+0000066273 00000 n 
+0000066434 00000 n 
+0000067718 00000 n 
+0000067740 00000 n 
+0000067901 00000 n 
+0000069656 00000 n 
+0000069678 00000 n 
+0000069838 00000 n 
+0000071483 00000 n 
+0000071505 00000 n 
+0000071647 00000 n 
+0000073709 00000 n 
+0000073731 00000 n 
+0000073873 00000 n 
+0000075685 00000 n 
+0000075707 00000 n 
+0000075849 00000 n 
+0000077574 00000 n 
+0000077596 00000 n 
+0000077747 00000 n 
+0000079513 00000 n 
+0000079535 00000 n 
+0000079710 00000 n 
+0000081803 00000 n 
+0000081825 00000 n 
+0000081985 00000 n 
+0000083581 00000 n 
+0000083603 00000 n 
+0000083778 00000 n 
+0000085272 00000 n 
+0000085294 00000 n 
+0000085446 00000 n 
+0000086253 00000 n 
+0000086274 00000 n 
+0000086425 00000 n 
+0000088063 00000 n 
+0000088085 00000 n 
+0000088250 00000 n 
+0000090022 00000 n 
+0000090044 00000 n 
+0000090209 00000 n 
+0000091102 00000 n 
+0000091123 00000 n 
+0000091297 00000 n 
+0000092902 00000 n 
+0000092924 00000 n 
+0000093067 00000 n 
+0000093825 00000 n 
+0000093846 00000 n 
+0000094029 00000 n 
+0000095897 00000 n 
+0000095919 00000 n 
+0000096088 00000 n 
+0000097942 00000 n 
+0000097964 00000 n 
+0000098124 00000 n 
+0000099808 00000 n 
+0000099830 00000 n 
+0000100003 00000 n 
+0000101732 00000 n 
+0000101754 00000 n 
+0000101905 00000 n 
+0000102829 00000 n 
+0000102850 00000 n 
+0000103034 00000 n 
+0000104859 00000 n 
+0000104881 00000 n 
+0000105055 00000 n 
+0000107226 00000 n 
+0000107248 00000 n 
+0000107441 00000 n 
+0000109373 00000 n 
+0000109395 00000 n 
+0000109570 00000 n 
+0000111468 00000 n 
+0000111490 00000 n 
+0000111675 00000 n 
+0000113825 00000 n 
+0000113847 00000 n 
+0000114017 00000 n 
+0000115591 00000 n 
+0000115613 00000 n 
+0000115798 00000 n 
+0000117786 00000 n 
+0000117808 00000 n 
+0000117969 00000 n 
+0000118569 00000 n 
+0000118590 00000 n 
+0000118774 00000 n 
+0000120652 00000 n 
+0000120674 00000 n 
+0000120853 00000 n 
+0000123027 00000 n 
+0000123049 00000 n 
+0000123200 00000 n 
+0000124638 00000 n 
+0000124660 00000 n 
+0000124863 00000 n 
+0000127373 00000 n 
+0000127395 00000 n 
+0000127554 00000 n 
+0000129639 00000 n 
+0000129661 00000 n 
+0000129784 00000 n 
+0000130044 00000 n 
+0000130065 00000 n 
+0000130258 00000 n 
+0000131829 00000 n 
+0000131851 00000 n 
+0000132026 00000 n 
+0000133807 00000 n 
+0000133829 00000 n 
+0000133985 00000 n 
+0000135546 00000 n 
+0000135568 00000 n 
+0000135753 00000 n 
+0000137607 00000 n 
+0000137629 00000 n 
+0000137795 00000 n 
+0000139443 00000 n 
+0000139465 00000 n 
+0000139650 00000 n 
+0000141603 00000 n 
+0000141625 00000 n 
+0000141809 00000 n 
+0000143537 00000 n 
+0000143559 00000 n 
+0000143729 00000 n 
+0000145335 00000 n 
+0000145357 00000 n 
+0000145526 00000 n 
+0000147396 00000 n 
+0000147418 00000 n 
+0000147603 00000 n 
+0000149467 00000 n 
+0000149489 00000 n 
+0000149665 00000 n 
+0000151755 00000 n 
+0000151777 00000 n 
+0000151952 00000 n 
+0000153892 00000 n 
+0000153914 00000 n 
+0000154090 00000 n 
+0000156407 00000 n 
+0000156429 00000 n 
+0000156581 00000 n 
+0000158562 00000 n 
+0000158584 00000 n 
+0000158744 00000 n 
+0000160615 00000 n 
+0000160637 00000 n 
+0000160788 00000 n 
+0000162539 00000 n 
+0000162561 00000 n 
+0000162693 00000 n 
+0000164566 00000 n 
+0000164588 00000 n 
+0000164730 00000 n 
+0000166800 00000 n 
+0000166822 00000 n 
+0000166973 00000 n 
+0000168767 00000 n 
+0000168789 00000 n 
+0000168921 00000 n 
+0000170714 00000 n 
+0000170736 00000 n 
+0000170859 00000 n 
+0000171313 00000 n 
+0000171334 00000 n 
+0000171491 00000 n 
+0000173159 00000 n 
+0000173181 00000 n 
+0000173366 00000 n 
+0000175097 00000 n 
+0000175119 00000 n 
+0000175313 00000 n 
+0000176999 00000 n 
+0000177021 00000 n 
+0000177206 00000 n 
+0000179366 00000 n 
+0000179388 00000 n 
+0000179564 00000 n 
+0000181605 00000 n 
+0000181627 00000 n 
+0000181778 00000 n 
+0000183356 00000 n 
+0000183378 00000 n 
+0000183554 00000 n 
+0000185039 00000 n 
+0000185061 00000 n 
+0000185255 00000 n 
+0000187195 00000 n 
+0000187217 00000 n 
+0000187384 00000 n 
+0000189295 00000 n 
+0000189317 00000 n 
+0000189487 00000 n 
+0000190786 00000 n 
+0000190808 00000 n 
+0000190956 00000 n 
+0000191341 00000 n 
+0000191362 00000 n 
+0000191514 00000 n 
+0000193256 00000 n 
+0000193278 00000 n 
+0000193420 00000 n 
+0000195182 00000 n 
+0000195204 00000 n 
+0000195355 00000 n 
+0000197246 00000 n 
+0000197268 00000 n 
+0000197425 00000 n 
+0000199326 00000 n 
+0000199348 00000 n 
+0000199542 00000 n 
+0000201621 00000 n 
+0000201643 00000 n 
+0000201818 00000 n 
+0000203448 00000 n 
+0000203470 00000 n 
+0000203645 00000 n 
+0000205032 00000 n 
+0000205054 00000 n 
+0000205214 00000 n 
+0000206743 00000 n 
+0000206765 00000 n 
+0000206926 00000 n 
+0000208481 00000 n 
+0000208503 00000 n 
+0000208646 00000 n 
+0000209238 00000 n 
+0000209259 00000 n 
+0000209426 00000 n 
+0000211093 00000 n 
+0000211115 00000 n 
+0000211272 00000 n 
+0000212460 00000 n 
+0000212482 00000 n 
+0000212639 00000 n 
+0000214192 00000 n 
+0000214214 00000 n 
+0000214398 00000 n 
+0000215203 00000 n 
+0000215224 00000 n 
+0000215381 00000 n 
+0000220802 00000 n 
+0000220824 00000 n 
+0000220981 00000 n 
+0000226360 00000 n 
+0000226382 00000 n 
+0000226539 00000 n 
+0000231758 00000 n 
+0000231780 00000 n 
+0000231937 00000 n 
+0000234404 00000 n 
+0000234426 00000 n 
+0000234483 00000 n 
+0000234588 00000 n 
+0000234766 00000 n 
+0000234885 00000 n 
+0000235020 00000 n 
+0000235156 00000 n 
+0000235304 00000 n 
+0000235454 00000 n 
+0000235594 00000 n 
+0000235735 00000 n 
+0000235888 00000 n 
+0000236050 00000 n 
+0000236199 00000 n 
+0000236387 00000 n 
+0000236520 00000 n 
+0000236648 00000 n 
+0000236766 00000 n 
+0000236902 00000 n 
+0000237044 00000 n 
+0000237160 00000 n 
+0000237286 00000 n 
+0000237402 00000 n 
+0000237595 00000 n 
+0000237694 00000 n 
+0000237842 00000 n 
+0000237960 00000 n 
+0000238084 00000 n 
+0000238206 00000 n 
+0000238332 00000 n 
+0000238490 00000 n 
+0000238621 00000 n 
+0000238747 00000 n 
+0000238868 00000 n 
+0000238989 00000 n 
+0000239111 00000 n 
+0000239304 00000 n 
+0000239493 00000 n 
+0000239649 00000 n 
+0000239815 00000 n 
+0000239969 00000 n 
+0000240075 00000 n 
+0000240296 00000 n 
+0000240405 00000 n 
+0000240541 00000 n 
+0000240666 00000 n 
+0000240876 00000 n 
+0000240984 00000 n 
+0000241087 00000 n 
+0000241296 00000 n 
+0000241460 00000 n 
+0000241612 00000 n 
+0000241744 00000 n 
+0000241891 00000 n 
+0000242019 00000 n 
+0000242152 00000 n 
+0000242301 00000 n 
+0000242470 00000 n 
+0000242625 00000 n 
+0000242810 00000 n 
+0000242918 00000 n 
+0000243041 00000 n 
+0000243170 00000 n 
+0000243319 00000 n 
+0000243459 00000 n 
+0000243605 00000 n 
+0000243759 00000 n 
+0000243894 00000 n 
+0000244024 00000 n 
+0000244153 00000 n 
+0000244297 00000 n 
+0000244428 00000 n 
+0000244563 00000 n 
+0000244711 00000 n 
+0000244864 00000 n 
+0000245050 00000 n 
+0000245179 00000 n 
+0000245318 00000 n 
+0000245517 00000 n 
+0000245755 00000 n 
+0000245913 00000 n 
+0000246058 00000 n 
+0000246198 00000 n 
+0000246306 00000 n 
+0000246489 00000 n 
+0000246620 00000 n 
+0000246760 00000 n 
+0000246898 00000 n 
+0000247109 00000 n 
+0000247225 00000 n 
+0000247345 00000 n 
+0000247494 00000 n 
+0000247669 00000 n 
+0000247822 00000 n 
+0000247981 00000 n 
+0000248125 00000 n 
+0000248261 00000 n 
+0000248399 00000 n 
+0000248535 00000 n 
+0000248677 00000 n 
+0000248831 00000 n 
+0000249003 00000 n 
+0000249153 00000 n 
+0000249383 00000 n 
+0000249500 00000 n 
+0000249621 00000 n 
+0000249782 00000 n 
+0000249945 00000 n 
+0000250081 00000 n 
+0000250232 00000 n 
+0000250371 00000 n 
+0000250508 00000 n 
+0000250732 00000 n 
+0000250836 00000 n 
+0000250959 00000 n 
+0000251092 00000 n 
+0000251255 00000 n 
+0000251393 00000 n 
+0000251528 00000 n 
+0000251658 00000 n 
+0000251798 00000 n 
+0000251939 00000 n 
+0000252075 00000 n 
+0000252228 00000 n 
+0000252378 00000 n 
+0000252484 00000 n 
+0000252695 00000 n 
+0000252800 00000 n 
+0000252923 00000 n 
+0000253055 00000 n 
+0000253179 00000 n 
+0000253307 00000 n 
+0000253452 00000 n 
+0000253584 00000 n 
+0000253729 00000 n 
+0000253870 00000 n 
+0000253997 00000 n 
+0000254138 00000 n 
+0000254263 00000 n 
+0000254388 00000 n 
+0000254519 00000 n 
+0000254641 00000 n 
+0000254748 00000 n 
+0000254918 00000 n 
+0000255019 00000 n 
+0000255208 00000 n 
+0000255402 00000 n 
+0000255589 00000 n 
+0000255751 00000 n 
+0000255943 00000 n 
+0000256052 00000 n 
+0000256186 00000 n 
+0000256316 00000 n 
+0000256429 00000 n 
+0000256524 00000 n 
 trailer
-<</Size 1554/Root 1553 0 R/Info 1 0 R/ID[<083f7815e9dd0cc7d4726f57cee6742e><083f7815e9dd0cc7d4726f57cee6742e>]>>
+<</Size 1124/Root 1123 0 R/Info 1 0 R/ID[<94579745ca18c91b3922074b18e6ef4d><94579745ca18c91b3922074b18e6ef4d>]>>
 startxref
-359159
+256739
 %%EOF
diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in
index c79c9008ffa..7e5bca566de 100644
--- a/docs/docbook/Makefile.in
+++ b/docs/docbook/Makefile.in
@@ -1,8 +1,7 @@
 #################################################################
 # Makefile.in for Samba Documentation
 # Authors:	James Moore <jmoore@php.net>
-# 			Gerald Carter <jerry@samba.org>
-# 			Jelmer Vernooij <jelmer@samba.org>
+#               Gerald Carter <jerry@samba.org>
 #
 # Please see http://www.samba.org/samba/cvs.html
 # for information on getting the latest  
@@ -10,100 +9,375 @@
 #
 
 # Autoconf Variables
-
-MANPAGES_NAMES=findsmb.1 smbclient.1 \
-	smbspool.8 lmhosts.5 \
-	smbcontrol.1  smbstatus.1 \
-	make_smbcodepage.1  smbd.8 \
-	smbtar.1 nmbd.8 smbmnt.8 \
-	smbumount.8 nmblookup.1 \
-	smbmount.8 swat.8 rpcclient.1	 \
-	smbpasswd.5 testparm.1 samba.7 \
-	smbpasswd.8 testprns.1 \
-	smb.conf.5 wbinfo.1 pdbedit.8 \
-	smbcacls.1 smbsh.1 winbindd.8 \
-	make_unicodemap.1 net.8 \
-	smbgroupedit.8 vfstest.1
-
-## This part contains only rules. You shouldn't need to change it 
-## if you are adding docs
-
-DOCBOOK2MAN = @JW@ -b man
-DOCBOOK2HTML = @JW@ -b html
-DOCBOOK2PDF = @JW@ -b pdf
-DOCBOOK2PS = @JW@ -b ps
-DOCBOOK2TXT = @JW@ -b txt
-DOCBOOK2INFO = @JW@ -b texi
-HTMLDOC = @HTMLDOC@
 SRCDIR = @srcdir@
+JADE = @JADE@
+NSGMLS = @NSGMLS@
+SGMLSPL=@SGMLSPL@
+HTMLDOC=@HTMLDOC@
+PERL=@PERL@
+#CATALOG = @CATALOG@
 MANDIR=../manpages
 HTMLDIR=../htmldocs
-MANSGMLDIR = manpages/
-SGMLDIR = projdoc/
-PERL = @PERL@
 
-MANPAGES=$(patsubst %,$(MANDIR)/%,$(MANPAGES_NAMES))
-MANPAGES_HTML=$(patsubst %,$(HTMLDIR)/%.html,$(MANPAGES_NAMES))
+#Stylesheets and Dependicies
+SGML_SHARE=@SGML_SHARE@
+#SGML_CATALOG_FILES=$(SGML_CATALOG_FILES):./dbsgml/catalog
+HTML_STYLESHEET = $(srcdir)/stylesheets/html.dsl
+HTML_DEPS = $(srcdir)/stylesheets/html-common.dsl $(srcdir)/stylesheets/common.dsl
+
+MANPAGES=$(MANDIR)/findsmb.1 $(MANDIR)/smbclient.1 \
+	$(MANDIR)/smbspool.8 $(MANDIR)/lmhosts.5 \
+	$(MANDIR)/smbcontrol.1  $(MANDIR)/smbstatus.1 \
+	$(MANDIR)/make_smbcodepage.1  $(MANDIR)/smbd.8 \
+	$(MANDIR)/smbtar.1 $(MANDIR)/nmbd.8 $(MANDIR)/smbmnt.8 \
+	$(MANDIR)/smbumount.8 $(MANDIR)/nmblookup.1 \
+	$(MANDIR)/smbmount.8 $(MANDIR)/swat.8 $(MANDIR)/rpcclient.1	 \
+	$(MANDIR)/smbpasswd.5 $(MANDIR)/testparm.1 $(MANDIR)/samba.7 \
+	$(MANDIR)/smbpasswd.8 $(MANDIR)/testprns.1 \
+	$(MANDIR)/smb.conf.5 $(MANDIR)/wbinfo.1 $(MANDIR)/pdbedit.8 \
+	$(MANDIR)/smbcacls.1 $(MANDIR)/smbsh.1 $(MANDIR)/winbindd.8 \
+	$(MANDIR)/make_unicodemap.1
+
+SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \
+	manpages/smbspool.8.sgml manpages/lmhosts.5.sgml \
+	manpages/smbcontrol.1.sgml manpages/smbstatus.1.sgml \
+	manpages/make_smbcodepage.1.sgml  manpages/smbd.8.sgml \
+	manpages/smbtar.1.sgml manpages/nmbd.8.sgml manpages/smbmnt.8.sgml \
+	manpages/smbumount.8.sgml manpages/nmblookup.1.sgml \
+	manpages/smbmount.8.sgml manpages/swat.8.sgml \
+	manpages/rpcclient.1.sgml manpages/smbpasswd.5.sgml \
+	manpages/testparm.1.sgml manpages/samba.7.sgml \
+	manpages/smbpasswd.8.sgml manpages/testprns.1.sgml \
+	manpages/smb.conf.5.sgml manpages/pdbedit.8.sgml \
+	manpages/wbinfo.1.sgml manpages/smbcacls.1.sgml \
+	manpages/smbsh.1.sgml manpages/winbindd.8.sgml \
+	manpages/make_unicodemap.1.sgml
+
+HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \
+	projdoc/msdfs_setup.sgml projdoc/printer_driver2.sgml \
+	projdoc/UNIX_INSTALL.sgml projdoc/winbind.sgml projdoc/OS2-Client-HOWTO.sgml \
+	projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \
+	projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \
+	projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \
+	projdoc/Samba-BDC-HOWTO.sgml projdoc/cups.sgml
 
+
+
+######################################################################
+# Make instructions
+######################################################################
 all: 
-	@echo "Supported make targets:"
-	@echo "manpages - Build manpages"
-	@echo "ps - Build PostScript version of HOWTO Collection"
-	@echo "pdf - Build PDF version of HOWTO Collection"
-	@echo -n "html-single - Build single file HTML version of HOWTO Collection"
-	@echo " and developers guide"
-	@echo "html - Build HTML version of HOWTO Collection"
-	@echo "htmlman - Build html version of manpages"
-	@echo "txt - Build plain text version of HOWTO Collection"
-
-manpages: $(MANPAGES)
-pdf: ../Samba-HOWTO-Collection.pdf ../Samba-Developers-Guide.pdf
-ps: ../Samba-HOWTO-Collection.ps ../Samba-Developers-Guide.ps
-txt: ../textdocs/Samba-HOWTO-Collection.txt ../textdocs/Samba-Developers-Guide.txt
-htmlman:  $(MANPAGES_HTML)
-html-single: ../$(HTMLDIR)/Samba-HOWTO-Collection.html  ../$(HTMLDIR)/Samba-Developers-Guide.html
-html:
-	$(DOCBOOK2HTML) -d samba.dsl -o $(HTMLDIR) projdoc/samba-doc.sgml
-
-../Samba-HOWTO-Collection.txt: $(SGMLDIR)/samba-doc.sgml
-	$(DOCBOOK2TXT) -o .. $<
-	mv ../samba-doc.txt $@
-
-../Samba-Developers-Guide.txt: $(SGMLDIR)/samba-doc.sgml
-	$(DOCBOOK2TXT) -o .. $<
-	mv ../samba-doc.txt $@
-
-../Samba-HOWTO-Collection.ps: $(SGMLDIR)/samba-doc.sgml
-	$(DOCBOOK2PS) -o .. $<
-	mv ../samba-doc.ps $@
-
-../Samba-Developers-Guide.ps: $(SGMLDIR)/samba-doc.sgml
-	$(DOCBOOK2PS) -o .. $<
-	mv ../samba-doc.ps $@
-
-../Samba-HOWTO-Collection.pdf: ../$(HTMLDIR)/Samba-HOWTO-Collection.html
-	$(HTMLDOC) --book --color --links -f $@ $<
-
-../Samba-Developers-Guide.pdf: ../$(HTMLDIR)/Samba-Developers-Guide.html
-	$(HTMLDOC) --book --color --links -f $@ $<
-
-../$(HTMLDIR)/Samba-HOWTO-Collection.html: $(SGMLDIR)/samba-doc.sgml
-	$(DOCBOOK2HTML) -u -o .. $<
-	mv ../samba-doc.html $@
-
-../$(HTMLDIR)/Samba-Developers-Guide.html: devdoc/dev-doc.sgml
-	$(DOCBOOK2HTML) -u -o .. $<
-	mv ../dev-doc.html $@
-
-
-$(HTMLDIR)/%.html: $(MANSGMLDIR)/%.sgml
-	$(DOCBOOK2HTML) -o $(HTMLDIR) $<
-	mv $(HTMLDIR)/index.html $@
-
-$(MANDIR)/%: $(MANSGMLDIR)/%.sgml 
-	$(DOCBOOK2MAN) -o $(MANDIR) $<
-	$(PERL) scripts/strip-links.pl < $@ > $@.temp
-	mv $@.temp $@
+	@echo "Possible options to the Makefile include:"
+	@echo "   all-docs  - Force a rebuild of all documentation"
+	@echo "   HOWTO     - Build all individual HOWTOs in html format"
+	@echo "   proj-doc  - Build the Samba-HOWTO-Collection.[pdf|html] file"
+	@echo "   man       - Rebuild html and nroff versions of man pages as necessary"
+	@echo "   syntax    - Check the SGML/DocBook syntax of all source files"
+
+all-docs: HOWTO proj-doc man-all man-html-all
+
+syntax: $(SGMLMANSRC) projdoc/samba-doc.sgml
+	@echo Checking syntax of all SGML/DocBook source files...
+	@(for i in $?; do \
+	   echo "$$i..."; \
+	   $(NSGMLS) -sv $$i 2>&1 | grep -v "DTDDECL catalog entries are not supported" ; \
+	done)
+	
+
+
+man: $(MANPAGES)
+
+HOWTO: $(HOWTOSRC)
+	@echo Building HOWTO pages...
+	@(for i in $?; do \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
+	   echo "Making $$htmlfile"; \
+	   cat $$i | $(PERL) scripts/make-article.pl > /tmp/`echo $$i | sed 's,.*/,,'`; \
+	   $(JADE) -t sgml -V nochunks -d  $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \
+	      -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'` > ../htmldocs/$$htmlfile; \
+	   cat /tmp/jade.log | grep -v DTDDECL; \
+	   /bin/rm -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'`; \
+	done)
+
+
+## I'm using htmldoc here to produc the PDF output.  If you want
+## Postscript output, you can run 
+##
+##           sgmltools -b ps projdoc/samba-doc.sgml
+##
+proj-doc: 
+	echo Building Samba-HOWTO-Collections...
+	@$(PERL) scripts/collateindex.pl -N -o projdoc/index.sgml
+	@$(JADE) -t sgml -V html-index -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl projdoc/samba-doc.sgml
+	@$(PERL) scripts/collateindex.pl -o projdoc/index.sgml HTML.index
+	@/bin/rm HTML.index *.htm
+	@$(JADE) -t sgml -i html -V nochunks -d stylesheets/ldp.dsl\#html projdoc/samba-doc.sgml > samba-doc.html
+	@(cd scripts; ./ldp_print ../samba-doc.html)
+	@mv -f samba-doc.pdf ../Samba-HOWTO-Collection.pdf
+	@/bin/mv -f samba-doc.html ../htmldocs/Samba-HOWTO-Collection.html
+
+proj-doc-ps:
+	sgmltools -b ps projdoc/samba-doc.sgml
+	mv projdoc/samba-doc.ps .
+
+
+## generate all HTML man pages
+man-html-all: $(SGMLMANSRC)
+	@echo Building HTML formatted man pages...
+	@(for i in $?; do \
+	   htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \
+	   echo "Making $$htmlfile"; \
+	   $(JADE) -t sgml -i html -V nochunks -d  ./stylesheets/ldp.dsl\#html -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \
+	   cat /tmp/jade.log | grep -v DTDDECL; \
+	   /bin/rm -f /tmp/jade.log; \
+	done)
+
+## generate all man pages
+man-all: $(SGMLMANSRC)
+	@echo Building man pages...
+	@(for i in $?; do \
+		manfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml//g"`; \
+		echo "Making $$manfile"; \
+		$(NSGMLS) -f /tmp/docbook2x.log $$i | $(SGMLSPL) \
+	           $(SGML_SHARE)/docbook2X/docbook2man-spec.pl; \
+		cat /tmp/docbook2x.log | grep -v DTDDECL; \
+		/bin/rm -f /tmp/docbook2x.log; \
+		cat $$manfile | $(PERL) scripts/strip-links.pl > $(MANDIR)/$$manfile; \
+		/bin/rm -f $$manfile; \
+	  done)
+
+
+
+
+##
+## these rules are for building individual files
+##
+$(MANDIR)/findsmb.1:  manpages/findsmb.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbclient.1: manpages/smbclient.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbspool.8: manpages/smbspool.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/lmhosts.5: manpages/lmhosts.5.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbcontrol.1: manpages/smbcontrol.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbstatus.1: manpages/smbstatus.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/make_smbcodepage.1: manpages/make_smbcodepage.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/make_unicodemap.1: manpages/make_unicodemap.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbd.8: manpages/smbd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbtar.1: manpages/smbtar.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/nmbd.8: manpages/nmbd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbmnt.8: manpages/smbmnt.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbumount.8: manpages/smbumount.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/nmblookup.1: manpages/nmblookup.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbmount.8: manpages/smbmount.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/swat.8: manpages/swat.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/rpcclient.1: manpages/rpcclient.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbpasswd.5: manpages/smbpasswd.5.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/testparm.1: manpages/testparm.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/samba.7: manpages/samba.7.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbpasswd.8: manpages/smbpasswd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/testprns.1: manpages/testprns.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smb.conf.5: manpages/smb.conf.5.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/wbinfo.1: manpages/wbinfo.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbcacls.1: manpages/smbcacls.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/smbsh.1 : manpages/smbsh.1.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+$(MANDIR)/winbindd.8: manpages/winbindd.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
+
+$(MANDIR)/pdbedit.8: manpages/pdbedit.8.sgml
+	@echo "Making $@"
+	@$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl
+	@cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@
+	@/bin/rm -f `echo $@ | sed 's,.*/,,'`
+	@echo "Making HTML version of $@"
+	@$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"`
+
 
+## Clean Rule
 clean: 
-	rm -f $(MANPAGES) $(MANPAGES_HTML) ../$(HTMLDIR)/*.html ../Samba-HOWTO-Collection.p* ../Samba-Developers-Guide.p*
+	/bin/rm -f manpage.*
diff --git a/docs/docbook/configure b/docs/docbook/configure
index 609c17ed87f..73d54a817f6 100755
--- a/docs/docbook/configure
+++ b/docs/docbook/configure
@@ -11,6 +11,8 @@
 ac_help=
 ac_default_prefix=/usr/local
 # Any additions from configure.in:
+ac_help="$ac_help
+  --with-sgml-share=DIR   change the default location of SGML stylesheets"
 
 # Initialize some variables set by options.
 # The variables have the same names as the options, with
@@ -522,19 +524,20 @@ fi
 
 
 
-# Extract the first word of "jw", so it can be a program name with args.
-set dummy jw; ac_word=$2
+## check for the necesary install tools
+# Extract the first word of "openjade", so it can be a program name with args.
+set dummy openjade; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:529: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_JW'+set}'`\" = set"; then
+echo "configure:532: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
-  case "$JW" in
+  case "$JADE" in
   /*)
-  ac_cv_path_JW="$JW" # Let the user override the test with a path.
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a path.
   ;;
   ?:/*)			 
-  ac_cv_path_JW="$JW" # Let the user override the test with a dos path.
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path.
   ;;
   *)
   IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
@@ -542,7 +545,7 @@ else
   for ac_dir in $ac_dummy; do 
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
-      ac_cv_path_JW="$ac_dir/$ac_word"
+      ac_cv_path_JADE="$ac_dir/$ac_word"
       break
     fi
   done
@@ -550,26 +553,28 @@ else
   ;;
 esac
 fi
-JW="$ac_cv_path_JW"
-if test -n "$JW"; then
-  echo "$ac_t""$JW" 1>&6
+JADE="$ac_cv_path_JADE"
+if test -n "$JADE"; then
+  echo "$ac_t""$JADE" 1>&6
 else
   echo "$ac_t""no" 1>&6
 fi
 
-# Extract the first word of "perl", so it can be a program name with args.
-set dummy perl; ac_word=$2
+
+if test -z "$JADE"; then
+	# Extract the first word of "jade", so it can be a program name with args.
+set dummy jade; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:564: checking for $ac_word" >&5
-if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
+echo "configure:569: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
-  case "$PERL" in
+  case "$JADE" in
   /*)
-  ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a path.
   ;;
   ?:/*)			 
-  ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path.
+  ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path.
   ;;
   *)
   IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
@@ -577,7 +582,7 @@ else
   for ac_dir in $ac_dummy; do 
     test -z "$ac_dir" && ac_dir=.
     if test -f $ac_dir/$ac_word; then
-      ac_cv_path_PERL="$ac_dir/$ac_word"
+      ac_cv_path_JADE="$ac_dir/$ac_word"
       break
     fi
   done
@@ -585,17 +590,90 @@ else
   ;;
 esac
 fi
-PERL="$ac_cv_path_PERL"
-if test -n "$PERL"; then
-  echo "$ac_t""$PERL" 1>&6
+JADE="$ac_cv_path_JADE"
+if test -n "$JADE"; then
+  echo "$ac_t""$JADE" 1>&6
 else
   echo "$ac_t""no" 1>&6
 fi
 
+	# Extract the first word of "nsgmls", so it can be a program name with args.
+set dummy nsgmls; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:604: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$NSGMLS" in
+  /*)
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_NSGMLS="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+NSGMLS="$ac_cv_path_NSGMLS"
+if test -n "$NSGMLS"; then
+  echo "$ac_t""$NSGMLS" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+else
+	# Extract the first word of "onsgmls", so it can be a program name with args.
+set dummy onsgmls; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:640: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$NSGMLS" in
+  /*)
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_NSGMLS="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+NSGMLS="$ac_cv_path_NSGMLS"
+if test -n "$NSGMLS"; then
+  echo "$ac_t""$NSGMLS" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+fi
+
 # Extract the first word of "htmldoc", so it can be a program name with args.
 set dummy htmldoc; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:599: checking for $ac_word" >&5
+echo "configure:677: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -627,6 +705,102 @@ else
   echo "$ac_t""no" 1>&6
 fi
 
+# Extract the first word of "sgmlspl", so it can be a program name with args.
+set dummy sgmlspl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:712: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_SGMLSPL'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$SGMLSPL" in
+  /*)
+  ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_SGMLSPL="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+SGMLSPL="$ac_cv_path_SGMLSPL"
+if test -n "$SGMLSPL"; then
+  echo "$ac_t""$SGMLSPL" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+# Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+echo "configure:747: checking for $ac_word" >&5
+if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  case "$PERL" in
+  /*)
+  ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+  ;;
+  ?:/*)			 
+  ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path.
+  ;;
+  *)
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS=":"
+  ac_dummy="$PATH"
+  for ac_dir in $ac_dummy; do 
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      ac_cv_path_PERL="$ac_dir/$ac_word"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac
+fi
+PERL="$ac_cv_path_PERL"
+if test -n "$PERL"; then
+  echo "$ac_t""$PERL" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+
+SGML_SHARE="/usr/local/share/sgml"
+
+# Check whether --with-sgml-share or --without-sgml-share was given.
+if test "${with_sgml_share+set}" = set; then
+  withval="$with_sgml_share"
+  case "$withval" in
+        no) SGML_SHARE=""
+                ;;
+        yes)
+                ;;
+        /*|\\*)
+                SGML_SHARE="$withval"
+                ;;
+        *)
+                SGML_SHARE="/$withval"
+                ;;
+esac
+
+fi
+
+# The Makefile requires docbook2X in the share/sgml directory
+if  ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ; then
+	{ echo "configure: error: "Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct."" 1>&2; exit 1; }
+fi
+
 
 DOC_BUILD_DATE=`date '+%d-%m-%Y'`
 
@@ -743,7 +917,7 @@ done
 
 ac_given_srcdir=$srcdir
 
-trap 'rm -fr `echo "Makefile " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+trap 'rm -fr `echo "Makefile stylesheets/ldp.dsl " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
 EOF
 cat >> $CONFIG_STATUS <<EOF
 
@@ -775,9 +949,12 @@ s%@includedir@%$includedir%g
 s%@oldincludedir@%$oldincludedir%g
 s%@infodir@%$infodir%g
 s%@mandir@%$mandir%g
-s%@JW@%$JW%g
-s%@PERL@%$PERL%g
+s%@JADE@%$JADE%g
+s%@NSGMLS@%$NSGMLS%g
 s%@HTMLDOC@%$HTMLDOC%g
+s%@SGMLSPL@%$SGMLSPL%g
+s%@PERL@%$PERL%g
+s%@SGML_SHARE@%$SGML_SHARE%g
 s%@DOC_BUILD_DATE@%$DOC_BUILD_DATE%g
 
 CEOF
@@ -820,7 +997,7 @@ EOF
 
 cat >> $CONFIG_STATUS <<EOF
 
-CONFIG_FILES=\${CONFIG_FILES-"Makefile "}
+CONFIG_FILES=\${CONFIG_FILES-"Makefile stylesheets/ldp.dsl "}
 EOF
 cat >> $CONFIG_STATUS <<\EOF
 for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in
index 3a9ed51d163..ad0613f2be8 100644
--- a/docs/docbook/configure.in
+++ b/docs/docbook/configure.in
@@ -1,10 +1,49 @@
 AC_INIT(global.ent)
 
-AC_PATH_PROG(JW, jw)
-AC_PATH_PROG(PERL, perl)
+## check for the necesary install tools
+## Openjade includes 'onsgmls' while
+## the older jade package includes 'nsgmls'
+AC_PATH_PROG(JADE,openjade)
+
+if test -z "$JADE"; then
+	AC_PATH_PROG(JADE,jade)
+	AC_PATH_PROG(NSGMLS, nsgmls)
+else
+	AC_PATH_PROG(NSGMLS, onsgmls)
+fi
+
 AC_PATH_PROG(HTMLDOC, htmldoc)
+AC_PATH_PROG(SGMLSPL, sgmlspl)
+AC_PATH_PROG(PERL, perl)
+
+dnl ----------------------------------------------------------------
+dnl --with-sgml-share
+SGML_SHARE="/usr/local/share/sgml"
+
+AC_ARG_WITH(sgml-share,
+[  --with-sgml-share=DIR   change the default location of SGML stylesheets],
+[case "$withval" in
+        no) SGML_SHARE=""
+                ;;
+        yes)
+                ;;
+        /*|\\*)
+                SGML_SHARE="$withval"
+                ;;
+        *)
+                SGML_SHARE="/$withval"
+                ;;
+esac
+])dnl
+
+# The Makefile requires docbook2X in the share/sgml directory
+if [ ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ]; then
+	AC_MSG_ERROR("Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct.")
+fi
+
+AC_SUBST(SGML_SHARE)dnl
 
 DOC_BUILD_DATE=`date '+%d-%m-%Y'`
 AC_SUBST(DOC_BUILD_DATE)
 
-AC_OUTPUT( Makefile )
+AC_OUTPUT( Makefile stylesheets/ldp.dsl )
diff --git a/docs/docbook/dbsgml/40chg.txt b/docs/docbook/dbsgml/40chg.txt
new file mode 100644
index 00000000000..2d2467d9ebc
--- /dev/null
+++ b/docs/docbook/dbsgml/40chg.txt
@@ -0,0 +1,45 @@
+19 June 2000
+
+Changes from DocBook V3.1 to DocBook V4.1:
+
+Markup:
+
+- RFE  17: Added a common attribute 'Condition' for generic effectivity
+- RFE  38: The nav.class elements (ToC|LoT|Index|Glossary|Bibliography) are
+           now allowed at the beginning and end of components and sections
+- RFE  58: The 'optmult' and 'reqmult' attribute values have been
+           removed from Group
+- RFE  65: Added several class attribute values to Filename and SystemItem
+           at the request of the Linux community
+- RFE  73: Removed BookBiblio and SeriesInfo
+- RFE  81: Added SidebarInfo to Sidebar
+- RFE  87: Added 'xmlpi' and 'emptytag' as class values of SGMLTag
+- RFE  92: Added 'CO' to Synopsis and LiteralLayout
+- RFE  99: Added SimpleMsgEntry as an alternative to MsgEntry in order
+           to provide a simpler MsgSet construct
+- RFE 103: Added RevDescription as an alternative to RevRemark in
+           RevHistory; this allows longer descriptive text in a revision
+- RFE 104: Added 'Specification' to the list of document classes on Article
+- RFE 108: Allow admonitions in Answers
+- RFE 110: Allow a RevHistory on QandAEntry
+- RFE 115: Allow optional Title on OrderedList and ItemizedList
+- RFE 116: Added LineNumbering attribute to linespecific environments for
+           presentation of line numbers
+- Added a common attribute 'Security' for effectivity
+- Added synopsis markup for modern programming languages (e.g, object
+  oriented languages like Java, C++, and IDL)
+- Renamed DocInfo to PrefaceInfo, ChapterInfo, AppendixInfo, etc.
+- Comment was renamed Remark
+- InterfaceDefinition was removed
+
+Other:
+
+- RFE  88: Added PEs to include/ignore dbnotn.mod and dbcent.mod
+- RFE 102: Fixed some outstanding namecase problems
+- RFE 105: Added PNG notation
+- RFE 106: Removed some odd *.content PEs that interfered with
+           customization layers
+- RFE 109: Added FPI to content of dbgenent.mod (for consistency)
+- RFE 111: Added the Euro symbol
+- Fixed bug in cals-tbl.dtd; a model group was used for the element
+  declaration, but the attlist declaration used "Table" literally.
diff --git a/docs/docbook/dbsgml/41chg.txt b/docs/docbook/dbsgml/41chg.txt
new file mode 100644
index 00000000000..d2a91478878
--- /dev/null
+++ b/docs/docbook/dbsgml/41chg.txt
@@ -0,0 +1,7 @@
+19 June 2000
+
+Changes from DocBook V4.0 to DocBook V4.1:
+
+No user-visible changes; removed some 4.0 future use comments that had
+accidentally been left in the DTD and fixed a couple of incorrect FPIs.
+See 40chg.txt for a list of the significant changes.
diff --git a/docs/docbook/dbsgml/50issues.txt b/docs/docbook/dbsgml/50issues.txt
new file mode 100644
index 00000000000..31497420f0d
--- /dev/null
+++ b/docs/docbook/dbsgml/50issues.txt
@@ -0,0 +1,39 @@
+19 June 2000
+
+Backwards-incompatible changes to DocBook that are planned for V5.0:
+
+- DocBook V5.0 will be an XML DTD. This will require a wide range of
+  changes. As a result, DocBook V5.0 will more closely resemble
+  The XML version of DocBook V4.1 than the SGML version.
+
+- Parameter entity reorganization may greatly reduce many
+  content models.  The goal of this effort is to remove a large
+  number of spurious elements that snuck into content models
+  during the first PE reorg, in practice these changes should have
+  very little "real world" impact.
+
+- The Coords attribute will be removed from AreaSet.
+
+- ArtHeader will be dropped from BiblioEntry
+
+- Contents attribute will be removed from BookInfo and SetInfo
+
+- The %indexdivcomponent.mix; will be restricted.  Numbered figures
+  and other elements inappropriate for an Index or SetIndex will be
+  removed.
+
+- RevHistory will be removed from GlossTerm
+
+- Constant Class will be removed from SystemItem
+
+- Graphic and InlineGraphic will be removed
+
+- Tables will be restricted from full CALS to the OASIS Exchange model
+
+- An experimental XML Schema version of DocBook 5.0 will be
+  produced in parallel with the DTD version. It will be
+  backwards-incompatible in an unspecified number of ways. The
+  goal of the effort will be that most DocBook documents that
+  validate under the DTD will also validate under the Schema,
+  but the committee does not feel bound to guarantee this
+  condition.
diff --git a/docs/docbook/dbsgml/ChangeLog b/docs/docbook/dbsgml/ChangeLog
new file mode 100644
index 00000000000..c4673db15a9
--- /dev/null
+++ b/docs/docbook/dbsgml/ChangeLog
@@ -0,0 +1,85 @@
+2000-06-19  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt: Added notes about comment and interfacedefinition
+
+	* 41chg.txt: New file.
+
+	* 50issues.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, readme.txt: 
+	Updated version numbers to 4.1
+
+	* dbhier.mod, dbpool.mod: Removed 4.0 future use comments
+
+	* docbook.cat: Fixed version number in comment
+
+	* docbook.dtd: DocBook V4.1 released.
+
+2000-05-18  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Removed references to beta6
+
+	* docbook.dtd: DocBook V4.0 released.
+
+2000-04-10  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated release date and version to 4.0beta6
+
+	* dbpool.mod: Added support for EBNF hook; fixed equation content bug
+
+2000-04-03  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt: Added note about renaming DocInfo to *Info.
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated version numbers
+
+2000-03-24  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated version numbers
+
+	* 50issues.txt: Added note about PE reorg
+
+	* dbefsyn.mod: Removed
+
+	* dbpool.mod: Removed ELEMENT from comments to ease text searching of the DTD.
+	Merged dbefsyn.mod into dbpool.mod
+	Added Modifier as an optional element at the end of MethodSynopsis
+	and MethodParam.
+
+2000-03-07  Norman Walsh  <ndw@nwalsh.com>
+
+	* 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Updated internal versions to beta3
+
+2000-03-03  Norman Walsh  <ndw@nwalsh.com>
+
+	* dbpool.mod: Removed erroneous comment about inline synopses
+
+2000-03-02  Norman Walsh  <ndw@nwalsh.com>
+
+	* 30chg.txt, 31chg.txt, 40issues.txt, 50issues.txt, announce.txt, cals-tbl.dtd, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Version 3.1
+
+	* 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: 
+	branches:  1.1.1;
+	Initial revision
+
+	* 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: 
+	New file.
+
+	* 31chg.txt, 40chg.txt, 40issues.txt, 50issues.txt, cals-tbl.dtd, dbcent.mod, dbefsyn.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: 
+	Version 4.0beta2
+
+	* 50issues.txt: Added warning about exchange table model
+
+	* dbefsyn.mod, dbpool.mod: Added ooclass, oointerface, and ooexception as wrappers for modifiers
+	and names in classsynopsis. Also allow them inline.
+	
+	Fixed SGML PE parsing problem with hook PEs.
+
+	* dbhier.mod, dbpool.mod: Added hook PEs for future module extension
+
+	* dbpool.mod, docbook.dtd: Removed reference to sgml-features PE
+
diff --git a/docs/docbook/dbsgml/cals-tbl.dtd b/docs/docbook/dbsgml/cals-tbl.dtd
new file mode 100644
index 00000000000..78c7d5a3ae1
--- /dev/null
+++ b/docs/docbook/dbsgml/cals-tbl.dtd
@@ -0,0 +1,330 @@
+<!-- CALS TABLE MODEL DECLARATION MODULE -->
+
+<!-- This set of declarations defines the CALS Table Model as of the
+     date shown in the Formal Public Identifier (FPI) for this entity.
+
+     This set of declarations may be referred to using a public external
+     entity declaration and reference as shown in the following two lines:
+
+<!ENTITY % calstbls PUBLIC "-//USA-DOD//DTD Table Model 951010//EN">
+%calstbls;
+
+     If various parameter entities used within this set of declarations
+     are to be given non-default values, the appropriate declarations
+     should be given before calling in this package (i.e., before the
+     "%calstbls;" reference).
+
+     NOTE:  This set of declarations assumes a NAMELEN of 32 as is used in
+     the standard CALS defined SGML declaration.
+-->
+
+<!-- This entity includes a set of element and attribute declarations
+     that partially defines the CALS table model.  However, the model
+     is not well-defined without the accompanying natural language
+     description of the semantics (meanings) of these various elements,
+     attributes, and attribute values.  The semantic writeup, available
+     as a separate entity, should be used in conjunction with this entity.
+-->
+
+<!-- In order to use the CALS table model, various parameter entity
+     declarations are required.  A brief description is as follows:
+
+     ENTITY NAME      WHERE USED              WHAT IT IS
+
+     %bodyatt         In ATTLIST of:          Additional (non-table related)
+                      table element(s)        attributes on the overall
+                                              (wrapper) table element(s)
+
+     %secur           In ATTLIST of:          Additional (non-table related)
+                      table element(s)        attributes on all the listed
+                      <tgroup>                elements
+                      <tbody>
+                      table head and foot element(s)
+                      <row>
+                      <entrytbl>
+                      <entry>
+
+     %yesorno         In ATTLIST of:          An attribute declared value
+                      almost all elements     for a "boolean" attribute
+
+     %titles          In content model of:    The "title" part of the model
+                      table element(s)        group for the table element(s)
+
+     %paracon         In content model of:    The "text" (data content) part
+                      <entry>                 of the model group for <entry>
+
+     %tbl.table.name  In declaration of:      The name(s) of the "table"
+                      table element(s)        element(s)
+
+     %tbl.table-titles.mdl In content model of: The model group for the title
+                      table elements(s)       part of the content model for 
+                                              table element(s)
+
+     %tbl.table-main.mdl In content model of: The model group for the main part
+                      table elements(s)       (not including titles) of the
+                                              content model for table element(s)
+
+     %tbl.table.mdl   In content model of:    The model group for the content
+                      table elements(s)       model for table element(s),
+                                              often (and by default) defined
+                                              in terms of %tbl.table-titles.mdl
+                                              and %tbl.table-main.mdl
+
+     %tbl.table.excep In content model of:    The exceptions for the content
+                      table element(s)        model for table element(s)
+
+     %tbl.table.att   In ATTLIST of:          Additional attributes on the
+                      table element(s)        table element(s)
+
+     %tbl.tgroup.mdl  In content model of:    The model group for the content
+                      <tgroup>                model for <tgroup>
+
+     %tbl.tgroup.att  In ATTLIST of:          Additional attributes on the
+                      <tgroup>                <tgroup> and <entrytbl> elements
+                      <entrytbl>
+
+     %tbl.hdft.name   In declaration of:      The name(s) of the table
+                      head/foot element(s)    head and foot element(s)
+
+     %tbl.hdft.mdl    In content model of:    The model group for the content
+                      head/foot element(s)    model for head/foot element(s)
+
+     %tbl.hdft.excep  In content model of:    The exceptions for the content
+                      head/foot element(s)    model for head/foot element(s)
+
+     %tbl.row.mdl     In content model of:    The model group for the content
+                      <row>                   model for <row>
+
+     %tbl.row.excep   In content model of:    The exceptions for the content
+                      <row>                   model for <row>
+
+     %tbl.entrytbl.mdl In content model of:   The model group for the content
+                      <entrytbl>              model for <entrytbl>
+
+     %tbl.entrytbl.excep In content model of: The exceptions for the content
+                      <entrytbl>              model for <entrytbl>
+
+     %tbl.entry.mdl   In content model of:    The model group for the content
+                      <entry>                 model for <entry>
+
+     %tbl.entry.excep In content model of:    The exceptions for the content
+                      <entry>                 model for <entry>
+
+     If any of these parameter entities are not declared before this set of
+     declarations is referenced, this set of declarations will make the
+     following default definitions for all of these have parameter entities.
+-->
+
+<!-- These definitions are not directly related to the table model, but are 
+     used in the default CALS table model and are usually defined elsewhere 
+     (and prior to the inclusion of this table module) in a CALS DTD. -->
+
+<!ENTITY % bodyatt "">
+<!ENTITY % secur "">
+<!ENTITY % yesorno 'NUMBER'  -- no if zero(s),
+                                yes if any other digits value -->
+<!ENTITY % titles  'title?'>
+<!ENTITY % paracon '#PCDATA' -- default for use in entry content -->
+
+<!--
+The parameter entities as defined below provide the CALS table model
+as published (as part of the Example DTD) in MIL-HDBK-28001.
+
+These following declarations provide the CALS-compliant default definitions
+for these entities.  However, these entities can and should be redefined
+(by giving the appropriate parameter entity declaration(s) prior to the
+reference to this Table Model declaration set entity) to fit the needs
+of the current application.
+-->
+
+<!ENTITY % tbl.table.name       "(table|chart)">
+<!ENTITY % tbl.table-titles.mdl "%titles,">
+<!ENTITY % tbl.table-main.mdl   "(tgroup+|graphic+)">
+<!ENTITY % tbl.table.mdl        "%tbl.table-titles.mdl; %tbl.table-main.mdl;">
+<!ENTITY % tbl.table.excep      "-(table|chart|figure)">
+<!ENTITY % tbl.table.att        '
+    tabstyle    NMTOKEN         #IMPLIED
+    tocentry    %yesorno;       #IMPLIED
+    shortentry  %yesorno;       #IMPLIED
+    orient      (port|land)     #IMPLIED
+    pgwide      %yesorno;       #IMPLIED '>
+<!ENTITY % tbl.tgroup.mdl       "colspec*,spanspec*,thead?,tfoot?,tbody">
+<!ENTITY % tbl.tgroup.att       '
+    tgroupstyle NMTOKEN         #IMPLIED '>
+<!ENTITY % tbl.hdft.name        "(thead|tfoot)">
+<!ENTITY % tbl.hdft.mdl         "colspec*,row+">
+<!ENTITY % tbl.hdft.excep       "-(entrytbl)">
+<!ENTITY % tbl.row.mdl          "(entry|entrytbl)+">
+<!ENTITY % tbl.row.excep        "-(pgbrk)">
+<!ENTITY % tbl.entrytbl.mdl     "colspec*,spanspec*,thead?,tbody">
+<!ENTITY % tbl.entrytbl.excep   "-(entrytbl|pgbrk)">
+<!ENTITY % tbl.entry.mdl        "(para|warning|caution|note|legend|%paracon;)*">
+<!ENTITY % tbl.entry.excep      "-(pgbrk)">
+
+<!-- =====  Element and attribute declarations follow. =====  -->
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.table.name       "(table|chart)"
+     ENTITY % tbl.table-titles.mdl "%titles,"
+     ENTITY % tbl.table-main.mdl   "(tgroup+|graphic+)"
+     ENTITY % tbl.table.mdl        "%tbl.table-titles; %tbl.table-main.mdl;"
+     ENTITY % tbl.table.excep      "-(table|chart|figure)"
+     ENTITY % tbl.table.att        '
+                        tabstyle        NMTOKEN         #IMPLIED
+                        tocentry        %yesorno;       #IMPLIED
+                        shortentry      %yesorno;       #IMPLIED
+                        orient          (port|land)     #IMPLIED
+                        pgwide          %yesorno;       #IMPLIED '
+-->
+
+<!ELEMENT %tbl.table.name; - - (%tbl.table.mdl;) %tbl.table.excep; >
+
+<!ATTLIST %tbl.table.name;
+        frame           (top|bottom|topbot|all|sides|none)      #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        %tbl.table.att;
+        %bodyatt;
+        %secur;
+>
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.tgroup.mdl    "colspec*,spanspec*,thead?,tfoot?,tbody"
+     ENTITY % tbl.tgroup.att    '
+                        tgroupstyle     NMTOKEN         #IMPLIED '
+-->
+
+<!ELEMENT tgroup - O (%tbl.tgroup.mdl;) >
+
+<!ATTLIST tgroup
+        cols            NUMBER                                  #REQUIRED
+        %tbl.tgroup.att;
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+        %secur;
+>
+
+<!ELEMENT colspec - O EMPTY >
+
+<!ATTLIST colspec
+        colnum          NUMBER                                  #IMPLIED
+        colname         NMTOKEN                                 #IMPLIED
+        colwidth        CDATA                                   #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+>
+
+<!ELEMENT spanspec - O EMPTY >
+
+<!ATTLIST spanspec
+        namest          NMTOKEN                                 #REQUIRED
+        nameend         NMTOKEN                                 #REQUIRED
+        spanname        NMTOKEN                                 #REQUIRED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+>
+
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.hdft.name     "(thead|tfoot)"
+     ENTITY % tbl.hdft.mdl      "colspec*,row+"
+     ENTITY % tbl.hdft.excep    "-(entrytbl)"
+-->
+
+<!ELEMENT %tbl.hdft.name; - O (%tbl.hdft.mdl;)  %tbl.hdft.excep;>
+
+<!ATTLIST %tbl.hdft.name;
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
+
+
+<!ELEMENT tbody - O (row+)>
+
+<!ATTLIST tbody
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.row.mdl       "(entry|entrytbl)+"
+     ENTITY % tbl.row.excep     "-(pgbrk)"
+-->
+
+<!ELEMENT row - O (%tbl.row.mdl;) %tbl.row.excep;>
+
+<!ATTLIST row
+        rowsep          %yesorno;                               #IMPLIED
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % tbl.entrytbl.mdl  "colspec*,spanspec*,thead?,tbody"
+     ENTITY % tbl.entrytbl.excep "-(entrytbl|pgbrk)"
+     ENTITY % tbl.tgroup.att    '
+                        tgroupstyle     NMTOKEN         #IMPLIED '
+-->
+
+<!ELEMENT entrytbl - - (%tbl.entrytbl.mdl) %tbl.entrytbl.excep; >
+
+<!ATTLIST entrytbl
+        cols            NUMBER                                  #REQUIRED
+        %tbl.tgroup.att;
+        colname         NMTOKEN                                 #IMPLIED
+        spanname        NMTOKEN                                 #IMPLIED
+        namest          NMTOKEN                                 #IMPLIED
+        nameend         NMTOKEN                                 #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+        %secur;
+>
+
+
+<!--
+     Default declarations previously defined in this entity and
+     referenced below include:
+     ENTITY % paracon           "#PCDATA"
+     ENTITY % tbl.entry.mdl     "(para|warning|caution|note|legend|%paracon;)*"
+     ENTITY % tbl.entry.excep   "-(pgbrk)"
+-->
+
+<!ELEMENT entry - O (%tbl.entry.mdl;) %tbl.entry.excep; >
+
+<!ATTLIST entry
+        colname         NMTOKEN                                 #IMPLIED
+        namest          NMTOKEN                                 #IMPLIED
+        nameend         NMTOKEN                                 #IMPLIED
+        spanname        NMTOKEN                                 #IMPLIED
+        morerows        NUMBER                                  #IMPLIED
+        colsep          %yesorno;                               #IMPLIED
+        rowsep          %yesorno;                               #IMPLIED
+        align           (left|right|center|justify|char)        #IMPLIED
+        char            CDATA                                   #IMPLIED
+        charoff         NUTOKEN                                 #IMPLIED
+        rotate          %yesorno;                               #IMPLIED
+        valign          (top|middle|bottom)                     #IMPLIED
+        %secur;
+>
diff --git a/docs/docbook/dbsgml/catalog b/docs/docbook/dbsgml/catalog
new file mode 100644
index 00000000000..521e8201c8c
--- /dev/null
+++ b/docs/docbook/dbsgml/catalog
@@ -0,0 +1,63 @@
+  -- ...................................................................... --
+  -- Catalog data for DocBook V4.1 ........................................ --
+  -- File docbook.cat ..................................................... --
+
+  -- Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/.
+  --
+
+  -- This is the catalog data file for DocBook V4.1. It is provided as
+     a convenience in building your own catalog files. You need not use
+     the filenames listed here, and need not use the filename method of
+     identifying storage objects at all.  See the documentation for
+     detailed information on the files associated with the DocBook DTD.
+     See SGML Open Technical Resolution 9401 for detailed information
+     on supplying and using catalog data.
+  --
+
+  -- ...................................................................... --
+  -- SGML declaration associated with DocBook ............................. --
+
+DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl"
+
+  -- ...................................................................... --
+  -- DocBook driver file .................................................. --
+
+PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd"
+
+  -- ...................................................................... --
+  -- DocBook modules ...................................................... --
+
+PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd"
+PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod"
+PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod"
+
+  -- ...................................................................... --
+  -- ISO entity sets ...................................................... --
+
+PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ent/ISOdia"
+PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ent/ISOnum"
+PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ent/ISOpub"
+PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ent/ISOtech"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ent/ISOlat1"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ent/ISOlat2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ent/ISOgrk1"
+PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ent/ISOgrk2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ent/ISOgrk3"
+PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ent/ISOgrk4"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ent/ISOamsa"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ent/ISOamsb"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ent/ISOamsc"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ent/ISOamsn"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ent/ISOamso"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ent/ISOamsr"
+PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ent/ISObox"
+PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ent/ISOcyr1"
+PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ent/ISOcyr2"
+
+  -- End of catalog data for DocBook V4.1 ................................. --
+  -- ...................................................................... --
diff --git a/docs/docbook/dbsgml/dbcent.mod b/docs/docbook/dbsgml/dbcent.mod
new file mode 100755
index 00000000000..3c213d8a53f
--- /dev/null
+++ b/docs/docbook/dbsgml/dbcent.mod
@@ -0,0 +1,181 @@
+<!-- ...................................................................... -->
+<!-- DocBook character entities module V4.1 ............................... -->
+<!-- File dbcent.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbcent.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the entity declarations for the standard ISO
+     entity sets used by DocBook.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbcent PUBLIC
+     "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN">
+     %dbcent;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+
+<!ENTITY % ISOamsa.module "INCLUDE">
+<![ %ISOamsa.module; [
+<!ENTITY % ISOamsa PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN">
+%ISOamsa;
+<!--end of ISOamsa.module-->]]>
+
+<!ENTITY % ISOamsb.module "INCLUDE">
+<![ %ISOamsb.module; [
+<!ENTITY % ISOamsb PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN">
+%ISOamsb;
+<!--end of ISOamsb.module-->]]>
+
+<!ENTITY % ISOamsc.module "INCLUDE">
+<![ %ISOamsc.module; [
+<!ENTITY % ISOamsc PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN">
+%ISOamsc;
+<!--end of ISOamsc.module-->]]>
+
+<!ENTITY % ISOamsn.module "INCLUDE">
+<![ %ISOamsn.module; [
+<!ENTITY % ISOamsn PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN">
+%ISOamsn;
+<!--end of ISOamsn.module-->]]>
+
+<!ENTITY % ISOamso.module "INCLUDE">
+<![ %ISOamso.module; [
+<!ENTITY % ISOamso PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN">
+%ISOamso;
+<!--end of ISOamso.module-->]]>
+
+<!ENTITY % ISOamsr.module "INCLUDE">
+<![ %ISOamsr.module; [
+<!ENTITY % ISOamsr PUBLIC
+"ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN">
+%ISOamsr;
+<!--end of ISOamsr.module-->]]>
+
+<!ENTITY % ISObox.module "INCLUDE">
+<![ %ISObox.module; [
+<!ENTITY % ISObox PUBLIC
+"ISO 8879:1986//ENTITIES Box and Line Drawing//EN">
+%ISObox;
+<!--end of ISObox.module-->]]>
+
+<!ENTITY % ISOcyr1.module "INCLUDE">
+<![ %ISOcyr1.module; [
+<!ENTITY % ISOcyr1 PUBLIC
+"ISO 8879:1986//ENTITIES Russian Cyrillic//EN">
+%ISOcyr1;
+<!--end of ISOcyr1.module-->]]>
+
+<!ENTITY % ISOcyr2.module "INCLUDE">
+<![ %ISOcyr2.module; [
+<!ENTITY % ISOcyr2 PUBLIC
+"ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN">
+%ISOcyr2;
+<!--end of ISOcyr2.module-->]]>
+
+<!ENTITY % ISOdia.module "INCLUDE">
+<![ %ISOdia.module; [
+<!ENTITY % ISOdia PUBLIC
+"ISO 8879:1986//ENTITIES Diacritical Marks//EN">
+%ISOdia;
+<!--end of ISOdia.module-->]]>
+
+<!ENTITY % ISOgrk1.module "INCLUDE">
+<![ %ISOgrk1.module; [
+<!ENTITY % ISOgrk1 PUBLIC
+"ISO 8879:1986//ENTITIES Greek Letters//EN">
+%ISOgrk1;
+<!--end of ISOgrk1.module-->]]>
+
+<!ENTITY % ISOgrk2.module "INCLUDE">
+<![ %ISOgrk2.module; [
+<!ENTITY % ISOgrk2 PUBLIC
+"ISO 8879:1986//ENTITIES Monotoniko Greek//EN">
+%ISOgrk2;
+<!--end of ISOgrk2.module-->]]>
+
+<!ENTITY % ISOgrk3.module "INCLUDE">
+<![ %ISOgrk3.module; [
+<!ENTITY % ISOgrk3 PUBLIC
+"ISO 8879:1986//ENTITIES Greek Symbols//EN">
+%ISOgrk3;
+<!--end of ISOgrk3.module-->]]>
+
+<!ENTITY % ISOgrk4.module "INCLUDE">
+<![ %ISOgrk4.module; [
+<!ENTITY % ISOgrk4 PUBLIC
+"ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN">
+%ISOgrk4;
+<!--end of ISOgrk4.module-->]]>
+
+<!ENTITY % ISOlat1.module "INCLUDE">
+<![ %ISOlat1.module; [
+<!ENTITY % ISOlat1 PUBLIC
+"ISO 8879:1986//ENTITIES Added Latin 1//EN">
+%ISOlat1;
+<!--end of ISOlat1.module-->]]>
+
+<!ENTITY % ISOlat2.module "INCLUDE">
+<![ %ISOlat2.module; [
+<!ENTITY % ISOlat2 PUBLIC
+"ISO 8879:1986//ENTITIES Added Latin 2//EN">
+%ISOlat2;
+<!--end of ISOlat2.module-->]]>
+
+<!ENTITY % ISOnum.module "INCLUDE">
+<![ %ISOnum.module; [
+<!ENTITY % ISOnum PUBLIC
+"ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN">
+%ISOnum;
+<!--end of ISOnum.module-->]]>
+
+<!ENTITY % ISOpub.module "INCLUDE">
+<![ %ISOpub.module; [
+<!ENTITY % ISOpub PUBLIC
+"ISO 8879:1986//ENTITIES Publishing//EN">
+%ISOpub;
+<!--end of ISOpub.module-->]]>
+
+<!ENTITY % ISOtech.module "INCLUDE">
+<![ %ISOtech.module; [
+<!ENTITY % ISOtech PUBLIC
+"ISO 8879:1986//ENTITIES General Technical//EN">
+%ISOtech;
+<!--end of ISOtech.module-->]]>
diff --git a/docs/docbook/dbsgml/dbgenent.mod b/docs/docbook/dbsgml/dbgenent.mod
new file mode 100644
index 00000000000..b60c5b27140
--- /dev/null
+++ b/docs/docbook/dbsgml/dbgenent.mod
@@ -0,0 +1,39 @@
+<!-- ...................................................................... -->
+<!-- DocBook additional general entities V4.1 ............................. -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbgenent PUBLIC
+     "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN"
+     %dbgenent;
+-->
+
+<!-- File dbgenent.mod .................................................... -->
+
+<!-- You can edit this file to add the following:
+
+     o General entity declarations of any kind.  For example:
+
+       <!ENTITY happyface SDATA "insert-face">    (system-specific data)
+       <!ENTITY productname "WinWidget">          (small boilerplate)
+       <!ENTITY legal-notice SYSTEM "notice.sgm"> (large boilerplate)
+
+     o Notation declarations.  For example:
+
+       <!NOTATION chicken-scratch SYSTEM>
+
+     o Declarations for and references to external parameter entities
+       containing collections of any of the above.  For example:
+
+       <!ENTITY % all-titles PUBLIC "-//DocTools//ELEMENTS Book Titles//EN">
+       %all-titles;
+-->
+
+<!-- End of DocBook additional general entities V4.1 ...................... -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/dbhier.mod b/docs/docbook/dbsgml/dbhier.mod
new file mode 100755
index 00000000000..a7d9bdf6928
--- /dev/null
+++ b/docs/docbook/dbsgml/dbhier.mod
@@ -0,0 +1,2100 @@
+<!-- ...................................................................... -->
+<!-- DocBook document hierarchy module V4.1 ............................... -->
+<!-- File dbhier.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbhier.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the definitions for the overall document
+     hierarchies of DocBook documents.  It covers computer documentation
+     manuals and manual fragments, as well as reference entries (such as
+     man pages) and technical journals or anthologies containing
+     articles.
+
+     This module depends on the DocBook information pool module.  All
+     elements and entities referenced but not defined here are assumed
+     to be defined in the information pool module.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbhier PUBLIC
+     "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN">
+     %dbhier;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+<!-- Entities for module inclusions ....................................... -->
+
+<!ENTITY % dbhier.redecl.module		"IGNORE">
+<!ENTITY % dbhier.redecl2.module	"IGNORE">
+
+<!-- ...................................................................... -->
+<!-- Entities for element classes ......................................... -->
+
+<!ENTITY % local.appendix.class "">
+<!ENTITY % appendix.class	"Appendix %local.appendix.class;">
+
+<!ENTITY % local.article.class "">
+<!ENTITY % article.class	"Article %local.article.class;">
+
+<!ENTITY % local.book.class "">
+<!ENTITY % book.class		"Book %local.book.class;">
+
+<!ENTITY % local.chapter.class "">
+<!ENTITY % chapter.class	"Chapter %local.chapter.class;">
+
+<!ENTITY % local.index.class "">
+<!ENTITY % index.class		"Index|SetIndex %local.index.class;">
+
+<!ENTITY % local.refentry.class "">
+<!ENTITY % refentry.class	"RefEntry %local.refentry.class;">
+
+<!ENTITY % local.nav.class "">
+<!ENTITY % nav.class		"ToC|LoT|Index|Glossary|Bibliography 
+				%local.nav.class;">
+
+<!-- Redeclaration placeholder ............................................ -->
+
+<!-- For redeclaring entities that are declared after this point while
+     retaining their references to the entities that are declared before
+     this point -->
+
+<![ %dbhier.redecl.module; [
+%rdbhier;
+<!--end of dbhier.redecl.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Entities for element mixtures ........................................ -->
+
+<!-- The DocBook TC may produce an official forms module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % forms.hook "">
+
+<!ENTITY % local.divcomponent.mix "">
+<!ENTITY % divcomponent.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|%compound.class;
+		|%genobj.class;		|%descobj.class;
+		|%ndxterm.class;
+                %forms.hook;
+		%local.divcomponent.mix;">
+
+<!ENTITY % local.refcomponent.mix "">
+<!ENTITY % refcomponent.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|%compound.class;
+		|%genobj.class;		|%descobj.class;
+		|%ndxterm.class;
+		%local.refcomponent.mix;">
+
+<!ENTITY % local.indexdivcomponent.mix "">
+<!ENTITY % indexdivcomponent.mix
+		"ItemizedList|OrderedList|VariableList|SimpleList
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|Anchor|Remark
+		|%link.char.class;
+		%local.indexdivcomponent.mix;">
+
+<!ENTITY % local.refname.char.mix "">
+<!ENTITY % refname.char.mix
+		"#PCDATA
+		|%tech.char.class;
+		%local.refname.char.mix;">
+
+<!ENTITY % local.partcontent.mix "">
+<!ENTITY % partcontent.mix
+		"%appendix.class;|%chapter.class;|%nav.class;|%article.class;
+		|Preface|%refentry.class;|Reference %local.partcontent.mix;">
+
+<!ENTITY % local.refinline.char.mix "">
+<!ENTITY % refinline.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;
+		|%ndxterm.class;
+		%local.refinline.char.mix;">
+
+<!ENTITY % local.refclass.char.mix "">
+<!ENTITY % refclass.char.mix
+		"#PCDATA
+		|Application
+		%local.refclass.char.mix;">
+
+<!-- Redeclaration placeholder 2 .......................................... -->
+
+<!-- For redeclaring entities that are declared after this point while
+     retaining their references to the entities that are declared before
+     this point -->
+
+<![ %dbhier.redecl2.module; [
+%rdbhier2;
+<!--end of dbhier.redecl2.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Entities for content models .......................................... -->
+
+<!ENTITY % div.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % bookcomponent.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % sect.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % refsect.title.content
+	"Title, Subtitle?, TitleAbbrev?">
+
+<!ENTITY % bookcomponent.content
+	"((%divcomponent.mix;)+, 
+	    (Sect1*|(%refentry.class;)*|SimpleSect*|Section*))
+         | (Sect1+|(%refentry.class;)+|SimpleSect+|Section+)">
+
+<!-- ...................................................................... -->
+<!-- Set and SetInfo ...................................................... -->
+
+<!ENTITY % set.content.module "INCLUDE">
+<![ %set.content.module; [
+<!ENTITY % set.module "INCLUDE">
+<![ %set.module; [
+<!ENTITY % local.set.attrib "">
+<!ENTITY % set.role.attrib "%role.attrib;">
+
+<!ENTITY % set.element "INCLUDE">
+<![ %set.element; [
+<!ELEMENT Set - O ((%div.title.content;)?, SetInfo?, ToC?, (%book.class;)+,
+		SetIndex?) %ubiq.inclusion;>
+<!--end of set.element-->]]>
+
+<!ENTITY % set.attlist "INCLUDE">
+<![ %set.attlist; [
+<!ATTLIST Set
+		--
+		FPI: SGML formal public identifier
+		--
+		FPI		CDATA		#IMPLIED
+		%status.attrib;
+		%common.attrib;
+		%set.role.attrib;
+		%local.set.attrib;
+>
+<!--end of set.attlist-->]]>
+<!--end of set.module-->]]>
+
+<!ENTITY % setinfo.module "INCLUDE">
+<![ %setinfo.module; [
+<!ENTITY % local.setinfo.attrib "">
+<!ENTITY % setinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % setinfo.element "INCLUDE">
+<![ %setinfo.element; [
+<!ELEMENT SetInfo - - ((Graphic | MediaObject
+		| LegalNotice | ModeSpec | SubjectSet 
+		| KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of setinfo.element-->]]>
+
+<!ENTITY % setinfo.attlist "INCLUDE">
+<![ %setinfo.attlist; [
+<!--FUTURE USE (V5.0):
+......................
+The Contents attribute will be removed from SetInfo
+......................
+-->
+<!ATTLIST SetInfo
+		--
+		Contents: IDs of the ToC, Books, and SetIndex that comprise 
+		the set, in the order of their appearance
+		--
+		Contents	IDREFS		#IMPLIED
+		%common.attrib;
+		%setinfo.role.attrib;
+		%local.setinfo.attrib;
+>
+<!--end of setinfo.attlist-->]]>
+<!--end of setinfo.module-->]]>
+<!--end of set.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Book and BookInfo .................................................... -->
+
+<!ENTITY % book.content.module "INCLUDE">
+<![ %book.content.module; [
+<!ENTITY % book.module "INCLUDE">
+<![ %book.module; [
+
+<!ENTITY % local.book.attrib "">
+<!ENTITY % book.role.attrib "%role.attrib;">
+
+<!ENTITY % book.element "INCLUDE">
+<![ %book.element; [
+<!ELEMENT Book - O ((%div.title.content;)?, BookInfo?,
+ 		(Dedication | ToC | LoT
+ 		| Glossary | Bibliography | Preface
+		| %chapter.class; | Reference | Part
+		| %article.class;
+ 		| %appendix.class;
+		| %index.class;
+		| Colophon)*)
+		%ubiq.inclusion;>
+<!--end of book.element-->]]>
+
+<!ENTITY % book.attlist "INCLUDE">
+<![ %book.attlist; [
+<!ATTLIST Book	
+		--
+		FPI: SGML formal public identifier
+		--
+		FPI		CDATA		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%book.role.attrib;
+		%local.book.attrib;
+>
+<!--end of book.attlist-->]]>
+<!--end of book.module-->]]>
+
+<!ENTITY % bookinfo.module "INCLUDE">
+<![ %bookinfo.module; [
+<!ENTITY % local.bookinfo.attrib "">
+<!ENTITY % bookinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % bookinfo.element "INCLUDE">
+<![ %bookinfo.element; [
+<!ELEMENT BookInfo - - ((Graphic | MediaObject
+		| LegalNotice | ModeSpec | SubjectSet 
+		| KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of bookinfo.element-->]]>
+
+<!ENTITY % bookinfo.attlist "INCLUDE">
+<![ %bookinfo.attlist; [
+<!--FUTURE USE (V5.0):
+......................
+The Contents attribute will be removed from BookInfo
+......................
+-->
+<!ATTLIST BookInfo
+		--
+		Contents: IDs of the ToC, LoTs, Prefaces, Parts, Chapters,
+		Appendixes, References, GLossary, Bibliography, and indexes
+		comprising the Book, in the order of their appearance
+		--
+		Contents	IDREFS		#IMPLIED
+		%common.attrib;
+		%bookinfo.role.attrib;
+		%local.bookinfo.attrib;
+>
+<!--end of bookinfo.attlist-->]]>
+<!--end of bookinfo.module-->]]>
+<!--end of book.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Dedication, ToC, and LoT ............................................. -->
+
+<!ENTITY % dedication.module "INCLUDE">
+<![ %dedication.module; [
+<!ENTITY % local.dedication.attrib "">
+<!ENTITY % dedication.role.attrib "%role.attrib;">
+
+<!ENTITY % dedication.element "INCLUDE">
+<![ %dedication.element; [
+<!ELEMENT Dedication - O ((%sect.title.content;)?, (%legalnotice.mix;)+)>
+<!--end of dedication.element-->]]>
+
+<!ENTITY % dedication.attlist "INCLUDE">
+<![ %dedication.attlist; [
+<!ATTLIST Dedication
+		%status.attrib;
+		%common.attrib;
+		%dedication.role.attrib;
+		%local.dedication.attrib;
+>
+<!--end of dedication.attlist-->]]>
+<!--end of dedication.module-->]]>
+
+<!ENTITY % colophon.module "INCLUDE">
+<![ %colophon.module; [
+<!ENTITY % local.colophon.attrib "">
+<!ENTITY % colophon.role.attrib "%role.attrib;">
+
+<!ENTITY % colophon.element "INCLUDE">
+<![ %colophon.element; [
+<!ELEMENT Colophon - O ((%sect.title.content;)?, (%textobject.mix;)+)>
+<!--end of colophon.element-->]]>
+
+<!ENTITY % colophon.attlist "INCLUDE">
+<![ %colophon.attlist; [
+<!ATTLIST Colophon
+		%status.attrib;
+		%common.attrib;
+		%colophon.role.attrib;
+		%local.colophon.attrib;>
+<!--end of colophon.attlist-->]]>
+<!--end of colophon.module-->]]>
+
+<!ENTITY % toc.content.module "INCLUDE">
+<![ %toc.content.module; [
+<!ENTITY % toc.module "INCLUDE">
+<![ %toc.module; [
+<!ENTITY % local.toc.attrib "">
+<!ENTITY % toc.role.attrib "%role.attrib;">
+
+<!ENTITY % toc.element "INCLUDE">
+<![ %toc.element; [
+<!ELEMENT ToC - O ((%bookcomponent.title.content;)?, ToCfront*,
+		(ToCpart | ToCchap)*, ToCback*)>
+<!--end of toc.element-->]]>
+
+<!ENTITY % toc.attlist "INCLUDE">
+<![ %toc.attlist; [
+<!ATTLIST ToC
+		%pagenum.attrib;
+		%common.attrib;
+		%toc.role.attrib;
+		%local.toc.attrib;
+>
+<!--end of toc.attlist-->]]>
+<!--end of toc.module-->]]>
+
+<!ENTITY % tocfront.module "INCLUDE">
+<![ %tocfront.module; [
+<!ENTITY % local.tocfront.attrib "">
+<!ENTITY % tocfront.role.attrib "%role.attrib;">
+
+<!ENTITY % tocfront.element "INCLUDE">
+<![ %tocfront.element; [
+<!ELEMENT ToCfront - O ((%para.char.mix;)+)>
+<!--end of tocfront.element-->]]>
+
+<!ENTITY % tocfront.attlist "INCLUDE">
+<![ %tocfront.attlist; [
+<!ATTLIST ToCfront
+		%label.attrib;
+		%linkend.attrib; --to element that this entry represents--
+		%pagenum.attrib;
+		%common.attrib;
+		%tocfront.role.attrib;
+		%local.tocfront.attrib;
+>
+<!--end of tocfront.attlist-->]]>
+<!--end of tocfront.module-->]]>
+
+<!ENTITY % tocentry.module "INCLUDE">
+<![ %tocentry.module; [
+<!ENTITY % local.tocentry.attrib "">
+<!ENTITY % tocentry.role.attrib "%role.attrib;">
+
+<!ENTITY % tocentry.element "INCLUDE">
+<![ %tocentry.element; [
+<!ELEMENT ToCentry - - ((%para.char.mix;)+)>
+<!--end of tocentry.element-->]]>
+
+<!ENTITY % tocentry.attlist "INCLUDE">
+<![ %tocentry.attlist; [
+<!ATTLIST ToCentry
+		%linkend.attrib; --to element that this entry represents--
+		%pagenum.attrib;
+		%common.attrib;
+		%tocentry.role.attrib;
+		%local.tocentry.attrib;
+>
+<!--end of tocentry.attlist-->]]>
+<!--end of tocentry.module-->]]>
+
+<!ENTITY % tocpart.module "INCLUDE">
+<![ %tocpart.module; [
+<!ENTITY % local.tocpart.attrib "">
+<!ENTITY % tocpart.role.attrib "%role.attrib;">
+
+<!ENTITY % tocpart.element "INCLUDE">
+<![ %tocpart.element; [
+<!ELEMENT ToCpart - O (ToCentry+, ToCchap*)>
+<!--end of tocpart.element-->]]>
+
+<!ENTITY % tocpart.attlist "INCLUDE">
+<![ %tocpart.attlist; [
+<!ATTLIST ToCpart
+		%common.attrib;
+		%tocpart.role.attrib;
+		%local.tocpart.attrib;
+>
+<!--end of tocpart.attlist-->]]>
+<!--end of tocpart.module-->]]>
+
+<!ENTITY % tocchap.module "INCLUDE">
+<![ %tocchap.module; [
+<!ENTITY % local.tocchap.attrib "">
+<!ENTITY % tocchap.role.attrib "%role.attrib;">
+
+<!ENTITY % tocchap.element "INCLUDE">
+<![ %tocchap.element; [
+<!ELEMENT ToCchap - O (ToCentry+, ToClevel1*)>
+<!--end of tocchap.element-->]]>
+
+<!ENTITY % tocchap.attlist "INCLUDE">
+<![ %tocchap.attlist; [
+<!ATTLIST ToCchap
+		%label.attrib;
+		%common.attrib;
+		%tocchap.role.attrib;
+		%local.tocchap.attrib;
+>
+<!--end of tocchap.attlist-->]]>
+<!--end of tocchap.module-->]]>
+
+<!ENTITY % toclevel1.module "INCLUDE">
+<![ %toclevel1.module; [
+<!ENTITY % local.toclevel1.attrib "">
+<!ENTITY % toclevel1.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel1.element "INCLUDE">
+<![ %toclevel1.element; [
+<!ELEMENT ToClevel1 - O (ToCentry+, ToClevel2*)>
+<!--end of toclevel1.element-->]]>
+
+<!ENTITY % toclevel1.attlist "INCLUDE">
+<![ %toclevel1.attlist; [
+<!ATTLIST ToClevel1
+		%common.attrib;
+		%toclevel1.role.attrib;
+		%local.toclevel1.attrib;
+>
+<!--end of toclevel1.attlist-->]]>
+<!--end of toclevel1.module-->]]>
+
+<!ENTITY % toclevel2.module "INCLUDE">
+<![ %toclevel2.module; [
+<!ENTITY % local.toclevel2.attrib "">
+<!ENTITY % toclevel2.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel2.element "INCLUDE">
+<![ %toclevel2.element; [
+<!ELEMENT ToClevel2 - O (ToCentry+, ToClevel3*)>
+<!--end of toclevel2.element-->]]>
+
+<!ENTITY % toclevel2.attlist "INCLUDE">
+<![ %toclevel2.attlist; [
+<!ATTLIST ToClevel2
+		%common.attrib;
+		%toclevel2.role.attrib;
+		%local.toclevel2.attrib;
+>
+<!--end of toclevel2.attlist-->]]>
+<!--end of toclevel2.module-->]]>
+
+<!ENTITY % toclevel3.module "INCLUDE">
+<![ %toclevel3.module; [
+<!ENTITY % local.toclevel3.attrib "">
+<!ENTITY % toclevel3.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel3.element "INCLUDE">
+<![ %toclevel3.element; [
+<!ELEMENT ToClevel3 - O (ToCentry+, ToClevel4*)>
+<!--end of toclevel3.element-->]]>
+
+<!ENTITY % toclevel3.attlist "INCLUDE">
+<![ %toclevel3.attlist; [
+<!ATTLIST ToClevel3
+		%common.attrib;
+		%toclevel3.role.attrib;
+		%local.toclevel3.attrib;
+>
+<!--end of toclevel3.attlist-->]]>
+<!--end of toclevel3.module-->]]>
+
+<!ENTITY % toclevel4.module "INCLUDE">
+<![ %toclevel4.module; [
+<!ENTITY % local.toclevel4.attrib "">
+<!ENTITY % toclevel4.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel4.element "INCLUDE">
+<![ %toclevel4.element; [
+<!ELEMENT ToClevel4 - O (ToCentry+, ToClevel5*)>
+<!--end of toclevel4.element-->]]>
+
+<!ENTITY % toclevel4.attlist "INCLUDE">
+<![ %toclevel4.attlist; [
+<!ATTLIST ToClevel4
+		%common.attrib;
+		%toclevel4.role.attrib;
+		%local.toclevel4.attrib;
+>
+<!--end of toclevel4.attlist-->]]>
+<!--end of toclevel4.module-->]]>
+
+<!ENTITY % toclevel5.module "INCLUDE">
+<![ %toclevel5.module; [
+<!ENTITY % local.toclevel5.attrib "">
+<!ENTITY % toclevel5.role.attrib "%role.attrib;">
+
+<!ENTITY % toclevel5.element "INCLUDE">
+<![ %toclevel5.element; [
+<!ELEMENT ToClevel5 - O (ToCentry+)>
+<!--end of toclevel5.element-->]]>
+
+<!ENTITY % toclevel5.attlist "INCLUDE">
+<![ %toclevel5.attlist; [
+<!ATTLIST ToClevel5
+		%common.attrib;
+		%toclevel5.role.attrib;
+		%local.toclevel5.attrib;
+>
+<!--end of toclevel5.attlist-->]]>
+<!--end of toclevel5.module-->]]>
+
+<!ENTITY % tocback.module "INCLUDE">
+<![ %tocback.module; [
+<!ENTITY % local.tocback.attrib "">
+<!ENTITY % tocback.role.attrib "%role.attrib;">
+
+<!ENTITY % tocback.element "INCLUDE">
+<![ %tocback.element; [
+<!ELEMENT ToCback - O ((%para.char.mix;)+)>
+<!--end of tocback.element-->]]>
+
+<!ENTITY % tocback.attlist "INCLUDE">
+<![ %tocback.attlist; [
+<!ATTLIST ToCback
+		%label.attrib;
+		%linkend.attrib; --to element that this entry represents--
+		%pagenum.attrib;
+		%common.attrib;
+		%tocback.role.attrib;
+		%local.tocback.attrib;
+>
+<!--end of tocback.attlist-->]]>
+<!--end of tocback.module-->]]>
+<!--end of toc.content.module-->]]>
+
+<!ENTITY % lot.content.module "INCLUDE">
+<![ %lot.content.module; [
+<!ENTITY % lot.module "INCLUDE">
+<![ %lot.module; [
+<!ENTITY % local.lot.attrib "">
+<!ENTITY % lot.role.attrib "%role.attrib;">
+
+<!ENTITY % lot.element "INCLUDE">
+<![ %lot.element; [
+<!ELEMENT LoT - O ((%bookcomponent.title.content;)?, LoTentry*)>
+<!--end of lot.element-->]]>
+
+<!ENTITY % lot.attlist "INCLUDE">
+<![ %lot.attlist; [
+<!ATTLIST LoT
+		%label.attrib;
+		%common.attrib;
+		%lot.role.attrib;
+		%local.lot.attrib;
+>
+<!--end of lot.attlist-->]]>
+<!--end of lot.module-->]]>
+
+<!ENTITY % lotentry.module "INCLUDE">
+<![ %lotentry.module; [
+<!ENTITY % local.lotentry.attrib "">
+<!ENTITY % lotentry.role.attrib "%role.attrib;">
+
+<!ENTITY % lotentry.element "INCLUDE">
+<![ %lotentry.element; [
+<!ELEMENT LoTentry - - ((%para.char.mix;)+ )>
+<!--end of lotentry.element-->]]>
+
+<!ENTITY % lotentry.attlist "INCLUDE">
+<![ %lotentry.attlist; [
+<!ATTLIST LoTentry
+		--
+		SrcCredit: Information about the source of the entry, 
+		as for a list of illustrations
+		--
+		SrcCredit	CDATA		#IMPLIED
+		%pagenum.attrib;
+		%common.attrib;
+		%linkend.attrib; --to element that this entry represents--
+		%lotentry.role.attrib;
+		%local.lotentry.attrib;
+>
+<!--end of lotentry.attlist-->]]>
+<!--end of lotentry.module-->]]>
+<!--end of lot.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Appendix, Chapter, Part, Preface, Reference, PartIntro ............... -->
+
+<!ENTITY % appendix.module "INCLUDE">
+<![ %appendix.module; [
+<!ENTITY % local.appendix.attrib "">
+<!ENTITY % appendix.role.attrib "%role.attrib;">
+
+<!ENTITY % appendix.element "INCLUDE">
+<![ %appendix.element; [
+<!ELEMENT Appendix - O (AppendixInfo?,
+                         (%bookcomponent.title.content;), 
+                         (%nav.class)*,
+                         ToCchap?,
+                         (%bookcomponent.content;),
+                         (%nav.class)*)
+                         %ubiq.inclusion;>
+<!--end of appendix.element-->]]>
+
+<!ENTITY % appendix.attlist "INCLUDE">
+<![ %appendix.attlist; [
+<!ATTLIST Appendix
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%appendix.role.attrib;
+		%local.appendix.attrib;
+>
+<!--end of appendix.attlist-->]]>
+<!--end of appendix.module-->]]>
+
+<!ENTITY % chapter.module "INCLUDE">
+<![ %chapter.module; [
+<!ENTITY % local.chapter.attrib "">
+<!ENTITY % chapter.role.attrib "%role.attrib;">
+
+<!ENTITY % chapter.element "INCLUDE">
+<![ %chapter.element; [
+<!ELEMENT Chapter - O (ChapterInfo?,
+                        (%bookcomponent.title.content;),
+                        (%nav.class)*,
+                        ToCchap?,
+                        (%bookcomponent.content;),
+                        (%nav.class)*)
+                        %ubiq.inclusion;>
+<!--end of chapter.element-->]]>
+
+<!ENTITY % chapter.attlist "INCLUDE">
+<![ %chapter.attlist; [
+<!ATTLIST Chapter
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%chapter.role.attrib;
+		%local.chapter.attrib;
+>
+<!--end of chapter.attlist-->]]>
+<!--end of chapter.module-->]]>
+
+<!ENTITY % part.module "INCLUDE">
+<![ %part.module; [
+
+<!-- Note that Part was to have its content model reduced in V4.1.  This
+change will not be made after all. -->
+
+<!ENTITY % local.part.attrib "">
+<!ENTITY % part.role.attrib "%role.attrib;">
+
+<!ENTITY % part.element "INCLUDE">
+<![ %part.element; [
+<!ELEMENT Part - - (PartInfo?, (%bookcomponent.title.content;), PartIntro?,
+		(%partcontent.mix;)+) %ubiq.inclusion;>
+<!--end of part.element-->]]>
+
+<!ENTITY % part.attlist "INCLUDE">
+<![ %part.attlist; [
+<!ATTLIST Part
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%part.role.attrib;
+		%local.part.attrib;
+>
+<!--end of part.attlist-->]]>
+<!--ELEMENT PartIntro (defined below)-->
+<!--end of part.module-->]]>
+
+<!ENTITY % preface.module "INCLUDE">
+<![ %preface.module; [
+<!ENTITY % local.preface.attrib "">
+<!ENTITY % preface.role.attrib "%role.attrib;">
+
+<!ENTITY % preface.element "INCLUDE">
+<![ %preface.element; [
+<!ELEMENT Preface - O (PrefaceInfo?,
+                        (%bookcomponent.title.content;),
+                        (%nav.class)*,
+                        ToCchap?,
+                        (%bookcomponent.content;),
+                        (%nav.class)*)
+                        %ubiq.inclusion;>
+<!--end of preface.element-->]]>
+
+<!ENTITY % preface.attlist "INCLUDE">
+<![ %preface.attlist; [
+<!ATTLIST Preface
+		%status.attrib;
+		%common.attrib;
+		%preface.role.attrib;
+		%local.preface.attrib;
+>
+<!--end of preface.attlist-->]]>
+<!--end of preface.module-->]]>
+
+<!ENTITY % reference.module "INCLUDE">
+<![ %reference.module; [
+<!ENTITY % local.reference.attrib "">
+<!ENTITY % reference.role.attrib "%role.attrib;">
+
+<!ENTITY % reference.element "INCLUDE">
+<![ %reference.element; [
+<!ELEMENT Reference - O (ReferenceInfo?, (%bookcomponent.title.content;),
+		 PartIntro?,
+		(%refentry.class;)+) %ubiq.inclusion;>
+<!--end of reference.element-->]]>
+
+<!ENTITY % reference.attlist "INCLUDE">
+<![ %reference.attlist; [
+<!ATTLIST Reference
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%reference.role.attrib;
+		%local.reference.attrib;
+>
+<!--end of reference.attlist-->]]>
+<!--ELEMENT PartIntro (defined below)-->
+<!--end of reference.module-->]]>
+
+<!ENTITY % partintro.module "INCLUDE">
+<![ %partintro.module; [
+<!ENTITY % local.partintro.attrib "">
+<!ENTITY % partintro.role.attrib "%role.attrib;">
+
+<!ENTITY % partintro.element "INCLUDE">
+<![ %partintro.element; [
+<!ELEMENT PartIntro - O ((%div.title.content;)?, (%bookcomponent.content;))
+		%ubiq.inclusion;>
+<!--end of partintro.element-->]]>
+
+<!ENTITY % partintro.attlist "INCLUDE">
+<![ %partintro.attlist; [
+<!ATTLIST PartIntro	
+		%label.attrib;
+		%common.attrib;
+		%local.partintro.attrib;
+		%partintro.role.attrib;
+>
+<!--end of partintro.attlist-->]]>
+<!--end of partintro.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Other Info elements .................................................. -->
+
+<!ENTITY % appendixinfo.module "INCLUDE">
+<![ %appendixinfo.module; [
+<!ENTITY % local.appendixinfo.attrib "">
+<!ENTITY % appendixinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % appendixinfo.element "INCLUDE">
+<![ %appendixinfo.element; [
+<!ELEMENT AppendixInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of appendixinfo.element-->]]>
+
+<!ENTITY % appendixinfo.attlist "INCLUDE">
+<![ %appendixinfo.attlist; [
+<!ATTLIST AppendixInfo
+		%common.attrib;
+		%appendixinfo.role.attrib;
+		%local.appendixinfo.attrib;
+>
+<!--end of appendixinfo.attlist-->]]>
+<!--end of appendixinfo.module-->]]>
+
+
+<!ENTITY % bibliographyinfo.module "INCLUDE">
+<![ %bibliographyinfo.module; [
+<!ENTITY % local.bibliographyinfo.attrib "">
+<!ENTITY % bibliographyinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliographyinfo.element "INCLUDE">
+<![ %bibliographyinfo.element; [
+<!ELEMENT BibliographyInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of bibliographyinfo.element-->]]>
+
+<!ENTITY % bibliographyinfo.attlist "INCLUDE">
+<![ %bibliographyinfo.attlist; [
+<!ATTLIST BibliographyInfo
+		%common.attrib;
+		%bibliographyinfo.role.attrib;
+		%local.bibliographyinfo.attrib;
+>
+<!--end of bibliographyinfo.attlist-->]]>
+<!--end of bibliographyinfo.module-->]]>
+
+<!ENTITY % chapterinfo.module "INCLUDE">
+<![ %chapterinfo.module; [
+<!ENTITY % local.chapterinfo.attrib "">
+<!ENTITY % chapterinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % chapterinfo.element "INCLUDE">
+<![ %chapterinfo.element; [
+<!ELEMENT ChapterInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of chapterinfo.element-->]]>
+
+<!ENTITY % chapterinfo.attlist "INCLUDE">
+<![ %chapterinfo.attlist; [
+<!ATTLIST ChapterInfo
+		%common.attrib;
+		%chapterinfo.role.attrib;
+		%local.chapterinfo.attrib;
+>
+<!--end of chapterinfo.attlist-->]]>
+<!--end of chapterinfo.module-->]]>
+
+<!ENTITY % glossaryinfo.module "INCLUDE">
+<![ %glossaryinfo.module; [
+<!ENTITY % local.glossaryinfo.attrib "">
+<!ENTITY % glossaryinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % glossaryinfo.element "INCLUDE">
+<![ %glossaryinfo.element; [
+<!ELEMENT GlossaryInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of glossaryinfo.element-->]]>
+
+<!ENTITY % glossaryinfo.attlist "INCLUDE">
+<![ %glossaryinfo.attlist; [
+<!ATTLIST GlossaryInfo
+		%common.attrib;
+		%glossaryinfo.role.attrib;
+		%local.glossaryinfo.attrib;
+>
+<!--end of glossaryinfo.attlist-->]]>
+<!--end of glossaryinfo.module-->]]>
+
+
+<!ENTITY % indexinfo.module "INCLUDE">
+<![ %indexinfo.module; [
+<!ENTITY % local.indexinfo.attrib "">
+<!ENTITY % indexinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % indexinfo.element "INCLUDE">
+<![ %indexinfo.element; [
+<!ELEMENT IndexInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of indexinfo.element-->]]>
+
+<!ENTITY % indexinfo.attlist "INCLUDE">
+<![ %indexinfo.attlist; [
+<!ATTLIST IndexInfo
+		%common.attrib;
+		%indexinfo.role.attrib;
+		%local.indexinfo.attrib;
+>
+<!--end of indexinfo.attlist-->]]>
+<!--end of indexinfo.module-->]]>
+
+<!ENTITY % partinfo.module "INCLUDE">
+<![ %partinfo.module; [
+<!ENTITY % local.partinfo.attrib "">
+<!ENTITY % partinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % partinfo.element "INCLUDE">
+<![ %partinfo.element; [
+<!ELEMENT PartInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of partinfo.element-->]]>
+
+<!ENTITY % partinfo.attlist "INCLUDE">
+<![ %partinfo.attlist; [
+<!ATTLIST PartInfo
+		%common.attrib;
+		%partinfo.role.attrib;
+		%local.partinfo.attrib;
+>
+<!--end of partinfo.attlist-->]]>
+<!--end of partinfo.module-->]]>
+
+
+<!ENTITY % prefaceinfo.module "INCLUDE">
+<![ %prefaceinfo.module; [
+<!ENTITY % local.prefaceinfo.attrib "">
+<!ENTITY % prefaceinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % prefaceinfo.element "INCLUDE">
+<![ %prefaceinfo.element; [
+<!ELEMENT PrefaceInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of prefaceinfo.element-->]]>
+
+<!ENTITY % prefaceinfo.attlist "INCLUDE">
+<![ %prefaceinfo.attlist; [
+<!ATTLIST PrefaceInfo
+		%common.attrib;
+		%prefaceinfo.role.attrib;
+		%local.prefaceinfo.attrib;
+>
+<!--end of prefaceinfo.attlist-->]]>
+<!--end of prefaceinfo.module-->]]>
+
+
+<!ENTITY % refentryinfo.module "INCLUDE">
+<![ %refentryinfo.module; [
+<!ENTITY % local.refentryinfo.attrib "">
+<!ENTITY % refentryinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % refentryinfo.element "INCLUDE">
+<![ %refentryinfo.element; [
+<!ELEMENT RefEntryInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refentryinfo.element-->]]>
+
+<!ENTITY % refentryinfo.attlist "INCLUDE">
+<![ %refentryinfo.attlist; [
+<!ATTLIST RefEntryInfo
+		%common.attrib;
+		%refentryinfo.role.attrib;
+		%local.refentryinfo.attrib;
+>
+<!--end of refentryinfo.attlist-->]]>
+<!--end of refentryinfo.module-->]]>
+
+
+<!ENTITY % refsect1info.module "INCLUDE">
+<![ %refsect1info.module; [
+<!ENTITY % local.refsect1info.attrib "">
+<!ENTITY % refsect1info.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect1info.element "INCLUDE">
+<![ %refsect1info.element; [
+<!ELEMENT RefSect1Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsect1info.element-->]]>
+
+<!ENTITY % refsect1info.attlist "INCLUDE">
+<![ %refsect1info.attlist; [
+<!ATTLIST RefSect1Info
+		%common.attrib;
+		%refsect1info.role.attrib;
+		%local.refsect1info.attrib;
+>
+<!--end of refsect1info.attlist-->]]>
+<!--end of refsect1info.module-->]]>
+
+
+<!ENTITY % refsect2info.module "INCLUDE">
+<![ %refsect2info.module; [
+<!ENTITY % local.refsect2info.attrib "">
+<!ENTITY % refsect2info.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect2info.element "INCLUDE">
+<![ %refsect2info.element; [
+<!ELEMENT RefSect2Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsect2info.element-->]]>
+
+<!ENTITY % refsect2info.attlist "INCLUDE">
+<![ %refsect2info.attlist; [
+<!ATTLIST RefSect2Info
+		%common.attrib;
+		%refsect2info.role.attrib;
+		%local.refsect2info.attrib;
+>
+<!--end of refsect2info.attlist-->]]>
+<!--end of refsect2info.module-->]]>
+
+
+<!ENTITY % refsect3info.module "INCLUDE">
+<![ %refsect3info.module; [
+<!ENTITY % local.refsect3info.attrib "">
+<!ENTITY % refsect3info.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect3info.element "INCLUDE">
+<![ %refsect3info.element; [
+<!ELEMENT RefSect3Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsect3info.element-->]]>
+
+<!ENTITY % refsect3info.attlist "INCLUDE">
+<![ %refsect3info.attlist; [
+<!ATTLIST RefSect3Info
+		%common.attrib;
+		%refsect3info.role.attrib;
+		%local.refsect3info.attrib;
+>
+<!--end of refsect3info.attlist-->]]>
+<!--end of refsect3info.module-->]]>
+
+
+<!ENTITY % refsynopsisdivinfo.module "INCLUDE">
+<![ %refsynopsisdivinfo.module; [
+<!ENTITY % local.refsynopsisdivinfo.attrib "">
+<!ENTITY % refsynopsisdivinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % refsynopsisdivinfo.element "INCLUDE">
+<![ %refsynopsisdivinfo.element; [
+<!ELEMENT RefSynopsisDivInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of refsynopsisdivinfo.element-->]]>
+
+<!ENTITY % refsynopsisdivinfo.attlist "INCLUDE">
+<![ %refsynopsisdivinfo.attlist; [
+<!ATTLIST RefSynopsisDivInfo
+		%common.attrib;
+		%refsynopsisdivinfo.role.attrib;
+		%local.refsynopsisdivinfo.attrib;
+>
+<!--end of refsynopsisdivinfo.attlist-->]]>
+<!--end of refsynopsisdivinfo.module-->]]>
+
+
+<!ENTITY % referenceinfo.module "INCLUDE">
+<![ %referenceinfo.module; [
+<!ENTITY % local.referenceinfo.attrib "">
+<!ENTITY % referenceinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % referenceinfo.element "INCLUDE">
+<![ %referenceinfo.element; [
+<!ELEMENT ReferenceInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of referenceinfo.element-->]]>
+
+<!ENTITY % referenceinfo.attlist "INCLUDE">
+<![ %referenceinfo.attlist; [
+<!ATTLIST ReferenceInfo
+		%common.attrib;
+		%referenceinfo.role.attrib;
+		%local.referenceinfo.attrib;
+>
+<!--end of referenceinfo.attlist-->]]>
+<!--end of referenceinfo.module-->]]>
+
+
+<!ENTITY % sect1info.module "INCLUDE">
+<![ %sect1info.module; [
+<!ENTITY % local.sect1info.attrib "">
+<!ENTITY % sect1info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect1info.element "INCLUDE">
+<![ %sect1info.element; [
+<!ELEMENT Sect1Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect1info.element-->]]>
+
+<!ENTITY % sect1info.attlist "INCLUDE">
+<![ %sect1info.attlist; [
+<!ATTLIST Sect1Info
+		%common.attrib;
+		%sect1info.role.attrib;
+		%local.sect1info.attrib;
+>
+<!--end of sect1info.attlist-->]]>
+<!--end of sect1info.module-->]]>
+
+
+<!ENTITY % sect2info.module "INCLUDE">
+<![ %sect2info.module; [
+<!ENTITY % local.sect2info.attrib "">
+<!ENTITY % sect2info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect2info.element "INCLUDE">
+<![ %sect2info.element; [
+<!ELEMENT Sect2Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect2info.element-->]]>
+
+<!ENTITY % sect2info.attlist "INCLUDE">
+<![ %sect2info.attlist; [
+<!ATTLIST Sect2Info
+		%common.attrib;
+		%sect2info.role.attrib;
+		%local.sect2info.attrib;
+>
+<!--end of sect2info.attlist-->]]>
+<!--end of sect2info.module-->]]>
+
+
+<!ENTITY % sect3info.module "INCLUDE">
+<![ %sect3info.module; [
+<!ENTITY % local.sect3info.attrib "">
+<!ENTITY % sect3info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect3info.element "INCLUDE">
+<![ %sect3info.element; [
+<!ELEMENT Sect3Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect3info.element-->]]>
+
+<!ENTITY % sect3info.attlist "INCLUDE">
+<![ %sect3info.attlist; [
+<!ATTLIST Sect3Info
+		%common.attrib;
+		%sect3info.role.attrib;
+		%local.sect3info.attrib;
+>
+<!--end of sect3info.attlist-->]]>
+<!--end of sect3info.module-->]]>
+
+
+<!ENTITY % sect4info.module "INCLUDE">
+<![ %sect4info.module; [
+<!ENTITY % local.sect4info.attrib "">
+<!ENTITY % sect4info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect4info.element "INCLUDE">
+<![ %sect4info.element; [
+<!ELEMENT Sect4Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect4info.element-->]]>
+
+<!ENTITY % sect4info.attlist "INCLUDE">
+<![ %sect4info.attlist; [
+<!ATTLIST Sect4Info
+		%common.attrib;
+		%sect4info.role.attrib;
+		%local.sect4info.attrib;
+>
+<!--end of sect4info.attlist-->]]>
+<!--end of sect4info.module-->]]>
+
+
+<!ENTITY % sect5info.module "INCLUDE">
+<![ %sect5info.module; [
+<!ENTITY % local.sect5info.attrib "">
+<!ENTITY % sect5info.role.attrib "%role.attrib;">
+
+<!ENTITY % sect5info.element "INCLUDE">
+<![ %sect5info.element; [
+<!ELEMENT Sect5Info - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of sect5info.element-->]]>
+
+<!ENTITY % sect5info.attlist "INCLUDE">
+<![ %sect5info.attlist; [
+<!ATTLIST Sect5Info
+		%common.attrib;
+		%sect5info.role.attrib;
+		%local.sect5info.attrib;
+>
+<!--end of sect5info.attlist-->]]>
+<!--end of sect5info.module-->]]>
+
+
+<!ENTITY % setindexinfo.module "INCLUDE">
+<![ %setindexinfo.module; [
+<!ENTITY % local.setindexinfo.attrib "">
+<!ENTITY % setindexinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % setindexinfo.element "INCLUDE">
+<![ %setindexinfo.element; [
+<!ELEMENT SetIndexInfo - - ((Graphic | MediaObject 
+		| LegalNotice | ModeSpec 
+		| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+		%beginpage.exclusion;>
+<!--end of setindexinfo.element-->]]>
+
+<!ENTITY % setindexinfo.attlist "INCLUDE">
+<![ %setindexinfo.attlist; [
+<!ATTLIST SetIndexInfo
+		%common.attrib;
+		%setindexinfo.role.attrib;
+		%local.setindexinfo.attrib;
+>
+<!--end of setindexinfo.attlist-->]]>
+<!--end of setindexinfo.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Section (parallel to Sect*) ......................................... -->
+
+<!ENTITY % section.content.module "INCLUDE">
+<![ %section.content.module; [
+<!ENTITY % section.module "INCLUDE">
+<![ %section.module; [
+<!ENTITY % local.section.attrib "">
+<!ENTITY % section.role.attrib "%role.attrib;">
+
+<!ENTITY % section.element "INCLUDE">
+<![ %section.element; [
+<!ELEMENT Section - - (SectionInfo?,
+			(%sect.title.content;),
+			(%nav.class;)*,
+			(((%divcomponent.mix;)+,
+ 			  ((%refentry.class;)*|Section*))
+			 | (%refentry.class;)+|Section+),
+			(%nav.class;)*)
+			%ubiq.inclusion;>
+<!--end of section.element-->]]>
+
+<!ENTITY % section.attlist "INCLUDE">
+<![ %section.attlist; [
+<!ATTLIST Section
+		--
+		What did we decide about RenderAs?
+		Renderas	(Sect1
+ 				|Sect2
+				|Sect3
+ 				|Sect4
+ 				|Sect5)		#IMPLIED
+		--
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%section.role.attrib;
+		%local.section.attrib;
+>
+<!--end of section.attlist-->]]>
+<!--end of section.module-->]]>
+
+<!ENTITY % sectioninfo.module "INCLUDE">
+<![ %sectioninfo.module; [
+<!ENTITY % sectioninfo.role.attrib "%role.attrib;">
+<!ENTITY % local.sectioninfo.attrib "">
+
+<!ENTITY % sectioninfo.element "INCLUDE">
+<![ %sectioninfo.element; [
+<!ELEMENT SectionInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of sectioninfo.element-->]]>
+
+<!ENTITY % sectioninfo.attlist "INCLUDE">
+<![ %sectioninfo.attlist; [
+<!ATTLIST SectionInfo
+		%common.attrib;
+		%sectioninfo.role.attrib;
+		%local.sectioninfo.attrib;
+>
+<!--end of sectioninfo.attlist-->]]>
+<!--end of sectioninfo.module-->]]>
+<!--end of section.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Sect1, Sect2, Sect3, Sect4, Sect5 .................................... -->
+
+<!ENTITY % sect1.module "INCLUDE">
+<![ %sect1.module; [
+<!ENTITY % local.sect1.attrib "">
+<!ENTITY % sect1.role.attrib "%role.attrib;">
+
+<!ENTITY % sect1.element "INCLUDE">
+<![ %sect1.element; [
+<!ELEMENT Sect1 - O (Sect1Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect2* | SimpleSect*))
+		| (%refentry.class;)+ | Sect2+ | SimpleSect+), (%nav.class;)*)
+		%ubiq.inclusion;>
+<!--end of sect1.element-->]]>
+
+<!ENTITY % sect1.attlist "INCLUDE">
+<![ %sect1.attlist; [
+<!ATTLIST Sect1
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect2
+				|Sect3
+				|Sect4
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect1.role.attrib;
+		%local.sect1.attrib;
+>
+<!--end of sect1.attlist-->]]>
+<!--end of sect1.module-->]]>
+
+<!ENTITY % sect2.module "INCLUDE">
+<![ %sect2.module; [
+<!ENTITY % local.sect2.attrib "">
+<!ENTITY % sect2.role.attrib "%role.attrib;">
+
+<!ENTITY % sect2.element "INCLUDE">
+<![ %sect2.element; [
+<!ELEMENT Sect2 - O (Sect2Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect3* | SimpleSect*))
+		| (%refentry.class;)+ | Sect3+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect2.element-->]]>
+
+<!ENTITY % sect2.attlist "INCLUDE">
+<![ %sect2.attlist; [
+<!ATTLIST Sect2
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect3
+				|Sect4
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect2.role.attrib;
+		%local.sect2.attrib;
+>
+<!--end of sect2.attlist-->]]>
+<!--end of sect2.module-->]]>
+
+<!ENTITY % sect3.module "INCLUDE">
+<![ %sect3.module; [
+<!ENTITY % local.sect3.attrib "">
+<!ENTITY % sect3.role.attrib "%role.attrib;">
+
+<!ENTITY % sect3.element "INCLUDE">
+<![ %sect3.element; [
+<!ELEMENT Sect3 - O (Sect3Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect4* | SimpleSect*))
+		| (%refentry.class;)+ | Sect4+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect3.element-->]]>
+
+<!ENTITY % sect3.attlist "INCLUDE">
+<![ %sect3.attlist; [
+<!ATTLIST Sect3
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect2
+				|Sect4
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect3.role.attrib;
+		%local.sect3.attrib;
+>
+<!--end of sect3.attlist-->]]>
+<!--end of sect3.module-->]]>
+
+<!ENTITY % sect4.module "INCLUDE">
+<![ %sect4.module; [
+<!ENTITY % local.sect4.attrib "">
+<!ENTITY % sect4.role.attrib "%role.attrib;">
+
+<!ENTITY % sect4.element "INCLUDE">
+<![ %sect4.element; [
+<!ELEMENT Sect4 - O (Sect4Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, 
+		((%refentry.class;)* | Sect5* | SimpleSect*))
+		| (%refentry.class;)+ | Sect5+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect4.element-->]]>
+
+<!ENTITY % sect4.attlist "INCLUDE">
+<![ %sect4.attlist; [
+<!ATTLIST Sect4
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect2
+				|Sect3
+				|Sect5)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect4.role.attrib;
+		%local.sect4.attrib;
+>
+<!--end of sect4.attlist-->]]>
+<!--end of sect4.module-->]]>
+
+<!ENTITY % sect5.module "INCLUDE">
+<![ %sect5.module; [
+<!ENTITY % local.sect5.attrib "">
+<!ENTITY % sect5.role.attrib "%role.attrib;">
+
+<!ENTITY % sect5.element "INCLUDE">
+<![ %sect5.element; [
+<!ELEMENT Sect5 - O (Sect5Info?, (%sect.title.content;), (%nav.class;)*,
+		(((%divcomponent.mix;)+, ((%refentry.class;)* | SimpleSect*))
+		| (%refentry.class;)+ | SimpleSect+), (%nav.class;)*)>
+<!--end of sect5.element-->]]>
+
+<!ENTITY % sect5.attlist "INCLUDE">
+<![ %sect5.attlist; [
+<!ATTLIST Sect5
+		--
+		Renderas: Indicates the format in which the heading should
+		appear
+		--
+		Renderas	(Sect1
+				|Sect2
+				|Sect3
+				|Sect4)		#IMPLIED
+		%label.attrib;
+		%status.attrib;
+		%common.attrib;
+		%sect5.role.attrib;
+		%local.sect5.attrib;
+>
+<!--end of sect5.attlist-->]]>
+<!--end of sect5.module-->]]>
+
+<!ENTITY % simplesect.module "INCLUDE">
+<![ %simplesect.module; [
+<!ENTITY % local.simplesect.attrib "">
+<!ENTITY % simplesect.role.attrib "%role.attrib;">
+
+<!ENTITY % simplesect.element "INCLUDE">
+<![ %simplesect.element; [
+<!ELEMENT SimpleSect - O ((%sect.title.content;), (%divcomponent.mix;)+)
+		%ubiq.inclusion;>
+<!--end of simplesect.element-->]]>
+
+<!ENTITY % simplesect.attlist "INCLUDE">
+<![ %simplesect.attlist; [
+<!ATTLIST SimpleSect
+		%common.attrib;
+		%simplesect.role.attrib;
+		%local.simplesect.attrib;
+>
+<!--end of simplesect.attlist-->]]>
+<!--end of simplesect.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Bibliography ......................................................... -->
+
+<!ENTITY % bibliography.content.module "INCLUDE">
+<![ %bibliography.content.module; [
+<!ENTITY % bibliography.module "INCLUDE">
+<![ %bibliography.module; [
+<!ENTITY % local.bibliography.attrib "">
+<!ENTITY % bibliography.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliography.element "INCLUDE">
+<![ %bibliography.element; [
+<!ELEMENT Bibliography - O (BibliographyInfo?,
+		(%bookcomponent.title.content;)?,
+		(%component.mix;)*, 
+		(BiblioDiv+ | (BiblioEntry|BiblioMixed)+))>
+<!--end of bibliography.element-->]]>
+
+<!ENTITY % bibliography.attlist "INCLUDE">
+<![ %bibliography.attlist; [
+<!ATTLIST Bibliography
+		%status.attrib;
+		%common.attrib;
+		%bibliography.role.attrib;
+		%local.bibliography.attrib;
+>
+<!--end of bibliography.attlist-->]]>
+<!--end of bibliography.module-->]]>
+
+<!ENTITY % bibliodiv.module "INCLUDE">
+<![ %bibliodiv.module; [
+<!ENTITY % local.bibliodiv.attrib "">
+<!ENTITY % bibliodiv.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliodiv.element "INCLUDE">
+<![ %bibliodiv.element; [
+<!ELEMENT BiblioDiv - O ((%sect.title.content;)?, (%component.mix;)*,
+		(BiblioEntry|BiblioMixed)+)>
+<!--end of bibliodiv.element-->]]>
+
+<!ENTITY % bibliodiv.attlist "INCLUDE">
+<![ %bibliodiv.attlist; [
+<!ATTLIST BiblioDiv
+		%status.attrib;
+		%common.attrib;
+		%bibliodiv.role.attrib;
+		%local.bibliodiv.attrib;
+>
+<!--end of bibliodiv.attlist-->]]>
+<!--end of bibliodiv.module-->]]>
+<!--end of bibliography.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Glossary ............................................................. -->
+
+<!ENTITY % glossary.content.module "INCLUDE">
+<![ %glossary.content.module; [
+<!ENTITY % glossary.module "INCLUDE">
+<![ %glossary.module; [
+<!ENTITY % local.glossary.attrib "">
+<!ENTITY % glossary.role.attrib "%role.attrib;">
+
+<!ENTITY % glossary.element "INCLUDE">
+<![ %glossary.element; [
+<!ELEMENT Glossary - O (GlossaryInfo?,
+		(%bookcomponent.title.content;)?, (%component.mix;)*,
+		(GlossDiv+ | GlossEntry+), Bibliography?)>
+<!--end of glossary.element-->]]>
+
+<!ENTITY % glossary.attlist "INCLUDE">
+<![ %glossary.attlist; [
+<!ATTLIST Glossary
+		%status.attrib;
+		%common.attrib;
+		%glossary.role.attrib;
+		%local.glossary.attrib;
+>
+<!--end of glossary.attlist-->]]>
+<!--end of glossary.module-->]]>
+
+<!ENTITY % glossdiv.module "INCLUDE">
+<![ %glossdiv.module; [
+<!ENTITY % local.glossdiv.attrib "">
+<!ENTITY % glossdiv.role.attrib "%role.attrib;">
+
+<!ENTITY % glossdiv.element "INCLUDE">
+<![ %glossdiv.element; [
+<!ELEMENT GlossDiv - O ((%sect.title.content;), (%component.mix;)*,
+		GlossEntry+)>
+<!--end of glossdiv.element-->]]>
+
+<!ENTITY % glossdiv.attlist "INCLUDE">
+<![ %glossdiv.attlist; [
+<!ATTLIST GlossDiv
+		%status.attrib;
+		%common.attrib;
+		%glossdiv.role.attrib;
+		%local.glossdiv.attrib;
+>
+<!--end of glossdiv.attlist-->]]>
+<!--end of glossdiv.module-->]]>
+<!--end of glossary.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Index and SetIndex ................................................... -->
+
+<!ENTITY % index.content.module "INCLUDE">
+<![ %index.content.module; [
+<!ENTITY % index.module "INCLUDE">
+<![ %index.module; [
+<!ENTITY % local.index.attrib "">
+<!ENTITY % index.role.attrib "%role.attrib;">
+
+<!ENTITY % index.element "INCLUDE">
+<![ %index.element; [
+<!ELEMENT Index - O (IndexInfo?, (%bookcomponent.title.content;)?,
+		(%component.mix;)*, (IndexDiv* | IndexEntry*))
+		%ndxterm.exclusion;>
+<!--end of index.element-->]]>
+
+<!ENTITY % index.attlist "INCLUDE">
+<![ %index.attlist; [
+<!ATTLIST Index
+		%common.attrib;
+		%index.role.attrib;
+		%local.index.attrib;
+>
+<!--end of index.attlist-->]]>
+<!--end of index.module-->]]>
+
+<!ENTITY % setindex.module "INCLUDE">
+<![ %setindex.module; [
+<!ENTITY % local.setindex.attrib "">
+<!ENTITY % setindex.role.attrib "%role.attrib;">
+
+<!ENTITY % setindex.element "INCLUDE">
+<![ %setindex.element; [
+<!ELEMENT SetIndex - O (SetIndexInfo?, (%bookcomponent.title.content;)?,
+		(%component.mix;)*, (IndexDiv* | IndexEntry*))
+		%ndxterm.exclusion;>
+<!--end of setindex.element-->]]>
+
+<!ENTITY % setindex.attlist "INCLUDE">
+<![ %setindex.attlist; [
+<!ATTLIST SetIndex
+		%common.attrib;
+		%setindex.role.attrib;
+		%local.setindex.attrib;
+>
+<!--end of setindex.attlist-->]]>
+<!--end of setindex.module-->]]>
+
+<!ENTITY % indexdiv.module "INCLUDE">
+<![ %indexdiv.module; [
+
+<!-- SegmentedList in this content is useful for marking up permuted
+     indices. -->
+
+<!ENTITY % local.indexdiv.attrib "">
+<!ENTITY % indexdiv.role.attrib "%role.attrib;">
+
+<!ENTITY % indexdiv.element "INCLUDE">
+<![ %indexdiv.element; [
+<!ELEMENT IndexDiv - O ((%sect.title.content;)?, ((%indexdivcomponent.mix;)*,
+		(IndexEntry+ | SegmentedList)))>
+<!--end of indexdiv.element-->]]>
+
+<!ENTITY % indexdiv.attlist "INCLUDE">
+<![ %indexdiv.attlist; [
+<!ATTLIST IndexDiv
+		%common.attrib;
+		%indexdiv.role.attrib;
+		%local.indexdiv.attrib;
+>
+<!--end of indexdiv.attlist-->]]>
+<!--end of indexdiv.module-->]]>
+
+<!ENTITY % indexentry.module "INCLUDE">
+<![ %indexentry.module; [
+<!-- Index entries appear in the index, not the text. -->
+
+<!ENTITY % local.indexentry.attrib "">
+<!ENTITY % indexentry.role.attrib "%role.attrib;">
+
+<!ENTITY % indexentry.element "INCLUDE">
+<![ %indexentry.element; [
+<!ELEMENT IndexEntry - O (PrimaryIE, (SeeIE|SeeAlsoIE)*,
+		(SecondaryIE, (SeeIE|SeeAlsoIE|TertiaryIE)*)*)>
+<!--end of indexentry.element-->]]>
+
+<!ENTITY % indexentry.attlist "INCLUDE">
+<![ %indexentry.attlist; [
+<!ATTLIST IndexEntry
+		%common.attrib;
+		%indexentry.role.attrib;
+		%local.indexentry.attrib;
+>
+<!--end of indexentry.attlist-->]]>
+<!--end of indexentry.module-->]]>
+
+<!ENTITY % primsecterie.module "INCLUDE">
+<![ %primsecterie.module; [
+<!ENTITY % local.primsecterie.attrib "">
+<!ENTITY % primsecterie.role.attrib "%role.attrib;">
+
+<!ENTITY % primsecterie.elements "INCLUDE">
+<![ %primsecterie.elements; [
+<!ELEMENT (PrimaryIE | SecondaryIE | TertiaryIE) - O ((%ndxterm.char.mix;)+)>
+<!--end of primsecterie.elements-->]]>
+
+<!ENTITY % primsecterie.attlists "INCLUDE">
+<![ %primsecterie.attlists; [
+<!ATTLIST (PrimaryIE | SecondaryIE | TertiaryIE)
+		%linkends.attrib; --to IndexTerms that these entries represent--
+		%common.attrib;
+		%primsecterie.role.attrib;
+		%local.primsecterie.attrib;
+>
+<!--end of primsecterie.attlists-->]]>
+<!--end of primsecterie.module-->]]>
+	
+<!ENTITY % seeie.module "INCLUDE">
+<![ %seeie.module; [
+<!ENTITY % local.seeie.attrib "">
+<!ENTITY % seeie.role.attrib "%role.attrib;">
+
+<!ENTITY % seeie.element "INCLUDE">
+<![ %seeie.element; [
+<!ELEMENT SeeIE - O ((%ndxterm.char.mix;)+)>
+<!--end of seeie.element-->]]>
+
+<!ENTITY % seeie.attlist "INCLUDE">
+<![ %seeie.attlist; [
+<!ATTLIST SeeIE
+		%linkend.attrib; --to IndexEntry to look up--
+		%common.attrib;
+		%seeie.role.attrib;
+		%local.seeie.attrib;
+>
+<!--end of seeie.attlist-->]]>
+<!--end of seeie.module-->]]>
+
+<!ENTITY % seealsoie.module "INCLUDE">
+<![ %seealsoie.module; [
+<!ENTITY % local.seealsoie.attrib "">
+<!ENTITY % seealsoie.role.attrib "%role.attrib;">
+
+<!ENTITY % seealsoie.element "INCLUDE">
+<![ %seealsoie.element; [
+<!ELEMENT SeeAlsoIE - O ((%ndxterm.char.mix;)+)>
+<!--end of seealsoie.element-->]]>
+
+<!ENTITY % seealsoie.attlist "INCLUDE">
+<![ %seealsoie.attlist; [
+<!ATTLIST SeeAlsoIE
+		%linkends.attrib; --to related IndexEntries--
+		%common.attrib;
+		%seealsoie.role.attrib;
+		%local.seealsoie.attrib;
+>
+<!--end of seealsoie.attlist-->]]>
+<!--end of seealsoie.module-->]]>
+<!--end of index.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- RefEntry ............................................................. -->
+
+<!ENTITY % refentry.content.module "INCLUDE">
+<![ %refentry.content.module; [
+<!ENTITY % refentry.module "INCLUDE">
+<![ %refentry.module; [
+<!ENTITY % local.refentry.attrib "">
+<!ENTITY % refentry.role.attrib "%role.attrib;">
+
+<!ENTITY % refentry.element "INCLUDE">
+<![ %refentry.element; [
+<!ELEMENT RefEntry - O (RefEntryInfo?, RefMeta?, (Remark|%link.char.class;)*,
+		RefNameDiv, RefSynopsisDiv?, RefSect1+) %ubiq.inclusion;>
+<!--end of refentry.element-->]]>
+
+<!ENTITY % refentry.attlist "INCLUDE">
+<![ %refentry.attlist; [
+<!ATTLIST RefEntry
+		%status.attrib;
+		%common.attrib;
+		%refentry.role.attrib;
+		%local.refentry.attrib;
+>
+<!--end of refentry.attlist-->]]>
+<!--end of refentry.module-->]]>
+
+<!ENTITY % refmeta.module "INCLUDE">
+<![ %refmeta.module; [
+<!ENTITY % local.refmeta.attrib "">
+<!ENTITY % refmeta.role.attrib "%role.attrib;">
+
+<!ENTITY % refmeta.element "INCLUDE">
+<![ %refmeta.element; [
+<!ELEMENT RefMeta - - (RefEntryTitle, ManVolNum?, RefMiscInfo*)
+		%beginpage.exclusion;>
+<!--end of refmeta.element-->]]>
+
+<!ENTITY % refmeta.attlist "INCLUDE">
+<![ %refmeta.attlist; [
+<!ATTLIST RefMeta
+		%common.attrib;
+		%refmeta.role.attrib;
+		%local.refmeta.attrib;
+>
+<!--end of refmeta.attlist-->]]>
+<!--end of refmeta.module-->]]>
+
+<!ENTITY % refmiscinfo.module "INCLUDE">
+<![ %refmiscinfo.module; [
+<!ENTITY % local.refmiscinfo.attrib "">
+<!ENTITY % refmiscinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % refmiscinfo.element "INCLUDE">
+<![ %refmiscinfo.element; [
+<!ELEMENT RefMiscInfo - - ((%docinfo.char.mix;)+)>
+<!--end of refmiscinfo.element-->]]>
+
+<!ENTITY % refmiscinfo.attlist "INCLUDE">
+<![ %refmiscinfo.attlist; [
+<!ATTLIST RefMiscInfo
+		--
+		Class: Freely assignable parameter; no default
+		--
+		Class		CDATA		#IMPLIED
+		%common.attrib;
+		%refmiscinfo.role.attrib;
+		%local.refmiscinfo.attrib;
+>
+<!--end of refmiscinfo.attlist-->]]>
+<!--end of refmiscinfo.module-->]]>
+
+<!ENTITY % refnamediv.module "INCLUDE">
+<![ %refnamediv.module; [
+<!ENTITY % local.refnamediv.attrib "">
+<!ENTITY % refnamediv.role.attrib "%role.attrib;">
+
+<!ENTITY % refnamediv.element "INCLUDE">
+<![ %refnamediv.element; [
+<!ELEMENT RefNameDiv - O (RefDescriptor?, RefName+, RefPurpose, RefClass*,
+		(Remark|%link.char.class;)*)>
+<!--end of refnamediv.element-->]]>
+
+<!ENTITY % refnamediv.attlist "INCLUDE">
+<![ %refnamediv.attlist; [
+<!ATTLIST RefNameDiv
+		%common.attrib;
+		%refnamediv.role.attrib;
+		%local.refnamediv.attrib;
+>
+<!--end of refnamediv.attlist-->]]>
+<!--end of refnamediv.module-->]]>
+	
+<!ENTITY % refdescriptor.module "INCLUDE">
+<![ %refdescriptor.module; [
+<!ENTITY % local.refdescriptor.attrib "">
+<!ENTITY % refdescriptor.role.attrib "%role.attrib;">
+
+<!ENTITY % refdescriptor.element "INCLUDE">
+<![ %refdescriptor.element; [
+<!ELEMENT RefDescriptor - O ((%refname.char.mix;)+)>
+<!--end of refdescriptor.element-->]]>
+
+<!ENTITY % refdescriptor.attlist "INCLUDE">
+<![ %refdescriptor.attlist; [
+<!ATTLIST RefDescriptor
+		%common.attrib;
+		%refdescriptor.role.attrib;
+		%local.refdescriptor.attrib;
+>
+<!--end of refdescriptor.attlist-->]]>
+<!--end of refdescriptor.module-->]]>
+
+<!ENTITY % refname.module "INCLUDE">
+<![ %refname.module; [
+<!ENTITY % local.refname.attrib "">
+<!ENTITY % refname.role.attrib "%role.attrib;">
+
+<!ENTITY % refname.element "INCLUDE">
+<![ %refname.element; [
+<!ELEMENT RefName - O ((%refname.char.mix;)+)>
+<!--end of refname.element-->]]>
+
+<!ENTITY % refname.attlist "INCLUDE">
+<![ %refname.attlist; [
+<!ATTLIST RefName
+		%common.attrib;
+		%refname.role.attrib;
+		%local.refname.attrib;
+>
+<!--end of refname.attlist-->]]>
+<!--end of refname.module-->]]>
+
+<!ENTITY % refpurpose.module "INCLUDE">
+<![ %refpurpose.module; [
+<!ENTITY % local.refpurpose.attrib "">
+<!ENTITY % refpurpose.role.attrib "%role.attrib;">
+
+<!ENTITY % refpurpose.element "INCLUDE">
+<![ %refpurpose.element; [
+<!ELEMENT RefPurpose - O ((%refinline.char.mix;)+)>
+<!--end of refpurpose.element-->]]>
+
+<!ENTITY % refpurpose.attlist "INCLUDE">
+<![ %refpurpose.attlist; [
+<!ATTLIST RefPurpose
+		%common.attrib;
+		%refpurpose.role.attrib;
+		%local.refpurpose.attrib;
+>
+<!--end of refpurpose.attlist-->]]>
+<!--end of refpurpose.module-->]]>
+
+<!ENTITY % refclass.module "INCLUDE">
+<![ %refclass.module; [
+<!ENTITY % local.refclass.attrib "">
+<!ENTITY % refclass.role.attrib "%role.attrib;">
+
+<!ENTITY % refclass.element "INCLUDE">
+<![ %refclass.element; [
+<!ELEMENT RefClass - O ((%refclass.char.mix;)+)>
+<!--end of refclass.element-->]]>
+
+<!ENTITY % refclass.attlist "INCLUDE">
+<![ %refclass.attlist; [
+<!ATTLIST RefClass
+		%common.attrib;
+		%refclass.role.attrib;
+		%local.refclass.attrib;
+>
+<!--end of refclass.attlist-->]]>
+<!--end of refclass.module-->]]>
+
+<!ENTITY % refsynopsisdiv.module "INCLUDE">
+<![ %refsynopsisdiv.module; [
+<!ENTITY % local.refsynopsisdiv.attrib "">
+<!ENTITY % refsynopsisdiv.role.attrib "%role.attrib;">
+
+<!ENTITY % refsynopsisdiv.element "INCLUDE">
+<![ %refsynopsisdiv.element; [
+<!ELEMENT RefSynopsisDiv - O (RefSynopsisDivInfo?, (%refsect.title.content;)?,
+		(((%refcomponent.mix;)+, RefSect2*) | (RefSect2+)))>
+<!--end of refsynopsisdiv.element-->]]>
+
+<!ENTITY % refsynopsisdiv.attlist "INCLUDE">
+<![ %refsynopsisdiv.attlist; [
+<!ATTLIST RefSynopsisDiv
+		%common.attrib;
+		%refsynopsisdiv.role.attrib;
+		%local.refsynopsisdiv.attrib;
+>
+<!--end of refsynopsisdiv.attlist-->]]>
+<!--end of refsynopsisdiv.module-->]]>
+
+<!ENTITY % refsect1.module "INCLUDE">
+<![ %refsect1.module; [
+<!ENTITY % local.refsect1.attrib "">
+<!ENTITY % refsect1.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect1.element "INCLUDE">
+<![ %refsect1.element; [
+<!ELEMENT RefSect1 - O (RefSect1Info?, (%refsect.title.content;),
+		(((%refcomponent.mix;)+, RefSect2*) | RefSect2+))>
+<!--end of refsect1.element-->]]>
+
+<!ENTITY % refsect1.attlist "INCLUDE">
+<![ %refsect1.attlist; [
+<!ATTLIST RefSect1
+		%status.attrib;
+		%common.attrib;
+		%refsect1.role.attrib;
+		%local.refsect1.attrib;
+>
+<!--end of refsect1.attlist-->]]>
+<!--end of refsect1.module-->]]>
+
+<!ENTITY % refsect2.module "INCLUDE">
+<![ %refsect2.module; [
+<!ENTITY % local.refsect2.attrib "">
+<!ENTITY % refsect2.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect2.element "INCLUDE">
+<![ %refsect2.element; [
+<!ELEMENT RefSect2 - O (RefSect2Info?, (%refsect.title.content;),
+	(((%refcomponent.mix;)+, RefSect3*) | RefSect3+))>
+<!--end of refsect2.element-->]]>
+
+<!ENTITY % refsect2.attlist "INCLUDE">
+<![ %refsect2.attlist; [
+<!ATTLIST RefSect2
+		%status.attrib;
+		%common.attrib;
+		%refsect2.role.attrib;
+		%local.refsect2.attrib;
+>
+<!--end of refsect2.attlist-->]]>
+<!--end of refsect2.module-->]]>
+
+<!ENTITY % refsect3.module "INCLUDE">
+<![ %refsect3.module; [
+<!ENTITY % local.refsect3.attrib "">
+<!ENTITY % refsect3.role.attrib "%role.attrib;">
+
+<!ENTITY % refsect3.element "INCLUDE">
+<![ %refsect3.element; [
+<!ELEMENT RefSect3 - O (RefSect3Info?, (%refsect.title.content;), 
+	(%refcomponent.mix;)+)>
+<!--end of refsect3.element-->]]>
+
+<!ENTITY % refsect3.attlist "INCLUDE">
+<![ %refsect3.attlist; [
+<!ATTLIST RefSect3
+		%status.attrib;
+		%common.attrib;
+		%refsect3.role.attrib;
+		%local.refsect3.attrib;
+>
+<!--end of refsect3.attlist-->]]>
+<!--end of refsect3.module-->]]>
+<!--end of refentry.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Article .............................................................. -->
+
+<!ENTITY % article.module "INCLUDE">
+<![ %article.module; [
+<!-- An Article is a chapter-level, stand-alone document that is often,
+     but need not be, collected into a Book. -->
+
+<!ENTITY % local.article.attrib "">
+<!ENTITY % article.role.attrib "%role.attrib;">
+
+<!ENTITY % article.element "INCLUDE">
+<![ %article.element; [
+<!ELEMENT Article - O ((%div.title.content;)?, ArticleInfo?, ToCchap?, LoT*,
+		       (%bookcomponent.content;),
+		       ((%nav.class;) | (%appendix.class;) | Ackno)*)
+		       %ubiq.inclusion;>
+<!--end of article.element-->]]>
+
+<!ENTITY % article.attlist "INCLUDE">
+<![ %article.attlist; [
+<!ATTLIST Article
+		--
+		Class: Indicates the type of a particular article;
+		all articles have the same structure and general purpose.
+		No default.
+		--
+		Class		(JournalArticle
+				|ProductSheet
+				|WhitePaper
+				|TechReport
+				|Specification
+				|FAQ)		#IMPLIED
+		--
+		ParentBook: ID of the enclosing Book
+		--
+		ParentBook	IDREF		#IMPLIED
+		%status.attrib;
+		%common.attrib;
+		%article.role.attrib;
+		%local.article.attrib;
+>
+<!--end of article.attlist-->]]>
+<!--end of article.module-->]]>
+
+<!-- End of DocBook document hierarchy module V4.1 ........................ -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/dbnotn.mod b/docs/docbook/dbsgml/dbnotn.mod
new file mode 100755
index 00000000000..32d80dd91d5
--- /dev/null
+++ b/docs/docbook/dbsgml/dbnotn.mod
@@ -0,0 +1,97 @@
+<!-- ...................................................................... -->
+<!-- DocBook notations module V4.1 ........................................ -->
+<!-- File dbnotn.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbnotn.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the entity declarations for the standard
+     notations used by DocBook.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbnotn PUBLIC
+     "-//OASIS//ENTITIES DocBook Notations V4.1//EN">
+     %dbnotn;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!ENTITY % local.notation.class "">
+<!ENTITY % notation.class
+		"BMP| CGM-CHAR | CGM-BINARY | CGM-CLEAR | DITROFF | DVI
+		| EPS | EQN | FAX | GIF | GIF87a | GIF89a 
+		| JPG | JPEG | IGES | PCX
+		| PIC | PNG | PS | SGML | TBL | TEX | TIFF | WMF | WPG
+		| linespecific
+		%local.notation.class;">
+
+<!NOTATION BMP		PUBLIC
+"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows bitmap//EN">
+<!NOTATION CGM-CHAR	PUBLIC "ISO 8632/2//NOTATION Character encoding//EN">
+<!NOTATION CGM-BINARY	PUBLIC "ISO 8632/3//NOTATION Binary encoding//EN">
+<!NOTATION CGM-CLEAR	PUBLIC "ISO 8632/4//NOTATION Clear text encoding//EN">
+<!NOTATION DITROFF	SYSTEM "DITROFF">
+<!NOTATION DVI		SYSTEM "DVI">
+<!NOTATION EPS		PUBLIC 
+"+//ISBN 0-201-18127-4::Adobe//NOTATION PostScript Language Ref. Manual//EN">
+<!-- EQN was SYSTEM "-//AT&T//NOTATION EQN-1//EN" -->
+<!NOTATION EQN		SYSTEM>
+<!NOTATION FAX		PUBLIC 
+"-//USA-DOD//NOTATION CCITT Group 4 Facsimile Type 1 Untiled Raster//EN">
+<!NOTATION GIF		SYSTEM "GIF">
+<!NOTATION GIF87a               PUBLIC
+"-//CompuServe//NOTATION Graphics Interchange Format 87a//EN">
+
+<!NOTATION GIF89a               PUBLIC
+"-//CompuServe//NOTATION Graphics Interchange Format 89a//EN">
+<!NOTATION JPG		SYSTEM "JPG">
+<!NOTATION JPEG		SYSTEM "JPG">
+<!NOTATION IGES		PUBLIC 
+"-//USA-DOD//NOTATION (ASME/ANSI Y14.26M-1987) Initial Graphics Exchange Specification//EN">
+<!NOTATION PCX		PUBLIC 
+"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION ZSoft PCX bitmap//EN">
+<!-- PIC was SYSTEM "-//AT&T//NOTATION EQN-1//EN" -->
+<!NOTATION PIC		SYSTEM>
+<!NOTATION PNG          SYSTEM "http://www.w3.org/TR/REC-png">
+<!NOTATION PS		SYSTEM "PS">
+<!NOTATION SGML		PUBLIC 
+"ISO 8879:1986//NOTATION Standard Generalized Markup Language//EN">
+<!-- TBL was SYSTEM "-//AT&T//NOTATION EQN-1//EN" -->
+<!NOTATION TBL		SYSTEM>
+<!NOTATION TEX		PUBLIC 
+"+//ISBN 0-201-13448-9::Knuth//NOTATION The TeXbook//EN">
+<!NOTATION TIFF		SYSTEM "TIFF">
+<!NOTATION WMF		PUBLIC 
+"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows Metafile//EN">
+<!NOTATION WPG		SYSTEM "WPG" --WordPerfect Graphic format-->
+<!NOTATION linespecific	SYSTEM 
+"line ends and leading white space must be preserved in output">
diff --git a/docs/docbook/dbsgml/dbpool.mod b/docs/docbook/dbsgml/dbpool.mod
new file mode 100755
index 00000000000..14dfb6a7cb8
--- /dev/null
+++ b/docs/docbook/dbsgml/dbpool.mod
@@ -0,0 +1,7396 @@
+<!-- ...................................................................... -->
+<!-- DocBook information pool module V4.1 ................................. -->
+<!-- File dbpool.mod ...................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: dbpool.mod,v 1.1.2.1 2001/02/28 19:05:00 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This module contains the definitions for the objects, inline
+     elements, and so on that are available to be used as the main
+     content of DocBook documents.  Some elements are useful for general
+     publishing, and others are useful specifically for computer
+     documentation.
+
+     This module has the following dependencies on other modules:
+
+     o It assumes that a %notation.class; entity is defined by the
+       driver file or other high-level module.  This entity is
+       referenced in the NOTATION attributes for the graphic-related and
+       ModeSpec elements.
+
+     o It assumes that an appropriately parameterized table module is
+       available for use with the table-related elements.
+
+     In DTD driver files referring to this module, please use an entity
+     declaration that uses the public identifier shown below:
+
+     <!ENTITY % dbpool PUBLIC
+     "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN">
+     %dbpool;
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+<!-- General-purpose semantics entities ................................... -->
+
+<!ENTITY % yesorno.attvals	"NUMBER">
+
+<![IGNORE[
+<!ENTITY % yes.attval		"1"> <!-- never actually used -->
+]]>
+
+<!ENTITY % no.attval		"0">
+
+<!-- ...................................................................... -->
+<!-- Entities for module inclusions ....................................... -->
+
+<!ENTITY % dbpool.redecl.module "IGNORE">
+
+<!-- ...................................................................... -->
+<!-- Entities for element classes and mixtures ............................ -->
+
+<!-- Object-level classes ................................................. -->
+
+<!ENTITY % local.list.class "">
+<!ENTITY % list.class
+		"CalloutList|GlossList|ItemizedList|OrderedList|SegmentedList
+		|SimpleList|VariableList %local.list.class;">
+
+<!ENTITY % local.admon.class "">
+<!ENTITY % admon.class
+		"Caution|Important|Note|Tip|Warning %local.admon.class;">
+
+<!ENTITY % local.linespecific.class "">
+<!ENTITY % linespecific.class
+		"LiteralLayout|ProgramListing|ProgramListingCO|Screen
+		|ScreenCO|ScreenShot %local.linespecific.class;">
+
+<!ENTITY % local.method.synop.class "">
+<!ENTITY % method.synop.class
+		"ConstructorSynopsis
+                 |DestructorSynopsis
+                 |MethodSynopsis %local.method.synop.class;">
+
+<!ENTITY % local.synop.class "">
+<!ENTITY % synop.class
+		"Synopsis|CmdSynopsis|FuncSynopsis
+                 |ClassSynopsis|FieldSynopsis
+                 |%method.synop.class; %local.synop.class;">
+
+<!ENTITY % local.para.class "">
+<!ENTITY % para.class
+		"FormalPara|Para|SimPara %local.para.class;">
+
+<!ENTITY % local.informal.class "">
+<!ENTITY % informal.class
+		"Address|BlockQuote
+		|Graphic|GraphicCO|MediaObject|MediaObjectCO
+		|InformalEquation
+		|InformalExample
+		|InformalFigure
+		|InformalTable %local.informal.class;">
+
+<!ENTITY % local.formal.class "">
+<!ENTITY % formal.class
+		"Equation|Example|Figure|Table %local.formal.class;">
+
+<!-- The DocBook TC may produce an official EBNF module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % ebnf.block.hook "">
+
+<!ENTITY % local.compound.class "">
+<!ENTITY % compound.class
+		"MsgSet|Procedure|Sidebar|QandASet
+                 %ebnf.block.hook;
+                 %local.compound.class;">
+
+<!ENTITY % local.genobj.class "">
+<!ENTITY % genobj.class
+		"Anchor|BridgeHead|Remark|Highlights
+		%local.genobj.class;">
+
+<!ENTITY % local.descobj.class "">
+<!ENTITY % descobj.class
+		"Abstract|AuthorBlurb|Epigraph
+		%local.descobj.class;">
+
+<!-- Character-level classes .............................................. -->
+
+<!ENTITY % local.ndxterm.class "">
+<!ENTITY % ndxterm.class
+		"IndexTerm %local.ndxterm.class;">
+
+<!ENTITY % local.xref.char.class "">
+<!ENTITY % xref.char.class
+		"FootnoteRef|XRef %local.xref.char.class;">
+
+<!ENTITY % local.gen.char.class "">
+<!ENTITY % gen.char.class
+		"Abbrev|Acronym|Citation|CiteRefEntry|CiteTitle|Emphasis
+		|FirstTerm|ForeignPhrase|GlossTerm|Footnote|Phrase
+		|Quote|Trademark|WordAsWord %local.gen.char.class;">
+
+<!ENTITY % local.link.char.class "">
+<!ENTITY % link.char.class
+		"Link|OLink|ULink %local.link.char.class;">
+
+<!-- The DocBook TC may produce an official EBNF module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % ebnf.inline.hook "">
+
+<!ENTITY % local.tech.char.class "">
+<!ENTITY % tech.char.class
+		"Action|Application
+                |ClassName|MethodName|InterfaceName|ExceptionName
+                |OOClass|OOInterface|OOException
+                |Command|ComputerOutput
+		|Database|Email|EnVar|ErrorCode|ErrorName|ErrorType|Filename
+		|Function|GUIButton|GUIIcon|GUILabel|GUIMenu|GUIMenuItem
+		|GUISubmenu|Hardware|Interface|KeyCap
+		|KeyCode|KeyCombo|KeySym|Literal|Constant|Markup|MediaLabel
+		|MenuChoice|MouseButton|Option|Optional|Parameter
+		|Prompt|Property|Replaceable|ReturnValue|SGMLTag|StructField
+		|StructName|Symbol|SystemItem|Token|Type|UserInput|VarName
+                %ebnf.inline.hook;
+		%local.tech.char.class;">
+
+<!ENTITY % local.base.char.class "">
+<!ENTITY % base.char.class
+		"Anchor %local.base.char.class;">
+
+<!ENTITY % local.docinfo.char.class "">
+<!ENTITY % docinfo.char.class
+		"Author|AuthorInitials|CorpAuthor|ModeSpec|OtherCredit
+		|ProductName|ProductNumber|RevHistory
+		%local.docinfo.char.class;">
+
+<!ENTITY % local.other.char.class "">
+<!ENTITY % other.char.class
+		"Remark|Subscript|Superscript %local.other.char.class;">
+
+<!ENTITY % local.inlineobj.char.class "">
+<!ENTITY % inlineobj.char.class
+		"InlineGraphic|InlineMediaObject|InlineEquation %local.inlineobj.char.class;">
+
+<!-- Redeclaration placeholder ............................................ -->
+
+<!-- For redeclaring entities that are declared after this point while
+     retaining their references to the entities that are declared before
+     this point -->
+
+<![ %dbpool.redecl.module; [
+%rdbpool;
+<!--end of dbpool.redecl.module-->]]>
+
+<!-- Object-level mixtures ................................................ -->
+
+<!--
+                      list admn line synp para infm form cmpd gen  desc
+Component mixture       X    X    X    X    X    X    X    X    X    X
+Sidebar mixture         X    X    X    X    X    X    X    a    X
+Footnote mixture        X         X    X    X    X
+Example mixture         X         X    X    X    X
+Highlights mixture      X    X              X
+Paragraph mixture       X         X    X         X
+Admonition mixture      X         X    X    X    X    X    b    c
+Figure mixture                    X    X         X
+Table entry mixture     X    X    X         X    d
+Glossary def mixture    X         X    X    X    X         e
+Legal notice mixture    X    X    X         X    f
+
+a. Just Procedure; not Sidebar itself or MsgSet.
+b. No MsgSet.
+c. No Highlights.
+d. Just Graphic; no other informal objects.
+e. No Anchor, BridgeHead, or Highlights.
+f. Just BlockQuote; no other informal objects.
+-->
+
+<!ENTITY % local.component.mix "">
+<!ENTITY % component.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|%compound.class;
+		|%genobj.class;		|%descobj.class;
+		|%ndxterm.class;
+		%local.component.mix;">
+
+<!ENTITY % local.sidebar.mix "">
+<!ENTITY % sidebar.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure
+		|%genobj.class;
+		|%ndxterm.class;
+		%local.sidebar.mix;">
+
+<!ENTITY % local.qandaset.mix "">
+<!ENTITY % qandaset.mix
+		"%list.class;           |%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure
+		|%genobj.class;
+		|%ndxterm.class;
+		%local.qandaset.mix;">
+
+<!ENTITY % local.revdescription.mix "">
+<!ENTITY % revdescription.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure
+		|%genobj.class;
+		|%ndxterm.class;
+		%local.revdescription.mix;">
+
+<!ENTITY % local.footnote.mix "">
+<!ENTITY % footnote.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		%local.footnote.mix;">
+
+<!ENTITY % local.example.mix "">
+<!ENTITY % example.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%ndxterm.class;
+		%local.example.mix;">
+
+<!ENTITY % local.highlights.mix "">
+<!ENTITY % highlights.mix
+		"%list.class;		|%admon.class;
+		|%para.class;
+		|%ndxterm.class;
+		%local.highlights.mix;">
+
+<!-- %formal.class; is explicitly excluded from many contexts in which
+     paragraphs are used -->
+
+<!ENTITY % local.para.mix "">
+<!ENTITY % para.mix
+		"%list.class;           |%admon.class;
+		|%linespecific.class;
+					|%informal.class;
+		|%formal.class;
+		%local.para.mix;">
+
+<!ENTITY % local.admon.mix "">
+<!ENTITY % admon.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;		|Procedure|Sidebar
+		|Anchor|BridgeHead|Remark
+		|%ndxterm.class;
+		%local.admon.mix;">
+
+<!ENTITY % local.figure.mix "">
+<!ENTITY % figure.mix
+		"%linespecific.class;	|%synop.class;
+					|%informal.class;
+		|%ndxterm.class;
+		%local.figure.mix;">
+
+<!ENTITY % local.tabentry.mix "">
+<!ENTITY % tabentry.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;
+		|%para.class;		|Graphic|MediaObject
+		%local.tabentry.mix;">
+
+<!ENTITY % local.glossdef.mix "">
+<!ENTITY % glossdef.mix
+		"%list.class;
+		|%linespecific.class;	|%synop.class;
+		|%para.class;		|%informal.class;
+		|%formal.class;
+		|Remark
+		|%ndxterm.class;
+		%local.glossdef.mix;">
+
+<!ENTITY % local.legalnotice.mix "">
+<!ENTITY % legalnotice.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;
+		|%para.class;		|BlockQuote
+		|%ndxterm.class;
+		%local.legalnotice.mix;">
+
+<!ENTITY % local.textobject.mix "">
+<!ENTITY % textobject.mix
+		"%list.class;		|%admon.class;
+		|%linespecific.class;
+		|%para.class;		|BlockQuote
+		%local.textobject.mix;">
+
+<!ENTITY % local.mediaobject.mix "">
+<!ENTITY % mediaobject.mix 
+		"VideoObject|AudioObject|ImageObject %local.mediaobject.mix">
+
+<!-- Character-level mixtures ............................................. -->
+
+<!ENTITY % local.ubiq.mix "">
+<!ENTITY % ubiq.mix
+		"%ndxterm.class;|BeginPage %local.ubiq.mix;">
+
+<!ENTITY % ubiq.exclusion "-(%ubiq.mix)">
+<!ENTITY % ubiq.inclusion "+(%ubiq.mix)">
+
+<!ENTITY % footnote.exclusion "-(Footnote|%formal.class;)">
+<!ENTITY % highlights.exclusion "-(%ubiq.mix;|%formal.class;)">
+<!ENTITY % admon.exclusion "-(%admon.class;)">
+<!ENTITY % formal.exclusion "-(%formal.class;)">
+<!ENTITY % acronym.exclusion "-(Acronym)">
+<!ENTITY % beginpage.exclusion "-(BeginPage)">
+<!ENTITY % ndxterm.exclusion "-(%ndxterm.class;)">
+<!ENTITY % blockquote.exclusion "-(Epigraph)">
+<!ENTITY % remark.exclusion "-(Remark|%ubiq.mix;)">
+<!ENTITY % glossterm.exclusion "-(GlossTerm)">
+<!ENTITY % links.exclusion "-(Link|OLink|ULink|XRef)">
+
+<!--
+                    #PCD xref word link cptr base dnfo othr inob (synop)
+para.char.mix         X    X    X    X    X    X    X    X    X
+title.char.mix        X    X    X    X    X    X    X    X    X
+ndxterm.char.mix      X    X    X    X    X    X    X    X    a
+cptr.char.mix         X              X    X    X         X    a
+smallcptr.char.mix    X                   b                   a
+word.char.mix         X         c    X         X         X    a
+docinfo.char.mix      X         d    X    b              X    a
+
+a. Just InlineGraphic; no InlineEquation.
+b. Just Replaceable; no other computer terms.
+c. Just Emphasis and Trademark; no other word elements.
+d. Just Acronym, Emphasis, and Trademark; no other word elements.
+-->
+
+<!-- The DocBook TC may produce an official forms module for DocBook. -->
+<!-- This PE provides the hook by which it can be inserted into the DTD. -->
+<!ENTITY % forminlines.hook "">
+
+<!ENTITY % local.para.char.mix "">
+<!ENTITY % para.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;	|%inlineobj.char.class;
+		|%synop.class;
+		|%ndxterm.class;
+                %forminlines.hook;
+		%local.para.char.mix;">
+
+<!ENTITY % local.title.char.mix "">
+<!ENTITY % title.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;	|%inlineobj.char.class;
+		|%ndxterm.class;
+		%local.title.char.mix;">
+
+<!ENTITY % local.ndxterm.char.mix "">
+<!ENTITY % ndxterm.char.mix
+		"#PCDATA
+		|%xref.char.class;	|%gen.char.class;
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;	|%docinfo.char.class;
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		%local.ndxterm.char.mix;">
+
+<!ENTITY % local.cptr.char.mix "">
+<!ENTITY % cptr.char.mix
+		"#PCDATA
+		|%link.char.class;	|%tech.char.class;
+		|%base.char.class;
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.cptr.char.mix;">
+
+<!ENTITY % local.smallcptr.char.mix "">
+<!ENTITY % smallcptr.char.mix
+		"#PCDATA
+					|Replaceable
+					|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.smallcptr.char.mix;">
+
+<!ENTITY % local.word.char.mix "">
+<!ENTITY % word.char.mix
+		"#PCDATA
+					|Acronym|Emphasis|Trademark
+		|%link.char.class;
+		|%base.char.class;
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.word.char.mix;">
+
+<!ENTITY % local.docinfo.char.mix "">
+<!ENTITY % docinfo.char.mix
+		"#PCDATA
+		|%link.char.class;
+					|Emphasis|Trademark
+					|Replaceable
+		|%other.char.class;	|InlineGraphic|InlineMediaObject
+		|%ndxterm.class;
+		%local.docinfo.char.mix;">
+<!--ENTITY % bibliocomponent.mix (see Bibliographic section, below)-->
+<!--ENTITY % person.ident.mix (see Bibliographic section, below)-->
+
+<!-- ...................................................................... -->
+<!-- Entities for content models .......................................... -->
+
+<!ENTITY % formalobject.title.content "Title, TitleAbbrev?">
+
+<!-- ...................................................................... -->
+<!-- Entities for attributes and attribute components ..................... -->
+
+<!-- Effectivity attributes ............................................... -->
+
+<!ENTITY % arch.attrib
+	--Arch: Computer or chip architecture to which element applies; no 
+	default--
+	"Arch		CDATA		#IMPLIED">
+
+<!ENTITY % condition.attrib
+	--Condition: General-purpose effectivity attribute--
+	"Condition	CDATA		#IMPLIED">
+
+<!ENTITY % conformance.attrib
+	--Conformance: Standards conformance characteristics--
+	"Conformance	NMTOKENS	#IMPLIED">
+
+<!ENTITY % os.attrib
+	--OS: Operating system to which element applies; no default--
+	"OS		CDATA		#IMPLIED">
+
+<!ENTITY % revision.attrib
+	--Revision: Editorial revision to which element belongs; no default--
+	"Revision	CDATA		#IMPLIED">
+
+<!ENTITY % security.attrib
+	--Security: Security classification; no default--
+	"Security	CDATA		#IMPLIED">
+
+<!ENTITY % userlevel.attrib
+	--UserLevel: Level of user experience to which element applies; no 
+	default--
+	"UserLevel	CDATA		#IMPLIED">
+
+<!ENTITY % vendor.attrib
+	--Vendor: Computer vendor to which element applies; no default--
+	"Vendor		CDATA		#IMPLIED">
+
+<!ENTITY % local.effectivity.attrib "">
+<!ENTITY % effectivity.attrib
+	"%arch.attrib;
+	%condition.attrib;
+	%conformance.attrib;
+	%os.attrib;
+	%revision.attrib;
+	%security.attrib;
+	%userlevel.attrib;
+	%vendor.attrib;
+	%local.effectivity.attrib;"
+>
+
+<!-- Common attributes .................................................... -->
+
+<!ENTITY % id.attrib
+	--Id: Unique identifier of element; no default--
+	"Id		ID		#IMPLIED">
+
+<!ENTITY % idreq.attrib
+	--Id: Unique identifier of element; a value must be supplied; no 
+	default--
+	"Id		ID		#REQUIRED">
+
+<!ENTITY % lang.attrib
+	--Lang: Indicator of language in which element is written, for
+	translation, character set management, etc.; no default--
+	"Lang		CDATA		#IMPLIED">
+
+<!ENTITY % remap.attrib
+	--Remap: Previous role of element before conversion; no default--
+	"Remap		CDATA		#IMPLIED">
+
+<!ENTITY % role.attrib
+	--Role: New role of element in local environment; no default--
+	"Role		CDATA		#IMPLIED">
+
+<!ENTITY % xreflabel.attrib
+	--XRefLabel: Alternate labeling string for XRef text generation;
+	default is usually title or other appropriate label text already
+	contained in element--
+	"XRefLabel	CDATA		#IMPLIED">
+
+<!ENTITY % revisionflag.attrib
+	--RevisionFlag: Revision status of element; default is that element
+	wasn't revised--
+	"RevisionFlag	(Changed
+			|Added
+			|Deleted
+			|Off)		#IMPLIED">
+
+<!ENTITY % local.common.attrib "">
+<!ENTITY % common.attrib
+	"%id.attrib;
+	%lang.attrib;
+	%remap.attrib;
+	--Role is included explicitly on each element--
+	%xreflabel.attrib;
+	%revisionflag.attrib;
+	%effectivity.attrib;
+	%local.common.attrib;"
+>
+
+<!ENTITY % idreq.common.attrib
+	"%idreq.attrib;
+	%lang.attrib;
+	%remap.attrib;
+	--Role is included explicitly on each element--
+	%xreflabel.attrib;
+	%revisionflag.attrib;
+	%effectivity.attrib;
+	%local.common.attrib;"
+>
+
+<!-- Semi-common attributes and other attribute entities .................. -->
+
+<!ENTITY % local.graphics.attrib "">
+<!ENTITY % graphics.attrib
+	"
+	--EntityRef: Name of an external entity containing the content
+	of the graphic--
+	EntityRef	ENTITY		#IMPLIED
+
+	--FileRef: Filename, qualified by a pathname if desired, 
+	designating the file containing the content of the graphic--
+	FileRef 	CDATA		#IMPLIED
+
+	--Format: Notation of the element content, if any--
+	Format		(%notation.class;)
+					#IMPLIED
+
+	--SrcCredit: Information about the source of the Graphic--
+	SrcCredit	CDATA		#IMPLIED
+
+	--Width: Same as CALS reprowid (desired width)--
+	Width		NUTOKEN		#IMPLIED
+
+	--Depth: Same as CALS reprodep (desired depth)--
+	Depth		NUTOKEN		#IMPLIED
+
+	--Align: Same as CALS hplace with 'none' removed; #IMPLIED means 
+	application-specific--
+	Align		(Left
+			|Right 
+			|Center)	#IMPLIED
+
+	--Scale: Conflation of CALS hscale and vscale--
+	Scale		NUMBER		#IMPLIED
+
+	--Scalefit: Same as CALS scalefit--
+	Scalefit	%yesorno.attvals;
+					#IMPLIED
+	%local.graphics.attrib;"
+>
+
+<!ENTITY % local.keyaction.attrib "">
+<!ENTITY % keyaction.attrib
+	"
+	--Action: Key combination type; default is unspecified if one 
+	child element, Simul if there is more than one; if value is 
+	Other, the OtherAction attribute must have a nonempty value--
+	Action		(Click
+			|Double-Click
+			|Press
+			|Seq
+			|Simul
+			|Other)		#IMPLIED
+
+	--OtherAction: User-defined key combination type--
+	OtherAction	CDATA		#IMPLIED
+	%local.keyaction.attrib;"
+>
+
+<!ENTITY % label.attrib
+	--Label: Identifying number or string; default is usually the
+	appropriate number or string autogenerated by a formatter--
+	"Label		CDATA		#IMPLIED">
+
+<!ENTITY % linespecific.attrib
+	--Format: whether element is assumed to contain significant white
+	space--
+	"Format		NOTATION
+			(linespecific)	linespecific
+         LineNumbering	(Numbered|Unnumbered) 	#IMPLIED">
+
+<!ENTITY % linkend.attrib
+	--Linkend: link to related information; no default--
+	"Linkend	IDREF		#IMPLIED">
+
+<!ENTITY % linkendreq.attrib
+	--Linkend: required link to related information--
+	"Linkend	IDREF		#REQUIRED">
+
+<!ENTITY % linkends.attrib
+	--Linkends: link to one or more sets of related information; no 
+	default--
+	"Linkends	IDREFS		#IMPLIED">
+
+<![IGNORE[
+<!-- Declared for completeness, but never used -->
+<!ENTITY % linkendsreq.attrib
+	--Linkends: required link to one or more sets of related information--
+	"Linkends	IDREFS		#REQUIRED">
+]]>
+
+<!ENTITY % local.mark.attrib "">
+<!ENTITY % mark.attrib
+	"Mark		CDATA		#IMPLIED
+	%local.mark.attrib;"
+>
+
+<!ENTITY % moreinfo.attrib
+	--MoreInfo: whether element's content has an associated RefEntry--
+	"MoreInfo	(RefEntry|None)	None">
+
+<!ENTITY % pagenum.attrib
+	--Pagenum: number of page on which element appears; no default--
+	"Pagenum	CDATA		#IMPLIED">
+
+<!ENTITY % local.status.attrib "">
+<!ENTITY % status.attrib
+	--Status: Editorial or publication status of the element
+	it applies to, such as "in review" or "approved for distribution"--
+	"Status		CDATA		#IMPLIED
+	%local.status.attrib;"
+>
+
+<!ENTITY % width.attrib
+	--Width: width of the longest line in the element to which it
+	pertains, in number of characters--
+	"Width		NUMBER		#IMPLIED">
+
+<!-- ...................................................................... -->
+<!-- Title elements ....................................................... -->
+
+<!ENTITY % title.module "INCLUDE">
+<![ %title.module; [
+<!ENTITY % local.title.attrib "">
+<!ENTITY % title.role.attrib "%role.attrib;">
+
+<!ENTITY % title.element "INCLUDE">
+<![ %title.element; [
+<!ELEMENT Title - O ((%title.char.mix;)+)>
+<!--end of title.element-->]]>
+
+<!ENTITY % title.attlist "INCLUDE">
+<![ %title.attlist; [
+<!ATTLIST Title
+		%pagenum.attrib;
+		%common.attrib;
+		%title.role.attrib;
+		%local.title.attrib;
+>
+<!--end of title.attlist-->]]>
+<!--end of title.module-->]]>
+
+<!ENTITY % titleabbrev.module "INCLUDE">
+<![ %titleabbrev.module; [
+<!ENTITY % local.titleabbrev.attrib "">
+<!ENTITY % titleabbrev.role.attrib "%role.attrib;">
+
+<!ENTITY % titleabbrev.element "INCLUDE">
+<![ %titleabbrev.element; [
+<!ELEMENT TitleAbbrev - O ((%title.char.mix;)+)>
+<!--end of titleabbrev.element-->]]>
+
+<!ENTITY % titleabbrev.attlist "INCLUDE">
+<![ %titleabbrev.attlist; [
+<!ATTLIST TitleAbbrev
+		%common.attrib;
+		%titleabbrev.role.attrib;
+		%local.titleabbrev.attrib;
+>
+<!--end of titleabbrev.attlist-->]]>
+<!--end of titleabbrev.module-->]]>
+
+<!ENTITY % subtitle.module "INCLUDE">
+<![ %subtitle.module; [
+<!ENTITY % local.subtitle.attrib "">
+<!ENTITY % subtitle.role.attrib "%role.attrib;">
+
+<!ENTITY % subtitle.element "INCLUDE">
+<![ %subtitle.element; [
+<!ELEMENT Subtitle - O ((%title.char.mix;)+)>
+<!--end of subtitle.element-->]]>
+
+<!ENTITY % subtitle.attlist "INCLUDE">
+<![ %subtitle.attlist; [
+<!ATTLIST Subtitle
+		%common.attrib;
+		%subtitle.role.attrib;
+		%local.subtitle.attrib;
+>
+<!--end of subtitle.attlist-->]]>
+<!--end of subtitle.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Bibliographic entities and elements .................................. -->
+
+<!-- The bibliographic elements are typically used in the document
+     hierarchy. They do not appear in content models of information
+     pool elements.  See also the document information elements,
+     below. -->
+
+<!ENTITY % local.person.ident.mix "">
+<!ENTITY % person.ident.mix
+		"Honorific|FirstName|Surname|Lineage|OtherName|Affiliation
+		|AuthorBlurb|Contrib %local.person.ident.mix;">
+
+<!ENTITY % local.bibliocomponent.mix "">
+<!ENTITY % bibliocomponent.mix
+		"Abbrev|Abstract|Address|ArtPageNums|Author
+		|AuthorGroup|AuthorInitials|BiblioMisc|BiblioSet
+		|Collab|ConfGroup|ContractNum|ContractSponsor
+		|Copyright|CorpAuthor|CorpName|Date|Edition
+		|Editor|InvPartNumber|ISBN|ISSN|IssueNum|OrgName
+		|OtherCredit|PageNums|PrintHistory|ProductName
+		|ProductNumber|PubDate|Publisher|PublisherName
+		|PubsNumber|ReleaseInfo|RevHistory|SeriesVolNums
+		|Subtitle|Title|TitleAbbrev|VolumeNum|CiteTitle
+		|%person.ident.mix;
+		|%ndxterm.class;
+		%local.bibliocomponent.mix;">
+
+<!ENTITY % biblioentry.module "INCLUDE">
+<![ %biblioentry.module; [
+<!ENTITY % local.biblioentry.attrib "">
+
+<!ENTITY % biblioentry.role.attrib "%role.attrib;">
+
+<!ENTITY % biblioentry.element "INCLUDE">
+<![ %biblioentry.element; [
+<!--FUTURE USE (V5.0):
+......................
+ArticleInfo will be droped from BiblioEntry
+......................
+-->
+<!ELEMENT BiblioEntry - O ((ArticleInfo
+                            | (%bibliocomponent.mix;))+)
+                          %ubiq.exclusion;>
+<!--end of biblioentry.element-->]]>
+
+<!ENTITY % biblioentry.attlist "INCLUDE">
+<![ %biblioentry.attlist; [
+<!ATTLIST BiblioEntry
+		%common.attrib;
+		%biblioentry.role.attrib;
+		%local.biblioentry.attrib;
+>
+<!--end of biblioentry.attlist-->]]>
+<!--end of biblioentry.module-->]]>
+
+<!ENTITY % bibliomixed.module "INCLUDE">
+<![ %bibliomixed.module; [
+<!ENTITY % local.bibliomixed.attrib "">
+<!ENTITY % bibliomixed.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliomixed.element "INCLUDE">
+<![ %bibliomixed.element; [
+<!ELEMENT BiblioMixed - O ((%bibliocomponent.mix; | BiblioMSet | #PCDATA)+)
+	%ubiq.exclusion;>
+<!--end of bibliomixed.element-->]]>
+
+<!ENTITY % bibliomixed.attlist "INCLUDE">
+<![ %bibliomixed.attlist; [
+<!ATTLIST BiblioMixed
+		%common.attrib;
+		%bibliomixed.role.attrib;
+		%local.bibliomixed.attrib;
+>
+<!--end of bibliomixed.attlist-->]]>
+<!--end of bibliomixed.module-->]]>
+
+<!ENTITY % articleinfo.module "INCLUDE">
+<![ %articleinfo.module; [
+<!ENTITY % local.articleinfo.attrib "">
+<!ENTITY % articleinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % articleinfo.element "INCLUDE">
+<![ %articleinfo.element; [
+<!ELEMENT ArticleInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of articleinfo.element-->]]>
+
+<!ENTITY % articleinfo.attlist "INCLUDE">
+<![ %articleinfo.attlist; [
+<!ATTLIST ArticleInfo
+		%common.attrib;
+		%articleinfo.role.attrib;
+		%local.articleinfo.attrib;
+>
+<!--end of articleinfo.attlist-->]]>
+<!--end of articleinfo.module-->]]>
+
+<!ENTITY % biblioset.module "INCLUDE">
+<![ %biblioset.module; [
+<!ENTITY % local.biblioset.attrib "">
+<!ENTITY % biblioset.role.attrib "%role.attrib;">
+
+<!ENTITY % biblioset.element "INCLUDE">
+<![ %biblioset.element; [
+<!ELEMENT BiblioSet - - ((%bibliocomponent.mix;)+) %ubiq.exclusion;>
+<!--end of biblioset.element-->]]>
+
+<!ENTITY % biblioset.attlist "INCLUDE">
+<![ %biblioset.attlist; [
+<!ATTLIST BiblioSet
+		--
+		Relation: Relationship of elements contained within BiblioSet
+		--
+		Relation	CDATA		#IMPLIED
+		%common.attrib;
+		%biblioset.role.attrib;
+		%local.biblioset.attrib;
+>
+<!--end of biblioset.attlist-->]]>
+<!--end of biblioset.module-->]]>
+
+<!ENTITY % bibliomset.module "INCLUDE">
+<![ %bibliomset.module; [
+<!ENTITY % bibliomset.role.attrib "%role.attrib;">
+<!ENTITY % local.bibliomset.attrib "">
+
+<!ENTITY % bibliomset.element "INCLUDE">
+<![ %bibliomset.element; [
+<!ELEMENT BiblioMSet - - ((%bibliocomponent.mix; | BiblioMSet | #PCDATA)+)
+	%ubiq.exclusion;>
+<!--end of bibliomset.element-->]]>
+
+<!ENTITY % bibliomset.attlist "INCLUDE">
+<![ %bibliomset.attlist; [
+<!ATTLIST BiblioMSet
+		--
+		Relation: Relationship of elements contained within BiblioMSet
+		--
+		Relation	CDATA		#IMPLIED
+		%bibliomset.role.attrib;
+		%common.attrib;
+		%local.bibliomset.attrib;
+>
+<!--end of bibliomset.attlist-->]]>
+<!--end of bibliomset.module-->]]>
+
+<!ENTITY % bibliomisc.module "INCLUDE">
+<![ %bibliomisc.module; [
+<!ENTITY % local.bibliomisc.attrib "">
+<!ENTITY % bibliomisc.role.attrib "%role.attrib;">
+
+<!ENTITY % bibliomisc.element "INCLUDE">
+<![ %bibliomisc.element; [
+<!ELEMENT BiblioMisc - - ((%para.char.mix;)+)>
+<!--end of bibliomisc.element-->]]>
+
+<!ENTITY % bibliomisc.attlist "INCLUDE">
+<![ %bibliomisc.attlist; [
+<!ATTLIST BiblioMisc
+		%common.attrib;
+		%bibliomisc.role.attrib;
+		%local.bibliomisc.attrib;
+>
+<!--end of bibliomisc.attlist-->]]>
+<!--end of bibliomisc.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Subject, Keyword, and ITermSet elements .............................. -->
+
+<!ENTITY % subjectset.content.module "INCLUDE">
+<![ %subjectset.content.module; [
+<!ENTITY % subjectset.module "INCLUDE">
+<![ %subjectset.module; [
+<!ENTITY % local.subjectset.attrib "">
+<!ENTITY % subjectset.role.attrib "%role.attrib;">
+
+<!ENTITY % subjectset.element "INCLUDE">
+<![ %subjectset.element; [
+<!ELEMENT SubjectSet - - (Subject+)>
+<!--end of subjectset.element-->]]>
+
+<!ENTITY % subjectset.attlist "INCLUDE">
+<![ %subjectset.attlist; [
+<!ATTLIST SubjectSet
+		--
+		Scheme: Controlled vocabulary employed in SubjectTerms
+		--
+		Scheme		NAME		#IMPLIED
+		%common.attrib;
+		%subjectset.role.attrib;
+		%local.subjectset.attrib;
+>
+<!--end of subjectset.attlist-->]]>
+<!--end of subjectset.module-->]]>
+
+<!ENTITY % subject.module "INCLUDE">
+<![ %subject.module; [
+<!ENTITY % local.subject.attrib "">
+<!ENTITY % subject.role.attrib "%role.attrib;">
+
+<!ENTITY % subject.element "INCLUDE">
+<![ %subject.element; [
+<!ELEMENT Subject - - (SubjectTerm+)>
+<!--end of subject.element-->]]>
+
+<!ENTITY % subject.attlist "INCLUDE">
+<![ %subject.attlist; [
+<!ATTLIST Subject
+		--
+		Weight: Ranking of this group of SubjectTerms relative 
+		to others, 0 is low, no highest value specified
+		--
+		Weight		NUMBER		#IMPLIED
+		%common.attrib;
+		%subject.role.attrib;
+		%local.subject.attrib;
+>
+<!--end of subject.attlist-->]]>
+<!--end of subject.module-->]]>
+
+<!ENTITY % subjectterm.module "INCLUDE">
+<![ %subjectterm.module; [
+<!ENTITY % local.subjectterm.attrib "">
+<!ENTITY % subjectterm.role.attrib "%role.attrib;">
+
+<!ENTITY % subjectterm.element "INCLUDE">
+<![ %subjectterm.element; [
+<!ELEMENT SubjectTerm - - (#PCDATA)>
+<!--end of subjectterm.element-->]]>
+
+<!ENTITY % subjectterm.attlist "INCLUDE">
+<![ %subjectterm.attlist; [
+<!ATTLIST SubjectTerm
+		%common.attrib;
+		%subjectterm.role.attrib;
+		%local.subjectterm.attrib;
+>
+<!--end of subjectterm.attlist-->]]>
+<!--end of subjectterm.module-->]]>
+<!--end of subjectset.content.module-->]]>
+
+<!ENTITY % keywordset.content.module "INCLUDE">
+<![ %keywordset.content.module; [
+<!ENTITY % local.keywordset.attrib "">
+<!ENTITY % keywordset.module "INCLUDE">
+<![ %keywordset.module; [
+<!ENTITY % local.keywordset.attrib "">
+<!ENTITY % keywordset.role.attrib "%role.attrib;">
+
+<!ENTITY % keywordset.element "INCLUDE">
+<![ %keywordset.element; [
+<!ELEMENT KeywordSet - - (Keyword+)>
+<!--end of keywordset.element-->]]>
+
+<!ENTITY % keywordset.attlist "INCLUDE">
+<![ %keywordset.attlist; [
+<!ATTLIST KeywordSet
+		%common.attrib;
+		%keywordset.role.attrib;
+		%local.keywordset.attrib;
+>
+<!--end of keywordset.attlist-->]]>
+<!--end of keywordset.module-->]]>
+
+<!ENTITY % keyword.module "INCLUDE">
+<![ %keyword.module; [
+<!ENTITY % local.keyword.attrib "">
+<!ENTITY % keyword.role.attrib "%role.attrib;">
+
+<!ENTITY % keyword.element "INCLUDE">
+<![ %keyword.element; [
+<!ELEMENT Keyword - - (#PCDATA)>
+<!--end of keyword.element-->]]>
+
+<!ENTITY % keyword.attlist "INCLUDE">
+<![ %keyword.attlist; [
+<!ATTLIST Keyword
+		%common.attrib;
+		%keyword.role.attrib;
+		%local.keyword.attrib;
+>
+<!--end of keyword.attlist-->]]>
+<!--end of keyword.module-->]]>
+<!--end of keywordset.content.module-->]]>
+
+<!ENTITY % itermset.module "INCLUDE">
+<![ %itermset.module; [
+<!ENTITY % local.itermset.attrib "">
+<!ENTITY % itermset.role.attrib "%role.attrib;">
+
+<!ENTITY % itermset.element "INCLUDE">
+<![ %itermset.element; [
+<!ELEMENT ITermSet - - (IndexTerm+)>
+<!--end of itermset.element-->]]>
+
+<!ENTITY % itermset.attlist "INCLUDE">
+<![ %itermset.attlist; [
+<!ATTLIST ITermSet
+		%common.attrib;
+		%itermset.role.attrib;
+		%local.itermset.attrib;
+>
+<!--end of itermset.attlist-->]]>
+<!--end of itermset.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Compound (section-ish) elements ...................................... -->
+
+<!-- Message set ...................... -->
+
+<!ENTITY % msgset.content.module "INCLUDE">
+<![ %msgset.content.module; [
+<!ENTITY % msgset.module "INCLUDE">
+<![ %msgset.module; [
+<!ENTITY % local.msgset.attrib "">
+<!ENTITY % msgset.role.attrib "%role.attrib;">
+
+<!ENTITY % msgset.element "INCLUDE">
+<![ %msgset.element; [
+<!ELEMENT MsgSet - - ((%formalobject.title.content;)?, (MsgEntry+|SimpleMsgEntry+))>
+<!--end of msgset.element-->]]>
+
+<!ENTITY % msgset.attlist "INCLUDE">
+<![ %msgset.attlist; [
+<!ATTLIST MsgSet
+		%common.attrib;
+		%msgset.role.attrib;
+		%local.msgset.attrib;
+>
+<!--end of msgset.attlist-->]]>
+<!--end of msgset.module-->]]>
+
+<!ENTITY % msgentry.module "INCLUDE">
+<![ %msgentry.module; [
+<!ENTITY % local.msgentry.attrib "">
+<!ENTITY % msgentry.role.attrib "%role.attrib;">
+
+<!ENTITY % msgentry.element "INCLUDE">
+<![ %msgentry.element; [
+<!ELEMENT MsgEntry - O (Msg+, MsgInfo?, MsgExplan*)>
+<!--end of msgentry.element-->]]>
+
+<!ENTITY % msgentry.attlist "INCLUDE">
+<![ %msgentry.attlist; [
+<!ATTLIST MsgEntry
+		%common.attrib;
+		%msgentry.role.attrib;
+		%local.msgentry.attrib;
+>
+<!--end of msgentry.attlist-->]]>
+<!--end of msgentry.module-->]]>
+
+<!ENTITY % simplemsgentry.module "INCLUDE">
+<![ %simplemsgentry.module; [
+<!ENTITY % local.simplemsgentry.attrib "">
+<!ENTITY % simplemsgentry.role.attrib "%role.attrib;">
+
+<!ENTITY % simplemsgentry.element "INCLUDE">
+<![ %simplemsgentry.element; [
+<!ELEMENT SimpleMsgEntry - O (MsgText, MsgExplan)>
+<!--end of simplemsgentry.element-->]]>
+
+<!ENTITY % simplemsgentry.attlist "INCLUDE">
+<![ %simplemsgentry.attlist; [
+<!ATTLIST SimpleMsgEntry
+		%common.attrib;
+		%simplemsgentry.role.attrib;
+		%local.simplemsgentry.attrib;
+		Audience	CDATA	#IMPLIED
+		Level		CDATA	#IMPLIED
+		Origin		CDATA	#IMPLIED
+>
+<!--end of simplemsgentry.attlist-->]]>
+<!--end of simplemsgentry.module-->]]>
+
+<!ENTITY % msg.module "INCLUDE">
+<![ %msg.module; [
+<!ENTITY % local.msg.attrib "">
+<!ENTITY % msg.role.attrib "%role.attrib;">
+
+<!ENTITY % msg.element "INCLUDE">
+<![ %msg.element; [
+<!ELEMENT Msg - O (Title?, MsgMain, (MsgSub | MsgRel)*)>
+<!--end of msg.element-->]]>
+
+<!ENTITY % msg.attlist "INCLUDE">
+<![ %msg.attlist; [
+<!ATTLIST Msg
+		%common.attrib;
+		%msg.role.attrib;
+		%local.msg.attrib;
+>
+<!--end of msg.attlist-->]]>
+<!--end of msg.module-->]]>
+
+<!ENTITY % msgmain.module "INCLUDE">
+<![ %msgmain.module; [
+<!ENTITY % local.msgmain.attrib "">
+<!ENTITY % msgmain.role.attrib "%role.attrib;">
+
+<!ENTITY % msgmain.element "INCLUDE">
+<![ %msgmain.element; [
+<!ELEMENT MsgMain - - (Title?, MsgText)>
+<!--end of msgmain.element-->]]>
+
+<!ENTITY % msgmain.attlist "INCLUDE">
+<![ %msgmain.attlist; [
+<!ATTLIST MsgMain
+		%common.attrib;
+		%msgmain.role.attrib;
+		%local.msgmain.attrib;
+>
+<!--end of msgmain.attlist-->]]>
+<!--end of msgmain.module-->]]>
+
+<!ENTITY % msgsub.module "INCLUDE">
+<![ %msgsub.module; [
+<!ENTITY % local.msgsub.attrib "">
+<!ENTITY % msgsub.role.attrib "%role.attrib;">
+
+<!ENTITY % msgsub.element "INCLUDE">
+<![ %msgsub.element; [
+<!ELEMENT MsgSub - - (Title?, MsgText)>
+<!--end of msgsub.element-->]]>
+
+<!ENTITY % msgsub.attlist "INCLUDE">
+<![ %msgsub.attlist; [
+<!ATTLIST MsgSub
+		%common.attrib;
+		%msgsub.role.attrib;
+		%local.msgsub.attrib;
+>
+<!--end of msgsub.attlist-->]]>
+<!--end of msgsub.module-->]]>
+
+<!ENTITY % msgrel.module "INCLUDE">
+<![ %msgrel.module; [
+<!ENTITY % local.msgrel.attrib "">
+<!ENTITY % msgrel.role.attrib "%role.attrib;">
+
+<!ENTITY % msgrel.element "INCLUDE">
+<![ %msgrel.element; [
+<!ELEMENT MsgRel - - (Title?, MsgText)>
+<!--end of msgrel.element-->]]>
+
+<!ENTITY % msgrel.attlist "INCLUDE">
+<![ %msgrel.attlist; [
+<!ATTLIST MsgRel
+		%common.attrib;
+		%msgrel.role.attrib;
+		%local.msgrel.attrib;
+>
+<!--end of msgrel.attlist-->]]>
+<!--end of msgrel.module-->]]>
+
+<!-- MsgText (defined in the Inlines section, below)-->
+
+<!ENTITY % msginfo.module "INCLUDE">
+<![ %msginfo.module; [
+<!ENTITY % local.msginfo.attrib "">
+<!ENTITY % msginfo.role.attrib "%role.attrib;">
+
+<!ENTITY % msginfo.element "INCLUDE">
+<![ %msginfo.element; [
+<!ELEMENT MsgInfo - - ((MsgLevel | MsgOrig | MsgAud)*)>
+<!--end of msginfo.element-->]]>
+
+<!ENTITY % msginfo.attlist "INCLUDE">
+<![ %msginfo.attlist; [
+<!ATTLIST MsgInfo
+		%common.attrib;
+		%msginfo.role.attrib;
+		%local.msginfo.attrib;
+>
+<!--end of msginfo.attlist-->]]>
+<!--end of msginfo.module-->]]>
+
+<!ENTITY % msglevel.module "INCLUDE">
+<![ %msglevel.module; [
+<!ENTITY % local.msglevel.attrib "">
+<!ENTITY % msglevel.role.attrib "%role.attrib;">
+
+<!ENTITY % msglevel.element "INCLUDE">
+<![ %msglevel.element; [
+<!ELEMENT MsgLevel - - ((%smallcptr.char.mix;)+)>
+<!--end of msglevel.element-->]]>
+
+<!ENTITY % msglevel.attlist "INCLUDE">
+<![ %msglevel.attlist; [
+<!ATTLIST MsgLevel
+		%common.attrib;
+		%msglevel.role.attrib;
+		%local.msglevel.attrib;
+>
+<!--end of msglevel.attlist-->]]>
+<!--end of msglevel.module-->]]>
+
+<!ENTITY % msgorig.module "INCLUDE">
+<![ %msgorig.module; [
+<!ENTITY % local.msgorig.attrib "">
+<!ENTITY % msgorig.role.attrib "%role.attrib;">
+
+<!ENTITY % msgorig.element "INCLUDE">
+<![ %msgorig.element; [
+<!ELEMENT MsgOrig - - ((%smallcptr.char.mix;)+)>
+<!--end of msgorig.element-->]]>
+
+<!ENTITY % msgorig.attlist "INCLUDE">
+<![ %msgorig.attlist; [
+<!ATTLIST MsgOrig
+		%common.attrib;
+		%msgorig.role.attrib;
+		%local.msgorig.attrib;
+>
+<!--end of msgorig.attlist-->]]>
+<!--end of msgorig.module-->]]>
+
+<!ENTITY % msgaud.module "INCLUDE">
+<![ %msgaud.module; [
+<!ENTITY % local.msgaud.attrib "">
+<!ENTITY % msgaud.role.attrib "%role.attrib;">
+
+<!ENTITY % msgaud.element "INCLUDE">
+<![ %msgaud.element; [
+<!ELEMENT MsgAud - - ((%para.char.mix;)+)>
+<!--end of msgaud.element-->]]>
+
+<!ENTITY % msgaud.attlist "INCLUDE">
+<![ %msgaud.attlist; [
+<!ATTLIST MsgAud
+		%common.attrib;
+		%msgaud.role.attrib;
+		%local.msgaud.attrib;
+>
+<!--end of msgaud.attlist-->]]>
+<!--end of msgaud.module-->]]>
+
+<!ENTITY % msgexplan.module "INCLUDE">
+<![ %msgexplan.module; [
+<!ENTITY % local.msgexplan.attrib "">
+<!ENTITY % msgexplan.role.attrib "%role.attrib;">
+
+<!ENTITY % msgexplan.element "INCLUDE">
+<![ %msgexplan.element; [
+<!ELEMENT MsgExplan - - (Title?, (%component.mix;)+)>
+<!--end of msgexplan.element-->]]>
+
+<!ENTITY % msgexplan.attlist "INCLUDE">
+<![ %msgexplan.attlist; [
+<!ATTLIST MsgExplan
+		%common.attrib;
+		%msgexplan.role.attrib;
+		%local.msgexplan.attrib;
+>
+<!--end of msgexplan.attlist-->]]>
+<!--end of msgexplan.module-->]]>
+<!--end of msgset.content.module-->]]>
+
+<!-- QandASet ........................ -->
+<!ENTITY % qandset.content.module "INCLUDE">
+<![ %qandset.content.module; [
+<!ENTITY % qandset.module "INCLUDE">
+<![ %qandset.module; [
+<!ENTITY % local.qandset.attrib "">
+<!ENTITY % qandset.role.attrib "%role.attrib;">
+
+<!ENTITY % qandset.element "INCLUDE">
+<![ %qandset.element; [
+<!ELEMENT QandASet - - ((%formalobject.title.content;)?,
+			(%qandaset.mix;)*,
+                        (QandADiv+|QandAEntry+))>
+<!--end of qandset.element-->]]>
+
+<!ENTITY % qandset.attlist "INCLUDE">
+<![ %qandset.attlist; [
+<!ATTLIST QandASet
+		DefaultLabel	(qanda|number|none)       #IMPLIED
+		%common.attrib;
+		%qandset.role.attrib;
+		%local.qandset.attrib;>
+<!--end of qandset.attlist-->]]>
+<!--end of qandset.module-->]]>
+
+<!ENTITY % qandadiv.module "INCLUDE">
+<![ %qandadiv.module; [
+<!ENTITY % local.qandadiv.attrib "">
+<!ENTITY % qandadiv.role.attrib "%role.attrib;">
+
+<!ENTITY % qandadiv.element "INCLUDE">
+<![ %qandadiv.element; [
+<!ELEMENT QandADiv - - ((%formalobject.title.content;)?, 
+			(%qandaset.mix;)*,
+			(QandADiv+|QandAEntry+))>
+<!--end of qandadiv.element-->]]>
+
+<!ENTITY % qandadiv.attlist "INCLUDE">
+<![ %qandadiv.attlist; [
+<!ATTLIST QandADiv
+		%common.attrib;
+		%qandadiv.role.attrib;
+		%local.qandadiv.attrib;>
+<!--end of qandadiv.attlist-->]]>
+<!--end of qandadiv.module-->]]>
+
+<!ENTITY % qandaentry.module "INCLUDE">
+<![ %qandaentry.module; [
+<!ENTITY % local.qandaentry.attrib "">
+<!ENTITY % qandaentry.role.attrib "%role.attrib;">
+
+<!ENTITY % qandaentry.element "INCLUDE">
+<![ %qandaentry.element; [
+<!ELEMENT QandAEntry - - (RevHistory?, Question, Answer*)>
+<!--end of qandaentry.element-->]]>
+
+<!ENTITY % qandaentry.attlist "INCLUDE">
+<![ %qandaentry.attlist; [
+<!ATTLIST QandAEntry
+		%common.attrib;
+		%qandaentry.role.attrib;
+		%local.qandaentry.attrib;>
+<!--end of qandaentry.attlist-->]]>
+<!--end of qandaentry.module-->]]>
+
+<!ENTITY % question.module "INCLUDE">
+<![ %question.module; [
+<!ENTITY % local.question.attrib "">
+<!ENTITY % question.role.attrib "%role.attrib;">
+
+<!ENTITY % question.element "INCLUDE">
+<![ %question.element; [
+<!ELEMENT Question - - (Label?, (%qandaset.mix;)+)>
+<!--end of question.element-->]]>
+
+<!ENTITY % question.attlist "INCLUDE">
+<![ %question.attlist; [
+<!ATTLIST Question
+		%common.attrib;
+		%question.role.attrib;
+		%local.question.attrib;
+>
+<!--end of question.attlist-->]]>
+<!--end of question.module-->]]>
+
+<!ENTITY % answer.module "INCLUDE">
+<![ %answer.module; [
+<!ENTITY % local.answer.attrib "">
+<!ENTITY % answer.role.attrib "%role.attrib;">
+
+<!ENTITY % answer.element "INCLUDE">
+<![ %answer.element; [
+<!ELEMENT Answer - - (Label?, (%qandaset.mix;)*, QandAEntry*)>
+<!--end of answer.element-->]]>
+
+<!ENTITY % answer.attlist "INCLUDE">
+<![ %answer.attlist; [
+<!ATTLIST Answer
+		%common.attrib;
+		%answer.role.attrib;
+		%local.answer.attrib;
+>
+<!--end of answer.attlist-->]]>
+<!--end of answer.module-->]]>
+
+<!ENTITY % label.module "INCLUDE">
+<![ %label.module; [
+<!ENTITY % local.label.attrib "">
+<!ENTITY % label.role.attrib "%role.attrib;">
+
+<!ENTITY % label.element "INCLUDE">
+<![ %label.element; [
+<!ELEMENT Label - - (%word.char.mix;)*>
+<!--end of label.element-->]]>
+
+<!ENTITY % label.attlist "INCLUDE">
+<![ %label.attlist; [
+<!ATTLIST Label
+		%common.attrib;
+		%label.role.attrib;
+		%local.label.attrib;
+>
+<!--end of label.attlist-->]]>
+<!--end of label.module-->]]>
+<!--end of qandset.content.module-->]]>
+
+<!-- Procedure ........................ -->
+
+<!ENTITY % procedure.content.module "INCLUDE">
+<![ %procedure.content.module; [
+<!ENTITY % procedure.module "INCLUDE">
+<![ %procedure.module; [
+<!ENTITY % local.procedure.attrib "">
+<!ENTITY % procedure.role.attrib "%role.attrib;">
+
+<!ENTITY % procedure.element "INCLUDE">
+<![ %procedure.element; [
+<!ELEMENT Procedure - - ((%formalobject.title.content;)?,
+	(%component.mix;)*, Step+)>
+<!--end of procedure.element-->]]>
+
+<!ENTITY % procedure.attlist "INCLUDE">
+<![ %procedure.attlist; [
+<!ATTLIST Procedure
+		%common.attrib;
+		%procedure.role.attrib;
+		%local.procedure.attrib;
+>
+<!--end of procedure.attlist-->]]>
+<!--end of procedure.module-->]]>
+
+<!ENTITY % step.module "INCLUDE">
+<![ %step.module; [
+<!ENTITY % local.step.attrib "">
+<!ENTITY % step.role.attrib "%role.attrib;">
+
+<!ENTITY % step.element "INCLUDE">
+<![ %step.element; [
+<!ELEMENT Step - O (Title?, (((%component.mix;)+, (SubSteps,
+		(%component.mix;)*)?) | (SubSteps, (%component.mix;)*)))>
+<!--end of step.element-->]]>
+
+<!ENTITY % step.attlist "INCLUDE">
+<![ %step.attlist; [
+<!ATTLIST Step
+		--
+		Performance: Whether the Step must be performed
+		--
+		Performance	(Optional
+				|Required)	Required -- not #REQUIRED! --
+		%common.attrib;
+		%step.role.attrib;
+		%local.step.attrib;
+>
+<!--end of step.attlist-->]]>
+<!--end of step.module-->]]>
+
+<!ENTITY % substeps.module "INCLUDE">
+<![ %substeps.module; [
+<!ENTITY % local.substeps.attrib "">
+<!ENTITY % substeps.role.attrib "%role.attrib;">
+
+<!ENTITY % substeps.element "INCLUDE">
+<![ %substeps.element; [
+<!ELEMENT SubSteps - - (Step+)>
+<!--end of substeps.element-->]]>
+
+<!ENTITY % substeps.attlist "INCLUDE">
+<![ %substeps.attlist; [
+<!ATTLIST SubSteps
+		--
+		Performance: whether entire set of substeps must be performed
+		--
+		Performance	(Optional
+				|Required)	Required -- not #REQUIRED! --
+		%common.attrib;
+		%substeps.role.attrib;
+		%local.substeps.attrib;
+>
+<!--end of substeps.attlist-->]]>
+<!--end of substeps.module-->]]>
+<!--end of procedure.content.module-->]]>
+
+<!-- Sidebar .......................... -->
+
+<!ENTITY % sidebar.content.model "INCLUDE">
+<![ %sidebar.content.model; [
+
+<!ENTITY % sidebarinfo.module "INCLUDE">
+<![ %sidebarinfo.module; [
+<!ENTITY % local.sidebarinfo.attrib "">
+<!ENTITY % sidebarinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % sidebarinfo.element "INCLUDE">
+<![ %sidebarinfo.element; [
+<!ELEMENT SidebarInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of sidebarinfo.element-->]]>
+
+<!ENTITY % sidebarinfo.attlist "INCLUDE">
+<![ %sidebarinfo.attlist; [
+<!ATTLIST SidebarInfo
+		%common.attrib;
+		%sidebarinfo.role.attrib;
+		%local.sidebarinfo.attrib;
+>
+<!--end of sidebarinfo.attlist-->]]>
+<!--end of sidebarinfo.module-->]]>
+
+<!ENTITY % sidebar.module "INCLUDE">
+<![ %sidebar.module; [
+<!ENTITY % local.sidebar.attrib "">
+<!ENTITY % sidebar.role.attrib "%role.attrib;">
+
+<!ENTITY % sidebar.element "INCLUDE">
+<![ %sidebar.element; [
+<!ELEMENT Sidebar - - (SidebarInfo?,
+		       (%formalobject.title.content;)?, (%sidebar.mix;)+)>
+<!--end of sidebar.element-->]]>
+
+<!ENTITY % sidebar.attlist "INCLUDE">
+<![ %sidebar.attlist; [
+<!ATTLIST Sidebar
+		%common.attrib;
+		%sidebar.role.attrib;
+		%local.sidebar.attrib;
+>
+<!--end of sidebar.attlist-->]]>
+<!--end of sidebar.module-->]]>
+<!--end of sidebar.content.model-->]]>
+
+<!-- ...................................................................... -->
+<!-- Paragraph-related elements ........................................... -->
+
+<!ENTITY % abstract.module "INCLUDE">
+<![ %abstract.module; [
+<!ENTITY % local.abstract.attrib "">
+<!ENTITY % abstract.role.attrib "%role.attrib;">
+
+<!ENTITY % abstract.element "INCLUDE">
+<![ %abstract.element; [
+<!ELEMENT Abstract - - (Title?, (%para.class;)+)>
+<!--end of abstract.element-->]]>
+
+<!ENTITY % abstract.attlist "INCLUDE">
+<![ %abstract.attlist; [
+<!ATTLIST Abstract
+		%common.attrib;
+		%abstract.role.attrib;
+		%local.abstract.attrib;
+>
+<!--end of abstract.attlist-->]]>
+<!--end of abstract.module-->]]>
+
+<!ENTITY % authorblurb.module "INCLUDE">
+<![ %authorblurb.module; [
+<!ENTITY % local.authorblurb.attrib "">
+<!ENTITY % authorblurb.role.attrib "%role.attrib;">
+
+<!ENTITY % authorblurb.element "INCLUDE">
+<![ %authorblurb.element; [
+<!ELEMENT AuthorBlurb - - (Title?, (%para.class;)+)>
+<!--end of authorblurb.element-->]]>
+
+<!ENTITY % authorblurb.attlist "INCLUDE">
+<![ %authorblurb.attlist; [
+<!ATTLIST AuthorBlurb
+		%common.attrib;
+		%authorblurb.role.attrib;
+		%local.authorblurb.attrib;
+>
+<!--end of authorblurb.attlist-->]]>
+<!--end of authorblurb.module-->]]>
+
+<!ENTITY % blockquote.module "INCLUDE">
+<![ %blockquote.module; [
+<!ENTITY % local.blockquote.attrib "">
+<!ENTITY % blockquote.role.attrib "%role.attrib;">
+
+<!ENTITY % blockquote.element "INCLUDE">
+<![ %blockquote.element; [
+<!ELEMENT BlockQuote - - (Title?, Attribution?, (%component.mix;)+)
+                         %blockquote.exclusion;>
+<!--end of blockquote.element-->]]>
+
+<!ENTITY % blockquote.attlist "INCLUDE">
+<![ %blockquote.attlist; [
+<!ATTLIST BlockQuote
+		%common.attrib;
+		%blockquote.role.attrib;
+		%local.blockquote.attrib;
+>
+<!--end of blockquote.attlist-->]]>
+<!--end of blockquote.module-->]]>
+
+<!ENTITY % attribution.module "INCLUDE">
+<![ %attribution.module; [
+<!ENTITY % local.attribution.attrib "">
+<!ENTITY % attribution.role.attrib "%role.attrib;">
+
+<!ENTITY % attribution.element "INCLUDE">
+<![ %attribution.element; [
+<!ELEMENT Attribution - O ((%para.char.mix;)+)>
+<!--end of attribution.element-->]]>
+
+<!ENTITY % attribution.attlist "INCLUDE">
+<![ %attribution.attlist; [
+<!ATTLIST Attribution
+		%common.attrib;
+		%attribution.role.attrib;
+		%local.attribution.attrib;
+>
+<!--end of attribution.attlist-->]]>
+<!--end of attribution.module-->]]>
+
+<!ENTITY % bridgehead.module "INCLUDE">
+<![ %bridgehead.module; [
+<!ENTITY % local.bridgehead.attrib "">
+<!ENTITY % bridgehead.role.attrib "%role.attrib;">
+
+<!ENTITY % bridgehead.element "INCLUDE">
+<![ %bridgehead.element; [
+<!ELEMENT BridgeHead - - ((%title.char.mix;)+)>
+<!--end of bridgehead.element-->]]>
+
+<!ENTITY % bridgehead.attlist "INCLUDE">
+<![ %bridgehead.attlist; [
+<!ATTLIST BridgeHead
+		--
+		Renderas: Indicates the format in which the BridgeHead
+		should appear
+		--
+		Renderas	(Other
+				|Sect1
+				|Sect2
+				|Sect3
+				|Sect4
+				|Sect5)		#IMPLIED
+		%common.attrib;
+		%bridgehead.role.attrib;
+		%local.bridgehead.attrib;
+>
+<!--end of bridgehead.attlist-->]]>
+<!--end of bridgehead.module-->]]>
+
+<!ENTITY % remark.module "INCLUDE">
+<![ %remark.module; [
+<!ENTITY % local.remark.attrib "">
+<!ENTITY % remark.role.attrib "%role.attrib;">
+
+<!ENTITY % remark.element "INCLUDE">
+<![ %remark.element; [
+<!ELEMENT Remark - - ((%para.char.mix;)+) %remark.exclusion;>
+<!--end of remark.element-->]]>
+
+<!ENTITY % remark.attlist "INCLUDE">
+<![ %remark.attlist; [
+<!ATTLIST Remark
+		%common.attrib;
+		%remark.role.attrib;
+		%local.remark.attrib;
+>
+<!--end of remark.attlist-->]]>
+<!--end of remark.module-->]]>
+
+<!ENTITY % epigraph.module "INCLUDE">
+<![ %epigraph.module; [
+<!ENTITY % local.epigraph.attrib "">
+<!ENTITY % epigraph.role.attrib "%role.attrib;">
+
+<!ENTITY % epigraph.element "INCLUDE">
+<![ %epigraph.element; [
+<!ELEMENT Epigraph - - (Attribution?, (%para.class;)+)>
+<!--end of epigraph.element-->]]>
+
+<!ENTITY % epigraph.attlist "INCLUDE">
+<![ %epigraph.attlist; [
+<!ATTLIST Epigraph
+		%common.attrib;
+		%epigraph.role.attrib;
+		%local.epigraph.attrib;
+>
+<!--end of epigraph.attlist-->]]>
+<!-- Attribution (defined above)-->
+<!--end of epigraph.module-->]]>
+
+<!ENTITY % footnote.module "INCLUDE">
+<![ %footnote.module; [
+<!ENTITY % local.footnote.attrib "">
+<!ENTITY % footnote.role.attrib "%role.attrib;">
+
+<!ENTITY % footnote.element "INCLUDE">
+<![ %footnote.element; [
+<!ELEMENT Footnote - - ((%footnote.mix;)+) %footnote.exclusion;>
+<!--end of footnote.element-->]]>
+
+<!ENTITY % footnote.attlist "INCLUDE">
+<![ %footnote.attlist; [
+<!ATTLIST Footnote
+		%label.attrib;
+		%common.attrib;
+		%footnote.role.attrib;
+		%local.footnote.attrib;
+>
+<!--end of footnote.attlist-->]]>
+<!--end of footnote.module-->]]>
+
+<!ENTITY % highlights.module "INCLUDE">
+<![ %highlights.module; [
+<!ENTITY % local.highlights.attrib "">
+<!ENTITY % highlights.role.attrib "%role.attrib;">
+
+<!ENTITY % highlights.element "INCLUDE">
+<![ %highlights.element; [
+<!ELEMENT Highlights - - ((%highlights.mix;)+) %highlights.exclusion;>
+<!--end of highlights.element-->]]>
+
+<!ENTITY % highlights.attlist "INCLUDE">
+<![ %highlights.attlist; [
+<!ATTLIST Highlights
+		%common.attrib;
+		%highlights.role.attrib;
+		%local.highlights.attrib;
+>
+<!--end of highlights.attlist-->]]>
+<!--end of highlights.module-->]]>
+
+<!ENTITY % formalpara.module "INCLUDE">
+<![ %formalpara.module; [
+<!ENTITY % local.formalpara.attrib "">
+<!ENTITY % formalpara.role.attrib "%role.attrib;">
+
+<!ENTITY % formalpara.element "INCLUDE">
+<![ %formalpara.element; [
+<!ELEMENT FormalPara - O (Title, (%ndxterm.class;)*, Para)>
+<!--end of formalpara.element-->]]>
+
+<!ENTITY % formalpara.attlist "INCLUDE">
+<![ %formalpara.attlist; [
+<!ATTLIST FormalPara
+		%common.attrib;
+		%formalpara.role.attrib;
+		%local.formalpara.attrib;
+>
+<!--end of formalpara.attlist-->]]>
+<!--end of formalpara.module-->]]>
+
+<!ENTITY % para.module "INCLUDE">
+<![ %para.module; [
+<!ENTITY % local.para.attrib "">
+<!ENTITY % para.role.attrib "%role.attrib;">
+
+<!ENTITY % para.element "INCLUDE">
+<![ %para.element; [
+<!ELEMENT Para - O ((%para.char.mix; | %para.mix;)+)>
+<!--end of para.element-->]]>
+
+<!ENTITY % para.attlist "INCLUDE">
+<![ %para.attlist; [
+<!ATTLIST Para
+		%common.attrib;
+		%para.role.attrib;
+		%local.para.attrib;
+>
+<!--end of para.attlist-->]]>
+<!--end of para.module-->]]>
+
+<!ENTITY % simpara.module "INCLUDE">
+<![ %simpara.module; [
+<!ENTITY % local.simpara.attrib "">
+<!ENTITY % simpara.role.attrib "%role.attrib;">
+
+<!ENTITY % simpara.element "INCLUDE">
+<![ %simpara.element; [
+<!ELEMENT SimPara - O ((%para.char.mix;)+)>
+<!--end of simpara.element-->]]>
+
+<!ENTITY % simpara.attlist "INCLUDE">
+<![ %simpara.attlist; [
+<!ATTLIST SimPara
+		%common.attrib;
+		%simpara.role.attrib;
+		%local.simpara.attrib;
+>
+<!--end of simpara.attlist-->]]>
+<!--end of simpara.module-->]]>
+
+<!ENTITY % admon.module "INCLUDE">
+<![ %admon.module; [
+<!ENTITY % local.admon.attrib "">
+<!ENTITY % admon.role.attrib "%role.attrib;">
+
+<!ENTITY % admon.elements "INCLUDE">
+<![ %admon.elements; [
+<!ELEMENT (%admon.class;) - - (Title?, (%admon.mix;)+) %admon.exclusion;>
+<!--end of admon.elements-->]]>
+
+<!ENTITY % admon.attlists "INCLUDE">
+<![ %admon.attlists; [
+<!ATTLIST (%admon.class;)
+		%common.attrib;
+		%admon.role.attrib;
+		%local.admon.attrib;
+>
+<!--end of admon.attlists-->]]>
+<!--end of admon.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Lists ................................................................ -->
+
+<!-- GlossList ........................ -->
+
+<!ENTITY % glosslist.module "INCLUDE">
+<![ %glosslist.module; [
+<!ENTITY % local.glosslist.attrib "">
+<!ENTITY % glosslist.role.attrib "%role.attrib;">
+
+<!ENTITY % glosslist.element "INCLUDE">
+<![ %glosslist.element; [
+<!ELEMENT GlossList - - (GlossEntry+)>
+<!--end of glosslist.element-->]]>
+
+<!ENTITY % glosslist.attlist "INCLUDE">
+<![ %glosslist.attlist; [
+<!ATTLIST GlossList
+		%common.attrib;
+		%glosslist.role.attrib;
+		%local.glosslist.attrib;
+>
+<!--end of glosslist.attlist-->]]>
+<!--end of glosslist.module-->]]>
+
+<!ENTITY % glossentry.content.module "INCLUDE">
+<![ %glossentry.content.module; [
+<!ENTITY % glossentry.module "INCLUDE">
+<![ %glossentry.module; [
+<!ENTITY % local.glossentry.attrib "">
+<!ENTITY % glossentry.role.attrib "%role.attrib;">
+
+<!ENTITY % glossentry.element "INCLUDE">
+<![ %glossentry.element; [
+<!ELEMENT GlossEntry - O (GlossTerm, Acronym?, Abbrev?,
+			  (%ndxterm.class;)*,
+			  RevHistory?, (GlossSee|GlossDef+))>
+<!--end of glossentry.element-->]]>
+
+<!ENTITY % glossentry.attlist "INCLUDE">
+<![ %glossentry.attlist; [
+<!ATTLIST GlossEntry
+		--
+		SortAs: String by which the GlossEntry is to be sorted
+		(alphabetized) in lieu of its proper content
+		--
+		SortAs		CDATA		#IMPLIED
+		%common.attrib;
+		%glossentry.role.attrib;
+		%local.glossentry.attrib;
+>
+<!--end of glossentry.attlist-->]]>
+<!--end of glossentry.module-->]]>
+
+<!-- GlossTerm (defined in the Inlines section, below)-->
+<!ENTITY % glossdef.module "INCLUDE">
+<![ %glossdef.module; [
+<!ENTITY % local.glossdef.attrib "">
+<!ENTITY % glossdef.role.attrib "%role.attrib;">
+
+<!ENTITY % glossdef.element "INCLUDE">
+<![ %glossdef.element; [
+<!ELEMENT GlossDef - O ((%glossdef.mix;)+, GlossSeeAlso*)>
+<!--end of glossdef.element-->]]>
+
+<!ENTITY % glossdef.attlist "INCLUDE">
+<![ %glossdef.attlist; [
+<!ATTLIST GlossDef
+		--
+		Subject: List of subjects; keywords for the definition
+		--
+		Subject		CDATA		#IMPLIED
+		%common.attrib;
+		%glossdef.role.attrib;
+		%local.glossdef.attrib;
+>
+<!--end of glossdef.attlist-->]]>
+<!--end of glossdef.module-->]]>
+
+<!ENTITY % glosssee.module "INCLUDE">
+<![ %glosssee.module; [
+<!ENTITY % local.glosssee.attrib "">
+<!ENTITY % glosssee.role.attrib "%role.attrib;">
+
+<!ENTITY % glosssee.element "INCLUDE">
+<![ %glosssee.element; [
+<!ELEMENT GlossSee - O ((%para.char.mix;)+)>
+<!--end of glosssee.element-->]]>
+
+<!ENTITY % glosssee.attlist "INCLUDE">
+<![ %glosssee.attlist; [
+<!ATTLIST GlossSee
+		--
+		OtherTerm: Reference to the GlossEntry whose GlossTerm
+		should be displayed at the point of the GlossSee
+		--
+		OtherTerm	IDREF		#CONREF
+		%common.attrib;
+		%glosssee.role.attrib;
+		%local.glosssee.attrib;
+>
+<!--end of glosssee.attlist-->]]>
+<!--end of glosssee.module-->]]>
+
+<!ENTITY % glossseealso.module "INCLUDE">
+<![ %glossseealso.module; [
+<!ENTITY % local.glossseealso.attrib "">
+<!ENTITY % glossseealso.role.attrib "%role.attrib;">
+
+<!ENTITY % glossseealso.element "INCLUDE">
+<![ %glossseealso.element; [
+<!ELEMENT GlossSeeAlso - O ((%para.char.mix;)+)>
+<!--end of glossseealso.element-->]]>
+
+<!ENTITY % glossseealso.attlist "INCLUDE">
+<![ %glossseealso.attlist; [
+<!ATTLIST GlossSeeAlso
+		--
+		OtherTerm: Reference to the GlossEntry whose GlossTerm
+		should be displayed at the point of the GlossSeeAlso
+		--
+		OtherTerm	IDREF		#CONREF
+		%common.attrib;
+		%glossseealso.role.attrib;
+		%local.glossseealso.attrib;
+>
+<!--end of glossseealso.attlist-->]]>
+<!--end of glossseealso.module-->]]>
+<!--end of glossentry.content.module-->]]>
+
+<!-- ItemizedList and OrderedList ..... -->
+
+<!ENTITY % itemizedlist.module "INCLUDE">
+<![ %itemizedlist.module; [
+<!ENTITY % local.itemizedlist.attrib "">
+<!ENTITY % itemizedlist.role.attrib "%role.attrib;">
+
+<!ENTITY % itemizedlist.element "INCLUDE">
+<![ %itemizedlist.element; [
+<!ELEMENT ItemizedList - - ((%formalobject.title.content;)?, ListItem+)>
+<!--end of itemizedlist.element-->]]>
+
+<!ENTITY % itemizedlist.attlist "INCLUDE">
+<![ %itemizedlist.attlist; [
+<!ATTLIST ItemizedList	
+		--
+		Spacing: Whether the vertical space in the list should be
+		compressed
+		--
+		Spacing		(Normal
+				|Compact)	#IMPLIED
+		--
+		Mark: Keyword, e.g., bullet, dash, checkbox, none;
+		list of keywords and defaults are implementation specific
+		--
+		%mark.attrib;
+		%common.attrib;
+		%itemizedlist.role.attrib;
+		%local.itemizedlist.attrib;
+>
+<!--end of itemizedlist.attlist-->]]>
+<!--end of itemizedlist.module-->]]>
+
+<!ENTITY % orderedlist.module "INCLUDE">
+<![ %orderedlist.module; [
+<!ENTITY % local.orderedlist.attrib "">
+<!ENTITY % orderedlist.role.attrib "%role.attrib;">
+
+<!ENTITY % orderedlist.element "INCLUDE">
+<![ %orderedlist.element; [
+<!ELEMENT OrderedList - - ((%formalobject.title.content;)?, ListItem+)>
+<!--end of orderedlist.element-->]]>
+
+<!ENTITY % orderedlist.attlist "INCLUDE">
+<![ %orderedlist.attlist; [
+<!ATTLIST OrderedList
+		--
+		Numeration: Style of ListItem numbered; default is expected
+		to be Arabic
+		--
+		Numeration	(Arabic
+				|Upperalpha
+				|Loweralpha
+				|Upperroman
+				|Lowerroman)	#IMPLIED
+		--
+		InheritNum: Specifies for a nested list that the numbering
+		of ListItems should include the number of the item
+		within which they are nested (e.g., 1a and 1b within 1,
+		rather than a and b)--
+		InheritNum	(Inherit
+				|Ignore)	Ignore
+		--
+		Continuation: Where list numbering begins afresh (Restarts,
+		the default) or continues that of the immediately preceding 
+		list (Continues)
+		--
+		Continuation	(Continues
+				|Restarts)	Restarts
+		--
+		Spacing: Whether the vertical space in the list should be
+		compressed
+		--
+		Spacing		(Normal
+				|Compact)	#IMPLIED
+		%common.attrib;
+		%orderedlist.role.attrib;
+		%local.orderedlist.attrib;
+>
+<!--end of orderedlist.attlist-->]]>
+<!--end of orderedlist.module-->]]>
+
+<!ENTITY % listitem.module "INCLUDE">
+<![ %listitem.module; [
+<!ENTITY % local.listitem.attrib "">
+<!ENTITY % listitem.role.attrib "%role.attrib;">
+
+<!ENTITY % listitem.element "INCLUDE">
+<![ %listitem.element; [
+<!ELEMENT ListItem - O ((%component.mix;)+)>
+<!--end of listitem.element-->]]>
+
+<!ENTITY % listitem.attlist "INCLUDE">
+<![ %listitem.attlist; [
+<!ATTLIST ListItem
+		--
+		Override: Indicates the mark to be used for this ListItem
+		instead of the default mark or the mark specified by
+		the Mark attribute on the enclosing ItemizedList
+		--
+		Override	CDATA		#IMPLIED
+		%common.attrib;
+		%listitem.role.attrib;
+		%local.listitem.attrib;
+>
+<!--end of listitem.attlist-->]]>
+<!--end of listitem.module-->]]>
+
+<!-- SegmentedList .................... -->
+<!ENTITY % segmentedlist.content.module "INCLUDE">
+<![ %segmentedlist.content.module; [
+<!ENTITY % segmentedlist.module "INCLUDE">
+<![ %segmentedlist.module; [
+<!ENTITY % local.segmentedlist.attrib "">
+<!ENTITY % segmentedlist.role.attrib "%role.attrib;">
+
+<!ENTITY % segmentedlist.element "INCLUDE">
+<![ %segmentedlist.element; [
+<!ELEMENT SegmentedList - - ((%formalobject.title.content;)?, 
+                             SegTitle, SegTitle+,
+                             SegListItem+)>
+<!--end of segmentedlist.element-->]]>
+
+<!ENTITY % segmentedlist.attlist "INCLUDE">
+<![ %segmentedlist.attlist; [
+<!ATTLIST SegmentedList
+		%common.attrib;
+		%segmentedlist.role.attrib;
+		%local.segmentedlist.attrib;
+>
+<!--end of segmentedlist.attlist-->]]>
+<!--end of segmentedlist.module-->]]>
+
+<!ENTITY % segtitle.module "INCLUDE">
+<![ %segtitle.module; [
+<!ENTITY % local.segtitle.attrib "">
+<!ENTITY % segtitle.role.attrib "%role.attrib;">
+
+<!ENTITY % segtitle.element "INCLUDE">
+<![ %segtitle.element; [
+<!ELEMENT SegTitle - O ((%title.char.mix;)+)>
+<!--end of segtitle.element-->]]>
+
+<!ENTITY % segtitle.attlist "INCLUDE">
+<![ %segtitle.attlist; [
+<!ATTLIST SegTitle
+		%common.attrib;
+		%segtitle.role.attrib;
+		%local.segtitle.attrib;
+>
+<!--end of segtitle.attlist-->]]>
+<!--end of segtitle.module-->]]>
+
+<!ENTITY % seglistitem.module "INCLUDE">
+<![ %seglistitem.module; [
+<!ENTITY % local.seglistitem.attrib "">
+<!ENTITY % seglistitem.role.attrib "%role.attrib;">
+
+<!ENTITY % seglistitem.element "INCLUDE">
+<![ %seglistitem.element; [
+<!ELEMENT SegListItem - O (Seg, Seg+)>
+<!--end of seglistitem.element-->]]>
+
+<!ENTITY % seglistitem.attlist "INCLUDE">
+<![ %seglistitem.attlist; [
+<!ATTLIST SegListItem
+		%common.attrib;
+		%seglistitem.role.attrib;
+		%local.seglistitem.attrib;
+>
+<!--end of seglistitem.attlist-->]]>
+<!--end of seglistitem.module-->]]>
+
+<!ENTITY % seg.module "INCLUDE">
+<![ %seg.module; [
+<!ENTITY % local.seg.attrib "">
+<!ENTITY % seg.role.attrib "%role.attrib;">
+
+<!ENTITY % seg.element "INCLUDE">
+<![ %seg.element; [
+<!ELEMENT Seg - O ((%para.char.mix;)+)>
+<!--end of seg.element-->]]>
+
+<!ENTITY % seg.attlist "INCLUDE">
+<![ %seg.attlist; [
+<!ATTLIST Seg
+		%common.attrib;
+		%seg.role.attrib;
+		%local.seg.attrib;
+>
+<!--end of seg.attlist-->]]>
+<!--end of seg.module-->]]>
+<!--end of segmentedlist.content.module-->]]>
+
+<!-- SimpleList ....................... -->
+
+<!ENTITY % simplelist.content.module "INCLUDE">
+<![ %simplelist.content.module; [
+<!ENTITY % simplelist.module "INCLUDE">
+<![ %simplelist.module; [
+<!ENTITY % local.simplelist.attrib "">
+<!ENTITY % simplelist.role.attrib "%role.attrib;">
+
+<!ENTITY % simplelist.element "INCLUDE">
+<![ %simplelist.element; [
+<!ELEMENT SimpleList - - (Member+)>
+<!--end of simplelist.element-->]]>
+
+<!ENTITY % simplelist.attlist "INCLUDE">
+<![ %simplelist.attlist; [
+<!ATTLIST SimpleList
+		--
+		Columns: The number of columns the array should contain
+		--
+		Columns		NUMBER		#IMPLIED
+		--
+		Type: How the Members of the SimpleList should be
+		formatted: Inline (members separated with commas etc.
+		inline), Vert (top to bottom in n Columns), or Horiz (in
+		the direction of text flow) in n Columns.  If Column
+		is 1 or implied, Type=Vert and Type=Horiz give the same
+		results.
+		--
+		Type		(Inline
+				|Vert
+				|Horiz)		Vert
+		%common.attrib;
+		%simplelist.role.attrib;
+		%local.simplelist.attrib;
+>
+<!--end of simplelist.attlist-->]]>
+<!--end of simplelist.module-->]]>
+
+<!ENTITY % member.module "INCLUDE">
+<![ %member.module; [
+<!ENTITY % local.member.attrib "">
+<!ENTITY % member.role.attrib "%role.attrib;">
+
+<!ENTITY % member.element "INCLUDE">
+<![ %member.element; [
+<!ELEMENT Member - O ((%para.char.mix;)+)>
+<!--end of member.element-->]]>
+
+<!ENTITY % member.attlist "INCLUDE">
+<![ %member.attlist; [
+<!ATTLIST Member
+		%common.attrib;
+		%member.role.attrib;
+		%local.member.attrib;
+>
+<!--end of member.attlist-->]]>
+<!--end of member.module-->]]>
+<!--end of simplelist.content.module-->]]>
+
+<!-- VariableList ..................... -->
+
+<!ENTITY % variablelist.content.module "INCLUDE">
+<![ %variablelist.content.module; [
+<!ENTITY % variablelist.module "INCLUDE">
+<![ %variablelist.module; [
+<!ENTITY % local.variablelist.attrib "">
+<!ENTITY % variablelist.role.attrib "%role.attrib;">
+
+<!ENTITY % variablelist.element "INCLUDE">
+<![ %variablelist.element; [
+<!ELEMENT VariableList - - ((%formalobject.title.content;)?, VarListEntry+)>
+<!--end of variablelist.element-->]]>
+
+<!ENTITY % variablelist.attlist "INCLUDE">
+<![ %variablelist.attlist; [
+<!ATTLIST VariableList
+		--
+		TermLength: Length beyond which the presentation engine
+		may consider the Term too long and select an alternate
+		presentation of the Term and, or, its associated ListItem.
+		--
+		TermLength	CDATA		#IMPLIED
+		%common.attrib;
+		%variablelist.role.attrib;
+		%local.variablelist.attrib;
+>
+<!--end of variablelist.attlist-->]]>
+<!--end of variablelist.module-->]]>
+
+<!ENTITY % varlistentry.module "INCLUDE">
+<![ %varlistentry.module; [
+<!ENTITY % local.varlistentry.attrib "">
+<!ENTITY % varlistentry.role.attrib "%role.attrib;">
+
+<!ENTITY % varlistentry.element "INCLUDE">
+<![ %varlistentry.element; [
+<!ELEMENT VarListEntry - O (Term+, ListItem)>
+<!--end of varlistentry.element-->]]>
+
+<!ENTITY % varlistentry.attlist "INCLUDE">
+<![ %varlistentry.attlist; [
+<!ATTLIST VarListEntry
+		%common.attrib;
+		%varlistentry.role.attrib;
+		%local.varlistentry.attrib;
+>
+<!--end of varlistentry.attlist-->]]>
+<!--end of varlistentry.module-->]]>
+
+<!ENTITY % term.module "INCLUDE">
+<![ %term.module; [
+<!ENTITY % local.term.attrib "">
+<!ENTITY % term.role.attrib "%role.attrib;">
+
+<!ENTITY % term.element "INCLUDE">
+<![ %term.element; [
+<!ELEMENT Term - O ((%para.char.mix;)+)>
+<!--end of term.element-->]]>
+
+<!ENTITY % term.attlist "INCLUDE">
+<![ %term.attlist; [
+<!ATTLIST Term
+		%common.attrib;
+		%term.role.attrib;
+		%local.term.attrib;
+>
+<!--end of term.attlist-->]]>
+<!--end of term.module-->]]>
+
+<!-- ListItem (defined above)-->
+<!--end of variablelist.content.module-->]]>
+
+<!-- CalloutList ...................... -->
+
+<!ENTITY % calloutlist.content.module "INCLUDE">
+<![ %calloutlist.content.module; [
+<!ENTITY % calloutlist.module "INCLUDE">
+<![ %calloutlist.module; [
+<!ENTITY % local.calloutlist.attrib "">
+<!ENTITY % calloutlist.role.attrib "%role.attrib;">
+
+<!ENTITY % calloutlist.element "INCLUDE">
+<![ %calloutlist.element; [
+<!ELEMENT CalloutList - - ((%formalobject.title.content;)?, Callout+)>
+<!--end of calloutlist.element-->]]>
+
+<!ENTITY % calloutlist.attlist "INCLUDE">
+<![ %calloutlist.attlist; [
+<!ATTLIST CalloutList
+		%common.attrib;
+		%calloutlist.role.attrib;
+		%local.calloutlist.attrib;
+>
+<!--end of calloutlist.attlist-->]]>
+<!--end of calloutlist.module-->]]>
+
+<!ENTITY % callout.module "INCLUDE">
+<![ %callout.module; [
+<!ENTITY % local.callout.attrib "">
+<!ENTITY % callout.role.attrib "%role.attrib;">
+
+<!ENTITY % callout.element "INCLUDE">
+<![ %callout.element; [
+<!ELEMENT Callout - O ((%component.mix;)+)>
+<!--end of callout.element-->]]>
+
+<!ENTITY % callout.attlist "INCLUDE">
+<![ %callout.attlist; [
+<!ATTLIST Callout
+		--
+		AreaRefs: IDs of one or more Areas or AreaSets described
+		by this Callout
+		--
+		AreaRefs	IDREFS		#REQUIRED
+		%common.attrib;
+		%callout.role.attrib;
+		%local.callout.attrib;
+>
+<!--end of callout.attlist-->]]>
+<!--end of callout.module-->]]>
+<!--end of calloutlist.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Objects .............................................................. -->
+
+<!-- Examples etc. .................... -->
+
+<!ENTITY % example.module "INCLUDE">
+<![ %example.module; [
+<!ENTITY % local.example.attrib "">
+<!ENTITY % example.role.attrib "%role.attrib;">
+
+<!ENTITY % example.element "INCLUDE">
+<![ %example.element; [
+<!ELEMENT Example - - ((%formalobject.title.content;), (%example.mix;)+)
+		%formal.exclusion;>
+<!--end of example.element-->]]>
+
+<!ENTITY % example.attlist "INCLUDE">
+<![ %example.attlist; [
+<!ATTLIST Example
+		%label.attrib;
+		%width.attrib;
+		%common.attrib;
+		%example.role.attrib;
+		%local.example.attrib;
+>
+<!--end of example.attlist-->]]>
+<!--end of example.module-->]]>
+
+<!ENTITY % informalexample.module "INCLUDE">
+<![ %informalexample.module; [
+<!ENTITY % local.informalexample.attrib "">
+<!ENTITY % informalexample.role.attrib "%role.attrib;">
+
+<!ENTITY % informalexample.element "INCLUDE">
+<![ %informalexample.element; [
+<!ELEMENT InformalExample - - ((%example.mix;)+)>
+<!--end of informalexample.element-->]]>
+
+<!ENTITY % informalexample.attlist "INCLUDE">
+<![ %informalexample.attlist; [
+<!ATTLIST InformalExample
+		%width.attrib;
+		%common.attrib;
+		%informalexample.role.attrib;
+		%local.informalexample.attrib;
+>
+<!--end of informalexample.attlist-->]]>
+<!--end of informalexample.module-->]]>
+
+<!ENTITY % programlistingco.module "INCLUDE">
+<![ %programlistingco.module; [
+<!ENTITY % local.programlistingco.attrib "">
+<!ENTITY % programlistingco.role.attrib "%role.attrib;">
+
+<!ENTITY % programlistingco.element "INCLUDE">
+<![ %programlistingco.element; [
+<!ELEMENT ProgramListingCO - - (AreaSpec, ProgramListing, CalloutList*)>
+<!--end of programlistingco.element-->]]>
+
+<!ENTITY % programlistingco.attlist "INCLUDE">
+<![ %programlistingco.attlist; [
+<!ATTLIST ProgramListingCO
+		%common.attrib;
+		%programlistingco.role.attrib;
+		%local.programlistingco.attrib;
+>
+<!--end of programlistingco.attlist-->]]>
+<!-- CalloutList (defined above in Lists)-->
+<!--end of programlistingco.module-->]]>
+
+<!ENTITY % areaspec.content.module "INCLUDE">
+<![ %areaspec.content.module; [
+<!ENTITY % areaspec.module "INCLUDE">
+<![ %areaspec.module; [
+<!ENTITY % local.areaspec.attrib "">
+<!ENTITY % areaspec.role.attrib "%role.attrib;">
+
+<!ENTITY % areaspec.element "INCLUDE">
+<![ %areaspec.element; [
+<!ELEMENT AreaSpec - - ((Area|AreaSet)+)>
+<!--end of areaspec.element-->]]>
+
+<!ENTITY % areaspec.attlist "INCLUDE">
+<![ %areaspec.attlist; [
+<!ATTLIST AreaSpec
+		--
+		Units: global unit of measure in which coordinates in
+		this spec are expressed:
+
+		- CALSPair "x1,y1 x2,y2": lower-left and upper-right 
+		coordinates in a rectangle describing repro area in which 
+		graphic is placed, where X and Y dimensions are each some 
+		number 0..10000 (taken from CALS graphic attributes)
+
+		- LineColumn "line column": line number and column number
+		at which to start callout text in "linespecific" content
+
+		- LineRange "startline endline": whole lines from startline
+		to endline in "linespecific" content
+
+		- LineColumnPair "line1 col1 line2 col2": starting and ending
+		points of area in "linespecific" content that starts at
+		first position and ends at second position (including the
+		beginnings of any intervening lines)
+
+		- Other: directive to look at value of OtherUnits attribute
+		to get implementation-specific keyword
+
+		The default is implementation-specific; usually dependent on 
+		the parent element (GraphicCO gets CALSPair, ProgramListingCO
+		and ScreenCO get LineColumn)
+		--
+		Units		(CALSPair
+				|LineColumn
+				|LineRange
+				|LineColumnPair
+				|Other)		#IMPLIED
+		--
+		OtherUnits: User-defined units
+		--
+		OtherUnits	NAME		#IMPLIED
+		%common.attrib;
+		%areaspec.role.attrib;
+		%local.areaspec.attrib;
+>
+<!--end of areaspec.attlist-->]]>
+<!--end of areaspec.module-->]]>
+
+<!ENTITY % area.module "INCLUDE">
+<![ %area.module; [
+<!ENTITY % local.area.attrib "">
+<!ENTITY % area.role.attrib "%role.attrib;">
+
+<!ENTITY % area.element "INCLUDE">
+<![ %area.element; [
+<!ELEMENT Area - O EMPTY>
+<!--end of area.element-->]]>
+
+<!ENTITY % area.attlist "INCLUDE">
+<![ %area.attlist; [
+<!ATTLIST Area
+		%label.attrib; --bug number/symbol override or initialization--
+		%linkends.attrib; --to any related information--
+		--
+		Units: unit of measure in which coordinates in this
+		area are expressed; inherits from AreaSet and AreaSpec
+		--
+		Units		(CALSPair
+				|LineColumn
+				|LineRange
+				|LineColumnPair
+				|Other)		#IMPLIED
+		--
+		OtherUnits: User-defined units
+		--
+		OtherUnits	NAME		#IMPLIED
+		Coords		CDATA		#REQUIRED
+		%idreq.common.attrib;
+		%area.role.attrib;
+		%local.area.attrib;
+>
+<!--end of area.attlist-->]]>
+<!--end of area.module-->]]>
+
+<!ENTITY % areaset.module "INCLUDE">
+<![ %areaset.module; [
+<!ENTITY % local.areaset.attrib "">
+<!ENTITY % areaset.role.attrib "%role.attrib;">
+
+<!ENTITY % areaset.element "INCLUDE">
+<![ %areaset.element; [
+<!ELEMENT AreaSet - - (Area+)>
+<!--end of areaset.element-->]]>
+
+<!ENTITY % areaset.attlist "INCLUDE">
+<![ %areaset.attlist; [
+<!--FUTURE USE (V5.0):
+......................
+Coord attribute will be removed from AreaSet
+......................
+-->
+<!ATTLIST AreaSet
+		%label.attrib; --bug number/symbol override or initialization--
+
+		--
+		Units: unit of measure in which coordinates in this
+		area are expressed; inherits from AreaSpec
+		--
+		Units		(CALSPair
+				|LineColumn
+				|LineRange
+				|LineColumnPair
+				|Other)		#IMPLIED
+		OtherUnits	NAME		#IMPLIED
+		Coords		CDATA		#REQUIRED
+		%idreq.common.attrib;
+		%areaset.role.attrib;
+		%local.areaset.attrib;
+>
+<!--end of areaset.attlist-->]]>
+<!--end of areaset.module-->]]>
+<!--end of areaspec.content.module-->]]>
+
+<!ENTITY % programlisting.module "INCLUDE">
+<![ %programlisting.module; [
+<!ENTITY % local.programlisting.attrib "">
+<!ENTITY % programlisting.role.attrib "%role.attrib;">
+
+<!ENTITY % programlisting.element "INCLUDE">
+<![ %programlisting.element; [
+<!ELEMENT ProgramListing - - ((CO | LineAnnotation | %para.char.mix;)+)>
+<!--end of programlisting.element-->]]>
+
+<!ENTITY % programlisting.attlist "INCLUDE">
+<![ %programlisting.attlist; [
+<!ATTLIST ProgramListing
+		%width.attrib;
+		%linespecific.attrib;
+		%common.attrib;
+		%programlisting.role.attrib;
+		%local.programlisting.attrib;
+>
+<!--end of programlisting.attlist-->]]>
+<!--end of programlisting.module-->]]>
+
+<!ENTITY % literallayout.module "INCLUDE">
+<![ %literallayout.module; [
+<!ENTITY % local.literallayout.attrib "">
+<!ENTITY % literallayout.role.attrib "%role.attrib;">
+
+<!ENTITY % literallayout.element "INCLUDE">
+<![ %literallayout.element; [
+<!ELEMENT LiteralLayout - - ((CO | LineAnnotation | %para.char.mix;)+)>
+<!--end of literallayout.element-->]]>
+
+<!ENTITY % literallayout.attlist "INCLUDE">
+<![ %literallayout.attlist; [
+<!ATTLIST LiteralLayout
+		%width.attrib;
+		%linespecific.attrib;
+		Class	(Monospaced|Normal)	"Normal"
+		%common.attrib;
+		%literallayout.role.attrib;
+		%local.literallayout.attrib;
+>
+<!--end of literallayout.attlist-->]]>
+<!-- LineAnnotation (defined in the Inlines section, below)-->
+<!--end of literallayout.module-->]]>
+
+<!ENTITY % screenco.module "INCLUDE">
+<![ %screenco.module; [
+<!ENTITY % local.screenco.attrib "">
+<!ENTITY % screenco.role.attrib "%role.attrib;">
+
+<!ENTITY % screenco.element "INCLUDE">
+<![ %screenco.element; [
+<!ELEMENT ScreenCO - - (AreaSpec, Screen, CalloutList*)>
+<!--end of screenco.element-->]]>
+
+<!ENTITY % screenco.attlist "INCLUDE">
+<![ %screenco.attlist; [
+<!ATTLIST ScreenCO
+		%common.attrib;
+		%screenco.role.attrib;
+		%local.screenco.attrib;
+>
+<!--end of screenco.attlist-->]]>
+<!-- AreaSpec (defined above)-->
+<!-- CalloutList (defined above in Lists)-->
+<!--end of screenco.module-->]]>
+
+<!ENTITY % screen.module "INCLUDE">
+<![ %screen.module; [
+<!ENTITY % local.screen.attrib "">
+<!ENTITY % screen.role.attrib "%role.attrib;">
+
+<!ENTITY % screen.element "INCLUDE">
+<![ %screen.element; [
+<!ELEMENT Screen - - ((CO | LineAnnotation | %para.char.mix;)+)>
+<!--end of screen.element-->]]>
+
+<!ENTITY % screen.attlist "INCLUDE">
+<![ %screen.attlist; [
+<!ATTLIST Screen
+		%width.attrib;
+		%linespecific.attrib;
+		%common.attrib;
+		%screen.role.attrib;
+		%local.screen.attrib;
+>
+<!--end of screen.attlist-->]]>
+<!--end of screen.module-->]]>
+
+<!ENTITY % screenshot.content.module "INCLUDE">
+<![ %screenshot.content.module; [
+<!ENTITY % screenshot.module "INCLUDE">
+<![ %screenshot.module; [
+<!ENTITY % local.screenshot.attrib "">
+<!ENTITY % screenshot.role.attrib "%role.attrib;">
+
+<!ENTITY % screenshot.element "INCLUDE">
+<![ %screenshot.element; [
+<!ELEMENT ScreenShot - - (ScreenInfo?, 
+		(Graphic|GraphicCO
+		|MediaObject|MediaObjectCO))>
+<!--end of screenshot.element-->]]>
+
+<!ENTITY % screenshot.attlist "INCLUDE">
+<![ %screenshot.attlist; [
+<!ATTLIST ScreenShot
+		%common.attrib;
+		%screenshot.role.attrib;
+		%local.screenshot.attrib;
+>
+<!--end of screenshot.attlist-->]]>
+<!--end of screenshot.module-->]]>
+
+<!ENTITY % screeninfo.module "INCLUDE">
+<![ %screeninfo.module; [
+<!ENTITY % local.screeninfo.attrib "">
+<!ENTITY % screeninfo.role.attrib "%role.attrib;">
+
+<!ENTITY % screeninfo.element "INCLUDE">
+<![ %screeninfo.element; [
+<!ELEMENT ScreenInfo - O ((%para.char.mix;)+) %ubiq.exclusion;>
+<!--end of screeninfo.element-->]]>
+
+<!ENTITY % screeninfo.attlist "INCLUDE">
+<![ %screeninfo.attlist; [
+<!ATTLIST ScreenInfo
+		%common.attrib;
+		%screeninfo.role.attrib;
+		%local.screeninfo.attrib;
+>
+<!--end of screeninfo.attlist-->]]>
+<!--end of screeninfo.module-->]]>
+<!--end of screenshot.content.module-->]]>
+
+<!-- Figures etc. ..................... -->
+
+<!ENTITY % figure.module "INCLUDE">
+<![ %figure.module; [
+<!ENTITY % local.figure.attrib "">
+<!ENTITY % figure.role.attrib "%role.attrib;">
+
+<!ENTITY % figure.element "INCLUDE">
+<![ %figure.element; [
+<!ELEMENT Figure - - ((%formalobject.title.content;), (%figure.mix; |
+		%link.char.class;)+)>
+<!--end of figure.element-->]]>
+
+<!ENTITY % figure.attlist "INCLUDE">
+<![ %figure.attlist; [
+<!ATTLIST Figure
+		--
+		Float: Whether the Figure is supposed to be rendered
+		where convenient (yes (1) value) or at the place it occurs
+		in the text (no (0) value, the default)
+		--
+		Float		%yesorno.attvals;	%no.attval;
+		PgWide      	%yesorno.attvals;       #IMPLIED
+		%label.attrib;
+		%common.attrib;
+		%figure.role.attrib;
+		%local.figure.attrib;
+>
+<!--end of figure.attlist-->]]>
+<!--end of figure.module-->]]>
+
+<!ENTITY % informalfigure.module "INCLUDE">
+<![ %informalfigure.module; [
+<!ENTITY % local.informalfigure.attrib "">
+<!ENTITY % informalfigure.role.attrib "%role.attrib;">
+
+<!ENTITY % informalfigure.element "INCLUDE">
+<![ %informalfigure.element; [
+<!ELEMENT InformalFigure - - ((%figure.mix; | %link.char.class;)+)>
+<!--end of informalfigure.element-->]]>
+
+<!ENTITY % informalfigure.attlist "INCLUDE">
+<![ %informalfigure.attlist; [
+<!ATTLIST InformalFigure
+		--
+		Float: Whether the Figure is supposed to be rendered
+		where convenient (yes (1) value) or at the place it occurs
+		in the text (no (0) value, the default)
+		--
+		Float		%yesorno.attvals;	%no.attval;
+		PgWide      	%yesorno.attvals;       #IMPLIED
+		%label.attrib;
+		%common.attrib;
+		%informalfigure.role.attrib;
+		%local.informalfigure.attrib;
+>
+<!--end of informalfigure.attlist-->]]>
+<!--end of informalfigure.module-->]]>
+
+<!ENTITY % graphicco.module "INCLUDE">
+<![ %graphicco.module; [
+<!ENTITY % local.graphicco.attrib "">
+<!ENTITY % graphicco.role.attrib "%role.attrib;">
+
+<!ENTITY % graphicco.element "INCLUDE">
+<![ %graphicco.element; [
+<!ELEMENT GraphicCO - - (AreaSpec, Graphic, CalloutList*)>
+<!--end of graphicco.element-->]]>
+
+<!ENTITY % graphicco.attlist "INCLUDE">
+<![ %graphicco.attlist; [
+<!ATTLIST GraphicCO
+		%common.attrib;
+		%graphicco.role.attrib;
+		%local.graphicco.attrib;
+>
+<!--end of graphicco.attlist-->]]>
+<!-- AreaSpec (defined above in Examples)-->
+<!-- CalloutList (defined above in Lists)-->
+<!--end of graphicco.module-->]]>
+
+<!-- Graphical data can be the content of Graphic, or you can reference
+     an external file either as an entity (Entitref) or a filename
+     (Fileref). -->
+
+<!ENTITY % graphic.module "INCLUDE">
+<![ %graphic.module; [
+<!ENTITY % local.graphic.attrib "">
+<!ENTITY % graphic.role.attrib "%role.attrib;">
+
+<!ENTITY % graphic.element "INCLUDE">
+<![ %graphic.element; [
+<!ELEMENT Graphic - O EMPTY>
+<!--end of graphic.element-->]]>
+
+<!ENTITY % graphic.attlist "INCLUDE">
+<![ %graphic.attlist; [
+<!ATTLIST Graphic
+		%graphics.attrib;
+		%common.attrib;
+		%graphic.role.attrib;
+		%local.graphic.attrib;
+>
+<!--end of graphic.attlist-->]]>
+<!--end of graphic.module-->]]>
+
+<!ENTITY % inlinegraphic.module "INCLUDE">
+<![ %inlinegraphic.module; [
+<!ENTITY % local.inlinegraphic.attrib "">
+<!ENTITY % inlinegraphic.role.attrib "%role.attrib;">
+
+<!ENTITY % inlinegraphic.element "INCLUDE">
+<![ %inlinegraphic.element; [
+<!ELEMENT InlineGraphic - O EMPTY>
+<!--end of inlinegraphic.element-->]]>
+
+<!ENTITY % inlinegraphic.attlist "INCLUDE">
+<![ %inlinegraphic.attlist; [
+<!ATTLIST InlineGraphic
+		%graphics.attrib;
+		%common.attrib;
+		%inlinegraphic.role.attrib;
+		%local.inlinegraphic.attrib;
+>
+<!--end of inlinegraphic.attlist-->]]>
+<!--end of inlinegraphic.module-->]]>
+
+<!ENTITY % mediaobject.content.module "INCLUDE">
+<![ %mediaobject.content.module; [
+
+<!ENTITY % mediaobject.module "INCLUDE">
+<![ %mediaobject.module; [
+<!ENTITY % local.mediaobject.attrib "">
+<!ENTITY % mediaobject.role.attrib "%role.attrib;">
+
+<!ENTITY % mediaobject.element "INCLUDE">
+<![ %mediaobject.element; [
+<!ELEMENT MediaObject - - (ObjectInfo?,
+                           (%mediaobject.mix;),
+			   (%mediaobject.mix;|TextObject)*,
+			   Caption?)>
+<!--end of mediaobject.element-->]]>
+
+<!ENTITY % mediaobject.attlist "INCLUDE">
+<![ %mediaobject.attlist; [
+<!ATTLIST MediaObject
+		%common.attrib;
+		%mediaobject.role.attrib;
+		%local.mediaobject.attrib;
+>
+<!--end of mediaobject.attlist-->]]>
+<!--end of mediaobject.module-->]]>
+
+<!ENTITY % inlinemediaobject.module "INCLUDE">
+<![ %inlinemediaobject.module; [
+<!ENTITY % local.inlinemediaobject.attrib "">
+<!ENTITY % inlinemediaobject.role.attrib "%role.attrib;">
+
+<!ENTITY % inlinemediaobject.element "INCLUDE">
+<![ %inlinemediaobject.element; [
+<!ELEMENT InlineMediaObject - - (ObjectInfo?,
+                	         (%mediaobject.mix;),
+				 (%mediaobject.mix;|TextObject)*)>
+<!--end of inlinemediaobject.element-->]]>
+
+<!ENTITY % inlinemediaobject.attlist "INCLUDE">
+<![ %inlinemediaobject.attlist; [
+<!ATTLIST InlineMediaObject
+		%common.attrib;
+		%inlinemediaobject.role.attrib;
+		%local.inlinemediaobject.attrib;
+>
+<!--end of inlinemediaobject.attlist-->]]>
+<!--end of inlinemediaobject.module-->]]>
+
+<!ENTITY % videoobject.module "INCLUDE">
+<![ %videoobject.module; [
+<!ENTITY % local.videoobject.attrib "">
+<!ENTITY % videoobject.role.attrib "%role.attrib;">
+
+<!ENTITY % videoobject.element "INCLUDE">
+<![ %videoobject.element; [
+<!ELEMENT VideoObject - - (ObjectInfo?, VideoData)>
+<!--end of videoobject.element-->]]>
+
+<!ENTITY % videoobject.attlist "INCLUDE">
+<![ %videoobject.attlist; [
+<!ATTLIST VideoObject
+		%common.attrib;
+		%videoobject.role.attrib;
+		%local.videoobject.attrib;
+>
+<!--end of videoobject.attlist-->]]>
+<!--end of videoobject.module-->]]>
+
+<!ENTITY % audioobject.module "INCLUDE">
+<![ %audioobject.module; [
+<!ENTITY % local.audioobject.attrib "">
+<!ENTITY % audioobject.role.attrib "%role.attrib;">
+
+<!ENTITY % audioobject.element "INCLUDE">
+<![ %audioobject.element; [
+<!ELEMENT AudioObject - - (ObjectInfo?, AudioData)>
+<!--end of audioobject.element-->]]>
+
+<!ENTITY % audioobject.attlist "INCLUDE">
+<![ %audioobject.attlist; [
+<!ATTLIST AudioObject
+		%common.attrib;
+		%audioobject.role.attrib;
+		%local.audioobject.attrib;
+>
+<!--end of audioobject.attlist-->]]>
+<!--end of audioobject.module-->]]>
+
+<!ENTITY % imageobject.module "INCLUDE">
+<![ %imageobject.module; [
+<!ENTITY % local.imageobject.attrib "">
+<!ENTITY % imageobject.role.attrib "%role.attrib;">
+
+<!ENTITY % imageobject.element "INCLUDE">
+<![ %imageobject.element; [
+<!ELEMENT ImageObject - - (ObjectInfo?, ImageData)>
+<!--end of imageobject.element-->]]>
+
+<!ENTITY % imageobject.attlist "INCLUDE">
+<![ %imageobject.attlist; [
+<!ATTLIST ImageObject
+		%common.attrib;
+		%imageobject.role.attrib;
+		%local.imageobject.attrib;
+>
+<!--end of imageobject.attlist-->]]>
+<!--end of imageobject.module-->]]>
+
+<!ENTITY % textobject.module "INCLUDE">
+<![ %textobject.module; [
+<!ENTITY % local.textobject.attrib "">
+<!ENTITY % textobject.role.attrib "%role.attrib;">
+
+<!ENTITY % textobject.element "INCLUDE">
+<![ %textobject.element; [
+<!ELEMENT TextObject - - (ObjectInfo?, (Phrase|(%textobject.mix;)+))>
+<!--end of textobject.element-->]]>
+
+<!ENTITY % textobject.attlist "INCLUDE">
+<![ %textobject.attlist; [
+<!ATTLIST TextObject
+		%common.attrib;
+		%textobject.role.attrib;
+		%local.textobject.attrib;
+>
+<!--end of textobject.attlist-->]]>
+<!--end of textobject.module-->]]>
+
+<!ENTITY % objectinfo.module "INCLUDE">
+<![ %objectinfo.module; [
+<!ENTITY % local.objectinfo.attrib "">
+<!ENTITY % objectinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % objectinfo.element "INCLUDE">
+<![ %objectinfo.element; [
+<!ELEMENT ObjectInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec 
+	| SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+)
+	-(BeginPage)>
+<!--end of objectinfo.element-->]]>
+
+<!ENTITY % objectinfo.attlist "INCLUDE">
+<![ %objectinfo.attlist; [
+<!ATTLIST ObjectInfo
+		%common.attrib;
+		%objectinfo.role.attrib;
+		%local.objectinfo.attrib;
+>
+<!--end of objectinfo.attlist-->]]>
+<!--end of objectinfo.module-->]]>
+
+<!ENTITY % local.objectdata.attrib "">
+<!ENTITY % objectdata.attrib
+	"
+	--EntityRef: Name of an external entity containing the content
+	of the object data--
+	EntityRef	ENTITY		#IMPLIED
+
+	--FileRef: Filename, qualified by a pathname if desired, 
+	designating the file containing the content of the object data--
+	FileRef 	CDATA		#IMPLIED
+
+	--Format: Notation of the element content, if any--
+	Format		(%notation.class;)
+					#IMPLIED
+
+	--SrcCredit: Information about the source of the image--
+	SrcCredit	CDATA		#IMPLIED
+
+	%local.objectdata.attrib;"
+>
+
+<!ENTITY % videodata.module "INCLUDE">
+<![ %videodata.module; [
+<!ENTITY % local.videodata.attrib "">
+<!ENTITY % videodata.role.attrib "%role.attrib;">
+
+<!ENTITY % videodata.element "INCLUDE">
+<![ %videodata.element; [
+<!ELEMENT VideoData - O EMPTY>
+<!--end of videodata.element-->]]>
+
+<!ENTITY % videodata.attlist "INCLUDE">
+<![ %videodata.attlist; [
+<!ATTLIST VideoData
+		%common.attrib;
+		%objectdata.attrib;
+
+	--Width: Same as CALS reprowid (desired width)--
+	Width		NUTOKEN		#IMPLIED
+
+	--Depth: Same as CALS reprodep (desired depth)--
+	Depth		NUTOKEN		#IMPLIED
+
+	--Align: Same as CALS hplace with 'none' removed; #IMPLIED means 
+	application-specific--
+	Align		(Left
+			|Right 
+			|Center)	#IMPLIED
+
+	--Scale: Conflation of CALS hscale and vscale--
+	Scale		NUMBER		#IMPLIED
+
+	--Scalefit: Same as CALS scalefit--
+	Scalefit	%yesorno.attvals;
+					#IMPLIED
+
+		%videodata.role.attrib;
+		%local.videodata.attrib;
+>
+<!--end of videodata.attlist-->]]>
+<!--end of videodata.module-->]]>
+
+<!ENTITY % audiodata.module "INCLUDE">
+<![ %audiodata.module; [
+<!ENTITY % local.audiodata.attrib "">
+<!ENTITY % audiodata.role.attrib "%role.attrib;">
+
+<!ENTITY % audiodata.element "INCLUDE">
+<![ %audiodata.element; [
+<!ELEMENT AudioData - O EMPTY>
+<!--end of audiodata.element-->]]>
+
+<!ENTITY % audiodata.attlist "INCLUDE">
+<![ %audiodata.attlist; [
+<!ATTLIST AudioData
+		%common.attrib;
+		%objectdata.attrib;
+		%local.audiodata.attrib;
+		%audiodata.role.attrib;
+>
+<!--end of audiodata.attlist-->]]>
+<!--end of audiodata.module-->]]>
+
+<!ENTITY % imagedata.module "INCLUDE">
+<![ %imagedata.module; [
+<!ENTITY % local.imagedata.attrib "">
+<!ENTITY % imagedata.role.attrib "%role.attrib;">
+
+<!ENTITY % imagedata.element "INCLUDE">
+<![ %imagedata.element; [
+<!ELEMENT ImageData - O EMPTY>
+<!--end of imagedata.element-->]]>
+
+<!ENTITY % imagedata.attlist "INCLUDE">
+<![ %imagedata.attlist; [
+<!ATTLIST ImageData
+		%common.attrib;
+		%objectdata.attrib;
+
+	--Width: Same as CALS reprowid (desired width)--
+	Width		NUTOKEN		#IMPLIED
+
+	--Depth: Same as CALS reprodep (desired depth)--
+	Depth		NUTOKEN		#IMPLIED
+
+	--Align: Same as CALS hplace with 'none' removed; #IMPLIED means 
+	application-specific--
+	Align		(Left
+			|Right 
+			|Center)	#IMPLIED
+
+	--Scale: Conflation of CALS hscale and vscale--
+	Scale		NUMBER		#IMPLIED
+
+	--Scalefit: Same as CALS scalefit--
+	Scalefit	%yesorno.attvals;
+					#IMPLIED
+
+		%local.imagedata.attrib;
+		%imagedata.role.attrib;
+>
+<!--end of imagedata.attlist-->]]>
+<!--end of imagedata.module-->]]>
+
+<!ENTITY % caption.module "INCLUDE">
+<![ %caption.module; [
+<!ENTITY % local.caption.attrib "">
+<!ENTITY % caption.role.attrib "%role.attrib;">
+
+<!ENTITY % caption.element "INCLUDE">
+<![ %caption.element; [
+<!ELEMENT Caption - - (%textobject.mix;)*>
+<!--end of caption.element-->]]>
+
+<!ENTITY % caption.attlist "INCLUDE">
+<![ %caption.attlist; [
+<!ATTLIST Caption
+		%common.attrib;
+		%local.caption.attrib;
+		%caption.role.attrib;
+>
+<!--end of caption.attlist-->]]>
+<!--end of caption.module-->]]>
+
+<!ENTITY % mediaobjectco.module "INCLUDE">
+<![ %mediaobjectco.module; [
+<!ENTITY % local.mediaobjectco.attrib "">
+<!ENTITY % mediaobjectco.role.attrib "%role.attrib;">
+
+<!ENTITY % mediaobjectco.element "INCLUDE">
+<![ %mediaobjectco.element; [
+<!ELEMENT MediaObjectCO - - (ObjectInfo?, ImageObjectCO,
+			   (ImageObjectCO|TextObject)*)>
+<!--end of mediaobjectco.element-->]]>
+
+<!ENTITY % mediaobjectco.attlist "INCLUDE">
+<![ %mediaobjectco.attlist; [
+<!ATTLIST MediaObjectCO
+		%common.attrib;
+		%mediaobjectco.role.attrib;
+		%local.mediaobjectco.attrib;
+>
+<!--end of mediaobjectco.attlist-->]]>
+<!--end of mediaobjectco.module-->]]>
+
+<!ENTITY % imageobjectco.module "INCLUDE">
+<![ %imageobjectco.module; [
+<!ENTITY % local.imageobjectco.attrib "">
+<!ENTITY % imageobjectco.role.attrib "%role.attrib;">
+
+<!ENTITY % imageobjectco.element "INCLUDE">
+<![ %imageobjectco.element; [
+<!ELEMENT ImageObjectCO - - (AreaSpec, ImageObject, CalloutList*)>
+<!--end of imageobjectco.element-->]]>
+
+<!ENTITY % imageobjectco.attlist "INCLUDE">
+<![ %imageobjectco.attlist; [
+<!ATTLIST ImageObjectCO
+		%common.attrib;
+		%imageobjectco.role.attrib;
+		%local.imageobjectco.attrib;
+>
+<!--end of imageobjectco.attlist-->]]>
+<!--end of imageobjectco.module-->]]>
+<!--end of mediaobject.content.module-->]]>
+
+<!-- Equations ........................ -->
+
+<!-- This PE provides a mechanism for replacing equation content, -->
+<!-- perhaps adding a new or different model (e.g., MathML) -->
+<!ENTITY % equation.content "(Alt?, (Graphic+|MediaObject+))">
+<!ENTITY % inlineequation.content "(Alt?, (Graphic+|InlineMediaObject+))">
+
+<!ENTITY % equation.module "INCLUDE">
+<![ %equation.module; [
+<!ENTITY % local.equation.attrib "">
+<!ENTITY % equation.role.attrib "%role.attrib;">
+
+<!ENTITY % equation.element "INCLUDE">
+<![ %equation.element; [
+<!ELEMENT Equation - - ((%formalobject.title.content;)?, (InformalEquation |
+		%equation.content;))>
+<!--end of equation.element-->]]>
+
+<!ENTITY % equation.attlist "INCLUDE">
+<![ %equation.attlist; [
+<!ATTLIST Equation
+		%label.attrib;
+	 	%common.attrib;
+		%equation.role.attrib;
+		%local.equation.attrib;
+>
+<!--end of equation.attlist-->]]>
+<!--end of equation.module-->]]>
+
+<!ENTITY % informalequation.module "INCLUDE">
+<![ %informalequation.module; [
+<!ENTITY % local.informalequation.attrib "">
+<!ENTITY % informalequation.role.attrib "%role.attrib;">
+
+<!ENTITY % informalequation.element "INCLUDE">
+<![ %informalequation.element; [
+<!ELEMENT InformalEquation - - (%equation.content;)>
+<!--end of informalequation.element-->]]>
+
+<!ENTITY % informalequation.attlist "INCLUDE">
+<![ %informalequation.attlist; [
+<!ATTLIST InformalEquation
+		%common.attrib;
+		%informalequation.role.attrib;
+		%local.informalequation.attrib;
+>
+<!--end of informalequation.attlist-->]]>
+<!--end of informalequation.module-->]]>
+
+<!ENTITY % inlineequation.module "INCLUDE">
+<![ %inlineequation.module; [
+<!ENTITY % local.inlineequation.attrib "">
+<!ENTITY % inlineequation.role.attrib "%role.attrib;">
+
+<!ENTITY % inlineequation.element "INCLUDE">
+<![ %inlineequation.element; [
+<!ELEMENT InlineEquation - - (%inlineequation.content;)>
+<!--end of inlineequation.element-->]]>
+
+<!ENTITY % inlineequation.attlist "INCLUDE">
+<![ %inlineequation.attlist; [
+<!ATTLIST InlineEquation
+		%common.attrib;
+		%inlineequation.role.attrib;
+		%local.inlineequation.attrib;
+>
+<!--end of inlineequation.attlist-->]]>
+<!--end of inlineequation.module-->]]>
+
+<!ENTITY % alt.module "INCLUDE">
+<![ %alt.module; [
+<!ENTITY % local.alt.attrib "">
+<!ENTITY % alt.role.attrib "%role.attrib;">
+
+<!ENTITY % alt.element "INCLUDE">
+<![ %alt.element; [
+<!ELEMENT Alt - - (#PCDATA)>
+<!--end of alt.element-->]]>
+
+<!ENTITY % alt.attlist "INCLUDE">
+<![ %alt.attlist; [
+<!ATTLIST Alt 
+		%common.attrib;
+		%alt.role.attrib;
+		%local.alt.attrib;
+>
+<!--end of alt.attlist-->]]>
+<!--end of alt.module-->]]>
+
+<!-- Tables ........................... -->
+
+<!ENTITY % table.module "INCLUDE">
+<![ %table.module; [
+
+<!ENTITY % tables.role.attrib "%role.attrib;">
+
+<!-- Add Label attribute to Table element (and InformalTable element). -->
+<!ENTITY % bodyatt "%label.attrib;">
+
+<!-- Add common attributes to Table, TGroup, TBody, THead, TFoot, Row, 
+     EntryTbl, and Entry (and InformalTable element). -->
+<!ENTITY % secur
+	"%common.attrib;
+	%tables.role.attrib;">
+
+<!-- Remove Chart. -->
+<!ENTITY % tbl.table.name "Table">
+
+<!-- Content model for Table. -->
+<!ENTITY % tbl.table.mdl
+	"((%formalobject.title.content;),
+          (%ndxterm.class;)*,
+          (Graphic+|MediaObject+|tgroup+))">
+
+<!-- Exclude all DocBook tables and formal objects. -->
+<!ENTITY % tbl.table.excep "-(InformalTable|%formal.class;)">
+
+<!-- Remove pgbrk exception on Row. -->
+<!ENTITY % tbl.row.excep "">
+
+<!-- Allow either objects or inlines; beware of REs between elements. -->
+<!ENTITY % tbl.entry.mdl "((%tabentry.mix;)+ | (%para.char.mix;)+)">
+
+<!-- Remove pgbrk exception on Entry. -->
+<!ENTITY % tbl.entry.excep "">
+
+<!-- Remove pgbrk exception on EntryTbl, but leave exclusion of itself. -->
+<!ENTITY % tbl.entrytbl.excep "-(entrytbl)">
+
+<!-- Reference CALS table module. -->
+<!ENTITY % calstbls PUBLIC "-//USA-DOD//DTD Table Model 951010//EN">
+%calstbls;
+<!--end of table.module-->]]>
+
+<!ENTITY % informaltable.module "INCLUDE">
+<![ %informaltable.module; [
+
+<!-- Note that InformalTable is dependent on some of the entity
+     declarations that customize Table. -->
+
+<!ENTITY % local.informaltable.attrib "">
+
+<!ENTITY % informaltable.element "INCLUDE">
+<![ %informaltable.element; [
+<!ELEMENT InformalTable - - (Graphic+|MediaObject+|tgroup+) %tbl.table.excep;>
+<!--end of informaltable.element-->]]>
+
+<!ENTITY % informaltable.attlist "INCLUDE">
+<![ %informaltable.attlist; [
+<!ATTLIST InformalTable
+		--
+		Frame, Colsep, and Rowsep must be repeated because
+		they are not in entities in the table module.
+		--
+		Frame		(Top
+				|Bottom
+				|Topbot
+				|All
+				|Sides
+				|None)			#IMPLIED
+		Colsep		%yesorno.attvals;	#IMPLIED
+		Rowsep		%yesorno.attvals;	#IMPLIED
+		%tbl.table.att; -- includes TabStyle, ToCentry, ShortEntry, 
+				Orient, PgWide --
+		%bodyatt; -- includes Label --
+		%secur; -- includes common attributes --
+		%local.informaltable.attrib;
+>
+<!--end of informaltable.attlist-->]]>
+<!--end of informaltable.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Synopses ............................................................. -->
+
+<!-- Synopsis ......................... -->
+
+<!ENTITY % synopsis.module "INCLUDE">
+<![ %synopsis.module; [
+<!ENTITY % local.synopsis.attrib "">
+<!ENTITY % synopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % synopsis.element "INCLUDE">
+<![ %synopsis.element; [
+<!ELEMENT Synopsis - - ((CO | LineAnnotation | %para.char.mix;
+		| Graphic | MediaObject)+)>
+<!--end of synopsis.element-->]]>
+
+<!ENTITY % synopsis.attlist "INCLUDE">
+<![ %synopsis.attlist; [
+<!ATTLIST Synopsis
+		%label.attrib;
+		%linespecific.attrib;
+		%common.attrib;
+		%synopsis.role.attrib;
+		%local.synopsis.attrib;
+>
+<!--end of synopsis.attlist-->]]>
+
+<!-- LineAnnotation (defined in the Inlines section, below)-->
+<!--end of synopsis.module-->]]>
+
+<!-- CmdSynopsis ...................... -->
+
+<!ENTITY % cmdsynopsis.content.module "INCLUDE">
+<![ %cmdsynopsis.content.module; [
+<!ENTITY % cmdsynopsis.module "INCLUDE">
+<![ %cmdsynopsis.module; [
+<!ENTITY % local.cmdsynopsis.attrib "">
+<!ENTITY % cmdsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % cmdsynopsis.element "INCLUDE">
+<![ %cmdsynopsis.element; [
+<!ELEMENT CmdSynopsis - - ((Command | Arg | Group | SBR)+, SynopFragment*)>
+<!--end of cmdsynopsis.element-->]]>
+
+<!ENTITY % cmdsynopsis.attlist "INCLUDE">
+<![ %cmdsynopsis.attlist; [
+<!ATTLIST CmdSynopsis
+		%label.attrib;
+		--
+		Sepchar: Character that should separate command and all 
+		top-level arguments; alternate value might be e.g., &Delta;
+		--
+		Sepchar		CDATA		" "
+		--
+		CmdLength: Length beyond which the presentation engine
+		may consider a Command too long and select an alternate
+		presentation of the Command and, or, its associated
+		arguments.
+		--
+		CmdLength	CDATA		#IMPLIED
+		%common.attrib;
+		%cmdsynopsis.role.attrib;
+		%local.cmdsynopsis.attrib;
+>
+<!--end of cmdsynopsis.attlist-->]]>
+<!--end of cmdsynopsis.module-->]]>
+
+<!ENTITY % arg.module "INCLUDE">
+<![ %arg.module; [
+<!ENTITY % local.arg.attrib "">
+<!ENTITY % arg.role.attrib "%role.attrib;">
+
+<!ENTITY % arg.element "INCLUDE">
+<![ %arg.element; [
+<!ELEMENT Arg - - ((#PCDATA 
+		| Arg 
+		| Group 
+		| Option 
+		| SynopFragmentRef 
+		| Replaceable
+		| SBR)+)>
+<!--end of arg.element-->]]>
+
+<!ENTITY % arg.attlist "INCLUDE">
+<![ %arg.attlist; [
+<!ATTLIST Arg
+		--
+		Choice: Whether Arg must be supplied: Opt (optional to 
+		supply, e.g. [arg]; the default), Req (required to supply, 
+		e.g. {arg}), or Plain (required to supply, e.g. arg)
+		--
+		Choice		(Opt
+				|Req
+				|Plain)		Opt
+		--
+		Rep: whether Arg is repeatable: Norepeat (e.g. arg without 
+		ellipsis; the default), or Repeat (e.g. arg...)
+		--
+		Rep		(Norepeat
+				|Repeat)	Norepeat
+		%common.attrib;
+		%arg.role.attrib;
+		%local.arg.attrib;
+>
+<!--end of arg.attlist-->]]>
+<!--end of arg.module-->]]>
+
+<!ENTITY % group.module "INCLUDE">
+<![ %group.module; [
+
+<!ENTITY % local.group.attrib "">
+<!ENTITY % group.role.attrib "%role.attrib;">
+
+<!ENTITY % group.element "INCLUDE">
+<![ %group.element; [
+<!ELEMENT Group - - ((Arg | Group | Option | SynopFragmentRef 
+		| Replaceable | SBR)+)>
+<!--end of group.element-->]]>
+
+<!ENTITY % group.attlist "INCLUDE">
+<![ %group.attlist; [
+<!ATTLIST Group
+		--
+		Choice: Whether Group must be supplied: Opt (optional to
+		supply, e.g.  [g1|g2|g3]; the default), Req (required to
+		supply, e.g.  {g1|g2|g3}), Plain (required to supply,
+		e.g.  g1|g2|g3), OptMult (can supply zero or more, e.g.
+		[[g1|g2|g3]]), or ReqMult (must supply one or more, e.g.
+		{{g1|g2|g3}})
+		--
+		Choice		(Opt
+				|Req
+				|Plain)		Opt
+		--
+		Rep: whether Group is repeatable: Norepeat (e.g. group 
+		without ellipsis; the default), or Repeat (e.g. group...)
+		--
+		Rep		(Norepeat
+				|Repeat)	Norepeat
+		%common.attrib;
+		%group.role.attrib;
+		%local.group.attrib;
+>
+<!--end of group.attlist-->]]>
+<!--end of group.module-->]]>
+
+<!ENTITY % sbr.module "INCLUDE">
+<![ %sbr.module; [
+<!ENTITY % local.sbr.attrib "">
+<!-- Synopsis break -->
+<!ENTITY % sbr.role.attrib "%role.attrib;">
+
+<!ENTITY % sbr.element "INCLUDE">
+<![ %sbr.element; [
+<!ELEMENT SBR - O EMPTY>
+<!--end of sbr.element-->]]>
+
+<!ENTITY % sbr.attlist "INCLUDE">
+<![ %sbr.attlist; [
+<!ATTLIST SBR
+		%common.attrib;
+		%sbr.role.attrib;
+		%local.sbr.attrib;
+>
+<!--end of sbr.attlist-->]]>
+<!--end of sbr.module-->]]>
+
+<!ENTITY % synopfragmentref.module "INCLUDE">
+<![ %synopfragmentref.module; [
+<!ENTITY % local.synopfragmentref.attrib "">
+<!ENTITY % synopfragmentref.role.attrib "%role.attrib;">
+
+<!ENTITY % synopfragmentref.element "INCLUDE">
+<![ %synopfragmentref.element; [
+<!ELEMENT SynopFragmentRef - - RCDATA >
+<!--end of synopfragmentref.element-->]]>
+
+<!ENTITY % synopfragmentref.attlist "INCLUDE">
+<![ %synopfragmentref.attlist; [
+<!ATTLIST SynopFragmentRef
+		%linkendreq.attrib; --to SynopFragment of complex synopsis
+			material for separate referencing--
+		%common.attrib;
+		%synopfragmentref.role.attrib;
+		%local.synopfragmentref.attrib;
+>
+<!--end of synopfragmentref.attlist-->]]>
+<!--end of synopfragmentref.module-->]]>
+
+<!ENTITY % synopfragment.module "INCLUDE">
+<![ %synopfragment.module; [
+<!ENTITY % local.synopfragment.attrib "">
+<!ENTITY % synopfragment.role.attrib "%role.attrib;">
+
+<!ENTITY % synopfragment.element "INCLUDE">
+<![ %synopfragment.element; [
+<!ELEMENT SynopFragment - - ((Arg | Group)+)>
+<!--end of synopfragment.element-->]]>
+
+<!ENTITY % synopfragment.attlist "INCLUDE">
+<![ %synopfragment.attlist; [
+<!ATTLIST SynopFragment
+		%idreq.common.attrib;
+		%synopfragment.role.attrib;
+		%local.synopfragment.attrib;
+>
+<!--end of synopfragment.attlist-->]]>
+<!--end of synopfragment.module-->]]>
+
+<!-- Command (defined in the Inlines section, below)-->
+<!-- Option (defined in the Inlines section, below)-->
+<!-- Replaceable (defined in the Inlines section, below)-->
+<!--end of cmdsynopsis.content.module-->]]>
+
+<!-- FuncSynopsis ..................... -->
+
+<!ENTITY % funcsynopsis.content.module "INCLUDE">
+<![ %funcsynopsis.content.module; [
+<!ENTITY % funcsynopsis.module "INCLUDE">
+<![ %funcsynopsis.module; [
+
+<!ENTITY % local.funcsynopsis.attrib "">
+<!ENTITY % funcsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % funcsynopsis.element "INCLUDE">
+<![ %funcsynopsis.element; [
+<!ELEMENT FuncSynopsis - - (FuncSynopsisInfo|FuncPrototype)+>
+<!--end of funcsynopsis.element-->]]>
+
+<!ENTITY % funcsynopsis.attlist "INCLUDE">
+<![ %funcsynopsis.attlist; [
+<!ATTLIST FuncSynopsis
+		%label.attrib;
+		%common.attrib;
+		%funcsynopsis.role.attrib;
+		%local.funcsynopsis.attrib;
+>
+<!--end of funcsynopsis.attlist-->]]>
+<!--end of funcsynopsis.module-->]]>
+
+<!ENTITY % funcsynopsisinfo.module "INCLUDE">
+<![ %funcsynopsisinfo.module; [
+<!ENTITY % local.funcsynopsisinfo.attrib "">
+<!ENTITY % funcsynopsisinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % funcsynopsisinfo.element "INCLUDE">
+<![ %funcsynopsisinfo.element; [
+<!ELEMENT FuncSynopsisInfo - O ((LineAnnotation | %cptr.char.mix;)* )>
+<!--end of funcsynopsisinfo.element-->]]>
+
+<!ENTITY % funcsynopsisinfo.attlist "INCLUDE">
+<![ %funcsynopsisinfo.attlist; [
+<!ATTLIST FuncSynopsisInfo
+		%linespecific.attrib;
+		%common.attrib;
+		%funcsynopsisinfo.role.attrib;
+		%local.funcsynopsisinfo.attrib;
+>
+<!--end of funcsynopsisinfo.attlist-->]]>
+<!--end of funcsynopsisinfo.module-->]]>
+
+<!ENTITY % funcprototype.module "INCLUDE">
+<![ %funcprototype.module; [
+<!ENTITY % local.funcprototype.attrib "">
+<!ENTITY % funcprototype.role.attrib "%role.attrib;">
+
+<!ENTITY % funcprototype.element "INCLUDE">
+<![ %funcprototype.element; [
+<!ELEMENT FuncPrototype - O (FuncDef, (Void | VarArgs | ParamDef+))>
+<!--end of funcprototype.element-->]]>
+
+<!ENTITY % funcprototype.attlist "INCLUDE">
+<![ %funcprototype.attlist; [
+<!ATTLIST FuncPrototype
+		%common.attrib;
+		%funcprototype.role.attrib;
+		%local.funcprototype.attrib;
+>
+<!--end of funcprototype.attlist-->]]>
+<!--end of funcprototype.module-->]]>
+
+<!ENTITY % funcdef.module "INCLUDE">
+<![ %funcdef.module; [
+<!ENTITY % local.funcdef.attrib "">
+<!ENTITY % funcdef.role.attrib "%role.attrib;">
+
+<!ENTITY % funcdef.element "INCLUDE">
+<![ %funcdef.element; [
+<!ELEMENT FuncDef - - ((#PCDATA 
+		| Replaceable 
+		| Function)*)>
+<!--end of funcdef.element-->]]>
+
+<!ENTITY % funcdef.attlist "INCLUDE">
+<![ %funcdef.attlist; [
+<!ATTLIST FuncDef
+		%common.attrib;
+		%funcdef.role.attrib;
+		%local.funcdef.attrib;
+>
+<!--end of funcdef.attlist-->]]>
+<!--end of funcdef.module-->]]>
+
+<!ENTITY % void.module "INCLUDE">
+<![ %void.module; [
+<!ENTITY % local.void.attrib "">
+<!ENTITY % void.role.attrib "%role.attrib;">
+
+<!ENTITY % void.element "INCLUDE">
+<![ %void.element; [
+<!ELEMENT Void - O EMPTY>
+<!--end of void.element-->]]>
+
+<!ENTITY % void.attlist "INCLUDE">
+<![ %void.attlist; [
+<!ATTLIST Void
+		%common.attrib;
+		%void.role.attrib;
+		%local.void.attrib;
+>
+<!--end of void.attlist-->]]>
+<!--end of void.module-->]]>
+
+<!ENTITY % varargs.module "INCLUDE">
+<![ %varargs.module; [
+<!ENTITY % local.varargs.attrib "">
+<!ENTITY % varargs.role.attrib "%role.attrib;">
+
+<!ENTITY % varargs.element "INCLUDE">
+<![ %varargs.element; [
+<!ELEMENT VarArgs - O EMPTY>
+<!--end of varargs.element-->]]>
+
+<!ENTITY % varargs.attlist "INCLUDE">
+<![ %varargs.attlist; [
+<!ATTLIST VarArgs
+		%common.attrib;
+		%varargs.role.attrib;
+		%local.varargs.attrib;
+>
+<!--end of varargs.attlist-->]]>
+<!--end of varargs.module-->]]>
+
+<!-- Processing assumes that only one Parameter will appear in a
+     ParamDef, and that FuncParams will be used at most once, for
+     providing information on the "inner parameters" for parameters that
+     are pointers to functions. -->
+
+<!ENTITY % paramdef.module "INCLUDE">
+<![ %paramdef.module; [
+<!ENTITY % local.paramdef.attrib "">
+<!ENTITY % paramdef.role.attrib "%role.attrib;">
+
+<!ENTITY % paramdef.element "INCLUDE">
+<![ %paramdef.element; [
+<!ELEMENT ParamDef - - ((#PCDATA 
+		| Replaceable 
+		| Parameter 
+		| FuncParams)*)>
+<!--end of paramdef.element-->]]>
+
+<!ENTITY % paramdef.attlist "INCLUDE">
+<![ %paramdef.attlist; [
+<!ATTLIST ParamDef
+		%common.attrib;
+		%paramdef.role.attrib;
+		%local.paramdef.attrib;
+>
+<!--end of paramdef.attlist-->]]>
+<!--end of paramdef.module-->]]>
+
+<!ENTITY % funcparams.module "INCLUDE">
+<![ %funcparams.module; [
+<!ENTITY % local.funcparams.attrib "">
+<!ENTITY % funcparams.role.attrib "%role.attrib;">
+
+<!ENTITY % funcparams.element "INCLUDE">
+<![ %funcparams.element; [
+<!ELEMENT FuncParams - - ((%cptr.char.mix;)*)>
+<!--end of funcparams.element-->]]>
+
+<!ENTITY % funcparams.attlist "INCLUDE">
+<![ %funcparams.attlist; [
+<!ATTLIST FuncParams
+		%common.attrib;
+		%funcparams.role.attrib;
+		%local.funcparams.attrib;
+>
+<!--end of funcparams.attlist-->]]>
+<!--end of funcparams.module-->]]>
+
+<!-- LineAnnotation (defined in the Inlines section, below)-->
+<!-- Replaceable (defined in the Inlines section, below)-->
+<!-- Function (defined in the Inlines section, below)-->
+<!-- Parameter (defined in the Inlines section, below)-->
+<!--end of funcsynopsis.content.module-->]]>
+
+<!-- ClassSynopsis ..................... -->
+
+<!ENTITY % classsynopsis.content.module "INCLUDE">
+<![%classsynopsis.content.module;[
+
+<!ENTITY % classsynopsis.module "INCLUDE">
+<![%classsynopsis.module;[
+<!ENTITY % local.classsynopsis.attrib "">
+<!ENTITY % classsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % classsynopsis.element "INCLUDE">
+<![%classsynopsis.element;[
+<!ELEMENT ClassSynopsis - - ((OOClass|OOInterface|OOException)+,
+                             (ClassSynopsisInfo
+                              |FieldSynopsis|%method.synop.class;)*)>
+<!--end of classsynopsis.element-->]]>
+
+<!ENTITY % classsynopsis.attlist "INCLUDE">
+<![%classsynopsis.attlist;[
+<!ATTLIST ClassSynopsis
+	%common.attrib;
+	%classsynopsis.role.attrib;
+	%local.classsynopsis.attrib;
+	Language	CDATA	#IMPLIED
+	Class	(Class|Interface)	"Class"
+>
+<!--end of classsynopsis.attlist-->]]>
+<!--end of classsynopsis.module-->]]>
+
+<!ENTITY % classsynopsisinfo.module "INCLUDE">
+<![ %classsynopsisinfo.module; [
+<!ENTITY % local.classsynopsisinfo.attrib "">
+<!ENTITY % classsynopsisinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % classsynopsisinfo.element "INCLUDE">
+<![ %classsynopsisinfo.element; [
+<!ELEMENT ClassSynopsisInfo - O ((LineAnnotation | %cptr.char.mix;)* )>
+<!--end of classsynopsisinfo.element-->]]>
+
+<!ENTITY % classsynopsisinfo.attlist "INCLUDE">
+<![ %classsynopsisinfo.attlist; [
+<!ATTLIST ClassSynopsisInfo
+		%linespecific.attrib;
+		%common.attrib;
+		%classsynopsisinfo.role.attrib;
+		%local.classsynopsisinfo.attrib;
+>
+<!--end of classsynopsisinfo.attlist-->]]>
+<!--end of classsynopsisinfo.module-->]]>
+
+<!ENTITY % ooclass.module "INCLUDE">
+<![%ooclass.module;[
+<!ENTITY % local.ooclass.attrib "">
+<!ENTITY % ooclass.role.attrib "%role.attrib;">
+
+<!ENTITY % ooclass.element "INCLUDE">
+<![%ooclass.element;[
+<!ELEMENT OOClass - - (Modifier*, ClassName)>
+<!--end of ooclass.element-->]]>
+
+<!ENTITY % ooclass.attlist "INCLUDE">
+<![%ooclass.attlist;[
+<!ATTLIST OOClass
+	%common.attrib;
+	%ooclass.role.attrib;
+	%local.ooclass.attrib;
+>
+<!--end of ooclass.attlist-->]]>
+<!--end of ooclass.module-->]]>
+
+<!ENTITY % oointerface.module "INCLUDE">
+<![%oointerface.module;[
+<!ENTITY % local.oointerface.attrib "">
+<!ENTITY % oointerface.role.attrib "%role.attrib;">
+
+<!ENTITY % oointerface.element "INCLUDE">
+<![%oointerface.element;[
+<!ELEMENT OOInterface - - (Modifier*, InterfaceName)>
+<!--end of oointerface.element-->]]>
+
+<!ENTITY % oointerface.attlist "INCLUDE">
+<![%oointerface.attlist;[
+<!ATTLIST OOInterface
+	%common.attrib;
+	%oointerface.role.attrib;
+	%local.oointerface.attrib;
+>
+<!--end of oointerface.attlist-->]]>
+<!--end of oointerface.module-->]]>
+
+<!ENTITY % ooexception.module "INCLUDE">
+<![%ooexception.module;[
+<!ENTITY % local.ooexception.attrib "">
+<!ENTITY % ooexception.role.attrib "%role.attrib;">
+
+<!ENTITY % ooexception.element "INCLUDE">
+<![%ooexception.element;[
+<!ELEMENT OOException - - (Modifier*, ExceptionName)>
+<!--end of ooexception.element-->]]>
+
+<!ENTITY % ooexception.attlist "INCLUDE">
+<![%ooexception.attlist;[
+<!ATTLIST OOException
+	%common.attrib;
+	%ooexception.role.attrib;
+	%local.ooexception.attrib;
+>
+<!--end of ooexception.attlist-->]]>
+<!--end of ooexception.module-->]]>
+
+<!ENTITY % modifier.module "INCLUDE">
+<![%modifier.module;[
+<!ENTITY % local.modifier.attrib "">
+<!ENTITY % modifier.role.attrib "%role.attrib;">
+
+<!ENTITY % modifier.element "INCLUDE">
+<![%modifier.element;[
+<!ELEMENT Modifier - - (%smallcptr.char.mix;)*>
+<!--end of modifier.element-->]]>
+
+<!ENTITY % modifier.attlist "INCLUDE">
+<![%modifier.attlist;[
+<!ATTLIST Modifier
+	%common.attrib;
+	%modifier.role.attrib;
+	%local.modifier.attrib;
+>
+<!--end of modifier.attlist-->]]>
+<!--end of modifier.module-->]]>
+
+<!ENTITY % interfacename.module "INCLUDE">
+<![%interfacename.module;[
+<!ENTITY % local.interfacename.attrib "">
+<!ENTITY % interfacename.role.attrib "%role.attrib;">
+
+<!ENTITY % interfacename.element "INCLUDE">
+<![%interfacename.element;[
+<!ELEMENT InterfaceName - - (%smallcptr.char.mix;)*>
+<!--end of interfacename.element-->]]>
+
+<!ENTITY % interfacename.attlist "INCLUDE">
+<![%interfacename.attlist;[
+<!ATTLIST InterfaceName
+	%common.attrib;
+	%interfacename.role.attrib;
+	%local.interfacename.attrib;
+>
+<!--end of interfacename.attlist-->]]>
+<!--end of interfacename.module-->]]>
+
+<!ENTITY % exceptionname.module "INCLUDE">
+<![%exceptionname.module;[
+<!ENTITY % local.exceptionname.attrib "">
+<!ENTITY % exceptionname.role.attrib "%role.attrib;">
+
+<!ENTITY % exceptionname.element "INCLUDE">
+<![%exceptionname.element;[
+<!ELEMENT ExceptionName - - (%smallcptr.char.mix;)*>
+<!--end of exceptionname.element-->]]>
+
+<!ENTITY % exceptionname.attlist "INCLUDE">
+<![%exceptionname.attlist;[
+<!ATTLIST ExceptionName
+	%common.attrib;
+	%exceptionname.role.attrib;
+	%local.exceptionname.attrib;
+>
+<!--end of exceptionname.attlist-->]]>
+<!--end of exceptionname.module-->]]>
+
+<!ENTITY % fieldsynopsis.module "INCLUDE">
+<![%fieldsynopsis.module;[
+<!ENTITY % local.fieldsynopsis.attrib "">
+<!ENTITY % fieldsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % fieldsynopsis.element "INCLUDE">
+<![%fieldsynopsis.element;[
+<!ELEMENT FieldSynopsis - - (Modifier*, Type?, VarName, Initializer?)>
+<!--end of fieldsynopsis.element-->]]>
+
+<!ENTITY % fieldsynopsis.attlist "INCLUDE">
+<![%fieldsynopsis.attlist;[
+<!ATTLIST FieldSynopsis
+	%common.attrib;
+	%fieldsynopsis.role.attrib;
+	%local.fieldsynopsis.attrib;
+>
+<!--end of fieldsynopsis.attlist-->]]>
+<!--end of fieldsynopsis.module-->]]>
+
+<!ENTITY % initializer.module "INCLUDE">
+<![%initializer.module;[
+<!ENTITY % local.initializer.attrib "">
+<!ENTITY % initializer.role.attrib "%role.attrib;">
+
+<!ENTITY % initializer.element "INCLUDE">
+<![%initializer.element;[
+<!ELEMENT Initializer - - (%smallcptr.char.mix;)*>
+<!--end of initializer.element-->]]>
+
+<!ENTITY % initializer.attlist "INCLUDE">
+<![%initializer.attlist;[
+<!ATTLIST Initializer
+	%common.attrib;
+	%initializer.role.attrib;
+	%local.initializer.attrib;
+>
+<!--end of initializer.attlist-->]]>
+<!--end of initializer.module-->]]>
+
+<!ENTITY % constructorsynopsis.module "INCLUDE">
+<![%constructorsynopsis.module;[
+<!ENTITY % local.constructorsynopsis.attrib "">
+<!ENTITY % constructorsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % constructorsynopsis.element "INCLUDE">
+<![%constructorsynopsis.element;[
+<!ELEMENT ConstructorSynopsis - - (Modifier*,
+                                   MethodName?,
+                                   (MethodParam+|Void),
+                                   ExceptionName*)>
+<!--end of constructorsynopsis.element-->]]>
+
+<!ENTITY % constructorsynopsis.attlist "INCLUDE">
+<![%constructorsynopsis.attlist;[
+<!ATTLIST ConstructorSynopsis
+	%common.attrib;
+	%constructorsynopsis.role.attrib;
+	%local.constructorsynopsis.attrib;
+>
+<!--end of constructorsynopsis.attlist-->]]>
+<!--end of constructorsynopsis.module-->]]>
+
+<!ENTITY % destructorsynopsis.module "INCLUDE">
+<![%destructorsynopsis.module;[
+<!ENTITY % local.destructorsynopsis.attrib "">
+<!ENTITY % destructorsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % destructorsynopsis.element "INCLUDE">
+<![%destructorsynopsis.element;[
+<!ELEMENT DestructorSynopsis - - (Modifier*,
+                                  MethodName?,
+                                  (MethodParam+|Void),
+                                  ExceptionName*)>
+<!--end of destructorsynopsis.element-->]]>
+
+<!ENTITY % destructorsynopsis.attlist "INCLUDE">
+<![%destructorsynopsis.attlist;[
+<!ATTLIST DestructorSynopsis
+	%common.attrib;
+	%destructorsynopsis.role.attrib;
+	%local.destructorsynopsis.attrib;
+>
+<!--end of destructorsynopsis.attlist-->]]>
+<!--end of destructorsynopsis.module-->]]>
+
+<!ENTITY % methodsynopsis.module "INCLUDE">
+<![%methodsynopsis.module;[
+<!ENTITY % local.methodsynopsis.attrib "">
+<!ENTITY % methodsynopsis.role.attrib "%role.attrib;">
+
+<!ENTITY % methodsynopsis.element "INCLUDE">
+<![%methodsynopsis.element;[
+<!ELEMENT MethodSynopsis - - (Modifier*,
+                              (Type|Void)?,
+                              MethodName,
+                              (MethodParam+|Void),
+                              ExceptionName*,
+                              Modifier*)>
+<!--end of methodsynopsis.element-->]]>
+
+<!ENTITY % methodsynopsis.attlist "INCLUDE">
+<![%methodsynopsis.attlist;[
+<!ATTLIST MethodSynopsis
+	%common.attrib;
+	%methodsynopsis.role.attrib;
+	%local.methodsynopsis.attrib;
+>
+<!--end of methodsynopsis.attlist-->]]>
+<!--end of methodsynopsis.module-->]]>
+
+<!ENTITY % methodname.module "INCLUDE">
+<![%methodname.module;[
+<!ENTITY % local.methodname.attrib "">
+<!ENTITY % methodname.role.attrib "%role.attrib;">
+
+<!ENTITY % methodname.element "INCLUDE">
+<![%methodname.element;[
+<!ELEMENT MethodName - - (%smallcptr.char.mix;)*>
+<!--end of methodname.element-->]]>
+
+<!ENTITY % methodname.attlist "INCLUDE">
+<![%methodname.attlist;[
+<!ATTLIST MethodName
+	%common.attrib;
+	%methodname.role.attrib;
+	%local.methodname.attrib;
+>
+<!--end of methodname.attlist-->]]>
+<!--end of methodname.module-->]]>
+
+<!ENTITY % methodparam.module "INCLUDE">
+<![%methodparam.module;[
+<!ENTITY % local.methodparam.attrib "">
+<!ENTITY % methodparam.role.attrib "%role.attrib;">
+
+<!ENTITY % methodparam.element "INCLUDE">
+<![%methodparam.element;[
+<!ELEMENT MethodParam - - (Modifier*,
+                           Type?, ((Parameter,Initializer?)|FuncParams),
+                           Modifier*)>
+<!--end of methodparam.element-->]]>
+
+<!ENTITY % methodparam.attlist "INCLUDE">
+<![%methodparam.attlist;[
+<!ATTLIST MethodParam
+	%common.attrib;
+	%methodparam.role.attrib;
+	%local.methodparam.attrib;
+	Choice		(Opt
+			|Req
+			|Plain)		"Req"
+	Rep		(Norepeat
+			|Repeat)	"Norepeat"
+>
+<!--end of methodparam.attlist-->]]>
+<!--end of methodparam.module-->]]>
+<!--end of classsynopsis.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Document information entities and elements ........................... -->
+
+<!-- The document information elements include some elements that are
+     currently used only in the document hierarchy module. They are
+     defined here so that they will be available for use in customized
+     document hierarchies. -->
+
+<!-- .................................. -->
+
+<!ENTITY % docinfo.content.module "INCLUDE">
+<![ %docinfo.content.module; [
+
+<!-- Ackno ............................ -->
+
+<!ENTITY % ackno.module "INCLUDE">
+<![ %ackno.module; [
+<!ENTITY % local.ackno.attrib "">
+<!ENTITY % ackno.role.attrib "%role.attrib;">
+
+<!ENTITY % ackno.element "INCLUDE">
+<![ %ackno.element; [
+<!ELEMENT Ackno - - ((%docinfo.char.mix;)+)>
+<!--end of ackno.element-->]]>
+
+<!ENTITY % ackno.attlist "INCLUDE">
+<![ %ackno.attlist; [
+<!ATTLIST Ackno
+		%common.attrib;
+		%ackno.role.attrib;
+		%local.ackno.attrib;
+>
+<!--end of ackno.attlist-->]]>
+<!--end of ackno.module-->]]>
+
+<!-- Address .......................... -->
+
+<!ENTITY % address.content.module "INCLUDE">
+<![ %address.content.module; [
+<!ENTITY % address.module "INCLUDE">
+<![ %address.module; [
+<!ENTITY % local.address.attrib "">
+<!ENTITY % address.role.attrib "%role.attrib;">
+
+<!ENTITY % address.element "INCLUDE">
+<![ %address.element; [
+<!ELEMENT Address - - (#PCDATA|%person.ident.mix;
+		       |Street|POB|Postcode|City|State|Country|Phone
+		       |Fax|Email|OtherAddr)*>
+<!--end of address.element-->]]>
+
+<!ENTITY % address.attlist "INCLUDE">
+<![ %address.attlist; [
+<!ATTLIST Address
+		%linespecific.attrib;
+		%common.attrib;
+		%address.role.attrib;
+		%local.address.attrib;
+>
+<!--end of address.attlist-->]]>
+<!--end of address.module-->]]>
+
+  <!ENTITY % street.module "INCLUDE">
+  <![ %street.module; [
+ <!ENTITY % local.street.attrib "">
+  <!ENTITY % street.role.attrib "%role.attrib;">
+  
+<!ENTITY % street.element "INCLUDE">
+<![ %street.element; [
+<!ELEMENT Street - - ((%docinfo.char.mix;)+)>
+<!--end of street.element-->]]>
+  
+<!ENTITY % street.attlist "INCLUDE">
+<![ %street.attlist; [
+<!ATTLIST Street
+		%common.attrib;
+		%street.role.attrib;
+		%local.street.attrib;
+>
+<!--end of street.attlist-->]]>
+  <!--end of street.module-->]]>
+
+  <!ENTITY % pob.module "INCLUDE">
+  <![ %pob.module; [
+  <!ENTITY % local.pob.attrib "">
+  <!ENTITY % pob.role.attrib "%role.attrib;">
+  
+<!ENTITY % pob.element "INCLUDE">
+<![ %pob.element; [
+<!ELEMENT POB - - ((%docinfo.char.mix;)+)>
+<!--end of pob.element-->]]>
+  
+<!ENTITY % pob.attlist "INCLUDE">
+<![ %pob.attlist; [
+<!ATTLIST POB
+		%common.attrib;
+		%pob.role.attrib;
+		%local.pob.attrib;
+>
+<!--end of pob.attlist-->]]>
+  <!--end of pob.module-->]]>
+
+  <!ENTITY % postcode.module "INCLUDE">
+  <![ %postcode.module; [
+  <!ENTITY % local.postcode.attrib "">
+  <!ENTITY % postcode.role.attrib "%role.attrib;">
+  
+<!ENTITY % postcode.element "INCLUDE">
+<![ %postcode.element; [
+<!ELEMENT Postcode - - ((%docinfo.char.mix;)+)>
+<!--end of postcode.element-->]]>
+  
+<!ENTITY % postcode.attlist "INCLUDE">
+<![ %postcode.attlist; [
+<!ATTLIST Postcode
+		%common.attrib;
+		%postcode.role.attrib;
+		%local.postcode.attrib;
+>
+<!--end of postcode.attlist-->]]>
+  <!--end of postcode.module-->]]>
+
+  <!ENTITY % city.module "INCLUDE">
+  <![ %city.module; [
+  <!ENTITY % local.city.attrib "">
+  <!ENTITY % city.role.attrib "%role.attrib;">
+  
+<!ENTITY % city.element "INCLUDE">
+<![ %city.element; [
+<!ELEMENT City - - ((%docinfo.char.mix;)+)>
+<!--end of city.element-->]]>
+  
+<!ENTITY % city.attlist "INCLUDE">
+<![ %city.attlist; [
+<!ATTLIST City
+		%common.attrib;
+		%city.role.attrib;
+		%local.city.attrib;
+>
+<!--end of city.attlist-->]]>
+  <!--end of city.module-->]]>
+
+  <!ENTITY % state.module "INCLUDE">
+  <![ %state.module; [
+  <!ENTITY % local.state.attrib "">
+  <!ENTITY % state.role.attrib "%role.attrib;">
+  
+<!ENTITY % state.element "INCLUDE">
+<![ %state.element; [
+<!ELEMENT State - - ((%docinfo.char.mix;)+)>
+<!--end of state.element-->]]>
+  
+<!ENTITY % state.attlist "INCLUDE">
+<![ %state.attlist; [
+<!ATTLIST State
+		%common.attrib;
+		%state.role.attrib;
+		%local.state.attrib;
+>
+<!--end of state.attlist-->]]>
+  <!--end of state.module-->]]>
+
+  <!ENTITY % country.module "INCLUDE">
+  <![ %country.module; [
+  <!ENTITY % local.country.attrib "">
+  <!ENTITY % country.role.attrib "%role.attrib;">
+  
+<!ENTITY % country.element "INCLUDE">
+<![ %country.element; [
+<!ELEMENT Country - - ((%docinfo.char.mix;)+)>
+<!--end of country.element-->]]>
+  
+<!ENTITY % country.attlist "INCLUDE">
+<![ %country.attlist; [
+<!ATTLIST Country
+		%common.attrib;
+		%country.role.attrib;
+		%local.country.attrib;
+>
+<!--end of country.attlist-->]]>
+  <!--end of country.module-->]]>
+
+  <!ENTITY % phone.module "INCLUDE">
+  <![ %phone.module; [
+  <!ENTITY % local.phone.attrib "">
+  <!ENTITY % phone.role.attrib "%role.attrib;">
+  
+<!ENTITY % phone.element "INCLUDE">
+<![ %phone.element; [
+<!ELEMENT Phone - - ((%docinfo.char.mix;)+)>
+<!--end of phone.element-->]]>
+  
+<!ENTITY % phone.attlist "INCLUDE">
+<![ %phone.attlist; [
+<!ATTLIST Phone
+		%common.attrib;
+		%phone.role.attrib;
+		%local.phone.attrib;
+>
+<!--end of phone.attlist-->]]>
+  <!--end of phone.module-->]]>
+
+  <!ENTITY % fax.module "INCLUDE">
+  <![ %fax.module; [
+  <!ENTITY % local.fax.attrib "">
+  <!ENTITY % fax.role.attrib "%role.attrib;">
+  
+<!ENTITY % fax.element "INCLUDE">
+<![ %fax.element; [
+<!ELEMENT Fax - - ((%docinfo.char.mix;)+)>
+<!--end of fax.element-->]]>
+  
+<!ENTITY % fax.attlist "INCLUDE">
+<![ %fax.attlist; [
+<!ATTLIST Fax
+		%common.attrib;
+		%fax.role.attrib;
+		%local.fax.attrib;
+>
+<!--end of fax.attlist-->]]>
+  <!--end of fax.module-->]]>
+
+  <!-- Email (defined in the Inlines section, below)-->
+
+  <!ENTITY % otheraddr.module "INCLUDE">
+  <![ %otheraddr.module; [
+  <!ENTITY % local.otheraddr.attrib "">
+  <!ENTITY % otheraddr.role.attrib "%role.attrib;">
+  
+<!ENTITY % otheraddr.element "INCLUDE">
+<![ %otheraddr.element; [
+<!ELEMENT OtherAddr - - ((%docinfo.char.mix;)+)>
+<!--end of otheraddr.element-->]]>
+  
+<!ENTITY % otheraddr.attlist "INCLUDE">
+<![ %otheraddr.attlist; [
+<!ATTLIST OtherAddr
+		%common.attrib;
+		%otheraddr.role.attrib;
+		%local.otheraddr.attrib;
+>
+<!--end of otheraddr.attlist-->]]>
+  <!--end of otheraddr.module-->]]>
+<!--end of address.content.module-->]]>
+
+<!-- Affiliation ...................... -->
+
+<!ENTITY % affiliation.content.module "INCLUDE">
+<![ %affiliation.content.module; [
+<!ENTITY % affiliation.module "INCLUDE">
+<![ %affiliation.module; [
+<!ENTITY % local.affiliation.attrib "">
+<!ENTITY % affiliation.role.attrib "%role.attrib;">
+
+<!ENTITY % affiliation.element "INCLUDE">
+<![ %affiliation.element; [
+<!ELEMENT Affiliation - - (ShortAffil?, JobTitle*, OrgName?, OrgDiv*,
+		Address*)>
+<!--end of affiliation.element-->]]>
+
+<!ENTITY % affiliation.attlist "INCLUDE">
+<![ %affiliation.attlist; [
+<!ATTLIST Affiliation
+		%common.attrib;
+		%affiliation.role.attrib;
+		%local.affiliation.attrib;
+>
+<!--end of affiliation.attlist-->]]>
+<!--end of affiliation.module-->]]>
+
+  <!ENTITY % shortaffil.module "INCLUDE">
+  <![ %shortaffil.module; [
+  <!ENTITY % local.shortaffil.attrib "">
+  <!ENTITY % shortaffil.role.attrib "%role.attrib;">
+  
+<!ENTITY % shortaffil.element "INCLUDE">
+<![ %shortaffil.element; [
+<!ELEMENT ShortAffil - - ((%docinfo.char.mix;)+)>
+<!--end of shortaffil.element-->]]>
+  
+<!ENTITY % shortaffil.attlist "INCLUDE">
+<![ %shortaffil.attlist; [
+<!ATTLIST ShortAffil
+		%common.attrib;
+		%shortaffil.role.attrib;
+		%local.shortaffil.attrib;
+>
+<!--end of shortaffil.attlist-->]]>
+  <!--end of shortaffil.module-->]]>
+
+  <!ENTITY % jobtitle.module "INCLUDE">
+  <![ %jobtitle.module; [
+  <!ENTITY % local.jobtitle.attrib "">
+  <!ENTITY % jobtitle.role.attrib "%role.attrib;">
+  
+<!ENTITY % jobtitle.element "INCLUDE">
+<![ %jobtitle.element; [
+<!ELEMENT JobTitle - - ((%docinfo.char.mix;)+)>
+<!--end of jobtitle.element-->]]>
+  
+<!ENTITY % jobtitle.attlist "INCLUDE">
+<![ %jobtitle.attlist; [
+<!ATTLIST JobTitle
+		%common.attrib;
+		%jobtitle.role.attrib;
+		%local.jobtitle.attrib;
+>
+<!--end of jobtitle.attlist-->]]>
+  <!--end of jobtitle.module-->]]>
+
+  <!-- OrgName (defined elsewhere in this section)-->
+
+  <!ENTITY % orgdiv.module "INCLUDE">
+  <![ %orgdiv.module; [
+  <!ENTITY % local.orgdiv.attrib "">
+  <!ENTITY % orgdiv.role.attrib "%role.attrib;">
+  
+<!ENTITY % orgdiv.element "INCLUDE">
+<![ %orgdiv.element; [
+<!ELEMENT OrgDiv - - ((%docinfo.char.mix;)+)>
+<!--end of orgdiv.element-->]]>
+  
+<!ENTITY % orgdiv.attlist "INCLUDE">
+<![ %orgdiv.attlist; [
+<!ATTLIST OrgDiv
+		%common.attrib;
+		%orgdiv.role.attrib;
+		%local.orgdiv.attrib;
+>
+<!--end of orgdiv.attlist-->]]>
+  <!--end of orgdiv.module-->]]>
+
+  <!-- Address (defined elsewhere in this section)-->
+<!--end of affiliation.content.module-->]]>
+
+<!-- ArtPageNums ...................... -->
+
+<!ENTITY % artpagenums.module "INCLUDE">
+<![ %artpagenums.module; [
+<!ENTITY % local.artpagenums.attrib "">
+<!ENTITY % argpagenums.role.attrib "%role.attrib;">
+
+<!ENTITY % artpagenums.element "INCLUDE">
+<![ %artpagenums.element; [
+<!ELEMENT ArtPageNums - - ((%docinfo.char.mix;)+)>
+<!--end of artpagenums.element-->]]>
+
+<!ENTITY % artpagenums.attlist "INCLUDE">
+<![ %artpagenums.attlist; [
+<!ATTLIST ArtPageNums
+		%common.attrib;
+		%argpagenums.role.attrib;
+		%local.artpagenums.attrib;
+>
+<!--end of artpagenums.attlist-->]]>
+<!--end of artpagenums.module-->]]>
+
+<!-- Author ........................... -->
+
+<!ENTITY % author.module "INCLUDE">
+<![ %author.module; [
+<!ENTITY % local.author.attrib "">
+<!ENTITY % author.role.attrib "%role.attrib;">
+
+<!ENTITY % author.element "INCLUDE">
+<![ %author.element; [
+<!ELEMENT Author - - ((%person.ident.mix;)+)>
+<!--end of author.element-->]]>
+
+<!ENTITY % author.attlist "INCLUDE">
+<![ %author.attlist; [
+<!ATTLIST Author
+		%common.attrib;
+		%author.role.attrib;
+		%local.author.attrib;
+>
+<!--end of author.attlist-->]]>
+<!--(see "Personal identity elements" for %person.ident.mix;)-->
+<!--end of author.module-->]]>
+
+<!-- AuthorGroup ...................... -->
+
+<!ENTITY % authorgroup.content.module "INCLUDE">
+<![ %authorgroup.content.module; [
+<!ENTITY % authorgroup.module "INCLUDE">
+<![ %authorgroup.module; [
+<!ENTITY % local.authorgroup.attrib "">
+<!ENTITY % authorgroup.role.attrib "%role.attrib;">
+
+<!ENTITY % authorgroup.element "INCLUDE">
+<![ %authorgroup.element; [
+<!ELEMENT AuthorGroup - - ((Author|Editor|Collab|CorpAuthor|OtherCredit)+)>
+<!--end of authorgroup.element-->]]>
+
+<!ENTITY % authorgroup.attlist "INCLUDE">
+<![ %authorgroup.attlist; [
+<!ATTLIST AuthorGroup
+		%common.attrib;
+		%authorgroup.role.attrib;
+		%local.authorgroup.attrib;
+>
+<!--end of authorgroup.attlist-->]]>
+<!--end of authorgroup.module-->]]>
+
+  <!-- Author (defined elsewhere in this section)-->
+  <!-- Editor (defined elsewhere in this section)-->
+
+  <!ENTITY % collab.content.module "INCLUDE">
+  <![ %collab.content.module; [
+  <!ENTITY % collab.module "INCLUDE">
+  <![ %collab.module; [
+  <!ENTITY % local.collab.attrib "">
+  <!ENTITY % collab.role.attrib "%role.attrib;">
+  
+<!ENTITY % collab.element "INCLUDE">
+<![ %collab.element; [
+<!ELEMENT Collab - - (CollabName, Affiliation*)>
+<!--end of collab.element-->]]>
+  
+<!ENTITY % collab.attlist "INCLUDE">
+<![ %collab.attlist; [
+<!ATTLIST Collab
+		%common.attrib;
+		%collab.role.attrib;
+		%local.collab.attrib;
+>
+<!--end of collab.attlist-->]]>
+  <!--end of collab.module-->]]>
+
+    <!ENTITY % collabname.module "INCLUDE">
+  <![ %collabname.module; [
+  <!ENTITY % local.collabname.attrib "">
+  <!ENTITY % collabname.role.attrib "%role.attrib;">
+    
+<!ENTITY % collabname.element "INCLUDE">
+<![ %collabname.element; [
+<!ELEMENT CollabName - - ((%docinfo.char.mix;)+)>
+<!--end of collabname.element-->]]>
+    
+<!ENTITY % collabname.attlist "INCLUDE">
+<![ %collabname.attlist; [
+<!ATTLIST CollabName
+		%common.attrib;
+		%collabname.role.attrib;
+		%local.collabname.attrib;
+>
+<!--end of collabname.attlist-->]]>
+    <!--end of collabname.module-->]]>
+
+    <!-- Affiliation (defined elsewhere in this section)-->
+  <!--end of collab.content.module-->]]>
+
+  <!-- CorpAuthor (defined elsewhere in this section)-->
+  <!-- OtherCredit (defined elsewhere in this section)-->
+
+<!--end of authorgroup.content.module-->]]>
+
+<!-- AuthorInitials ................... -->
+
+<!ENTITY % authorinitials.module "INCLUDE">
+<![ %authorinitials.module; [
+<!ENTITY % local.authorinitials.attrib "">
+<!ENTITY % authorinitials.role.attrib "%role.attrib;">
+
+<!ENTITY % authorinitials.element "INCLUDE">
+<![ %authorinitials.element; [
+<!ELEMENT AuthorInitials - - ((%docinfo.char.mix;)+)>
+<!--end of authorinitials.element-->]]>
+
+<!ENTITY % authorinitials.attlist "INCLUDE">
+<![ %authorinitials.attlist; [
+<!ATTLIST AuthorInitials
+		%common.attrib;
+		%authorinitials.role.attrib;
+		%local.authorinitials.attrib;
+>
+<!--end of authorinitials.attlist-->]]>
+<!--end of authorinitials.module-->]]>
+
+<!-- ConfGroup ........................ -->
+
+<!ENTITY % confgroup.content.module "INCLUDE">
+<![ %confgroup.content.module; [
+<!ENTITY % confgroup.module "INCLUDE">
+<![ %confgroup.module; [
+<!ENTITY % local.confgroup.attrib "">
+<!ENTITY % confgroup.role.attrib "%role.attrib;">
+
+<!ENTITY % confgroup.element "INCLUDE">
+<![ %confgroup.element; [
+<!ELEMENT ConfGroup - - ((ConfDates|ConfTitle|ConfNum|Address|ConfSponsor)*)>
+<!--end of confgroup.element-->]]>
+
+<!ENTITY % confgroup.attlist "INCLUDE">
+<![ %confgroup.attlist; [
+<!ATTLIST ConfGroup
+		%common.attrib;
+		%confgroup.role.attrib;
+		%local.confgroup.attrib;
+>
+<!--end of confgroup.attlist-->]]>
+<!--end of confgroup.module-->]]>
+
+  <!ENTITY % confdates.module "INCLUDE">
+  <![ %confdates.module; [
+  <!ENTITY % local.confdates.attrib "">
+  <!ENTITY % confdates.role.attrib "%role.attrib;">
+  
+<!ENTITY % confdates.element "INCLUDE">
+<![ %confdates.element; [
+<!ELEMENT ConfDates - - ((%docinfo.char.mix;)+)>
+<!--end of confdates.element-->]]>
+  
+<!ENTITY % confdates.attlist "INCLUDE">
+<![ %confdates.attlist; [
+<!ATTLIST ConfDates
+		%common.attrib;
+		%confdates.role.attrib;
+		%local.confdates.attrib;
+>
+<!--end of confdates.attlist-->]]>
+  <!--end of confdates.module-->]]>
+
+  <!ENTITY % conftitle.module "INCLUDE">
+  <![ %conftitle.module; [
+  <!ENTITY % local.conftitle.attrib "">
+  <!ENTITY % conftitle.role.attrib "%role.attrib;">
+  
+<!ENTITY % conftitle.element "INCLUDE">
+<![ %conftitle.element; [
+<!ELEMENT ConfTitle - - ((%docinfo.char.mix;)+)>
+<!--end of conftitle.element-->]]>
+  
+<!ENTITY % conftitle.attlist "INCLUDE">
+<![ %conftitle.attlist; [
+<!ATTLIST ConfTitle
+		%common.attrib;
+		%conftitle.role.attrib;
+		%local.conftitle.attrib;
+>
+<!--end of conftitle.attlist-->]]>
+  <!--end of conftitle.module-->]]>
+
+  <!ENTITY % confnum.module "INCLUDE">
+  <![ %confnum.module; [
+  <!ENTITY % local.confnum.attrib "">
+  <!ENTITY % confnum.role.attrib "%role.attrib;">
+  
+<!ENTITY % confnum.element "INCLUDE">
+<![ %confnum.element; [
+<!ELEMENT ConfNum - - ((%docinfo.char.mix;)+)>
+<!--end of confnum.element-->]]>
+  
+<!ENTITY % confnum.attlist "INCLUDE">
+<![ %confnum.attlist; [
+<!ATTLIST ConfNum
+		%common.attrib;
+		%confnum.role.attrib;
+		%local.confnum.attrib;
+>
+<!--end of confnum.attlist-->]]>
+  <!--end of confnum.module-->]]>
+
+  <!-- Address (defined elsewhere in this section)-->
+
+  <!ENTITY % confsponsor.module "INCLUDE">
+  <![ %confsponsor.module; [
+  <!ENTITY % local.confsponsor.attrib "">
+  <!ENTITY % confsponsor.role.attrib "%role.attrib;">
+  
+<!ENTITY % confsponsor.element "INCLUDE">
+<![ %confsponsor.element; [
+<!ELEMENT ConfSponsor - - ((%docinfo.char.mix;)+)>
+<!--end of confsponsor.element-->]]>
+  
+<!ENTITY % confsponsor.attlist "INCLUDE">
+<![ %confsponsor.attlist; [
+<!ATTLIST ConfSponsor
+		%common.attrib;
+		%confsponsor.role.attrib;
+		%local.confsponsor.attrib;
+>
+<!--end of confsponsor.attlist-->]]>
+  <!--end of confsponsor.module-->]]>
+<!--end of confgroup.content.module-->]]>
+
+<!-- ContractNum ...................... -->
+
+<!ENTITY % contractnum.module "INCLUDE">
+<![ %contractnum.module; [
+<!ENTITY % local.contractnum.attrib "">
+<!ENTITY % contractnum.role.attrib "%role.attrib;">
+
+<!ENTITY % contractnum.element "INCLUDE">
+<![ %contractnum.element; [
+<!ELEMENT ContractNum - - ((%docinfo.char.mix;)+)>
+<!--end of contractnum.element-->]]>
+
+<!ENTITY % contractnum.attlist "INCLUDE">
+<![ %contractnum.attlist; [
+<!ATTLIST ContractNum
+		%common.attrib;
+		%contractnum.role.attrib;
+		%local.contractnum.attrib;
+>
+<!--end of contractnum.attlist-->]]>
+<!--end of contractnum.module-->]]>
+
+<!-- ContractSponsor .................. -->
+
+<!ENTITY % contractsponsor.module "INCLUDE">
+<![ %contractsponsor.module; [
+<!ENTITY % local.contractsponsor.attrib "">
+<!ENTITY % contractsponsor.role.attrib "%role.attrib;">
+
+<!ENTITY % contractsponsor.element "INCLUDE">
+<![ %contractsponsor.element; [
+<!ELEMENT ContractSponsor - - ((%docinfo.char.mix;)+)>
+<!--end of contractsponsor.element-->]]>
+
+<!ENTITY % contractsponsor.attlist "INCLUDE">
+<![ %contractsponsor.attlist; [
+<!ATTLIST ContractSponsor
+		%common.attrib;
+		%contractsponsor.role.attrib;
+		%local.contractsponsor.attrib;
+>
+<!--end of contractsponsor.attlist-->]]>
+<!--end of contractsponsor.module-->]]>
+
+<!-- Copyright ........................ -->
+
+<!ENTITY % copyright.content.module "INCLUDE">
+<![ %copyright.content.module; [
+<!ENTITY % copyright.module "INCLUDE">
+<![ %copyright.module; [
+<!ENTITY % local.copyright.attrib "">
+<!ENTITY % copyright.role.attrib "%role.attrib;">
+
+<!ENTITY % copyright.element "INCLUDE">
+<![ %copyright.element; [
+<!ELEMENT Copyright - - (Year+, Holder*)>
+<!--end of copyright.element-->]]>
+
+<!ENTITY % copyright.attlist "INCLUDE">
+<![ %copyright.attlist; [
+<!ATTLIST Copyright
+		%common.attrib;
+		%copyright.role.attrib;
+		%local.copyright.attrib;
+>
+<!--end of copyright.attlist-->]]>
+<!--end of copyright.module-->]]>
+
+  <!ENTITY % year.module "INCLUDE">
+  <![ %year.module; [
+  <!ENTITY % local.year.attrib "">
+  <!ENTITY % year.role.attrib "%role.attrib;">
+  
+<!ENTITY % year.element "INCLUDE">
+<![ %year.element; [
+<!ELEMENT Year - - ((%docinfo.char.mix;)+)>
+<!--end of year.element-->]]>
+  
+<!ENTITY % year.attlist "INCLUDE">
+<![ %year.attlist; [
+<!ATTLIST Year
+		%common.attrib;
+		%year.role.attrib;
+		%local.year.attrib;
+>
+<!--end of year.attlist-->]]>
+  <!--end of year.module-->]]>
+
+  <!ENTITY % holder.module "INCLUDE">
+  <![ %holder.module; [
+  <!ENTITY % local.holder.attrib "">
+  <!ENTITY % holder.role.attrib "%role.attrib;">
+  
+<!ENTITY % holder.element "INCLUDE">
+<![ %holder.element; [
+<!ELEMENT Holder - - ((%docinfo.char.mix;)+)>
+<!--end of holder.element-->]]>
+  
+<!ENTITY % holder.attlist "INCLUDE">
+<![ %holder.attlist; [
+<!ATTLIST Holder
+		%common.attrib;
+		%holder.role.attrib;
+		%local.holder.attrib;
+>
+<!--end of holder.attlist-->]]>
+  <!--end of holder.module-->]]>
+<!--end of copyright.content.module-->]]>
+
+<!-- CorpAuthor ....................... -->
+
+<!ENTITY % corpauthor.module "INCLUDE">
+<![ %corpauthor.module; [
+<!ENTITY % local.corpauthor.attrib "">
+<!ENTITY % corpauthor.role.attrib "%role.attrib;">
+
+<!ENTITY % corpauthor.element "INCLUDE">
+<![ %corpauthor.element; [
+<!ELEMENT CorpAuthor - - ((%docinfo.char.mix;)+)>
+<!--end of corpauthor.element-->]]>
+
+<!ENTITY % corpauthor.attlist "INCLUDE">
+<![ %corpauthor.attlist; [
+<!ATTLIST CorpAuthor
+		%common.attrib;
+		%corpauthor.role.attrib;
+		%local.corpauthor.attrib;
+>
+<!--end of corpauthor.attlist-->]]>
+<!--end of corpauthor.module-->]]>
+
+<!-- CorpName ......................... -->
+
+<!ENTITY % corpname.module "INCLUDE">
+<![ %corpname.module; [
+<!ENTITY % local.corpname.attrib "">
+
+<!ENTITY % corpname.element "INCLUDE">
+<![ %corpname.element; [
+<!ELEMENT CorpName - - ((%docinfo.char.mix;)+)>
+<!--end of corpname.element-->]]>
+<!ENTITY % corpname.role.attrib "%role.attrib;">
+
+<!ENTITY % corpname.attlist "INCLUDE">
+<![ %corpname.attlist; [
+<!ATTLIST CorpName
+		%common.attrib;
+		%corpname.role.attrib;
+		%local.corpname.attrib;
+>
+<!--end of corpname.attlist-->]]>
+<!--end of corpname.module-->]]>
+
+<!-- Date ............................. -->
+
+<!ENTITY % date.module "INCLUDE">
+<![ %date.module; [
+<!ENTITY % local.date.attrib "">
+<!ENTITY % date.role.attrib "%role.attrib;">
+
+<!ENTITY % date.element "INCLUDE">
+<![ %date.element; [
+<!ELEMENT Date - - ((%docinfo.char.mix;)+)>
+<!--end of date.element-->]]>
+
+<!ENTITY % date.attlist "INCLUDE">
+<![ %date.attlist; [
+<!ATTLIST Date
+		%common.attrib;
+		%date.role.attrib;
+		%local.date.attrib;
+>
+<!--end of date.attlist-->]]>
+<!--end of date.module-->]]>
+
+<!-- Edition .......................... -->
+
+<!ENTITY % edition.module "INCLUDE">
+<![ %edition.module; [
+<!ENTITY % local.edition.attrib "">
+<!ENTITY % edition.role.attrib "%role.attrib;">
+
+<!ENTITY % edition.element "INCLUDE">
+<![ %edition.element; [
+<!ELEMENT Edition - - ((%docinfo.char.mix;)+)>
+<!--end of edition.element-->]]>
+
+<!ENTITY % edition.attlist "INCLUDE">
+<![ %edition.attlist; [
+<!ATTLIST Edition
+		%common.attrib;
+		%edition.role.attrib;
+		%local.edition.attrib;
+>
+<!--end of edition.attlist-->]]>
+<!--end of edition.module-->]]>
+
+<!-- Editor ........................... -->
+
+<!ENTITY % editor.module "INCLUDE">
+<![ %editor.module; [
+<!ENTITY % local.editor.attrib "">
+<!ENTITY % editor.role.attrib "%role.attrib;">
+
+<!ENTITY % editor.element "INCLUDE">
+<![ %editor.element; [
+<!ELEMENT Editor - - ((%person.ident.mix;)+)>
+<!--end of editor.element-->]]>
+
+<!ENTITY % editor.attlist "INCLUDE">
+<![ %editor.attlist; [
+<!ATTLIST Editor
+		%common.attrib;
+		%editor.role.attrib;
+		%local.editor.attrib;
+>
+<!--end of editor.attlist-->]]>
+  <!--(see "Personal identity elements" for %person.ident.mix;)-->
+<!--end of editor.module-->]]>
+
+<!-- ISBN ............................. -->
+
+<!ENTITY % isbn.module "INCLUDE">
+<![ %isbn.module; [
+<!ENTITY % local.isbn.attrib "">
+<!ENTITY % isbn.role.attrib "%role.attrib;">
+
+<!ENTITY % isbn.element "INCLUDE">
+<![ %isbn.element; [
+<!ELEMENT ISBN - - ((%docinfo.char.mix;)+)>
+<!--end of isbn.element-->]]>
+
+<!ENTITY % isbn.attlist "INCLUDE">
+<![ %isbn.attlist; [
+<!ATTLIST ISBN
+		%common.attrib;
+		%isbn.role.attrib;
+		%local.isbn.attrib;
+>
+<!--end of isbn.attlist-->]]>
+<!--end of isbn.module-->]]>
+
+<!-- ISSN ............................. -->
+
+<!ENTITY % issn.module "INCLUDE">
+<![ %issn.module; [
+<!ENTITY % local.issn.attrib "">
+<!ENTITY % issn.role.attrib "%role.attrib;">
+
+<!ENTITY % issn.element "INCLUDE">
+<![ %issn.element; [
+<!ELEMENT ISSN - - ((%docinfo.char.mix;)+)>
+<!--end of issn.element-->]]>
+
+<!ENTITY % issn.attlist "INCLUDE">
+<![ %issn.attlist; [
+<!ATTLIST ISSN
+		%common.attrib;
+		%issn.role.attrib;
+		%local.issn.attrib;
+>
+<!--end of issn.attlist-->]]>
+<!--end of issn.module-->]]>
+
+<!-- InvPartNumber .................... -->
+
+<!ENTITY % invpartnumber.module "INCLUDE">
+<![ %invpartnumber.module; [
+<!ENTITY % local.invpartnumber.attrib "">
+<!ENTITY % invpartnumber.role.attrib "%role.attrib;">
+
+<!ENTITY % invpartnumber.element "INCLUDE">
+<![ %invpartnumber.element; [
+<!ELEMENT InvPartNumber - - ((%docinfo.char.mix;)+)>
+<!--end of invpartnumber.element-->]]>
+
+<!ENTITY % invpartnumber.attlist "INCLUDE">
+<![ %invpartnumber.attlist; [
+<!ATTLIST InvPartNumber
+		%common.attrib;
+		%invpartnumber.role.attrib;
+		%local.invpartnumber.attrib;
+>
+<!--end of invpartnumber.attlist-->]]>
+<!--end of invpartnumber.module-->]]>
+
+<!-- IssueNum ......................... -->
+
+<!ENTITY % issuenum.module "INCLUDE">
+<![ %issuenum.module; [
+<!ENTITY % local.issuenum.attrib "">
+<!ENTITY % issuenum.role.attrib "%role.attrib;">
+
+<!ENTITY % issuenum.element "INCLUDE">
+<![ %issuenum.element; [
+<!ELEMENT IssueNum - - ((%docinfo.char.mix;)+)>
+<!--end of issuenum.element-->]]>
+
+<!ENTITY % issuenum.attlist "INCLUDE">
+<![ %issuenum.attlist; [
+<!ATTLIST IssueNum
+		%common.attrib;
+		%issuenum.role.attrib;
+		%local.issuenum.attrib;
+>
+<!--end of issuenum.attlist-->]]>
+<!--end of issuenum.module-->]]>
+
+<!-- LegalNotice ...................... -->
+
+<!ENTITY % legalnotice.module "INCLUDE">
+<![ %legalnotice.module; [
+<!ENTITY % local.legalnotice.attrib "">
+<!ENTITY % legalnotice.role.attrib "%role.attrib;">
+
+<!ENTITY % legalnotice.element "INCLUDE">
+<![ %legalnotice.element; [
+<!ELEMENT LegalNotice - - (Title?, (%legalnotice.mix;)+) %formal.exclusion;>
+<!--end of legalnotice.element-->]]>
+
+<!ENTITY % legalnotice.attlist "INCLUDE">
+<![ %legalnotice.attlist; [
+<!ATTLIST LegalNotice
+		%common.attrib;
+		%legalnotice.role.attrib;
+		%local.legalnotice.attrib;
+>
+<!--end of legalnotice.attlist-->]]>
+<!--end of legalnotice.module-->]]>
+
+<!-- ModeSpec ......................... -->
+
+<!ENTITY % modespec.module "INCLUDE">
+<![ %modespec.module; [
+<!ENTITY % local.modespec.attrib "">
+<!ENTITY % modespec.role.attrib "%role.attrib;">
+
+<!ENTITY % modespec.element "INCLUDE">
+<![ %modespec.element; [
+<!ELEMENT ModeSpec - - ((%docinfo.char.mix;)+) %ubiq.exclusion;>
+<!--end of modespec.element-->]]>
+
+<!ENTITY % modespec.attlist "INCLUDE">
+<![ %modespec.attlist; [
+<!ATTLIST ModeSpec
+		--
+		Application: Type of action required for completion
+		of the links to which the ModeSpec is relevant (e.g.,
+		retrieval query)
+		--
+		Application	NOTATION
+				(%notation.class;)	#IMPLIED
+		%common.attrib;
+		%modespec.role.attrib;
+		%local.modespec.attrib;
+>
+<!--end of modespec.attlist-->]]>
+<!--end of modespec.module-->]]>
+
+<!-- OrgName .......................... -->
+
+<!ENTITY % orgname.module "INCLUDE">
+<![ %orgname.module; [
+<!ENTITY % local.orgname.attrib "">
+<!ENTITY % orgname.role.attrib "%role.attrib;">
+
+<!ENTITY % orgname.element "INCLUDE">
+<![ %orgname.element; [
+<!ELEMENT OrgName - - ((%docinfo.char.mix;)+)>
+<!--end of orgname.element-->]]>
+
+<!ENTITY % orgname.attlist "INCLUDE">
+<![ %orgname.attlist; [
+<!ATTLIST OrgName
+		%common.attrib;
+		%orgname.role.attrib;
+		%local.orgname.attrib;
+>
+<!--end of orgname.attlist-->]]>
+<!--end of orgname.module-->]]>
+
+<!-- OtherCredit ...................... -->
+
+<!ENTITY % othercredit.module "INCLUDE">
+<![ %othercredit.module; [
+<!ENTITY % local.othercredit.attrib "">
+<!ENTITY % othercredit.role.attrib "%role.attrib;">
+
+<!ENTITY % othercredit.element "INCLUDE">
+<![ %othercredit.element; [
+<!ELEMENT OtherCredit - - ((%person.ident.mix;)+)>
+<!--end of othercredit.element-->]]>
+
+<!ENTITY % othercredit.attlist "INCLUDE">
+<![ %othercredit.attlist; [
+<!ATTLIST OtherCredit
+		%common.attrib;
+		%othercredit.role.attrib;
+		%local.othercredit.attrib;
+>
+<!--end of othercredit.attlist-->]]>
+  <!--(see "Personal identity elements" for %person.ident.mix;)-->
+<!--end of othercredit.module-->]]>
+
+<!-- PageNums ......................... -->
+
+<!ENTITY % pagenums.module "INCLUDE">
+<![ %pagenums.module; [
+<!ENTITY % local.pagenums.attrib "">
+<!ENTITY % pagenums.role.attrib "%role.attrib;">
+
+<!ENTITY % pagenums.element "INCLUDE">
+<![ %pagenums.element; [
+<!ELEMENT PageNums - - ((%docinfo.char.mix;)+)>
+<!--end of pagenums.element-->]]>
+
+<!ENTITY % pagenums.attlist "INCLUDE">
+<![ %pagenums.attlist; [
+<!ATTLIST PageNums
+		%common.attrib;
+		%pagenums.role.attrib;
+		%local.pagenums.attrib;
+>
+<!--end of pagenums.attlist-->]]>
+<!--end of pagenums.module-->]]>
+
+<!-- Personal identity elements ....... -->
+
+<!-- These elements are used only within Author, Editor, and 
+OtherCredit. -->
+
+<!ENTITY % person.ident.module "INCLUDE">
+<![ %person.ident.module; [
+  <!ENTITY % contrib.module "INCLUDE">
+  <![ %contrib.module; [
+  <!ENTITY % local.contrib.attrib "">
+  <!ENTITY % contrib.role.attrib "%role.attrib;">
+  
+<!ENTITY % contrib.element "INCLUDE">
+<![ %contrib.element; [
+<!ELEMENT Contrib - - ((%docinfo.char.mix;)+)>
+<!--end of contrib.element-->]]>
+  
+<!ENTITY % contrib.attlist "INCLUDE">
+<![ %contrib.attlist; [
+<!ATTLIST Contrib
+		%common.attrib;
+		%contrib.role.attrib;
+		%local.contrib.attrib;
+>
+<!--end of contrib.attlist-->]]>
+  <!--end of contrib.module-->]]>
+
+  <!ENTITY % firstname.module "INCLUDE">
+  <![ %firstname.module; [
+  <!ENTITY % local.firstname.attrib "">
+  <!ENTITY % firstname.role.attrib "%role.attrib;">
+  
+<!ENTITY % firstname.element "INCLUDE">
+<![ %firstname.element; [
+<!ELEMENT FirstName - - ((%docinfo.char.mix;)+)>
+<!--end of firstname.element-->]]>
+  
+<!ENTITY % firstname.attlist "INCLUDE">
+<![ %firstname.attlist; [
+<!ATTLIST FirstName
+		%common.attrib;
+		%firstname.role.attrib;
+		%local.firstname.attrib;
+>
+<!--end of firstname.attlist-->]]>
+  <!--end of firstname.module-->]]>
+
+  <!ENTITY % honorific.module "INCLUDE">
+  <![ %honorific.module; [
+  <!ENTITY % local.honorific.attrib "">
+  <!ENTITY % honorific.role.attrib "%role.attrib;">
+  
+<!ENTITY % honorific.element "INCLUDE">
+<![ %honorific.element; [
+<!ELEMENT Honorific - - ((%docinfo.char.mix;)+)>
+<!--end of honorific.element-->]]>
+  
+<!ENTITY % honorific.attlist "INCLUDE">
+<![ %honorific.attlist; [
+<!ATTLIST Honorific
+		%common.attrib;
+		%honorific.role.attrib;
+		%local.honorific.attrib;
+>
+<!--end of honorific.attlist-->]]>
+  <!--end of honorific.module-->]]>
+
+  <!ENTITY % lineage.module "INCLUDE">
+  <![ %lineage.module; [
+  <!ENTITY % local.lineage.attrib "">
+  <!ENTITY % lineage.role.attrib "%role.attrib;">
+  
+<!ENTITY % lineage.element "INCLUDE">
+<![ %lineage.element; [
+<!ELEMENT Lineage - - ((%docinfo.char.mix;)+)>
+<!--end of lineage.element-->]]>
+  
+<!ENTITY % lineage.attlist "INCLUDE">
+<![ %lineage.attlist; [
+<!ATTLIST Lineage
+		%common.attrib;
+		%lineage.role.attrib;
+		%local.lineage.attrib;
+>
+<!--end of lineage.attlist-->]]>
+  <!--end of lineage.module-->]]>
+
+  <!ENTITY % othername.module "INCLUDE">
+  <![ %othername.module; [
+  <!ENTITY % local.othername.attrib "">
+  <!ENTITY % othername.role.attrib "%role.attrib;">
+  
+<!ENTITY % othername.element "INCLUDE">
+<![ %othername.element; [
+<!ELEMENT OtherName - - ((%docinfo.char.mix;)+)>
+<!--end of othername.element-->]]>
+  
+<!ENTITY % othername.attlist "INCLUDE">
+<![ %othername.attlist; [
+<!ATTLIST OtherName
+		%common.attrib;
+		%othername.role.attrib;
+		%local.othername.attrib;
+>
+<!--end of othername.attlist-->]]>
+  <!--end of othername.module-->]]>
+
+  <!ENTITY % surname.module "INCLUDE">
+  <![ %surname.module; [
+  <!ENTITY % local.surname.attrib "">
+  <!ENTITY % surname.role.attrib "%role.attrib;">
+  
+<!ENTITY % surname.element "INCLUDE">
+<![ %surname.element; [
+<!ELEMENT Surname - - ((%docinfo.char.mix;)+)>
+<!--end of surname.element-->]]>
+  
+<!ENTITY % surname.attlist "INCLUDE">
+<![ %surname.attlist; [
+<!ATTLIST Surname
+		%common.attrib;
+		%surname.role.attrib;
+		%local.surname.attrib;
+>
+<!--end of surname.attlist-->]]>
+  <!--end of surname.module-->]]>
+<!--end of person.ident.module-->]]>
+
+<!-- PrintHistory ..................... -->
+
+<!ENTITY % printhistory.module "INCLUDE">
+<![ %printhistory.module; [
+<!ENTITY % local.printhistory.attrib "">
+<!ENTITY % printhistory.role.attrib "%role.attrib;">
+
+<!ENTITY % printhistory.element "INCLUDE">
+<![ %printhistory.element; [
+<!ELEMENT PrintHistory - - ((%para.class;)+)>
+<!--end of printhistory.element-->]]>
+
+<!ENTITY % printhistory.attlist "INCLUDE">
+<![ %printhistory.attlist; [
+<!ATTLIST PrintHistory
+		%common.attrib;
+		%printhistory.role.attrib;
+		%local.printhistory.attrib;
+>
+<!--end of printhistory.attlist-->]]>
+<!--end of printhistory.module-->]]>
+
+<!-- ProductName ...................... -->
+
+<!ENTITY % productname.module "INCLUDE">
+<![ %productname.module; [
+<!ENTITY % local.productname.attrib "">
+<!ENTITY % productname.role.attrib "%role.attrib;">
+
+<!ENTITY % productname.element "INCLUDE">
+<![ %productname.element; [
+<!ELEMENT ProductName - - ((%para.char.mix;)+)>
+<!--end of productname.element-->]]>
+
+<!ENTITY % productname.attlist "INCLUDE">
+<![ %productname.attlist; [
+<!ATTLIST ProductName
+		--
+		Class: More precisely identifies the item the element names
+		--
+		Class		(Service
+				|Trade
+				|Registered
+				|Copyright)	Trade
+		%common.attrib;
+		%productname.role.attrib;
+		%local.productname.attrib;
+>
+<!--end of productname.attlist-->]]>
+<!--end of productname.module-->]]>
+
+<!-- ProductNumber .................... -->
+
+<!ENTITY % productnumber.module "INCLUDE">
+<![ %productnumber.module; [
+<!ENTITY % local.productnumber.attrib "">
+<!ENTITY % productnumber.role.attrib "%role.attrib;">
+
+<!ENTITY % productnumber.element "INCLUDE">
+<![ %productnumber.element; [
+<!ELEMENT ProductNumber - - ((%docinfo.char.mix;)+)>
+<!--end of productnumber.element-->]]>
+
+<!ENTITY % productnumber.attlist "INCLUDE">
+<![ %productnumber.attlist; [
+<!ATTLIST ProductNumber
+		%common.attrib;
+		%productnumber.role.attrib;
+		%local.productnumber.attrib;
+>
+<!--end of productnumber.attlist-->]]>
+<!--end of productnumber.module-->]]>
+
+<!-- PubDate .......................... -->
+
+<!ENTITY % pubdate.module "INCLUDE">
+<![ %pubdate.module; [
+<!ENTITY % local.pubdate.attrib "">
+<!ENTITY % pubdate.role.attrib "%role.attrib;">
+
+<!ENTITY % pubdate.element "INCLUDE">
+<![ %pubdate.element; [
+<!ELEMENT PubDate - - ((%docinfo.char.mix;)+)>
+<!--end of pubdate.element-->]]>
+
+<!ENTITY % pubdate.attlist "INCLUDE">
+<![ %pubdate.attlist; [
+<!ATTLIST PubDate
+		%common.attrib;
+		%pubdate.role.attrib;
+		%local.pubdate.attrib;
+>
+<!--end of pubdate.attlist-->]]>
+<!--end of pubdate.module-->]]>
+
+<!-- Publisher ........................ -->
+
+<!ENTITY % publisher.content.module "INCLUDE">
+<![ %publisher.content.module; [
+<!ENTITY % publisher.module "INCLUDE">
+<![ %publisher.module; [
+<!ENTITY % local.publisher.attrib "">
+<!ENTITY % publisher.role.attrib "%role.attrib;">
+
+<!ENTITY % publisher.element "INCLUDE">
+<![ %publisher.element; [
+<!ELEMENT Publisher - - (PublisherName, Address*)>
+<!--end of publisher.element-->]]>
+
+<!ENTITY % publisher.attlist "INCLUDE">
+<![ %publisher.attlist; [
+<!ATTLIST Publisher
+		%common.attrib;
+		%publisher.role.attrib;
+		%local.publisher.attrib;
+>
+<!--end of publisher.attlist-->]]>
+<!--end of publisher.module-->]]>
+
+  <!ENTITY % publishername.module "INCLUDE">
+  <![ %publishername.module; [
+  <!ENTITY % local.publishername.attrib "">
+  <!ENTITY % publishername.role.attrib "%role.attrib;">
+  
+<!ENTITY % publishername.element "INCLUDE">
+<![ %publishername.element; [
+<!ELEMENT PublisherName - - ((%docinfo.char.mix;)+)>
+<!--end of publishername.element-->]]>
+  
+<!ENTITY % publishername.attlist "INCLUDE">
+<![ %publishername.attlist; [
+<!ATTLIST PublisherName
+		%common.attrib;
+		%publishername.role.attrib;
+		%local.publishername.attrib;
+>
+<!--end of publishername.attlist-->]]>
+  <!--end of publishername.module-->]]>
+
+  <!-- Address (defined elsewhere in this section)-->
+<!--end of publisher.content.module-->]]>
+
+<!-- PubsNumber ....................... -->
+
+<!ENTITY % pubsnumber.module "INCLUDE">
+<![ %pubsnumber.module; [
+<!ENTITY % local.pubsnumber.attrib "">
+<!ENTITY % pubsnumber.role.attrib "%role.attrib;">
+
+<!ENTITY % pubsnumber.element "INCLUDE">
+<![ %pubsnumber.element; [
+<!ELEMENT PubsNumber - - ((%docinfo.char.mix;)+)>
+<!--end of pubsnumber.element-->]]>
+
+<!ENTITY % pubsnumber.attlist "INCLUDE">
+<![ %pubsnumber.attlist; [
+<!ATTLIST PubsNumber
+		%common.attrib;
+		%pubsnumber.role.attrib;
+		%local.pubsnumber.attrib;
+>
+<!--end of pubsnumber.attlist-->]]>
+<!--end of pubsnumber.module-->]]>
+
+<!-- ReleaseInfo ...................... -->
+
+<!ENTITY % releaseinfo.module "INCLUDE">
+<![ %releaseinfo.module; [
+<!ENTITY % local.releaseinfo.attrib "">
+<!ENTITY % releaseinfo.role.attrib "%role.attrib;">
+
+<!ENTITY % releaseinfo.element "INCLUDE">
+<![ %releaseinfo.element; [
+<!ELEMENT ReleaseInfo - - ((%docinfo.char.mix;)+)>
+<!--end of releaseinfo.element-->]]>
+
+<!ENTITY % releaseinfo.attlist "INCLUDE">
+<![ %releaseinfo.attlist; [
+<!ATTLIST ReleaseInfo
+		%common.attrib;
+		%releaseinfo.role.attrib;
+		%local.releaseinfo.attrib;
+>
+<!--end of releaseinfo.attlist-->]]>
+<!--end of releaseinfo.module-->]]>
+
+<!-- RevHistory ....................... -->
+
+<!ENTITY % revhistory.content.module "INCLUDE">
+<![ %revhistory.content.module; [
+<!ENTITY % revhistory.module "INCLUDE">
+<![ %revhistory.module; [
+<!ENTITY % local.revhistory.attrib "">
+<!ENTITY % revhistory.role.attrib "%role.attrib;">
+
+<!ENTITY % revhistory.element "INCLUDE">
+<![ %revhistory.element; [
+<!ELEMENT RevHistory - - (Revision+)>
+<!--end of revhistory.element-->]]>
+
+<!ENTITY % revhistory.attlist "INCLUDE">
+<![ %revhistory.attlist; [
+<!ATTLIST RevHistory
+		%common.attrib;
+		%revhistory.role.attrib;
+		%local.revhistory.attrib;
+>
+<!--end of revhistory.attlist-->]]>
+<!--end of revhistory.module-->]]>
+
+  <!ENTITY % revision.module "INCLUDE">
+  <![ %revision.module; [
+  <!ENTITY % local.revision.attrib "">
+  <!ENTITY % revision.role.attrib "%role.attrib;">
+  
+<!ENTITY % revision.element "INCLUDE">
+<![ %revision.element; [
+<!ELEMENT Revision - - (RevNumber, Date, AuthorInitials*, (RevRemark|RevDescription)?)>
+<!--end of revision.element-->]]>
+  
+<!ENTITY % revision.attlist "INCLUDE">
+<![ %revision.attlist; [
+<!ATTLIST Revision
+		%common.attrib;
+		%revision.role.attrib;
+		%local.revision.attrib;
+>
+<!--end of revision.attlist-->]]>
+  <!--end of revision.module-->]]>
+
+  <!ENTITY % revnumber.module "INCLUDE">
+  <![ %revnumber.module; [
+  <!ENTITY % local.revnumber.attrib "">
+  <!ENTITY % revnumber.role.attrib "%role.attrib;">
+  
+<!ENTITY % revnumber.element "INCLUDE">
+<![ %revnumber.element; [
+<!ELEMENT RevNumber - - ((%docinfo.char.mix;)+)>
+<!--end of revnumber.element-->]]>
+  
+<!ENTITY % revnumber.attlist "INCLUDE">
+<![ %revnumber.attlist; [
+<!ATTLIST RevNumber
+		%common.attrib;
+		%revnumber.role.attrib;
+		%local.revnumber.attrib;
+>
+<!--end of revnumber.attlist-->]]>
+<!--end of revnumber.module-->]]>
+
+<!-- Date (defined elsewhere in this section)-->
+<!-- AuthorInitials (defined elsewhere in this section)-->
+
+<!ENTITY % revremark.module "INCLUDE">
+<![ %revremark.module; [
+<!ENTITY % local.revremark.attrib "">
+<!ENTITY % revremark.role.attrib "%role.attrib;">
+
+<!ENTITY % revremark.element "INCLUDE">
+<![ %revremark.element; [
+<!ELEMENT RevRemark - - ((%docinfo.char.mix;)+)>
+<!--end of revremark.element-->]]>
+
+<!ENTITY % revremark.attlist "INCLUDE">
+<![ %revremark.attlist; [
+<!ATTLIST RevRemark
+		%common.attrib;
+		%revremark.role.attrib;
+		%local.revremark.attrib;
+>
+<!--end of revremark.attlist-->]]>
+<!--end of revremark.module-->]]>
+
+<!ENTITY % revdescription.module "INCLUDE">
+<![ %revdescription.module; [
+<!ENTITY % local.revdescription.attrib "">
+<!ENTITY % revdescription.role.attrib "%role.attrib;">
+
+<!ENTITY % revdescription.element "INCLUDE">
+<![ %revdescription.element; [
+<!ELEMENT RevDescription - - ((%revdescription.mix;)+)>
+<!--end of revdescription.element-->]]>
+
+<!ENTITY % revdescription.attlist "INCLUDE">
+<![ %revdescription.attlist; [
+<!ATTLIST RevDescription
+		%common.attrib;
+		%revdescription.role.attrib;
+		%local.revdescription.attrib;
+>
+<!--end of revdescription.attlist-->]]>
+<!--end of revdescription.module-->]]>
+<!--end of revhistory.content.module-->]]>
+
+<!-- SeriesVolNums .................... -->
+
+<!ENTITY % seriesvolnums.module "INCLUDE">
+<![ %seriesvolnums.module; [
+<!ENTITY % local.seriesvolnums.attrib "">
+<!ENTITY % seriesvolnums.role.attrib "%role.attrib;">
+
+<!ENTITY % seriesvolnums.element "INCLUDE">
+<![ %seriesvolnums.element; [
+<!ELEMENT SeriesVolNums - - ((%docinfo.char.mix;)+)>
+<!--end of seriesvolnums.element-->]]>
+
+<!ENTITY % seriesvolnums.attlist "INCLUDE">
+<![ %seriesvolnums.attlist; [
+<!ATTLIST SeriesVolNums
+		%common.attrib;
+		%seriesvolnums.role.attrib;
+		%local.seriesvolnums.attrib;
+>
+<!--end of seriesvolnums.attlist-->]]>
+<!--end of seriesvolnums.module-->]]>
+
+<!-- VolumeNum ........................ -->
+
+<!ENTITY % volumenum.module "INCLUDE">
+<![ %volumenum.module; [
+<!ENTITY % local.volumenum.attrib "">
+<!ENTITY % volumenum.role.attrib "%role.attrib;">
+
+<!ENTITY % volumenum.element "INCLUDE">
+<![ %volumenum.element; [
+<!ELEMENT VolumeNum - - ((%docinfo.char.mix;)+)>
+<!--end of volumenum.element-->]]>
+
+<!ENTITY % volumenum.attlist "INCLUDE">
+<![ %volumenum.attlist; [
+<!ATTLIST VolumeNum
+		%common.attrib;
+		%volumenum.role.attrib;
+		%local.volumenum.attrib;
+>
+<!--end of volumenum.attlist-->]]>
+<!--end of volumenum.module-->]]>
+
+<!-- .................................. -->
+
+<!--end of docinfo.content.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Inline, link, and ubiquitous elements ................................ -->
+
+<!-- Technical and computer terms ......................................... -->
+
+<!ENTITY % accel.module "INCLUDE">
+<![ %accel.module; [
+<!ENTITY % local.accel.attrib "">
+<!ENTITY % accel.role.attrib "%role.attrib;">
+
+<!ENTITY % accel.element "INCLUDE">
+<![ %accel.element; [
+<!ELEMENT Accel - - ((%smallcptr.char.mix;)+)>
+<!--end of accel.element-->]]>
+
+<!ENTITY % accel.attlist "INCLUDE">
+<![ %accel.attlist; [
+<!ATTLIST Accel
+		%common.attrib;
+		%accel.role.attrib;
+		%local.accel.attrib;
+>
+<!--end of accel.attlist-->]]>
+<!--end of accel.module-->]]>
+
+<!ENTITY % action.module "INCLUDE">
+<![ %action.module; [
+<!ENTITY % local.action.attrib "">
+<!ENTITY % action.role.attrib "%role.attrib;">
+
+<!ENTITY % action.element "INCLUDE">
+<![ %action.element; [
+<!ELEMENT Action - - ((%smallcptr.char.mix;)+)>
+<!--end of action.element-->]]>
+
+<!ENTITY % action.attlist "INCLUDE">
+<![ %action.attlist; [
+<!ATTLIST Action
+		%moreinfo.attrib;
+		%common.attrib;
+		%action.role.attrib;
+		%local.action.attrib;
+>
+<!--end of action.attlist-->]]>
+<!--end of action.module-->]]>
+
+<!ENTITY % application.module "INCLUDE">
+<![ %application.module; [
+<!ENTITY % local.application.attrib "">
+<!ENTITY % application.role.attrib "%role.attrib;">
+
+<!ENTITY % application.element "INCLUDE">
+<![ %application.element; [
+<!ELEMENT Application - - ((%para.char.mix;)+)>
+<!--end of application.element-->]]>
+
+<!ENTITY % application.attlist "INCLUDE">
+<![ %application.attlist; [
+<!ATTLIST Application
+		Class 		(Hardware
+				|Software)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%application.role.attrib;
+		%local.application.attrib;
+>
+<!--end of application.attlist-->]]>
+<!--end of application.module-->]]>
+
+<!ENTITY % classname.module "INCLUDE">
+<![ %classname.module; [
+<!ENTITY % local.classname.attrib "">
+<!ENTITY % classname.role.attrib "%role.attrib;">
+
+<!ENTITY % classname.element "INCLUDE">
+<![ %classname.element; [
+<!ELEMENT ClassName - - ((%smallcptr.char.mix;)+)>
+<!--end of classname.element-->]]>
+
+<!ENTITY % classname.attlist "INCLUDE">
+<![ %classname.attlist; [
+<!ATTLIST ClassName
+		%common.attrib;
+		%classname.role.attrib;
+		%local.classname.attrib;
+>
+<!--end of classname.attlist-->]]>
+<!--end of classname.module-->]]>
+
+<!ENTITY % co.module "INCLUDE">
+<![ %co.module; [
+<!ENTITY % local.co.attrib "">
+<!-- CO is a callout area of the LineColumn unit type (a single character 
+     position); the position is directly indicated by the location of CO. -->
+<!ENTITY % co.role.attrib "%role.attrib;">
+
+<!ENTITY % co.element "INCLUDE">
+<![ %co.element; [
+<!ELEMENT CO - O EMPTY>
+<!--end of co.element-->]]>
+
+<!ENTITY % co.attlist "INCLUDE">
+<![ %co.attlist; [
+<!ATTLIST CO
+		%label.attrib; --bug number/symbol override or initialization--
+		%linkends.attrib; --to any related information--
+		%idreq.common.attrib;
+		%co.role.attrib;
+		%local.co.attrib;
+>
+<!--end of co.attlist-->]]>
+<!--end of co.module-->]]>
+
+<!ENTITY % command.module "INCLUDE">
+<![ %command.module; [
+<!ENTITY % local.command.attrib "">
+<!ENTITY % command.role.attrib "%role.attrib;">
+
+<!ENTITY % command.element "INCLUDE">
+<![ %command.element; [
+<!ELEMENT Command - - ((%cptr.char.mix;)+)>
+<!--end of command.element-->]]>
+
+<!ENTITY % command.attlist "INCLUDE">
+<![ %command.attlist; [
+<!ATTLIST Command
+		%moreinfo.attrib;
+		%common.attrib;
+		%command.role.attrib;
+		%local.command.attrib;
+>
+<!--end of command.attlist-->]]>
+<!--end of command.module-->]]>
+
+<!ENTITY % computeroutput.module "INCLUDE">
+<![ %computeroutput.module; [
+<!ENTITY % local.computeroutput.attrib "">
+<!ENTITY % computeroutput.role.attrib "%role.attrib;">
+
+<!ENTITY % computeroutput.element "INCLUDE">
+<![ %computeroutput.element; [
+<!ELEMENT ComputerOutput - - ((%cptr.char.mix;)+)>
+<!--end of computeroutput.element-->]]>
+
+<!ENTITY % computeroutput.attlist "INCLUDE">
+<![ %computeroutput.attlist; [
+<!ATTLIST ComputerOutput
+		%moreinfo.attrib;
+		%common.attrib;
+		%computeroutput.role.attrib;
+		%local.computeroutput.attrib;
+>
+<!--end of computeroutput.attlist-->]]>
+<!--end of computeroutput.module-->]]>
+
+<!ENTITY % database.module "INCLUDE">
+<![ %database.module; [
+<!ENTITY % local.database.attrib "">
+<!ENTITY % database.role.attrib "%role.attrib;">
+
+<!ENTITY % database.element "INCLUDE">
+<![ %database.element; [
+<!ELEMENT Database - - ((%smallcptr.char.mix;)+)>
+<!--end of database.element-->]]>
+
+<!ENTITY % database.attlist "INCLUDE">
+<![ %database.attlist; [
+<!ATTLIST Database
+		--
+		Class: Type of database the element names; no default
+		--
+		Class 		(Name
+				|Table
+				|Field
+				|Key1
+				|Key2
+				|Record)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%database.role.attrib;
+		%local.database.attrib;
+>
+<!--end of database.attlist-->]]>
+<!--end of database.module-->]]>
+
+<!ENTITY % email.module "INCLUDE">
+<![ %email.module; [
+<!ENTITY % local.email.attrib "">
+<!ENTITY % email.role.attrib "%role.attrib;">
+
+<!ENTITY % email.element "INCLUDE">
+<![ %email.element; [
+<!ELEMENT Email - - ((%docinfo.char.mix;)+)>
+<!--end of email.element-->]]>
+
+<!ENTITY % email.attlist "INCLUDE">
+<![ %email.attlist; [
+<!ATTLIST Email
+		%common.attrib;
+		%email.role.attrib;
+		%local.email.attrib;
+>
+<!--end of email.attlist-->]]>
+<!--end of email.module-->]]>
+
+<!ENTITY % envar.module "INCLUDE">
+<![ %envar.module; [
+<!ENTITY % local.envar.attrib "">
+<!ENTITY % envar.role.attrib "%role.attrib;">
+
+<!ENTITY % envar.element "INCLUDE">
+<![ %envar.element; [
+<!ELEMENT EnVar - - ((%smallcptr.char.mix;)+)>
+<!--end of envar.element-->]]>
+
+<!ENTITY % envar.attlist "INCLUDE">
+<![ %envar.attlist; [
+<!ATTLIST EnVar
+		%common.attrib;
+		%envar.role.attrib;
+		%local.envar.attrib;
+>
+<!--end of envar.attlist-->]]>
+<!--end of envar.module-->]]>
+
+
+<!ENTITY % errorcode.module "INCLUDE">
+<![ %errorcode.module; [
+<!ENTITY % local.errorcode.attrib "">
+<!ENTITY % errorcode.role.attrib "%role.attrib;">
+
+<!ENTITY % errorcode.element "INCLUDE">
+<![ %errorcode.element; [
+<!ELEMENT ErrorCode - - ((%smallcptr.char.mix;)+)>
+<!--end of errorcode.element-->]]>
+
+<!ENTITY % errorcode.attlist "INCLUDE">
+<![ %errorcode.attlist; [
+<!ATTLIST ErrorCode
+		%moreinfo.attrib;
+		%common.attrib;
+		%errorcode.role.attrib;
+		%local.errorcode.attrib;
+>
+<!--end of errorcode.attlist-->]]>
+<!--end of errorcode.module-->]]>
+
+<!ENTITY % errorname.module "INCLUDE">
+<![ %errorname.module; [
+<!ENTITY % local.errorname.attrib "">
+<!ENTITY % errorname.role.attrib "%role.attrib;">
+
+<!ENTITY % errorname.element "INCLUDE">
+<![ %errorname.element; [
+<!ELEMENT ErrorName - - ((%smallcptr.char.mix;)+)>
+<!--end of errorname.element-->]]>
+
+<!ENTITY % errorname.attlist "INCLUDE">
+<![ %errorname.attlist; [
+<!ATTLIST ErrorName
+		%common.attrib;
+		%errorname.role.attrib;
+		%local.errorname.attrib;
+>
+<!--end of errorname.attlist-->]]>
+<!--end of errorname.module-->]]>
+
+<!ENTITY % errortype.module "INCLUDE">
+<![ %errortype.module; [
+<!ENTITY % local.errortype.attrib "">
+<!ENTITY % errortype.role.attrib "%role.attrib;">
+
+<!ENTITY % errortype.element "INCLUDE">
+<![ %errortype.element; [
+<!ELEMENT ErrorType - - ((%smallcptr.char.mix;)+)>
+<!--end of errortype.element-->]]>
+
+<!ENTITY % errortype.attlist "INCLUDE">
+<![ %errortype.attlist; [
+<!ATTLIST ErrorType
+		%common.attrib;
+		%errortype.role.attrib;
+		%local.errortype.attrib;
+>
+<!--end of errortype.attlist-->]]>
+<!--end of errortype.module-->]]>
+
+<!ENTITY % filename.module "INCLUDE">
+<![ %filename.module; [
+<!ENTITY % local.filename.attrib "">
+<!ENTITY % filename.role.attrib "%role.attrib;">
+
+<!ENTITY % filename.element "INCLUDE">
+<![ %filename.element; [
+<!ELEMENT Filename - - ((%smallcptr.char.mix;)+)>
+<!--end of filename.element-->]]>
+
+<!ENTITY % filename.attlist "INCLUDE">
+<![ %filename.attlist; [
+<!ATTLIST Filename
+		--
+		Class: Type of filename the element names; no default
+		--
+		Class		(HeaderFile
+				|DeviceFile
+				|Directory
+				|LibraryFile
+				|SymLink)	#IMPLIED
+		--
+		Path: Search path (possibly system-specific) in which 
+		file can be found
+		--
+		Path		CDATA		#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%filename.role.attrib;
+		%local.filename.attrib;
+>
+<!--end of filename.attlist-->]]>
+<!--end of filename.module-->]]>
+
+<!ENTITY % function.module "INCLUDE">
+<![ %function.module; [
+<!ENTITY % local.function.attrib "">
+<!ENTITY % function.role.attrib "%role.attrib;">
+
+<!ENTITY % function.element "INCLUDE">
+<![ %function.element; [
+<!ELEMENT Function - - ((%cptr.char.mix;)+)>
+<!--end of function.element-->]]>
+
+<!ENTITY % function.attlist "INCLUDE">
+<![ %function.attlist; [
+<!ATTLIST Function
+		%moreinfo.attrib;
+		%common.attrib;
+		%function.role.attrib;
+		%local.function.attrib;
+>
+<!--end of function.attlist-->]]>
+<!--end of function.module-->]]>
+
+<!ENTITY % guibutton.module "INCLUDE">
+<![ %guibutton.module; [
+<!ENTITY % local.guibutton.attrib "">
+<!ENTITY % guibutton.role.attrib "%role.attrib;">
+
+<!ENTITY % guibutton.element "INCLUDE">
+<![ %guibutton.element; [
+<!ELEMENT GUIButton - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guibutton.element-->]]>
+
+<!ENTITY % guibutton.attlist "INCLUDE">
+<![ %guibutton.attlist; [
+<!ATTLIST GUIButton
+		%moreinfo.attrib;
+		%common.attrib;
+		%guibutton.role.attrib;
+		%local.guibutton.attrib;
+>
+<!--end of guibutton.attlist-->]]>
+<!--end of guibutton.module-->]]>
+
+<!ENTITY % guiicon.module "INCLUDE">
+<![ %guiicon.module; [
+<!ENTITY % local.guiicon.attrib "">
+<!ENTITY % guiicon.role.attrib "%role.attrib;">
+
+<!ENTITY % guiicon.element "INCLUDE">
+<![ %guiicon.element; [
+<!ELEMENT GUIIcon - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guiicon.element-->]]>
+
+<!ENTITY % guiicon.attlist "INCLUDE">
+<![ %guiicon.attlist; [
+<!ATTLIST GUIIcon
+		%moreinfo.attrib;
+		%common.attrib;
+		%guiicon.role.attrib;
+		%local.guiicon.attrib;
+>
+<!--end of guiicon.attlist-->]]>
+<!--end of guiicon.module-->]]>
+
+<!ENTITY % guilabel.module "INCLUDE">
+<![ %guilabel.module; [
+<!ENTITY % local.guilabel.attrib "">
+<!ENTITY % guilabel.role.attrib "%role.attrib;">
+
+<!ENTITY % guilabel.element "INCLUDE">
+<![ %guilabel.element; [
+<!ELEMENT GUILabel - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guilabel.element-->]]>
+
+<!ENTITY % guilabel.attlist "INCLUDE">
+<![ %guilabel.attlist; [
+<!ATTLIST GUILabel
+		%moreinfo.attrib;
+		%common.attrib;
+		%guilabel.role.attrib;
+		%local.guilabel.attrib;
+>
+<!--end of guilabel.attlist-->]]>
+<!--end of guilabel.module-->]]>
+
+<!ENTITY % guimenu.module "INCLUDE">
+<![ %guimenu.module; [
+<!ENTITY % local.guimenu.attrib "">
+<!ENTITY % guimenu.role.attrib "%role.attrib;">
+
+<!ENTITY % guimenu.element "INCLUDE">
+<![ %guimenu.element; [
+<!ELEMENT GUIMenu - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guimenu.element-->]]>
+
+<!ENTITY % guimenu.attlist "INCLUDE">
+<![ %guimenu.attlist; [
+<!ATTLIST GUIMenu
+		%moreinfo.attrib;
+		%common.attrib;
+		%guimenu.role.attrib;
+		%local.guimenu.attrib;
+>
+<!--end of guimenu.attlist-->]]>
+<!--end of guimenu.module-->]]>
+
+<!ENTITY % guimenuitem.module "INCLUDE">
+<![ %guimenuitem.module; [
+<!ENTITY % local.guimenuitem.attrib "">
+<!ENTITY % guimenuitem.role.attrib "%role.attrib;">
+
+<!ENTITY % guimenuitem.element "INCLUDE">
+<![ %guimenuitem.element; [
+<!ELEMENT GUIMenuItem - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guimenuitem.element-->]]>
+
+<!ENTITY % guimenuitem.attlist "INCLUDE">
+<![ %guimenuitem.attlist; [
+<!ATTLIST GUIMenuItem
+		%moreinfo.attrib;
+		%common.attrib;
+		%guimenuitem.role.attrib;
+		%local.guimenuitem.attrib;
+>
+<!--end of guimenuitem.attlist-->]]>
+<!--end of guimenuitem.module-->]]>
+
+<!ENTITY % guisubmenu.module "INCLUDE">
+<![ %guisubmenu.module; [
+<!ENTITY % local.guisubmenu.attrib "">
+<!ENTITY % guisubmenu.role.attrib "%role.attrib;">
+
+<!ENTITY % guisubmenu.element "INCLUDE">
+<![ %guisubmenu.element; [
+<!ELEMENT GUISubmenu - - ((%smallcptr.char.mix;|Accel)+)>
+<!--end of guisubmenu.element-->]]>
+
+<!ENTITY % guisubmenu.attlist "INCLUDE">
+<![ %guisubmenu.attlist; [
+<!ATTLIST GUISubmenu
+		%moreinfo.attrib;
+		%common.attrib;
+		%guisubmenu.role.attrib;
+		%local.guisubmenu.attrib;
+>
+<!--end of guisubmenu.attlist-->]]>
+<!--end of guisubmenu.module-->]]>
+
+<!ENTITY % hardware.module "INCLUDE">
+<![ %hardware.module; [
+<!ENTITY % local.hardware.attrib "">
+<!ENTITY % hardware.role.attrib "%role.attrib;">
+
+<!ENTITY % hardware.element "INCLUDE">
+<![ %hardware.element; [
+<!ELEMENT Hardware - - ((%smallcptr.char.mix;)+)>
+<!--end of hardware.element-->]]>
+
+<!ENTITY % hardware.attlist "INCLUDE">
+<![ %hardware.attlist; [
+<!ATTLIST Hardware
+		%moreinfo.attrib;
+		%common.attrib;
+		%hardware.role.attrib;
+		%local.hardware.attrib;
+>
+<!--end of hardware.attlist-->]]>
+<!--end of hardware.module-->]]>
+
+<!ENTITY % interface.module "INCLUDE">
+<![ %interface.module; [
+<!ENTITY % local.interface.attrib "">
+<!ENTITY % interface.role.attrib "%role.attrib;">
+
+<!ENTITY % interface.element "INCLUDE">
+<![ %interface.element; [
+<!ELEMENT Interface - - (%smallcptr.char.mix;|Accel)*>
+<!--end of interface.element-->]]>
+
+<!ENTITY % interface.attlist "INCLUDE">
+<![ %interface.attlist; [
+<!ATTLIST Interface
+		%moreinfo.attrib;
+		%common.attrib;
+		%interface.role.attrib;
+		%local.interface.attrib;
+>
+<!--end of interface.attlist-->]]>
+<!--end of interface.module-->]]>
+
+<!ENTITY % keycap.module "INCLUDE">
+<![ %keycap.module; [
+<!ENTITY % local.keycap.attrib "">
+<!ENTITY % keycap.role.attrib "%role.attrib;">
+
+<!ENTITY % keycap.element "INCLUDE">
+<![ %keycap.element; [
+<!ELEMENT KeyCap - - (%smallcptr.char.mix;)*>
+<!--end of keycap.element-->]]>
+
+<!ENTITY % keycap.attlist "INCLUDE">
+<![ %keycap.attlist; [
+<!ATTLIST KeyCap
+		%moreinfo.attrib;
+		%common.attrib;
+		%keycap.role.attrib;
+		%local.keycap.attrib;
+>
+<!--end of keycap.attlist-->]]>
+<!--end of keycap.module-->]]>
+
+<!ENTITY % keycode.module "INCLUDE">
+<![ %keycode.module; [
+<!ENTITY % local.keycode.attrib "">
+<!ENTITY % keycode.role.attrib "%role.attrib;">
+
+<!ENTITY % keycode.element "INCLUDE">
+<![ %keycode.element; [
+<!ELEMENT KeyCode - - ((%smallcptr.char.mix;)+)>
+<!--end of keycode.element-->]]>
+
+<!ENTITY % keycode.attlist "INCLUDE">
+<![ %keycode.attlist; [
+<!ATTLIST KeyCode
+		%common.attrib;
+		%keycode.role.attrib;
+		%local.keycode.attrib;
+>
+<!--end of keycode.attlist-->]]>
+<!--end of keycode.module-->]]>
+
+<!ENTITY % keycombo.module "INCLUDE">
+<![ %keycombo.module; [
+<!ENTITY % local.keycombo.attrib "">
+<!ENTITY % keycombo.role.attrib "%role.attrib;">
+
+<!ENTITY % keycombo.element "INCLUDE">
+<![ %keycombo.element; [
+<!ELEMENT KeyCombo - - ((KeyCap|KeyCombo|KeySym|MouseButton)+)>
+<!--end of keycombo.element-->]]>
+
+<!ENTITY % keycombo.attlist "INCLUDE">
+<![ %keycombo.attlist; [
+<!ATTLIST KeyCombo
+		%keyaction.attrib;
+		%moreinfo.attrib;
+		%common.attrib;
+		%keycombo.role.attrib;
+		%local.keycombo.attrib;
+>
+<!--end of keycombo.attlist-->]]>
+<!--end of keycombo.module-->]]>
+
+<!ENTITY % keysym.module "INCLUDE">
+<![ %keysym.module; [
+<!ENTITY % local.keysym.attrib "">
+<!ENTITY % keysysm.role.attrib "%role.attrib;">
+
+<!ENTITY % keysym.element "INCLUDE">
+<![ %keysym.element; [
+<!ELEMENT KeySym - - ((%smallcptr.char.mix;)+)>
+<!--end of keysym.element-->]]>
+
+<!ENTITY % keysym.attlist "INCLUDE">
+<![ %keysym.attlist; [
+<!ATTLIST KeySym
+		%common.attrib;
+		%keysysm.role.attrib;
+		%local.keysym.attrib;
+>
+<!--end of keysym.attlist-->]]>
+<!--end of keysym.module-->]]>
+
+<!ENTITY % lineannotation.module "INCLUDE">
+<![ %lineannotation.module; [
+<!ENTITY % local.lineannotation.attrib "">
+<!ENTITY % lineannotation.role.attrib "%role.attrib;">
+
+<!ENTITY % lineannotation.element "INCLUDE">
+<![ %lineannotation.element; [
+<!ELEMENT LineAnnotation - - ((%para.char.mix;)+)>
+<!--end of lineannotation.element-->]]>
+
+<!ENTITY % lineannotation.attlist "INCLUDE">
+<![ %lineannotation.attlist; [
+<!ATTLIST LineAnnotation
+		%common.attrib;
+		%lineannotation.role.attrib;
+		%local.lineannotation.attrib;
+>
+<!--end of lineannotation.attlist-->]]>
+<!--end of lineannotation.module-->]]>
+
+<!ENTITY % literal.module "INCLUDE">
+<![ %literal.module; [
+<!ENTITY % local.literal.attrib "">
+<!ENTITY % literal.role.attrib "%role.attrib;">
+
+<!ENTITY % literal.element "INCLUDE">
+<![ %literal.element; [
+<!ELEMENT Literal - - (%cptr.char.mix;)*>
+<!--end of literal.element-->]]>
+
+<!ENTITY % literal.attlist "INCLUDE">
+<![ %literal.attlist; [
+<!ATTLIST Literal
+		%moreinfo.attrib;
+		%common.attrib;
+		%literal.role.attrib;
+		%local.literal.attrib;
+>
+<!--end of literal.attlist-->]]>
+<!--end of literal.module-->]]>
+
+<!ENTITY % constant.module "INCLUDE">
+<![ %constant.module; [
+<!ENTITY % local.constant.attrib "">
+<!ENTITY % constant.role.attrib "%role.attrib;">
+
+<!ENTITY % constant.element "INCLUDE">
+<![ %constant.element; [
+<!ELEMENT Constant - - (%smallcptr.char.mix;)*>
+<!--end of constant.element-->]]>
+
+<!ENTITY % constant.attlist "INCLUDE">
+<![ %constant.attlist; [
+<!ATTLIST Constant
+		%common.attrib;
+		%constant.role.attrib;
+		%local.constant.attrib;
+		Class	(Limit)		#IMPLIED
+>
+<!--end of constant.attlist-->]]>
+<!--end of constant.module-->]]>
+
+<!ENTITY % varname.module "INCLUDE">
+<![ %varname.module; [
+<!ENTITY % local.varname.attrib "">
+<!ENTITY % varname.role.attrib "%role.attrib;">
+
+<!ENTITY % varname.element "INCLUDE">
+<![ %varname.element; [
+<!ELEMENT VarName - - (%smallcptr.char.mix;)*>
+<!--end of varname.element-->]]>
+
+<!ENTITY % varname.attlist "INCLUDE">
+<![ %varname.attlist; [
+<!ATTLIST VarName
+		%common.attrib;
+		%varname.role.attrib;
+		%local.varname.attrib;
+>
+<!--end of varname.attlist-->]]>
+<!--end of varname.module-->]]>
+
+<!ENTITY % markup.module "INCLUDE">
+<![ %markup.module; [
+<!ENTITY % local.markup.attrib "">
+<!ENTITY % markup.role.attrib "%role.attrib;">
+
+<!ENTITY % markup.element "INCLUDE">
+<![ %markup.element; [
+<!ELEMENT Markup - - ((%smallcptr.char.mix;)+)>
+<!--end of markup.element-->]]>
+
+<!ENTITY % markup.attlist "INCLUDE">
+<![ %markup.attlist; [
+<!ATTLIST Markup
+		%common.attrib;
+		%markup.role.attrib;
+		%local.markup.attrib;
+>
+<!--end of markup.attlist-->]]>
+<!--end of markup.module-->]]>
+
+<!ENTITY % medialabel.module "INCLUDE">
+<![ %medialabel.module; [
+<!ENTITY % local.medialabel.attrib "">
+<!ENTITY % medialabel.role.attrib "%role.attrib;">
+
+<!ENTITY % medialabel.element "INCLUDE">
+<![ %medialabel.element; [
+<!ELEMENT MediaLabel - - ((%smallcptr.char.mix;)+)>
+<!--end of medialabel.element-->]]>
+
+<!ENTITY % medialabel.attlist "INCLUDE">
+<![ %medialabel.attlist; [
+<!ATTLIST MediaLabel
+		--
+		Class: Type of medium named by the element; no default
+		--
+		Class 		(Cartridge
+				|CDRom
+				|Disk
+				|Tape)		#IMPLIED
+		%common.attrib;
+		%medialabel.role.attrib;
+		%local.medialabel.attrib;
+>
+<!--end of medialabel.attlist-->]]>
+<!--end of medialabel.module-->]]>
+
+<!ENTITY % menuchoice.content.module "INCLUDE">
+<![ %menuchoice.content.module; [
+<!ENTITY % menuchoice.module "INCLUDE">
+<![ %menuchoice.module; [
+<!ENTITY % local.menuchoice.attrib "">
+<!ENTITY % menuchoice.role.attrib "%role.attrib;">
+
+<!ENTITY % menuchoice.element "INCLUDE">
+<![ %menuchoice.element; [
+<!ELEMENT MenuChoice - - (Shortcut?, (GUIButton|GUIIcon|GUILabel
+		|GUIMenu|GUIMenuItem|GUISubmenu|Interface)+)>
+<!--end of menuchoice.element-->]]>
+
+<!ENTITY % menuchoice.attlist "INCLUDE">
+<![ %menuchoice.attlist; [
+<!ATTLIST MenuChoice
+		%moreinfo.attrib;
+		%common.attrib;
+		%menuchoice.role.attrib;
+		%local.menuchoice.attrib;
+>
+<!--end of menuchoice.attlist-->]]>
+<!--end of menuchoice.module-->]]>
+
+<!ENTITY % shortcut.module "INCLUDE">
+<![ %shortcut.module; [
+<!-- See also KeyCombo -->
+<!ENTITY % local.shortcut.attrib "">
+<!ENTITY % shortcut.role.attrib "%role.attrib;">
+
+<!ENTITY % shortcut.element "INCLUDE">
+<![ %shortcut.element; [
+<!ELEMENT Shortcut - - ((KeyCap|KeyCombo|KeySym|MouseButton)+)>
+<!--end of shortcut.element-->]]>
+
+<!ENTITY % shortcut.attlist "INCLUDE">
+<![ %shortcut.attlist; [
+<!ATTLIST Shortcut
+		%keyaction.attrib;
+		%moreinfo.attrib;
+		%common.attrib;
+		%shortcut.role.attrib;
+		%local.shortcut.attrib;
+>
+<!--end of shortcut.attlist-->]]>
+<!--end of shortcut.module-->]]>
+<!--end of menuchoice.content.module-->]]>
+
+<!ENTITY % mousebutton.module "INCLUDE">
+<![ %mousebutton.module; [
+<!ENTITY % local.mousebutton.attrib "">
+<!ENTITY % mousebutton.role.attrib "%role.attrib;">
+
+<!ENTITY % mousebutton.element "INCLUDE">
+<![ %mousebutton.element; [
+<!ELEMENT MouseButton - - ((%smallcptr.char.mix;)+)>
+<!--end of mousebutton.element-->]]>
+
+<!ENTITY % mousebutton.attlist "INCLUDE">
+<![ %mousebutton.attlist; [
+<!ATTLIST MouseButton
+		%moreinfo.attrib;
+		%common.attrib;
+		%mousebutton.role.attrib;
+		%local.mousebutton.attrib;
+>
+<!--end of mousebutton.attlist-->]]>
+<!--end of mousebutton.module-->]]>
+
+<!ENTITY % msgtext.module "INCLUDE">
+<![ %msgtext.module; [
+<!ENTITY % local.msgtext.attrib "">
+<!ENTITY % msgtext.role.attrib "%role.attrib;">
+
+<!ENTITY % msgtext.element "INCLUDE">
+<![ %msgtext.element; [
+<!--FUTURE USE (V5.0):
+......................
+The content model of MsgText will be reduced. It will be made
+the same as %example.mix; although it may not use that PE.
+......................
+-->
+<!ELEMENT MsgText - - ((%component.mix;)+)>
+<!--end of msgtext.element-->]]>
+
+<!ENTITY % msgtext.attlist "INCLUDE">
+<![ %msgtext.attlist; [
+<!ATTLIST MsgText
+		%common.attrib;
+		%msgtext.role.attrib;
+		%local.msgtext.attrib;
+>
+<!--end of msgtext.attlist-->]]>
+<!--end of msgtext.module-->]]>
+
+<!ENTITY % option.module "INCLUDE">
+<![ %option.module; [
+<!ENTITY % local.option.attrib "">
+<!ENTITY % option.role.attrib "%role.attrib;">
+
+<!ENTITY % option.element "INCLUDE">
+<![ %option.element; [
+<!ELEMENT Option - - (%smallcptr.char.mix;)*>
+<!--end of option.element-->]]>
+
+<!ENTITY % option.attlist "INCLUDE">
+<![ %option.attlist; [
+<!ATTLIST Option
+		%common.attrib;
+		%option.role.attrib;
+		%local.option.attrib;
+>
+<!--end of option.attlist-->]]>
+<!--end of option.module-->]]>
+
+<!ENTITY % optional.module "INCLUDE">
+<![ %optional.module; [
+<!ENTITY % local.optional.attrib "">
+<!ENTITY % optional.role.attrib "%role.attrib;">
+
+<!ENTITY % optional.element "INCLUDE">
+<![ %optional.element; [
+<!ELEMENT Optional - - ((%cptr.char.mix;)+)>
+<!--end of optional.element-->]]>
+
+<!ENTITY % optional.attlist "INCLUDE">
+<![ %optional.attlist; [
+<!ATTLIST Optional
+		%common.attrib;
+		%optional.role.attrib;
+		%local.optional.attrib;
+>
+<!--end of optional.attlist-->]]>
+<!--end of optional.module-->]]>
+
+<!ENTITY % parameter.module "INCLUDE">
+<![ %parameter.module; [
+<!ENTITY % local.parameter.attrib "">
+<!ENTITY % parameter.role.attrib "%role.attrib;">
+
+<!ENTITY % parameter.element "INCLUDE">
+<![ %parameter.element; [
+<!ELEMENT Parameter - - (%smallcptr.char.mix;)*>
+<!--end of parameter.element-->]]>
+
+<!ENTITY % parameter.attlist "INCLUDE">
+<![ %parameter.attlist; [
+<!ATTLIST Parameter
+		--
+		Class: Type of the Parameter; no default
+		--
+		Class 		(Command
+				|Function
+				|Option)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%parameter.role.attrib;
+		%local.parameter.attrib;
+>
+<!--end of parameter.attlist-->]]>
+<!--end of parameter.module-->]]>
+
+<!ENTITY % prompt.module "INCLUDE">
+<![ %prompt.module; [
+<!ENTITY % local.prompt.attrib "">
+<!ENTITY % prompt.role.attrib "%role.attrib;">
+
+<!ENTITY % prompt.element "INCLUDE">
+<![ %prompt.element; [
+<!ELEMENT Prompt - - ((%smallcptr.char.mix;)+)>
+<!--end of prompt.element-->]]>
+
+<!ENTITY % prompt.attlist "INCLUDE">
+<![ %prompt.attlist; [
+<!ATTLIST Prompt
+		%moreinfo.attrib;
+		%common.attrib;
+		%prompt.role.attrib;
+		%local.prompt.attrib;
+>
+<!--end of prompt.attlist-->]]>
+<!--end of prompt.module-->]]>
+
+<!ENTITY % property.module "INCLUDE">
+<![ %property.module; [
+<!ENTITY % local.property.attrib "">
+<!ENTITY % property.role.attrib "%role.attrib;">
+
+<!ENTITY % property.element "INCLUDE">
+<![ %property.element; [
+<!ELEMENT Property - - (%smallcptr.char.mix;)*>
+<!--end of property.element-->]]>
+
+<!ENTITY % property.attlist "INCLUDE">
+<![ %property.attlist; [
+<!ATTLIST Property
+		%moreinfo.attrib;
+		%common.attrib;
+		%property.role.attrib;
+		%local.property.attrib;
+>
+<!--end of property.attlist-->]]>
+<!--end of property.module-->]]>
+
+<!ENTITY % replaceable.module "INCLUDE">
+<![ %replaceable.module; [
+<!ENTITY % local.replaceable.attrib "">
+<!ENTITY % replaceable.role.attrib "%role.attrib;">
+
+<!ENTITY % replaceable.element "INCLUDE">
+<![ %replaceable.element; [
+<!ELEMENT Replaceable - - ((#PCDATA 
+		| %link.char.class; 
+		| Optional
+		| %base.char.class; 
+		| %other.char.class; 
+		| InlineGraphic
+		| InlineMediaObject)+)>
+<!--end of replaceable.element-->]]>
+
+<!ENTITY % replaceable.attlist "INCLUDE">
+<![ %replaceable.attlist; [
+<!ATTLIST Replaceable
+		--
+		Class: Type of information the element represents; no
+		default
+		--
+		Class		(Command
+				|Function
+				|Option
+				|Parameter)	#IMPLIED
+		%common.attrib;
+		%replaceable.role.attrib;
+		%local.replaceable.attrib;
+>
+<!--end of replaceable.attlist-->]]>
+<!--end of replaceable.module-->]]>
+
+<!ENTITY % returnvalue.module "INCLUDE">
+<![ %returnvalue.module; [
+<!ENTITY % local.returnvalue.attrib "">
+<!ENTITY % returnvalue.role.attrib "%role.attrib;">
+
+<!ENTITY % returnvalue.element "INCLUDE">
+<![ %returnvalue.element; [
+<!ELEMENT ReturnValue - - ((%smallcptr.char.mix;)+)>
+<!--end of returnvalue.element-->]]>
+
+<!ENTITY % returnvalue.attlist "INCLUDE">
+<![ %returnvalue.attlist; [
+<!ATTLIST ReturnValue
+		%common.attrib;
+		%returnvalue.role.attrib;
+		%local.returnvalue.attrib;
+>
+<!--end of returnvalue.attlist-->]]>
+<!--end of returnvalue.module-->]]>
+
+<!ENTITY % sgmltag.module "INCLUDE">
+<![ %sgmltag.module; [
+<!ENTITY % local.sgmltag.attrib "">
+<!ENTITY % sgmltag.role.attrib "%role.attrib;">
+
+<!ENTITY % sgmltag.element "INCLUDE">
+<![ %sgmltag.element; [
+<!ELEMENT SGMLTag - - ((%smallcptr.char.mix;)+)>
+<!--end of sgmltag.element-->]]>
+
+<!ENTITY % sgmltag.attlist "INCLUDE">
+<![ %sgmltag.attlist; [
+<!ATTLIST SGMLTag
+		--
+		Class: Type of SGML construct the element names; no default
+		--
+		Class 		(Attribute
+				|AttValue
+				|Element
+				|EndTag
+				|EmptyTag
+				|GenEntity
+				|NumCharRef
+				|ParamEntity
+				|PI
+				|XMLPI
+				|StartTag
+				|SGMLComment)	#IMPLIED
+		%common.attrib;
+		%sgmltag.role.attrib;
+		%local.sgmltag.attrib;
+>
+<!--end of sgmltag.attlist-->]]>
+<!--end of sgmltag.module-->]]>
+
+<!ENTITY % structfield.module "INCLUDE">
+<![ %structfield.module; [
+<!ENTITY % local.structfield.attrib "">
+<!ENTITY % structfield.role.attrib "%role.attrib;">
+
+<!ENTITY % structfield.element "INCLUDE">
+<![ %structfield.element; [
+<!ELEMENT StructField - - ((%smallcptr.char.mix;)+)>
+<!--end of structfield.element-->]]>
+
+<!ENTITY % structfield.attlist "INCLUDE">
+<![ %structfield.attlist; [
+<!ATTLIST StructField
+		%common.attrib;
+		%structfield.role.attrib;
+		%local.structfield.attrib;
+>
+<!--end of structfield.attlist-->]]>
+<!--end of structfield.module-->]]>
+
+<!ENTITY % structname.module "INCLUDE">
+<![ %structname.module; [
+<!ENTITY % local.structname.attrib "">
+<!ENTITY % structname.role.attrib "%role.attrib;">
+
+<!ENTITY % structname.element "INCLUDE">
+<![ %structname.element; [
+<!ELEMENT StructName - - ((%smallcptr.char.mix;)+)>
+<!--end of structname.element-->]]>
+
+<!ENTITY % structname.attlist "INCLUDE">
+<![ %structname.attlist; [
+<!ATTLIST StructName
+		%common.attrib;
+		%structname.role.attrib;
+		%local.structname.attrib;
+>
+<!--end of structname.attlist-->]]>
+<!--end of structname.module-->]]>
+
+<!ENTITY % symbol.module "INCLUDE">
+<![ %symbol.module; [
+<!ENTITY % local.symbol.attrib "">
+<!ENTITY % symbol.role.attrib "%role.attrib;">
+
+<!ENTITY % symbol.element "INCLUDE">
+<![ %symbol.element; [
+<!ELEMENT Symbol - - ((%smallcptr.char.mix;)+)>
+<!--end of symbol.element-->]]>
+
+<!ENTITY % symbol.attlist "INCLUDE">
+<![ %symbol.attlist; [
+<!ATTLIST Symbol
+		--
+		Class: Type of symbol; no default
+		--
+		Class		(Limit)		#IMPLIED
+		%common.attrib;
+		%symbol.role.attrib;
+		%local.symbol.attrib;
+>
+<!--end of symbol.attlist-->]]>
+<!--end of symbol.module-->]]>
+
+<!ENTITY % systemitem.module "INCLUDE">
+<![ %systemitem.module; [
+<!ENTITY % local.systemitem.attrib "">
+<!ENTITY % systemitem.role.attrib "%role.attrib;">
+
+<!ENTITY % systemitem.element "INCLUDE">
+<![ %systemitem.element; [
+<!ELEMENT SystemItem - - ((%smallcptr.char.mix; | Acronym)*)>
+<!--end of systemitem.element-->]]>
+
+<!ENTITY % systemitem.attlist "INCLUDE">
+<![ %systemitem.attlist; [
+<!ATTLIST SystemItem
+		--
+		Class: Type of system item the element names; no default
+		--
+		Class	(Constant
+			|GroupName
+			|Library
+			|Macro
+			|OSname
+			|Resource
+			|SystemName
+			|UserName)	#IMPLIED
+		%moreinfo.attrib;
+		%common.attrib;
+		%systemitem.role.attrib;
+		%local.systemitem.attrib;
+>
+<!--end of systemitem.attlist-->]]>
+<!--end of systemitem.module-->]]>
+
+
+<!ENTITY % token.module "INCLUDE">
+<![ %token.module; [
+<!ENTITY % local.token.attrib "">
+<!ENTITY % token.role.attrib "%role.attrib;">
+
+<!ENTITY % token.element "INCLUDE">
+<![ %token.element; [
+<!ELEMENT Token - - ((%smallcptr.char.mix;)+)>
+<!--end of token.element-->]]>
+
+<!ENTITY % token.attlist "INCLUDE">
+<![ %token.attlist; [
+<!ATTLIST Token
+		%common.attrib;
+		%token.role.attrib;
+		%local.token.attrib;
+>
+<!--end of token.attlist-->]]>
+<!--end of token.module-->]]>
+
+<!ENTITY % type.module "INCLUDE">
+<![ %type.module; [
+<!ENTITY % local.type.attrib "">
+<!ENTITY % type.role.attrib "%role.attrib;">
+
+<!ENTITY % type.element "INCLUDE">
+<![ %type.element; [
+<!ELEMENT Type - - ((%smallcptr.char.mix;)+)>
+<!--end of type.element-->]]>
+
+<!ENTITY % type.attlist "INCLUDE">
+<![ %type.attlist; [
+<!ATTLIST Type
+		%common.attrib;
+		%type.role.attrib;
+		%local.type.attrib;
+>
+<!--end of type.attlist-->]]>
+<!--end of type.module-->]]>
+
+<!ENTITY % userinput.module "INCLUDE">
+<![ %userinput.module; [
+<!ENTITY % local.userinput.attrib "">
+<!ENTITY % userinput.role.attrib "%role.attrib;">
+
+<!ENTITY % userinput.element "INCLUDE">
+<![ %userinput.element; [
+<!ELEMENT UserInput - - ((%cptr.char.mix;)+)>
+<!--end of userinput.element-->]]>
+
+<!ENTITY % userinput.attlist "INCLUDE">
+<![ %userinput.attlist; [
+<!ATTLIST UserInput
+		%moreinfo.attrib;
+		%common.attrib;
+		%userinput.role.attrib;
+		%local.userinput.attrib;
+>
+<!--end of userinput.attlist-->]]>
+<!--end of userinput.module-->]]>
+
+<!-- General words and phrases ............................................ -->
+
+<!ENTITY % abbrev.module "INCLUDE">
+<![ %abbrev.module; [
+<!ENTITY % local.abbrev.attrib "">
+<!ENTITY % abbrev.role.attrib "%role.attrib;">
+
+<!ENTITY % abbrev.element "INCLUDE">
+<![ %abbrev.element; [
+<!ELEMENT Abbrev - - ((%word.char.mix;)+)>
+<!--end of abbrev.element-->]]>
+
+<!ENTITY % abbrev.attlist "INCLUDE">
+<![ %abbrev.attlist; [
+<!ATTLIST Abbrev
+		%common.attrib;
+		%abbrev.role.attrib;
+		%local.abbrev.attrib;
+>
+<!--end of abbrev.attlist-->]]>
+<!--end of abbrev.module-->]]>
+
+<!ENTITY % acronym.module "INCLUDE">
+<![ %acronym.module; [
+<!ENTITY % local.acronym.attrib "">
+<!ENTITY % acronym.role.attrib "%role.attrib;">
+
+<!ENTITY % acronym.element "INCLUDE">
+<![ %acronym.element; [
+<!ELEMENT Acronym - - ((%word.char.mix;)+) %acronym.exclusion;>
+<!--end of acronym.element-->]]>
+
+<!ENTITY % acronym.attlist "INCLUDE">
+<![ %acronym.attlist; [
+<!ATTLIST Acronym
+		%common.attrib;
+		%acronym.role.attrib;
+		%local.acronym.attrib;
+>
+<!--end of acronym.attlist-->]]>
+<!--end of acronym.module-->]]>
+
+<!ENTITY % citation.module "INCLUDE">
+<![ %citation.module; [
+<!ENTITY % local.citation.attrib "">
+<!ENTITY % citation.role.attrib "%role.attrib;">
+
+<!ENTITY % citation.element "INCLUDE">
+<![ %citation.element; [
+<!ELEMENT Citation - - ((%para.char.mix;)+)>
+<!--end of citation.element-->]]>
+
+<!ENTITY % citation.attlist "INCLUDE">
+<![ %citation.attlist; [
+<!ATTLIST Citation
+		%common.attrib;
+		%citation.role.attrib;
+		%local.citation.attrib;
+>
+<!--end of citation.attlist-->]]>
+<!--end of citation.module-->]]>
+
+<!ENTITY % citerefentry.module "INCLUDE">
+<![ %citerefentry.module; [
+<!ENTITY % local.citerefentry.attrib "">
+<!ENTITY % citerefentry.role.attrib "%role.attrib;">
+
+<!ENTITY % citerefentry.element "INCLUDE">
+<![ %citerefentry.element; [
+<!ELEMENT CiteRefEntry - - (RefEntryTitle, ManVolNum?)>
+<!--end of citerefentry.element-->]]>
+
+<!ENTITY % citerefentry.attlist "INCLUDE">
+<![ %citerefentry.attlist; [
+<!ATTLIST CiteRefEntry
+		%common.attrib;
+		%citerefentry.role.attrib;
+		%local.citerefentry.attrib;
+>
+<!--end of citerefentry.attlist-->]]>
+<!--end of citerefentry.module-->]]>
+
+<!ENTITY % refentrytitle.module "INCLUDE">
+<![ %refentrytitle.module; [
+<!ENTITY % local.refentrytitle.attrib "">
+<!ENTITY % refentrytitle.role.attrib "%role.attrib;">
+
+<!ENTITY % refentrytitle.element "INCLUDE">
+<![ %refentrytitle.element; [
+<!ELEMENT RefEntryTitle - O ((%para.char.mix;)+)>
+<!--end of refentrytitle.element-->]]>
+
+<!ENTITY % refentrytitle.attlist "INCLUDE">
+<![ %refentrytitle.attlist; [
+<!ATTLIST RefEntryTitle
+		%common.attrib;
+		%refentrytitle.role.attrib;
+		%local.refentrytitle.attrib;
+>
+<!--end of refentrytitle.attlist-->]]>
+<!--end of refentrytitle.module-->]]>
+
+<!ENTITY % manvolnum.module "INCLUDE">
+<![ %manvolnum.module; [
+<!ENTITY % local.manvolnum.attrib "">
+<!ENTITY % namvolnum.role.attrib "%role.attrib;">
+
+<!ENTITY % manvolnum.element "INCLUDE">
+<![ %manvolnum.element; [
+<!ELEMENT ManVolNum - O ((%word.char.mix;)+)>
+<!--end of manvolnum.element-->]]>
+
+<!ENTITY % manvolnum.attlist "INCLUDE">
+<![ %manvolnum.attlist; [
+<!ATTLIST ManVolNum
+		%common.attrib;
+		%namvolnum.role.attrib;
+		%local.manvolnum.attrib;
+>
+<!--end of manvolnum.attlist-->]]>
+<!--end of manvolnum.module-->]]>
+
+<!ENTITY % citetitle.module "INCLUDE">
+<![ %citetitle.module; [
+<!ENTITY % local.citetitle.attrib "">
+<!ENTITY % citetitle.role.attrib "%role.attrib;">
+
+<!ENTITY % citetitle.element "INCLUDE">
+<![ %citetitle.element; [
+<!ELEMENT CiteTitle - - ((%para.char.mix;)+)>
+<!--end of citetitle.element-->]]>
+
+<!ENTITY % citetitle.attlist "INCLUDE">
+<![ %citetitle.attlist; [
+<!ATTLIST CiteTitle
+		--
+		Pubwork: Genre of published work cited; no default
+		--
+		Pubwork		(Article
+				|Book
+				|Chapter
+				|Part
+				|RefEntry
+				|Section
+				|Journal
+				|Series
+				|Set
+				|Manuscript)	#IMPLIED
+		%common.attrib;
+		%citetitle.role.attrib;
+		%local.citetitle.attrib;
+>
+<!--end of citetitle.attlist-->]]>
+<!--end of citetitle.module-->]]>
+
+<!ENTITY % emphasis.module "INCLUDE">
+<![ %emphasis.module; [
+<!ENTITY % local.emphasis.attrib "">
+<!ENTITY % emphasis.role.attrib "%role.attrib;">
+
+<!ENTITY % emphasis.element "INCLUDE">
+<![ %emphasis.element; [
+<!ELEMENT Emphasis - - ((%para.char.mix;)+)>
+<!--end of emphasis.element-->]]>
+
+<!ENTITY % emphasis.attlist "INCLUDE">
+<![ %emphasis.attlist; [
+<!ATTLIST Emphasis
+		%common.attrib;
+		%emphasis.role.attrib;
+		%local.emphasis.attrib;
+>
+<!--end of emphasis.attlist-->]]>
+<!--end of emphasis.module-->]]>
+
+<!ENTITY % firstterm.module "INCLUDE">
+<![ %firstterm.module; [
+<!ENTITY % local.firstterm.attrib "">
+<!ENTITY % firstterm.role.attrib "%role.attrib;">
+
+<!ENTITY % firstterm.element "INCLUDE">
+<![ %firstterm.element; [
+<!ELEMENT FirstTerm - - ((%word.char.mix;)+)>
+<!--end of firstterm.element-->]]>
+
+<!ENTITY % firstterm.attlist "INCLUDE">
+<![ %firstterm.attlist; [
+<!ATTLIST FirstTerm
+		%linkend.attrib; --to GlossEntry or other explanation--
+		%common.attrib;
+		%firstterm.role.attrib;
+		%local.firstterm.attrib;
+>
+<!--end of firstterm.attlist-->]]>
+<!--end of firstterm.module-->]]>
+
+<!ENTITY % foreignphrase.module "INCLUDE">
+<![ %foreignphrase.module; [
+<!ENTITY % local.foreignphrase.attrib "">
+<!ENTITY % foreignphrase.role.attrib "%role.attrib;">
+
+<!ENTITY % foreignphrase.element "INCLUDE">
+<![ %foreignphrase.element; [
+<!ELEMENT ForeignPhrase - - ((%para.char.mix;)+)>
+<!--end of foreignphrase.element-->]]>
+
+<!ENTITY % foreignphrase.attlist "INCLUDE">
+<![ %foreignphrase.attlist; [
+<!ATTLIST ForeignPhrase
+		%common.attrib;
+		%foreignphrase.role.attrib;
+		%local.foreignphrase.attrib;
+>
+<!--end of foreignphrase.attlist-->]]>
+<!--end of foreignphrase.module-->]]>
+
+<!ENTITY % glossterm.module "INCLUDE">
+<![ %glossterm.module; [
+<!ENTITY % local.glossterm.attrib "">
+<!ENTITY % glossterm.role.attrib "%role.attrib;">
+
+<!ENTITY % glossterm.element "INCLUDE">
+<![ %glossterm.element; [
+<!ELEMENT GlossTerm - O ((%para.char.mix;)+) %glossterm.exclusion;>
+<!--end of glossterm.element-->]]>
+
+<!ENTITY % glossterm.attlist "INCLUDE">
+<![ %glossterm.attlist; [
+<!ATTLIST GlossTerm
+		%linkend.attrib; --to GlossEntry if Glossterm used in text--
+		--
+		BaseForm: Provides the form of GlossTerm to be used
+		for indexing
+		--
+		BaseForm	CDATA		#IMPLIED
+		%common.attrib;
+		%glossterm.role.attrib;
+		%local.glossterm.attrib;
+>
+<!--end of glossterm.attlist-->]]>
+<!--end of glossterm.module-->]]>
+
+<!ENTITY % phrase.module "INCLUDE">
+<![ %phrase.module; [
+<!ENTITY % local.phrase.attrib "">
+<!ENTITY % phrase.role.attrib "%role.attrib;">
+
+<!ENTITY % phrase.element "INCLUDE">
+<![ %phrase.element; [
+<!ELEMENT Phrase - - ((%para.char.mix;)+)>
+<!--end of phrase.element-->]]>
+
+<!ENTITY % phrase.attlist "INCLUDE">
+<![ %phrase.attlist; [
+<!ATTLIST Phrase
+		%common.attrib;
+		%phrase.role.attrib;
+		%local.phrase.attrib;
+>
+<!--end of phrase.attlist-->]]>
+<!--end of phrase.module-->]]>
+
+<!ENTITY % quote.module "INCLUDE">
+<![ %quote.module; [
+<!ENTITY % local.quote.attrib "">
+<!ENTITY % quote.role.attrib "%role.attrib;">
+
+<!ENTITY % quote.element "INCLUDE">
+<![ %quote.element; [
+<!ELEMENT Quote - - ((%para.char.mix;)+)>
+<!--end of quote.element-->]]>
+
+<!ENTITY % quote.attlist "INCLUDE">
+<![ %quote.attlist; [
+<!ATTLIST Quote
+		%common.attrib;
+		%quote.role.attrib;
+		%local.quote.attrib;
+>
+<!--end of quote.attlist-->]]>
+<!--end of quote.module-->]]>
+
+<!ENTITY % ssscript.module "INCLUDE">
+<![ %ssscript.module; [
+<!ENTITY % local.ssscript.attrib "">
+<!ENTITY % ssscript.role.attrib "%role.attrib;">
+
+<!ENTITY % ssscript.elements "INCLUDE">
+<![ %ssscript.elements [
+<!ELEMENT (Subscript | Superscript) - - ((#PCDATA 
+		| %link.char.class;
+		| Emphasis
+		| Replaceable 
+		| Symbol 
+		| InlineGraphic 
+		| InlineMediaObject
+		| %base.char.class; 
+		| %other.char.class;)+)
+		%ubiq.exclusion;>
+<!--end of ssscript.elements-->]]>
+
+<!ENTITY % ssscript.attlists "INCLUDE">
+<![ %ssscript.attlists; [
+<!ATTLIST (Subscript | Superscript)
+		%common.attrib;
+		%ssscript.role.attrib;
+		%local.ssscript.attrib;
+>
+<!--end of ssscript.attlists-->]]>
+<!--end of ssscript.module-->]]>
+
+<!ENTITY % trademark.module "INCLUDE">
+<![ %trademark.module; [
+<!ENTITY % local.trademark.attrib "">
+<!ENTITY % trademark.role.attrib "%role.attrib;">
+
+<!ENTITY % trademark.element "INCLUDE">
+<![ %trademark.element; [
+<!ELEMENT Trademark - - ((#PCDATA 
+		| %link.char.class; 
+		| %tech.char.class;
+		| %base.char.class; 
+		| %other.char.class; 
+		| InlineGraphic
+		| InlineMediaObject
+		| Emphasis)+)>
+<!--end of trademark.element-->]]>
+
+<!ENTITY % trademark.attlist "INCLUDE">
+<![ %trademark.attlist; [
+<!ATTLIST Trademark
+		--
+		Class: More precisely identifies the item the element names
+		--
+		Class		(Service
+				|Trade
+				|Registered
+				|Copyright)	Trade
+		%common.attrib;
+		%trademark.role.attrib;
+		%local.trademark.attrib;
+>
+<!--end of trademark.attlist-->]]>
+<!--end of trademark.module-->]]>
+
+<!ENTITY % wordasword.module "INCLUDE">
+<![ %wordasword.module; [
+<!ENTITY % local.wordasword.attrib "">
+<!ENTITY % wordasword.role.attrib "%role.attrib;">
+
+<!ENTITY % wordasword.element "INCLUDE">
+<![ %wordasword.element; [
+<!ELEMENT WordAsWord - - ((%word.char.mix;)+)>
+<!--end of wordasword.element-->]]>
+
+<!ENTITY % wordasword.attlist "INCLUDE">
+<![ %wordasword.attlist; [
+<!ATTLIST WordAsWord
+		%common.attrib;
+		%wordasword.role.attrib;
+		%local.wordasword.attrib;
+>
+<!--end of wordasword.attlist-->]]>
+<!--end of wordasword.module-->]]>
+
+<!-- Links and cross-references ........................................... -->
+
+<!ENTITY % link.module "INCLUDE">
+<![ %link.module; [
+<!ENTITY % local.link.attrib "">
+<!ENTITY % link.role.attrib "%role.attrib;">
+
+<!ENTITY % link.element "INCLUDE">
+<![ %link.element; [
+<!ELEMENT Link - - ((%para.char.mix;)+) %links.exclusion;>
+<!--end of link.element-->]]>
+
+<!ENTITY % link.attlist "INCLUDE">
+<![ %link.attlist; [
+<!ATTLIST Link
+		--
+		Endterm: ID of element containing text that is to be
+		fetched from elsewhere in the document to appear as
+		the content of this element
+		--
+		Endterm		IDREF		#IMPLIED
+		%linkendreq.attrib; --to linked-to object--
+		--
+		Type: Freely assignable parameter
+		--
+		Type		CDATA		#IMPLIED
+		%common.attrib;
+		%link.role.attrib;
+		%local.link.attrib;
+>
+<!--end of link.attlist-->]]>
+<!--end of link.module-->]]>
+
+<!ENTITY % olink.module "INCLUDE">
+<![ %olink.module; [
+<!ENTITY % local.olink.attrib "">
+<!ENTITY % olink.role.attrib "%role.attrib;">
+
+<!ENTITY % olink.element "INCLUDE">
+<![ %olink.element; [
+<!ELEMENT OLink - - ((%para.char.mix;)+) %links.exclusion;>
+<!--end of olink.element-->]]>
+
+<!ENTITY % olink.attlist "INCLUDE">
+<![ %olink.attlist; [
+<!ATTLIST OLink
+		--
+		TargetDocEnt: Name of an entity to be the target of the link
+		--
+		TargetDocEnt	ENTITY 		#IMPLIED
+		--
+		LinkMode: ID of a ModeSpec containing instructions for
+		operating on the entity named by TargetDocEnt
+		--
+		LinkMode	IDREF		#IMPLIED
+		--
+		LocalInfo: Information that may be passed to ModeSpec
+		--
+		LocalInfo 	CDATA		#IMPLIED
+		--
+		Type: Freely assignable parameter
+		--
+		Type		CDATA		#IMPLIED
+		%common.attrib;
+		%olink.role.attrib;
+		%local.olink.attrib;
+>
+<!--end of olink.attlist-->]]>
+<!--end of olink.module-->]]>
+
+<!ENTITY % ulink.module "INCLUDE">
+<![ %ulink.module; [
+<!ENTITY % local.ulink.attrib "">
+<!ENTITY % ulink.role.attrib "%role.attrib;">
+
+<!ENTITY % ulink.element "INCLUDE">
+<![ %ulink.element; [
+<!ELEMENT ULink - - ((%para.char.mix;)+) %links.exclusion;>
+<!--end of ulink.element-->]]>
+
+<!ENTITY % ulink.attlist "INCLUDE">
+<![ %ulink.attlist; [
+<!ATTLIST ULink
+		--
+		URL: uniform resource locator; the target of the ULink
+		--
+		URL		CDATA		#REQUIRED
+		--
+		Type: Freely assignable parameter
+		--
+		Type		CDATA		#IMPLIED
+		%common.attrib;
+		%ulink.role.attrib;
+		%local.ulink.attrib;
+>
+<!--end of ulink.attlist-->]]>
+<!--end of ulink.module-->]]>
+
+<!ENTITY % footnoteref.module "INCLUDE">
+<![ %footnoteref.module; [
+<!ENTITY % local.footnoteref.attrib "">
+<!ENTITY % footnoteref.role.attrib "%role.attrib;">
+
+<!ENTITY % footnoteref.element "INCLUDE">
+<![ %footnoteref.element; [
+<!ELEMENT FootnoteRef - O EMPTY>
+<!--end of footnoteref.element-->]]>
+
+<!ENTITY % footnoteref.attlist "INCLUDE">
+<![ %footnoteref.attlist; [
+<!ATTLIST FootnoteRef
+		%linkendreq.attrib; --to footnote content supplied elsewhere--
+		%label.attrib;
+		%common.attrib;
+		%footnoteref.role.attrib;
+		%local.footnoteref.attrib;
+>
+<!--end of footnoteref.attlist-->]]>
+<!--end of footnoteref.module-->]]>
+
+<!ENTITY % xref.module "INCLUDE">
+<![ %xref.module; [
+<!ENTITY % local.xref.attrib "">
+<!ENTITY % xref.role.attrib "%role.attrib;">
+
+<!ENTITY % xref.element "INCLUDE">
+<![ %xref.element; [
+<!ELEMENT XRef - O EMPTY>
+<!--end of xref.element-->]]>
+
+<!ENTITY % xref.attlist "INCLUDE">
+<![ %xref.attlist; [
+<!ATTLIST XRef
+		--
+		Endterm: ID of element containing text that is to be
+		fetched from elsewhere in the document to appear as
+		the content of this element
+		--
+		Endterm		IDREF		#IMPLIED
+		%linkendreq.attrib; --to linked-to object--
+		%common.attrib;
+		%xref.role.attrib;
+		%local.xref.attrib;
+>
+<!--end of xref.attlist-->]]>
+<!--end of xref.module-->]]>
+
+<!-- Ubiquitous elements .................................................. -->
+
+<!ENTITY % anchor.module "INCLUDE">
+<![ %anchor.module; [
+<!ENTITY % local.anchor.attrib "">
+<!ENTITY % anchor.role.attrib "%role.attrib;">
+
+<!ENTITY % anchor.element "INCLUDE">
+<![ %anchor.element; [
+<!ELEMENT Anchor - O EMPTY>
+<!--end of anchor.element-->]]>
+
+<!ENTITY % anchor.attlist "INCLUDE">
+<![ %anchor.attlist; [
+<!ATTLIST Anchor
+		%idreq.attrib; -- required --
+		%pagenum.attrib; --replaces Lang --
+		%remap.attrib;
+		%xreflabel.attrib;
+		%revisionflag.attrib;
+		%effectivity.attrib;
+		%anchor.role.attrib;
+		%local.anchor.attrib;
+>
+<!--end of anchor.attlist-->]]>
+<!--end of anchor.module-->]]>
+
+<!ENTITY % beginpage.module "INCLUDE">
+<![ %beginpage.module; [
+<!ENTITY % local.beginpage.attrib "">
+<!ENTITY % beginpage.role.attrib "%role.attrib;">
+
+<!ENTITY % beginpage.element "INCLUDE">
+<![ %beginpage.element; [
+<!ELEMENT BeginPage - O EMPTY>
+<!--end of beginpage.element-->]]>
+
+<!ENTITY % beginpage.attlist "INCLUDE">
+<![ %beginpage.attlist; [
+<!ATTLIST BeginPage
+		--
+		PageNum: Number of page that begins at this point
+		--
+		%pagenum.attrib;
+		%common.attrib;
+		%beginpage.role.attrib;
+		%local.beginpage.attrib;
+>
+<!--end of beginpage.attlist-->]]>
+<!--end of beginpage.module-->]]>
+
+<!-- IndexTerms appear in the text flow for generating or linking an
+     index. -->
+
+<!ENTITY % indexterm.content.module "INCLUDE">
+<![ %indexterm.content.module; [
+<!ENTITY % indexterm.module "INCLUDE">
+<![ %indexterm.module; [
+<!ENTITY % local.indexterm.attrib "">
+<!ENTITY % indexterm.role.attrib "%role.attrib;">
+
+<!ENTITY % indexterm.element "INCLUDE">
+<![ %indexterm.element; [
+<!ELEMENT IndexTerm - O (Primary, ((Secondary, ((Tertiary, (See|SeeAlso+)?)
+		| See | SeeAlso+)?) | See | SeeAlso+)?) %ubiq.exclusion;>
+<!--end of indexterm.element-->]]>
+
+<!ENTITY % indexterm.attlist "INCLUDE">
+<![ %indexterm.attlist; [
+<!ATTLIST IndexTerm
+		%pagenum.attrib;
+		--
+		Scope: Indicates which generated indices the IndexTerm
+		should appear in: Global (whole document set), Local (this
+		document only), or All (both)
+		--
+		Scope		(All
+				|Global
+				|Local)		#IMPLIED
+		--
+		Significance: Whether this IndexTerm is the most pertinent
+		of its series (Preferred) or not (Normal, the default)
+		--
+		Significance	(Preferred
+				|Normal)	Normal
+		--
+		Class: Indicates type of IndexTerm; default is Singular, 
+		or EndOfRange if StartRef is supplied; StartOfRange value 
+		must be supplied explicitly on starts of ranges
+		--
+		Class		(Singular
+				|StartOfRange
+				|EndOfRange)	#IMPLIED
+		--
+		StartRef: ID of the IndexTerm that starts the indexing 
+		range ended by this IndexTerm
+		--
+		StartRef		IDREF		#CONREF
+		--
+		Zone: IDs of the elements to which the IndexTerm applies,
+		and indicates that the IndexTerm applies to those entire
+		elements rather than the point at which the IndexTerm
+		occurs
+		--
+		Zone			IDREFS		#IMPLIED
+		%common.attrib;
+		%indexterm.role.attrib;
+		%local.indexterm.attrib;
+>
+<!--end of indexterm.attlist-->]]>
+<!--end of indexterm.module-->]]>
+
+<!ENTITY % primsecter.module "INCLUDE">
+<![ %primsecter.module; [
+<!ENTITY % local.primsecter.attrib "">
+<!ENTITY % primsecter.role.attrib "%role.attrib;">
+
+<!ENTITY % primsecter.elements "INCLUDE">
+<![ %primsecter.elements; [
+<!ELEMENT (Primary | Secondary | Tertiary) - O ((%ndxterm.char.mix;)+)>
+<!--end of primsecter.elements-->]]>
+
+<!ENTITY % primsecter.attlists "INCLUDE">
+<![ %primsecter.attlists; [
+<!ENTITY % containing.attlist "INCLUDE">
+<![ %containing.attlist; [
+<!ATTLIST (Primary | Secondary | Tertiary)
+		--
+		SortAs: Alternate sort string for index sorting, e.g.,
+		"fourteen" for an element containing "14"
+		--
+		SortAs		CDATA		#IMPLIED
+		%common.attrib;
+		%primsecter.role.attrib;
+		%local.primsecter.attrib;
+>
+<!--end of containing.attlist-->]]>
+<!--end of primsecter.attlist-->]]>
+<!--end of primsecter.module-->]]>
+
+<!ENTITY % seeseealso.module "INCLUDE">
+<![ %seeseealso.module; [
+<!ENTITY % local.seeseealso.attrib "">
+<!ENTITY % seeseealso.role.attrib "%role.attrib;">
+
+<!ENTITY % seeseealso.elements "INCLUDE">
+<![ %seeseealso.elements [
+<!ELEMENT (See | SeeAlso) - O ((%ndxterm.char.mix;)+)>
+<!--end of seeseealso.elements-->]]>
+
+<!ENTITY % seeseealso.attlists "INCLUDE">
+<![ %seeseealso.attlists [
+<!ATTLIST (See | SeeAlso)
+		%common.attrib;
+		%seeseealso.role.attrib;
+		%local.seeseealso.attrib;
+>
+<!--end of seeseealso.attlists-->]]>
+<!--end of seeseealso.module-->]]>
+<!--end of indexterm.content.module-->]]>
+
+<!-- End of DocBook information pool module V4.1 .......................... -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/docbook.cat b/docs/docbook/dbsgml/docbook.cat
new file mode 100644
index 00000000000..0f285d0d751
--- /dev/null
+++ b/docs/docbook/dbsgml/docbook.cat
@@ -0,0 +1,63 @@
+  -- ...................................................................... --
+  -- Catalog data for DocBook V4.1 ........................................ --
+  -- File docbook.cat ..................................................... --
+
+  -- Please direct all questions, bug reports, or suggestions for
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/.
+  --
+
+  -- This is the catalog data file for DocBook V4.1. It is provided as
+     a convenience in building your own catalog files. You need not use
+     the filenames listed here, and need not use the filename method of
+     identifying storage objects at all.  See the documentation for
+     detailed information on the files associated with the DocBook DTD.
+     See SGML Open Technical Resolution 9401 for detailed information
+     on supplying and using catalog data.
+  --
+
+  -- ...................................................................... --
+  -- SGML declaration associated with DocBook ............................. --
+
+DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl"
+
+  -- ...................................................................... --
+  -- DocBook driver file .................................................. --
+
+PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd"
+
+  -- ...................................................................... --
+  -- DocBook modules ...................................................... --
+
+PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd"
+PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod"
+PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod"
+PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod"
+
+  -- ...................................................................... --
+  -- ISO entity sets ...................................................... --
+
+PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ISOdia"
+PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ISOnum"
+PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ISOpub"
+PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ISOtech"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ISOlat1"
+PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ISOlat2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ISOgrk1"
+PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ISOgrk2"
+PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ISOgrk3"
+PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ISOgrk4"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ISOamsa"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ISOamsb"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ISOamsc"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ISOamsn"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ISOamso"
+PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ISOamsr"
+PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ISObox"
+PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ISOcyr1"
+PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ISOcyr2"
+
+  -- End of catalog data for DocBook V4.1 ................................. --
+  -- ...................................................................... --
diff --git a/docs/docbook/dbsgml/docbook.dcl b/docs/docbook/dbsgml/docbook.dcl
new file mode 100644
index 00000000000..c76de206cf4
--- /dev/null
+++ b/docs/docbook/dbsgml/docbook.dcl
@@ -0,0 +1,106 @@
+<!SGML  "ISO 8879:1986"
+  -- ...................................................................... --
+  -- DocBook SGML declaration V4.1 ........................................ --
+  -- file docbook.dcl ..................................................... --
+
+CHARSET
+
+	BASESET
+  "ISO 646:1983//CHARSET International Reference Version (IRV)//ESC 2/5 4/0"
+	DESCSET
+                    0   9   UNUSED
+                    9   2     9
+                   11   2   UNUSED
+                   13   1    13
+                   14  18   UNUSED
+                   32  95    32
+                  127   1   UNUSED
+
+	BASESET 
+  "ISO Registration Number 100//CHARSET ECMA-94 Right Part of Latin Alphabet Nr. 1//ESC 2/13 4/1"
+	DESCSET  
+                  128  32   UNUSED
+                  160  96   32
+
+CAPACITY SGMLREF
+
+	TOTALCAP 99000000
+	ATTCAP    1000000
+	ATTCHCAP  1000000
+	AVGRPCAP  1000000
+	ELEMCAP   1000000
+	ENTCAP    1000000
+	ENTCHCAP  1000000
+	GRPCAP    1000000
+	IDCAP    32000000
+	IDREFCAP 32000000
+  
+SCOPE DOCUMENT
+
+SYNTAX
+
+	SHUNCHAR  CONTROLS   0   1   2   3   4   5   6   7   8   9
+                            10  11  12  13  14  15  16  17  18  19
+                            20  21  22  23  24  25  26  27  28  29
+                            30  31                     127 128 129
+                           130 131 132 133 134 135 136 137 138 139
+                           140 141 142 143 144 145 146 147 148 149
+                           150 151 152 153 154 155 156 157 158 159
+
+	BASESET
+  "ISO 646:1983//CHARSET International Reference Version (IRV)//ESC 2/5 4/0"
+	DESCSET
+                  0   128   0
+
+	FUNCTION
+		RE          13
+		RS          10
+		SPACE       32
+		TAB SEPCHAR  9
+
+	NAMING
+		LCNMSTRT ""
+		UCNMSTRT ""
+		LCNMCHAR ".-_"
+		UCNMCHAR ".-_"
+		NAMECASE
+			GENERAL YES
+			ENTITY  NO
+
+	DELIM
+		GENERAL  SGMLREF
+		SHORTREF SGMLREF
+
+	NAMES SGMLREF
+
+	QUANTITY SGMLREF
+		ATTCNT    256
+		GRPCNT    253
+		GRPGTCNT  253
+		LITLEN   8092
+		NAMELEN    44
+		TAGLVL    100
+
+FEATURES
+
+         MINIMIZE
+                  DATATAG  NO
+                  OMITTAG  NO
+                  RANK     NO
+                  SHORTTAG YES 
+
+         LINK
+                  SIMPLE   NO
+                  IMPLICIT NO
+                  EXPLICIT NO
+
+         OTHER
+                  CONCUR   NO
+                  SUBDOC   NO
+                  FORMAL   YES
+
+APPINFO NONE
+
+  -- End of DocBook SGML declaration V4.1 ................................. --
+  -- ...................................................................... --
+>
diff --git a/docs/docbook/dbsgml/docbook.dtd b/docs/docbook/dbsgml/docbook.dtd
new file mode 100755
index 00000000000..59bff93816b
--- /dev/null
+++ b/docs/docbook/dbsgml/docbook.dtd
@@ -0,0 +1,117 @@
+<!-- ...................................................................... -->
+<!-- DocBook DTD V4.1 ..................................................... -->
+<!-- File docbook.dtd ..................................................... -->
+
+<!-- Copyright 1992-2000 HaL Computer Systems, Inc.,
+     O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+     Corporation, and the Organization for the Advancement of
+     Structured Information Standards (OASIS).
+
+     $Id: docbook.dtd,v 1.1.2.1 2001/02/28 19:05:02 jerry Exp $
+
+     Permission to use, copy, modify and distribute the DocBook DTD and
+     its accompanying documentation for any purpose and without fee is
+     hereby granted in perpetuity, provided that the above copyright
+     notice and this paragraph appear in all copies.  The copyright
+     holders make no representation about the suitability of the DTD for
+     any purpose.  It is provided "as is" without expressed or implied
+     warranty.
+
+     If you modify the DocBook DTD in any way, except for declaring and
+     referencing additional sets of general entities and declaring
+     additional notations, label your DTD as a variant of DocBook.  See
+     the maintenance documentation for more information.
+
+     Please direct all questions, bug reports, or suggestions for 
+     changes to the docbook@lists.oasis-open.org mailing list. For more
+     information, see http://www.oasis-open.org/docbook/.
+-->
+
+<!-- ...................................................................... -->
+
+<!-- This is the driver file for V4.1 of the DocBook DTD.
+     Please use the following formal public identifier to identify it:
+
+     "-//OASIS//DTD DocBook V4.1//EN"
+
+     For example, if your document's top-level element is Book, and
+     you are using DocBook directly, use the FPI in the DOCTYPE
+     declaration:
+
+     <!DOCTYPE Book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [...]>
+
+     Or, if you have a higher-level driver file that customizes DocBook,
+     use the FPI in the parameter entity declaration:
+
+     <!ENTITY % DocBookDTD PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+     %DocBookDTD;
+
+     The DocBook DTD is accompanied by an SGML declaration.
+
+     See the documentation for detailed information on the parameter
+     entity and module scheme used in DocBook, customizing DocBook and
+     planning for interchange, and changes made since the last release
+     of DocBook.
+-->
+
+<!-- ...................................................................... -->
+<!-- Notation declarations ................................................ -->
+
+<!ENTITY % dbnotn.module "INCLUDE">
+<![ %dbnotn.module; [
+<!ENTITY % dbnotn PUBLIC 
+"-//OASIS//ENTITIES DocBook Notations V4.1//EN">
+%dbnotn;
+<!--end of dbnotn.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- ISO character entity sets ............................................ -->
+
+<!ENTITY % dbcent.module "INCLUDE">
+<![ %dbcent.module; [
+<!ENTITY euro SDATA "[euro  ]"><!-- euro sign, U+20AC NEW -->
+<!ENTITY % dbcent PUBLIC 
+"-//OASIS//ENTITIES DocBook Character Entities V4.1//EN">
+%dbcent;
+<!--end of dbcent.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- DTD modules .......................................................... -->
+
+<!-- Information pool .............. -->
+
+<!ENTITY % dbpool.module "INCLUDE">
+<![ %dbpool.module; [
+<!ENTITY % dbpool PUBLIC 
+"-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN">
+%dbpool;
+<!--end of dbpool.module-->]]>
+
+<!-- Redeclaration placeholder ..... -->
+
+<!ENTITY % intermod.redecl.module "IGNORE">
+<![ %intermod.redecl.module; [
+%rdbmods;
+<!--end of intermod.redecl.module-->]]>
+
+<!-- Document hierarchy ............ -->
+
+<!ENTITY % dbhier.module "INCLUDE">
+<![ %dbhier.module; [
+<!ENTITY % dbhier PUBLIC 
+"-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN">
+%dbhier;
+<!--end of dbhier.module-->]]>
+
+<!-- ...................................................................... -->
+<!-- Other general entities ............................................... -->
+
+<!ENTITY % dbgenent.module "INCLUDE">
+<![ %dbgenent.module; [
+<!ENTITY % dbgenent PUBLIC
+"-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN">
+%dbgenent;
+<!--end of dbgenent.module-->]]>
+
+<!-- End of DocBook DTD V4.1 .............................................. -->
+<!-- ...................................................................... -->
diff --git a/docs/docbook/dbsgml/ent/ISOamsa b/docs/docbook/dbsgml/ent/ISOamsa
new file mode 100644
index 00000000000..b77154cb024
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsa
@@ -0,0 +1,66 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsa PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN">
+     %ISOamsa;
+-->
+<!ENTITY cularr SDATA "[cularr]"--/curvearrowleft A: left curved arrow -->
+<!ENTITY curarr SDATA "[curarr]"--/curvearrowright A: rt curved arrow -->
+<!ENTITY dArr   SDATA "[dArr  ]"--/Downarrow A: down dbl arrow -->
+<!ENTITY darr2  SDATA "[darr2 ]"--/downdownarrows A: two down arrows -->
+<!ENTITY dharl  SDATA "[dharl ]"--/downleftharpoon A: dn harpoon-left -->
+<!ENTITY dharr  SDATA "[dharr ]"--/downrightharpoon A: down harpoon-rt -->
+<!ENTITY lAarr  SDATA "[lAarr ]"--/Lleftarrow A: left triple arrow -->
+<!ENTITY Larr   SDATA "[Larr  ]"--/twoheadleftarrow A:-->
+<!ENTITY larr2  SDATA "[larr2 ]"--/leftleftarrows A: two left arrows -->
+<!ENTITY larrhk SDATA "[larrhk]"--/hookleftarrow A: left arrow-hooked -->
+<!ENTITY larrlp SDATA "[larrlp]"--/looparrowleft A: left arrow-looped -->
+<!ENTITY larrtl SDATA "[larrtl]"--/leftarrowtail A: left arrow-tailed -->
+<!ENTITY lhard  SDATA "[lhard ]"--/leftharpoondown A: l harpoon-down -->
+<!ENTITY lharu  SDATA "[lharu ]"--/leftharpoonup A: left harpoon-up -->
+<!ENTITY hArr   SDATA "[hArr  ]"--/Leftrightarrow A: l&r dbl arrow -->
+<!ENTITY harr   SDATA "[harr  ]"--/leftrightarrow A: l&r arrow -->
+<!ENTITY lrarr2 SDATA "[lrarr2]"--/leftrightarrows A: l arr over r arr -->
+<!ENTITY rlarr2 SDATA "[rlarr2]"--/rightleftarrows A: r arr over l arr -->
+<!ENTITY harrw  SDATA "[harrw ]"--/leftrightsquigarrow A: l&r arr-wavy -->
+<!ENTITY rlhar2 SDATA "[rlhar2]"--/rightleftharpoons A: r harp over l -->
+<!ENTITY lrhar2 SDATA "[lrhar2]"--/leftrightharpoons A: l harp over r -->
+<!ENTITY lsh    SDATA "[lsh   ]"--/Lsh A:-->
+<!ENTITY map    SDATA "[map   ]"--/mapsto A:-->
+<!ENTITY mumap  SDATA "[mumap ]"--/multimap A:-->
+<!ENTITY nearr  SDATA "[nearr ]"--/nearrow A: NE pointing arrow -->
+<!ENTITY nlArr  SDATA "[nlArr ]"--/nLeftarrow A: not implied by -->
+<!ENTITY nlarr  SDATA "[nlarr ]"--/nleftarrow A: not left arrow -->
+<!ENTITY nhArr  SDATA "[nhArr ]"--/nLeftrightarrow A: not l&r dbl arr -->
+<!ENTITY nharr  SDATA "[nharr ]"--/nleftrightarrow A: not l&r arrow -->
+<!ENTITY nrarr  SDATA "[nrarr ]"--/nrightarrow A: not right arrow -->
+<!ENTITY nrArr  SDATA "[nrArr ]"--/nRightarrow A: not implies -->
+<!ENTITY nwarr  SDATA "[nwarr ]"--/nwarrow A: NW pointing arrow -->
+<!ENTITY olarr  SDATA "[olarr ]"--/circlearrowleft A: l arr in circle -->
+<!ENTITY orarr  SDATA "[orarr ]"--/circlearrowright A: r arr in circle -->
+<!ENTITY rAarr  SDATA "[rAarr ]"--/Rrightarrow A: right triple arrow -->
+<!ENTITY Rarr   SDATA "[Rarr  ]"--/twoheadrightarrow A:-->
+<!ENTITY rarr2  SDATA "[rarr2 ]"--/rightrightarrows A: two rt arrows -->
+<!ENTITY rarrhk SDATA "[rarrhk]"--/hookrightarrow A: rt arrow-hooked -->
+<!ENTITY rarrlp SDATA "[rarrlp]"--/looparrowright A: rt arrow-looped -->
+<!ENTITY rarrtl SDATA "[rarrtl]"--/rightarrowtail A: rt arrow-tailed -->
+<!ENTITY rarrw  SDATA "[rarrw ]"--/squigarrowright A: rt arrow-wavy -->
+<!ENTITY rhard  SDATA "[rhard ]"--/rightharpoondown A: rt harpoon-down -->
+<!ENTITY rharu  SDATA "[rharu ]"--/rightharpoonup A: rt harpoon-up -->
+<!ENTITY rsh    SDATA "[rsh   ]"--/Rsh A:-->
+<!ENTITY drarr  SDATA "[drarr ]"--/searrow A: downward rt arrow -->
+<!ENTITY dlarr  SDATA "[dlarr ]"--/swarrow A: downward l arrow -->
+<!ENTITY uArr   SDATA "[uArr  ]"--/Uparrow A: up dbl arrow -->
+<!ENTITY uarr2  SDATA "[uarr2 ]"--/upuparrows A: two up arrows -->
+<!ENTITY vArr   SDATA "[vArr  ]"--/Updownarrow A: up&down dbl arrow -->
+<!ENTITY varr   SDATA "[varr  ]"--/updownarrow A: up&down arrow -->
+<!ENTITY uharl  SDATA "[uharl ]"--/upleftharpoon A: up harpoon-left -->
+<!ENTITY uharr  SDATA "[uharr ]"--/uprightharpoon A: up harp-r-->
+<!ENTITY xlArr  SDATA "[xlArr ]"--/Longleftarrow A: long l dbl arrow -->
+<!ENTITY xhArr  SDATA "[xhArr ]"--/Longleftrightarrow A: long l&r dbl arr-->
+<!ENTITY xharr  SDATA "[xharr ]"--/longleftrightarrow A: long l&r arr -->
+<!ENTITY xrArr  SDATA "[xrArr ]"--/Longrightarrow A: long rt dbl arr -->
diff --git a/docs/docbook/dbsgml/ent/ISOamsb b/docs/docbook/dbsgml/ent/ISOamsb
new file mode 100644
index 00000000000..43944a732fb
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsb
@@ -0,0 +1,52 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsb PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN">
+     %ISOamsb;
+-->
+<!ENTITY amalg  SDATA "[amalg ]"--/amalg B: amalgamation or coproduct-->
+<!ENTITY Barwed SDATA "[Barwed]"--/doublebarwedge B: log and, dbl bar-->
+<!ENTITY barwed SDATA "[barwed]"--/barwedge B: logical and, bar above-->
+<!ENTITY Cap    SDATA "[Cap   ]"--/Cap /doublecap B: dbl intersection-->
+<!ENTITY Cup    SDATA "[Cup   ]"--/Cup /doublecup B: dbl union-->
+<!ENTITY cuvee  SDATA "[cuvee ]"--/curlyvee B: curly logical or-->
+<!ENTITY cuwed  SDATA "[cuwed ]"--/curlywedge B: curly logical and-->
+<!ENTITY diam   SDATA "[diam  ]"--/diamond B: open diamond-->
+<!ENTITY divonx SDATA "[divonx]"--/divideontimes B: division on times-->
+<!ENTITY intcal SDATA "[intcal]"--/intercal B: intercal-->
+<!ENTITY lthree SDATA "[lthree]"--/leftthreetimes B:-->
+<!ENTITY ltimes SDATA "[ltimes]"--/ltimes B: times sign, left closed-->
+<!ENTITY minusb SDATA "[minusb]"--/boxminus B: minus sign in box-->
+<!ENTITY oast   SDATA "[oast  ]"--/circledast B: asterisk in circle-->
+<!ENTITY ocir   SDATA "[ocir  ]"--/circledcirc B: open dot in circle-->
+<!ENTITY odash  SDATA "[odash ]"--/circleddash B: hyphen in circle-->
+<!ENTITY odot   SDATA "[odot  ]"--/odot B: middle dot in circle-->
+<!ENTITY ominus SDATA "[ominus]"--/ominus B: minus sign in circle-->
+<!ENTITY oplus  SDATA "[oplus ]"--/oplus B: plus sign in circle-->
+<!ENTITY osol   SDATA "[osol  ]"--/oslash B: solidus in circle-->
+<!ENTITY otimes SDATA "[otimes]"--/otimes B: multiply sign in circle-->
+<!ENTITY plusb  SDATA "[plusb ]"--/boxplus B: plus sign in box-->
+<!ENTITY plusdo SDATA "[plusdo]"--/dotplus B: plus sign, dot above-->
+<!ENTITY rthree SDATA "[rthree]"--/rightthreetimes B:-->
+<!ENTITY rtimes SDATA "[rtimes]"--/rtimes B: times sign, right closed-->
+<!ENTITY sdot   SDATA "[sdot  ]"--/cdot B: small middle dot-->
+<!ENTITY sdotb  SDATA "[sdotb ]"--/dotsquare /boxdot B: small dot in box-->
+<!ENTITY setmn  SDATA "[setmn ]"--/setminus B: reverse solidus-->
+<!ENTITY sqcap  SDATA "[sqcap ]"--/sqcap B: square intersection-->
+<!ENTITY sqcup  SDATA "[sqcup ]"--/sqcup B: square union-->
+<!ENTITY ssetmn SDATA "[ssetmn]"--/smallsetminus B: sm reverse solidus-->
+<!ENTITY sstarf SDATA "[sstarf]"--/star B: small star, filled-->
+<!ENTITY timesb SDATA "[timesb]"--/boxtimes B: multiply sign in box-->
+<!ENTITY top    SDATA "[top   ]"--/top B: inverted perpendicular-->
+<!ENTITY uplus  SDATA "[uplus ]"--/uplus B: plus sign in union-->
+<!ENTITY wreath SDATA "[wreath]"--/wr B: wreath product-->
+<!ENTITY xcirc  SDATA "[xcirc ]"--/bigcirc B: large circle-->
+<!ENTITY xdtri  SDATA "[xdtri ]"--/bigtriangledown B: big dn tri, open-->
+<!ENTITY xutri  SDATA "[xutri ]"--/bigtriangleup B: big up tri, open-->
+<!ENTITY coprod SDATA "[coprod]"--/coprod L: coproduct operator-->
+<!ENTITY prod   SDATA "[prod  ]"--/prod L: product operator-->
+<!ENTITY sum    SDATA "[sum   ]"--/sum L: summation operator-->
diff --git a/docs/docbook/dbsgml/ent/ISOamsc b/docs/docbook/dbsgml/ent/ISOamsc
new file mode 100644
index 00000000000..06222d58cf4
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsc
@@ -0,0 +1,20 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsc PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN">
+     %ISOamsc;
+-->
+<!ENTITY rceil  SDATA "[rceil ]"--/rceil C: right ceiling-->
+<!ENTITY rfloor SDATA "[rfloor]"--/rfloor C: right floor-->
+<!ENTITY rpargt SDATA "[rpargt]"--/rightparengtr C: right paren, gt-->
+<!ENTITY urcorn SDATA "[urcorn]"--/urcorner C: upper right corner-->
+<!ENTITY drcorn SDATA "[drcorn]"--/lrcorner C: downward right corner-->
+<!ENTITY lceil  SDATA "[lceil ]"--/lceil O: left ceiling-->
+<!ENTITY lfloor SDATA "[lfloor]"--/lfloor O: left floor-->
+<!ENTITY lpargt SDATA "[lpargt]"--/leftparengtr O: left parenthesis, gt-->
+<!ENTITY ulcorn SDATA "[ulcorn]"--/ulcorner O: upper left corner-->
+<!ENTITY dlcorn SDATA "[dlcorn]"--/llcorner O: downward left corner-->
diff --git a/docs/docbook/dbsgml/ent/ISOamsn b/docs/docbook/dbsgml/ent/ISOamsn
new file mode 100644
index 00000000000..0c8327a3267
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsn
@@ -0,0 +1,70 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsn PUBLIC
+       "ISO 8879:1986//ENTITIES
+        Added Math Symbols: Negated Relations//EN">
+     %ISOamsn;
+-->
+<!ENTITY gnap   SDATA "[gnap  ]"--/gnapprox N: greater, not approximate-->
+<!ENTITY gne    SDATA "[gne   ]"--/gneq N: greater, not equals-->
+<!ENTITY gnE    SDATA "[gnE   ]"--/gneqq N: greater, not dbl equals-->
+<!ENTITY gnsim  SDATA "[gnsim ]"--/gnsim N: greater, not similar-->
+<!ENTITY gvnE   SDATA "[gvnE  ]"--/gvertneqq N: gt, vert, not dbl eq-->
+<!ENTITY lnap   SDATA "[lnap  ]"--/lnapprox N: less, not approximate-->
+<!ENTITY lnE    SDATA "[lnE   ]"--/lneqq N: less, not double equals-->
+<!ENTITY lne    SDATA "[lne   ]"--/lneq N: less, not equals-->
+<!ENTITY lnsim  SDATA "[lnsim ]"--/lnsim N: less, not similar-->
+<!ENTITY lvnE   SDATA "[lvnE  ]"--/lvertneqq N: less, vert, not dbl eq-->
+<!ENTITY nap    SDATA "[nap   ]"--/napprox N: not approximate-->
+<!ENTITY ncong  SDATA "[ncong ]"--/ncong N: not congruent with-->
+<!ENTITY nequiv SDATA "[nequiv]"--/nequiv N: not identical with-->
+<!ENTITY ngE    SDATA "[ngE   ]"--/ngeqq N: not greater, dbl equals-->
+<!ENTITY nge    SDATA "[nge   ]"--/ngeq N: not greater-than-or-equal-->
+<!ENTITY nges   SDATA "[nges  ]"--/ngeqslant N: not gt-or-eq, slanted-->
+<!ENTITY ngt    SDATA "[ngt   ]"--/ngtr N: not greater-than-->
+<!ENTITY nle    SDATA "[nle   ]"--/nleq N: not less-than-or-equal-->
+<!ENTITY nlE    SDATA "[nlE   ]"--/nleqq N: not less, dbl equals-->
+<!ENTITY nles   SDATA "[nles  ]"--/nleqslant N: not less-or-eq, slant-->
+<!ENTITY nlt    SDATA "[nlt   ]"--/nless N: not less-than-->
+<!ENTITY nltri  SDATA "[nltri ]"--/ntriangleleft N: not left triangle-->
+<!ENTITY nltrie SDATA "[nltrie]"--/ntrianglelefteq N: not l tri, eq-->
+<!ENTITY nmid   SDATA "[nmid  ]"--/nmid-->
+<!ENTITY npar   SDATA "[npar  ]"--/nparallel N: not parallel-->
+<!ENTITY npr    SDATA "[npr   ]"--/nprec N: not precedes-->
+<!ENTITY npre   SDATA "[npre  ]"--/npreceq N: not precedes, equals-->
+<!ENTITY nrtri  SDATA "[nrtri ]"--/ntriangleright N: not rt triangle-->
+<!ENTITY nrtrie SDATA "[nrtrie]"--/ntrianglerighteq N: not r tri, eq-->
+<!ENTITY nsc    SDATA "[nsc   ]"--/nsucc N: not succeeds-->
+<!ENTITY nsce   SDATA "[nsce  ]"--/nsucceq N: not succeeds, equals-->
+<!ENTITY nsim   SDATA "[nsim  ]"--/nsim N: not similar-->
+<!ENTITY nsime  SDATA "[nsime ]"--/nsimeq N: not similar, equals-->
+<!ENTITY nsmid  SDATA "[nsmid ]"--/nshortmid-->
+<!ENTITY nspar  SDATA "[nspar ]"--/nshortparallel N: not short par-->
+<!ENTITY nsub   SDATA "[nsub  ]"--/nsubset N: not subset-->
+<!ENTITY nsube  SDATA "[nsube ]"--/nsubseteq N: not subset, equals-->
+<!ENTITY nsubE  SDATA "[nsubE ]"--/nsubseteqq N: not subset, dbl eq-->
+<!ENTITY nsup   SDATA "[nsup  ]"--/nsupset N: not superset-->
+<!ENTITY nsupE  SDATA "[nsupE ]"--/nsupseteqq N: not superset, dbl eq-->
+<!ENTITY nsupe  SDATA "[nsupe ]"--/nsupseteq N: not superset, equals-->
+<!ENTITY nvdash SDATA "[nvdash]"--/nvdash N: not vertical, dash-->
+<!ENTITY nvDash SDATA "[nvDash]"--/nvDash N: not vertical, dbl dash-->
+<!ENTITY nVDash SDATA "[nVDash]"--/nVDash N: not dbl vert, dbl dash-->
+<!ENTITY nVdash SDATA "[nVdash]"--/nVdash N: not dbl vertical, dash-->
+<!ENTITY prnap  SDATA "[prnap ]"--/precnapprox N: precedes, not approx-->
+<!ENTITY prnE   SDATA "[prnE  ]"--/precneqq N: precedes, not dbl eq-->
+<!ENTITY prnsim SDATA "[prnsim]"--/precnsim N: precedes, not similar-->
+<!ENTITY scnap  SDATA "[scnap ]"--/succnapprox N: succeeds, not approx-->
+<!ENTITY scnE   SDATA "[scnE  ]"--/succneqq N: succeeds, not dbl eq-->
+<!ENTITY scnsim SDATA "[scnsim]"--/succnsim N: succeeds, not similar-->
+<!ENTITY subne  SDATA "[subne ]"--/subsetneq N: subset, not equals-->
+<!ENTITY subnE  SDATA "[subnE ]"--/subsetneqq N: subset, not dbl eq-->
+<!ENTITY supne  SDATA "[supne ]"--/supsetneq N: superset, not equals-->
+<!ENTITY supnE  SDATA "[supnE ]"--/supsetneqq N: superset, not dbl eq-->
+<!ENTITY vsubnE SDATA "[vsubnE]"--/subsetneqq N: subset not dbl eq, var-->
+<!ENTITY vsubne SDATA "[vsubne]"--/subsetneq N: subset, not eq, var-->
+<!ENTITY vsupne SDATA "[vsupne]"--/supsetneq N: superset, not eq, var-->
+<!ENTITY vsupnE SDATA "[vsupnE]"--/supsetneqq N: super not dbl eq, var-->
diff --git a/docs/docbook/dbsgml/ent/ISOamso b/docs/docbook/dbsgml/ent/ISOamso
new file mode 100644
index 00000000000..ad9b329e54d
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamso
@@ -0,0 +1,29 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamso PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN">
+     %ISOamso;
+-->
+<!ENTITY ang    SDATA "[ang   ]"--/angle - angle-->
+<!ENTITY angmsd SDATA "[angmsd]"--/measuredangle - angle-measured-->
+<!ENTITY beth   SDATA "[beth  ]"--/beth - beth, Hebrew-->
+<!ENTITY bprime SDATA "[bprime]"--/backprime - reverse prime-->
+<!ENTITY comp   SDATA "[comp  ]"--/complement - complement sign-->
+<!ENTITY daleth SDATA "[daleth]"--/daleth - daleth, Hebrew-->
+<!ENTITY ell    SDATA "[ell   ]"--/ell - cursive small l-->
+<!ENTITY empty  SDATA "[empty ]"--/emptyset /varnothing =small o, slash-->
+<!ENTITY gimel  SDATA "[gimel ]"--/gimel - gimel, Hebrew-->
+<!ENTITY image  SDATA "[image ]"--/Im - imaginary-->
+<!ENTITY inodot SDATA "[inodot]"--/imath =small i, no dot-->
+<!ENTITY jnodot SDATA "[jnodot]"--/jmath - small j, no dot-->
+<!ENTITY nexist SDATA "[nexist]"--/nexists - negated exists-->
+<!ENTITY oS     SDATA "[oS    ]"--/circledS - capital S in circle-->
+<!ENTITY planck SDATA "[planck]"--/hbar /hslash - Planck's over 2pi-->
+<!ENTITY real   SDATA "[real  ]"--/Re - real-->
+<!ENTITY sbsol  SDATA "[sbsol ]"--/sbs - short reverse solidus-->
+<!ENTITY vprime SDATA "[vprime]"--/varprime - prime, variant-->
+<!ENTITY weierp SDATA "[weierp]"--/wp - Weierstrass p-->
diff --git a/docs/docbook/dbsgml/ent/ISOamsr b/docs/docbook/dbsgml/ent/ISOamsr
new file mode 100644
index 00000000000..3f26c345c04
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOamsr
@@ -0,0 +1,94 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOamsr PUBLIC
+       "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN">
+     %ISOamsr;
+-->
+<!ENTITY ape    SDATA "[ape   ]"--/approxeq R: approximate, equals-->
+<!ENTITY asymp  SDATA "[asymp ]"--/asymp R: asymptotically equal to-->
+<!ENTITY bcong  SDATA "[bcong ]"--/backcong R: reverse congruent-->
+<!ENTITY bepsi  SDATA "[bepsi ]"--/backepsilon R: such that-->
+<!ENTITY bowtie SDATA "[bowtie]"--/bowtie R:-->
+<!ENTITY bsim   SDATA "[bsim  ]"--/backsim R: reverse similar-->
+<!ENTITY bsime  SDATA "[bsime ]"--/backsimeq R: reverse similar, eq-->
+<!ENTITY bump   SDATA "[bump  ]"--/Bumpeq R: bumpy equals-->
+<!ENTITY bumpe  SDATA "[bumpe ]"--/bumpeq R: bumpy equals, equals-->
+<!ENTITY cire   SDATA "[cire  ]"--/circeq R: circle, equals-->
+<!ENTITY colone SDATA "[colone]"--/coloneq R: colon, equals-->
+<!ENTITY cuepr  SDATA "[cuepr ]"--/curlyeqprec R: curly eq, precedes-->
+<!ENTITY cuesc  SDATA "[cuesc ]"--/curlyeqsucc R: curly eq, succeeds-->
+<!ENTITY cupre  SDATA "[cupre ]"--/curlypreceq R: curly precedes, eq-->
+<!ENTITY dashv  SDATA "[dashv ]"--/dashv R: dash, vertical-->
+<!ENTITY ecir   SDATA "[ecir  ]"--/eqcirc R: circle on equals sign-->
+<!ENTITY ecolon SDATA "[ecolon]"--/eqcolon R: equals, colon-->
+<!ENTITY eDot   SDATA "[eDot  ]"--/doteqdot /Doteq R: eq, even dots-->
+<!ENTITY esdot  SDATA "[esdot ]"--/doteq R: equals, single dot above-->
+<!ENTITY efDot  SDATA "[efDot ]"--/fallingdotseq R: eq, falling dots-->
+<!ENTITY egs    SDATA "[egs   ]"--/eqslantgtr R: equal-or-gtr, slanted-->
+<!ENTITY els    SDATA "[els   ]"--/eqslantless R: eq-or-less, slanted-->
+<!ENTITY erDot  SDATA "[erDot ]"--/risingdotseq R: eq, rising dots-->
+<!ENTITY fork   SDATA "[fork  ]"--/pitchfork R: pitchfork-->
+<!ENTITY frown  SDATA "[frown ]"--/frown R: down curve-->
+<!ENTITY gap    SDATA "[gap   ]"--/gtrapprox R: greater, approximate-->
+<!ENTITY gsdot  SDATA "[gsdot ]"--/gtrdot R: greater than, single dot-->
+<!ENTITY gE     SDATA "[gE    ]"--/geqq R: greater, double equals-->
+<!ENTITY gel    SDATA "[gel   ]"--/gtreqless R: greater, equals, less-->
+<!ENTITY gEl    SDATA "[gEl   ]"--/gtreqqless R: gt, dbl equals, less-->
+<!ENTITY ges    SDATA "[ges   ]"--/geqslant R: gt-or-equal, slanted-->
+<!ENTITY Gg     SDATA "[Gg    ]"--/ggg /Gg /gggtr R: triple gtr-than-->
+<!ENTITY gl     SDATA "[gl    ]"--/gtrless R: greater, less-->
+<!ENTITY gsim   SDATA "[gsim  ]"--/gtrsim R: greater, similar-->
+<!ENTITY Gt     SDATA "[Gt    ]"--/gg R: dbl greater-than sign-->
+<!ENTITY lap    SDATA "[lap   ]"--/lessapprox R: less, approximate-->
+<!ENTITY ldot   SDATA "[ldot  ]"--/lessdot R: less than, with dot-->
+<!ENTITY lE     SDATA "[lE    ]"--/leqq R: less, double equals-->
+<!ENTITY lEg    SDATA "[lEg   ]"--/lesseqqgtr R: less, dbl eq, greater-->
+<!ENTITY leg    SDATA "[leg   ]"--/lesseqgtr R: less, eq, greater-->
+<!ENTITY les    SDATA "[les   ]"--/leqslant R: less-than-or-eq, slant-->
+<!ENTITY lg     SDATA "[lg    ]"--/lessgtr R: less, greater-->
+<!ENTITY Ll     SDATA "[Ll    ]"--/Ll /lll /llless R: triple less-than-->
+<!ENTITY lsim   SDATA "[lsim  ]"--/lesssim R: less, similar-->
+<!ENTITY Lt     SDATA "[Lt    ]"--/ll R: double less-than sign-->
+<!ENTITY ltrie  SDATA "[ltrie ]"--/trianglelefteq R: left triangle, eq-->
+<!ENTITY mid    SDATA "[mid   ]"--/mid R:-->
+<!ENTITY models SDATA "[models]"--/models R:-->
+<!ENTITY pr     SDATA "[pr    ]"--/prec R: precedes-->
+<!ENTITY prap   SDATA "[prap  ]"--/precapprox R: precedes, approximate-->
+<!ENTITY pre    SDATA "[pre   ]"--/preceq R: precedes, equals-->
+<!ENTITY prsim  SDATA "[prsim ]"--/precsim R: precedes, similar-->
+<!ENTITY rtrie  SDATA "[rtrie ]"--/trianglerighteq R: right tri, eq-->
+<!ENTITY samalg SDATA "[samalg]"--/smallamalg R: small amalg-->
+<!ENTITY sc     SDATA "[sc    ]"--/succ R: succeeds-->
+<!ENTITY scap   SDATA "[scap  ]"--/succapprox R: succeeds, approximate-->
+<!ENTITY sccue  SDATA "[sccue ]"--/succcurlyeq R: succeeds, curly eq-->
+<!ENTITY sce    SDATA "[sce   ]"--/succeq R: succeeds, equals-->
+<!ENTITY scsim  SDATA "[scsim ]"--/succsim R: succeeds, similar-->
+<!ENTITY sfrown SDATA "[sfrown]"--/smallfrown R: small down curve-->
+<!ENTITY smid   SDATA "[smid  ]"--/shortmid R:-->
+<!ENTITY smile  SDATA "[smile ]"--/smile R: up curve-->
+<!ENTITY spar   SDATA "[spar  ]"--/shortparallel R: short parallel-->
+<!ENTITY sqsub  SDATA "[sqsub ]"--/sqsubset R: square subset-->
+<!ENTITY sqsube SDATA "[sqsube]"--/sqsubseteq R: square subset, equals-->
+<!ENTITY sqsup  SDATA "[sqsup ]"--/sqsupset R: square superset-->
+<!ENTITY sqsupe SDATA "[sqsupe]"--/sqsupseteq R: square superset, eq-->
+<!ENTITY ssmile SDATA "[ssmile]"--/smallsmile R: small up curve-->
+<!ENTITY Sub    SDATA "[Sub   ]"--/Subset R: double subset-->
+<!ENTITY subE   SDATA "[subE  ]"--/subseteqq R: subset, dbl equals-->
+<!ENTITY Sup    SDATA "[Sup   ]"--/Supset R: dbl superset-->
+<!ENTITY supE   SDATA "[supE  ]"--/supseteqq R: superset, dbl equals-->
+<!ENTITY thkap  SDATA "[thkap ]"--/thickapprox R: thick approximate-->
+<!ENTITY thksim SDATA "[thksim]"--/thicksim R: thick similar-->
+<!ENTITY trie   SDATA "[trie  ]"--/triangleq R: triangle, equals-->
+<!ENTITY twixt  SDATA "[twixt ]"--/between R: between-->
+<!ENTITY vdash  SDATA "[vdash ]"--/vdash R: vertical, dash-->
+<!ENTITY Vdash  SDATA "[Vdash ]"--/Vdash R: dbl vertical, dash-->
+<!ENTITY vDash  SDATA "[vDash ]"--/vDash R: vertical, dbl dash-->
+<!ENTITY veebar SDATA "[veebar]"--/veebar R: logical or, bar below-->
+<!ENTITY vltri  SDATA "[vltri ]"--/vartriangleleft R: l tri, open, var-->
+<!ENTITY vprop  SDATA "[vprop ]"--/varpropto R: proportional, variant-->
+<!ENTITY vrtri  SDATA "[vrtri ]"--/vartriangleright R: r tri, open, var-->
+<!ENTITY Vvdash SDATA "[Vvdash]"--/Vvdash R: triple vertical, dash-->
diff --git a/docs/docbook/dbsgml/ent/ISObox b/docs/docbook/dbsgml/ent/ISObox
new file mode 100644
index 00000000000..643e926edaa
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISObox
@@ -0,0 +1,62 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISObox PUBLIC
+       "ISO 8879:1986//ENTITIES Box and Line Drawing//EN">
+     %ISObox;
+-->
+<!-- All names are in the form: box1234, where:
+    box = constants that identify a box drawing entity.
+    1&2 = v, V, u, U, d, D, Ud, or uD, as follows:
+      v = vertical line for full height.
+      u = upper half of vertical line.
+      d = downward (lower) half of vertical line.
+    3&4 = h, H, l, L, r, R, Lr, or lR, as follows:
+      h = horizontal line for full width.
+      l = left half of horizontal line.
+      r = right half of horizontal line.
+    In all cases, an upper-case letter means a double or heavy line.
+-->
+<!ENTITY boxh   SDATA "[boxh  ]"--horizontal line -->
+<!ENTITY boxv   SDATA "[boxv  ]"--vertical line-->
+<!ENTITY boxur  SDATA "[boxur ]"--upper right quadrant-->
+<!ENTITY boxul  SDATA "[boxul ]"--upper left quadrant-->
+<!ENTITY boxdl  SDATA "[boxdl ]"--lower left quadrant-->
+<!ENTITY boxdr  SDATA "[boxdr ]"--lower right quadrant-->
+<!ENTITY boxvr  SDATA "[boxvr ]"--upper and lower right quadrants-->
+<!ENTITY boxhu  SDATA "[boxhu ]"--upper left and right quadrants-->
+<!ENTITY boxvl  SDATA "[boxvl ]"--upper and lower left quadrants-->
+<!ENTITY boxhd  SDATA "[boxhd ]"--lower left and right quadrants-->
+<!ENTITY boxvh  SDATA "[boxvh ]"--all four quadrants-->
+<!ENTITY boxvR  SDATA "[boxvR ]"--upper and lower right quadrants-->
+<!ENTITY boxhU  SDATA "[boxhU ]"--upper left and right quadrants-->
+<!ENTITY boxvL  SDATA "[boxvL ]"--upper and lower left quadrants-->
+<!ENTITY boxhD  SDATA "[boxhD ]"--lower left and right quadrants-->
+<!ENTITY boxvH  SDATA "[boxvH ]"--all four quadrants-->
+<!ENTITY boxH   SDATA "[boxH  ]"--horizontal line-->
+<!ENTITY boxV   SDATA "[boxV  ]"--vertical line-->
+<!ENTITY boxUR  SDATA "[boxUR ]"--upper right quadrant-->
+<!ENTITY boxUL  SDATA "[boxUL ]"--upper left quadrant-->
+<!ENTITY boxDL  SDATA "[boxDL ]"--lower left quadrant-->
+<!ENTITY boxDR  SDATA "[boxDR ]"--lower right quadrant-->
+<!ENTITY boxVR  SDATA "[boxVR ]"--upper and lower right quadrants-->
+<!ENTITY boxHU  SDATA "[boxHU ]"--upper left and right quadrants-->
+<!ENTITY boxVL  SDATA "[boxVL ]"--upper and lower left quadrants-->
+<!ENTITY boxHD  SDATA "[boxHD ]"--lower left and right quadrants-->
+<!ENTITY boxVH  SDATA "[boxVH ]"--all four quadrants-->
+<!ENTITY boxVr  SDATA "[boxVr ]"--upper and lower right quadrants-->
+<!ENTITY boxHu  SDATA "[boxHu ]"--upper left and right quadrants-->
+<!ENTITY boxVl  SDATA "[boxVl ]"--upper and lower left quadrants-->
+<!ENTITY boxHd  SDATA "[boxHd ]"--lower left and right quadrants-->
+<!ENTITY boxVh  SDATA "[boxVh ]"--all four quadrants-->
+<!ENTITY boxuR  SDATA "[boxuR ]"--upper right quadrant-->
+<!ENTITY boxUl  SDATA "[boxUl ]"--upper left quadrant-->
+<!ENTITY boxdL  SDATA "[boxdL ]"--lower left quadrant-->
+<!ENTITY boxDr  SDATA "[boxDr ]"--lower right quadrant-->
+<!ENTITY boxUr  SDATA "[boxUr ]"--upper right quadrant-->
+<!ENTITY boxuL  SDATA "[boxuL ]"--upper left quadrant-->
+<!ENTITY boxDl  SDATA "[boxDl ]"--lower left quadrant-->
+<!ENTITY boxdR  SDATA "[boxdR ]"--lower right quadrant-->
diff --git a/docs/docbook/dbsgml/ent/ISOcyr1 b/docs/docbook/dbsgml/ent/ISOcyr1
new file mode 100644
index 00000000000..97b961b1f0b
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOcyr1
@@ -0,0 +1,77 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOcyr1 PUBLIC
+       "ISO 8879:1986//ENTITIES Russian Cyrillic//EN">
+     %ISOcyr1;
+-->
+<!ENTITY acy    SDATA "[acy   ]"--=small a, Cyrillic-->
+<!ENTITY Acy    SDATA "[Acy   ]"--=capital A, Cyrillic-->
+<!ENTITY bcy    SDATA "[bcy   ]"--=small be, Cyrillic-->
+<!ENTITY Bcy    SDATA "[Bcy   ]"--=capital BE, Cyrillic-->
+<!ENTITY vcy    SDATA "[vcy   ]"--=small ve, Cyrillic-->
+<!ENTITY Vcy    SDATA "[Vcy   ]"--=capital VE, Cyrillic-->
+<!ENTITY gcy    SDATA "[gcy   ]"--=small ghe, Cyrillic-->
+<!ENTITY Gcy    SDATA "[Gcy   ]"--=capital GHE, Cyrillic-->
+<!ENTITY dcy    SDATA "[dcy   ]"--=small de, Cyrillic-->
+<!ENTITY Dcy    SDATA "[Dcy   ]"--=capital DE, Cyrillic-->
+<!ENTITY iecy   SDATA "[iecy  ]"--=small ie, Cyrillic-->
+<!ENTITY IEcy   SDATA "[IEcy  ]"--=capital IE, Cyrillic-->
+<!ENTITY iocy   SDATA "[iocy  ]"--=small io, Russian-->
+<!ENTITY IOcy   SDATA "[IOcy  ]"--=capital IO, Russian-->
+<!ENTITY zhcy   SDATA "[zhcy  ]"--=small zhe, Cyrillic-->
+<!ENTITY ZHcy   SDATA "[ZHcy  ]"--=capital ZHE, Cyrillic-->
+<!ENTITY zcy    SDATA "[zcy   ]"--=small ze, Cyrillic-->
+<!ENTITY Zcy    SDATA "[Zcy   ]"--=capital ZE, Cyrillic-->
+<!ENTITY icy    SDATA "[icy   ]"--=small i, Cyrillic-->
+<!ENTITY Icy    SDATA "[Icy   ]"--=capital I, Cyrillic-->
+<!ENTITY jcy    SDATA "[jcy   ]"--=small short i, Cyrillic-->
+<!ENTITY Jcy    SDATA "[Jcy   ]"--=capital short I, Cyrillic-->
+<!ENTITY kcy    SDATA "[kcy   ]"--=small ka, Cyrillic-->
+<!ENTITY Kcy    SDATA "[Kcy   ]"--=capital KA, Cyrillic-->
+<!ENTITY lcy    SDATA "[lcy   ]"--=small el, Cyrillic-->
+<!ENTITY Lcy    SDATA "[Lcy   ]"--=capital EL, Cyrillic-->
+<!ENTITY mcy    SDATA "[mcy   ]"--=small em, Cyrillic-->
+<!ENTITY Mcy    SDATA "[Mcy   ]"--=capital EM, Cyrillic-->
+<!ENTITY ncy    SDATA "[ncy   ]"--=small en, Cyrillic-->
+<!ENTITY Ncy    SDATA "[Ncy   ]"--=capital EN, Cyrillic-->
+<!ENTITY ocy    SDATA "[ocy   ]"--=small o, Cyrillic-->
+<!ENTITY Ocy    SDATA "[Ocy   ]"--=capital O, Cyrillic-->
+<!ENTITY pcy    SDATA "[pcy   ]"--=small pe, Cyrillic-->
+<!ENTITY Pcy    SDATA "[Pcy   ]"--=capital PE, Cyrillic-->
+<!ENTITY rcy    SDATA "[rcy   ]"--=small er, Cyrillic-->
+<!ENTITY Rcy    SDATA "[Rcy   ]"--=capital ER, Cyrillic-->
+<!ENTITY scy    SDATA "[scy   ]"--=small es, Cyrillic-->
+<!ENTITY Scy    SDATA "[Scy   ]"--=capital ES, Cyrillic-->
+<!ENTITY tcy    SDATA "[tcy   ]"--=small te, Cyrillic-->
+<!ENTITY Tcy    SDATA "[Tcy   ]"--=capital TE, Cyrillic-->
+<!ENTITY ucy    SDATA "[ucy   ]"--=small u, Cyrillic-->
+<!ENTITY Ucy    SDATA "[Ucy   ]"--=capital U, Cyrillic-->
+<!ENTITY fcy    SDATA "[fcy   ]"--=small ef, Cyrillic-->
+<!ENTITY Fcy    SDATA "[Fcy   ]"--=capital EF, Cyrillic-->
+<!ENTITY khcy   SDATA "[khcy  ]"--=small ha, Cyrillic-->
+<!ENTITY KHcy   SDATA "[KHcy  ]"--=capital HA, Cyrillic-->
+<!ENTITY tscy   SDATA "[tscy  ]"--=small tse, Cyrillic-->
+<!ENTITY TScy   SDATA "[TScy  ]"--=capital TSE, Cyrillic-->
+<!ENTITY chcy   SDATA "[chcy  ]"--=small che, Cyrillic-->
+<!ENTITY CHcy   SDATA "[CHcy  ]"--=capital CHE, Cyrillic-->
+<!ENTITY shcy   SDATA "[shcy  ]"--=small sha, Cyrillic-->
+<!ENTITY SHcy   SDATA "[SHcy  ]"--=capital SHA, Cyrillic-->
+<!ENTITY shchcy SDATA "[shchcy]"--=small shcha, Cyrillic-->
+<!ENTITY SHCHcy SDATA "[SHCHcy]"--=capital SHCHA, Cyrillic-->
+<!ENTITY hardcy SDATA "[hardcy]"--=small hard sign, Cyrillic-->
+<!ENTITY HARDcy SDATA "[HARDcy]"--=capital HARD sign, Cyrillic-->
+<!ENTITY ycy    SDATA "[ycy   ]"--=small yeru, Cyrillic-->
+<!ENTITY Ycy    SDATA "[Ycy   ]"--=capital YERU, Cyrillic-->
+<!ENTITY softcy SDATA "[softcy]"--=small soft sign, Cyrillic-->
+<!ENTITY SOFTcy SDATA "[SOFTcy]"--=capital SOFT sign, Cyrillic-->
+<!ENTITY ecy    SDATA "[ecy   ]"--=small e, Cyrillic-->
+<!ENTITY Ecy    SDATA "[Ecy   ]"--=capital E, Cyrillic-->
+<!ENTITY yucy   SDATA "[yucy  ]"--=small yu, Cyrillic-->
+<!ENTITY YUcy   SDATA "[YUcy  ]"--=capital YU, Cyrillic-->
+<!ENTITY yacy   SDATA "[yacy  ]"--=small ya, Cyrillic-->
+<!ENTITY YAcy   SDATA "[YAcy  ]"--=capital YA, Cyrillic-->
+<!ENTITY numero SDATA "[numero]"--=numero sign-->
diff --git a/docs/docbook/dbsgml/ent/ISOcyr2 b/docs/docbook/dbsgml/ent/ISOcyr2
new file mode 100644
index 00000000000..480b01c1df4
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOcyr2
@@ -0,0 +1,36 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOcyr2 PUBLIC
+       "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN">
+     %ISOcyr2;
+-->
+<!ENTITY djcy   SDATA "[djcy  ]"--=small dje, Serbian-->
+<!ENTITY DJcy   SDATA "[DJcy  ]"--=capital DJE, Serbian-->
+<!ENTITY gjcy   SDATA "[gjcy  ]"--=small gje, Macedonian-->
+<!ENTITY GJcy   SDATA "[GJcy  ]"--=capital GJE Macedonian-->
+<!ENTITY jukcy  SDATA "[jukcy ]"--=small je, Ukrainian-->
+<!ENTITY Jukcy  SDATA "[Jukcy ]"--=capital JE, Ukrainian-->
+<!ENTITY dscy   SDATA "[dscy  ]"--=small dse, Macedonian-->
+<!ENTITY DScy   SDATA "[DScy  ]"--=capital DSE, Macedonian-->
+<!ENTITY iukcy  SDATA "[iukcy ]"--=small i, Ukrainian-->
+<!ENTITY Iukcy  SDATA "[Iukcy ]"--=capital I, Ukrainian-->
+<!ENTITY yicy   SDATA "[yicy  ]"--=small yi, Ukrainian-->
+<!ENTITY YIcy   SDATA "[YIcy  ]"--=capital YI, Ukrainian-->
+<!ENTITY jsercy SDATA "[jsercy]"--=small je, Serbian-->
+<!ENTITY Jsercy SDATA "[Jsercy]"--=capital JE, Serbian-->
+<!ENTITY ljcy   SDATA "[ljcy  ]"--=small lje, Serbian-->
+<!ENTITY LJcy   SDATA "[LJcy  ]"--=capital LJE, Serbian-->
+<!ENTITY njcy   SDATA "[njcy  ]"--=small nje, Serbian-->
+<!ENTITY NJcy   SDATA "[NJcy  ]"--=capital NJE, Serbian-->
+<!ENTITY tshcy  SDATA "[tshcy ]"--=small tshe, Serbian-->
+<!ENTITY TSHcy  SDATA "[TSHcy ]"--=capital TSHE, Serbian-->
+<!ENTITY kjcy   SDATA "[kjcy  ]"--=small kje Macedonian-->
+<!ENTITY KJcy   SDATA "[KJcy  ]"--=capital KJE, Macedonian-->
+<!ENTITY ubrcy  SDATA "[ubrcy ]"--=small u, Byelorussian-->
+<!ENTITY Ubrcy  SDATA "[Ubrcy ]"--=capital U, Byelorussian-->
+<!ENTITY dzcy   SDATA "[dzcy  ]"--=small dze, Serbian-->
+<!ENTITY DZcy   SDATA "[DZcy  ]"--=capital dze, Serbian-->
diff --git a/docs/docbook/dbsgml/ent/ISOdia b/docs/docbook/dbsgml/ent/ISOdia
new file mode 100644
index 00000000000..3b6f98d6baa
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOdia
@@ -0,0 +1,24 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOdia PUBLIC
+       "ISO 8879:1986//ENTITIES Diacritical Marks//EN">
+     %ISOdia;
+-->
+<!ENTITY acute  SDATA "[acute ]"--=acute accent-->
+<!ENTITY breve  SDATA "[breve ]"--=breve-->
+<!ENTITY caron  SDATA "[caron ]"--=caron-->
+<!ENTITY cedil  SDATA "[cedil ]"--=cedilla-->
+<!ENTITY circ   SDATA "[circ  ]"--=circumflex accent-->
+<!ENTITY dblac  SDATA "[dblac ]"--=double acute accent-->
+<!ENTITY die    SDATA "[die   ]"--=dieresis-->
+<!ENTITY dot    SDATA "[dot   ]"--=dot above-->
+<!ENTITY grave  SDATA "[grave ]"--=grave accent-->
+<!ENTITY macr   SDATA "[macr  ]"--=macron-->
+<!ENTITY ogon   SDATA "[ogon  ]"--=ogonek-->
+<!ENTITY ring   SDATA "[ring  ]"--=ring-->
+<!ENTITY tilde  SDATA "[tilde ]"--=tilde-->
+<!ENTITY uml    SDATA "[uml   ]"--=umlaut mark-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk1 b/docs/docbook/dbsgml/ent/ISOgrk1
new file mode 100644
index 00000000000..dea16bf8ef9
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk1
@@ -0,0 +1,59 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk1 PUBLIC
+       "ISO 8879:1986//ENTITIES Greek Letters//EN">
+     %ISOgrk1;
+-->
+<!ENTITY agr    SDATA "[agr   ]"--=small alpha, Greek-->
+<!ENTITY Agr    SDATA "[Agr   ]"--=capital Alpha, Greek-->
+<!ENTITY bgr    SDATA "[bgr   ]"--=small beta, Greek-->
+<!ENTITY Bgr    SDATA "[Bgr   ]"--=capital Beta, Greek-->
+<!ENTITY ggr    SDATA "[ggr   ]"--=small gamma, Greek-->
+<!ENTITY Ggr    SDATA "[Ggr   ]"--=capital Gamma, Greek-->
+<!ENTITY dgr    SDATA "[dgr   ]"--=small delta, Greek-->
+<!ENTITY Dgr    SDATA "[Dgr   ]"--=capital Delta, Greek-->
+<!ENTITY egr    SDATA "[egr   ]"--=small epsilon, Greek-->
+<!ENTITY Egr    SDATA "[Egr   ]"--=capital Epsilon, Greek-->
+<!ENTITY zgr    SDATA "[zgr   ]"--=small zeta, Greek-->
+<!ENTITY Zgr    SDATA "[Zgr   ]"--=capital Zeta, Greek-->
+<!ENTITY eegr   SDATA "[eegr  ]"--=small eta, Greek-->
+<!ENTITY EEgr   SDATA "[EEgr  ]"--=capital Eta, Greek-->
+<!ENTITY thgr   SDATA "[thgr  ]"--=small theta, Greek-->
+<!ENTITY THgr   SDATA "[THgr  ]"--=capital Theta, Greek-->
+<!ENTITY igr    SDATA "[igr   ]"--=small iota, Greek-->
+<!ENTITY Igr    SDATA "[Igr   ]"--=capital Iota, Greek-->
+<!ENTITY kgr    SDATA "[kgr   ]"--=small kappa, Greek-->
+<!ENTITY Kgr    SDATA "[Kgr   ]"--=capital Kappa, Greek-->
+<!ENTITY lgr    SDATA "[lgr   ]"--=small lambda, Greek-->
+<!ENTITY Lgr    SDATA "[Lgr   ]"--=capital Lambda, Greek-->
+<!ENTITY mgr    SDATA "[mgr   ]"--=small mu, Greek-->
+<!ENTITY Mgr    SDATA "[Mgr   ]"--=capital Mu, Greek-->
+<!ENTITY ngr    SDATA "[ngr   ]"--=small nu, Greek-->
+<!ENTITY Ngr    SDATA "[Ngr   ]"--=capital Nu, Greek-->
+<!ENTITY xgr    SDATA "[xgr   ]"--=small xi, Greek-->
+<!ENTITY Xgr    SDATA "[Xgr   ]"--=capital Xi, Greek-->
+<!ENTITY ogr    SDATA "[ogr   ]"--=small omicron, Greek-->
+<!ENTITY Ogr    SDATA "[Ogr   ]"--=capital Omicron, Greek-->
+<!ENTITY pgr    SDATA "[pgr   ]"--=small pi, Greek-->
+<!ENTITY Pgr    SDATA "[Pgr   ]"--=capital Pi, Greek-->
+<!ENTITY rgr    SDATA "[rgr   ]"--=small rho, Greek-->
+<!ENTITY Rgr    SDATA "[Rgr   ]"--=capital Rho, Greek-->
+<!ENTITY sgr    SDATA "[sgr   ]"--=small sigma, Greek-->
+<!ENTITY Sgr    SDATA "[Sgr   ]"--=capital Sigma, Greek-->
+<!ENTITY sfgr   SDATA "[sfgr  ]"--=final small sigma, Greek-->
+<!ENTITY tgr    SDATA "[tgr   ]"--=small tau, Greek-->
+<!ENTITY Tgr    SDATA "[Tgr   ]"--=capital Tau, Greek-->
+<!ENTITY ugr    SDATA "[ugr   ]"--=small upsilon, Greek-->
+<!ENTITY Ugr    SDATA "[Ugr   ]"--=capital Upsilon, Greek-->
+<!ENTITY phgr   SDATA "[phgr  ]"--=small phi, Greek-->
+<!ENTITY PHgr   SDATA "[PHgr  ]"--=capital Phi, Greek-->
+<!ENTITY khgr   SDATA "[khgr  ]"--=small chi, Greek-->
+<!ENTITY KHgr   SDATA "[KHgr  ]"--=capital Chi, Greek-->
+<!ENTITY psgr   SDATA "[psgr  ]"--=small psi, Greek-->
+<!ENTITY PSgr   SDATA "[PSgr  ]"--=capital Psi, Greek-->
+<!ENTITY ohgr   SDATA "[ohgr  ]"--=small omega, Greek-->
+<!ENTITY OHgr   SDATA "[OHgr  ]"--=capital Omega, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk2 b/docs/docbook/dbsgml/ent/ISOgrk2
new file mode 100644
index 00000000000..657bb99935e
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk2
@@ -0,0 +1,30 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk2 PUBLIC
+       "ISO 8879:1986//ENTITIES Monotoniko Greek//EN">
+     %ISOgrk2;
+-->
+<!ENTITY aacgr  SDATA "[aacgr ]"--=small alpha, accent, Greek-->
+<!ENTITY Aacgr  SDATA "[Aacgr ]"--=capital Alpha, accent, Greek-->
+<!ENTITY eacgr  SDATA "[eacgr ]"--=small epsilon, accent, Greek-->
+<!ENTITY Eacgr  SDATA "[Eacgr ]"--=capital Epsilon, accent, Greek-->
+<!ENTITY eeacgr SDATA "[eeacgr]"--=small eta, accent, Greek-->
+<!ENTITY EEacgr SDATA "[EEacgr]"--=capital Eta, accent, Greek-->
+<!ENTITY idigr  SDATA "[idigr ]"--=small iota, dieresis, Greek-->
+<!ENTITY Idigr  SDATA "[Idigr ]"--=capital Iota, dieresis, Greek-->
+<!ENTITY iacgr  SDATA "[iacgr ]"--=small iota, accent, Greek-->
+<!ENTITY Iacgr  SDATA "[Iacgr ]"--=capital Iota, accent, Greek-->
+<!ENTITY idiagr SDATA "[idiagr]"--=small iota, dieresis, accent, Greek-->
+<!ENTITY oacgr  SDATA "[oacgr ]"--=small omicron, accent, Greek-->
+<!ENTITY Oacgr  SDATA "[Oacgr ]"--=capital Omicron, accent, Greek-->
+<!ENTITY udigr  SDATA "[udigr ]"--=small upsilon, dieresis, Greek-->
+<!ENTITY Udigr  SDATA "[Udigr ]"--=capital Upsilon, dieresis, Greek-->
+<!ENTITY uacgr  SDATA "[uacgr ]"--=small upsilon, accent, Greek-->
+<!ENTITY Uacgr  SDATA "[Uacgr ]"--=capital Upsilon, accent, Greek-->
+<!ENTITY udiagr SDATA "[udiagr]"--=small upsilon, dieresis, accent, Greek-->
+<!ENTITY ohacgr SDATA "[ohacgr]"--=small omega, accent, Greek-->
+<!ENTITY OHacgr SDATA "[OHacgr]"--=capital Omega, accent, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk3 b/docs/docbook/dbsgml/ent/ISOgrk3
new file mode 100644
index 00000000000..f76c3a084f3
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk3
@@ -0,0 +1,53 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk3 PUBLIC
+       "ISO 8879:1986//ENTITIES Greek Symbols//EN">
+     %ISOgrk3;
+-->
+<!ENTITY alpha    SDATA "[alpha ]"--=small alpha, Greek-->
+<!ENTITY beta     SDATA "[beta  ]"--=small beta, Greek-->
+<!ENTITY gamma    SDATA "[gamma ]"--=small gamma, Greek-->
+<!ENTITY Gamma    SDATA "[Gamma ]"--=capital Gamma, Greek-->
+<!ENTITY gammad   SDATA "[gammad]"--/digamma-->
+<!ENTITY delta    SDATA "[delta ]"--=small delta, Greek-->
+<!ENTITY Delta    SDATA "[Delta ]"--=capital Delta, Greek-->
+<!ENTITY epsi     SDATA "[epsi  ]"--=small epsilon, Greek-->
+<!ENTITY epsiv    SDATA "[epsiv ]"--/varepsilon-->
+<!ENTITY epsis    SDATA "[epsis ]"--/straightepsilon-->
+<!ENTITY zeta     SDATA "[zeta  ]"--=small zeta, Greek-->
+<!ENTITY eta      SDATA "[eta   ]"--=small eta, Greek-->
+<!ENTITY thetas   SDATA "[thetas]"--straight theta-->
+<!ENTITY Theta    SDATA "[Theta ]"--=capital Theta, Greek-->
+<!ENTITY thetav   SDATA "[thetav]"--/vartheta - curly or open theta-->
+<!ENTITY iota     SDATA "[iota  ]"--=small iota, Greek-->
+<!ENTITY kappa    SDATA "[kappa ]"--=small kappa, Greek-->
+<!ENTITY kappav   SDATA "[kappav]"--/varkappa-->
+<!ENTITY lambda   SDATA "[lambda]"--=small lambda, Greek-->
+<!ENTITY Lambda   SDATA "[Lambda]"--=capital Lambda, Greek-->
+<!ENTITY mu       SDATA "[mu    ]"--=small mu, Greek-->
+<!ENTITY nu       SDATA "[nu    ]"--=small nu, Greek-->
+<!ENTITY xi       SDATA "[xi    ]"--=small xi, Greek-->
+<!ENTITY Xi       SDATA "[Xi    ]"--=capital Xi, Greek-->
+<!ENTITY pi       SDATA "[pi    ]"--=small pi, Greek-->
+<!ENTITY piv      SDATA "[piv   ]"--/varpi-->
+<!ENTITY Pi       SDATA "[Pi    ]"--=capital Pi, Greek-->
+<!ENTITY rho      SDATA "[rho   ]"--=small rho, Greek-->
+<!ENTITY rhov     SDATA "[rhov  ]"--/varrho-->
+<!ENTITY sigma    SDATA "[sigma ]"--=small sigma, Greek-->
+<!ENTITY Sigma    SDATA "[Sigma ]"--=capital Sigma, Greek-->
+<!ENTITY sigmav   SDATA "[sigmav]"--/varsigma-->
+<!ENTITY tau      SDATA "[tau   ]"--=small tau, Greek-->
+<!ENTITY upsi     SDATA "[upsi  ]"--=small upsilon, Greek-->
+<!ENTITY Upsi     SDATA "[Upsi  ]"--=capital Upsilon, Greek-->
+<!ENTITY phis     SDATA "[phis  ]"--/straightphi - straight phi-->
+<!ENTITY Phi      SDATA "[Phi   ]"--=capital Phi, Greek-->
+<!ENTITY phiv     SDATA "[phiv  ]"--/varphi - curly or open phi-->
+<!ENTITY chi      SDATA "[chi   ]"--=small chi, Greek-->
+<!ENTITY psi      SDATA "[psi   ]"--=small psi, Greek-->
+<!ENTITY Psi      SDATA "[Psi   ]"--=capital Psi, Greek-->
+<!ENTITY omega    SDATA "[omega ]"--=small omega, Greek-->
+<!ENTITY Omega    SDATA "[Omega ]"--=capital Omega, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOgrk4 b/docs/docbook/dbsgml/ent/ISOgrk4
new file mode 100644
index 00000000000..e4427a0cb54
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOgrk4
@@ -0,0 +1,53 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOgrk4 PUBLIC
+       "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN">
+     %ISOgrk4;
+-->
+<!ENTITY b.alpha  SDATA "[b.alpha ]"--=small alpha, Greek-->
+<!ENTITY b.beta   SDATA "[b.beta  ]"--=small beta, Greek-->
+<!ENTITY b.gamma  SDATA "[b.gamma ]"--=small gamma, Greek-->
+<!ENTITY b.Gamma  SDATA "[b.Gamma ]"--=capital Gamma, Greek-->
+<!ENTITY b.gammad SDATA "[b.gammad]"--/digamma-->
+<!ENTITY b.delta  SDATA "[b.delta ]"--=small delta, Greek-->
+<!ENTITY b.Delta  SDATA "[b.Delta ]"--=capital Delta, Greek-->
+<!ENTITY b.epsi   SDATA "[b.epsi  ]"--=small epsilon, Greek-->
+<!ENTITY b.epsiv  SDATA "[b.epsiv ]"--/varepsilon-->
+<!ENTITY b.epsis  SDATA "[b.epsis ]"--/straightepsilon-->
+<!ENTITY b.zeta   SDATA "[b.zeta  ]"--=small zeta, Greek-->
+<!ENTITY b.eta    SDATA "[b.eta   ]"--=small eta, Greek-->
+<!ENTITY b.thetas SDATA "[b.thetas]"--straight theta-->
+<!ENTITY b.Theta  SDATA "[b.Theta ]"--=capital Theta, Greek-->
+<!ENTITY b.thetav SDATA "[b.thetav]"--/vartheta - curly or open theta-->
+<!ENTITY b.iota   SDATA "[b.iota  ]"--=small iota, Greek-->
+<!ENTITY b.kappa  SDATA "[b.kappa ]"--=small kappa, Greek-->
+<!ENTITY b.kappav SDATA "[b.kappav]"--/varkappa-->
+<!ENTITY b.lambda SDATA "[b.lambda]"--=small lambda, Greek-->
+<!ENTITY b.Lambda SDATA "[b.Lambda]"--=capital Lambda, Greek-->
+<!ENTITY b.mu     SDATA "[b.mu    ]"--=small mu, Greek-->
+<!ENTITY b.nu     SDATA "[b.nu    ]"--=small nu, Greek-->
+<!ENTITY b.xi     SDATA "[b.xi    ]"--=small xi, Greek-->
+<!ENTITY b.Xi     SDATA "[b.Xi    ]"--=capital Xi, Greek-->
+<!ENTITY b.pi     SDATA "[b.pi    ]"--=small pi, Greek-->
+<!ENTITY b.Pi     SDATA "[b.Pi    ]"--=capital Pi, Greek-->
+<!ENTITY b.piv    SDATA "[b.piv   ]"--/varpi-->
+<!ENTITY b.rho    SDATA "[b.rho   ]"--=small rho, Greek-->
+<!ENTITY b.rhov   SDATA "[b.rhov  ]"--/varrho-->
+<!ENTITY b.sigma  SDATA "[b.sigma ]"--=small sigma, Greek-->
+<!ENTITY b.Sigma  SDATA "[b.Sigma ]"--=capital Sigma, Greek-->
+<!ENTITY b.sigmav SDATA "[b.sigmav]"--/varsigma-->
+<!ENTITY b.tau    SDATA "[b.tau   ]"--=small tau, Greek-->
+<!ENTITY b.upsi   SDATA "[b.upsi  ]"--=small upsilon, Greek-->
+<!ENTITY b.Upsi   SDATA "[b.Upsi  ]"--=capital Upsilon, Greek-->
+<!ENTITY b.phis   SDATA "[b.phis  ]"--/straightphi - straight phi-->
+<!ENTITY b.Phi    SDATA "[b.Phi   ]"--=capital Phi, Greek-->
+<!ENTITY b.phiv   SDATA "[b.phiv  ]"--/varphi - curly or open phi-->
+<!ENTITY b.chi    SDATA "[b.chi   ]"--=small chi, Greek-->
+<!ENTITY b.psi    SDATA "[b.psi   ]"--=small psi, Greek-->
+<!ENTITY b.Psi    SDATA "[b.Psi   ]"--=capital Psi, Greek-->
+<!ENTITY b.omega  SDATA "[b.omega ]"--=small omega, Greek-->
+<!ENTITY b.Omega  SDATA "[b.Omega ]"--=capital Omega, Greek-->
diff --git a/docs/docbook/dbsgml/ent/ISOlat1 b/docs/docbook/dbsgml/ent/ISOlat1
new file mode 100644
index 00000000000..0d7d0a7d937
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOlat1
@@ -0,0 +1,72 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOlat1 PUBLIC
+       "ISO 8879:1986//ENTITIES Added Latin 1//EN">
+     %ISOlat1;
+-->
+<!ENTITY aacute SDATA "[aacute]"--=small a, acute accent-->
+<!ENTITY Aacute SDATA "[Aacute]"--=capital A, acute accent-->
+<!ENTITY acirc  SDATA "[acirc ]"--=small a, circumflex accent-->
+<!ENTITY Acirc  SDATA "[Acirc ]"--=capital A, circumflex accent-->
+<!ENTITY agrave SDATA "[agrave]"--=small a, grave accent-->
+<!ENTITY Agrave SDATA "[Agrave]"--=capital A, grave accent-->
+<!ENTITY aring  SDATA "[aring ]"--=small a, ring-->
+<!ENTITY Aring  SDATA "[Aring ]"--=capital A, ring-->
+<!ENTITY atilde SDATA "[atilde]"--=small a, tilde-->
+<!ENTITY Atilde SDATA "[Atilde]"--=capital A, tilde-->
+<!ENTITY auml   SDATA "[auml  ]"--=small a, dieresis or umlaut mark-->
+<!ENTITY Auml   SDATA "[Auml  ]"--=capital A, dieresis or umlaut mark-->
+<!ENTITY aelig  SDATA "[aelig ]"--=small ae diphthong (ligature)-->
+<!ENTITY AElig  SDATA "[AElig ]"--=capital AE diphthong (ligature)-->
+<!ENTITY ccedil SDATA "[ccedil]"--=small c, cedilla-->
+<!ENTITY Ccedil SDATA "[Ccedil]"--=capital C, cedilla-->
+<!ENTITY eth    SDATA "[eth   ]"--=small eth, Icelandic-->
+<!ENTITY ETH    SDATA "[ETH   ]"--=capital Eth, Icelandic-->
+<!ENTITY eacute SDATA "[eacute]"--=small e, acute accent-->
+<!ENTITY Eacute SDATA "[Eacute]"--=capital E, acute accent-->
+<!ENTITY ecirc  SDATA "[ecirc ]"--=small e, circumflex accent-->
+<!ENTITY Ecirc  SDATA "[Ecirc ]"--=capital E, circumflex accent-->
+<!ENTITY egrave SDATA "[egrave]"--=small e, grave accent-->
+<!ENTITY Egrave SDATA "[Egrave]"--=capital E, grave accent-->
+<!ENTITY euml   SDATA "[euml  ]"--=small e, dieresis or umlaut mark-->
+<!ENTITY Euml   SDATA "[Euml  ]"--=capital E, dieresis or umlaut mark-->
+<!ENTITY iacute SDATA "[iacute]"--=small i, acute accent-->
+<!ENTITY Iacute SDATA "[Iacute]"--=capital I, acute accent-->
+<!ENTITY icirc  SDATA "[icirc ]"--=small i, circumflex accent-->
+<!ENTITY Icirc  SDATA "[Icirc ]"--=capital I, circumflex accent-->
+<!ENTITY igrave SDATA "[igrave]"--=small i, grave accent-->
+<!ENTITY Igrave SDATA "[Igrave]"--=capital I, grave accent-->
+<!ENTITY iuml   SDATA "[iuml  ]"--=small i, dieresis or umlaut mark-->
+<!ENTITY Iuml   SDATA "[Iuml  ]"--=capital I, dieresis or umlaut mark-->
+<!ENTITY ntilde SDATA "[ntilde]"--=small n, tilde-->
+<!ENTITY Ntilde SDATA "[Ntilde]"--=capital N, tilde-->
+<!ENTITY oacute SDATA "[oacute]"--=small o, acute accent-->
+<!ENTITY Oacute SDATA "[Oacute]"--=capital O, acute accent-->
+<!ENTITY ocirc  SDATA "[ocirc ]"--=small o, circumflex accent-->
+<!ENTITY Ocirc  SDATA "[Ocirc ]"--=capital O, circumflex accent-->
+<!ENTITY ograve SDATA "[ograve]"--=small o, grave accent-->
+<!ENTITY Ograve SDATA "[Ograve]"--=capital O, grave accent-->
+<!ENTITY oslash SDATA "[oslash]"--=small o, slash-->
+<!ENTITY Oslash SDATA "[Oslash]"--=capital O, slash-->
+<!ENTITY otilde SDATA "[otilde]"--=small o, tilde-->
+<!ENTITY Otilde SDATA "[Otilde]"--=capital O, tilde-->
+<!ENTITY ouml   SDATA "[ouml  ]"--=small o, dieresis or umlaut mark-->
+<!ENTITY Ouml   SDATA "[Ouml  ]"--=capital O, dieresis or umlaut mark-->
+<!ENTITY szlig  SDATA "[szlig ]"--=small sharp s, German (sz ligature)-->
+<!ENTITY thorn  SDATA "[thorn ]"--=small thorn, Icelandic-->
+<!ENTITY THORN  SDATA "[THORN ]"--=capital THORN, Icelandic-->
+<!ENTITY uacute SDATA "[uacute]"--=small u, acute accent-->
+<!ENTITY Uacute SDATA "[Uacute]"--=capital U, acute accent-->
+<!ENTITY ucirc  SDATA "[ucirc ]"--=small u, circumflex accent-->
+<!ENTITY Ucirc  SDATA "[Ucirc ]"--=capital U, circumflex accent-->
+<!ENTITY ugrave SDATA "[ugrave]"--=small u, grave accent-->
+<!ENTITY Ugrave SDATA "[Ugrave]"--=capital U, grave accent-->
+<!ENTITY uuml   SDATA "[uuml  ]"--=small u, dieresis or umlaut mark-->
+<!ENTITY Uuml   SDATA "[Uuml  ]"--=capital U, dieresis or umlaut mark-->
+<!ENTITY yacute SDATA "[yacute]"--=small y, acute accent-->
+<!ENTITY Yacute SDATA "[Yacute]"--=capital Y, acute accent-->
+<!ENTITY yuml   SDATA "[yuml  ]"--=small y, dieresis or umlaut mark-->
diff --git a/docs/docbook/dbsgml/ent/ISOlat2 b/docs/docbook/dbsgml/ent/ISOlat2
new file mode 100644
index 00000000000..4bcb3378328
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOlat2
@@ -0,0 +1,131 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOlat2 PUBLIC
+       "ISO 8879:1986//ENTITIES Added Latin 2//EN">
+     %ISOlat2;
+-->
+<!ENTITY abreve SDATA "[abreve]"--=small a, breve-->
+<!ENTITY Abreve SDATA "[Abreve]"--=capital A, breve-->
+<!ENTITY amacr  SDATA "[amacr ]"--=small a, macron-->
+<!ENTITY Amacr  SDATA "[Amacr ]"--=capital A, macron-->
+<!ENTITY aogon  SDATA "[aogon ]"--=small a, ogonek-->
+<!ENTITY Aogon  SDATA "[Aogon ]"--=capital A, ogonek-->
+<!ENTITY cacute SDATA "[cacute]"--=small c, acute accent-->
+<!ENTITY Cacute SDATA "[Cacute]"--=capital C, acute accent-->
+<!ENTITY ccaron SDATA "[ccaron]"--=small c, caron-->
+<!ENTITY Ccaron SDATA "[Ccaron]"--=capital C, caron-->
+<!ENTITY ccirc  SDATA "[ccirc ]"--=small c, circumflex accent-->
+<!ENTITY Ccirc  SDATA "[Ccirc ]"--=capital C, circumflex accent-->
+<!ENTITY cdot   SDATA "[cdot  ]"--=small c, dot above-->
+<!ENTITY Cdot   SDATA "[Cdot  ]"--=capital C, dot above-->
+<!ENTITY dcaron SDATA "[dcaron]"--=small d, caron-->
+<!ENTITY Dcaron SDATA "[Dcaron]"--=capital D, caron-->
+<!ENTITY dstrok SDATA "[dstrok]"--=small d, stroke-->
+<!ENTITY Dstrok SDATA "[Dstrok]"--=capital D, stroke-->
+<!ENTITY ecaron SDATA "[ecaron]"--=small e, caron-->
+<!ENTITY Ecaron SDATA "[Ecaron]"--=capital E, caron-->
+<!ENTITY edot   SDATA "[edot  ]"--=small e, dot above-->
+<!ENTITY Edot   SDATA "[Edot  ]"--=capital E, dot above-->
+<!ENTITY emacr  SDATA "[emacr ]"--=small e, macron-->
+<!ENTITY Emacr  SDATA "[Emacr ]"--=capital E, macron-->
+<!ENTITY eogon  SDATA "[eogon ]"--=small e, ogonek-->
+<!ENTITY Eogon  SDATA "[Eogon ]"--=capital E, ogonek-->
+<!ENTITY gacute SDATA "[gacute]"--=small g, acute accent-->
+<!ENTITY gbreve SDATA "[gbreve]"--=small g, breve-->
+<!ENTITY Gbreve SDATA "[Gbreve]"--=capital G, breve-->
+<!ENTITY Gcedil SDATA "[Gcedil]"--=capital G, cedilla-->
+<!ENTITY gcirc  SDATA "[gcirc ]"--=small g, circumflex accent-->
+<!ENTITY Gcirc  SDATA "[Gcirc ]"--=capital G, circumflex accent-->
+<!ENTITY gdot   SDATA "[gdot  ]"--=small g, dot above-->
+<!ENTITY Gdot   SDATA "[Gdot  ]"--=capital G, dot above-->
+<!ENTITY hcirc  SDATA "[hcirc ]"--=small h, circumflex accent-->
+<!ENTITY Hcirc  SDATA "[Hcirc ]"--=capital H, circumflex accent-->
+<!ENTITY hstrok SDATA "[hstrok]"--=small h, stroke-->
+<!ENTITY Hstrok SDATA "[Hstrok]"--=capital H, stroke-->
+<!ENTITY Idot   SDATA "[Idot  ]"--=capital I, dot above-->
+<!ENTITY Imacr  SDATA "[Imacr ]"--=capital I, macron-->
+<!ENTITY imacr  SDATA "[imacr ]"--=small i, macron-->
+<!ENTITY ijlig  SDATA "[ijlig ]"--=small ij ligature-->
+<!ENTITY IJlig  SDATA "[IJlig ]"--=capital IJ ligature-->
+<!ENTITY inodot SDATA "[inodot]"--=small i without dot-->
+<!ENTITY iogon  SDATA "[iogon ]"--=small i, ogonek-->
+<!ENTITY Iogon  SDATA "[Iogon ]"--=capital I, ogonek-->
+<!ENTITY itilde SDATA "[itilde]"--=small i, tilde-->
+<!ENTITY Itilde SDATA "[Itilde]"--=capital I, tilde-->
+<!ENTITY jcirc  SDATA "[jcirc ]"--=small j, circumflex accent-->
+<!ENTITY Jcirc  SDATA "[Jcirc ]"--=capital J, circumflex accent-->
+<!ENTITY kcedil SDATA "[kcedil]"--=small k, cedilla-->
+<!ENTITY Kcedil SDATA "[Kcedil]"--=capital K, cedilla-->
+<!ENTITY kgreen SDATA "[kgreen]"--=small k, Greenlandic-->
+<!ENTITY lacute SDATA "[lacute]"--=small l, acute accent-->
+<!ENTITY Lacute SDATA "[Lacute]"--=capital L, acute accent-->
+<!ENTITY lcaron SDATA "[lcaron]"--=small l, caron-->
+<!ENTITY Lcaron SDATA "[Lcaron]"--=capital L, caron-->
+<!ENTITY lcedil SDATA "[lcedil]"--=small l, cedilla-->
+<!ENTITY Lcedil SDATA "[Lcedil]"--=capital L, cedilla-->
+<!ENTITY lmidot SDATA "[lmidot]"--=small l, middle dot-->
+<!ENTITY Lmidot SDATA "[Lmidot]"--=capital L, middle dot-->
+<!ENTITY lstrok SDATA "[lstrok]"--=small l, stroke-->
+<!ENTITY Lstrok SDATA "[Lstrok]"--=capital L, stroke-->
+<!ENTITY nacute SDATA "[nacute]"--=small n, acute accent-->
+<!ENTITY Nacute SDATA "[Nacute]"--=capital N, acute accent-->
+<!ENTITY eng    SDATA "[eng   ]"--=small eng, Lapp-->
+<!ENTITY ENG    SDATA "[ENG   ]"--=capital ENG, Lapp-->
+<!ENTITY napos  SDATA "[napos ]"--=small n, apostrophe-->
+<!ENTITY ncaron SDATA "[ncaron]"--=small n, caron-->
+<!ENTITY Ncaron SDATA "[Ncaron]"--=capital N, caron-->
+<!ENTITY ncedil SDATA "[ncedil]"--=small n, cedilla-->
+<!ENTITY Ncedil SDATA "[Ncedil]"--=capital N, cedilla-->
+<!ENTITY odblac SDATA "[odblac]"--=small o, double acute accent-->
+<!ENTITY Odblac SDATA "[Odblac]"--=capital O, double acute accent-->
+<!ENTITY Omacr  SDATA "[Omacr ]"--=capital O, macron-->
+<!ENTITY omacr  SDATA "[omacr ]"--=small o, macron-->
+<!ENTITY oelig  SDATA "[oelig ]"--=small oe ligature-->
+<!ENTITY OElig  SDATA "[OElig ]"--=capital OE ligature-->
+<!ENTITY racute SDATA "[racute]"--=small r, acute accent-->
+<!ENTITY Racute SDATA "[Racute]"--=capital R, acute accent-->
+<!ENTITY rcaron SDATA "[rcaron]"--=small r, caron-->
+<!ENTITY Rcaron SDATA "[Rcaron]"--=capital R, caron-->
+<!ENTITY rcedil SDATA "[rcedil]"--=small r, cedilla-->
+<!ENTITY Rcedil SDATA "[Rcedil]"--=capital R, cedilla-->
+<!ENTITY sacute SDATA "[sacute]"--=small s, acute accent-->
+<!ENTITY Sacute SDATA "[Sacute]"--=capital S, acute accent-->
+<!ENTITY scaron SDATA "[scaron]"--=small s, caron-->
+<!ENTITY Scaron SDATA "[Scaron]"--=capital S, caron-->
+<!ENTITY scedil SDATA "[scedil]"--=small s, cedilla-->
+<!ENTITY Scedil SDATA "[Scedil]"--=capital S, cedilla-->
+<!ENTITY scirc  SDATA "[scirc ]"--=small s, circumflex accent-->
+<!ENTITY Scirc  SDATA "[Scirc ]"--=capital S, circumflex accent-->
+<!ENTITY tcaron SDATA "[tcaron]"--=small t, caron-->
+<!ENTITY Tcaron SDATA "[Tcaron]"--=capital T, caron-->
+<!ENTITY tcedil SDATA "[tcedil]"--=small t, cedilla-->
+<!ENTITY Tcedil SDATA "[Tcedil]"--=capital T, cedilla-->
+<!ENTITY tstrok SDATA "[tstrok]"--=small t, stroke-->
+<!ENTITY Tstrok SDATA "[Tstrok]"--=capital T, stroke-->
+<!ENTITY ubreve SDATA "[ubreve]"--=small u, breve-->
+<!ENTITY Ubreve SDATA "[Ubreve]"--=capital U, breve-->
+<!ENTITY udblac SDATA "[udblac]"--=small u, double acute accent-->
+<!ENTITY Udblac SDATA "[Udblac]"--=capital U, double acute accent-->
+<!ENTITY umacr  SDATA "[umacr ]"--=small u, macron-->
+<!ENTITY Umacr  SDATA "[Umacr ]"--=capital U, macron-->
+<!ENTITY uogon  SDATA "[uogon ]"--=small u, ogonek-->
+<!ENTITY Uogon  SDATA "[Uogon ]"--=capital U, ogonek-->
+<!ENTITY uring  SDATA "[uring ]"--=small u, ring-->
+<!ENTITY Uring  SDATA "[Uring ]"--=capital U, ring-->
+<!ENTITY utilde SDATA "[utilde]"--=small u, tilde-->
+<!ENTITY Utilde SDATA "[Utilde]"--=capital U, tilde-->
+<!ENTITY wcirc  SDATA "[wcirc ]"--=small w, circumflex accent-->
+<!ENTITY Wcirc  SDATA "[Wcirc ]"--=capital W, circumflex accent-->
+<!ENTITY ycirc  SDATA "[ycirc ]"--=small y, circumflex accent-->
+<!ENTITY Ycirc  SDATA "[Ycirc ]"--=capital Y, circumflex accent-->
+<!ENTITY Yuml   SDATA "[Yuml  ]"--=capital Y, dieresis or umlaut mark-->
+<!ENTITY zacute SDATA "[zacute]"--=small z, acute accent-->
+<!ENTITY Zacute SDATA "[Zacute]"--=capital Z, acute accent-->
+<!ENTITY zcaron SDATA "[zcaron]"--=small z, caron-->
+<!ENTITY Zcaron SDATA "[Zcaron]"--=capital Z, caron-->
+<!ENTITY zdot   SDATA "[zdot  ]"--=small z, dot above-->
+<!ENTITY Zdot   SDATA "[Zdot  ]"--=capital Z, dot above-->
diff --git a/docs/docbook/dbsgml/ent/ISOnum b/docs/docbook/dbsgml/ent/ISOnum
new file mode 100644
index 00000000000..d7b41c33ae3
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOnum
@@ -0,0 +1,91 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOnum PUBLIC
+       "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN">
+     %ISOnum;
+-->
+<!ENTITY half   SDATA "[half  ]"--=fraction one-half-->
+<!ENTITY frac12 SDATA "[frac12]"--=fraction one-half-->
+<!ENTITY frac14 SDATA "[frac14]"--=fraction one-quarter-->
+<!ENTITY frac34 SDATA "[frac34]"--=fraction three-quarters-->
+<!ENTITY frac18 SDATA "[frac18]"--=fraction one-eighth-->
+<!ENTITY frac38 SDATA "[frac38]"--=fraction three-eighths-->
+<!ENTITY frac58 SDATA "[frac58]"--=fraction five-eighths-->
+<!ENTITY frac78 SDATA "[frac78]"--=fraction seven-eighths-->
+
+<!ENTITY sup1   SDATA "[sup1  ]"--=superscript one-->
+<!ENTITY sup2   SDATA "[sup2  ]"--=superscript two-->
+<!ENTITY sup3   SDATA "[sup3  ]"--=superscript three-->
+
+<!ENTITY plus   SDATA "[plus  ]"--=plus sign B:-- >
+<!ENTITY plusmn SDATA "[plusmn]"--/pm B: =plus-or-minus sign-->
+<!ENTITY lt     SDATA "[lt    ]"--=less-than sign R:-->
+<!ENTITY equals SDATA "[equals]"--=equals sign R:-->
+<!ENTITY gt     SDATA "[gt    ]"--=greater-than sign R:-->
+<!ENTITY divide SDATA "[divide]"--/div B: =divide sign-->
+<!ENTITY times  SDATA "[times ]"--/times B: =multiply sign-->
+
+<!ENTITY curren SDATA "[curren]"--=general currency sign-->
+<!ENTITY pound  SDATA "[pound ]"--=pound sign-->
+<!ENTITY dollar SDATA "[dollar]"--=dollar sign-->
+<!ENTITY cent   SDATA "[cent  ]"--=cent sign-->
+<!ENTITY yen    SDATA "[yen   ]"--/yen =yen sign-->
+
+<!ENTITY num    SDATA "[num   ]"--=number sign-->
+<!ENTITY percnt SDATA "[percnt]"--=percent sign-->
+<!ENTITY amp    SDATA "[amp   ]"--=ampersand-->
+<!ENTITY ast    SDATA "[ast   ]"--/ast B: =asterisk-->
+<!ENTITY commat SDATA "[commat]"--=commercial at-->
+<!ENTITY lsqb   SDATA "[lsqb  ]"--/lbrack O: =left square bracket-->
+<!ENTITY bsol   SDATA "[bsol  ]"--/backslash =reverse solidus-->
+<!ENTITY rsqb   SDATA "[rsqb  ]"--/rbrack C: =right square bracket-->
+<!ENTITY lcub   SDATA "[lcub  ]"--/lbrace O: =left curly bracket-->
+<!ENTITY horbar SDATA "[horbar]"--=horizontal bar-->
+<!ENTITY verbar SDATA "[verbar]"--/vert =vertical bar-->
+<!ENTITY rcub   SDATA "[rcub  ]"--/rbrace C: =right curly bracket-->
+<!ENTITY micro  SDATA "[micro ]"--=micro sign-->
+<!ENTITY ohm    SDATA "[ohm   ]"--=ohm sign-->
+<!ENTITY deg    SDATA "[deg   ]"--=degree sign-->
+<!ENTITY ordm   SDATA "[ordm  ]"--=ordinal indicator, masculine-->
+<!ENTITY ordf   SDATA "[ordf  ]"--=ordinal indicator, feminine-->
+<!ENTITY sect   SDATA "[sect  ]"--=section sign-->
+<!ENTITY para   SDATA "[para  ]"--=pilcrow (paragraph sign)-->
+<!ENTITY middot SDATA "[middot]"--/centerdot B: =middle dot-->
+<!ENTITY larr   SDATA "[larr  ]"--/leftarrow /gets A: =leftward arrow-->
+<!ENTITY rarr   SDATA "[rarr  ]"--/rightarrow /to A: =rightward arrow-->
+<!ENTITY uarr   SDATA "[uarr  ]"--/uparrow A: =upward arrow-->
+<!ENTITY darr   SDATA "[darr  ]"--/downarrow A: =downward arrow-->
+<!ENTITY copy   SDATA "[copy  ]"--=copyright sign-->
+<!ENTITY reg    SDATA "[reg   ]"--/circledR =registered sign-->
+<!ENTITY trade  SDATA "[trade ]"--=trade mark sign-->
+<!ENTITY brvbar SDATA "[brvbar]"--=broken (vertical) bar-->
+<!ENTITY not    SDATA "[not   ]"--/neg /lnot =not sign-->
+<!ENTITY sung   SDATA "[sung  ]"--=music note (sung text sign)-->
+
+<!ENTITY excl   SDATA "[excl  ]"--=exclamation mark-->
+<!ENTITY iexcl  SDATA "[iexcl ]"--=inverted exclamation mark-->
+<!ENTITY quot   SDATA "[quot  ]"--=quotation mark-->
+<!ENTITY apos   SDATA "[apos  ]"--=apostrophe-->
+<!ENTITY lpar   SDATA "[lpar  ]"--O: =left parenthesis-->
+<!ENTITY rpar   SDATA "[rpar  ]"--C: =right parenthesis-->
+<!ENTITY comma  SDATA "[comma ]"--P: =comma-->
+<!ENTITY lowbar SDATA "[lowbar]"--=low line-->
+<!ENTITY hyphen SDATA "[hyphen]"--=hyphen-->
+<!ENTITY period SDATA "[period]"--=full stop, period-->
+<!ENTITY sol    SDATA "[sol   ]"--=solidus-->
+<!ENTITY colon  SDATA "[colon ]"--/colon P:-->
+<!ENTITY semi   SDATA "[semi  ]"--=semicolon P:-->
+<!ENTITY quest  SDATA "[quest ]"--=question mark-->
+<!ENTITY iquest SDATA "[iquest]"--=inverted question mark-->
+<!ENTITY laquo  SDATA "[laquo ]"--=angle quotation mark, left-->
+<!ENTITY raquo  SDATA "[raquo ]"--=angle quotation mark, right-->
+<!ENTITY lsquo  SDATA "[lsquo ]"--=single quotation mark, left-->
+<!ENTITY rsquo  SDATA "[rsquo ]"--=single quotation mark, right-->
+<!ENTITY ldquo  SDATA "[ldquo ]"--=double quotation mark, left-->
+<!ENTITY rdquo  SDATA "[rdquo ]"--=double quotation mark, right-->
+<!ENTITY nbsp   SDATA "[nbsp  ]"--=no break (required) space-->
+<!ENTITY shy    SDATA "[shy   ]"--=soft hyphen-->
diff --git a/docs/docbook/dbsgml/ent/ISOpub b/docs/docbook/dbsgml/ent/ISOpub
new file mode 100644
index 00000000000..c184973cfdf
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOpub
@@ -0,0 +1,100 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOpub PUBLIC
+       "ISO 8879:1986//ENTITIES Publishing//EN">
+     %ISOpub;
+-->
+<!ENTITY emsp   SDATA "[emsp  ]"--=em space-->
+<!ENTITY ensp   SDATA "[ensp  ]"--=en space (1/2-em)-->
+<!ENTITY emsp13 SDATA "[emsp3 ]"--=1/3-em space-->
+<!ENTITY emsp14 SDATA "[emsp4 ]"--=1/4-em space-->
+<!ENTITY numsp  SDATA "[numsp ]"--=digit space (width of a number)-->
+<!ENTITY puncsp SDATA "[puncsp]"--=punctuation space (width of comma)-->
+<!ENTITY thinsp SDATA "[thinsp]"--=thin space (1/6-em)-->
+<!ENTITY hairsp SDATA "[hairsp]"--=hair space-->
+<!ENTITY mdash  SDATA "[mdash ]"--=em dash-->
+<!ENTITY ndash  SDATA "[ndash ]"--=en dash-->
+<!ENTITY dash   SDATA "[dash  ]"--=hyphen (true graphic)-->
+<!ENTITY blank  SDATA "[blank ]"--=significant blank symbol-->
+<!ENTITY hellip SDATA "[hellip]"--=ellipsis (horizontal)-->
+<!ENTITY nldr   SDATA "[nldr  ]"--=double baseline dot (en leader)-->
+<!ENTITY frac13 SDATA "[frac13]"--=fraction one-third-->
+<!ENTITY frac23 SDATA "[frac23]"--=fraction two-thirds-->
+<!ENTITY frac15 SDATA "[frac15]"--=fraction one-fifth-->
+<!ENTITY frac25 SDATA "[frac25]"--=fraction two-fifths-->
+<!ENTITY frac35 SDATA "[frac35]"--=fraction three-fifths-->
+<!ENTITY frac45 SDATA "[frac45]"--=fraction four-fifths-->
+<!ENTITY frac16 SDATA "[frac16]"--=fraction one-sixth-->
+<!ENTITY frac56 SDATA "[frac56]"--=fraction five-sixths-->
+<!ENTITY incare SDATA "[incare]"--=in-care-of symbol-->
+<!ENTITY block  SDATA "[block ]"--=full block-->
+<!ENTITY uhblk  SDATA "[uhblk ]"--=upper half block-->
+<!ENTITY lhblk  SDATA "[lhblk ]"--=lower half block-->
+<!ENTITY blk14  SDATA "[blk14 ]"--=25% shaded block-->
+<!ENTITY blk12  SDATA "[blk12 ]"--=50% shaded block-->
+<!ENTITY blk34  SDATA "[blk34 ]"--=75% shaded block-->
+<!ENTITY marker SDATA "[marker]"--=histogram marker-->
+<!ENTITY cir    SDATA "[cir   ]"--/circ B: =circle, open-->
+<!ENTITY squ    SDATA "[squ   ]"--=square, open-->
+<!ENTITY rect   SDATA "[rect  ]"--=rectangle, open-->
+<!ENTITY utri   SDATA "[utri  ]"--/triangle =up triangle, open-->
+<!ENTITY dtri   SDATA "[dtri  ]"--/triangledown =down triangle, open-->
+<!ENTITY star   SDATA "[star  ]"--=star, open-->
+<!ENTITY bull   SDATA "[bull  ]"--/bullet B: =round bullet, filled-->
+<!ENTITY squf   SDATA "[squf  ]"--/blacksquare =sq bullet, filled-->
+<!ENTITY utrif  SDATA "[utrif ]"--/blacktriangle =up tri, filled-->
+<!ENTITY dtrif  SDATA "[dtrif ]"--/blacktriangledown =dn tri, filled-->
+<!ENTITY ltrif  SDATA "[ltrif ]"--/blacktriangleleft R: =l tri, filled-->
+<!ENTITY rtrif  SDATA "[rtrif ]"--/blacktriangleright R: =r tri, filled-->
+<!ENTITY clubs  SDATA "[clubs ]"--/clubsuit =club suit symbol-->
+<!ENTITY diams  SDATA "[diams ]"--/diamondsuit =diamond suit symbol-->
+<!ENTITY hearts SDATA "[hearts]"--/heartsuit =heart suit symbol-->
+<!ENTITY spades SDATA "[spades]"--/spadesuit =spades suit symbol-->
+<!ENTITY malt   SDATA "[malt  ]"--/maltese =maltese cross-->
+<!ENTITY dagger SDATA "[dagger]"--/dagger B: =dagger-->
+<!ENTITY Dagger SDATA "[Dagger]"--/ddagger B: =double dagger-->
+<!ENTITY check  SDATA "[check ]"--/checkmark =tick, check mark-->
+<!ENTITY cross  SDATA "[ballot]"--=ballot cross-->
+<!ENTITY sharp  SDATA "[sharp ]"--/sharp =musical sharp-->
+<!ENTITY flat   SDATA "[flat  ]"--/flat =musical flat-->
+<!ENTITY male   SDATA "[male  ]"--=male symbol-->
+<!ENTITY female SDATA "[female]"--=female symbol-->
+<!ENTITY phone  SDATA "[phone ]"--=telephone symbol-->
+<!ENTITY telrec SDATA "[telrec]"--=telephone recorder symbol-->
+<!ENTITY copysr SDATA "[copysr]"--=sound recording copyright sign-->
+<!ENTITY caret  SDATA "[caret ]"--=caret (insertion mark)-->
+<!ENTITY lsquor SDATA "[lsquor]"--=rising single quote, left (low)-->
+<!ENTITY ldquor SDATA "[ldquor]"--=rising dbl quote, left (low)-->
+
+<!ENTITY fflig  SDATA "[fflig ]"--small ff ligature-->
+<!ENTITY filig  SDATA "[filig ]"--small fi ligature-->
+<!ENTITY fjlig  SDATA "[fjlig ]"--small fj ligature-->
+<!ENTITY ffilig SDATA "[ffilig]"--small ffi ligature-->
+<!ENTITY ffllig SDATA "[ffllig]"--small ffl ligature-->
+<!ENTITY fllig  SDATA "[fllig ]"--small fl ligature-->
+
+<!ENTITY mldr   SDATA "[mldr  ]"--em leader-->
+<!ENTITY rdquor SDATA "[rdquor]"--rising dbl quote, right (high)-->
+<!ENTITY rsquor SDATA "[rsquor]"--rising single quote, right (high)-->
+<!ENTITY vellip SDATA "[vellip]"--vertical ellipsis-->
+
+<!ENTITY hybull SDATA "[hybull]"--rectangle, filled (hyphen bullet)-->
+<!ENTITY loz    SDATA "[loz   ]"--/lozenge - lozenge or total mark-->
+<!ENTITY lozf   SDATA "[lozf  ]"--/blacklozenge - lozenge, filled-->
+<!ENTITY ltri   SDATA "[ltri  ]"--/triangleleft B: l triangle, open-->
+<!ENTITY rtri   SDATA "[rtri  ]"--/triangleright B: r triangle, open-->
+<!ENTITY starf  SDATA "[starf ]"--/bigstar - star, filled-->
+
+<!ENTITY natur  SDATA "[natur ]"--/natural - music natural-->
+<!ENTITY rx     SDATA "[rx    ]"--pharmaceutical prescription (Rx)-->
+<!ENTITY sext   SDATA "[sext  ]"--sextile (6-pointed star)-->
+
+<!ENTITY target SDATA "[target]"--register mark or target-->
+<!ENTITY dlcrop SDATA "[dlcrop]"--downward left crop mark -->
+<!ENTITY drcrop SDATA "[drcrop]"--downward right crop mark -->
+<!ENTITY ulcrop SDATA "[ulcrop]"--upward left crop mark -->
+<!ENTITY urcrop SDATA "[urcrop]"--upward right crop mark -->
diff --git a/docs/docbook/dbsgml/ent/ISOtech b/docs/docbook/dbsgml/ent/ISOtech
new file mode 100644
index 00000000000..cbda344869a
--- /dev/null
+++ b/docs/docbook/dbsgml/ent/ISOtech
@@ -0,0 +1,73 @@
+<!-- (C) International Organization for Standardization 1986
+     Permission to copy in any form is granted for use with
+     conforming SGML systems and applications as defined in
+     ISO 8879, provided this notice is included in all copies.
+-->
+<!-- Character entity set. Typical invocation:
+     <!ENTITY % ISOtech PUBLIC
+       "ISO 8879:1986//ENTITIES General Technical//EN">
+     %ISOtech;
+-->
+<!ENTITY aleph  SDATA "[aleph ]"--/aleph =aleph, Hebrew-->
+<!ENTITY and    SDATA "[and   ]"--/wedge /land B: =logical and-->
+<!ENTITY ang90  SDATA "[ang90 ]"--=right (90 degree) angle-->
+<!ENTITY angsph SDATA "[angsph]"--/sphericalangle =angle-spherical-->
+<!ENTITY ap     SDATA "[ap    ]"--/approx R: =approximate-->
+<!ENTITY becaus SDATA "[becaus]"--/because R: =because-->
+<!ENTITY bottom SDATA "[bottom]"--/bot B: =perpendicular-->
+<!ENTITY cap    SDATA "[cap   ]"--/cap B: =intersection-->
+<!ENTITY cong   SDATA "[cong  ]"--/cong R: =congruent with-->
+<!ENTITY conint SDATA "[conint]"--/oint L: =contour integral operator-->
+<!ENTITY cup    SDATA "[cup   ]"--/cup B: =union or logical sum-->
+<!ENTITY equiv  SDATA "[equiv ]"--/equiv R: =identical with-->
+<!ENTITY exist  SDATA "[exist ]"--/exists =at least one exists-->
+<!ENTITY forall SDATA "[forall]"--/forall =for all-->
+<!ENTITY fnof   SDATA "[fnof  ]"--=function of (italic small f)-->
+<!ENTITY ge     SDATA "[ge    ]"--/geq /ge R: =greater-than-or-equal-->
+<!ENTITY iff    SDATA "[iff   ]"--/iff =if and only if-->
+<!ENTITY infin  SDATA "[infin ]"--/infty =infinity-->
+<!ENTITY int    SDATA "[int   ]"--/int L: =integral operator-->
+<!ENTITY isin   SDATA "[isin  ]"--/in R: =set membership-->
+<!ENTITY lang   SDATA "[lang  ]"--/langle O: =left angle bracket-->
+<!ENTITY lArr   SDATA "[lArr  ]"--/Leftarrow A: =is implied by-->
+<!ENTITY le     SDATA "[le    ]"--/leq /le R: =less-than-or-equal-->
+<!ENTITY minus  SDATA "[minus ]"--B: =minus sign-->
+<!ENTITY mnplus SDATA "[mnplus]"--/mp B: =minus-or-plus sign-->
+<!ENTITY nabla  SDATA "[nabla ]"--/nabla =del, Hamilton operator-->
+<!ENTITY ne     SDATA "[ne    ]"--/ne /neq R: =not equal-->
+<!ENTITY ni     SDATA "[ni    ]"--/ni /owns R: =contains-->
+<!ENTITY or     SDATA "[or    ]"--/vee /lor B: =logical or-->
+<!ENTITY par    SDATA "[par   ]"--/parallel R: =parallel-->
+<!ENTITY part   SDATA "[part  ]"--/partial =partial differential-->
+<!ENTITY permil SDATA "[permil]"--=per thousand-->
+<!ENTITY perp   SDATA "[perp  ]"--/perp R: =perpendicular-->
+<!ENTITY prime  SDATA "[prime ]"--/prime =prime or minute-->
+<!ENTITY Prime  SDATA "[Prime ]"--=double prime or second-->
+<!ENTITY prop   SDATA "[prop  ]"--/propto R: =is proportional to-->
+<!ENTITY radic  SDATA "[radic ]"--/surd =radical-->
+<!ENTITY rang   SDATA "[rang  ]"--/rangle C: =right angle bracket-->
+<!ENTITY rArr   SDATA "[rArr  ]"--/Rightarrow A: =implies-->
+<!ENTITY sim    SDATA "[sim   ]"--/sim R: =similar-->
+<!ENTITY sime   SDATA "[sime  ]"--/simeq R: =similar, equals-->
+<!ENTITY square SDATA "[square]"--/square B: =square-->
+<!ENTITY sub    SDATA "[sub   ]"--/subset R: =subset or is implied by-->
+<!ENTITY sube   SDATA "[sube  ]"--/subseteq R: =subset, equals-->
+<!ENTITY sup    SDATA "[sup   ]"--/supset R: =superset or implies-->
+<!ENTITY supe   SDATA "[supe  ]"--/supseteq R: =superset, equals-->
+<!ENTITY there4 SDATA "[there4]"--/therefore R: =therefore-->
+<!ENTITY Verbar SDATA "[Verbar]"--/Vert =dbl vertical bar-->
+
+<!ENTITY angst  SDATA "[angst ]"--Angstrom =capital A, ring-->
+<!ENTITY bernou SDATA "[bernou]"--Bernoulli function (script capital B)-->
+<!ENTITY compfn SDATA "[compfn]"--B: composite function (small circle)-->
+<!ENTITY Dot    SDATA "[Dot   ]"--=dieresis or umlaut mark-->
+<!ENTITY DotDot SDATA "[DotDot]"--four dots above-->
+<!ENTITY hamilt SDATA "[hamilt]"--Hamiltonian (script capital H)-->
+<!ENTITY lagran SDATA "[lagran]"--Lagrangian (script capital L)-->
+<!ENTITY lowast SDATA "[lowast]"--low asterisk-->
+<!ENTITY notin  SDATA "[notin ]"--N: negated set membership-->
+<!ENTITY order  SDATA "[order ]"--order of (script small o)-->
+<!ENTITY phmmat SDATA "[phmmat]"--physics M-matrix (script capital M)-->
+<!ENTITY tdot   SDATA "[tdot  ]"--three dots above-->
+<!ENTITY tprime SDATA "[tprime]"--triple prime-->
+<!ENTITY wedgeq SDATA "[wedgeq]"--R: corresponds to (wedge, equals)-->
diff --git a/docs/docbook/dbsgml/readme.txt b/docs/docbook/dbsgml/readme.txt
new file mode 100644
index 00000000000..52d3f9f4aaf
--- /dev/null
+++ b/docs/docbook/dbsgml/readme.txt
@@ -0,0 +1,12 @@
+README for DocBook V4.1
+
+This is DocBook V4.1, released 19 June 2000.
+
+See 40chg.txt for information about what has changed since DocBook 3.1.
+
+For more information about DocBook, please see
+
+  http://www.oasis-open.org/docbook/
+
+Please send all questions, comments, concerns, and bug reports to the
+DocBook mailing list: docbook@lists.oasis-open.org
diff --git a/docs/docbook/devdoc/CodingSuggestions.sgml b/docs/docbook/devdoc/CodingSuggestions.sgml
deleted file mode 100644
index bdf6d3d17d3..00000000000
--- a/docs/docbook/devdoc/CodingSuggestions.sgml
+++ /dev/null
@@ -1,237 +0,0 @@
-<chapter id="CodingSuggestions">
-<chapterinfo>
-	<author>
-		<firstname>Steve</firstname><surname>French</surname>
-	</author>
-	<author>
-		<firstname>Simo</firstname><surname>Sorce</surname>
-	</author>
-	<author>
-		<firstname>Andrew</firstname><surname>Bartlett</surname>
-	</author>
-	<author>
-		<firstname>Tim</firstname><surname>Potter</surname>
-	</author>
-	<author>
-		<firstname>Martin</firstname><surname>Pool</surname>
-	</author>
-</chapterinfo>
-
-<title>Coding Suggestions</title>
-
-<para>
-So you want to add code to Samba ...
-</para>
-
-<para>
-One of the daunting tasks facing a programmer attempting to write code for
-Samba is understanding the various coding conventions used by those most
-active in the project.  These conventions were mostly unwritten and helped
-improve either the portability, stability or consistency of the code. This
-document will attempt to document a few of the more important coding
-practices used at this time on the Samba project.  The coding practices are
-expected to change slightly over time, and even to grow as more is learned
-about obscure portability considerations.  Two existing documents
-<filename>samba/source/internals.doc</filename> and 
-<filename>samba/source/architecture.doc</filename> provide
-additional information.
-</para>
-
-<para>
-The loosely related question of coding style is very personal and this
-document does not attempt to address that subject, except to say that I
-have observed that eight character tabs seem to be preferred in Samba
-source.  If you are interested in the topic of coding style, two oft-quoted
-documents are:
-</para>
-
-<para>
-<ulink url="http://lxr.linux.no/source/Documentation/CodingStyle">http://lxr.linux.no/source/Documentation/CodingStyle</ulink>
-</para>
-
-<para>
-<ulink url="http://www.fsf.org/prep/standards_toc.html">http://www.fsf.org/prep/standards_toc.html</ulink>
-</para>
-
-<para>
-But note that coding style in Samba varies due to the many different
-programmers who have contributed.
-</para>
-
-<para>
-Following are some considerations you should use when adding new code to
-Samba.  First and foremost remember that:
-</para>
-
-<para>
-Portability is a primary consideration in adding function, as is network
-compatability with de facto, existing, real world CIFS/SMB implementations.
-There are lots of platforms that Samba builds on so use caution when adding
-a call to a library function that is not invoked in existing Samba code.
-Also note that there are many quite different SMB/CIFS clients that Samba
-tries to support, not all of which follow the SNIA CIFS Technical Reference
-(or the earlier Microsoft reference documents or the X/Open book on the SMB
-Standard) perfectly.
-</para>
-
-<para>
-Here are some other suggestions:
-</para>
-
-<orderedlist>
-
-<listitem><para>
-	use d_printf instead of printf for display text
-	reason: enable auto-substitution of translated language text 
-</para></listitem>
-
-<listitem><para>
-	use SAFE_FREE instead of free
-	reason: reduce traps due to null pointers
-</para></listitem>
-
-<listitem><para>
-	don't use bzero use memset, or ZERO_STRUCT and ZERO_STRUCTP macros
-	reason: not POSIX
-</para></listitem>
-
-<listitem><para>
-	don't use strcpy and strlen (use safe_* equivalents)
-	reason: to avoid traps due to buffer overruns
-</para></listitem>
-
-<listitem><para>
-	don't use getopt_long, use popt functions instead
-	reason: portability
-</para></listitem>
-
-<listitem><para>
-	explicitly add const qualifiers on parm passing in functions where parm
-	is input only (somewhat controversial but const can be #defined away)
-</para></listitem>
-
-<listitem><para>
-	when passing a va_list as an arg, or assigning one to another
-	please use the VA_COPY() macro
-	reason: on some platforms, va_list is a struct that must be 
-	initialized in each function...can SEGV if you don't.
-</para></listitem>
-
-<listitem><para>
-	discourage use of threads
-	reason: portability (also see architecture.doc)
-</para></listitem>
-
-<listitem><para>
-	don't explicitly include new header files in C files - new h files 
-	should be included by adding them once to includes.h
-	reason: consistency
-</para></listitem>
-
-<listitem><para>
-	don't explicitly extern functions (they are autogenerated by 
-	"make proto" into proto.h)
-	reason: consistency
-</para></listitem>
-
-<listitem><para>
-	use endian safe macros when unpacking SMBs (see byteorder.h and
-	internals.doc)
-	reason: not everyone uses Intel
-</para></listitem>
-
-<listitem><para>
-	Note Unicode implications of charset handling (see internals.doc).  See
-	pull_*  and push_* and convert_string functions.
-	reason: Internationalization
-</para></listitem>
-
-<listitem><para>
-	Don't assume English only
-	reason: See above
-</para></listitem>
-
-<listitem><para>
-	Try to avoid using in/out parameters (functions that return data which
-	overwrites input parameters)
-	reason: Can cause stability problems
-</para></listitem>
-
-<listitem><para>
-	Ensure copyright notices are correct, don't append Tridge's name to code
-	that he didn't write.  If you did not write the code, make sure that it
-	can coexist with the rest of the Samba GPLed code.
-</para></listitem>
-
-<listitem><para>
-	Consider usage of DATA_BLOBs for length specified byte-data.
-	reason: stability
-</para></listitem>
-
-<listitem><para>
-	Take advantage of tdbs for database like function
-	reason: consistency
-</para></listitem>
-
-<listitem><para>
-	Don't access the SAM_ACCOUNT structure directly, they should be accessed
-	via pdb_get...() and pdb_set...() functions.
-	reason: stability, consistency
-</para></listitem>
-
-<listitem><para>
-	Don't check a password directly against the passdb, always use the
-	check_password() interface.
-	reason: long term pluggability
-</para></listitem>
-
-<listitem><para>
-	Try to use asprintf rather than pstrings and fstrings where possible
-</para></listitem>
-
-<listitem><para>
-	Use normal C comments / * instead of C++ comments // like
-	this.  Although the C++ comment format is part of the C99
-	standard, some older vendor C compilers do not accept it.
-</para></listitem>
-
-<listitem><para>
-	Try to write documentation for API functions and structures
-	explaining the point of the code, the way it should be used, and
-	any special conditions or results.  Mark these with a double-star
-	comment start / ** so that they can be picked up by Doxygen, as in
-	this file.
-</para></listitem>
-
-<listitem><para>
-	Keep the scope narrow. This means making functions/variables
-	static whenever possible. We don't want our namespace
-	polluted. Each module should have a minimal number of externally
-	visible functions or variables.
-</para></listitem>
-
-<listitem><para>
-	Use function pointers to keep knowledge about particular pieces of
-	code isolated in one place. We don't want a particular piece of
-	functionality to be spread out across lots of places - that makes
-	for fragile, hand to maintain code. Instead, design an interface
-	and use tables containing function pointers to implement specific
-	functionality. This is particularly important for command
-	interpreters. 
-</para></listitem>
-
-<listitem><para>
-	Think carefully about what it will be like for someone else to add
-	to and maintain your code. If it would be hard for someone else to
-	maintain then do it another way. 
-</para></listitem>
-
-</orderedlist>
-
-<para>
-The suggestions above are simply that, suggestions, but the information may
-help in reducing the routine rework done on new code.  The preceeding list
-is expected to change routinely as new support routines and macros are
-added.
-</para>
-</chapter>
diff --git a/docs/docbook/devdoc/architecture.sgml b/docs/docbook/devdoc/architecture.sgml
deleted file mode 100644
index 312a63af97e..00000000000
--- a/docs/docbook/devdoc/architecture.sgml
+++ /dev/null
@@ -1,184 +0,0 @@
-<chapter id="architecture">
-<chapterinfo>
-	<author>
-		<firstname>Dan</firstname><surname>Shearer</surname>
-	</author>
-	<pubdate> November 1997</pubdate>
-</chapterinfo>
-
-<title>Samba Architecture</title>
-
-<sect1>
-<title>Introduction</title>
-
-<para>
-This document gives a general overview of how Samba works
-internally. The Samba Team has tried to come up with a model which is
-the best possible compromise between elegance, portability, security
-and the constraints imposed by the very messy SMB and CIFS
-protocol. 
-</para>
-
-<para>
-It also tries to answer some of the frequently asked questions such as:
-</para>
-
-<orderedlist>
-<listitem><para>
-	Is Samba secure when running on Unix? The xyz platform?
-	What about the root priveliges issue?
-</para></listitem>
-
-<listitem><para>Pros and cons of multithreading in various parts of Samba</para></listitem>
-
-<listitem><para>Why not have a separate process for name resolution, WINS, and browsing?</para></listitem>
-
-</orderedlist>
-
-</sect1>
-
-<sect1>
-<title>Multithreading and Samba</title>
-
-<para>
-People sometimes tout threads as a uniformly good thing. They are very
-nice in their place but are quite inappropriate for smbd. nmbd is
-another matter, and multi-threading it would be very nice. 
-</para>
-
-<para>
-The short version is that smbd is not multithreaded, and alternative
-servers that take this approach under Unix (such as Syntax, at the
-time of writing) suffer tremendous performance penalties and are less
-robust. nmbd is not threaded either, but this is because it is not
-possible to do it while keeping code consistent and portable across 35
-or more platforms. (This drawback also applies to threading smbd.)
-</para>
-
-<para>
-The longer versions is that there are very good reasons for not making
-smbd multi-threaded.  Multi-threading would actually make Samba much
-slower, less scalable, less portable and much less robust. The fact
-that we use a separate process for each connection is one of Samba's
-biggest advantages.
-</para>
-
-</sect1>
-
-<sect1>
-<title>Threading smbd</title>
-
-<para>
-A few problems that would arise from a threaded smbd are:
-</para>
-
-<orderedlist>
-<listitem><para>
-	It's not only to create threads instead of processes, but you
-	must care about all variables if they have to be thread specific
-	(currently they would be global).
-</para></listitem>
-
-<listitem><para>
-	if one thread dies (eg. a seg fault) then all threads die. We can
-	immediately throw robustness out the window.
-</para></listitem>
-
-<listitem><para>
-	many of the system calls we make are blocking. Non-blocking
-	equivalents of many calls are either not available or are awkward (and
-	slow) to use. So while we block in one thread all clients are
-	waiting. Imagine if one share is a slow NFS filesystem and the others 
-	are fast, we will end up slowing all clients to the speed of NFS.
-</para></listitem>
-
-<listitem><para>
-	you can't run as a different uid in different threads. This means
-	we would have to switch uid/gid on _every_ SMB packet. It would be
-	horrendously slow.
-</para></listitem>
-
-<listitem><para>
-	the per process file descriptor limit would mean that we could only
-	support a limited number of clients.
-</para></listitem>
-
-<listitem><para>
-	we couldn't use the system locking calls as the locking context of
-	fcntl() is a process, not a thread.
-</para></listitem>
-
-</orderedlist>
-
-</sect1>
-
-<sect1>
-<title>Threading nmbd</title>
-
-<para>
-This would be ideal, but gets sunk by portability requirements.
-</para>
-
-<para>
-Andrew tried to write a test threads library for nmbd that used only
-ansi-C constructs (using setjmp and longjmp). Unfortunately some OSes
-defeat this by restricting longjmp to calling addresses that are
-shallower than the current address on the stack (apparently AIX does
-this). This makes a truly portable threads library impossible. So to
-support all our current platforms we would have to code nmbd both with
-and without threads, and as the real aim of threads is to make the
-code clearer we would not have gained anything. (it is a myth that
-threads make things faster. threading is like recursion, it can make
-things clear but the same thing can always be done faster by some
-other method)
-</para>
-
-<para>
-Chris tried to spec out a general design that would abstract threading
-vs separate processes (vs other methods?) and make them accessible
-through some general API. This doesn't work because of the data
-sharing requirements of the protocol (packets in the future depending
-on packets now, etc.) At least, the code would work but would be very
-clumsy, and besides the fork() type model would never work on Unix. (Is there an OS that it would work on, for nmbd?)
-</para>
-
-<para>
-A fork() is cheap, but not nearly cheap enough to do on every UDP
-packet that arrives. Having a pool of processes is possible but is
-nasty to program cleanly due to the enormous amount of shared data (in
-complex structures) between the processes. We can't rely on each
-platform having a shared memory system.
-</para>
-
-</sect1>
-
-<sect1>
-<title>nbmd Design</title>
-
-<para>
-Originally Andrew used recursion to simulate a multi-threaded
-environment, which use the stack enormously and made for really
-confusing debugging sessions. Luke Leighton rewrote it to use a
-queuing system that keeps state information on each packet.  The
-first version used a single structure which was used by all the
-pending states.  As the initialisation of this structure was
-done by adding arguments, as the functionality developed, it got
-pretty messy.  So, it was replaced with a higher-order function
-and a pointer to a user-defined memory block.  This suddenly
-made things much simpler: large numbers of functions could be
-made static, and modularised.  This is the same principle as used
-in NT's kernel, and achieves the same effect as threads, but in
-a single process.
-</para>
-
-<para>
-Then Jeremy rewrote nmbd. The packet data in nmbd isn't what's on the
-wire. It's a nice format that is very amenable to processing but still
-keeps the idea of a distinct packet. See "struct packet_struct" in
-nameserv.h.  It has all the detail but none of the on-the-wire
-mess. This makes it ideal for using in disk or memory-based databases
-for browsing and WINS support. 
-</para>
-
-</sect1>
-</chapter>
diff --git a/docs/docbook/devdoc/cifsntdomain.sgml b/docs/docbook/devdoc/cifsntdomain.sgml
deleted file mode 100644
index f64e1b37d63..00000000000
--- a/docs/docbook/devdoc/cifsntdomain.sgml
+++ /dev/null
@@ -1,2923 +0,0 @@
-<chapter id="ntdomain">
-<chapterinfo>
-	<author>
-		<firstname>Luke</firstname><surname>Leighton</surname>
-		<affiliation><address><email>lkcl@switchboard.net</email></address></affiliation>
-	</author>
-	<author>
-		<firstname>Paul</firstname><surname>Ashton</surname>
-		<affiliation><address><email>paul@argo.demon.co.uk</email></address></affiliation>
-	</author>
-	<author>
-		<firstname>Duncan</firstname><surname>Stansfield</surname>
-		<affiliation><address><email>duncans@sco.com</email></address></affiliation>
-	</author>
-
-	<pubdate>01 November 97(version 0.0.24)</pubdate>
-</chapterinfo>
-
-<title>NT Domain RPC's</title>
-
-<sect1>
-<title>Introduction</title>
-
-
-<para>
-This document contains information to provide an NT workstation with login
-services, without the need for an NT server. It is the sgml version of <ulink url="http://mailhost.cb1.com/~lkcl/cifsntdomain.txt">http://mailhost.cb1.com/~lkcl/cifsntdomain.txt</ulink>, controlled by Luke.
-</para>
-
-<para>
-It should be possible to select a domain instead of a workgroup (in the NT
-workstation's TCP/IP settings) and after the obligatory reboot, type in a
-username, password, select a domain and successfully log in.  I would
-appreciate any feedback on your experiences with this process, and any
-comments, corrections and additions to this document.
-</para>
-
-<para>
-The packets described here can be easily derived from (and are probably
-better understood using) Netmon.exe.  You will need to use the version
-of Netmon that matches your system, in order to correctly decode the
-NETLOGON, lsarpc and srvsvc Transact pipes.  This document is derived from
-NT Service Pack 1 and its corresponding version of Netmon.  It is intended
-that an annotated packet trace be produced, which will likely be more
-instructive than this document.
-</para>
-
-<para>
-Also needed, to fully implement NT Domain Login Services, is the 
-document describing the cryptographic part of the NT authentication.
-This document is available from comp.protocols.smb; from the ntsecurity.net
-digest and from the samba digest, amongst other sources.
-</para>
-
-<para>
-A copy is available from:
-</para>
-
-<para><ulink url="http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935">http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935</ulink></para>
-
-<para><ulink url="http://mailhost.cb1.com/~lkcl/crypt.html">http://mailhost.cb1.com/~lkcl/crypt.html</ulink></para>
-
-<para>
-A c-code implementation, provided by <ulink url="mailto:linus@incolumitas.se">Linus Nordberg</ulink>
-of this protocol is available from:
-</para>
-
-<para><ulink url="http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html">http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html</ulink></para>
-<para><ulink url="http://mailhost.cb1.com/~lkcl/crypt.txt">http://mailhost.cb1.com/~lkcl/crypt.txt</ulink></para>
-
-<para>
-Also used to provide debugging information is the Check Build version of
-NT workstation, and enabling full debugging in NETLOGON.  This is
-achieved by setting the following REG_SZ registry key to 0x1ffffff:
-</para>
-
-<para><filename>HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters</filename></para>
-
-<para><emphasis>Incorrect direct editing of the registry can cause your
-machine to fail. Then again, so can incorrect implementation of this 
-protocol. See "Liability:" above.</emphasis></para>
-
-<para>
-Bear in mind that each packet over-the-wire will have its origin in an
-API call.  Therefore, there are likely to be structures, enumerations
-and defines that are usefully documented elsewhere.
-</para>
-
-<para>
-This document is by no means complete or authoritative.  Missing sections
-include, but are not limited to:
-</para>
-
-
-<orderedlist>
-
-<listitem><para>Mappings of RIDs to usernames (and vice-versa).</para></listitem>
-
-<listitem><para>What a User ID is and what a Group ID is.</para></listitem>
-
-<listitem><para>The exact meaning/definition of various magic constants or enumerations.</para></listitem>
-
-<listitem><para>The reply error code and use of that error code when a
-workstation becomes a member of a domain (to be described later).  
-Failure to return this error code will make the workstation report 
-that it is already a member of the domain.</para></listitem>
-
-<listitem><para>the cryptographic side of the NetrServerPasswordSet command, 
-which would allow the workstation to change its password.  This password is
-used to generate the long-term session key.  [It is possible to reject this
-command, and keep the default workstation password].</para></listitem>
-
-</orderedlist>
-
-<sect2>
-<title>Sources</title>
-
-<simplelist>
-<member>cket Traces from Netmonitor (Service Pack 1 and above)</member>
-<member>ul Ashton and Luke Leighton's other "NT Domain" doc.</member>
-<member>FS documentation - cifs6.txt</member>
-<member>FS documentation - cifsrap2.txt</member>
-</simplelist>
-
-</sect2>
-
-<sect2>
-<title>Credits</title>
-
-<simplelist> 
-<member>Paul Ashton: loads of work with Net Monitor; understanding the NT authentication system; reference implementation of the NT domain support on which this document is originally based.</member>
-<member>Duncan Stansfield: low-level analysis of MSRPC Pipes.</member>
-<member>Linus Nordberg: producing c-code from Paul's crypto spec.</member>
-<member>Windows Sourcer development team</member>
-</simplelist>
-
-</sect2>
-
-</sect1>
-
-<sect1>
-<title>Notes and Structures</title>
-
-<sect2>
-<title>Notes</title>
-
-<orderedlist>
-<listitem><para>
-In the SMB Transact pipes, some "Structures", described here, appear to be
-4-byte aligned with the SMB header, at their start.  Exactly which
-"Structures" need aligning is not precisely known or documented.
-</para></listitem>
-
-<listitem><para>
-In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be
-2-byte aligned with the start of the mailslot, at their start.
-</para></listitem>
-
-<listitem><para>
-Domain SID is of the format S-revision-version-auth1-auth2...authN.
-e.g S-1-5-123-456-789-123-456.  the 5 could be a sub-revision.
-</para></listitem>
-
-<listitem><para>
-any undocumented buffer pointers must be non-zero if the string buffer it
-refers to contains characters.  exactly what value they should be is unknown.
-0x0000 0002 seems to do the trick to indicate that the buffer exists.  a
-NULL buffer pointer indicates that the string buffer is of zero length.
-If the buffer pointer is NULL, then it is suspected that the structure it
-refers to is NOT put into (or taken out of) the SMB data stream.  This is
-empirically derived from, for example, the LSA SAM Logon response packet,
-where if the buffer pointer is NULL, the user information is not inserted
-into the data stream.  Exactly what happens with an array of buffer pointers
-is not known, although an educated guess can be made.
-</para></listitem>
-
-<listitem><para>
-an array of structures (a container) appears to have a count and a pointer.
-if the count is zero, the pointer is also zero.  no further data is put
-into or taken out of the SMB data stream.  if the count is non-zero, then
-the pointer is also non-zero.  immediately following the pointer is the
-count again, followed by an array of container sub-structures.  the count
-appears a third time after the last sub-structure.
-</para></listitem>
-</orderedlist>
-
-</sect2>
-
-<sect2>
-<title>Enumerations</title>
-
-<sect3>
-<title>MSRPC Header type</title>
-<para>command number in the msrpc packet header</para>
-
-<variablelist>
-<varlistentry>
-	<term>MSRPC_Request:</term>
-	<listitem><para>0x00</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>MSRPC_Response:</term>
-	<listitem><para>0x02</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>MSRPC_Bind:</term>
-	<listitem><para>0x0B</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>MSRPC_BindAck:</term>
-	<listitem><para>0x0C</para></listitem>
-</varlistentry>
-</variablelist>
-</sect3>
-
-<sect3>
-<title>MSRPC Packet info</title>
-
-<para>The meaning of these flags is undocumented</para>
-
-<variablelist>
-<varlistentry>
-	<term>FirstFrag:</term>
-	<listitem><para>0x01 </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LastFrag:</term>
-	<listitem><para>0x02 </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NotaFrag:</term>
-	<listitem><para>0x04  </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>RecRespond:</term>
-	<listitem><para>0x08  </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NoMultiplex:</term>
-	<listitem><para>0x10  </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NotForIdemp:</term>
-	<listitem><para>0x20  </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NotforBcast:</term>
-	<listitem><para>0x40  </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NoUuid:</term>
-	<listitem><para>0x80 </para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>Structures</title>
-
-<sect3><title>VOID *</title>
-<para>sizeof VOID* is 32 bits.</para>
-</sect3>
-
-<sect3><title>char</title>
-<para>sizeof char is 8 bits.</para>
-</sect3>
-
-<sect3><title>UTIME</title>
-<para>UTIME is 32 bits, indicating time in seconds since 01jan1970.  documented in cifs6.txt (section 3.5 page, page 30).</para>
-</sect3>
-
-<sect3><title>NTTIME</title>
-<para>NTTIME is 64 bits.  documented in cifs6.txt (section 3.5 page, page 30).</para>
-</sect3>
-
-<sect3>
-<title>DOM_SID (domain SID structure)</title>
-
-<variablelist>
-
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num of sub-authorities in domain SID</para></listitem>
-</varlistentry>
-
-<varlistentry>
-	<term>UINT8</term>
-	<listitem><para>SID revision number</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8</term>
-	<listitem><para>num of sub-authorities in domain SID</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[6]</term>
-	<listitem><para>6 bytes for domain SID - Identifier Authority.</para></listitem>
-</varlistentry>
-
-<varlistentry>
-	<term>UINT16[n_subauths]</term>
-	<listitem><para>domain SID sub-authorities</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-<para><emphasis>Note: the domain SID is documented elsewhere.</emphasis>
-</para>
-
-</sect3>
-
-<sect3>
-<title>STR (string)</title>
-
-<para>STR (string) is a char[] : a null-terminated string of ascii characters.</para>
-
-</sect3>
-
-<sect3>
-<title>UNIHDR (unicode string header) </title>
-
-<variablelist>
-
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>length of unicode string</para></listitem>
-</varlistentry>
-
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>max length of unicode string</para></listitem>
-</varlistentry>
-
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>4 - undocumented.</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>UNIHDR2 (unicode string header plus buffer pointer)</title>
-
-<variablelist>
-
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>unicode string header</para></listitem>
-</varlistentry>
-
-
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>UNISTR (unicode string)</title>
-
-<variablelist>
-
-<varlistentry>
-	<term>UINT16[]</term>
-	<listitem><para>null-terminated string of unicode characters.</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>NAME (length-indicated unicode string)</title>
-
-<variablelist>
-
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>length of unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16[]</term>
-	<listitem><para>null-terminated string of unicode characters.</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>UNISTR2 (aligned unicode string)</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>padding to get unicode string 4-byte aligned with the start of the SMB header.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>max length of unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>length of unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16[]</term>
-	<listitem><para>string of uncode characters</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>OBJ_ATTR (object attributes)</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>0x18 - length (in bytes) including the length field.</para></listitem></varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>0 - root directory (pointer)</para></listitem></varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>0 - object name (pointer)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>0 - attributes (undocumented)</para></listitem></varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>0 - security descriptior (pointer)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - security quality of service</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>POL_HND (LSA policy handle)</title>
-
-<variablelist>
-<varlistentry>
-	<term>char[20]</term>
-	<listitem><para>policy handle</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>DOM_SID2 (domain SID structure, SIDS stored in unicode)</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>5 - SID type</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR2</term>
-	<listitem><para>domain SID unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>domain SID unicode string</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para><emphasis>Note:	there is a conflict between the unicode string header and the unicode string itself as to which to use to indicate string length.  this will need to be resolved.</emphasis></para>
-
-<para><emphasis>Note:	the SID type indicates, for example, an alias; a well-known group etc. this is documented somewhere.</emphasis></para>
-
-</sect3>
-
-<sect3>
-<title>DOM_RID (domain RID structure)</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>5 - well-known SID.  1 - user SID (see ShowACLs)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>5 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>domain RID </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - domain index out of above reference domains</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>LOG_INFO (server, account, client structure)</title>
-
-<para><emphasis>Note:	logon server name starts with two '\' characters and is upper case.</emphasis></para>
-
-<para><emphasis>Note:	account name is the logon client name from the LSA Request Challenge, with a $ on the end of it, in upper case.</emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon server unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>account name unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>sec_chan - security channel type</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon client machine unicode string</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>CLNT_SRV (server, client names structure)</title>
-
-<para><emphasis>Note:	logon server name starts with two '\' characters and is upper case.</emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon server unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon client machine unicode string</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>CREDS (credentials + time stamp)</title>
-
-<variablelist>
-<varlistentry>
-	<term>char[8]</term>
-	<listitem><para>credentials</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UTIME</term>
-	<listitem><para>time stamp</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>CLNT_INFO2 (server, client structure, client credentials)</title>
-
-<para><emphasis>Note: whenever this structure appears in a request, you must take a copy of the client-calculated credentials received, because they will beused in subsequent credential checks.  the presumed intention is to
-	maintain an authenticated request/response trail.</emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>CLNT_SRV</term>
-	<listitem><para>client and server names</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>???? padding, for 4-byte alignment with SMB header.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>pointer to client credentials.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>CREDS</term>
-	<listitem><para>client-calculated credentials + client time</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>CLNT_INFO (server, account, client structure, client credentials)</title>
-<para><emphasis>Note: whenever this structure appears in a request, you must take a copy of the client-calculated credentials received, because they will be used in subsequent credential checks.  the presumed intention is to maintain an authenticated request/response trail.</emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>LOG_INFO</term>
-	<listitem><para>logon account info</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>CREDS</term>
-	<listitem><para>client-calculated credentials + client time</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>ID_INFO_1 (id info structure, auth level 1)</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>ptr_id_info_1</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>domain name unicode header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>param control</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT64</term>
-	<listitem><para>logon ID</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>user name unicode header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>workgroup name unicode header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[16]</term>
-	<listitem><para>arc4 LM OWF Password</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[16]</term>
-	<listitem><para>arc4 NT OWF Password</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>domain name unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>user name unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>workstation name unicode string</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>SAM_INFO (sam logon/logoff id info structure)</title>
-
-<para><emphasis>Note: presumably, the return credentials is supposedly for the server to verify that the credential chain hasn't been compromised.</emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>CLNT_INFO2</term>
-	<listitem><para>client identification/authentication info</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>pointer to return credentials.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>CRED</term>
-	<listitem><para>return credentials - ignored.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>logon level</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>switch value</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-<para><programlisting>
-        switch (switch_value)
-        case 1:
-        {
-            ID_INFO_1     id_info_1;
-        }
-</programlisting></para>
-
-</sect3>
-
-<sect3>
-<title>GID (group id info)</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>group id</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>user attributes (only used by NT 3.1 and 3.51)</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>DOM_REF (domain reference info)</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num referenced domains?</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented domain name buffer pointer.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>32 - max number of entries</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>4 - num referenced domains?</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR2</term>
-	<listitem><para>domain name unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR2[num_ref_doms-1]</term>
-	<listitem><para>referenced domain unicode string headers</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>domain name unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>DOM_SID[num_ref_doms]</term>
-	<listitem><para>referenced domain SIDs</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>DOM_INFO (domain info, levels 3 and 5 are the same))</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>??? padding to get 4-byte alignment with start of SMB header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>domain name string length * 2</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>domain name string length * 2</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented domain name string buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>undocumented domain SID string buffer pointer</para></listitem></varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-<listitem><para>domain name (unicode string)</para></listitem></varlistentry>
-<varlistentry>
-	<term>DOM_SID</term>
-	<listitem><para>domain SID</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>USER_INFO (user logon info)</title>
-
-<para><emphasis>Note: it would be nice to know what the 16 byte user session key is for.</emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>NTTIME</term>
-	<listitem><para>logon time</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NTTIME</term>
-	<listitem><para>logoff time</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NTTIME</term>
-	<listitem><para>kickoff time</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NTTIME</term>
-	<listitem><para>password last set time</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NTTIME</term>
-	<listitem><para>password can change time</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NTTIME</term>
-	<listitem><para>password must change time</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>username unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>user's full name unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>logon script unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>profile path unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>home directory unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>home directory drive unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>logon count</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>bad password count</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>User ID</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>Group ID</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num groups</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer to groups.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>user flags</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[16]</term>
-	<listitem><para>user session key</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>logon server unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNIHDR</term>
-	<listitem><para>logon domain unicode string header</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented logon domain id pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[40]</term>
-	<listitem><para>40 undocumented padding bytes.  future expansion?</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - num_other_sids?</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>NULL - undocumented pointer to other domain SIDs.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>username unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>user's full name unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon script unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>profile path unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>home directory unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>home directory drive unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num groups</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>GID[num_groups]</term>
-	<listitem><para>group info</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon server unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon domain unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>DOM_SID</term>
-	<listitem><para>domain SID</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>DOM_SID[num_sids]</term>
-	<listitem><para>other domain SIDs?</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>SH_INFO_1_PTR (pointers to level 1 share info strings)</title>
-
-<para><emphasis>Note:	see cifsrap2.txt section5, page 10.</emphasis></para>
-
-<simplelist>
-<member>0 for shi1_type indicates a  Disk.</member>
-<member>1 for shi1_type indicates a  Print Queue.</member>
-<member>2 for shi1_type indicates a  Device.</member>
-<member>3 for shi1_type indicates an IPC pipe.</member>
-<member>0x8000 0000 (top bit set in shi1_type) indicates a hidden share.</member>
-</simplelist>
-
-<variablelist>
-
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>shi1_netname - pointer to net name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>shi1_type    - type of share.  0 - undocumented.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>shi1_remark  - pointer to comment.</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>SH_INFO_1_STR (level 1 share info strings)</title>
-
-<variablelist>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>shi1_netname - unicode string of net name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>shi1_remark  - unicode string of comment.</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>SHARE_INFO_1_CTR</title>
-
-<para>share container with 0 entries:</para>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - EntriesRead</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - Buffer</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para>share container with > 0 entries:</para>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>EntriesRead</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>non-zero - Buffer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>EntriesRead</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SH_INFO_1_PTR[EntriesRead]</term>
-	<listitem><para>share entry pointers</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SH_INFO_1_STR[EntriesRead]</term>
-	<listitem><para>share entry strings</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>padding to get unicode string 4-byte aligned with start of the SMB header.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>EntriesRead</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - padding</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>SERVER_INFO_101</title>
-
-<para><emphasis>Note:	see cifs6.txt section 6.4 - the fields described therein will be of assistance here.  for example, the type listed below is the 	same as fServerType, which is described in 6.4.1. </emphasis></para>
-
-<variablelist>
-<varlistentry>
-	<term>SV_TYPE_WORKSTATION</term>
-	<listitem><para>0x00000001  All workstations</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_SERVER</term>
-	<listitem><para>0x00000002  All servers</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_SQLSERVER</term>
-	<listitem><para>0x00000004  Any server running with SQL server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_DOMAIN_CTRL</term>
-	<listitem><para>0x00000008  Primary domain controller</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_DOMAIN_BAKCTRL</term>
-	<listitem><para>0x00000010  Backup domain controller</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_TIME_SOURCE</term>
-	<listitem><para>0x00000020  Server running the timesource service</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_AFP</term>
-	<listitem><para>0x00000040  Apple File Protocol servers</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_NOVELL</term>
-	<listitem><para>0x00000080  Novell servers</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_DOMAIN_MEMBER</term>
-	<listitem><para>0x00000100  Domain Member</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_PRINTQ_SERVER</term>
-	<listitem><para>0x00000200  Server sharing print queue</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_DIALIN_SERVER</term>
-	<listitem><para>0x00000400  Server running dialin service.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_XENIX_SERVER</term>
-	<listitem><para>0x00000800  Xenix server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_NT</term>
-	<listitem><para>0x00001000  NT server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_WFW</term>
-	<listitem><para>0x00002000  Server running Windows for </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_SERVER_NT</term>
-	<listitem><para>0x00008000  Windows NT non DC server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_POTENTIAL_BROWSER</term>
-	<listitem><para>0x00010000  Server that can run the browser service</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_BACKUP_BROWSER</term>
-	<listitem><para>0x00020000  Backup browser server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_MASTER_BROWSER</term>
-	<listitem><para>0x00040000  Master browser server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_DOMAIN_MASTER</term>
-	<listitem><para>0x00080000  Domain Master Browser server</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_LOCAL_LIST_ONLY</term>
-	<listitem><para>0x40000000  Enumerate only entries marked "local"</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SV_TYPE_DOMAIN_ENUM</term>
-	<listitem><para>0x80000000  Enumerate Domains. The pszServer and pszDomain parameters must be NULL.</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>500 - platform_id</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>pointer to name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>5 - major version</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>4 - minor version</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>type (SV_TYPE_... bit field)</para></listitem></varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>pointer to comment</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>sv101_name - unicode string of server name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>sv_101_comment  - unicode string of server comment.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>padding to get unicode string 4-byte aligned with start of the SMB header.</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-</sect2>
-</sect1>
-
-<sect1>
-<title>MSRPC over Transact Named Pipe</title>
-
-<para>For details on the SMB Transact Named Pipe, see cifs6.txt</para>
-
-<sect2>
-<title>MSRPC Pipes</title>
-
-<para>
-The MSRPC is conducted over an SMB Transact Pipe with a name of 
-<filename>\PIPE\</filename>.  You must first obtain a 16 bit file handle, by
-sending a SMBopenX with the pipe name <filename>\PIPE\srvsvc</filename> for
-example.  You can then perform an SMB Trans,
-and must carry out an SMBclose on the file handle once you are finished.
-</para>
-
-<para>
-Trans Requests must be sent with two setup UINT16s, no UINT16 params (none
-known about), and UINT8 data parameters sufficient to contain the MSRPC
-header, and MSRPC data.  The first UINT16 setup parameter must be either
-0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle
-state.  The second UINT16 parameter must be the file handle for the pipe,
-obtained above.
-</para>
-
-<para>
-The Data section for an API Command of 0x0026 (RPC pipe) in the Trans
-Request is the RPC Header, followed by the RPC Data.  The Data section for
-an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes.  The
-only value seen for these two bytes is 0x00 0x43.
-</para>
-
-<para>
-MSRPC Responses are sent as response data inside standard SMB Trans
-responses, with the MSRPC Header, MSRPC Data and MSRPC tail.
-</para>
-
-<para>
-It is suspected that the Trans Requests will need to be at least 2-byte
-aligned (probably 4-byte).  This is standard practice for SMBs.  It is also
-independent of the observed 4-byte alignments with the start of the MSRPC
-header, including the 4-byte alignment between the MSRPC header and the
-MSRPC data.
-</para>
-
-<para>
-First, an SMBtconX connection is made to the IPC$ share.  The connection
-must be made using encrypted passwords, not clear-text.  Then, an SMBopenX
-is made on the pipe.  Then, a Set Named Pipe Handle State must be sent,
-after which the pipe is ready to accept API commands.  Lastly, and SMBclose
-is sent.
-</para>
-
-<para>
-To be resolved:
-</para>
-
-<para>
-lkcl/01nov97 there appear to be two additional bytes after the null-terminated \PIPE\ name for the RPC pipe.  Values seen so far are
-listed below:</para>
-
-<para><programlisting>
-        initial SMBopenX request:         RPC API command 0x26 params:
-        "\\PIPE\\lsarpc"                  0x65 0x63; 0x72 0x70; 0x44 0x65;
-        "\\PIPE\\srvsvc"                  0x73 0x76; 0x4E 0x00; 0x5C 0x43;
-</programlisting></para>
-
-</sect2>
-
-<sect2>
-<title>Header</title>
-
-<para>[section to be rewritten, following receipt of work by Duncan Stansfield]</para>
-
-<para>Interesting note: if you set packed data representation to 0x0100 0000
-then all 4-byte and 2-byte word ordering is turned around!</para>
-
-<para>The start of each of the NTLSA and NETLOGON named pipes begins with:</para>
-
-<segmentedlist>
-<segtitle>offset</segtitle><segtitle>Variable type</segtitle><segtitle>Variable data</segtitle>
-<seglistitem><seg>00</seg><seg>UINT8</seg><seg>5 - RPC major version</seg></seglistitem>
-<seglistitem><seg>01</seg><seg>UINT8</seg><seg>0 - RPC minor version</seg></seglistitem>
-<seglistitem><seg>02</seg><seg>UINT8</seg><seg>2 - RPC response packet</seg></seglistitem>
-<seglistitem><seg>03</seg><seg>UINT8</seg><seg>3 - (FirstFrag bit-wise or with LastFrag)</seg></seglistitem>
-<seglistitem><seg>04</seg><seg>UINT32</seg><seg>0x1000 0000 - packed data representation</seg></seglistitem>
-<seglistitem><seg>08</seg><seg>UINT16</seg><seg>fragment length - data size (bytes) inc header and tail.</seg></seglistitem>
-<seglistitem><seg>0A</seg><seg>UINT16</seg><seg>0 - authentication length </seg></seglistitem>
-<seglistitem><seg>0C</seg><seg>UINT32</seg><seg>call identifier. matches 12th UINT32 of incoming RPC data.</seg></seglistitem>
-<seglistitem><seg>10</seg><seg>UINT32</seg><seg>allocation hint - data size (bytes) minus header and tail.</seg></seglistitem>
-<seglistitem><seg>14</seg><seg>UINT16</seg><seg>0 - presentation context identifier</seg></seglistitem>
-<seglistitem><seg>16</seg><seg>UINT8</seg><seg>0 - cancel count</seg></seglistitem>
-<seglistitem><seg>17</seg><seg>UINT8</seg><seg>in replies: 0 - reserved; in requests: opnum - see #defines.</seg></seglistitem>
-<seglistitem><seg>18</seg><seg>......</seg><seg>start of data (goes on for allocation_hint bytes)</seg></seglistitem>
-</segmentedlist>
-
-<sect3>
-<title>RPC_Packet for request, response, bind and bind acknowledgement</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT8 versionmaj</term>
-<listitem><para>reply same as request (0x05)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 versionmin</term>
-<listitem><para>reply same as request (0x00)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 type</term>
-<listitem><para>one of the MSRPC_Type enums</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 flags</term>
-<listitem><para>reply same as request (0x00 for Bind, 0x03 for Request)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32 representation</term>
-<listitem><para>reply same as request (0x00000010)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 fraglength</term>
-<listitem><para>the length of the data section of the SMB trans packet</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 authlength</term>
-	<listitem><para></para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32 callid</term>
-<listitem><para>call identifier. (e.g. 0x00149594)</para></listitem></varlistentry>
-<varlistentry>
-	<term>* stub USE TvPacket</term>
-<listitem><para>the remainder of the packet depending on the "type"</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Interface identification</title>
-
-<para>the interfaces are numbered. as yet I haven't seen more than one interface used on the same pipe name srvsvc</para>
-
-<para><programlisting>
-abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003)
-transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002)
-</programlisting></para>
-
-</sect3>
-
-<sect3>
-<title>RPC_Iface RW</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT8 byte[16]</term>
-<listitem><para>16 bytes of number</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32 version</term>
-<listitem><para>the interface number</para></listitem></varlistentry>
-</variablelist>
-
-
-</sect3>
-
-<sect3>
-<title>RPC_ReqBind RW</title>
-
-<para>the remainder of the packet after the header if "type" was Bind in the response header, "type" should be BindAck</para>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16 maxtsize</term>
-<listitem><para>maximum transmission fragment size (0x1630)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 maxrsize</term>
-<listitem><para>max receive fragment size (0x1630)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32 assocgid</term>
-<listitem><para>associated group id (0x0)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32 numelements</term>
-<listitem><para>the number of elements (0x1)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 contextid</term>
-<listitem><para>presentation context identifier (0x0)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 numsyntaxes</term>
-<listitem><para>the number of syntaxes (has always been 1?)(0x1)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-<listitem><para>4-byte alignment padding, against SMB header</para></listitem></varlistentry>
-<varlistentry>
-	<term>* abstractint USE RPC_Iface</term>
-<listitem><para>num and vers. of interface client is using</para></listitem></varlistentry>
-<varlistentry>
-	<term>* transferint USE RPC_Iface</term>
-	<listitem><para>num and vers. of interface to use for replies</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>RPC_Address RW</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16 length</term>
-<listitem><para>length of the string including null terminator</para></listitem></varlistentry>
-<varlistentry>
-	<term>* port USE string</term>
-<listitem><para>the string above in single byte, null terminated form</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>RPC_ResBind RW</title>
-
-<para>the response to place after the header in the reply packet</para>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16 maxtsize</term>
-<listitem><para>same as request</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 maxrsize</term>
-<listitem><para>same as request</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32 assocgid</term>
-<listitem><para>zero</para></listitem></varlistentry>
-<varlistentry>
-	<term>* secondaddr USE RPC_Address</term>
-<listitem><para>the address string, as described earlier</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-<listitem><para>4-byte alignment padding, against SMB header</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 numresults</term>
-<listitem><para>the number of results (0x01)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-<listitem><para>4-byte alignment padding, against SMB header</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 result</term>
-<listitem><para>result (0x00 = accept)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 reason</term>
-<listitem><para>reason (0x00 = no reason specified)</para></listitem></varlistentry>
-<varlistentry>
-	<term>* transfersyntax USE RPC_Iface</term>
-<listitem><para>the transfer syntax from the request</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>RPC_ReqNorm RW</title>
-
-<para>the remainder of the packet after the header for every other other request</para>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32 allochint</term>
-<listitem><para>the size of the stub data in bytes</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 prescontext</term>
-<listitem><para>presentation context identifier (0x0)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 opnum</term>
-<listitem><para>operation number (0x15)</para></listitem></varlistentry>
-<varlistentry>
-	<term>* stub USE TvPacket</term>
-<listitem><para>a packet dependent on the pipe name (probably the interface) and the op number)</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>RPC_ResNorm RW</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32 allochint</term>
-<listitem><para># size of the stub data in bytes</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16 prescontext</term>
-<listitem><para># presentation context identifier (same as request)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 cancelcount</term>
-<listitem><para># cancel count? (0x0)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8 reserved</term>
-<listitem><para># 0 - one byte padding</para></listitem></varlistentry>
-<varlistentry>
-	<term>* stub USE TvPacket</term>
-<listitem><para># the remainder of the reply</para></listitem></varlistentry>
-</variablelist>
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>Tail</title>
-
-<para>The end of each of the NTLSA and NETLOGON named pipes ends with:</para>
-
-<variablelist>
-<varlistentry>
-	<term>......</term>
-	<listitem><para>end of data</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>return code</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect2>
-
-<sect2>
-<title>RPC Bind / Bind Ack</title>
-
-<para>
-RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc)
-with a "transfer syntax" (see RPC_Iface structure).  The purpose for doing
-this is unknown.
-</para>
-
-<para><emphasis>Note: The RPC_ResBind SMB Transact request is sent with two uint16 setup parameters.  The first is 0x0026; the second is the file handle
-	returned by the SMBopenX Transact response.</emphasis></para>
-
-<para><emphasis>Note:	The RPC_ResBind members maxtsize, maxrsize and assocgid are the same in the response as the same members in the RPC_ReqBind.  The
-	RPC_ResBind member transfersyntax is the same in the response as
-	the</emphasis></para>
-
-<para><emphasis>Note:	The RPC_ResBind response member secondaddr contains the name of what is presumed to be the service behind the RPC pipe.  The
-	mapping identified so far is:</emphasis></para>
-
-<variablelist>
-
-<varlistentry>
-	<term>initial SMBopenX request:</term>
-	<listitem><para>RPC_ResBind response:</para></listitem>
-</varlistentry>
-
-<varlistentry>
-	<term>"\\PIPE\\srvsvc"</term>
-	<listitem><para>"\\PIPE\\ntsvcs"</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>"\\PIPE\\samr"</term>
-	<listitem><para>"\\PIPE\\lsass"</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>"\\PIPE\\lsarpc"</term>
-	<listitem><para>"\\PIPE\\lsass"</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>"\\PIPE\\wkssvc"</term>
-	<listitem><para>"\\PIPE\\wksvcs"</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>"\\PIPE\\NETLOGON"</term>
-	<listitem><para>"\\PIPE\\NETLOGON"</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para><emphasis>Note:	The RPC_Packet fraglength member in both the Bind Request and Bind Acknowledgment must contain the length of the entire RPC data, including the RPC_Packet header.</emphasis></para>
-
-<para>Request:</para>
-
-<simplelist>
-<member>RPC_Packet</member>
-<member>RPC_ReqBind</member>
-</simplelist>
-
-<para>Response:</para>
-<simplelist>
-<member>RPC_Packet</member>
-<member>RPC_ResBind</member>
-</simplelist>
-
-</sect2>
-
-<sect2>
-<title>NTLSA Transact Named Pipe</title>
-
-<para>The sequence of actions taken on this pipe are:</para>
-
-<simplelist>
-<member>Establish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.</member>
-<member>Open an RPC Pipe with the name "\\PIPE\\lsarpc".  Store the file handle.</member>
-<member>Using the file handle, send a Set Named Pipe Handle state to 0x4300.</member>
-<member>Send an LSA Open Policy request.  Store the Policy Handle.</member>
-<member>Using the Policy Handle, send LSA Query Info Policy requests, etc.</member>
-<member>Using the Policy Handle, send an LSA Close.</member>
-<member>Close the IPC$ share.</member>
-</simplelist>
-
-<para>Defines for this pipe, identifying the query are:</para>
-<variablelist>
-<varlistentry>
-	<term>LSA Open Policy:</term>
-	<listitem><para>0x2c</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Query Info Policy:</term>
-	<listitem><para>0x07</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Enumerate Trusted Domains:</term>
-	<listitem><para>0x0d</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Open Secret:</term>
-	<listitem><para>0xff</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Lookup SIDs:</term>
-	<listitem><para>0xfe</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Lookup Names:</term>
-	<listitem><para>0xfd</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Close:</term>
-	<listitem><para>0x00</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect2>
-
-<sect2>
-<title>LSA Open Policy</title>
-
-<para><emphasis>Note:	The policy handle can be anything you like.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>server name - unicode string starting with two '\'s</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>OBJ_ATTR</term>
-	<listitem><para>object attributes</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>1 - desired access</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-
-<varlistentry>
-	<term>POL_HND</term>
-	<listitem><para>LSA policy handle</para></listitem>
-</varlistentry>
-
-<varlistentry>
-	<term>return</term>
-	<listitem><para>0 - indicates success</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA Query Info Policy</title>
-
-<para><emphasis>Note:	The info class in response must be the same as that in the request.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>POL_HND</term>
-<listitem><para>LSA policy handle</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-<listitem><para>info class (also a policy handle?)</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>info class (same as info class in request).</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-<para><programlisting>
-switch (info class)
-case 3:
-case 5:
-{
-DOM_INFO domain info, levels 3 and 5 (are the same).
-}
-
-return    0 - indicates success
-</programlisting></para>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA Enumerate Trusted Domains</title>
-
-<sect3>
-<title>Request</title>
-
-<para>no extra data</para>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - enumeration context</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - entries read</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - trust information</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>return</term>
-	<listitem><para>0x8000 001a - "no trusted domains" success code</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-</sect2>
-
-<sect2>
-<title>LSA Open Secret</title>
-
-<sect3>
-<title>Request</title>
-
-<para>no extra data</para>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>0 - undocumented</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para>return    0x0C00 0034 - "no such secret" success code</para>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA Close</title>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>POL_HND</term>
-	<listitem><para>policy handle to be closed</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>POL_HND</term>
-<listitem><para>0s - closed policy handle (all zeros)</para></listitem></varlistentry>
-</variablelist>
-
-<para>return    0 - indicates success</para>
-
-</sect3>
-</sect2>
-
-<sect2>
-<title>LSA Lookup SIDS</title>
-
-<para><emphasis>Note:	num_entries in response must be same as num_entries in request.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>POL_HND</term>
-	<listitem><para>LSA policy handle</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num_entries</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented domain SID buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented domain name buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*[num_entries] undocumented domain SID pointers to be looked up.
-</term>
-<listitem><para>DOM_SID[num_entries] domain SIDs to be looked up.</para></listitem></varlistentry>
-<varlistentry>
-	<term>char[16]</term>
-	<listitem><para>completely undocumented 16 bytes.</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>DOM_REF</term>
-<listitem><para>domain reference response</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>num_entries (listed above)</para></listitem></varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>undocumented buffer pointer</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>num_entries (listed above)</para></listitem></varlistentry>
-<varlistentry>
-	<term>DOM_SID2[num_entries]</term>
-<listitem><para>domain SIDs (from Request, listed above).</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>num_entries (listed above)</para></listitem></varlistentry>
-</variablelist>
-
-<para>return                0 - indicates success</para>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA Lookup Names</title>
-
-<para><emphasis>Note:	num_entries in response must be same as num_entries in request.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>POL_HND</term>
-	<listitem><para>LSA policy handle</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num_entries</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>num_entries</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented domain SID buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented domain name buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>NAME[num_entries]</term>
-	<listitem><para>names to be looked up.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[]</term>
-	<listitem><para>undocumented bytes - falsely translated SID structure?</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>DOM_REF</term>
-<listitem><para>domain reference response</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>num_entries (listed above)</para></listitem></varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>undocumented buffer pointer</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>num_entries (listed above)</para></listitem></varlistentry>
-<varlistentry>
-	<term>DOM_RID[num_entries]</term>
-<listitem><para>domain SIDs (from Request, listed above).</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>num_entries (listed above)</para></listitem></varlistentry>
-</variablelist>
-
-<para>return                0 - indicates success</para>
-
-</sect3>
-</sect2>
-</sect1>
-
-<sect1>
-<title>NETLOGON rpc Transact Named Pipe</title>
-
-<para>The sequence of actions taken on this pipe are:</para>
-
-<simplelist>
-<member>tablish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.</member>
-<member>en an RPC Pipe with the name "\\PIPE\\NETLOGON".  Store the file handle.</member>
-<member>ing the file handle, send a Set Named Pipe Handle state to 0x4300.</member>
-<member>eate Client Challenge. Send LSA Request Challenge.  Store Server Challenge.</member>
-<member>lculate Session Key.  Send an LSA Auth 2 Challenge.  Store Auth2 Challenge.</member>
-<member>lc/Verify Client Creds.  Send LSA Srv PW Set.  Calc/Verify Server Creds.</member>
-<member>lc/Verify Client Creds.  Send LSA SAM Logon .  Calc/Verify Server Creds.</member>
-<member>lc/Verify Client Creds.  Send LSA SAM Logoff.  Calc/Verify Server Creds.</member>
-<member>ose the IPC$ share.</member>
-</simplelist>
-
-<para>Defines for this pipe, identifying the query are</para>
-
-<variablelist>
-<varlistentry>
-	<term>LSA Request Challenge:</term>
-	<listitem><para>0x04</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Server Password Set:</term>
-	<listitem><para>0x06</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA SAM Logon:</term>
-	<listitem><para>0x02</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA SAM Logoff:</term>
-	<listitem><para>0x03</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Auth 2:</term>
-	<listitem><para>0x0f</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>LSA Logon Control:</term>
-	<listitem><para>0x0e</para></listitem>
-</varlistentry>
-</variablelist>
-
-<sect2>
-<title>LSA Request Challenge</title>
-
-<para><emphasis>Note:	logon server name starts with two '\' characters and is upper case.</emphasis></para>
-
-<para><emphasis>Note:	logon client is the machine, not the user.</emphasis></para>
-
-<para><emphasis>Note:	the initial LanManager password hash, against which the challenge is issued, is the machine name itself (lower case).  there will becalls issued (LSA Server Password Set) which will change this, later. refusing these calls allows you to always deal with the same password (i.e the LM# of the machine name in lower case).</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon server unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>logon client unicode string</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[8]</term>
-	<listitem><para>client challenge</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>char[8]</term>
-	<listitem><para>server challenge</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para>return    0 - indicates success</para>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA Authenticate 2</title>
-
-<para><emphasis>Note:	in between request and response, calculate the client credentials, and check them against the client-calculated credentials (this process uses the previously received client credentials).</emphasis></para>
-
-<para><emphasis>Note:	neg_flags in the response is the same as that in the request.</emphasis></para>
-
-<para><emphasis>Note:	you must take a copy of the client-calculated credentials received 	here, because they will be used in subsequent authentication packets.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>LOG_INFO</term>
-	<listitem><para>client identification info</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[8]</term>
-	<listitem><para>client-calculated credentials</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-<listitem><para>padding to 4-byte align with start of SMB header.</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>neg_flags - negotiated flags (usual value is 0x0000 01ff)</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>char[8]</term>
-	<listitem><para>server credentials.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>neg_flags - same as neg_flags in request.</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para>return    0 - indicates success.  failure value unknown.</para>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA Server Password Set</title>
-
-<para><emphasis>Note: the new password is suspected to be a DES encryption using the old password to generate the key.</emphasis></para>
-
-<para><emphasis>Note: in between request and response, calculate the client credentials, and check them against the client-calculated credentials (this process uses the previously received client credentials).</emphasis></para>
-
-<para><emphasis>Note: the server credentials are constructed from the client-calculated credentials and the client time + 1 second.</emphasis></para>
-
-<para><emphasis>Note: you must take a copy of the client-calculated credentials received here, because they will be used in subsequent authentication packets.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>CLNT_INFO</term>
-	<listitem><para>client identification/authentication info</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[]</term>
-	<listitem><para>new password - undocumented.</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>CREDS</term>
-	<listitem><para>server credentials.  server time stamp appears to be ignored.</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para>return    0 - indicates success; 0xC000 006a indicates failure</para>
-
-</sect3>
-</sect2>
-
-<sect2
-<title>LSA SAM Logon</title>
-
-<para><emphasis>
-Note:	valid_user is True iff the username and password hash are valid for
-	the requested domain.
-</emphasis></para>
-
-<sect3>
-<title>Request</title>
-<variablelist>
-<varlistentry>
-	<term>SAM_INFO</term>
-	<listitem><para>sam_id structure</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>CREDS</term>
-	<listitem><para>server credentials.  server time stamp appears to be ignored.</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para><programlisting>
-if (valid_user)
-{
-	UINT16      3 - switch value indicating USER_INFO structure.
-    VOID*     non-zero - pointer to USER_INFO structure
-    USER_INFO user logon information
-
-    UINT32    1 - Authoritative response; 0 - Non-Auth?
-
-    return    0 - indicates success
-}
-else
-{
-	UINT16    0 - switch value.  value to indicate no user presumed.
-    VOID*     0x0000 0000 - indicates no USER_INFO structure.
-
-    UINT32    1 - Authoritative response; 0 - Non-Auth?
-
-    return    0xC000 0064 - NT_STATUS_NO_SUCH_USER.
-}
-</programlisting></para>
-
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>LSA SAM Logoff</title>
-
-<para><emphasis>
-Note:	presumably, the SAM_INFO structure is validated, and a (currently
-	undocumented) error code returned if the Logoff is invalid.
-</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>SAM_INFO</term>
-	<listitem><para>sam_id structure</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>undocumented buffer pointer</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>CREDS</term>
-	<listitem><para>server credentials.  server time stamp appears to be ignored.</para></listitem>
-</varlistentry>
-</variablelist>
-
-<para>return      0 - indicates success.  undocumented failure indication.</para>
-
-</sect3>
-</sect2>
-</sect1>
-
-<sect1>
-<title>\\MAILSLOT\NET\NTLOGON</title>
-
-<para><emphasis>
-Note:	mailslots will contain a response mailslot, to which the response
-	should be sent.  the target NetBIOS name is REQUEST_NAME<20>, where
-	REQUEST_NAME is the name of the machine that sent the request.
-</emphasis></para>
-
-<sect2>
-<title>Query for PDC</title>
-
-<para><emphasis>Note:	NTversion, LMNTtoken, LM20token in response are the same as those 	given in the request.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>0x0007 - Query for PDC</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>STR</term>
-	<listitem><para>machine name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>STR</term>
-	<listitem><para>response mailslot</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>padding to 2-byte align with start of mailslot.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>machine name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>NTversion</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>LMNTtoken</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>LM20token</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16</term>
-<listitem><para>0x000A - Respose to Query for PDC</para></listitem></varlistentry>
-<varlistentry>
-	<term>STR</term>
-<listitem><para>machine name (in uppercase)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>padding to 2-byte align with start of mailslot.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>machine name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-<listitem><para>domain name</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>NTversion (same as received in request)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-<listitem><para>LMNTtoken (same as received in request)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-<listitem><para>LM20token (same as received in request)</para></listitem></varlistentry>
-</variablelist>
-
-</sect3>
-</sect2
-
-<sect2>
-<title>SAM Logon</title>
-
-<para><emphasis>Note: machine name in response is preceded by two '\' characters.</emphasis></para>
-
-<para><emphasis>Note:	NTversion, LMNTtoken, LM20token in response are the same as those given in the request.</emphasis></para>
-
-<para><emphasis>Note:	user name in the response is presumably the same as that in the request.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>0x0012 - SAM Logon</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>request count</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>machine name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>user name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>STR</term>
-	<listitem><para>response mailslot</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>alloweable account</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>domain SID size</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>char[sid_size]</term>
-	<listitem><para>domain SID, of sid_size bytes.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>???? padding to 4? 2? -byte align with start of mailslot.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>NTversion</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>LMNTtoken</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>LM20token</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>0x0013 - Response to SAM Logon</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>machine name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>user name - workstation trust account</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UNISTR</term>
-	<listitem><para>domain name </para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>NTversion</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>LMNTtoken</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT16</term>
-	<listitem><para>LM20token</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-</sect2>
-</sect1>
-
-<sect1>
-<title>SRVSVC Transact Named Pipe</title>
-
-<para>Defines for this pipe, identifying the query are:</para>
-
-<variablelist>
-<varlistentry>
-	<term>Net Share Enum</term>
-	<listitem><para>0x0f</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Net Server Get Info</term>
-	<listitem><para>0x15</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-<sect2>
-<title>Net Share Enum</title>
-
-<para><emphasis>Note:	share level and switch value in the response are presumably the same as those in the request.</emphasis></para>
-
-<para><emphasis>Note:	cifsrap2.txt (section 5) may be of limited assistance here.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>pointer (to server name?)</para></listitem></varlistentry>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>server name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT8[]</term>
-	<listitem><para>padding to get unicode string 4-byte aligned with the start of the SMB header.</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>share level</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>switch value</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>pointer to SHARE_INFO_1_CTR</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SHARE_INFO_1_CTR</term>
-	<listitem><para>share info with 0 entries</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-<listitem><para>preferred maximum length (0xffff ffff)</para></listitem></varlistentry>
-</variablelist>
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>share level</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>switch value</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-<listitem><para>pointer to SHARE_INFO_1_CTR</para></listitem></varlistentry>
-<varlistentry>
-	<term>SHARE_INFO_1_CTR</term>
-<listitem><para>share info (only added if share info ptr is non-zero)</para></listitem></varlistentry>
-</variablelist>
-
-<para>return            0 - indicates success</para>
-
-</sect3>
-</sect2>
-
-<sect2>
-<title>Net Server Get Info</title>
-
-<para><emphasis>Note:	level is the same value as in the request.</emphasis></para>
-
-<sect3>
-<title>Request</title>
-
-<variablelist>
-<varlistentry>
-	<term>UNISTR2</term>
-	<listitem><para>server name</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>switch level</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>Response</title>
-
-<variablelist>
-<varlistentry>
-	<term>UINT32</term>
-	<listitem><para>switch level</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>VOID*</term>
-	<listitem><para>pointer to SERVER_INFO_101</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>SERVER_INFO_101</term>
-<listitem><para>server info (only added if server info ptr is non-zero)</para></listitem></varlistentry>
-</variablelist>
-
-<para>return            0 - indicates success</para>
-
-</sect3>
-</sect2>
-</sect1>
-
-<sect1>
-<title>Cryptographic side of NT Domain Authentication</title>
-
-<sect2>
-<title>Definitions</title>
-
-<variablelist>
-<varlistentry>
-<term>Add(A1,A2)</term>
-<listitem><para>Intel byte ordered addition of corresponding 4 byte words in arrays A1 and A2</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>E(K,D)</term>
-<listitem><para>DES ECB encryption of 8 byte data D using 7 byte key K</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>lmowf()</term>
-<listitem><para>Lan man hash</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>ntowf()</term>
-<listitem><para>NT hash</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>PW</term>
-<listitem><para>md4(machine_password) == md4(lsadump $machine.acc) ==
-pwdump(machine$) (initially) == md4(lmowf(unicode(machine)))
-</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>ARC4(K,Lk,D,Ld)</term>
-<listitem><para>ARC4 encryption of data D of length Ld with key K of length Lk</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>v[m..n(,l)]</term>
-<listitem><para>subset of v from bytes m to n, optionally padded with zeroes to length l</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>Cred(K,D)</term>
-<listitem><para>E(K[7..7,7],E(K[0..6],D)) computes a credential</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>Time()</term>
-<listitem><para>4 byte current time</para></listitem>
-</varlistentry>
-
-<varlistentry>
-<term>Cc,Cs</term>
-<listitem><para>8 byte client and server challenges Rc,Rs: 8 byte client and server credentials</para></listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect2>
-
-<sect2>
-<title>Protocol</title>
-
-<para>
-C->S ReqChal,Cc S->C Cs
-</para>
-
-<para>
-C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))
-</para>
-
-<para>
-C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs),
-assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs))
-</para>
-
-<para>
-On joining the domain the client will optionally attempt to change its
-password and the domain controller may refuse to update it depending
-on registry settings. This will also occur weekly afterwards.
-</para>
-
-<para>
-C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc,
-arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
-assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
-S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'
-</para>
-
-<para>
-User: U with password P wishes to login to the domain (incidental data
-such as workstation and domain omitted)
-</para>
-
-<para>
-C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U,
-arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
-assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
-Ts = Time()
-</para>
-
-<para>
-S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C:
-assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1)
-</para>
-
-</sect2>
-
-<sect2>
-<title>Comments</title>
-
-<para>
-On first joining the domain the session key could be computed by
-anyone listening in on the network as the machine password has a well
-known value. Until the machine is rebooted it will use this session
-key to encrypt NT and LM one way functions of passwords which are
-password equivalents. Any user who logs in before the machine has been
-rebooted a second time will have their password equivalent exposed. Of
-course the new machine password is exposed at this time anyway.
-</para>
-
-<para>
-None of the returned user info such as logon script, profile path and
-SIDs *appear* to be protected by anything other than the TCP checksum.
-</para>
-
-<para>
-The server time stamps appear to be ignored.
-</para>
-
-<para>
-The client sends a ReturnAuthenticator in the SamLogon request which I
-can't find a use for.  However its time is used as the timestamp
-returned by the server.
-</para>
-
-<para>
-The password OWFs should NOT be sent over the network reversibly
-encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server
-computing the same function using the owf values in the SAM.
-</para>
-
-</sect2>
-</sect1>
-
-<sect1>
-<title>SIDs and RIDs</title>
-
-<para>
-SIDs and RIDs are well documented elsewhere.
-</para>
-
-<para>
-A SID is an NT Security ID (see DOM_SID structure).  They are of the form:
-</para>
-
-<simplelist>
-<member>revision-NN-SubAuth1-SubAuth2-SubAuth3... </member>
-<member>revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3...</member>
-</simplelist>
-
-<para>
-currently, the SID revision is 1.
-The Sub-Authorities are known as Relative IDs (RIDs).
-</para>
-
-<sect2>
-<title>Well-known SIDs</title>
-
-<sect3>
-<title>Universal well-known SIDs</title>
-
-<variablelist>
-<varlistentry>
-	<term>Null SID</term>
-	<listitem><para>S-1-0-0</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>World</term>
-	<listitem><para>S-1-1-0</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Local</term>
-	<listitem><para>S-1-2-0</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Creator Owner ID</term>
-	<listitem><para>S-1-3-0</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Creator Group ID</term>
-	<listitem><para>S-1-3-1</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Creator Owner Server ID</term>
-	<listitem><para>S-1-3-2</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Creator Group Server ID</term>
-	<listitem><para>S-1-3-3</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>(Non-unique IDs)</term>
-	<listitem><para>S-1-4</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-
-<sect3>
-<title>NT well-known SIDs</title>
-
-<variablelist>
-<varlistentry>
-	<term>NT Authority</term>
-	<listitem><para>S-1-5</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Dialup</term>
-	<listitem><para>S-1-5-1</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Network</term>
-	<listitem><para>S-1-5-2</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Batch</term>
-	<listitem><para>S-1-5-3</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Interactive</term>
-	<listitem><para>S-1-5-4</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Service</term>
-<listitem><para>S-1-5-6</para></listitem></varlistentry>
-<varlistentry>
-	<term>AnonymousLogon(aka null logon session)</term>
-	<listitem><para>S-1-5-7</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>Proxy</term>
-<listitem><para>S-1-5-8</para></listitem></varlistentry>
-<varlistentry>
-	<term>ServerLogon(aka domain controller account)</term>
-	<listitem><para>S-1-5-8</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>(Logon IDs)</term>
-	<listitem><para>S-1-5-5-X-Y</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>(NT non-unique IDs)</term>
-	<listitem><para>S-1-5-0x15-...</para></listitem>
-</varlistentry>
-<varlistentry>
-	<term>(Built-in domain)</term>
-	<listitem><para>s-1-5-0x20</para></listitem>
-</varlistentry>
-</variablelist>
-
-</sect3>
-</sect2>
-
-<sect2>
-<title>Well-known RIDS</title>
-
-<para>
-A RID is a sub-authority value, as part of either a SID, or in the case
-of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1
-structure, in the LSA SAM Logon response.
-</para>
-
-<sect3>
-<title>Well-known RID users</title>
-
-<segmentedlist>
-<segtitle>Groupname</segtitle>
-<segtitle>????</segtitle>
-<segtitle>RID</segtitle>
-<seglistitem><seg>DOMAIN_USER_RID_ADMIN</seg><seg>0x0000</seg><seg>01F4</seg></seglistitem>
-<seglistitem><seg>DOMAIN_USER_RID_GUEST</seg><seg>0x0000</seg><seg>01F5</seg></seglistitem>
-</segmentedlist>
-
-</sect3>
-
-<sect3>
-<title>Well-known RID groups</title>
-
-<segmentedlist>
-<segtitle>Groupname</segtitle>
-<segtitle>????</segtitle>
-<segtitle>RID</segtitle>
-<seglistitem><seg>	DOMAIN_GROUP_RID_ADMINS</seg><seg>0x0000</seg><seg>0200</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_GROUP_RID_USERS</seg><seg>0x0000</seg><seg>0201</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_GROUP_RID_GUESTS</seg><seg>0x0000</seg><seg>0202</seg></seglistitem>
-</segmentedlist>
-
-</sect3>
-
-<sect3>
-<title>Well-known RID aliases</title>
-
-<segmentedlist>
-<segtitle>Groupname</segtitle>
-<segtitle>????</segtitle>
-<segtitle>RID</segtitle>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_ADMINS</seg><seg>0x0000</seg><seg>0220</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_USERS</seg><seg>0x0000</seg><seg>0221</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_GUESTS</seg><seg>0x0000</seg><seg>0222</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_POWER_USERS</seg><seg>0x0000</seg><seg>0223</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_ACCOUNT_OPS</seg><seg>0x0000</seg><seg>0224</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_SYSTEM_OPS</seg><seg>0x0000</seg><seg>0225</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_PRINT_OPS</seg><seg>0x0000</seg><seg>0226</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_BACKUP_OPS</seg><seg>0x0000</seg><seg>0227</seg></seglistitem>
-<seglistitem><seg>	DOMAIN_ALIAS_RID_REPLICATOR</seg><seg>0x0000</seg><seg>0228</seg></seglistitem>
-</segmentedlist>
-
-</sect3>
-</sect2>
-</sect1>
-</chapter>
diff --git a/docs/docbook/devdoc/debug.sgml b/docs/docbook/devdoc/debug.sgml
deleted file mode 100644
index 7e81cc825db..00000000000
--- a/docs/docbook/devdoc/debug.sgml
+++ /dev/null
@@ -1,321 +0,0 @@
-<chapter id="debug">
-<chapterinfo>
-	<author>
-		<firstname>Chris</firstname><surname>Hertel</surname>
-	</author>
-	<pubdate>July 1998</pubdate>
-</chapterinfo>
-
-<title>The samba DEBUG system</title>
-
-<sect1>
-<title>New Output Syntax</title>
-
-<para>
-   The syntax of a debugging log file is represented as:
-</para>
-
-<para><programlisting>
-  &gt;debugfile&lt; :== { &gt;debugmsg&lt; }
-
-  &gt;debugmsg&lt;  :== &gt;debughdr&lt; '\n' &gt;debugtext&lt;
-
-  &gt;debughdr&lt;  :== '[' TIME ',' LEVEL ']' FILE ':' [FUNCTION] '(' LINE ')'
-
-  &gt;debugtext&lt; :== { &gt;debugline&lt; }
-
-  &gt;debugline&lt; :== TEXT '\n'
-</programlisting></para>
-
-<para>
-TEXT is a string of characters excluding the newline character.
-</para>
-
-<para>
-LEVEL is the DEBUG level of the message (an integer in the range
-		0..10).
-</para>
-
-<para>
-TIME is a timestamp.
-</para>
-
-<para>
-FILE is the name of the file from which the debug message was
-generated.
-</para>
-
-<para>
-FUNCTION is the function from which the debug message was generated.
-</para>
-
-<para>
-LINE is the line number of the debug statement that generated the
-message.
-</para>
-
-<para>Basically, what that all means is:</para>
-<orderedlist>
-<listitem><para>
-A debugging log file is made up of debug messages.
-</para></listitem>
-<listitem><para>
-Each debug message is made up of a header and text. The header is
-separated from the text by a newline.
-</para></listitem>
-<listitem><para>
-The header begins with the timestamp and debug level of the
-message enclosed in brackets. The filename, function, and line
-number at which the message was generated follow. The filename is
-terminated by a colon, and the function name is terminated by the
-parenthesis which contain the line number. Depending upon the
-compiler, the function name may be missing (it is generated by the
-__FUNCTION__ macro, which is not universally implemented, dangit).
-</para></listitem>
-<listitem><para>
-The message text is made up of zero or more lines, each terminated
-by a newline.
-</para></listitem>
-</orderedlist>
-
-<para>Here's some example output:</para>
-
-<para><programlisting>
-    [1998/08/03 12:55:25, 1] nmbd.c:(659)
-      Netbios nameserver version 1.9.19-prealpha started.
-      Copyright Andrew Tridgell 1994-1997
-    [1998/08/03 12:55:25, 3] loadparm.c:(763)
-      Initializing global parameters
-</programlisting></para>
-
-<para>
-Note that in the above example the function names are not listed on
-the header line. That's because the example above was generated on an
-SGI Indy, and the SGI compiler doesn't support the __FUNCTION__ macro.
-</para>
-
-</sect1>
-
-<sect1>
-<title>The DEBUG() Macro</title>
-
-<para>
-Use of the DEBUG() macro is unchanged. DEBUG() takes two parameters.
-The first is the message level, the second is the body of a function
-call to the Debug1() function.
-</para>
-
-<para>That's confusing.</para>
-
-<para>Here's an example which may help a bit. If you would write</para>
-
-<para><programlisting>
-printf( "This is a %s message.\n", "debug" );
-</programlisting></para>
-
-<para>
-to send the output to stdout, then you would write
-</para>
-
-<para><programlisting>
-DEBUG( 0, ( "This is a %s message.\n", "debug" ) );
-</programlisting></para>
-
-<para>
-to send the output to the debug file.  All of the normal printf()
-formatting escapes work.
-</para>
-
-<para>
-Note that in the above example the DEBUG message level is set to 0.
-Messages at level 0 always print.  Basically, if the message level is
-less than or equal to the global value DEBUGLEVEL, then the DEBUG
-statement is processed.
-</para>
-
-<para>
-The output of the above example would be something like:
-</para>
-
-<para><programlisting>
-    [1998/07/30 16:00:51, 0] file.c:function(128)
-      This is a debug message.
-</programlisting></para>
-
-<para>
-Each call to DEBUG() creates a new header *unless* the output produced
-by the previous call to DEBUG() did not end with a '\n'. Output to the
-debug file is passed through a formatting buffer which is flushed
-every time a newline is encountered. If the buffer is not empty when
-DEBUG() is called, the new input is simply appended.
-</para>
-
-<para>
-...but that's really just a Kludge. It was put in place because
-DEBUG() has been used to write partial lines. Here's a simple (dumb)
-example of the kind of thing I'm talking about:
-</para>
-
-<para><programlisting>
-    DEBUG( 0, ("The test returned " ) );
-    if( test() )
-      DEBUG(0, ("True") );
-    else
-      DEBUG(0, ("False") );
-    DEBUG(0, (".\n") );
-</programlisting></para>
-
-<para>
-Without the format buffer, the output (assuming test() returned true)
-would look like this:
-</para>
-
-<para><programlisting>
-    [1998/07/30 16:00:51, 0] file.c:function(256)
-      The test returned
-    [1998/07/30 16:00:51, 0] file.c:function(258)
-      True
-    [1998/07/30 16:00:51, 0] file.c:function(261)
-      .
-</programlisting></para>
-
-<para>Which isn't much use. The format buffer kludge fixes this problem.
-</para>
-
-</sect1>
-
-<sect1>
-<title>The DEBUGADD() Macro</title>
-
-<para>
-In addition to the kludgey solution to the broken line problem
-described above, there is a clean solution. The DEBUGADD() macro never
-generates a header. It will append new text to the current debug
-message even if the format buffer is empty. The syntax of the
-DEBUGADD() macro is the same as that of the DEBUG() macro.
-</para>
-
-<para><programlisting>
-    DEBUG( 0, ("This is the first line.\n" ) );
-    DEBUGADD( 0, ("This is the second line.\nThis is the third line.\n" ) );
-</programlisting></para>
-
-<para>Produces</para>
-
-<para><programlisting>
-    [1998/07/30 16:00:51, 0] file.c:function(512)
-      This is the first line.
-      This is the second line.
-      This is the third line.
-</programlisting></para>
-
-</sect1>
-
-<sect1>
-<title>The DEBUGLVL() Macro</title>
-
-<para>
-One of the problems with the DEBUG() macro was that DEBUG() lines
-tended to get a bit long. Consider this example from
-nmbd_sendannounce.c:
-</para>
-
-<para><programlisting>
-  DEBUG(3,("send_local_master_announcement: type %x for name %s on subnet %s for workgroup %s\n",
-            type, global_myname, subrec->subnet_name, work->work_group));
-</programlisting></para>
-
-<para>
-One solution to this is to break it down using DEBUG() and DEBUGADD(),
-as follows:
-</para>
-
-<para><programlisting>
-  DEBUG( 3, ( "send_local_master_announcement: " ) );
-  DEBUGADD( 3, ( "type %x for name %s ", type, global_myname ) );
-  DEBUGADD( 3, ( "on subnet %s ", subrec->subnet_name ) );
-  DEBUGADD( 3, ( "for workgroup %s\n", work->work_group ) );
-</programlisting></para>
-
-<para>
-A similar, but arguably nicer approach is to use the DEBUGLVL() macro.
-This macro returns True if the message level is less than or equal to
-the global DEBUGLEVEL value, so:
-</para>
-
-<para><programlisting>
-  if( DEBUGLVL( 3 ) )
-    {
-    dbgtext( "send_local_master_announcement: " );
-    dbgtext( "type %x for name %s ", type, global_myname );
-    dbgtext( "on subnet %s ", subrec->subnet_name );
-    dbgtext( "for workgroup %s\n", work->work_group );
-    }
-</programlisting></para>
-
-<para>(The dbgtext() function is explained below.)</para>
-
-<para>There are a few advantages to this scheme:</para>
-<orderedlist>
-<listitem><para>
-The test is performed only once.
-</para></listitem>
-<listitem><para>
-You can allocate variables off of the stack that will only be used
-within the DEBUGLVL() block.
-</para></listitem>
-<listitem><para>
-Processing that is only relevant to debug output can be contained
-within the DEBUGLVL() block.
-</para></listitem>
-</orderedlist>
-
-</sect1>
-
-<sect1>
-<title>New Functions</title>
-
-<sect2>
-<title>dbgtext()</title>
-<para>
-This function prints debug message text to the debug file (and
-possibly to syslog) via the format buffer. The function uses a
-variable argument list just like printf() or Debug1(). The
-input is printed into a buffer using the vslprintf() function,
-and then passed to format_debug_text().
-
-If you use DEBUGLVL() you will probably print the body of the
-message using dbgtext(). 
-</para>
-</sect2>
-
-<sect2>
-<title>dbghdr()</title>
-<para>
-This is the function that writes a debug message header.
-Headers are not processed via the format buffer. Also note that
-if the format buffer is not empty, a call to dbghdr() will not
-produce any output. See the comments in dbghdr() for more info.
-</para>
-
-<para>
-It is not likely that this function will be called directly. It
-is used by DEBUG() and DEBUGADD().
-</para>
-</sect2>
-
-<sect2>
-<title>format_debug_text()</title>
-<para>
-This is a static function in debug.c. It stores the output text
-for the body of the message in a buffer until it encounters a
-newline. When the newline character is found, the buffer is
-written to the debug file via the Debug1() function, and the
-buffer is reset. This allows us to add the indentation at the
-beginning of each line of the message body, and also ensures
-that the output is written a line at a time (which cleans up
-syslog output).
-</para>
-</sect2>
-</sect1>
-</chapter>
diff --git a/docs/docbook/devdoc/dev-doc.sgml b/docs/docbook/devdoc/dev-doc.sgml
deleted file mode 100644
index 5191ddcb93e..00000000000
--- a/docs/docbook/devdoc/dev-doc.sgml
+++ /dev/null
@@ -1,66 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
-<!ENTITY NetBIOS SYSTEM "NetBIOS.sgml">
-<!ENTITY Architecture SYSTEM "architecture.sgml">
-<!ENTITY debug SYSTEM "debug.sgml">
-<!ENTITY internals SYSTEM "internals.sgml">
-<!ENTITY parsing SYSTEM "parsing.sgml">
-<!ENTITY unix-smb SYSTEM "unix-smb.sgml">
-<!ENTITY CodingSuggestions SYSTEM "CodingSuggestions.sgml">
-<!ENTITY Tracing SYSTEM "Tracing.sgml">
-<!ENTITY cifsntdomain SYSTEM "cifsntdomain.sgml">
-<!ENTITY printing SYSTEM "printing.sgml">
-<!ENTITY wins SYSTEM "wins.sgml">
-]>
-
-<book id="Samba-Developer-Documentation">
-
-<title>SAMBA Developers Guide</title>
-
-<bookinfo>
-	<author>
-		<surname>SAMBA Team</surname>
-	</author>
-	<address><email>samba@samba.org</email></address>
-</bookinfo>
-
-<dedication>
-<title>Abstract</title>
-
-<para>
-<emphasis>Last Update</emphasis> : Mon Sep 30 15:23:53 CDT 2002
-</para>
-
-<para>
-This book is a collection of documents that might be useful for 
-people developing samba or those interested in doing so.
-It's nothing more than a collection of documents written by samba developers about 
-the internals of various parts of samba and the SMB protocol. It's still incomplete.
-The most recent version of this document
-can be found at <ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink>.
-Please send updates to <ulink 
-url="mailto:jelmer@samba.org">jelmer@samba.org</ulink>.
-</para>
-
-<para>
-This documentation is distributed under the GNU General Public License (GPL) 
-version 2.  A copy of the license is included with the Samba source
-distribution.  A copy can be found on-line at <ulink 
-url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</ulink>
-</para>
-
-</dedication>
-
-<!-- Chapters -->
-&NetBIOS;
-&Architecture;
-&debug;
-&CodingSuggestions;
-&internals;
-&parsing;
-&unix-smb;
-&Tracing;
-&cifsntdomain;
-&printing;
-&wins;
-
-</book>
diff --git a/docs/docbook/devdoc/internals.sgml b/docs/docbook/devdoc/internals.sgml
deleted file mode 100644
index 982cfd2e108..00000000000
--- a/docs/docbook/devdoc/internals.sgml
+++ /dev/null
@@ -1,440 +0,0 @@
-<chapter id="internals">
-<chapterinfo>
-	<author>
-		<firstname>David</firstname><surname>Chappell</surname>
-		<affiliation>
-			<address><email>David.Chappell@mail.trincoll.edu</email></address>
-		</affiliation>
-	</author>
-	<pubdate>8 May 1996</pubdate>
-</chapterinfo>
-
-<title>Samba Internals</title>
-
-<sect1>
-<title>Character Handling</title>
-<para>
-This section describes character set handling in Samba, as implemented in
-Samba 3.0 and above
-</para>
-
-<para>
-In the past Samba had very ad-hoc character set handling. Scattered
-throughout the code were numerous calls which converted particular
-strings to/from DOS codepages. The problem is that there was no way of
-telling if a particular char* is in dos codepage or unix
-codepage. This led to a nightmare of code that tried to cope with
-particular cases without handlingt the general case.
-</para>
-</sect1>
-
-<sect1>
-<title>The new functions</title>
-
-<para>
-The new system works like this:
-</para>
-
-<orderedlist>
-<listitem><para>
-	all char* strings inside Samba are "unix" strings. These are
-	multi-byte strings that are in the charset defined by the "unix
-	charset" option in smb.conf. 
-</para></listitem>
-
-<listitem><para>
-	there is no single fixed character set for unix strings, but any
-	character set that is used does need the following properties:
-	</para>
-	<orderedlist>
-	
-	<listitem><para>
-		must not contain NULLs except for termination
-	</para></listitem>
-
-	<listitem><para>
-		must be 7-bit compatible with C strings, so that a constant
-		string or character in C will be byte-for-byte identical to the
-		equivalent string in the chosen character set. 
-	</para></listitem>
-	
-	<listitem><para>
-		when you uppercase or lowercase a string it does not become
-		longer than the original string
-	</para></listitem>
-
-	<listitem><para>
-		must be able to correctly hold all characters that your client
-		will throw at it
-	</para></listitem>
-	</orderedlist>
-	
-	<para>
-	For example, UTF-8 is fine, and most multi-byte asian character sets
-	are fine, but UCS2 could not be used for unix strings as they
-	contain nulls.
-	</para>
-</listitem>
-
-<listitem><para>
-	when you need to put a string into a buffer that will be sent on the
-	wire, or you need a string in a character set format that is
-	compatible with the clients character set then you need to use a
-	pull_ or push_ function. The pull_ functions pull a string from a
-	wire buffer into a (multi-byte) unix string. The push_ functions
-	push a string out to a wire buffer. 
-</para></listitem>
-
-<listitem><para>
-	the two main pull_ and push_ functions you need to understand are
-	pull_string and push_string. These functions take a base pointer
-	that should point at the start of the SMB packet that the string is
-	in. The functions will check the flags field in this packet to
-	automatically determine if the packet is marked as a unicode packet,
-	and they will choose whether to use unicode for this string based on
-	that flag. You may also force this decision using the STR_UNICODE or
-	STR_ASCII flags. For use in smbd/ and libsmb/ there are wrapper
-	functions clistr_ and srvstr_ that call the pull_/push_ functions
-	with the appropriate first argument.
-	</para>
-	
-	<para>
-	You may also call the pull_ascii/pull_ucs2 or push_ascii/push_ucs2
-	functions if you know that a particular string is ascii or
-	unicode. There are also a number of other convenience functions in
-	charcnv.c that call the pull_/push_ functions with particularly
-	common arguments, such as pull_ascii_pstring()
-	</para>
-</listitem>
-
-<listitem><para>
-	The biggest thing to remember is that internal (unix) strings in Samba
-	may now contain multi-byte characters. This means you cannot assume
-	that characters are always 1 byte long. Often this means that you will
-	have to convert strings to ucs2 and back again in order to do some
-	(seemingly) simple task. For examples of how to do this see functions
-	like strchr_m(). I know this is very slow, and we will eventually
-	speed it up but right now we want this stuff correct not fast.
-</para></listitem>
-
-<listitem><para>
-	all lp_ functions now return unix strings. The magic "DOS" flag on
-	parameters is gone.
-</para></listitem>
-
-<listitem><para>
-	all vfs functions take unix strings. Don't convert when passing to them
-</para></listitem>
-
-</orderedlist>
-
-</sect1>
-
-<sect1>
-<title>Macros in byteorder.h</title>
-
-<para>
-This section describes the macros defined in byteorder.h.  These macros 
-are used extensively in the Samba code.
-</para>
-
-<sect2>
-<title>CVAL(buf,pos)</title>
-
-<para>
-returns the byte at offset pos within buffer buf as an unsigned character.
-</para>
-</sect2>
-
-<sect2>
-<title>PVAL(buf,pos)</title>
-<para>returns the value of CVAL(buf,pos) cast to type unsigned integer.</para>
-</sect2>
-
-<sect2>
-<title>SCVAL(buf,pos,val)</title>
-<para>sets the byte at offset pos within buffer buf to value val.</para>
-</sect2>
-
-<sect2>
-<title>SVAL(buf,pos)</title>
-<para>
-	returns the value of the unsigned short (16 bit) little-endian integer at 
-	offset pos within buffer buf.  An integer of this type is sometimes
-	refered to as "USHORT".
-</para>
-</sect2>
-
-<sect2>
-<title>IVAL(buf,pos)</title>
-<para>returns the value of the unsigned 32 bit little-endian integer at offset 
-pos within buffer buf.</para>
-</sect2>
-
-<sect2>
-<title>SVALS(buf,pos)</title>
-<para>returns the value of the signed short (16 bit) little-endian integer at 
-offset pos within buffer buf.</para>
-</sect2>
-
-<sect2>
-<title>IVALS(buf,pos)</title>
-<para>returns the value of the signed 32 bit little-endian integer at offset pos
-within buffer buf.</para>
-</sect2>
-
-<sect2>
-<title>SSVAL(buf,pos,val)</title>
-<para>sets the unsigned short (16 bit) little-endian integer at offset pos within 
-buffer buf to value val.</para>
-</sect2>
-
-<sect2>
-<title>SIVAL(buf,pos,val)</title>
-<para>sets the unsigned 32 bit little-endian integer at offset pos within buffer 
-buf to the value val.</para>
-</sect2>
-
-<sect2>
-<title>SSVALS(buf,pos,val)</title>
-<para>sets the short (16 bit) signed little-endian integer at offset pos within 
-buffer buf to the value val.</para>
-</sect2>
-
-<sect2>
-<title>SIVALS(buf,pos,val)</title>
-<para>sets the signed 32 bit little-endian integer at offset pos withing buffer
-buf to the value val.</para>
-</sect2>
-
-<sect2>
-<title>RSVAL(buf,pos)</title>
-<para>returns the value of the unsigned short (16 bit) big-endian integer at 
-offset pos within buffer buf.</para>
-</sect2>
-
-<sect2>
-<title>RIVAL(buf,pos)</title>
-<para>returns the value of the unsigned 32 bit big-endian integer at offset 
-pos within buffer buf.</para>
-</sect2>
-
-<sect2>
-<title>RSSVAL(buf,pos,val)</title>
-<para>sets the value of the unsigned short (16 bit) big-endian integer at 
-offset pos within buffer buf to value val.
-refered to as "USHORT".</para>
-</sect2>
-
-<sect2>
-<title>RSIVAL(buf,pos,val)</title>
-<para>sets the value of the unsigned 32 bit big-endian integer at offset 
-pos within buffer buf to value val.</para>
-</sect2>
-
-</sect1>
-
-
-<sect1>
-<title>LAN Manager Samba API</title>
-
-<para>
-This section describes the functions need to make a LAN Manager RPC call.
-This information had been obtained by examining the Samba code and the LAN
-Manager 2.0 API documentation.  It should not be considered entirely
-reliable.
-</para>
-
-<para>
-<programlisting>
-call_api(int prcnt, int drcnt, int mprcnt, int mdrcnt, 
-	char *param, char *data, char **rparam, char **rdata);
-</programlisting>
-</para>
-
-<para>
-This function is defined in client.c.  It uses an SMB transaction to call a
-remote api.
-</para>
-
-<sect2>
-<title>Parameters</title>
-
-<para>The parameters are as follows:</para>
-
-<orderedlist>
-<listitem><para>
-	prcnt: the number of bytes of parameters begin sent.
-</para></listitem>
-<listitem><para>
-	drcnt:   the number of bytes of data begin sent.
-</para></listitem>
-<listitem><para>
-	mprcnt:  the maximum number of bytes of parameters which should be returned
-</para></listitem>
-<listitem><para>
-	mdrcnt:  the maximum number of bytes of data which should be returned
-</para></listitem>
-<listitem><para>
-	param:   a pointer to the parameters to be sent.
-</para></listitem>
-<listitem><para>
-	data:    a pointer to the data to be sent.
-</para></listitem>
-<listitem><para>
-	rparam:  a pointer to a pointer which will be set to point to the returned
-	paramters.  The caller of call_api() must deallocate this memory.
-</para></listitem>
-<listitem><para>
-	rdata:   a pointer to a pointer which will be set to point to the returned 
-	data.  The caller of call_api() must deallocate this memory.
-</para></listitem>
-</orderedlist>
-
-<para>
-These are the parameters which you ought to send, in the order of their
-appearance in the parameter block:
-</para>
-
-<orderedlist>
-
-<listitem><para>
-An unsigned 16 bit integer API number.  You should set this value with
-SSVAL().  I do not know where these numbers are described.
-</para></listitem>
-
-<listitem><para>
-An ASCIIZ string describing the parameters to the API function as defined
-in the LAN Manager documentation.  The first parameter, which is the server
-name, is ommited.  This string is based uppon the API function as described
-in the manual, not the data which is actually passed.
-</para></listitem>
-
-<listitem><para>
-An ASCIIZ string describing the data structure which ought to be returned.
-</para></listitem>
-
-<listitem><para>
-Any parameters which appear in the function call, as defined in the LAN
-Manager API documentation, after the "Server" and up to and including the
-"uLevel" parameters.
-</para></listitem>
-
-<listitem><para>
-An unsigned 16 bit integer which gives the size in bytes of the buffer we
-will use to receive the returned array of data structures.  Presumably this
-should be the same as mdrcnt.  This value should be set with SSVAL().
-</para></listitem>
-
-<listitem><para>
-An ASCIIZ string describing substructures which should be returned.  If no 
-substructures apply, this string is of zero length.
-</para></listitem>
-
-</orderedlist>
-
-<para>
-The code in client.c always calls call_api() with no data.  It is unclear
-when a non-zero length data buffer would be sent.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Return value</title>
-
-<para>
-The returned parameters (pointed to by rparam), in their order of appearance
-are:</para>
-
-<orderedlist>
-
-<listitem><para>
-An unsigned 16 bit integer which contains the API function's return code. 
-This value should be read with SVAL().
-</para></listitem>
-
-<listitem><para>
-An adjustment which tells the amount by which pointers in the returned
-data should be adjusted.  This value should be read with SVAL().  Basically, 
-the address of the start of the returned data buffer should have the returned
-pointer value added to it and then have this value subtracted from it in
-order to obtain the currect offset into the returned data buffer.
-</para></listitem>
-
-<listitem><para>
-A count of the number of elements in the array of structures returned. 
-It is also possible that this may sometimes be the number of bytes returned.
-</para></listitem>
-</orderedlist>
-
-<para>
-When call_api() returns, rparam points to the returned parameters.  The
-first if these is the result code.  It will be zero if the API call
-suceeded.  This value by be read with "SVAL(rparam,0)".
-</para>
-
-<para>
-The second parameter may be read as "SVAL(rparam,2)".  It is a 16 bit offset
-which indicates what the base address of the returned data buffer was when
-it was built on the server.  It should be used to correct pointer before
-use.
-</para>
-
-<para>
-The returned data buffer contains the array of returned data structures. 
-Note that all pointers must be adjusted before use.  The function
-fix_char_ptr() in client.c can be used for this purpose.
-</para>
-
-<para>
-The third parameter (which may be read as "SVAL(rparam,4)") has something to
-do with indicating the amount of data returned or possibly the amount of
-data which can be returned if enough buffer space is allowed.
-</para>
-
-</sect2>
-</sect1>
-
-<sect1>
-<title>Code character table</title>
-<para>
-Certain data structures are described by means of ASCIIz strings containing
-code characters.  These are the code characters:
-</para>
-
-<orderedlist>
-<listitem><para>
-W	a type byte little-endian unsigned integer
-</para></listitem>
-<listitem><para>
-N	a count of substructures which follow
-</para></listitem>
-<listitem><para>
-D	a four byte little-endian unsigned integer
-</para></listitem>
-<listitem><para>
-B	a byte (with optional count expressed as trailing ASCII digits)
-</para></listitem>
-<listitem><para>
-z	a four byte offset to a NULL terminated string
-</para></listitem>
-<listitem><para>
-l	a four byte offset to non-string user data
-</para></listitem>
-<listitem><para>
-b	an offset to data (with count expressed as trailing ASCII digits)
-</para></listitem>
-<listitem><para>
-r	pointer to returned data buffer???
-</para></listitem>
-<listitem><para>
-L	length in bytes of returned data buffer???
-</para></listitem>
-<listitem><para>
-h	number of bytes of information available???
-</para></listitem>
-</orderedlist>
-
-</sect1>
-</chapter>
diff --git a/docs/docbook/devdoc/parsing.sgml b/docs/docbook/devdoc/parsing.sgml
deleted file mode 100644
index 8d929617f5a..00000000000
--- a/docs/docbook/devdoc/parsing.sgml
+++ /dev/null
@@ -1,239 +0,0 @@
-<chapter id="parsing">
-<chapterinfo>
-	<author>
-		<firstname>Chris</firstname><surname>Hertel</surname>
-	</author>
-	<pubdate>November 1997</pubdate>
-</chapterinfo>
-
-<title>The smb.conf file</title>
-
-<sect1>
-<title>Lexical Analysis</title>
-
-<para>
-Basically, the file is processed on a line by line basis.  There are
-four types of lines that are recognized by the lexical analyzer
-(params.c):
-</para>
-
-<orderedlist>
-<listitem><para>
-Blank lines - Lines containing only whitespace.
-</para></listitem>
-<listitem><para>
-Comment lines - Lines beginning with either a semi-colon or a
-pound sign (';' or '#').
-</para></listitem>
-<listitem><para>
-Section header lines - Lines beginning with an open square bracket ('[').
-</para></listitem>
-<listitem><para>
-Parameter lines - Lines beginning with any other character.
-(The default line type.)
-</para></listitem>
-</orderedlist>
-
-<para>
-The first two are handled exclusively by the lexical analyzer, which
-ignores them.  The latter two line types are scanned for
-</para>
-
-<orderedlist>
-<listitem><para>
-  - Section names
-</para></listitem>
-<listitem><para>
-  - Parameter names
-</para></listitem>
-<listitem><para>
-  - Parameter values
-</para></listitem>
-</orderedlist>
-
-<para>
-These are the only tokens passed to the parameter loader
-(loadparm.c).  Parameter names and values are divided from one
-another by an equal sign: '='.
-</para>
-
-<sect2>
-<title>Handling of Whitespace</title>
-
-<para>
-Whitespace is defined as all characters recognized by the isspace()
-function (see ctype(3C)) except for the newline character ('\n')
-The newline is excluded because it identifies the end of the line.
-</para>
-
-<orderedlist>
-<listitem><para>
-The lexical analyzer scans past white space at the beginning of a line.
-</para></listitem>
-
-<listitem><para>
-Section and parameter names may contain internal white space.  All
-whitespace within a name is compressed to a single space character. 
-</para></listitem>
-
-<listitem><para>
-Internal whitespace within a parameter value is kept verbatim with 
-the exception of carriage return characters ('\r'), all of which
-are removed.
-</para></listitem>
-
-<listitem><para>
-Leading and trailing whitespace is removed from names and values.
-</para></listitem>
-
-</orderedlist>
-
-</sect2>
-
-<sect2>
-<title>Handling of Line Continuation</title>
-
-<para>
-Long section header and parameter lines may be extended across
-multiple lines by use of the backslash character ('\\').  Line
-continuation is ignored for blank and comment lines.
-</para>
-
-<para>
-If the last (non-whitespace) character within a section header or on
-a parameter line is a backslash, then the next line will be
-(logically) concatonated with the current line by the lexical
-analyzer.  For example:
-</para>
-
-<para><programlisting>
-	param name = parameter value string \
-	with line continuation.
-</programlisting></para>
-
-<para>Would be read as</para>
-
-<para><programlisting>
-    param name = parameter value string     with line continuation.
-</programlisting></para>
-
-<para>
-Note that there are five spaces following the word 'string',
-representing the one space between 'string' and '\\' in the top
-line, plus the four preceeding the word 'with' in the second line.
-(Yes, I'm counting the indentation.)
-</para>
-
-<para>
-Line continuation characters are ignored on blank lines and at the end
-of comments.  They are *only* recognized within section and parameter
-lines.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Line Continuation Quirks</title>
-
-<para>Note the following example:</para>
-
-<para><programlisting>
-	param name = parameter value string \
-    \
-    with line continuation.
-</programlisting></para>
-
-<para>
-The middle line is *not* parsed as a blank line because it is first
-concatonated with the top line.  The result is
-</para>
-
-<para><programlisting>
-param name = parameter value string         with line continuation.
-</programlisting></para>
-
-<para>The same is true for comment lines.</para>
-
-<para><programlisting>
-	param name = parameter value string \
-	; comment \
-    with a comment.
-</programlisting></para>
-
-<para>This becomes:</para>
-
-<para><programlisting>
-param name = parameter value string     ; comment     with a comment.
-</programlisting></para>
-
-<para>
-On a section header line, the closing bracket (']') is considered a
-terminating character, and the rest of the line is ignored.  The lines
-</para>
-
-<para><programlisting>
-	[ section   name ] garbage \
-    param  name  = value
-</programlisting></para>
-
-<para>are read as</para>
-
-<para><programlisting>
-	[section name]
-    param name = value
-</programlisting></para>
-
-</sect2>
-</sect1>
-
-<sect1>
-<title>Syntax</title>
-
-<para>The syntax of the smb.conf file is as follows:</para>
-
-<para><programlisting>
-  &lt;file&gt;            :==  { &lt;section&gt; } EOF
-  &lt;section&gt;         :==  &lt;section header&gt; { &lt;parameter line&gt; }
-  &lt;section header&gt;  :==  '[' NAME ']'
-  &lt;parameter line&gt;  :==  NAME '=' VALUE NL
-</programlisting></para>
-
-<para>Basically, this means that</para>
-
-<orderedlist>
-<listitem><para>
-	a file is made up of zero or more sections, and is terminated by
-	an EOF (we knew that).
-</para></listitem>
-
-<listitem><para>
-	A section is made up of a section header followed by zero or more
-	parameter lines.
-</para></listitem>
-
-<listitem><para>
-	A section header is identified by an opening bracket and
-	terminated by the closing bracket.  The enclosed NAME identifies
-	the section.
-</para></listitem>
-
-<listitem><para>
-	A parameter line is divided into a NAME and a VALUE.  The *first*
-	equal sign on the line separates the NAME from the VALUE.  The
-	VALUE is terminated by a newline character (NL = '\n').
-</para></listitem>
-
-</orderedlist>
-
-<sect2>
-<title>About params.c</title>
-
-<para>
-The parsing of the config file is a bit unusual if you are used to
-lex, yacc, bison, etc.  Both lexical analysis (scanning) and parsing
-are performed by params.c.  Values are loaded via callbacks to
-loadparm.c.
-</para>
-</sect2>
-</sect1>
-</chapter>
diff --git a/docs/docbook/devdoc/printing.sgml b/docs/docbook/devdoc/printing.sgml
deleted file mode 100644
index 2ef64353e1e..00000000000
--- a/docs/docbook/devdoc/printing.sgml
+++ /dev/null
@@ -1,393 +0,0 @@
-<chapter id="printing">
-<chapterinfo>
-	<author>
-		<firstname>Gerald</firstname><surname>Carter</surname>
-	</author>
-	<pubdate>October 2002</pubdate>
-</chapterinfo>
-
-
-<title>Samba Printing Internals</title>
-
-
-<sect1>
-<title>Abstract</title>
-<para>
-The purpose of this document is to provide some insight into
-Samba's printing functionality and also to describe the semantics
-of certain features of Windows client printing.
-</para>
-</sect1>
-
-
-
-<sect1>
-<title>
-Printing Interface to Various Back ends
-</title>
-
-<para>
-Samba uses a table of function pointers to seven functions.  The
-function prototypes are defined in the <VarName>printif</VarName> structure declared
-in <filename>printing.h</filename>.
-</para>
-
-<itemizedlist>
-	<listitem><para>retrieve the contents of a print queue</para></listitem>
-	<listitem><para>pause the print queue</para></listitem>
-	<listitem><para>resume a paused print queue</para></listitem>
-	<listitem><para>delete a job from the queue</para></listitem>
-	<listitem><para>pause a job in the print queue</para></listitem>
-	<listitem><para>result a paused print job in the queue</para></listitem>
-	<listitem><para>submit a job to the print queue</para></listitem>
-</itemizedlist>
-
-<para>
-Currently there are only two printing back end implementations
-defined.
-</para>
-
-<itemizedlist>
-	<listitem><para>a generic set of functions for working with standard UNIX
-	printing subsystems</para></listitem>
-
-	<listitem><para>a set of CUPS specific functions (this is only enabled if
-	the CUPS libraries were located at compile time).</para></listitem>
-</itemizedlist>
-
-</sect1>
-
-
-
-
-<sect1>
-<title>
-Print Queue TDB's
-</title>
-
-
-<para>
-Samba provides periodic caching of the output from the "lpq command"
-for performance reasons.  This cache time is configurable in seconds.
-Obviously the longer the cache time the less often smbd will be
-required to exec a copy of lpq.  However, the accuracy of the print
-queue contents displayed to clients will be diminished as well.
-</para>
-
-<para>
-The list of currently opened print queue TDB's can be found
-be examining the list of tdb_print_db structures ( see print_db_head
-in printing.c ). A queue TDB is opened using the wrapper function
-printing.c:get_print_db_byname().  The function ensures that smbd
-does not open more than MAX_PRINT_DBS_OPEN in an effort to prevent
-a large print server from exhausting all available file descriptors.
-If the number of open queue TDB's exceeds the MAX_PRINT_DBS_OPEN
-limit, smbd falls back to a most recently used algorithm for maintaining
-a list of open TDB's.
-</para>
-
-<para>
-There are two ways in which a a print job can be entered into
-a print queue's TDB.  The first is to submit the job from a Windows
-client which will insert the job information directly into the TDB.
-The second method is to have the print job picked up by executing the
-"lpq command".
-</para>
-
-<para><programlisting>
-/* included from printing.h */
-struct printjob {
-	pid_t pid; /* which process launched the job */
-	int sysjob; /* the system (lp) job number */
-	int fd; /* file descriptor of open file if open */
-	time_t starttime; /* when the job started spooling */
-	int status; /* the status of this job */
-	size_t size; /* the size of the job so far */
-	int page_count;	/* then number of pages so far */
-	BOOL spooled; /* has it been sent to the spooler yet? */
-	BOOL smbjob; /* set if the job is a SMB job */
-	fstring filename; /* the filename used to spool the file */
-	fstring jobname; /* the job name given to us by the client */
-	fstring user; /* the user who started the job */
-	fstring queuename; /* service number of printer for this job */
-	NT_DEVICEMODE *nt_devmode;
-};
-</programlisting></para>
-
-<para>
-The current manifestation of the printjob structure contains a field
-for the UNIX job id returned from the "lpq command" and a Windows job
-ID (32-bit bounded by PRINT_MAX_JOBID).  When a print job is returned
-by the "lpq command" that does not match an existing job in the queue's
-TDB, a 32-bit job ID above the &lt;*vance doesn't know what word is missing here*&gt; is generating by adding UNIX_JOB_START to
-the id reported by lpq.
-</para>
-
-<para>
-In order to match a 32-bit Windows jobid onto a 16-bit lanman print job
-id, smbd uses an in memory TDB to match the former to a number appropriate
-for old lanman clients.
-</para>
-
-<para>
-When updating a print queue, smbd will perform the following
-steps ( refer to <filename>print.c:print_queue_update()</filename> ):
-</para>
-
-<orderedlist>
-	<listitem><para>Check to see if another smbd is currently in 
-	the process of updating the queue contents by checking the pid 
-	stored in <constant>LOCK/<replaceable>printer_name</replaceable></constant>.  
-	If so, then do not update the TDB.</para></listitem>
-	
-	<listitem><para>Lock the mutex entry in the TDB and store our own pid.
-	Check that this succeeded, else fail.</para></listitem>
-
-	<listitem><para>Store the updated time stamp for the new cache
-	listing</para></listitem>
-
-	<listitem><para>Retrieve the queue listing via "lpq command"</para></listitem>
-
-	<listitem><para><programlisting>
-	foreach job in the queue
-     	{
-		if the job is a UNIX job, create a new entry;
-		if the job has a Windows based jobid, then
-		{
-			Lookup the record by the jobid;
-			if the lookup failed, then
-				treat it as a UNIX job;
-			else
-				update the job status only
-		}
-	}</programlisting></para></listitem>
-
-	<listitem><para>Delete any jobs in the TDB that are not
-	in the in the lpq listing</para></listitem>
-
-	<listitem><para>Store the print queue status in the TDB</para></listitem>
-	
-	<listitem><para>update the cache time stamp again</para></listitem>
-	
-</orderedlist>
-
-<para>
-Note that it is the contents of this TDB that is returned to Windows
-clients and not the actual listing from the "lpq command".
-</para>
-
-<para>
-The NT_DEVICEMODE stored as part of the printjob structure is used to
-store a pointer to a non-default DeviceMode associated with the print
-job.  The pointer will be non-null when the client included a Device
-Mode in the OpenPrinterEx() call and subsequently submitted a job for
-printing on that same handle.  If the client did not include a Device
-Mode in the OpenPrinterEx() request, the nt_devmode field is NULL
-and the job has the printer's device mode associated with it by default.
-</para>
-
-<para>
-Only non-default Device Mode are stored with print jobs in the print
-queue TDB.  Otherwise, the Device Mode is obtained from the printer
-object when the client issues a GetJob(level == 2) request.
-</para>
-
-</sect1>
-
-
-
-
-<sect1>
-<title>
-ChangeID & Client Caching of Printer Information
-</title>
-
-<para>
-[To be filled in later]
-</para>
-</sect1>
-
-
-
-<sect1>
-<title>
-Windows NT/2K Printer Change Notify
-</title>
-
-<para>
-When working with Windows NT+ clients, it is possible for a
-print server to use RPC to send asynchronous change notification
-events to clients for certain printer and print job attributes.
-This can be useful when the client needs to know that a new
-job has been added to the queue for a given printer or that the
-driver for a printer has been changed.  Note that this is done
-entirely orthogonal to cache updates based on a new ChangeID for
-a printer object.
-</para>
-
-<para>
-The basic set of RPC's used to implement change notification are
-</para>
-
-<itemizedlist>
-	<listitem><para>RemoteFindFirstPrinterChangeNotifyEx ( RFFPCN )</para></listitem>
-	<listitem><para>RemoteFindNextPrinterChangeNotifyEx ( RFNPCN )</para></listitem>
-	<listitem><para>FindClosePrinterChangeNotify( FCPCN )</para></listitem>
-	<listitem><para>ReplyOpenPrinter</para></listitem>
-	<listitem><para>ReplyClosePrinter</para></listitem>
-	<listitem><para>RouteRefreshPrinterChangeNotify ( RRPCN )</para></listitem>
-</itemizedlist>
-
-<para>
-One additional RPC is available to a server, but is never used by the
-Windows spooler service:
-</para>
-
-<itemizedlist>
-	<listitem><para>RouteReplyPrinter()</para></listitem>
-</itemizedlist>
-
-<para>
-The opnum for all of these RPC's are defined in include/rpc_spoolss.h
-</para>
-
-<para>
-Windows NT print servers use a bizarre method of sending print
-notification event to clients.  The process of registering a new change
-notification handle is as follows.  The 'C' is for client and the
-'S' is for server.  All error conditions have been eliminated.
-</para>
-
-<para><programlisting>
-C:	Obtain handle to printer or to the printer
-	server via the standard OpenPrinterEx() call.
-S:	Respond with a valid handle to object
-
-C:	Send a RFFPCN request with the previously obtained
-	handle with either (a) set of flags for change events
-	to monitor, or (b) a PRINTER_NOTIFY_OPTIONS structure
-	containing the event information to monitor.  The windows
-	spooler has only been observed to use (b).
-S:	The &lt;* another missing word*&gt; opens a new TCP session to the client (thus requiring
-	all print clients to be CIFS servers as well) and sends
-	a ReplyOpenPrinter() request to the client.
-C:	The client responds with a printer handle that can be used to
-	send event notification messages.
-S:	The server replies success to the RFFPCN request.
-
-C:	The windows spooler follows the RFFPCN with a RFNPCN
-	request to fetch the current values of all monitored
-	attributes.
-S:	The server replies with an array SPOOL_NOTIFY_INFO_DATA
-	structures (contained in a SPOOL_NOTIFY_INFO structure).
-
-C:	If the change notification handle is ever released by the
-	client via a FCPCN request, the server sends a ReplyClosePrinter()
-	request back to the client first.  However a request of this
-	nature from the client is often an indication that the previous
-	notification event was not marshalled correctly by the server
-	or a piece of data was wrong.
-S:	The server closes the internal change notification handle
-	(POLICY_HND) and does not send any further change notification
-	events to the client for that printer or job.
-</programlisting></para>
-
-<para>
-The current list of notification events supported by Samba can be
-found by examining the internal tables in srv_spoolss_nt.c
-</para>
-
-<itemizedlist>
-	<listitem><para>printer_notify_table[]</para></listitem>
-	<listitem><para>job_notify_table[]</para></listitem>
-</itemizedlist>
-
-<para>
-When an event occurs that could be monitored, smbd sends a message
-to itself about the change.  The list of events to be transmitted
-are queued by the smbd process sending the message to prevent an
-overload of TDB usage and the internal message is sent during smbd's
-idle loop (refer to printing/notify.c and the functions
-send_spoolss_notify2_msg() and print_notify_send_messages() ).
-</para>
-
-<para>
-The decision of whether or not the change is to be sent to connected
-clients is made by the routine which actually sends the notification.
-( refer to srv_spoolss_nt.c:recieve_notify2_message() ).
-</para>
-
-<para>
-Because it possible to receive a listing of multiple changes for
-multiple printers, the notification events must be split into
-categories by the printer name.  This makes it possible to group
-multiple change events to be sent in a single RPC according to the
-printer handle obtained via a ReplyOpenPrinter().
-</para>
-
-<para>
-The actual change notification is performed using the RRPCN request
-RPC.  This packet contains
-</para>
-
-
-<itemizedlist>
-	
-<listitem><para>the printer handle registered with the
-client's spooler on which the change occurred</para></listitem>
-
-<listitem><para>The change_low value which was sent as part
-of the last RFNPCN request from the client</para></listitem>
-
-<listitem><para>The SPOOL_NOTIFY_INFO container with the event
-information</para></listitem>
-
-</itemizedlist>
-
-<para>
-A <VarName>SPOOL_NOTIFY_INFO</VarName> contains:
-</para>
-
-<itemizedlist>
-
-<listitem><para>the version and flags field are predefined
-and should not be changed</para></listitem>
-
-<listitem><para>The count field is the number of entries
-in the SPOOL_NOTIFY_INFO_DATA array</para></listitem>
-
-</itemizedlist>
-
-<para>
-The <VarName>SPOOL_NOTIFY_INFO_DATA</VarName> entries contain:
-</para>
-
-<itemizedlist>
-
-<listitem><para>The type defines whether or not this event
-is for a printer or a print job</para></listitem>
-
-<listitem><para>The field is the flag identifying the event</para></listitem>
-
-<listitem><para>the notify_data union contains the new valuie of the
-attribute</para></listitem>
-
-<listitem><para>The enc_type defines the size of the structure for marshalling
-and unmarshalling</para></listitem>
-
-<listitem><para>(a) the id must be 0 for a printer event on a printer handle.
-(b) the id must be the job id for an event on a printer job
-(c) the id must be the matching number of the printer index used
-in the response packet to the RFNPCN when using a print server
-handle for notification.  Samba currently uses the snum of
-the printer for this which can break if the list of services
-has been modified since the notification handle was registered.</para></listitem>
-
-<listitem><para>The size is either (a) the string length in UNICODE for strings,
-(b) the size in bytes of the security descriptor, or (c) 0 for
-data values.</para></listitem>
-
-</itemizedlist>
-
-</sect1>
-</chapter>
diff --git a/docs/docbook/devdoc/wins.sgml b/docs/docbook/devdoc/wins.sgml
deleted file mode 100644
index 53410316c56..00000000000
--- a/docs/docbook/devdoc/wins.sgml
+++ /dev/null
@@ -1,79 +0,0 @@
-<chapter id="wins">
-<chapterinfo>
-	<author>
-		<firstname>Gerald</firstname><surname>Carter</surname>
-	</author>
-	<pubdate>October 2002</pubdate>
-</chapterinfo>
-
-
-<title>Samba WINS Internals</title>
-
-
-<sect1>
-<title>WINS Failover</title>
-
-
-<para>
-The current Samba codebase possesses the capability to use groups of WINS
-servers that share a common namespace for NetBIOS name registration and 
-resolution.  The formal parameter syntax is
-</para>
-
-<para><programlisting>
-	WINS_SERVER_PARAM 	= SERVER [ SEPARATOR SERVER_LIST ]
-	WINS_SERVER_PARAM 	= &quot;wins server&quot;
-	SERVER 			= ADDR[:TAG]
-	ADDR 			= ip_addr | fqdn
-	TAG 			= string
-	SEPARATOR		= comma | \s+
-	SERVER_LIST		= SERVER [ SEPARATOR SERVER_LIST ]
-</programlisting></para>
-
-<para>
-A simple example of a valid wins server setting is
-</para>
-
-<para><programlisting>
-[global]
-	wins server = 192.168.1.2 192.168.1.3
-</programlisting></para>
-
-<para>
-In the event that no TAG is defined in for a SERVER in the list, smbd assigns a default
-TAG of &quot;*&quot;.  A TAG is used to group servers of a shared NetBIOS namespace together.  Upon
-startup, nmbd will attempt to register the netbios name value with one server in each
-tagged group.
-</para>
-
-<para>
-An example using tags to group WINS servers together is show here.  Note that the use of
-interface names in the tags is only by convention and is not a technical requirement.
-</para>
-
-
-<para><programlisting>
-[global]
-	wins server = 192.168.1.2:eth0 192.168.1.3:eth0 192.168.2.2:eth1
-</programlisting></para>
-
-<para>
-Using this configuration, nmbd would attempt to register the server's NetBIOS name 
-with one WINS server in each group.  Because the &quot;eth0&quot; group has two servers, the 
-second server would only be used when a registration (or resolution) request to 
-the first server in that group timed out.
-</para>
-
-<para>
-NetBIOS name resolution follows a similar pattern as name registration.  When resolving 
-a NetBIOS name via WINS, smbd and other Samba programs will attempt to query a single WINS 
-server in a tagged group until either a positive response is obtained at least once or 
-until a server from every tagged group has responded negatively to the name query request.
-If a timeout occurs when querying a specific WINS server, that server is marked as down to 
-prevent further timeouts and the next server in the WINS group is contacted.  Once marked as 
-dead, Samba will not attempt to contact that server for name registration/resolution queries 
-for a period of 10 minutes.
-</para>
-
-</sect1>
-</chapter>
diff --git a/docs/docbook/docbook.txt b/docs/docbook/docbook.txt
index 84848fd88f2..388cd5cf9b7 100644
--- a/docs/docbook/docbook.txt
+++ b/docs/docbook/docbook.txt
@@ -1,9 +1,8 @@
 !==
-!== docbook.txt for Samba HEAD
+!== docbook.txt for Samba 2.2.0 release
 !==
 !== Author:	David Bannon, D.Bannon@latrobe.edu.au  November, 2000
 !== Updates:	Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001
-!== Updates:	Jelmer Vernooij, jelmer@samba.org,		Aug, 2002
 
 What are DocBook documents doing in the Samba Distribution ?
 -----------------------------------------------------------
@@ -40,22 +39,98 @@ The Output
 ----------
 
 The current Samba CVS tree contains the SGML/DocBook source files as well 
-as the following autogenerated formats:
+as the following autogenerated formats
 
   * man pages
   * HTML
   * ASCII text (where appropriate)
-  * PDF
 
 
 The Tools
 ---------
 
-To generate the docs, you need to have the following packages installed:
+[
+ addendum: For a good general overview of installing the tools
+ needed for generating files from SGML/DocBook source, refer
+ to the DocBook-Install mini HOWTO at
+ http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DocBook-Install
 
-* docbook-utils
-* htmldoc
+ While the above link is to a Linux HOWTO, the tools can be installed 
+ on almost any UNIX platform.
+
+ David's original notes follow below:
+]
+
+Any sgml document needs to be referred to a suitable style sheet
+(describing syntax) and other sheets that tell the translating programmes
+how to do the translations. The list of necessary 'included files is a
+bit messy but once installed is pretty easy.
+
+On one of my RedHat 6.2 systems I installed the following:
+* sgml-common (as an rpm)
+* docbook  (as an rpm)
+* stylesheets  (as an rpm)
+* jade  (as an rpm)
+* Docbook 4.1 from http://docbook.org
+* DSSSL 157 from http://nwalsh.com/docbook/dsssl/ 
+
+There are several downloadable descriptions of the DocBook syntax at the
+web sites mentioned above. Note that a lot of the docs only talk about
+version 3.1 with 4.1 as an add-on.
+
+In either case you will need to include in the html/docbook.dsl and most
+likely a couple of defines to achieve a suitable output. I made a
+local dsl file that I called html.dsl that looks like this :
+
+<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
+<!ENTITY dbstyle SYSTEM "/usr/lib/sgml/dsssl-157/docbook/html/docbook.dsl" 
+CDATA DSSSL>
+]>
+
+<style-sheet>
+<style-specification use="docbook">
+<style-specification-body>
+
+(define nochunks #t)			;; Dont make multiple pages
+(define rootchunk #t)			;; Do make a 'root' page
+(define %use-id-as-filename% #t)	;; Use book id as filename	
+(define %html-ext% ".html")		;; give it a proper html extension
+
+</style-specification-body>
+</style-specification>
+<external-specification id="docbook" document="dbstyle">
+</style-sheet>
+
+Note the top block that refers to where the dsssl-157 style sheets are
+installed, if you don’t put them there make sure you edit the file.
+
+To use this stylesheet, have it in your working directory along with your
+sgml files.  Jade does the actual conversion to html, call it like this :
+
+jade -t sgml -d html.dsl stuff.sgml
+
+To create the text version run the html through lynx :
+
+Lynx  -dump  -nolist  stuff.html  >  stuff.txt
+
+These instructions are crude by might help someone get going. Please feel
+free to contact me if you have any questions or if you can correct any one
+of the many mistakes I must have made above.
+
+David
+
+==========================================================================
 
 This directory now contains a ./configure script and Makefile to 
-support the automated building of man pages (including HTML versions), and 
-the building of the Samba-HOWTO-Collection (HTML,PDF,PS,Text versions).
+support the automated building of man pages (including HTML versions).
+The DocBook V4.1 DTD and ISO entity files have also been included in CVS
+to make sure we are all working from the same plate.
+
+The SGML_CATALOG_FILES environment variable should be set as follows
+(this assumes you have a working local installation of jade and
+Norman's Walsh's DSSSL stylesheets):
+
+  export SGML_CATALOG_FILES=$SGML_CATALOG_FILES:./dbsgml/catalog
+
+
+--jerry
diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent
index d88c489a4a2..91286de98be 100644
--- a/docs/docbook/global.ent
+++ b/docs/docbook/global.ent
@@ -21,7 +21,7 @@
 <!ENTITY url.samba 'http://samba.org'>
 <!ENTITY url.samba-ldap-howto 'http://www.unav.es/cti/ldap-smb-howto.html'>
 <!ENTITY url.samba-tng.home 'http://www.kneschke.de/projekte/samba_tng/'>
-<!ENTITY url.samba.mailinglist.ntdom 'http://lists.samba.org/mailman/samba-ntdom'>
+<!ENTITY url.samba.mailinglist.ntdom 'http://lists.samba.org/mailman/roster/samba-ntdom'>
 <!ENTITY url.samba.cifs 'http://samba.org/cifs/'>
 <!ENTITY url.ntdomains-for-unix 'http://mailhost.cb1.com/~lkcl/ntdom/'>
 <!ENTITY url.samba.specs.old 'ftp://ftp.microsoft.com/developr/drg/CIFS/'>
diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml
index 7b2371fdb71..d8f436c4a12 100644
--- a/docs/docbook/manpages/findsmb.1.sgml
+++ b/docs/docbook/manpages/findsmb.1.sgml
@@ -45,7 +45,7 @@
 		</command> will probe the subnet of the machine where 
 		<command>findsmb</command> is run. This value is passed 
 		to <command>nmblookup</command> as part of the 
-		<constant>-B</constant> option.</para></listitem>
+		<constant>-B</constant> option</para></listitem>
 		</varlistentry>
 	</variablelist>
 </refsect1>
@@ -73,7 +73,7 @@
 	get proper responses  from Windows 95 and Windows 98 machines, 
 	the command must be run as root. </para>
 
-	<para>For example, running <command>findsmb</command> on a machine 
+	<para>For example running <command>findsmb</command> on a machine 
 	without <command>nmbd</command> running would yield output similar
 	to the following</para>
 
diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml
index 774b3d8f8bb..a36f9b968c1 100644
--- a/docs/docbook/manpages/make_smbcodepage.1.sgml
+++ b/docs/docbook/manpages/make_smbcodepage.1.sgml
@@ -57,10 +57,10 @@
 		<varlistentry>
 		<term>inputfile</term>
 		<listitem><para>This is the input file to process. In 
-		the <parameter>c</parameter> case, this will be a text 
+		the <parameter>c</parameter> case this will be a text 
 		codepage definition file such as the ones found in the Samba 	
 		<filename>source/codepages</filename> directory. In
-		the <parameter>d</parameter> case, this will be the 
+		the <parameter>d</parameter> case this will be the 
 		binary format codepage definition file normally found in 
 		the <filename>lib/codepages</filename> directory in the 
 		Samba install directory path.</para></listitem>
diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml
deleted file mode 100644
index 5b822ccfe67..00000000000
--- a/docs/docbook/manpages/net.8.sgml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="net">
-
-<refmeta>
-	<refentrytitle>net</refentrytitle>
-	<manvolnum>8</manvolnum>
-</refmeta>
-
-
-<refnamediv>
-	<refname>net</refname>
-	<refpurpose>Tool for administration of Samba and remote
-	CIFS servers.</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-	<cmdsynopsis>
-		<command>net</command>
-		<arg choice="req">&lt;ads|rap|rpc&gt;</arg>
-	</cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
-	<title>DESCRIPTION</title>
-
-	<para>This tool is part of the <ulink url="samba.7.html">
-	Samba</ulink> suite.</para>
-
-</refsect1>
-
-
-<refsect1>
-	<title>OPTIONS</title>
-
-	<para></para>
-
-</refsect1>
-
-
-<refsect1>
-	<title>COMMANDS</title>
-
-
-	<para></para>
-
-</refsect1>
-
-<refsect1>
-	<title>VERSION</title>
-
-	<para>This man page is incomplete for version 3.0 of the Samba 
-	suite.</para>
-</refsect1>
-
-<refsect1>
-	<title>AUTHOR</title>
-	
-	<para>The original Samba software and related utilities 
-	were created by Andrew Tridgell. Samba is now developed
-	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</para>
-
-	<para>The original Samba man pages were written by Karl Auer.
-	The current set of manpages and documentation is maintained
-	by the Samba Team in the same fashion as the Samba source code.</para>
-	
-</refsect1>
-
-</refentry>
diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml
index 2b8e0661203..c9ddc89bcbb 100644
--- a/docs/docbook/manpages/nmbd.8.sgml
+++ b/docs/docbook/manpages/nmbd.8.sgml
@@ -67,7 +67,7 @@
 
 	<para>In addition, <command>nmbd</command> can act as a WINS 
 	proxy, relaying broadcast queries from clients that do 
-	not understand how to talk the WINS protocol to a WINS 
+	not understand how to talk the WINS protocol to a WIN 
 	server.</para>
 </refsect1>
 
@@ -99,7 +99,7 @@
 		<listitem><para>If this parameter is specified it causes the
 		server to run "interactively", not as a daemon, even if the
 		server is executed on the command line of a shell. Setting this
-		parameter negates the implicit daemon mode when run from the
+		parameter negates the implicit deamon mode when run from the
 		command line.
 		</para></listitem>
 		</varlistentry>
@@ -136,9 +136,9 @@
 		Samba as part of the build process. Common defaults 
 		are <filename>/usr/local/samba/lib/lmhosts</filename>,
 		<filename>/usr/samba/lib/lmhosts</filename> or
-		<filename>/etc/lmhosts</filename>. See the
-		<ulink url="lmhosts.5.html"><filename>lmhosts(5)</filename></ulink>
-		man page for details on the contents of this file.</para></listitem>
+		<filename>/etc/lmhosts</filename>. See the <ulink url="lmhosts.5.html">
+		<filename>lmhosts(5)</filename></ulink> man page for details on the 
+		contents of this file.</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
@@ -169,15 +169,15 @@
 		<para>Note that specifying this parameter here will override 
 		the <ulink url="smb.conf.5.html#loglevel">log level</ulink> 
 		parameter in the <ulink url="smb.conf.5.html"><filename>
-		smb.conf(5)</filename></ulink> file.</para></listitem>
+		smb.conf</filename></ulink> file.</para></listitem>
 		</varlistentry>
 		
 		<varlistentry>
 		<term>-l &lt;log directory&gt;</term>
 		<listitem><para>The -l parameter specifies a directory 
 		into which the "log.nmbd" log file will be created
-		for operational data from the running <command>nmbd</command>
-		server. The default log directory is compiled into Samba
+		for operational data from the running
+		<command>nmbd</command> server. The default log directory is compiled into Samba
 		as part of the build process. Common defaults are <filename>
 		/usr/local/samba/var/log.nmb</filename>, <filename>
 		/usr/samba/var/log.nmb</filename> or
@@ -314,6 +314,21 @@
 	at a normally low log level.</para>
 </refsect1>
 
+<refsect1>
+        <title>TROUBLESHOOTING</title>
+
+        <para>
+        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </para>
+</refsect1>
+
+
 
 <refsect1>
 	<title>VERSION</title>
diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml
index 67efac56343..502262ac730 100644
--- a/docs/docbook/manpages/nmblookup.1.sgml
+++ b/docs/docbook/manpages/nmblookup.1.sgml
@@ -16,6 +16,7 @@
 <refsynopsisdiv>
 	<cmdsynopsis>
 		<command>nmblookup</command>
+		<arg choice="opt">-f</arg>
 		<arg choice="opt">-M</arg>
 		<arg choice="opt">-R</arg>
 		<arg choice="opt">-S</arg>
@@ -50,6 +51,13 @@
 
 	<variablelist>
 		<varlistentry>
+		<term>-f</term>
+		<listitem><para>Causes nmblookup to print out the flags
+		in the NMB packet headers. These flags will print out as 
+		strings like Authoritative, Recursion_Desired, Recursion_available, etc.
+		</para></listitem>
+		</varlistentry>
+		<varlistentry>
 		<term>-M</term>
 		<listitem><para>Searches for a master browser by looking 
 		up the  NetBIOS name <replaceable>name</replaceable> with a 
diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml
index 45ccbaee64a..eeb1fb0d2c6 100644
--- a/docs/docbook/manpages/pdbedit.8.sgml
+++ b/docs/docbook/manpages/pdbedit.8.sgml
@@ -27,10 +27,7 @@
 		<arg choice="opt">-a</arg>	
 		<arg choice="opt">-m</arg>	
 		<arg choice="opt">-x</arg>	
-		<arg choice="opt">-i passdb-backend</arg>	
-		<arg choice="opt">-e passdb-backend</arg>   
-		<arg choice="opt">-b passdb-backend</arg>
-		<arg choice="opt">-D debuglevel</arg>
+		<arg choice="opt">-i file</arg>	
 	</cmdsynopsis>
 </refsynopsisdiv>
 
@@ -41,11 +38,11 @@
 	Samba</ulink> suite.</para>
 
 	<para>The pdbedit program is used to manage the users accounts
-	stored in the sam database and can only be run by root.</para>
+	stored in the sam database and can be run only by root.</para>
 
-	<para>The pdbedit tool uses the passdb modular interface and is
+	<para>The pdbedit tool use the passdb modular interface and is
 	independent from the kind of users database used (currently there
-	are smbpasswd, ldap, nis+ and tdb based and more can be added
+	are smbpasswd, ldap, nis+ and tdb based and more can be addedd
 	without changing the tool).</para>
 
 	<para>There are five main ways to use pdbedit: adding a user account,
@@ -58,7 +55,7 @@
 	<variablelist>
 		<varlistentry>
 		<term>-l</term>
-		<listitem><para>This option lists all the user accounts
+		<listitem><para>This option list all the user accounts
 		present in the users database.
 		This option prints a list of user/uid pairs separated by
 		the ':' character.</para>
@@ -75,8 +72,8 @@
 		
 		<varlistentry>
 		<term>-v</term>
-		<listitem><para>This option enables the verbose listing format.
-		It causes pdbedit to list the users in the database, printing
+		<listitem><para>This option sets the verbose listing format.
+		It will make pdbedit list the users in the database printing
 		out the account fields in a descriptive format.</para>
 
 		<para>Example: <command>pdbedit -l -v</command></para>
@@ -108,7 +105,7 @@
 		<varlistentry>
 		<term>-w</term>
 		<listitem><para>This option sets the "smbpasswd" listing format.
-		It will make pdbedit list the users in the database, printing
+		It will make pdbedit list the users in the database printing
 		out the account fields in a format compatible with the
 		<filename>smbpasswd</filename> file format. (see the <ulink
 		url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para>
@@ -124,8 +121,8 @@
 		
 		<varlistentry>
 		<term>-u username</term>
-		<listitem><para>This option specifies the username to be
-		used for the operation requested (listing, adding, removing).
+		<listitem><para>This option specifies that the username to be
+		used for the operation requested (listing, adding, removing)
 		It is <emphasis>required</emphasis> in add, remove and modify
 		operations and <emphasis>optional</emphasis> in list
 		operations.</para>
@@ -198,9 +195,9 @@
 		<varlistentry>
 		<term>-a</term>
 		<listitem><para>This option is used to add a user into the
-		database. This command needs a user name specified with
-		the -u switch. When adding a new user, pdbedit will also
-		ask for the password to be used.</para>
+		database. This command need the user name be specified with
+		the -u switch. When adding a new user pdbedit will also
+		ask for the password to be used</para>
 
 		<para>Example: <command>pdbedit -a -u sorce</command>
 		<programlisting>new password:
@@ -227,7 +224,7 @@
 		<varlistentry>
 		<term>-x</term>
 		<listitem><para>This option causes pdbedit to delete an account
-		from the database. It needs a username specified with the
+		from the database. It need the username be specified with the
 		-u switch.</para>
 
 		<para>Example: <command>pdbedit -x -u bob</command></para>
@@ -236,36 +233,16 @@
 		
 
 		<varlistentry>
-		<term>-i passdb-backend</term>
-		<listitem><para>Use a different passdb backend to retrieve users
-                than the one specified in smb.conf. Can be used to import data into
-                your local user database.</para>
+		<term>-i file</term>
+		<listitem><para>This command is used to import a smbpasswd
+		file into the database.</para>
 
-		<para>This option will ease migration from one passdb backend to
-		another.</para>
+		<para>This option will ease migration from the plain smbpasswd
+		file database to more powerful backend databases like tdb and
+		ldap.</para>
 
-		<para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
-                </command></para>
-		</listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>-e passdb-backend</term>
-		<listitem><para>Exports all currently available users to the
-		specified password database backend.</para>
-
-		<para>This option will ease migration from one passdb backend to
-		another and will ease backing up.</para>
-		
-		<para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
-		</listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>-b passdb-backend</term>
-		<listitem><para>Use a different default passdb backend. </para>
-
-		<para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
+		<para>Example: <command>pdbedit -i /etc/smbpasswd.old</command>
+		</para>
 		</listitem>
 		</varlistentry>
 	</variablelist>
diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml
index 7a7a19c837b..773455fb2bf 100644
--- a/docs/docbook/manpages/rpcclient.1.sgml
+++ b/docs/docbook/manpages/rpcclient.1.sgml
@@ -26,7 +26,6 @@
 		<arg choice="opt">-U username[%password]</arg>
 		<arg choice="opt">-W workgroup</arg>
 		<arg choice="opt">-N</arg>
-		<arg choice="opt">-I destinationIP</arg>
 		<arg choice="req">server</arg>
 	</cmdsynopsis>
 </refsynopsisdiv>
@@ -60,8 +59,7 @@
 
 
 		<varlistentry>
-		<term>-A|--authfile=filename</term>
-		<listitem><para>This option allows 
+		<term>-A filename</term><listitem><para>This option allows 
 		you to specify a file from which to read the username and 
 		password used in the connection.  The format of the file is 
 		</para>
@@ -79,7 +77,7 @@
 
 
 		<varlistentry>
-		<term>-c|--command='command string'</term>
+		<term>-c 'command string'</term>
 		<listitem><para>execute semicolon separated commands (listed 
 		below)) </para></listitem>
 		</varlistentry>
@@ -88,7 +86,7 @@
 		
 
 		<varlistentry>
-		<term>-d|--debug=debuglevel</term>
+		<term>-d debuglevel</term>
 		<listitem><para>set the debuglevel. Debug level 0 is the lowest 
 		and 100 being the highest. This should be set to 100 if you are
 		planning on submitting a bug report to the Samba team (see <filename>BUGS.txt</filename>). 
@@ -99,60 +97,42 @@
 
 
 		<varlistentry>
-		<term>-h|--help</term>
+		<term>-h</term>
 		<listitem><para>Print a summary of command line options.
 		</para></listitem>
 		</varlistentry>
 
 
-		<varlistentry>
-		<term>-I IP-address</term>
-		<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. 
-		It should be specified in standard "a.b.c.d" notation. </para>
-
-		<para>Normally the client would attempt to locate a named 
-		SMB/CIFS server by looking it up via the NetBIOS name resolution 
-		mechanism described above in the <parameter>name resolve order</parameter> 
-		parameter above. Using this parameter will force the client
-		to assume that the server is on the machine with the specified IP 
-		address and the NetBIOS name component of the resource being 
-		connected to will be ignored. </para>
-
-		<para>There is no default for this parameter. If not supplied, 
-		it will be determined automatically by the client as described 
-		above. </para></listitem>
-		</varlistentry>
 
 		
 		<varlistentry>
-		<term>-l|--logfile=logbasename</term>
+		<term>-l logbasename</term>
 		<listitem><para>File name for log/debug files. The extension 
-		<constant>'.client'</constant> will be appended. The log file is
-		never removed by the client.
+		<constant>'.client'</constant> will be appended. The log file is never removed  
+		by the client.
 		</para></listitem>
 		</varlistentry>
 
 
 		
 		<varlistentry>
-		<term>-N|--nopass</term>
+		<term>-N</term>
 		<listitem><para>instruct <command>rpcclient</command> not to ask 
-		for a password.   By default, <command>rpcclient</command> will
-		prompt for a password.  See also the <parameter>-U</parameter>
-		option.</para></listitem>
+		for a password.   By default, <command>rpcclient</command> will prompt 
+		for a password.  See also the <parameter>-U</parameter> option.</para></listitem>
 		</varlistentry>
 
 		
 		<varlistentry>
-		<term>-s|--conf=smb.conf</term>
-		<listitem><para>Specifies the location of the all-important 
+		<term>-s smb.conf</term>
+		<listitem><para>Specifies the location of the all important 
 		<filename>smb.conf</filename> file. </para></listitem>
 		</varlistentry>
 
 				
 
 		<varlistentry>
-		<term>-U|--user=username[%password]</term>
+		<term>-U username[%password]</term>
 		<listitem><para>Sets the SMB username or username and password. </para>
 		
 		<para>If %password is not specified, the user will be prompted. The 
@@ -163,8 +143,8 @@
 
 		<para>A third option is to use a credentials file which 
 		contains the plaintext of the username and password.  This 
-		option is mainly provided for scripts where the admin does not 
-		wish to pass the credentials on the command line or via environment 
+		option is mainly provided for scripts where the admin doesn't 
+		desire to pass the credentials on the command line or via environment 
 		variables. If this method is used, make certain that the permissions 
 		on the file restrict access from unwanted users.  See the 
 		<parameter>-A</parameter> for more details. </para>
@@ -180,7 +160,7 @@
 		
 		
 		<varlistentry>
-		<term>-W|--workgroup=domain</term>
+		<term>-W domain</term>
 		<listitem><para>Set the SMB domain of the username.   This 
 		overrides the default domain which is the domain defined in 
 		smb.conf.  If the domain specified is the same as the server's NetBIOS name, 
@@ -204,7 +184,7 @@
 		of SIDs to usernames.
 		</para></listitem>
 		
-		<listitem><para><command>lookupnames</command> - Resolve a list 
+		<listitem><para><command>lookupnames</command> - Resolve s list 
 		of usernames to SIDs.
 		</para></listitem>
 		
@@ -291,7 +271,7 @@
 
 
 		<listitem><para><command>enumjobs &lt;printer&gt;</command> 
-		- List the jobs and status of a given printer. 
+		- List the jobs and status of a given printer.  
 		This command corresponds to the MS Platform SDK EnumJobs() 
 		function (* This command is currently unimplemented).</para></listitem>
 		
@@ -340,7 +320,7 @@
 
 		<listitem><para><command>getdriverdir &lt;arch&gt;</command> 
 		- Execute a GetPrinterDriverDirectory()
-		RPC to retrieve the SMB share name and subdirectory for 
+		RPC to retreive the SMB share name and subdirectory for 
 		storing printer driver files for a given architecture.  Possible 
 		values for <parameter>arch</parameter> are "Windows 4.0" 
 		(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
@@ -360,11 +340,10 @@
 		against a given printer. </para></listitem> 
 
 
-		<listitem><para><command>setdriver &lt;printername&gt;
-		&lt;drivername&gt;</command>
-		- Execute a SetPrinter() command to update the printer driver
-		associated with an installed printer.  The printer driver must
-		already be correctly installed on the print server.  </para>
+		<listitem><para><command>setdriver &lt;printername&gt; &lt;drivername&gt;</command> 
+		- Execute a SetPrinter() command to update the printer driver associated
+		with an installed printer.  The printer driver must already be correctly
+		installed on the print server.  </para>
 
 		<para>See also the <command>enumprinters</command> and 
 		<command>enumdrivers</command> commands for obtaining a list of
@@ -376,8 +355,8 @@
 	<para><emphasis>GENERAL OPTIONS</emphasis></para>
 
 	<itemizedlist>
-		<listitem><para><command>debuglevel</command> - Set the current
-		debug level used to log information.</para></listitem>
+		<listitem><para><command>debuglevel</command> - Set the current debug level
+		used to log information.</para></listitem>
 
 		<listitem><para><command>help (?)</command> - Print a listing of all 
 		known commands or extended help  on a particular command. 
@@ -420,7 +399,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 3.0 of the Samba 
+	<para>This man page is correct for version 2.2 of the Samba 
 	suite.</para>
 </refsect1>
 
diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml
index ce443e78d97..5d81d9d4468 100644
--- a/docs/docbook/manpages/samba.7.sgml
+++ b/docs/docbook/manpages/samba.7.sgml
@@ -22,10 +22,8 @@
 	<para>The Samba software suite is a collection of programs 
 	that implements the Server Message Block (commonly abbreviated 
 	as SMB) protocol for UNIX systems. This protocol is sometimes 
-	also referred to as the Common Internet File System (CIFS). For a
-	more thorough description, see <ulink url="http://www.ubiqx.org/cifs/">
-	http://www.ubiqx.org/cifs/</ulink>. Samba also implements the NetBIOS
-	protocol in nmbd.</para>
+	also referred to as the Common Internet File System (CIFS), 
+	LanManager or NetBIOS protocol.</para>
 	
 	<variablelist>
 		<varlistentry>
@@ -41,7 +39,7 @@
 		<varlistentry>
 		<term><command>nmbd</command></term>
 		<listitem><para>The <command>nmbd</command>
-		daemon provides NetBIOS nameservice and browsing
+		daemon provides NetBIOS nameserving and browsing
 		support. The configuration file for this daemon 
 		is described in <filename>smb.conf</filename></para>
 		</listitem>
@@ -70,7 +68,7 @@
 		<term><command>testprns</command></term>
 		<listitem><para>The <command>testprns</command>
 		utility supports testing printer names defined 
-		in your <filename>printcap</filename> file used 
+		in your <filename>printcap></filename> file used 
 		by Samba.</para>
 		</listitem>
 		</varlistentry>
@@ -117,14 +115,12 @@
 	component is described in a separate manual page. It is strongly 
 	recommended that you read the documentation that comes with Samba 
 	and the manual pages of those components that you use. If the 
-	manual pages and documents aren't clear enough then please visit
-	<ulink url="http://devel.samba.org/">http://devel.samba.org</ulink>
-	for information on how to file a bug report or submit a patch.</para>
-
-	<para>If you require help, visit the Samba webpage at
-	<ulink url="http://samba.org/">http://www.samba.org/</ulink> and
-	explore the many option available to you.
+	manual pages aren't clear enough then please send a patch or 
+	bug report to <ulink url="mailto:samba@samba.org">
+	samba@samba.org</ulink></para>
+	
 	
+
 </refsect1>
 
 <refsect1>
@@ -168,10 +164,11 @@
 	<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.
 	</para>
 
-	<para>If you have patches to submit, visit
-	<ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink>
-	for information on how to do it properly. We prefer patches in
-	<command>diff -u</command> format.</para>
+	<para>If you have patches to submit or bugs to report 
+	then you may mail them directly to samba-patches@samba.org.
+	Note, however, that due to the enormous popularity of this 
+	package the Samba Team may take some time to respond to mail. We 
+	prefer patches in <command>diff -u</command> format.</para>
 </refsect1>
 
 <refsect1>
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index c0893f1005a..cff2afdcaca 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -396,7 +396,7 @@
 		to change your config based on what the client calls you. Your 
 		server can have a "dual personality".</para>
 
-                <para>Note that this parameter is not available when Samba listens
+                <para>Note that this paramater is not available when Samba listens
                 on port 445, as clients no longer send this information </para>
                 </listitem>
 
@@ -489,6 +489,21 @@
 	<variablelist>
 	
 	<varlistentry>
+		<term>mangling method</term>
+		<listitem><para> controls the algorithm used for the generating
+		the mangled names. Can take two different values, "hash" and
+		"hash2". "hash" is  the default and is the algorithm that has been
+		used in Samba for many years. "hash2" is a newer and considered
+		a better algorithm (generates less collisions) in the names.
+		However, many Win32 applications store the
+		mangled names and so changing to the new algorithm must not be done
+		lightly as these applications may break unless reinstalled.
+		New installations of Samba may set the default to hash2.
+		Default <emphasis>hash</emphasis>.</para></listitem>
+		</varlistentry>
+		
+	
+		<varlistentry>
 		<term>mangle case = yes/no</term>
 		<listitem><para> controls if names that have characters that 
 		aren't of the "default" case are mangled. For example, 
@@ -593,25 +608,21 @@
 	each parameter for details.  Note that some are synonyms.</para>
 
 	<itemizedlist>
-		<listitem><para><link linkend="ABORTSHUTDOWNSCRIPT"><parameter>abort shutdown script</parameter></link></para></listitem>
-		<listitem><para><link linkend="ADDGROUPSCRIPT"><parameter>add group script</parameter></link></para></listitem>
-		<listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>addprinter command</parameter></link></para></listitem>
+		<listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>add printer command</parameter></link></para></listitem>
 		<listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem>
 		<listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem>
-		<listitem><para><link linkend="ADDUSERTOGROUPSCRIPT"><parameter>add user to group script</parameter></link></para></listitem>
-		<listitem><para><link linkend="ADDMACHINESCRIPT"><parameter>add machine script</parameter></link></para></listitem>
-		<listitem><para><link linkend="DELETEGROUPSCRIPT"><parameter>delete group script</parameter></link></para></listitem>
-		<listitem><para><link linkend="ADSSERVER"><parameter>ads server</parameter></link></para></listitem>
-		<listitem><para><link linkend="ALGORITHMICRIDBASE"><parameter>algorithmic rid base</parameter></link></para></listitem>
 		<listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem>
 		<listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem>
 		<listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem>
-		<listitem><para><link linkend="AUTHMETHODS"><parameter>auth methods</parameter></link></para></listitem>
 		<listitem><para><link linkend="AUTOSERVICES"><parameter>auto services</parameter></link></para></listitem>
 		<listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem>
 		<listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem>
 		<listitem><para><link linkend="CHANGENOTIFYTIMEOUT"><parameter>change notify timeout</parameter></link></para></listitem>
 		<listitem><para><link linkend="CHANGESHARECOMMAND"><parameter>change share command</parameter></link></para></listitem>
+		<listitem><para><link linkend="CHARACTERSET"><parameter>character set</parameter></link></para></listitem>
+		<listitem><para><link linkend="CLIENTCODEPAGE"><parameter>client code page</parameter></link></para></listitem>
+		<listitem><para><link linkend="CODEPAGEDIRECTORY"><parameter>code page directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="CODINGSYSTEM"><parameter>coding system</parameter></link></para></listitem>
 		<listitem><para><link linkend="CONFIGFILE"><parameter>config file</parameter></link></para></listitem>
 		<listitem><para><link linkend="DEADTIME"><parameter>deadtime</parameter></link></para></listitem>
 		<listitem><para><link linkend="DEBUGHIRESTIMESTAMP"><parameter>debug hires timestamp</parameter></link></para></listitem>
@@ -621,30 +632,24 @@
 		<listitem><para><link linkend="DEBUGLEVEL"><parameter>debuglevel</parameter></link></para></listitem>
 		<listitem><para><link linkend="DEFAULT"><parameter>default</parameter></link></para></listitem>
 		<listitem><para><link linkend="DEFAULTSERVICE"><parameter>default service</parameter></link></para></listitem>
-		<listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>deleteprinter command</parameter></link></para></listitem>
+		<listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer command</parameter></link></para></listitem>
 		<listitem><para><link linkend="DELETESHARECOMMAND"><parameter>delete share command</parameter></link></para></listitem>
 		<listitem><para><link linkend="DELETEUSERSCRIPT"><parameter>delete user script</parameter></link></para></listitem>
-		<listitem><para><link linkend="DELETEUSERFROMGROUPSCRIPT"><parameter>delete user from group script</parameter></link></para></listitem>
 		<listitem><para><link linkend="DFREECOMMAND"><parameter>dfree command</parameter></link></para></listitem>
-		<listitem><para><link linkend="DISABLENETBIOS"><parameter>disable netbios</parameter></link></para></listitem>
 		<listitem><para><link linkend="DISABLESPOOLSS"><parameter>disable spoolss</parameter></link></para></listitem>
-		<listitem><para><link linkend="DISPLAYCHARSET"><parameter>display charset</parameter></link></para></listitem>
 		<listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINADMINGROUP"><parameter>domain admin group</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINGUESTGROUP"><parameter>domain guest group</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem>
 		<listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem>
-		<listitem><para><link linkend="DOSCHARSET"><parameter>dos charset</parameter></link></para></listitem>
 		<listitem><para><link linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter></link></para></listitem>
 		<listitem><para><link linkend="ENHANCEDBROWSING"><parameter>enhanced browsing</parameter></link></para></listitem>
 		<listitem><para><link linkend="ENUMPORTSCOMMAND"><parameter>enumports command</parameter></link></para></listitem>
 		<listitem><para><link linkend="GETWDCACHE"><parameter>getwd cache</parameter></link></para></listitem>
 		<listitem><para><link linkend="HIDELOCALUSERS"><parameter>hide local users</parameter></link></para></listitem>
 		<listitem><para><link linkend="HIDEUNREADABLE"><parameter>hide unreadable</parameter></link></para></listitem>
-		<listitem><para><link linkend="HIDEUNWRITEABLEFILES"><parameter>hide unwriteable files</parameter></link></para></listitem>
 		<listitem><para><link linkend="HOMEDIRMAP"><parameter>homedir map</parameter></link></para></listitem>
 		<listitem><para><link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link></para></listitem>
-		<listitem><para><link linkend="HOSTNAMELOOKUPS"><parameter>hostname lookups</parameter></link></para></listitem>
 		<listitem><para><link linkend="HOSTSEQUIV"><parameter>hosts equiv</parameter></link></para></listitem>
 		<listitem><para><link linkend="INTERFACES"><parameter>interfaces</parameter></link></para></listitem>
 		<listitem><para><link linkend="KEEPALIVE"><parameter>keepalive</parameter></link></para></listitem>
@@ -654,11 +659,10 @@
 		
 		<listitem><para><link linkend="LDAPADMINDN"><parameter>ldap admin dn</parameter></link></para></listitem>
 		<listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPPORT"><parameter>ldap port</parameter></link></para></listitem>
+		<listitem><para><link linkend="LDAPSERVER"><parameter>ldap server</parameter></link></para></listitem>
 		<listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem>
 		<listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem>
-		<listitem><para><link linkend="LDAPUSERSUFFIX"><parameter>ldap user suffix</parameter></link></para></listitem>
-		<listitem><para><link linkend="LDAPMACHINESUFFIX"><parameter>ldap machine suffix</parameter></link></para></listitem>
-		<listitem><para><link linkend="LDAPPASSWDSYNC"><parameter>ldap passwd sync</parameter></link></para></listitem>
 
 		<listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem>
 		<listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem>
@@ -678,6 +682,7 @@
 		<listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem>
 		<listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem>
 		<listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem>
+		<listitem><para><link linkend="MANGLINGMETHOD"><parameter>mangling method</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAXLOGSIZE"><parameter>max log size</parameter></link></para></listitem>
@@ -693,15 +698,13 @@
 		<listitem><para><link linkend="MINPASSWORDLENGTH"><parameter>min password length</parameter></link></para></listitem>
 		<listitem><para><link linkend="MINPROTOCOL"><parameter>min protocol</parameter></link></para></listitem>
 		<listitem><para><link linkend="MINWINSTTL"><parameter>min wins ttl</parameter></link></para></listitem>
-		<listitem><para><link linkend="NAMECACHETIMEOUT"><parameter>name cache timeout</parameter></link></para></listitem>
 		<listitem><para><link linkend="NAMERESOLVEORDER"><parameter>name resolve order</parameter></link></para></listitem>
 		<listitem><para><link linkend="NETBIOSALIASES"><parameter>netbios aliases</parameter></link></para></listitem>
 		<listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem>
 		<listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem>
 		<listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem>
-		<listitem><para><link linkend="NTLMAUTH"><parameter>ntlm auth</parameter></link></para></listitem>
-		<listitem><para><link linkend="NONUNIXACCOUNTRANGE"><parameter>non unix account range</parameter></link></para></listitem>
 		<listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem>
+		<listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem>
 		<listitem><para><link linkend="NTSTATUSSUPPORT"><parameter>nt status support</parameter></link></para></listitem>
 		<listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem>
 		<listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem>
@@ -710,8 +713,6 @@
 		<listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem>
 		<listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem>
 		<listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem>
-		<listitem><para><link linkend="PARANOIDSERVERSECURITY"><parameter>paranoid server security</parameter></link></para></listitem>
-		<listitem><para><link linkend="PASSDBBACKEND"><parameter>passdb backend</parameter></link></para></listitem>
 		<listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem>
 		<listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem>
 		<listitem><para><link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link></para></listitem>
@@ -723,12 +724,10 @@
 		<listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem>
 		<listitem><para><link linkend="PRINTERDRIVERFILE"><parameter>printer driver file</parameter></link></para></listitem>
-		<listitem><para><link linkend="PRIVATEDIR"><parameter>private dir</parameter></link></para></listitem>
 		<listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem>
 		<listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem>
 		<listitem><para><link linkend="READRAW"><parameter>read raw</parameter></link></para></listitem>
 		<listitem><para><link linkend="READSIZE"><parameter>read size</parameter></link></para></listitem>
-		<listitem><para><link linkend="REALM"><parameter>realm</parameter></link></para></listitem>
 		<listitem><para><link linkend="REMOTEANNOUNCE"><parameter>remote announce</parameter></link></para></listitem>
 		<listitem><para><link linkend="REMOTEBROWSESYNC"><parameter>remote browse sync</parameter></link></para></listitem>
 		<listitem><para><link linkend="RESTRICTANONYMOUS"><parameter>restrict anonymous</parameter></link></para></listitem>
@@ -738,13 +737,29 @@
 		<listitem><para><link linkend="SECURITY"><parameter>security</parameter></link></para></listitem>
 		<listitem><para><link linkend="SERVERSTRING"><parameter>server string</parameter></link></para></listitem>
 		<listitem><para><link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para></listitem>
-		<listitem><para><link linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link></para></listitem>
 		<listitem><para><link linkend="SMBPASSWDFILE"><parameter>smb passwd file</parameter></link></para></listitem>
-		<listitem><para><link linkend="SMBPORTS"><parameter>smb ports</parameter></link></para></listitem>
 		<listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem>
 		<listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem>
 		<listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem>
-                <listitem><para><link linkend="SPNEGO"><parameter>use spnego</parameter></link></para></listitem>
+
+		<listitem><para><link linkend="SSL"><parameter>ssl</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCACERTFILE"><parameter>ssl CA certFile</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCIPHERS"><parameter>ssl ciphers</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCLIENTCERT"><parameter>ssl client cert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCLIENTKEY"><parameter>ssl client key</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLCOMPATIBILITY"><parameter>ssl compatibility</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLEGDSOCKET"><parameter>ssl egd socket</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLENTROPYBYTES"><parameter>ssl entropy bytes</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLHOSTS"><parameter>ssl hosts</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLHOSTSRESIGN"><parameter>ssl hosts resign</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require clientcert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLREQUIRESERVERCERT"><parameter>ssl require servercert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLSERVERCERT"><parameter>ssl server cert</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLSERVERKEY"><parameter>ssl server key</parameter></link></para></listitem>
+		<listitem><para><link linkend="SSLVERSION"><parameter>ssl version</parameter></link></para></listitem>
+
 		<listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem>
 		<listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem>
 		<listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem>
@@ -756,8 +771,6 @@
 		<listitem><para><link linkend="TIMESERVER"><parameter>time server</parameter></link></para></listitem>
 		<listitem><para><link linkend="TIMESTAMPLOGS"><parameter>timestamp logs</parameter></link></para></listitem>
 		<listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem>
-		<listitem><para><link linkend="UNICODE"><parameter>unicode</parameter></link></para></listitem>
-		<listitem><para><link linkend="UNIXCHARSET"><parameter>unix charset</parameter></link></para></listitem>
 		<listitem><para><link linkend="UNIXEXTENSIONS"><parameter>unix extensions</parameter></link></para></listitem>
 		<listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem>
 		<listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem>
@@ -767,7 +780,7 @@
 		<listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem>
 		<listitem><para><link linkend="UTMP"><parameter>utmp</parameter></link></para></listitem>
 		<listitem><para><link linkend="UTMPDIRECTORY"><parameter>utmp directory</parameter></link></para></listitem>
-		<listitem><para><link linkend="WTMPDIRECTORY"><parameter>wtmp directory</parameter></link></para></listitem>
+		<listitem><para><link linkend="VALIDCHARS"><parameter>valid chars</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINBINDCACHETIME"><parameter>winbind cache time</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINBINDENUMUSERS"><parameter>winbind enum users</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINBINDENUMGROUPS"><parameter>winbind enum groups</parameter></link></para></listitem>
@@ -776,7 +789,6 @@
 		<listitem><para><link linkend="WINBINDUID"><parameter>winbind uid</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINBINDUSEDEFAULTDOMAIN"><parameter>winbind use default domain</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSHOOK"><parameter>wins hook</parameter></link></para></listitem>
-		<listitem><para><link linkend="WINSPARTNERS"><parameter>wins partners</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSPROXY"><parameter>wins proxy</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSSERVER"><parameter>wins server</parameter></link></para></listitem>
 		<listitem><para><link linkend="WINSSUPPORT"><parameter>wins support</parameter></link></para></listitem>
@@ -797,7 +809,7 @@
 		<listitem><para><link linkend="ALLOWHOSTS"><parameter>allow hosts</parameter></link></para></listitem>
 		<listitem><para><link linkend="AVAILABLE"><parameter>available</parameter></link></para></listitem>
 		<listitem><para><link linkend="BLOCKINGLOCKS"><parameter>blocking locks</parameter></link></para></listitem>
-<listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem>
+		<listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem>
 		<listitem><para><link linkend="BROWSABLE"><parameter>browsable</parameter></link></para></listitem>
 		<listitem><para><link linkend="BROWSEABLE"><parameter>browseable</parameter></link></para></listitem>
 		<listitem><para><link linkend="CASESENSITIVE"><parameter>case sensitive</parameter></link></para></listitem>
@@ -830,6 +842,7 @@
 		<listitem><para><link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>force directory security mode</parameter></link></para></listitem>
 		<listitem><para><link linkend="FORCEGROUP"><parameter>force group</parameter></link></para></listitem>
 		<listitem><para><link linkend="FORCESECURITYMODE"><parameter>force security mode</parameter></link></para></listitem>
+		<listitem><para><link linkend="FORCEUNKNOWNACLUSER"><parameter>force unknown acl user</parameter></link></para></listitem>
 		<listitem><para><link linkend="FORCEUSER"><parameter>force user</parameter></link></para></listitem>
 		<listitem><para><link linkend="FSTYPE"><parameter>fstype</parameter></link></para></listitem>
 		<listitem><para><link linkend="GROUP"><parameter>group</parameter></link></para></listitem>
@@ -856,7 +869,6 @@
 		<listitem><para><link linkend="MANGLEDMAP"><parameter>mangled map</parameter></link></para></listitem>
 		<listitem><para><link linkend="MANGLEDNAMES"><parameter>mangled names</parameter></link></para></listitem>
 		<listitem><para><link linkend="MANGLINGCHAR"><parameter>mangling char</parameter></link></para></listitem>
-		<listitem><para><link linkend="MANGLINGMETHOD"><parameter>mangling method</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAPARCHIVE"><parameter>map archive</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAPHIDDEN"><parameter>map hidden</parameter></link></para></listitem>
 		<listitem><para><link linkend="MAPSYSTEM"><parameter>map system</parameter></link></para></listitem>
@@ -909,7 +921,6 @@
 		<listitem><para><link linkend="VALIDUSERS"><parameter>valid users</parameter></link></para></listitem>
 		<listitem><para><link linkend="VETOFILES"><parameter>veto files</parameter></link></para></listitem>
 		<listitem><para><link linkend="VETOOPLOCKFILES"><parameter>veto oplock files</parameter></link></para></listitem>
-		<listitem><para><link linkend="VFSPATH"><parameter>vfs path</parameter></link></para></listitem>
 		<listitem><para><link linkend="VFSOBJECT"><parameter>vfs object</parameter></link></para></listitem>
 		<listitem><para><link linkend="VFSOPTIONS"><parameter>vfs options</parameter></link></para></listitem>
 		<listitem><para><link linkend="VOLUME"><parameter>volume</parameter></link></para></listitem>
@@ -928,23 +939,9 @@
 	
 	<variablelist>
 
-		<varlistentry>
-		<term><anchor id="ABORTSHUTDOWNSCRIPT">abort shutdown script (G)</term>
-		<listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis>
-		This a full path name to a script called by
-		<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>  that
-		should stop a shutdown procedure issued by the <link 
-		linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link>.</para>
-		
-		<para>This command will be run as user.</para>
-
-		<para>Default: <emphasis>None</emphasis>.</para>
-		<para>Example: <command>abort shutdown script = /sbin/shutdown -c</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
-		<term><anchor id="ADDPRINTERCOMMAND">addprinter command (G)</term>
+		<term><anchor id="ADDPRINTERCOMMAND">add printer command (G)</term>
 		<listitem><para>With the introduction of MS-RPC based printing
 		support for Windows NT/2000 clients in Samba 2.2, The MS Add
 		Printer Wizard (APW) icon is now also available in the 
@@ -961,7 +958,7 @@
 		shared by <ulink url="smbd.8.html"><command>smbd(8)</command>
 		</ulink>.</para>
 		
-		<para>The <parameter>addprinter command</parameter> is
+		<para>The <parameter>add printer command</parameter> is
 		automatically invoked with the following parameter (in 
 		order:</para>
 		
@@ -981,14 +978,14 @@
 		only.  The remaining fields in the structure are generated from answers
 		to the APW questions.</para>
 		
-		<para>Once the <parameter>addprinter command</parameter> has 
+		<para>Once the <parameter>add printer command</parameter> has 
 		been executed, <command>smbd</command> will reparse the <filename>
 		smb.conf</filename> to determine if the share defined by the APW
 		exists.  If the sharename is still invalid, then <command>smbd
 		</command> will return an ACCESS_DENIED error to the client.</para>
 		
 		<para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter>
-		deleteprinter command</parameter></link>, <link 
+		delete printer command</parameter></link>, <link 
 		linkend="printing"><parameter>printing</parameter></link>,
 		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
 		printer wizard</parameter></link></para>
@@ -1038,7 +1035,7 @@
 		
 		<para>
 		This parameter is only used for add file shares.  To add printer shares, 
-		see the <link linkend="ADDPRINTERCOMMAND"><parameter>addprinter 
+		see the <link linkend="ADDPRINTERCOMMAND"><parameter>add printer 
 		command</parameter></link>.
 		</para>
 		
@@ -1055,36 +1052,7 @@
 
 
 
-		<varlistentry>
-		<term><anchor id="ADDMACHINESCRIPT">add machine script (G)</term>
-		<listitem><para>This is the full pathname to a script that will 
-		be run by <ulink url="smbd.8.html">smbd(8)</ulink>  when a machine is added
-                to it's domain using the administrator username and password method. </para>
-
-		<para>This option is only required when using sam back-ends tied to the
-                Unix uid method of RID calculation such as smbpasswd.  This option is only
-                available in Samba 3.0.</para>
-
-		<para>Default: <command>add machine script = &lt;empty string&gt;
-		</command></para>	
 
-		<para>Example: <command>add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-                </command></para>
-		</listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term><anchor id="ADSSERVER">ads server (G)</term>
-		<listitem><para>If this option is specified, samba does 
-		not try to figure out what ads server to use itself, but 
-		uses the specified ads server. Either one DNS name or IP 
-		address can be used.</para>
-
-		<para>Default: <command>ads server = </command></para>
-
-		<para>Example: <command>ads server = 192.168.1.2</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="ADDUSERSCRIPT">add user script (G)</term>
@@ -1136,22 +1104,10 @@
 		%u</command></para>
 		</listitem>
 		</varlistentry>
-		
-		<varlistentry><term><anchor id="ADDGROUPSCRIPT">add group script (G)</term>
-		<listitem><para>This is the full pathname to a script that will 
-		be run <emphasis>AS ROOT</emphasis> by <ulink
-                url="smbd.8.html">smbd(8)</ulink> when a new group is
-                requested. It will expand any
-                <parameter>%g</parameter> to the group name passed.
-                This script is only useful for installations using the
-                Windows NT domain administration tools. The script is
-                free to create a group with an arbitrary name to
-                circumvent unix group name restrictions. In that case
-                the script must print the numeric gid of the created
-                group on stdout.
-		</para></listitem>
-		</varlistentry>
 
+
+
+		
 		<varlistentry>
 		<term><anchor id="ADMINUSERS">admin users (S)</term>
 		<listitem><para>This is a list of users who will be granted 
@@ -1167,23 +1123,8 @@
 		<para>Example: <command>admin users = jason</command></para>
 		</listitem>
 		</varlistentry>
-
-		<varlistentry>
-		<term><anchor id="ADDUSERTOGROUPSCRIPT">add user to group script (G)</term>
-		<listitem><para>Full path to the script that will be called when 
-		a user is added to a group using the Windows NT domain administration 
-		tools. It will be run by <ulink url="smbd.8.html">smbd(8)</ulink> 
-		<emphasis>AS ROOT</emphasis>. Any <parameter>%g</parameter> will be 
-		replaced with the group name and any <parameter>%u</parameter> will 
-		be replaced with the user name.
-		</para>
-
-		<para>Default: <command>add user to group script = </command></para>
-
-		<para>Example: <command>add user to group script = /usr/sbin/adduser %u %g</command></para>
 		
-		</listitem>
-		</varlistentry>
+
 
 		<varlistentry>
 		<term><anchor id="ALLOWHOSTS">allow hosts (S)</term>
@@ -1191,29 +1132,8 @@
 		<parameter>hosts allow</parameter></link>.</para></listitem>
 		</varlistentry>
 		
-		<varlistentry>
-		<term><anchor id="ALGORITHMICRIDBASE">algorithmic rid base (G)</term>
-		<listitem><para>This determines how Samba will use its
-                algorithmic mapping from uids/gid to the RIDs needed to construct
-                NT Security Identifiers.</para>
 
-                <para>Setting this option to a larger value could be useful to sites
-                transitioning from WinNT and Win2k, as existing user and 
-                group rids would otherwise clash with sytem users etc. 
-                </para>
 
-                <para>All UIDs and GIDs must be able to be resolved into SIDs for  
-                the correct operation of ACLs on the server.  As such the algorithmic
-                mapping can't be 'turned off', but pushing it 'out of the way' should
-                resolve the issues.  Users and groups can then be assigned 'low' RIDs
-                in arbitary-rid supporting backends. </para>
-
-		<para>Default: <command>algorithmic rid base = 1000</command></para>
-
-		<para>Example: <command>algorithmic rid base = 100000</command></para>
-		</listitem>
-		</varlistentry>
-		
 		<varlistentry>
 		<term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term>
 		<listitem><para>This option only takes effect when the <link 
@@ -1238,6 +1158,8 @@
 		</listitem>
 		</varlistentry>
 		
+
+
 		<varlistentry>
 		<term><anchor id="ANNOUNCEAS">announce as (G)</term>
 		<listitem><para>This specifies what type of server 
@@ -1264,7 +1186,7 @@
 		<term><anchor id="ANNOUNCEVERSION">announce version (G)</term>
 		<listitem><para>This specifies the major and minor version numbers 
 		that nmbd will use when announcing itself as a server. The default 
-		is 4.2.  Do not change this parameter unless you have a specific 
+		is 4.5.  Do not change this parameter unless you have a specific 
 		need to set a Samba server to be a downlevel server.</para>
 
 		<para>Default: <command>announce version = 4.5</command></para>
@@ -1285,24 +1207,6 @@
 
 
 		<varlistentry>
-		<term><anchor id="AUTHMETHODS">auth methods (G)</term>
-		<listitem><para>This option allows the administrator to chose what
-                authentication methods <command>smbd</command> will use when authenticating
-                a user.  This option defaults to sensible values based on <link linkend="SECURITY"><parameter>
-		security</parameter></link>.
-
-                Each entry in the list attempts to authenticate the user in turn, until
-                the user authenticates.  In practice only one method will ever actually 
-                be able to complete the authentication.
-		</para>
-
-		<para>Default: <command>auth methods = &lt;empty string&gt;</command></para>
-		<para>Example: <command>auth methods = guest sam ntdomain</command></para>
-		</listitem>
-		</varlistentry>
-
-
-		<varlistentry>
 		<term><anchor id="AVAILABLE">available (S)</term>
 		<listitem><para>This parameter lets you "turn off" a service. If 
 		<parameter>available = no</parameter>, then <emphasis>ALL</emphasis> 
@@ -1387,6 +1291,32 @@
 
 
 		<varlistentry>
+		<term><anchor id="BLOCKSIZE">block size (S)</term>
+		<listitem><para>This parameter controls the behavior of <ulink 
+		url="smbd.8.html">smbd(8)</ulink> when reporting disk free sizes.
+		By default, this reports a disk block size of 1024 bytes.</para>
+		
+		<para>Changing this parameter may have some effect on the
+		efficiency of client writes, this is not yet confirmed. This
+		parameter was added to allow advanced administrators to change
+		it (usually to a higher value) and test the effect it has on
+		client write performance without re-compiling the code. As this
+		is an experimental option it may be removed in a future release.
+		</para>
+
+		<para>Changing this option does not change the disk free reporting
+		size, just the block size unit reported to the client.</para>
+
+		<para>Default: <command>block size = 1024</command></para>
+		<para>Example: <command>block size = 65536</command></para>
+
+		</listitem>
+		</varlistentry>
+		
+
+
+		
+		<varlistentry>
 		<term><anchor id="BLOCKINGLOCKS">blocking locks (S)</term>
 		<listitem><para>This parameter controls the behavior of <ulink 
 		url="smbd.8.html">smbd(8)</ulink> when given a request by a client 
@@ -1407,31 +1337,7 @@
 
 		</listitem>
 		</varlistentry>
-	
-		<varlistentry>
-		<term><anchor id="BLOCKSIZE">block size (S)</term>
-		<listitem><para>This parameter controls the behavior of 
-		<ulink url="smbd.8.html">smbd(8)</ulink> when reporting disk free 
-		sizes. By default, this reports a disk block size of 1024 bytes.
-		</para>        
 		
-		<para>Changing this parameter may have some effect on the
-		efficiency of client writes, this is not yet confirmed. This
-		parameter was added to allow advanced administrators to change
-		it (usually to a higher value) and test the effect it has on
-		client write performance without re-compiling the code. As this
-		is an experimental option it may be removed in a future release.
-		</para>
-
-		<para>Changing this option does not change the disk free reporting
-		size, just the block size unit reported to the client.</para>
-
-																		        <para>Default: <command>block size = 1024</command></para>
-																				        <para>Example: <command>block size = 65536</command></para>
-
-																						        </listitem>
-																								        </varlistentry>
-																										
 
 
 		<varlistentry>
@@ -1556,7 +1462,192 @@
 
 
 		
+		<varlistentry>
+		<term><anchor id="CHARACTERSET">character set (G)</term>
+		<listitem><para>This allows <ulink url="smbd.8.html">smbd</ulink> to map incoming filenames 
+		from a DOS Code page (see the <link linkend="CLIENTCODEPAGE">client 
+		code page</link> parameter) to several built in UNIX character sets. 
+		The built in code page translations are:</para>
+		
+		<itemizedlist>
+			<listitem><para><constant>ISO8859-1</constant> : Western European 
+			UNIX character set. The parameter <parameter>client code page</parameter>
+			<emphasis>MUST</emphasis> be set to code page 850 if the 
+			<parameter>character set</parameter> parameter is set to
+			<constant>ISO8859-1</constant> in order for the conversion to the 
+			UNIX character set to be done correctly.</para></listitem>
+
+			<listitem><para><constant>ISO8859-2</constant> : Eastern European 
+			UNIX character set. The parameter <parameter>client code page
+			</parameter> <emphasis>MUST</emphasis> be set to code page 852 if 
+			the <parameter> character set</parameter> parameter is set 
+			to <constant>ISO8859-2</constant> in order for the conversion 
+			to the UNIX character set to be done correctly. </para></listitem>
+
+			<listitem><para><constant>ISO8859-5</constant> : Russian Cyrillic 
+			UNIX character set. The parameter <parameter>client code page
+			</parameter> <emphasis>MUST</emphasis> be set to code page 
+			866 if the <parameter>character set </parameter> parameter is 
+			set to <constant>ISO8859-5</constant> in order for the conversion 
+			to the UNIX character set to be done correctly. </para></listitem>
+
+			<listitem><para><constant>ISO8859-7</constant> : Greek UNIX 
+			character set. The parameter <parameter>client code page
+			</parameter> <emphasis>MUST</emphasis> be set to code page 
+			737 if the <parameter>character set</parameter> parameter is 
+			set to <constant>ISO8859-7</constant> in order for the conversion 
+			to the UNIX character set to be done correctly.</para></listitem>
+ 
+			<listitem><para><constant>KOI8-R</constant> : Alternate mapping 
+			for Russian Cyrillic UNIX character set. The parameter 
+			<parameter>client code page</parameter> <emphasis>MUST</emphasis> 
+			be set to code page 866 if the <parameter>character set</parameter> 
+			parameter is set to <constant>KOI8-R</constant> in order for the 
+			conversion to the UNIX character set to be done correctly.</para>
+			</listitem>
+		</itemizedlist>
+
+		<para><emphasis>BUG</emphasis>. These MSDOS code page to UNIX character 
+		set mappings should be dynamic, like the loading of MS DOS code pages, 
+		not static.</para>
+
+		<para>Normally this parameter is not set, meaning no filename 
+		translation is done.</para>
+
+		<para>Default: <command>character set = &lt;empty string&gt;</command></para>
+		<para>Example: <command>character set = ISO8859-1</command></para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="CLIENTCODEPAGE">client code page (G)</term>
+		<listitem><para>This parameter specifies the DOS code page 
+		that the clients accessing Samba are using. To determine what code 
+		page a Windows or DOS client is using, open a DOS command prompt 
+		and type the command <command>chcp</command>. This will output 
+		the code page. The default for USA MS-DOS, Windows 95, and
+		Windows NT releases is code page 437. The default for western 
+		European releases of the above operating systems is code page 850.</para>
 
+		<para>This parameter tells <ulink url="smbd.8.html">smbd(8)</ulink> 
+		which of the <filename>codepage.<replaceable>XXX</replaceable>
+		</filename> files to dynamically load on startup. These files,
+		described more fully in the manual page <ulink url="make_smbcodepage.1.html">
+		<command>make_smbcodepage(1)</command></ulink>, tell <command>
+		smbd</command> how to map lower to upper case characters to provide 
+		the case insensitivity of filenames that Windows clients expect.</para>
+
+		<para>Samba currently ships with the following code page files :</para>
+
+		<itemizedlist>
+			<listitem><para>Code Page 437 - MS-DOS Latin US</para></listitem>
+			<listitem><para>Code Page 737 - Windows '95 Greek</para></listitem>
+			<listitem><para>Code Page 850 - MS-DOS Latin 1</para></listitem>
+			<listitem><para>Code Page 852 - MS-DOS Latin 2</para></listitem>
+			<listitem><para>Code Page 861 - MS-DOS Icelandic</para></listitem>
+			<listitem><para>Code Page 866 - MS-DOS Cyrillic</para></listitem>
+			<listitem><para>Code Page 932 - MS-DOS Japanese SJIS</para></listitem>
+			<listitem><para>Code Page 936 - MS-DOS Simplified Chinese</para></listitem>
+			<listitem><para>Code Page 949 - MS-DOS Korean Hangul</para></listitem>
+			<listitem><para>Code Page 950 - MS-DOS Traditional Chinese</para></listitem>
+		</itemizedlist>
+
+		<para>Thus this parameter may have any of the values 437, 737, 850, 852,
+		861, 932, 936, 949, or 950.  If you don't find the codepage you need,
+		read the comments in one of the other codepage files and the
+		<command>make_smbcodepage(1)</command> man page and write one. Please 
+		remember to donate it back to the Samba user community.</para>
+
+		<para>This parameter co-operates with the <parameter>valid
+		chars</parameter> parameter in determining what characters are
+		valid in filenames and how capitalization is done. If you set both
+		this parameter and the <parameter>valid chars</parameter> parameter
+		the <parameter>client code page</parameter> parameter 
+		<emphasis>MUST</emphasis> be set before the <parameter>valid 
+		chars</parameter> parameter in the <filename>smb.conf</filename>
+		file. The <parameter>valid chars</parameter> string will then 
+		augment the character settings in the <parameter>client code page</parameter> 
+		parameter.</para>
+
+		<para>If not set, <parameter>client code page</parameter> defaults 
+		to 850.</para>
+
+		<para>See also : <link linkend="VALIDCHARS"><parameter>valid 
+		chars</parameter></link>, <link linkend="CODEPAGEDIRECTORY">
+		<parameter>code page directory</parameter></link></para>
+
+		<para>Default: <command>client code page = 850</command></para>
+		<para>Example: <command>client code page = 936</command></para>
+		</listitem>
+		</varlistentry>
+		
+
+
+
+		<varlistentry>
+		<term><anchor id="CODEPAGEDIRECTORY">code page directory (G)</term>
+		<listitem><para>Define the location of the various client code page
+		files.</para>
+		
+		<para>See also <link linkend="CLIENTCODEPAGE"><parameter>client
+		code page</parameter></link></para>
+		
+		<para>Default: <command>code page directory = ${prefix}/lib/codepages
+		</command></para>
+		<para>Example: <command>code page directory = /usr/share/samba/codepages
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+
+		
+		<varlistentry>
+		<term><anchor id="CODINGSYSTEM">coding system (G)</term>
+		<listitem><para>This parameter is used to determine how incoming 
+		Shift-JIS Japanese characters are mapped from the incoming <link 
+		linkend="CLIENTCODEPAGE"><parameter>client code page</parameter>
+		</link> used by the client, into file names in the UNIX filesystem. 
+		Only useful if <parameter>client code page</parameter> is set to 
+		932 (Japanese Shift-JIS).  The options are :</para>
+
+		<itemizedlist>
+			<listitem><para><constant>SJIS</constant>  - Shift-JIS. Does no 
+			conversion of the incoming filename.</para></listitem>
+			
+			<listitem><para><constant>JIS8, J8BB, J8BH, J8@B, 
+			J8@J, J8@H </constant> - Convert from incoming Shift-JIS to eight 
+			bit JIS code with different shift-in, shift out codes.</para></listitem>
+
+			<listitem><para><constant>JIS7, J7BB, J7BH, J7@B, J7@J, 
+			J7@H </constant> - Convert from incoming Shift-JIS to seven bit 
+			JIS code with different shift-in, shift out codes.</para></listitem>
+
+			<listitem><para><constant>JUNET, JUBB, JUBH, JU@B, JU@J, JU@H </constant> 
+			- Convert from incoming Shift-JIS to JUNET code with different shift-in, 
+			shift out codes.</para></listitem>
+						
+			<listitem><para><constant>EUC</constant> - Convert an incoming 
+			Shift-JIS character to EUC code.</para></listitem>
+			
+			<listitem><para><constant>HEX</constant> - Convert an incoming 
+			Shift-JIS character to a 3 byte hex representation, i.e. 
+			<constant>:AB</constant>.</para></listitem>
+			
+			<listitem><para><constant>CAP</constant> - Convert an incoming 
+			Shift-JIS character to the 3 byte hex representation used by 
+			the Columbia AppleTalk Program (CAP), i.e. <constant>:AB</constant>.  
+			This is used for compatibility between Samba and CAP.</para></listitem>
+		</itemizedlist>
+		
+		<para>Default: <command>coding system = &lt;empty value&gt;</command>
+		</para>
+		</listitem>
+		</varlistentry>
+		
+		
 		
 		<varlistentry>
 		<term><anchor id="COMMENT">comment (S)</term>
@@ -1878,14 +1969,10 @@
 		</listitem>
 		</varlistentry>
 		
-		<varlistentry><term><anchor id="DELETEGROUPSCRIPT">delete group script (G)</term>
-		<listitem><para>This is the full pathname to a script that will 
-		be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8)</ulink> when a group is requested to be deleted. It will expand any <parameter>%g</parameter> to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
-		</para></listitem>
-		</varlistentry>
+
 
 		<varlistentry>
-		<term><anchor id="DELETEPRINTERCOMMAND">deleteprinter command (G)</term>
+		<term><anchor id="DELETEPRINTERCOMMAND">delete printer command (G)</term>
 		<listitem><para>With the introduction of MS-RPC based printer
 		support for Windows NT/2000 clients in Samba 2.2, it is now 
 		possible to delete printer at run time by issuing the 
@@ -1898,19 +1985,19 @@
 		from the print system and from <filename>smb.conf</filename>.
 		</para>
 		
-		<para>The <parameter>deleteprinter command</parameter> is 
+		<para>The <parameter>delete printer command</parameter> is 
 		automatically called with only one parameter: <parameter>
 		"printer name"</parameter>.</para>
 		
 				
-		<para>Once the <parameter>deleteprinter command</parameter> has 
+		<para>Once the <parameter>delete printer command</parameter> has 
 		been executed, <command>smbd</command> will reparse the <filename>
 		smb.conf</filename> to associated printer no longer exists.  
 		If the sharename is still valid, then <command>smbd
 		</command> will return an ACCESS_DENIED error to the client.</para>
 		
 		<para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>
-		addprinter command</parameter></link>, <link 
+		add printer command</parameter></link>, <link 
 		linkend="printing"><parameter>printing</parameter></link>,
 		<link linkend="SHOWADDPRINTERWIZARD"><parameter>show add
 		printer wizard</parameter></link></para>
@@ -1969,7 +2056,7 @@
 		
 		<para>
 		This parameter is only used to remove file shares.  To delete printer shares, 
-		see the <link linkend="DELETEPRINTERCOMMAND"><parameter>deleteprinter 
+		see the <link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer 
 		command</parameter></link>.
 		</para>
 		
@@ -1991,17 +2078,47 @@
 		<varlistentry>
 		<term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term>
 		<listitem><para>This is the full pathname to a script that will 
-		be run by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>
-                when managing user's with remote RPC (NT) tools.
-		</para>
+		be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">
+		<command>smbd(8)</command></ulink> under special circumstances 
+		described below.</para>
 
-                <para>This script is called when a remote client removes a user
-                from the server, normally using 'User Manager for Domains' or
-                <command>rpcclient</command>.
-		</para>
+		<para>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <command>
+		smbd</command> to delete the required UNIX users <emphasis>ON 
+		DEMAND</emphasis> when a user accesses the Samba server and the 
+		Windows NT user no longer exists.</para>
+		
+		<para>In order to use this option, <command>smbd</command> must be 
+		set to <parameter>security = domain</parameter> or <parameter>security =
+		user</parameter> and <parameter>delete user script</parameter> 
+		must be set to a full pathname for a script 
+		that will delete a UNIX user given one argument of <parameter>%u</parameter>, 
+		which expands into the UNIX user name to delete.</para>
 
-		<para>This script should delete the given UNIX username. 
-		</para>
+		<para>When the Windows user attempts to access the Samba server, 
+		at <emphasis>login</emphasis> (session setup in the SMB protocol) 
+		time, <command>smbd</command> contacts the <link linkend="PASSWORDSERVER">
+		<parameter>password server</parameter></link> and attempts to authenticate 
+		the given user with the given password. If the authentication fails 
+		with the specific Domain error code meaning that the user no longer 
+		exists then <command>smbd</command> attempts to find a UNIX user in 
+		the UNIX password database that matches the Windows user account. If 
+		this lookup succeeds, and <parameter>delete user script</parameter> is 
+		set then <command>smbd</command> will all the specified script 
+		<emphasis>AS ROOT</emphasis>, expanding any <parameter>%u</parameter> 
+		argument to be the user name to delete.</para>
+
+		<para>This script should delete the given UNIX username. In this way, 
+		UNIX users are dynamically deleted to match existing Windows NT 
+		accounts.</para>
+
+		<para>See also <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>,
+		<link linkend="PASSWORDSERVER"><parameter>password server</parameter>
+		</link>, <link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter>
+		</link>.</para>
 
 		<para>Default: <command>delete user script = &lt;empty string&gt;
 		</command></para>
@@ -2009,22 +2126,9 @@
 		%u</command></para></listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="DELETEUSERFROMGROUPSCRIPT">delete user from group script (G)</term>
-		<listitem><para>Full path to the script that will be called when 
-		a user is removed from a group using the Windows NT domain administration 
-		tools. It will be run by <ulink url="smbd.8.html">smbd(8)</ulink> 
-		<emphasis>AS ROOT</emphasis>. Any <parameter>%g</parameter> will be 
-		replaced with the group name and any <parameter>%u</parameter> will 
-		be replaced with the user name.
-		</para>
 
-		<para>Default: <command>delete user from group script = </command></para>
 
-		<para>Example: <command>delete user from group script = /usr/sbin/deluser %u %g</command></para>
-		
-		</listitem>
-		</varlistentry>
+
 
 		<varlistentry>
 		<term><anchor id="DELETEVETOFILES">delete veto files (S)</term>
@@ -2217,24 +2321,10 @@
 		</varlistentry>
 
 
-		<varlistentry>
-		<term><anchor id="DISABLENETBIOS">disable netbios (G)</term>
-		<listitem><para>Enabling this parameter will disable netbios support
-		in Samba. Netbios is the only available form of browsing in 
-		all windows versions except for 2000 and XP. </para>
-
-		<para>Note that clients that only support netbios won't be able to 
-		see your samba server when netbios support is disabled.
-		</para>
-
-		<para>Default: <command>disable netbios = no</command></para>
-		<para>Example: <command>disable netbios = yes</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="DISABLESPOOLSS">disable spoolss (G)</term>
-		<listitem><para>Enabling this parameter will disable Samba's support
+		<listitem><para>Enabling this parameter will disables Samba's support
 		for the SPOOLSS set of MS-RPC's and will yield identical behavior
 		as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
 		Lanman style printing commands. Windows 9x/ME will be uneffected by
@@ -2253,19 +2343,6 @@
 		</listitem>
 		</varlistentry>
 		
-		<varlistentry>
-		<term><anchor id="DISPLAYCHARSET">display charset (G)</term>
-		<listitem><para>Specifies the charset that samba will use 
-		to print messages to stdout and stderr and SWAT will use. 
-		Should generally be the same as the <command>unix charset</command>.
-		</para>
-
-		<para>Default: <command>display charset = ASCII</command></para>
-
-		<para>Example: <command>display charset = UTF8</command></para>
-
-		</listitem>
-		</varlistentry>
 		
 		
 		<varlistentry>
@@ -2410,20 +2487,7 @@
 		</listitem>
 		</varlistentry>
 		
-		<varlistentry>
-		<term><anchor id="DOSCHARSET">dos charset (G)</term>
-		<listitem><para>DOS SMB clients assume the server has 
-		the same charset as they do. This option specifies which 
-		charset Samba should talk to DOS clients.
-		</para>
 
-		<para>The default depends on which charsets you have instaled. 
-		Samba tries to use charset 850 but falls back to ASCII in 
-		case it is not available. Run <ulink url="testparm.1.html">testparm(1)
-		</ulink> to check the default on your system.
-		</para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="DOSFILEMODE">dos filemode (S)</term>
@@ -2501,11 +2565,11 @@
 		</filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command>
 		smbpasswd(8)</command></ulink> program for information on how to set up 
  		and maintain this file), or set the <link
-		linkend="SECURITY">security = [server|domain|ads]</link> parameter which 
+		linkend="SECURITY">security = [server|domain]</link> parameter which 
 		causes <command>smbd</command> to authenticate against another 
 		server.</para>
 		
-		<para>Default: <command>encrypt passwords = yes</command></para></listitem>
+		<para>Default: <command>encrypt passwords = no</command></para></listitem>
 		</varlistentry>
 
 
@@ -2710,7 +2774,8 @@
 		
 		
 		<varlistentry>
-		<term><anchor id="FORCEDIRECTORYSECURITYMODE">force directory security mode (S)</term>
+		<term><anchor id="FORCEDIRECTORYSECURITYMODE">force directory 
+		security mode (S)</term>
 		<listitem><para>This parameter controls what UNIX permission bits 
 		can be modified when a Windows NT client is manipulating the UNIX 
 		permission on a directory using the native NT security dialog box.</para>
@@ -2781,6 +2846,8 @@
 		</listitem>
 		</varlistentry>
 
+
+
 		<varlistentry>
 		<term><anchor id="FORCESECURITYMODE">force security mode (S)</term>
 		<listitem><para>This parameter controls what UNIX permission 
@@ -2814,12 +2881,38 @@
 		<para>Example: <command>force security mode = 700</command></para>
 		</listitem>
 		</varlistentry>
-
-
 		
 		
 		
 		<varlistentry>
+		<term><anchor id="FORCEUNKNOWNACLUSER">force unknown acl user (S)</term>
+		<listitem><para>If this parameter is set, a Windows NT ACL that contains
+		an unknown SID (security descriptor, or representation of a user or group id)
+		as the owner or group owner of the file will be silently mapped into the
+		current UNIX uid or gid of the currently connected user.</para>
+
+		<para>This is designed to allow Windows NT clients to copy files and
+		folders containing ACLs that were created locally on the client machine
+		and contain users local to that machine only (no domain users) to be
+		copied to a Samba server (usually with XCOPY /O) and have the unknown
+		userid and groupid of the file owner map to the current connected user.
+		This can only be fixed correctly when winbindd allows arbitrary mapping
+		from any Windows NT SID to a UNIX uid or gid.</para>
+
+		<para>Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+		</para>
+
+		<para>See also <link linkend="FORCEGROUP"><parameter>force group
+		</parameter></link></para>
+
+		<para>Default: <emphasis>False</emphasis></para>
+		<para>Example: <command>force unknown acl user = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
 		<term><anchor id="FORCEUSER">force user (S)</term>
 		<listitem><para>This specifies a UNIX user name that will be 
 		assigned as the default user for all users connecting to this service. 
@@ -2903,10 +2996,6 @@
 		<command>su -</command> command) and trying to print using the 
 		system print command such as <command>lpr(1)</command> or <command>
 		lp(1)</command>.</para>
-
-	        <para>This paramater does not accept % macros, because
-	        many parts of the system require this value to be
-	        constant for correct operation.</para>
 		
 		<para>Default: <emphasis>specified at compile time, usually 
 		"nobody"</emphasis></para>
@@ -3007,24 +3096,14 @@
 
 
 		<varlistentry>
-		<term><anchor id="HIDEUNREADABLE">hide unreadable (G)</term>
+		<term><anchor id="HIDEUNREADABLE">hide unreadable (S)</term>
 		<listitem><para>This parameter prevents clients from seeing the
 		existance of files that cannot be read. Defaults to off.</para>
 
-		<para>Default: <command>hide unreadable = no</command></para>
-		</listitem>
+		<para>Default: <command>hide unreadable = no</command></para></listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="HIDEUNWRITEABLEFILES">hide unwriteable files (G)</term>
-		<listitem><para>This parameter prevents clients from seeing
-		the existance of files that cannot be written to. Defaults to off.
-		Note that unwriteable directories are shown as usual.
-		</para>
 
-		<para>Default: <command>hide unwriteable = no</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="HOMEDIRMAP">homedir map (G)</term>
@@ -3076,21 +3155,6 @@
 		<para>Default: <command>host msdfs = no</command></para>
 		</listitem>
 		</varlistentry>
-		
-		<varlistentry>
-		<term><anchor id="HOSTNAMELOOKUPS">hostname lookups (G)</term>
-		<listitem><para>Specifies whether samba should use (expensive)
-		hostname lookups or use the ip addresses instead. An example place
-		where hostname lookups are currently used is when checking 
-		the <command>hosts deny</command> and <command>hosts allow</command>.
-		</para>
-
-		<para>Default: <command>hostname lookups = yes</command></para>
-
-		<para>Example: <command>hostname lookups = no</command></para>
-
-		</listitem>
-		</varlistentry>
 
 	
 		<varlistentry>
@@ -3439,11 +3503,11 @@
 		with Windows 2000. Note that due to Windows 2000 client redirector bugs
 		this requires Samba to be running on a 64-bit capable operating system such
 		as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
-		Windows 2000 clients. Defaults to on. Not as tested as some other Samba
+		Windows 2000 clients. Defaults to off. Not as tested as some other Samba
 		code paths.
 		</para>
 		
-		<para>Default : <command>large readwrite = yes</command></para>
+		<para>Default : <command>large readwrite = no</command></para>
 		</listitem>
 		</varlistentry>
 
@@ -3451,9 +3515,16 @@
 
 		<varlistentry>
 		<term><anchor id="LDAPADMINDN">ldap admin dn (G)</term>
-		<listitem><para> The <parameter>ldap admin dn</parameter> defines the Distinguished 
-		Name (DN) name used by Samba to contact the ldap server when retreiving 
-		user account information. The <parameter>ldap
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+
+		<para>
+		The <parameter>ldap admin dn</parameter> defines the Distinguished 
+		Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap
+		server</link> when retreiving user account information. The <parameter>ldap
 		admin dn</parameter> is used in conjunction with the admin dn password
 		stored in the <filename>private/secrets.tdb</filename> file.  See the
 		<ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man
@@ -3470,42 +3541,46 @@
 
 		<varlistentry>
 		<term><anchor id="LDAPFILTER">ldap filter (G)</term>
-		<listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter.
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+
+		<para>
+		This parameter specifies the RFC 2254 compliant LDAP search filter.
 		The default is to match the login name with the <constant>uid</constant> 
 		attribute for all entries matching the <constant>sambaAccount</constant>		
 		objectclass.  Note that this filter should only return one entry.
 		</para>
 	
 		
-		<para>Default : <command>ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</command></para>
+		<para>Default : <command>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para>
 		</listitem>
 		</varlistentry>
 
 
+
+
 		<varlistentry>
-		<term><anchor id="LDAPSSL">ldap ssl (G)</term>
-		<listitem><para>This option is used to define whether or not Samba should
-		use SSL when connecting to the ldap server
-		This is <emphasis>NOT</emphasis> related to
-		Samba's previous SSL support which was enabled by specifying the 
-		<command>--with-ssl</command> option to the <filename>configure</filename> 
-		script.
+		<term><anchor id="LDAPPORT">ldap port (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
 		</para>
 		
 		<para>
-		The <parameter>ldap ssl</parameter> can be set to one of three values:
-		</para>	
-		<itemizedlist>
-			<listitem><para><parameter>On</parameter>  =  Always use SSL when contacting the 
-			<parameter>ldap	server</parameter>.</para></listitem>
-			
-			<listitem><para><parameter>Off</parameter> = Never use SSL when querying the directory.</para></listitem>
+		This option is used to control the tcp port number used to contact
+		the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>.
+		The default is to use the stand LDAPS port 636.
+		</para>
 
-			<listitem><para><parameter>Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation 
-			(RFC2830) for communicating with the directory server.</para></listitem>
-		</itemizedlist>		
+		<para>See Also: <link linkend="LDAPSSL">ldap ssl</link>
+		</para>
 		
-		<para>Default : <command>ldap ssl = on</command></para>
+		<para>Default : <command>ldap port = 636 ; if ldap ssl = on</command></para>
+		<para>Default : <command>ldap port = 389 ; if ldap ssl = off</command></para>
 		</listitem>
 		</varlistentry>
 
@@ -3513,31 +3588,67 @@
 
 
 		<varlistentry>
-		<term><anchor id="LDAPSUFFIX">ldap suffix (G)</term>
-		<listitem>
-		<para>Default : <emphasis>none</emphasis></para>
+		<term><anchor id="LDAPSERVER">ldap server (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</para>
+		
+		<para>
+		This parameter should contains the FQDN of the ldap directory 
+		server which should be queried to locate user account information.
+		</para>
+		
+	
+		
+		<para>Default : <command>ldap server = localhost</command></para>
 		</listitem>
 		</varlistentry>
 
 
 
+
 		<varlistentry>
-		<term><anchor id="LDAPUSERSUFFIX">ldap user suffix (G)</term>
-	        <listitem><para>It specifies where users are added to the tree.
+		<term><anchor id="LDAPSSL">ldap ssl (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
 		</para>
 		
-	
+		<para>
+		This option is used to define whether or not Samba should
+		use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap
+		server</parameter></link>.  This is <emphasis>NOT</emphasis> related to
+		Samba SSL support which is enabled by specifying the 
+		<command>--with-ssl</command> option to the <filename>configure</filename> 
+		script (see <link linkend="SSL"><parameter>ssl</parameter></link>).
+		</para>
 		
-		<para>Default : <emphasis>none</emphasis></para>
+		<para>
+		The <parameter>ldap ssl</parameter> can be set to one of three values:
+		(a) <constant>on</constant> - Always use SSL when contacting the 
+		<parameter>ldap	server</parameter>, (b) <constant>off</constant> -
+		Never use SSL when querying the directory, or (c) <constant>start_tls</constant> 
+		- Use the LDAPv3 StartTLS extended operation 
+		(RFC2830) for communicating with the directory server.
+		</para>
+		
+		
+		<para>Default : <command>ldap ssl = on</command></para>
 		</listitem>
 		</varlistentry>
 
 
 
+
 		<varlistentry>
-		<term><anchor id="LDAPMACHINESUFFIX">ldap machine suffix (G)</term>
-		<listitem><para>It specifies where machines should be 
-                added to the ldap tree.
+		<term><anchor id="LDAPSUFFIX">ldap suffix (G)</term>
+		<listitem><para>This parameter is only available if Samba has been
+		configure to include the <command>--with-ldapsam</command> option
+		at compile time. This option should be considered experimental and
+		under active development.
 		</para>
 		
 	
@@ -3546,29 +3657,7 @@
 		</listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="LDAPPASSWDSYNC">ldap passwd sync (G)</term>
-		<listitem><para>This option is used to define whether
-		or not Samba should sync the LDAP password with the NT
-		and LM hashes for normal accounts (NOT for
-		workstation, server or domain trusts) on a password
-		change via SAMBA.  
-		</para>
 
-		<para>
-		The <parameter>ldap passwd sync</parameter> can be set to one of three values:
-		</para>
-		<itemizedlist>
-			<listitem><para><parameter>Yes</parameter>  =  Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem>
-			
-			<listitem><para><parameter>No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem>
-
-			<listitem><para><parameter>Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem>
-		</itemizedlist>		
-		
-		<para>Default : <command>ldap passwd sync = no</command></para>
-		</listitem>
-		</varlistentry>
 
 
 
@@ -3798,18 +3887,15 @@
 
 		<varlistentry>
 		<term><anchor id="LOGLEVEL">log level (G)</term>
-		<listitem><para>The value of the parameter (a astring) allows 
+		<listitem><para>The value of the parameter (an integer) allows 
 		the debug level (logging level) to be specified in the 
-		<filename>smb.conf</filename> file. This parameter has been
-		extended since 2.2.x series, now it allow to specify the debug
-		level for multiple debug classes. This is to give greater 
+		<filename>smb.conf</filename> file. This is to give greater 
 		flexibility in the configuration of the system.</para>
 
 		<para>The default will be the log level specified on 
 		the command line or level zero if none was specified.</para>
 
-		<para>Example: <command>log level = 3 passdb:5 auth:10 winbind:2
-		</command></para></listitem>
+		<para>Example: <command>log level = 3</command></para></listitem>
 		</varlistentry>
 
 
@@ -4265,7 +4351,7 @@
 		<para>See the section on <link linkend="NAMEMANGLINGSECT">
 		NAME MANGLING</link> for details on how to control the mangling process.</para>
 
-		<para>If mangling is used then the mangling algorithm is as follows:</para>
+		<para>If mangling algorithm "hash" is used then the mangling algorithm is as follows:</para>
 
 		<itemizedlist>
 			<listitem><para>The first (up to) five alphanumeric characters 
@@ -4305,6 +4391,40 @@
 		in a directory share the same first five alphanumeric characters. 
 		The probability of such a clash is 1/1300.</para>
 
+		<para>If mangling algorithm "hash2" is used then the mangling algorithm is as follows:</para>
+
+		<itemizedlist>
+			<listitem><para>The first alphanumeric character 
+			before the rightmost dot of the filename is preserved, forced 
+			to upper case, and appears as the first character of the mangled name.
+			</para></listitem>
+		
+			<listitem><para>A base63 hash of 5 characters is generated and the
+			first 4 characters of that hash are appended to the first character.
+			</para></listitem>
+
+			<listitem><para>A tilde "~" is appended to the first part of the mangled
+			name, followed by the final character of the base36 hash of the name.
+			</para>
+
+			<para>Note that the character to use may be specified using 
+			the <link linkend="MANGLINGCHAR"><parameter>mangling char</parameter>
+			</link> option, if you don't like '~'.</para></listitem>
+
+			<listitem><para>The first three alphanumeric characters of the final 
+			extension are preserved, forced to upper case and appear as the 
+			extension of the mangled name. The final extension is defined as that 
+			part of the original filename after the rightmost dot. If there are no 
+			dots in the filename, the mangled name will have no extension (except 
+			in the case of "hidden files" - see below).</para></listitem>
+
+			<listitem><para>Files whose UNIX name begins with a dot will be 
+			presented as DOS hidden files. The mangled name will be created as 
+			for other filenames, but with the leading dot removed and "___" as 
+			its extension regardless of actual original extension (that's three 
+			underscores).</para></listitem>
+		</itemizedlist>
+
 		<para>The name mangling (if enabled) allows a file to be 
 		copied between UNIX directories from Windows/DOS while retaining 
 		the long UNIX filename. UNIX files can be renamed to a new extension 
@@ -4315,22 +4435,8 @@
 		</listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="MANGLINGMETHOD">mangling method (G)</term>
-		<listitem><para> controls the algorithm used for the generating
-		the mangled names. Can take two different values, "hash" and
-		"hash2". "hash" is  the default and is the algorithm that has been
-		used in Samba for many years. "hash2" is a newer and considered
-		a better algorithm (generates less collisions) in the names.
-		However, many Win32 applications store the mangled names and so
-		changing to the new algorithm must not be done
-		lightly as these applications may break unless reinstalled.
-		New installations of Samba may set the default to hash2.</para>
-		<para>Default: <command>mangling method = hash</command></para>
-		<para>Example: <command>mangling method = hash2</command></para>
-		</listitem>
-		</varlistentry>
 
+		
 		<varlistentry>
 		<term><anchor id="MANGLEDSTACK">mangled stack (G)</term>
 		<listitem><para>This parameter controls the number of mangled names 
@@ -4372,6 +4478,21 @@
 		</varlistentry>
 		
 		
+		<varlistentry>
+		<term><anchor id="MANGLINGMETHOD">mangling mathod(G)</term>
+                <listitem><para> controls the algorithm used for the generating
+                the mangled names. Can take two different values, "hash" and
+                "hash2". "hash" is  the default and is the algorithm that has been
+                used in Samba for many years. "hash2" is a newer and considered
+                a better algorithm (generates less collisions) in the names.
+                However, many Win32 applications store the mangled names and so
+		changing to the new algorithm must not be done
+                lightly as these applications may break unless reinstalled.
+                New installations of Samba may set the default to hash2.</para>
+		<para>Default: <command>mangling method = hash</command></para>
+		<para>Example: <command>mangling method = hash2</command></para>
+		</listitem>
+		</varlistentry>
 
 
 
@@ -4868,18 +4989,6 @@
 		</listitem>
 		</varlistentry>
 	  
-		<varlistentry>
-		<term><anchor id="NAMECACHETIMEOUT">name cache timeout (G)</term>
-		<listitem><para>Specifies the number of seconds it takes before 
-		entries in samba's hostname resolve cache time out. If 
-		the timeout is set to 0. the caching is disabled.
-		</para>
-
-
-		<para>Default: <command>name cache timeout = 660</command></para>
-		<para>Example: <command>name cache timeout = 0</command></para>
-		</listitem>
-		</varlistentry>
 	  
 		<varlistentry> 
 		<term><anchor id="NAMERESOLVEORDER">name resolve order (G)</term>
@@ -5017,30 +5126,6 @@
 
 
 		<varlistentry>
-		<term><anchor id="NONUNIXACCOUNTRANGE">non unix account range (G)</term>
-		<listitem><para>The non unix account range parameter specifies 
-                the range of 'user ids' that are allocated by the various 'non unix 
-                account' passdb backends.  These backends allow
-                the storage of passwords for users who don't exist in /etc/passwd.  
-                This is most often used for machine account creation. 
-                This range of ids should have no existing local or NIS users within 
-                it as strange conflicts can occur otherwise.</para>
-
-                <para>NOTE: These userids never appear on the system and Samba will never
-                'become' these users. They are used only to ensure that the algorithmic 
-                RID mapping does not conflict with normal users.
-		</para>
-
-		<para>Default: <command>non unix account range = &lt;empty string&gt;
-		</command></para>
-		
-		<para>Example: <command>non unix account range = 10000-20000</command></para>
-		</listitem>
-		</varlistentry>
-
-
-
-		<varlistentry>
 		<term><anchor id="NTACLSUPPORT">nt acl support (S)</term>
 		<listitem><para>This boolean parameter controls whether 
 		<ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map 
@@ -5069,6 +5154,27 @@
 
 
 		<varlistentry>
+		<term><anchor id="NTSMBSUPPORT">nt smb support (G)</term>
+		<listitem><para>This boolean parameter controls whether <ulink
+		url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific SMB
+		support with Windows NT/2k/XP clients. Although this is a developer
+		debugging option and should be left alone, benchmarking has discovered
+		that Windows NT clients give faster performance with this option
+		set to <constant>no</constant>. This is still being investigated.
+	 	If this option is set to <constant>no</constant> then Samba offers
+		exactly the same SMB calls that versions prior to Samba 2.0 offered.
+		This information may be of use if any users are having problems
+		with NT SMB support.</para>
+
+		<para>You should not need to ever disable this parameter.</para>
+
+		<para>Default: <command>nt smb support = yes</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
 		<term><anchor id="NTSTATUSSUPPORT">nt status support (G)</term>
 		<listitem><para>This boolean parameter controls whether <ulink
 		url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status
@@ -5085,6 +5191,7 @@
 		</varlistentry>
 
 
+
 		<varlistentry>
 		<term><anchor id="NULLPASSWORDS">null passwords (G)</term>
 		<listitem><para>Allow or disallow client access to accounts 
@@ -5227,19 +5334,7 @@
 		</listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="NTLMAUTH">ntlm auth (G)</term>
-		<listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will
-		attempt to authenticate users using the NTLM password hash.
-		If disabled, only the lanman password hashes will be used. 
-		</para>
 
-		<para>Please note that at least this option or <command>lanman auth</command> should be enabled in order to be able to log in.
-		</para>
-		
-		<para>Default : <command>ntlm auth = yes</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="OSLEVEL">os level (G)</term>
@@ -5320,98 +5415,6 @@
 		</listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="PARANOIDSERVERSECURITY">paranoid server security (G)</term>
-		<listitem><para>Some version of NT 4.x allow non-guest 
-		users with a bad passowrd. When this option is enabled, samba will not 
-		use a broken NT 4.x server as password server, but instead complain
-		to the logs and exit.
-		</para>
-
-		<para>Default: <command>paranoid server security = yes</command></para>
-
-		</listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term><anchor id="PASSDBBACKEND">passdb backend (G)</term>
-		<listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both 
-                smbpasswd and tdbsam to be used without a recompile. 
-                Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified.
-                Experimental backends must still be selected
-                (eg --with-tdbsam) at configure time.
-		</para>
-
-                <para>This parameter is in two parts, the backend's name, and a 'location'
-                string that has meaning only to that particular backed.  These are separated
-                by a : character.</para>
-
-                <para>Available backends can include:
-                <itemizedlist>
-			<listitem><para><command>smbpasswd</command> - The default smbpasswd
-                        backend.  Takes a path to the smbpasswd file as an optional argument.</para></listitem>
-			
-			<listitem><para><command>smbpasswd_nua</command> - The smbpasswd
-                        backend, but with support for 'not unix accounts'.  
-                        Takes a path to the smbpasswd file as an optional argument.</para>
-                        <para>See also <link linkend="NONUNIXACCOUNTRANGE">
-                        <parameter>non unix account range</parameter></link></para></listitem>
-
-			<listitem><para><command>tdbsam</command> - The TDB based password storage
-                        backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-                        in the <link linkend="PRIVATEDIR">
-                        <parameter>private dir</parameter></link> directory.</para></listitem>
-			
-			<listitem><para><command>tdbsam_nua</command> - The TDB based password storage
-                        backend, with non unix account support.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-                        in the <link linkend="PRIVATEDIR">
-                        <parameter>private dir</parameter></link> directory.</para>
-                        <para>See also <link linkend="NONUNIXACCOUNTRANGE">
-                        <parameter>non unix account range</parameter></link></para></listitem>
-			
-			<listitem><para><command>ldapsam</command> - The LDAP based passdb 
-                        backend.  Takes an LDAP URL as an optional argument (defaults to 
-                        <command>ldap://localhost</command>)</para></listitem>
-			
-			<listitem><para><command>ldapsam_nua</command> - The LDAP based passdb 
-                        backend, with non unix account support.  Takes an LDAP URL as an optional argument (defaults to 
-                        <command>ldap://localhost</command>)</para>
-                        <para>See also <link linkend="NONUNIXACCOUNTRANGE">
-                        <parameter>non unix account range</parameter></link></para></listitem>
-			
-			<listitem><para><command>nisplussam</command> - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. </para></listitem>
-			
-			<listitem><para><command>plugin</command> - Allows Samba to load an 
-                        arbitary passdb backend from the .so specified as a compulsary argument.
-                        </para>
-
-                        <para>Any characters after the (optional) second : are passed to the plugin
-                        for its own processing</para>
-                        </listitem>
-		
-			<listitem><para><command>unixsam</command> - Allows samba to map all (other) available unix users</para>
-
-			<para>This backend uses the standard unix database for retrieving users. Users included 
-                        in this pdb are NOT listed in samba user listings and users included in this pdb won't be 
-                        able to login. The use of this backend is to always be able to display the owner of a file 
-                        on the samba server - even when the user doesn't have a 'real' samba account in one of the 
-                        other passdb backends.
-			</para>
-
-			<para>This backend should always be the last backend listed, since it contains all users in 
-                        the unix passdb and might 'override' mappings if specified earlier. It's meant to only return 
-                        accounts for users that aren't covered by the previous backends.</para>
-			</listitem>
-		</itemizedlist>
-		</para>
-
-		<para>Default: <command>passdb backend = smbpasswd unixsam</command></para>
-		<para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam</command></para>
-		<para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam</command></para>
-		<para>Example: <command>passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para>
-		</listitem>
-		</varlistentry>
-
 
 		<varlistentry>
 		<term><anchor id="PASSWDCHAT">passwd chat (G)</term>
@@ -6236,24 +6239,10 @@
 		[printers]</link> section.</para>
 		</listitem>
 		</varlistentry>
-
-
-
 		
-		<varlistentry>
-		<term><anchor id="PRIVATEDIR">private dir (G)</term>
-		<listitem><para>This parameters defines the directory
-		smbd will use for storing such files as <filename>smbpasswd</filename>
-		and <filename>secrets.tdb</filename>.
-		</para>
 				
-		<para>Default :<command>private dir = ${prefix}/private</command></para>
-		</listitem>
-		</varlistentry>
-		
 		
 		
-
 		<varlistentry>
 		<term><anchor id="PROTOCOL">protocol (G)</term>
 		<listitem><para>Synonym for <link linkend="MAXPROTOCOL">
@@ -6432,18 +6421,6 @@
 		</varlistentry>
 
 
-		<varlistentry>
-		<term><anchor id="REALM">realm (G)</term>
-		<listitem><para>
-		This option specifies the kerberos realm to use. The realm is 
-		used as the ADS equivalent of the NT4<command>domain</command>. It
-		is usually set to the DNS name of the kerberos server.
-		</para>
-		
-		<para>Default: <command>realm = </command></para>
-		<para>Example: <command>realm = mysambabox.mycompany.com</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="REMOTEANNOUNCE">remote announce (G)</term>
@@ -7044,49 +7021,6 @@
 
 
 
-		<varlistentry>
-		<term><anchor id="SHUTDOWNSCRIPT">shutdown script (G)</term>
-		<listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis>
-		This a full path name to a script called by
-		<ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that
-		should start a shutdown procedure.</para>
-
-		<para>This command will be run as the user connected to the
-		server.</para>
-
-		<para>%m %t %r %f parameters are expanded</para>
-		<para><parameter>%m</parameter> will be substituted with the
-		shutdown message sent to the server.</para>
-		<para><parameter>%t</parameter> will be substituted with the
-		number of seconds to wait before effectively starting the
-		shutdown procedure.</para>
-		<para><parameter>%r</parameter> will be substituted with the
-		switch <emphasis>-r</emphasis>. It means reboot after shutdown
-		for NT.
-		</para>
-		<para><parameter>%f</parameter> will be substituted with the
-		switch <emphasis>-f</emphasis>. It means force the shutdown
-		even if applications do not respond for NT.</para>
-
-		<para>Default: <emphasis>None</emphasis>.</para>
-		<para>Example: <command>abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para>
-		<para>Shutdown script example:
-		<programlisting>
-		#!/bin/bash
-		
-		$time=0
-		let "time/60"
-		let "time++"
-
-		/sbin/shutdown $3 $4 +$time $1 &
-		</programlisting>
-		Shutdown does not return so we need to launch it in background.
-		</para>
-
-		<para>See also <link linkend="ABORTSHUTDOWNSCRIPT"><parameter>abort shutdown script</parameter></link>.</para>
-		</listitem>
-		</varlistentry>
-
 
 		<varlistentry>
 		<term><anchor id="SMBPASSWDFILE">smb passwd file (G)</term>
@@ -7103,16 +7037,7 @@
 		</varlistentry>
 
 
-		<varlistentry>
-		<term><anchor id="SMBPORTS">smb ports (G)</term>
-		<listitem><para>Specifies which ports the server should listen on
-		for SMB traffic.
-		</para>
 
-		<para>Default: <command>smb ports = 445 139</command></para>
-
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="SOCKETADDRESS">socket address (G)</term>
@@ -7227,12 +7152,349 @@
 		/usr/local/smb_env_vars</command></para>
 		</listitem>
 		</varlistentry>
-<varlistentry>
-<term><anchor id="SPNEGO">use spnego (G)</term>
-<listitem><para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism.  As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller.  It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</para>
-<para>Default:  <emphasis>use spnego = yes</emphasis></para>
-</listitem>
-</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSL">ssl (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable enables or disables the entire SSL mode. If 
+		it is set to <constant>no</constant>, the SSL-enabled Samba behaves 
+		exactly like the non-SSL Samba. If set to <constant>yes</constant>, 
+		it depends on the variables <link linkend="SSLHOSTS"><parameter>
+		ssl hosts</parameter></link> and <link linkend="SSLHOSTSRESIGN">
+		<parameter>ssl hosts resign</parameter></link> whether an SSL 
+		connection will be required.</para>
+
+		<para>Default: <command>ssl = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCACERTDIR">ssl CA certDir (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable defines where to look up the Certification
+		Authorities. The given directory should contain one file for 
+		each CA that Samba will trust.  The file name must be the hash 
+		value over the "Distinguished Name" of the CA. How this directory 
+		is set up is explained later in this document. All files within the 
+		directory that don't fit into this naming scheme are ignored. You 
+		don't need this variable if you don't verify client certificates.</para>
+
+		<para>Default: <command>ssl CA certDir = /usr/local/ssl/certs
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCACERTFILE">ssl CA certFile (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable is a second way to define the trusted CAs. 
+		The certificates of the trusted CAs are collected in one big 
+		file and this variable points to the file. You will probably 
+		only use one of the two ways to define your CAs. The first choice is 
+		preferable if you have many CAs or want to be flexible, the second 
+		is preferable if you only have one CA and want to keep things 
+		simple (you won't need to create the hashed file names). You 
+		don't need this variable if you don't verify client certificates.</para>
+
+		<para>Default: <command>ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCIPHERS">ssl ciphers (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable defines the ciphers that should be offered 
+		during SSL negotiation. You should not set this variable unless 
+		you know what you are doing.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLCLIENTCERT">ssl client cert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>The certificate in this file is used by <ulink url="smbclient.1.html">
+		<command>smbclient(1)</command></ulink> if it exists. It's needed 
+		if the server requires a client certificate.</para>
+
+		<para>Default: <command>ssl client cert = /usr/local/ssl/certs/smbclient.pem
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCLIENTKEY">ssl client key (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This is the private key for <ulink url="smbclient.1.html">
+		<command>smbclient(1)</command></ulink>. It's only needed if the 
+		client should have a certificate. </para>
+
+		<para>Default: <command>ssl client key = /usr/local/ssl/private/smbclient.pem
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLCOMPATIBILITY">ssl compatibility (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This variable defines whether OpenSSL should be configured 
+		for bug compatibility with other SSL implementations. This is 
+		probably not desirable because currently no clients with SSL 
+		implementations other than OpenSSL exist.</para>
+
+		<para>Default: <command>ssl compatibility = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLEGDSOCKET">ssl egd socket (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+		
+		<para>
+		This option is used to define the location of the communiation socket of 
+		an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
+		can be used instead of or together with the <link 
+		linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link> 
+		directive. 255 bytes of entropy will be retrieved from the daemon.
+		</para>
+
+		<para>Default: <emphasis>none</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLENTROPYBYTES">ssl entropy bytes (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+		
+		<para>
+		This parameter is used to define the number of bytes which should 
+		be read from the <link linkend="SSLENTROPYFILE"><parameter>ssl entropy 
+		file</parameter></link> If a -1 is specified, the entire file will
+		be read.
+		</para>
+
+		<para>Default: <command>ssl entropy bytes = 255</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLENTROPYFILE">ssl entropy file (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+		
+		<para>
+		This parameter is used to specify a file from which processes will 
+		read "random bytes" on startup.  In order to seed the internal pseudo 
+		random number generator, entropy must be provided. On system with a 
+		<filename>/dev/urandom</filename> device file, the processes
+		will retrieve its entropy from the kernel. On systems without kernel
+		entropy support, a file can be supplied that will be read on startup
+		and that will be used to seed the PRNG.
+		</para>
+
+		<para>Default: <emphasis>none</emphasis></para>
+		</listitem>
+		</varlistentry>
+
+		
+
+		<varlistentry>
+		<term><anchor id="SSLHOSTS">ssl hosts (G)</term>
+		<listitem><para>See <link linkend="SSLHOSTSRESIGN"><parameter>
+		ssl hosts resign</parameter></link>.</para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLHOSTSRESIGN">ssl hosts resign (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>These two variables define whether Samba will go 
+		into SSL mode or not. If none of them is defined, Samba will 
+		allow only SSL connections. If the <link linkend="SSLHOSTS">
+		<parameter>ssl hosts</parameter></link> variable lists
+		hosts (by IP-address, IP-address range, net group or name), 
+		only these hosts will be forced into SSL mode. If the <parameter>
+		ssl hosts resign</parameter> variable lists hosts, only these 
+		hosts will <emphasis>NOT</emphasis> be forced into SSL mode. The syntax for these two 
+		variables is the same as for the <link linkend="HOSTSALLOW"><parameter>
+		hosts allow</parameter></link> and <link linkend="HOSTSDENY">
+		<parameter>hosts deny</parameter></link> pair of variables, only 
+		that the subject of the decision is different: It's not the access 
+		right but whether SSL is used or not. </para>
+
+		<para>The example below requires SSL connections from all hosts
+		outside the local net (which is 192.168.*.*).</para>
+
+		<para>Default: <command>ssl hosts = &lt;empty string&gt;</command></para>
+		<para><command>ssl hosts resign = &lt;empty string&gt;</command></para>
+
+		<para>Example: <command>ssl hosts resign = 192.168.</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLREQUIRECLIENTCERT">ssl require clientcert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>If this variable is set to <constant>yes</constant>, the 
+		server will not tolerate connections from clients that don't 
+		have a valid certificate. The directory/file given in <link
+		linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter>
+		</link> and <link linkend="SSLCACERTFILE"><parameter>ssl CA certFile
+		</parameter></link> will be used to look up the CAs that issued 
+		the client's certificate. If the certificate can't be verified 
+		positively, the connection will be terminated.  If this variable 
+		is set to <constant>no</constant>, clients don't need certificates. 
+		Contrary to web applications you really <emphasis>should</emphasis> 
+		require client certificates. In the web environment the client's 
+		data is sensitive (credit card numbers) and the server must prove 
+		to be trustworthy. In a file server environment the server's data 
+		will be sensitive and the clients must prove to be trustworthy.</para>
+
+		<para>Default: <command>ssl require clientcert = no</command></para>
+		</listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term><anchor id="SSLREQUIRESERVERCERT">ssl require servercert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>If this variable is set to <constant>yes</constant>, the 
+		<ulink url="smbclient.1.html"><command>smbclient(1)</command>
+		</ulink> will request a certificate from the server. Same as 
+		<link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require 
+		clientcert</parameter></link> for the server.</para>
+
+		<para>Default: <command>ssl require servercert = no</command>
+		</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term><anchor id="SSLSERVERCERT">ssl server cert (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This is the file containing the server's certificate. 
+		The server <emphasis>must</emphasis> have a certificate. The 
+		file may also contain the server's private key. See later for 
+		how certificates and private keys are created.</para>
+
+		<para>Default: <command>ssl server cert = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLSERVERKEY">ssl server key (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This file contains the private key of the server. If 
+		this variable is not defined, the key is looked up in the 
+		certificate file (it may be appended to the certificate). 
+		The server <emphasis>must</emphasis> have a private key
+		and the certificate <emphasis>must</emphasis> 
+		match this private key.</para>
+
+		<para>Default: <command>ssl server key = &lt;empty string&gt;
+		</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term><anchor id="SSLVERSION">ssl version (G)</term>
+		<listitem><para>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <command>--with-ssl</command> was 
+		given at configure time.</para>
+
+		<para>This enumeration variable defines the versions of the 
+		SSL protocol that will be used. <constant>ssl2or3</constant> allows 
+		dynamic negotiation of SSL v2 or v3, <constant>ssl2</constant> results 
+		in SSL v2, <constant>ssl3</constant> results in SSL v3 and
+		<constant>tls1</constant> results in TLS v1. TLS (Transport Layer 
+		Security) is the new standard for SSL.</para>
+
+		<para>Default: <command>ssl version = "ssl2or3"</command></para>
+		</listitem>
+		</varlistentry>
+
+
 
 		<varlistentry>
 		<term><anchor id="STATCACHE">stat cache (G)</term>
@@ -7343,9 +7605,11 @@
 
 		<varlistentry>
 		<term><anchor id="STRIPDOT">strip dot (G)</term>
-		<listitem><para>This is a boolean that controls whether to 
-		strip trailing dots off UNIX filenames. This helps with some 
-		CDROMs that have filenames ending in a single dot.</para>
+		<listitem><para>This parameter is now unused in Samba (2.2.5 and above).
+		It used strip trailing dots off UNIX filenames but was not correctly implmented.
+		In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+		filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+		being returned to a client.</para>
 
 		<para>Default: <command>strip dot = no</command></para>
 		</listitem>
@@ -7489,27 +7753,8 @@
 		</listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="UNICODE">unicode (G)</term>
-		<listitem><para>Specifies whether Samba should try 
-		to use unicode on the wire by default. 
-		</para>
 
-		<para>Default: <command>unicode = yes</command></para>
 
-		</listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term><anchor id="UNIXCHARSET">unix charset (G)</term>
-		<listitem><para>Specifies the charset the unix machine 
-		Samba runs on uses. Samba needs to know this in order to be able to 
-		convert text to the charsets other SMB clients use.
-		</para>
-
-		<para>Default: <command>unix charset = ASCII</command></para>
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term>
@@ -7862,12 +8107,6 @@
 		connection is made to a Samba server. Sites may use this to record the
 		user connecting to a Samba share.</para>
 
-	        <para>Due to the requirements of the utmp record, we
-	        are required to create a unique identifier for the
-	        incoming user.  Enabling this option creates an n^2
-	        algorithm to find this number.  This may impede
-	        performance on large installations. </para>
-
 		<para>See also the <link linkend="UTMPDIRECTORY"><parameter>
 		utmp directory</parameter></link> parameter.</para>
 
@@ -7875,6 +8114,8 @@
 		</listitem>
 		</varlistentry>
 
+
+
 		<varlistentry>
 		<term><anchor id="UTMPDIRECTORY">utmp directory(G)</term>
 		<listitem><para>This parameter is only available if Samba has 
@@ -7888,32 +8129,73 @@
 		<filename>/var/run/utmp</filename> on Linux).</para>
 
 		<para>Default: <emphasis>no utmp directory</emphasis></para>
-		<para>Example: <command>utmp directory = /var/run/utmp</command></para>
 		</listitem>
 		</varlistentry>
 
+
+
 		<varlistentry>
-		<term><anchor id="WTMPDIRECTORY">wtmp directory(G)</term>
-		<listitem><para>This parameter is only available if Samba has 
-		been configured and compiled with the option <command>
-		--with-utmp</command>. It specifies a directory pathname that is
-		used to store the wtmp or wtmpx files (depending on the UNIX system) that
-		record user connections to a Samba server. The difference with
-		the utmp directory is the fact that user info is kept after a user 
-		has logged out.
+		<term><anchor id="VALIDCHARS">valid chars (G)</term>
+		<listitem><para>The option allows you to specify additional 
+		characters that should be considered valid by the server in 
+		filenames. This is particularly useful for national character 
+		sets, such as adding u-umlaut or a-ring.</para>
+
+		<para>The option takes a list of characters in either integer 
+		or character form with spaces between them. If you give two 
+		characters with a colon between them then it will be taken as 
+		an lowercase:uppercase pair.</para>
+
+		<para>If you have an editor capable of entering the characters 
+		into the config file then it is probably easiest to use this 
+		method. Otherwise you can specify the characters in octal, 
+		decimal or hexadecimal form using the usual C notation.</para>
+
+		<para>For example to add the single character 'Z' to the charset 
+		(which is a pointless thing to do as it's already there) you could 
+		do one of the following</para>
+
+		<para><programlisting>
+		valid chars = Z
+		valid chars = z:Z
+		valid chars = 0132:0172
+		</programlisting></para>
 		
-		See also the <link linkend="UTMP">
-		<parameter>utmp</parameter></link> parameter. By default this is 
-		not set, meaning the system will use whatever utmp file the 
-		native system is set to use (usually 
-		<filename>/var/run/wtmp</filename> on Linux).</para>
+		<para>The last two examples above actually add two characters, 
+		and alter the uppercase and lowercase mappings appropriately.</para>
 
-		<para>Default: <emphasis>no wtmp directory</emphasis></para>
-		<para>Example: <command>wtmp directory = /var/log/wtmp</command></para>
+		<para>Note that you <emphasis>MUST</emphasis> specify this parameter 
+		after the <parameter>client code page</parameter> parameter if you 
+		have both set. If <parameter>client code page</parameter> is set after 
+		the <parameter>valid chars</parameter> parameter the <parameter>valid 
+		chars</parameter> settings will be overwritten.</para>
+
+		<para>See also the <link linkend="CLIENTCODEPAGE"><parameter>client 
+		code page</parameter></link> parameter.</para>
+
+		<para>Default: <emphasis>Samba defaults to using a reasonable set 
+		of valid characters for English systems</emphasis></para>
+
+		<para>Example: <command>valid chars = 0345:0305 0366:0326 0344:0304
+		</command></para>
+
+		<para>The above example allows filenames to have the Swedish 
+		characters in them.</para>
+
+		<para><emphasis>NOTE:</emphasis> It is actually quite difficult to 
+		correctly produce a <parameter>valid chars</parameter> line for 
+		a particular system. To automate the process <ulink 
+		url="mailto:tino@augsburg.net">tino@augsburg.net</ulink> has written 
+		a package called <command>validchars</command> which will automatically 
+		produce a complete <parameter>valid chars</parameter> line for
+		a given client system. Look in the <filename>examples/validchars/
+		</filename> subdirectory of your Samba source code distribution 
+		for this package.</para>
 		</listitem>
 		</varlistentry>
 
 
+
 		<varlistentry>
 		<term><anchor id="VALIDUSERS">valid users (S)</term>
 		<listitem><para>This is a list of users that should be allowed 
@@ -8015,18 +8297,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 		</listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term><anchor id="VFSPATH">vfs path (S)</term>
-		<listitem><para>This parameter specifies the directory
-		to look in for vfs modules. The name of every <command>vfs object
-		</command> will be prepended by this directory
-		</para>
-
-		<para>Default: <command>vfs path = </command></para>
-		<para>Example: <command>vfs path = /usr/lib/samba/vfs</command></para>
 
-		</listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term><anchor id="VFSOBJECT">vfs object (S)</term>
@@ -8397,20 +8668,6 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
 
 
 
-		<varlistentry>
-		<term><anchor id="WINSPARTNERS">wins partners (G)</term>
-		<listitem><para>A space separated list of partners' IP addresses for 
-		WINS replication. WINS partners are always defined as push/pull 
-		partners as defining only one way WINS replication is unreliable. 
-		WINS replication is currently experimental and unreliable between 
-		samba servers.
-		</para>
-
-		<para>Default: <command>wins partners = </command></para>
-
-		<para>Example: <command>wins partners = 192.168.0.1 172.16.1.2</command></para>
-		</listitem>
-		</varlistentry>
 
 
 		<varlistentry>
diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml
index 766d2a78b11..69aa9674928 100644
--- a/docs/docbook/manpages/smbcacls.1.sgml
+++ b/docs/docbook/manpages/smbcacls.1.sgml
@@ -35,8 +35,8 @@
 	<para>This tool is part of the <ulink url="samba.7.html">
 	Samba</ulink> suite.</para>
 	
-	<para>The <command>smbcacls</command> program manipulates NT Access Control
-	Lists (ACLs) on SMB file shares. </para>
+	<para>The <command>smbcacls</command> program manipulates NT Access Control Lists 
+	(ACLs) on SMB file shares. </para>
 </refsect1>
 
 
@@ -79,7 +79,7 @@
 		<term>-S acls</term>
 		<listitem><para>This command sets the ACLs on the file with 
 		only the ones specified on the command line.  All other ACLs are 
-		erased. Note that the ACL specified must contain at least a revision,
+		erased.  Note that the ACL specified must contain at least a revision, 
 		type, owner and group for the call to succeed. </para></listitem>
 		</varlistentry>
 		
diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml
index 166ef63e87f..d56a560b09f 100644
--- a/docs/docbook/manpages/smbcontrol.1.sgml
+++ b/docs/docbook/manpages/smbcontrol.1.sgml
@@ -15,14 +15,18 @@
 <refsynopsisdiv>
 	<cmdsynopsis>
 		<command>smbcontrol</command>
-		<arg>-i</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="req">-i</arg>
 	</cmdsynopsis>
 	
 	<cmdsynopsis>
 		<command>smbcontrol</command>
-		<arg>destination</arg>
-		<arg>message-type</arg>
-		<arg>parameter</arg>
+		<arg choice="opt">-d &lt;debug level&gt;</arg>
+		<arg choice="opt">-s &lt;smb config file&gt;</arg>
+		<arg choice="req">destination</arg>
+		<arg choice="req">message-type</arg>
+		<arg choice="opt">parameter</arg>
 	</cmdsynopsis>
 </refsynopsisdiv>
 
@@ -45,6 +49,20 @@
 
 	<variablelist>
 		<varlistentry>
+		<term>-d &lt;debuglevel&gt;</term>
+		<listitem><para>debuglevel is an integer from 0 to 10.</para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>-s &lt;smb.conf&gt;</term>
+		<listitem><para>This parameter specifies the pathname to
+		the Samba configuration file, <ulink url="smb.conf.5.html">
+		smb.conf(5)</ulink>.  This file controls all aspects of
+		the Samba setup on the machine.</para></listitem>
+		</varlistentry>
+	
+		<varlistentry>
 		<term>-i</term>
 		<listitem><para>Run interactively. Individual commands 
 		of the form destination message-type parameters can be entered 
@@ -76,7 +94,7 @@
 		<constant>force-election</constant>, <constant>ping
 		</constant>, <constant>profile</constant>, <constant>
 		debuglevel</constant>, <constant>profilelevel</constant>, 
-		or <constant>printnotify</constant>.</para>
+		or <constant>printer-notify</constant>.</para>
 
 		<para>The <constant>close-share</constant> message-type sends a 
 		message to smbd which will then close the client connections to
@@ -119,55 +137,11 @@
 		setting is returned by a  "profilelevel" message. This can be sent 
 		to any smbd or nmbd destinations.</para>
 
-		<para>The <constant>printnotify</constant> message-type sends a 
+		<para>The <constant>printer-notify</constant> message-type sends a 
 		message to smbd which in turn sends a printer notify message to 
-		any Windows NT clients connected to a printer. This message-type
-		takes the following arguments:
-
-		<variablelist>
-
-		    <varlistentry>
-		    <term>queuepause printername</term>
-		    <listitem><para>Send a queue pause change notify
-		    message to the printer specified.</para></listitem>
- 		    </varlistentry>
-
-		    <varlistentry>
-		    <term>queueresume printername</term>
-		    <listitem><para>Send a queue resume change notify
-		    message for the printer specified.</para></listitem>
- 		    </varlistentry>
-
-		    <varlistentry>
-		    <term>jobpause printername unixjobid</term>
-		    <listitem><para>Send a job pause change notify
-		    message for the printer and unix jobid
-		    specified.</para></listitem> 
- 		    </varlistentry>
-
-		    <varlistentry>
-		    <term>jobresume printername unixjobid</term>
-		    <listitem><para>Send a job resume change notify
-		    message for the printer and unix jobid
-		    specified.</para></listitem>  
-		    </varlistentry>
-
-		    <varlistentry>
-		    <term>jobdelete printername unixjobid</term>
-		    <listitem><para>Send a job delete change notify
-		    message for the printer and unix jobid
-		    specified.</para></listitem> 
-		    </varlistentry>
-
-		</variablelist>
-
-		Note that this message only sends notification that an
-		event has occured.  It doesn't actually cause the
-		event to happen.
-
-		This message can only be sent to <constant>smbd</constant>. 
-		</para>
-
+		any Windows NT clients connected to  a printer.  This message-type 
+		takes an argument of the printer name to  send notify messages to.   
+		This message can only be sent to <constant>smbd</constant>.</para>
 		</listitem>
 		</varlistentry>
 
diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml
index 509007c4bc8..2afc86a6c83 100644
--- a/docs/docbook/manpages/smbd.8.sgml
+++ b/docs/docbook/manpages/smbd.8.sgml
@@ -22,7 +22,6 @@
 		<arg choice="opt">-P</arg>
 		<arg choice="opt">-h</arg>
 		<arg choice="opt">-V</arg>
-                <arg choice="opt">-b</arg>
 		<arg choice="opt">-d &lt;debug level&gt;</arg>
 		<arg choice="opt">-l &lt;log directory&gt;</arg>
 		<arg choice="opt">-p &lt;port number&gt;</arg>
@@ -55,7 +54,7 @@
 	<para>Please note that there are significant security 
 	implications to running this server, and the <ulink
 	url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> 
-	manpage should be regarded as mandatory reading before 
+	manpage should be regarded as mandatory reading before
 	proceeding with installation.</para>
 
 	<para>A session is created whenever a client requests one. 
@@ -132,12 +131,6 @@
 		<listitem><para>Prints the version number for 
 		<command>smbd</command>.</para></listitem>
 		</varlistentry>
-
-		<varlistentry>
-		<term>-b</term>
-		<listitem><para>Prints information about how 
-		Samba was built.</para></listitem>
-		</varlistentry>
 		
 		<varlistentry>
 		<term>-d &lt;debug level&gt;</term>
@@ -149,7 +142,7 @@
 		logged to the log files about the activities of the 
 		server. At level 0, only critical errors and serious 
 		warnings will be logged. Level 1 is a reasonable level for
-		day to day running - it generates a small amount of 
+		day to day running - it generates a small amount of
 		information about operations carried out.</para>
 
 		<para>Levels above 1 will generate considerable 
@@ -195,14 +188,14 @@
 		
 		<varlistentry>
 		<term>-p &lt;port number&gt;</term>
-		<listitem><para><replaceable>port number</replaceable> is a positive integer 
+		<listitem><para><replaceable>port number</replaceable> is a positive integer
 		value.  The default value if this parameter is not 
 		specified is 139.</para>
 		
 		<para>This number is the port number that will be 
 		used when making connections to the server from client 
 		software. The standard (well-known) port number for the 
-		SMB over TCP is 139, hence the default. If you wish to 
+		SMB over TCP is 139, hence the default. If you wish to
 		run the server as an ordinary user rather than
 		as root, most systems will require you to use a port 
 		number greater than 1024 - ask your system administrator 
@@ -227,7 +220,7 @@
 		as descriptions of all the services that the server is 
 		to provide. See <ulink url="smb.conf.5.html"><filename>
 		smb.conf(5)</filename></ulink> for more information.
-		The default configuration file name is determined at 
+		The default configuration file name is determined at
 		compile time.</para></listitem>
 		</varlistentry>
 	</variablelist>
@@ -239,44 +232,44 @@
 	<variablelist>
 		<varlistentry>
 		<term><filename>/etc/inetd.conf</filename></term>
-		<listitem><para>If the server is to be run by the 
+		<listitem><para>If the server is to be run by the
 		<command>inetd</command> meta-daemon, this file 
 		must contain suitable startup information for the 
 		meta-daemon. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
 		document for details.
 		</para></listitem>
 		</varlistentry>
-		
+
 		<varlistentry>
 		<term><filename>/etc/rc</filename></term>
-		<listitem><para>or whatever initialization script your 
+		<listitem><para>or whatever initialization script your
 		system uses).</para>
 
-		<para>If running the server as a daemon at startup, 
-		this file will need to contain an appropriate startup 
+		<para>If running the server as a daemon at startup,
+		this file will need to contain an appropriate startup
 		sequence for the server. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
 		document for details.</para></listitem>
 		</varlistentry>
-		
+
 		<varlistentry>
 		<term><filename>/etc/services</filename></term>
-		<listitem><para>If running the server via the 
-		meta-daemon <command>inetd</command>, this file 
-		must contain a mapping of service name (e.g., netbios-ssn) 
-		to service port (e.g., 139) and protocol type (e.g., tcp). 
+		<listitem><para>If running the server via the
+		meta-daemon <command>inetd</command>, this file
+		must contain a mapping of service name (e.g., netbios-ssn)
+		to service port (e.g., 139) and protocol type (e.g., tcp).
 		See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink>
 		document for details.</para></listitem>
 		</varlistentry>
-		
+
 		<varlistentry>
 		<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
-		<listitem><para>This is the default location of the 
+		<listitem><para>This is the default location of the
 		<ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink>
-		server configuration file. Other common places that systems 
-		install this file are <filename>/usr/samba/lib/smb.conf</filename> 
+		server configuration file. Other common places that systems
+		install this file are <filename>/usr/samba/lib/smb.conf</filename>
 		and <filename>/etc/smb.conf</filename>.</para>
-		
-		<para>This file describes all the services the server 
+
+		<para>This file describes all the services the server
 		is to make available to clients. See <ulink url="smb.conf.5.html">
 		<filename>smb.conf(5)</filename></ulink>  for more information.</para>
 		</listitem>
@@ -286,10 +279,10 @@
 
 <refsect1>
 	<title>LIMITATIONS</title>
-	<para>On some systems <command>smbd</command> cannot change uid back 
-	to root after a setuid() call.  Such systems are called 
-	trapdoor uid systems. If you have such a system, 
-	you will be unable to connect from a client (such as a PC) as 
+	<para>On some systems <command>smbd</command> cannot change uid back
+	to root after a setuid() call.  Such systems are called
+	trapdoor uid systems. If you have such a system,
+	you will be unable to connect from a client (such as a PC) as
 	two different users at once. Attempts to connect the
 	second user will result in access denied or 
 	similar.</para>
@@ -313,10 +306,10 @@
 
 <refsect1>
         <title>PAM INTERACTION</title>
-	<para>Samba uses PAM for authentication (when presented with a plaintext 
+	<para>Samba uses PAM for authentication (when presented with a plaintext
 	password), for account checking (is this account disabled?) and for
 	session management.  The degree too which samba supports PAM is restricted
-	by the limitations of the SMB protocol and the 
+	by the limitations of the SMB protocol and the
 	<ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS">obey pam restricions</ulink>
 	smb.conf paramater.  When this is set, the following restrictions apply:
 	</para>
@@ -329,7 +322,7 @@
 	</para></listitem>
 
 	<listitem><para><emphasis>Session Management</emphasis>:  When not using share 
-	level secuirty, users must pass PAM's session checks before access 
+	level secuirty, users must pass PAM's session checks before access
 	is granted.  Note however, that this is bypassed in share level secuirty.  
 	Note also that some older pam configuration files may need a line 
 	added for session support. 
@@ -340,47 +333,57 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 2.2 of 
+	<para>This man page is correct for version 2.2 of
 	the Samba suite.</para>
 </refsect1>
 
 <refsect1>
-	<title>DIAGNOSTICS</title>
-
-	<para>Most diagnostics issued by the server are logged 
-	in a specified log file. The log file name is specified 
+        <title>TROUBLESHOOTING</title>
+
+        <para>
+        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </para>
+
+	<para>Most diagnostics issued by the server are logged
+	in a specified log file. The log file name is specified
 	at compile time, but may be overridden on the command line.</para>
 
-	<para>The number and nature of diagnostics available depends 
-	on the debug level used by the server. If you have problems, set 
+	<para>The number and nature of diagnostics available depends
+	on the debug level used by the server. If you have problems, set
 	the debug level to 3 and peruse the log files.</para>
 
-	<para>Most messages are reasonably self-explanatory. Unfortunately, 
-	at the time this man page was created, there are too many diagnostics 
-	available in the source code to warrant describing each and every 
-	diagnostic. At this stage your best bet is still to grep the 
-	source code and inspect the conditions that gave rise to the 
+	<para>Most messages are reasonably self-explanatory. Unfortunately,
+	at the time this man page was created, there are too many diagnostics
+	available in the source code to warrant describing each and every
+	diagnostic. At this stage your best bet is still to grep the
+	source code and inspect the conditions that gave rise to the
 	diagnostics you are seeing.</para>
 </refsect1>
 
 <refsect1>
 	<title>SIGNALS</title>
 
-	<para>Sending the <command>smbd</command> a SIGHUP will cause it to 
-	reload its <filename>smb.conf</filename> configuration 
+	<para>Sending the <command>smbd</command> a SIGHUP will cause it to
+	reload its <filename>smb.conf</filename> configuration
 	file within a short period of time.</para>
 
-	<para>To shut down a user's <command>smbd</command> process it is recommended 
-	that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis> 
+	<para>To shut down a user's <command>smbd</command> process it is recommended
+	that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis>
 	be used, except as a last resort, as this may leave the shared
-	memory area in an inconsistent state. The safe way to terminate 
-	an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for 
+	memory area in an inconsistent state. The safe way to terminate
+	an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for
 	it to die on its own.</para>
 
 	<para>The debug log level of <command>smbd</command> may be raised
 	or lowered using <ulink url="smbcontrol.1.html"><command>smbcontrol(1)
 	</command></ulink> program (SIGUSR[1|2] signals are no longer used in
-	Samba 2.2). This is to allow transient problems to be diagnosed, 
+	Samba 2.2). This is to allow transient problems to be diagnosed,
 	whilst still running at a normally low log level.</para>
 
 	<para>Note that as the signal handlers send a debug write, 
diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml
deleted file mode 100644
index 53bc0bec610..00000000000
--- a/docs/docbook/manpages/smbgroupedit.8.sgml
+++ /dev/null
@@ -1,267 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="smbgroupedit">
-
-<refmeta>
-	<refentrytitle>smbgroupedit</refentrytitle>
-	<manvolnum>8</manvolnum>
-</refmeta>
-
-
-<!-- ****************************************************
-**              Name and Options                       **
-**************************************************** -->
-<refnamediv>
-	<refname>smbgroupedit</refname>
-	<refpurpose>Query/set/change UNIX - Windows NT group mapping</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-	<cmdsynopsis>
-		<command>smbroupedit</command>
-		<arg choice="opt">-v [l|s]</arg>
-		<arg choice="opt">-a UNIX-groupname [-d NT-groupname|-p privilege|]</arg>
-	</cmdsynopsis>
-</refsynopsisdiv>
-
-
-
-<!-- ****************************************************
-**                     Description                     **
-**************************************************** -->
-<refsect1>
-
-<title>DESCRIPTION</title>
-
-<para>
-This program is part of the <ulink url="samba.7.html">Samba</ulink>
-suite.
-</para>
-
-<para>
-The  smbgroupedit  command  allows for mapping unix groups
-to NT Builtin, Domain, or Local groups.  Also
-allows setting privileges for that group, such as saAddUser,
-etc.
-</para>
-
-</refsect1>
-
-<refsect1>
-	<title>OPTIONS</title>
-
-	<variablelist>
-		<varlistentry>
-		<term>-v[l|s]</term>
-		<listitem><para>This option will list all groups available
-		in the Windows NT domain in which samba is operating.
-		</para>
-
-		<variablelist>
-		<varlistentry>
-		<term>-l</term>
-		<listitem><para>give a long listing, of the format:</para>
-
-<para><programlisting>
-"NT Group Name"
-    SID            :
-    Unix group     :
-    Group type     :
-    Comment        :
-    Privilege      :
-</programlisting></para>
-
-<para>For examples,</para>
-<para><programlisting>
-Users
-    SID       : S-1-5-32-545
-    Unix group: -1
-    Group type: Local group
-    Comment   :
-    Privilege : No privilege
-</programlisting></para>
-
-		</listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>-s</term>
-		<listitem><para>display a short listing of the format:</para>
-
-<para><programlisting>
-NTGroupName(SID) -> UnixGroupName
-</programlisting></para>
-
-<para>For example,</para>
-
-<para><programlisting>
-Users (S-1-5-32-545) -> -1
-</programlisting></para>
-
-		</listitem>
-		</varlistentry>
-		</variablelist>
-
-		</listitem>
-		</varlistentry>
-
-	</variablelist>
-</refsect1>
-
-
-
-<!-- ****************************************************
-**************************************************** -->
-<refsect1>
-<title>FILES</title>
-
-<para></para>
-
-</refsect1>
-
-
-
-<!-- ****************************************************
-**************************************************** -->
-<refsect1>
-
-<title>EXIT STATUS</title>
-
-<para>
-<command>smbgroupedit</command> returns a status of 0 if the
-operation completed successfully, and a value of 1 in the event
-of a failure.
-</para>
-
-</refsect1>
-
-
-
-
-<!-- ****************************************************
-**************************************************** -->
-<refsect1>
-
-<title>EXAMPLES</title>
-
-
-<para>
-To make a subset of your samba PDC users members of
-the 'Domain Admins'  Global group:
-</para>
-
-<orderedlist>
-
-	<listitem><para>create a unix group (usually in
-	<filename>/etc/group</filename>), let's call it <constant>domadm</constant>.
-	</para></listitem>
-
-	<listitem><para>add to this group the users that you want to be
-	domain administrators. For example if you want joe, john and mary,
-	your entry in <filename>/etc/group</filename> will look like:
-	</para>
-
-	<para>domadm:x:502:joe,john,mary</para>
-	</listitem>
-
-	<listitem><para>map this domadm group to the 'domain admins' group:
-	</para>
-	<orderedlist>
-		<listitem><para>Get the SID for the Windows NT "Domain Admins"
-		group:</para>
-
-<para><programlisting>
-<prompt>root# </prompt><command>smbgroupedit -vs | grep "Domain Admins"</command>
-Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1
-</programlisting></para>
-</listitem>
-
-		<listitem><para>map the unix domadm group to the Windows NT
-		"Domain Admins" group, by running the command:
-		</para>
-
-<para><programlisting>
-<prompt>root# </prompt><command>smbgroupedit \
--c S-1-5-21-1108995562-3116817432-1375597819-512 \
--u domadm</command>
-</programlisting></para>
-
-		<para>
-		<emphasis>warning:</emphasis> don't copy and paste this sample, the
-		Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
-		</para>
-		</listitem>
-	</orderedlist>
-	</listitem>
-</orderedlist>
-
-<para>
-To verify that your mapping has taken effect:
-</para>
-
-<para><programlisting>
-<prompt>root# </prompt><command>smbgroupedit -vs|grep "Domain Admins"</command>
-Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm
-</programlisting></para>
-
-<para>
-To give access to a certain directory on a domain member machine (an
-NT/W2K or a samba server running winbind) to some users who are member
-of a group on your samba PDC, flag that group as a domain group:
-</para>
-
-<para><programlisting>
-<prompt>root# </prompt><command>smbgroupedit -a unixgroup -td</command>
-</programlisting></para>
-
-
-
-</refsect1>
-
-
-
-
-<!-- ****************************************************
-**************************************************** -->
-<refsect1>
-
-<title>VERSION</title>
-
-<para>
-This man page is correct for the 3.0alpha releases of
-the Samba suite.
-</para>
-</refsect1>
-
-<!-- ****************************************************
-**************************************************** -->
-
-<refsect1>
-<title>SEE ALSO</title>
-
-<para>
-<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
-</para>
-
-</refsect1>
-
-
-<!-- ****************************************************
-**************************************************** -->
-
-<refsect1>
-<title>AUTHOR</title>
-
-<para>
-The original Samba software and related utilities
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar
-to the way the Linux kernel is developed.
-</para>
-
-<para>
-<command>smbgroupedit</command> was written by Jean Francois Micouleau.
-The current set of manpages and documentation is maintained
-by the Samba Team in the same fashion as the Samba source code.</para>
-</refsect1>
-
-</refentry>
diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml
index c4b91a5572d..ec4dbbaff1f 100644
--- a/docs/docbook/manpages/smbmount.8.sgml
+++ b/docs/docbook/manpages/smbmount.8.sgml
@@ -73,7 +73,7 @@
 		given. </para>
 
 		<para>
-		Note that passwords which contain the argument delimiter
+		Note that password which contain the arguement delimiter
 		character (i.e. a comma ',') will failed to be parsed correctly
 		on the command line.  However, the same password defined
 		in the PASSWD environment variable or a credentials file (see
@@ -222,7 +222,7 @@
 		<varlistentry>
 		<term>ttl=&lt;arg&gt;</term>
 		<listitem><para>
-		sets how long a directory listing is cached in milliseconds
+		how long a directory listing is cached in milliseconds
 		(also affects visibility of file size and date
 		changes). A higher value means that changes on the
 		server take longer to be noticed but it can give
diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml
index be751078192..c207074a9b1 100644
--- a/docs/docbook/manpages/smbpasswd.5.sgml
+++ b/docs/docbook/manpages/smbpasswd.5.sgml
@@ -35,7 +35,7 @@
 	<para>The format of the smbpasswd file used by Samba 2.2 
 	is very similar to the familiar Unix <filename>passwd(5)</filename> 
 	file. It is an ASCII file containing one line for each user. Each field 
-	ithin each line is separated from the next by a colon. Any entry 
+	within each line is separated from the next by a colon. Any entry 
 	beginning with '#' is ignored. The smbpasswd file contains the 
 	following information for each user: </para>
 
diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml
index c0b7ac33591..d607fa1ca92 100644
--- a/docs/docbook/manpages/smbpasswd.8.sgml
+++ b/docs/docbook/manpages/smbpasswd.8.sgml
@@ -13,22 +13,18 @@
 </refnamediv>
 
 <refsynopsisdiv>
+	<para>When run by root:</para>
 	<cmdsynopsis>
 		<command>smbpasswd</command>
-		<arg choice="opt">-a</arg>	
-		<arg choice="opt">-x</arg>	
-		<arg choice="opt">-d</arg>	
-		<arg choice="opt">-e</arg>	
-		<arg choice="opt">-D debuglevel</arg>	
-		<arg choice="opt">-n</arg>	
-		<arg choice="opt">-r &lt;remote machine&gt;</arg>	
-		<arg choice="opt">-R &lt;name resolve order&gt;</arg>	
-		<arg choice="opt">-m</arg>	
-		<arg choice="opt">-U username[%password]</arg>	
-		<arg choice="opt">-h</arg>	
-		<arg choice="opt">-s</arg>	
-		<arg choice="opt">-w pass</arg>	
+		<arg choice="opt">options</arg>	
 		<arg choice="opt">username</arg>	
+		<arg choice="opt">password</arg>	
+	</cmdsynopsis>
+	<para>otherwise:</para>
+	<cmdsynopsis>
+		<command>smbpasswd</command>
+		<arg choice="opt">options</arg>	
+		<arg choice="opt">password</arg>	
 	</cmdsynopsis>
 </refsynopsisdiv>
 
@@ -55,7 +51,7 @@
 	UNIX machine the encrypted SMB passwords are usually stored in 
 	the <filename>smbpasswd(5)</filename> file. </para>
 
-	<para>When run by an ordinary user with no options, smbpasswd 
+	<para>When run by an ordinary user with no options. smbpasswd 
 	will prompt them for their old SMB password and then ask them 
 	for their new password twice, to ensure that the new password
 	was typed correctly. No passwords will be echoed on the screen 
@@ -79,74 +75,31 @@
 	<title>OPTIONS</title>
 	<variablelist>
 		<varlistentry>
-		<term>-a</term>
-		<listitem><para>This option specifies that the username 
-		following should be added to the local smbpasswd file, with the 
-		new password typed (type &lt;Enter&gt; for the old password). This 
-		option is ignored if the username following already exists in 
-		the smbpasswd file and it is treated like a regular change 
-		password command.  Note that the default passdb backends require 
-                the user to already exist in the system password file (usually 
-                <filename>/etc/passwd</filename>), else the request to add the 
-                user will fail. </para>
-		
-		<para>This option is only available when running smbpasswd 
-		as root. </para></listitem>
+		<term>-L</term>
+		<listitem><para>Run the smbpasswd command in local mode. This 
+		allows a non-root user to specify the root-only options. This 
+		is used mostly in test environments where a non-root user needs
+		to make changes to the local <filename>smbpasswd</filename> file.
+		The <filename>smbpasswd</filename> file must have read/write 
+		permissions for the user running the command.</para></listitem>
 		</varlistentry>
 		
 		
-		
 		<varlistentry>
-		<term>-x</term>
-		<listitem><para>This option specifies that the username 
-		following should be deleted from the local smbpasswd file.
-		</para>
-
-		<para>This option is only available when running smbpasswd as 
-		root.</para></listitem>
+		<term>-h</term>
+		<listitem><para>This option prints the help string for 
+		<command>smbpasswd</command>. </para></listitem>
 		</varlistentry>
 		
 		
-		
 		<varlistentry>
-		<term>-d</term>
-		<listitem><para>This option specifies that the username following 
-		should be <constant>disabled</constant> in the local smbpasswd 
-		file. This is done by writing a <constant>'D'</constant> flag 
-		into the account control space in the smbpasswd file. Once this 
-		is done all attempts to authenticate via SMB using this username 
-		will fail. </para>
-		
-		<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
-		format) there is no space in the user's password entry to write
-		this information and the command will FAIL. See <command>smbpasswd(5)
-		</command> for details on the 'old' and new password file formats.
-		</para>
-
-		<para>This option is only available when running smbpasswd as 
-		root.</para></listitem>
+		<term>-c smb.conf file</term>
+		<listitem><para>This option specifies that the configuration
+		file specified should be used instead of the default value
+		specified at compile time. </para></listitem>
 		</varlistentry>
-		
-		
-		<varlistentry>
-		<term>-e</term>
-		<listitem><para>This option specifies that the username following 
-		should be <constant>enabled</constant> in the local smbpasswd file, 
-		if the account was previously disabled. If the account was not 
-		disabled this option has no effect. Once the account is enabled then 
-		the user will be able to authenticate via SMB once again. </para>
-		
-		<para>If the smbpasswd file is in the 'old' format, then <command>
-		smbpasswd</command> will FAIL to enable the account.  
-                See <command>smbpasswd (5)</command> for 
-		details on the 'old' and new password file formats. </para>
 
-		<para>This option is only available when running smbpasswd as root. 
-		</para></listitem>
-		</varlistentry>
 		
-
-
 		<varlistentry>
 		<term>-D debuglevel</term>
 		<listitem><para><replaceable>debuglevel</replaceable> is an integer 
@@ -165,28 +118,6 @@
 		</varlistentry>
 		
 		
-		
-		<varlistentry>
-		<term>-n</term>
-		<listitem><para>This option specifies that the username following 
-		should have their password set to null (i.e. a blank password) in 
-		the local smbpasswd file. This is done by writing the string "NO 
-		PASSWORD" as the first part of the first password stored in the 
-		smbpasswd file. </para>
-
-		<para>Note that to allow users to logon to a Samba server once 
-		the password has been set to "NO PASSWORD" in the smbpasswd
-		file the administrator must set the following parameter in the [global]
-		section of the <filename>smb.conf</filename> file : </para>
-		
-		<para><command>null passwords = yes</command></para> 
-		
-		<para>This option is only available when running smbpasswd as 
-		root.</para></listitem>
-		</varlistentry>
-		
-		
-		
 		<varlistentry>
 		<term>-r remote machine name</term>
 		<listitem><para>This option allows a user to specify what machine 
@@ -217,94 +148,154 @@
 		</varlistentry>
 		
 		
+
 		<varlistentry>
-		<term>-R name resolve order</term>
-		<listitem><para>This option allows the user of smbpasswd to determine
-		what name resolution services to use when looking up the NetBIOS
-		name of the host being connected to. </para>
+		<term>-s</term>
+		<listitem><para>This option causes smbpasswd to be silent (i.e. 
+		not issue prompts) and to read its old and new passwords from 
+		standard  input, rather than from <filename>/dev/tty</filename> 
+		(like the <command>passwd(1)</command> program does). This option 
+		is to aid people writing scripts to drive smbpasswd</para>
+		</listitem>
+		</varlistentry>
 
-		<para>The options are :"lmhosts", "host", "wins" and "bcast". They
-		 cause names to be resolved as follows : </para>
-			<itemizedlist>
-				<listitem><para><constant>lmhosts</constant> : Lookup an IP 
-            address in the Samba lmhosts file. If the line in lmhosts has 
-            no name type attached to the NetBIOS name (see the <ulink 
-            url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
-            any name type matches for lookup.</para></listitem>
-
-            <listitem><para><constant>host</constant> : Do a standard host 
-            name to IP address resolution, using the system <filename>/etc/hosts
-            </filename>, NIS, or DNS lookups. This method of name resolution 
-            is operating system depended for instance on IRIX or Solaris this 
-            may be controlled by the <filename>/etc/nsswitch.conf</filename> 
-            file).  Note that this method is only used if the NetBIOS name 
-            type being queried is the 0x20 (server) name type, otherwise 
-            it is ignored.</para></listitem>
-
-            <listitem><para><constant>wins</constant> : Query a name with 
-            the IP address listed in the <parameter>wins server</parameter> 
-	    parameter.  If no WINS server has been specified this method 
-	    will be ignored.</para></listitem>
-
-            <listitem><para><constant>bcast</constant> : Do a broadcast on 
-            each of the known local interfaces listed in the
-            <parameter>interfaces</parameter> parameter. This is the least 
-	    reliable of the name resolution methods as it depends on the 
-	    target host being on a locally connected subnet.</para></listitem>
-		</itemizedlist>
-		
-		<para>The default order is <command>lmhosts, host, wins, bcast</command> 
-		and without this parameter or any entry in the 
-		<filename>smb.conf</filename> file the name resolution methods will 
-		be attempted in this order. </para></listitem>
+
+
+		<varlistentry>
+		<term>-S</term>
+		<listitem><para>This option causes <command>smbpasswd</command>
+		to query a domain controller of the domain specified 
+		by the <ulink url="smb.conf.5.html#WORKGROUP">workgroup</ulink>
+		parameter in <filename>smb.conf</filename> and store the
+		domain SID in the <filename>secrets.tdb</filename> file
+		as its own machine SID.  This is only useful when configuring
+		a Samba PDC and Samba BDC, or when migrating from a Windows PDC
+		to a Samba PDC.  </para>
+
+		<para>The <parameter>-r</parameter> options can be used
+		as well to indicate a specific domain controller which should
+		be contacted.  In this case, the domain SID obtained is the 
+		one for the domain to which the remote machine belongs.
+		</para>
+		</listitem>
 		</varlistentry>
+
 		
-		
-		<varlistentry>
-		<term>-m</term>
-		<listitem><para>This option tells smbpasswd that the account 
-		being changed is a MACHINE account. Currently this is used 
-		when Samba is being used as an NT Primary Domain Controller.</para>
 
-		<para>This option is only available when running smbpasswd as root.
-		</para></listitem>
+		<varlistentry>
+		<term>-t</term>
+		<listitem><para>This option is used to force smbpasswd to 
+		change the current password assigned to the machine trust account
+		when operating in domain security mode.  This is really meant to 
+		be used on systems that only run <ulink url="winbindd.8.html"<command>winbindd</command></ulink>.
+		Under server installations, <ulink url="smbd.8.html"><command>smbd</command></ulink>
+		handle the password updates automatically.</para>
+                </listitem>
 		</varlistentry>
 		
-		
+
+
 		<varlistentry>
-		<term>-U username</term>
+		<term>-U username[%pass]</term>
 		<listitem><para>This option may only be used in conjunction 
 		with the <parameter>-r</parameter> option. When changing
 		a password on a remote machine it allows the user to specify 
 		the user name on that machine whose password will be changed. It 
 		is present to allow users who have different user names on 
-		different systems to change these passwords. </para></listitem>
+		different systems to change these passwords. The optional
+		%pass may be used to specify to old password.</para>
+
+                <para>In particular, this parameter specifies the username
+                used to create the machine account when invoked with -j</para>
+                </listitem>
 		</varlistentry>
 		
 		
+<varlistentry>
+<term><command>NOTE:</command></term>
+<listitem><para>
+<command>The following options are available only when the smbpasswd command is
+run as root or in local mode.</command>
+</para></listitem>
+</varlistentry>
+
 		<varlistentry>
-		<term>-h</term>
-		<listitem><para>This option prints the help string for <command>
-		smbpasswd</command>, selecting the correct one for running as root 
-		or as an ordinary user. </para></listitem>
+		<term>-a</term>
+		<listitem><para>This option specifies that the username 
+		following should be added to the local smbpasswd file, with the 
+		new password typed. This 
+		option is ignored if the username specified already exists in 
+		the smbpasswd file and it is treated like a regular change 
+		password command. Note that the user to be added must already exist 
+		in the system password file (usually <filename>/etc/passwd</filename>)
+		else the request to add the user will fail. </para></listitem>
 		</varlistentry>
 		
 		
+		<varlistentry>
+		<term>-d</term>
+		<listitem><para>This option specifies that the username following 
+		should be <constant>disabled</constant> in the local smbpasswd 
+		file. This is done by writing a <constant>'D'</constant> flag 
+		into the account control space in the smbpasswd file. Once this 
+		is done all attempts to authenticate via SMB using this username 
+		will fail. </para>
+		
+		<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
+		format) there is no space in the user's password entry to write
+		this information and so the user is disabled by writing 'X' characters 
+		into the password space in the smbpasswd file. See <command>smbpasswd(5)
+		</command> for details on the 'old' and new password file formats.
+		</para></listitem>
+		</varlistentry>
+		
 		
 		<varlistentry>
-		<term>-s</term>
-		<listitem><para>This option causes smbpasswd to be silent (i.e. 
-		not issue prompts) and to read its old and new passwords from 
-		standard  input, rather than from <filename>/dev/tty</filename> 
-		(like the <command>passwd(1)</command> program does). This option 
-		is to aid people writing scripts to drive smbpasswd</para>
+		<term>-e</term>
+		<listitem><para>This option specifies that the username following 
+		should be <constant>enabled</constant> in the local smbpasswd file, 
+		if the account was previously disabled. If the account was not 
+		disabled this option has no effect. Once the account is enabled then 
+		the user will be able to authenticate via SMB once again. </para>
+		
+		<para>If the smbpasswd file is in the 'old' format, then <command>
+		smbpasswd</command> will prompt for a new password for this user, 
+		otherwise the account will be enabled by removing the <constant>'D'
+		</constant> flag from account control space in the <filename>
+		smbpasswd</filename> file. See <command>smbpasswd (5)</command> for 
+		details on the 'old' and new password file formats. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-m</term>
+		<listitem><para>This option tells smbpasswd that the account 
+		being changed is a MACHINE account. Currently this is used 
+		when Samba is being used as an NT Primary Domain Controller.</para>
 		</listitem>
 		</varlistentry>
 		
+		
+		<varlistentry>
+		<term>-n</term>
+		<listitem><para>This option specifies that the username following 
+		should have their password set to null (i.e. a blank password) in 
+		the local smbpasswd file. This is done by writing the string "NO 
+		PASSWORD" as the first part of the first password stored in the 
+		smbpasswd file. </para>
 
+		<para>Note that to allow users to logon to a Samba server once 
+		the password has been set to "NO PASSWORD" in the smbpasswd
+		file the administrator must set the following parameter in the [global]
+		section of the <filename>smb.conf</filename> file : </para>
+		
+		<para><command>null passwords = yes</command></para></listitem>
+		</varlistentry>
+		
+		
 		<varlistentry>
 		<term>-w password</term>
-		<listitem><para>This parameter is only available if Samba
+		<listitem><para>This parameter is only available is Samba
 		has been configured to use the experimental
 		<command>--with-ldapsam</command> option. The <parameter>-w</parameter> 
 		switch is used to specify the password to be used with the 
@@ -320,6 +311,103 @@
 		
 		
 		<varlistentry>
+		<term>-x</term>
+		<listitem><para>This option specifies that the username 
+		following should be deleted from the local smbpasswd file.
+		</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-j DOMAIN</term>
+		<listitem><para>This option is used to add a Samba server 
+		into a Windows NT Domain, as a Domain member capable of authenticating 
+		user accounts to any Domain Controller in the same way as a Windows 
+		NT Server. See the <command>security = domain</command> option in 
+		the <filename>smb.conf(5)</filename> man page. </para>
+
+                <para>This command can work both with and without the -U parameter. </para>
+
+                <para>When invoked with -U, that username (and optional password) are
+                used to contact the PDC (which must be specified with -r) to both
+                create a machine account, and to set a password on it.</para>
+		
+                <para>Alternately, if -U is omitted, Samba will contact its PDC
+                and attempt to change the password on a pre-existing account. </para>
+
+                <para>In order to be used in this way, the Administrator for 
+		the Windows NT Domain must have used the program "Server Manager 
+		for Domains" to add the primary NetBIOS name of  the Samba server 
+		as a member of the Domain. </para>
+		
+		<para>After this has been done, to join the Domain invoke <command>
+		smbpasswd</command> with this parameter. smbpasswd will then 
+		look up the Primary Domain Controller for the Domain (found in 
+		the <filename>smb.conf</filename> file in the parameter 
+		<parameter>password server</parameter> and change the machine account 
+		password used to create the secure Domain communication.  </para>
+
+                <para>Either way, this password is then stored by smbpasswd in a TDB, 
+                writeable only by root, called <filename>secrets.tdb</filename> </para>
+		
+		<para>Once this operation has been performed the <filename>
+		smb.conf</filename> file may be updated to set the <command>
+		security = domain</command> option and all future logins
+		to the Samba server will be authenticated to the Windows NT 
+		PDC. </para>
+		
+		<para>Note that even though the authentication is being 
+		done to the PDC all users accessing the Samba server must still 
+		have a valid UNIX account on that machine.  
+                The <command>winbindd(8)</command> daemon can be used
+                to create UNIX accounts for NT users.</para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
+		<term>-R name resolve order</term>
+		<listitem><para>This option allows the user of smbpasswd to determine 
+		what name resolution services to use when looking up the NetBIOS
+		name of the host being connected to. </para>
+
+		<para>The options are :"lmhosts", "host", "wins" and "bcast". They cause 
+		names to be resolved as follows : </para>
+		<itemizedlist>
+			<listitem><para><constant>lmhosts</constant> : Lookup an IP 
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <ulink 
+			url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
+			any name type matches for lookup.</para></listitem>
+
+			<listitem><para><constant>host</constant> : Do a standard host 
+			name to IP address resolution, using the system <filename>/etc/hosts
+			</filename>, NIS, or DNS lookups. This method of name resolution 
+			is operating system dependent. For instance, on IRIX or Solaris this 
+			may be controlled by the <filename>/etc/nsswitch.conf</filename> 
+			file).  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</para></listitem>
+
+			<listitem><para><constant>wins</constant> : Query a name with 
+			the IP address listed in the <parameter>wins server</parameter> 
+			parameter.  If no WINS server has been specified this method 
+			will be ignored.</para></listitem>
+
+			<listitem><para><constant>bcast</constant> : Do a broadcast on 
+			each of the known local interfaces listed in the
+			<parameter>interfaces</parameter> parameter. This is the least 
+			reliable of the name resolution methods as it depends on the 
+			target host being on a locally connected subnet.</para></listitem>
+		</itemizedlist>
+		
+		<para>The default order is <command>lmhosts, host, wins, bcast</command> 
+		and without this parameter or any entry in the 
+		<filename>smb.conf</filename> file the name resolution methods will 
+		be attempted in this order. </para></listitem>
+		</varlistentry>
+		
+		
+		<varlistentry>
 		<term>username</term>
 		<listitem><para>This specifies the username for all of the 
 		<emphasis>root only</emphasis> options to operate on. Only root 
@@ -327,6 +415,15 @@
 		to modify attributes directly in the local smbpasswd file. 
 		</para></listitem>
 		</varlistentry>
+
+
+		<varlistentry>
+		<term>password</term>
+		<listitem><para>This specifies the new password. If this parameter
+		is specified you will not be prompted for the new password.
+		</para></listitem>
+		</varlistentry>
+
 	</variablelist>
 </refsect1>
 
@@ -353,7 +450,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 3.0 of 
+	<para>This man page is correct for version 2.2 of 
 	the Samba suite.</para>
 </refsect1>
 
@@ -382,7 +479,3 @@
 </refsect1>
 
 </refentry>
-
-
-
-
diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml
index d164cb0864e..d5c9c0a1148 100644
--- a/docs/docbook/manpages/smbspool.8.sgml
+++ b/docs/docbook/manpages/smbspool.8.sgml
@@ -9,7 +9,7 @@
 
 <refnamediv>
 	<refname>smbspool</refname>
-	<refpurpose>send a print file to an SMB printer</refpurpose>
+	<refpurpose>send print file to an SMB printer</refpurpose>
 </refnamediv>
 
 <refsynopsisdiv>
@@ -79,11 +79,11 @@
 
 		<listitem><para>The copies argument (argv[4]) contains 
 		the number of copies to be printed of the named file. If 
-		no filename is provided then this argument is not used by 
+		no filename is provided than this argument is not used by 
 		smbspool.</para></listitem>
 
 		<listitem><para>The options argument (argv[5]) contains 
-		the print options in a single string and is currently 
+		the print options in a single string and is presently 
 		not used by smbspool.</para></listitem>
 
 		<listitem><para>The filename argument (argv[6]) contains the 
diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml
index 99963a4bec6..c2f638b88ef 100644
--- a/docs/docbook/manpages/smbstatus.1.sgml
+++ b/docs/docbook/manpages/smbstatus.1.sgml
@@ -17,10 +17,8 @@
 		<command>smbstatus</command>
 		<arg choice="opt">-P</arg>
 		<arg choice="opt">-b</arg>
-		<arg choice="opt">-d &lt;debug level&gt;</arg>
-		<arg choice="opt">-v</arg>
+		<arg choice="opt">-d</arg>
 		<arg choice="opt">-L</arg>
-		<arg choice="opt">-B</arg>
 		<arg choice="opt">-p</arg>
 		<arg choice="opt">-S</arg>
 		<arg choice="opt">-s &lt;configuration file&gt;</arg>
@@ -43,47 +41,34 @@
 
 	<variablelist>
 		<varlistentry>
-		<term>-P|--profile</term>
+		<term>-P</term>
 		<listitem><para>If samba has been compiled with the 
 		profiling option, print only the contents of the profiling 
 		shared memory area.</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>-b|--brief</term>
+		<term>-b</term>
 		<listitem><para>gives brief output.</para></listitem>
 		</varlistentry>
 
 
 		<varlistentry>
-		<term>-d|--debug=&lt;debuglevel&gt;</term>
-		<listitem><para>sets debugging to specified level</para>
-		</listitem>
-		</varlistentry>
-
-
-		<varlistentry>
-		<term>-v|--verbose</term>
+		<term>-d</term>
 		<listitem><para>gives verbose output.</para></listitem>
 		</varlistentry>
 
 
 		<varlistentry>
-		<term>-L|--locks</term>
+		<term>-L</term>
 		<listitem><para>causes smbstatus to only list locks.</para>
 		</listitem>
 		</varlistentry>
-
 		
-		<varlistentry>
-		<term>-B|--byterange</term>
-		<listitem><para>causes smbstatus to include byte range locks.
-		</para></listitem>
-		</varlistentry>
 
 
 		<varlistentry>
-		<term>-p|--processes</term>
+		<term>-p</term>
 		<listitem><para>print a list of <ulink url="smbd.8.html">
 		<command>smbd(8)</command></ulink> processes and exit. 
 		Useful for scripting.</para></listitem>
@@ -91,7 +76,7 @@
 		
 		
 		<varlistentry>
-		<term>-S|--shares</term>
+		<term>-S</term>
 		<listitem><para>causes smbstatus to only list shares.</para>
 		</listitem>
 		</varlistentry>
@@ -99,7 +84,7 @@
 
 
 		<varlistentry>
-		<term>-s|--conf=&lt;configuration file&gt;</term>
+		<term>-s &lt;configuration file&gt;</term>
 		<listitem><para>The default configuration file name is
 		determined at compile time. The file specified contains the
 		configuration details required by the server. See <ulink 
@@ -110,7 +95,7 @@
 
 
 		<varlistentry>
-		<term>-u|--user=&lt;username&gt;</term>
+		<term>-u &lt;username&gt;</term>
 		<listitem><para>selects information relevant to 
 		<parameter>username</parameter> only.</para>
 		</listitem>
@@ -122,7 +107,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 3.0 of 
+	<para>This man page is correct for version 2.2 of 
 	the Samba suite.</para>
 </refsect1>
 
diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml
index bd70493b6bf..4e2ee5fff0a 100644
--- a/docs/docbook/manpages/smbtar.1.sgml
+++ b/docs/docbook/manpages/smbtar.1.sgml
@@ -164,7 +164,7 @@
 	<title>BUGS</title>
 
 	<para>The <command>smbtar</command> script has different 
-	options from ordinary tar and from smbclient's tar command. </para>
+	options from ordinary tar and tar called from smbclient. </para>
 
 </refsect1>
 
@@ -173,7 +173,7 @@
 
 	<para>Sites that are more careful about security may not like 
 	the way the script handles PC passwords. Backup and restore work 
-	on entire shares; should work on file lists. smbtar works best
+	on entire shares, should work on file lists. smbtar works best
 	with GNU tar and may not work well with other versions. </para>
 </refsect1>
 
@@ -190,7 +190,7 @@
 <refsect1>
 	<title>VERSION</title>
 
-	<para>This man page is correct for version 3.0 of 
+	<para>This man page is correct for version 2.2 of 
 	the Samba suite.</para>
 </refsect1>
 
diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml
index c0052f3d53d..b67f53777dd 100644
--- a/docs/docbook/manpages/swat.8.sgml
+++ b/docs/docbook/manpages/swat.8.sgml
@@ -62,7 +62,7 @@
 		<command>swat</command> in demo mode. In that mode anyone will be able to modify 
 		the <filename>smb.conf</filename> file. </para>
 		
-		<para><emphasis>WARNING: Do NOT enable this option on a production 
+		<para><emphasis>Do NOT enable this option on a production 
 		server. </emphasis></para></listitem>
 		</varlistentry>
 	</variablelist>
@@ -120,6 +120,41 @@
 	</refsect2>
 
 
+	<refsect2> 
+		<title>Xinetd Installation</title>
+
+		<para>Newer Linux systems ship with a more secure implementation
+		of the inetd meta-daemon.  The <command>xinetd</command> daemon
+		can read configuration inf9ormation from a single file (i.e.
+		<filename>/etc/xinetd.conf</filename>) or from a collection
+		of service control files in the <filename>xinetd.d/</filename> directory.
+		These directions assume the latter configuration.
+		</para>
+
+		<para>
+		The following file should be created as <filename>/etc/xientd.d/swat</filename>.
+		It is then be neccessary cause the meta-daemon to reload its configuration files.
+		Refer to the xinetd man page for details on how to accomplish this.
+		</para>
+
+<para><programlisting>
+## /etc/xinetd.d/swat
+service swat
+{
+        port    = 901
+        socket_type     = stream
+        wait    = no
+        only_from = localhost
+        user    = root
+        server  = /usr/local/samba/bin/swat
+        log_on_failure  += USERID
+        disable =  No
+}
+</programlisting></para>
+
+	</refsect2>
+
+
 	<refsect2>
 		<title>Launching</title>
 
@@ -131,6 +166,21 @@
 		connection open to password sniffing as passwords will be sent 
 		in the clear over the wire. </para>
 	</refsect2>
+
+</refsect1>
+
+<refsect1>
+	<title>TROUBLESHOOTING</title>
+
+	<para>
+	One of the common causes of difficulty when installing Samba and SWAT
+	is the existsnece of some type of firewall or port filtering software 
+	on the Samba server.  Make sure that the appropriate ports
+	outlined in this man page are available on the server and are not currently 
+	being blocked by some type of security software such as iptables or 
+	"port sentry".  For more troubleshooting information, refer to the additional 
+	documentation included in the Samba distribution.
+	</para>
 </refsect1>
 
 <refsect1>
@@ -144,6 +194,12 @@
 		</varlistentry>
 
 		<varlistentry>
+		<term><filename>/etc/xinetd.d/swat</filename></term>
+		<listitem><para>This file must contain suitable startup 
+		information for the <command>xinetd</command> meta-daemon.</para></listitem>
+		</varlistentry>
+
+		<varlistentry>
 		<term><filename>/etc/services</filename></term>
 		<listitem><para>This file must contain a mapping of service name 
 		(e.g., swat) to service port (e.g., 901) and protocol type 
@@ -168,7 +224,7 @@
 
 	<para><command>swat</command> will rewrite your <filename>smb.conf
 	</filename> file. It will rearrange the entries and delete all 
-	comments, <parameter>include=</parameter> and <parameter>copy=
+	comments, <parameter>include=</parameter> and <parameter>copy="
 	</parameter> options. If you have a carefully crafted <filename>
 	smb.conf</filename> then back it up or don't use swat! </para>
 </refsect1>
@@ -185,7 +241,7 @@
 	<title>SEE ALSO</title>
 	<para><command>inetd(5)</command>,
 	<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, 
-	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>
+	<ulink url="smb.conf.5.html">smb.conf(5)</ulink>, <command>xinetd(8)</command>
 	</para>
 </refsect1>
 
diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml
index 350683eb574..9128d8f4c51 100644
--- a/docs/docbook/manpages/testparm.1.sgml
+++ b/docs/docbook/manpages/testparm.1.sgml
@@ -18,7 +18,7 @@
 		<command>testparm</command>
 		<arg choice="opt">-s</arg>
 		<arg choice="opt">-h</arg>
-		<arg choice="opt">-v</arg>
+		<arg choice="opt">-x</arg>
 		<arg choice="opt">-L &lt;servername&gt;</arg>
 		<arg choice="req">config filename</arg>
 		<arg choice="opt">hostname  hostIP</arg>
@@ -70,6 +70,10 @@
 		<listitem><para>Print usage message </para></listitem>
 		</varlistentry>
 		
+		<varlistentry>
+		<term>-x</term>
+		<listitem><para>Print only parameters that have non-default values</para></listitem>
+		</varlistentry>
 		
 		<varlistentry>
 		<term>-L servername</term>
@@ -78,13 +82,6 @@
 		%L macro. </para></listitem>
 		</varlistentry>
 
-		<varlistentry>
-		<term>-v</term>
-		<listitem><para>If this option is specified, testparm 
-		will also output all options that were not used in 
-		<filename>smb.conf</filename> and are thus set to
-		their defaults.</para></listitem>
-		</varlistentry>
 
 		<varlistentry>
 		<term>configfilename</term>
diff --git a/docs/docbook/manpages/vfstest.1.sgml b/docs/docbook/manpages/vfstest.1.sgml
deleted file mode 100644
index 11878c1c896..00000000000
--- a/docs/docbook/manpages/vfstest.1.sgml
+++ /dev/null
@@ -1,159 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<refentry id="vfstest">
-
-<refmeta>
-	<refentrytitle>vfstest</refentrytitle>
-	<manvolnum>1</manvolnum>
-</refmeta>
-
-
-<refnamediv>
-	<refname>vfstest</refname>
-	<refpurpose>tool for testing samba VFS modules </refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-	<cmdsynopsis>
-		<command>vfstest</command>
-		<arg choice="opt">-d debuglevel</arg>
-		<arg choice="opt">-c &quot;command&quot;</arg>
-		<arg choice="opt">-l &quot;logfile&quot;</arg>
-		<arg choice="opt">-h</arg>
-	</cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
-	<title>DESCRIPTION</title>
-
-	<para>This tool is part of the <ulink url="samba.7.html">
-	Samba</ulink> suite.</para>
-
-	<para><command>vfstest</command> is a small command line 
-	utility that has the ability to test dso samba VFS modules. It gives the
-	user the ability to call the various VFS functions manually and 
-	supports cascaded VFS modules.
-	</para>
-</refsect1>
-
-
-<refsect1>
-	<title>OPTIONS</title>
-
-	<variablelist>
-
-		<varlistentry>
-		<term>-c|--command=command</term>
-		<listitem><para>Execute the specified (colon-seperated) commands. 
-		See below for the commands that are available.
-		</para> </listitem> 
-		</varlistentry>
-
-		<varlistentry>
-		<term>-d|--debug=debuglevel</term>
-		<listitem><para>set the debuglevel. Debug level 0 is the lowest 
-		and 100 being the highest. This should be set to 100 if you are
-		planning on submitting a bug report to the Samba team (see 
-		<filename>BUGS.txt</filename>). 
-		</para></listitem>
-		</varlistentry>
-		
-		<varlistentry>
-		<term>-h|--help</term>
-		<listitem><para>Print a summary of command line options.
-		</para></listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>-l|--logfile=logbasename</term>
-		<listitem><para>File name for log/debug files. The extension 
-		<constant>'.client'</constant> will be appended. The log file is never removed  
-		by the client.
-		</para></listitem>
-		</varlistentry>
-
-	</variablelist>
-</refsect1>
-
-
-<refsect1>
-	<title>COMMANDS</title>
-
-	<para><emphasis>VFS COMMANDS</emphasis></para>
-	<itemizedlist>
-		<listitem><para><command>load &lt;module.so&gt;</command> - Load specified VFS module </para></listitem>
-		
-		<listitem><para><command>populate &lt;char&gt; &lt;size&gt;</command> - Populate a data buffer with the specified data
-		</para></listitem>
-		
-		<listitem><para><command>showdata [&lt;offset&gt; &lt;len&gt;]</command> - Show data currently in data buffer
-		</para></listitem>
-
-		<listitem><para><command>connect</command> - VFS connect()</para></listitem>
-		<listitem><para><command>disconnect</command> - VFS disconnect()</para></listitem>
-		<listitem><para><command>disk_free</command> - VFS disk_free()</para></listitem>
-		<listitem><para><command>opendir</command> - VFS opendir()</para></listitem>
-		<listitem><para><command>readdir</command> - VFS readdir()</para></listitem>
-		<listitem><para><command>mkdir</command> - VFS mkdir()</para></listitem>
-		<listitem><para><command>rmdir</command> - VFS rmdir()</para></listitem>
-		<listitem><para><command>closedir</command> - VFS closedir()</para></listitem>
-		<listitem><para><command>open</command> - VFS open()</para></listitem>
-		<listitem><para><command>close</command> - VFS close()</para></listitem>
-		<listitem><para><command>read</command> - VFS read()</para></listitem>
-		<listitem><para><command>write</command> - VFS write()</para></listitem>
-		<listitem><para><command>lseek</command> - VFS lseek()</para></listitem>
-		<listitem><para><command>rename</command> - VFS rename()</para></listitem>
-		<listitem><para><command>fsync</command> - VFS fsync()</para></listitem>
-		<listitem><para><command>stat</command> - VFS stat()</para></listitem>
-		<listitem><para><command>fstat</command> - VFS fstat()</para></listitem>
-		<listitem><para><command>lstat</command> - VFS lstat()</para></listitem>
-		<listitem><para><command>unlink</command> - VFS unlink()</para></listitem>
-		<listitem><para><command>chmod</command> - VFS chmod()</para></listitem>
-		<listitem><para><command>fchmod</command> - VFS fchmod()</para></listitem>
-		<listitem><para><command>chown</command> - VFS chown()</para></listitem>
-		<listitem><para><command>fchown</command> - VFS fchown()</para></listitem>
-		<listitem><para><command>chdir</command> - VFS chdir()</para></listitem>
-		<listitem><para><command>getwd</command> - VFS getwd()</para></listitem>
-		<listitem><para><command>utime</command> - VFS utime()</para></listitem>
-		<listitem><para><command>ftruncate</command> - VFS ftruncate()</para></listitem>
-		<listitem><para><command>lock</command> - VFS lock()</para></listitem>
-		<listitem><para><command>symlink</command> - VFS symlink()</para></listitem>
-		<listitem><para><command>readlink</command> - VFS readlink()</para></listitem>
-		<listitem><para><command>link</command> - VFS link()</para></listitem>
-		<listitem><para><command>mknod</command> - VFS mknod()</para></listitem>
-		<listitem><para><command>realpath</command> - VFS realpath()</para></listitem>
-	</itemizedlist>
-	
-	<para><emphasis>GENERAL COMMANDS</emphasis></para>
-	<itemizedlist>	
-		<listitem><para><command>conf &lt;smb.conf&gt;</command> - Load a different configuration file</para></listitem>
-
-		<listitem><para><command>help [&lt;command&gt;]</command> - Get list of commands or info about specified command</para></listitem>
-
-		<listitem><para><command>debuglevel &lt;level&gt;</command> - Set debug level</para></listitem>
-
-		<listitem><para><command>freemem</command> - Free memory currently in use</para></listitem>
-
-		<listitem><para><command>exit</command> - Exit vfstest</para></listitem>
-	</itemizedlist>	
-
-</refsect1>
-
-<refsect1>
-	<title>VERSION</title>
-
-	<para>This man page is correct for version 3.0 of the Samba 
-	suite.</para>
-</refsect1>
-
-<refsect1>
-	<title>AUTHOR</title>
-	
-	<para>The original Samba software and related utilities 
-	were created by Andrew Tridgell. Samba is now developed
-	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</para>
-	
-	<para>The vfstest man page was written by Jelmer Vernooij.</para>
-</refsect1>
-
-</refentry>
diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml
index 32ea86b0d69..e257b6c3fb8 100644
--- a/docs/docbook/manpages/winbindd.8.sgml
+++ b/docs/docbook/manpages/winbindd.8.sgml
@@ -46,10 +46,10 @@
 	<para>
 	The <filename>pam_winbind</filename> module in the 2.2.2 release only 
 	supports the <parameter>auth</parameter> and <parameter>account</parameter> 
-	module-types.  The latter simply
+	module-types.  The latter is simply
 	performs a getpwnam() to verify that the system can obtain a uid for the
 	user.  If the <filename>libnss_winbind</filename> library has been correctly 
-	installed, this should always succeed.
+	installed, this should always suceed.
 	</para>
 
 	<para>The following nsswitch databases are implemented by 
@@ -156,26 +156,142 @@ group:          files winbind
 	</filename> file.  All parameters should be specified in the 
 	[global] section of smb.conf. </para>
 
-	<itemizedlist>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDSEPARATOR">
-		<parameter>winbind separator</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDUID">
-		<parameter>winbind uid</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDGID">
-		<parameter>winbind gid</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDCACHETIME">
-		<parameter>winbind cache time</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDENUMUSERS">
-		<parameter>winbind enum users</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDENUMGROUPS">
-		<parameter>winbind enum groups</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#TEMPLATEHOMEDIR">
-		<parameter>template homedir</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#TEMPLATESHELL">
-		<parameter>template shell</parameter></ulink></para></listitem>
-		<listitem><para><ulink url="smb.conf.5.html#WINBINDUSEDEFAULTDOMAIN">
-		<parameter>winbind use default domain</parameter></ulink></para></listitem>
-	</itemizedlist>
+	<variablelist>
+		<varlistentry>
+		<term>winbind separator</term>
+		<listitem><para>The winbind separator option allows you 
+		to specify how NT domain names and user names are combined 
+		into unix user names when presented to users. By default, 
+		<command>winbindd</command> will use the traditional '\' 
+		separator so that the unix user names look like 
+		DOMAIN\username. In some cases this separator character may 
+		cause problems as the '\' character has special meaning in 
+		unix shells.  In that case you can use the winbind separator 
+		option to specify an alternative separator character. Good 
+		alternatives may be '/' (although that conflicts
+		with the unix directory separator) or a '+ 'character. 
+		The '+' character appears to be the best choice for 100% 
+		compatibility with existing unix utilities, but may be an 
+		aesthetically bad choice depending on your taste. </para>
+		
+		<para>Default: <command>winbind separator = \ </command>
+		</para>
+		<para>Example: <command>winbind separator = + </command></para>
+		</listitem>
+		</varlistentry>
+
+		<varlistentry>
+		<term>winbind uid</term>
+		<listitem><para>The winbind uid parameter specifies the 
+		range of user ids that are allocated by the winbindd daemon.  
+		This range of ids should have no existing local or NIS users 
+		within it as strange conflicts can occur otherwise. </para>
+
+		<para>Default: <command>winbind uid = &lt;empty string&gt; 
+		</command></para>
+		<para>Example: <command>winbind uid = 10000-20000</command></para>
+		</listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>winbind gid</term>
+		<listitem><para>The winbind gid parameter specifies the 
+		range of group ids that are allocated by the winbindd daemon.  
+		This range of group ids should have no existing local or NIS 
+		groups within it as strange conflicts can occur otherwise.</para> 
+
+		<para>Default: <command>winbind gid = &lt;empty string&gt;
+		</command></para> 	
+		<para>Example: <command>winbind gid = 10000-20000
+		</command> </para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>winbind cache time</term>
+		<listitem><para>This parameter specifies the number of 
+		seconds the winbindd daemon will cache user and group information 
+		before querying a Windows NT server again. When a item in the 
+		cache is older than this time winbindd will ask the domain 
+		controller for the sequence number of the server's account database. 
+		If the sequence number has not changed then the cached item is 
+		marked as valid for a further <parameter>winbind cache time
+		</parameter> seconds.  Otherwise the item is fetched from the 
+		server. This means that as long as the account database is not 
+		actively changing winbindd will only have to send one sequence 
+		number query packet every <parameter>winbind cache time
+		</parameter> seconds. </para>
+
+		<para>Default: <command>winbind cache time = 15</command>
+		</para></listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>winbind enum users</term>
+		<listitem><para>On large installations it may be necessary 
+		to suppress the enumeration of users through the <command>
+		setpwent()</command>, <command>getpwent()</command> and 
+		<command>endpwent()</command> group of system calls.  If 
+		the <parameter>winbind enum users</parameter> parameter is false, 
+		calls to the <command>getpwent</command> system call will not 
+		return any data. </para>
+
+		<para><emphasis>Warning:</emphasis> Turning off user enumeration 
+		may cause some programs to behave oddly.  For example, the <command>finger</command> 
+		program relies on having access to the full user list when 
+		searching  for matching usernames. </para>
+
+		<para>Default: <command>winbind enum users = yes </command></para>
+		</listitem>
+		</varlistentry>
+		
+		<varlistentry>
+		<term>winbind enum groups</term>
+		<listitem><para>On large installations it may be necessary 
+		to suppress the enumeration of groups through the <command>
+		setgrent()</command>, <command>getgrent()</command> and 
+		<command>endgrent()</command> group of system calls.  If 
+		the <parameter>winbind enum groups</parameter> parameter is 
+		false, calls to the <command>getgrent()</command> system 
+		call will not return any data. </para>
+
+		<para><emphasis>Warning:</emphasis> Turning off group 
+		enumeration may cause some programs to behave oddly. 
+		</para>
+
+		<para>Default: <command>winbind enum groups = no </command>
+		</para></listitem>
+		</varlistentry>
+
+
+
+		<varlistentry>
+		<term>template homedir</term>
+		<listitem><para>When filling out the user information 
+		for a Windows NT user, the <command>winbindd</command> daemon 
+		uses this parameter to fill in the home directory for that user.  
+		If the string <parameter>%D</parameter> is present it is 
+		substituted with the user's Windows NT domain name.  If the 
+		string <parameter>%U</parameter> is present it is substituted
+		with the user's Windows NT user name. </para>
+
+		<para>Default: <command>template homedir = /home/%D/%U </command>
+		</para></listitem>
+		</varlistentry>
+
+
+		<varlistentry>
+		<term>template shell</term>
+		<listitem><para>When filling out the user information for 
+ 		a Windows NT user, the <command>winbindd</command> daemon 
+		uses this parameter to fill in the shell for that user. 
+		</para>
+
+		<para>Default: <command>template shell = /bin/false </command>
+		</para></listitem>
+		</varlistentry>
+	</variablelist>
 </refsect1>
 
 
diff --git a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml
deleted file mode 100644
index 6d5a019fcbe..00000000000
--- a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml
+++ /dev/null
@@ -1,78 +0,0 @@
-<chapter id="groupmapping">
-<chapterinfo>
-	<author>
-		<firstname>Jean François</firstname><surname>Micouleau</surname>
-	</author>
-</chapterinfo>
-
-<title>Group mapping HOWTO</title>
-
-<para> 
-Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
-current method (likely to change) to manage the groups is a new command called
-<command>smbgroupedit</command>.
-</para>
-
-<para>
-The first immediate reason to use the group mapping on a PDC, is that
-the <command>domain admin group</command> of <filename>smb.conf</filename> is 
-now gone. This parameter was used to give the listed users local admin rights 
-on their workstations. It was some magic stuff that simply worked but didn't
-scale very well for complex setups.
-</para>
-
-<para>
-Let me explain how it works on NT/W2K, to have this magic fade away.
-When installing NT/W2K on a computer, the installer program creates some users
-and groups. Notably the 'Administrators' group, and gives to that group some
-privileges like the ability to change the date and time or to kill any process
-(or close too) running on the local machine. The 'Administrator' user is a
-member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
-group privileges. If a 'joe' user is created and become a member of the
-'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.
-</para>
-
-<para>
-When a NT/W2K machine is joined to a domain, during that phase, the "Domain
-Administrators' group of the PDC is added to the 'Administrators' group of the
-workstation. Every members of the 'Domain Administrators' group 'inherit' the
-rights of the 'Administrators' group when logging on the workstation.
-</para>
-
-<para>
-You are now wondering how to make some of your samba PDC users members of the
-'Domain Administrators' ? That's really easy.
-</para>
-
-<orderedlist> 
-<listitem><para>create a unix group (usually in <filename>/etc/group</filename>), let's call it domadm</para></listitem>
-<listitem><para>add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in <filename>/etc/group</filename> will look like:</para>
-
-<para><programlisting>
-domadm:x:502:joe,john,mary
-</programlisting></para>
-
-</listitem>
-
-<listitem><para>Map this domadm group to the <command>domain admins</command> group by running the command:</para>
-
-<para><command>smbgroupedit -c "Domain Admins" -u domadm</command></para></listitem>
-
-</orderedlist>
-
-<para>You're set, joe, john and mary are domain administrators !</para>
-
-<para>
-Like the Domain Admins group, you can map any arbitrary Unix group to any NT
-group. You can also make any Unix group a domain group. For example, on a domain
-member machine (an NT/W2K or a samba server running winbind), you would like to
-give access to a certain directory to some users who are member of a group on
-your samba PDC. Flag that group as a domain group by running:
-</para>
-
-<para><command>smbgroupedit -a unixgroup -td</command></para>
-
-<para>You can list the various groups in the mapping database like this</para>
-<para><command>smbgroupedit -v</command></para>
-
-</chapter>
diff --git a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
new file mode 100644
index 00000000000..ca7ad6a754e
--- /dev/null
+++ b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml
@@ -0,0 +1,142 @@
+<chapter id="os2">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Jim</firstname><surname>McDonough</surname>
+		<affiliation>
+			<orgname>IBM</orgname>
+			<address>
+				<email>jerry@samba.org</email>
+			</address>
+		</affiliation>
+	</author>
+	
+		
+	<pubdate>5 Mar 2001</pubdate>
+</chapterinfo>
+
+<title>OS2 Client HOWTO</title>
+
+<sect1>
+	<title>FAQs</title>
+
+	<sect2>
+		<title>How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</title>
+
+		<para>A more complete answer to this question can be 
+		found on <ulink url="http://carol.wins.uva.nl/~leeuw/samba/warp.html">
+		http://carol.wins.uva.nl/~leeuw/samba/warp.html</ulink>.</para>
+		
+		<para>Basically, you need three components:</para>
+		
+		<itemizedlist>
+			<listitem><para>The File and Print Client ('IBM Peer')
+			</para></listitem>
+			<listitem><para>TCP/IP ('Internet support') 
+			</para></listitem>
+			<listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
+			</para></listitem>
+		</itemizedlist>
+		
+		<para>Installing the first two together with the base operating 
+		system on a blank system is explained in the Warp manual. If Warp 
+		has already been installed, but you now want to install the 
+		networking support, use the "Selective Install for Networking" 
+		object in the "System Setup" folder.</para>
+
+		<para>Adding the "NetBIOS over TCP/IP" driver is not described 
+		in the manual and just barely in the online documentation. Start 
+		MPTS.EXE, click on OK, click on "Configure LAPS" and click 
+		on "IBM OS/2 NETBIOS OVER TCP/IP" in  'Protocols'.  This line 
+		is then moved to 'Current Configuration'. Select that line, 
+		click on "Change number" and increase it from 0 to 1. Save this
+		configuration.</para>
+
+		<para>If the Samba server(s) is not on your local subnet, you 
+		can optionally add IP names and addresses of these servers 
+		to the "Names List", or specify a  WINS server ('NetBIOS 
+		Nameserver' in IBM and RFC terminology). For Warp Connect you 
+		may need to download an update for 'IBM Peer' to bring it on 
+		the same level as Warp 4. See the webpage mentioned above.</para>
+	</sect2>
+	
+	<sect2>
+		<title>How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</title>
+		
+		<para>You can use the free Microsoft LAN Manager 2.2c Client 
+		for OS/2 from 
+		<ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
+		ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>.
+   	See <ulink url="http://carol.wins.uva.nl/~leeuw/lanman.html">
+		http://carol.wins.uva.nl/~leeuw/lanman.html</ulink> for 
+		more information on how to install and use this client. In 
+		a nutshell, edit the file \OS2VER in the root directory of 
+		the OS/2 boot partition and add the lines:</para>
+		
+		<para><programlisting>
+		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+		</programlisting></para>
+		
+		<para>before you install the client. Also, don't use the 
+		included NE2000 driver because it is buggy. Try the NE2000 
+		or NS2000 driver from 
+		<ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
+ 		ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
+		</para>
+	</sect2>
+	
+	<sect2>
+		<title>Are there any other issues when OS/2 (any version) 
+		is used as a client?</title>
+		
+		<para>When you do a NET VIEW or use the "File and Print 
+		Client Resource Browser", no Samba servers show up. This can 
+		be fixed by a patch from <ulink
+		url="http://carol.wins.uva.nl/~leeuw/samba/fix.html">
+		http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>.
+		The patch will be included in a later version of Samba. It also 
+		fixes a couple of other problems, such as preserving long 
+		filenames when objects are dragged from the Workplace Shell 
+		to the Samba server. </para>
+	</sect2>
+	
+	<sect2>
+		<title>How do I get printer driver download working 
+		for OS/2 clients?</title>
+
+		<para>First, create a share called [PRINTDRV] that is 
+		world-readable.  Copy your OS/2 driver files there.  Note 
+		that the .EA_ files must still be separate, so you will need 
+		to use the original install files, and not copy an installed 
+		driver from an OS/2 system.</para>
+		
+		<para>Install the NT driver first for that printer.  Then, 
+		add to your smb.conf a parameter, "os2 driver map = 
+		<replaceable>filename</replaceable>".  Then, in the file 
+		specified by <replaceable>filename</replaceable>, map the 
+		name of the NT driver name to the OS/2 driver name as 
+		follows:</para>
+		
+		<para>&lt;nt driver name&gt; = &lt;os2 driver 
+		name&gt;.&lt;device name&gt;, e.g.:
+		HP LaserJet 5L = LASERJET.HP LaserJet 5L</para>
+
+		<para>You can have multiple drivers mapped in this file.</para>
+	
+		<para>If you only specify the OS/2 driver name, and not the 
+		device name, the first attempt to download the driver will 
+		actually download the files, but the OS/2 client will tell 
+		you the driver is not available.  On the second attempt, it 
+		will work.  This is fixed simply by adding the device name
+  		 to the mapping, after which it will work on the first attempt.
+		</para>
+	</sect2>
+</sect1>
+
+</chapter>
+   
diff --git a/docs/docbook/projdoc/Other-Clients.sgml b/docs/docbook/projdoc/Other-Clients.sgml
deleted file mode 100644
index f790024c3a8..00000000000
--- a/docs/docbook/projdoc/Other-Clients.sgml
+++ /dev/null
@@ -1,332 +0,0 @@
-<chapter id="Other-Clients">
-<chapterinfo>
-	<author>
-		<firstname>Jim</firstname><surname>McDonough</surname>
-		<affiliation>
-			<orgname>IBM</orgname>
-		</affiliation>
-		<firstname>Jelmer</firstname><surname>Vernooij</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address>jelmer@samba.org</address>
-		</affiliation>
-	</author>
-	
-	<pubdate>5 Mar 2001</pubdate>
-</chapterinfo>
-
-<title>Samba and other CIFS clients</title>
-
-<para>This chapter contains client-specific information.</para>
-
-<sect1>
-<title>Macintosh clients?</title>
-
-<para>
-Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> now have a CIFS Client / Server called DAVE - see
-</para>
-
-<para>
-They test it against Windows 95, Windows NT and samba for
-compatibility issues.  At the time of writing, DAVE was at version
-1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
-the Thursby web site (the speed of finder copies has been greatly
-enhanced, and there are bug-fixes included).
-</para>
-
-<para> 
-Alternatives - There are two free implementations of AppleTalk for
-several kinds of UNIX machnes, and several more commercial ones.
-These products allow you to run file services and print services
-natively to Macintosh users, with no additional support required on
-the Macintosh.  The two free omplementations are 
-<ulink url="http://www.umich.edu/~rsug/netatalk/">Netatalk</ulink>, and 
-<ulink url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP</ulink>.  
-What Samba offers MS
-Windows users, these packages offer to Macs.  For more info on these
-packages, Samba, and Linux (and other UNIX-based systems) see
-<ulink url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html</ulink>
-</para>
-
-</sect1>
-
-<sect1>
-<title>OS2 Client</title>
-
-	<sect2>
-		<title>How can I configure OS/2 Warp Connect or 
-		OS/2 Warp 4 as a client for Samba?</title>
-
-		<para>A more complete answer to this question can be 
-		found on <ulink url="http://carol.wins.uva.nl/~leeuw/samba/warp.html">
-		http://carol.wins.uva.nl/~leeuw/samba/warp.html</ulink>.</para>
-		
-		<para>Basically, you need three components:</para>
-		
-		<itemizedlist>
-			<listitem><para>The File and Print Client ('IBM Peer')
-			</para></listitem>
-			<listitem><para>TCP/IP ('Internet support') 
-			</para></listitem>
-			<listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI')
-			</para></listitem>
-		</itemizedlist>
-		
-		<para>Installing the first two together with the base operating 
-		system on a blank system is explained in the Warp manual. If Warp 
-		has already been installed, but you now want to install the 
-		networking support, use the "Selective Install for Networking" 
-		object in the "System Setup" folder.</para>
-
-		<para>Adding the "NetBIOS over TCP/IP" driver is not described 
-		in the manual and just barely in the online documentation. Start 
-		MPTS.EXE, click on OK, click on "Configure LAPS" and click 
-		on "IBM OS/2 NETBIOS OVER TCP/IP" in  'Protocols'.  This line 
-		is then moved to 'Current Configuration'. Select that line, 
-		click on "Change number" and increase it from 0 to 1. Save this
-		configuration.</para>
-
-		<para>If the Samba server(s) is not on your local subnet, you 
-		can optionally add IP names and addresses of these servers 
-		to the "Names List", or specify a  WINS server ('NetBIOS 
-		Nameserver' in IBM and RFC terminology). For Warp Connect you 
-		may need to download an update for 'IBM Peer' to bring it on 
-		the same level as Warp 4. See the webpage mentioned above.</para>
-	</sect2>
-	
-	<sect2>
-		<title>How can I configure OS/2 Warp 3 (not Connect), 
-		OS/2 1.2, 1.3 or 2.x for Samba?</title>
-		
-		<para>You can use the free Microsoft LAN Manager 2.2c Client 
-		for OS/2 from 
-		<ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/">
-		ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>.
-   	See <ulink url="http://carol.wins.uva.nl/~leeuw/lanman.html">
-		http://carol.wins.uva.nl/~leeuw/lanman.html</ulink> for 
-		more information on how to install and use this client. In 
-		a nutshell, edit the file \OS2VER in the root directory of 
-		the OS/2 boot partition and add the lines:</para>
-		
-		<para><programlisting>
-		20=setup.exe
-		20=netwksta.sys
-		20=netvdd.sys
-		</programlisting></para>
-		
-		<para>before you install the client. Also, don't use the 
-		included NE2000 driver because it is buggy. Try the NE2000 
-		or NS2000 driver from 
-		<ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/">
- 		ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead.
-		</para>
-	</sect2>
-	
-	<sect2>
-		<title>Are there any other issues when OS/2 (any version) 
-		is used as a client?</title>
-		
-		<para>When you do a NET VIEW or use the "File and Print 
-		Client Resource Browser", no Samba servers show up. This can 
-		be fixed by a patch from <ulink
-		url="http://carol.wins.uva.nl/~leeuw/samba/fix.html">
-		http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>.
-		The patch will be included in a later version of Samba. It also 
-		fixes a couple of other problems, such as preserving long 
-		filenames when objects are dragged from the Workplace Shell 
-		to the Samba server. </para>
-	</sect2>
-	
-	<sect2>
-		<title>How do I get printer driver download working 
-		for OS/2 clients?</title>
-
-		<para>First, create a share called [PRINTDRV] that is 
-		world-readable.  Copy your OS/2 driver files there.  Note 
-		that the .EA_ files must still be separate, so you will need 
-		to use the original install files, and not copy an installed 
-		driver from an OS/2 system.</para>
-		
-		<para>Install the NT driver first for that printer.  Then, 
-		add to your smb.conf a parameter, os2 driver map = 
-		<replaceable>filename</replaceable>".  Then, in the file 
-		specified by <replaceable>filename</replaceable>, map the 
-		name of the NT driver name to the OS/2 driver name as 
-		follows:</para>
-		
-		<para><command>nt driver name = os2 "driver 
-		name"."device name"</command>, e.g.:
-		HP LaserJet 5L = LASERJET.HP LaserJet 5L</para>
-
-		<para>You can have multiple drivers mapped in this file.</para>
-	
-		<para>If you only specify the OS/2 driver name, and not the 
-		device name, the first attempt to download the driver will 
-		actually download the files, but the OS/2 client will tell 
-		you the driver is not available.  On the second attempt, it 
-		will work.  This is fixed simply by adding the device name
-  		 to the mapping, after which it will work on the first attempt.
-		</para>
-	</sect2>
-</sect1>
-
-<sect1>
-<title>Windows for Workgroups</title>
-
-<sect2>
-<title>Use latest TCP/IP stack from Microsoft</title>
-
-<para>Use the latest TCP/IP stack from microsoft if you use Windows
-for workgroups.</para>
-
-<para>The early TCP/IP stacks had lots of bugs.</para>
-
-<para> 
-Microsoft has released an incremental upgrade to their TCP/IP 32-Bit
-VxD drivers.  The latest release can be found on their ftp site at
-ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe.
-There is an update.txt file there that describes the problems that were
-fixed.  New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386,
-WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Delete .pwl files after password change</title>
-
-<para>
-WfWg does a lousy job with passwords. I find that if I change my
-password on either the unix box or the PC the safest thing to do is to
-delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.
-</para>
-
-<para> 
-If you don't do this you may find that WfWg remembers and uses the old
-password, even if you told it a new one.
-</para>
-
-<para> 
-Often WfWg will totally ignore a password you give it in a dialog box.
-</para>
-
-</sect2>
-
-<sect2>
-<title>Configure WfW password handling</title>
-
-<para>
-There is a program call admincfg.exe
-on the last disk (disk 8) of the WFW 3.11 disk set.  To install it
-type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon
-for it via the "Progam Manager" "New" Menu.  This program allows you
-to control how WFW handles passwords.  ie disable Password Caching etc
-for use with <command>security = user</command>
-</para>
-
-</sect2>
-
-<sect2>
-<title>Case handling of passwords</title>
-
-<para>Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> information on <command>password level</command> to specify what characters samba should try to uppercase when checking.</para>
-
-</sect2>
-
-</sect1>
-
-<sect1>
-<title>Windows '95/'98</title>
-
-<para>
-When using Windows 95 OEM SR2 the following updates are recommended where Samba
-is being used. Please NOTE that the above change will affect you once these
-updates  have been installed.
-</para>
-
-<para> 
-There are more updates than the ones mentioned here. You are referred to the
-Microsoft Web site for all currently available updates to your specific version
-of Windows 95.
-</para>
-
-<orderedlist>
-<listitem><para>Kernel Update: KRNLUPD.EXE</para></listitem>
-<listitem><para>Ping Fix: PINGUPD.EXE</para></listitem>
-<listitem><para>RPC Update: RPCRTUPD.EXE</para></listitem>
-<listitem><para>TCP/IP Update: VIPUPD.EXE</para></listitem>
-<listitem><para>Redirector Update: VRDRUPD.EXE</para></listitem>
-</orderedlist>
-
-<para>
-Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
-fix may stop your machine from hanging for an extended period when exiting
-OutLook and you may also notice a significant speedup when accessing network
-neighborhood services.
-</para>
-
-</sect1>
-
-<sect1>
-<title>Windows 2000 Service Pack 2</title>
-
-<para> 
-There are several annoyances with Windows 2000 SP2. One of which
-only appears when using a Samba server to host user profiles
-to Windows 2000 SP2 clients in a Windows domain.  This assumes
-that Samba is a member of the domain, but the problem will
-likely occur if it is not.
-</para>
-
-<para> 
-In order to server profiles successfully to Windows 2000 SP2 
-clients (when not operating as a PDC), Samba must have 
-<command>nt acl support = no</command>
-added to the file share which houses the roaming profiles.
-If this is not done, then the Windows 2000 SP2 client will
-complain about not being able to access the profile (Access 
-Denied) and create multiple copies of it on disk (DOMAIN.user.001,
-DOMAIN.user.002, etc...).  See the 
-<ulink url="smb.conf.5.html">smb.conf(5)</ulink> man page
-for more details on this option.  Also note that the 
-<command>nt acl support</command> parameter was formally a global parameter in
-releases prior to Samba 2.2.2.
-</para>
-
-<para> 
-The following is a minimal profile share:
-</para>
-
-<para><programlisting>
-	[profile]
-		path = /export/profile
-		create mask = 0600
-		directory mask = 0700
-		nt acl support = no
-		read only = no
-</programlisting></para>
-
-<para>
-The reason for this bug is that the Win2k SP2 client copies
-the security descriptor for the profile which contains
-the Samba server's SID, and not the domain SID.  The client
-compares the SID for SAMBA\user and realizes it is
-different that the one assigned to DOMAIN\user.  Hence the reason
-for the "access denied" message.
-</para>
-
-<para>
-By disabling the <command>nt acl support</command> parameter, Samba will send
-the Win2k client a response to the QuerySecurityDescriptor
-trans2 call which causes the client to set a default ACL
-for the profile. This default ACL includes 
-</para>
-
-<para><command>DOMAIN\user 	"Full Control"</command></para>
-
-<para><emphasis>NOTE : This bug does not occur when using winbind to
-create accounts on the Samba host for Domain users.</emphasis></para>
-
-</sect1>
-
-</chapter>
diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml
index adcd059bc2f..594516640de 100644
--- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml
+++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml
@@ -154,7 +154,7 @@ password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.
 
 <para>
 Note: PAM allows stacking of authentication mechanisms. It is 
-also possible to pass information obtained within one PAM module through 
+also possible to pass information obtained within on PAM module through 
 to the next module in the PAM stack. Please refer to the documentation for 
 your particular system implementation for details regarding the specific 
 capabilities of PAM in this environment. Some Linux implmentations also 
diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml
deleted file mode 100644
index f2fe66b9dd5..00000000000
--- a/docs/docbook/projdoc/Portability.sgml
+++ /dev/null
@@ -1,148 +0,0 @@
-<chapter id="Portability">
-<chapterinfo>
-	<author>
-		<firstname>Jelmer</firstname><surname>Vernooij</surname>
-	</author>
-</chapterinfo>
-
-<title>Portability</title>
-
-<para>Samba works on a wide range of platforms but the interface all the 
-platforms provide is not always compatible. This chapter contains 
-platform-specific information about compiling and using samba.</para>
-
-<sect1>
-<title>HPUX</title>
-
-<para>
-HP's implementation of supplementary groups is, er, non-standard (for
-hysterical reasons).  There are two group files, /etc/group and
-/etc/logingroup; the system maps UIDs to numbers using the former, but
-initgroups() reads the latter.  Most system admins who know the ropes
-symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons
-too stupid to go into here).  initgroups() will complain if one of the
-groups you're in in /etc/logingroup has what it considers to be an invalid
-ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think)
-60000 currently on HP-UX.  This precludes -2 and 65534, the usual 'nobody'
-GIDs.
-</para>
-
-<para>
-If you encounter this problem, make sure that the programs that are failing 
-to initgroups() be run as users not in any groups with GIDs outside the 
-allowed range.
-</para>
-
-<para>This is documented in the HP manual pages under setgroups(2) and passwd(4).
-</para>
-
-</sect1>
-
-<sect1>
-<title>SCO Unix</title>
-
-<para> 
-If you run an old version of  SCO Unix then you may need to get important 
-TCP/IP patches for Samba to work correctly. Without the patch, you may 
-encounter corrupt data transfers using samba.
-</para>
-
-<para>
-The patch you need is UOD385 Connection Drivers SLS. It is available from
-SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).
-</para>
-
-</sect1>
-
-<sect1>
-<title>DNIX</title>
-
-<para>
-DNIX has a problem with seteuid() and setegid(). These routines are
-needed for Samba to work correctly, but they were left out of the DNIX
-C library for some reason.
-</para>
-
-<para>
-For this reason Samba by default defines the macro NO_EID in the DNIX
-section of includes.h. This works around the problem in a limited way,
-but it is far from ideal, some things still won't work right.
-</para>
-
-<para> 
-To fix the problem properly you need to assemble the following two
-functions and then either add them to your C library or link them into
-Samba.
-</para>
-
-<para> 
-put this in the file <filename>setegid.s</filename>:
-</para>
-
-<para><programlisting>
-        .globl  _setegid
-_setegid:
-        moveq   #47,d0
-        movl    #100,a0
-        moveq   #1,d1
-        movl    4(sp),a1
-        trap    #9
-        bccs    1$
-        jmp     cerror
-1$:
-        clrl    d0
-        rts
-</programlisting></para>
-
-<para>
-put this in the file <filename>seteuid.s</filename>:
-</para>
-
-<para><programlisting>
-        .globl  _seteuid
-_seteuid:
-        moveq   #47,d0
-        movl    #100,a0
-        moveq   #0,d1
-        movl    4(sp),a1
-        trap    #9
-        bccs    1$
-        jmp     cerror
-1$:
-        clrl    d0
-        rts
-</programlisting></para>
-
-<para>
-after creating the above files you then assemble them using
-</para>
-
-<para><command>as seteuid.s</command></para>
-<para><command>as setegid.s</command></para>
-
-<para>
-that should produce the files <filename>seteuid.o</filename> and 
-<filename>setegid.o</filename>
-</para>
-
-<para>
-then you need to add these to the LIBSM line in the DNIX section of
-the Samba Makefile. Your LIBSM line will then look something like this:
-</para>
-
-<para><programlisting>
-LIBSM = setegid.o seteuid.o -ln
-</programlisting></para>
-
-<para> 
-You should then remove the line:
-</para>
-
-<para><programlisting>
-#define NO_EID
-</programlisting></para>
-
-<para>from the DNIX section of <filename>includes.h</filename></para>
-
-</sect1>
-</chapter>
diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
index 7653e3d1c03..08cdc3a6680 100644
--- a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
@@ -64,9 +64,13 @@ parameters in the [global]-section of the smb.conf have to be set:
 </para>
 
 <para><programlisting>
-workgroup = SAMBA
-domain master = yes
-domain logons = yes
+[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....
 </programlisting></para>
 
 <para>
@@ -156,42 +160,48 @@ Several things have to be done:
 
 <itemizedlist>
 
-<listitem><para>
-The domain SID has to be the same on the PDC and the BDC. This used to
-be stored in the file private/MACHINE.SID. This file is not created
-anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
-stored in the file private/secrets.tdb. Simply copying the secrets.tdb
-from the PDC to the BDC does not work, as the BDC would
-generate a new SID for itself and override the domain SID with this
-new BDC SID.</para>
-
-<para>
-To retrieve the domain SID from the PDC or an existing BDC and store it in the
-secrets.tdb, execute 'net rpc getsid' on the BDC.
-</para></listitem>
-
-<listitem><para>
-The Unix user database has to be synchronized from the PDC to the
-BDC. This means that both the /etc/passwd and /etc/group have to be
-replicated from the PDC to the BDC. This can be done manually
-whenever changes are made, or the PDC is set up as a NIS master
-server and the BDC as a NIS slave server. To set up the BDC as a
-mere NIS client would not be enough, as the BDC would not be able to
-access its user database in case of a PDC failure.
-</para></listitem>
-
-<listitem><para>
-The Samba password database in the file private/smbpasswd has to be
-replicated from the PDC to the BDC. This is a bit tricky, see the
-next section.
-</para></listitem>
-
-<listitem><para>
-Any netlogon share has to be replicated from the PDC to the
-BDC. This can be done manually whenever login scripts are changed,
-or it can be done automatically together with the smbpasswd
-synchronization.
-</para></listitem>
+	<listitem><para>
+	The file <filename>private/MACHINE.SID</filename> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <filename>private/secrets.tdb</filename> database.  This file cannot just
+	be copied because Samba looks under the key <constant>SECRETS/SID/<replaceable>DOMAIN</replaceable></constant>.
+	where <replaceable>DOMAIN</replaceable> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </para>
+	<para>
+	A new option has been added to the <command>smbpasswd(8)</command>
+	command to help ease this problem.  When running <command>smbpasswd -S</command> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<parameter>workgroup</parameter> parameter in <filename>smb.conf</filename> and stored as the
+	new Samba server's machine SID.  See the <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>
+	man page for more details on this functionality.
+	</para></listitem>
+
+	<listitem><para>
+	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</para></listitem>
+
+	<listitem><para>
+	The Samba password database in the file <filename>private/smbpasswd</filename>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</para></listitem>
+
+	<listitem><para>
+	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</para></listitem>
 
 </itemizedlist>
 
@@ -201,9 +211,13 @@ by setting
 </para>
 
 <para><programlisting>
-workgroup = samba
-domain master = no
-domain logons = yes
+[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....
 </programlisting></para>
 
 <para>
@@ -220,8 +234,9 @@ name is reserved for the Primary Domain Controller.
 
 <para>
 Replication of the smbpasswd file is sensitive. It has to be done
-whenever changes to the SAM are made. Every user's password change is
-done in the smbpasswd file and has to be replicated to the BDC. So
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
 replicating the smbpasswd file very often is necessary.
 </para>
 
@@ -229,11 +244,18 @@ replicating the smbpasswd file very often is necessary.
 As the smbpasswd file contains plain text password equivalents, it
 must not be sent unencrypted over the wire. The best way to set up
 smbpasswd replication from the PDC to the BDC is to use the utility
-rsync. rsync can use ssh as a transport. ssh itself can be set up to
-accept *only* rsync transfer without requiring the user to type a
-password.
+<command>rsync(1)</command>. <command>rsync</command> can use
+<command>ssh(1)</command> as a transport. <command>ssh</command> itself
+can be set up to accept <emphasis>only</emphasis> <command>rsync</command> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.
 </para>
 
+<para>
+Another solution with high potential is to use Samba's <parameter>--with-ldapsam</parameter>
+for sharing and/or replicating the list of <constant>sambaAccount</constant> entries.
+This can all be done over SSL to ensure security.  See the <ulink url="Samba-LDAP-HOWTO.html">Samba-LDAP-HOWTO</ulink>
+for more details.
+</para>
 
 </sect2>
 </sect1>
diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
index a66df0c7676..6b153af6feb 100644
--- a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml
@@ -15,7 +15,7 @@
 	</author>
 
 
-	<pubdate> (13 Jan 2002) </pubdate>
+	<pubdate> (16 Jun 2002) </pubdate>
 </chapterinfo>
 
 <title>Storing Samba's User/Machine Account information in an LDAP Directory</title>
@@ -39,7 +39,7 @@ on LDAP architectures and Directories, please refer to the following sites.
 <para>
 Note that <ulink url="http://www.ora.com/">O'Reilly Publishing</ulink> is working on
 a guide to LDAP for System Administrators which has a planned release date of
-early summer, 2002.
+late 2002.
 </para>
 
 <para>
@@ -51,7 +51,8 @@ Two additional Samba resources which may prove to be helpful are
 	maintained by Ignacio Coupeau.</para></listitem>
 
 	<listitem><para>The NT migration scripts from <ulink url="http://samba.idealx.org/">IDEALX</ulink> that are
-	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <filename>examples/LDAP/smbldap-tools/</filename> directory.
 	</para></listitem>
 </itemizedlist>
 
@@ -75,7 +76,7 @@ in the thousands).
 The first is that all lookups must be performed sequentially.  Given that
 there are approximately two lookups per domain logon (one for a normal
 session connection such as when mapping a network drive or printer), this
-is a performance bottleneck for lareg sites.  What is needed is an indexed approach
+is a performance bottleneck for large sites.  What is needed is an indexed approach
 such as is used in databases.
 </para></listitem>
 
@@ -96,7 +97,7 @@ Identified (RID).
 
 <para>
 As a result of these defeciencies, a more robust means of storing user attributes
-used by smbd was developed.  The API which defines access to user accounts
+used by <command>smbd</command> was developed.  The API which defines access to user accounts
 is commonly referred to as the samdb interface (previously this was called the passdb
 API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
 for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or
@@ -105,7 +106,7 @@ for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or
 
 <para>
 When compiling Samba to include the <parameter>--with-ldapsam</parameter> autoconf
-option, smbd (and associated tools) will store and lookup user accounts in
+option, <command>smbd</command> (and associated tools) will store and lookup user accounts in
 an LDAP directory.  In reality, this is very easy to understand.  If you are
 comfortable with using an smbpasswd file, simply replace "smbpasswd" with
 "LDAP directory" in all the documentation.
@@ -162,7 +163,7 @@ in 2.2.2).  The sambaAccount objectclass is given here:
 </para>
 
 <para><programlisting>
-objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
      DESC 'Samba Account'
      MUST ( uid $ rid )
      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
@@ -172,29 +173,45 @@ objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
 </programlisting></para>
 
 <para>
-The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
+The <filename>samba.schema</filename> file has been formatted for OpenLDAP 2.0 & 2.1.  The OID's are
 owned by the Samba Team and as such is legal to be openly published.
 If you translate the schema to be used with Netscape DS, please
-submit the modified schema file as a patch to <ulink
-url="jerry@samba.org">jerry@samba.org</ulink>
+submit the modified schema file as a patch to <ulink url="jerry@samba.org">jerry@samba.org</ulink>
+</para>
+
+<para>
+Since the original release, schema files for
+</para>
+
+<itemizedlist>
+	<listitem><para>IBM's SecureWay Server</para></listitem>
+	<listitem><para>Netscape Directory Server version 4.x and 5.x</para></listitem>
+</itemizedlist>
+
+<para>
+have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.
 </para>
 
 <para>
 Just as the smbpasswd file is mean to store information which supplements a
 user's <filename>/etc/passwd</filename> entry, so is the sambaAccount object
-meant to supplement the UNIX user account information.  A sambaAccount is a
-<constant>STRUCTURAL</constant> objectclass so it can be stored individually
-in the directory.  However, there are several fields (e.g. uid) which overlap
-with the posixAccount objectclass outlined in RFC2307.  This is by design.
+meant to supplement the UNIX user account information.  A sambaAccount is now an
+<constant>AUXILARY</constant> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.
 </para>
 
-<!--olem: we should perhaps have a note about shadowAccounts too as many
-systems use them, isn'it ? -->
 
 <para>
 In order to store all user account information (UNIX and Samba) in the directory,
 it is necessary to use the sambaAccount and posixAccount objectclasses in
-combination.  However, smbd will still obtain the user's UNIX account
+combination.  However, <command>smbd</command> will still obtain the user's UNIX account
 information via the standard C library calls (e.g. getpwnam(), et. al.).
 This means that the Samba server must also have the LDAP NSS library installed
 and functioning correctly.  This division of information makes it possible to
@@ -254,9 +271,9 @@ like in the following example, to speed up searches made on sambaAccount objectc
 ## required by OpenLDAP 2.0
 index objectclass   eq
 
-## support pb_getsampwnam()
+## support pbb_getsampwnam()
 index uid           pres,eq
-## support pdb_getsambapwrid()
+## support pdb_getsampwrid()
 index rid           eq
 
 ## uncomment these if you are storing posixAccount and
@@ -326,14 +343,44 @@ use with an LDAP directory could appear as
      ldap suffix = "ou=people,dc=samba,dc=org"
 
      # generally the default ldap search filter is ok
-     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"
+     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
 </programlisting></para>
 
 
 </sect2>
+
+
+<sect2>
+<title>Importing <filename>smbpasswd</filename> entries</title>
+
+<para>
+Import existing user entries from an <filename>smbpasswd</filename> can be trivially done using
+a Perl script named <filename>import_smbpasswd.pl</filename> included in the
+<filename>examples/LDAP/</filename> directory of the Samba source distribution.  There are
+two main requirements of this script:
+</para>
+
+<itemizedlist>
+	<listitem><para>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</para></listitem>
+
+	<listitem><para>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <ulink url="http://search.cpan.org/">http://search.cpan.org/</ulink>
+	by searching for <filename>perl-ldap</filename> or directly from <ulink
+	url="http://perl-ldap.sf.net/">http://perl-ldap.sf.net/</ulink>.
+	</para></listitem>
+</itemizedlist>
+
+<para>
+Please refer to the documentation in the same directory as the script for more details.
+</para>
+
+</sect2>
 </sect1>
 
 
+
 <sect1>
 <title>Accounts and Groups management</title>
 
@@ -582,7 +629,7 @@ ntPassword: 878D8014606CDA29677A44EFA1353FC7
 <para>
 Please mail all comments regarding this HOWTO to <ulink
 url="mailto:jerry@samba.org">jerry@samba.org</ulink>.  This documents was
-last updated to reflect the Samba 2.2.3 release.
+last updated to reflect the Samba 2.2.5 release.
 
 </para>
 
diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
index 5b21e0a535f..475b66598c2 100644
--- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml
@@ -1652,7 +1652,7 @@ I think this is all bogus, but have not deleted it. (Richard Sharpe)
 </warning>
 
 <para>
-The default logon path is \\%N\%U.  NT Workstation will attempt to create
+The default logon path is \\%N\U%.  NT Workstation will attempt to create
 a directory "\\samba-server\username.PDS" if you specify the logon path
 as "\\samba-server\username" with the NT User Manager.  Therefore, you
 will need to specify (for example) "\\samba-server\username\profile".
diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml
index c307636d5fa..39c0213d79e 100644
--- a/docs/docbook/projdoc/UNIX_INSTALL.sgml
+++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml
@@ -359,16 +359,13 @@
 		<title>Printing from UNIX to a Client PC</title>
 
 		<para>To use a printer that is available via a smb-based 
-		server from a unix host with LPR you will need to compile the 
+		server from a unix host you will need to compile the 
 		smbclient program. You then need to install the script 
 		"smbprint". Read the instruction in smbprint for more details.
 		</para>
 
 		<para>There is also a SYSV style script that does much 
 		the same thing called smbprint.sysv. It contains instructions.</para>
-
-		<para>See the CUPS manual for information about setting up 
-		printing from a unix host with CUPS to a smb-based server. </para>
 	</sect2>
 
 	<sect2>
@@ -434,5 +431,15 @@
 		See the smb.conf man page for details.</para>
 	</sect2>
 
+	<sect2>
+		<title>Other Character Sets</title>
+
+		<para>If you have problems using filenames with accented 
+		characters in them (like the German, French or Scandinavian 
+		character sets) then I recommend you look at the "valid chars" 
+		option in smb.conf and also take a look at the validchars 
+		package in the examples directory.</para>
+	</sect2>
+	
 </sect1>	
 </chapter>
diff --git a/docs/docbook/projdoc/cups.sgml b/docs/docbook/projdoc/cups.sgml
new file mode 100644
index 00000000000..57a12843a84
--- /dev/null
+++ b/docs/docbook/projdoc/cups.sgml
@@ -0,0 +1,445 @@
+<chapter id="cups">
+
+
+<chapterinfo>
+	<author>
+		<firstname>Kurt</firstname><surname>Pfeifle</surname>
+		<affiliation>
+			<address>
+				<email>kpfeifle@danka.de</email>
+			</address>
+		</affiliation>
+	</author>
+
+
+	<pubdate> (24 May 2002) </pubdate>
+</chapterinfo>
+
+<title>Printing with CUPS in Samba 2.2.x</title>
+
+
+<sect1>
+<title>Printing with CUPS in Samba 2.2.x</title>
+
+<para>
+<ulink url="http://www.cups.org/">CUPS</ulink> is a newcomer in
+the UNIX printing scene, which has convinced many people upon first trial
+already. However, it has quite a few new features, which make it different
+from other, more traditional printing systems.
+</para>
+</sect1>
+
+
+<sect1>
+<title>Configuring <filename>smb.conf</filename> for CUPS</title>
+
+<para>
+Printing with CUPS in the most basic <filename>smb.conf</filename>
+setup in Samba 2.2.x only needs two settings: <command>printing = cups</command> and
+<command>printcap = cups</command>. While CUPS itself doesn't need a printcap
+anymore, the <filename>cupsd.conf</filename> configuration file knows two directives
+(example: <command>Printcap /etc/printcap</command> and <command>PrintcapFormat
+BSD</command>), which control if such a file should be created for the
+convenience of third party applications. Make sure it is set! For details see
+<command>man cupsd.conf</command> and other CUPS-related documentation.
+</para>
+
+<para>
+If SAMBA is compiled against libcups, then <command>printcap =
+cups</command> uses the CUPS API to list printers, submit jobs, etc. Otherwise it
+maps to the System V commands with an additional <parameter>-oraw</parameter>
+option for printing. On a Linux system, you can use the <command>ldd</command> command to
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):
+</para>
+
+<para>
+<programlisting>transmeta:/home/kurt # ldd `which smbd`
+        libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x4002d000)
+        libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
+        libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000)
+        libdl.so.2 => /lib/libdl.so.2 (0x401e8000)
+        libnsl.so.1 => /lib/libnsl.so.1 (0x401ec000)
+        libpam.so.0 => /lib/libpam.so.0 (0x40202000)
+        libc.so.6 => /lib/libc.so.6 (0x4020b000)
+        /lib/ld-linux.so.2 =&gt; /lib/ld-linux.so.2 (0x40000000)
+</programlisting></para>
+
+<para>
+The line "libcups.so.2 =&gt; /usr/lib/libcups.so.2
+(0x40123000)" shows there is CUPS support compiled into this version of
+Samba. If this is the case, and <command>printing = cups</command> is set, then any
+otherwise manually set print command in smb.conf is ignored.
+</para>
+</sect1>
+
+
+
+
+<sect1>
+<title>Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</title>
+
+<para>
+You can setup Samba and your Windows clients to use the
+CUPS print subsystem just as you would with any of the more traditional print
+subsystems: that means the use of vendor provided, native Windows printer
+drivers for each target printer. If you setup the [print$] share to
+download these drivers to the clients, their GDI system (Graphical Device
+Interface) will output the Wndows EMF (Enhanced MetaFile) and
+convert it -- with the help of the printer driver -- locally into the format
+the printer is expecting. Samba and the CUPS print subsystem will have to
+treat these files as raw print files  -- they are already in the
+shape to be digestable for the printer. This is the same traditional setup
+for Unix print servers handling Windows client jobs. It does not take much
+CPU power to handle this kind of task efficiently.
+</para>
+</sect1>
+
+
+
+
+<sect1>
+<title>CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</title>
+
+
+<para>
+CUPS is perfectly able to use PPD files (PostScript
+Printer Descriptions). PPDs can control all print device options. They
+are usually provided by the manufacturer -- if you own a PostSript printer,
+that is. PPD files are always a component of PostScript printer drivers on MS
+Windows or Apple Mac OS systems. They are ASCII files containing
+user-selectable print options, mapped to appropriate PostScript, PCL or PJL
+commands for the target printer. Printer driver GUI dialogs translate these
+options "on-the-fly" into buttons and drop-down lists for the user to
+select.
+</para>
+
+<para>
+CUPS can load, without any conversions, the PPD file from
+any Windows (NT is recommended) PostScript driver and handle the options.
+There is a web browser interface to the print options (select
+http://localhost:631/printers/ and click on one "Configure Printer" button
+to see it), a commandline interface (see <command>man lpoptions</command> or
+try if you have <command>lphelp</command> on your system) plus some different GUI frontends on Linux
+UNIX, which can present PPD options to the users. PPD options are normally
+meant to become evaluated by the PostScript RIP on the real PostScript
+printer.
+</para>
+
+<para>
+CUPS doesn't stop at "real" PostScript printers in its
+usage of PPDs. The CUPS developers have extended the PPD concept, to also
+describe available device and driver options for non-PostScript printers
+through  CUPS-PPDs.
+</para>
+
+<para>
+This is logical, as CUPS includes a fully featured
+PostScript interpreter (RIP). This RIP is based on Ghostscript. It can
+process all received PostScript (and additionally many other file formats)
+from clients. All CUPS-PPDs geared to non-PostScript printers contain an
+additional line, starting with the keyword <parameter>*cupsFilter</parameter>.
+This line
+tells the CUPS print system which printer-specific filter to use for the
+interpretation of the accompanying PostScript. Thus CUPS lets all its
+printers appear as PostScript devices to its clients, because it can act as a
+PostScript RIP for those printers, processing the received PostScript code
+into a proper raster print format.
+</para>
+
+<para>
+CUPS-PPDs can also be used on Windows-Clients, on top of a
+PostScript driver (recommended is the Adobe one).
+</para>
+
+<para>
+This feature enables CUPS to do a few tricks no other
+spooler can do:
+</para>
+
+<itemizedlist>
+  <listitem><para>act as a networked PostScript RIP (Raster Image Processor), handling
+    printfiles from all client platforms in a uniform way;</para></listitem>
+  <listitem><para>act as a central accounting and billing server, as all files are passed
+    through the <command>pstops</command> Filter and are therefor logged in
+    the CUPS <filename>page&lowbar;log</filename>. - <emphasis>NOTE: </emphasis>this
+    can not happen with "raw" print jobs, which always remain unfiltered
+    per definition;</para></listitem>
+  <listitem><para>enable clients to consolidate on a single PostScript driver, even for
+    many different target printers.</para></listitem>
+</itemizedlist>
+</sect1>
+
+
+
+<sect1>
+<title>Windows Terminal Servers (WTS) as CUPS clients</title>
+
+<para>
+This setup may be of special interest to people
+experiencing major problems in WTS environments. WTS need often a multitude
+of non-PostScript drivers installed to run their clients' variety of
+different printer models. This often imposes the price of much increased
+instability. In many cases, in an attempt to overcome this problem, site
+administrators have resorted to restrict the allowed drivers installed on
+their WTS to one generic PCL- and one PostScript driver. This however
+restricts the clients in the amount of printer options available for them --
+often they can't get out more then simplex prints from one standard paper
+tray, while their devices could do much better, if driven by a different
+driver!
+</para>
+
+<para>
+Using an Adobe PostScript driver, enabled with a CUPS-PPD,
+seems to be a very elegant way to overcome all these shortcomings. The
+PostScript driver is not known to cause major stability problems on WTS (even
+if used with many different PPDs). The clients will be able to (again) chose
+paper trays, duplex printing and other settings. However, there is a certain
+price for this too: a  CUPS server acting as a PostScript RIP for its clients
+requires more CPU and RAM than just to act as  a "raw spooling" device. Plus,
+this setup is not yet widely tested, although the first feedbacks look very
+promising...
+</para>
+</sect1>
+
+
+<sect1>
+<title>Setting up CUPS for driver download</title>
+
+<para>
+The <command>cupsadsmb</command> utility (shipped with all current
+CUPS versions) makes the sharing of any (or all) installed CUPS printers very
+easy. Prior to using it, you need the following settings in smb.conf:
+</para>
+
+<para><programlisting>[global]
+         load printers = yes
+         printing = cups
+         printcap name = cups
+
+[printers]
+         comment = All Printers
+         path = /var/spool/samba
+         browseable = no
+         public = yes
+         guest ok = yes
+         writable = no
+         printable = yes
+         printer admin = root
+
+[print$]
+         comment = Printer Drivers
+         path = /etc/samba/drivers
+         browseable = yes
+         guest ok = no
+         read only = yes
+         write list = root
+</programlisting></para>
+
+<para>
+For licensing reasons the necessary files of the Adobe
+Postscript driver can not be distributed with either Samba or CUPS. You need
+to download them yourself from the Adobe website. Once extracted, create a
+<filename>drivers</filename> directory in the CUPS data directory (usually
+<filename>/usr/share/cups/</filename>). Copy the Adobe files using
+UPPERCASE filenames, to this directory as follows:
+</para>
+
+<para><programlisting>
+        ADFONTS.MFM
+        ADOBEPS4.DRV
+        ADOBEPS4.HLP
+        ADOBEPS5.DLL
+        ADOBEPSU.DLL
+        ADOBEPSU.HLP
+        DEFPRTR2.PPD
+        ICONLIB.DLL
+</programlisting></para>
+
+<para>
+Users of the ESP Print Pro software are able to install
+their "Samba Drivers" package for this purpose with no problem.
+</para>
+</sect1>
+
+
+
+<sect1>
+<title>Sources of CUPS drivers / PPDs</title>
+
+<para>
+On the internet you can find now many thousand CUPS-PPD
+files (with their companion filters), in many national languages,
+supporting more than 1.000 non-PostScript models.
+</para>
+
+<itemizedlist>
+  <listitem><para><ulink url="http://wwwl.easysw.com/printpro/">ESP PrintPro
+    (http://wwwl.easysw.com/printpro/)</ulink>
+    (commercial, non-Free) is packaged with more than 3.000 PPDs, ready for
+    successful usage "out of the box" on Linux, IBM-AIX, HP-UX, Sun-Solaris,
+    SGI-IRIX, Compaq Tru64, Digital Unix and some more commercial Unices (it
+    is written by the CUPS developers themselves and its sales help finance
+    the further development of CUPS, as they feed their creators)</para></listitem>
+  <listitem><para>the <ulink
+    url="http://gimp-print.sourceforge.net/">Gimp-Print-Project
+    (http://gimp-print.sourceforge.net/)</ulink>
+    (GPL, Free Software) provides around 120 PPDs (supporting nearly 300
+    printers, many driven to photo quality output), to be used alongside the
+    Gimp-Print CUPS filters;</para></listitem>
+  <listitem><para><ulink url="http://www.turboprint.com/">TurboPrint
+    (http://www.turboprint.com/)</ulink>
+    (Shareware, non-Freee) supports roughly the same amount of printers in
+    excellent quality;</para></listitem>
+  <listitem><para><ulink
+    url="http://www-124.ibm.com/developerworks/oss/linux/projects/omni/">OMNI
+    (http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)</ulink>
+    (LPGL, Free) is a package made by IBM, now containing support for more
+    than 400 printers, stemming from the inheritance of IBM OS/2 KnowHow
+    ported over to Linux (CUPS support is in a Beta-stage at present);</para></listitem>
+  <listitem><para><ulink url="http://hpinkjet.sourceforge.net/">HPIJS
+    (http://hpinkjet.sourceforge.net/)</ulink>
+    (BSD-style licnes, Free) supports around 120 of HP's own printers and is
+    also providing excellent print quality now;</para></listitem>
+  <listitem><para><ulink
+    url="http://www.linuxprinting.org/">Foomatic/cupsomatic (http://www.linuxprinting.org/)</ulink> 
+    (LPGL, Free) from Linuxprinting.org are providing PPDs for practically every
+    Ghostscript filter known to the world, now usable with CUPS.</para></listitem>
+</itemizedlist>
+
+<para>
+<emphasis>NOTE: </emphasis>the cupsomatic trick from Linuxprinting.org is
+working different from the other drivers. While the other drivers take the
+generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
+RIP-ping, deviates it to an external Ghostscript installation (which now
+becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...
+</para>
+
+<para>
+Once you installed a printer inside CUPS with one of the
+recommended methods (the lpadmin command, the web browser interface or one of
+the available GUI wizards), you can use <command>cupsaddsmb</command> to share the
+printer via Samba. <command>cupsaddsmb</command> prepares the driver files for
+comfortable client download and installation upon their first contact with
+this printer share.
+</para>
+
+
+
+<sect2>
+<title><command>cupsaddsmb</command></title>
+
+
+<para>
+The <command>cupsaddsmb</command> command copies the needed files
+for convenient Windows client installations from the previously prepared CUPS
+data directory to your [print$] share. Additionally, the PPD
+associated with this printer is copied from <filename>/etc/cups/ppd/</filename> to
+[print$].
+</para>
+
+<para><programlisting>
+<prompt>root# </prompt> <command>cupsaddsmb -U root infotec_IS2027</command>
+Password for root required to access localhost via SAMBA: <userinput>[type in password 'secret']</userinput>
+</programlisting></para>
+
+<para>
+To share all printers and drivers, use the <parameter>-a</parameter>
+parameter instead of a printer name.
+</para>
+
+
+<para>
+Probably you want to see what's going on. Use the
+<parameter>-v</parameter> parameter to get a more verbose output:
+</para>
+
+<para><programlisting>
+<prompt>root# </prompt> cupsaddsmb -v -U root infotec_IS2027
+    Password for root required to access localhost via SAMBA:
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3cd1cc66376c0 W32X86/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \W32X86/infotec_IS2027.PPD (17394.6 kb/s) (average 17395.2 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (10877.4 kb/s) (average 11343.0 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (5095.2 kb/s) (average 9260.4 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (8828.7 kb/s) (average 9247.1 kb/s)
+
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3cd1cc66376c0 WIN40/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \WIN40/infotec_IS2027.PPD (26091.5 kb/s) (average 26092.8 kb/s)
+    putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (11241.6 kb/s) (average 11812.9 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (16640.6 kb/s) (average 14679.3 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (11285.6 kb/s) (average 14281.5 kb/s)
+    putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (823.5 kb/s) (average 12944.0 kb/s)
+    putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (19226.2 kb/s) (average 13169.7 kb/s)
+    putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 13266.7 kb/s)
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"'
+    cmd = adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
+    cmd = adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver infotec_IS2027 infotec_IS2027'
+    cmd = setdriver infotec_IS2027 infotec_IS2027
+    Succesfully set infotec_IS2027 to driver infotec_IS2027.
+
+    <prompt>root# </prompt>
+</programlisting></para>
+
+<para>
+If you look closely, you'll discover your root password
+was transfered unencrypted over the wire, so beware! Also, if you look
+further her, you'll discover error messages like
+<constant>NT_STATUS_OBJECT_NAME_COLLISION</constant> in between. They occur, because
+the directories <filename>WIN40</filename> and <filename>W32X86</filename> already
+existed in the [print$] driver download share (from a previous driver
+installation). They are harmless here.
+</para>
+
+<para>
+Now your printer is prepared for the clients to use. From
+a client, browse to the CUPS/Samba server, open the "Printers"
+share, right-click on this printer and select "Install..." or
+"Connect..." (depending on the Windows version you use). Now their
+should be a new printer in your client's local "Printers" folder,
+named (in my case) "infotec_IS2027 on kdebitshop"
+</para>
+
+<para>
+<emphasis>NOTE: </emphasis>
+<command>cupsaddsmb</command> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.
+</para>
+</sect2>
+</sect1>
+
+
+</chapter>
diff --git a/docs/docbook/projdoc/printer_driver2.sgml b/docs/docbook/projdoc/printer_driver2.sgml
index 85ae0713b39..2afba6b5968 100644
--- a/docs/docbook/projdoc/printer_driver2.sgml
+++ b/docs/docbook/projdoc/printer_driver2.sgml
@@ -107,7 +107,7 @@ the client.
  
 <para>
 These parameters, including <parameter>printer driver
-file</parameter> parameter, are being deprecated and should not 
+file</parameter> parameter, are being deprecated and should not
 be used in new installations.  For more information on this change, 
 you should refer to the <link linkend="MIGRATION">Migration section</link>
 of this document.
@@ -259,37 +259,37 @@ driver now?</emphasis>
 </para>
 
 <para>
-Click "No" in the error dialog and you will be presented with
-the printer properties window.  The way to assign a driver to a 
+Click <emphasis>No</emphasis> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
 printer is to either
 </para>
-	
+
 <itemizedlist>
-	<listitem><para>Use the "New Driver..." button to install 
+	<listitem><para>Use the "New Driver..." button to install
 	a new printer driver, or</para></listitem>
-	
-	<listitem><para>Select a driver from the popup list of 
+
+	<listitem><para>Select a driver from the popup list of
 	installed drivers.  Initially this list will be empty.</para>
 	</listitem>
 </itemizedlist>
-	
-<para>If you wish to install printer drivers for client 
-operating systems other than "Windows NT x86", you will need 
+
+<para>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
 to use the "Sharing" tab of the printer properties dialog.</para>
 
-<para>Assuming you have connected with a root account, you 
-will also be able modify other printer properties such as 
+<para>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
 ACLs and device settings using this dialog box.</para>
 
-<para>A few closing comments for this section, it is possible 
+<para>A few closing comments for this section, it is possible
 on a Windows NT print server to have printers
 listed in the Printers folder which are not shared.  Samba does
 not make this distinction.  By definition, the only printers of
 which Samba is aware are those which are specified as shares in
 <filename>smb.conf</filename>.</para>
-  
+
 <para>Another interesting side note is that Windows NT clients do
-not use the SMB printer share, but rather can print directly 
+not use the SMB printer share, but rather can print directly
 to any printer on another Windows NT host using MS-RPC.  This
 of course assumes that the printing client has the necessary
 privileges on the remote host serving the printer.  The default
@@ -297,42 +297,77 @@ permissions assigned by Windows NT to a printer gives the "Print"
 permissions to the "Everyone" well-known group.
 </para>
 
-</sect2>	
+</sect2>
+
+<sect2>
+<title>DeviceModes and New Printers</title>
+
+<para>
+In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:
+</para>
+
+<itemizedlist>
+	<listitem><para>a valid Device Mode generated by the driver for the printer, and</para></listitem>
+	<listitem><para>a complete set of PrinterDriverData generated by the driver.</para></listitem>
+</itemizedlist>
+
+<para>
+If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).
+</para>
+
+<para>
+Samba also includes a service level parameter name <ulink url="smb.conf.5.html#DEFAULTDEVMODE">default
+devmode</ulink> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.
+</para>
+
+</sect2>
 
 
 <sect2>
 <title>Support a large number of printers</title>
-		
+
 <para>One issue that has arisen during the development
 phase of Samba 2.2 is the need to support driver downloads for
-100's of printers.  Using the Windows NT APW is somewhat 
-awkward to say the list.  If more than one printer are using the 
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
 same driver, the <ulink url="rpcclient.1.html"><command>rpcclient's
-setdriver command</command></ulink> can be used to set the driver
+setdriver</command></ulink> command can be used to set the driver
 associated with an installed driver.  The following is example
 of how this could be accomplished:</para>
-		
-<para><programlisting> 
+
+<para><programlisting>
 <prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumdrivers"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
- 
+
 [Windows NT x86]
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4000 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 2100 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4Si/4SiMX PS]
-				  
+
 <prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumprinters"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
      flags:[0x800000]
      name:[\\POGO\hp-print]
      description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
      comment:[]
-				  
+
 <prompt>$ </prompt>rpcclient pogo -U root%secret \
 <prompt>&gt; </prompt> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
@@ -344,10 +379,10 @@ Successfully set hp-print to driver HP LaserJet 4000 Series PS.
 
 <sect2>
 <title>Adding New Printers via the Windows NT APW</title>
-	
+
 <para>
 By default, Samba offers all printer shares defined in <filename>smb.conf</filename>
-in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
 Add Printer Wizard icon.  The APW will be show only if
 </para>
 
@@ -356,24 +391,24 @@ Add Printer Wizard icon.  The APW will be show only if
 	execute an OpenPrinterEx(\\server) with administrative
 	privileges (i.e. root or <parameter>printer admin</parameter>).
 	</para></listitem>
-	
-	<listitem><para><ulink url="smb.conf.5.html#SHOWADDPRINTERWIZARD"><parameter>show 
+
+	<listitem><para><ulink url="smb.conf.5.html#SHOWADDPRINTERWIZARD"><parameter>show
 	add printer wizard = yes</parameter></ulink> (the default).
 	</para></listitem>
 </itemizedlist>
 
 <para>
-In order to be able to use the APW to successfully add a printer to a Samba 
-server, the <ulink url="smb.conf.5.html#ADDPRINTERCOMMAND"><parameter>add 
+In order to be able to use the APW to successfully add a printer to a Samba
+server, the <ulink url="smb.conf.5.html#ADDPRINTERCOMMAND"><parameter>add
 printer command</parameter></ulink> must have a defined value.  The program
-hook must successfully add the printer to the system (i.e. 
-<filename>/etc/printcap</filename> or appropriate files) and 
+hook must successfully add the printer to the system (i.e.
+<filename>/etc/printcap</filename> or appropriate files) and
 <filename>smb.conf</filename> if necessary.
 </para>
 
 <para>
-When using the APW from a client, if the named printer share does 
-not exist, <command>smbd</command> will execute the <parameter>add printer 
+When using the APW from a client, if the named printer share does
+not exist, <command>smbd</command> will execute the <parameter>add printer
 command</parameter> and reparse to the <filename>smb.conf</filename>
 to attempt to locate the new printer share.  If the share is still not defined,
 an error of "Access Denied" is returned to the client.  Note that the 
@@ -382,65 +417,11 @@ of the connected user, not necessarily a root account.
 </para>
 
 <para>
-There is a complementary <ulink url="smb.conf.5.html#DELETEPRINTERCOMMAND"><parameter>delete
+There is a complementing <ulink url="smb.conf.5.html#DELETEPRINTERCOMMAND"><parameter>delete
 printer command</parameter></ulink> for removing entries from the "Printers..."
 folder.
 </para>
 
-<para>
-The following is an example <ulink url="smb.conf.5.html#ADDPRINTERCOMMAN"><parameter>add printer command</parameter></ulink> script. It adds the appropriate entries to <filename>/etc/printcap.local</filename> (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work.
-</para>
-
-<programlisting>
-#!/bin/sh
-
-# Script to insert a new printer entry into printcap.local
-#
-# $1, printer name, used as the descriptive name
-# $2, share name, used as the printer name for Linux
-# $3, port name
-# $4, driver name
-# $5, location, used for the device file of the printer
-# $6, win9x location
-
-#
-# Make sure we use the location that RedHat uses for local printer defs
-PRINTCAP=/etc/printcap.local
-DATE=`date +%Y%m%d-%H%M%S`
-LP=lp
-RESTART="service lpd restart"
-
-# Keep a copy
-cp $PRINTCAP $PRINTCAP.$DATE
-# Add the printer to $PRINTCAP
-echo ""				 			>> $PRINTCAP
-echo "$2|$1:\\" 					>> $PRINTCAP
-echo "  :sd=/var/spool/lpd/$2:\\" 			>> $PRINTCAP
-echo "  :mx=0:ml=0:sh:\\" 				>> $PRINTCAP
-echo "  :lp=/usr/local/samba/var/print/$5.prn:" 	>> $PRINTCAP
-
-touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
-chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1
-
-mkdir /var/spool/lpd/$2
-chmod 700 /var/spool/lpd/$2
-chown $LP /var/spool/lpd/$2
-#echo $1 >> "/usr/local/samba/var/print/$5.prn"
-#echo $2 >> "/usr/local/samba/var/print/$5.prn"
-#echo $3 >> "/usr/local/samba/var/print/$5.prn"
-#echo $4 >> "/usr/local/samba/var/print/$5.prn"
-#echo $5 >> "/usr/local/samba/var/print/$5.prn"
-#echo $6 >> "/usr/local/samba/var/print/$5.prn"
-$RESTART >> "/usr/local/samba/var/print/$5.prn"
-# Not sure if this is needed
-touch /usr/local/samba/lib/smb.conf
-#
-# You need to return a value, but I am not sure what it means.
-#
-echo "Done"
-exit 0
-</programlisting>
-
 </sect2>
 
 
@@ -483,6 +464,13 @@ that generates a listing of ports on a system.
 	http://imprints.sourceforge.net/</ulink> as well as the documentation 
 	included with the imprints source distribution.  This section will 
 	only provide a brief introduction to the features of Imprints.</para>
+
+	<para>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</para>
 	
 	
 	<sect2>
@@ -668,76 +656,21 @@ installations
 </warning>
 
 
+<sect2>
+<title>Parameters in <filename>smb.conf(5)</filename> for Backwards Compatibility</title>
+
 <para>
 The have been two new parameters add in Samba 2.2.2 to for 
 better support of Samba 2.0.x backwards capability (<parameter>disable
 spoolss</parameter>) and for using local printers drivers on Windows 
 NT/2000 clients (<parameter>use client driver</parameter>). Both of 
 these options are described in the smb.coinf(5) man page and are 
-disabled by default.
+disabled by default.  Use them with caution.
 </para>
+</sect2>
 
 
 </sect1>
 
 
-<!--
-
-  This comment from rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex()
-  needs to be added into a section probably.  This is to remind me it needs 
-  to be done.  -jerry
-
-                /*
-                 * If the openprinterex rpc call contains a devmode,
-                 * it's a per-user one. This per-user devmode is derivated
-                 * from the global devmode. Openprinterex() contains a per-user
-                 * devmode for when you do EMF printing and spooling.
-                 * In the EMF case, the NT workstation is only doing half the job
-                 * of rendering the page. The other half is done by running the printer
-                 * driver on the server.
-                 * The EMF file doesn't contain the page description (paper size, orientation, ...).
-                 * The EMF file only contains what is to be printed on the page.
-                 * So in order for the server to know how to print, the NT client sends
-                 * a devicemode attached to the openprinterex call.
-                 * But this devicemode is short lived, it's only valid for the current print job.
-                 *
-                 * If Samba would have supported EMF spooling, this devicemode would
-                 * have been attached to the handle, to sent it to the driver to correctly
-                 * rasterize the EMF file.
-                 *
-                 * As Samba only supports RAW spooling, we only receive a ready-to-print file,
-                 * we just act as a pass-thru between windows and the printer.
-                 *
-                 * In order to know that Samba supports only RAW spooling, NT has to call
-                 * getprinter() at level 2 (attribute field) or NT has to call startdoc()
-                 * and until NT sends a RAW job, we refuse it.
-                 *
-                 * But to call getprinter() or startdoc(), you first need a valid handle,
-                 * and to get an handle you have to call openprintex(). Hence why you have
-                 * a devicemode in the openprinterex() call.
-                 *
-                 *
-                 * Differences between NT4 and NT 2000.
-                 * NT4:
-                 * 
-                 * On NT4, you only have a global devicemode. This global devicemode can be changed
-                 * by the administrator (or by a user with enough privs). Every time a user
-                 * wants to print, the devicemode is reset to the default. In Word, every time
-                 * you print, the printer's characteristics are always reset to the global devicemode.
-                 *
-                 * NT 2000:
-                 * 
-                 * In W2K, there is the notion of per-user devicemode. The first time you use
-                 * a printer, a per-user devicemode is build from the global devicemode.
-                 * If you change your per-user devicemode, it is saved in the registry, under the
-                 * H_KEY_CURRENT_KEY sub_tree. So that every time you print, you have your default
-                 * printer preferences available.
-                 *
-                 * To change the per-user devicemode: it's the "Printing Preferences ..." button
-                 * on the General Tab of the printer properties windows.
-                 *
-                 * To change the global devicemode: it's the "Printing Defaults..." button
-                 * on the Advanced Tab of the printer properties window.
--->
-
 </chapter>
diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
index 75c5c379d32..671ff453176 100644
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -3,24 +3,18 @@
 <!ENTITY ENCRYPTION SYSTEM "ENCRYPTION.sgml">
 <!ENTITY MS-Dfs-Setup SYSTEM "msdfs_setup.sgml">
 <!ENTITY PRINTER-DRIVER2 SYSTEM "printer_driver2.sgml">
+<!ENTITY CUPS SYSTEM "cups.sgml">
 <!ENTITY DOMAIN-MEMBER SYSTEM "DOMAIN_MEMBER.sgml">
 <!ENTITY WINBIND SYSTEM "winbind.sgml">
 <!ENTITY NT-Security SYSTEM "NT_Security.sgml">
+<!ENTITY OS2-Client SYSTEM "OS2-Client-HOWTO.sgml">
 <!ENTITY Samba-PDC-HOWTO SYSTEM "Samba-PDC-HOWTO.sgml">
 <!ENTITY Samba-BDC-HOWTO SYSTEM "Samba-BDC-HOWTO.sgml">
 <!ENTITY CVS-Access SYSTEM "CVS-Access.sgml">
 <!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml">
 <!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml">
 <!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml">
-<!ENTITY Diagnosis SYSTEM "Diagnosis.sgml">
-<!ENTITY PRINTING SYSTEM "Printing.sgml">
-<!ENTITY BUGS SYSTEM "Bugs.sgml">
-<!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml">
-<!ENTITY SPEED SYSTEM "Speed.sgml">
-<!ENTITY BROWSING SYSTEM "Browsing.sgml">
-<!ENTITY GROUP-MAPPING-HOWTO SYSTEM "GROUP-MAPPING-HOWTO.sgml">
-<!ENTITY Portability SYSTEM "Portability.sgml">
-<!ENTITY Other-Clients SYSTEM "Other-Clients.sgml">
+<!ENTITY INDEX-FILE SYSTEM "index.sgml">
 ]>
 
 <book id="Samba-Project-Documentation">
@@ -38,7 +32,7 @@
 <title>Abstract</title>
 
 <para>
-<emphasis>Last Update</emphasis> : Thu Aug 15 12:48:45 CDT 2002
+<emphasis>Last Update</emphasis> : Mon Apr  1 08:47:26 CST 2002
 </para>
 
 <para>
@@ -65,25 +59,21 @@ Cheers, jerry
 
 <!-- Chapters -->
 &UNIX-INSTALL;
-&Diagnosis;
 &IntegratingWithWindows;
 &Samba-PAM;
 &MS-Dfs-Setup;
 &NT-Security;
 &PRINTER-DRIVER2;
-&PRINTING;
-&SECURITY-LEVEL;
+&CUPS;
 &DOMAIN-MEMBER;
-&WINBIND;
 &Samba-PDC-HOWTO;
 &Samba-BDC-HOWTO;
 &Samba-LDAP;
-&BROWSING;
-&SPEED;
-&Other-Clients;
+&WINBIND;
+&OS2-Client;
 &CVS-Access;
-&BUGS;
-&GROUP-MAPPING-HOWTO;
-&Portability;
+
+<!-- Autogenerated Index -->
+&INDEX-FILE;
 
 </book>
diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml
index d70c1a3679d..52f608fc276 100644
--- a/docs/docbook/projdoc/winbind.sgml
+++ b/docs/docbook/projdoc/winbind.sgml
@@ -23,19 +23,9 @@
 			<address><email>jtrostel@snapserver.com</email></address>
 		</affiliation>
 	</author>
-	<author>
-		<firstname>Naag</firstname><surname>Mummaneni</surname>
-		<affiliation>
-			<address><email>getnag@rediffmail.com</email></address>
-		</affiliation>
-	</author>
-	<author>
-		<firstname>Jelmer</firstname><surname>Vernooij</surname>
-		<affiliation>
-			<address><email>jelmer@nl.linux.org</email></address>
-		</affiliation>
-	</author>
-	<pubdate>27 June 2002</pubdate>
+	
+		
+	<pubdate>16 Oct 2000</pubdate>
 </chapterinfo>
 
 <title>Unified Logons between Windows NT and UNIX using Winbind</title>
@@ -149,7 +139,7 @@
 		workstations into a NT based organization.</para>
 		
 		<para>Another interesting way in which we expect Winbind to 
-		be used is as a central part of UNIX based appliances. Appliances 
+		be used is as a central part of UNIX based appliances. Appliances
 		that provide file and print services to Microsoft based networks 
 		will be able to use Winbind to provide seamless integration of 
 		the appliance into the domain.</para>
@@ -325,21 +315,13 @@
 <para>
 Many thanks to John Trostel <ulink 
 url="mailto:jtrostel@snapserver.com">jtrostel@snapserver.com</ulink>
-for providing the HOWTO for this section.
-</para>
-
-<para>
-This HOWTO describes how to get winbind services up and running 
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
 to control access and authenticate users on your Linux box using 
-the winbind services which come with SAMBA 2.2.2.
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.
 </para>
 
-<para>
-There is also some Solaris specific information in 
-<filename>docs/textdocs/Solaris-Winbind-HOWTO.txt</filename>.
-Future revisions of this document will incorporate that
-information.
-</para>
 
 
 
@@ -348,16 +330,16 @@ information.
 
 <para>
 This HOWTO describes the procedures used to get winbind up and 
-running on my RedHat 7.1 system.  Winbind is capable of providing access 
-and authentication control for Windows Domain users through an NT 
-or Win2K PDC for 'regular' services, such as telnet a nd ftp, as
-well for SAMBA services.
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.
 </para>
 
 <para>
-This HOWTO has been written from a 'RedHat-centric' perspective, so if 
-you are using another distribution, you may have to modify the instructions 
-somewhat to fit the way your distribution works.
+This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.
 </para>
 
 
@@ -366,10 +348,10 @@ somewhat to fit the way your distribution works.
 	<para>
 	<emphasis>Why should I to this?</emphasis>
 	</para>
-	
-	<para>This allows the SAMBA administrator to rely on the 
-	authentication mechanisms on the NT/Win2K PDC for the authentication 
-	of domain members.  NT/Win2K users no longer need to have separate 
+
+	<para>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
 	accounts on the SAMBA server.
 	</para>
 </listitem>
@@ -378,14 +360,12 @@ somewhat to fit the way your distribution works.
 	<para>
 	<emphasis>Who should be reading this document?</emphasis>
 	</para>
-	
+
 	<para>
-	This HOWTO is designed for system administrators.  If you are 
-	implementing SAMBA on a file server and wish to (fairly easily) 
+	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
 	integrate existing NT/Win2K users from your PDC onto the
-	SAMBA server, this HOWTO is for you.  That said, I am no NT or PAM 
-	expert, so you may find a better or easier way to accomplish 
-	these tasks.
+	SAMBA server, this HOWTO is for you.
 	</para>
 </listitem>
 </itemizedlist>
@@ -396,38 +376,39 @@ somewhat to fit the way your distribution works.
 <title>Requirements</title>
 
 <para>
-If you have a samba configuration file that you are currently 
-using... <emphasis>BACK IT UP!</emphasis>  If your system already uses PAM, 
-<emphasis>back up the <filename>/etc/pam.d</filename> directory 
-contents!</emphasis> If you haven't already made a boot disk, 
+If you have a samba configuration file that you are currently
+using... <emphasis>BACK IT UP!</emphasis>  If your system already uses PAM,
+<emphasis>back up the <filename>/etc/pam.d</filename> (or <filename>/etc/pam.conf</filename>)
+directory contents!</emphasis> If you haven't already made a boot disk,
 <emphasis>MAKE ONE NOW!</emphasis>
 </para>
 
 <para>
-Messing with the pam configuration files can make it nearly impossible 
-to log in to yourmachine. That's why you want to be able to boot back 
-into your machine in single user mode and restore your 
-<filename>/etc/pam.d</filename> back to the original state they were in if 
-you get frustrated with the way things are going.  ;-)
+Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
+<filename>/etc/pam.d</filename> (or <filename>pam.conmf</filename>) back to
+the original state they were in if
+you get frustrated with the way things are going.
 </para>
 
 <para>
-The latest version of SAMBA (version 2.2.2 as of this writing), now 
-includes a functioning winbindd daemon.  Please refer to the 
-<ulink url="http://samba.org/">main SAMBA web page</ulink> or, 
-better yet, your closest SAMBA mirror site for instructions on 
-downloading the source code.
+The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
+<ulink url="http://samba.org/">main SAMBA web page</ulink> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.
 </para>
 
 <para>
-To allow Domain users the ability to access SAMBA shares and 
-files, as well as potentially other services provided by your 
+To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
 SAMBA machine, PAM (pluggable authentication modules) must
-be setup properly on your machine.  In order to compile the 
-winbind modules, you should have at least the pam libraries resident 
-on your system.  For recent RedHat systems (7.1, for instance), that 
-means <filename>pam-0.74-22</filename>.  For best results, it is helpful to also
-install the development packages in <filename>pam-devel-0.74-22</filename>.
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <filename>pam</filename> and <filename>pam-devel</filename> RPM.
+The former is installed by default on all Linux systems of which the author is aware.
 </para>
 
 </sect2>
@@ -437,33 +418,33 @@ install the development packages in <filename>pam-devel-0.74-22</filename>.
 <title>Testing Things Out</title>
 
 <para>
-Before starting, it is probably best to kill off all the SAMBA 
-related daemons running on your server.  Kill off all <command>smbd</command>, 
-<command>nmbd</command>, and <command>winbindd</command> processes that may 
-be running.  To use PAM, you will want to make sure that you have the 
-standard PAM package (for RedHat) which supplies the <filename>/etc/pam.d</filename> 
-directory structure, including the pam modules are used by pam-aware 
-services, several pam libraries, and the <filename>/usr/doc</filename> 
-and <filename>/usr/man</filename> entries for pam.  Winbind built better 
-in SAMBA if the pam-devel package was also installed.  This package includes 
-the header files needed to compile pam-aware applications. For instance, 
-my RedHat system has both <filename>pam-0.74-22</filename> and
-<filename>pam-devel-0.74-22</filename> RPMs installed.
+Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <command>smbd</command>, <command>nmbd</command>, and <command>winbindd</command> processes that may
+be running (<command>winbindd</command> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <filename>/etc/pam.d</filename>
+directory structure, including the pam modules are used by pam-aware
+services, several pam libraries, and the <filename>/usr/doc</filename>
+and <filename>/usr/man</filename> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <filename>pam_winbind.so</filename> library or
+include the <command>--with-pam</command> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.
+</para>
+
+<para>
+[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]
 </para>
 
 <sect3>
-<title>Configure and compile SAMBA</title>
+<title>Configure and Compile SAMBA</title>
 
 <para>
-The configuration and compilation of SAMBA is pretty straightforward.
-The first three steps may not be necessary depending upon
-whether or not you have previously built the Samba binaries.
+The configuration and compilation of SAMBA is straightforward.
 </para>
 
 <para><programlisting>
-<prompt>root#</prompt> <command>autoconf</command>
-<prompt>root#</prompt> <command>make clean</command>
-<prompt>root#</prompt> <command>rm config.cache</command>
 <prompt>root#</prompt> <command>./configure --with-winbind</command>
 <prompt>root#</prompt> <command>make</command>
 <prompt>root#</prompt> <command>make install</command>
@@ -473,79 +454,63 @@ whether or not you have previously built the Samba binaries.
 <para>
 This will, by default, install SAMBA in <filename>/usr/local/samba</filename>.
 See the main SAMBA documentation if you want to install SAMBA somewhere else.
-It will also build the winbindd executable and libraries. 
+It will also build the winbindd executable and NSS library.
 </para>
 
 </sect3>
 
 <sect3>
-<title>Configure <filename>nsswitch.conf</filename> and the 
+<title>Configure <filename>nsswitch.conf</filename> and the
 winbind libraries</title>
 
 <para>
-The libraries needed to run the <command>winbindd</command> daemon 
-through nsswitch need to be copied to their proper locations, so
+The libraries needed to run the <command>winbindd</command> daemon
+through nsswitch need to be copied to their proper locations.
 </para>
 
 <para>
-<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/libnss_winbind.so /lib</command>
+<prompt>root#</prompt> <command>cp nsswitch/libnss_winbind.so /lib</command>
+<prompt>root#</prompt> <command>chmod 755 /lib/libnss_winbind.so</command>
 </para>
 
 <para>
-I also found it necessary to make the following symbolic link:
+It necessary to make the following symbolic link:
 </para>
 
 <para>
 <prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command>
 </para>
 
-<para>And, in the case of Sun solaris:</para>
 <para>
-<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</command>
-<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</command>
-<prompt>root#</prompt> <command>ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</command>
+The <filename>.2</filename> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
+<filename>/lib/nss_winbind.so.1</filename>
 </para>
 
 <para>
-Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to 
-allow user and group entries to be visible from the <command>winbindd</command> 
-daemon.  My <filename>/etc/nsswitch.conf</filename> file look like 
-this after editing:
+Now, as root edit <filename>/etc/nsswitch.conf</filename> to
+allow user and group entries to be visible from the <command>winbindd</command>
+daemon.  After editing, the file look appear:
 </para>
 
 <para><programlisting>
 	passwd:     files winbind
-	shadow:     files 
+	shadow:     files
 	group:      files winbind
 </programlisting></para>
 
-<para>	
-The libraries needed by the winbind daemon will be automatically 
-entered into the <command>ldconfig</command> cache the next time 
-your system reboots, but it 
-is faster (and you don't need to reboot) if you do it manually:
-</para>
-
-<para>
-<prompt>root#</prompt> <command>/sbin/ldconfig -v | grep winbind</command>
-</para>
-
-<para>
-This makes <filename>libnss_winbind</filename> available to winbindd 
-and echos back a check to you.
-</para>
-
 </sect3>
 
 
 <sect3>
-<title>Configure smb.conf</title>
+<title>Configure <filename>smb.conf</filename></title>
 
 <para>
-Several parameters are needed in the smb.conf file to control 
-the behavior of <command>winbindd</command>. Configure 
-<filename>smb.conf</filename> These are described in more detail in 
-the <ulink url="winbindd.8.html">winbindd(8)</ulink> man page.  My 
+Several parameters are needed in the smb.conf file to control
+the behavior of <command>winbindd</command>. Configure
+<filename>smb.conf</filename> These are described in more detail in
+the <ulink url="winbindd.8.html">winbindd(8)</ulink> man page.  My
 <filename>smb.conf</filename> file was modified to
 include the following entries in the [global] section:
 </para>
@@ -560,9 +525,11 @@ include the following entries in the [global] section:
      # use gids from 10000 to 20000 for domain groups
      <ulink url="winbindd.8.html#WINBINDGID">winbind gid</ulink> = 10000-20000
      # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
      <ulink url="winbindd.8.html#WINBINDENUMUSERS">winbind enum users</ulink> = yes
      <ulink url="winbindd.8.html#WINBINDENUMGROUP">winbind enum groups</ulink> = yes
-     # give winbind users a real shell (only needed if they have telnet access)
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
      <ulink url="winbindd.8.html#TEMPLATEHOMEDIR">template homedir</ulink> = /home/winnt/%D/%U
      <ulink url="winbindd.8.html#TEMPLATESHELL">template shell</ulink> = /bin/bash
 </programlisting></para>
@@ -574,21 +541,21 @@ include the following entries in the [global] section:
 <title>Join the SAMBA server to the PDC domain</title>
 
 <para>
-Enter the following command to make the SAMBA server join the 
-PDC domain, where <replaceable>DOMAIN</replaceable> is the name of 
-your Windows domain and <replaceable>Administrator</replaceable> is 
+Enter the following command to make the SAMBA server join the
+PDC domain, where <replaceable>DOMAIN</replaceable> is the name of
+your Windows domain and <replaceable>Administrator</replaceable> is
 a domain user who has administrative privileges in the domain.
 </para>
-	
+
 
 <para>
-<prompt>root#</prompt> <command>/usr/local/samba/bin/net rpc join -s PDC -U Administrator</command>
+<prompt>root#</prompt> <command>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</command>
 </para>
 
 
 <para>
-The proper response to the command should be: "Joined the domain 
-<replaceable>DOMAIN</replaceable>" where <replaceable>DOMAIN</replaceable> 
+The proper response to the command should be: "Joined the domain
+<replaceable>DOMAIN</replaceable>" where <replaceable>DOMAIN</replaceable>
 is your DOMAIN name.
 </para>
 
@@ -599,19 +566,20 @@ is your DOMAIN name.
 <title>Start up the winbindd daemon and test it!</title>
 
 <para>
-Eventually, you will want to modify your smb startup script to 
-automatically invoke the winbindd daemon when the other parts of 
+Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
 SAMBA start, but it is possible to test out just the winbind
-portion first.  To start up winbind services, enter the following 
+portion first.  To start up winbind services, enter the following
 command as root:
 </para>
-	
+
 <para>
-<prompt>root#</prompt> <command>/usr/local/samba/bin/winbindd</command>
+<prompt>root#</prompt> <command>export PATH=$PATH:/usr/local/samba/bin</command>
+<prompt>root#</prompt> <command>winbindd</command>
 </para>
 
 <para>
-I'm always paranoid and like to make sure the daemon 
+I'm always paranoid and like to make sure the daemon
 is really running...
 </para>
 
@@ -626,16 +594,21 @@ This command should produce output like this, if the daemon is running
 </para>
 
 <para>
-Now... for the real test, try to get some information about the 
+Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <filename>packaging/RedHat/winbind.init</filename>.
+</para>
+
+<para>
+Now... for the real test, try to get some information about the
 users on your PDC
 </para>
 
 <para>
-<prompt>root#</prompt> <command>/usr/local/samba/bin/wbinfo -u</command>
+<prompt>root#</prompt> <command>wbinfo -u</command>
 </para>
 
-<para>	
-This should echo back a list of users on your Windows users on 
+<para>
+This should echo back a list of users on your Windows users on
 your PDC.  For example, I get the following response:
 </para>
 
@@ -654,7 +627,7 @@ separator</parameter> is '+'.
 </para>
 
 <para>
-You can do the same sort of thing to get group information from 
+You can do the same sort of thing to get group information from
 the PDC:
 </para>
 
@@ -672,7 +645,7 @@ CEO+Group Policy Creator Owners
 </programlisting></para>
 
 <para>
-The function 'getent' can now be used to get unified 
+The function 'getent' can now be used to get unified
 lists of both local and PDC users and groups.
 Try the following command:
 </para>
@@ -680,11 +653,12 @@ Try the following command:
 <para>
 <prompt>root#</prompt> <command>getent passwd</command>
 </para>
-	
+
 <para>
-You should get a list that looks like your <filename>/etc/passwd</filename> 
-list followed by the domain users with their new uids, gids, home 
-directories and default shells.
+You should get a list that looks like your <filename>/etc/passwd</filename>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <filename>rwxr-xr-x</filename>.
 </para>
 
 <para>
@@ -698,159 +672,20 @@ The same thing can be done for groups with the command
 </sect3>
 
 
-<sect3>
-<title>Fix the init.d startup scripts</title>
-
-<sect4>
-<title>Linux</title>
-
-<para>
-The <command>winbindd</command> daemon needs to start up after the 
-<command>smbd</command> and <command>nmbd</command> daemons are running.  
-To accomplish this task, you need to modify the startup scripts of your system. They are located at <filename>/etc/init.d/smb</filename> in RedHat and 
-<filename>/etc/init.d/samba</filename> in Debian.
-script to add commands to invoke this daemon in the proper sequence.  My 
-startup script starts up <command>smbd</command>, 
-<command>nmbd</command>, and <command>winbindd</command> from the 
-<filename>/usr/local/samba/bin</filename> directory directly.  The 'start' 
-function in the script looks like this:
-</para>
-
-<para><programlisting>
-start() {
-        KIND="SMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/winbindd
-        RETVAL3=$?
-        echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \
-           RETVAL=1
-        return $RETVAL
-}
-</programlisting></para>
-
-<para>
-The 'stop' function has a corresponding entry to shut down the 
-services and look s like this:
-</para>
-
-<para><programlisting>
-stop() {
-        KIND="SMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc smbd
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc nmbd
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Shutting down $KIND services: "
-        killproc winbindd
-        RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb
-        echo ""
-        return $RETVAL
-}
-</programlisting></para>
-</sect4>
-
-<sect4>
-<title>Solaris</title>
-
-<para>On solaris, you need to modify the 
-<filename>/etc/init.d/samba.server</filename> startup script. It usually 
-only starts smbd and nmbd but should now start winbindd too. If you 
-have samba installed in <filename>/usr/local/samba/bin</filename>, 
-the file could contains something like this:
-</para>
-
-<para><programlisting>
-##
-## samba.server
-##
-
-if [ ! -d /usr/bin ]
-then                    # /usr not mounted
-        exit
-fi
-
-killproc() {            # kill the named process(es)
-        pid=`/usr/bin/ps -e |
-             /usr/bin/grep -w $1 |
-             /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
-        [ "$pid" != "" ] && kill $pid
-}
- 
-# Start/stop processes required for samba server
-
-case "$1" in
-
-'start')
-#
-# Edit these lines to suit your installation (paths, workgroup, host)
-#
-echo Starting SMBD
-   /usr/local/samba/bin/smbd -D -s \
-	/usr/local/samba/smb.conf
-
-echo Starting NMBD
-   /usr/local/samba/bin/nmbd -D -l \
-	/usr/local/samba/var/log -s /usr/local/samba/smb.conf
-
-echo Starting Winbind Daemon
-   /usr/local/samba/bin/winbindd
-   ;;
-
-'stop')
-   killproc nmbd
-   killproc smbd
-   killproc winbindd
-   ;;
-
-*)
-   echo "Usage: /etc/init.d/samba.server { start | stop }"
-   ;;
-esac
-</programlisting></para>
-</sect4>
-
-<sect4>
-<title>Restarting</title>
-<para>
-If you restart the <command>smbd</command>, <command>nmbd</command>, 
-and <command>winbindd</command> daemons at this point, you
-should be able to connect to the samba server as a domain member just as
-if you were a local user.
-</para>
-</sect4>
-</sect3>
 
 <sect3>
 <title>Configure Winbind and PAM</title>
 
 <para>
-If you have made it this far, you know that winbindd and samba are working
-together.  If you want to use winbind to provide authentication for other 
+At this point we are assured that <command>winbindd</command> and <command>smbd</command>
+are working together.  If you want to use winbind to provide authentication for other
 services, keep reading.  The pam configuration files need to be altered in
-this step.  (Did you remember to make backups of your original 
-<filename>/etc/pam.d</filename> files? If not, do it now.)
+this step.  (Did you remember to make backups of your original
+<filename>/etc/pam.d</filename> (or <filename>/etc/pam.conf</filename>) file[s]? If not, do it now.)
 </para>
 
 <para>
-You will need a pam module to use winbindd with these other services.  This 
+You will need a PAM module to use <command>winbindd</command> with these other services.  This
 module will be compiled in the <filename>../source/nsswitch</filename> directory
 by invoking the command
 </para>
@@ -862,38 +697,24 @@ by invoking the command
 <para>
 from the <filename>../source</filename> directory.  The
 <filename>pam_winbind.so</filename> file should be copied to the location of
-your other pam security modules.  On my RedHat system, this was the
-<filename>/lib/security</filename> directory. On Solaris, the pam security 
-modules reside in <filename>/usr/lib/security</filename>.
+your other pam security modules.  On Linux and Solaris systems, this is the
+<filename>/lib/security</filename> directory.
 </para>
 
 <para>
-<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command>
-</para>
-
-<sect4>
-<title>Linux/FreeBSD-specific PAM configuration</title>
-
-<para>
-The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I 
-just left this fileas it was:
+<prompt>root#</prompt> <command>cp nsswitch/pam_winbind.so /lib/security</command>
+<prompt>root#</prompt> <command>chmod 755 /lib/security/pam_winbind.so</command>
 </para>
 
-
-<para><programlisting>
-auth    required        /lib/security/pam_stack.so service=system-auth
-account required        /lib/security/pam_stack.so service=system-auth
-</programlisting></para>
-
 <para>
-The other services that I modified to allow the use of winbind 
-as an authentication service were the normal login on the console (or a terminal 
-session), telnet logins, and ftp service.  In order to enable these 
-services, you may first need to change the entries in 
-<filename>/etc/xinetd.d</filename> (or <filename>/etc/inetd.conf</filename>).  
-RedHat 7.1 uses the new xinetd.d structure, in this case you need 
-to change the lines in <filename>/etc/xinetd.d/telnet</filename> 
-and <filename>/etc/xinetd.d/wu-ftp</filename> from 
+Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
+<filename>/etc/xinetd.d</filename> (or <filename>/etc/inetd.conf</filename>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
+to change the lines in <filename>/etc/xinetd.d/telnet</filename>
+and <filename>/etc/xinetd.d/wu-ftp</filename> from
 </para>
 
 <para><programlisting>
@@ -908,19 +729,19 @@ to
 enable = yes
 </programlisting></para>
 
-<para>	
-For ftp services to work properly, you will also need to either 
-have individual directories for the domain users already present on 
+<para>
+For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
 the server, or change the home directory template to a general
-directory for all domain users.  These can be easily set using 
-the <filename>smb.conf</filename> global entry 
+directory for all domain users.  These can be easily set using
+the <filename>smb.conf</filename> global entry
 <command>template homedir</command>.
 </para>
 
 <para>
-The <filename>/etc/pam.d/ftp</filename> file can be changed 
+The <filename>/etc/pam.d/ftp</filename> file can be changed
 to allow winbind ftp access in a manner similar to the
-samba file.  My <filename>/etc/pam.d/ftp</filename> file was 
+samba file.  My <filename>/etc/pam.d/ftp</filename> file was
 changed to look like this:
 </para>
 
@@ -935,7 +756,7 @@ session    required     /lib/security/pam_stack.so service=system-auth
 </programlisting></para>
 
 <para>
-The <filename>/etc/pam.d/login</filename> file can be changed nearly the 
+The <filename>/etc/pam.d/login</filename> file can be changed nearly the
 same way.  It now looks like this:
 </para>
 
@@ -953,100 +774,30 @@ session    optional     /lib/security/pam_console.so
 </programlisting></para>
 
 <para>
-In this case, I added the <command>auth sufficient /lib/security/pam_winbind.so</command> 
-lines as before, but also added the <command>required pam_securetty.so</command> 
-above it, to disallow root logins over the network.  I also added a 
+In this case, I added the <command>auth sufficient /lib/security/pam_winbind.so</command>
+lines as before, but also added the <command>required pam_securetty.so</command>
+above it, to disallow root logins over the network.  I also added a
 <command>sufficient /lib/security/pam_unix.so use_first_pass</command>
-line after the <command>winbind.so</command> line to get rid of annoying 
+line after the <command>winbind.so</command> line to get rid of annoying
 double prompts for passwords.
 </para>
 
-</sect4>
-
-<sect4>
-<title>Solaris-specific configuration</title>
 
 <para>
-The /etc/pam.conf needs to be changed. I changed this file so that my Domain
-users can logon both locally as well as telnet.The following are the changes
-that I made.You can customize the pam.conf file as per your requirements,but
-be sure of those changes because in the worst case it will leave your system
-nearly impossible to boot.
+Note that a Solaris <filename>/etc/pam.conf</filename> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.
 </para>
 
 <para><programlisting>
-#
-#ident	"@(#)pam.conf	1.14	99/09/16 SMI"
-#
-# Copyright (c) 1996-1999, Sun Microsystems, Inc.
-# All Rights Reserved.
-#
-# PAM configuration
-#
-# Authentication management
-#
-login   auth required   /usr/lib/security/pam_winbind.so
-login	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass 
-login	auth required 	/usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass 
-#
-rlogin  auth sufficient /usr/lib/security/pam_winbind.so
-rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
-rlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-dtlogin auth sufficient /usr/lib/security/pam_winbind.so
-dtlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-rsh	auth required	/usr/lib/security/$ISA/pam_rhosts_auth.so.1
-other   auth sufficient /usr/lib/security/pam_winbind.so
-other	auth required	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-# Account management
-#
-login   account sufficient      /usr/lib/security/pam_winbind.so
-login	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-login	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-dtlogin account sufficient      /usr/lib/security/pam_winbind.so
-dtlogin	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-dtlogin	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-other   account sufficient      /usr/lib/security/pam_winbind.so
-other	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-other	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-# Session management
-#
-other	session required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-# Password management
-#
-#other   password sufficient     /usr/lib/security/pam_winbind.so
-other	password required	/usr/lib/security/$ISA/pam_unix.so.1 
-dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
-#
-# Support for Kerberos V5 authentication (uncomment to use Kerberos)
-#
-#rlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#login	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#other	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin	account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	session optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
+## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass
 </programlisting></para>
 
-<para>
-I also added a try_first_pass line after the winbind.so line to get rid of
-annoying double prompts for passwords.
-</para>
 
-<para>
-Now restart your Samba & try connecting through your application that you
-configured in the pam.conf.
-</para>
 
-</sect4>
 
 </sect3>
 
@@ -1056,29 +807,21 @@ configured in the pam.conf.
 
 <sect1>
 	<title>Limitations</title>
-	
-	<para>Winbind has a number of limitations in its current 
-	released version that we hope to overcome in future 
+
+	<para>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
 	releases:</para>
 
 	<itemizedlist>
-		<listitem><para>Winbind is currently only available for 
-		the Linux operating system, although ports to other operating 
-		systems are certainly possible. For such ports to be feasible, 
-		we require the C library of the target operating system to 
-		support the Name Service Switch and Pluggable Authentication
-		Modules systems. This is becoming more common as NSS and 
-		PAM gain	support among UNIX vendors.</para></listitem>
-		
-		<listitem><para>The mappings of Windows NT RIDs to UNIX ids 
-		is not made algorithmically and depends on the order in which 
-		unmapped users or groups are seen by winbind. It may be difficult 
-		to recover the mappings of rid to UNIX id mapping if the file 
+		<listitem><para>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
 		containing this information is corrupted or destroyed.</para>
 		</listitem>
-		
-		<listitem><para>Currently the winbind PAM module does not take 
-		into account possible workstation and logon time restrictions 
+
+		<listitem><para>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
 		that may be been set for Windows NT users.</para></listitem>
 	</itemizedlist>
 </sect1>
diff --git a/docs/docbook/samba.dsl b/docs/docbook/samba.dsl
deleted file mode 100644
index 80197dfa77b..00000000000
--- a/docs/docbook/samba.dsl
+++ /dev/null
@@ -1,82 +0,0 @@
-<!-- This file defines the DocBook-utils Style Sheet for DocBook
-     Eric Bischoff <eric@caldera.de>
--->
-
-<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
-  <!ENTITY % html "IGNORE">
-  <![%html; [
-	<!ENTITY % print "IGNORE">
-	<!ENTITY docbook.dsl PUBLIC "-//Norman Walsh//DOCUMENT DocBook HTML Stylesheet//EN" CDATA dsssl>
-  ]]>
-  <!ENTITY % print "INCLUDE">
-  <![%print; [
-	<!ENTITY docbook.dsl PUBLIC "-//Norman Walsh//DOCUMENT DocBook Print Stylesheet//EN" CDATA dsssl>
-  ]]>
-]>
-
-<STYLE-SHEET>
-
-  <STYLE-SPECIFICATION ID="UTILS" USE="DOCBOOK">
-    <STYLE-SPECIFICATION-BODY>
-;; ===================================================================
-;; Generic Parameters
-;; (Generic currently means: both print and html)
-(define (chunk-element-list)
-  (list (normalize "preface")
-	(normalize "chapter")
-	(normalize "appendix") 
-	(normalize "article")
-	(normalize "glossary")
-	(normalize "bibliography")
-	(normalize "index")
-	(normalize "colophon")
-	(normalize "setindex")
-	(normalize "reference")
-	(normalize "refentry")
-	(normalize "part")
-;	(normalize "sect1") 
-	(normalize "section") 
-	(normalize "book") ;; just in case nothing else matches...
-	(normalize "set")  ;; sets are definitely chunks...
-	))
-
-(define %chapter-autolabel% #t)
-(define %section-autolabel% #t)
-(define (toc-depth nd) 3)
-
-(define %root-filename% "Samba-HOWTO")	;; name for the root html file
-(define %html-ext% ".html")		;; default extension for html output files
-(define %html-prefix% "")               ;; prefix for all filenames generated (except root)
-(define %use-id-as-filename% #t)
-
-; === HTML settings ===
-(define %html-pubid% "-//W3C//DTD HTML 4.01 Transitional//EN") ;; Nearly true :-(
-(define %html40% #t)
-
-; === Media objects ===
-(define preferred-mediaobject-extensions  ;; this magic allows to use different graphical
-  (list "png" "jpg" "jpeg"))		;;   formats for printing and putting online
-(define acceptable-mediaobject-extensions
-  (list "bmp" "gif" "eps" "epsf" "avi" "mpg" "mpeg" "qt"))
-(define preferred-mediaobject-notations
-  (list "PNG" "JPG" "JPEG"))
-(define acceptable-mediaobject-notations
-  (list "EPS" "BMP" "GIF" "linespecific"))                                                                                                    
-; === Rendering ===
-(define %admon-graphics% #t)		;; use symbols for Caution|Important|Note|Tip|Warning
-
-; === Books only ===
-(define %generate-book-titlepage% #t)
-(define %generate-book-toc% #t)
-(define ($generate-chapter-toc$) #f)	;; never generate a chapter TOC in books
-
-; === Articles only ===
-(define %generate-article-titlepage% #t)
-(define %generate-article-toc% #t)      ;; make TOC
-
-    </STYLE-SPECIFICATION-BODY>
-  </STYLE-SPECIFICATION>
-
-  <EXTERNAL-SPECIFICATION ID="DOCBOOK" DOCUMENT="docbook.dsl">
-
-</STYLE-SHEET>
diff --git a/docs/docbook/scripts/README.ldp_print b/docs/docbook/scripts/README.ldp_print
new file mode 100644
index 00000000000..8d61a855343
--- /dev/null
+++ b/docs/docbook/scripts/README.ldp_print
@@ -0,0 +1,60 @@
+
+######################################################################
+    ldp_print -  print tool/script for DocBook SGML/XML documents 
+######################################################################
+
+This process/script is used in the production environment for the
+LDP.  It relies on the HTMLDOC software package (GPL'ed) which can be
+obtained from the Easy Software Products (c) web site:
+
+        http://www.easysw.com/htmldoc/
+
+This process creates a PDF variant from the single-file HTML
+representation of a DocBook SGML (or XML) instance. The simple
+wrapper script (ldp_print) assumes that the file was created using
+{open}jade in a manner similar to:
+
+        jade -t sgml -i html -V nochunks -d $style $fname > $fname.html
+
+Give the script the filename as an argument. It will then parse the
+file into 'title.html' and 'body.html' and send each to htmldoc (as
+the corresponding title page and body of the document).
+
+
+CAVEATS
+=======
+
+o  Assumes perl is in /usr/bin; adjust if necessary
+
+o  You may need to specify where the htmldoc executable resides.
+   The script assumes it's within your $PATH.
+
+o  If you want Postscript as an output variant, uncomment the
+   appropriate lines (see below).
+
+o  Relies on output from a DocBook instance created via DSSSL/{open}jade!
+
+o  Cleans up (removes) the intermediate files it creates (but not the
+   PDF or Postscript files, obviously!)
+
+o  Works silently; PDF (PostScript) will be created in the same directory
+   as was specified for the input (single-file HTML) file.
+
+o  Provided without warranty or support!
+
+o  I ran into a problem with htmldoc v1.8.8 which required a source
+   code change (I was getting a core dump from the htmldoc process).
+   Here is the change required:
+
+	htmldoc/ps-pdf.cxx :
+	3662,3665d3661
+	<      /* gjf = 11Oct2000 */
+	<      if( temprow == NULL )
+	<          break;
+	< 
+
+
+====
+gferg (at) sgi.com / Ferg
+11 Jan 2000
+
diff --git a/docs/docbook/scripts/collateindex.pl b/docs/docbook/scripts/collateindex.pl
new file mode 100644
index 00000000000..fd757edb320
--- /dev/null
+++ b/docs/docbook/scripts/collateindex.pl
@@ -0,0 +1,595 @@
+# -*- Perl -*-

+#

+

+use Getopt::Std;

+

+$usage = "Usage: $0 <opts> file

+Where <opts> are:

+       -p        Link to points in the document.  The default is to link

+                 to the closest containing section.

+       -g        Group terms with IndexDiv based on the first letter 

+                 of the term (or its sortas attribute).

+                 (This probably doesn't handle i10n particularly well)

+       -s name   Name the IndexDiv that contains symbols.  The default

+                 is 'Symbols'.  Meaningless if -g is not used.

+       -t name   Title for the index.

+       -P file   Read a preamble from file.  The content of file will

+                 be inserted before the <index> tag.

+       -i id     The ID for the <index> tag.

+       -o file   Output to file. Defaults to stdout.

+       -S scope  Scope of the index, must be 'all', 'local', or 'global'.

+                 If unspecified, 'all' is assumed.

+       -I scope  The implied scope, must be 'all', 'local', or 'global'.

+                 IndexTerms which do not specify a scope will have the

+                 implied scope.  If unspecified, 'all' is assumed.

+       -x        Make a SetIndex.

+       -f        Force the output file to be written, even if it appears

+                 to have been edited by hand.

+       -N        New index (generates an empty index file).

+       file      The file containing index data generated by Jade

+                 with the DocBook HTML Stylesheet.\n";

+

+die $usage if ! getopts('Dfgi:NpP:s:o:S:I:t:x');

+

+$linkpoints   = $opt_p;

+$lettergroups = $opt_g;

+$symbolsname  = $opt_s || "Symbols";

+$title        = $opt_t;

+$preamble     = $opt_P;

+$outfile      = $opt_o || '-';

+$indexid      = $opt_i;

+$scope        = uc($opt_S) || 'ALL';

+$impliedscope = uc($opt_I) || 'ALL';

+$setindex     = $opt_x;

+$forceoutput  = $opt_f;

+$newindex     = $opt_N;

+$debug        = $opt_D;

+

+$indextag     = $setindex ? 'setindex' : 'index';

+

+if ($newindex) {

+    safe_open(*OUT, $outfile);

+    if ($indexid) {

+	print OUT "<$indextag id='$indexid'>\n\n";

+    } else {

+	print OUT "<$indextag>\n\n";

+    }

+

+    print OUT "<!-- This file was produced by collateindex.pl.         -->\n";

+    print OUT "<!-- Remove this comment if you edit this file by hand! -->\n";

+

+    print OUT "</$indextag>\n";

+    exit 0;

+}

+

+$dat = shift @ARGV || die $usage;

+die "$0: cannot find $dat.\n" if ! -f $dat;

+

+%legal_scopes = ('ALL' => 1, 'LOCAL' => 1, 'GLOBAL' => 1);

+if ($scope && !$legal_scopes{$scope}) {

+    die "Invalid scope.\n$usage\n";

+}

+if ($impliedscope && !$legal_scopes{$impliedscope}) {

+    die "Invalid implied scope.\n$usage\n";

+}

+

+@term = ();

+%id   = ();

+

+$termcount = 0;

+

+print STDERR "Processing $dat...\n";

+

+# Read the index file, creating an array of objects.  Each object 

+# represents and indexterm and has fields for the content of the

+# indexterm

+

+open (F, $dat);

+while (<F>) {

+    chop;

+

+    if (/^\/indexterm/i) {

+	push (@term, $idx);

+	next;

+    }

+

+    if (/^indexterm (.*)$/i) {

+	$termcount++;

+	$idx = {};

+	$idx->{'zone'} = {};

+	$idx->{'href'} = $1;

+	$idx->{'count'} = $termcount;

+	$idx->{'scope'} = $impliedscope;

+	next;

+    }

+

+    if (/^indexpoint (.*)$/i) {

+	$idx->{'hrefpoint'} = $1;

+	next;

+    }

+

+    if (/^title (.*)$/i) {

+	$idx->{'title'} = $1;

+	next;

+    }

+

+    if (/^primary[\[ ](.*)$/i) {

+	if (/^primary\[(.*?)\] (.*)$/i) {

+	    $idx->{'psortas'} = $1;

+	    $idx->{'primary'} = $2;

+	} else {

+	    $idx->{'psortas'} = $1;

+	    $idx->{'primary'} = $1;

+	}

+	next;

+    }

+

+    if (/^secondary[\[ ](.*)$/i) {

+	if (/^secondary\[(.*?)\] (.*)$/i) {

+	    $idx->{'ssortas'} = $1;

+	    $idx->{'secondary'} = $2;

+	} else {

+	    $idx->{'ssortas'} = $1;

+	    $idx->{'secondary'} = $1;

+	}

+	next;

+    }

+

+    if (/^tertiary[\[ ](.*)$/i) {

+	if (/^tertiary\[(.*?)\] (.*)$/i) {

+	    $idx->{'tsortas'} = $1;

+	    $idx->{'tertiary'} = $2;

+	} else {

+	    $idx->{'tsortas'} = $1;

+	    $idx->{'tertiary'} = $1;

+	}

+	next;

+    }

+

+    if (/^see (.*)$/i) {

+	$idx->{'see'} = $1;

+	next;

+    }

+

+    if (/^seealso (.*)$/i) {

+	$idx->{'seealso'} = $1;

+	next;

+    }

+

+    if (/^significance (.*)$/i) {

+	$idx->{'significance'} = $1;

+	next;

+    }

+

+    if (/^class (.*)$/i) {

+	$idx->{'class'} = $1;

+	next;

+    }

+

+    if (/^scope (.*)$/i) {

+	$idx->{'scope'} = uc($1);

+	next;

+    }

+

+    if (/^startref (.*)$/i) {

+	$idx->{'startref'} = $1;

+	next;

+    }

+

+    if (/^id (.*)$/i) {

+	$idx->{'id'} = $1;

+	$id{$1} = $idx;

+	next;

+    }

+

+    if (/^zone (.*)$/i) {

+	my($href) = $1;

+	$_ = scalar(<F>);

+	chop;

+	die "Bad zone: $_\n" if !/^title (.*)$/i;

+	$idx->{'zone'}->{$href} = $1;

+	next;

+    }

+

+    die "Unrecognized: $_\n";

+}

+close (F);

+

+print STDERR "$termcount entries loaded...\n";

+

+# Fixup the startrefs...

+# In DocBook, STARTREF is a #CONREF attribute; support this by copying

+# all of the fields from the indexterm with the id specified by STARTREF

+# to the indexterm that has the STARTREF.

+foreach $idx (@term) {

+    my($ididx, $field);

+    if ($idx->{'startref'}) {

+	$ididx = $id{$idx->{'startref'}};

+	foreach $field ('primary', 'secondary', 'tertiary', 'see', 'seealso',

+		        'psortas', 'ssortas', 'tsortas', 'significance',

+		        'class', 'scope') {

+	    $idx->{$field} = $ididx->{$field};

+	}

+    }

+}

+

+# Sort the index terms

+@term = sort termsort @term;

+

+# Move all of the non-alphabetic entries to the front of the index.

+@term = sortsymbols(@term);

+

+safe_open(*OUT, $outfile);

+

+# Write the index...

+if ($indexid) {

+    print OUT "<$indextag id='$indexid'>\n\n";

+} else {

+    print OUT "<$indextag>\n\n";

+}

+

+print OUT "<!-- This file was produced by collateindex.pl.         -->\n";

+print OUT "<!-- Remove this comment if you edit this file by hand! -->\n";

+

+print OUT "<!-- ULINK is abused here.

+      

+      The URL attribute holds the URL that points from the index entry

+      back to the appropriate place in the output produced by the HTML

+      stylesheet. (It's much easier to calculate this URL in the first

+      pass.)

+

+      The Role attribute holds the ID (either real or manufactured) of

+      the corresponding INDEXTERM.  This is used by the print backends

+      to produce page numbers.

+

+      The entries below are sorted and collated into the correct order.

+      Duplicates may be removed in the HTML backend, but in the print

+      backends, it is impossible to suppress duplicate pages or coalesce

+      sequences of pages into a range.

+-->\n\n";

+

+print OUT "<title>$title</title>\n\n" if $title;

+

+$last = {};     # the last indexterm we processed

+$first = 1;     # this is the first one

+$group = "";    # we're not in a group yet

+$lastout = "";  # we've not put anything out yet

+

+foreach $idx (@term) {

+    next if $idx->{'startref'}; # no way to represent spans...

+    next if ($idx->{'scope'} eq 'LOCAL') && ($scope eq 'GLOBAL');

+    next if ($idx->{'scope'} eq 'GLOBAL') && ($scope eq 'LOCAL');

+    next if &same($idx, $last); # suppress duplicates

+

+    $termcount--;

+

+    # If primary changes, output a whole new index term, otherwise just

+    # output another secondary or tertiary, as appropriate.  We know from

+    # sorting that the terms will always be in the right order.

+    if (!&tsame($last, $idx, 'primary')) { 

+	print "DIFF PRIM\n" if $debug;

+	&end_entry() if not $first;

+

+	if ($lettergroups) {

+	    # If we're grouping, make the right indexdivs

+	    $letter = $idx->{'psortas'};

+	    $letter = $idx->{'primary'} if !$letter;

+	    $letter = uc(substr($letter, 0, 1));

+	    

+	    # symbols are a special case

+	    if (($letter lt 'A') || ($letter gt 'Z')) {

+		if (($group eq '')

+		    || (($group ge 'A') && ($group le 'Z'))) {

+		    print OUT "</indexdiv>\n" if !$first;

+		    print OUT "<indexdiv><title>$symbolsname</title>\n\n";

+		    $group = $letter;

+		}

+	    } elsif (($group eq '') || ($group ne $letter)) {

+		print OUT "</indexdiv>\n" if !$first;

+		print OUT "<indexdiv><title>$letter</title>\n\n";

+		$group = $letter;

+	    }

+	}

+

+	$first = 0; # there can only be on first ;-)

+

+	print OUT "<indexentry>\n";

+	print OUT "  <primaryie>", $idx->{'primary'};

+	$lastout = "primaryie";

+

+ 	if ($idx->{'secondary'}) {

+	    print OUT "\n  </primaryie>\n";

+	    print OUT "  <secondaryie>", $idx->{'secondary'};

+	    $lastout = "secondaryie";

+	};

+

+	if ($idx->{'tertiary'}) {

+	    print OUT "\n  </secondaryie>\n";

+	    print OUT "  <tertiaryie>", $idx->{'tertiary'};

+	    $lastout = "tertiaryie";

+	}

+    } elsif (!&tsame($last, $idx, 'secondary')) {

+	print "DIFF SEC\n" if $debug;

+

+	print OUT "\n  </$lastout>\n" if $lastout;

+

+	print OUT "  <secondaryie>", $idx->{'secondary'};

+	$lastout = "secondaryie";

+	if ($idx->{'tertiary'}) {

+	    print OUT "\n  </secondaryie>\n";

+	    print OUT "  <tertiaryie>", $idx->{'tertiary'};

+	    $lastout = "tertiaryie";

+	}

+    } elsif (!&tsame($last, $idx, 'tertiary')) {

+	print "DIFF TERT\n" if $debug;

+

+	print OUT "\n  </$lastout>\n" if $lastout;

+

+	if ($idx->{'tertiary'}) {

+	    print OUT "  <tertiaryie>", $idx->{'tertiary'};

+	    $lastout = "tertiaryie";

+	}

+    }

+

+    &print_term($idx);

+    

+    $last = $idx;

+}

+

+# Termcount is > 0 iff some entries were skipped.

+print STDERR "$termcount entries ignored...\n";

+

+&end_entry();

+

+print OUT "</indexdiv>\n" if $lettergroups;

+print OUT "</$indextag>\n";

+

+close (OUT);

+

+print STDERR "Done.\n";

+

+sub same {

+    my($a) = shift;

+    my($b) = shift;

+

+    my($aP) = $a->{'psortas'} || $a->{'primary'};   

+    my($aS) = $a->{'ssortas'} || $a->{'secondary'}; 

+    my($aT) = $a->{'tsortas'} || $a->{'tertiary'};  

+	                                            

+    my($bP) = $b->{'psortas'} || $b->{'primary'};   

+    my($bS) = $b->{'ssortas'} || $b->{'secondary'}; 

+    my($bT) = $b->{'tsortas'} || $b->{'tertiary'};  

+

+    my($same);

+

+    $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP);

+    $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS);

+    $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT);

+    $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP);

+    $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS);

+    $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT);

+

+#    print "[$aP]=[$bP]\n";

+#    print "[$aS]=[$bS]\n";

+#    print "[$aT]=[$bT]\n";

+

+    # Two index terms are the same if:

+    # 1. the primary, secondary, and tertiary entries are the same

+    #    (or have the same SORTAS)

+    # AND

+    # 2. They occur in the same titled section

+    # AND

+    # 3. They point to the same place

+    #

+    # Notes: Scope is used to suppress some entries, but can't be used

+    #          for comparing duplicates.

+    #        Interpretation of "the same place" depends on whether or

+    #          not $linkpoints is true.

+

+    $same = (($aP eq $bP)

+	     && ($aS eq $bS)

+	     && ($aT eq $bT)

+	     && ($a->{'title'} eq $b->{'title'})

+	     && ($a->{'href'} eq $b->{'href'}));

+

+    # If we're linking to points, they're only the same if they link

+    # to exactly the same spot.  (surely this is redundant?)

+    $same = $same && ($a->{'hrefpoint'} eq $b->{'hrefpoint'})

+	if $linkpoints;

+

+    $same;

+}

+

+sub tsame {

+    # Unlike same(), tsame only compares a single term

+    my($a) = shift;

+    my($b) = shift;

+    my($term) = shift;

+    my($sterm) = substr($term, 0, 1) . "sortas";

+    my($A, $B);

+

+    $A = $a->{$sterm} || $a->{$term};

+    $B = $b->{$sterm} || $b->{$term};

+

+    $A =~ s/^\s*//; $A =~ s/\s*$//; $A = uc($A);

+    $B =~ s/^\s*//; $B =~ s/\s*$//; $B = uc($B);

+

+    return $A eq $B;

+}

+

+sub end_entry {

+    # End any open elements...

+    print OUT "\n  </$lastout>\n" if $lastout;

+    print OUT "</indexentry>\n\n";

+    $lastout = "";

+}

+

+sub print_term {

+    # Print out the links for an indexterm.  There can be more than

+    # one if the term has a ZONE that points to more than one place.

+    # (do we do the right thing in that case?)

+    my($idx) = shift;

+    my($key, $indent, @hrefs);

+    my(%href) = ();

+    my(%phref) = ();

+

+    $indent = "    ";

+

+    if ($idx->{'see'}) {

+	# it'd be nice to make this a link...

+	if ($lastout) {

+	    print OUT "\n  </$lastout>\n";

+	    $lastout = "";

+	}

+	print OUT $indent, "<seeie>", $idx->{'see'}, "</seeie>\n";

+	return;

+    }

+

+    if ($idx->{'seealso'}) {

+	# it'd be nice to make this a link...

+	if ($lastout) {

+	    print OUT "\n  </$lastout>\n";

+	    $lastout = "";

+	}

+	print OUT $indent, "<seealsoie>", $idx->{'seealso'}, "</seealsoie>\n";

+	return;

+    }

+

+    if (keys %{$idx->{'zone'}}) {

+	foreach $key (keys %{$idx->{'zone'}}) {

+	    $href{$key} = $idx->{'zone'}->{$key};

+	    $phref{$key} = $idx->{'zone'}->{$key};

+	}

+    } else {

+	$href{$idx->{'href'}} = $idx->{'title'};

+	$phref{$idx->{'href'}} = $idx->{'hrefpoint'};

+    }

+

+    # We can't use <LINK> because we don't know the ID of the term in the

+    # original source (and, in fact, it might not have one).

+    print OUT ",\n";

+    @hrefs = keys %href;

+    while (@hrefs) {

+	my($linkend) = "";

+	my($role) = "";

+	$key = shift @hrefs;

+	if ($linkpoints) {

+	    $linkend = $phref{$key};

+	} else {

+	    $linkend = $key;

+	}

+

+	$role = $linkend;

+	$role = $1 if $role =~ /\#(.*)$/;

+

+	print OUT $indent;

+	print OUT "<ulink url=\"$linkend\" role=\"$role\">";

+	print OUT "<emphasis>" if ($idx->{'significance'} eq 'PREFERRED');

+	print OUT $href{$key};

+	print OUT "</emphasis>" if ($idx->{'significance'} eq 'PREFERRED');

+	print OUT "</ulink>";

+    }

+}

+

+sub termsort {

+    my($aP) = $a->{'psortas'} || $a->{'primary'};   

+    my($aS) = $a->{'ssortas'} || $a->{'secondary'}; 

+    my($aT) = $a->{'tsortas'} || $a->{'tertiary'};  

+    my($ap) = $a->{'count'};

+	                                            

+    my($bP) = $b->{'psortas'} || $b->{'primary'};   

+    my($bS) = $b->{'ssortas'} || $b->{'secondary'}; 

+    my($bT) = $b->{'tsortas'} || $b->{'tertiary'};  

+    my($bp) = $b->{'count'};

+

+    $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP);

+    $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS);

+    $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT);

+    $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP);

+    $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS);

+    $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT);

+

+    if ($aP eq $bP) {

+	if ($aS eq $bS) {

+	    if ($aT eq $bT) {

+		# make sure seealso's always sort to the bottom

+		return 1 if ($a->{'seealso'});

+		return -1  if ($b->{'seealso'});

+		# if everything else is the same, keep these elements

+		# in document order (so the index links are in the right

+		# order)

+		return $ap <=> $bp;

+	    } else {

+		return $aT cmp $bT;

+	    }

+	} else {

+	    return $aS cmp $bS;

+	}

+    } else {

+	return $aP cmp $bP;

+    }

+}

+

+sub sortsymbols {

+    my(@term) = @_;

+    my(@new) = ();

+    my(@sym) = ();

+    my($letter);

+    my($idx);

+

+    # Move the non-letter things to the front.  Should digits be thier

+    # own group?  Maybe...

+    foreach $idx (@term) {

+	$letter = $idx->{'psortas'};

+	$letter = $idx->{'primary'} if !$letter;

+	$letter = uc(substr($letter, 0, 1));

+

+	if (($letter lt 'A') || ($letter gt 'Z')) {

+	    push (@sym, $idx);

+	} else {

+	    push (@new, $idx);

+	}

+    }

+

+    return (@sym, @new);

+}

+

+sub safe_open {

+    local(*OUT) = shift;

+    local(*F, $_);

+

+    if (($outfile ne '-') && (!$forceoutput)) {

+	my($handedit) = 1;

+	if (open (OUT, $outfile)) {

+	    while (<OUT>) {

+		if (/<!-- Remove this comment if you edit this file by hand! -->/){

+		    $handedit = 0;

+		    last;

+		}

+	    } 

+	    close (OUT);

+	} else {

+	    $handedit = 0;

+	}

+	

+	if ($handedit) {

+	    print "\n$outfile appears to have been edited by hand; use -f or\n";

+	    print "      change the output file.\n";

+	    exit 1;

+	}

+    }

+

+    open (OUT, ">$outfile") || die "$usage\nCannot write to $outfile.\n";

+

+    if ($preamble) { 

+	# Copy the preamble

+	if (open(F, $preamble)) {

+	    while (<F>) {

+		print OUT $_;

+	    }

+	    close(F);

+	} else {

+	    warn "$0: cannot open preamble $preamble.\n";

+	}

+    }

+}

diff --git a/docs/docbook/scripts/fix_print_html.lib b/docs/docbook/scripts/fix_print_html.lib
new file mode 100644
index 00000000000..e8a9aaa4c77
--- /dev/null
+++ b/docs/docbook/scripts/fix_print_html.lib
@@ -0,0 +1,172 @@
+#
+# fix_print_html.lib
+#
+#   Dan Scott  / <dan.scott (at) acm.org>
+#   Ferg       / <gferg (at) sgi.com>
+#
+#   Used to prepare single-file HTML variant for PDF/Postscript creation
+#   thru htmldoc.
+#
+# log:
+#     16Oct2000 - initial entry <gferg (at) sgi.com>
+#     03Apr2001 - fix for <preface>
+#
+#
+
+sub fix_print_html {
+
+   my($in,$out,$ttl) = @_;
+
+   open(IN_FILE, "< $in") || do {
+        print "fix_print_html: cannot open $in: $!\n";
+        return 0;
+   };
+
+   my($buf,$ttl_buf) = '';
+   my($indx) = -1;
+   my($is_article) = 0;
+   while(<IN_FILE>) {
+
+         if( $indx == 1 ) {
+
+             # ignore everything until we see the chapter or sect
+             #
+             if( $_ =~ /CLASS="CHAP/i || $_ =~ /CLASS="PREF/i ) {
+
+                 $buf .= $_;
+                 $indx++;
+
+             } elsif( $_ =~ /CLASS="SECT/ || $_ =~ /CLASS="sect/ )  {
+
+                 $buf .= $_;
+                 $indx++;
+                 $is_article = 1;
+
+             } else {
+                 next;
+             }
+
+         } elsif( $indx == 0 ) {
+
+             # write out the title page file
+             #
+             if( $_ =~ /CLASS="TOC"/ ) {
+
+                 $ttl_buf .= "></DIV>\n</BODY>\n</HTML>\n"; 
+                 $ttl_buf =~ s/<\/H1\n/<\/H1\n><P><BR><BR\n/ms;
+                 
+                 open(TOC_FILE, "> $ttl") || do {
+                      print "fix_print_html: cannot open $ttl: $!\n";
+                      close(IN_FILE);
+                      return 0;
+                 };
+                 print TOC_FILE $ttl_buf;
+                 close(TOC_FILE);
+                 $ttl_buf = '';
+                 $indx++;
+
+             } else {
+                $ttl_buf .= $_;
+             }
+
+         } elsif( $indx < 0 ) {
+
+             # up to this point, both buffers get the line
+             #
+             if( $_ =~ /CLASS="TITLEPAGE"/ ) {
+
+                 $ttl_buf .= $_ . ">\n<P>\n<BR><BR><BR><BR>\n<\/P\n";
+                 $indx++;
+
+             } else {
+                 $buf .= $_;
+                 $ttl_buf .= $_;
+             }
+
+         } else {
+
+             $buf .= $_;
+         }
+   }
+   close(IN_FILE);
+
+   open(OUT_FILE, "> $out") || do {
+        print "fix_print_html: cannot open $out: $!\n";
+        return 0;
+   };
+
+
+   # make these corrections and write out the file
+   #
+
+   $buf =~ s/(\n><LI\n)><P\n(.*?)<\/P\n>/$1$2\n/gms;
+   $buf =~ s/(\n><LI\n><DIV\nCLASS="FORMALPARA"\n)><P\n(.*?)<\/P\n>/$1$2\n/gms;
+   $buf =~ s/(\n><LI\nSTYLE="[^\"]+"\n)><P\n(.*?)<\/P\n>/$1$2\n/gms;
+   if( $is_article == 0 ) {
+       $buf =~ s/(\nCLASS="SECT[TION\d]+"\n>)<H1\n(.*?)<\/H1/$1<H2\n$2<\/H2/gims;
+       $buf =~ s/(\nCLASS="SECT[TION\d]+"\n><HR>)<H1\n(.*?)<\/H1/$1<H2\n$2<\/H2/gims;
+   }
+   $buf =~ s/<H1(\nCLASS="INDEXDIV"\n)(.*?)<\/H1/<H2$1$2<\/H2/gims;
+   if( ($indx = rindex($buf, "<H1\n><A\nNAME=\"DOC-INDEX\"")) > -1 ) {
+       $buf = substr($buf, 0, $indx);
+       $buf .= "\n<\/BODY>\n<\/HTML>\n\n";
+   } elsif( ($indx = rindex($buf, "<H1\n><A\nNAME=\"doc-index\"")) > -1 ) {
+       $buf = substr($buf, 0, $indx);
+       $buf .= "\n<\/BODY>\n<\/HTML>\n\n";
+   }
+   $buf =~ s/\&\#13;//g;
+   $buf =~ s/\&\#60;/\&lt;/g;
+   $buf =~ s/\&\#62;/\&gt;/g;
+   $buf =~ s/\&\#8211;/\-/g;
+   $buf =~ s/WIDTH=\"\d\"//g;
+   $buf =~ s/><[\/]*TBODY//g;
+   $buf =~ s/><[\/]*THEAD//g;
+   $buf =~ s/TYPE=\"1\"\n//gim;
+
+   if( $is_article == 0 ) {
+
+       # for books...decrement the headers by 1 and then re-set the
+       # chapter level only to H1...
+       #
+       my($cnt,$j) = 0;
+       for($cnt=5; $cnt > 0; $cnt--) {
+           $j = $cnt + 1;
+           $buf =~ s/<H${cnt}/<H${j}/g;
+           $buf =~ s/<\/H${cnt}/<\/H${j}/g;
+       }
+
+       my(@l) = split(/\n/, $buf);
+       for( $cnt=0; $cnt < (@l + 0); $cnt++ ) {
+
+            if( $j == 1 ) {
+                if( $l[$cnt] =~ /<DIV/ ) {
+                    $j = 0;
+                    next;
+                }
+                $l[$cnt] =~ s/<H2/<H1/g;
+                $l[$cnt] =~ s/<\/H2/<\/H1/g;
+            }
+            if( $l[$cnt] =~ /^CLASS=\"CHAP/i
+                ||
+                $l[$cnt] =~ /^CLASS=\"PREF/i ) {
+                $j = 1;
+            }
+       }
+
+       $buf = join("\n", @l);
+
+   }
+   $buf =~ s/><DIV\nCLASS="\w+"\n//gms;
+   $buf =~ s/><\/DIV\n//gms;
+   $buf =~ s/(><LI\n)><P\n(.*?)<\/P\n>(<\/LI\n)/$1$2$3/gms;
+
+   print OUT_FILE $buf;
+   close(OUT_FILE);
+
+   return 1;
+}
+
+# Return true from package include
+#
+1;
+
diff --git a/docs/docbook/scripts/ldp_print b/docs/docbook/scripts/ldp_print
new file mode 100755
index 00000000000..70bb801def4
--- /dev/null
+++ b/docs/docbook/scripts/ldp_print
@@ -0,0 +1,71 @@
+#!/usr/bin/perl -w
+#
+# usage: ldp_print <single_file.html>
+#
+# Creates a PDF variant of a single-file HTML representation of a
+# DocBook SGML (or XML) instance. This simple wrapper assumes that
+# the file was created using {open}jade in a manner similar to:
+#
+#	jade -t sgml -i html -V nochunks -d $style $fname > $fname.html
+#
+# Give this script the filename as an argument. It will then parse
+# the file into 'title.html' and 'body.html' and send each to
+# htmldoc (as the corresponding title page and body of the document).
+#
+#
+# CAVEATS:
+#
+# Assumes perl is in /usr/bin; adjust if necessary
+#
+# You may need to specify where the htmldoc executable resides.
+# The script assumes it's within your $PATH.
+#
+# If you want Postscript as an output variant, uncomment the 
+# appropriate lines (see below).
+#
+# Relies on output from a DocBook instance created via DSSSL/{open}jade!
+#
+# Cleans up (removes) the intermediate files it creates (but not the
+# PDF or Postscript files, obviously!)
+#
+# Works silently; PDF (PostScript) will be created in the same directory
+# as was specified for the input (single-file HTML) file.
+#
+# Provided without warranty or support!
+#
+#	gferg@sgi.com / Ferg (used as part of the LDP production env)
+#
+
+use strict;
+push(@INC, "./");
+require 'fix_print_html.lib';
+
+if( $ARGV[0] eq '' || !(-r $ARGV[0]) ) {
+    die "\nusage: ldp_print <single_file.html>\n\n";
+}
+
+my($fname_wo_ext) = $ARGV[0];
+$fname_wo_ext =~ s/\.[\w]+$//;
+
+
+# create new files from single HTML file to use for print
+#
+&fix_print_html($ARGV[0], 'body.html', 'title.html');
+
+my($cmd) = "htmldoc --size universal -t pdf  -f ${fname_wo_ext}.pdf " .
+           "--firstpage p1 --titlefile title.html body.html";
+
+# For postscript output; append onto the above cmd string:
+#
+#          "; htmldoc --size universal -t ps -f -f ${fname_wo_ext}.ps " .
+#          "--firstpage p1 --titlefile title.html body.html";
+#
+system($cmd);
+die "\nldp_print: could not create ${fname_wo_ext}.pdf ($!)\n" if ($?);
+
+# cleanup
+#
+system("rm -f body.html title.html");
+
+exit(0);
+
diff --git a/docs/docbook/scripts/make-article.pl b/docs/docbook/scripts/make-article.pl
new file mode 100644
index 00000000000..d1f8c668326
--- /dev/null
+++ b/docs/docbook/scripts/make-article.pl
@@ -0,0 +1,25 @@
+#!/usr/bin/perl
+
+$ignore = 0;
+
+print "<!DOCTYPE article PUBLIC \"-//OASIS//DTD DocBook V4.1//EN\">\n";
+
+while (<STDIN>) {
+
+	$_ =~ s/<chapter/<article/g;
+	$_ =~ s/<\/chapter/<\/article/g;
+
+	if ( $_ =~ '<articleinfo>') {
+		$ignore = 1;
+	}
+
+	if ( $_ =~ '</articleinfo>') {
+		$ignore = 0;
+		$_ = "";
+	}
+
+
+	if (! $ignore) { print "$_"; }
+
+
+}
diff --git a/docs/docbook/stylesheets/ldp.dsl.in b/docs/docbook/stylesheets/ldp.dsl.in
new file mode 100644
index 00000000000..d6e06f4b6d1
--- /dev/null
+++ b/docs/docbook/stylesheets/ldp.dsl.in
@@ -0,0 +1,256 @@
+<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
+<!ENTITY % html "IGNORE">
+<![%html;[
+<!ENTITY % print "IGNORE">
+<!ENTITY docbook.dsl SYSTEM "@SGML_SHARE@/dsssl/docbook/html/docbook.dsl" CDATA dsssl>
+]]>
+<!ENTITY % print "INCLUDE">
+<![%print;[
+<!ENTITY docbook.dsl SYSTEM "@SGML_SHARE@/dsssl/docbook/print/docbook.dsl" CDATA dsssl>
+]]>
+]>
+
+<style-sheet>
+
+<style-specification id="print" use="docbook">
+<style-specification-body> 
+
+;; ==============================
+;; customize the print stylesheet
+;; ==============================
+
+(declare-characteristic preserve-sdata?
+  ;; this is necessary because right now jadetex does not understand
+  ;; symbolic entities, whereas things work well with numeric entities.
+  "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"
+  #f)
+
+(define %generate-article-toc%
+  ;; Should a Table of Contents be produced for Articles?
+  #t)
+
+(define (toc-depth nd)
+  2)
+
+(define %generate-article-titlepage-on-separate-page%
+  ;; Should the article title page be on a separate page?
+  #t)
+
+(define %section-autolabel%
+  ;; Are sections enumerated?
+  #t)
+
+(define %footnote-ulinks%
+  ;; Generate footnotes for ULinks?
+  #f)
+
+(define %bop-footnotes%
+  ;; Make "bottom-of-page" footnotes?
+  #f)
+
+(define %body-start-indent%
+  ;; Default indent of body text
+  0pi)
+
+(define %para-indent-firstpara%
+  ;; First line start-indent for the first paragraph
+  0pt)
+
+(define %para-indent%
+  ;; First line start-indent for paragraphs (other than the first)
+  0pt)
+
+(define %block-start-indent%
+  ;; Extra start-indent for block-elements
+  0pt)
+
+(define formal-object-float
+  ;; Do formal objects float?
+  #t)
+
+(define %hyphenation%
+  ;; Allow automatic hyphenation?
+  #t)
+
+(define %admon-graphics%
+  ;; Use graphics in admonitions?
+  #f)
+
+</style-specification-body>
+</style-specification>
+
+
+<!--
+;; ===================================================
+;; customize the html stylesheet; borrowed from Cygnus
+;; at http://sourceware.cygnus.com/ (cygnus-both.dsl)
+;; ===================================================
+-->
+
+<style-specification id="html" use="docbook">
+<style-specification-body> 
+
+(declare-characteristic preserve-sdata?
+  ;; this is necessary because right now jadetex does not understand
+  ;; symbolic entities, whereas things work well with numeric entities.
+  "UNREGISTERED::James Clark//Characteristic::preserve-sdata?"
+  #f)
+
+(define %generate-legalnotice-link%
+  ;; put the legal notice in a separate file
+  #t)
+
+(define %admon-graphics-path%
+  ;; use graphics in admonitions, set their
+  "../images/")
+
+(define %admon-graphics%
+  #f)
+
+(define %funcsynopsis-decoration%
+  ;; make funcsynopsis look pretty
+  #t)
+
+(define %html-ext%
+  ;; when producing HTML files, use this extension
+  ".html")
+
+(define %generate-book-toc%
+  ;; Should a Table of Contents be produced for books?
+  #t)
+
+(define %generate-article-toc% 
+  ;; Should a Table of Contents be produced for articles?
+  #t)
+
+(define %generate-part-toc%
+  ;; Should a Table of Contents be produced for parts?
+  #t)
+
+(define %generate-book-titlepage%
+  ;; produce a title page for books
+  #t)
+
+(define %generate-article-titlepage%
+  ;; produce a title page for articles
+  #t)
+
+(define (chunk-skip-first-element-list)
+  ;; forces the Table of Contents on separate page
+  '())
+
+(define (list-element-list)
+  ;; fixes bug in Table of Contents generation
+  '())
+
+(define %root-filename%
+  ;; The filename of the root HTML document (e.g, "index").
+  "index")
+
+(define %shade-verbatim%
+  ;; verbatim sections will be shaded if t(rue)
+  #t)
+
+(define %use-id-as-filename%
+  ;; Use ID attributes as name for component HTML files?
+  #t)
+
+(define %graphic-extensions%
+  ;; graphic extensions allowed
+  '("gif" "png" "jpg" "jpeg" "tif" "tiff" "eps" "epsf" ))
+
+(define %graphic-default-extension% 
+  "gif")
+
+(define %section-autolabel%
+  ;; For enumerated sections (1.1, 1.1.1, 1.2, etc.)
+  #t)
+
+(define (toc-depth nd)
+  ;; more depth (2 levels) to toc; instead of flat hierarchy
+  ;; 2)
+  4)
+
+(element emphasis
+  ;; make role=strong equate to bold for emphasis tag
+  (if (equal? (attribute-string "role") "strong")
+     (make element gi: "STRONG" (process-children))
+     (make element gi: "EM" (process-children))))
+
+(define (book-titlepage-recto-elements)
+  ;; elements on a book's titlepage
+  ;; note: added revhistory to the default list
+  (list (normalize "title")
+        (normalize "subtitle")
+        (normalize "graphic")
+        (normalize "mediaobject")
+        (normalize "corpauthor")
+        (normalize "authorgroup")
+        (normalize "author")
+        (normalize "editor")
+        (normalize "copyright")
+        (normalize "revhistory")
+        (normalize "abstract")
+        (normalize "legalnotice")))
+
+(define (article-titlepage-recto-elements)
+  ;; elements on an article's titlepage
+  ;; note: added othercredit to the default list
+  (list (normalize "title")
+        (normalize "subtitle")
+        (normalize "authorgroup")
+        (normalize "author")
+        (normalize "othercredit")
+        (normalize "releaseinfo")
+        (normalize "copyright")
+        (normalize "pubdate")
+        (normalize "revhistory")
+        (normalize "abstract")))
+
+(mode article-titlepage-recto-mode
+
+ (element contrib
+  ;; print out with othercredit information; for translators, etc.
+  (make sequence
+    (make element gi: "SPAN"
+          attributes: (list (list "CLASS" (gi)))
+          (process-children))))
+
+ (element othercredit
+  ;; print out othercredit information; for translators, etc.
+  (let ((author-name  (author-string))
+        (author-contrib (select-elements (children (current-node))
+                                          (normalize "contrib"))))
+    (make element gi: "P"
+         attributes: (list (list "CLASS" (gi)))
+         (make element gi: "B"  
+              (literal author-name)
+              (literal " - "))
+         (process-node-list author-contrib))))
+)
+
+(define (article-title nd)
+  (let* ((artchild  (children nd))
+         (artheader (select-elements artchild (normalize "artheader")))
+         (artinfo   (select-elements artchild (normalize "articleinfo")))
+         (ahdr (if (node-list-empty? artheader)
+                   artinfo
+                   artheader))
+         (ahtitles  (select-elements (children ahdr)
+                                     (normalize "title")))
+         (artitles  (select-elements artchild (normalize "title")))
+         (titles    (if (node-list-empty? artitles)
+                        ahtitles
+                        artitles)))
+    (if (node-list-empty? titles)
+        ""
+        (node-list-first titles))))
+
+
+</style-specification-body>
+</style-specification>
+
+<external-specification id="docbook" document="docbook.dsl">
+
+</style-sheet>
+
diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml
index 8f57e73aa31..da6b50f99e2 100644
--- a/docs/faq/Samba-Server-FAQ.sgml
+++ b/docs/faq/Samba-Server-FAQ.sgml
@@ -296,7 +296,7 @@ to somewhere on your network to see if TCP/IP is functioning OK. If it
 is, the problem is most likely name resolution.
 
 If your client has a facility to do so, hardcode a mapping between the
-hosts IP and the name you want to use. For example, with Lan Manager
+hosts IP and the name you want to use. For example, with Man Manager
 or Windows for Workgroups you would put a suitable entry in the file
 LMHOSTS. If this works, the problem is in the communication between
 your client and the netbios name server. If it does not work, then
@@ -319,7 +319,7 @@ the name you gave.
 
 The first step is to check the exact name of the service you are
 trying to connect to (consult your system administrator). Assuming it
-exists and you specified it correctly (read your client's docs on how
+exists and you specified it correctly (read your client's doco on how
 to specify a service name correctly), read on:
 
 <itemize>
@@ -329,6 +329,22 @@ to specify a service name correctly), read on:
 <item> Some clients force service names into upper case.
 </itemize>
 
+<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net">
+Nothing is wrong - Samba does not implement the primary domain name
+controller stuff for several reasons, including the fact that the
+whole concept of a primary domain controller and "logging in to a
+network" doesn't fit well with clients possibly running on multiuser
+machines (such as users of smbclient under Unix). Having said that,
+several developers are working hard on building it in to the next
+major version of Samba. If you can contribute, send a message to
+<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> !
+
+Seeing this message should not affect your ability to mount redirected
+disks and printers, which is really what all this is about.
+
+For many clients (including Windows for Workgroups and Lan Manager),
+setting the domain to STANDALONE at least gets rid of the message.
+
 <sect1>Printing doesn't work :-(<p> <label id="no_printing"> 
 
 Make sure that the specified print command for the service you are
@@ -356,6 +372,29 @@ coreplus.  Also not that print status error messages don't mean
 printing won't work. The print status is received by a different
 mechanism.
 
+<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run">
+There are numerous possible reasons for this, but one MAJOR
+possibility is that your software uses locking. Make sure you are
+using Samba 1.6.11 or later. It may also be possible to work around
+the problem by setting "locking=no" in the Samba configuration file
+for the service the software is installed on. This should be regarded
+as a strictly temporary solution.
+
+In earlier Samba versions there were some difficulties with the very
+latest Microsoft products, particularly Excel 5 and Word for Windows
+6. These should have all been solved. If not then please let Andrew
+Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">.
+
+<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string">
+OR My client reports the default setting, eg. "Samba 1.9.15p4", instead
+of what I have changed it to in the smb.conf file.
+
+You need to use the -C option in nmbd. The "server string" affects
+what smbd puts out and -C affects what nmbd puts out.
+ 
+Current versions of Samba (1.9.16 +) have combined these options into
+the "server string" field of smb.conf, -C for nmbd is now obsolete.
+
 <sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares">
 Your guest account is probably invalid for some reason. Samba uses the
 guest account for browsing in smbd.  Check that your guest account is
@@ -404,4 +443,50 @@ it casts to -1 as a uid, and the setreuid() system call ignores (with
 no error) uid changes to -1. This means any daemon attempting to run
 as uid 65535 will actually run as root. This is not good!
 
+<sect1>Issues specific to IBM OS/2 systems<p><label id="OS2Issues">
+
+<url url="http://carol.wins.uva.nl/~leeuw/samba/samba2.html" name="Samba for OS/2">
+
+<sect1>Issues specific to IBM MVS systems<p><label id="MVSIssues">
+
+<url url="ftp://ftp.mks.com/pub/samba/" name="Samba for OS/390 MVS">
+
+<sect1>Issues specific to Digital VMS systems<p><label id="VMSIssues">
+
+<sect1>Issues specific to Amiga systems<p><label id="AmigaIssues">
+
+<url url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/" name="Samba for Amiga">
+
+There is a mailing list for Samba on the Amiga.
+
+                                Subscribing.
+
+   Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe
+in the message. The list server will use the address in the Reply-To: or
+From: header field, in that order.
+
+                               Unsubscribing.
+
+   Send an email to rask-samba-request@kampsax.dtu.dk with the word
+unsubscribe in the message. The list server will use the address in the
+Reply-To: or From: header field, in that order. If you are unsure which
+address you are subscribed with, look at the headers. You should see a
+"From " (no colon) or Return-Path: header looking something like
+
+   rask-samba-owner-myname=my.domain@kampsax.dtu.dk
+
+where myname=my.domain gives you the address myname@my.domain. This also
+means that I will always be able to find out which address is causing
+bounces, for example.
+                                List archive.
+
+   Messages sent to the list are archived in HTML. See the mailing list home
+page at <URL url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/">
+
+<sect1>Issues specific to Novell IntraNetware systems<p><label id="NetwareIssues">
+
+<sect1>Issues specific to Stratos VOS systems<p><label id="NetwareIssues">
+
+<url url="ftp://ftp.stratus.com/pub/vos/tools/" name="Samba for Stratus VOS">
+
 </article>
diff --git a/docs/faq/Samba-meta-FAQ.sgml b/docs/faq/Samba-meta-FAQ.sgml
index ecaa1b267cd..377d81663d7 100644
--- a/docs/faq/Samba-meta-FAQ.sgml
+++ b/docs/faq/Samba-meta-FAQ.sgml
@@ -126,6 +126,17 @@ from...)
 information about client-side issues, includes a list of all clients
 that are known to work with Samba.
 
+<item> <url url="samba-man-index.html" name="manual pages"> contains
+descriptions of and links to all the Samba manual pages, in Unix man and
+postscript format.
+
+<item> <url url="samba-txt-index.html"> has descriptions of and links to
+a large number of text files have been contributed to samba covering
+many topics. These are gradually being absorbed into the FAQs and HOWTOs
+but in the meantime you might find helpful answers here.
+
+<item> 
+
 </itemize>
 
 <sect> General Information<p><label id="general_info">
@@ -172,9 +183,97 @@ must be made freely available. A copy of the GPL must always be included
 in any copy of the package.
 
 The primary creator of the Samba suite is Andrew Tridgell. Later
-versions incorporate much effort by many helpers. The man pages
+versions incorporate much effort by many net.helpers. The man pages
 and this FAQ were originally written by Karl Auer.
 
+<sect1> What is the current version of Samba?<p><label id="current_version">
+
+At time of writing, the current version was 1.9.17. If you want to be
+sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log">
+
+For more information see <ref id="version_nums" name="What do the version numbers mean?">
+
+<sect1> Where can I get it? <p><label id="WhereFrom">
+
+The Samba suite is available via anonymous ftp from samba.org and
+many <url url="../MIRRORS" name="mirror"> sites. You will get much
+faster performance if you use a mirror site. The latest and greatest
+versions of the suite are in the directory:
+
+/pub/samba/
+
+Development (read "alpha") versions, which are NOT necessarily stable
+and which do NOT necessarily have accurate documentation, are available
+in the directory:
+
+/pub/samba/alpha
+
+Note that binaries are NOT included in any of the above. Samba is
+distributed ONLY in source form, though binaries may be available from
+other sites. Most Linux distributions, for example, do contain Samba
+binaries for that platform. The VMS, OS/2, Netware and Amiga and other
+ports typically have binaries made available.
+
+A special case is vendor-provided binary packages. Samba binaries and
+default configuration files are put into packages for a specific
+operating system. RedHat Linux and Sun Solaris (Sparc and x86) is
+already included, and others such as OS/2 may follow. All packages are
+in the directory:
+
+/pub/samba/Binary_Packages/"OS_Vendor"
+
+<sect1>What do the version numbers mean?<p><label id="version_nums">
+
+It is not recommended that you run a version of Samba with the word
+"alpha" in its name unless you know what you are doing and are willing
+to do some debugging. Many, many people just get the latest
+recommended stable release version and are happy. If you are brave, by
+all means take the plunge and help with the testing and development -
+but don't install it on your departmental server. Samba is typically
+very stable and safe, and this is mostly due to the policy of many
+public releases.
+
+How the scheme works:
+
+<enum>
+
+<item>When major changes are made the version number is increased. For
+example, the transition from 1.9.16 to 1.9.17. However, this version
+number will not appear immediately and people should continue to use
+1.9.15 for production systems (see next point.)
+
+<item>Just after major changes are made the software is considered
+unstable, and a series of alpha releases are distributed, for example
+1.9.16alpha1. These are for testing by those who know what they are
+doing.  The "alpha" in the filename will hopefully scare off those who
+are just looking for the latest version to install.
+
+<item>When Andrew thinks that the alphas have stabilised to the point
+where he would recommend new users install it, he renames it to the
+same version number without the alpha, for example 1.9.17.
+
+<item>Inevitably bugs are found in the "stable" releases and minor patch
+levels are released which give us the pXX series, for example 1.9.17p2.
+
+</enum>
+
+So the progression goes:
+
+<verb>
+		1.9.16p10	(production)
+		1.9.16p11	(production)
+		1.9.17alpha1	(test sites only)
+		  :
+		1.9.17alpha20	(test sites only)
+		1.9.17		(production)
+		1.9.17p1	(production)
+</verb>
+
+The above system means that whenever someone looks at the samba ftp
+site they will be able to grab the highest numbered release without an
+alpha in the name and be sure of getting the current recommended
+version.
+
 <sect1> Where can I go for further information?<p><label id="more">
 
 There are a number of places to look for more information on Samba,
@@ -182,7 +281,7 @@ including:
 
 <itemize>
 
-<item>The mailing lists devoted to discussion of Samba-related matters.
+<item>Two mailing lists devoted to discussion of Samba-related matters.
 See below for subscription information.
 
 <item>The newsgroup comp.protocols.smb, which has a great deal of
@@ -203,7 +302,35 @@ url="http://samba.org/samba/"> includes:
 
 <sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist">
 
-Surf to <url url="http://lists.samba.org/"> for an overview of all the mailing lists.
+Send email to <htmlurl url="mailto:listproc@samba.org"
+name="listproc@samba.org">. Make sure the subject line is blank,
+and include the following two lines in the body of the message:
+
+<tscreen><verb>
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+</verb></tscreen>
+
+Obviously you should substitute YOUR first name for "Firstname" and
+YOUR last name for "Lastname"! Try not to send any signature, it
+sometimes confuses the list processor.
+
+The samba list is a digest list - every eight hours or so it sends a
+single message containing all the messages that have been received by
+the list since the last time and sends a copy of this message to all
+subscribers. There are thousands of people on this list.
+
+If you stop being interested in Samba, please send another email to
+<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and
+include the following two lines in the body of the message:
+
+<tscreen><verb>
+unsubscribe samba
+unsubscribe samba-announce
+</verb></tscreen>
+
+The <bf>From:</bf> line in your message <em>MUST</em> be the same
+address you used when you subscribed.
 
 <sect1> Something's gone wrong - what should I do?<p><label id="wrong">
 
diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml
index a80981a1e97..333ac55f673 100644
--- a/docs/faq/sambafaq.sgml
+++ b/docs/faq/sambafaq.sgml
@@ -18,14 +18,13 @@
 <title> Samba FAQ
 
 <author>Paul Blackman, <tt>ictinus@samba.org</tt>
-<author>Jelmer Vernooij, <tt>jelmer@samba.org</tt>
 
-<date>v 1.0, August 2002
+<date>v 0.8, June '97
 
 <abstract> This is the Frequently Asked Questions (FAQ) document for
 Samba, the free and very popular SMB server product. An SMB server
 allows file and printer connections from clients such as Windows,
-OS/2, Linux and others. Current to version 3.0. Please send any
+OS/2, Linux and others. Current to version 1.9.17. Please send any
 corrections to the author.
 </abstract>
 
@@ -372,7 +371,7 @@ to somewhere on your network to see if TCP/IP is functioning OK. If it
 is, the problem is most likely name resolution.
 
 If your client has a facility to do so, hardcode a mapping between the
-hosts IP and the name you want to use. For example, with Lan Manager
+hosts IP and the name you want to use. For example, with Man Manager
 or Windows for Workgroups you would put a suitable entry in the file
 LMHOSTS. If this works, the problem is in the communication between
 your client and the netbios name server. If it does not work, then
@@ -395,7 +394,7 @@ the name you gave.
 
 The first step is to check the exact name of the service you are
 trying to connect to (consult your system administrator). Assuming it
-exists and you specified it correctly (read your client's docs on how
+exists and you specified it correctly (read your client's doco on how
 to specify a service name correctly), read on:
 
 <itemize>
diff --git a/docs/htmldocs/Browsing.html b/docs/htmldocs/Browsing.html
deleted file mode 100644
index 5f5f71ba694..00000000000
--- a/docs/htmldocs/Browsing.html
+++ /dev/null
@@ -1,741 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->Improved browsing in samba</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="ARTICLE"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="ARTICLE"
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="IMPROVED-BROWSING"
->Improved browsing in samba</A
-></H1
-><HR></DIV
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN3"
->Overview of browsing</A
-></H1
-><P
->SMB networking provides a mechanism by which clients can access a list
-of machines in a network, a so-called "browse list".  This list
-contains machines that are ready to offer file and/or print services
-to other machines within the network. Thus it does not include
-machines which aren't currently able to do server tasks.  The browse
-list is heavily used by all SMB clients.  Configuration of SMB
-browsing has been problematic for some Samba users, hence this
-document.</P
-><P
->Browsing will NOT work if name resolution from NetBIOS names to IP
-addresses does not function correctly. Use of a WINS server is highly
-recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
-WINS allows remote segment clients to obtain NetBIOS name_type information
-that can NOT be provided by any other means of name resolution.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN7"
->Browsing support in samba</A
-></H1
-><P
->Samba now fully supports browsing.  The browsing is supported by nmbd
-and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
-><P
->Samba can act as a local browse master for a workgroup and the ability
-for samba to support domain logons and scripts is now available.  See
-DOMAIN.txt for more information on domain logons.</P
-><P
->Samba can also act as a domain master browser for a workgroup.  This
-means that it will collate lists from local browse masters into a
-wide area network server list.  In order for browse clients to
-resolve the names they may find in this list, it is recommended that
-both samba and your clients use a WINS server.</P
-><P
->Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain: on each wide area
-network, you must only ever have one domain master browser per workgroup,
-regardless of whether it is NT, Samba or any other type of domain master
-that is providing this service.</P
-><P
->[Note that nmbd can be configured as a WINS server, but it is not
-necessary to specifically use samba as your WINS server.  NTAS can
-be configured as your WINS server.  In a mixed NT server and
-samba environment on a Wide Area Network, it is recommended that
-you use the NT server's WINS server capabilities.  In a samba-only
-environment, it is recommended that you use one and only one nmbd
-as your WINS server].</P
-><P
->To get browsing to work you need to run nmbd as usual, but will need
-to use the "workgroup" option in smb.conf to control what workgroup
-Samba becomes a part of.</P
-><P
->Samba also has a useful option for a Samba server to offer itself for
-browsing on another subnet.  It is recommended that this option is only
-used for 'unusual' purposes: announcements over the internet, for
-example.  See "remote announce" in the smb.conf man page.  </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN16"
->Problem resolution</A
-></H1
-><P
->If something doesn't work then hopefully the log.nmb file will help
-you track down the problem.  Try a debug level of 2 or 3 for finding
-problems. Also note that the current browse list usually gets stored
-in text form in a file called browse.dat.</P
-><P
->Note that if it doesn't work for you, then you should still be able to
-type the server name as \\SERVER in filemanager then hit enter and
-filemanager should display the list of available shares.</P
-><P
->Some people find browsing fails because they don't have the global
-"guest account" set to a valid account.  Remember that the IPC$
-connection that lists the shares is done as guest, and thus you must
-have a valid guest account.</P
-><P
->Also, a lot of people are getting bitten by the problem of too many
-parameters on the command line of nmbd in inetd.conf.  This trick is to
-not use spaces between the option and the parameter (eg: -d2 instead
-of -d 2), and to not use the -B and -N options.  New versions of nmbd
-are now far more likely to correctly find your broadcast and network
-address, so in most cases these aren't needed.</P
-><P
->The other big problem people have is that their broadcast address,
-netmask or IP address is wrong (specified with the "interfaces" option
-in smb.conf)</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN23"
->Browsing across subnets</A
-></H1
-><P
->With the release of Samba 1.9.17(alpha1 and above) Samba has been
-updated to enable it to support the replication of browse lists
-across subnet boundaries.  New code and options have been added to
-achieve this.  This section describes how to set this feature up
-in different settings.</P
-><P
->To see browse lists that span TCP/IP subnets (ie.  networks separated
-by routers that don't pass broadcast traffic) you must set up at least
-one WINS server.  The WINS server acts as a DNS for NetBIOS names, allowing
-NetBIOS name to IP address translation to be done by doing a direct
-query of the WINS server.  This is done via a directed UDP packet on
-port 137 to the WINS server machine.  The reason for a WINS server is
-that by default, all NetBIOS name to IP address translation is done
-by broadcasts from the querying machine.  This means that machines
-on one subnet will not be able to resolve the names of machines on
-another subnet without using a WINS server.</P
-><P
->Remember, for browsing across subnets to work correctly, all machines,
-be they Windows 95, Windows NT, or Samba servers must have the IP address
-of a WINS server given to them by a DHCP server, or by manual configuration 
-(for Win95 and WinNT, this is in the TCP/IP Properties, under Network 
-settings) for Samba this is in the smb.conf file.</P
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN28"
->How does cross subnet browsing work ?</A
-></H2
-><P
->Cross subnet browsing is a complicated dance, containing multiple
-moving parts.  It has taken Microsoft several years to get the code
-that achieves this correct, and Samba lags behind in some areas.
-However, with the 1.9.17 release, Samba is capable of cross subnet
-browsing when configured correctly.</P
-><P
->Consider a network set up as follows :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->                                   (DMB)
-             N1_A      N1_B        N1_C       N1_D        N1_E
-              |          |           |          |           |
-          -------------------------------------------------------
-            |          subnet 1                       |
-          +---+                                      +---+
-          |R1 | Router 1                  Router 2   |R2 |
-          +---+                                      +---+
-            |                                          |
-            |  subnet 2              subnet 3          |
-  --------------------------       ------------------------------------
-  |     |     |      |               |        |         |           |
- N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
-                    (WINS)</PRE
-></P
-><P
->Consisting of 3 subnets (1, 2, 3) connected by two routers
-(R1, R2) - these do not pass broadcasts.  Subnet 1 has 5 machines
-on it, subnet 2 has 4 machines, subnet 3 has 4 machines.  Assume
-for the moment that all these machines are configured to be in the
-same workgroup (for simplicities sake).  Machine N1_C on subnet 1
-is configured as Domain Master Browser (ie.  it will collate the
-browse lists for the workgroup).  Machine N2_D is configured as
-WINS server and all the other machines are configured to register
-their NetBIOS names with it.</P
-><P
->As all these machines are booted up, elections for master browsers
-will take place on each of the three subnets.  Assume that machine
-N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
-subnet 3 - these machines are known as local master browsers for
-their particular subnet.  N1_C has an advantage in winning as the
-local master browser on subnet 1 as it is set up as Domain Master
-Browser.</P
-><P
->On each of the three networks, machines that are configured to 
-offer sharing services will broadcast that they are offering
-these services.  The local master browser on each subnet will
-receive these broadcasts and keep a record of the fact that
-the machine is offering a service.  This list of records is
-the basis of the browse list.  For this case, assume that
-all the machines are configured to offer services so all machines
-will be on the browse list.</P
-><P
->For each network, the local master browser on that network is
-considered 'authoritative' for all the names it receives via
-local broadcast.  This is because a machine seen by the local
-master browser via a local broadcast must be on the same 
-network as the local master browser and thus is a 'trusted'
-and 'verifiable' resource.  Machines on other networks that
-the local master browsers learn about when collating their
-browse lists have not been directly seen - these records are
-called 'non-authoritative'.</P
-><P
->At this point the browse lists look as follows (these are 
-the machines you would see in your network neighborhood if
-you looked in it on a particular network right now).</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D</PRE
-></P
-><P
->Note that at this point all the subnets are separate, no
-machine is seen across any of the subnets.</P
-><P
->Now examine subnet 2.  As soon as N2_B has become the local
-master browser it looks for a Domain master browser to synchronize
-its browse list with.  It does this by querying the WINS server
-(N2_D) for the IP address associated with the NetBIOS name 
-WORKGROUP&gt;1B&lt;.  This name was registerd by the Domain master
-browser (N1_C) with the WINS server as soon as it was booted.</P
-><P
->Once N2_B knows the address of the Domain master browser it
-tells it that is the local master browser for subnet 2 by
-sending a MasterAnnouncement packet as a UDP port 138 packet.
-It then synchronizes with it by doing a NetServerEnum2 call.  This
-tells the Domain Master Browser to send it all the server
-names it knows about.  Once the domain master browser receives
-the MasterAnnouncement packet it schedules a synchronization
-request to the sender of that packet.  After both synchronizations
-are done the browse lists look like :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-
-Servers with a (*) after them are non-authoritative names.</PRE
-></P
-><P
->At this point users looking in their network neighborhood on
-subnets 1 or 2 will see all the servers on both, users on
-subnet 3 will still only see the servers on their own subnet.</P
-><P
->The same sequence of events that occured for N2_B now occurs
-for the local master browser on subnet 3 (N3_D).  When it
-synchronizes browse lists with the domain master browser (N1_A)
-it gets both the server entries on subnet 1, and those on
-subnet 2.  After N3_D has synchronized with N1_C and vica-versa
-the browse lists look like.</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Servers with a (*) after them are non-authoritative names.</PRE
-></P
-><P
->At this point users looking in their network neighborhood on
-subnets 1 or 3 will see all the servers on all sunbets, users on
-subnet 2 will still only see the servers on subnets 1 and 2, but not 3.</P
-><P
->Finally, the local master browser for subnet 2 (N2_B) will sync again
-with the domain master browser (N1_C) and will recieve the missing
-server entries.  Finally - and as a steady state (if no machines
-are removed or shut off) the browse lists will look like :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-	
-Servers with a (*) after them are non-authoritative names.</PRE
-></P
-><P
->Synchronizations between the domain master browser and local
-master browsers will continue to occur, but this should be a
-steady state situation.</P
-><P
->If either router R1 or R2 fails the following will occur:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	Names of computers on each side of the inaccessible network fragments
-	will be maintained for as long as 36 minutes, in the network neighbourhood
-	lists.
-	</P
-></LI
-><LI
-><P
->	Attempts to connect to these inaccessible computers will fail, but the
-	names will not be removed from the network neighbourhood lists.
-	</P
-></LI
-><LI
-><P
->	If one of the fragments is cut off from the WINS server, it will only
-	be able to access servers on its local subnet, by using subnet-isolated
-	broadcast NetBIOS name resolution.  The effects are similar to that of
-	losing access to a DNS server.
-	</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN63"
->Setting up a WINS server</A
-></H1
-><P
->Either a Samba machine or a Windows NT Server machine may be set up
-as a WINS server.  To set a Samba machine to be a WINS server you must
-add the following option to the smb.conf file on the selected machine :
-in the [globals] section add the line </P
-><P
-><B
-CLASS="COMMAND"
->		wins support = yes</B
-></P
-><P
->Versions of Samba previous to 1.9.17 had this parameter default to
-yes.  If you have any older versions of Samba on your network it is
-strongly suggested you upgrade to 1.9.17 or above, or at the very
-least set the parameter to 'no' on all these machines.</P
-><P
->Machines with "<B
-CLASS="COMMAND"
->wins support = yes</B
->" will keep a list of 
-all NetBIOS names registered with them, acting as a DNS for NetBIOS names.</P
-><P
->You should set up only ONE wins server.  Do NOT set the
-"<B
-CLASS="COMMAND"
->wins support = yes</B
->" option on more than one Samba 
-server.</P
-><P
->To set up a Windows NT Server as a WINS server you need to set up
-the WINS service - see your NT documentation for details.  Note that
-Windows NT WINS Servers can replicate to each other, allowing more
-than one to be set up in a complex subnet environment.  As Microsoft
-refuse to document these replication protocols Samba cannot currently
-participate in these replications.  It is possible in the future that
-a Samba-&#62;Samba WINS replication protocol may be defined, in which
-case more than one Samba machine could be set up as a WINS server
-but currently only one Samba server should have the "wins support = yes"
-parameter set.</P
-><P
->After the WINS server has been configured you must ensure that all
-machines participating on the network are configured with the address
-of this WINS server.  If your WINS server is a Samba machine, fill in
-the Samba machine IP address in the "Primary WINS Server" field of
-the "Control Panel-&#62;Network-&#62;Protocols-&#62;TCP-&#62;WINS Server" dialogs
-in Windows 95 or Windows NT.  To tell a Samba server the IP address
-of the WINS server add the following line to the [global] section of
-all smb.conf files :</P
-><P
-><B
-CLASS="COMMAND"
->		wins server = &gt;name or IP address&lt;</B
-></P
-><P
->where &gt;name or IP address&lt; is either the DNS name of the WINS server
-machine or its IP address.</P
-><P
->Note that this line MUST NOT BE SET in the smb.conf file of the Samba
-server acting as the WINS server itself.  If you set both the
-"<B
-CLASS="COMMAND"
->wins support = yes</B
->" option and the 
-"<B
-CLASS="COMMAND"
->wins server = &gt;name&lt;</B
->" option then
-nmbd will fail to start.</P
-><P
->There are two possible scenarios for setting up cross subnet browsing.
-The first details setting up cross subnet browsing on a network containing
-Windows 95, Samba and Windows NT machines that are not configured as
-part of a Windows NT Domain.  The second details setting up cross subnet
-browsing on networks that contain NT Domains.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN82"
->Setting up Browsing in a WORKGROUP</A
-></H1
-><P
->To set up cross subnet browsing on a network containing machines
-in up to be in a WORKGROUP, not an NT Domain you need to set up one
-Samba server to be the Domain Master Browser (note that this is *NOT*
-the same as a Primary Domain Controller, although in an NT Domain the
-same machine plays both roles).  The role of a Domain master browser is
-to collate the browse lists from local master browsers on all the
-subnets that have a machine participating in the workgroup.  Without
-one machine configured as a domain master browser each subnet would
-be an isolated workgroup, unable to see any machines on any other
-subnet.  It is the presense of a domain master browser that makes
-cross subnet browsing possible for a workgroup.</P
-><P
->In an WORKGROUP environment the domain master browser must be a
-Samba server, and there must only be one domain master browser per
-workgroup name.  To set up a Samba server as a domain master browser,
-set the following option in the [global] section of the smb.conf file :</P
-><P
-><B
-CLASS="COMMAND"
->		domain master = yes</B
-></P
-><P
->The domain master browser should also preferrably be the local master
-browser for its own subnet.  In order to achieve this set the following
-options in the [global] section of the smb.conf file :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = yes
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
-></P
-><P
->The domain master browser may be the same machine as the WINS
-server, if you require.</P
-><P
->Next, you should ensure that each of the subnets contains a
-machine that can act as a local master browser for the
-workgroup.  Any NT machine should be able to do this, as will
-Windows 95 machines (although these tend to get rebooted more
-often, so it's not such a good idea to use these).  To make a 
-Samba server a local master browser set the following
-options in the [global] section of the smb.conf file :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
-></P
-><P
->Do not do this for more than one Samba server on each subnet,
-or they will war with each other over which is to be the local
-master browser.</P
-><P
->The "local master" parameter allows Samba to act as a local master
-browser.  The "preferred master" causes nmbd to force a browser
-election on startup and the "os level" parameter sets Samba high
-enough so that it should win any browser elections.</P
-><P
->If you have an NT machine on the subnet that you wish to
-be the local master browser then you can disable Samba from
-becoming a local master browser by setting the following
-options in the [global] section of the smb.conf file :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0</PRE
-></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN100"
->Setting up Browsing in a DOMAIN</A
-></H1
-><P
->If you are adding Samba servers to a Windows NT Domain then
-you must not set up a Samba server as a domain master browser.
-By default, a Windows NT Primary Domain Controller for a Domain
-name is also the Domain master browser for that name, and many
-things will break if a Samba server registers the Domain master
-browser NetBIOS name (DOMAIN&gt;1B&lt;) with WINS instead of the PDC.</P
-><P
->For subnets other than the one containing the Windows NT PDC
-you may set up Samba servers as local master browsers as
-described.  To make a Samba server a local master browser set 
-the following options in the [global] section of the smb.conf 
-file :</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
-></P
-><P
->If you wish to have a Samba server fight the election with machines
-on the same subnet you may set the "os level" parameter to lower
-levels.  By doing this you can tune the order of machines that
-will become local master browsers if they are running.  For
-more details on this see the section "FORCING SAMBA TO BE THE MASTER"
-below.</P
-><P
->If you have Windows NT machines that are members of the domain
-on all subnets, and you are sure they will always be running then
-you can disable Samba from taking part in browser elections and
-ever becoming a local master browser by setting following options 
-in the [global] section of the smb.conf file :</P
-><P
-><B
-CLASS="COMMAND"
->        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0</B
-></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN110"
->Forcing samba to be the master</A
-></H1
-><P
->Who becomes the "master browser" is determined by an election process
-using broadcasts.  Each election packet contains a number of parameters
-which determine what precedence (bias) a host should have in the
-election.  By default Samba uses a very low precedence and thus loses
-elections to just about anyone else.</P
-><P
->If you want Samba to win elections then just set the "os level" global
-option in smb.conf to a higher number.  It defaults to 0.  Using 34
-would make it win all elections over every other system (except other
-samba systems!)</P
-><P
->A "os level" of 2 would make it beat WfWg and Win95, but not NTAS.  A
-NTAS domain controller uses level 32.</P
-><P
->The maximum os level is 255</P
-><P
->If you want samba to force an election on startup, then set the
-"preferred master" global option in smb.conf to "yes".  Samba will
-then have a slight advantage over other potential master browsers
-that are not preferred master browsers.  Use this parameter with
-care, as if you have two hosts (whether they are windows 95 or NT or
-samba) on the same local subnet both set with "preferred master" to
-"yes", then periodically and continually they will force an election
-in order to become the local master browser.</P
-><P
->If you want samba to be a "domain master browser", then it is
-recommended that you also set "preferred master" to "yes", because
-samba will not become a domain master browser for the whole of your
-LAN or WAN if it is not also a local master browser on its own
-broadcast isolated subnet.</P
-><P
->It is possible to configure two samba servers to attempt to become
-the domain master browser for a domain.  The first server that comes
-up will be the domain master browser.  All other samba servers will
-attempt to become the domain master browser every 5 minutes.  They
-will find that another samba server is already the domain master
-browser and will fail.  This provides automatic redundancy, should
-the current domain master browser fail.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN119"
->Making samba the domain master</A
-></H1
-><P
->The domain master is responsible for collating the browse lists of
-multiple subnets so that browsing can occur between subnets.  You can
-make samba act as the domain master by setting "domain master = yes"
-in smb.conf.  By default it will not be a domain master.</P
-><P
->Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain.</P
-><P
->When samba is the domain master and the master browser it will listen
-for master announcements (made roughly every twelve minutes) from local
-master browsers on other subnets and then contact them to synchronise
-browse lists.</P
-><P
->If you want samba to be the domain master then I suggest you also set
-the "os level" high enough to make sure it wins elections, and set
-"preferred master" to "yes", to get samba to force an election on
-startup.</P
-><P
->Note that all your servers (including samba) and clients should be
-using a WINS server to resolve NetBIOS names.  If your clients are only
-using broadcasting to resolve NetBIOS names, then two things will occur:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	your local master browsers will be unable to find a domain master
-	browser, as it will only be looking on the local subnet.
-	</P
-></LI
-><LI
-><P
->	if a client happens to get hold of a domain-wide browse list, and
-	a user attempts to access a host in that list, it will be unable to
-	resolve the NetBIOS name of that host.
-	</P
-></LI
-></OL
-><P
->If, however, both samba and your clients are using a WINS server, then:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	your local master browsers will contact the WINS server and, as long as
-	samba has registered that it is a domain master browser with the WINS
-	server, your local master browser will receive samba's ip address
-	as its domain master browser.
-	</P
-></LI
-><LI
-><P
->	when a client receives a domain-wide browse list, and a user attempts
-	to access a host in that list, it will contact the WINS server to
-	resolve the NetBIOS name of that host.  as long as that host has
-	registered its NetBIOS name with the same WINS server, the user will
-	be able to see that host.  
-	</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN137"
->Note about broadcast addresses</A
-></H1
-><P
->If your network uses a "0" based broadcast address (for example if it
-ends in a 0) then you will strike problems.  Windows for Workgroups
-does not seem to support a 0's broadcast and you will probably find
-that browsing and name lookups won't work.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN140"
->Multiple interfaces</A
-></H1
-><P
->Samba now supports machines with multiple network interfaces.  If you
-have multiple interfaces then you will need to use the "interfaces"
-option in smb.conf to configure them.  See smb.conf(5) for details.</P
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/Bugs.html b/docs/htmldocs/Bugs.html
deleted file mode 100644
index 0f7fb7bd609..00000000000
--- a/docs/htmldocs/Bugs.html
+++ /dev/null
@@ -1,238 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->Reporting Bugs</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="ARTICLE"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="ARTICLE"
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="BUGREPORT"
->Reporting Bugs</A
-></H1
-><HR></DIV
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN3"
->Introduction</A
-></H1
-><P
->The email address for bug reports is samba@samba.org</P
-><P
->Please take the time to read this file before you submit a bug
-report. Also, please see if it has changed between releases, as we
-may be changing the bug reporting mechanism at some time.</P
-><P
->Please also do as much as you can yourself to help track down the
-bug. Samba is maintained by a dedicated group of people who volunteer
-their time, skills and efforts. We receive far more mail about it than
-we can possibly answer, so you have a much higher chance of an answer
-and a fix if you send us a "developer friendly" bug report that lets
-us fix it fast. </P
-><P
->Do not assume that if you post the bug to the comp.protocols.smb
-newsgroup or the mailing list that we will read it. If you suspect that your 
-problem is not a bug but a configuration problem then it is better to send 
-it to the Samba mailing list, as there are (at last count) 5000 other users on
-that list that may be able to help you.</P
-><P
->You may also like to look though the recent mailing list archives,
-which are conveniently accessible on the Samba web pages
-at http://samba.org/samba/ </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN10"
->General info</A
-></H1
-><P
->Before submitting a bug report check your config for silly
-errors. Look in your log files for obvious messages that tell you that
-you've misconfigured something and run testparm to test your config
-file for correct syntax.</P
-><P
->Have you run through the <A
-HREF="Diagnosis.html"
-TARGET="_top"
->diagnosis</A
->? 
-This is very important.</P
-><P
->If you include part of a log file with your bug report then be sure to
-annotate it with exactly what you were doing on the client at the
-time, and exactly what the results were.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN16"
->Debug levels</A
-></H1
-><P
->If the bug has anything to do with Samba behaving incorrectly as a
-server (like refusing to open a file) then the log files will probably
-be very useful. Depending on the problem a log level of between 3 and
-10 showing the problem may be appropriate. A higher level givesmore
-detail, but may use too much disk space.</P
-><P
->To set the debug level use <B
-CLASS="COMMAND"
->log level =</B
-> in your 
-<TT
-CLASS="FILENAME"
->smb.conf</TT
->. You may also find it useful to set the log 
-level higher for just one machine and keep separate logs for each machine. 
-To do this use:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->log level = 10
-log file = /usr/local/samba/lib/log.%m
-include = /usr/local/samba/lib/smb.conf.%m</PRE
-></P
-><P
->then create a file 
-<TT
-CLASS="FILENAME"
->/usr/local/samba/lib/smb.conf.machine</TT
-> where
-"machine" is the name of the client you wish to debug. In that file
-put any smb.conf commands you want, for example 
-<B
-CLASS="COMMAND"
->log level=</B
-> may be useful. This also allows you to 
-experiment with different security systems, protocol levels etc on just 
-one machine.</P
-><P
->The <TT
-CLASS="FILENAME"
->smb.conf</TT
-> entry <B
-CLASS="COMMAND"
->log level =</B
-> 
-is synonymous with the entry <B
-CLASS="COMMAND"
->debuglevel =</B
-> that has been 
-used in older versions of Samba and is being retained for backwards 
-compatibility of smb.conf files.</P
-><P
->As the <B
-CLASS="COMMAND"
->log level =</B
-> value is increased you will record 
-a significantly increasing level of debugging information. For most 
-debugging operations you may not need a setting higher than 3. Nearly 
-all bugs can be tracked at a setting of 10, but be prepared for a VERY 
-large volume of log data.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN33"
->Internal errors</A
-></H1
-><P
->If you get a "INTERNAL ERROR" message in your log files it means that
-Samba got an unexpected signal while running. It is probably a
-segmentation fault and almost certainly means a bug in Samba (unless
-you have faulty hardware or system software)</P
-><P
->If the message came from smbd then it will probably be accompanied by
-a message which details the last SMB message received by smbd. This
-info is often very useful in tracking down the problem so please
-include it in your bug report.</P
-><P
->You should also detail how to reproduce the problem, if
-possible. Please make this reasonably detailed.</P
-><P
->You may also find that a core file appeared in a "corefiles"
-subdirectory of the directory where you keep your samba log
-files. This file is the most useful tool for tracking down the bug. To
-use it you do this:</P
-><P
-><B
-CLASS="COMMAND"
->gdb smbd core</B
-></P
-><P
->adding appropriate paths to smbd and core so gdb can find them. If you
-don't have gdb then try "dbx". Then within the debugger use the
-command "where" to give a stack trace of where the problem
-occurred. Include this in your mail.</P
-><P
->If you known any assembly language then do a "disass" of the routine
-where the problem occurred (if its in a library routine then
-disassemble the routine that called it) and try to work out exactly
-where the problem is by looking at the surrounding code. Even if you
-don't know assembly then incuding this info in the bug report can be
-useful. </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN43"
->Attaching to a running process</A
-></H1
-><P
->Unfortunately some unixes (in particular some recent linux kernels)
-refuse to dump a core file if the task has changed uid (which smbd
-does often). To debug with this sort of system you could try to attach
-to the running process using "gdb smbd PID" where you get PID from
-smbstatus. Then use "c" to continue and try to cause the core dump
-using the client. The debugger should catch the fault and tell you
-where it occurred.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN46"
->Patches</A
-></H1
-><P
->The best sort of bug report is one that includes a fix! If you send us
-patches please use <B
-CLASS="COMMAND"
->diff -u</B
-> format if your version of 
-diff supports it, otherwise use <B
-CLASS="COMMAND"
->diff -c4</B
->. Make sure 
-your do the diff against a clean version of the source and let me know 
-exactly what version you used. </P
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/Diagnosis.html b/docs/htmldocs/Diagnosis.html
deleted file mode 100644
index 1944c37be91..00000000000
--- a/docs/htmldocs/Diagnosis.html
+++ /dev/null
@@ -1,548 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->Diagnosing your samba server</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="ARTICLE"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="ARTICLE"
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="DIAGNOSIS"
->Diagnosing your samba server</A
-></H1
-><HR></DIV
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN3"
->Introduction</A
-></H1
-><P
->This file contains a list of tests you can perform to validate your
-Samba server. It also tells you what the likely cause of the problem
-is if it fails any one of these steps. If it passes all these tests
-then it is probably working fine.</P
-><P
->You should do ALL the tests, in the order shown. I have tried to
-carefully choose them so later tests only use capabilities verified in
-the earlier tests.</P
-><P
->If you send me an email saying "it doesn't work" and you have not
-followed this test procedure then you should not be surprised if I
-ignore your email.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN8"
->Assumptions</A
-></H1
-><P
->In all of the tests I assume you have a Samba server called BIGSERVER
-and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
-PC is running windows for workgroups with a recent copy of the
-microsoft tcp/ip stack. Alternatively, your PC may be running Windows
-95 or Windows NT (Workstation or Server).</P
-><P
->The procedure is similar for other types of clients.</P
-><P
->I also assume you know the name of an available share in your
-smb.conf. I will assume this share is called "tmp". You can add a
-"tmp" share like by adding the following to smb.conf:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->&#13;[tmp]
- comment = temporary files 
- path = /tmp
- read only = yes&#13;</PRE
-></P
-><P
->THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
-COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
-><P
->Please pay attention to the error messages you receive. If any error message
-reports that your server is being unfriendly you should first check that you
-IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
-file points to name servers that really do exist.</P
-><P
->Also, if you do not have DNS server access for name resolution please check
-that the settings for your smb.conf file results in "dns proxy = no". The
-best way to check this is with "testparm smb.conf"</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN18"
->Tests</A
-></H1
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="AEN20"
->Test 1</A
-></H2
-><P
->In the directory in which you store your smb.conf file, run the command
-"testparm smb.conf". If it reports any errors then your smb.conf
-configuration file is faulty.</P
-><P
->Note:	Your smb.conf file may be located in: <TT
-CLASS="FILENAME"
->/etc</TT
->
-	Or in:   <TT
-CLASS="FILENAME"
->/usr/local/samba/lib</TT
-></P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN26"
->Test 2</A
-></H2
-><P
->Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
-the unix box. If you don't get a valid response then your TCP/IP
-software is not correctly installed. </P
-><P
->Note that you will need to start a "dos prompt" window on the PC to
-run ping.</P
-><P
->If you get a message saying "host not found" or similar then your DNS
-software or /etc/hosts file is not correctly setup. It is possible to
-run samba without DNS entries for the server and client, but I assume
-you do have correct entries for the remainder of these tests. </P
-><P
->Another reason why ping might fail is if your host is running firewall 
-software. You will need to relax the rules to let in the workstation
-in question, perhaps by allowing access from another subnet (on Linux
-this is done via the ipfwadm program.)</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN32"
->Test 3</A
-></H2
-><P
->Run the command "smbclient -L BIGSERVER" on the unix box. You
-should get a list of available shares back. </P
-><P
->If you get a error message containing the string "Bad password" then
-you probably have either an incorrect "hosts allow", "hosts deny" or
-"valid users" line in your smb.conf, or your guest account is not
-valid. Check what your guest account is using "testparm" and
-temporarily remove any "hosts allow", "hosts deny", "valid users" or
-"invalid users" lines.</P
-><P
->If you get a "connection refused" response then the smbd server may
-not be running. If you installed it in inetd.conf then you probably edited
-that file incorrectly. If you installed it as a daemon then check that
-it is running, and check that the netbios-ssn port is in a LISTEN
-state using "netstat -a".</P
-><P
->If you get a "session request failed" then the server refused the
-connection. If it says "Your server software is being unfriendly" then
-its probably because you have invalid command line parameters to smbd,
-or a similar fatal problem with the initial startup of smbd. Also
-check your config file (smb.conf) for syntax errors with "testparm"
-and that the various directories where samba keeps its log and lock
-files exist.</P
-><P
->There are a number of reasons for which smbd may refuse or decline
-a session request. The most common of these involve one or more of
-the following smb.conf file entries:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->	hosts deny = ALL
-	hosts allow = xxx.xxx.xxx.xxx/yy
-	bind interfaces only = Yes</PRE
-></P
-><P
->In the above, no allowance has been made for any session requests that
-will automatically translate to the loopback adaptor address 127.0.0.1.
-To solve this problem change these lines to:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->	hosts deny = ALL
-	hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
-></P
-><P
->Do NOT use the "bind interfaces only" parameter where you may wish to
-use the samba password change facility, or where smbclient may need to
-access local service for name resolution or for local resource
-connections. (Note: the "bind interfaces only" parameter deficiency
-where it will not allow connections to the loopback address will be
-fixed soon).</P
-><P
->Another common cause of these two errors is having something already running 
-on port 139, such as Samba (ie: smbd is running from inetd already) or
-something like Digital's Pathworks. Check your inetd.conf file before trying
-to start smbd as a daemon, it can avoid a lot of frustration!</P
-><P
->And yet another possible cause for failure of TEST 3 is when the subnet mask
-and / or broadcast address settings are incorrect. Please check that the
-network interface IP Address / Broadcast Address / Subnet Mask settings are
-correct and that Samba has correctly noted these in the log.nmb file.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN47"
->Test 4</A
-></H2
-><P
->Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
-IP address of your Samba server back.</P
-><P
->If you don't then nmbd is incorrectly installed. Check your inetd.conf
-if you run it from there, or that the daemon is running and listening
-to udp port 137.</P
-><P
->One common problem is that many inetd implementations can't take many
-parameters on the command line. If this is the case then create a
-one-line script that contains the right parameters and run that from
-inetd.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN52"
->Test 5</A
-></H2
-><P
->run the command <B
-CLASS="COMMAND"
->nmblookup -B ACLIENT '*'</B
-></P
-><P
->You should get the PCs IP address back. If you don't then the client
-software on the PC isn't installed correctly, or isn't started, or you
-got the name of the PC wrong. </P
-><P
->If ACLIENT doesn't resolve via DNS then use the IP address of the
-client in the above test.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN58"
->Test 6</A
-></H2
-><P
->Run the command <B
-CLASS="COMMAND"
->nmblookup -d 2 '*'</B
-></P
-><P
->This time we are trying the same as the previous test but are trying
-it via a broadcast to the default broadcast address. A number of
-Netbios/TCPIP hosts on the network should respond, although Samba may
-not catch all of the responses in the short time it listens. You
-should see "got a positive name query response" messages from several
-hosts.</P
-><P
->If this doesn't give a similar result to the previous test then
-nmblookup isn't correctly getting your broadcast address through its
-automatic mechanism. In this case you should experiment use the
-"interfaces" option in smb.conf to manually configure your IP
-address, broadcast and netmask. </P
-><P
->If your PC and server aren't on the same subnet then you will need to
-use the -B option to set the broadcast address to the that of the PCs
-subnet.</P
-><P
->This test will probably fail if your subnet mask and broadcast address are
-not correct. (Refer to TEST 3 notes above).</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN66"
->Test 7</A
-></H2
-><P
->Run the command <B
-CLASS="COMMAND"
->smbclient //BIGSERVER/TMP</B
->. You should 
-then be prompted for a password. You should use the password of the account
-you are logged into the unix box with. If you want to test with
-another account then add the -U &gt;accountname&lt; option to the end of
-the command line.  eg: 
-<B
-CLASS="COMMAND"
->smbclient //bigserver/tmp -Ujohndoe</B
-></P
-><P
->Note: It is possible to specify the password along with the username
-as follows:
-<B
-CLASS="COMMAND"
->smbclient //bigserver/tmp -Ujohndoe%secret</B
-></P
-><P
->Once you enter the password you should get the "smb&#62;" prompt. If you
-don't then look at the error message. If it says "invalid network
-name" then the service "tmp" is not correctly setup in your smb.conf.</P
-><P
->If it says "bad password" then the likely causes are:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	you have shadow passords (or some other password system) but didn't
-	compile in support for them in smbd
-	</P
-></LI
-><LI
-><P
->	your "valid users" configuration is incorrect
-	</P
-></LI
-><LI
-><P
->	you have a mixed case password and you haven't enabled the "password
-	level" option at a high enough level
-	</P
-></LI
-><LI
-><P
->	the "path =" line in smb.conf is incorrect. Check it with testparm
-	</P
-></LI
-><LI
-><P
->	you enabled password encryption but didn't create the SMB encrypted
-	password file
-	</P
-></LI
-></OL
-><P
->Once connected you should be able to use the commands 
-<B
-CLASS="COMMAND"
->dir</B
-> <B
-CLASS="COMMAND"
->get</B
-> <B
-CLASS="COMMAND"
->put</B
-> etc. 
-Type <B
-CLASS="COMMAND"
->help &gt;command&lt;</B
-> for instructions. You should
-especially check that the amount of free disk space shown is correct
-when you type <B
-CLASS="COMMAND"
->dir</B
->.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN92"
->Test 8</A
-></H2
-><P
->On the PC type the command <B
-CLASS="COMMAND"
->net view \\BIGSERVER</B
->. You will 
-need to do this from within a "dos prompt" window. You should get back a 
-list of available shares on the server.</P
-><P
->If you get a "network name not found" or similar error then netbios
-name resolution is not working. This is usually caused by a problem in
-nmbd. To overcome it you could do one of the following (you only need
-to choose one of them):</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	fixup the nmbd installation</P
-></LI
-><LI
-><P
->	add the IP address of BIGSERVER to the "wins server" box in the
-	advanced tcp/ip setup on the PC.</P
-></LI
-><LI
-><P
->	enable windows name resolution via DNS in the advanced section of
-	the tcp/ip setup</P
-></LI
-><LI
-><P
->	add BIGSERVER to your lmhosts file on the PC.</P
-></LI
-></OL
-><P
->If you get a "invalid network name" or "bad password error" then the
-same fixes apply as they did for the "smbclient -L" test above. In
-particular, make sure your "hosts allow" line is correct (see the man
-pages)</P
-><P
->Also, do not overlook that fact that when the workstation requests the
-connection to the samba server it will attempt to connect using the 
-name with which you logged onto your Windows machine. You need to make
-sure that an account exists on your Samba server with that exact same
-name and password.</P
-><P
->If you get "specified computer is not receiving requests" or similar
-it probably means that the host is not contactable via tcp services.
-Check to see if the host is running tcp wrappers, and if so add an entry in
-the hosts.allow file for your client (or subnet, etc.)</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN109"
->Test 9</A
-></H2
-><P
->Run the command <B
-CLASS="COMMAND"
->net use x: \\BIGSERVER\TMP</B
->. You should 
-be prompted for a password then you should get a "command completed 
-successfully" message. If not then your PC software is incorrectly 
-installed or your smb.conf is incorrect. make sure your "hosts allow" 
-and other config lines in smb.conf are correct.</P
-><P
->It's also possible that the server can't work out what user name to
-connect you as. To see if this is the problem add the line "user =
-USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
-username corresponding to the password you typed. If you find this
-fixes things you may need the username mapping option.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN114"
->Test 10</A
-></H2
-><P
->Run the command <B
-CLASS="COMMAND"
->nmblookup -M TESTGROUP</B
-> where 
-TESTGROUP is the name of the workgroup that your Samba server and 
-Windows PCs belong to. You should get back the IP address of the 
-master browser for that workgroup.</P
-><P
->If you don't then the election process has failed. Wait a minute to
-see if it is just being slow then try again. If it still fails after
-that then look at the browsing options you have set in smb.conf. Make
-sure you have <B
-CLASS="COMMAND"
->preferred master = yes</B
-> to ensure that 
-an election is held at startup.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN120"
->Test 11</A
-></H2
-><P
->From file manager try to browse the server. Your samba server should
-appear in the browse list of your local workgroup (or the one you
-specified in smb.conf). You should be able to double click on the name
-of the server and get a list of shares. If you get a "invalid
-password" error when you do then you are probably running WinNT and it
-is refusing to browse a server that has no encrypted password
-capability and is in user level security mode. In this case either set
-<B
-CLASS="COMMAND"
->security = server</B
-> AND 
-<B
-CLASS="COMMAND"
->password server = Windows_NT_Machine</B
-> in your
-smb.conf file, or enable encrypted passwords AFTER compiling in support
-for encrypted passwords (refer to the Makefile).</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN125"
->Still having troubles?</A
-></H1
-><P
->Try the mailing list or newsgroup, or use the ethereal utility to
-sniff the problem. The official samba mailing list can be reached at
-<A
-HREF="mailto:samba@samba.org"
-TARGET="_top"
->samba@samba.org</A
->. To find 
-out more about samba and how to subscribe to the mailing list check 
-out the samba web page at 
-<A
-HREF="http://samba.org/samba"
-TARGET="_top"
->http://samba.org/samba</A
-></P
-><P
->Also look at the other docs in the Samba package!</P
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/Printing.html b/docs/htmldocs/Printing.html
deleted file mode 100644
index 6c8b1962404..00000000000
--- a/docs/htmldocs/Printing.html
+++ /dev/null
@@ -1,408 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->Debugging Printing Problems</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="ARTICLE"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="ARTICLE"
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="PRINTING_DEBUG"
->Debugging Printing Problems</A
-></H1
-><HR></DIV
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN3"
->Introduction</A
-></H1
-><P
->This is a short description of how to debug printing problems with
-Samba. This describes how to debug problems with printing from a SMB
-client to a Samba server, not the other way around. For the reverse
-see the examples/printing directory.</P
-><P
->Ok, so you want to print to a Samba server from your PC. The first
-thing you need to understand is that Samba does not actually do any
-printing itself, it just acts as a middleman between your PC client
-and your Unix printing subsystem. Samba receives the file from the PC
-then passes the file to a external "print command". What print command
-you use is up to you.</P
-><P
->The whole things is controlled using options in smb.conf. The most
-relevant options (which you should look up in the smb.conf man page)
-are:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->      [global]
-        print command     - send a file to a spooler
-        lpq command       - get spool queue status
-        lprm command      - remove a job
-      [printers]
-        path = /var/spool/lpd/samba</PRE
-></P
-><P
->The following are nice to know about:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        queuepause command   - stop a printer or print queue
-        queueresume command  - start a printer or print queue</PRE
-></P
-><P
->Example:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->        print command = /usr/bin/lpr -r -P%p %s
-        lpq command   = /usr/bin/lpq    -P%p %s
-        lprm command  = /usr/bin/lprm   -P%p %j
-        queuepause command = /usr/sbin/lpc -P%p stop
-        queuepause command = /usr/sbin/lpc -P%p start</PRE
-></P
-><P
->Samba should set reasonable defaults for these depending on your
-system type, but it isn't clairvoyant. It is not uncommon that you
-have to tweak these for local conditions.  The commands should
-always have fully specified pathnames,  as the smdb may not have
-the correct PATH values.</P
-><P
->When you send a job to Samba to be printed,  it will make a temporary
-copy of it in the directory specified in the [printers] section.
-and it should be periodically cleaned out.  The lpr -r option
-requests that the temporary copy be removed after printing; If
-printing fails then you might find leftover files in this directory,
-and it should be periodically cleaned out.  Samba used the lpq
-command to determine the "job number" assigned to your print job
-by the spooler.</P
-><P
->The %&gt;letter&lt; are "macros" that get dynamically replaced with appropriate
-values when they are used. The %s gets replaced with the name of the spool
-file that Samba creates and the %p gets replaced with the name of the
-printer. The %j gets replaced with the "job number" which comes from
-the lpq output.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN19"
->Debugging printer problems</A
-></H1
-><P
->One way to debug printing problems is to start by replacing these
-command with shell scripts that record the arguments and the contents
-of the print file. A simple example of this kind of things might
-be:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->	print command = /tmp/saveprint %p %s
-
-    #!/bin/saveprint
-    # we make sure that we are the right user
-    /usr/bin/id -p &#62;/tmp/tmp.print
-    # we run the command and save the error messages
-    # replace the command with the one appropriate for your system
-    /usr/bin/lpr -r -P$1 $2 2&#62;&#62;&#38;/tmp/tmp.print</PRE
-></P
-><P
->Then you print a file and try removing it.  You may find that the
-print queue needs to be stopped in order to see the queue status
-and remove the job:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->&#13;h4: {42} % echo hi &#62;/tmp/hi
-h4: {43} % smbclient //localhost/lw4
-added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
-Password: 
-Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
-smb: \&#62; print /tmp/hi
-putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
-smb: \&#62; queue
-1049     3            hi-17534
-smb: \&#62; cancel 1049
-Error cancelling job 1049 : code 0
-smb: \&#62; cancel 1049
-Job 1049 cancelled
-smb: \&#62; queue
-smb: \&#62; exit</PRE
-></P
-><P
->The 'code 0' indicates that the job was removed.  The comment
-by the  smbclient is a bit misleading on this.
-You can observe the command output and then and look at the
-/tmp/tmp.print file to see what the results are.  You can quickly
-find out if the problem is with your printing system.  Often people
-have problems with their /etc/printcap file or permissions on
-various print queues.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN28"
->What printers do I have?</A
-></H1
-><P
->You can use the 'testprns' program to check to see if the printer
-name you are using is recognized by Samba.  For example,  you can
-use:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->    testprns printer /etc/printcap</PRE
-></P
-><P
->Samba can get its printcap information from a file or from a program.
-You can try the following to see the format of the extracted
-information:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->    testprns -a printer /etc/printcap
-
-    testprns -a printer '|/bin/cat printcap'</PRE
-></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN36"
->Setting up printcap and print servers</A
-></H1
-><P
->You may need to set up some printcaps for your Samba system to use.
-It is strongly recommended that you use the facilities provided by
-the print spooler to set up queues and printcap information.</P
-><P
->Samba requires either a printcap or program to deliver printcap
-information.  This printcap information has the format:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->  name|alias1|alias2...:option=value:...</PRE
-></P
-><P
->For almost all printing systems, the printer 'name' must be composed
-only of alphanumeric or underscore '_' characters.  Some systems also
-allow hyphens ('-') as well.  An alias is an alternative name for the
-printer,  and an alias with a space in it is used as a 'comment'
-about the printer.  The printcap format optionally uses a \ at the end of lines
-to extend the printcap to multiple lines.</P
-><P
->Here are some examples of printcap files:</P
-><P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->pr              just printer name</P
-></LI
-><LI
-><P
->pr|alias        printer name and alias</P
-></LI
-><LI
-><P
->pr|My Printer   printer name, alias used as comment</P
-></LI
-><LI
-><P
->pr:sh:\        Same as pr:sh:cm= testing
-  :cm= \ 
-  testing</P
-></LI
-><LI
-><P
->pr:sh           Same as pr:sh:cm= testing
-  :cm= testing</P
-></LI
-></OL
-></P
-><P
->Samba reads the printcap information when first started.  If you make
-changes in the printcap information, then you must do the following:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->make sure that the print spooler is aware of these changes.
-The LPRng system uses the 'lpc reread' command to do this.</P
-></LI
-><LI
-><P
->make sure that the spool queues, etc., exist and have the
-correct permissions.  The LPRng system uses the 'checkpc -f'
-command to do this.</P
-></LI
-><LI
-><P
->You now should send a SIGHUP signal to the smbd server to have
-it reread the printcap information.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN64"
->Job sent, no output</A
-></H1
-><P
->This is the most frustrating part of printing.  You may have sent the
-job,  verified that the job was forwarded,  set up a wrapper around
-the command to send the file,  but there was no output from the printer.</P
-><P
->First,  check to make sure that the job REALLY is getting to the
-right print queue.  If you are using a BSD or LPRng print spooler,
-you can temporarily stop the printing of jobs.  Jobs can still be
-submitted, but they will not be printed.  Use:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->  lpc -Pprinter stop</PRE
-></P
-><P
->Now submit a print job and then use 'lpq -Pprinter' to see if the
-job is in the print queue.  If it is not in the print queue then
-you will have to find out why it is not being accepted for printing.</P
-><P
->Next, you may want to check to see what the format of the job really
-was.  With the assistance of the system administrator you can view
-the submitted jobs files.  You may be surprised to find that these
-are not in what you would expect to call a printable format.
-You can use the UNIX 'file' utitily to determine what the job
-format actually is:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->    cd /var/spool/lpd/printer   # spool directory of print jobs
-    ls                          # find job files
-    file dfA001myhost</PRE
-></P
-><P
->You should make sure that your printer supports this format OR that
-your system administrator has installed a 'print filter' that will
-convert the file to a format appropriate for your printer.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN75"
->Job sent, strange output</A
-></H1
-><P
->Once you have the job printing, you can then start worrying about
-making it print nicely.</P
-><P
->The most common problem is extra pages of output: banner pages
-OR blank pages at the end.</P
-><P
->If you are getting banner pages,  check and make sure that the
-printcap option or printer option is configured for no banners.
-If you have a printcap,  this is the :sh (suppress header or banner
-page) option.  You should have the following in your printer.</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->   printer: ... :sh</PRE
-></P
-><P
->If you have this option and are still getting banner pages,  there
-is a strong chance that your printer is generating them for you
-automatically.  You should make sure that banner printing is disabled
-for the printer.  This usually requires using the printer setup software
-or procedures supplied by the printer manufacturer.</P
-><P
->If you get an extra page of output,  this could be due to problems
-with your job format,  or if you are generating PostScript jobs,
-incorrect setting on your printer driver on the MicroSoft client.
-For example, under Win95 there is a option:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->  Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|</PRE
-></P
-><P
->that allows you to choose if a Ctrl-D is appended to all jobs.
-This is a very bad thing to do, as most spooling systems will
-automatically add a ^D to the end of the job if it is detected as
-PostScript.  The multiple ^D may cause an additional page of output.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN87"
->Raw PostScript printed</A
-></H1
-><P
->This is a problem that is usually caused by either the print spooling
-system putting information at the start of the print job that makes
-the printer think the job is a text file, or your printer simply
-does not support PostScript.  You may need to enable 'Automatic
-Format Detection' on your printer.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN90"
->Advanced Printing</A
-></H1
-><P
->Note that you can do some pretty magic things by using your
-imagination with the "print command" option and some shell scripts.
-Doing print accounting is easy by passing the %U option to a print
-command shell script. You could even make the print command detect
-the type of output and its size and send it to an appropriate
-printer.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN93"
->Real debugging</A
-></H1
-><P
->If the above debug tips don't help, then maybe you need to bring in
-the bug guns, system tracing. See Tracing.txt in this directory.</P
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html
index fd83c4e09a3..ffd5c3cf241 100644
--- a/docs/htmldocs/Samba-BDC-HOWTO.html
+++ b/docs/htmldocs/Samba-BDC-HOWTO.html
@@ -76,9 +76,13 @@ parameters in the [global]-section of the smb.conf have to be set:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->workgroup = SAMBA
-domain master = yes
-domain logons = yes</PRE
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
 ></P
 ><P
 >Several other things like a [homes] and a [netlogon] share also may be
@@ -171,33 +175,93 @@ NAME="AEN28"
 ><UL
 ><LI
 ><P
->The file private/MACHINE.SID identifies the domain. When a samba
-server is first started, it is created on the fly and must never be
-changed again. This file has to be the same on the PDC and the BDC,
-so the MACHINE.SID has to be copied from the PDC to the BDC.</P
+>	The file <TT
+CLASS="FILENAME"
+>private/MACHINE.SID</TT
+> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> database.  This file cannot just
+	be copied because Samba looks under the key <TT
+CLASS="CONSTANT"
+>SECRETS/SID/<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+></TT
+>.
+	where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </P
+><P
+>	A new option has been added to the <B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+>
+	command to help ease this problem.  When running <B
+CLASS="COMMAND"
+>smbpasswd -S</B
+> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and stored as the
+	new Samba server's machine SID.  See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>
+	man page for more details on this functionality.
+	</P
 ></LI
 ><LI
 ><P
->The Unix user database has to be synchronized from the PDC to the
-BDC. This means that both the /etc/passwd and /etc/group have to be
-replicated from the PDC to the BDC. This can be done manually
-whenever changes are made, or the PDC is set up as a NIS master
-server and the BDC as a NIS slave server. To set up the BDC as a
-mere NIS client would not be enough, as the BDC would not be able to
-access its user database in case of a PDC failure.</P
+>	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</P
 ></LI
 ><LI
 ><P
->The Samba password database in the file private/smbpasswd has to be
-replicated from the PDC to the BDC. This is a bit tricky, see the
-next section.</P
+>	The Samba password database in the file <TT
+CLASS="FILENAME"
+>private/smbpasswd</TT
+>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</P
 ></LI
 ><LI
 ><P
->Any netlogon share has to be replicated from the PDC to the
-BDC. This can be done manually whenever login scripts are changed,
-or it can be done automatically together with the smbpasswd
-synchronization.</P
+>	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</P
 ></LI
 ></UL
 ><P
@@ -206,9 +270,13 @@ by setting</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->workgroup = samba
-domain master = no
-domain logons = yes</PRE
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
 ></P
 ><P
 >in the [global]-section of the smb.conf of the BDC. This makes the BDC
@@ -222,21 +290,58 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN44"
+NAME="AEN57"
 >How do I replicate the smbpasswd file?</A
 ></H2
 ><P
 >Replication of the smbpasswd file is sensitive. It has to be done
-whenever changes to the SAM are made. Every user's password change is
-done in the smbpasswd file and has to be replicated to the BDC. So
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
 replicating the smbpasswd file very often is necessary.</P
 ><P
 >As the smbpasswd file contains plain text password equivalents, it
 must not be sent unencrypted over the wire. The best way to set up
 smbpasswd replication from the PDC to the BDC is to use the utility
-rsync. rsync can use ssh as a transport. ssh itself can be set up to
-accept *only* rsync transfer without requiring the user to type a
-password.</P
+<B
+CLASS="COMMAND"
+>rsync(1)</B
+>. <B
+CLASS="COMMAND"
+>rsync</B
+> can use
+<B
+CLASS="COMMAND"
+>ssh(1)</B
+> as a transport. <B
+CLASS="COMMAND"
+>ssh</B
+> itself
+can be set up to accept <I
+CLASS="EMPHASIS"
+>only</I
+> <B
+CLASS="COMMAND"
+>rsync</B
+> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.</P
+><P
+>Another solution with high potential is to use Samba's <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+for sharing and/or replicating the list of <TT
+CLASS="CONSTANT"
+>sambaAccount</TT
+> entries.
+This can all be done over SSL to ensure security.  See the <A
+HREF="Samba-LDAP-HOWTO.html"
+TARGET="_top"
+>Samba-LDAP-HOWTO</A
+>
+for more details.</P
 ></DIV
 ></DIV
 ></DIV
diff --git a/docs/htmldocs/Samba-Developers-Guide.html b/docs/htmldocs/Samba-Developers-Guide.html
deleted file mode 100644
index 7c008667af4..00000000000
--- a/docs/htmldocs/Samba-Developers-Guide.html
+++ /dev/null
@@ -1,8355 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
-<HTML
-><HEAD
-><TITLE
->SAMBA Developers Guide</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
-><BODY
-CLASS="BOOK"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="BOOK"
-><A
-NAME="SAMBA-DEVELOPER-DOCUMENTATION"><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="SAMBA-DEVELOPER-DOCUMENTATION">SAMBA Developers Guide</H1
-><H3
-CLASS="AUTHOR"
-><A
-NAME="AEN4">SAMBA Team</H3
-><HR></DIV
-><HR><H1
-><A
-NAME="AEN8">Abstract</H1
-><P
-><I
-CLASS="EMPHASIS"
->Last Update</I
-> : Mon Sep 30 15:23:53 CDT 2002</P
-><P
->This book is a collection of documents that might be useful for 
-people developing samba or those interested in doing so.
-It's nothing more than a collection of documents written by samba developers about 
-the internals of various parts of samba and the SMB protocol. It's still incomplete.
-The most recent version of this document
-can be found at <A
-HREF="http://devel.samba.org/"
-TARGET="_top"
->http://devel.samba.org/</A
->.
-Please send updates to <A
-HREF="mailto:jelmer@samba.org"
-TARGET="_top"
->jelmer@samba.org</A
->.</P
-><P
->This documentation is distributed under the GNU General Public License (GPL) 
-version 2.  A copy of the license is included with the Samba source
-distribution.  A copy can be found on-line at <A
-HREF="http://www.fsf.org/licenses/gpl.txt"
-TARGET="_top"
->http://www.fsf.org/licenses/gpl.txt</A
-></P
-><DIV
-CLASS="TOC"
-><DL
-><DT
-><B
->Table of Contents</B
-></DT
-><DT
-><A
-HREF="#NETBIOS"
->Definition of NetBIOS Protocol and Name Resolution Modes</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN24"
->NETBIOS</A
-></DT
-><DT
-><A
-HREF="#AEN35"
->BROADCAST NetBIOS</A
-></DT
-><DT
-><A
-HREF="#AEN39"
->NBNS NetBIOS</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#ARCHITECTURE"
->Samba Architecture</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN54"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN65"
->Multithreading and Samba</A
-></DT
-><DT
-><A
-HREF="#AEN70"
->Threading smbd</A
-></DT
-><DT
-><A
-HREF="#AEN86"
->Threading nmbd</A
-></DT
-><DT
-><A
-HREF="#AEN92"
->nbmd Design</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#DEBUG"
->The samba DEBUG system</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN103"
->New Output Syntax</A
-></DT
-><DT
-><A
-HREF="#AEN128"
->The DEBUG() Macro</A
-></DT
-><DT
-><A
-HREF="#AEN151"
->The DEBUGADD() Macro</A
-></DT
-><DT
-><A
-HREF="#AEN159"
->The DEBUGLVL() Macro</A
-></DT
-><DT
-><A
-HREF="#AEN179"
->New Functions</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN181"
->dbgtext()</A
-></DT
-><DT
-><A
-HREF="#AEN184"
->dbghdr()</A
-></DT
-><DT
-><A
-HREF="#AEN188"
->format_debug_text()</A
-></DT
-></DL
-></DD
-></DL
-></DD
-><DT
-><A
-HREF="#CODINGSUGGESTIONS"
->Coding Suggestions</A
-></DT
-><DT
-><A
-HREF="#INTERNALS"
->Samba Internals</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN284"
->Character Handling</A
-></DT
-><DT
-><A
-HREF="#AEN288"
->The new functions</A
-></DT
-><DT
-><A
-HREF="#AEN317"
->Macros in byteorder.h</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN320"
->CVAL(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN323"
->PVAL(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN326"
->SCVAL(buf,pos,val)</A
-></DT
-><DT
-><A
-HREF="#AEN329"
->SVAL(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN332"
->IVAL(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN335"
->SVALS(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN338"
->IVALS(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN341"
->SSVAL(buf,pos,val)</A
-></DT
-><DT
-><A
-HREF="#AEN344"
->SIVAL(buf,pos,val)</A
-></DT
-><DT
-><A
-HREF="#AEN347"
->SSVALS(buf,pos,val)</A
-></DT
-><DT
-><A
-HREF="#AEN350"
->SIVALS(buf,pos,val)</A
-></DT
-><DT
-><A
-HREF="#AEN353"
->RSVAL(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN356"
->RIVAL(buf,pos)</A
-></DT
-><DT
-><A
-HREF="#AEN359"
->RSSVAL(buf,pos,val)</A
-></DT
-><DT
-><A
-HREF="#AEN362"
->RSIVAL(buf,pos,val)</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN365"
->LAN Manager Samba API</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN371"
->Parameters</A
-></DT
-><DT
-><A
-HREF="#AEN406"
->Return value</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN420"
->Code character table</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#PARSING"
->The smb.conf file</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN451"
->Lexical Analysis</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN472"
->Handling of Whitespace</A
-></DT
-><DT
-><A
-HREF="#AEN484"
->Handling of Line Continuation</A
-></DT
-><DT
-><A
-HREF="#AEN495"
->Line Continuation Quirks</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN515"
->Syntax</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN530"
->About params.c</A
-></DT
-></DL
-></DD
-></DL
-></DD
-><DT
-><A
-HREF="#UNIX-SMB"
->NetBIOS in a Unix World</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN540"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN544"
->Usernames</A
-></DT
-><DT
-><A
-HREF="#AEN552"
->File Ownership</A
-></DT
-><DT
-><A
-HREF="#AEN557"
->Passwords</A
-></DT
-><DT
-><A
-HREF="#AEN563"
->Locking</A
-></DT
-><DT
-><A
-HREF="#AEN570"
->Deny Modes</A
-></DT
-><DT
-><A
-HREF="#AEN574"
->Trapdoor UIDs</A
-></DT
-><DT
-><A
-HREF="#AEN578"
->Port numbers</A
-></DT
-><DT
-><A
-HREF="#AEN583"
->Protocol Complexity</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#TRACING"
->Tracing samba system calls</A
-></DT
-><DT
-><A
-HREF="#NTDOMAIN"
->NT Domain RPC's</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN651"
->Introduction</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN687"
->Sources</A
-></DT
-><DT
-><A
-HREF="#AEN694"
->Credits</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN701"
->Notes and Structures</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN703"
->Notes</A
-></DT
-><DT
-><A
-HREF="#AEN716"
->Enumerations</A
-></DT
-><DT
-><A
-HREF="#AEN774"
->Structures</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN1570"
->MSRPC over Transact Named Pipe</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN1573"
->MSRPC Pipes</A
-></DT
-><DT
-><A
-HREF="#AEN1587"
->Header</A
-></DT
-><DT
-><A
-HREF="#AEN1841"
->Tail</A
-></DT
-><DT
-><A
-HREF="#AEN1853"
->RPC Bind / Bind Ack</A
-></DT
-><DT
-><A
-HREF="#AEN1897"
->NTLSA Transact Named Pipe</A
-></DT
-><DT
-><A
-HREF="#AEN1938"
->LSA Open Policy</A
-></DT
-><DT
-><A
-HREF="#AEN1972"
->LSA Query Info Policy</A
-></DT
-><DT
-><A
-HREF="#AEN2000"
->LSA Enumerate Trusted Domains</A
-></DT
-><DT
-><A
-HREF="#AEN2024"
->LSA Open Secret</A
-></DT
-><DT
-><A
-HREF="#AEN2053"
->LSA Close</A
-></DT
-><DT
-><A
-HREF="#AEN2070"
->LSA Lookup SIDS</A
-></DT
-><DT
-><A
-HREF="#AEN2129"
->LSA Lookup Names</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2192"
->NETLOGON rpc Transact Named Pipe</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2231"
->LSA Request Challenge</A
-></DT
-><DT
-><A
-HREF="#AEN2266"
->LSA Authenticate 2</A
-></DT
-><DT
-><A
-HREF="#AEN2305"
->LSA Server Password Set</A
-></DT
-><DT
-><A
-HREF="#AEN2334"
->LSA SAM Logon</A
-></DT
-><DT
-><A
-HREF="#AEN2358"
->LSA SAM Logoff</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2381"
->\\MAILSLOT\NET\NTLOGON</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2385"
->Query for PDC</A
-></DT
-><DT
-><A
-HREF="#AEN2459"
->SAM Logon</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2549"
->SRVSVC Transact Named Pipe</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2561"
->Net Share Enum</A
-></DT
-><DT
-><A
-HREF="#AEN2622"
->Net Server Get Info</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2653"
->Cryptographic side of NT Domain Authentication</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2655"
->Definitions</A
-></DT
-><DT
-><A
-HREF="#AEN2698"
->Protocol</A
-></DT
-><DT
-><A
-HREF="#AEN2708"
->Comments</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2715"
->SIDs and RIDs</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2723"
->Well-known SIDs</A
-></DT
-><DT
-><A
-HREF="#AEN2811"
->Well-known RIDS</A
-></DT
-></DL
-></DD
-></DL
-></DD
-><DT
-><A
-HREF="#PRINTING"
->Samba Printing Internals</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2895"
->Abstract</A
-></DT
-><DT
-><A
-HREF="#AEN2898"
->Printing Interface to Various Back ends</A
-></DT
-><DT
-><A
-HREF="#AEN2924"
->Print Queue TDB's</A
-></DT
-><DT
-><A
-HREF="#AEN2958"
->ChangeID &#38; Client Caching of Printer Information</A
-></DT
-><DT
-><A
-HREF="#AEN2961"
->Windows NT/2K Printer Change Notify</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#WINS"
->Samba WINS Internals</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN3032"
->WINS Failover</A
-></DT
-></DL
-></DD
-></DL
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="NETBIOS">Definition of NetBIOS Protocol and Name Resolution Modes</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN24">NETBIOS</H2
-><P
->NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX.
-Samba only uses NetBIOS over TCP/IP.  For details on the TCP/IP NetBIOS 
-Session Service NetBIOS Datagram Service, and NetBIOS Names, see
-rfc1001.txt and rfc1002.txt.</P
-><P
-> 
-NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
-datagrams to be sent out over the 'wire' embedded within LLC frames.
-NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
-is preferable NOT to install NetBEUI if it can be avoided.</P
-><P
-> 
-IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
-preferable NOT to install the IPX/SPX transport unless you are using Novell
-servers.  At the very least, it is recommended that you do not install
-'NetBIOS over IPX/SPX'.</P
-><P
->[When installing Windows 95, you will find that NetBEUI and IPX/SPX are
-installed as the default protocols.  This is because they are the simplest
-to manage: no Windows 95 user-configuration is required].</P
-><P
-> 
-NetBIOS applications (such as samba) offer their services (for example,
-SMB file and print sharing) on a NetBIOS name.  They must claim this name
-on the network before doing so.  The NetBIOS session service will then
-accept connections on the application's behalf (on the NetBIOS name
-claimed by the application).  A NetBIOS session between the application
-and the client can then commence.</P
-><P
-> 
-NetBIOS names consist of 15 characters plus a 'type' character.  This is
-similar, in concept, to an IP address and a TCP port number, respectively.
-A NetBIOS-aware application on a host will offer different services under
-different NetBIOS name types, just as a host will offer different TCP/IP
-services on different port numbers.</P
-><P
-> 
-NetBIOS names must be claimed on a network, and must be defended.  The use
-of NetBIOS names is most suitable on a single subnet; a Local Area Network
-or a Wide Area Network.</P
-><P
-> 
-NetBIOS names are either UNIQUE or GROUP.  Only one application can claim a
-UNIQUE NetBIOS name on a network.</P
-><P
->There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN35">BROADCAST NetBIOS</H2
-><P
-> 
-Clients can claim names, and therefore offer services on successfully claimed
-names, on their broadcast-isolated subnet.  One way to get NetBIOS services
-(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
-SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
-your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.</P
-><P
-> 
-This, however, is not recommended.  If you have a large LAN or WAN, you will
-find that some of your hosts spend 95 percent of their time dealing with
-broadcast traffic.  [If you have IPX/SPX on your LAN or WAN, you will find
-that this is already happening: a packet analyzer will show, roughly
-every twelve minutes, great swathes of broadcast traffic!].</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN39">NBNS NetBIOS</H2
-><P
->rfc1001.txt describes, amongst other things, the implementation and use
-of, a 'NetBIOS Name Service'.  NT/AS offers 'Windows Internet Name Service'
-which is fully rfc1001/2 compliant, but has had to take specific action
-with certain NetBIOS names in order to make it useful.  (for example, it
-deals with the registration of &#60;1c&#62; &#60;1d&#62; &#60;1e&#62; names all in different ways.
-I recommend the reading of the Microsoft WINS Server Help files for full
-details).</P
-><P
-> 
-The use of a WINS server cuts down on broadcast network traffic for
-NetBIOS name resolution.  It has the effect of pulling all the broadcast
-isolated subnets together into a single NetBIOS scope, across your LAN
-or WAN, while avoiding the use of TCP/IP broadcast packets.</P
-><P
->When you have a WINS server on your LAN, WINS clients will be able to
-contact the WINS server to resolve NetBIOS names.  Note that only those
-WINS clients that have registered with the same WINS server will be
-visible.  The WINS server _can_ have static NetBIOS entries added to its
-database (usually for security reasons you might want to consider putting
-your domain controllers or other important servers as static entries,
-but you should not rely on this as your sole means of security), but for
-the most part, NetBIOS names are registered dynamically.</P
-><P
->This provides some confusion for lots of people, and is worth mentioning
-here:  a Browse Server is NOT a WINS Server, even if these services are
-implemented in the same application.  A Browse Server _needs_ a WINS server
-because a Browse Server is a WINS client, which is _not_ the same thing].</P
-><P
->Clients can claim names, and therefore offer services on successfully claimed
-names, on their broadcast-isolated subnet.  One way to get NetBIOS services
-(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
-SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make
-your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
-You will find, however, if you do this on a large LAN or a WAN, that your
-network is completely swamped by NetBIOS and browsing packets, which is why
-WINS was developed to minimise the necessity of broadcast traffic.</P
-><P
-> 
-WINS Clients therefore claim names from the WINS server.  If the WINS
-server allows them to register a name, the client's NetBIOS session service
-can then offer services on this name.  Other WINS clients will then
-contact the WINS server to resolve a NetBIOS name.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="ARCHITECTURE">Samba Architecture</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN54">Introduction</H2
-><P
->This document gives a general overview of how Samba works
-internally. The Samba Team has tried to come up with a model which is
-the best possible compromise between elegance, portability, security
-and the constraints imposed by the very messy SMB and CIFS
-protocol. </P
-><P
->It also tries to answer some of the frequently asked questions such as:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	Is Samba secure when running on Unix? The xyz platform?
-	What about the root priveliges issue?</P
-></LI
-><LI
-><P
->Pros and cons of multithreading in various parts of Samba</P
-></LI
-><LI
-><P
->Why not have a separate process for name resolution, WINS, and browsing?</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN65">Multithreading and Samba</H2
-><P
->People sometimes tout threads as a uniformly good thing. They are very
-nice in their place but are quite inappropriate for smbd. nmbd is
-another matter, and multi-threading it would be very nice. </P
-><P
->The short version is that smbd is not multithreaded, and alternative
-servers that take this approach under Unix (such as Syntax, at the
-time of writing) suffer tremendous performance penalties and are less
-robust. nmbd is not threaded either, but this is because it is not
-possible to do it while keeping code consistent and portable across 35
-or more platforms. (This drawback also applies to threading smbd.)</P
-><P
->The longer versions is that there are very good reasons for not making
-smbd multi-threaded.  Multi-threading would actually make Samba much
-slower, less scalable, less portable and much less robust. The fact
-that we use a separate process for each connection is one of Samba's
-biggest advantages.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN70">Threading smbd</H2
-><P
->A few problems that would arise from a threaded smbd are:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	It's not only to create threads instead of processes, but you
-	must care about all variables if they have to be thread specific
-	(currently they would be global).</P
-></LI
-><LI
-><P
->	if one thread dies (eg. a seg fault) then all threads die. We can
-	immediately throw robustness out the window.</P
-></LI
-><LI
-><P
->	many of the system calls we make are blocking. Non-blocking
-	equivalents of many calls are either not available or are awkward (and
-	slow) to use. So while we block in one thread all clients are
-	waiting. Imagine if one share is a slow NFS filesystem and the others 
-	are fast, we will end up slowing all clients to the speed of NFS.</P
-></LI
-><LI
-><P
->	you can't run as a different uid in different threads. This means
-	we would have to switch uid/gid on _every_ SMB packet. It would be
-	horrendously slow.</P
-></LI
-><LI
-><P
->	the per process file descriptor limit would mean that we could only
-	support a limited number of clients.</P
-></LI
-><LI
-><P
->	we couldn't use the system locking calls as the locking context of
-	fcntl() is a process, not a thread.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN86">Threading nmbd</H2
-><P
->This would be ideal, but gets sunk by portability requirements.</P
-><P
->Andrew tried to write a test threads library for nmbd that used only
-ansi-C constructs (using setjmp and longjmp). Unfortunately some OSes
-defeat this by restricting longjmp to calling addresses that are
-shallower than the current address on the stack (apparently AIX does
-this). This makes a truly portable threads library impossible. So to
-support all our current platforms we would have to code nmbd both with
-and without threads, and as the real aim of threads is to make the
-code clearer we would not have gained anything. (it is a myth that
-threads make things faster. threading is like recursion, it can make
-things clear but the same thing can always be done faster by some
-other method)</P
-><P
->Chris tried to spec out a general design that would abstract threading
-vs separate processes (vs other methods?) and make them accessible
-through some general API. This doesn't work because of the data
-sharing requirements of the protocol (packets in the future depending
-on packets now, etc.) At least, the code would work but would be very
-clumsy, and besides the fork() type model would never work on Unix. (Is there an OS that it would work on, for nmbd?)</P
-><P
->A fork() is cheap, but not nearly cheap enough to do on every UDP
-packet that arrives. Having a pool of processes is possible but is
-nasty to program cleanly due to the enormous amount of shared data (in
-complex structures) between the processes. We can't rely on each
-platform having a shared memory system.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN92">nbmd Design</H2
-><P
->Originally Andrew used recursion to simulate a multi-threaded
-environment, which use the stack enormously and made for really
-confusing debugging sessions. Luke Leighton rewrote it to use a
-queuing system that keeps state information on each packet.  The
-first version used a single structure which was used by all the
-pending states.  As the initialisation of this structure was
-done by adding arguments, as the functionality developed, it got
-pretty messy.  So, it was replaced with a higher-order function
-and a pointer to a user-defined memory block.  This suddenly
-made things much simpler: large numbers of functions could be
-made static, and modularised.  This is the same principle as used
-in NT's kernel, and achieves the same effect as threads, but in
-a single process.</P
-><P
->Then Jeremy rewrote nmbd. The packet data in nmbd isn't what's on the
-wire. It's a nice format that is very amenable to processing but still
-keeps the idea of a distinct packet. See "struct packet_struct" in
-nameserv.h.  It has all the detail but none of the on-the-wire
-mess. This makes it ideal for using in disk or memory-based databases
-for browsing and WINS support. </P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="DEBUG">The samba DEBUG system</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN103">New Output Syntax</H2
-><P
->   The syntax of a debugging log file is represented as:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  &#62;debugfile&#60; :== { &#62;debugmsg&#60; }
-
-  &#62;debugmsg&#60;  :== &#62;debughdr&#60; '\n' &#62;debugtext&#60;
-
-  &#62;debughdr&#60;  :== '[' TIME ',' LEVEL ']' FILE ':' [FUNCTION] '(' LINE ')'
-
-  &#62;debugtext&#60; :== { &#62;debugline&#60; }
-
-  &#62;debugline&#60; :== TEXT '\n'</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->TEXT is a string of characters excluding the newline character.</P
-><P
->LEVEL is the DEBUG level of the message (an integer in the range
-		0..10).</P
-><P
->TIME is a timestamp.</P
-><P
->FILE is the name of the file from which the debug message was
-generated.</P
-><P
->FUNCTION is the function from which the debug message was generated.</P
-><P
->LINE is the line number of the debug statement that generated the
-message.</P
-><P
->Basically, what that all means is:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->A debugging log file is made up of debug messages.</P
-></LI
-><LI
-><P
->Each debug message is made up of a header and text. The header is
-separated from the text by a newline.</P
-></LI
-><LI
-><P
->The header begins with the timestamp and debug level of the
-message enclosed in brackets. The filename, function, and line
-number at which the message was generated follow. The filename is
-terminated by a colon, and the function name is terminated by the
-parenthesis which contain the line number. Depending upon the
-compiler, the function name may be missing (it is generated by the
-__FUNCTION__ macro, which is not universally implemented, dangit).</P
-></LI
-><LI
-><P
->The message text is made up of zero or more lines, each terminated
-by a newline.</P
-></LI
-></OL
-><P
->Here's some example output:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    [1998/08/03 12:55:25, 1] nmbd.c:(659)
-      Netbios nameserver version 1.9.19-prealpha started.
-      Copyright Andrew Tridgell 1994-1997
-    [1998/08/03 12:55:25, 3] loadparm.c:(763)
-      Initializing global parameters</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Note that in the above example the function names are not listed on
-the header line. That's because the example above was generated on an
-SGI Indy, and the SGI compiler doesn't support the __FUNCTION__ macro.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN128">The DEBUG() Macro</H2
-><P
->Use of the DEBUG() macro is unchanged. DEBUG() takes two parameters.
-The first is the message level, the second is the body of a function
-call to the Debug1() function.</P
-><P
->That's confusing.</P
-><P
->Here's an example which may help a bit. If you would write</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->printf( "This is a %s message.\n", "debug" );</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->to send the output to stdout, then you would write</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->DEBUG( 0, ( "This is a %s message.\n", "debug" ) );</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->to send the output to the debug file.  All of the normal printf()
-formatting escapes work.</P
-><P
->Note that in the above example the DEBUG message level is set to 0.
-Messages at level 0 always print.  Basically, if the message level is
-less than or equal to the global value DEBUGLEVEL, then the DEBUG
-statement is processed.</P
-><P
->The output of the above example would be something like:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    [1998/07/30 16:00:51, 0] file.c:function(128)
-      This is a debug message.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Each call to DEBUG() creates a new header *unless* the output produced
-by the previous call to DEBUG() did not end with a '\n'. Output to the
-debug file is passed through a formatting buffer which is flushed
-every time a newline is encountered. If the buffer is not empty when
-DEBUG() is called, the new input is simply appended.</P
-><P
->...but that's really just a Kludge. It was put in place because
-DEBUG() has been used to write partial lines. Here's a simple (dumb)
-example of the kind of thing I'm talking about:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    DEBUG( 0, ("The test returned " ) );
-    if( test() )
-      DEBUG(0, ("True") );
-    else
-      DEBUG(0, ("False") );
-    DEBUG(0, (".\n") );</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Without the format buffer, the output (assuming test() returned true)
-would look like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    [1998/07/30 16:00:51, 0] file.c:function(256)
-      The test returned
-    [1998/07/30 16:00:51, 0] file.c:function(258)
-      True
-    [1998/07/30 16:00:51, 0] file.c:function(261)
-      .</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Which isn't much use. The format buffer kludge fixes this problem.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN151">The DEBUGADD() Macro</H2
-><P
->In addition to the kludgey solution to the broken line problem
-described above, there is a clean solution. The DEBUGADD() macro never
-generates a header. It will append new text to the current debug
-message even if the format buffer is empty. The syntax of the
-DEBUGADD() macro is the same as that of the DEBUG() macro.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    DEBUG( 0, ("This is the first line.\n" ) );
-    DEBUGADD( 0, ("This is the second line.\nThis is the third line.\n" ) );</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Produces</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    [1998/07/30 16:00:51, 0] file.c:function(512)
-      This is the first line.
-      This is the second line.
-      This is the third line.</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN159">The DEBUGLVL() Macro</H2
-><P
->One of the problems with the DEBUG() macro was that DEBUG() lines
-tended to get a bit long. Consider this example from
-nmbd_sendannounce.c:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  DEBUG(3,("send_local_master_announcement: type %x for name %s on subnet %s for workgroup %s\n",
-            type, global_myname, subrec-&#62;subnet_name, work-&#62;work_group));</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->One solution to this is to break it down using DEBUG() and DEBUGADD(),
-as follows:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  DEBUG( 3, ( "send_local_master_announcement: " ) );
-  DEBUGADD( 3, ( "type %x for name %s ", type, global_myname ) );
-  DEBUGADD( 3, ( "on subnet %s ", subrec-&#62;subnet_name ) );
-  DEBUGADD( 3, ( "for workgroup %s\n", work-&#62;work_group ) );</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->A similar, but arguably nicer approach is to use the DEBUGLVL() macro.
-This macro returns True if the message level is less than or equal to
-the global DEBUGLEVEL value, so:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  if( DEBUGLVL( 3 ) )
-    {
-    dbgtext( "send_local_master_announcement: " );
-    dbgtext( "type %x for name %s ", type, global_myname );
-    dbgtext( "on subnet %s ", subrec-&#62;subnet_name );
-    dbgtext( "for workgroup %s\n", work-&#62;work_group );
-    }</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->(The dbgtext() function is explained below.)</P
-><P
->There are a few advantages to this scheme:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->The test is performed only once.</P
-></LI
-><LI
-><P
->You can allocate variables off of the stack that will only be used
-within the DEBUGLVL() block.</P
-></LI
-><LI
-><P
->Processing that is only relevant to debug output can be contained
-within the DEBUGLVL() block.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN179">New Functions</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN181">dbgtext()</H3
-><P
->This function prints debug message text to the debug file (and
-possibly to syslog) via the format buffer. The function uses a
-variable argument list just like printf() or Debug1(). The
-input is printed into a buffer using the vslprintf() function,
-and then passed to format_debug_text().
-
-If you use DEBUGLVL() you will probably print the body of the
-message using dbgtext(). </P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN184">dbghdr()</H3
-><P
->This is the function that writes a debug message header.
-Headers are not processed via the format buffer. Also note that
-if the format buffer is not empty, a call to dbghdr() will not
-produce any output. See the comments in dbghdr() for more info.</P
-><P
->It is not likely that this function will be called directly. It
-is used by DEBUG() and DEBUGADD().</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN188">format_debug_text()</H3
-><P
->This is a static function in debug.c. It stores the output text
-for the body of the message in a buffer until it encounters a
-newline. When the newline character is found, the buffer is
-written to the debug file via the Debug1() function, and the
-buffer is reset. This allows us to add the indentation at the
-beginning of each line of the message body, and also ensures
-that the output is written a line at a time (which cleans up
-syslog output).</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="CODINGSUGGESTIONS">Coding Suggestions</H1
-><P
->So you want to add code to Samba ...</P
-><P
->One of the daunting tasks facing a programmer attempting to write code for
-Samba is understanding the various coding conventions used by those most
-active in the project.  These conventions were mostly unwritten and helped
-improve either the portability, stability or consistency of the code. This
-document will attempt to document a few of the more important coding
-practices used at this time on the Samba project.  The coding practices are
-expected to change slightly over time, and even to grow as more is learned
-about obscure portability considerations.  Two existing documents
-<TT
-CLASS="FILENAME"
->samba/source/internals.doc</TT
-> and 
-<TT
-CLASS="FILENAME"
->samba/source/architecture.doc</TT
-> provide
-additional information.</P
-><P
->The loosely related question of coding style is very personal and this
-document does not attempt to address that subject, except to say that I
-have observed that eight character tabs seem to be preferred in Samba
-source.  If you are interested in the topic of coding style, two oft-quoted
-documents are:</P
-><P
-><A
-HREF="http://lxr.linux.no/source/Documentation/CodingStyle"
-TARGET="_top"
->http://lxr.linux.no/source/Documentation/CodingStyle</A
-></P
-><P
-><A
-HREF="http://www.fsf.org/prep/standards_toc.html"
-TARGET="_top"
->http://www.fsf.org/prep/standards_toc.html</A
-></P
-><P
->But note that coding style in Samba varies due to the many different
-programmers who have contributed.</P
-><P
->Following are some considerations you should use when adding new code to
-Samba.  First and foremost remember that:</P
-><P
->Portability is a primary consideration in adding function, as is network
-compatability with de facto, existing, real world CIFS/SMB implementations.
-There are lots of platforms that Samba builds on so use caution when adding
-a call to a library function that is not invoked in existing Samba code.
-Also note that there are many quite different SMB/CIFS clients that Samba
-tries to support, not all of which follow the SNIA CIFS Technical Reference
-(or the earlier Microsoft reference documents or the X/Open book on the SMB
-Standard) perfectly.</P
-><P
->Here are some other suggestions:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	use d_printf instead of printf for display text
-	reason: enable auto-substitution of translated language text </P
-></LI
-><LI
-><P
->	use SAFE_FREE instead of free
-	reason: reduce traps due to null pointers</P
-></LI
-><LI
-><P
->	don't use bzero use memset, or ZERO_STRUCT and ZERO_STRUCTP macros
-	reason: not POSIX</P
-></LI
-><LI
-><P
->	don't use strcpy and strlen (use safe_* equivalents)
-	reason: to avoid traps due to buffer overruns</P
-></LI
-><LI
-><P
->	don't use getopt_long, use popt functions instead
-	reason: portability</P
-></LI
-><LI
-><P
->	explicitly add const qualifiers on parm passing in functions where parm
-	is input only (somewhat controversial but const can be #defined away)</P
-></LI
-><LI
-><P
->	when passing a va_list as an arg, or assigning one to another
-	please use the VA_COPY() macro
-	reason: on some platforms, va_list is a struct that must be 
-	initialized in each function...can SEGV if you don't.</P
-></LI
-><LI
-><P
->	discourage use of threads
-	reason: portability (also see architecture.doc)</P
-></LI
-><LI
-><P
->	don't explicitly include new header files in C files - new h files 
-	should be included by adding them once to includes.h
-	reason: consistency</P
-></LI
-><LI
-><P
->	don't explicitly extern functions (they are autogenerated by 
-	"make proto" into proto.h)
-	reason: consistency</P
-></LI
-><LI
-><P
->	use endian safe macros when unpacking SMBs (see byteorder.h and
-	internals.doc)
-	reason: not everyone uses Intel</P
-></LI
-><LI
-><P
->	Note Unicode implications of charset handling (see internals.doc).  See
-	pull_*  and push_* and convert_string functions.
-	reason: Internationalization</P
-></LI
-><LI
-><P
->	Don't assume English only
-	reason: See above</P
-></LI
-><LI
-><P
->	Try to avoid using in/out parameters (functions that return data which
-	overwrites input parameters)
-	reason: Can cause stability problems</P
-></LI
-><LI
-><P
->	Ensure copyright notices are correct, don't append Tridge's name to code
-	that he didn't write.  If you did not write the code, make sure that it
-	can coexist with the rest of the Samba GPLed code.</P
-></LI
-><LI
-><P
->	Consider usage of DATA_BLOBs for length specified byte-data.
-	reason: stability</P
-></LI
-><LI
-><P
->	Take advantage of tdbs for database like function
-	reason: consistency</P
-></LI
-><LI
-><P
->	Don't access the SAM_ACCOUNT structure directly, they should be accessed
-	via pdb_get...() and pdb_set...() functions.
-	reason: stability, consistency</P
-></LI
-><LI
-><P
->	Don't check a password directly against the passdb, always use the
-	check_password() interface.
-	reason: long term pluggability</P
-></LI
-><LI
-><P
->	Try to use asprintf rather than pstrings and fstrings where possible</P
-></LI
-><LI
-><P
->	Use normal C comments / * instead of C++ comments // like
-	this.  Although the C++ comment format is part of the C99
-	standard, some older vendor C compilers do not accept it.</P
-></LI
-><LI
-><P
->	Try to write documentation for API functions and structures
-	explaining the point of the code, the way it should be used, and
-	any special conditions or results.  Mark these with a double-star
-	comment start / ** so that they can be picked up by Doxygen, as in
-	this file.</P
-></LI
-><LI
-><P
->	Keep the scope narrow. This means making functions/variables
-	static whenever possible. We don't want our namespace
-	polluted. Each module should have a minimal number of externally
-	visible functions or variables.</P
-></LI
-><LI
-><P
->	Use function pointers to keep knowledge about particular pieces of
-	code isolated in one place. We don't want a particular piece of
-	functionality to be spread out across lots of places - that makes
-	for fragile, hand to maintain code. Instead, design an interface
-	and use tables containing function pointers to implement specific
-	functionality. This is particularly important for command
-	interpreters. </P
-></LI
-><LI
-><P
->	Think carefully about what it will be like for someone else to add
-	to and maintain your code. If it would be hard for someone else to
-	maintain then do it another way. </P
-></LI
-></OL
-><P
->The suggestions above are simply that, suggestions, but the information may
-help in reducing the routine rework done on new code.  The preceeding list
-is expected to change routinely as new support routines and macros are
-added.</P
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="INTERNALS">Samba Internals</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN284">Character Handling</H2
-><P
->This section describes character set handling in Samba, as implemented in
-Samba 3.0 and above</P
-><P
->In the past Samba had very ad-hoc character set handling. Scattered
-throughout the code were numerous calls which converted particular
-strings to/from DOS codepages. The problem is that there was no way of
-telling if a particular char* is in dos codepage or unix
-codepage. This led to a nightmare of code that tried to cope with
-particular cases without handlingt the general case.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN288">The new functions</H2
-><P
->The new system works like this:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	all char* strings inside Samba are "unix" strings. These are
-	multi-byte strings that are in the charset defined by the "unix
-	charset" option in smb.conf. </P
-></LI
-><LI
-><P
->	there is no single fixed character set for unix strings, but any
-	character set that is used does need the following properties:
-	</P
-><P
-></P
-><OL
-TYPE="a"
-><LI
-><P
->		must not contain NULLs except for termination
-	</P
-></LI
-><LI
-><P
->		must be 7-bit compatible with C strings, so that a constant
-		string or character in C will be byte-for-byte identical to the
-		equivalent string in the chosen character set. 
-	</P
-></LI
-><LI
-><P
->		when you uppercase or lowercase a string it does not become
-		longer than the original string
-	</P
-></LI
-><LI
-><P
->		must be able to correctly hold all characters that your client
-		will throw at it
-	</P
-></LI
-></OL
-><P
->	For example, UTF-8 is fine, and most multi-byte asian character sets
-	are fine, but UCS2 could not be used for unix strings as they
-	contain nulls.
-	</P
-></LI
-><LI
-><P
->	when you need to put a string into a buffer that will be sent on the
-	wire, or you need a string in a character set format that is
-	compatible with the clients character set then you need to use a
-	pull_ or push_ function. The pull_ functions pull a string from a
-	wire buffer into a (multi-byte) unix string. The push_ functions
-	push a string out to a wire buffer. </P
-></LI
-><LI
-><P
->	the two main pull_ and push_ functions you need to understand are
-	pull_string and push_string. These functions take a base pointer
-	that should point at the start of the SMB packet that the string is
-	in. The functions will check the flags field in this packet to
-	automatically determine if the packet is marked as a unicode packet,
-	and they will choose whether to use unicode for this string based on
-	that flag. You may also force this decision using the STR_UNICODE or
-	STR_ASCII flags. For use in smbd/ and libsmb/ there are wrapper
-	functions clistr_ and srvstr_ that call the pull_/push_ functions
-	with the appropriate first argument.
-	</P
-><P
->	You may also call the pull_ascii/pull_ucs2 or push_ascii/push_ucs2
-	functions if you know that a particular string is ascii or
-	unicode. There are also a number of other convenience functions in
-	charcnv.c that call the pull_/push_ functions with particularly
-	common arguments, such as pull_ascii_pstring()
-	</P
-></LI
-><LI
-><P
->	The biggest thing to remember is that internal (unix) strings in Samba
-	may now contain multi-byte characters. This means you cannot assume
-	that characters are always 1 byte long. Often this means that you will
-	have to convert strings to ucs2 and back again in order to do some
-	(seemingly) simple task. For examples of how to do this see functions
-	like strchr_m(). I know this is very slow, and we will eventually
-	speed it up but right now we want this stuff correct not fast.</P
-></LI
-><LI
-><P
->	all lp_ functions now return unix strings. The magic "DOS" flag on
-	parameters is gone.</P
-></LI
-><LI
-><P
->	all vfs functions take unix strings. Don't convert when passing to them</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN317">Macros in byteorder.h</H2
-><P
->This section describes the macros defined in byteorder.h.  These macros 
-are used extensively in the Samba code.</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN320">CVAL(buf,pos)</H3
-><P
->returns the byte at offset pos within buffer buf as an unsigned character.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN323">PVAL(buf,pos)</H3
-><P
->returns the value of CVAL(buf,pos) cast to type unsigned integer.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN326">SCVAL(buf,pos,val)</H3
-><P
->sets the byte at offset pos within buffer buf to value val.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN329">SVAL(buf,pos)</H3
-><P
->	returns the value of the unsigned short (16 bit) little-endian integer at 
-	offset pos within buffer buf.  An integer of this type is sometimes
-	refered to as "USHORT".</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN332">IVAL(buf,pos)</H3
-><P
->returns the value of the unsigned 32 bit little-endian integer at offset 
-pos within buffer buf.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN335">SVALS(buf,pos)</H3
-><P
->returns the value of the signed short (16 bit) little-endian integer at 
-offset pos within buffer buf.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN338">IVALS(buf,pos)</H3
-><P
->returns the value of the signed 32 bit little-endian integer at offset pos
-within buffer buf.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN341">SSVAL(buf,pos,val)</H3
-><P
->sets the unsigned short (16 bit) little-endian integer at offset pos within 
-buffer buf to value val.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN344">SIVAL(buf,pos,val)</H3
-><P
->sets the unsigned 32 bit little-endian integer at offset pos within buffer 
-buf to the value val.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN347">SSVALS(buf,pos,val)</H3
-><P
->sets the short (16 bit) signed little-endian integer at offset pos within 
-buffer buf to the value val.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN350">SIVALS(buf,pos,val)</H3
-><P
->sets the signed 32 bit little-endian integer at offset pos withing buffer
-buf to the value val.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN353">RSVAL(buf,pos)</H3
-><P
->returns the value of the unsigned short (16 bit) big-endian integer at 
-offset pos within buffer buf.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN356">RIVAL(buf,pos)</H3
-><P
->returns the value of the unsigned 32 bit big-endian integer at offset 
-pos within buffer buf.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN359">RSSVAL(buf,pos,val)</H3
-><P
->sets the value of the unsigned short (16 bit) big-endian integer at 
-offset pos within buffer buf to value val.
-refered to as "USHORT".</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN362">RSIVAL(buf,pos,val)</H3
-><P
->sets the value of the unsigned 32 bit big-endian integer at offset 
-pos within buffer buf to value val.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN365">LAN Manager Samba API</H2
-><P
->This section describes the functions need to make a LAN Manager RPC call.
-This information had been obtained by examining the Samba code and the LAN
-Manager 2.0 API documentation.  It should not be considered entirely
-reliable.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->call_api(int prcnt, int drcnt, int mprcnt, int mdrcnt, 
-	char *param, char *data, char **rparam, char **rdata);</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->This function is defined in client.c.  It uses an SMB transaction to call a
-remote api.</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN371">Parameters</H3
-><P
->The parameters are as follows:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	prcnt: the number of bytes of parameters begin sent.</P
-></LI
-><LI
-><P
->	drcnt:   the number of bytes of data begin sent.</P
-></LI
-><LI
-><P
->	mprcnt:  the maximum number of bytes of parameters which should be returned</P
-></LI
-><LI
-><P
->	mdrcnt:  the maximum number of bytes of data which should be returned</P
-></LI
-><LI
-><P
->	param:   a pointer to the parameters to be sent.</P
-></LI
-><LI
-><P
->	data:    a pointer to the data to be sent.</P
-></LI
-><LI
-><P
->	rparam:  a pointer to a pointer which will be set to point to the returned
-	paramters.  The caller of call_api() must deallocate this memory.</P
-></LI
-><LI
-><P
->	rdata:   a pointer to a pointer which will be set to point to the returned 
-	data.  The caller of call_api() must deallocate this memory.</P
-></LI
-></OL
-><P
->These are the parameters which you ought to send, in the order of their
-appearance in the parameter block:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->An unsigned 16 bit integer API number.  You should set this value with
-SSVAL().  I do not know where these numbers are described.</P
-></LI
-><LI
-><P
->An ASCIIZ string describing the parameters to the API function as defined
-in the LAN Manager documentation.  The first parameter, which is the server
-name, is ommited.  This string is based uppon the API function as described
-in the manual, not the data which is actually passed.</P
-></LI
-><LI
-><P
->An ASCIIZ string describing the data structure which ought to be returned.</P
-></LI
-><LI
-><P
->Any parameters which appear in the function call, as defined in the LAN
-Manager API documentation, after the "Server" and up to and including the
-"uLevel" parameters.</P
-></LI
-><LI
-><P
->An unsigned 16 bit integer which gives the size in bytes of the buffer we
-will use to receive the returned array of data structures.  Presumably this
-should be the same as mdrcnt.  This value should be set with SSVAL().</P
-></LI
-><LI
-><P
->An ASCIIZ string describing substructures which should be returned.  If no 
-substructures apply, this string is of zero length.</P
-></LI
-></OL
-><P
->The code in client.c always calls call_api() with no data.  It is unclear
-when a non-zero length data buffer would be sent.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN406">Return value</H3
-><P
->The returned parameters (pointed to by rparam), in their order of appearance
-are:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->An unsigned 16 bit integer which contains the API function's return code. 
-This value should be read with SVAL().</P
-></LI
-><LI
-><P
->An adjustment which tells the amount by which pointers in the returned
-data should be adjusted.  This value should be read with SVAL().  Basically, 
-the address of the start of the returned data buffer should have the returned
-pointer value added to it and then have this value subtracted from it in
-order to obtain the currect offset into the returned data buffer.</P
-></LI
-><LI
-><P
->A count of the number of elements in the array of structures returned. 
-It is also possible that this may sometimes be the number of bytes returned.</P
-></LI
-></OL
-><P
->When call_api() returns, rparam points to the returned parameters.  The
-first if these is the result code.  It will be zero if the API call
-suceeded.  This value by be read with "SVAL(rparam,0)".</P
-><P
->The second parameter may be read as "SVAL(rparam,2)".  It is a 16 bit offset
-which indicates what the base address of the returned data buffer was when
-it was built on the server.  It should be used to correct pointer before
-use.</P
-><P
->The returned data buffer contains the array of returned data structures. 
-Note that all pointers must be adjusted before use.  The function
-fix_char_ptr() in client.c can be used for this purpose.</P
-><P
->The third parameter (which may be read as "SVAL(rparam,4)") has something to
-do with indicating the amount of data returned or possibly the amount of
-data which can be returned if enough buffer space is allowed.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN420">Code character table</H2
-><P
->Certain data structures are described by means of ASCIIz strings containing
-code characters.  These are the code characters:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->W	a type byte little-endian unsigned integer</P
-></LI
-><LI
-><P
->N	a count of substructures which follow</P
-></LI
-><LI
-><P
->D	a four byte little-endian unsigned integer</P
-></LI
-><LI
-><P
->B	a byte (with optional count expressed as trailing ASCII digits)</P
-></LI
-><LI
-><P
->z	a four byte offset to a NULL terminated string</P
-></LI
-><LI
-><P
->l	a four byte offset to non-string user data</P
-></LI
-><LI
-><P
->b	an offset to data (with count expressed as trailing ASCII digits)</P
-></LI
-><LI
-><P
->r	pointer to returned data buffer???</P
-></LI
-><LI
-><P
->L	length in bytes of returned data buffer???</P
-></LI
-><LI
-><P
->h	number of bytes of information available???</P
-></LI
-></OL
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="PARSING">The smb.conf file</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN451">Lexical Analysis</H2
-><P
->Basically, the file is processed on a line by line basis.  There are
-four types of lines that are recognized by the lexical analyzer
-(params.c):</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->Blank lines - Lines containing only whitespace.</P
-></LI
-><LI
-><P
->Comment lines - Lines beginning with either a semi-colon or a
-pound sign (';' or '#').</P
-></LI
-><LI
-><P
->Section header lines - Lines beginning with an open square bracket ('[').</P
-></LI
-><LI
-><P
->Parameter lines - Lines beginning with any other character.
-(The default line type.)</P
-></LI
-></OL
-><P
->The first two are handled exclusively by the lexical analyzer, which
-ignores them.  The latter two line types are scanned for</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->  - Section names</P
-></LI
-><LI
-><P
->  - Parameter names</P
-></LI
-><LI
-><P
->  - Parameter values</P
-></LI
-></OL
-><P
->These are the only tokens passed to the parameter loader
-(loadparm.c).  Parameter names and values are divided from one
-another by an equal sign: '='.</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN472">Handling of Whitespace</H3
-><P
->Whitespace is defined as all characters recognized by the isspace()
-function (see ctype(3C)) except for the newline character ('\n')
-The newline is excluded because it identifies the end of the line.</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->The lexical analyzer scans past white space at the beginning of a line.</P
-></LI
-><LI
-><P
->Section and parameter names may contain internal white space.  All
-whitespace within a name is compressed to a single space character. </P
-></LI
-><LI
-><P
->Internal whitespace within a parameter value is kept verbatim with 
-the exception of carriage return characters ('\r'), all of which
-are removed.</P
-></LI
-><LI
-><P
->Leading and trailing whitespace is removed from names and values.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN484">Handling of Line Continuation</H3
-><P
->Long section header and parameter lines may be extended across
-multiple lines by use of the backslash character ('\\').  Line
-continuation is ignored for blank and comment lines.</P
-><P
->If the last (non-whitespace) character within a section header or on
-a parameter line is a backslash, then the next line will be
-(logically) concatonated with the current line by the lexical
-analyzer.  For example:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	param name = parameter value string \
-	with line continuation.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Would be read as</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    param name = parameter value string     with line continuation.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Note that there are five spaces following the word 'string',
-representing the one space between 'string' and '\\' in the top
-line, plus the four preceeding the word 'with' in the second line.
-(Yes, I'm counting the indentation.)</P
-><P
->Line continuation characters are ignored on blank lines and at the end
-of comments.  They are *only* recognized within section and parameter
-lines.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN495">Line Continuation Quirks</H3
-><P
->Note the following example:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	param name = parameter value string \
-    \
-    with line continuation.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The middle line is *not* parsed as a blank line because it is first
-concatonated with the top line.  The result is</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->param name = parameter value string         with line continuation.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The same is true for comment lines.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	param name = parameter value string \
-	; comment \
-    with a comment.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->This becomes:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->param name = parameter value string     ; comment     with a comment.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->On a section header line, the closing bracket (']') is considered a
-terminating character, and the rest of the line is ignored.  The lines</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	[ section   name ] garbage \
-    param  name  = value</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->are read as</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	[section name]
-    param name = value</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN515">Syntax</H2
-><P
->The syntax of the smb.conf file is as follows:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  &#60;file&#62;            :==  { &#60;section&#62; } EOF
-  &#60;section&#62;         :==  &#60;section header&#62; { &#60;parameter line&#62; }
-  &#60;section header&#62;  :==  '[' NAME ']'
-  &#60;parameter line&#62;  :==  NAME '=' VALUE NL</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Basically, this means that</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	a file is made up of zero or more sections, and is terminated by
-	an EOF (we knew that).</P
-></LI
-><LI
-><P
->	A section is made up of a section header followed by zero or more
-	parameter lines.</P
-></LI
-><LI
-><P
->	A section header is identified by an opening bracket and
-	terminated by the closing bracket.  The enclosed NAME identifies
-	the section.</P
-></LI
-><LI
-><P
->	A parameter line is divided into a NAME and a VALUE.  The *first*
-	equal sign on the line separates the NAME from the VALUE.  The
-	VALUE is terminated by a newline character (NL = '\n').</P
-></LI
-></OL
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN530">About params.c</H3
-><P
->The parsing of the config file is a bit unusual if you are used to
-lex, yacc, bison, etc.  Both lexical analysis (scanning) and parsing
-are performed by params.c.  Values are loaded via callbacks to
-loadparm.c.</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="UNIX-SMB">NetBIOS in a Unix World</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN540">Introduction</H2
-><P
->This is a short document that describes some of the issues that
-confront a SMB implementation on unix, and how Samba copes with
-them. They may help people who are looking at unix&#60;-&#62;PC
-interoperability.</P
-><P
->It was written to help out a person who was writing a paper on unix to
-PC connectivity.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN544">Usernames</H2
-><P
->The SMB protocol has only a loose username concept. Early SMB
-protocols (such as CORE and COREPLUS) have no username concept at
-all. Even in later protocols clients often attempt operations
-(particularly printer operations) without first validating a username
-on the server.</P
-><P
->Unix security is based around username/password pairs. A unix box
-should not allow clients to do any substantive operation without some
-sort of validation. </P
-><P
->The problem mostly manifests itself when the unix server is in "share
-level" security mode. This is the default mode as the alternative
-"user level" security mode usually forces a client to connect to the
-server as the same user for each connected share, which is
-inconvenient in many sites.</P
-><P
->In "share level" security the client normally gives a username in the
-"session setup" protocol, but does not supply an accompanying
-password. The client then connects to resources using the "tree
-connect" protocol, and supplies a password. The problem is that the
-user on the PC types the username and the password in different
-contexts, unaware that they need to go together to give access to the
-server. The username is normally the one the user typed in when they
-"logged onto" the PC (this assumes Windows for Workgroups). The
-password is the one they chose when connecting to the disk or printer.</P
-><P
->The user often chooses a totally different username for their login as
-for the drive connection. Often they also want to access different
-drives as different usernames. The unix server needs some way of
-divining the correct username to combine with each password.</P
-><P
->Samba tries to avoid this problem using several methods. These succeed
-in the vast majority of cases. The methods include username maps, the
-service%user syntax, the saving of session setup usernames for later
-validation and the derivation of the username from the service name
-(either directly or via the user= option).</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN552">File Ownership</H2
-><P
->The commonly used SMB protocols have no way of saying "you can't do
-that because you don't own the file". They have, in fact, no concept
-of file ownership at all.</P
-><P
->This brings up all sorts of interesting problems. For example, when
-you copy a file to a unix drive, and the file is world writeable but
-owned by another user the file will transfer correctly but will
-receive the wrong date. This is because the utime() call under unix
-only succeeds for the owner of the file, or root, even if the file is
-world writeable. For security reasons Samba does all file operations
-as the validated user, not root, so the utime() fails. This can stuff
-up shared development diectories as programs like "make" will not get
-file time comparisons right.</P
-><P
->There are several possible solutions to this problem, including
-username mapping, and forcing a specific username for particular
-shares.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN557">Passwords</H2
-><P
->Many SMB clients uppercase passwords before sending them. I have no
-idea why they do this. Interestingly WfWg uppercases the password only
-if the server is running a protocol greater than COREPLUS, so
-obviously it isn't just the data entry routines that are to blame.</P
-><P
->Unix passwords are case sensitive. So if users use mixed case
-passwords they are in trouble.</P
-><P
->Samba can try to cope with this by either using the "password level"
-option which causes Samba to try the offered password with up to the
-specified number of case changes, or by using the "password server"
-option which allows Samba to do its validation via another machine
-(typically a WinNT server).</P
-><P
->Samba supports the password encryption method used by SMB
-clients. Note that the use of password encryption in Microsoft
-networking leads to password hashes that are "plain text equivalent".
-This means that it is *VERY* important to ensure that the Samba
-smbpasswd file containing these password hashes is only readable
-by the root user. See the documentation ENCRYPTION.txt for more
-details.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN563">Locking</H2
-><P
->The locking calls available under a DOS/Windows environment are much
-richer than those available in unix. This means a unix server (like
-Samba) choosing to use the standard fcntl() based unix locking calls
-to implement SMB locking has to improvise a bit.</P
-><P
->One major problem is that dos locks can be in a 32 bit (unsigned)
-range. Unix locking calls are 32 bits, but are signed, giving only a 31
-bit range. Unfortunately OLE2 clients use the top bit to select a
-locking range used for OLE semaphores.</P
-><P
->To work around this problem Samba compresses the 32 bit range into 31
-bits by appropriate bit shifting. This seems to work but is not
-ideal. In a future version a separate SMB lockd may be added to cope
-with the problem.</P
-><P
->It also doesn't help that many unix lockd daemons are very buggy and
-crash at the slightest provocation. They normally go mostly unused in
-a unix environment because few unix programs use byte range
-locking. The stress of huge numbers of lock requests from dos/windows
-clients can kill the daemon on some systems.</P
-><P
->The second major problem is the "opportunistic locking" requested by
-some clients. If a client requests opportunistic locking then it is
-asking the server to notify it if anyone else tries to do something on
-the same file, at which time the client will say if it is willing to
-give up its lock. Unix has no simple way of implementing
-opportunistic locking, and currently Samba has no support for it.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN570">Deny Modes</H2
-><P
->When a SMB client opens a file it asks for a particular "deny mode" to
-be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE,
-DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be
-allowed by anyone else who tries to use the file at the same time. If
-DENY_READ is placed on the file, for example, then any attempt to open
-the file for reading should fail.</P
-><P
->Unix has no equivalent notion. To implement this Samba uses either lock
-files based on the files inode and placed in a separate lock
-directory or a shared memory implementation. The lock file method 
-is clumsy and consumes processing and file resources,
-the shared memory implementation is vastly prefered and is turned on
-by default for those systems that support it.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN574">Trapdoor UIDs</H2
-><P
->A SMB session can run with several uids on the one socket. This
-happens when a user connects to two shares with different
-usernames. To cope with this the unix server needs to switch uids
-within the one process. On some unixes (such as SCO) this is not
-possible. This means that on those unixes the client is restricted to
-a single uid.</P
-><P
->Note that you can also get the "trapdoor uid" message for other
-reasons. Please see the FAQ for details.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN578">Port numbers</H2
-><P
->There is a convention that clients on sockets use high "unprivilaged"
-port numbers (&#62;1000) and connect to servers on low "privilaged" port
-numbers. This is enforced in Unix as non-root users can't open a
-socket for listening on port numbers less than 1000.</P
-><P
->Most PC based SMB clients (such as WfWg and WinNT) don't follow this
-convention completely. The main culprit is the netbios nameserving on
-udp port 137. Name query requests come from a source port of 137. This
-is a problem when you combine it with the common firewalling technique
-of not allowing incoming packets on low port numbers. This means that
-these clients can't query a netbios nameserver on the other side of a
-low port based firewall.</P
-><P
->The problem is more severe with netbios node status queries. I've
-found that WfWg, Win95 and WinNT3.5 all respond to netbios node status
-queries on port 137 no matter what the source port was in the
-request. This works between machines that are both using port 137, but
-it means it's not possible for a unix user to do a node status request
-to any of these OSes unless they are running as root. The answer comes
-back, but it goes to port 137 which the unix user can't listen
-on. Interestingly WinNT3.1 got this right - it sends node status
-responses back to the source port in the request.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN583">Protocol Complexity</H2
-><P
->There are many "protocol levels" in the SMB protocol. It seems that
-each time new functionality was added to a Microsoft operating system,
-they added the equivalent functions in a new protocol level of the SMB
-protocol to "externalise" the new capabilities.</P
-><P
->This means the protocol is very "rich", offering many ways of doing
-each file operation. This means SMB servers need to be complex and
-large. It also means it is very difficult to make them bug free. It is
-not just Samba that suffers from this problem, other servers such as
-WinNT don't support every variation of every call and it has almost
-certainly been a headache for MS developers to support the myriad of
-SMB calls that are available.</P
-><P
->There are about 65 "top level" operations in the SMB protocol (things
-like SMBread and SMBwrite). Some of these include hundreds of
-sub-functions (SMBtrans has at least 120 sub-functions, like
-DosPrintQAdd and NetSessionEnum). All of them take several options
-that can change the way they work. Many take dozens of possible
-"information levels" that change the structures that need to be
-returned. Samba supports all but 2 of the "top level" functions. It
-supports only 8 (so far) of the SMBtrans sub-functions. Even NT
-doesn't support them all.</P
-><P
->Samba currently supports up to the "NT LM 0.12" protocol, which is the
-one preferred by Win95 and WinNT3.5. Luckily this protocol level has a
-"capabilities" field which specifies which super-duper new-fangled
-options the server suports. This helps to make the implementation of
-this protocol level much easier.</P
-><P
->There is also a problem with the SMB specications. SMB is a X/Open
-spec, but the X/Open book is far from ideal, and fails to cover many
-important issues, leaving much to the imagination. Microsoft recently
-renamed the SMB protocol CIFS (Common Internet File System) and have 
-published new specifications. These are far superior to the old 
-X/Open documents but there are still undocumented calls and features. 
-This specification is actively being worked on by a CIFS developers 
-mailing list hosted by Microsft.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="TRACING">Tracing samba system calls</H1
-><P
->This file describes how to do a system call trace on Samba to work out
-what its doing wrong. This is not for the faint of heart, but if you
-are reading this then you are probably desperate.</P
-><P
->Actually its not as bad as the the above makes it sound, just don't
-expect the output to be very pretty :-)</P
-><P
->Ok, down to business. One of the big advantages of unix systems is
-that they nearly all come with a system trace utility that allows you
-to monitor all system calls that a program is making. This is
-extremely using for debugging and also helps when trying to work out
-why something is slower than you expect. You can use system tracing
-without any special compilation options. </P
-><P
->The system trace utility is called different things on different
-systems. On Linux systems its called strace. Under SunOS 4 its called
-trace. Under SVR4 style systems (including solaris) its called
-truss. Under many BSD systems its called ktrace. </P
-><P
->The first thing you should do is read the man page for your native
-system call tracer. In the discussion below I'll assume its called
-strace as strace is the only portable system tracer (its available for
-free for many unix types) and its also got some of the nicest
-features.</P
-><P
->Next, try using strace on some simple commands. For example, <B
-CLASS="COMMAND"
->strace
-ls</B
-> or <B
-CLASS="COMMAND"
->strace echo hello</B
->.</P
-><P
-> 
-You'll notice that it produces a LOT of output. It is showing you the
-arguments to every system call that the program makes and the
-result. Very little happens in a program without a system call so you
-get lots of output. You'll also find that it produces a lot of
-"preamble" stuff showing the loading of shared libraries etc. Ignore
-this (unless its going wrong!)</P
-><P
->For example, the only line that really matters in the <B
-CLASS="COMMAND"
->strace echo
-hello</B
-> output is:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->write(1, "hello\n", 6)                  = 6</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->all the rest is just setting up to run the program.</P
-><P
->Ok, now you're familiar with strace. To use it on Samba you need to
-strace the running smbd daemon. The way I tend ot use it is to first
-login from my Windows PC to the Samba server, then use smbstatus to
-find which process ID that client is attached to, then as root I do
-<B
-CLASS="COMMAND"
->strace -p PID</B
-> to attach to that process. I normally redirect the
-stderr output from this command to a file for later perusal. For
-example, if I'm using a csh style shell:</P
-><P
-><B
-CLASS="COMMAND"
->strace -f -p 3872 &#62;&#38; strace.out</B
-></P
-><P
->or with a sh style shell:</P
-><P
-><B
-CLASS="COMMAND"
->strace -f -p 3872 &#62; strace.out 2&#62;&#38;1</B
-></P
-><P
->Note the "-f" option. This is only available on some systems, and
-allows you to trace not just the current process, but any children it
-forks. This is great for finding printing problems caused by the
-"print command" being wrong.</P
-><P
->Once you are attached you then can do whatever it is on the client
-that is causing problems and you will capture all the system calls
-that smbd makes. </P
-><P
->So how do you interpret the results? Generally I search through the
-output for strings that I know will appear when the problem
-happens. For example, if I am having touble with permissions on a file
-I would search for that files name in the strace output and look at
-the surrounding lines. Another trick is to match up file descriptor
-numbers and "follow" what happens to an open file until it is closed.</P
-><P
->Beyond this you will have to use your initiative. To give you an idea
-of what you are looking for here is a piece of strace output that
-shows that <TT
-CLASS="FILENAME"
->/dev/null</TT
-> is not world writeable, which
-causes printing to fail with Samba:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->[pid 28268] open("/dev/null", O_RDWR)   = -1 EACCES (Permission denied)
-[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied)</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The process is trying to first open <TT
-CLASS="FILENAME"
->/dev/null</TT
-> read-write 
-then read-only. Both fail. This means <TT
-CLASS="FILENAME"
->/dev/null</TT
-> has 
-incorrect permissions.</P
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="NTDOMAIN">NT Domain RPC's</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN651">Introduction</H2
-><P
->This document contains information to provide an NT workstation with login
-services, without the need for an NT server. It is the sgml version of <A
-HREF="http://mailhost.cb1.com/~lkcl/cifsntdomain.txt"
-TARGET="_top"
->http://mailhost.cb1.com/~lkcl/cifsntdomain.txt</A
->, controlled by Luke.</P
-><P
->It should be possible to select a domain instead of a workgroup (in the NT
-workstation's TCP/IP settings) and after the obligatory reboot, type in a
-username, password, select a domain and successfully log in.  I would
-appreciate any feedback on your experiences with this process, and any
-comments, corrections and additions to this document.</P
-><P
->The packets described here can be easily derived from (and are probably
-better understood using) Netmon.exe.  You will need to use the version
-of Netmon that matches your system, in order to correctly decode the
-NETLOGON, lsarpc and srvsvc Transact pipes.  This document is derived from
-NT Service Pack 1 and its corresponding version of Netmon.  It is intended
-that an annotated packet trace be produced, which will likely be more
-instructive than this document.</P
-><P
->Also needed, to fully implement NT Domain Login Services, is the 
-document describing the cryptographic part of the NT authentication.
-This document is available from comp.protocols.smb; from the ntsecurity.net
-digest and from the samba digest, amongst other sources.</P
-><P
->A copy is available from:</P
-><P
-><A
-HREF="http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935"
-TARGET="_top"
->http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708;L=ntbugtraq;O=A;P=2935</A
-></P
-><P
-><A
-HREF="http://mailhost.cb1.com/~lkcl/crypt.html"
-TARGET="_top"
->http://mailhost.cb1.com/~lkcl/crypt.html</A
-></P
-><P
->A c-code implementation, provided by <A
-HREF="mailto:linus@incolumitas.se"
-TARGET="_top"
->Linus Nordberg</A
->
-of this protocol is available from:</P
-><P
-><A
-HREF="http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html"
-TARGET="_top"
->http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html</A
-></P
-><P
-><A
-HREF="http://mailhost.cb1.com/~lkcl/crypt.txt"
-TARGET="_top"
->http://mailhost.cb1.com/~lkcl/crypt.txt</A
-></P
-><P
->Also used to provide debugging information is the Check Build version of
-NT workstation, and enabling full debugging in NETLOGON.  This is
-achieved by setting the following REG_SZ registry key to 0x1ffffff:</P
-><P
-><TT
-CLASS="FILENAME"
->HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters</TT
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Incorrect direct editing of the registry can cause your
-machine to fail. Then again, so can incorrect implementation of this 
-protocol. See "Liability:" above.</I
-></P
-><P
->Bear in mind that each packet over-the-wire will have its origin in an
-API call.  Therefore, there are likely to be structures, enumerations
-and defines that are usefully documented elsewhere.</P
-><P
->This document is by no means complete or authoritative.  Missing sections
-include, but are not limited to:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->Mappings of RIDs to usernames (and vice-versa).</P
-></LI
-><LI
-><P
->What a User ID is and what a Group ID is.</P
-></LI
-><LI
-><P
->The exact meaning/definition of various magic constants or enumerations.</P
-></LI
-><LI
-><P
->The reply error code and use of that error code when a
-workstation becomes a member of a domain (to be described later).  
-Failure to return this error code will make the workstation report 
-that it is already a member of the domain.</P
-></LI
-><LI
-><P
->the cryptographic side of the NetrServerPasswordSet command, 
-which would allow the workstation to change its password.  This password is
-used to generate the long-term session key.  [It is possible to reject this
-command, and keep the default workstation password].</P
-></LI
-></OL
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN687">Sources</H3
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->cket Traces from Netmonitor (Service Pack 1 and above)</TD
-></TR
-><TR
-><TD
->ul Ashton and Luke Leighton's other "NT Domain" doc.</TD
-></TR
-><TR
-><TD
->FS documentation - cifs6.txt</TD
-></TR
-><TR
-><TD
->FS documentation - cifsrap2.txt</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN694">Credits</H3
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->Paul Ashton: loads of work with Net Monitor; understanding the NT authentication system; reference implementation of the NT domain support on which this document is originally based.</TD
-></TR
-><TR
-><TD
->Duncan Stansfield: low-level analysis of MSRPC Pipes.</TD
-></TR
-><TR
-><TD
->Linus Nordberg: producing c-code from Paul's crypto spec.</TD
-></TR
-><TR
-><TD
->Windows Sourcer development team</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN701">Notes and Structures</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN703">Notes</H3
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->In the SMB Transact pipes, some "Structures", described here, appear to be
-4-byte aligned with the SMB header, at their start.  Exactly which
-"Structures" need aligning is not precisely known or documented.</P
-></LI
-><LI
-><P
->In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be
-2-byte aligned with the start of the mailslot, at their start.</P
-></LI
-><LI
-><P
->Domain SID is of the format S-revision-version-auth1-auth2...authN.
-e.g S-1-5-123-456-789-123-456.  the 5 could be a sub-revision.</P
-></LI
-><LI
-><P
->any undocumented buffer pointers must be non-zero if the string buffer it
-refers to contains characters.  exactly what value they should be is unknown.
-0x0000 0002 seems to do the trick to indicate that the buffer exists.  a
-NULL buffer pointer indicates that the string buffer is of zero length.
-If the buffer pointer is NULL, then it is suspected that the structure it
-refers to is NOT put into (or taken out of) the SMB data stream.  This is
-empirically derived from, for example, the LSA SAM Logon response packet,
-where if the buffer pointer is NULL, the user information is not inserted
-into the data stream.  Exactly what happens with an array of buffer pointers
-is not known, although an educated guess can be made.</P
-></LI
-><LI
-><P
->an array of structures (a container) appears to have a count and a pointer.
-if the count is zero, the pointer is also zero.  no further data is put
-into or taken out of the SMB data stream.  if the count is non-zero, then
-the pointer is also non-zero.  immediately following the pointer is the
-count again, followed by an array of container sub-structures.  the count
-appears a third time after the last sub-structure.</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN716">Enumerations</H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN718">MSRPC Header type</H4
-><P
->command number in the msrpc packet header</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->MSRPC_Request:</DT
-><DD
-><P
->0x00</P
-></DD
-><DT
->MSRPC_Response:</DT
-><DD
-><P
->0x02</P
-></DD
-><DT
->MSRPC_Bind:</DT
-><DD
-><P
->0x0B</P
-></DD
-><DT
->MSRPC_BindAck:</DT
-><DD
-><P
->0x0C</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN738">MSRPC Packet info</H4
-><P
->The meaning of these flags is undocumented</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->FirstFrag:</DT
-><DD
-><P
->0x01 </P
-></DD
-><DT
->LastFrag:</DT
-><DD
-><P
->0x02 </P
-></DD
-><DT
->NotaFrag:</DT
-><DD
-><P
->0x04  </P
-></DD
-><DT
->RecRespond:</DT
-><DD
-><P
->0x08  </P
-></DD
-><DT
->NoMultiplex:</DT
-><DD
-><P
->0x10  </P
-></DD
-><DT
->NotForIdemp:</DT
-><DD
-><P
->0x20  </P
-></DD
-><DT
->NotforBcast:</DT
-><DD
-><P
->0x40  </P
-></DD
-><DT
->NoUuid:</DT
-><DD
-><P
->0x80 </P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN774">Structures</H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN776">VOID *</H4
-><P
->sizeof VOID* is 32 bits.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN779">char</H4
-><P
->sizeof char is 8 bits.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN782">UTIME</H4
-><P
->UTIME is 32 bits, indicating time in seconds since 01jan1970.  documented in cifs6.txt (section 3.5 page, page 30).</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN785">NTTIME</H4
-><P
->NTTIME is 64 bits.  documented in cifs6.txt (section 3.5 page, page 30).</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN788">DOM_SID (domain SID structure)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->num of sub-authorities in domain SID</P
-></DD
-><DT
->UINT8</DT
-><DD
-><P
->SID revision number</P
-></DD
-><DT
->UINT8</DT
-><DD
-><P
->num of sub-authorities in domain SID</P
-></DD
-><DT
->UINT8[6]</DT
-><DD
-><P
->6 bytes for domain SID - Identifier Authority.</P
-></DD
-><DT
->UINT16[n_subauths]</DT
-><DD
-><P
->domain SID sub-authorities</P
-></DD
-></DL
-></DIV
-><P
-><I
-CLASS="EMPHASIS"
->Note: the domain SID is documented elsewhere.</I
-></P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN813">STR (string)</H4
-><P
->STR (string) is a char[] : a null-terminated string of ascii characters.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN816">UNIHDR (unicode string header)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16</DT
-><DD
-><P
->length of unicode string</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->max length of unicode string</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->4 - undocumented.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN831">UNIHDR2 (unicode string header plus buffer pointer)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UNIHDR</DT
-><DD
-><P
->unicode string header</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN842">UNISTR (unicode string)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16[]</DT
-><DD
-><P
->null-terminated string of unicode characters.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN849">NAME (length-indicated unicode string)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->length of unicode string</P
-></DD
-><DT
->UINT16[]</DT
-><DD
-><P
->null-terminated string of unicode characters.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN860">UNISTR2 (aligned unicode string)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to get unicode string 4-byte aligned with the start of the SMB header.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->max length of unicode string</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->length of unicode string</P
-></DD
-><DT
->UINT16[]</DT
-><DD
-><P
->string of uncode characters</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN883">OBJ_ATTR (object attributes)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->0x18 - length (in bytes) including the length field.</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->0 - root directory (pointer)</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->0 - object name (pointer)</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - attributes (undocumented)</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->0 - security descriptior (pointer)</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - security quality of service</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN910">POL_HND (LSA policy handle)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->char[20]</DT
-><DD
-><P
->policy handle</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN917">DOM_SID2 (domain SID structure, SIDS stored in unicode)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->5 - SID type</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-><DT
->UNIHDR2</DT
-><DD
-><P
->domain SID unicode string header</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->domain SID unicode string</P
-></DD
-></DL
-></DIV
-><P
-><I
-CLASS="EMPHASIS"
->Note:	there is a conflict between the unicode string header and the unicode string itself as to which to use to indicate string length.  this will need to be resolved.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	the SID type indicates, for example, an alias; a well-known group etc. this is documented somewhere.</I
-></P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN940">DOM_RID (domain RID structure)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->5 - well-known SID.  1 - user SID (see ShowACLs)</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->5 - undocumented</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->domain RID </P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - domain index out of above reference domains</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN959">LOG_INFO (server, account, client structure)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note:	logon server name starts with two '\' characters and is upper case.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	account name is the logon client name from the LSA Request Challenge, with a $ on the end of it, in upper case.</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon server unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->account name unicode string</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->sec_chan - security channel type</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon client machine unicode string</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN986">CLNT_SRV (server, client names structure)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note:	logon server name starts with two '\' characters and is upper case.</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon server unicode string</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon client machine unicode string</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1007">CREDS (credentials + time stamp)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->char[8]</DT
-><DD
-><P
->credentials</P
-></DD
-><DT
->UTIME</DT
-><DD
-><P
->time stamp</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1018">CLNT_INFO2 (server, client structure, client credentials)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note: whenever this structure appears in a request, you must take a copy of the client-calculated credentials received, because they will beused in subsequent credential checks.  the presumed intention is to
-	maintain an authenticated request/response trail.</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->CLNT_SRV</DT
-><DD
-><P
->client and server names</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->???? padding, for 4-byte alignment with SMB header.</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to client credentials.</P
-></DD
-><DT
->CREDS</DT
-><DD
-><P
->client-calculated credentials + client time</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1039">CLNT_INFO (server, account, client structure, client credentials)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note: whenever this structure appears in a request, you must take a copy of the client-calculated credentials received, because they will be used in subsequent credential checks.  the presumed intention is to maintain an authenticated request/response trail.</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->LOG_INFO</DT
-><DD
-><P
->logon account info</P
-></DD
-><DT
->CREDS</DT
-><DD
-><P
->client-calculated credentials + client time</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1052">ID_INFO_1 (id info structure, auth level 1)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->ptr_id_info_1</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->domain name unicode header</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->param control</P
-></DD
-><DT
->UINT64</DT
-><DD
-><P
->logon ID</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->user name unicode header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->workgroup name unicode header</P
-></DD
-><DT
->char[16]</DT
-><DD
-><P
->arc4 LM OWF Password</P
-></DD
-><DT
->char[16]</DT
-><DD
-><P
->arc4 NT OWF Password</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->domain name unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->user name unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->workstation name unicode string</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1099">SAM_INFO (sam logon/logoff id info structure)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note: presumably, the return credentials is supposedly for the server to verify that the credential chain hasn't been compromised.</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->CLNT_INFO2</DT
-><DD
-><P
->client identification/authentication info</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to return credentials.</P
-></DD
-><DT
->CRED</DT
-><DD
-><P
->return credentials - ignored.</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->logon level</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->switch value</P
-></DD
-></DL
-></DIV
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->        switch (switch_value)
-        case 1:
-        {
-            ID_INFO_1     id_info_1;
-        }</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1126">GID (group id info)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->group id</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->user attributes (only used by NT 3.1 and 3.51)</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1137">DOM_REF (domain reference info)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num referenced domains?</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain name buffer pointer.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->32 - max number of entries</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->4 - num referenced domains?</P
-></DD
-><DT
->UNIHDR2</DT
-><DD
-><P
->domain name unicode string header</P
-></DD
-><DT
->UNIHDR2[num_ref_doms-1]</DT
-><DD
-><P
->referenced domain unicode string headers</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->domain name unicode string</P
-></DD
-><DT
->DOM_SID[num_ref_doms]</DT
-><DD
-><P
->referenced domain SIDs</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1176">DOM_INFO (domain info, levels 3 and 5 are the same))</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT8[]</DT
-><DD
-><P
->??? padding to get 4-byte alignment with start of SMB header</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->domain name string length * 2</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->domain name string length * 2</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain name string buffer pointer</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain SID string buffer pointer</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->domain name (unicode string)</P
-></DD
-><DT
->DOM_SID</DT
-><DD
-><P
->domain SID</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1207">USER_INFO (user logon info)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note: it would be nice to know what the 16 byte user session key is for.</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->NTTIME</DT
-><DD
-><P
->logon time</P
-></DD
-><DT
->NTTIME</DT
-><DD
-><P
->logoff time</P
-></DD
-><DT
->NTTIME</DT
-><DD
-><P
->kickoff time</P
-></DD
-><DT
->NTTIME</DT
-><DD
-><P
->password last set time</P
-></DD
-><DT
->NTTIME</DT
-><DD
-><P
->password can change time</P
-></DD
-><DT
->NTTIME</DT
-><DD
-><P
->password must change time</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->username unicode string header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->user's full name unicode string header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->logon script unicode string header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->profile path unicode string header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->home directory unicode string header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->home directory drive unicode string header</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->logon count</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->bad password count</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->User ID</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->Group ID</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num groups</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer to groups.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->user flags</P
-></DD
-><DT
->char[16]</DT
-><DD
-><P
->user session key</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->logon server unicode string header</P
-></DD
-><DT
->UNIHDR</DT
-><DD
-><P
->logon domain unicode string header</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented logon domain id pointer</P
-></DD
-><DT
->char[40]</DT
-><DD
-><P
->40 undocumented padding bytes.  future expansion?</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - num_other_sids?</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->NULL - undocumented pointer to other domain SIDs.</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->username unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->user's full name unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon script unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->profile path unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->home directory unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->home directory drive unicode string</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num groups</P
-></DD
-><DT
->GID[num_groups]</DT
-><DD
-><P
->group info</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon server unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon domain unicode string</P
-></DD
-><DT
->DOM_SID</DT
-><DD
-><P
->domain SID</P
-></DD
-><DT
->DOM_SID[num_sids]</DT
-><DD
-><P
->other domain SIDs?</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1364">SH_INFO_1_PTR (pointers to level 1 share info strings)</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note:	see cifsrap2.txt section5, page 10.</I
-></P
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->0 for shi1_type indicates a  Disk.</TD
-></TR
-><TR
-><TD
->1 for shi1_type indicates a  Print Queue.</TD
-></TR
-><TR
-><TD
->2 for shi1_type indicates a  Device.</TD
-></TR
-><TR
-><TD
->3 for shi1_type indicates an IPC pipe.</TD
-></TR
-><TR
-><TD
->0x8000 0000 (top bit set in shi1_type) indicates a hidden share.</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->shi1_netname - pointer to net name</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->shi1_type    - type of share.  0 - undocumented.</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->shi1_remark  - pointer to comment.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1387">SH_INFO_1_STR (level 1 share info strings)</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UNISTR2</DT
-><DD
-><P
->shi1_netname - unicode string of net name</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->shi1_remark  - unicode string of comment.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1398">SHARE_INFO_1_CTR</H4
-><P
->share container with 0 entries:</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->0 - EntriesRead</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - Buffer</P
-></DD
-></DL
-></DIV
-><P
->share container with &#62; 0 entries:</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->EntriesRead</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->non-zero - Buffer</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->EntriesRead</P
-></DD
-><DT
->SH_INFO_1_PTR[EntriesRead]</DT
-><DD
-><P
->share entry pointers</P
-></DD
-><DT
->SH_INFO_1_STR[EntriesRead]</DT
-><DD
-><P
->share entry strings</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to get unicode string 4-byte aligned with start of the SMB header.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->EntriesRead</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - padding</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1444">SERVER_INFO_101</H4
-><P
-><I
-CLASS="EMPHASIS"
->Note:	see cifs6.txt section 6.4 - the fields described therein will be of assistance here.  for example, the type listed below is the 	same as fServerType, which is described in 6.4.1. </I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->SV_TYPE_WORKSTATION</DT
-><DD
-><P
->0x00000001  All workstations</P
-></DD
-><DT
->SV_TYPE_SERVER</DT
-><DD
-><P
->0x00000002  All servers</P
-></DD
-><DT
->SV_TYPE_SQLSERVER</DT
-><DD
-><P
->0x00000004  Any server running with SQL server</P
-></DD
-><DT
->SV_TYPE_DOMAIN_CTRL</DT
-><DD
-><P
->0x00000008  Primary domain controller</P
-></DD
-><DT
->SV_TYPE_DOMAIN_BAKCTRL</DT
-><DD
-><P
->0x00000010  Backup domain controller</P
-></DD
-><DT
->SV_TYPE_TIME_SOURCE</DT
-><DD
-><P
->0x00000020  Server running the timesource service</P
-></DD
-><DT
->SV_TYPE_AFP</DT
-><DD
-><P
->0x00000040  Apple File Protocol servers</P
-></DD
-><DT
->SV_TYPE_NOVELL</DT
-><DD
-><P
->0x00000080  Novell servers</P
-></DD
-><DT
->SV_TYPE_DOMAIN_MEMBER</DT
-><DD
-><P
->0x00000100  Domain Member</P
-></DD
-><DT
->SV_TYPE_PRINTQ_SERVER</DT
-><DD
-><P
->0x00000200  Server sharing print queue</P
-></DD
-><DT
->SV_TYPE_DIALIN_SERVER</DT
-><DD
-><P
->0x00000400  Server running dialin service.</P
-></DD
-><DT
->SV_TYPE_XENIX_SERVER</DT
-><DD
-><P
->0x00000800  Xenix server</P
-></DD
-><DT
->SV_TYPE_NT</DT
-><DD
-><P
->0x00001000  NT server</P
-></DD
-><DT
->SV_TYPE_WFW</DT
-><DD
-><P
->0x00002000  Server running Windows for </P
-></DD
-><DT
->SV_TYPE_SERVER_NT</DT
-><DD
-><P
->0x00008000  Windows NT non DC server</P
-></DD
-><DT
->SV_TYPE_POTENTIAL_BROWSER</DT
-><DD
-><P
->0x00010000  Server that can run the browser service</P
-></DD
-><DT
->SV_TYPE_BACKUP_BROWSER</DT
-><DD
-><P
->0x00020000  Backup browser server</P
-></DD
-><DT
->SV_TYPE_MASTER_BROWSER</DT
-><DD
-><P
->0x00040000  Master browser server</P
-></DD
-><DT
->SV_TYPE_DOMAIN_MASTER</DT
-><DD
-><P
->0x00080000  Domain Master Browser server</P
-></DD
-><DT
->SV_TYPE_LOCAL_LIST_ONLY</DT
-><DD
-><P
->0x40000000  Enumerate only entries marked "local"</P
-></DD
-><DT
->SV_TYPE_DOMAIN_ENUM</DT
-><DD
-><P
->0x80000000  Enumerate Domains. The pszServer and pszDomain parameters must be NULL.</P
-></DD
-></DL
-></DIV
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->500 - platform_id</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to name</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->5 - major version</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->4 - minor version</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->type (SV_TYPE_... bit field)</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to comment</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->sv101_name - unicode string of server name</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->sv_101_comment  - unicode string of server comment.</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to get unicode string 4-byte aligned with start of the SMB header.</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1570">MSRPC over Transact Named Pipe</H2
-><P
->For details on the SMB Transact Named Pipe, see cifs6.txt</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1573">MSRPC Pipes</H3
-><P
->The MSRPC is conducted over an SMB Transact Pipe with a name of 
-<TT
-CLASS="FILENAME"
->\PIPE\</TT
->.  You must first obtain a 16 bit file handle, by
-sending a SMBopenX with the pipe name <TT
-CLASS="FILENAME"
->\PIPE\srvsvc</TT
-> for
-example.  You can then perform an SMB Trans,
-and must carry out an SMBclose on the file handle once you are finished.</P
-><P
->Trans Requests must be sent with two setup UINT16s, no UINT16 params (none
-known about), and UINT8 data parameters sufficient to contain the MSRPC
-header, and MSRPC data.  The first UINT16 setup parameter must be either
-0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle
-state.  The second UINT16 parameter must be the file handle for the pipe,
-obtained above.</P
-><P
->The Data section for an API Command of 0x0026 (RPC pipe) in the Trans
-Request is the RPC Header, followed by the RPC Data.  The Data section for
-an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes.  The
-only value seen for these two bytes is 0x00 0x43.</P
-><P
->MSRPC Responses are sent as response data inside standard SMB Trans
-responses, with the MSRPC Header, MSRPC Data and MSRPC tail.</P
-><P
->It is suspected that the Trans Requests will need to be at least 2-byte
-aligned (probably 4-byte).  This is standard practice for SMBs.  It is also
-independent of the observed 4-byte alignments with the start of the MSRPC
-header, including the 4-byte alignment between the MSRPC header and the
-MSRPC data.</P
-><P
->First, an SMBtconX connection is made to the IPC$ share.  The connection
-must be made using encrypted passwords, not clear-text.  Then, an SMBopenX
-is made on the pipe.  Then, a Set Named Pipe Handle State must be sent,
-after which the pipe is ready to accept API commands.  Lastly, and SMBclose
-is sent.</P
-><P
->To be resolved:</P
-><P
->lkcl/01nov97 there appear to be two additional bytes after the null-terminated \PIPE\ name for the RPC pipe.  Values seen so far are
-listed below:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->        initial SMBopenX request:         RPC API command 0x26 params:
-        "\\PIPE\\lsarpc"                  0x65 0x63; 0x72 0x70; 0x44 0x65;
-        "\\PIPE\\srvsvc"                  0x73 0x76; 0x4E 0x00; 0x5C 0x43;</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1587">Header</H3
-><P
->[section to be rewritten, following receipt of work by Duncan Stansfield]</P
-><P
->Interesting note: if you set packed data representation to 0x0100 0000
-then all 4-byte and 2-byte word ordering is turned around!</P
-><P
->The start of each of the NTLSA and NETLOGON named pipes begins with:</P
-><P
-><B
->offset: </B
->00</P
-><P
-><B
->Variable type: </B
->UINT8</P
-><P
-><B
->Variable data: </B
->5 - RPC major version</P
-><P
-><B
->offset: </B
->01</P
-><P
-><B
->Variable type: </B
->UINT8</P
-><P
-><B
->Variable data: </B
->0 - RPC minor version</P
-><P
-><B
->offset: </B
->02</P
-><P
-><B
->Variable type: </B
->UINT8</P
-><P
-><B
->Variable data: </B
->2 - RPC response packet</P
-><P
-><B
->offset: </B
->03</P
-><P
-><B
->Variable type: </B
->UINT8</P
-><P
-><B
->Variable data: </B
->3 - (FirstFrag bit-wise or with LastFrag)</P
-><P
-><B
->offset: </B
->04</P
-><P
-><B
->Variable type: </B
->UINT32</P
-><P
-><B
->Variable data: </B
->0x1000 0000 - packed data representation</P
-><P
-><B
->offset: </B
->08</P
-><P
-><B
->Variable type: </B
->UINT16</P
-><P
-><B
->Variable data: </B
->fragment length - data size (bytes) inc header and tail.</P
-><P
-><B
->offset: </B
->0A</P
-><P
-><B
->Variable type: </B
->UINT16</P
-><P
-><B
->Variable data: </B
->0 - authentication length </P
-><P
-><B
->offset: </B
->0C</P
-><P
-><B
->Variable type: </B
->UINT32</P
-><P
-><B
->Variable data: </B
->call identifier. matches 12th UINT32 of incoming RPC data.</P
-><P
-><B
->offset: </B
->10</P
-><P
-><B
->Variable type: </B
->UINT32</P
-><P
-><B
->Variable data: </B
->allocation hint - data size (bytes) minus header and tail.</P
-><P
-><B
->offset: </B
->14</P
-><P
-><B
->Variable type: </B
->UINT16</P
-><P
-><B
->Variable data: </B
->0 - presentation context identifier</P
-><P
-><B
->offset: </B
->16</P
-><P
-><B
->Variable type: </B
->UINT8</P
-><P
-><B
->Variable data: </B
->0 - cancel count</P
-><P
-><B
->offset: </B
->17</P
-><P
-><B
->Variable type: </B
->UINT8</P
-><P
-><B
->Variable data: </B
->in replies: 0 - reserved; in requests: opnum - see #defines.</P
-><P
-><B
->offset: </B
->18</P
-><P
-><B
->Variable type: </B
->......</P
-><P
-><B
->Variable data: </B
->start of data (goes on for allocation_hint bytes)</P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1648">RPC_Packet for request, response, bind and bind acknowledgement</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT8 versionmaj</DT
-><DD
-><P
->reply same as request (0x05)</P
-></DD
-><DT
->UINT8 versionmin</DT
-><DD
-><P
->reply same as request (0x00)</P
-></DD
-><DT
->UINT8 type</DT
-><DD
-><P
->one of the MSRPC_Type enums</P
-></DD
-><DT
->UINT8 flags</DT
-><DD
-><P
->reply same as request (0x00 for Bind, 0x03 for Request)</P
-></DD
-><DT
->UINT32 representation</DT
-><DD
-><P
->reply same as request (0x00000010)</P
-></DD
-><DT
->UINT16 fraglength</DT
-><DD
-><P
->the length of the data section of the SMB trans packet</P
-></DD
-><DT
->UINT16 authlength</DT
-><DD
-><P
-></P
-></DD
-><DT
->UINT32 callid</DT
-><DD
-><P
->call identifier. (e.g. 0x00149594)</P
-></DD
-><DT
->* stub USE TvPacket</DT
-><DD
-><P
->the remainder of the packet depending on the "type"</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1687">Interface identification</H4
-><P
->the interfaces are numbered. as yet I haven't seen more than one interface used on the same pipe name srvsvc</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003)
-transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002)</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1692">RPC_Iface RW</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT8 byte[16]</DT
-><DD
-><P
->16 bytes of number</P
-></DD
-><DT
->UINT32 version</DT
-><DD
-><P
->the interface number</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1703">RPC_ReqBind RW</H4
-><P
->the remainder of the packet after the header if "type" was Bind in the response header, "type" should be BindAck</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16 maxtsize</DT
-><DD
-><P
->maximum transmission fragment size (0x1630)</P
-></DD
-><DT
->UINT16 maxrsize</DT
-><DD
-><P
->max receive fragment size (0x1630)</P
-></DD
-><DT
->UINT32 assocgid</DT
-><DD
-><P
->associated group id (0x0)</P
-></DD
-><DT
->UINT32 numelements</DT
-><DD
-><P
->the number of elements (0x1)</P
-></DD
-><DT
->UINT16 contextid</DT
-><DD
-><P
->presentation context identifier (0x0)</P
-></DD
-><DT
->UINT8 numsyntaxes</DT
-><DD
-><P
->the number of syntaxes (has always been 1?)(0x1)</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->4-byte alignment padding, against SMB header</P
-></DD
-><DT
->* abstractint USE RPC_Iface</DT
-><DD
-><P
->num and vers. of interface client is using</P
-></DD
-><DT
->* transferint USE RPC_Iface</DT
-><DD
-><P
->num and vers. of interface to use for replies</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1743">RPC_Address RW</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16 length</DT
-><DD
-><P
->length of the string including null terminator</P
-></DD
-><DT
->* port USE string</DT
-><DD
-><P
->the string above in single byte, null terminated form</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1754">RPC_ResBind RW</H4
-><P
->the response to place after the header in the reply packet</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16 maxtsize</DT
-><DD
-><P
->same as request</P
-></DD
-><DT
->UINT16 maxrsize</DT
-><DD
-><P
->same as request</P
-></DD
-><DT
->UINT32 assocgid</DT
-><DD
-><P
->zero</P
-></DD
-><DT
->* secondaddr USE RPC_Address</DT
-><DD
-><P
->the address string, as described earlier</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->4-byte alignment padding, against SMB header</P
-></DD
-><DT
->UINT8 numresults</DT
-><DD
-><P
->the number of results (0x01)</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->4-byte alignment padding, against SMB header</P
-></DD
-><DT
->UINT16 result</DT
-><DD
-><P
->result (0x00 = accept)</P
-></DD
-><DT
->UINT16 reason</DT
-><DD
-><P
->reason (0x00 = no reason specified)</P
-></DD
-><DT
->* transfersyntax USE RPC_Iface</DT
-><DD
-><P
->the transfer syntax from the request</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1798">RPC_ReqNorm RW</H4
-><P
->the remainder of the packet after the header for every other other request</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32 allochint</DT
-><DD
-><P
->the size of the stub data in bytes</P
-></DD
-><DT
->UINT16 prescontext</DT
-><DD
-><P
->presentation context identifier (0x0)</P
-></DD
-><DT
->UINT16 opnum</DT
-><DD
-><P
->operation number (0x15)</P
-></DD
-><DT
->* stub USE TvPacket</DT
-><DD
-><P
->a packet dependent on the pipe name (probably the interface) and the op number)</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1818">RPC_ResNorm RW</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32 allochint</DT
-><DD
-><P
-># size of the stub data in bytes</P
-></DD
-><DT
->UINT16 prescontext</DT
-><DD
-><P
-># presentation context identifier (same as request)</P
-></DD
-><DT
->UINT8 cancelcount</DT
-><DD
-><P
-># cancel count? (0x0)</P
-></DD
-><DT
->UINT8 reserved</DT
-><DD
-><P
-># 0 - one byte padding</P
-></DD
-><DT
->* stub USE TvPacket</DT
-><DD
-><P
-># the remainder of the reply</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1841">Tail</H3
-><P
->The end of each of the NTLSA and NETLOGON named pipes ends with:</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->......</DT
-><DD
-><P
->end of data</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->return code</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1853">RPC Bind / Bind Ack</H3
-><P
->RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc)
-with a "transfer syntax" (see RPC_Iface structure).  The purpose for doing
-this is unknown.</P
-><P
-><I
-CLASS="EMPHASIS"
->Note: The RPC_ResBind SMB Transact request is sent with two uint16 setup parameters.  The first is 0x0026; the second is the file handle
-	returned by the SMBopenX Transact response.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	The RPC_ResBind members maxtsize, maxrsize and assocgid are the same in the response as the same members in the RPC_ReqBind.  The
-	RPC_ResBind member transfersyntax is the same in the response as
-	the</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	The RPC_ResBind response member secondaddr contains the name of what is presumed to be the service behind the RPC pipe.  The
-	mapping identified so far is:</I
-></P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->initial SMBopenX request:</DT
-><DD
-><P
->RPC_ResBind response:</P
-></DD
-><DT
->"\\PIPE\\srvsvc"</DT
-><DD
-><P
->"\\PIPE\\ntsvcs"</P
-></DD
-><DT
->"\\PIPE\\samr"</DT
-><DD
-><P
->"\\PIPE\\lsass"</P
-></DD
-><DT
->"\\PIPE\\lsarpc"</DT
-><DD
-><P
->"\\PIPE\\lsass"</P
-></DD
-><DT
->"\\PIPE\\wkssvc"</DT
-><DD
-><P
->"\\PIPE\\wksvcs"</P
-></DD
-><DT
->"\\PIPE\\NETLOGON"</DT
-><DD
-><P
->"\\PIPE\\NETLOGON"</P
-></DD
-></DL
-></DIV
-><P
-><I
-CLASS="EMPHASIS"
->Note:	The RPC_Packet fraglength member in both the Bind Request and Bind Acknowledgment must contain the length of the entire RPC data, including the RPC_Packet header.</I
-></P
-><P
->Request:</P
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->RPC_Packet</TD
-></TR
-><TR
-><TD
->RPC_ReqBind</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-><P
->Response:</P
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->RPC_Packet</TD
-></TR
-><TR
-><TD
->RPC_ResBind</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1897">NTLSA Transact Named Pipe</H3
-><P
->The sequence of actions taken on this pipe are:</P
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->Establish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.</TD
-></TR
-><TR
-><TD
->Open an RPC Pipe with the name "\\PIPE\\lsarpc".  Store the file handle.</TD
-></TR
-><TR
-><TD
->Using the file handle, send a Set Named Pipe Handle state to 0x4300.</TD
-></TR
-><TR
-><TD
->Send an LSA Open Policy request.  Store the Policy Handle.</TD
-></TR
-><TR
-><TD
->Using the Policy Handle, send LSA Query Info Policy requests, etc.</TD
-></TR
-><TR
-><TD
->Using the Policy Handle, send an LSA Close.</TD
-></TR
-><TR
-><TD
->Close the IPC$ share.</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-><P
->Defines for this pipe, identifying the query are:</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->LSA Open Policy:</DT
-><DD
-><P
->0x2c</P
-></DD
-><DT
->LSA Query Info Policy:</DT
-><DD
-><P
->0x07</P
-></DD
-><DT
->LSA Enumerate Trusted Domains:</DT
-><DD
-><P
->0x0d</P
-></DD
-><DT
->LSA Open Secret:</DT
-><DD
-><P
->0xff</P
-></DD
-><DT
->LSA Lookup SIDs:</DT
-><DD
-><P
->0xfe</P
-></DD
-><DT
->LSA Lookup Names:</DT
-><DD
-><P
->0xfd</P
-></DD
-><DT
->LSA Close:</DT
-><DD
-><P
->0x00</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1938">LSA Open Policy</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	The policy handle can be anything you like.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1942">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->buffer pointer</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->server name - unicode string starting with two '\'s</P
-></DD
-><DT
->OBJ_ATTR</DT
-><DD
-><P
->object attributes</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->1 - desired access</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1961">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->POL_HND</DT
-><DD
-><P
->LSA policy handle</P
-></DD
-><DT
->return</DT
-><DD
-><P
->0 - indicates success</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1972">LSA Query Info Policy</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	The info class in response must be the same as that in the request.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1976">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->POL_HND</DT
-><DD
-><P
->LSA policy handle</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->info class (also a policy handle?)</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1987">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->info class (same as info class in request).</P
-></DD
-></DL
-></DIV
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->switch (info class)
-case 3:
-case 5:
-{
-DOM_INFO domain info, levels 3 and 5 (are the same).
-}
-
-return    0 - indicates success</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2000">LSA Enumerate Trusted Domains</H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN2002">Request</H4
-><P
->no extra data</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2005">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->0 - enumeration context</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - entries read</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - trust information</P
-></DD
-><DT
->return</DT
-><DD
-><P
->0x8000 001a - "no trusted domains" success code</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2024">LSA Open Secret</H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN2026">Request</H4
-><P
->no extra data</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2029">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->0 - undocumented</P
-></DD
-></DL
-></DIV
-><P
->return    0x0C00 0034 - "no such secret" success code</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2053">LSA Close</H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN2055">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->POL_HND</DT
-><DD
-><P
->policy handle to be closed</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2062">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->POL_HND</DT
-><DD
-><P
->0s - closed policy handle (all zeros)</P
-></DD
-></DL
-></DIV
-><P
->return    0 - indicates success</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2070">LSA Lookup SIDS</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	num_entries in response must be same as num_entries in request.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2074">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->POL_HND</DT
-><DD
-><P
->LSA policy handle</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain SID buffer pointer</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain name buffer pointer</P
-></DD
-><DT
->VOID*[num_entries] undocumented domain SID pointers to be looked up.</DT
-><DD
-><P
->DOM_SID[num_entries] domain SIDs to be looked up.</P
-></DD
-><DT
->char[16]</DT
-><DD
-><P
->completely undocumented 16 bytes.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2101">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->DOM_REF</DT
-><DD
-><P
->domain reference response</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries (listed above)</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries (listed above)</P
-></DD
-><DT
->DOM_SID2[num_entries]</DT
-><DD
-><P
->domain SIDs (from Request, listed above).</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries (listed above)</P
-></DD
-></DL
-></DIV
-><P
->return                0 - indicates success</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2129">LSA Lookup Names</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	num_entries in response must be same as num_entries in request.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2133">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->POL_HND</DT
-><DD
-><P
->LSA policy handle</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain SID buffer pointer</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented domain name buffer pointer</P
-></DD
-><DT
->NAME[num_entries]</DT
-><DD
-><P
->names to be looked up.</P
-></DD
-><DT
->char[]</DT
-><DD
-><P
->undocumented bytes - falsely translated SID structure?</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2164">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->DOM_REF</DT
-><DD
-><P
->domain reference response</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries (listed above)</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries (listed above)</P
-></DD
-><DT
->DOM_RID[num_entries]</DT
-><DD
-><P
->domain SIDs (from Request, listed above).</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->num_entries (listed above)</P
-></DD
-></DL
-></DIV
-><P
->return                0 - indicates success</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2192">NETLOGON rpc Transact Named Pipe</H2
-><P
->The sequence of actions taken on this pipe are:</P
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->tablish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.</TD
-></TR
-><TR
-><TD
->en an RPC Pipe with the name "\\PIPE\\NETLOGON".  Store the file handle.</TD
-></TR
-><TR
-><TD
->ing the file handle, send a Set Named Pipe Handle state to 0x4300.</TD
-></TR
-><TR
-><TD
->eate Client Challenge. Send LSA Request Challenge.  Store Server Challenge.</TD
-></TR
-><TR
-><TD
->lculate Session Key.  Send an LSA Auth 2 Challenge.  Store Auth2 Challenge.</TD
-></TR
-><TR
-><TD
->lc/Verify Client Creds.  Send LSA Srv PW Set.  Calc/Verify Server Creds.</TD
-></TR
-><TR
-><TD
->lc/Verify Client Creds.  Send LSA SAM Logon .  Calc/Verify Server Creds.</TD
-></TR
-><TR
-><TD
->lc/Verify Client Creds.  Send LSA SAM Logoff.  Calc/Verify Server Creds.</TD
-></TR
-><TR
-><TD
->ose the IPC$ share.</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-><P
->Defines for this pipe, identifying the query are</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->LSA Request Challenge:</DT
-><DD
-><P
->0x04</P
-></DD
-><DT
->LSA Server Password Set:</DT
-><DD
-><P
->0x06</P
-></DD
-><DT
->LSA SAM Logon:</DT
-><DD
-><P
->0x02</P
-></DD
-><DT
->LSA SAM Logoff:</DT
-><DD
-><P
->0x03</P
-></DD
-><DT
->LSA Auth 2:</DT
-><DD
-><P
->0x0f</P
-></DD
-><DT
->LSA Logon Control:</DT
-><DD
-><P
->0x0e</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2231">LSA Request Challenge</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	logon server name starts with two '\' characters and is upper case.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	logon client is the machine, not the user.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	the initial LanManager password hash, against which the challenge is issued, is the machine name itself (lower case).  there will becalls issued (LSA Server Password Set) which will change this, later. refusing these calls allows you to always deal with the same password (i.e the LM# of the machine name in lower case).</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2239">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon server unicode string</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->logon client unicode string</P
-></DD
-><DT
->char[8]</DT
-><DD
-><P
->client challenge</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2258">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->char[8]</DT
-><DD
-><P
->server challenge</P
-></DD
-></DL
-></DIV
-><P
->return    0 - indicates success</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2266">LSA Authenticate 2</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	in between request and response, calculate the client credentials, and check them against the client-calculated credentials (this process uses the previously received client credentials).</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	neg_flags in the response is the same as that in the request.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	you must take a copy of the client-calculated credentials received 	here, because they will be used in subsequent authentication packets.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2274">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->LOG_INFO</DT
-><DD
-><P
->client identification info</P
-></DD
-><DT
->char[8]</DT
-><DD
-><P
->client-calculated credentials</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to 4-byte align with start of SMB header.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->neg_flags - negotiated flags (usual value is 0x0000 01ff)</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2293">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->char[8]</DT
-><DD
-><P
->server credentials.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->neg_flags - same as neg_flags in request.</P
-></DD
-></DL
-></DIV
-><P
->return    0 - indicates success.  failure value unknown.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2305">LSA Server Password Set</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note: the new password is suspected to be a DES encryption using the old password to generate the key.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note: in between request and response, calculate the client credentials, and check them against the client-calculated credentials (this process uses the previously received client credentials).</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note: the server credentials are constructed from the client-calculated credentials and the client time + 1 second.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note: you must take a copy of the client-calculated credentials received here, because they will be used in subsequent authentication packets.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2315">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->CLNT_INFO</DT
-><DD
-><P
->client identification/authentication info</P
-></DD
-><DT
->char[]</DT
-><DD
-><P
->new password - undocumented.</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2326">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->CREDS</DT
-><DD
-><P
->server credentials.  server time stamp appears to be ignored.</P
-></DD
-></DL
-></DIV
-><P
->return    0 - indicates success; 0xC000 006a indicates failure</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2334">LSA SAM Logon</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	valid_user is True iff the username and password hash are valid for
-	the requested domain.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2338">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->SAM_INFO</DT
-><DD
-><P
->sam_id structure</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2345">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->CREDS</DT
-><DD
-><P
->server credentials.  server time stamp appears to be ignored.</P
-></DD
-></DL
-></DIV
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->if (valid_user)
-{
-	UINT16      3 - switch value indicating USER_INFO structure.
-    VOID*     non-zero - pointer to USER_INFO structure
-    USER_INFO user logon information
-
-    UINT32    1 - Authoritative response; 0 - Non-Auth?
-
-    return    0 - indicates success
-}
-else
-{
-	UINT16    0 - switch value.  value to indicate no user presumed.
-    VOID*     0x0000 0000 - indicates no USER_INFO structure.
-
-    UINT32    1 - Authoritative response; 0 - Non-Auth?
-
-    return    0xC000 0064 - NT_STATUS_NO_SUCH_USER.
-}</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2358">LSA SAM Logoff</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	presumably, the SAM_INFO structure is validated, and a (currently
-	undocumented) error code returned if the Logoff is invalid.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2362">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->SAM_INFO</DT
-><DD
-><P
->sam_id structure</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2369">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->undocumented buffer pointer</P
-></DD
-><DT
->CREDS</DT
-><DD
-><P
->server credentials.  server time stamp appears to be ignored.</P
-></DD
-></DL
-></DIV
-><P
->return      0 - indicates success.  undocumented failure indication.</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2381">\\MAILSLOT\NET\NTLOGON</H2
-><P
-><I
-CLASS="EMPHASIS"
->Note:	mailslots will contain a response mailslot, to which the response
-	should be sent.  the target NetBIOS name is REQUEST_NAME&#60;20&#62;, where
-	REQUEST_NAME is the name of the machine that sent the request.</I
-></P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2385">Query for PDC</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	NTversion, LMNTtoken, LM20token in response are the same as those 	given in the request.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2389">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16</DT
-><DD
-><P
->0x0007 - Query for PDC</P
-></DD
-><DT
->STR</DT
-><DD
-><P
->machine name</P
-></DD
-><DT
->STR</DT
-><DD
-><P
->response mailslot</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to 2-byte align with start of mailslot.</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->machine name</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->NTversion</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LMNTtoken</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LM20token</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2424">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16</DT
-><DD
-><P
->0x000A - Respose to Query for PDC</P
-></DD
-><DT
->STR</DT
-><DD
-><P
->machine name (in uppercase)</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to 2-byte align with start of mailslot.</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->machine name</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->domain name</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->NTversion (same as received in request)</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LMNTtoken (same as received in request)</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LM20token (same as received in request)</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2459">SAM Logon</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note: machine name in response is preceded by two '\' characters.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	NTversion, LMNTtoken, LM20token in response are the same as those given in the request.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	user name in the response is presumably the same as that in the request.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2467">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16</DT
-><DD
-><P
->0x0012 - SAM Logon</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->request count</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->machine name</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->user name</P
-></DD
-><DT
->STR</DT
-><DD
-><P
->response mailslot</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->alloweable account</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->domain SID size</P
-></DD
-><DT
->char[sid_size]</DT
-><DD
-><P
->domain SID, of sid_size bytes.</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->???? padding to 4? 2? -byte align with start of mailslot.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->NTversion</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LMNTtoken</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LM20token</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2518">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT16</DT
-><DD
-><P
->0x0013 - Response to SAM Logon</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->machine name</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->user name - workstation trust account</P
-></DD
-><DT
->UNISTR</DT
-><DD
-><P
->domain name </P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->NTversion</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LMNTtoken</P
-></DD
-><DT
->UINT16</DT
-><DD
-><P
->LM20token</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2549">SRVSVC Transact Named Pipe</H2
-><P
->Defines for this pipe, identifying the query are:</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Net Share Enum</DT
-><DD
-><P
->0x0f</P
-></DD
-><DT
->Net Server Get Info</DT
-><DD
-><P
->0x15</P
-></DD
-></DL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2561">Net Share Enum</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	share level and switch value in the response are presumably the same as those in the request.</I
-></P
-><P
-><I
-CLASS="EMPHASIS"
->Note:	cifsrap2.txt (section 5) may be of limited assistance here.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2567">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->VOID*</DT
-><DD
-><P
->pointer (to server name?)</P
-></DD
-><DT
->UNISTR2</DT
-><DD
-><P
->server name</P
-></DD
-><DT
->UINT8[]</DT
-><DD
-><P
->padding to get unicode string 4-byte aligned with the start of the SMB header.</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->share level</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->switch value</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to SHARE_INFO_1_CTR</P
-></DD
-><DT
->SHARE_INFO_1_CTR</DT
-><DD
-><P
->share info with 0 entries</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->preferred maximum length (0xffff ffff)</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2602">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->share level</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->switch value</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to SHARE_INFO_1_CTR</P
-></DD
-><DT
->SHARE_INFO_1_CTR</DT
-><DD
-><P
->share info (only added if share info ptr is non-zero)</P
-></DD
-></DL
-></DIV
-><P
->return            0 - indicates success</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2622">Net Server Get Info</H3
-><P
-><I
-CLASS="EMPHASIS"
->Note:	level is the same value as in the request.</I
-></P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2626">Request</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UNISTR2</DT
-><DD
-><P
->server name</P
-></DD
-><DT
->UINT32</DT
-><DD
-><P
->switch level</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2637">Response</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->UINT32</DT
-><DD
-><P
->switch level</P
-></DD
-><DT
->VOID*</DT
-><DD
-><P
->pointer to SERVER_INFO_101</P
-></DD
-><DT
->SERVER_INFO_101</DT
-><DD
-><P
->server info (only added if server info ptr is non-zero)</P
-></DD
-></DL
-></DIV
-><P
->return            0 - indicates success</P
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2653">Cryptographic side of NT Domain Authentication</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN2655">Definitions</H3
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Add(A1,A2)</DT
-><DD
-><P
->Intel byte ordered addition of corresponding 4 byte words in arrays A1 and A2</P
-></DD
-><DT
->E(K,D)</DT
-><DD
-><P
->DES ECB encryption of 8 byte data D using 7 byte key K</P
-></DD
-><DT
->lmowf()</DT
-><DD
-><P
->Lan man hash</P
-></DD
-><DT
->ntowf()</DT
-><DD
-><P
->NT hash</P
-></DD
-><DT
->PW</DT
-><DD
-><P
->md4(machine_password) == md4(lsadump $machine.acc) ==
-pwdump(machine$) (initially) == md4(lmowf(unicode(machine)))</P
-></DD
-><DT
->ARC4(K,Lk,D,Ld)</DT
-><DD
-><P
->ARC4 encryption of data D of length Ld with key K of length Lk</P
-></DD
-><DT
->v[m..n(,l)]</DT
-><DD
-><P
->subset of v from bytes m to n, optionally padded with zeroes to length l</P
-></DD
-><DT
->Cred(K,D)</DT
-><DD
-><P
->E(K[7..7,7],E(K[0..6],D)) computes a credential</P
-></DD
-><DT
->Time()</DT
-><DD
-><P
->4 byte current time</P
-></DD
-><DT
->Cc,Cs</DT
-><DD
-><P
->8 byte client and server challenges Rc,Rs: 8 byte client and server credentials</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2698">Protocol</H3
-><P
->C-&#62;S ReqChal,Cc S-&#62;C Cs</P
-><P
->C &#38; S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))</P
-><P
->C: Rc = Cred(Ks,Cc) C-&#62;S Authenticate,Rc S: Rs = Cred(Ks,Cs),
-assert(Rc == Cred(Ks,Cc)) S-&#62;C Rs C: assert(Rs == Cred(Ks,Cs))</P
-><P
->On joining the domain the client will optionally attempt to change its
-password and the domain controller may refuse to update it depending
-on registry settings. This will also occur weekly afterwards.</P
-><P
->C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&#62;S ServerPasswordSet,Rc',Tc,
-arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
-assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
-S-&#62;C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'</P
-><P
->User: U with password P wishes to login to the domain (incidental data
-such as workstation and domain omitted)</P
-><P
->C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C-&#62;S NetLogonSamLogon,Rc',Tc,U,
-arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
-assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
-Ts = Time()</P
-><P
->S-&#62;C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C:
-assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1)</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2708">Comments</H3
-><P
->On first joining the domain the session key could be computed by
-anyone listening in on the network as the machine password has a well
-known value. Until the machine is rebooted it will use this session
-key to encrypt NT and LM one way functions of passwords which are
-password equivalents. Any user who logs in before the machine has been
-rebooted a second time will have their password equivalent exposed. Of
-course the new machine password is exposed at this time anyway.</P
-><P
->None of the returned user info such as logon script, profile path and
-SIDs *appear* to be protected by anything other than the TCP checksum.</P
-><P
->The server time stamps appear to be ignored.</P
-><P
->The client sends a ReturnAuthenticator in the SamLogon request which I
-can't find a use for.  However its time is used as the timestamp
-returned by the server.</P
-><P
->The password OWFs should NOT be sent over the network reversibly
-encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server
-computing the same function using the owf values in the SAM.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2715">SIDs and RIDs</H2
-><P
->SIDs and RIDs are well documented elsewhere.</P
-><P
->A SID is an NT Security ID (see DOM_SID structure).  They are of the form:</P
-><P
-></P
-><TABLE
-BORDER="0"
-><TBODY
-><TR
-><TD
->revision-NN-SubAuth1-SubAuth2-SubAuth3... </TD
-></TR
-><TR
-><TD
->revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3...</TD
-></TR
-></TBODY
-></TABLE
-><P
-></P
-><P
->currently, the SID revision is 1.
-The Sub-Authorities are known as Relative IDs (RIDs).</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2723">Well-known SIDs</H3
-><DIV
-CLASS="SECT3"
-><H4
-CLASS="SECT3"
-><A
-NAME="AEN2725">Universal well-known SIDs</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->Null SID</DT
-><DD
-><P
->S-1-0-0</P
-></DD
-><DT
->World</DT
-><DD
-><P
->S-1-1-0</P
-></DD
-><DT
->Local</DT
-><DD
-><P
->S-1-2-0</P
-></DD
-><DT
->Creator Owner ID</DT
-><DD
-><P
->S-1-3-0</P
-></DD
-><DT
->Creator Group ID</DT
-><DD
-><P
->S-1-3-1</P
-></DD
-><DT
->Creator Owner Server ID</DT
-><DD
-><P
->S-1-3-2</P
-></DD
-><DT
->Creator Group Server ID</DT
-><DD
-><P
->S-1-3-3</P
-></DD
-><DT
->(Non-unique IDs)</DT
-><DD
-><P
->S-1-4</P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2760">NT well-known SIDs</H4
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->NT Authority</DT
-><DD
-><P
->S-1-5</P
-></DD
-><DT
->Dialup</DT
-><DD
-><P
->S-1-5-1</P
-></DD
-><DT
->Network</DT
-><DD
-><P
->S-1-5-2</P
-></DD
-><DT
->Batch</DT
-><DD
-><P
->S-1-5-3</P
-></DD
-><DT
->Interactive</DT
-><DD
-><P
->S-1-5-4</P
-></DD
-><DT
->Service</DT
-><DD
-><P
->S-1-5-6</P
-></DD
-><DT
->AnonymousLogon(aka null logon session)</DT
-><DD
-><P
->S-1-5-7</P
-></DD
-><DT
->Proxy</DT
-><DD
-><P
->S-1-5-8</P
-></DD
-><DT
->ServerLogon(aka domain controller account)</DT
-><DD
-><P
->S-1-5-8</P
-></DD
-><DT
->(Logon IDs)</DT
-><DD
-><P
->S-1-5-5-X-Y</P
-></DD
-><DT
->(NT non-unique IDs)</DT
-><DD
-><P
->S-1-5-0x15-...</P
-></DD
-><DT
->(Built-in domain)</DT
-><DD
-><P
->s-1-5-0x20</P
-></DD
-></DL
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2811">Well-known RIDS</H3
-><P
->A RID is a sub-authority value, as part of either a SID, or in the case
-of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1
-structure, in the LSA SAM Logon response.</P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2814">Well-known RID users</H4
-><P
-><B
->Groupname: </B
->DOMAIN_USER_RID_ADMIN</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->01F4</P
-><P
-><B
->Groupname: </B
->DOMAIN_USER_RID_GUEST</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->01F5</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2828">Well-known RID groups</H4
-><P
-><B
->Groupname: </B
->	DOMAIN_GROUP_RID_ADMINS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0200</P
-><P
-><B
->Groupname: </B
->	DOMAIN_GROUP_RID_USERS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0201</P
-><P
-><B
->Groupname: </B
->	DOMAIN_GROUP_RID_GUESTS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0202</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN2846">Well-known RID aliases</H4
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_ADMINS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0220</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_USERS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0221</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_GUESTS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0222</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_POWER_USERS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0223</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_ACCOUNT_OPS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0224</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_SYSTEM_OPS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0225</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_PRINT_OPS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0226</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_BACKUP_OPS</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0227</P
-><P
-><B
->Groupname: </B
->	DOMAIN_ALIAS_RID_REPLICATOR</P
-><P
-><B
->????: </B
->0x0000</P
-><P
-><B
->RID: </B
->0228</P
-></DIV
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="PRINTING">Samba Printing Internals</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN2895">Abstract</H2
-><P
->The purpose of this document is to provide some insight into
-Samba's printing functionality and also to describe the semantics
-of certain features of Windows client printing.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2898">Printing Interface to Various Back ends</H2
-><P
->Samba uses a table of function pointers to seven functions.  The
-function prototypes are defined in the <TT
-CLASS="VARNAME"
->printif</TT
-> structure declared
-in <TT
-CLASS="FILENAME"
->printing.h</TT
->.</P
-><P
-></P
-><UL
-><LI
-><P
->retrieve the contents of a print queue</P
-></LI
-><LI
-><P
->pause the print queue</P
-></LI
-><LI
-><P
->resume a paused print queue</P
-></LI
-><LI
-><P
->delete a job from the queue</P
-></LI
-><LI
-><P
->pause a job in the print queue</P
-></LI
-><LI
-><P
->result a paused print job in the queue</P
-></LI
-><LI
-><P
->submit a job to the print queue</P
-></LI
-></UL
-><P
->Currently there are only two printing back end implementations
-defined.</P
-><P
-></P
-><UL
-><LI
-><P
->a generic set of functions for working with standard UNIX
-	printing subsystems</P
-></LI
-><LI
-><P
->a set of CUPS specific functions (this is only enabled if
-	the CUPS libraries were located at compile time).</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2924">Print Queue TDB's</H2
-><P
->Samba provides periodic caching of the output from the "lpq command"
-for performance reasons.  This cache time is configurable in seconds.
-Obviously the longer the cache time the less often smbd will be
-required to exec a copy of lpq.  However, the accuracy of the print
-queue contents displayed to clients will be diminished as well.</P
-><P
->The list of currently opened print queue TDB's can be found
-be examining the list of tdb_print_db structures ( see print_db_head
-in printing.c ). A queue TDB is opened using the wrapper function
-printing.c:get_print_db_byname().  The function ensures that smbd
-does not open more than MAX_PRINT_DBS_OPEN in an effort to prevent
-a large print server from exhausting all available file descriptors.
-If the number of open queue TDB's exceeds the MAX_PRINT_DBS_OPEN
-limit, smbd falls back to a most recently used algorithm for maintaining
-a list of open TDB's.</P
-><P
->There are two ways in which a a print job can be entered into
-a print queue's TDB.  The first is to submit the job from a Windows
-client which will insert the job information directly into the TDB.
-The second method is to have the print job picked up by executing the
-"lpq command".</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->/* included from printing.h */
-struct printjob {
-	pid_t pid; /* which process launched the job */
-	int sysjob; /* the system (lp) job number */
-	int fd; /* file descriptor of open file if open */
-	time_t starttime; /* when the job started spooling */
-	int status; /* the status of this job */
-	size_t size; /* the size of the job so far */
-	int page_count;	/* then number of pages so far */
-	BOOL spooled; /* has it been sent to the spooler yet? */
-	BOOL smbjob; /* set if the job is a SMB job */
-	fstring filename; /* the filename used to spool the file */
-	fstring jobname; /* the job name given to us by the client */
-	fstring user; /* the user who started the job */
-	fstring queuename; /* service number of printer for this job */
-	NT_DEVICEMODE *nt_devmode;
-};</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The current manifestation of the printjob structure contains a field
-for the UNIX job id returned from the "lpq command" and a Windows job
-ID (32-bit bounded by PRINT_MAX_JOBID).  When a print job is returned
-by the "lpq command" that does not match an existing job in the queue's
-TDB, a 32-bit job ID above the &#60;*vance doesn't know what word is missing here*&#62; is generating by adding UNIX_JOB_START to
-the id reported by lpq.</P
-><P
->In order to match a 32-bit Windows jobid onto a 16-bit lanman print job
-id, smbd uses an in memory TDB to match the former to a number appropriate
-for old lanman clients.</P
-><P
->When updating a print queue, smbd will perform the following
-steps ( refer to <TT
-CLASS="FILENAME"
->print.c:print_queue_update()</TT
-> ):</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->Check to see if another smbd is currently in 
-	the process of updating the queue contents by checking the pid 
-	stored in <TT
-CLASS="CONSTANT"
->LOCK/<TT
-CLASS="REPLACEABLE"
-><I
->printer_name</I
-></TT
-></TT
->.  
-	If so, then do not update the TDB.</P
-></LI
-><LI
-><P
->Lock the mutex entry in the TDB and store our own pid.
-	Check that this succeeded, else fail.</P
-></LI
-><LI
-><P
->Store the updated time stamp for the new cache
-	listing</P
-></LI
-><LI
-><P
->Retrieve the queue listing via "lpq command"</P
-></LI
-><LI
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	foreach job in the queue
-     	{
-		if the job is a UNIX job, create a new entry;
-		if the job has a Windows based jobid, then
-		{
-			Lookup the record by the jobid;
-			if the lookup failed, then
-				treat it as a UNIX job;
-			else
-				update the job status only
-		}
-	}</PRE
-></TD
-></TR
-></TABLE
-></P
-></LI
-><LI
-><P
->Delete any jobs in the TDB that are not
-	in the in the lpq listing</P
-></LI
-><LI
-><P
->Store the print queue status in the TDB</P
-></LI
-><LI
-><P
->update the cache time stamp again</P
-></LI
-></OL
-><P
->Note that it is the contents of this TDB that is returned to Windows
-clients and not the actual listing from the "lpq command".</P
-><P
->The NT_DEVICEMODE stored as part of the printjob structure is used to
-store a pointer to a non-default DeviceMode associated with the print
-job.  The pointer will be non-null when the client included a Device
-Mode in the OpenPrinterEx() call and subsequently submitted a job for
-printing on that same handle.  If the client did not include a Device
-Mode in the OpenPrinterEx() request, the nt_devmode field is NULL
-and the job has the printer's device mode associated with it by default.</P
-><P
->Only non-default Device Mode are stored with print jobs in the print
-queue TDB.  Otherwise, the Device Mode is obtained from the printer
-object when the client issues a GetJob(level == 2) request.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2958">ChangeID &#38; Client Caching of Printer Information</H2
-><P
->[To be filled in later]</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2961">Windows NT/2K Printer Change Notify</H2
-><P
->When working with Windows NT+ clients, it is possible for a
-print server to use RPC to send asynchronous change notification
-events to clients for certain printer and print job attributes.
-This can be useful when the client needs to know that a new
-job has been added to the queue for a given printer or that the
-driver for a printer has been changed.  Note that this is done
-entirely orthogonal to cache updates based on a new ChangeID for
-a printer object.</P
-><P
->The basic set of RPC's used to implement change notification are</P
-><P
-></P
-><UL
-><LI
-><P
->RemoteFindFirstPrinterChangeNotifyEx ( RFFPCN )</P
-></LI
-><LI
-><P
->RemoteFindNextPrinterChangeNotifyEx ( RFNPCN )</P
-></LI
-><LI
-><P
->FindClosePrinterChangeNotify( FCPCN )</P
-></LI
-><LI
-><P
->ReplyOpenPrinter</P
-></LI
-><LI
-><P
->ReplyClosePrinter</P
-></LI
-><LI
-><P
->RouteRefreshPrinterChangeNotify ( RRPCN )</P
-></LI
-></UL
-><P
->One additional RPC is available to a server, but is never used by the
-Windows spooler service:</P
-><P
-></P
-><UL
-><LI
-><P
->RouteReplyPrinter()</P
-></LI
-></UL
-><P
->The opnum for all of these RPC's are defined in include/rpc_spoolss.h</P
-><P
->Windows NT print servers use a bizarre method of sending print
-notification event to clients.  The process of registering a new change
-notification handle is as follows.  The 'C' is for client and the
-'S' is for server.  All error conditions have been eliminated.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->C:	Obtain handle to printer or to the printer
-	server via the standard OpenPrinterEx() call.
-S:	Respond with a valid handle to object
-
-C:	Send a RFFPCN request with the previously obtained
-	handle with either (a) set of flags for change events
-	to monitor, or (b) a PRINTER_NOTIFY_OPTIONS structure
-	containing the event information to monitor.  The windows
-	spooler has only been observed to use (b).
-S:	The &#60;* another missing word*&#62; opens a new TCP session to the client (thus requiring
-	all print clients to be CIFS servers as well) and sends
-	a ReplyOpenPrinter() request to the client.
-C:	The client responds with a printer handle that can be used to
-	send event notification messages.
-S:	The server replies success to the RFFPCN request.
-
-C:	The windows spooler follows the RFFPCN with a RFNPCN
-	request to fetch the current values of all monitored
-	attributes.
-S:	The server replies with an array SPOOL_NOTIFY_INFO_DATA
-	structures (contained in a SPOOL_NOTIFY_INFO structure).
-
-C:	If the change notification handle is ever released by the
-	client via a FCPCN request, the server sends a ReplyClosePrinter()
-	request back to the client first.  However a request of this
-	nature from the client is often an indication that the previous
-	notification event was not marshalled correctly by the server
-	or a piece of data was wrong.
-S:	The server closes the internal change notification handle
-	(POLICY_HND) and does not send any further change notification
-	events to the client for that printer or job.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The current list of notification events supported by Samba can be
-found by examining the internal tables in srv_spoolss_nt.c</P
-><P
-></P
-><UL
-><LI
-><P
->printer_notify_table[]</P
-></LI
-><LI
-><P
->job_notify_table[]</P
-></LI
-></UL
-><P
->When an event occurs that could be monitored, smbd sends a message
-to itself about the change.  The list of events to be transmitted
-are queued by the smbd process sending the message to prevent an
-overload of TDB usage and the internal message is sent during smbd's
-idle loop (refer to printing/notify.c and the functions
-send_spoolss_notify2_msg() and print_notify_send_messages() ).</P
-><P
->The decision of whether or not the change is to be sent to connected
-clients is made by the routine which actually sends the notification.
-( refer to srv_spoolss_nt.c:recieve_notify2_message() ).</P
-><P
->Because it possible to receive a listing of multiple changes for
-multiple printers, the notification events must be split into
-categories by the printer name.  This makes it possible to group
-multiple change events to be sent in a single RPC according to the
-printer handle obtained via a ReplyOpenPrinter().</P
-><P
->The actual change notification is performed using the RRPCN request
-RPC.  This packet contains</P
-><P
-></P
-><UL
-><LI
-><P
->the printer handle registered with the
-client's spooler on which the change occurred</P
-></LI
-><LI
-><P
->The change_low value which was sent as part
-of the last RFNPCN request from the client</P
-></LI
-><LI
-><P
->The SPOOL_NOTIFY_INFO container with the event
-information</P
-></LI
-></UL
-><P
->A <TT
-CLASS="VARNAME"
->SPOOL_NOTIFY_INFO</TT
-> contains:</P
-><P
-></P
-><UL
-><LI
-><P
->the version and flags field are predefined
-and should not be changed</P
-></LI
-><LI
-><P
->The count field is the number of entries
-in the SPOOL_NOTIFY_INFO_DATA array</P
-></LI
-></UL
-><P
->The <TT
-CLASS="VARNAME"
->SPOOL_NOTIFY_INFO_DATA</TT
-> entries contain:</P
-><P
-></P
-><UL
-><LI
-><P
->The type defines whether or not this event
-is for a printer or a print job</P
-></LI
-><LI
-><P
->The field is the flag identifying the event</P
-></LI
-><LI
-><P
->the notify_data union contains the new valuie of the
-attribute</P
-></LI
-><LI
-><P
->The enc_type defines the size of the structure for marshalling
-and unmarshalling</P
-></LI
-><LI
-><P
->(a) the id must be 0 for a printer event on a printer handle.
-(b) the id must be the job id for an event on a printer job
-(c) the id must be the matching number of the printer index used
-in the response packet to the RFNPCN when using a print server
-handle for notification.  Samba currently uses the snum of
-the printer for this which can break if the list of services
-has been modified since the notification handle was registered.</P
-></LI
-><LI
-><P
->The size is either (a) the string length in UNICODE for strings,
-(b) the size in bytes of the security descriptor, or (c) 0 for
-data values.</P
-></LI
-></UL
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="WINS">Samba WINS Internals</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN3032">WINS Failover</H2
-><P
->The current Samba codebase possesses the capability to use groups of WINS
-servers that share a common namespace for NetBIOS name registration and 
-resolution.  The formal parameter syntax is</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	WINS_SERVER_PARAM 	= SERVER [ SEPARATOR SERVER_LIST ]
-	WINS_SERVER_PARAM 	= "wins server"
-	SERVER 			= ADDR[:TAG]
-	ADDR 			= ip_addr | fqdn
-	TAG 			= string
-	SEPARATOR		= comma | \s+
-	SERVER_LIST		= SERVER [ SEPARATOR SERVER_LIST ]</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->A simple example of a valid wins server setting is</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->[global]
-	wins server = 192.168.1.2 192.168.1.3</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->In the event that no TAG is defined in for a SERVER in the list, smbd assigns a default
-TAG of "*".  A TAG is used to group servers of a shared NetBIOS namespace together.  Upon
-startup, nmbd will attempt to register the netbios name value with one server in each
-tagged group.</P
-><P
->An example using tags to group WINS servers together is show here.  Note that the use of
-interface names in the tags is only by convention and is not a technical requirement.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->[global]
-	wins server = 192.168.1.2:eth0 192.168.1.3:eth0 192.168.2.2:eth1</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Using this configuration, nmbd would attempt to register the server's NetBIOS name 
-with one WINS server in each group.  Because the "eth0" group has two servers, the 
-second server would only be used when a registration (or resolution) request to 
-the first server in that group timed out.</P
-><P
->NetBIOS name resolution follows a similar pattern as name registration.  When resolving 
-a NetBIOS name via WINS, smbd and other Samba programs will attempt to query a single WINS 
-server in a tagged group until either a positive response is obtained at least once or 
-until a server from every tagged group has responded negatively to the name query request.
-If a timeout occurs when querying a specific WINS server, that server is marked as down to 
-prevent further timeouts and the next server in the WINS group is contacted.  Once marked as 
-dead, Samba will not attempt to contact that server for name registration/resolution queries 
-for a period of 10 minutes.</P
-></DIV
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html
index 71e27a2e801..2e293287534 100644
--- a/docs/htmldocs/Samba-HOWTO-Collection.html
+++ b/docs/htmldocs/Samba-HOWTO-Collection.html
@@ -1,12 +1,10 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
 <HTML
 ><HEAD
 ><TITLE
 >SAMBA Project Documentation</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
 ><BODY
 CLASS="BOOK"
 BGCOLOR="#FFFFFF"
@@ -17,25 +15,32 @@ ALINK="#0000FF"
 ><DIV
 CLASS="BOOK"
 ><A
-NAME="SAMBA-PROJECT-DOCUMENTATION"><DIV
+NAME="SAMBA-PROJECT-DOCUMENTATION"
+></A
+><DIV
 CLASS="TITLEPAGE"
 ><H1
 CLASS="TITLE"
 ><A
-NAME="SAMBA-PROJECT-DOCUMENTATION">SAMBA Project Documentation</H1
+NAME="SAMBA-PROJECT-DOCUMENTATION"
+>SAMBA Project Documentation</A
+></H1
 ><H3
 CLASS="AUTHOR"
 ><A
-NAME="AEN4">SAMBA Team</H3
+NAME="AEN4"
+>SAMBA Team</A
+></H3
 ><HR></DIV
 ><HR><H1
 ><A
-NAME="AEN8">Abstract</H1
+NAME="AEN8"
+>Abstract</A
+></H1
 ><P
-><I
-CLASS="EMPHASIS"
->Last Update</I
-> : Thu Aug 15 12:48:45 CDT 2002</P
+><EM
+>Last Update</EM
+> : Mon Apr  1 08:47:26 CST 2002</P
 ><P
 >This book is a collection of HOWTOs added to Samba documentation over the years.
 I try to ensure that all are current, but sometimes the is a larger job
@@ -68,34 +73,34 @@ CLASS="TOC"
 >Table of Contents</B
 ></DT
 ><DT
-><A
+>1. <A
 HREF="#INSTALL"
 >How to Install and Test SAMBA</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
+>1.1. <A
 HREF="#AEN20"
 >Step 0: Read the man pages</A
 ></DT
 ><DT
-><A
+>1.2. <A
 HREF="#AEN28"
 >Step 1: Building the Binaries</A
 ></DT
 ><DT
-><A
+>1.3. <A
 HREF="#AEN56"
 >Step 2: The all important step</A
 ></DT
 ><DT
-><A
+>1.4. <A
 HREF="#AEN60"
 >Step 3: Create the smb configuration file.</A
 ></DT
 ><DT
-><A
+>1.5. <A
 HREF="#AEN74"
 >Step 4: Test your config file with 
 	<B
@@ -104,216 +109,133 @@ CLASS="COMMAND"
 ></A
 ></DT
 ><DT
-><A
+>1.6. <A
 HREF="#AEN80"
 >Step 5: Starting the smbd and nmbd</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
+>1.6.1. <A
 HREF="#AEN90"
 >Step 5a: Starting from inetd.conf</A
 ></DT
 ><DT
-><A
+>1.6.2. <A
 HREF="#AEN119"
 >Step 5b. Alternative: starting it as a daemon</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
+>1.7. <A
 HREF="#AEN135"
 >Step 6: Try listing the shares available on your 
 	server</A
 ></DT
 ><DT
-><A
+>1.8. <A
 HREF="#AEN144"
 >Step 7: Try connecting with the unix client</A
 ></DT
 ><DT
-><A
+>1.9. <A
 HREF="#AEN160"
 >Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
 	Win2k, OS/2, etc... client</A
 ></DT
 ><DT
-><A
+>1.10. <A
 HREF="#AEN174"
 >What If Things Don't Work?</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
+>1.10.1. <A
 HREF="#AEN179"
 >Diagnosing Problems</A
 ></DT
 ><DT
-><A
+>1.10.2. <A
 HREF="#AEN183"
 >Scope IDs</A
 ></DT
 ><DT
-><A
+>1.10.3. <A
 HREF="#AEN186"
 >Choosing the Protocol Level</A
 ></DT
 ><DT
-><A
+>1.10.4. <A
 HREF="#AEN195"
 >Printing from UNIX to a Client PC</A
 ></DT
 ><DT
-><A
-HREF="#AEN200"
+>1.10.5. <A
+HREF="#AEN199"
 >Locking</A
 ></DT
 ><DT
-><A
-HREF="#AEN209"
+>1.10.6. <A
+HREF="#AEN208"
 >Mapping Usernames</A
 ></DT
-></DL
-></DD
-></DL
-></DD
-><DT
-><A
-HREF="#DIAGNOSIS"
->Diagnosing your samba server</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN223"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN228"
->Assumptions</A
-></DT
-><DT
-><A
-HREF="#AEN238"
->Tests</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN240"
->Test 1</A
-></DT
-><DT
-><A
-HREF="#AEN246"
->Test 2</A
-></DT
-><DT
-><A
-HREF="#AEN252"
->Test 3</A
-></DT
 ><DT
-><A
-HREF="#AEN267"
->Test 4</A
-></DT
-><DT
-><A
-HREF="#AEN272"
->Test 5</A
-></DT
-><DT
-><A
-HREF="#AEN278"
->Test 6</A
-></DT
-><DT
-><A
-HREF="#AEN286"
->Test 7</A
-></DT
-><DT
-><A
-HREF="#AEN312"
->Test 8</A
-></DT
-><DT
-><A
-HREF="#AEN329"
->Test 9</A
-></DT
-><DT
-><A
-HREF="#AEN334"
->Test 10</A
-></DT
-><DT
-><A
-HREF="#AEN340"
->Test 11</A
+>1.10.7. <A
+HREF="#AEN211"
+>Other Character Sets</A
 ></DT
 ></DL
 ></DD
-><DT
-><A
-HREF="#AEN345"
->Still having troubles?</A
-></DT
 ></DL
 ></DD
 ><DT
-><A
+>2. <A
 HREF="#INTEGRATE-MS-NETWORKS"
 >Integrating MS Windows networks with Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN362"
+>2.1. <A
+HREF="#AEN225"
 >Agenda</A
 ></DT
 ><DT
-><A
-HREF="#AEN384"
+>2.2. <A
+HREF="#AEN247"
 >Name Resolution in a pure Unix/Linux world</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN400"
+>2.2.1. <A
+HREF="#AEN263"
 ><TT
 CLASS="FILENAME"
 >/etc/hosts</TT
 ></A
 ></DT
 ><DT
-><A
-HREF="#AEN416"
+>2.2.2. <A
+HREF="#AEN279"
 ><TT
 CLASS="FILENAME"
 >/etc/resolv.conf</TT
 ></A
 ></DT
 ><DT
-><A
-HREF="#AEN427"
+>2.2.3. <A
+HREF="#AEN290"
 ><TT
 CLASS="FILENAME"
 >/etc/host.conf</TT
 ></A
 ></DT
 ><DT
-><A
-HREF="#AEN435"
+>2.2.4. <A
+HREF="#AEN298"
 ><TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
@@ -322,79 +244,93 @@ CLASS="FILENAME"
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN447"
+>2.3. <A
+HREF="#AEN310"
 >Name resolution as used within MS Windows networking</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN459"
+>2.3.1. <A
+HREF="#AEN322"
 >The NetBIOS Name Cache</A
 ></DT
 ><DT
-><A
-HREF="#AEN464"
+>2.3.2. <A
+HREF="#AEN327"
 >The LMHOSTS file</A
 ></DT
 ><DT
-><A
-HREF="#AEN472"
+>2.3.3. <A
+HREF="#AEN335"
 >HOSTS file</A
 ></DT
 ><DT
-><A
-HREF="#AEN477"
+>2.3.4. <A
+HREF="#AEN340"
 >DNS Lookup</A
 ></DT
 ><DT
-><A
-HREF="#AEN480"
+>2.3.5. <A
+HREF="#AEN343"
 >WINS Lookup</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN492"
+>2.4. <A
+HREF="#AEN355"
 >How browsing functions and how to deploy stable and 
 dependable browsing using Samba</A
 ></DT
 ><DT
-><A
-HREF="#AEN502"
+>2.5. <A
+HREF="#AEN365"
 >MS Windows security options and how to configure 
 Samba for seemless integration</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN530"
+>2.5.1. <A
+HREF="#AEN393"
 >Use MS Windows NT as an authentication server</A
 ></DT
 ><DT
-><A
-HREF="#AEN538"
+>2.5.2. <A
+HREF="#AEN401"
 >Make Samba a member of an MS Windows NT security domain</A
 ></DT
 ><DT
-><A
-HREF="#AEN555"
+>2.5.3. <A
+HREF="#AEN418"
 >Configure Samba as an authentication server</A
 ></DT
+><DD
+><DL
+><DT
+>2.5.3.1. <A
+HREF="#AEN425"
+>Users</A
+></DT
+><DT
+>2.5.3.2. <A
+HREF="#AEN430"
+>MS Windows NT Machine Accounts</A
+></DT
+></DL
+></DD
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN572"
+>2.6. <A
+HREF="#AEN435"
 >Conclusions</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
+>3. <A
 HREF="#PAM"
 >Configuring PAM for distributed but centrally 
 managed authentication</A
@@ -402,39 +338,39 @@ managed authentication</A
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN593"
+>3.1. <A
+HREF="#AEN456"
 >Samba and PAM</A
 ></DT
 ><DT
-><A
-HREF="#AEN637"
+>3.2. <A
+HREF="#AEN500"
 >Distributed Authentication</A
 ></DT
 ><DT
-><A
-HREF="#AEN644"
+>3.3. <A
+HREF="#AEN507"
 >PAM Configuration in smb.conf</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
+>4. <A
 HREF="#MSDFS"
 >Hosting a Microsoft Distributed File System tree on Samba</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN664"
+>4.1. <A
+HREF="#AEN527"
 >Instructions</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN699"
+>4.1.1. <A
+HREF="#AEN562"
 >Notes</A
 ></DT
 ></DL
@@ -442,488 +378,431 @@ HREF="#AEN699"
 ></DL
 ></DD
 ><DT
-><A
+>5. <A
 HREF="#UNIX-PERMISSIONS"
 >UNIX Permission Bits and Windows NT Access Control Lists</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN719"
+>5.1. <A
+HREF="#AEN582"
 >Viewing and changing UNIX permissions using the NT 
 	security dialogs</A
 ></DT
 ><DT
-><A
-HREF="#AEN728"
+>5.2. <A
+HREF="#AEN591"
 >How to view file security on a Samba share</A
 ></DT
 ><DT
-><A
-HREF="#AEN739"
+>5.3. <A
+HREF="#AEN602"
 >Viewing file ownership</A
 ></DT
 ><DT
-><A
-HREF="#AEN759"
+>5.4. <A
+HREF="#AEN622"
 >Viewing file or directory permissions</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN774"
+>5.4.1. <A
+HREF="#AEN637"
 >File Permissions</A
 ></DT
 ><DT
-><A
-HREF="#AEN788"
+>5.4.2. <A
+HREF="#AEN651"
 >Directory Permissions</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN795"
+>5.5. <A
+HREF="#AEN658"
 >Modifying file or directory permissions</A
 ></DT
 ><DT
-><A
-HREF="#AEN817"
+>5.6. <A
+HREF="#AEN680"
 >Interaction with the standard Samba create mask 
 	parameters</A
 ></DT
 ><DT
-><A
-HREF="#AEN881"
+>5.7. <A
+HREF="#AEN744"
 >Interaction with the standard Samba file attribute 
 	mapping</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
+>6. <A
 HREF="#PRINTING"
 >Printing Support in Samba 2.2.x</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN902"
+>6.1. <A
+HREF="#AEN765"
 >Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN924"
+>6.2. <A
+HREF="#AEN787"
 >Configuration</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN935"
+>6.2.1. <A
+HREF="#AEN798"
 >Creating [print$]</A
 ></DT
 ><DT
-><A
-HREF="#AEN970"
+>6.2.2. <A
+HREF="#AEN833"
 >Setting Drivers for Existing Printers</A
 ></DT
 ><DT
-><A
-HREF="#AEN987"
+>6.2.3. <A
+HREF="#AEN851"
+>DeviceModes and New Printers</A
+></DT
+><DT
+>6.2.4. <A
+HREF="#AEN862"
 >Support a large number of printers</A
 ></DT
 ><DT
-><A
-HREF="#AEN998"
+>6.2.5. <A
+HREF="#AEN873"
 >Adding New Printers via the Windows NT APW</A
 ></DT
 ><DT
-><A
-HREF="#AEN1028"
+>6.2.6. <A
+HREF="#AEN898"
 >Samba and Printer Ports</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN1036"
+>6.3. <A
+HREF="#AEN906"
 >The Imprints Toolset</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1040"
+>6.3.1. <A
+HREF="#AEN911"
 >What is Imprints?</A
 ></DT
 ><DT
-><A
-HREF="#AEN1050"
+>6.3.2. <A
+HREF="#AEN921"
 >Creating Printer Driver Packages</A
 ></DT
 ><DT
-><A
-HREF="#AEN1053"
+>6.3.3. <A
+HREF="#AEN924"
 >The Imprints server</A
 ></DT
 ><DT
-><A
-HREF="#AEN1057"
+>6.3.4. <A
+HREF="#AEN928"
 >The Installation Client</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN1079"
+>6.4. <A
+HREF="#AEN950"
 ><A
 NAME="MIGRATION"
 ></A
 >Migration to from Samba 2.0.x to 2.2.x</A
 ></DT
-></DL
-></DD
-><DT
-><A
-HREF="#PRINTINGDEBUG"
->Debugging Printing Problems</A
-></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1125"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN1141"
->Debugging printer problems</A
-></DT
-><DT
-><A
-HREF="#AEN1150"
->What printers do I have?</A
-></DT
-><DT
-><A
-HREF="#AEN1158"
->Setting up printcap and print servers</A
-></DT
-><DT
-><A
-HREF="#AEN1186"
->Job sent, no output</A
-></DT
-><DT
-><A
-HREF="#AEN1197"
->Job sent, strange output</A
-></DT
-><DT
-><A
-HREF="#AEN1209"
->Raw PostScript printed</A
-></DT
-><DT
-><A
-HREF="#AEN1212"
->Advanced Printing</A
-></DT
-><DT
-><A
-HREF="#AEN1215"
->Real debugging</A
+>6.4.1. <A
+HREF="#AEN983"
+>Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
 ></DT
 ></DL
 ></DD
-><DT
-><A
-HREF="#SECURITYLEVELS"
->Security levels</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN1228"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN1239"
->More complete description of security levels</A
-></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#DOMAIN-SECURITY"
->security = domain in Samba 2.x</A
+>7. <A
+HREF="#CUPS"
+>Printing with CUPS in Samba 2.2.x</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1272"
->Joining an NT Domain with Samba 2.2</A
+>7.1. <A
+HREF="#AEN999"
+>Printing with CUPS in Samba 2.2.x</A
 ></DT
 ><DT
-><A
-HREF="#AEN1336"
->Samba and Windows 2000 Domains</A
+>7.2. <A
+HREF="#AEN1003"
+>Configuring <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for CUPS</A
 ></DT
 ><DT
-><A
-HREF="#AEN1341"
->Why is this better than security = server?</A
+>7.3. <A
+HREF="#AEN1022"
+>Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</A
 ></DT
-></DL
-></DD
 ><DT
-><A
-HREF="#WINBIND"
->Unified Logons between Windows NT and UNIX using Winbind</A
+>7.4. <A
+HREF="#AEN1025"
+>CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</A
 ></DT
-><DD
-><DL
 ><DT
-><A
-HREF="#AEN1394"
->Abstract</A
+>7.5. <A
+HREF="#AEN1046"
+>Windows Terminal Servers (WTS) as CUPS clients</A
 ></DT
 ><DT
-><A
-HREF="#AEN1398"
->Introduction</A
+>7.6. <A
+HREF="#AEN1050"
+>Setting up CUPS for driver download</A
 ></DT
 ><DT
-><A
-HREF="#AEN1411"
->What Winbind Provides</A
+>7.7. <A
+HREF="#AEN1062"
+>Sources of CUPS drivers / PPDs</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1418"
->Target Uses</A
+>7.7.1. <A
+HREF="#AEN1089"
+><B
+CLASS="COMMAND"
+>cupsaddsmb</B
+></A
 ></DT
 ></DL
 ></DD
-><DT
-><A
-HREF="#AEN1422"
->How Winbind Works</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN1427"
->Microsoft Remote Procedure Calls</A
-></DT
-><DT
-><A
-HREF="#AEN1431"
->Name Service Switch</A
-></DT
-><DT
-><A
-HREF="#AEN1447"
->Pluggable Authentication Modules</A
-></DT
-><DT
-><A
-HREF="#AEN1455"
->User and Group ID Allocation</A
-></DT
-><DT
-><A
-HREF="#AEN1459"
->Result Caching</A
-></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN1462"
->Installation and Configuration</A
+>8. <A
+HREF="#DOMAIN-SECURITY"
+>security = domain in Samba 2.x</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1469"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN1482"
->Requirements</A
-></DT
-><DT
-><A
-HREF="#AEN1496"
->Testing Things Out</A
+>8.1. <A
+HREF="#AEN1134"
+>Joining an NT Domain with Samba 2.2</A
 ></DT
-></DL
-></DD
 ><DT
-><A
-HREF="#AEN1711"
->Limitations</A
+>8.2. <A
+HREF="#AEN1198"
+>Samba and Windows 2000 Domains</A
 ></DT
 ><DT
-><A
-HREF="#AEN1721"
->Conclusion</A
+>8.3. <A
+HREF="#AEN1203"
+>Why is this better than security = server?</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
+>9. <A
 HREF="#SAMBA-PDC"
 >How to Configure Samba 2.2 as a Primary Domain Controller</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1741"
+>9.1. <A
+HREF="#AEN1236"
 >Prerequisite Reading</A
 ></DT
 ><DT
-><A
-HREF="#AEN1747"
+>9.2. <A
+HREF="#AEN1242"
 >Background</A
 ></DT
 ><DT
-><A
-HREF="#AEN1786"
+>9.3. <A
+HREF="#AEN1281"
 >Configuring the Samba Domain Controller</A
 ></DT
 ><DT
-><A
-HREF="#AEN1829"
+>9.4. <A
+HREF="#AEN1324"
 >Creating Machine Trust Accounts and Joining Clients to the
 Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN1848"
+>9.4.1. <A
+HREF="#AEN1343"
 >Manual Creation of Machine Trust Accounts</A
 ></DT
 ><DT
-><A
-HREF="#AEN1883"
+>9.4.2. <A
+HREF="#AEN1378"
 >"On-the-Fly" Creation of Machine Trust Accounts</A
 ></DT
 ><DT
-><A
-HREF="#AEN1892"
+>9.4.3. <A
+HREF="#AEN1387"
 >Joining the Client to the Domain</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN1907"
+>9.5. <A
+HREF="#AEN1402"
 >Common Problems and Errors</A
 ></DT
 ><DT
-><A
-HREF="#AEN1955"
+>9.6. <A
+HREF="#AEN1450"
 >System Policies and Profiles</A
 ></DT
 ><DT
-><A
-HREF="#AEN1999"
+>9.7. <A
+HREF="#AEN1494"
 >What other help can I get?</A
 ></DT
 ><DT
-><A
-HREF="#AEN2113"
+>9.8. <A
+HREF="#AEN1608"
 >Domain Control for Windows 9x/ME</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2139"
+>9.8.1. <A
+HREF="#AEN1634"
 >Configuration Instructions:	Network Logons</A
 ></DT
 ><DT
-><A
-HREF="#AEN2158"
+>9.8.2. <A
+HREF="#AEN1653"
 >Configuration Instructions:	Setting up Roaming User Profiles</A
 ></DT
+><DD
+><DL
+><DT
+>9.8.2.1. <A
+HREF="#AEN1661"
+>Windows NT Configuration</A
+></DT
+><DT
+>9.8.2.2. <A
+HREF="#AEN1669"
+>Windows 9X Configuration</A
+></DT
+><DT
+>9.8.2.3. <A
+HREF="#AEN1677"
+>Win9X and WinNT Configuration</A
+></DT
+><DT
+>9.8.2.4. <A
+HREF="#AEN1684"
+>Windows 9X Profile Setup</A
+></DT
+><DT
+>9.8.2.5. <A
+HREF="#AEN1720"
+>Windows NT Workstation 4.0</A
+></DT
+><DT
+>9.8.2.6. <A
+HREF="#AEN1733"
+>Windows NT Server</A
+></DT
+><DT
+>9.8.2.7. <A
+HREF="#AEN1736"
+>Sharing Profiles between W95 and NT Workstation 4.0</A
+></DT
+></DL
+></DD
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN2251"
+>9.9. <A
+HREF="#AEN1746"
 >DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
+>10. <A
 HREF="#SAMBA-BDC"
 >How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2287"
+>10.1. <A
+HREF="#AEN1782"
 >Prerequisite Reading</A
 ></DT
 ><DT
-><A
-HREF="#AEN2291"
+>10.2. <A
+HREF="#AEN1786"
 >Background</A
 ></DT
 ><DT
-><A
-HREF="#AEN2299"
+>10.3. <A
+HREF="#AEN1794"
 >What qualifies a Domain Controller on the network?</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2302"
+>10.3.1. <A
+HREF="#AEN1797"
 >How does a Workstation find its domain controller?</A
 ></DT
 ><DT
-><A
-HREF="#AEN2305"
+>10.3.2. <A
+HREF="#AEN1800"
 >When is the PDC needed?</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN2308"
+>10.4. <A
+HREF="#AEN1803"
 >Can Samba be a Backup Domain Controller?</A
 ></DT
 ><DT
-><A
-HREF="#AEN2312"
+>10.5. <A
+HREF="#AEN1807"
 >How do I set up a Samba BDC?</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2329"
+>10.5.1. <A
+HREF="#AEN1836"
 >How do I replicate the smbpasswd file?</A
 ></DT
 ></DL
@@ -931,377 +810,297 @@ HREF="#AEN2329"
 ></DL
 ></DD
 ><DT
-><A
+>11. <A
 HREF="#SAMBA-LDAP-HOWTO"
 >Storing Samba's User/Machine Account information in an LDAP Directory</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2350"
+>11.1. <A
+HREF="#AEN1867"
 >Purpose</A
 ></DT
 ><DT
-><A
-HREF="#AEN2370"
+>11.2. <A
+HREF="#AEN1888"
 >Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN2399"
+>11.3. <A
+HREF="#AEN1919"
 >Supported LDAP Servers</A
 ></DT
 ><DT
-><A
-HREF="#AEN2404"
+>11.4. <A
+HREF="#AEN1924"
 >Schema and Relationship to the RFC 2307 posixAccount</A
 ></DT
 ><DT
-><A
-HREF="#AEN2416"
+>11.5. <A
+HREF="#AEN1945"
 >Configuring Samba with LDAP</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2418"
+>11.5.1. <A
+HREF="#AEN1947"
 >OpenLDAP configuration</A
 ></DT
 ><DT
-><A
-HREF="#AEN2435"
+>11.5.2. <A
+HREF="#AEN1964"
 >Configuring Samba</A
 ></DT
+><DT
+>11.5.3. <A
+HREF="#AEN1992"
+>Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN2463"
+>11.6. <A
+HREF="#AEN2008"
 >Accounts and Groups management</A
 ></DT
 ><DT
-><A
-HREF="#AEN2468"
+>11.7. <A
+HREF="#AEN2013"
 >Security and sambaAccount</A
 ></DT
 ><DT
-><A
-HREF="#AEN2488"
+>11.8. <A
+HREF="#AEN2033"
 >LDAP specials attributes for sambaAccounts</A
 ></DT
 ><DT
-><A
-HREF="#AEN2558"
+>11.9. <A
+HREF="#AEN2103"
 >Example LDIF Entries for a sambaAccount</A
 ></DT
 ><DT
-><A
-HREF="#AEN2566"
+>11.10. <A
+HREF="#AEN2111"
 >Comments</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#IMPROVED-BROWSING"
->Improved browsing in samba</A
+>12. <A
+HREF="#WINBIND"
+>Unified Logons between Windows NT and UNIX using Winbind</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2577"
->Overview of browsing</A
-></DT
-><DT
-><A
-HREF="#AEN2581"
->Browsing support in samba</A
+>12.1. <A
+HREF="#AEN2140"
+>Abstract</A
 ></DT
 ><DT
-><A
-HREF="#AEN2590"
->Problem resolution</A
+>12.2. <A
+HREF="#AEN2144"
+>Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN2597"
->Browsing across subnets</A
+>12.3. <A
+HREF="#AEN2157"
+>What Winbind Provides</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2602"
->How does cross subnet browsing work ?</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2637"
->Setting up a WINS server</A
-></DT
-><DT
-><A
-HREF="#AEN2656"
->Setting up Browsing in a WORKGROUP</A
-></DT
-><DT
-><A
-HREF="#AEN2674"
->Setting up Browsing in a DOMAIN</A
-></DT
-><DT
-><A
-HREF="#AEN2684"
->Forcing samba to be the master</A
-></DT
-><DT
-><A
-HREF="#AEN2693"
->Making samba the domain master</A
-></DT
-><DT
-><A
-HREF="#AEN2711"
->Note about broadcast addresses</A
-></DT
-><DT
-><A
-HREF="#AEN2714"
->Multiple interfaces</A
+>12.3.1. <A
+HREF="#AEN2164"
+>Target Uses</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#SPEED"
->Samba performance issues</A
+>12.4. <A
+HREF="#AEN2168"
+>How Winbind Works</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2732"
->Comparisons</A
+>12.4.1. <A
+HREF="#AEN2173"
+>Microsoft Remote Procedure Calls</A
 ></DT
 ><DT
-><A
-HREF="#AEN2738"
->Oplocks</A
+>12.4.2. <A
+HREF="#AEN2177"
+>Name Service Switch</A
 ></DT
-><DD
-><DL
 ><DT
-><A
-HREF="#AEN2740"
->Overview</A
+>12.4.3. <A
+HREF="#AEN2193"
+>Pluggable Authentication Modules</A
 ></DT
 ><DT
-><A
-HREF="#AEN2748"
->Level2 Oplocks</A
+>12.4.4. <A
+HREF="#AEN2201"
+>User and Group ID Allocation</A
 ></DT
 ><DT
-><A
-HREF="#AEN2754"
->Old 'fake oplocks' option - deprecated</A
+>12.4.5. <A
+HREF="#AEN2205"
+>Result Caching</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#AEN2758"
->Socket options</A
-></DT
-><DT
-><A
-HREF="#AEN2765"
->Read size</A
-></DT
-><DT
-><A
-HREF="#AEN2770"
->Max xmit</A
-></DT
-><DT
-><A
-HREF="#AEN2775"
->Locking</A
+>12.5. <A
+HREF="#AEN2208"
+>Installation and Configuration</A
 ></DT
+><DD
+><DL
 ><DT
-><A
-HREF="#AEN2779"
->Share modes</A
+>12.5.1. <A
+HREF="#AEN2212"
+>Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN2784"
->Log level</A
+>12.5.2. <A
+HREF="#AEN2225"
+>Requirements</A
 ></DT
 ><DT
-><A
-HREF="#AEN2787"
->Wide lines</A
+>12.5.3. <A
+HREF="#AEN2241"
+>Testing Things Out</A
 ></DT
+><DD
+><DL
 ><DT
-><A
-HREF="#AEN2790"
->Read raw</A
+>12.5.3.1. <A
+HREF="#AEN2254"
+>Configure and Compile SAMBA</A
 ></DT
 ><DT
-><A
-HREF="#AEN2795"
->Write raw</A
+>12.5.3.2. <A
+HREF="#AEN2267"
+>Configure <TT
+CLASS="FILENAME"
+>nsswitch.conf</TT
+> and the
+winbind libraries</A
 ></DT
 ><DT
-><A
-HREF="#AEN2799"
->Read prediction</A
+>12.5.3.3. <A
+HREF="#AEN2289"
+>Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
 ></DT
 ><DT
-><A
-HREF="#AEN2806"
->Memory mapping</A
+>12.5.3.4. <A
+HREF="#AEN2306"
+>Join the SAMBA server to the PDC domain</A
 ></DT
 ><DT
-><A
-HREF="#AEN2811"
->Slow Clients</A
+>12.5.3.5. <A
+HREF="#AEN2317"
+>Start up the winbindd daemon and test it!</A
 ></DT
 ><DT
-><A
-HREF="#AEN2815"
->Slow Logins</A
+>12.5.3.6. <A
+HREF="#AEN2358"
+>Configure Winbind and PAM</A
 ></DT
+></DL
+></DD
+></DL
+></DD
 ><DT
-><A
-HREF="#AEN2818"
->Client tuning</A
+>12.6. <A
+HREF="#AEN2411"
+>Limitations</A
 ></DT
 ><DT
-><A
-HREF="#AEN2850"
->My Results</A
+>12.7. <A
+HREF="#AEN2419"
+>Conclusion</A
 ></DT
 ></DL
 ></DD
 ><DT
-><A
-HREF="#OTHER-CLIENTS"
->Samba and other CIFS clients</A
+>13. <A
+HREF="#OS2"
+>OS2 Client HOWTO</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2871"
->Macintosh clients?</A
-></DT
-><DT
-><A
-HREF="#AEN2880"
->OS2 Client</A
+>13.1. <A
+HREF="#AEN2433"
+>FAQs</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2882"
+>13.1.1. <A
+HREF="#AEN2435"
 >How can I configure OS/2 Warp Connect or 
 		OS/2 Warp 4 as a client for Samba?</A
 ></DT
 ><DT
-><A
-HREF="#AEN2897"
+>13.1.2. <A
+HREF="#AEN2450"
 >How can I configure OS/2 Warp 3 (not Connect), 
 		OS/2 1.2, 1.3 or 2.x for Samba?</A
 ></DT
 ><DT
-><A
-HREF="#AEN2906"
+>13.1.3. <A
+HREF="#AEN2459"
 >Are there any other issues when OS/2 (any version) 
 		is used as a client?</A
 ></DT
 ><DT
-><A
-HREF="#AEN2910"
+>13.1.4. <A
+HREF="#AEN2463"
 >How do I get printer driver download working 
 		for OS/2 clients?</A
 ></DT
 ></DL
 ></DD
-><DT
-><A
-HREF="#AEN2920"
->Windows for Workgroups</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN2922"
->Use latest TCP/IP stack from Microsoft</A
-></DT
-><DT
-><A
-HREF="#AEN2927"
->Delete .pwl files after password change</A
-></DT
-><DT
-><A
-HREF="#AEN2932"
->Configure WfW password handling</A
-></DT
-><DT
-><A
-HREF="#AEN2936"
->Case handling of passwords</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#AEN2941"
->Windows '95/'98</A
-></DT
-><DT
-><A
-HREF="#AEN2957"
->Windows 2000 Service Pack 2</A
-></DT
 ></DL
 ></DD
 ><DT
-><A
+>14. <A
 HREF="#CVS-ACCESS"
 >HOWTO Access Samba source code via CVS</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2981"
+>14.1. <A
+HREF="#AEN2479"
 >Introduction</A
 ></DT
 ><DT
-><A
-HREF="#AEN2986"
+>14.2. <A
+HREF="#AEN2484"
 >CVS Access to samba.org</A
 ></DT
 ><DD
 ><DL
 ><DT
-><A
-HREF="#AEN2989"
+>14.2.1. <A
+HREF="#AEN2487"
 >Access via CVSweb</A
 ></DT
 ><DT
-><A
-HREF="#AEN2994"
+>14.2.2. <A
+HREF="#AEN2492"
 >Access via cvs</A
 ></DT
 ></DL
@@ -1310,85 +1109,26 @@ HREF="#AEN2994"
 ></DD
 ><DT
 ><A
-HREF="#BUGREPORT"
->Reporting Bugs</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN3029"
->Introduction</A
-></DT
-><DT
-><A
-HREF="#AEN3036"
->General info</A
-></DT
-><DT
-><A
-HREF="#AEN3042"
->Debug levels</A
-></DT
-><DT
-><A
-HREF="#AEN3059"
->Internal errors</A
-></DT
-><DT
-><A
-HREF="#AEN3069"
->Attaching to a running process</A
-></DT
-><DT
-><A
-HREF="#AEN3072"
->Patches</A
-></DT
-></DL
-></DD
-><DT
-><A
-HREF="#GROUPMAPPING"
->Group mapping HOWTO</A
-></DT
-><DT
-><A
-HREF="#PORTABILITY"
->Portability</A
-></DT
-><DD
-><DL
-><DT
-><A
-HREF="#AEN3119"
->HPUX</A
-></DT
-><DT
-><A
-HREF="#AEN3124"
->SCO Unix</A
-></DT
-><DT
-><A
-HREF="#AEN3128"
->DNIX</A
+HREF="#AEN2520"
+>Index</A
 ></DT
 ></DL
-></DD
-></DL
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="INSTALL">How to Install and Test SAMBA</H1
+NAME="INSTALL"
+>Chapter 1. How to Install and Test SAMBA</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN20">Step 0: Read the man pages</H2
+NAME="AEN20"
+>1.1. Step 0: Read the man pages</A
+></H1
 ><P
 >The man pages distributed with SAMBA contain 
 	lots of useful info that will help to get you started. 
@@ -1415,10 +1155,12 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN28">Step 1: Building the Binaries</H2
+NAME="AEN28"
+>1.2. Step 1: Building the Binaries</A
+></H1
 ><P
 >To do this, first run the program <B
 CLASS="COMMAND"
@@ -1512,10 +1254,12 @@ CLASS="USERINPUT"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN56">Step 2: The all important step</H2
+NAME="AEN56"
+>1.3. Step 2: The all important step</A
+></H1
 ><P
 >At this stage you must fetch yourself a 
 	coffee or other drink you find stimulating. Getting the rest 
@@ -1527,10 +1271,12 @@ NAME="AEN56">Step 2: The all important step</H2
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN60">Step 3: Create the smb configuration file.</H2
+NAME="AEN60"
+>1.4. Step 3: Create the smb configuration file.</A
+></H1
 ><P
 >There are sample configuration files in the examples 
 	subdirectory in the distribution. I suggest you read them 
@@ -1590,14 +1336,16 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN74">Step 4: Test your config file with 
+NAME="AEN74"
+>1.5. Step 4: Test your config file with 
 	<B
 CLASS="COMMAND"
 >testparm</B
-></H2
+></A
+></H1
 ><P
 >It's important that you test the validity of your
 	<TT
@@ -1612,10 +1360,12 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN80">Step 5: Starting the smbd and nmbd</H2
+NAME="AEN80"
+>1.6. Step 5: Starting the smbd and nmbd</A
+></H1
 ><P
 >You must choose to start smbd and nmbd either
 	as daemons or from <B
@@ -1650,10 +1400,12 @@ CLASS="COMMAND"
 	request.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN90">Step 5a: Starting from inetd.conf</H3
+NAME="AEN90"
+>1.6.1. Step 5a: Starting from inetd.conf</A
+></H2
 ><P
 >NOTE; The following will be different if 
 		you use NIS or NIS+ to distributed services maps.</P
@@ -1761,10 +1513,12 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN119">Step 5b. Alternative: starting it as a daemon</H3
+NAME="AEN119"
+>1.6.2. Step 5b. Alternative: starting it as a daemon</A
+></H2
 ><P
 >To start the server as a daemon you should create 
 		a script something like this one, perhaps calling 
@@ -1825,11 +1579,13 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN135">Step 6: Try listing the shares available on your 
-	server</H2
+NAME="AEN135"
+>1.7. Step 6: Try listing the shares available on your 
+	server</A
+></H1
 ><P
 ><TT
 CLASS="PROMPT"
@@ -1864,10 +1620,12 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN144">Step 7: Try connecting with the unix client</H2
+NAME="AEN144"
+>1.8. Step 7: Try connecting with the unix client</A
+></H1
 ><P
 ><TT
 CLASS="PROMPT"
@@ -1925,11 +1683,13 @@ CLASS="USERINPUT"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN160">Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
-	Win2k, OS/2, etc... client</H2
+NAME="AEN160"
+>1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, 
+	Win2k, OS/2, etc... client</A
+></H1
 ><P
 >Try mounting disks. eg:</P
 ><P
@@ -1972,10 +1732,12 @@ CLASS="USERINPUT"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN174">What If Things Don't Work?</H2
+NAME="AEN174"
+>1.10. What If Things Don't Work?</A
+></H1
 ><P
 >If nothing works and you start to think "who wrote 
 	this pile of trash" then I suggest you do step 2 again (and 
@@ -1993,10 +1755,12 @@ NAME="AEN174">What If Things Don't Work?</H2
 	easier. </P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN179">Diagnosing Problems</H3
+NAME="AEN179"
+>1.10.1. Diagnosing Problems</A
+></H2
 ><P
 >If you have installation problems then go to 
 		<TT
@@ -2007,10 +1771,12 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN183">Scope IDs</H3
+NAME="AEN183"
+>1.10.2. Scope IDs</A
+></H2
 ><P
 >By default Samba uses a blank scope ID. This means 
 		all your windows boxes must also have a blank scope ID. 
@@ -2021,10 +1787,12 @@ NAME="AEN183">Scope IDs</H3
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN186">Choosing the Protocol Level</H3
+NAME="AEN186"
+>1.10.3. Choosing the Protocol Level</A
+></H2
 ><P
 >The SMB protocol has many dialects. Currently 
 		Samba supports 5, called CORE, COREPLUS, LANMAN1, 
@@ -2060,29 +1828,30 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN195">Printing from UNIX to a Client PC</H3
+NAME="AEN195"
+>1.10.4. Printing from UNIX to a Client PC</A
+></H2
 ><P
 >To use a printer that is available via a smb-based 
-		server from a unix host with LPR you will need to compile the 
+		server from a unix host you will need to compile the 
 		smbclient program. You then need to install the script 
 		"smbprint". Read the instruction in smbprint for more details.
 		</P
 ><P
 >There is also a SYSV style script that does much 
 		the same thing called smbprint.sysv. It contains instructions.</P
-><P
->See the CUPS manual for information about setting up 
-		printing from a unix host with CUPS to a smb-based server. </P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN200">Locking</H3
+NAME="AEN199"
+>1.10.5. Locking</A
+></H2
 ><P
 >One area which sometimes causes trouble is locking.</P
 ><P
@@ -2137,550 +1906,49 @@ NAME="AEN200">Locking</H3
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN209">Mapping Usernames</H3
+NAME="AEN208"
+>1.10.6. Mapping Usernames</A
+></H2
 ><P
 >If you have different usernames on the PCs and 
 		the unix server then take a look at the "username map" option. 
 		See the smb.conf man page for details.</P
 ></DIV
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="DIAGNOSIS">Diagnosing your samba server</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN223">Introduction</H2
-><P
->This file contains a list of tests you can perform to validate your
-Samba server. It also tells you what the likely cause of the problem
-is if it fails any one of these steps. If it passes all these tests
-then it is probably working fine.</P
-><P
->You should do ALL the tests, in the order shown. I have tried to
-carefully choose them so later tests only use capabilities verified in
-the earlier tests.</P
-><P
->If you send me an email saying "it doesn't work" and you have not
-followed this test procedure then you should not be surprised if I
-ignore your email.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN228">Assumptions</H2
-><P
->In all of the tests I assume you have a Samba server called BIGSERVER
-and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
-PC is running windows for workgroups with a recent copy of the
-microsoft tcp/ip stack. Alternatively, your PC may be running Windows
-95 or Windows NT (Workstation or Server).</P
-><P
->The procedure is similar for other types of clients.</P
-><P
->I also assume you know the name of an available share in your
-smb.conf. I will assume this share is called "tmp". You can add a
-"tmp" share like by adding the following to smb.conf:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->&#13;[tmp]
- comment = temporary files 
- path = /tmp
- read only = yes&#13;</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
-COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS</P
-><P
->Please pay attention to the error messages you receive. If any error message
-reports that your server is being unfriendly you should first check that you
-IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
-file points to name servers that really do exist.</P
-><P
->Also, if you do not have DNS server access for name resolution please check
-that the settings for your smb.conf file results in "dns proxy = no". The
-best way to check this is with "testparm smb.conf"</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN238">Tests</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN240">Test 1</H3
-><P
->In the directory in which you store your smb.conf file, run the command
-"testparm smb.conf". If it reports any errors then your smb.conf
-configuration file is faulty.</P
-><P
->Note:	Your smb.conf file may be located in: <TT
-CLASS="FILENAME"
->/etc</TT
->
-	Or in:   <TT
-CLASS="FILENAME"
->/usr/local/samba/lib</TT
-></P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN246">Test 2</H3
-><P
->Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
-the unix box. If you don't get a valid response then your TCP/IP
-software is not correctly installed. </P
-><P
->Note that you will need to start a "dos prompt" window on the PC to
-run ping.</P
-><P
->If you get a message saying "host not found" or similar then your DNS
-software or /etc/hosts file is not correctly setup. It is possible to
-run samba without DNS entries for the server and client, but I assume
-you do have correct entries for the remainder of these tests. </P
-><P
->Another reason why ping might fail is if your host is running firewall 
-software. You will need to relax the rules to let in the workstation
-in question, perhaps by allowing access from another subnet (on Linux
-this is done via the ipfwadm program.)</P
-></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN252">Test 3</H3
-><P
->Run the command "smbclient -L BIGSERVER" on the unix box. You
-should get a list of available shares back. </P
-><P
->If you get a error message containing the string "Bad password" then
-you probably have either an incorrect "hosts allow", "hosts deny" or
-"valid users" line in your smb.conf, or your guest account is not
-valid. Check what your guest account is using "testparm" and
-temporarily remove any "hosts allow", "hosts deny", "valid users" or
-"invalid users" lines.</P
-><P
->If you get a "connection refused" response then the smbd server may
-not be running. If you installed it in inetd.conf then you probably edited
-that file incorrectly. If you installed it as a daemon then check that
-it is running, and check that the netbios-ssn port is in a LISTEN
-state using "netstat -a".</P
-><P
->If you get a "session request failed" then the server refused the
-connection. If it says "Your server software is being unfriendly" then
-its probably because you have invalid command line parameters to smbd,
-or a similar fatal problem with the initial startup of smbd. Also
-check your config file (smb.conf) for syntax errors with "testparm"
-and that the various directories where samba keeps its log and lock
-files exist.</P
-><P
->There are a number of reasons for which smbd may refuse or decline
-a session request. The most common of these involve one or more of
-the following smb.conf file entries:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	hosts deny = ALL
-	hosts allow = xxx.xxx.xxx.xxx/yy
-	bind interfaces only = Yes</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->In the above, no allowance has been made for any session requests that
-will automatically translate to the loopback adaptor address 127.0.0.1.
-To solve this problem change these lines to:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	hosts deny = ALL
-	hosts allow = xxx.xxx.xxx.xxx/yy 127.</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Do NOT use the "bind interfaces only" parameter where you may wish to
-use the samba password change facility, or where smbclient may need to
-access local service for name resolution or for local resource
-connections. (Note: the "bind interfaces only" parameter deficiency
-where it will not allow connections to the loopback address will be
-fixed soon).</P
-><P
->Another common cause of these two errors is having something already running 
-on port 139, such as Samba (ie: smbd is running from inetd already) or
-something like Digital's Pathworks. Check your inetd.conf file before trying
-to start smbd as a daemon, it can avoid a lot of frustration!</P
-><P
->And yet another possible cause for failure of TEST 3 is when the subnet mask
-and / or broadcast address settings are incorrect. Please check that the
-network interface IP Address / Broadcast Address / Subnet Mask settings are
-correct and that Samba has correctly noted these in the log.nmb file.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN267">Test 4</H3
-><P
->Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
-IP address of your Samba server back.</P
-><P
->If you don't then nmbd is incorrectly installed. Check your inetd.conf
-if you run it from there, or that the daemon is running and listening
-to udp port 137.</P
-><P
->One common problem is that many inetd implementations can't take many
-parameters on the command line. If this is the case then create a
-one-line script that contains the right parameters and run that from
-inetd.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN272">Test 5</H3
-><P
->run the command <B
-CLASS="COMMAND"
->nmblookup -B ACLIENT '*'</B
-></P
-><P
->You should get the PCs IP address back. If you don't then the client
-software on the PC isn't installed correctly, or isn't started, or you
-got the name of the PC wrong. </P
-><P
->If ACLIENT doesn't resolve via DNS then use the IP address of the
-client in the above test.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN278">Test 6</H3
-><P
->Run the command <B
-CLASS="COMMAND"
->nmblookup -d 2 '*'</B
-></P
-><P
->This time we are trying the same as the previous test but are trying
-it via a broadcast to the default broadcast address. A number of
-Netbios/TCPIP hosts on the network should respond, although Samba may
-not catch all of the responses in the short time it listens. You
-should see "got a positive name query response" messages from several
-hosts.</P
-><P
->If this doesn't give a similar result to the previous test then
-nmblookup isn't correctly getting your broadcast address through its
-automatic mechanism. In this case you should experiment use the
-"interfaces" option in smb.conf to manually configure your IP
-address, broadcast and netmask. </P
-><P
->If your PC and server aren't on the same subnet then you will need to
-use the -B option to set the broadcast address to the that of the PCs
-subnet.</P
-><P
->This test will probably fail if your subnet mask and broadcast address are
-not correct. (Refer to TEST 3 notes above).</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN286">Test 7</H3
-><P
->Run the command <B
-CLASS="COMMAND"
->smbclient //BIGSERVER/TMP</B
->. You should 
-then be prompted for a password. You should use the password of the account
-you are logged into the unix box with. If you want to test with
-another account then add the -U &#62;accountname&#60; option to the end of
-the command line.  eg: 
-<B
-CLASS="COMMAND"
->smbclient //bigserver/tmp -Ujohndoe</B
-></P
-><P
->Note: It is possible to specify the password along with the username
-as follows:
-<B
-CLASS="COMMAND"
->smbclient //bigserver/tmp -Ujohndoe%secret</B
-></P
-><P
->Once you enter the password you should get the "smb&#62;" prompt. If you
-don't then look at the error message. If it says "invalid network
-name" then the service "tmp" is not correctly setup in your smb.conf.</P
-><P
->If it says "bad password" then the likely causes are:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	you have shadow passords (or some other password system) but didn't
-	compile in support for them in smbd
-	</P
-></LI
-><LI
-><P
->	your "valid users" configuration is incorrect
-	</P
-></LI
-><LI
-><P
->	you have a mixed case password and you haven't enabled the "password
-	level" option at a high enough level
-	</P
-></LI
-><LI
-><P
->	the "path =" line in smb.conf is incorrect. Check it with testparm
-	</P
-></LI
-><LI
-><P
->	you enabled password encryption but didn't create the SMB encrypted
-	password file
-	</P
-></LI
-></OL
-><P
->Once connected you should be able to use the commands 
-<B
-CLASS="COMMAND"
->dir</B
-> <B
-CLASS="COMMAND"
->get</B
-> <B
-CLASS="COMMAND"
->put</B
-> etc. 
-Type <B
-CLASS="COMMAND"
->help &#62;command&#60;</B
-> for instructions. You should
-especially check that the amount of free disk space shown is correct
-when you type <B
-CLASS="COMMAND"
->dir</B
->.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN312">Test 8</H3
-><P
->On the PC type the command <B
-CLASS="COMMAND"
->net view \\BIGSERVER</B
->. You will 
-need to do this from within a "dos prompt" window. You should get back a 
-list of available shares on the server.</P
-><P
->If you get a "network name not found" or similar error then netbios
-name resolution is not working. This is usually caused by a problem in
-nmbd. To overcome it you could do one of the following (you only need
-to choose one of them):</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	fixup the nmbd installation</P
-></LI
-><LI
-><P
->	add the IP address of BIGSERVER to the "wins server" box in the
-	advanced tcp/ip setup on the PC.</P
-></LI
-><LI
-><P
->	enable windows name resolution via DNS in the advanced section of
-	the tcp/ip setup</P
-></LI
-><LI
-><P
->	add BIGSERVER to your lmhosts file on the PC.</P
-></LI
-></OL
-><P
->If you get a "invalid network name" or "bad password error" then the
-same fixes apply as they did for the "smbclient -L" test above. In
-particular, make sure your "hosts allow" line is correct (see the man
-pages)</P
-><P
->Also, do not overlook that fact that when the workstation requests the
-connection to the samba server it will attempt to connect using the 
-name with which you logged onto your Windows machine. You need to make
-sure that an account exists on your Samba server with that exact same
-name and password.</P
-><P
->If you get "specified computer is not receiving requests" or similar
-it probably means that the host is not contactable via tcp services.
-Check to see if the host is running tcp wrappers, and if so add an entry in
-the hosts.allow file for your client (or subnet, etc.)</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN329">Test 9</H3
-><P
->Run the command <B
-CLASS="COMMAND"
->net use x: \\BIGSERVER\TMP</B
->. You should 
-be prompted for a password then you should get a "command completed 
-successfully" message. If not then your PC software is incorrectly 
-installed or your smb.conf is incorrect. make sure your "hosts allow" 
-and other config lines in smb.conf are correct.</P
-><P
->It's also possible that the server can't work out what user name to
-connect you as. To see if this is the problem add the line "user =
-USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
-username corresponding to the password you typed. If you find this
-fixes things you may need the username mapping option.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN334">Test 10</H3
-><P
->Run the command <B
-CLASS="COMMAND"
->nmblookup -M TESTGROUP</B
-> where 
-TESTGROUP is the name of the workgroup that your Samba server and 
-Windows PCs belong to. You should get back the IP address of the 
-master browser for that workgroup.</P
+NAME="AEN211"
+>1.10.7. Other Character Sets</A
+></H2
 ><P
->If you don't then the election process has failed. Wait a minute to
-see if it is just being slow then try again. If it still fails after
-that then look at the browsing options you have set in smb.conf. Make
-sure you have <B
-CLASS="COMMAND"
->preferred master = yes</B
-> to ensure that 
-an election is held at startup.</P
+>If you have problems using filenames with accented 
+		characters in them (like the German, French or Scandinavian 
+		character sets) then I recommend you look at the "valid chars" 
+		option in smb.conf and also take a look at the validchars 
+		package in the examples directory.</P
 ></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN340">Test 11</H3
-><P
->From file manager try to browse the server. Your samba server should
-appear in the browse list of your local workgroup (or the one you
-specified in smb.conf). You should be able to double click on the name
-of the server and get a list of shares. If you get a "invalid
-password" error when you do then you are probably running WinNT and it
-is refusing to browse a server that has no encrypted password
-capability and is in user level security mode. In this case either set
-<B
-CLASS="COMMAND"
->security = server</B
-> AND 
-<B
-CLASS="COMMAND"
->password server = Windows_NT_Machine</B
-> in your
-smb.conf file, or enable encrypted passwords AFTER compiling in support
-for encrypted passwords (refer to the Makefile).</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN345">Still having troubles?</H2
-><P
->Try the mailing list or newsgroup, or use the ethereal utility to
-sniff the problem. The official samba mailing list can be reached at
-<A
-HREF="mailto:samba@samba.org"
-TARGET="_top"
->samba@samba.org</A
->. To find 
-out more about samba and how to subscribe to the mailing list check 
-out the samba web page at 
-<A
-HREF="http://samba.org/samba"
-TARGET="_top"
->http://samba.org/samba</A
-></P
-><P
->Also look at the other docs in the Samba package!</P
 ></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="INTEGRATE-MS-NETWORKS">Integrating MS Windows networks with Samba</H1
+NAME="INTEGRATE-MS-NETWORKS"
+>Chapter 2. Integrating MS Windows networks with Samba</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN362">Agenda</H2
+NAME="AEN225"
+>2.1. Agenda</A
+></H1
 ><P
 >To identify the key functional mechanisms of MS Windows networking 
 to enable the deployment of Samba as a means of extending and/or 
@@ -2742,10 +2010,12 @@ TYPE="a"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN384">Name Resolution in a pure Unix/Linux world</H2
+NAME="AEN247"
+>2.2. Name Resolution in a pure Unix/Linux world</A
+></H1
 ><P
 >The key configuration files covered in this section are:</P
 ><P
@@ -2782,13 +2052,15 @@ CLASS="FILENAME"
 ></UL
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN400"><TT
+NAME="AEN263"
+>2.2.1. <TT
 CLASS="FILENAME"
 >/etc/hosts</TT
-></H3
+></A
+></H2
 ><P
 >Contains a static list of IP Addresses and names.
 eg:</P
@@ -2870,13 +2142,15 @@ becomes available.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN416"><TT
+NAME="AEN279"
+>2.2.2. <TT
 CLASS="FILENAME"
 >/etc/resolv.conf</TT
-></H3
+></A
+></H2
 ><P
 >This file tells the name resolution libraries:</P
 ><P
@@ -2906,13 +2180,15 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN427"><TT
+NAME="AEN290"
+>2.2.3. <TT
 CLASS="FILENAME"
 >/etc/host.conf</TT
-></H3
+></A
+></H2
 ><P
 ><TT
 CLASS="FILENAME"
@@ -2942,13 +2218,15 @@ man page for host.conf for further details.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN435"><TT
+NAME="AEN298"
+>2.2.4. <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
-></H3
+></A
+></H2
 ><P
 >This file controls the actual name resolution targets. The 
 file typically has resolver object specifications as follows:</P
@@ -3018,10 +2296,12 @@ which both the samba machine and the MS Windows machine belong.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN447">Name resolution as used within MS Windows networking</H2
+NAME="AEN310"
+>2.3. Name resolution as used within MS Windows networking</A
+></H1
 ><P
 >MS Windows networking is predicated about the name each machine 
 is given. This name is known variously (and inconsistently) as 
@@ -3110,10 +2390,12 @@ Since we are primarily concerned with TCP/IP this demonstration is
 limited to this area.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN459">The NetBIOS Name Cache</H3
+NAME="AEN322"
+>2.3.1. The NetBIOS Name Cache</A
+></H2
 ><P
 >All MS Windows machines employ an in memory buffer in which is 
 stored the NetBIOS names and IP addresses for all external 
@@ -3135,10 +2417,12 @@ is called "nmblookup".</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN464">The LMHOSTS file</H3
+NAME="AEN327"
+>2.3.2. The LMHOSTS file</A
+></H2
 ><P
 >This file is usually located in MS Windows NT 4.0 or 
 2000 in <TT
@@ -3245,10 +2529,12 @@ CLASS="PROGRAMLISTING"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN472">HOSTS file</H3
+NAME="AEN335"
+>2.3.3. HOSTS file</A
+></H2
 ><P
 >This file is usually located in MS Windows NT 4.0 or 2000 in 
 <TT
@@ -3265,10 +2551,12 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN477">DNS Lookup</H3
+NAME="AEN340"
+>2.3.4. DNS Lookup</A
+></H2
 ><P
 >This capability is configured in the TCP/IP setup area in the network 
 configuration facility. If enabled an elaborate name resolution sequence 
@@ -3283,10 +2571,12 @@ lookup is used.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN480">WINS Lookup</H3
+NAME="AEN343"
+>2.3.5. WINS Lookup</A
+></H2
 ><P
 >A WINS (Windows Internet Name Server) service is the equivaent of the 
 rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores 
@@ -3342,11 +2632,13 @@ of the WINS server.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN492">How browsing functions and how to deploy stable and 
-dependable browsing using Samba</H2
+NAME="AEN355"
+>2.4. How browsing functions and how to deploy stable and 
+dependable browsing using Samba</A
+></H1
 ><P
 >As stated above, MS Windows machines register their NetBIOS names 
 (i.e.: the machine name for each service type in operation) on start 
@@ -3407,11 +2699,13 @@ and so on.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN502">MS Windows security options and how to configure 
-Samba for seemless integration</H2
+NAME="AEN365"
+>2.5. MS Windows security options and how to configure 
+Samba for seemless integration</A
+></H1
 ><P
 >MS Windows clients may use encrypted passwords as part of a 
 challenege/response authentication model (a.k.a. NTLMv1) or 
@@ -3527,9 +2821,8 @@ CLASS="PARAMETER"
 >password level</I
 ></TT
 > must be set to the maximum
-number of upper case letter which <I
-CLASS="EMPHASIS"
->could</I
+number of upper case letter which <EM
+>could</EM
 > appear
 is a password.  Note that is the server OS uses the traditional
 DES version of crypt(), then a <TT
@@ -3548,10 +2841,12 @@ where ever Samba is used. There are three configuration possibilities
 for support of encrypted passwords:</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN530">Use MS Windows NT as an authentication server</H3
+NAME="AEN393"
+>2.5.1. Use MS Windows NT as an authentication server</A
+></H2
 ><P
 >This method involves the additions of the following parameters 
 in the smb.conf file:</P
@@ -3591,10 +2886,12 @@ to prevent logons by other than MS Windows clients.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN538">Make Samba a member of an MS Windows NT security domain</H3
+NAME="AEN401"
+>2.5.2. Make Samba a member of an MS Windows NT security domain</A
+></H2
 ><P
 >This method involves additon of the following paramters in the smb.conf file:</P
 ><P
@@ -3661,10 +2958,12 @@ this HOWTO collection.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN555">Configure Samba as an authentication server</H3
+NAME="AEN418"
+>2.5.3. Configure Samba as an authentication server</A
+></H2
 ><P
 >This mode of authentication demands that there be on the 
 Unix/Linux system both a Unix style account as well as an 
@@ -3705,10 +3004,12 @@ to be created for each user, as well as for each MS Windows NT/2000
 machine. The following structure is required.</P
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN562">Users</H4
+NAME="AEN425"
+>2.5.3.1. Users</A
+></H3
 ><P
 >A user account that may provide a home directory should be 
 created. The following Linux system commands are typical of 
@@ -3735,10 +3036,12 @@ CLASS="PROGRAMLISTING"
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN567">MS Windows NT Machine Accounts</H4
+NAME="AEN430"
+>2.5.3.2. MS Windows NT Machine Accounts</A
+></H3
 ><P
 >These are required only when Samba is used as a domain 
 controller.  Refer to the Samba-PDC-HOWTO for more details.</P
@@ -3763,10 +3066,12 @@ CLASS="PROGRAMLISTING"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN572">Conclusions</H2
+NAME="AEN435"
+>2.6. Conclusions</A
+></H1
 ><P
 >Samba provides a flexible means to operate as...</P
 ><P
@@ -3800,14 +3105,18 @@ NAME="AEN572">Conclusions</H2
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="PAM">Configuring PAM for distributed but centrally 
-managed authentication</H1
+NAME="PAM"
+>Chapter 3. Configuring PAM for distributed but centrally 
+managed authentication</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN593">Samba and PAM</H2
+NAME="AEN456"
+>3.1. Samba and PAM</A
+></H1
 ><P
 >A number of Unix systems (eg: Sun Solaris), as well as the 
 xxxxBSD family and Linux, now utilize the Pluggable Authentication 
@@ -4042,7 +3351,7 @@ password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.
 ></P
 ><P
 >Note: PAM allows stacking of authentication mechanisms. It is 
-also possible to pass information obtained within one PAM module through 
+also possible to pass information obtained within on PAM module through 
 to the next module in the PAM stack. Please refer to the documentation for 
 your particular system implementation for details regarding the specific 
 capabilities of PAM in this environment. Some Linux implmentations also 
@@ -4061,10 +3370,12 @@ PAM documentation for further helpful information.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN637">Distributed Authentication</H2
+NAME="AEN500"
+>3.2. Distributed Authentication</A
+></H1
 ><P
 >The astute administrator will realize from this that the 
 combination of <TT
@@ -4092,10 +3403,12 @@ reduction of wide area network authentication traffic.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN644">PAM Configuration in smb.conf</H2
+NAME="AEN507"
+>3.3. PAM Configuration in smb.conf</A
+></H1
 ><P
 >There is an option in smb.conf called <A
 HREF="smb.conf.5.html#OBEYPAMRESTRICTIONS"
@@ -4133,13 +3446,17 @@ CLASS="COMMAND"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="MSDFS">Hosting a Microsoft Distributed File System tree on Samba</H1
+NAME="MSDFS"
+>Chapter 4. Hosting a Microsoft Distributed File System tree on Samba</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN664">Instructions</H2
+NAME="AEN527"
+>4.1. Instructions</A
+></H1
 ><P
 >The Distributed File System (or Dfs) provides a means of 
 	separating the logical view of files and directories that users 
@@ -4291,10 +3608,12 @@ CLASS="USERINPUT"
 	takes users directly to the appropriate shares on the network.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN699">Notes</H3
+NAME="AEN562"
+>4.1.1. Notes</A
+></H2
 ><P
 ></P
 ><UL
@@ -4325,14 +3644,18 @@ NAME="AEN699">Notes</H3
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="UNIX-PERMISSIONS">UNIX Permission Bits and Windows NT Access Control Lists</H1
+NAME="UNIX-PERMISSIONS"
+>Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN719">Viewing and changing UNIX permissions using the NT 
-	security dialogs</H2
+NAME="AEN582"
+>5.1. Viewing and changing UNIX permissions using the NT 
+	security dialogs</A
+></H1
 ><P
 >New in the Samba 2.0.4 release is the ability for Windows 
 	NT clients to use their native security settings dialog box to 
@@ -4365,38 +3688,34 @@ CLASS="CONSTANT"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN728">How to view file security on a Samba share</H2
+NAME="AEN591"
+>5.2. How to view file security on a Samba share</A
+></H1
 ><P
 >From an NT 4.0 client, single-click with the right 
 	mouse button on any file or directory in a Samba mounted 
 	drive letter or UNC path. When the menu pops-up, click 
-	on the <I
-CLASS="EMPHASIS"
->Properties</I
+	on the <EM
+>Properties</EM
 > entry at the bottom of 
 	the menu. This brings up the normal file properties dialog
 	box, but with Samba 2.0.4 this will have a new tab along the top
-	marked <I
-CLASS="EMPHASIS"
->Security</I
+	marked <EM
+>Security</EM
 >. Click on this tab and you 
-	will see three buttons, <I
-CLASS="EMPHASIS"
->Permissions</I
+	will see three buttons, <EM
+>Permissions</EM
 >, 	
-	<I
-CLASS="EMPHASIS"
->Auditing</I
->, and <I
-CLASS="EMPHASIS"
->Ownership</I
+	<EM
+>Auditing</EM
+>, and <EM
+>Ownership</EM
 >. 
-	The <I
-CLASS="EMPHASIS"
->Auditing</I
+	The <EM
+>Auditing</EM
 > button will cause either 
 	an error message <SPAN
 CLASS="ERRORNAME"
@@ -4415,10 +3734,12 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN739">Viewing file ownership</H2
+NAME="AEN602"
+>5.3. Viewing file ownership</A
+></H1
 ><P
 >Clicking on the <B
 CLASS="COMMAND"
@@ -4480,9 +3801,8 @@ CLASS="COMMAND"
 	it will display a dialog box complaining that the user you are 
 	currently logged onto the NT client cannot be found). The reason 
 	for this is that changing the ownership of a file is a privileged 
-	operation in UNIX, available only to the <I
-CLASS="EMPHASIS"
->root</I
+	operation in UNIX, available only to the <EM
+>root</EM
 > 
 	user. As clicking on this button causes NT to attempt to change 
 	the ownership of a file to the current user logged into the NT 
@@ -4492,19 +3812,20 @@ CLASS="EMPHASIS"
 	and allow a user with Administrator privilege connected 
 	to a Samba 2.0.4 server as root to change the ownership of 
 	files on both a local NTFS filesystem or remote mounted NTFS 
-	or Samba drive. This is available as part of the <I
-CLASS="EMPHASIS"
+	or Samba drive. This is available as part of the <EM
 >Seclib
-	</I
+	</EM
 > NT security library written by Jeremy Allison of 
 	the Samba Team, available from the main Samba ftp site.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN759">Viewing file or directory permissions</H2
+NAME="AEN622"
+>5.4. Viewing file or directory permissions</A
+></H1
 ><P
 >The third button is the <B
 CLASS="COMMAND"
@@ -4561,10 +3882,12 @@ CLASS="COMMAND"
 	are displayed first.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN774">File Permissions</H3
+NAME="AEN637"
+>5.4.1. File Permissions</A
+></H2
 ><P
 >The standard UNIX user/group/world triple and 
 		the corresponding "read", "write", "execute" permissions 
@@ -4621,10 +3944,12 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN788">Directory Permissions</H3
+NAME="AEN651"
+>5.4.2. Directory Permissions</A
+></H2
 ><P
 >Directories on an NT NTFS file system have two 
 		different sets of permissions. The first set of permissions 
@@ -4651,10 +3976,12 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN795">Modifying file or directory permissions</H2
+NAME="AEN658"
+>5.5. Modifying file or directory permissions</A
+></H1
 ><P
 >Modifying file and directory permissions is as simple 
 	as changing the displayed permissions in the dialog box, and 
@@ -4747,11 +4074,13 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN817">Interaction with the standard Samba create mask 
-	parameters</H2
+NAME="AEN680"
+>5.6. Interaction with the standard Samba create mask 
+	parameters</A
+></H1
 ><P
 >Note that with Samba 2.0.5 there are four new parameters 
 	to control this interaction.  These are :</P
@@ -4810,9 +4139,8 @@ CLASS="PARAMETER"
 >security mask</I
 ></TT
 >
-	mask may be treated as a set of bits the user is <I
-CLASS="EMPHASIS"
->not</I
+	mask may be treated as a set of bits the user is <EM
+>not</EM
 > 
 	allowed to change, and one bits are those the user is allowed to change.
 	</P
@@ -5019,11 +4347,13 @@ CLASS="PARAMETER"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN881">Interaction with the standard Samba file attribute 
-	mapping</H2
+NAME="AEN744"
+>5.7. Interaction with the standard Samba file attribute 
+	mapping</A
+></H1
 ><P
 >Samba maps some of the DOS attribute bits (such as "read 
 	only") into the UNIX permissions of a file. This means there can 
@@ -5067,13 +4397,17 @@ CLASS="COMMAND"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="PRINTING">Printing Support in Samba 2.2.x</H1
+NAME="PRINTING"
+>Chapter 6. Printing Support in Samba 2.2.x</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN902">Introduction</H2
+NAME="AEN765"
+>6.1. Introduction</A
+></H1
 ><P
 >Beginning with the 2.2.0 release, Samba supports 
 the native Windows NT printing mechanisms implemented via 
@@ -5139,10 +4473,9 @@ As a side note, Samba does not use these drivers in any way to process
 spooled files.  They are utilized entirely by the clients.</P
 ><P
 >The following MS KB article, may be of some help if you are dealing with
-Windows 2000 clients:  <I
-CLASS="EMPHASIS"
+Windows 2000 clients:  <EM
 >How to Add Printers with No User 
-Interaction in Windows 2000</I
+Interaction in Windows 2000</EM
 ></P
 ><P
 ><A
@@ -5153,40 +4486,30 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN924">Configuration</H2
+NAME="AEN787"
+>6.2. Configuration</A
+></H1
 ><DIV
 CLASS="WARNING"
 ><P
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >[print$] vs. [printer$]</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >Previous versions of Samba recommended using a share named [printer$].  
 This name was taken from the printer$ service created by Windows 9x 
@@ -5218,7 +4541,7 @@ CLASS="PARAMETER"
 >printer driver
 file</I
 ></TT
-> parameter, are being deprecated and should not 
+> parameter, are being deprecated and should not
 be used in new installations.  For more information on this change, 
 you should refer to the <A
 HREF="#MIGRATION"
@@ -5231,10 +4554,12 @@ of this document.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN935">Creating [print$]</H3
+NAME="AEN798"
+>6.2.1. Creating [print$]</A
+></H2
 ><P
 >In order to support the uploading of printer driver 
 files, you must first configure a file share named [print$].  
@@ -5310,35 +4635,11 @@ site is configured.  If users will be guaranteed to have
 an account on the Samba host, then this is a non-issue.</P
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
-><B
->Author's Note</B
-></TH
-></TR
-><TR
-><TD
->&nbsp;</TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Author's Note: </B
 >The non-issue is that if all your Windows NT users are guaranteed to be 
 authenticated by the Samba server (such as a domain member server and the NT 
 user has already been validated by the Domain Controller in 
@@ -5356,9 +4657,7 @@ CLASS="COMMAND"
 > in the [global] section as well.  Make sure 
 you understand what this parameter does before using it 
 though. --jerry</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ><P
 >In order for a Windows NT print server to support 
@@ -5394,30 +4693,18 @@ CLASS="WARNING"
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >ATTENTION!  REQUIRED PERMISSIONS</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >In order to currently add a new driver to you Samba host, 
 one of two conditions must hold true:</P
@@ -5470,17 +4757,18 @@ that matches the printer shares defined on your Samba host.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN970">Setting Drivers for Existing Printers</H3
+NAME="AEN833"
+>6.2.2. Setting Drivers for Existing Printers</A
+></H2
 ><P
 >The initial listing of printers in the Samba host's 
 Printers folder will have no real printer driver assigned 
 to them.  By default, in Samba 2.2.0 this driver name was set to 
-<I
-CLASS="EMPHASIS"
->NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</I
+<EM
+>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</EM
 >.
 Later versions changed this to a NULL string to allow the use
 tof the local Add Printer Wizard on NT/2000 clients.
@@ -5488,41 +4776,42 @@ Attempting to view the printer properties for a printer
 which has this default driver assigned will result in 
 the error message:</P
 ><P
-><I
-CLASS="EMPHASIS"
+><EM
 >Device settings cannot be displayed.  The driver 
 for the specified printer is not installed, only spooler 
 properties will be displayed.  Do you want to install the 
-driver now?</I
+driver now?</EM
 ></P
 ><P
->Click "No" in the error dialog and you will be presented with
-the printer properties window.  The way to assign a driver to a 
+>Click <EM
+>No</EM
+> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
 printer is to either</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->Use the "New Driver..." button to install 
+>Use the "New Driver..." button to install
 	a new printer driver, or</P
 ></LI
 ><LI
 ><P
->Select a driver from the popup list of 
+>Select a driver from the popup list of
 	installed drivers.  Initially this list will be empty.</P
 ></LI
 ></UL
 ><P
->If you wish to install printer drivers for client 
-operating systems other than "Windows NT x86", you will need 
+>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
 to use the "Sharing" tab of the printer properties dialog.</P
 ><P
->Assuming you have connected with a root account, you 
-will also be able modify other printer properties such as 
+>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
 ACLs and device settings using this dialog box.</P
 ><P
->A few closing comments for this section, it is possible 
+>A few closing comments for this section, it is possible
 on a Windows NT print server to have printers
 listed in the Printers folder which are not shared.  Samba does
 not make this distinction.  By definition, the only printers of
@@ -5533,7 +4822,7 @@ CLASS="FILENAME"
 >.</P
 ><P
 >Another interesting side note is that Windows NT clients do
-not use the SMB printer share, but rather can print directly 
+not use the SMB printer share, but rather can print directly
 to any printer on another Windows NT host using MS-RPC.  This
 of course assumes that the printing client has the necessary
 privileges on the remote host serving the printer.  The default
@@ -5542,24 +4831,70 @@ permissions to the "Everyone" well-known group.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN987">Support a large number of printers</H3
+NAME="AEN851"
+>6.2.3. DeviceModes and New Printers</A
+></H2
+><P
+>In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:</P
+><P
+></P
+><UL
+><LI
+><P
+>a valid Device Mode generated by the driver for the printer, and</P
+></LI
+><LI
+><P
+>a complete set of PrinterDriverData generated by the driver.</P
+></LI
+></UL
+><P
+>If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).</P
+><P
+>Samba also includes a service level parameter name <A
+HREF="smb.conf.5.html#DEFAULTDEVMODE"
+TARGET="_top"
+>default
+devmode</A
+> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN862"
+>6.2.4. Support a large number of printers</A
+></H2
 ><P
 >One issue that has arisen during the development
 phase of Samba 2.2 is the need to support driver downloads for
-100's of printers.  Using the Windows NT APW is somewhat 
-awkward to say the list.  If more than one printer are using the 
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
 same driver, the <A
 HREF="rpcclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >rpcclient's
-setdriver command</B
+setdriver</B
 ></A
-> can be used to set the driver
+> command can be used to set the driver
 associated with an installed driver.  The following is example
 of how this could be accomplished:</P
 ><P
@@ -5571,23 +4906,22 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
-> 
-<TT
+><TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumdrivers"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
- 
+
 [Windows NT x86]
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4000 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 2100 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4Si/4SiMX PS]
-				  
+
 <TT
 CLASS="PROMPT"
 >$ </TT
@@ -5597,7 +4931,7 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
      name:[\\POGO\hp-print]
      description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
      comment:[]
-				  
+
 <TT
 CLASS="PROMPT"
 >$ </TT
@@ -5615,16 +4949,18 @@ Successfully set hp-print to driver HP LaserJet 4000 Series PS.</PRE
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN998">Adding New Printers via the Windows NT APW</H3
+NAME="AEN873"
+>6.2.5. Adding New Printers via the Windows NT APW</A
+></H2
 ><P
 >By default, Samba offers all printer shares defined in <TT
 CLASS="FILENAME"
 >smb.conf</TT
 >
-in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
 Add Printer Wizard icon.  The APW will be show only if</P
 ><P
 ></P
@@ -5649,7 +4985,7 @@ TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->show 
+>show
 	add printer wizard = yes</I
 ></TT
 ></A
@@ -5658,36 +4994,36 @@ CLASS="PARAMETER"
 ></LI
 ></UL
 ><P
->In order to be able to use the APW to successfully add a printer to a Samba 
+>In order to be able to use the APW to successfully add a printer to a Samba
 server, the <A
 HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->add 
+>add
 printer command</I
 ></TT
 ></A
 > must have a defined value.  The program
-hook must successfully add the printer to the system (i.e. 
+hook must successfully add the printer to the system (i.e.
 <TT
 CLASS="FILENAME"
 >/etc/printcap</TT
-> or appropriate files) and 
+> or appropriate files) and
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > if necessary.</P
 ><P
->When using the APW from a client, if the named printer share does 
+>When using the APW from a client, if the named printer share does
 not exist, <B
 CLASS="COMMAND"
 >smbd</B
 > will execute the <TT
 CLASS="PARAMETER"
 ><I
->add printer 
+>add printer
 command</I
 ></TT
 > and reparse to the <TT
@@ -5704,7 +5040,7 @@ CLASS="PARAMETER"
 > is executed under the context
 of the connected user, not necessarily a root account.</P
 ><P
->There is a complementary <A
+>There is a complementing <A
 HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
 TARGET="_top"
 ><TT
@@ -5716,85 +5052,15 @@ printer command</I
 ></A
 > for removing entries from the "Printers..."
 folder.</P
-><P
->The following is an example <A
-HREF="smb.conf.5.html#ADDPRINTERCOMMAN"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->add printer command</I
-></TT
-></A
-> script. It adds the appropriate entries to <TT
-CLASS="FILENAME"
->/etc/printcap.local</TT
-> (change that to what you need) and returns a line of 'Done' which is needed for the whole process to work.</P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->#!/bin/sh
-
-# Script to insert a new printer entry into printcap.local
-#
-# $1, printer name, used as the descriptive name
-# $2, share name, used as the printer name for Linux
-# $3, port name
-# $4, driver name
-# $5, location, used for the device file of the printer
-# $6, win9x location
-
-#
-# Make sure we use the location that RedHat uses for local printer defs
-PRINTCAP=/etc/printcap.local
-DATE=`date +%Y%m%d-%H%M%S`
-LP=lp
-RESTART="service lpd restart"
-
-# Keep a copy
-cp $PRINTCAP $PRINTCAP.$DATE
-# Add the printer to $PRINTCAP
-echo ""				 			&#62;&#62; $PRINTCAP
-echo "$2|$1:\\" 					&#62;&#62; $PRINTCAP
-echo "  :sd=/var/spool/lpd/$2:\\" 			&#62;&#62; $PRINTCAP
-echo "  :mx=0:ml=0:sh:\\" 				&#62;&#62; $PRINTCAP
-echo "  :lp=/usr/local/samba/var/print/$5.prn:" 	&#62;&#62; $PRINTCAP
-
-touch "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&#38;1
-chown $LP "/usr/local/samba/var/print/$5.prn" &#62;&#62; /tmp/printadd.$$ 2&#62;&#38;1
-
-mkdir /var/spool/lpd/$2
-chmod 700 /var/spool/lpd/$2
-chown $LP /var/spool/lpd/$2
-#echo $1 &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-#echo $2 &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-#echo $3 &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-#echo $4 &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-#echo $5 &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-#echo $6 &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-$RESTART &#62;&#62; "/usr/local/samba/var/print/$5.prn"
-# Not sure if this is needed
-touch /usr/local/samba/lib/smb.conf
-#
-# You need to return a value, but I am not sure what it means.
-#
-echo "Done"
-exit 0</PRE
-></TD
-></TR
-></TABLE
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1028">Samba and Printer Ports</H3
+NAME="AEN898"
+>6.2.6. Samba and Printer Ports</A
+></H2
 ><P
 >Windows NT/2000 print servers associate a port with each printer.  These normally
 take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
@@ -5826,10 +5092,12 @@ that generates a listing of ports on a system.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1036">The Imprints Toolset</H2
+NAME="AEN906"
+>6.3. The Imprints Toolset</A
+></H1
 ><P
 >The Imprints tool set provides a UNIX equivalent of the 
 	Windows NT Add Printer Wizard.  For complete information, please 
@@ -5840,12 +5108,21 @@ TARGET="_top"
 > as well as the documentation 
 	included with the imprints source distribution.  This section will 
 	only provide a brief introduction to the features of Imprints.</P
+><P
+>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1040">What is Imprints?</H3
+NAME="AEN911"
+>6.3.1. What is Imprints?</A
+></H2
 ><P
 >Imprints is a collection of tools for supporting the goals 
 		of</P
@@ -5872,10 +5149,12 @@ NAME="AEN1040">What is Imprints?</H3
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1050">Creating Printer Driver Packages</H3
+NAME="AEN921"
+>6.3.2. Creating Printer Driver Packages</A
+></H2
 ><P
 >The process of creating printer driver packages is beyond
 		the scope of this document (refer to Imprints.txt also included
@@ -5886,10 +5165,12 @@ NAME="AEN1050">Creating Printer Driver Packages</H3
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1053">The Imprints server</H3
+NAME="AEN924"
+>6.3.3. The Imprints server</A
+></H2
 ><P
 >The Imprints server is really a database server that 
 		may be queried via standard HTTP mechanisms.  Each printer 
@@ -5897,18 +5178,19 @@ NAME="AEN1053">The Imprints server</H3
 		downloading of the package.  Each package is digitally signed
 		via GnuPG which can be used to verify that package downloaded
 		is actually the one referred in the Imprints database.  It is 
-		<I
-CLASS="EMPHASIS"
->not</I
+		<EM
+>not</EM
 > recommended that this security check 
 		be disabled.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1057">The Installation Client</H3
+NAME="AEN928"
+>6.3.4. The Installation Client</A
+></H2
 ><P
 >More information regarding the Imprints installation client 
 		is available in the <TT
@@ -6006,13 +5288,15 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1079"><A
+NAME="AEN950"
+>6.4. <A
 NAME="MIGRATION"
 ></A
->Migration to from Samba 2.0.x to 2.2.x</H2
+>Migration to from Samba 2.0.x to 2.2.x</A
+></H1
 ><P
 >Given that printer driver management has changed (we hope improved) in 
 2.2 over prior releases, migration from an existing setup to 2.2 can 
@@ -6083,30 +5367,18 @@ CLASS="WARNING"
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >Achtung!</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >The following <TT
 CLASS="FILENAME"
@@ -6152,6 +5424,17 @@ CLASS="PARAMETER"
 ></TR
 ></TABLE
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN983"
+>6.4.1. Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
+></H2
 ><P
 >The have been two new parameters add in Samba 2.2.2 to for 
 better support of Samba 2.0.x backwards capability (<TT
@@ -6168,150 +5451,94 @@ CLASS="PARAMETER"
 ></TT
 >). Both of 
 these options are described in the smb.coinf(5) man page and are 
-disabled by default.</P
+disabled by default.  Use them with caution.</P
+></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="PRINTINGDEBUG">Debugging Printing Problems</H1
+NAME="CUPS"
+>Chapter 7. Printing with CUPS in Samba 2.2.x</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1125">Introduction</H2
-><P
->This is a short description of how to debug printing problems with
-Samba. This describes how to debug problems with printing from a SMB
-client to a Samba server, not the other way around. For the reverse
-see the examples/printing directory.</P
-><P
->Ok, so you want to print to a Samba server from your PC. The first
-thing you need to understand is that Samba does not actually do any
-printing itself, it just acts as a middleman between your PC client
-and your Unix printing subsystem. Samba receives the file from the PC
-then passes the file to a external "print command". What print command
-you use is up to you.</P
-><P
->The whole things is controlled using options in smb.conf. The most
-relevant options (which you should look up in the smb.conf man page)
-are:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->      [global]
-        print command     - send a file to a spooler
-        lpq command       - get spool queue status
-        lprm command      - remove a job
-      [printers]
-        path = /var/spool/lpd/samba</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The following are nice to know about:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->        queuepause command   - stop a printer or print queue
-        queueresume command  - start a printer or print queue</PRE
-></TD
-></TR
-></TABLE
-></P
+NAME="AEN999"
+>7.1. Printing with CUPS in Samba 2.2.x</A
+></H1
 ><P
->Example:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->        print command = /usr/bin/lpr -r -P%p %s
-        lpq command   = /usr/bin/lpq    -P%p %s
-        lprm command  = /usr/bin/lprm   -P%p %j
-        queuepause command = /usr/sbin/lpc -P%p stop
-        queuepause command = /usr/sbin/lpc -P%p start</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Samba should set reasonable defaults for these depending on your
-system type, but it isn't clairvoyant. It is not uncommon that you
-have to tweak these for local conditions.  The commands should
-always have fully specified pathnames,  as the smdb may not have
-the correct PATH values.</P
-><P
->When you send a job to Samba to be printed,  it will make a temporary
-copy of it in the directory specified in the [printers] section.
-and it should be periodically cleaned out.  The lpr -r option
-requests that the temporary copy be removed after printing; If
-printing fails then you might find leftover files in this directory,
-and it should be periodically cleaned out.  Samba used the lpq
-command to determine the "job number" assigned to your print job
-by the spooler.</P
-><P
->The %&#62;letter&#60; are "macros" that get dynamically replaced with appropriate
-values when they are used. The %s gets replaced with the name of the spool
-file that Samba creates and the %p gets replaced with the name of the
-printer. The %j gets replaced with the "job number" which comes from
-the lpq output.</P
+><A
+HREF="http://www.cups.org/"
+TARGET="_top"
+>CUPS</A
+> is a newcomer in
+the UNIX printing scene, which has convinced many people upon first trial
+already. However, it has quite a few new features, which make it different
+from other, more traditional printing systems.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1141">Debugging printer problems</H2
-><P
->One way to debug printing problems is to start by replacing these
-command with shell scripts that record the arguments and the contents
-of the print file. A simple example of this kind of things might
-be:</P
+NAME="AEN1003"
+>7.2. Configuring <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for CUPS</A
+></H1
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	print command = /tmp/saveprint %p %s
-
-    #!/bin/saveprint
-    # we make sure that we are the right user
-    /usr/bin/id -p &#62;/tmp/tmp.print
-    # we run the command and save the error messages
-    # replace the command with the one appropriate for your system
-    /usr/bin/lpr -r -P$1 $2 2&#62;&#62;&#38;/tmp/tmp.print</PRE
-></TD
-></TR
-></TABLE
-></P
+>Printing with CUPS in the most basic <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+setup in Samba 2.2.x only needs two settings: <B
+CLASS="COMMAND"
+>printing = cups</B
+> and
+<B
+CLASS="COMMAND"
+>printcap = cups</B
+>. While CUPS itself doesn't need a printcap
+anymore, the <TT
+CLASS="FILENAME"
+>cupsd.conf</TT
+> configuration file knows two directives
+(example: <B
+CLASS="COMMAND"
+>Printcap /etc/printcap</B
+> and <B
+CLASS="COMMAND"
+>PrintcapFormat
+BSD</B
+>), which control if such a file should be created for the
+convenience of third party applications. Make sure it is set! For details see
+<B
+CLASS="COMMAND"
+>man cupsd.conf</B
+> and other CUPS-related documentation.</P
 ><P
->Then you print a file and try removing it.  You may find that the
-print queue needs to be stopped in order to see the queue status
-and remove the job:</P
+>If SAMBA is compiled against libcups, then <B
+CLASS="COMMAND"
+>printcap =
+cups</B
+> uses the CUPS API to list printers, submit jobs, etc. Otherwise it
+maps to the System V commands with an additional <TT
+CLASS="PARAMETER"
+><I
+>-oraw</I
+></TT
+>
+option for printing. On a Linux system, you can use the <B
+CLASS="COMMAND"
+>ldd</B
+> command to
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):</P
 ><P
 ><TABLE
 BORDER="0"
@@ -6321,185 +5548,191 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->&#13;h4: {42} % echo hi &#62;/tmp/hi
-h4: {43} % smbclient //localhost/lw4
-added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0
-Password: 
-Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7]
-smb: \&#62; print /tmp/hi
-putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s)
-smb: \&#62; queue
-1049     3            hi-17534
-smb: \&#62; cancel 1049
-Error cancelling job 1049 : code 0
-smb: \&#62; cancel 1049
-Job 1049 cancelled
-smb: \&#62; queue
-smb: \&#62; exit</PRE
+>transmeta:/home/kurt # ldd `which smbd`
+        libssl.so.0.9.6 =&#62; /usr/lib/libssl.so.0.9.6 (0x4002d000)
+        libcrypto.so.0.9.6 =&#62; /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
+        libcups.so.2 =&#62; /usr/lib/libcups.so.2 (0x40123000)
+        libdl.so.2 =&#62; /lib/libdl.so.2 (0x401e8000)
+        libnsl.so.1 =&#62; /lib/libnsl.so.1 (0x401ec000)
+        libpam.so.0 =&#62; /lib/libpam.so.0 (0x40202000)
+        libc.so.6 =&#62; /lib/libc.so.6 (0x4020b000)
+        /lib/ld-linux.so.2 =&#62; /lib/ld-linux.so.2 (0x40000000)</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->The 'code 0' indicates that the job was removed.  The comment
-by the  smbclient is a bit misleading on this.
-You can observe the command output and then and look at the
-/tmp/tmp.print file to see what the results are.  You can quickly
-find out if the problem is with your printing system.  Often people
-have problems with their /etc/printcap file or permissions on
-various print queues.</P
+>The line "libcups.so.2 =&#62; /usr/lib/libcups.so.2
+(0x40123000)" shows there is CUPS support compiled into this version of
+Samba. If this is the case, and <B
+CLASS="COMMAND"
+>printing = cups</B
+> is set, then any
+otherwise manually set print command in smb.conf is ignored.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1150">What printers do I have?</H2
-><P
->You can use the 'testprns' program to check to see if the printer
-name you are using is recognized by Samba.  For example,  you can
-use:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    testprns printer /etc/printcap</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Samba can get its printcap information from a file or from a program.
-You can try the following to see the format of the extracted
-information:</P
+NAME="AEN1022"
+>7.3. Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</A
+></H1
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->    testprns -a printer /etc/printcap
-
-    testprns -a printer '|/bin/cat printcap'</PRE
-></TD
-></TR
-></TABLE
-></P
+>You can setup Samba and your Windows clients to use the
+CUPS print subsystem just as you would with any of the more traditional print
+subsystems: that means the use of vendor provided, native Windows printer
+drivers for each target printer. If you setup the [print$] share to
+download these drivers to the clients, their GDI system (Graphical Device
+Interface) will output the Wndows EMF (Enhanced MetaFile) and
+convert it -- with the help of the printer driver -- locally into the format
+the printer is expecting. Samba and the CUPS print subsystem will have to
+treat these files as raw print files  -- they are already in the
+shape to be digestable for the printer. This is the same traditional setup
+for Unix print servers handling Windows client jobs. It does not take much
+CPU power to handle this kind of task efficiently.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1158">Setting up printcap and print servers</H2
-><P
->You may need to set up some printcaps for your Samba system to use.
-It is strongly recommended that you use the facilities provided by
-the print spooler to set up queues and printcap information.</P
-><P
->Samba requires either a printcap or program to deliver printcap
-information.  This printcap information has the format:</P
+NAME="AEN1025"
+>7.4. CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</A
+></H1
+><P
+>CUPS is perfectly able to use PPD files (PostScript
+Printer Descriptions). PPDs can control all print device options. They
+are usually provided by the manufacturer -- if you own a PostSript printer,
+that is. PPD files are always a component of PostScript printer drivers on MS
+Windows or Apple Mac OS systems. They are ASCII files containing
+user-selectable print options, mapped to appropriate PostScript, PCL or PJL
+commands for the target printer. Printer driver GUI dialogs translate these
+options "on-the-fly" into buttons and drop-down lists for the user to
+select.</P
+><P
+>CUPS can load, without any conversions, the PPD file from
+any Windows (NT is recommended) PostScript driver and handle the options.
+There is a web browser interface to the print options (select
+http://localhost:631/printers/ and click on one "Configure Printer" button
+to see it), a commandline interface (see <B
+CLASS="COMMAND"
+>man lpoptions</B
+> or
+try if you have <B
+CLASS="COMMAND"
+>lphelp</B
+> on your system) plus some different GUI frontends on Linux
+UNIX, which can present PPD options to the users. PPD options are normally
+meant to become evaluated by the PostScript RIP on the real PostScript
+printer.</P
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  name|alias1|alias2...:option=value:...</PRE
-></TD
-></TR
-></TABLE
-></P
+>CUPS doesn't stop at "real" PostScript printers in its
+usage of PPDs. The CUPS developers have extended the PPD concept, to also
+describe available device and driver options for non-PostScript printers
+through  CUPS-PPDs.</P
 ><P
->For almost all printing systems, the printer 'name' must be composed
-only of alphanumeric or underscore '_' characters.  Some systems also
-allow hyphens ('-') as well.  An alias is an alternative name for the
-printer,  and an alias with a space in it is used as a 'comment'
-about the printer.  The printcap format optionally uses a \ at the end of lines
-to extend the printcap to multiple lines.</P
+>This is logical, as CUPS includes a fully featured
+PostScript interpreter (RIP). This RIP is based on Ghostscript. It can
+process all received PostScript (and additionally many other file formats)
+from clients. All CUPS-PPDs geared to non-PostScript printers contain an
+additional line, starting with the keyword <TT
+CLASS="PARAMETER"
+><I
+>*cupsFilter</I
+></TT
+>.
+This line
+tells the CUPS print system which printer-specific filter to use for the
+interpretation of the accompanying PostScript. Thus CUPS lets all its
+printers appear as PostScript devices to its clients, because it can act as a
+PostScript RIP for those printers, processing the received PostScript code
+into a proper raster print format.</P
 ><P
->Here are some examples of printcap files:</P
+>CUPS-PPDs can also be used on Windows-Clients, on top of a
+PostScript driver (recommended is the Adobe one).</P
 ><P
+>This feature enables CUPS to do a few tricks no other
+spooler can do:</P
 ><P
 ></P
-><OL
-TYPE="1"
-><LI
-><P
->pr              just printer name</P
-></LI
-><LI
-><P
->pr|alias        printer name and alias</P
-></LI
+><UL
 ><LI
 ><P
->pr|My Printer   printer name, alias used as comment</P
+>act as a networked PostScript RIP (Raster Image Processor), handling
+    printfiles from all client platforms in a uniform way;</P
 ></LI
 ><LI
 ><P
->pr:sh:\        Same as pr:sh:cm= testing
-  :cm= \ 
-  testing</P
+>act as a central accounting and billing server, as all files are passed
+    through the <B
+CLASS="COMMAND"
+>pstops</B
+> Filter and are therefor logged in
+    the CUPS <TT
+CLASS="FILENAME"
+>page_log</TT
+>. - <EM
+>NOTE: </EM
+>this
+    can not happen with "raw" print jobs, which always remain unfiltered
+    per definition;</P
 ></LI
 ><LI
 ><P
->pr:sh           Same as pr:sh:cm= testing
-  :cm= testing</P
+>enable clients to consolidate on a single PostScript driver, even for
+    many different target printers.</P
 ></LI
-></OL
-></P
-><P
->Samba reads the printcap information when first started.  If you make
-changes in the printcap information, then you must do the following:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->make sure that the print spooler is aware of these changes.
-The LPRng system uses the 'lpc reread' command to do this.</P
-></LI
-><LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN1046"
+>7.5. Windows Terminal Servers (WTS) as CUPS clients</A
+></H1
 ><P
->make sure that the spool queues, etc., exist and have the
-correct permissions.  The LPRng system uses the 'checkpc -f'
-command to do this.</P
-></LI
-><LI
+>This setup may be of special interest to people
+experiencing major problems in WTS environments. WTS need often a multitude
+of non-PostScript drivers installed to run their clients' variety of
+different printer models. This often imposes the price of much increased
+instability. In many cases, in an attempt to overcome this problem, site
+administrators have resorted to restrict the allowed drivers installed on
+their WTS to one generic PCL- and one PostScript driver. This however
+restricts the clients in the amount of printer options available for them --
+often they can't get out more then simplex prints from one standard paper
+tray, while their devices could do much better, if driven by a different
+driver!</P
 ><P
->You now should send a SIGHUP signal to the smbd server to have
-it reread the printcap information.</P
-></LI
-></OL
+>Using an Adobe PostScript driver, enabled with a CUPS-PPD,
+seems to be a very elegant way to overcome all these shortcomings. The
+PostScript driver is not known to cause major stability problems on WTS (even
+if used with many different PPDs). The clients will be able to (again) chose
+paper trays, duplex printing and other settings. However, there is a certain
+price for this too: a  CUPS server acting as a PostScript RIP for its clients
+requires more CPU and RAM than just to act as  a "raw spooling" device. Plus,
+this setup is not yet widely tested, although the first feedbacks look very
+promising...</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1186">Job sent, no output</H2
-><P
->This is the most frustrating part of printing.  You may have sent the
-job,  verified that the job was forwarded,  set up a wrapper around
-the command to send the file,  but there was no output from the printer.</P
+NAME="AEN1050"
+>7.6. Setting up CUPS for driver download</A
+></H1
 ><P
->First,  check to make sure that the job REALLY is getting to the
-right print queue.  If you are using a BSD or LPRng print spooler,
-you can temporarily stop the printing of jobs.  Jobs can still be
-submitted, but they will not be printed.  Use:</P
+>The <B
+CLASS="COMMAND"
+>cupsadsmb</B
+> utility (shipped with all current
+CUPS versions) makes the sharing of any (or all) installed CUPS printers very
+easy. Prior to using it, you need the following settings in smb.conf:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -6509,22 +5742,45 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->  lpc -Pprinter stop</PRE
+>[global]
+         load printers = yes
+         printing = cups
+         printcap name = cups
+
+[printers]
+         comment = All Printers
+         path = /var/spool/samba
+         browseable = no
+         public = yes
+         guest ok = yes
+         writable = no
+         printable = yes
+         printer admin = root
+
+[print$]
+         comment = Printer Drivers
+         path = /etc/samba/drivers
+         browseable = yes
+         guest ok = no
+         read only = yes
+         write list = root</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->Now submit a print job and then use 'lpq -Pprinter' to see if the
-job is in the print queue.  If it is not in the print queue then
-you will have to find out why it is not being accepted for printing.</P
-><P
->Next, you may want to check to see what the format of the job really
-was.  With the assistance of the system administrator you can view
-the submitted jobs files.  You may be surprised to find that these
-are not in what you would expect to call a printable format.
-You can use the UNIX 'file' utitily to determine what the job
-format actually is:</P
+>For licensing reasons the necessary files of the Adobe
+Postscript driver can not be distributed with either Samba or CUPS. You need
+to download them yourself from the Adobe website. Once extracted, create a
+<TT
+CLASS="FILENAME"
+>drivers</TT
+> directory in the CUPS data directory (usually
+<TT
+CLASS="FILENAME"
+>/usr/share/cups/</TT
+>). Copy the Adobe files using
+UPPERCASE filenames, to this directory as follows:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -6534,131 +5790,161 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->    cd /var/spool/lpd/printer   # spool directory of print jobs
-    ls                          # find job files
-    file dfA001myhost</PRE
+>        ADFONTS.MFM
+        ADOBEPS4.DRV
+        ADOBEPS4.HLP
+        ADOBEPS5.DLL
+        ADOBEPSU.DLL
+        ADOBEPSU.HLP
+        DEFPRTR2.PPD
+        ICONLIB.DLL</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->You should make sure that your printer supports this format OR that
-your system administrator has installed a 'print filter' that will
-convert the file to a format appropriate for your printer.</P
+>Users of the ESP Print Pro software are able to install
+their "Samba Drivers" package for this purpose with no problem.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1197">Job sent, strange output</H2
-><P
->Once you have the job printing, you can then start worrying about
-making it print nicely.</P
+NAME="AEN1062"
+>7.7. Sources of CUPS drivers / PPDs</A
+></H1
 ><P
->The most common problem is extra pages of output: banner pages
-OR blank pages at the end.</P
+>On the internet you can find now many thousand CUPS-PPD
+files (with their companion filters), in many national languages,
+supporting more than 1.000 non-PostScript models.</P
 ><P
->If you are getting banner pages,  check and make sure that the
-printcap option or printer option is configured for no banners.
-If you have a printcap,  this is the :sh (suppress header or banner
-page) option.  You should have the following in your printer.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->   printer: ... :sh</PRE
-></TD
-></TR
-></TABLE
 ></P
+><UL
+><LI
 ><P
->If you have this option and are still getting banner pages,  there
-is a strong chance that your printer is generating them for you
-automatically.  You should make sure that banner printing is disabled
-for the printer.  This usually requires using the printer setup software
-or procedures supplied by the printer manufacturer.</P
-><P
->If you get an extra page of output,  this could be due to problems
-with your job format,  or if you are generating PostScript jobs,
-incorrect setting on your printer driver on the MicroSoft client.
-For example, under Win95 there is a option:</P
+><A
+HREF="http://wwwl.easysw.com/printpro/"
+TARGET="_top"
+>ESP PrintPro
+    (http://wwwl.easysw.com/printpro/)</A
+>
+    (commercial, non-Free) is packaged with more than 3.000 PPDs, ready for
+    successful usage "out of the box" on Linux, IBM-AIX, HP-UX, Sun-Solaris,
+    SGI-IRIX, Compaq Tru64, Digital Unix and some more commercial Unices (it
+    is written by the CUPS developers themselves and its sales help finance
+    the further development of CUPS, as they feed their creators)</P
+></LI
+><LI
 ><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->  Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|</PRE
-></TD
-></TR
-></TABLE
-></P
+>the <A
+HREF="http://gimp-print.sourceforge.net/"
+TARGET="_top"
+>Gimp-Print-Project
+    (http://gimp-print.sourceforge.net/)</A
+>
+    (GPL, Free Software) provides around 120 PPDs (supporting nearly 300
+    printers, many driven to photo quality output), to be used alongside the
+    Gimp-Print CUPS filters;</P
+></LI
+><LI
 ><P
->that allows you to choose if a Ctrl-D is appended to all jobs.
-This is a very bad thing to do, as most spooling systems will
-automatically add a ^D to the end of the job if it is detected as
-PostScript.  The multiple ^D may cause an additional page of output.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
 ><A
-NAME="AEN1209">Raw PostScript printed</H2
+HREF="http://www.turboprint.com/"
+TARGET="_top"
+>TurboPrint
+    (http://www.turboprint.com/)</A
+>
+    (Shareware, non-Freee) supports roughly the same amount of printers in
+    excellent quality;</P
+></LI
+><LI
 ><P
->This is a problem that is usually caused by either the print spooling
-system putting information at the start of the print job that makes
-the printer think the job is a text file, or your printer simply
-does not support PostScript.  You may need to enable 'Automatic
-Format Detection' on your printer.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
 ><A
-NAME="AEN1212">Advanced Printing</H2
+HREF="http://www-124.ibm.com/developerworks/oss/linux/projects/omni/"
+TARGET="_top"
+>OMNI
+    (http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)</A
+>
+    (LPGL, Free) is a package made by IBM, now containing support for more
+    than 400 printers, stemming from the inheritance of IBM OS/2 KnowHow
+    ported over to Linux (CUPS support is in a Beta-stage at present);</P
+></LI
+><LI
 ><P
->Note that you can do some pretty magic things by using your
-imagination with the "print command" option and some shell scripts.
-Doing print accounting is easy by passing the %U option to a print
-command shell script. You could even make the print command detect
-the type of output and its size and send it to an appropriate
-printer.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
 ><A
-NAME="AEN1215">Real debugging</H2
+HREF="http://hpinkjet.sourceforge.net/"
+TARGET="_top"
+>HPIJS
+    (http://hpinkjet.sourceforge.net/)</A
+>
+    (BSD-style licnes, Free) supports around 120 of HP's own printers and is
+    also providing excellent print quality now;</P
+></LI
+><LI
 ><P
->If the above debug tips don't help, then maybe you need to bring in
-the bug guns, system tracing. See Tracing.txt in this directory.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
 ><A
-NAME="SECURITYLEVELS">Security levels</H1
+HREF="http://www.linuxprinting.org/"
+TARGET="_top"
+>Foomatic/cupsomatic (http://www.linuxprinting.org/)</A
+> 
+    (LPGL, Free) from Linuxprinting.org are providing PPDs for practically every
+    Ghostscript filter known to the world, now usable with CUPS.</P
+></LI
+></UL
+><P
+><EM
+>NOTE: </EM
+>the cupsomatic trick from Linuxprinting.org is
+working different from the other drivers. While the other drivers take the
+generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
+RIP-ping, deviates it to an external Ghostscript installation (which now
+becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...</P
+><P
+>Once you installed a printer inside CUPS with one of the
+recommended methods (the lpadmin command, the web browser interface or one of
+the available GUI wizards), you can use <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> to share the
+printer via Samba. <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> prepares the driver files for
+comfortable client download and installation upon their first contact with
+this printer share.</P
 ><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
 ><A
-NAME="AEN1228">Introduction</H2
+NAME="AEN1089"
+>7.7.1. <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+></A
+></H2
 ><P
->Samba supports the following options to the global smb.conf parameter</P
+>The <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> command copies the needed files
+for convenient Windows client installations from the previously prepared CUPS
+data directory to your [print$] share. Additionally, the PPD
+associated with this printer is copied from <TT
+CLASS="FILENAME"
+>/etc/cups/ppd/</TT
+> to
+[print$].</P
 ><P
 ><TABLE
 BORDER="0"
@@ -6668,146 +5954,155 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->[global]
-<A
-HREF="smb.conf.5.html#SECURITY"
-TARGET="_top"
 ><TT
-CLASS="PARAMETER"
-><I
->security</I
+CLASS="PROMPT"
+>root# </TT
+> <B
+CLASS="COMMAND"
+>cupsaddsmb -U root infotec_IS2027</B
+>
+Password for root required to access localhost via SAMBA: <TT
+CLASS="USERINPUT"
+><B
+>[type in password 'secret']</B
 ></TT
-></A
-> = [share|user(default)|domain|ads]</PRE
+></PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->Please refer to the smb.conf man page for usage information and to the document
-<A
-HREF="DOMAIN_MEMBER.html"
-TARGET="_top"
->DOMAIN_MEMBER.html</A
-> for further background details
-on domain mode security.  The Windows 2000 Kerberos domain security model
-(security = ads) is described in the <A
-HREF="ADS-HOWTO.html"
-TARGET="_top"
->ADS-HOWTO.html</A
->.</P
-><P
->Of the above, "security = server" means that Samba reports to clients that
-it is running in "user mode" but actually passes off all authentication
-requests to another "user mode" server. This requires an additional
-parameter "password server =" that points to the real authentication server.
-That real authentication server can be another Samba server or can be a
-Windows NT server, the later natively capable of encrypted password support.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1239">More complete description of security levels</H2
-><P
->A SMB server tells the client at startup what "security level" it is
-running. There are two options "share level" and "user level". Which
-of these two the client receives affects the way the client then tries
-to authenticate itself. It does not directly affect (to any great
-extent) the way the Samba server does security. I know this is
-strange, but it fits in with the client/server approach of SMB. In SMB
-everything is initiated and controlled by the client, and the server
-can only tell the client what is available and whether an action is
-allowed. </P
+>To share all printers and drivers, use the <TT
+CLASS="PARAMETER"
+><I
+>-a</I
+></TT
+>
+parameter instead of a printer name.</P
 ><P
->I'll describe user level security first, as its simpler. In user level
-security the client will send a "session setup" command directly after
-the protocol negotiation. This contains a username and password. The
-server can either accept or reject that username/password
-combination. Note that at this stage the server has no idea what
-share the client will eventually try to connect to, so it can't base
-the "accept/reject" on anything other than:</P
+>Probably you want to see what's going on. Use the
+<TT
+CLASS="PARAMETER"
+><I
+>-v</I
+></TT
+> parameter to get a more verbose output:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> cupsaddsmb -v -U root infotec_IS2027
+    Password for root required to access localhost via SAMBA:
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3cd1cc66376c0 W32X86/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \W32X86/infotec_IS2027.PPD (17394.6 kb/s) (average 17395.2 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (10877.4 kb/s) (average 11343.0 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (5095.2 kb/s) (average 9260.4 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (8828.7 kb/s) (average 9247.1 kb/s)
+
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3cd1cc66376c0 WIN40/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \WIN40/infotec_IS2027.PPD (26091.5 kb/s) (average 26092.8 kb/s)
+    putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (11241.6 kb/s) (average 11812.9 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (16640.6 kb/s) (average 14679.3 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (11285.6 kb/s) (average 14281.5 kb/s)
+    putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (823.5 kb/s) (average 12944.0 kb/s)
+    putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (19226.2 kb/s) (average 13169.7 kb/s)
+    putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 13266.7 kb/s)
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"'
+    cmd = adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
+    cmd = adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver infotec_IS2027 infotec_IS2027'
+    cmd = setdriver infotec_IS2027 infotec_IS2027
+    Succesfully set infotec_IS2027 to driver infotec_IS2027.
+
+    <TT
+CLASS="PROMPT"
+>root# </TT
+></PRE
+></TD
+></TR
+></TABLE
 ></P
-><OL
-TYPE="1"
-><LI
 ><P
->the username/password</P
-></LI
-><LI
+>If you look closely, you'll discover your root password
+was transfered unencrypted over the wire, so beware! Also, if you look
+further her, you'll discover error messages like
+<TT
+CLASS="CONSTANT"
+>NT_STATUS_OBJECT_NAME_COLLISION</TT
+> in between. They occur, because
+the directories <TT
+CLASS="FILENAME"
+>WIN40</TT
+> and <TT
+CLASS="FILENAME"
+>W32X86</TT
+> already
+existed in the [print$] driver download share (from a previous driver
+installation). They are harmless here.</P
 ><P
->the machine that the client is coming from</P
-></LI
-></OL
+>Now your printer is prepared for the clients to use. From
+a client, browse to the CUPS/Samba server, open the "Printers"
+share, right-click on this printer and select "Install..." or
+"Connect..." (depending on the Windows version you use). Now their
+should be a new printer in your client's local "Printers" folder,
+named (in my case) "infotec_IS2027 on kdebitshop"</P
 ><P
->If the server accepts the username/password then the client expects to
-be able to mount any share (using a "tree connection") without
-specifying a password. It expects that all access rights will be as
-the username/password specified in the "session setup". </P
-><P
->It is also possible for a client to send multiple "session setup"
-requests. When the server responds it gives the client a "uid" to use
-as an authentication tag for that username/password. The client can
-maintain multiple authentication contexts in this way (WinDD is an
-example of an application that does this)</P
-><P
->Ok, now for share level security. In share level security the client
-authenticates itself separately for each share. It will send a
-password along with each "tree connection" (share mount). It does not
-explicitly send a username with this operation. The client is
-expecting a password to be associated with each share, independent of
-the user. This means that samba has to work out what username the
-client probably wants to use. It is never explicitly sent the
-username. Some commercial SMB servers such as NT actually associate
-passwords directly with shares in share level security, but samba
-always uses the unix authentication scheme where it is a
-username/password that is authenticated, not a "share/password".</P
-><P
->Many clients send a "session setup" even if the server is in share
-level security. They normally send a valid username but no
-password. Samba records this username in a list of "possible
-usernames". When the client then does a "tree connection" it also adds
-to this list the name of the share they try to connect to (useful for
-home directories) and any users listed in the "user =" smb.conf
-line. The password is then checked in turn against these "possible
-usernames". If a match is found then the client is authenticated as
-that user.</P
-><P
->Finally "server level" security. In server level security the samba
-server reports to the client that it is in user level security. The
-client then does a "session setup" as described earlier. The samba
-server takes the username/password that the client sends and attempts
-to login to the "password server" by sending exactly the same
-username/password that it got from the client. If that server is in
-user level security and accepts the password then samba accepts the
-clients connection. This allows the samba server to use another SMB
-server as the "password server". </P
-><P
->You should also note that at the very start of all this, where the
-server tells the client what security level it is in, it also tells
-the client if it supports encryption. If it does then it supplies the
-client with a random "cryptkey". The client will then send all
-passwords in encrypted form. You have to compile samba with encryption
-enabled to support this feature, and you have to maintain a separate
-smbpasswd file with SMB style encrypted passwords. It is
-cryptographically impossible to translate from unix style encryption
-to SMB style encryption, although there are some fairly simple management
-schemes by which the two could be kept in sync.</P
+><EM
+>NOTE: </EM
+>
+<B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.</P
+></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="DOMAIN-SECURITY">security = domain in Samba 2.x</H1
+NAME="DOMAIN-SECURITY"
+>Chapter 8. security = domain in Samba 2.x</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1272">Joining an NT Domain with Samba 2.2</H2
+NAME="AEN1134"
+>8.1. Joining an NT Domain with Samba 2.2</A
+></H1
 ><P
 >Assume you have a Samba 2.x server with a NetBIOS name of 
 	<TT
@@ -7033,10 +6328,12 @@ CLASS="COMMAND"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1336">Samba and Windows 2000 Domains</H2
+NAME="AEN1198"
+>8.2. Samba and Windows 2000 Domains</A
+></H1
 ><P
 >Many people have asked regarding the state of Samba's ability to participate in
 a Windows 2000 Domain.  Samba 2.2 is able to act as a member server of a Windows
@@ -7056,10 +6353,12 @@ Computers" MMC (Microsoft Management Console) plugin.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1341">Why is this better than security = server?</H2
+NAME="AEN1203"
+>8.3. Why is this better than security = server?</A
+></H1
 ><P
 >Currently, domain security in Samba doesn't free you from 
 	having to create local Unix users to represent the users attaching 
@@ -7123,9 +6422,8 @@ CLASS="COMMAND"
 	user is authenticated, making a Samba server truly plug and play 
 	in an NT domain environment. Watch for this code soon.</P
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE:</I
+><EM
+>NOTE:</EM
 > Much of the text of this document 
 	was first published in the Web magazine <A
 HREF="http://www.linuxworld.com"
@@ -7144,1588 +6442,17 @@ TARGET="_top"
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="WINBIND">Unified Logons between Windows NT and UNIX using Winbind</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN1394">Abstract</H2
-><P
->Integration of UNIX and Microsoft Windows NT through 
-	a unified logon has been considered a "holy grail" in heterogeneous 
-	computing environments for a long time. We present 
-	<I
-CLASS="EMPHASIS"
->winbind</I
->, a component of the Samba suite 
-	of programs as a solution to the unified logon problem. Winbind 
-	uses a UNIX implementation 
-	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
-	Service Switch to allow Windows NT domain users to appear and operate 
-	as UNIX users on a UNIX machine. This paper describes the winbind 
-	system, explaining the functionality it provides, how it is configured, 
-	and how it works internally.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1398">Introduction</H2
-><P
->It is well known that UNIX and Microsoft Windows NT have 
-	different models for representing user and group information and 
-	use different technologies for implementing them. This fact has 
-	made it difficult to integrate the two systems in a satisfactory 
-	manner.</P
-><P
->One common solution in use today has been to create 
-	identically named user accounts on both the UNIX and Windows systems 
-	and use the Samba suite of programs to provide file and print services 
-	between the two. This solution is far from perfect however, as 
-	adding and deleting users on both sets of machines becomes a chore 
-	and two sets of passwords are required both of which
-	can lead to synchronization problems between the UNIX and Windows 
-	systems and confusion for users.</P
-><P
->We divide the unified logon problem for UNIX machines into 
-	three smaller problems:</P
-><P
-></P
-><UL
-><LI
-><P
->Obtaining Windows NT user and group information
-		</P
-></LI
-><LI
-><P
->Authenticating Windows NT users
-		</P
-></LI
-><LI
-><P
->Password changing for Windows NT users
-		</P
-></LI
-></UL
-><P
->Ideally, a prospective solution to the unified logon problem 
-	would satisfy all the above components without duplication of 
-	information on the UNIX machines and without creating additional 
-	tasks for the system administrator when maintaining users and 
-	groups on either system. The winbind system provides a simple 
-	and elegant solution to all three components of the unified logon 
-	problem.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1411">What Winbind Provides</H2
-><P
->Winbind unifies UNIX and Windows NT account management by 
-	allowing a UNIX box to become a full member of a NT domain. Once 
-	this is done the UNIX box will see NT users and groups as if 
-	they were native UNIX users and groups, allowing the NT domain 
-	to be used in much the same manner that NIS+ is used within 
-	UNIX-only environments.</P
-><P
->The end result is that whenever any 
-	program on the UNIX machine asks the operating system to lookup 
-	a user or group name, the query will be resolved by asking the 
-	NT domain controller for the specified domain to do the lookup.
-	Because Winbind hooks into the operating system at a low level 
-	(via the NSS name resolution modules in the C library) this 
-	redirection to the NT domain controller is completely 
-	transparent.</P
-><P
->Users on the UNIX machine can then use NT user and group 
-	names as they would use "native" UNIX names. They can chown files 
-	so that they are owned by NT domain users or even login to the 
-	UNIX machine and run a UNIX X-Window session as a domain user.</P
-><P
->The only obvious indication that Winbind is being used is 
-	that user and group names take the form DOMAIN\user and 
-	DOMAIN\group. This is necessary as it allows Winbind to determine 
-	that redirection to a domain controller is wanted for a particular 
-	lookup and which trusted domain is being referenced.</P
-><P
->Additionally, Winbind provides an authentication service 
-	that hooks into the Pluggable Authentication Modules (PAM) system 
-	to provide authentication via a NT domain to any PAM enabled 
-	applications. This capability solves the problem of synchronizing 
-	passwords between systems since all passwords are stored in a single 
-	location (on the domain controller).</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1418">Target Uses</H3
-><P
->Winbind is targeted at organizations that have an 
-		existing NT based domain infrastructure into which they wish 
-		to put UNIX workstations or servers. Winbind will allow these 
-		organizations to deploy UNIX workstations without having to 
-		maintain a separate account infrastructure. This greatly 
-		simplifies the administrative overhead of deploying UNIX 
-		workstations into a NT based organization.</P
-><P
->Another interesting way in which we expect Winbind to 
-		be used is as a central part of UNIX based appliances. Appliances 
-		that provide file and print services to Microsoft based networks 
-		will be able to use Winbind to provide seamless integration of 
-		the appliance into the domain.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1422">How Winbind Works</H2
-><P
->The winbind system is designed around a client/server 
-	architecture. A long running <B
-CLASS="COMMAND"
->winbindd</B
-> daemon 
-	listens on a UNIX domain socket waiting for requests
-	to arrive. These requests are generated by the NSS and PAM 
-	clients and processed sequentially.</P
-><P
->The technologies used to implement winbind are described 
-	in detail below.</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1427">Microsoft Remote Procedure Calls</H3
-><P
->Over the last two years, efforts have been underway 
-		by various Samba Team members to decode various aspects of 
-		the Microsoft Remote Procedure Call (MSRPC) system. This 
-		system is used for most network related operations between 
-		Windows NT machines including remote management, user authentication
-		and print spooling. Although initially this work was done 
-		to aid the implementation of Primary Domain Controller (PDC) 
-		functionality in Samba, it has also yielded a body of code which 
-		can be used for other purposes.</P
-><P
->Winbind uses various MSRPC calls to enumerate domain users 
-		and groups and to obtain detailed information about individual 
-		users or groups. Other MSRPC calls can be used to authenticate 
-		NT domain users and to change user passwords. By directly querying 
-		a Windows PDC for user and group information, winbind maps the 
-		NT account information onto UNIX user and group names.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1431">Name Service Switch</H3
-><P
->The Name Service Switch, or NSS, is a feature that is 
-		present in many UNIX operating systems. It allows system 
-		information such as hostnames, mail aliases and user information 
-		to be resolved from different sources. For example, a standalone 
-		UNIX workstation may resolve system information from a series of 
-		flat files stored on the local filesystem. A networked workstation 
-		may first attempt to resolve system information from local files, 
-		and then consult a NIS database for user information or a DNS server 
-		for hostname information.</P
-><P
->The NSS application programming interface allows winbind 
-		to present itself as a source of system information when 
-		resolving UNIX usernames and groups.  Winbind uses this interface, 
-		and information obtained from a Windows NT server using MSRPC 
-		calls to provide a new source of account enumeration.  Using standard 
-		UNIX library calls, one can enumerate the users and groups on
-		a UNIX machine running winbind and see all users and groups in 
-		a NT domain plus any trusted domain as though they were local 
-		users and groups.</P
-><P
->The primary control file for NSS is 
-		<TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
->. 
-		When a UNIX application makes a request to do a lookup 
-		the C library looks in <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> 
-		for a line which matches the service type being requested, for 
-		example the "passwd" service type is used when user or group names 
-		are looked up. This	config line species which implementations 
-		of that service should be tried and in what order. If the passwd 
-		config line is:</P
-><P
-><B
-CLASS="COMMAND"
->passwd: files example</B
-></P
-><P
->then the C library will first load a module called 
-		<TT
-CLASS="FILENAME"
->/lib/libnss_files.so</TT
-> followed by
-		the module <TT
-CLASS="FILENAME"
->/lib/libnss_example.so</TT
->. The 
-		C library will dynamically load each of these modules in turn 
-		and call resolver functions within the modules to try to resolve 
-		the request. Once the request is resolved the C library returns the
-		result to the application.</P
-><P
->This NSS interface provides a very easy way for Winbind 
-		to hook into the operating system. All that needs to be done 
-		is to put <TT
-CLASS="FILENAME"
->libnss_winbind.so</TT
-> in <TT
-CLASS="FILENAME"
->/lib/</TT
-> 
-		then add "winbind" into <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> at 
-		the appropriate place. The C library will then call Winbind to 
-		resolve user and group names.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1447">Pluggable Authentication Modules</H3
-><P
->Pluggable Authentication Modules, also known as PAM, 
-		is a system for abstracting authentication and authorization 
-		technologies. With a PAM module it is possible to specify different 
-		authentication methods for different system applications without 
-		having to recompile these applications. PAM is also useful
-		for implementing a particular policy for authorization. For example, 
-		a system administrator may only allow console logins from users 
-		stored in the local password file but only allow users resolved from 
-		a NIS database to log in over the network.</P
-><P
->Winbind uses the authentication management and password 
-		management PAM interface to integrate Windows NT users into a 
-		UNIX system. This allows Windows NT users to log in to a UNIX 
-		machine and be authenticated against a suitable Primary Domain 
-		Controller. These users can also change their passwords and have 
-		this change take effect directly on the Primary Domain Controller.
-		</P
-><P
->PAM is configured by providing control files in the directory 
-		<TT
-CLASS="FILENAME"
->/etc/pam.d/</TT
-> for each of the services that 
-		require authentication. When an authentication request is made 
-		by an application the PAM code in the C library looks up this
-		control file to determine what modules to load to do the 
-		authentication check and in what order. This interface makes adding 
-		a new authentication service for Winbind very easy, all that needs 
-		to be done is that the <TT
-CLASS="FILENAME"
->pam_winbind.so</TT
-> module 
-		is copied to <TT
-CLASS="FILENAME"
->/lib/security/</TT
-> and the PAM 
-		control files for relevant services are updated to allow 
-		authentication via winbind. See the PAM documentation
-		for more details.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1455">User and Group ID Allocation</H3
-><P
->When a user or group is created under Windows NT 
-		is it allocated a numerical relative identifier (RID). This is 
-		slightly different to UNIX which has a range of numbers that are 
-		used to identify users, and the same range in which to identify 
-		groups. It is winbind's job to convert RIDs to UNIX id numbers and
-		vice versa.  When winbind is configured it is given part of the UNIX 
-		user id space and a part of the UNIX group id space in which to 
-		store Windows NT users and groups. If a Windows NT user is 
-		resolved for the first time, it is allocated the next UNIX id from 
-		the range. The same process applies for Windows NT groups. Over 
-		time, winbind will have mapped all Windows NT users and groups
-		to UNIX user ids and group ids.</P
-><P
->The results of this mapping are stored persistently in 
-		an ID mapping database held in a tdb database). This ensures that 
-		RIDs are mapped to UNIX IDs in a consistent way.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1459">Result Caching</H3
-><P
->An active system can generate a lot of user and group 
-		name lookups. To reduce the network cost of these lookups winbind 
-		uses a caching scheme based on the SAM sequence number supplied 
-		by NT domain controllers.  User or group information returned 
-		by a PDC is cached by winbind along with a sequence number also 
-		returned by the PDC. This sequence number is incremented by 
-		Windows NT whenever any user or group information is modified. If 
-		a cached entry has expired, the sequence number is requested from 
-		the PDC and compared against the sequence number of the cached entry. 
-		If the sequence numbers do not match, then the cached information 
-		is discarded and up to date information is requested directly 
-		from the PDC.</P
-></DIV
-></DIV
+NAME="SAMBA-PDC"
+>Chapter 9. How to Configure Samba 2.2 as a Primary Domain Controller</A
+></H1
 ><DIV
 CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1462">Installation and Configuration</H2
-><P
->Many thanks to John Trostel <A
-HREF="mailto:jtrostel@snapserver.com"
-TARGET="_top"
->jtrostel@snapserver.com</A
->
-for providing the HOWTO for this section.</P
-><P
->This HOWTO describes how to get winbind services up and running 
-to control access and authenticate users on your Linux box using 
-the winbind services which come with SAMBA 2.2.2.</P
-><P
->There is also some Solaris specific information in 
-<TT
-CLASS="FILENAME"
->docs/textdocs/Solaris-Winbind-HOWTO.txt</TT
->.
-Future revisions of this document will incorporate that
-information.</P
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1469">Introduction</H3
-><P
->This HOWTO describes the procedures used to get winbind up and 
-running on my RedHat 7.1 system.  Winbind is capable of providing access 
-and authentication control for Windows Domain users through an NT 
-or Win2K PDC for 'regular' services, such as telnet a nd ftp, as
-well for SAMBA services.</P
-><P
->This HOWTO has been written from a 'RedHat-centric' perspective, so if 
-you are using another distribution, you may have to modify the instructions 
-somewhat to fit the way your distribution works.</P
-><P
-></P
-><UL
-><LI
-><P
->	<I
-CLASS="EMPHASIS"
->Why should I to this?</I
->
-	</P
-><P
->This allows the SAMBA administrator to rely on the 
-	authentication mechanisms on the NT/Win2K PDC for the authentication 
-	of domain members.  NT/Win2K users no longer need to have separate 
-	accounts on the SAMBA server.
-	</P
-></LI
-><LI
-><P
->	<I
-CLASS="EMPHASIS"
->Who should be reading this document?</I
->
-	</P
-><P
->	This HOWTO is designed for system administrators.  If you are 
-	implementing SAMBA on a file server and wish to (fairly easily) 
-	integrate existing NT/Win2K users from your PDC onto the
-	SAMBA server, this HOWTO is for you.  That said, I am no NT or PAM 
-	expert, so you may find a better or easier way to accomplish 
-	these tasks.
-	</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1482">Requirements</H3
-><P
->If you have a samba configuration file that you are currently 
-using... <I
-CLASS="EMPHASIS"
->BACK IT UP!</I
->  If your system already uses PAM, 
-<I
-CLASS="EMPHASIS"
->back up the <TT
-CLASS="FILENAME"
->/etc/pam.d</TT
-> directory 
-contents!</I
-> If you haven't already made a boot disk, 
-<I
-CLASS="EMPHASIS"
->MAKE ONE NOW!</I
-></P
-><P
->Messing with the pam configuration files can make it nearly impossible 
-to log in to yourmachine. That's why you want to be able to boot back 
-into your machine in single user mode and restore your 
-<TT
-CLASS="FILENAME"
->/etc/pam.d</TT
-> back to the original state they were in if 
-you get frustrated with the way things are going.  ;-)</P
-><P
->The latest version of SAMBA (version 2.2.2 as of this writing), now 
-includes a functioning winbindd daemon.  Please refer to the 
-<A
-HREF="http://samba.org/"
-TARGET="_top"
->main SAMBA web page</A
-> or, 
-better yet, your closest SAMBA mirror site for instructions on 
-downloading the source code.</P
-><P
->To allow Domain users the ability to access SAMBA shares and 
-files, as well as potentially other services provided by your 
-SAMBA machine, PAM (pluggable authentication modules) must
-be setup properly on your machine.  In order to compile the 
-winbind modules, you should have at least the pam libraries resident 
-on your system.  For recent RedHat systems (7.1, for instance), that 
-means <TT
-CLASS="FILENAME"
->pam-0.74-22</TT
->.  For best results, it is helpful to also
-install the development packages in <TT
-CLASS="FILENAME"
->pam-devel-0.74-22</TT
->.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN1496">Testing Things Out</H3
-><P
->Before starting, it is probably best to kill off all the SAMBA 
-related daemons running on your server.  Kill off all <B
-CLASS="COMMAND"
->smbd</B
->, 
-<B
-CLASS="COMMAND"
->nmbd</B
->, and <B
-CLASS="COMMAND"
->winbindd</B
-> processes that may 
-be running.  To use PAM, you will want to make sure that you have the 
-standard PAM package (for RedHat) which supplies the <TT
-CLASS="FILENAME"
->/etc/pam.d</TT
-> 
-directory structure, including the pam modules are used by pam-aware 
-services, several pam libraries, and the <TT
-CLASS="FILENAME"
->/usr/doc</TT
-> 
-and <TT
-CLASS="FILENAME"
->/usr/man</TT
-> entries for pam.  Winbind built better 
-in SAMBA if the pam-devel package was also installed.  This package includes 
-the header files needed to compile pam-aware applications. For instance, 
-my RedHat system has both <TT
-CLASS="FILENAME"
->pam-0.74-22</TT
-> and
-<TT
-CLASS="FILENAME"
->pam-devel-0.74-22</TT
-> RPMs installed.</P
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1507">Configure and compile SAMBA</H4
-><P
->The configuration and compilation of SAMBA is pretty straightforward.
-The first three steps may not be necessary depending upon
-whether or not you have previously built the Samba binaries.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->autoconf</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->make clean</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->rm config.cache</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->./configure --with-winbind</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->make</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->make install</B
-></PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->This will, by default, install SAMBA in <TT
-CLASS="FILENAME"
->/usr/local/samba</TT
->.
-See the main SAMBA documentation if you want to install SAMBA somewhere else.
-It will also build the winbindd executable and libraries. </P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1526">Configure <TT
-CLASS="FILENAME"
->nsswitch.conf</TT
-> and the 
-winbind libraries</H4
-><P
->The libraries needed to run the <B
-CLASS="COMMAND"
->winbindd</B
-> daemon 
-through nsswitch need to be copied to their proper locations, so</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->cp ../samba/source/nsswitch/libnss_winbind.so /lib</B
-></P
-><P
->I also found it necessary to make the following symbolic link:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
-></P
-><P
->And, in the case of Sun solaris:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</B
-></P
-><P
->Now, as root you need to edit <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> to 
-allow user and group entries to be visible from the <B
-CLASS="COMMAND"
->winbindd</B
-> 
-daemon.  My <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> file look like 
-this after editing:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	passwd:     files winbind
-	shadow:     files 
-	group:      files winbind</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->	
-The libraries needed by the winbind daemon will be automatically 
-entered into the <B
-CLASS="COMMAND"
->ldconfig</B
-> cache the next time 
-your system reboots, but it 
-is faster (and you don't need to reboot) if you do it manually:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/sbin/ldconfig -v | grep winbind</B
-></P
-><P
->This makes <TT
-CLASS="FILENAME"
->libnss_winbind</TT
-> available to winbindd 
-and echos back a check to you.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1559">Configure smb.conf</H4
-><P
->Several parameters are needed in the smb.conf file to control 
-the behavior of <B
-CLASS="COMMAND"
->winbindd</B
->. Configure 
-<TT
-CLASS="FILENAME"
->smb.conf</TT
-> These are described in more detail in 
-the <A
-HREF="winbindd.8.html"
-TARGET="_top"
->winbindd(8)</A
-> man page.  My 
-<TT
-CLASS="FILENAME"
->smb.conf</TT
-> file was modified to
-include the following entries in the [global] section:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->[global]
-     &#60;...&#62;
-     # separate domain and username with '+', like DOMAIN+username
-     <A
-HREF="winbindd.8.html#WINBINDSEPARATOR"
-TARGET="_top"
->winbind separator</A
-> = +
-     # use uids from 10000 to 20000 for domain users
-     <A
-HREF="winbindd.8.html#WINBINDUID"
-TARGET="_top"
->winbind uid</A
-> = 10000-20000
-     # use gids from 10000 to 20000 for domain groups
-     <A
-HREF="winbindd.8.html#WINBINDGID"
-TARGET="_top"
->winbind gid</A
-> = 10000-20000
-     # allow enumeration of winbind users and groups
-     <A
-HREF="winbindd.8.html#WINBINDENUMUSERS"
-TARGET="_top"
->winbind enum users</A
-> = yes
-     <A
-HREF="winbindd.8.html#WINBINDENUMGROUP"
-TARGET="_top"
->winbind enum groups</A
-> = yes
-     # give winbind users a real shell (only needed if they have telnet access)
-     <A
-HREF="winbindd.8.html#TEMPLATEHOMEDIR"
-TARGET="_top"
->template homedir</A
-> = /home/winnt/%D/%U
-     <A
-HREF="winbindd.8.html#TEMPLATESHELL"
-TARGET="_top"
->template shell</A
-> = /bin/bash</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1575">Join the SAMBA server to the PDC domain</H4
-><P
->Enter the following command to make the SAMBA server join the 
-PDC domain, where <TT
-CLASS="REPLACEABLE"
-><I
->DOMAIN</I
-></TT
-> is the name of 
-your Windows domain and <TT
-CLASS="REPLACEABLE"
-><I
->Administrator</I
-></TT
-> is 
-a domain user who has administrative privileges in the domain.</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/usr/local/samba/bin/net rpc join -s PDC -U Administrator</B
-></P
-><P
->The proper response to the command should be: "Joined the domain 
-<TT
-CLASS="REPLACEABLE"
-><I
->DOMAIN</I
-></TT
->" where <TT
-CLASS="REPLACEABLE"
-><I
->DOMAIN</I
-></TT
-> 
-is your DOMAIN name.</P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1586">Start up the winbindd daemon and test it!</H4
-><P
->Eventually, you will want to modify your smb startup script to 
-automatically invoke the winbindd daemon when the other parts of 
-SAMBA start, but it is possible to test out just the winbind
-portion first.  To start up winbind services, enter the following 
-command as root:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/usr/local/samba/bin/winbindd</B
-></P
-><P
->I'm always paranoid and like to make sure the daemon 
-is really running...</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ps -ae | grep winbindd</B
-></P
-><P
->This command should produce output like this, if the daemon is running</P
-><P
->3025 ?        00:00:00 winbindd</P
-><P
->Now... for the real test, try to get some information about the 
-users on your PDC</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/usr/local/samba/bin/wbinfo -u</B
-></P
-><P
->	
-This should echo back a list of users on your Windows users on 
-your PDC.  For example, I get the following response:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->CEO+Administrator
-CEO+burdell
-CEO+Guest
-CEO+jt-ad
-CEO+krbtgt
-CEO+TsInternetUser</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->Obviously, I have named my domain 'CEO' and my <TT
-CLASS="PARAMETER"
-><I
->winbind
-separator</I
-></TT
-> is '+'.</P
-><P
->You can do the same sort of thing to get group information from 
-the PDC:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/usr/local/samba/bin/wbinfo -g</B
->
-CEO+Domain Admins
-CEO+Domain Users
-CEO+Domain Guests
-CEO+Domain Computers
-CEO+Domain Controllers
-CEO+Cert Publishers
-CEO+Schema Admins
-CEO+Enterprise Admins
-CEO+Group Policy Creator Owners</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The function 'getent' can now be used to get unified 
-lists of both local and PDC users and groups.
-Try the following command:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->getent passwd</B
-></P
-><P
->You should get a list that looks like your <TT
-CLASS="FILENAME"
->/etc/passwd</TT
-> 
-list followed by the domain users with their new uids, gids, home 
-directories and default shells.</P
-><P
->The same thing can be done for groups with the command</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->getent group</B
-></P
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1622">Fix the init.d startup scripts</H4
-><DIV
-CLASS="SECT4"
-><H5
-CLASS="SECT4"
-><A
-NAME="AEN1624">Linux</H5
-><P
->The <B
-CLASS="COMMAND"
->winbindd</B
-> daemon needs to start up after the 
-<B
-CLASS="COMMAND"
->smbd</B
-> and <B
-CLASS="COMMAND"
->nmbd</B
-> daemons are running.  
-To accomplish this task, you need to modify the startup scripts of your system. They are located at <TT
-CLASS="FILENAME"
->/etc/init.d/smb</TT
-> in RedHat and 
-<TT
-CLASS="FILENAME"
->/etc/init.d/samba</TT
-> in Debian.
-script to add commands to invoke this daemon in the proper sequence.  My 
-startup script starts up <B
-CLASS="COMMAND"
->smbd</B
->, 
-<B
-CLASS="COMMAND"
->nmbd</B
->, and <B
-CLASS="COMMAND"
->winbindd</B
-> from the 
-<TT
-CLASS="FILENAME"
->/usr/local/samba/bin</TT
-> directory directly.  The 'start' 
-function in the script looks like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->start() {
-        KIND="SMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/winbindd
-        RETVAL3=$?
-        echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; touch /var/lock/subsys/smb || \
-           RETVAL=1
-        return $RETVAL
-}</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The 'stop' function has a corresponding entry to shut down the 
-services and look s like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->stop() {
-        KIND="SMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc smbd
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc nmbd
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Shutting down $KIND services: "
-        killproc winbindd
-        RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; rm -f /var/lock/subsys/smb
-        echo ""
-        return $RETVAL
-}</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT4"
-><HR><H5
-CLASS="SECT4"
-><A
-NAME="AEN1641">Solaris</H5
-><P
->On solaris, you need to modify the 
-<TT
-CLASS="FILENAME"
->/etc/init.d/samba.server</TT
-> startup script. It usually 
-only starts smbd and nmbd but should now start winbindd too. If you 
-have samba installed in <TT
-CLASS="FILENAME"
->/usr/local/samba/bin</TT
->, 
-the file could contains something like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->##
-## samba.server
-##
-
-if [ ! -d /usr/bin ]
-then                    # /usr not mounted
-        exit
-fi
-
-killproc() {            # kill the named process(es)
-        pid=`/usr/bin/ps -e |
-             /usr/bin/grep -w $1 |
-             /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
-        [ "$pid" != "" ] &#38;&#38; kill $pid
-}
- 
-# Start/stop processes required for samba server
-
-case "$1" in
-
-'start')
-#
-# Edit these lines to suit your installation (paths, workgroup, host)
-#
-echo Starting SMBD
-   /usr/local/samba/bin/smbd -D -s \
-	/usr/local/samba/smb.conf
-
-echo Starting NMBD
-   /usr/local/samba/bin/nmbd -D -l \
-	/usr/local/samba/var/log -s /usr/local/samba/smb.conf
-
-echo Starting Winbind Daemon
-   /usr/local/samba/bin/winbindd
-   ;;
-
-'stop')
-   killproc nmbd
-   killproc smbd
-   killproc winbindd
-   ;;
-
-*)
-   echo "Usage: /etc/init.d/samba.server { start | stop }"
-   ;;
-esac</PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="SECT4"
-><HR><H5
-CLASS="SECT4"
-><A
-NAME="AEN1648">Restarting</H5
-><P
->If you restart the <B
-CLASS="COMMAND"
->smbd</B
->, <B
-CLASS="COMMAND"
->nmbd</B
->, 
-and <B
-CLASS="COMMAND"
->winbindd</B
-> daemons at this point, you
-should be able to connect to the samba server as a domain member just as
-if you were a local user.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H4
-CLASS="SECT3"
-><A
-NAME="AEN1654">Configure Winbind and PAM</H4
-><P
->If you have made it this far, you know that winbindd and samba are working
-together.  If you want to use winbind to provide authentication for other 
-services, keep reading.  The pam configuration files need to be altered in
-this step.  (Did you remember to make backups of your original 
-<TT
-CLASS="FILENAME"
->/etc/pam.d</TT
-> files? If not, do it now.)</P
-><P
->You will need a pam module to use winbindd with these other services.  This 
-module will be compiled in the <TT
-CLASS="FILENAME"
->../source/nsswitch</TT
-> directory
-by invoking the command</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->make nsswitch/pam_winbind.so</B
-></P
-><P
->from the <TT
-CLASS="FILENAME"
->../source</TT
-> directory.  The
-<TT
-CLASS="FILENAME"
->pam_winbind.so</TT
-> file should be copied to the location of
-your other pam security modules.  On my RedHat system, this was the
-<TT
-CLASS="FILENAME"
->/lib/security</TT
-> directory. On Solaris, the pam security 
-modules reside in <TT
-CLASS="FILENAME"
->/usr/lib/security</TT
->.</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B
-></P
-><DIV
-CLASS="SECT4"
-><HR><H5
-CLASS="SECT4"
-><A
-NAME="AEN1671">Linux/FreeBSD-specific PAM configuration</H5
-><P
->The <TT
-CLASS="FILENAME"
->/etc/pam.d/samba</TT
-> file does not need to be changed. I 
-just left this fileas it was:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->auth    required        /lib/security/pam_stack.so service=system-auth
-account required        /lib/security/pam_stack.so service=system-auth</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The other services that I modified to allow the use of winbind 
-as an authentication service were the normal login on the console (or a terminal 
-session), telnet logins, and ftp service.  In order to enable these 
-services, you may first need to change the entries in 
-<TT
-CLASS="FILENAME"
->/etc/xinetd.d</TT
-> (or <TT
-CLASS="FILENAME"
->/etc/inetd.conf</TT
->).  
-RedHat 7.1 uses the new xinetd.d structure, in this case you need 
-to change the lines in <TT
-CLASS="FILENAME"
->/etc/xinetd.d/telnet</TT
-> 
-and <TT
-CLASS="FILENAME"
->/etc/xinetd.d/wu-ftp</TT
-> from </P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->enable = no</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->to</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->enable = yes</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->	
-For ftp services to work properly, you will also need to either 
-have individual directories for the domain users already present on 
-the server, or change the home directory template to a general
-directory for all domain users.  These can be easily set using 
-the <TT
-CLASS="FILENAME"
->smb.conf</TT
-> global entry 
-<B
-CLASS="COMMAND"
->template homedir</B
->.</P
-><P
->The <TT
-CLASS="FILENAME"
->/etc/pam.d/ftp</TT
-> file can be changed 
-to allow winbind ftp access in a manner similar to the
-samba file.  My <TT
-CLASS="FILENAME"
->/etc/pam.d/ftp</TT
-> file was 
-changed to look like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth       sufficient   /lib/security/pam_winbind.so
-auth       required     /lib/security/pam_stack.so service=system-auth
-auth       required     /lib/security/pam_shells.so
-account    sufficient   /lib/security/pam_winbind.so
-account    required     /lib/security/pam_stack.so service=system-auth
-session    required     /lib/security/pam_stack.so service=system-auth</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The <TT
-CLASS="FILENAME"
->/etc/pam.d/login</TT
-> file can be changed nearly the 
-same way.  It now looks like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->auth       required     /lib/security/pam_securetty.so
-auth       sufficient   /lib/security/pam_winbind.so
-auth       sufficient   /lib/security/pam_unix.so use_first_pass
-auth       required     /lib/security/pam_stack.so service=system-auth
-auth       required     /lib/security/pam_nologin.so
-account    sufficient   /lib/security/pam_winbind.so
-account    required     /lib/security/pam_stack.so service=system-auth
-password   required     /lib/security/pam_stack.so service=system-auth
-session    required     /lib/security/pam_stack.so service=system-auth
-session    optional     /lib/security/pam_console.so</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->In this case, I added the <B
-CLASS="COMMAND"
->auth sufficient /lib/security/pam_winbind.so</B
-> 
-lines as before, but also added the <B
-CLASS="COMMAND"
->required pam_securetty.so</B
-> 
-above it, to disallow root logins over the network.  I also added a 
-<B
-CLASS="COMMAND"
->sufficient /lib/security/pam_unix.so use_first_pass</B
->
-line after the <B
-CLASS="COMMAND"
->winbind.so</B
-> line to get rid of annoying 
-double prompts for passwords.</P
-></DIV
-><DIV
-CLASS="SECT4"
-><HR><H5
-CLASS="SECT4"
-><A
-NAME="AEN1704">Solaris-specific configuration</H5
-><P
->The /etc/pam.conf needs to be changed. I changed this file so that my Domain
-users can logon both locally as well as telnet.The following are the changes
-that I made.You can customize the pam.conf file as per your requirements,but
-be sure of those changes because in the worst case it will leave your system
-nearly impossible to boot.</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->#
-#ident	"@(#)pam.conf	1.14	99/09/16 SMI"
-#
-# Copyright (c) 1996-1999, Sun Microsystems, Inc.
-# All Rights Reserved.
-#
-# PAM configuration
-#
-# Authentication management
-#
-login   auth required   /usr/lib/security/pam_winbind.so
-login	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass 
-login	auth required 	/usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass 
-#
-rlogin  auth sufficient /usr/lib/security/pam_winbind.so
-rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
-rlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-dtlogin auth sufficient /usr/lib/security/pam_winbind.so
-dtlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-rsh	auth required	/usr/lib/security/$ISA/pam_rhosts_auth.so.1
-other   auth sufficient /usr/lib/security/pam_winbind.so
-other	auth required	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-# Account management
-#
-login   account sufficient      /usr/lib/security/pam_winbind.so
-login	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-login	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-dtlogin account sufficient      /usr/lib/security/pam_winbind.so
-dtlogin	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-dtlogin	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-other   account sufficient      /usr/lib/security/pam_winbind.so
-other	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-other	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-# Session management
-#
-other	session required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-# Password management
-#
-#other   password sufficient     /usr/lib/security/pam_winbind.so
-other	password required	/usr/lib/security/$ISA/pam_unix.so.1 
-dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
-#
-# Support for Kerberos V5 authentication (uncomment to use Kerberos)
-#
-#rlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#login	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#other	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin	account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	session optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->I also added a try_first_pass line after the winbind.so line to get rid of
-annoying double prompts for passwords.</P
-><P
->Now restart your Samba &#38; try connecting through your application that you
-configured in the pam.conf.</P
-></DIV
-></DIV
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1711">Limitations</H2
-><P
->Winbind has a number of limitations in its current 
-	released version that we hope to overcome in future 
-	releases:</P
-><P
-></P
-><UL
-><LI
-><P
->Winbind is currently only available for 
-		the Linux operating system, although ports to other operating 
-		systems are certainly possible. For such ports to be feasible, 
-		we require the C library of the target operating system to 
-		support the Name Service Switch and Pluggable Authentication
-		Modules systems. This is becoming more common as NSS and 
-		PAM gain	support among UNIX vendors.</P
-></LI
-><LI
-><P
->The mappings of Windows NT RIDs to UNIX ids 
-		is not made algorithmically and depends on the order in which 
-		unmapped users or groups are seen by winbind. It may be difficult 
-		to recover the mappings of rid to UNIX id mapping if the file 
-		containing this information is corrupted or destroyed.</P
-></LI
-><LI
-><P
->Currently the winbind PAM module does not take 
-		into account possible workstation and logon time restrictions 
-		that may be been set for Windows NT users.</P
-></LI
-></UL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN1721">Conclusion</H2
-><P
->The winbind system, through the use of the Name Service 
-	Switch, Pluggable Authentication Modules, and appropriate 
-	Microsoft RPC calls have allowed us to provide seamless 
-	integration of Microsoft Windows NT domain users on a
-	UNIX system. The result is a great reduction in the administrative 
-	cost of running a mixed UNIX and NT network.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="SAMBA-PDC">How to Configure Samba 2.2 as a Primary Domain Controller</H1
-><DIV
-CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1741">Prerequisite Reading</H2
+NAME="AEN1236"
+>9.1. Prerequisite Reading</A
+></H1
 ><P
 >Before you continue reading in this chapter, please make sure 
 that you are comfortable with configuring basic files services
@@ -8748,40 +6475,25 @@ of this HOWTO Collection.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1747">Background</H2
+NAME="AEN1242"
+>9.2. Background</A
+></H1
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
-><I
-CLASS="EMPHASIS"
->Author's Note:</I
+><B
+>Note: </B
+><EM
+>Author's Note:</EM
 > This document is a combination 
 of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". 
 Both documents are superseded by this one.</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ><P
 >Versions of Samba prior to release 2.2 had marginal capabilities to act
@@ -8895,10 +6607,12 @@ concepts.  They will be mentioned only briefly here.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1786">Configuring the Samba Domain Controller</H2
+NAME="AEN1281"
+>9.3. Configuring the Samba Domain Controller</A
+></H1
 ><P
 >The first step in creating a working Samba PDC is to 
 understand the parameters necessary in smb.conf.  I will not
@@ -9114,11 +6828,13 @@ Admins" style accounts.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1829">Creating Machine Trust Accounts and Joining Clients to the
-Domain</H2
+NAME="AEN1324"
+>9.4. Creating Machine Trust Accounts and Joining Clients to the
+Domain</A
+></H1
 ><P
 >A machine trust account is a Samba account that is used to
 authenticate a client machine (rather than a user) to the Samba
@@ -9186,10 +6902,12 @@ CLASS="FILENAME"
 ></UL
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1848">Manual Creation of Machine Trust Accounts</H3
+NAME="AEN1343"
+>9.4.1. Manual Creation of Machine Trust Accounts</A
+></H2
 ><P
 >The first step in manually creating a machine trust account is to
 manually create the corresponding Unix account in
@@ -9322,30 +7040,18 @@ CLASS="WARNING"
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >Join the client to the domain immediately</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >	Manually creating a machine trust account using this method is the 
 	equivalent of creating a machine trust account on a Windows NT PDC using 
@@ -9363,10 +7069,12 @@ VALIGN="TOP"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1883">"On-the-Fly" Creation of Machine Trust Accounts</H3
+NAME="AEN1378"
+>9.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A
+></H2
 ><P
 >The second (and recommended) way of creating machine trust accounts is
 simply to allow the Samba server to create them as needed when the client
@@ -9407,10 +7115,12 @@ CLASS="PROGRAMLISTING"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1892">Joining the Client to the Domain</H3
+NAME="AEN1387"
+>9.4.3. Joining the Client to the Domain</A
+></H2
 ><P
 >The procedure for joining a client to the domain varies with the
 version of Windows.</P
@@ -9419,9 +7129,8 @@ version of Windows.</P
 ><UL
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->Windows 2000</I
+><EM
+>Windows 2000</EM
 ></P
 ><P
 > When the user elects to join the client to a domain, Windows prompts for
@@ -9444,9 +7153,8 @@ CLASS="FILENAME"
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->Windows NT</I
+><EM
+>Windows NT</EM
 ></P
 ><P
 > If the machine trust account was created manually, on the
@@ -9467,10 +7175,12 @@ CLASS="EMPHASIS"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1907">Common Problems and Errors</H2
+NAME="AEN1402"
+>9.5. Common Problems and Errors</A
+></H1
 ><P
 ></P
 ><P
@@ -9478,9 +7188,8 @@ NAME="AEN1907">Common Problems and Errors</H2
 ><UL
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->I cannot include a '$' in a machine name.</I
+>	<EM
+>I cannot include a '$' in a machine name.</EM
 >
 	</P
 ><P
@@ -9504,11 +7213,10 @@ CLASS="COMMAND"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
+>	<EM
 >I get told "You already have a connection to the Domain...." 
 	or "Cannot join domain, the credentials supplied conflict with an 
-	existing set.." when creating a machine trust account.</I
+	existing set.." when creating a machine trust account.</EM
 >
 	</P
 ><P
@@ -9535,9 +7243,8 @@ CLASS="COMMAND"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->The system can not log you on (C000019B)....</I
+>	<EM
+>The system can not log you on (C000019B)....</EM
 >
 	</P
 ><P
@@ -9564,10 +7271,9 @@ CLASS="COMMAND"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
+>	<EM
 >The machine trust account for this computer either does not 
-	exist or is not accessible.</I
+	exist or is not accessible.</EM
 >
 	</P
 ><P
@@ -9601,10 +7307,9 @@ CLASS="PARAMETER"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
+>	<EM
 >When I attempt to login to a Samba Domain from a NT4/W2K workstation,
-	I get a message about my account being disabled.</I
+	I get a message about my account being disabled.</EM
 >
 	</P
 ><P
@@ -9669,10 +7374,12 @@ CLASS="FILENAME"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1955">System Policies and Profiles</H2
+NAME="AEN1450"
+>9.6. System Policies and Profiles</A
+></H1
 ><P
 >Much of the information necessary to implement System Policies and
 Roving User Profiles in a Samba domain is the same as that for 
@@ -9690,9 +7397,8 @@ Profiles and Policies in Windows NT 4.0</A
 ><UL
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->What about Windows NT Policy Editor?</I
+>	<EM
+>What about Windows NT Policy Editor?</EM
 >
 	</P
 ><P
@@ -9704,14 +7410,12 @@ CLASS="FILENAME"
 CLASS="COMMAND"
 >poledit.exe</B
 >	which 
-	is included with NT Server but <I
-CLASS="EMPHASIS"
->not NT Workstation</I
+	is included with NT Server but <EM
+>not NT Workstation</EM
 >. 
 	There is a Policy Editor on a NTws 
-	but it is not suitable for creating <I
-CLASS="EMPHASIS"
->Domain Policies</I
+	but it is not suitable for creating <EM
+>Domain Policies</EM
 >. 
 	Further, although the Windows 95 
 	Policy Editor can be installed on an NT Workstation/Server, it will not
@@ -9752,9 +7456,8 @@ CLASS="COMMAND"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->Can Win95 do Policies?</I
+>	<EM
+>Can Win95 do Policies?</EM
 >
 	</P
 ><P
@@ -9779,9 +7482,8 @@ CLASS="FILENAME"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->How do I get 'User Manager' and 'Server Manager'</I
+>	<EM
+>How do I get 'User Manager' and 'Server Manager'</EM
 >
 	</P
 ><P
@@ -9829,10 +7531,12 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1999">What other help can I get?</H2
+NAME="AEN1494"
+>9.7. What other help can I get?</A
+></H1
 ><P
 >There are many sources of information available in the form 
 of mailing lists, RFC's and documentation.  The docs that come 
@@ -9843,10 +7547,9 @@ general SMB topics such as browsing.</P
 ><UL
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
+>	<EM
 >What are some diagnostics tools I can use to debug the domain logon 
-	process and where can I	find them?</I
+	process and where can I	find them?</EM
 >
 	</P
 ><P
@@ -9916,10 +7619,9 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
+>	<EM
 >How do I install 'Network Monitor' on an NT Workstation 
-	or a Windows 9x box?</I
+	or a Windows 9x box?</EM
 >
 	</P
 ><P
@@ -10034,9 +7736,8 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
-> The <I
-CLASS="EMPHASIS"
->Development</I
+> The <EM
+>Development</EM
 > document 
 	on the Samba mirrors might mention your problem. If so,
 	it might mean that the developers are working on it.</P
@@ -10093,9 +7794,8 @@ TARGET="_top"
 ><UL
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->How do I get help from the mailing lists?</I
+>	<EM
+>How do I get help from the mailing lists?</EM
 >
 	</P
 ><P
@@ -10170,9 +7870,8 @@ TARGET="_top"
 ></LI
 ><LI
 ><P
->You might include <I
-CLASS="EMPHASIS"
->partial</I
+>You might include <EM
+>partial</EM
 >
         log files written at a debug level set to as much as 20.  
         Please don't send the entire log but enough to give the context of the 
@@ -10194,9 +7893,8 @@ CLASS="EMPHASIS"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->How do I get off the mailing lists?</I
+>	<EM
+>How do I get off the mailing lists?</EM
 >
 	</P
 ><P
@@ -10229,41 +7927,26 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2113">Domain Control for Windows 9x/ME</H2
+NAME="AEN1608"
+>9.8. Domain Control for Windows 9x/ME</A
+></H1
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Note: </B
 >The following section contains much of the original 
 DOMAIN.txt file previously included with Samba.  Much of 
-the material is based on what went into the book <I
-CLASS="EMPHASIS"
+the material is based on what went into the book <EM
 >Special 
-Edition, Using Samba</I
+Edition, Using Samba</EM
 >, by Richard Sharpe.</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ><P
 >A domain and a workgroup are exactly the same thing in terms of network
@@ -10358,10 +8041,12 @@ TYPE="1"
 ></OL
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2139">Configuration Instructions:	Network Logons</H3
+NAME="AEN1634"
+>9.8.1. Configuration Instructions:	Network Logons</A
+></H2
 ><P
 >The main difference between a PDC and a Windows 9x logon 
 server configuration is that</P
@@ -10386,30 +8071,18 @@ CLASS="WARNING"
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >security mode and master browsers</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >There are a few comments to make in order to tie up some 
 loose ends.  There has been much debate over the issue of whether
@@ -10462,34 +8135,33 @@ for its domain.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2158">Configuration Instructions:	Setting up Roaming User Profiles</H3
+NAME="AEN1653"
+>9.8.2. Configuration Instructions:	Setting up Roaming User Profiles</A
+></H2
 ><DIV
 CLASS="WARNING"
 ><P
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
+><B
+>Warning</B
+></TD
+></TR
+><TR
 ><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE!</I
+><EM
+>NOTE!</EM
 > Roaming profiles support is different 
 for Win9X and WinNT.</P
 ></TD
@@ -10510,10 +8182,12 @@ including a separate field for the location of the user's profiles.
 This means that support for profiles is different for Win9X and WinNT.</P
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2166">Windows NT Configuration</H4
+NAME="AEN1661"
+>9.8.2.1. Windows NT Configuration</A
+></H3
 ><P
 >To support WinNT clients, in the [global] section of smb.conf set the
 following (for example):</P
@@ -10539,39 +8213,25 @@ If you are using a samba server for the profiles, you _must_ make the
 share specified in the logon path browseable. </P
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Note: </B
 >[lkcl 26aug96 - we have discovered a problem where Windows clients can
 maintain a connection to the [homes] share in between logins.  The
 [homes] share must NOT therefore be used in a profile path.]</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2174">Windows 9X Configuration</H4
+NAME="AEN1669"
+>9.8.2.2. Windows 9X Configuration</A
+></H3
 ><P
 >To support Win9X clients, you must use the "logon home" parameter. Samba has
 now been fixed so that "net use/home" now works as well, and it, too, relies
@@ -10606,10 +8266,12 @@ specified \\%L\%U for "logon home".</P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2182">Win9X and WinNT Configuration</H4
+NAME="AEN1677"
+>9.8.2.3. Win9X and WinNT Configuration</A
+></H3
 ><P
 >You can support profiles for both Win9X and WinNT clients by setting both the
 "logon home" and "logon path" parameters. For example:</P
@@ -10630,38 +8292,24 @@ logon path = \\%L\profiles\%U</PRE
 ></P
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Note: </B
 >I have not checked what 'net use /home' does on NT when "logon home" is
 set as above.</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2189">Windows 9X Profile Setup</H4
+NAME="AEN1684"
+>9.8.2.4. Windows 9X Profile Setup</A
+></H3
 ><P
 >When a user first logs in on Windows 9X, the file user.DAT is created,
 as are folders "Start Menu", "Desktop", "Programs" and "Nethood".  
@@ -10766,9 +8414,8 @@ TYPE="1"
 ></LI
 ><LI
 ><P
->	<I
-CLASS="EMPHASIS"
->WARNING</I
+>	<EM
+>WARNING</EM
 > - before deleting the contents of the 
 	directory listed in
    the ProfilePath (this is likely to be c:\windows\profiles\username),
@@ -10813,44 +8460,30 @@ differences are with the equivalent samba trace.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2225">Windows NT Workstation 4.0</H4
+NAME="AEN1720"
+>9.8.2.5. Windows NT Workstation 4.0</A
+></H3
 ><P
 >When a user first logs in to a Windows NT Workstation, the profile
 NTuser.DAT is created.  The profile location can be now specified
 through the "logon path" parameter.  </P
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Note: </B
 >[lkcl 10aug97 - i tried setting the path to
 \\samba-server\homes\profile, and discovered that this fails because
 a background process maintains the connection to the [homes] share
 which does _not_ close down in between user logins.  you have to
 have \\samba-server\%L\profile, where user is the username created
 from the [homes] share].</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ><P
 >There is a parameter that is now available for use with NT Profiles:
@@ -10881,25 +8514,11 @@ NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN
 turns a profile into a mandatory one.</P
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Note: </B
 >[lkcl 10aug97 - i notice that NT Workstation tells me that it is
 downloading a profile from a slow link.  whether this is actually the
 case, or whether there is some configuration issue, as yet unknown,
@@ -10918,17 +8537,17 @@ workstation for clear-text passwords].</P
 >[lkcl 25aug97 - more comments received about NT profiles: the case of
 the profile _matters_.  the file _must_ be called NTuser.DAT or, for
 a mandatory profile, NTuser.MAN].</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2238">Windows NT Server</H4
+NAME="AEN1733"
+>9.8.2.6. Windows NT Server</A
+></H3
 ><P
 >There is nothing to stop you specifying any path that you like for the
 location of users' profiles.  Therefore, you could specify that the
@@ -10937,40 +8556,30 @@ that SMB server supports encrypted passwords.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
-><HR><H4
+><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN2241">Sharing Profiles between W95 and NT Workstation 4.0</H4
+NAME="AEN1736"
+>9.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</A
+></H3
 ><DIV
 CLASS="WARNING"
 ><P
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >Potentially outdated or incorrect material follows</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >I think this is all bogus, but have not deleted it. (Richard Sharpe)</P
 ></TD
@@ -10978,7 +8587,7 @@ VALIGN="TOP"
 ></TABLE
 ></DIV
 ><P
->The default logon path is \\%N\%U.  NT Workstation will attempt to create
+>The default logon path is \\%N\U%.  NT Workstation will attempt to create
 a directory "\\samba-server\username.PDS" if you specify the logon path
 as "\\samba-server\username" with the NT User Manager.  Therefore, you
 will need to specify (for example) "\\samba-server\username\profile".
@@ -10995,73 +8604,47 @@ unlikely to exist on a Win95-only host].</P
 NTuser.DAT files in the same profile directory.</P
 ><DIV
 CLASS="NOTE"
-><P
-></P
-><TABLE
+><BLOCKQUOTE
 CLASS="NOTE"
-WIDTH="100%"
-BORDER="0"
-><TR
-><TD
-WIDTH="25"
-ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/note.gif"
-HSPACE="5"
-ALT="Note"></TD
-><TD
-ALIGN="LEFT"
-VALIGN="TOP"
 ><P
+><B
+>Note: </B
 >[lkcl 25aug97 - there are some issues to resolve with downloading of
 NT profiles, probably to do with time/date stamps.  i have found that
 NTuser.DAT is never updated on the workstation after the first time that
 it is copied to the local workstation profile directory.  this is in
 contrast to w95, where it _does_ transfer / update profiles correctly].</P
-></TD
-></TR
-></TABLE
+></BLOCKQUOTE
 ></DIV
 ></DIV
 ></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2251">DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</H2
+NAME="AEN1746"
+>9.9. DOMAIN_CONTROL.txt : Windows NT Domain Control &#38; Samba</A
+></H1
 ><DIV
 CLASS="WARNING"
 ><P
 ></P
 ><TABLE
 CLASS="WARNING"
+BORDER="1"
 WIDTH="100%"
-BORDER="0"
 ><TR
 ><TD
-WIDTH="25"
 ALIGN="CENTER"
-VALIGN="TOP"
-><IMG
-SRC="./stylesheet-images/warning.gif"
-HSPACE="5"
-ALT="Warning"></TD
-><TH
-ALIGN="LEFT"
-VALIGN="CENTER"
 ><B
 >Possibly Outdated Material</B
-></TH
+></TD
 ></TR
 ><TR
 ><TD
->&nbsp;</TD
-><TD
 ALIGN="LEFT"
-VALIGN="TOP"
 ><P
 >	This appendix was originally authored by John H Terpstra of 
 	the Samba Team and is included here for posterity.
@@ -11071,9 +8654,8 @@ VALIGN="TOP"
 ></TABLE
 ></DIV
 ><P
-><I
-CLASS="EMPHASIS"
->NOTE :</I
+><EM
+>NOTE :</EM
 > 
 The term "Domain Controller" and those related to it refer to one specific
 method of authentication that can underly an SMB domain. Domain Controllers
@@ -11163,13 +8745,17 @@ within its registry.</P
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="SAMBA-BDC">How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</H1
+NAME="SAMBA-BDC"
+>Chapter 10. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2287">Prerequisite Reading</H2
+NAME="AEN1782"
+>10.1. Prerequisite Reading</A
+></H1
 ><P
 >Before you continue reading in this chapter, please make sure
 that you are comfortable with configuring a Samba PDC
@@ -11181,10 +8767,12 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2291">Background</H2
+NAME="AEN1786"
+>10.2. Background</A
+></H1
 ><P
 >What is a Domain Controller? It is a machine that is able to answer
 logon requests from workstations in a Windows NT Domain. Whenever a
@@ -11219,9 +8807,13 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->workgroup = SAMBA
-domain master = yes
-domain logons = yes</PRE
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
 ></TD
 ></TR
 ></TABLE
@@ -11233,10 +8825,12 @@ others. This will not be covered in this document.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2299">What qualifies a Domain Controller on the network?</H2
+NAME="AEN1794"
+>10.3. What qualifies a Domain Controller on the network?</A
+></H1
 ><P
 >Every machine that is a Domain Controller for the domain SAMBA has to
 register the NetBIOS group name SAMBA#1c with the WINS server and/or
@@ -11248,10 +8842,12 @@ Microsoft Domain implementation requires the domain master browser to
 be on the same machine as the PDC.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2302">How does a Workstation find its domain controller?</H3
+NAME="AEN1797"
+>10.3.1. How does a Workstation find its domain controller?</A
+></H2
 ><P
 >A NT workstation in the domain SAMBA that wants a local user to be
 authenticated has to find the domain controller for SAMBA. It does
@@ -11265,10 +8861,12 @@ the domain controller, asking for approval.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2305">When is the PDC needed?</H3
+NAME="AEN1800"
+>10.3.2. When is the PDC needed?</A
+></H2
 ><P
 >Whenever a user wants to change his password, this has to be done on
 the PDC. To find the PDC, the workstation does a NetBIOS name query
@@ -11279,10 +8877,12 @@ the password change is done.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2308">Can Samba be a Backup Domain Controller?</H2
+NAME="AEN1803"
+>10.4. Can Samba be a Backup Domain Controller?</A
+></H1
 ><P
 >With version 2.2, no. The native NT SAM replication protocols have
 not yet been fully implemented. The Samba Team is working on
@@ -11296,10 +8896,12 @@ service logon requests whenever the PDC is down.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2312">How do I set up a Samba BDC?</H2
+NAME="AEN1807"
+>10.5. How do I set up a Samba BDC?</A
+></H1
 ><P
 >Several things have to be done:</P
 ><P
@@ -11307,39 +8909,93 @@ NAME="AEN2312">How do I set up a Samba BDC?</H2
 ><UL
 ><LI
 ><P
->The domain SID has to be the same on the PDC and the BDC. This used to
-be stored in the file private/MACHINE.SID. This file is not created
-anymore since Samba 2.2.5 or even earlier. Nowadays the domain SID is
-stored in the file private/secrets.tdb. Simply copying the secrets.tdb
-from the PDC to the BDC does not work, as the BDC would
-generate a new SID for itself and override the domain SID with this
-new BDC SID.</P
+>	The file <TT
+CLASS="FILENAME"
+>private/MACHINE.SID</TT
+> identifies the domain. When a samba
+	server is first started, it is created on the fly and must never be
+	changed again. This file has to be the same on the PDC and the BDC,
+	so the MACHINE.SID has to be copied from the PDC to the BDC.  Note that in the
+	latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored
+	in the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> database.  This file cannot just
+	be copied because Samba looks under the key <TT
+CLASS="CONSTANT"
+>SECRETS/SID/<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+></TT
+>.
+	where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the machine's netbios name.  Since this name has
+	to be unique for each SAMBA server, this lookup will fail.  </P
 ><P
->To retrieve the domain SID from the PDC or an existing BDC and store it in the
-secrets.tdb, execute 'net rpc getsid' on the BDC.</P
+>	A new option has been added to the <B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+>
+	command to help ease this problem.  When running <B
+CLASS="COMMAND"
+>smbpasswd -S</B
+> as the root user,
+	the domain SID will be retrieved from a domain controller matching the value of the
+	<TT
+CLASS="PARAMETER"
+><I
+>workgroup</I
+></TT
+> parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and stored as the
+	new Samba server's machine SID.  See the <A
+HREF="smbpasswd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbpasswd(8)</B
+></A
+>
+	man page for more details on this functionality.
+	</P
 ></LI
 ><LI
 ><P
->The Unix user database has to be synchronized from the PDC to the
-BDC. This means that both the /etc/passwd and /etc/group have to be
-replicated from the PDC to the BDC. This can be done manually
-whenever changes are made, or the PDC is set up as a NIS master
-server and the BDC as a NIS slave server. To set up the BDC as a
-mere NIS client would not be enough, as the BDC would not be able to
-access its user database in case of a PDC failure.</P
+>	The Unix user database has to be synchronized from the PDC to the
+	BDC. This means that both the /etc/passwd and /etc/group have to be
+	replicated from the PDC to the BDC. This can be done manually
+	whenever changes are made, or the PDC is set up as a NIS master
+	server and the BDC as a NIS slave server. To set up the BDC as a
+	mere NIS client would not be enough, as the BDC would not be able to
+	access its user database in case of a PDC failure.  LDAP is also a
+	potential vehicle for sharing this information.
+	</P
 ></LI
 ><LI
 ><P
->The Samba password database in the file private/smbpasswd has to be
-replicated from the PDC to the BDC. This is a bit tricky, see the
-next section.</P
+>	The Samba password database in the file <TT
+CLASS="FILENAME"
+>private/smbpasswd</TT
+>
+	has to be replicated from the PDC to the BDC. This is a bit tricky, see the
+	next section.
+	</P
 ></LI
 ><LI
 ><P
->Any netlogon share has to be replicated from the PDC to the
-BDC. This can be done manually whenever login scripts are changed,
-or it can be done automatically together with the smbpasswd
-synchronization.</P
+>	Any netlogon share has to be replicated from the PDC to the
+	BDC. This can be done manually whenever login scripts are changed,
+	or it can be done automatically together with the smbpasswd
+	synchronization.
+	</P
 ></LI
 ></UL
 ><P
@@ -11354,9 +9010,13 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->workgroup = samba
-domain master = no
-domain logons = yes</PRE
+>[global]
+     workgroup = SAMBA
+     domain master = yes
+     domain logons = yes
+     encrypt passwords = yes
+     security = user
+     ....</PRE
 ></TD
 ></TR
 ></TABLE
@@ -11370,22 +9030,60 @@ no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS
 name is reserved for the Primary Domain Controller.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2329">How do I replicate the smbpasswd file?</H3
+NAME="AEN1836"
+>10.5.1. How do I replicate the smbpasswd file?</A
+></H2
 ><P
 >Replication of the smbpasswd file is sensitive. It has to be done
-whenever changes to the SAM are made. Every user's password change is
-done in the smbpasswd file and has to be replicated to the BDC. So
+whenever changes to the SAM are made. Every user's password change
+(including machine trust account password changes) is done in the
+smbpasswd file and has to be replicated to the BDC. So
 replicating the smbpasswd file very often is necessary.</P
 ><P
 >As the smbpasswd file contains plain text password equivalents, it
 must not be sent unencrypted over the wire. The best way to set up
 smbpasswd replication from the PDC to the BDC is to use the utility
-rsync. rsync can use ssh as a transport. ssh itself can be set up to
-accept *only* rsync transfer without requiring the user to type a
-password.</P
+<B
+CLASS="COMMAND"
+>rsync(1)</B
+>. <B
+CLASS="COMMAND"
+>rsync</B
+> can use
+<B
+CLASS="COMMAND"
+>ssh(1)</B
+> as a transport. <B
+CLASS="COMMAND"
+>ssh</B
+> itself
+can be set up to accept <EM
+>only</EM
+> <B
+CLASS="COMMAND"
+>rsync</B
+> transfer without requiring the user to
+type a password.  Refer to the man pages for these two tools for more details.</P
+><P
+>Another solution with high potential is to use Samba's <TT
+CLASS="PARAMETER"
+><I
+>--with-ldapsam</I
+></TT
+>
+for sharing and/or replicating the list of <TT
+CLASS="CONSTANT"
+>sambaAccount</TT
+> entries.
+This can all be done over SSL to ensure security.  See the <A
+HREF="Samba-LDAP-HOWTO.html"
+TARGET="_top"
+>Samba-LDAP-HOWTO</A
+>
+for more details.</P
 ></DIV
 ></DIV
 ></DIV
@@ -11393,13 +9091,17 @@ password.</P
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="SAMBA-LDAP-HOWTO">Storing Samba's User/Machine Account information in an LDAP Directory</H1
+NAME="SAMBA-LDAP-HOWTO"
+>Chapter 11. Storing Samba's User/Machine Account information in an LDAP Directory</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2350">Purpose</H2
+NAME="AEN1867"
+>11.1. Purpose</A
+></H1
 ><P
 >This document describes how to use an LDAP directory for storing Samba user
 account information traditionally stored in the smbpasswd(5) file.  It is
@@ -11433,7 +9135,7 @@ TARGET="_top"
 >O'Reilly Publishing</A
 > is working on
 a guide to LDAP for System Administrators which has a planned release date of
-early summer, 2002.</P
+late 2002.</P
 ><P
 >Two additional Samba resources which may prove to be helpful are</P
 ><P
@@ -11455,17 +9157,23 @@ HREF="http://samba.idealx.org/"
 TARGET="_top"
 >IDEALX</A
 > that are
-	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <TT
+CLASS="FILENAME"
+>examples/LDAP/smbldap-tools/</TT
+> directory.
 	</P
 ></LI
 ></UL
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2370">Introduction</H2
+NAME="AEN1888"
+>11.2. Introduction</A
+></H1
 ><P
 >Traditionally, when configuring <A
 HREF="smb.conf.5.html#ENCRYPTPASSWORDS"
@@ -11491,7 +9199,7 @@ in the thousands).</P
 >The first is that all lookups must be performed sequentially.  Given that
 there are approximately two lookups per domain logon (one for a normal
 session connection such as when mapping a network drive or printer), this
-is a performance bottleneck for lareg sites.  What is needed is an indexed approach
+is a performance bottleneck for large sites.  What is needed is an indexed approach
 such as is used in databases.</P
 ></LI
 ><LI
@@ -11517,7 +9225,10 @@ Identified (RID).</P
 ></UL
 ><P
 >As a result of these defeciencies, a more robust means of storing user attributes
-used by smbd was developed.  The API which defines access to user accounts
+used by <B
+CLASS="COMMAND"
+>smbd</B
+> was developed.  The API which defines access to user accounts
 is commonly referred to as the samdb interface (previously this was called the passdb
 API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
 for a samdb backend (e.g. <TT
@@ -11539,7 +9250,10 @@ CLASS="PARAMETER"
 >--with-ldapsam</I
 ></TT
 > autoconf
-option, smbd (and associated tools) will store and lookup user accounts in
+option, <B
+CLASS="COMMAND"
+>smbd</B
+> (and associated tools) will store and lookup user accounts in
 an LDAP directory.  In reality, this is very easy to understand.  If you are
 comfortable with using an smbpasswd file, simply replace "smbpasswd" with
 "LDAP directory" in all the documentation.</P
@@ -11577,10 +9291,12 @@ the details of configuring these packages are beyond the scope of this document.
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2399">Supported LDAP Servers</H2
+NAME="AEN1919"
+>11.3. Supported LDAP Servers</A
+></H1
 ><P
 >The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP
 2.0 server and client libraries.  The same code should be able to work with
@@ -11600,10 +9316,12 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2404">Schema and Relationship to the RFC 2307 posixAccount</H2
+NAME="AEN1924"
+>11.4. Schema and Relationship to the RFC 2307 posixAccount</A
+></H1
 ><P
 >Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in
 <TT
@@ -11621,7 +9339,7 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
      DESC 'Samba Account'
      MUST ( uid $ rid )
      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
@@ -11633,7 +9351,10 @@ CLASS="PROGRAMLISTING"
 ></TABLE
 ></P
 ><P
->The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
+>The <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file has been formatted for OpenLDAP 2.0 &#38; 2.1.  The OID's are
 owned by the Samba Team and as such is legal to be openly published.
 If you translate the schema to be used with Netscape DS, please
 submit the modified schema file as a patch to <A
@@ -11642,22 +9363,47 @@ TARGET="_top"
 >jerry@samba.org</A
 ></P
 ><P
+>Since the original release, schema files for</P
+><P
+></P
+><UL
+><LI
+><P
+>IBM's SecureWay Server</P
+></LI
+><LI
+><P
+>Netscape Directory Server version 4.x and 5.x</P
+></LI
+></UL
+><P
+>have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.</P
+><P
 >Just as the smbpasswd file is mean to store information which supplements a
 user's <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
 > entry, so is the sambaAccount object
-meant to supplement the UNIX user account information.  A sambaAccount is a
+meant to supplement the UNIX user account information.  A sambaAccount is now an
 <TT
 CLASS="CONSTANT"
->STRUCTURAL</TT
-> objectclass so it can be stored individually
-in the directory.  However, there are several fields (e.g. uid) which overlap
-with the posixAccount objectclass outlined in RFC2307.  This is by design.</P
+>AUXILARY</TT
+> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.</P
 ><P
 >In order to store all user account information (UNIX and Samba) in the directory,
 it is necessary to use the sambaAccount and posixAccount objectclasses in
-combination.  However, smbd will still obtain the user's UNIX account
+combination.  However, <B
+CLASS="COMMAND"
+>smbd</B
+> will still obtain the user's UNIX account
 information via the standard C library calls (e.g. getpwnam(), et. al.).
 This means that the Samba server must also have the LDAP NSS library installed
 and functioning correctly.  This division of information makes it possible to
@@ -11666,16 +9412,20 @@ information in NIS while the network is transitioning to a full LDAP infrastruct
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2416">Configuring Samba with LDAP</H2
+NAME="AEN1945"
+>11.5. Configuring Samba with LDAP</A
+></H1
 ><DIV
 CLASS="SECT2"
-><H3
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2418">OpenLDAP configuration</H3
+NAME="AEN1947"
+>11.5.1. OpenLDAP configuration</A
+></H2
 ><P
 >To include support for the sambaAccount object in an OpenLDAP directory
 server, first copy the samba.schema file to slapd's configuration directory.</P
@@ -11752,9 +9502,9 @@ CLASS="PROGRAMLISTING"
 ## required by OpenLDAP 2.0
 index objectclass   eq
 
-## support pb_getsampwnam()
+## support pbb_getsampwnam()
 index uid           pres,eq
-## support pdb_getsambapwrid()
+## support pdb_getsampwrid()
 index rid           eq
 
 ## uncomment these if you are storing posixAccount and
@@ -11770,10 +9520,12 @@ index rid           eq
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2435">Configuring Samba</H3
+NAME="AEN1964"
+>11.5.2. Configuring Samba</A
+></H2
 ><P
 >The following parameters are available in smb.conf only with <TT
 CLASS="PARAMETER"
@@ -11894,13 +9646,71 @@ CLASS="REPLACEABLE"
 ></TABLE
 ></P
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN1992"
+>11.5.3. Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></H2
+><P
+>Import existing user entries from an <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> can be trivially done using
+a Perl script named <TT
+CLASS="FILENAME"
+>import_smbpasswd.pl</TT
+> included in the
+<TT
+CLASS="FILENAME"
+>examples/LDAP/</TT
+> directory of the Samba source distribution.  There are
+two main requirements of this script:</P
+><P
+></P
+><UL
+><LI
+><P
+>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</P
+></LI
+><LI
+><P
+>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <A
+HREF="http://search.cpan.org/"
+TARGET="_top"
+>http://search.cpan.org/</A
+>
+	by searching for <TT
+CLASS="FILENAME"
+>perl-ldap</TT
+> or directly from <A
+HREF="http://perl-ldap.sf.net/"
+TARGET="_top"
+>http://perl-ldap.sf.net/</A
+>.
+	</P
+></LI
+></UL
+><P
+>Please refer to the documentation in the same directory as the script for more details.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2463">Accounts and Groups management</H2
+NAME="AEN2008"
+>11.6. Accounts and Groups management</A
+></H1
 ><P
 >As users accounts are managed thru the sambaAccount objectclass, you should
 modify you existing administration tools to deal with sambaAccount attributes.</P
@@ -11920,10 +9730,12 @@ groups).</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2468">Security and sambaAccount</H2
+NAME="AEN2013"
+>11.7. Security and sambaAccount</A
+></H1
 ><P
 >There are two important points to remember when discussing the security
 of sambaAccount entries in the directory.</P
@@ -11932,17 +9744,15 @@ of sambaAccount entries in the directory.</P
 ><UL
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->Never</I
+><EM
+>Never</EM
 > retrieve the lmPassword or
 	ntPassword attribute values over an unencrypted LDAP session.</P
 ></LI
 ><LI
 ><P
-><I
-CLASS="EMPHASIS"
->Never</I
+><EM
+>Never</EM
 > allow non-admin users to
 	view the lmPassword or ntPassword attribute values.</P
 ></LI
@@ -12000,10 +9810,12 @@ access to attrs=lmPassword,ntPassword
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2488">LDAP specials attributes for sambaAccounts</H2
+NAME="AEN2033"
+>11.8. LDAP specials attributes for sambaAccounts</A
+></H1
 ><P
 >The sambaAccount objectclass is composed of the following attributes:</P
 ><P
@@ -12209,10 +10021,12 @@ something other than the default (e.g. \\MOBY\becky).</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2558">Example LDIF Entries for a sambaAccount</H2
+NAME="AEN2103"
+>11.9. Example LDIF Entries for a sambaAccount</A
+></H1
 ><P
 >The following is a working LDIF with the inclusion of the posixAccount objectclass:</P
 ><P
@@ -12283,164 +10097,589 @@ ntPassword: 878D8014606CDA29677A44EFA1353FC7</PRE
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2566">Comments</H2
+NAME="AEN2111"
+>11.10. Comments</A
+></H1
 ><P
 >Please mail all comments regarding this HOWTO to <A
 HREF="mailto:jerry@samba.org"
 TARGET="_top"
 >jerry@samba.org</A
 >.  This documents was
-last updated to reflect the Samba 2.2.3 release.&#13;</P
+last updated to reflect the Samba 2.2.5 release.&#13;</P
 ></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="IMPROVED-BROWSING">Improved browsing in samba</H1
+NAME="WINBIND"
+>Chapter 12. Unified Logons between Windows NT and UNIX using Winbind</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2577">Overview of browsing</H2
+NAME="AEN2140"
+>12.1. Abstract</A
+></H1
 ><P
->SMB networking provides a mechanism by which clients can access a list
-of machines in a network, a so-called "browse list".  This list
-contains machines that are ready to offer file and/or print services
-to other machines within the network. Thus it does not include
-machines which aren't currently able to do server tasks.  The browse
-list is heavily used by all SMB clients.  Configuration of SMB
-browsing has been problematic for some Samba users, hence this
-document.</P
-><P
->Browsing will NOT work if name resolution from NetBIOS names to IP
-addresses does not function correctly. Use of a WINS server is highly
-recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
-WINS allows remote segment clients to obtain NetBIOS name_type information
-that can NOT be provided by any other means of name resolution.</P
+>Integration of UNIX and Microsoft Windows NT through 
+	a unified logon has been considered a "holy grail" in heterogeneous 
+	computing environments for a long time. We present 
+	<EM
+>winbind</EM
+>, a component of the Samba suite 
+	of programs as a solution to the unified logon problem. Winbind 
+	uses a UNIX implementation 
+	of Microsoft RPC calls, Pluggable Authentication Modules, and the Name 
+	Service Switch to allow Windows NT domain users to appear and operate 
+	as UNIX users on a UNIX machine. This paper describes the winbind 
+	system, explaining the functionality it provides, how it is configured, 
+	and how it works internally.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2581">Browsing support in samba</H2
+NAME="AEN2144"
+>12.2. Introduction</A
+></H1
 ><P
->Samba now fully supports browsing.  The browsing is supported by nmbd
-and is also controlled by options in the smb.conf file (see smb.conf(5)).</P
+>It is well known that UNIX and Microsoft Windows NT have 
+	different models for representing user and group information and 
+	use different technologies for implementing them. This fact has 
+	made it difficult to integrate the two systems in a satisfactory 
+	manner.</P
 ><P
->Samba can act as a local browse master for a workgroup and the ability
-for samba to support domain logons and scripts is now available.  See
-DOMAIN.txt for more information on domain logons.</P
+>One common solution in use today has been to create 
+	identically named user accounts on both the UNIX and Windows systems 
+	and use the Samba suite of programs to provide file and print services 
+	between the two. This solution is far from perfect however, as 
+	adding and deleting users on both sets of machines becomes a chore 
+	and two sets of passwords are required both of which
+	can lead to synchronization problems between the UNIX and Windows 
+	systems and confusion for users.</P
 ><P
->Samba can also act as a domain master browser for a workgroup.  This
-means that it will collate lists from local browse masters into a
-wide area network server list.  In order for browse clients to
-resolve the names they may find in this list, it is recommended that
-both samba and your clients use a WINS server.</P
+>We divide the unified logon problem for UNIX machines into 
+	three smaller problems:</P
 ><P
->Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain: on each wide area
-network, you must only ever have one domain master browser per workgroup,
-regardless of whether it is NT, Samba or any other type of domain master
-that is providing this service.</P
+></P
+><UL
+><LI
 ><P
->[Note that nmbd can be configured as a WINS server, but it is not
-necessary to specifically use samba as your WINS server.  NTAS can
-be configured as your WINS server.  In a mixed NT server and
-samba environment on a Wide Area Network, it is recommended that
-you use the NT server's WINS server capabilities.  In a samba-only
-environment, it is recommended that you use one and only one nmbd
-as your WINS server].</P
+>Obtaining Windows NT user and group information
+		</P
+></LI
+><LI
 ><P
->To get browsing to work you need to run nmbd as usual, but will need
-to use the "workgroup" option in smb.conf to control what workgroup
-Samba becomes a part of.</P
+>Authenticating Windows NT users
+		</P
+></LI
+><LI
+><P
+>Password changing for Windows NT users
+		</P
+></LI
+></UL
 ><P
->Samba also has a useful option for a Samba server to offer itself for
-browsing on another subnet.  It is recommended that this option is only
-used for 'unusual' purposes: announcements over the internet, for
-example.  See "remote announce" in the smb.conf man page.  </P
+>Ideally, a prospective solution to the unified logon problem 
+	would satisfy all the above components without duplication of 
+	information on the UNIX machines and without creating additional 
+	tasks for the system administrator when maintaining users and 
+	groups on either system. The winbind system provides a simple 
+	and elegant solution to all three components of the unified logon 
+	problem.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2590">Problem resolution</H2
+NAME="AEN2157"
+>12.3. What Winbind Provides</A
+></H1
 ><P
->If something doesn't work then hopefully the log.nmb file will help
-you track down the problem.  Try a debug level of 2 or 3 for finding
-problems. Also note that the current browse list usually gets stored
-in text form in a file called browse.dat.</P
+>Winbind unifies UNIX and Windows NT account management by 
+	allowing a UNIX box to become a full member of a NT domain. Once 
+	this is done the UNIX box will see NT users and groups as if 
+	they were native UNIX users and groups, allowing the NT domain 
+	to be used in much the same manner that NIS+ is used within 
+	UNIX-only environments.</P
 ><P
->Note that if it doesn't work for you, then you should still be able to
-type the server name as \\SERVER in filemanager then hit enter and
-filemanager should display the list of available shares.</P
+>The end result is that whenever any 
+	program on the UNIX machine asks the operating system to lookup 
+	a user or group name, the query will be resolved by asking the 
+	NT domain controller for the specified domain to do the lookup.
+	Because Winbind hooks into the operating system at a low level 
+	(via the NSS name resolution modules in the C library) this 
+	redirection to the NT domain controller is completely 
+	transparent.</P
 ><P
->Some people find browsing fails because they don't have the global
-"guest account" set to a valid account.  Remember that the IPC$
-connection that lists the shares is done as guest, and thus you must
-have a valid guest account.</P
+>Users on the UNIX machine can then use NT user and group 
+	names as they would use "native" UNIX names. They can chown files 
+	so that they are owned by NT domain users or even login to the 
+	UNIX machine and run a UNIX X-Window session as a domain user.</P
 ><P
->Also, a lot of people are getting bitten by the problem of too many
-parameters on the command line of nmbd in inetd.conf.  This trick is to
-not use spaces between the option and the parameter (eg: -d2 instead
-of -d 2), and to not use the -B and -N options.  New versions of nmbd
-are now far more likely to correctly find your broadcast and network
-address, so in most cases these aren't needed.</P
+>The only obvious indication that Winbind is being used is 
+	that user and group names take the form DOMAIN\user and 
+	DOMAIN\group. This is necessary as it allows Winbind to determine 
+	that redirection to a domain controller is wanted for a particular 
+	lookup and which trusted domain is being referenced.</P
 ><P
->The other big problem people have is that their broadcast address,
-netmask or IP address is wrong (specified with the "interfaces" option
-in smb.conf)</P
+>Additionally, Winbind provides an authentication service 
+	that hooks into the Pluggable Authentication Modules (PAM) system 
+	to provide authentication via a NT domain to any PAM enabled 
+	applications. This capability solves the problem of synchronizing 
+	passwords between systems since all passwords are stored in a single 
+	location (on the domain controller).</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2164"
+>12.3.1. Target Uses</A
+></H2
+><P
+>Winbind is targeted at organizations that have an 
+		existing NT based domain infrastructure into which they wish 
+		to put UNIX workstations or servers. Winbind will allow these 
+		organizations to deploy UNIX workstations without having to 
+		maintain a separate account infrastructure. This greatly 
+		simplifies the administrative overhead of deploying UNIX 
+		workstations into a NT based organization.</P
+><P
+>Another interesting way in which we expect Winbind to 
+		be used is as a central part of UNIX based appliances. Appliances
+		that provide file and print services to Microsoft based networks 
+		will be able to use Winbind to provide seamless integration of 
+		the appliance into the domain.</P
+></DIV
 ></DIV
 ><DIV
 CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN2168"
+>12.4. How Winbind Works</A
+></H1
+><P
+>The winbind system is designed around a client/server 
+	architecture. A long running <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon 
+	listens on a UNIX domain socket waiting for requests
+	to arrive. These requests are generated by the NSS and PAM 
+	clients and processed sequentially.</P
+><P
+>The technologies used to implement winbind are described 
+	in detail below.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2173"
+>12.4.1. Microsoft Remote Procedure Calls</A
+></H2
+><P
+>Over the last two years, efforts have been underway 
+		by various Samba Team members to decode various aspects of 
+		the Microsoft Remote Procedure Call (MSRPC) system. This 
+		system is used for most network related operations between 
+		Windows NT machines including remote management, user authentication
+		and print spooling. Although initially this work was done 
+		to aid the implementation of Primary Domain Controller (PDC) 
+		functionality in Samba, it has also yielded a body of code which 
+		can be used for other purposes.</P
+><P
+>Winbind uses various MSRPC calls to enumerate domain users 
+		and groups and to obtain detailed information about individual 
+		users or groups. Other MSRPC calls can be used to authenticate 
+		NT domain users and to change user passwords. By directly querying 
+		a Windows PDC for user and group information, winbind maps the 
+		NT account information onto UNIX user and group names.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2177"
+>12.4.2. Name Service Switch</A
+></H2
+><P
+>The Name Service Switch, or NSS, is a feature that is 
+		present in many UNIX operating systems. It allows system 
+		information such as hostnames, mail aliases and user information 
+		to be resolved from different sources. For example, a standalone 
+		UNIX workstation may resolve system information from a series of 
+		flat files stored on the local filesystem. A networked workstation 
+		may first attempt to resolve system information from local files, 
+		and then consult a NIS database for user information or a DNS server 
+		for hostname information.</P
+><P
+>The NSS application programming interface allows winbind 
+		to present itself as a source of system information when 
+		resolving UNIX usernames and groups.  Winbind uses this interface, 
+		and information obtained from a Windows NT server using MSRPC 
+		calls to provide a new source of account enumeration.  Using standard 
+		UNIX library calls, one can enumerate the users and groups on
+		a UNIX machine running winbind and see all users and groups in 
+		a NT domain plus any trusted domain as though they were local 
+		users and groups.</P
+><P
+>The primary control file for NSS is 
+		<TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+>. 
+		When a UNIX application makes a request to do a lookup 
+		the C library looks in <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> 
+		for a line which matches the service type being requested, for 
+		example the "passwd" service type is used when user or group names 
+		are looked up. This	config line species which implementations 
+		of that service should be tried and in what order. If the passwd 
+		config line is:</P
+><P
+><B
+CLASS="COMMAND"
+>passwd: files example</B
+></P
+><P
+>then the C library will first load a module called 
+		<TT
+CLASS="FILENAME"
+>/lib/libnss_files.so</TT
+> followed by
+		the module <TT
+CLASS="FILENAME"
+>/lib/libnss_example.so</TT
+>. The 
+		C library will dynamically load each of these modules in turn 
+		and call resolver functions within the modules to try to resolve 
+		the request. Once the request is resolved the C library returns the
+		result to the application.</P
+><P
+>This NSS interface provides a very easy way for Winbind 
+		to hook into the operating system. All that needs to be done 
+		is to put <TT
+CLASS="FILENAME"
+>libnss_winbind.so</TT
+> in <TT
+CLASS="FILENAME"
+>/lib/</TT
+> 
+		then add "winbind" into <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> at 
+		the appropriate place. The C library will then call Winbind to 
+		resolve user and group names.</P
+></DIV
+><DIV
+CLASS="SECT2"
 ><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2193"
+>12.4.3. Pluggable Authentication Modules</A
+></H2
+><P
+>Pluggable Authentication Modules, also known as PAM, 
+		is a system for abstracting authentication and authorization 
+		technologies. With a PAM module it is possible to specify different 
+		authentication methods for different system applications without 
+		having to recompile these applications. PAM is also useful
+		for implementing a particular policy for authorization. For example, 
+		a system administrator may only allow console logins from users 
+		stored in the local password file but only allow users resolved from 
+		a NIS database to log in over the network.</P
+><P
+>Winbind uses the authentication management and password 
+		management PAM interface to integrate Windows NT users into a 
+		UNIX system. This allows Windows NT users to log in to a UNIX 
+		machine and be authenticated against a suitable Primary Domain 
+		Controller. These users can also change their passwords and have 
+		this change take effect directly on the Primary Domain Controller.
+		</P
+><P
+>PAM is configured by providing control files in the directory 
+		<TT
+CLASS="FILENAME"
+>/etc/pam.d/</TT
+> for each of the services that 
+		require authentication. When an authentication request is made 
+		by an application the PAM code in the C library looks up this
+		control file to determine what modules to load to do the 
+		authentication check and in what order. This interface makes adding 
+		a new authentication service for Winbind very easy, all that needs 
+		to be done is that the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> module 
+		is copied to <TT
+CLASS="FILENAME"
+>/lib/security/</TT
+> and the PAM 
+		control files for relevant services are updated to allow 
+		authentication via winbind. See the PAM documentation
+		for more details.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2201"
+>12.4.4. User and Group ID Allocation</A
+></H2
+><P
+>When a user or group is created under Windows NT 
+		is it allocated a numerical relative identifier (RID). This is 
+		slightly different to UNIX which has a range of numbers that are 
+		used to identify users, and the same range in which to identify 
+		groups. It is winbind's job to convert RIDs to UNIX id numbers and
+		vice versa.  When winbind is configured it is given part of the UNIX 
+		user id space and a part of the UNIX group id space in which to 
+		store Windows NT users and groups. If a Windows NT user is 
+		resolved for the first time, it is allocated the next UNIX id from 
+		the range. The same process applies for Windows NT groups. Over 
+		time, winbind will have mapped all Windows NT users and groups
+		to UNIX user ids and group ids.</P
+><P
+>The results of this mapping are stored persistently in 
+		an ID mapping database held in a tdb database). This ensures that 
+		RIDs are mapped to UNIX IDs in a consistent way.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2205"
+>12.4.5. Result Caching</A
+></H2
+><P
+>An active system can generate a lot of user and group 
+		name lookups. To reduce the network cost of these lookups winbind 
+		uses a caching scheme based on the SAM sequence number supplied 
+		by NT domain controllers.  User or group information returned 
+		by a PDC is cached by winbind along with a sequence number also 
+		returned by the PDC. This sequence number is incremented by 
+		Windows NT whenever any user or group information is modified. If 
+		a cached entry has expired, the sequence number is requested from 
+		the PDC and compared against the sequence number of the cached entry. 
+		If the sequence numbers do not match, then the cached information 
+		is discarded and up to date information is requested directly 
+		from the PDC.</P
+></DIV
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2597">Browsing across subnets</H2
+NAME="AEN2208"
+>12.5. Installation and Configuration</A
+></H1
 ><P
->With the release of Samba 1.9.17(alpha1 and above) Samba has been
-updated to enable it to support the replication of browse lists
-across subnet boundaries.  New code and options have been added to
-achieve this.  This section describes how to set this feature up
-in different settings.</P
+>Many thanks to John Trostel <A
+HREF="mailto:jtrostel@snapserver.com"
+TARGET="_top"
+>jtrostel@snapserver.com</A
+>
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
+to control access and authenticate users on your Linux box using 
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2212"
+>12.5.1. Introduction</A
+></H2
+><P
+>This HOWTO describes the procedures used to get winbind up and 
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.</P
 ><P
->To see browse lists that span TCP/IP subnets (ie.  networks separated
-by routers that don't pass broadcast traffic) you must set up at least
-one WINS server.  The WINS server acts as a DNS for NetBIOS names, allowing
-NetBIOS name to IP address translation to be done by doing a direct
-query of the WINS server.  This is done via a directed UDP packet on
-port 137 to the WINS server machine.  The reason for a WINS server is
-that by default, all NetBIOS name to IP address translation is done
-by broadcasts from the querying machine.  This means that machines
-on one subnet will not be able to resolve the names of machines on
-another subnet without using a WINS server.</P
+>This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.</P
 ><P
->Remember, for browsing across subnets to work correctly, all machines,
-be they Windows 95, Windows NT, or Samba servers must have the IP address
-of a WINS server given to them by a DHCP server, or by manual configuration 
-(for Win95 and WinNT, this is in the TCP/IP Properties, under Network 
-settings) for Samba this is in the smb.conf file.</P
+></P
+><UL
+><LI
+><P
+>	<EM
+>Why should I to this?</EM
+>
+	</P
+><P
+>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
+	accounts on the SAMBA server.
+	</P
+></LI
+><LI
+><P
+>	<EM
+>Who should be reading this document?</EM
+>
+	</P
+><P
+>	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
+	integrate existing NT/Win2K users from your PDC onto the
+	SAMBA server, this HOWTO is for you.
+	</P
+></LI
+></UL
+></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2602">How does cross subnet browsing work ?</H3
+NAME="AEN2225"
+>12.5.2. Requirements</A
+></H2
+><P
+>If you have a samba configuration file that you are currently
+using... <EM
+>BACK IT UP!</EM
+>  If your system already uses PAM,
+<EM
+>back up the <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>)
+directory contents!</EM
+> If you haven't already made a boot disk,
+<EM
+>MAKE ONE NOW!</EM
+></P
+><P
+>Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
+<TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>pam.conmf</TT
+>) back to
+the original state they were in if
+you get frustrated with the way things are going.</P
+><P
+>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
+<A
+HREF="http://samba.org/"
+TARGET="_top"
+>main SAMBA web page</A
+> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.</P
+><P
+>To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
+SAMBA machine, PAM (pluggable authentication modules) must
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <TT
+CLASS="FILENAME"
+>pam</TT
+> and <TT
+CLASS="FILENAME"
+>pam-devel</TT
+> RPM.
+The former is installed by default on all Linux systems of which the author is aware.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN2241"
+>12.5.3. Testing Things Out</A
+></H2
+><P
+>Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <B
+CLASS="COMMAND"
+>smbd</B
+>, <B
+CLASS="COMMAND"
+>nmbd</B
+>, and <B
+CLASS="COMMAND"
+>winbindd</B
+> processes that may
+be running (<B
+CLASS="COMMAND"
+>winbindd</B
+> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+>
+directory structure, including the pam modules are used by pam-aware
+services, several pam libraries, and the <TT
+CLASS="FILENAME"
+>/usr/doc</TT
+>
+and <TT
+CLASS="FILENAME"
+>/usr/man</TT
+> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> library or
+include the <B
+CLASS="COMMAND"
+>--with-pam</B
+> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.</P
 ><P
->Cross subnet browsing is a complicated dance, containing multiple
-moving parts.  It has taken Microsoft several years to get the code
-that achieves this correct, and Samba lags behind in some areas.
-However, with the 1.9.17 release, Samba is capable of cross subnet
-browsing when configured correctly.</P
+>[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]</P
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2254"
+>12.5.3.1. Configure and Compile SAMBA</A
+></H3
 ><P
->Consider a network set up as follows :</P
+>The configuration and compilation of SAMBA is straightforward.</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12450,65 +10689,103 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->                                   (DMB)
-             N1_A      N1_B        N1_C       N1_D        N1_E
-              |          |           |          |           |
-          -------------------------------------------------------
-            |          subnet 1                       |
-          +---+                                      +---+
-          |R1 | Router 1                  Router 2   |R2 |
-          +---+                                      +---+
-            |                                          |
-            |  subnet 2              subnet 3          |
-  --------------------------       ------------------------------------
-  |     |     |      |               |        |         |           |
- N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
-                    (WINS)</PRE
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>./configure --with-winbind</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>make install</B
+></PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->Consisting of 3 subnets (1, 2, 3) connected by two routers
-(R1, R2) - these do not pass broadcasts.  Subnet 1 has 5 machines
-on it, subnet 2 has 4 machines, subnet 3 has 4 machines.  Assume
-for the moment that all these machines are configured to be in the
-same workgroup (for simplicities sake).  Machine N1_C on subnet 1
-is configured as Domain Master Browser (ie.  it will collate the
-browse lists for the workgroup).  Machine N2_D is configured as
-WINS server and all the other machines are configured to register
-their NetBIOS names with it.</P
-><P
->As all these machines are booted up, elections for master browsers
-will take place on each of the three subnets.  Assume that machine
-N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
-subnet 3 - these machines are known as local master browsers for
-their particular subnet.  N1_C has an advantage in winning as the
-local master browser on subnet 1 as it is set up as Domain Master
-Browser.</P
-><P
->On each of the three networks, machines that are configured to 
-offer sharing services will broadcast that they are offering
-these services.  The local master browser on each subnet will
-receive these broadcasts and keep a record of the fact that
-the machine is offering a service.  This list of records is
-the basis of the browse list.  For this case, assume that
-all the machines are configured to offer services so all machines
-will be on the browse list.</P
-><P
->For each network, the local master browser on that network is
-considered 'authoritative' for all the names it receives via
-local broadcast.  This is because a machine seen by the local
-master browser via a local broadcast must be on the same 
-network as the local master browser and thus is a 'trusted'
-and 'verifiable' resource.  Machines on other networks that
-the local master browsers learn about when collating their
-browse lists have not been directly seen - these records are
-called 'non-authoritative'.</P
-><P
->At this point the browse lists look as follows (these are 
-the machines you would see in your network neighborhood if
-you looked in it on a particular network right now).</P
+>This will, by default, install SAMBA in <TT
+CLASS="FILENAME"
+>/usr/local/samba</TT
+>.
+See the main SAMBA documentation if you want to install SAMBA somewhere else.
+It will also build the winbindd executable and NSS library.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2267"
+>12.5.3.2. Configure <TT
+CLASS="FILENAME"
+>nsswitch.conf</TT
+> and the
+winbind libraries</A
+></H3
+><P
+>The libraries needed to run the <B
+CLASS="COMMAND"
+>winbindd</B
+> daemon
+through nsswitch need to be copied to their proper locations.</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>cp nsswitch/libnss_winbind.so /lib</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/libnss_winbind.so</B
+></P
+><P
+>It necessary to make the following symbolic link:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>.2</TT
+> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
+<TT
+CLASS="FILENAME"
+>/lib/nss_winbind.so.1</TT
+></P
+><P
+>Now, as root edit <TT
+CLASS="FILENAME"
+>/etc/nsswitch.conf</TT
+> to
+allow user and group entries to be visible from the <B
+CLASS="COMMAND"
+>winbindd</B
+>
+daemon.  After editing, the file look appear:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12518,37 +10795,45 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D</PRE
+>	passwd:     files winbind
+	shadow:     files
+	group:      files winbind</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2289"
+>12.5.3.3. Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
+></H3
 ><P
->Note that at this point all the subnets are separate, no
-machine is seen across any of the subnets.</P
-><P
->Now examine subnet 2.  As soon as N2_B has become the local
-master browser it looks for a Domain master browser to synchronize
-its browse list with.  It does this by querying the WINS server
-(N2_D) for the IP address associated with the NetBIOS name 
-WORKGROUP&#62;1B&#60;.  This name was registerd by the Domain master
-browser (N1_C) with the WINS server as soon as it was booted.</P
-><P
->Once N2_B knows the address of the Domain master browser it
-tells it that is the local master browser for subnet 2 by
-sending a MasterAnnouncement packet as a UDP port 138 packet.
-It then synchronizes with it by doing a NetServerEnum2 call.  This
-tells the Domain Master Browser to send it all the server
-names it knows about.  Once the domain master browser receives
-the MasterAnnouncement packet it schedules a synchronization
-request to the sender of that packet.  After both synchronizations
-are done the browse lists look like :</P
+>Several parameters are needed in the smb.conf file to control
+the behavior of <B
+CLASS="COMMAND"
+>winbindd</B
+>. Configure
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> These are described in more detail in
+the <A
+HREF="winbindd.8.html"
+TARGET="_top"
+>winbindd(8)</A
+> man page.  My
+<TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file was modified to
+include the following entries in the [global] section:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12558,32 +10843,165 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-
-Servers with a (*) after them are non-authoritative names.</PRE
+>[global]
+     &#60;...&#62;
+     # separate domain and username with '+', like DOMAIN+username
+     <A
+HREF="winbindd.8.html#WINBINDSEPARATOR"
+TARGET="_top"
+>winbind separator</A
+> = +
+     # use uids from 10000 to 20000 for domain users
+     <A
+HREF="winbindd.8.html#WINBINDUID"
+TARGET="_top"
+>winbind uid</A
+> = 10000-20000
+     # use gids from 10000 to 20000 for domain groups
+     <A
+HREF="winbindd.8.html#WINBINDGID"
+TARGET="_top"
+>winbind gid</A
+> = 10000-20000
+     # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
+     <A
+HREF="winbindd.8.html#WINBINDENUMUSERS"
+TARGET="_top"
+>winbind enum users</A
+> = yes
+     <A
+HREF="winbindd.8.html#WINBINDENUMGROUP"
+TARGET="_top"
+>winbind enum groups</A
+> = yes
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
+     <A
+HREF="winbindd.8.html#TEMPLATEHOMEDIR"
+TARGET="_top"
+>template homedir</A
+> = /home/winnt/%D/%U
+     <A
+HREF="winbindd.8.html#TEMPLATESHELL"
+TARGET="_top"
+>template shell</A
+> = /bin/bash</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2306"
+>12.5.3.4. Join the SAMBA server to the PDC domain</A
+></H3
 ><P
->At this point users looking in their network neighborhood on
-subnets 1 or 2 will see all the servers on both, users on
-subnet 3 will still only see the servers on their own subnet.</P
+>Enter the following command to make the SAMBA server join the
+PDC domain, where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+> is the name of
+your Windows domain and <TT
+CLASS="REPLACEABLE"
+><I
+>Administrator</I
+></TT
+> is
+a domain user who has administrative privileges in the domain.</P
 ><P
->The same sequence of events that occured for N2_B now occurs
-for the local master browser on subnet 3 (N3_D).  When it
-synchronizes browse lists with the domain master browser (N1_A)
-it gets both the server entries on subnet 1, and those on
-subnet 2.  After N3_D has synchronized with N1_C and vica-versa
-the browse lists look like.</P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B
+></P
+><P
+>The proper response to the command should be: "Joined the domain
+<TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+>" where <TT
+CLASS="REPLACEABLE"
+><I
+>DOMAIN</I
+></TT
+>
+is your DOMAIN name.</P
+></DIV
+><DIV
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
+><A
+NAME="AEN2317"
+>12.5.3.5. Start up the winbindd daemon and test it!</A
+></H3
+><P
+>Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
+SAMBA start, but it is possible to test out just the winbind
+portion first.  To start up winbind services, enter the following
+command as root:</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>export PATH=$PATH:/usr/local/samba/bin</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>winbindd</B
+></P
+><P
+>I'm always paranoid and like to make sure the daemon
+is really running...</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>ps -ae | grep winbindd</B
+></P
+><P
+>This command should produce output like this, if the daemon is running</P
+><P
+>3025 ?        00:00:00 winbindd</P
+><P
+>Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <TT
+CLASS="FILENAME"
+>packaging/RedHat/winbind.init</TT
+>.</P
+><P
+>Now... for the real test, try to get some information about the
+users on your PDC</P
+><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>wbinfo -u</B
+></P
+><P
+>This should echo back a list of users on your Windows users on
+your PDC.  For example, I get the following response:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12593,33 +11011,27 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-
-Servers with a (*) after them are non-authoritative names.</PRE
+>CEO+Administrator
+CEO+burdell
+CEO+Guest
+CEO+jt-ad
+CEO+krbtgt
+CEO+TsInternetUser</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->At this point users looking in their network neighborhood on
-subnets 1 or 3 will see all the servers on all sunbets, users on
-subnet 2 will still only see the servers on subnets 1 and 2, but not 3.</P
+>Obviously, I have named my domain 'CEO' and my <TT
+CLASS="PARAMETER"
+><I
+>winbind
+separator</I
+></TT
+> is '+'.</P
 ><P
->Finally, the local master browser for subnet 2 (N2_B) will sync again
-with the domain master browser (N1_C) and will recieve the missing
-server entries.  Finally - and as a steady state (if no machines
-are removed or shut off) the browse lists will look like :</P
+>You can do the same sort of thing to get group information from
+the PDC:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12629,172 +11041,154 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->Subnet           Browse Master   List
-------           -------------   ----
-Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*),
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*)
-                                 N3_A(*), N3_B(*), N3_C(*), N3_D(*)
-
-Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-                                 N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
-                                 N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-	
-Servers with a (*) after them are non-authoritative names.</PRE
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>/usr/local/samba/bin/wbinfo -g</B
+>
+CEO+Domain Admins
+CEO+Domain Users
+CEO+Domain Guests
+CEO+Domain Computers
+CEO+Domain Controllers
+CEO+Cert Publishers
+CEO+Schema Admins
+CEO+Enterprise Admins
+CEO+Group Policy Creator Owners</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->Synchronizations between the domain master browser and local
-master browsers will continue to occur, but this should be a
-steady state situation.</P
-><P
->If either router R1 or R2 fails the following will occur:</P
+>The function 'getent' can now be used to get unified
+lists of both local and PDC users and groups.
+Try the following command:</P
 ><P
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>getent passwd</B
 ></P
-><OL
-TYPE="1"
-><LI
 ><P
->	Names of computers on each side of the inaccessible network fragments
-	will be maintained for as long as 36 minutes, in the network neighbourhood
-	lists.
-	</P
-></LI
-><LI
+>You should get a list that looks like your <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <TT
+CLASS="FILENAME"
+>rwxr-xr-x</TT
+>.</P
 ><P
->	Attempts to connect to these inaccessible computers will fail, but the
-	names will not be removed from the network neighbourhood lists.
-	</P
-></LI
-><LI
+>The same thing can be done for groups with the command</P
 ><P
->	If one of the fragments is cut off from the WINS server, it will only
-	be able to access servers on its local subnet, by using subnet-isolated
-	broadcast NetBIOS name resolution.  The effects are similar to that of
-	losing access to a DNS server.
-	</P
-></LI
-></OL
-></DIV
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>getent group</B
+></P
 ></DIV
 ><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
+CLASS="SECT3"
+><HR><H3
+CLASS="SECT3"
 ><A
-NAME="AEN2637">Setting up a WINS server</H2
-><P
->Either a Samba machine or a Windows NT Server machine may be set up
-as a WINS server.  To set a Samba machine to be a WINS server you must
-add the following option to the smb.conf file on the selected machine :
-in the [globals] section add the line </P
+NAME="AEN2358"
+>12.5.3.6. Configure Winbind and PAM</A
+></H3
 ><P
-><B
+>At this point we are assured that <B
 CLASS="COMMAND"
->		wins support = yes</B
-></P
-><P
->Versions of Samba previous to 1.9.17 had this parameter default to
-yes.  If you have any older versions of Samba on your network it is
-strongly suggested you upgrade to 1.9.17 or above, or at the very
-least set the parameter to 'no' on all these machines.</P
-><P
->Machines with "<B
+>winbindd</B
+> and <B
 CLASS="COMMAND"
->wins support = yes</B
->" will keep a list of 
-all NetBIOS names registered with them, acting as a DNS for NetBIOS names.</P
+>smbd</B
+>
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
+<TT
+CLASS="FILENAME"
+>/etc/pam.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>) file[s]? If not, do it now.)</P
 ><P
->You should set up only ONE wins server.  Do NOT set the
-"<B
+>You will need a PAM module to use <B
 CLASS="COMMAND"
->wins support = yes</B
->" option on more than one Samba 
-server.</P
-><P
->To set up a Windows NT Server as a WINS server you need to set up
-the WINS service - see your NT documentation for details.  Note that
-Windows NT WINS Servers can replicate to each other, allowing more
-than one to be set up in a complex subnet environment.  As Microsoft
-refuse to document these replication protocols Samba cannot currently
-participate in these replications.  It is possible in the future that
-a Samba-&#62;Samba WINS replication protocol may be defined, in which
-case more than one Samba machine could be set up as a WINS server
-but currently only one Samba server should have the "wins support = yes"
-parameter set.</P
-><P
->After the WINS server has been configured you must ensure that all
-machines participating on the network are configured with the address
-of this WINS server.  If your WINS server is a Samba machine, fill in
-the Samba machine IP address in the "Primary WINS Server" field of
-the "Control Panel-&#62;Network-&#62;Protocols-&#62;TCP-&#62;WINS Server" dialogs
-in Windows 95 or Windows NT.  To tell a Samba server the IP address
-of the WINS server add the following line to the [global] section of
-all smb.conf files :</P
+>winbindd</B
+> with these other services.  This
+module will be compiled in the <TT
+CLASS="FILENAME"
+>../source/nsswitch</TT
+> directory
+by invoking the command</P
 ><P
-><B
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
 CLASS="COMMAND"
->		wins server = &#62;name or IP address&#60;</B
+>make nsswitch/pam_winbind.so</B
 ></P
 ><P
->where &#62;name or IP address&#60; is either the DNS name of the WINS server
-machine or its IP address.</P
+>from the <TT
+CLASS="FILENAME"
+>../source</TT
+> directory.  The
+<TT
+CLASS="FILENAME"
+>pam_winbind.so</TT
+> file should be copied to the location of
+your other pam security modules.  On Linux and Solaris systems, this is the
+<TT
+CLASS="FILENAME"
+>/lib/security</TT
+> directory.</P
 ><P
->Note that this line MUST NOT BE SET in the smb.conf file of the Samba
-server acting as the WINS server itself.  If you set both the
-"<B
-CLASS="COMMAND"
->wins support = yes</B
->" option and the 
-"<B
+><TT
+CLASS="PROMPT"
+>root#</TT
+> <B
 CLASS="COMMAND"
->wins server = &#62;name&#60;</B
->" option then
-nmbd will fail to start.</P
-><P
->There are two possible scenarios for setting up cross subnet browsing.
-The first details setting up cross subnet browsing on a network containing
-Windows 95, Samba and Windows NT machines that are not configured as
-part of a Windows NT Domain.  The second details setting up cross subnet
-browsing on networks that contain NT Domains.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2656">Setting up Browsing in a WORKGROUP</H2
-><P
->To set up cross subnet browsing on a network containing machines
-in up to be in a WORKGROUP, not an NT Domain you need to set up one
-Samba server to be the Domain Master Browser (note that this is *NOT*
-the same as a Primary Domain Controller, although in an NT Domain the
-same machine plays both roles).  The role of a Domain master browser is
-to collate the browse lists from local master browsers on all the
-subnets that have a machine participating in the workgroup.  Without
-one machine configured as a domain master browser each subnet would
-be an isolated workgroup, unable to see any machines on any other
-subnet.  It is the presense of a domain master browser that makes
-cross subnet browsing possible for a workgroup.</P
-><P
->In an WORKGROUP environment the domain master browser must be a
-Samba server, and there must only be one domain master browser per
-workgroup name.  To set up a Samba server as a domain master browser,
-set the following option in the [global] section of the smb.conf file :</P
-><P
-><B
+>cp nsswitch/pam_winbind.so /lib/security</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
 CLASS="COMMAND"
->		domain master = yes</B
+>chmod 755 /lib/security/pam_winbind.so</B
 ></P
 ><P
->The domain master browser should also preferrably be the local master
-browser for its own subnet.  In order to achieve this set the following
-options in the [global] section of the smb.conf file :</P
+>Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
+<TT
+CLASS="FILENAME"
+>/etc/xinetd.d</TT
+> (or <TT
+CLASS="FILENAME"
+>/etc/inetd.conf</TT
+>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
+to change the lines in <TT
+CLASS="FILENAME"
+>/etc/xinetd.d/telnet</TT
+>
+and <TT
+CLASS="FILENAME"
+>/etc/xinetd.d/wu-ftp</TT
+> from</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12804,25 +11198,13 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->        domain master = yes
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
+>enable = no</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->The domain master browser may be the same machine as the WINS
-server, if you require.</P
-><P
->Next, you should ensure that each of the subnets contains a
-machine that can act as a local master browser for the
-workgroup.  Any NT machine should be able to do this, as will
-Windows 95 machines (although these tend to get rebooted more
-often, so it's not such a good idea to use these).  To make a 
-Samba server a local master browser set the following
-options in the [global] section of the smb.conf file :</P
+>to</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12832,28 +11214,35 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
+>enable = yes</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->Do not do this for more than one Samba server on each subnet,
-or they will war with each other over which is to be the local
-master browser.</P
-><P
->The "local master" parameter allows Samba to act as a local master
-browser.  The "preferred master" causes nmbd to force a browser
-election on startup and the "os level" parameter sets Samba high
-enough so that it should win any browser elections.</P
+>For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
+the server, or change the home directory template to a general
+directory for all domain users.  These can be easily set using
+the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> global entry
+<B
+CLASS="COMMAND"
+>template homedir</B
+>.</P
 ><P
->If you have an NT machine on the subnet that you wish to
-be the local master browser then you can disable Samba from
-becoming a local master browser by setting the following
-options in the [global] section of the smb.conf file :</P
+>The <TT
+CLASS="FILENAME"
+>/etc/pam.d/ftp</TT
+> file can be changed
+to allow winbind ftp access in a manner similar to the
+samba file.  My <TT
+CLASS="FILENAME"
+>/etc/pam.d/ftp</TT
+> file was
+changed to look like this:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12863,34 +11252,23 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0</PRE
+>auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       sufficient   /lib/security/pam_winbind.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_shells.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2674">Setting up Browsing in a DOMAIN</H2
-><P
->If you are adding Samba servers to a Windows NT Domain then
-you must not set up a Samba server as a domain master browser.
-By default, a Windows NT Primary Domain Controller for a Domain
-name is also the Domain master browser for that name, and many
-things will break if a Samba server registers the Domain master
-browser NetBIOS name (DOMAIN&#62;1B&#60;) with WINS instead of the PDC.</P
 ><P
->For subnets other than the one containing the Windows NT PDC
-you may set up Samba servers as local master browsers as
-described.  To make a Samba server a local master browser set 
-the following options in the [global] section of the smb.conf 
-file :</P
+>The <TT
+CLASS="FILENAME"
+>/etc/pam.d/login</TT
+> file can be changed nearly the
+same way.  It now looks like this:</P
 ><P
 ><TABLE
 BORDER="0"
@@ -12900,728 +11278,138 @@ WIDTH="100%"
 ><TD
 ><PRE
 CLASS="PROGRAMLISTING"
->        domain master = no
-        local master = yes
-        preferred master = yes
-        os level = 65</PRE
+>auth       required     /lib/security/pam_securetty.so
+auth       sufficient   /lib/security/pam_winbind.so
+auth       sufficient   /lib/security/pam_unix.so use_first_pass
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so</PRE
 ></TD
 ></TR
 ></TABLE
 ></P
 ><P
->If you wish to have a Samba server fight the election with machines
-on the same subnet you may set the "os level" parameter to lower
-levels.  By doing this you can tune the order of machines that
-will become local master browsers if they are running.  For
-more details on this see the section "FORCING SAMBA TO BE THE MASTER"
-below.</P
-><P
->If you have Windows NT machines that are members of the domain
-on all subnets, and you are sure they will always be running then
-you can disable Samba from taking part in browser elections and
-ever becoming a local master browser by setting following options 
-in the [global] section of the smb.conf file :</P
-><P
-><B
+>In this case, I added the <B
 CLASS="COMMAND"
->        domain master = no
-        local master = no
-        preferred master = no
-        os level = 0</B
-></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2684">Forcing samba to be the master</H2
-><P
->Who becomes the "master browser" is determined by an election process
-using broadcasts.  Each election packet contains a number of parameters
-which determine what precedence (bias) a host should have in the
-election.  By default Samba uses a very low precedence and thus loses
-elections to just about anyone else.</P
-><P
->If you want Samba to win elections then just set the "os level" global
-option in smb.conf to a higher number.  It defaults to 0.  Using 34
-would make it win all elections over every other system (except other
-samba systems!)</P
-><P
->A "os level" of 2 would make it beat WfWg and Win95, but not NTAS.  A
-NTAS domain controller uses level 32.</P
-><P
->The maximum os level is 255</P
-><P
->If you want samba to force an election on startup, then set the
-"preferred master" global option in smb.conf to "yes".  Samba will
-then have a slight advantage over other potential master browsers
-that are not preferred master browsers.  Use this parameter with
-care, as if you have two hosts (whether they are windows 95 or NT or
-samba) on the same local subnet both set with "preferred master" to
-"yes", then periodically and continually they will force an election
-in order to become the local master browser.</P
-><P
->If you want samba to be a "domain master browser", then it is
-recommended that you also set "preferred master" to "yes", because
-samba will not become a domain master browser for the whole of your
-LAN or WAN if it is not also a local master browser on its own
-broadcast isolated subnet.</P
-><P
->It is possible to configure two samba servers to attempt to become
-the domain master browser for a domain.  The first server that comes
-up will be the domain master browser.  All other samba servers will
-attempt to become the domain master browser every 5 minutes.  They
-will find that another samba server is already the domain master
-browser and will fail.  This provides automatic redundancy, should
-the current domain master browser fail.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2693">Making samba the domain master</H2
-><P
->The domain master is responsible for collating the browse lists of
-multiple subnets so that browsing can occur between subnets.  You can
-make samba act as the domain master by setting "domain master = yes"
-in smb.conf.  By default it will not be a domain master.</P
-><P
->Note that you should NOT set Samba to be the domain master for a
-workgroup that has the same name as an NT Domain.</P
-><P
->When samba is the domain master and the master browser it will listen
-for master announcements (made roughly every twelve minutes) from local
-master browsers on other subnets and then contact them to synchronise
-browse lists.</P
-><P
->If you want samba to be the domain master then I suggest you also set
-the "os level" high enough to make sure it wins elections, and set
-"preferred master" to "yes", to get samba to force an election on
-startup.</P
-><P
->Note that all your servers (including samba) and clients should be
-using a WINS server to resolve NetBIOS names.  If your clients are only
-using broadcasting to resolve NetBIOS names, then two things will occur:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	your local master browsers will be unable to find a domain master
-	browser, as it will only be looking on the local subnet.
-	</P
-></LI
-><LI
-><P
->	if a client happens to get hold of a domain-wide browse list, and
-	a user attempts to access a host in that list, it will be unable to
-	resolve the NetBIOS name of that host.
-	</P
-></LI
-></OL
-><P
->If, however, both samba and your clients are using a WINS server, then:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->	your local master browsers will contact the WINS server and, as long as
-	samba has registered that it is a domain master browser with the WINS
-	server, your local master browser will receive samba's ip address
-	as its domain master browser.
-	</P
-></LI
-><LI
-><P
->	when a client receives a domain-wide browse list, and a user attempts
-	to access a host in that list, it will contact the WINS server to
-	resolve the NetBIOS name of that host.  as long as that host has
-	registered its NetBIOS name with the same WINS server, the user will
-	be able to see that host.  
-	</P
-></LI
-></OL
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2711">Note about broadcast addresses</H2
-><P
->If your network uses a "0" based broadcast address (for example if it
-ends in a 0) then you will strike problems.  Windows for Workgroups
-does not seem to support a 0's broadcast and you will probably find
-that browsing and name lookups won't work.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2714">Multiple interfaces</H2
-><P
->Samba now supports machines with multiple network interfaces.  If you
-have multiple interfaces then you will need to use the "interfaces"
-option in smb.conf to configure them.  See smb.conf(5) for details.</P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="SPEED">Samba performance issues</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN2732">Comparisons</H2
-><P
->The Samba server uses TCP to talk to the client. Thus if you are
-trying to see if it performs well you should really compare it to
-programs that use the same protocol. The most readily available
-programs for file transfer that use TCP are ftp or another TCP based
-SMB server.</P
-><P
->If you want to test against something like a NT or WfWg server then
-you will have to disable all but TCP on either the client or
-server. Otherwise you may well be using a totally different protocol
-(such as Netbeui) and comparisons may not be valid.</P
-><P
->Generally you should find that Samba performs similarly to ftp at raw
-transfer speed. It should perform quite a bit faster than NFS,
-although this very much depends on your system.</P
-><P
->Several people have done comparisons between Samba and Novell, NFS or
-WinNT. In some cases Samba performed the best, in others the worst. I
-suspect the biggest factor is not Samba vs some other system but the
-hardware and drivers used on the various systems. Given similar
-hardware Samba should certainly be competitive in speed with other
-systems.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2738">Oplocks</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN2740">Overview</H3
-><P
->Oplocks are the way that SMB clients get permission from a server to
-locally cache file operations. If a server grants an oplock
-(opportunistic lock) then the client is free to assume that it is the
-only one accessing the file and it will agressively cache file
-data. With some oplock types the client may even cache file open/close
-operations. This can give enormous performance benefits.</P
-><P
->With the release of Samba 1.9.18 we now correctly support opportunistic 
-locks. This is turned on by default, and can be turned off on a share-
-by-share basis by setting the parameter :</P
-><P
-><B
+>auth sufficient /lib/security/pam_winbind.so</B
+>
+lines as before, but also added the <B
 CLASS="COMMAND"
->oplocks = False</B
-></P
-><P
->We recommend that you leave oplocks on however, as current benchmark
-tests with NetBench seem to give approximately a 30% improvement in
-speed with them on. This is on average however, and the actual 
-improvement seen can be orders of magnitude greater, depending on
-what the client redirector is doing.</P
-><P
->Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
-option has been left in the code for backwards compatibility reasons
-but it's use is now deprecated. A short summary of what the old
-code did follows.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2748">Level2 Oplocks</H3
-><P
->With Samba 2.0.5 a new capability - level2 (read only) oplocks is
-supported (although the option is off by default - see the smb.conf
-man page for details). Turning on level2 oplocks (on a share-by-share basis)
-by setting the parameter :</P
-><P
-><B
+>required pam_securetty.so</B
+>
+above it, to disallow root logins over the network.  I also added a
+<B
 CLASS="COMMAND"
->level2 oplocks = true</B
-></P
-><P
->should speed concurrent access to files that are not commonly written
-to, such as application serving shares (ie. shares that contain common
-.EXE files - such as a Microsoft Office share) as it allows clients to
-read-ahread cache copies of these files.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2754">Old 'fake oplocks' option - deprecated</H3
-><P
->Samba can also fake oplocks, by granting a oplock whenever a client 
-asks for one. This is controlled using the smb.conf option "fake 
-oplocks". If you set "fake oplocks = yes" then you are telling the 
-client that it may agressively cache the file data for all opens.</P
-><P
->Enabling 'fake oplocks' on all read-only shares or shares that you know
-will only be accessed from one client at a time you will see a big
-performance improvement on many operations. If you enable this option
-on shares where multiple clients may be accessing the files read-write
-at the same time you can get data corruption.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2758">Socket options</H2
-><P
->There are a number of socket options that can greatly affect the
-performance of a TCP based server like Samba.</P
-><P
->The socket options that Samba uses are settable both on the command
-line with the -O option, or in the smb.conf file.</P
-><P
->The "socket options" section of the smb.conf manual page describes how
-to set these and gives recommendations.</P
-><P
->Getting the socket options right can make a big difference to your
-performance, but getting them wrong can degrade it by just as
-much. The correct settings are very dependent on your local network.</P
-><P
->The socket option TCP_NODELAY is the one that seems to make the
-biggest single difference for most networks. Many people report that
-adding "socket options = TCP_NODELAY" doubles the read performance of
-a Samba drive. The best explanation I have seen for this is that the
-Microsoft TCP/IP stack is slow in sending tcp ACKs.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2765">Read size</H2
-><P
->The option "read size" affects the overlap of disk reads/writes with
-network reads/writes. If the amount of data being transferred in
-several of the SMB commands (currently SMBwrite, SMBwriteX and
-SMBreadbraw) is larger than this value then the server begins writing
-the data before it has received the whole packet from the network, or
-in the case of SMBreadbraw, it begins writing to the network before
-all the data has been read from disk.</P
-><P
->This overlapping works best when the speeds of disk and network access
-are similar, having very little effect when the speed of one is much
-greater than the other.</P
-><P
->The default value is 16384, but very little experimentation has been
-done yet to determine the optimal value, and it is likely that the best
-value will vary greatly between systems anyway. A value over 65536 is
-pointless and will cause you to allocate memory unnecessarily.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2770">Max xmit</H2
-><P
->At startup the client and server negotiate a "maximum transmit" size,
-which limits the size of nearly all SMB commands. You can set the
-maximum size that Samba will negotiate using the "max xmit = " option
-in smb.conf. Note that this is the maximum size of SMB request that 
-Samba will accept, but not the maximum size that the *client* will accept.
-The client maximum receive size is sent to Samba by the client and Samba
-honours this limit.</P
-><P
->It defaults to 65536 bytes (the maximum), but it is possible that some
-clients may perform better with a smaller transmit unit. Trying values
-of less than 2048 is likely to cause severe problems.</P
-><P
->In most cases the default is the best option.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2775">Locking</H2
-><P
->By default Samba does not implement strict locking on each read/write
-call (although it did in previous versions). If you enable strict
-locking (using "strict locking = yes") then you may find that you
-suffer a severe performance hit on some systems.</P
-><P
->The performance hit will probably be greater on NFS mounted
-filesystems, but could be quite high even on local disks.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2779">Share modes</H2
-><P
->Some people find that opening files is very slow. This is often
-because of the "share modes" code needed to fully implement the dos
-share modes stuff. You can disable this code using "share modes =
-no". This will gain you a lot in opening and closing files but will
-mean that (in some cases) the system won't force a second user of a
-file to open the file read-only if the first has it open
-read-write. For many applications that do their own locking this
-doesn't matter, but for some it may. Most Windows applications
-depend heavily on "share modes" working correctly and it is
-recommended that the Samba share mode support be left at the
-default of "on".</P
-><P
->The share mode code in Samba has been re-written in the 1.9.17
-release following tests with the Ziff-Davis NetBench PC Benchmarking
-tool. It is now believed that Samba 1.9.17 implements share modes
-similarly to Windows NT.</P
-><P
->NOTE: In the most recent versions of Samba there is an option to use
-shared memory via mmap() to implement the share modes. This makes
-things much faster. See the Makefile for how to enable this.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2784">Log level</H2
-><P
->If you set the log level (also known as "debug level") higher than 2
-then you may suffer a large drop in performance. This is because the
-server flushes the log file after each operation, which can be very
-expensive. </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2787">Wide lines</H2
-><P
->The "wide links" option is now enabled by default, but if you disable
-it (for better security) then you may suffer a performance hit in
-resolving filenames. The performance loss is lessened if you have
-"getwd cache = yes", which is now the default.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2790">Read raw</H2
-><P
->The "read raw" operation is designed to be an optimised, low-latency
-file read operation. A server may choose to not support it,
-however. and Samba makes support for "read raw" optional, with it
-being enabled by default.</P
-><P
->In some cases clients don't handle "read raw" very well and actually
-get lower performance using it than they get using the conventional
-read operations. </P
-><P
->So you might like to try "read raw = no" and see what happens on your
-network. It might lower, raise or not affect your performance. Only
-testing can really tell.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2795">Write raw</H2
-><P
->The "write raw" operation is designed to be an optimised, low-latency
-file write operation. A server may choose to not support it,
-however. and Samba makes support for "write raw" optional, with it
-being enabled by default.</P
-><P
->Some machines may find "write raw" slower than normal write, in which
-case you may wish to change this option.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2799">Read prediction</H2
-><P
->Samba can do read prediction on some of the SMB commands. Read
-prediction means that Samba reads some extra data on the last file it
-read while waiting for the next SMB command to arrive. It can then
-respond more quickly when the next read request arrives.</P
-><P
->This is disabled by default. You can enable it by using "read
-prediction = yes".</P
-><P
->Note that read prediction is only used on files that were opened read
-only.</P
-><P
->Read prediction should particularly help for those silly clients (such
-as "Write" under NT) which do lots of very small reads on a file.</P
-><P
->Samba will not read ahead more data than the amount specified in the
-"read size" option. It always reads ahead on 1k block boundaries.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2806">Memory mapping</H2
-><P
->Samba supports reading files via memory mapping them. One some
-machines this can give a large boost to performance, on others it
-makes not difference at all, and on some it may reduce performance.</P
+>sufficient /lib/security/pam_unix.so use_first_pass</B
+>
+line after the <B
+CLASS="COMMAND"
+>winbind.so</B
+> line to get rid of annoying
+double prompts for passwords.</P
 ><P
->To enable you you have to recompile Samba with the -DUSE_MMAP option
-on the FLAGS line of the Makefile.</P
+>Note that a Solaris <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.</P
 ><P
->Note that memory mapping is only used on files opened read only, and
-is not used by the "read raw" operation. Thus you may find memory
-mapping is more effective if you disable "read raw" using "read raw =
-no".</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass</PRE
+></TD
+></TR
+></TABLE
+></P
 ></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2811">Slow Clients</H2
-><P
->One person has reported that setting the protocol to COREPLUS rather
-than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
-><P
->I suspect that his PC's (386sx16 based) were asking for more data than
-they could chew. I suspect a similar speed could be had by setting
-"read raw = no" and "max xmit = 2048", instead of changing the
-protocol. Lowering the "read size" might also help.</P
 ></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2815">Slow Logins</H2
-><P
->Slow logins are almost always due to the password checking time. Using
-the lowest practical "password level" will improve things a lot. You
-could also enable the "UFC crypt" option in the Makefile.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2818">Client tuning</H2
-><P
->Often a speed problem can be traced to the client. The client (for
-example Windows for Workgroups) can often be tuned for better TCP
-performance.</P
+NAME="AEN2411"
+>12.6. Limitations</A
+></H1
 ><P
->See your client docs for details. In particular, I have heard rumours
-that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
-large impact on performance.</P
-><P
->Also note that some people have found that setting DefaultRcvWindow in
-the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
-big improvement. I don't know why.</P
-><P
->My own experience wth DefaultRcvWindow is that I get much better
-performance with a large value (16384 or larger). Other people have
-reported that anything over 3072 slows things down enourmously. One
-person even reported a speed drop of a factor of 30 when he went from
-3072 to 8192. I don't know why.</P
-><P
->It probably depends a lot on your hardware, and the type of unix box
-you have at the other end of the link.</P
-><P
->Paul Cochrane has done some testing on client side tuning and come 
-to the following conclusions:</P
-><P
->Install the W2setup.exe file from www.microsoft.com. This is an 
-update for the winsock stack and utilities which improve performance.</P
-><P
->Configure the win95 TCPIP registry settings to give better 
-perfomance. I use a program called MTUSPEED.exe which I got off the 
-net. There are various other utilities of this type freely available. 
-The setting which give the best performance for me are:</P
+>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
+	releases:</P
 ><P
 ></P
-><OL
-TYPE="1"
-><LI
-><P
->MaxMTU                  Remove</P
-></LI
-><LI
-><P
->RWIN                    Remove</P
-></LI
-><LI
-><P
->MTUAutoDiscover         Disable</P
-></LI
-><LI
-><P
->MTUBlackHoleDetect      Disable</P
-></LI
-><LI
-><P
->Time To Live            Enabled</P
-></LI
+><UL
 ><LI
 ><P
->Time To Live - HOPS     32</P
+>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
+		containing this information is corrupted or destroyed.</P
 ></LI
 ><LI
 ><P
->NDI Cache Size          0</P
+>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
+		that may be been set for Windows NT users.</P
 ></LI
-></OL
-><P
->I tried virtually all of the items mentioned in the document and 
-the only one which made a difference to me was the socket options. It 
-turned out I was better off without any!!!!!</P
-><P
->In terms of overall speed of transfer, between various win95 clients 
-and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
-drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
-><P
->FIXME
-The figures are:          Put              Get 
-P166 client 3Com card:    420-440kB/s      500-520kB/s
-P100 client 3Com card:    390-410kB/s      490-510kB/s
-DX4-75 client NE2000:     370-380kB/s      330-350kB/s</P
-><P
->I based these test on transfer two files a 4.5MB text file and a 15MB 
-textfile. The results arn't bad considering the hardware Samba is 
-running on. It's a crap machine!!!!</P
-><P
->The updates mentioned in 1 and 2 brought up the transfer rates from 
-just over 100kB/s in some clients.</P
-><P
->A new client is a P333 connected via a 100MB/s card and hub. The 
-transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
-on get.</P
-><P
->Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
-upwards). I suppose there is more going on in the samba protocol, but 
-if it could get up to the rate of FTP the perfomance would be quite 
-staggering.</P
+></UL
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2850">My Results</H2
-><P
->Some people want to see real numbers in a document like this, so here
-they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
-tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
-Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to
-set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
-server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
-Elite-16 card. You can see my server config in the examples/tridge/
-subdirectory of the distribution.</P
-><P
->I get 490k/s on reading a 8Mb file with copy.
-I get 441k/s writing the same file to the samba server.</P
-><P
->Of course, there's a lot more to benchmarks than 2 raw throughput
-figures, but it gives you a ballpark figure.</P
+NAME="AEN2419"
+>12.7. Conclusion</A
+></H1
 ><P
->I've also tested Win95 and WinNT, and found WinNT gave me the best
-speed as a samba client. The fastest client of all (for me) is
-smbclient running on another linux box. Maybe I'll add those results
-here someday ...</P
+>The winbind system, through the use of the Name Service 
+	Switch, Pluggable Authentication Modules, and appropriate 
+	Microsoft RPC calls have allowed us to provide seamless 
+	integration of Microsoft Windows NT domain users on a
+	UNIX system. The result is a great reduction in the administrative 
+	cost of running a mixed UNIX and NT network.</P
 ></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="OTHER-CLIENTS">Samba and other CIFS clients</H1
-><P
->This chapter contains client-specific information.</P
+NAME="OS2"
+>Chapter 13. OS2 Client HOWTO</A
+></H1
 ><DIV
 CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2871">Macintosh clients?</H2
-><P
->Yes. <A
-HREF="http://www.thursby.com/"
-TARGET="_top"
->Thursby</A
-> now have a CIFS Client / Server called DAVE - see</P
-><P
->They test it against Windows 95, Windows NT and samba for
-compatibility issues.  At the time of writing, DAVE was at version
-1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
-the Thursby web site (the speed of finder copies has been greatly
-enhanced, and there are bug-fixes included).</P
-><P
-> 
-Alternatives - There are two free implementations of AppleTalk for
-several kinds of UNIX machnes, and several more commercial ones.
-These products allow you to run file services and print services
-natively to Macintosh users, with no additional support required on
-the Macintosh.  The two free omplementations are 
-<A
-HREF="http://www.umich.edu/~rsug/netatalk/"
-TARGET="_top"
->Netatalk</A
->, and 
-<A
-HREF="http://www.cs.mu.oz.au/appletalk/atalk.html"
-TARGET="_top"
->CAP</A
->.  
-What Samba offers MS
-Windows users, these packages offer to Macs.  For more info on these
-packages, Samba, and Linux (and other UNIX-based systems) see
-<A
-HREF="http://www.eats.com/linux_mac_win.html"
-TARGET="_top"
->http://www.eats.com/linux_mac_win.html</A
-></P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2880">OS2 Client</H2
+NAME="AEN2433"
+>13.1. FAQs</A
+></H1
 ><DIV
 CLASS="SECT2"
-><H3
+><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2882">How can I configure OS/2 Warp Connect or 
-		OS/2 Warp 4 as a client for Samba?</H3
+NAME="AEN2435"
+>13.1.1. How can I configure OS/2 Warp Connect or 
+		OS/2 Warp 4 as a client for Samba?</A
+></H2
 ><P
 >A more complete answer to this question can be 
 		found on <A
@@ -13674,11 +11462,13 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2897">How can I configure OS/2 Warp 3 (not Connect), 
-		OS/2 1.2, 1.3 or 2.x for Samba?</H3
+NAME="AEN2450"
+>13.1.2. How can I configure OS/2 Warp 3 (not Connect), 
+		OS/2 1.2, 1.3 or 2.x for Samba?</A
+></H2
 ><P
 >You can use the free Microsoft LAN Manager 2.2c Client 
 		for OS/2 from 
@@ -13725,11 +11515,13 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2906">Are there any other issues when OS/2 (any version) 
-		is used as a client?</H3
+NAME="AEN2459"
+>13.1.3. Are there any other issues when OS/2 (any version) 
+		is used as a client?</A
+></H2
 ><P
 >When you do a NET VIEW or use the "File and Print 
 		Client Resource Browser", no Samba servers show up. This can 
@@ -13745,11 +11537,13 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2910">How do I get printer driver download working 
-		for OS/2 clients?</H3
+NAME="AEN2463"
+>13.1.4. How do I get printer driver download working 
+		for OS/2 clients?</A
+></H2
 ><P
 >First, create a share called [PRINTDRV] that is 
 		world-readable.  Copy your OS/2 driver files there.  Note 
@@ -13758,7 +11552,7 @@ NAME="AEN2910">How do I get printer driver download working
 		driver from an OS/2 system.</P
 ><P
 >Install the NT driver first for that printer.  Then, 
-		add to your smb.conf a parameter, os2 driver map = 
+		add to your smb.conf a parameter, "os2 driver map = 
 		<TT
 CLASS="REPLACEABLE"
 ><I
@@ -13774,11 +11568,8 @@ CLASS="REPLACEABLE"
 		name of the NT driver name to the OS/2 driver name as 
 		follows:</P
 ><P
-><B
-CLASS="COMMAND"
->nt driver name = os2 "driver 
-		name"."device name"</B
->, e.g.:
+>&#60;nt driver name&#62; = &#60;os2 driver 
+		name&#62;.&#60;device name&#62;, e.g.:
 		HP LaserJet 5L = LASERJET.HP LaserJet 5L</P
 ><P
 >You can have multiple drivers mapped in this file.</P
@@ -13792,228 +11583,22 @@ CLASS="COMMAND"
 		</P
 ></DIV
 ></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2920">Windows for Workgroups</H2
-><DIV
-CLASS="SECT2"
-><H3
-CLASS="SECT2"
-><A
-NAME="AEN2922">Use latest TCP/IP stack from Microsoft</H3
-><P
->Use the latest TCP/IP stack from microsoft if you use Windows
-for workgroups.</P
-><P
->The early TCP/IP stacks had lots of bugs.</P
-><P
-> 
-Microsoft has released an incremental upgrade to their TCP/IP 32-Bit
-VxD drivers.  The latest release can be found on their ftp site at
-ftp.microsoft.com, located in /peropsys/windows/public/tcpip/wfwt32.exe.
-There is an update.txt file there that describes the problems that were
-fixed.  New files include WINSOCK.DLL, TELNET.EXE, WSOCK.386, VNBT.386,
-WSTCP.386, TRACERT.EXE, NETSTAT.EXE, and NBTSTAT.EXE.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2927">Delete .pwl files after password change</H3
-><P
->WfWg does a lousy job with passwords. I find that if I change my
-password on either the unix box or the PC the safest thing to do is to
-delete the .pwl files in the windows directory. The PC will complain about not finding the files, but will soon get over it, allowing you to enter the new password.</P
-><P
-> 
-If you don't do this you may find that WfWg remembers and uses the old
-password, even if you told it a new one.</P
-><P
-> 
-Often WfWg will totally ignore a password you give it in a dialog box.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2932">Configure WfW password handling</H3
-><P
->There is a program call admincfg.exe
-on the last disk (disk 8) of the WFW 3.11 disk set.  To install it
-type EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE Then add an icon
-for it via the "Progam Manager" "New" Menu.  This program allows you
-to control how WFW handles passwords.  ie disable Password Caching etc
-for use with <B
-CLASS="COMMAND"
->security = user</B
-></P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H3
-CLASS="SECT2"
-><A
-NAME="AEN2936">Case handling of passwords</H3
-><P
->Windows for Workgroups uppercases the password before sending it to the server. Unix passwords can be case-sensitive though. Check the <A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
-> information on <B
-CLASS="COMMAND"
->password level</B
-> to specify what characters samba should try to uppercase when checking.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2941">Windows '95/'98</H2
-><P
->When using Windows 95 OEM SR2 the following updates are recommended where Samba
-is being used. Please NOTE that the above change will affect you once these
-updates  have been installed.</P
-><P
-> 
-There are more updates than the ones mentioned here. You are referred to the
-Microsoft Web site for all currently available updates to your specific version
-of Windows 95.</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->Kernel Update: KRNLUPD.EXE</P
-></LI
-><LI
-><P
->Ping Fix: PINGUPD.EXE</P
-></LI
-><LI
-><P
->RPC Update: RPCRTUPD.EXE</P
-></LI
-><LI
-><P
->TCP/IP Update: VIPUPD.EXE</P
-></LI
-><LI
-><P
->Redirector Update: VRDRUPD.EXE</P
-></LI
-></OL
-><P
->Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
-fix may stop your machine from hanging for an extended period when exiting
-OutLook and you may also notice a significant speedup when accessing network
-neighborhood services.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN2957">Windows 2000 Service Pack 2</H2
-><P
-> 
-There are several annoyances with Windows 2000 SP2. One of which
-only appears when using a Samba server to host user profiles
-to Windows 2000 SP2 clients in a Windows domain.  This assumes
-that Samba is a member of the domain, but the problem will
-likely occur if it is not.</P
-><P
-> 
-In order to server profiles successfully to Windows 2000 SP2 
-clients (when not operating as a PDC), Samba must have 
-<B
-CLASS="COMMAND"
->nt acl support = no</B
->
-added to the file share which houses the roaming profiles.
-If this is not done, then the Windows 2000 SP2 client will
-complain about not being able to access the profile (Access 
-Denied) and create multiple copies of it on disk (DOMAIN.user.001,
-DOMAIN.user.002, etc...).  See the 
-<A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
-> man page
-for more details on this option.  Also note that the 
-<B
-CLASS="COMMAND"
->nt acl support</B
-> parameter was formally a global parameter in
-releases prior to Samba 2.2.2.</P
-><P
-> 
-The following is a minimal profile share:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->	[profile]
-		path = /export/profile
-		create mask = 0600
-		directory mask = 0700
-		nt acl support = no
-		read only = no</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->The reason for this bug is that the Win2k SP2 client copies
-the security descriptor for the profile which contains
-the Samba server's SID, and not the domain SID.  The client
-compares the SID for SAMBA\user and realizes it is
-different that the one assigned to DOMAIN\user.  Hence the reason
-for the "access denied" message.</P
-><P
->By disabling the <B
-CLASS="COMMAND"
->nt acl support</B
-> parameter, Samba will send
-the Win2k client a response to the QuerySecurityDescriptor
-trans2 call which causes the client to set a default ACL
-for the profile. This default ACL includes </P
-><P
-><B
-CLASS="COMMAND"
->DOMAIN\user 	"Full Control"</B
-></P
-><P
-><I
-CLASS="EMPHASIS"
->NOTE : This bug does not occur when using winbind to
-create accounts on the Samba host for Domain users.</I
-></P
-></DIV
 ></DIV
 ><DIV
 CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="CVS-ACCESS">HOWTO Access Samba source code via CVS</H1
+NAME="CVS-ACCESS"
+>Chapter 14. HOWTO Access Samba source code via CVS</A
+></H1
 ><DIV
 CLASS="SECT1"
-><H2
+><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2981">Introduction</H2
+NAME="AEN2479"
+>14.1. Introduction</A
+></H1
 ><P
 >Samba is developed in an open environment.  Developers use CVS
 (Concurrent Versioning System) to "checkin" (also known as 
@@ -14030,10 +11615,12 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT1"
-><HR><H2
+><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN2986">CVS Access to samba.org</H2
+NAME="AEN2484"
+>14.2. CVS Access to samba.org</A
+></H1
 ><P
 >The machine samba.org runs a publicly accessible CVS 
 repository for access to the source code of several packages, 
@@ -14041,10 +11628,12 @@ including samba, rsync and jitterbug. There are two main ways of
 accessing the CVS server on this host.</P
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2989">Access via CVSweb</H3
+NAME="AEN2487"
+>14.2.1. Access via CVSweb</A
+></H2
 ><P
 >You can access the source code via your 
 favourite WWW browser. This allows you to access the contents of 
@@ -14060,10 +11649,12 @@ TARGET="_top"
 ></DIV
 ><DIV
 CLASS="SECT2"
-><HR><H3
+><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN2994">Access via cvs</H3
+NAME="AEN2492"
+>14.2.2. Access via cvs</A
+></H2
 ><P
 >You can also access the source code via a 
 normal cvs client.  This gives you much more control over you can 
@@ -14165,516 +11756,20 @@ CLASS="COMMAND"
 ></DIV
 ></DIV
 ></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="BUGREPORT">Reporting Bugs</H1
-><DIV
-CLASS="SECT1"
-><H2
-CLASS="SECT1"
-><A
-NAME="AEN3029">Introduction</H2
-><P
->The email address for bug reports is samba@samba.org</P
-><P
->Please take the time to read this file before you submit a bug
-report. Also, please see if it has changed between releases, as we
-may be changing the bug reporting mechanism at some time.</P
-><P
->Please also do as much as you can yourself to help track down the
-bug. Samba is maintained by a dedicated group of people who volunteer
-their time, skills and efforts. We receive far more mail about it than
-we can possibly answer, so you have a much higher chance of an answer
-and a fix if you send us a "developer friendly" bug report that lets
-us fix it fast. </P
-><P
->Do not assume that if you post the bug to the comp.protocols.smb
-newsgroup or the mailing list that we will read it. If you suspect that your 
-problem is not a bug but a configuration problem then it is better to send 
-it to the Samba mailing list, as there are (at last count) 5000 other users on
-that list that may be able to help you.</P
-><P
->You may also like to look though the recent mailing list archives,
-which are conveniently accessible on the Samba web pages
-at http://samba.org/samba/ </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3036">General info</H2
-><P
->Before submitting a bug report check your config for silly
-errors. Look in your log files for obvious messages that tell you that
-you've misconfigured something and run testparm to test your config
-file for correct syntax.</P
-><P
->Have you run through the <A
-HREF="Diagnosis.html"
-TARGET="_top"
->diagnosis</A
->? 
-This is very important.</P
-><P
->If you include part of a log file with your bug report then be sure to
-annotate it with exactly what you were doing on the client at the
-time, and exactly what the results were.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3042">Debug levels</H2
-><P
->If the bug has anything to do with Samba behaving incorrectly as a
-server (like refusing to open a file) then the log files will probably
-be very useful. Depending on the problem a log level of between 3 and
-10 showing the problem may be appropriate. A higher level givesmore
-detail, but may use too much disk space.</P
-><P
->To set the debug level use <B
-CLASS="COMMAND"
->log level =</B
-> in your 
-<TT
-CLASS="FILENAME"
->smb.conf</TT
->. You may also find it useful to set the log 
-level higher for just one machine and keep separate logs for each machine. 
-To do this use:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->log level = 10
-log file = /usr/local/samba/lib/log.%m
-include = /usr/local/samba/lib/smb.conf.%m</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->then create a file 
-<TT
-CLASS="FILENAME"
->/usr/local/samba/lib/smb.conf.machine</TT
-> where
-"machine" is the name of the client you wish to debug. In that file
-put any smb.conf commands you want, for example 
-<B
-CLASS="COMMAND"
->log level=</B
-> may be useful. This also allows you to 
-experiment with different security systems, protocol levels etc on just 
-one machine.</P
-><P
->The <TT
-CLASS="FILENAME"
->smb.conf</TT
-> entry <B
-CLASS="COMMAND"
->log level =</B
-> 
-is synonymous with the entry <B
-CLASS="COMMAND"
->debuglevel =</B
-> that has been 
-used in older versions of Samba and is being retained for backwards 
-compatibility of smb.conf files.</P
-><P
->As the <B
-CLASS="COMMAND"
->log level =</B
-> value is increased you will record 
-a significantly increasing level of debugging information. For most 
-debugging operations you may not need a setting higher than 3. Nearly 
-all bugs can be tracked at a setting of 10, but be prepared for a VERY 
-large volume of log data.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3059">Internal errors</H2
-><P
->If you get a "INTERNAL ERROR" message in your log files it means that
-Samba got an unexpected signal while running. It is probably a
-segmentation fault and almost certainly means a bug in Samba (unless
-you have faulty hardware or system software)</P
-><P
->If the message came from smbd then it will probably be accompanied by
-a message which details the last SMB message received by smbd. This
-info is often very useful in tracking down the problem so please
-include it in your bug report.</P
-><P
->You should also detail how to reproduce the problem, if
-possible. Please make this reasonably detailed.</P
-><P
->You may also find that a core file appeared in a "corefiles"
-subdirectory of the directory where you keep your samba log
-files. This file is the most useful tool for tracking down the bug. To
-use it you do this:</P
-><P
-><B
-CLASS="COMMAND"
->gdb smbd core</B
-></P
-><P
->adding appropriate paths to smbd and core so gdb can find them. If you
-don't have gdb then try "dbx". Then within the debugger use the
-command "where" to give a stack trace of where the problem
-occurred. Include this in your mail.</P
-><P
->If you known any assembly language then do a "disass" of the routine
-where the problem occurred (if its in a library routine then
-disassemble the routine that called it) and try to work out exactly
-where the problem is by looking at the surrounding code. Even if you
-don't know assembly then incuding this info in the bug report can be
-useful. </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3069">Attaching to a running process</H2
-><P
->Unfortunately some unixes (in particular some recent linux kernels)
-refuse to dump a core file if the task has changed uid (which smbd
-does often). To debug with this sort of system you could try to attach
-to the running process using "gdb smbd PID" where you get PID from
-smbstatus. Then use "c" to continue and try to cause the core dump
-using the client. The debugger should catch the fault and tell you
-where it occurred.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3072">Patches</H2
-><P
->The best sort of bug report is one that includes a fix! If you send us
-patches please use <B
-CLASS="COMMAND"
->diff -u</B
-> format if your version of 
-diff supports it, otherwise use <B
-CLASS="COMMAND"
->diff -c4</B
->. Make sure 
-your do the diff against a clean version of the source and let me know 
-exactly what version you used. </P
-></DIV
-></DIV
-><DIV
-CLASS="CHAPTER"
-><HR><H1
-><A
-NAME="GROUPMAPPING">Group mapping HOWTO</H1
-><P
-> 
-Starting with Samba 3.0 alpha 2, a new group mapping function is available. The
-current method (likely to change) to manage the groups is a new command called
-<B
-CLASS="COMMAND"
->smbgroupedit</B
->.</P
-><P
->The first immediate reason to use the group mapping on a PDC, is that
-the <B
-CLASS="COMMAND"
->domain admin group</B
-> of <TT
-CLASS="FILENAME"
->smb.conf</TT
-> is 
-now gone. This parameter was used to give the listed users local admin rights 
-on their workstations. It was some magic stuff that simply worked but didn't
-scale very well for complex setups.</P
-><P
->Let me explain how it works on NT/W2K, to have this magic fade away.
-When installing NT/W2K on a computer, the installer program creates some users
-and groups. Notably the 'Administrators' group, and gives to that group some
-privileges like the ability to change the date and time or to kill any process
-(or close too) running on the local machine. The 'Administrator' user is a
-member of the 'Administrators' group, and thus 'inherit' the 'Administrators'
-group privileges. If a 'joe' user is created and become a member of the
-'Administrator' group, 'joe' has exactly the same rights as 'Administrator'.</P
-><P
->When a NT/W2K machine is joined to a domain, during that phase, the "Domain
-Administrators' group of the PDC is added to the 'Administrators' group of the
-workstation. Every members of the 'Domain Administrators' group 'inherit' the
-rights of the 'Administrators' group when logging on the workstation.</P
-><P
->You are now wondering how to make some of your samba PDC users members of the
-'Domain Administrators' ? That's really easy.</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->create a unix group (usually in <TT
-CLASS="FILENAME"
->/etc/group</TT
->), let's call it domadm</P
-></LI
-><LI
-><P
->add to this group the users that must be Administrators. For example if you want joe,john and mary, your entry in <TT
-CLASS="FILENAME"
->/etc/group</TT
-> will look like:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->domadm:x:502:joe,john,mary</PRE
-></TD
-></TR
-></TABLE
-></P
-></LI
-><LI
-><P
->Map this domadm group to the <B
-CLASS="COMMAND"
->domain admins</B
-> group by running the command:</P
-><P
-><B
-CLASS="COMMAND"
->smbgroupedit -c "Domain Admins" -u domadm</B
-></P
-></LI
-></OL
-><P
->You're set, joe, john and mary are domain administrators !</P
-><P
->Like the Domain Admins group, you can map any arbitrary Unix group to any NT
-group. You can also make any Unix group a domain group. For example, on a domain
-member machine (an NT/W2K or a samba server running winbind), you would like to
-give access to a certain directory to some users who are member of a group on
-your samba PDC. Flag that group as a domain group by running:</P
-><P
-><B
-CLASS="COMMAND"
->smbgroupedit -a unixgroup -td</B
-></P
-><P
->You can list the various groups in the mapping database like this</P
-><P
-><B
-CLASS="COMMAND"
->smbgroupedit -v</B
-></P
-></DIV
-><DIV
-CLASS="CHAPTER"
 ><HR><H1
 ><A
-NAME="PORTABILITY">Portability</H1
-><P
->Samba works on a wide range of platforms but the interface all the 
-platforms provide is not always compatible. This chapter contains 
-platform-specific information about compiling and using samba.</P
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3119">HPUX</H2
-><P
->HP's implementation of supplementary groups is, er, non-standard (for
-hysterical reasons).  There are two group files, /etc/group and
-/etc/logingroup; the system maps UIDs to numbers using the former, but
-initgroups() reads the latter.  Most system admins who know the ropes
-symlink /etc/group to /etc/logingroup (hard link doesn't work for reasons
-too stupid to go into here).  initgroups() will complain if one of the
-groups you're in in /etc/logingroup has what it considers to be an invalid
-ID, which means outside the range [0..UID_MAX], where UID_MAX is (I think)
-60000 currently on HP-UX.  This precludes -2 and 65534, the usual 'nobody'
-GIDs.</P
-><P
->If you encounter this problem, make sure that the programs that are failing 
-to initgroups() be run as users not in any groups with GIDs outside the 
-allowed range.</P
-><P
->This is documented in the HP manual pages under setgroups(2) and passwd(4).</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3124">SCO Unix</H2
-><P
-> 
-If you run an old version of  SCO Unix then you may need to get important 
-TCP/IP patches for Samba to work correctly. Without the patch, you may 
-encounter corrupt data transfers using samba.</P
-><P
->The patch you need is UOD385 Connection Drivers SLS. It is available from
-SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H2
-CLASS="SECT1"
-><A
-NAME="AEN3128">DNIX</H2
-><P
->DNIX has a problem with seteuid() and setegid(). These routines are
-needed for Samba to work correctly, but they were left out of the DNIX
-C library for some reason.</P
-><P
->For this reason Samba by default defines the macro NO_EID in the DNIX
-section of includes.h. This works around the problem in a limited way,
-but it is far from ideal, some things still won't work right.</P
-><P
-> 
-To fix the problem properly you need to assemble the following two
-functions and then either add them to your C library or link them into
-Samba.</P
-><P
-> 
-put this in the file <TT
-CLASS="FILENAME"
->setegid.s</TT
->:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->        .globl  _setegid
-_setegid:
-        moveq   #47,d0
-        movl    #100,a0
-        moveq   #1,d1
-        movl    4(sp),a1
-        trap    #9
-        bccs    1$
-        jmp     cerror
-1$:
-        clrl    d0
-        rts</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->put this in the file <TT
-CLASS="FILENAME"
->seteuid.s</TT
->:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->        .globl  _seteuid
-_seteuid:
-        moveq   #47,d0
-        movl    #100,a0
-        moveq   #0,d1
-        movl    4(sp),a1
-        trap    #9
-        bccs    1$
-        jmp     cerror
-1$:
-        clrl    d0
-        rts</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->after creating the above files you then assemble them using</P
-><P
-><B
-CLASS="COMMAND"
->as seteuid.s</B
-></P
-><P
-><B
-CLASS="COMMAND"
->as setegid.s</B
-></P
-><P
->that should produce the files <TT
-CLASS="FILENAME"
->seteuid.o</TT
-> and 
-<TT
-CLASS="FILENAME"
->setegid.o</TT
-></P
-><P
->then you need to add these to the LIBSM line in the DNIX section of
-the Samba Makefile. Your LIBSM line will then look something like this:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->LIBSM = setegid.o seteuid.o -ln</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
-> 
-You should then remove the line:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->#define NO_EID</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->from the DNIX section of <TT
-CLASS="FILENAME"
->includes.h</TT
-></P
-></DIV
-></DIV
+NAME="AEN2520"
+>Index</A
+></H1
+><DL
+><DT
+>Primary Domain Controller,
+    <A
+HREF="x1242.htm"
+>Background</A
+>
+  </DT
+></DL
 ></DIV
 ></BODY
 ></HTML
diff --git a/docs/htmldocs/Samba-LDAP-HOWTO.html b/docs/htmldocs/Samba-LDAP-HOWTO.html
index 21ebbfe7b08..7fbfbf5247b 100644
--- a/docs/htmldocs/Samba-LDAP-HOWTO.html
+++ b/docs/htmldocs/Samba-LDAP-HOWTO.html
@@ -64,7 +64,7 @@ TARGET="_top"
 >O'Reilly Publishing</A
 > is working on
 a guide to LDAP for System Administrators which has a planned release date of
-early summer, 2002.</P
+late 2002.</P
 ><P
 >Two additional Samba resources which may prove to be helpful are</P
 ><P
@@ -86,7 +86,11 @@ HREF="http://samba.idealx.org/"
 TARGET="_top"
 >IDEALX</A
 > that are
-	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.
+	geared to manage users and group in such a Samba-LDAP Domain Controller configuration.  These scripts can
+	be found in the Samba 2.2.5 release in the <TT
+CLASS="FILENAME"
+>examples/LDAP/smbldap-tools/</TT
+> directory.
 	</P
 ></LI
 ></UL
@@ -96,7 +100,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN23"
+NAME="AEN24"
 >Introduction</A
 ></H1
 ><P
@@ -124,7 +128,7 @@ in the thousands).</P
 >The first is that all lookups must be performed sequentially.  Given that
 there are approximately two lookups per domain logon (one for a normal
 session connection such as when mapping a network drive or printer), this
-is a performance bottleneck for lareg sites.  What is needed is an indexed approach
+is a performance bottleneck for large sites.  What is needed is an indexed approach
 such as is used in databases.</P
 ></LI
 ><LI
@@ -150,7 +154,10 @@ Identified (RID).</P
 ></UL
 ><P
 >As a result of these defeciencies, a more robust means of storing user attributes
-used by smbd was developed.  The API which defines access to user accounts
+used by <B
+CLASS="COMMAND"
+>smbd</B
+> was developed.  The API which defines access to user accounts
 is commonly referred to as the samdb interface (previously this was called the passdb
 API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support
 for a samdb backend (e.g. <TT
@@ -172,7 +179,10 @@ CLASS="PARAMETER"
 >--with-ldapsam</I
 ></TT
 > autoconf
-option, smbd (and associated tools) will store and lookup user accounts in
+option, <B
+CLASS="COMMAND"
+>smbd</B
+> (and associated tools) will store and lookup user accounts in
 an LDAP directory.  In reality, this is very easy to understand.  If you are
 comfortable with using an smbpasswd file, simply replace "smbpasswd" with
 "LDAP directory" in all the documentation.</P
@@ -213,7 +223,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN52"
+NAME="AEN55"
 >Supported LDAP Servers</A
 ></H1
 ><P
@@ -238,7 +248,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN57"
+NAME="AEN60"
 >Schema and Relationship to the RFC 2307 posixAccount</A
 ></H1
 ><P
@@ -252,7 +262,7 @@ in 2.2.2).  The sambaAccount objectclass is given here:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
      DESC 'Samba Account'
      MUST ( uid $ rid )
      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
@@ -261,7 +271,10 @@ CLASS="PROGRAMLISTING"
             description $ userWorkstations $ primaryGroupID $ domain ))</PRE
 ></P
 ><P
->The samba.schema file has been formatted for OpenLDAP 2.0.  The OID's are
+>The <TT
+CLASS="FILENAME"
+>samba.schema</TT
+> file has been formatted for OpenLDAP 2.0 &#38; 2.1.  The OID's are
 owned by the Samba Team and as such is legal to be openly published.
 If you translate the schema to be used with Netscape DS, please
 submit the modified schema file as a patch to <A
@@ -270,22 +283,47 @@ TARGET="_top"
 >jerry@samba.org</A
 ></P
 ><P
+>Since the original release, schema files for</P
+><P
+></P
+><UL
+><LI
+><P
+>IBM's SecureWay Server</P
+></LI
+><LI
+><P
+>Netscape Directory Server version 4.x and 5.x</P
+></LI
+></UL
+><P
+>have been submitted and included in the Samba source distribution.  I cannot
+personally comment on the integration of these commercial directory servers since
+I have not had the oppotinuity to work with them.</P
+><P
 >Just as the smbpasswd file is mean to store information which supplements a
 user's <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
 > entry, so is the sambaAccount object
-meant to supplement the UNIX user account information.  A sambaAccount is a
+meant to supplement the UNIX user account information.  A sambaAccount is now an
 <TT
 CLASS="CONSTANT"
->STRUCTURAL</TT
-> objectclass so it can be stored individually
-in the directory.  However, there are several fields (e.g. uid) which overlap
-with the posixAccount objectclass outlined in RFC2307.  This is by design.</P
+>AUXILARY</TT
+> objectclass so it can be stored alongside
+a posixAccount or person objectclass in the directory.  Note that there are
+several fields (e.g. uid) which overlap with the posixAccount objectclass
+outlined in RFC2307.  This is by design.  The move from a STRUCTURAL objectclass
+to an AUXILIARY one was compliance with the LDAP data model which states that
+an entry can contain only one STRUCTURAL objectclass per entry.  This is now
+enforced by the OpenLDAP 2.1 server.</P
 ><P
 >In order to store all user account information (UNIX and Samba) in the directory,
 it is necessary to use the sambaAccount and posixAccount objectclasses in
-combination.  However, smbd will still obtain the user's UNIX account
+combination.  However, <B
+CLASS="COMMAND"
+>smbd</B
+> will still obtain the user's UNIX account
 information via the standard C library calls (e.g. getpwnam(), et. al.).
 This means that the Samba server must also have the LDAP NSS library installed
 and functioning correctly.  This division of information makes it possible to
@@ -297,7 +335,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN69"
+NAME="AEN81"
 >Configuring Samba with LDAP</A
 ></H1
 ><DIV
@@ -305,7 +343,7 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN71"
+NAME="AEN83"
 >OpenLDAP configuration</A
 ></H2
 ><P
@@ -369,9 +407,9 @@ CLASS="PROGRAMLISTING"
 ## required by OpenLDAP 2.0
 index objectclass   eq
 
-## support pb_getsampwnam()
+## support pbb_getsampwnam()
 index uid           pres,eq
-## support pdb_getsambapwrid()
+## support pdb_getsampwrid()
 index rid           eq
 
 ## uncomment these if you are storing posixAccount and
@@ -387,7 +425,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN88"
+NAME="AEN100"
 >Configuring Samba</A
 ></H2
 ><P
@@ -498,8 +536,64 @@ CLASS="REPLACEABLE"
      ldap suffix = "ou=people,dc=samba,dc=org"
 
      # generally the default ldap search filter is ok
-     # ldap filter = "(&amp;(uid=%u)(objectclass=sambaAccount))"</PRE
+     # ldap filter = "(&#38;(uid=%u)(objectclass=sambaAccount))"</PRE
+></P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN128"
+>Importing <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> entries</A
+></H2
+><P
+>Import existing user entries from an <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> can be trivially done using
+a Perl script named <TT
+CLASS="FILENAME"
+>import_smbpasswd.pl</TT
+> included in the
+<TT
+CLASS="FILENAME"
+>examples/LDAP/</TT
+> directory of the Samba source distribution.  There are
+two main requirements of this script:</P
+><P
 ></P
+><UL
+><LI
+><P
+>All users to be imported to the directory must have a valid uid on the
+	local system.  This can be a problem if using a machinej different from the Samba server
+	to import the file.</P
+></LI
+><LI
+><P
+>The local system must have a working installation of the Net::LDAP perl
+	module which can be obtained from with <A
+HREF="http://search.cpan.org/"
+TARGET="_top"
+>http://search.cpan.org/</A
+>
+	by searching for <TT
+CLASS="FILENAME"
+>perl-ldap</TT
+> or directly from <A
+HREF="http://perl-ldap.sf.net/"
+TARGET="_top"
+>http://perl-ldap.sf.net/</A
+>.
+	</P
+></LI
+></UL
+><P
+>Please refer to the documentation in the same directory as the script for more details.</P
 ></DIV
 ></DIV
 ><DIV
@@ -507,7 +601,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN116"
+NAME="AEN144"
 >Accounts and Groups management</A
 ></H1
 ><P
@@ -532,7 +626,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN121"
+NAME="AEN149"
 >Security and sambaAccount</A
 ></H1
 ><P
@@ -605,7 +699,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN141"
+NAME="AEN169"
 >LDAP specials attributes for sambaAccounts</A
 ></H1
 ><P
@@ -816,7 +910,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN211"
+NAME="AEN239"
 >Example LDIF Entries for a sambaAccount</A
 ></H1
 ><P
@@ -874,7 +968,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN219"
+NAME="AEN247"
 >Comments</A
 ></H1
 ><P
@@ -883,7 +977,7 @@ HREF="mailto:jerry@samba.org"
 TARGET="_top"
 >jerry@samba.org</A
 >.  This documents was
-last updated to reflect the Samba 2.2.3 release.&#13;</P
+last updated to reflect the Samba 2.2.5 release.&#13;</P
 ></DIV
 ></DIV
 ></BODY
diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html
index ae4f545800a..58f3989b4f0 100644
--- a/docs/htmldocs/Samba-PDC-HOWTO.html
+++ b/docs/htmldocs/Samba-PDC-HOWTO.html
@@ -2124,7 +2124,7 @@ ALIGN="LEFT"
 ></TABLE
 ></DIV
 ><P
->The default logon path is \\%N\%U.  NT Workstation will attempt to create
+>The default logon path is \\%N\U%.  NT Workstation will attempt to create
 a directory "\\samba-server\username.PDS" if you specify the logon path
 as "\\samba-server\username" with the NT User Manager.  Therefore, you
 will need to specify (for example) "\\samba-server\username\profile".
diff --git a/docs/htmldocs/Speed.html b/docs/htmldocs/Speed.html
deleted file mode 100644
index 47a8c885b61..00000000000
--- a/docs/htmldocs/Speed.html
+++ /dev/null
@@ -1,550 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->Samba performance issues</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="ARTICLE"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="ARTICLE"
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="SPEED"
->Samba performance issues</A
-></H1
-><HR></DIV
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN3"
->Comparisons</A
-></H1
-><P
->The Samba server uses TCP to talk to the client. Thus if you are
-trying to see if it performs well you should really compare it to
-programs that use the same protocol. The most readily available
-programs for file transfer that use TCP are ftp or another TCP based
-SMB server.</P
-><P
->If you want to test against something like a NT or WfWg server then
-you will have to disable all but TCP on either the client or
-server. Otherwise you may well be using a totally different protocol
-(such as Netbeui) and comparisons may not be valid.</P
-><P
->Generally you should find that Samba performs similarly to ftp at raw
-transfer speed. It should perform quite a bit faster than NFS,
-although this very much depends on your system.</P
-><P
->Several people have done comparisons between Samba and Novell, NFS or
-WinNT. In some cases Samba performed the best, in others the worst. I
-suspect the biggest factor is not Samba vs some other system but the
-hardware and drivers used on the various systems. Given similar
-hardware Samba should certainly be competitive in speed with other
-systems.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN9"
->Oplocks</A
-></H1
-><DIV
-CLASS="SECT2"
-><H2
-CLASS="SECT2"
-><A
-NAME="AEN11"
->Overview</A
-></H2
-><P
->Oplocks are the way that SMB clients get permission from a server to
-locally cache file operations. If a server grants an oplock
-(opportunistic lock) then the client is free to assume that it is the
-only one accessing the file and it will agressively cache file
-data. With some oplock types the client may even cache file open/close
-operations. This can give enormous performance benefits.</P
-><P
->With the release of Samba 1.9.18 we now correctly support opportunistic 
-locks. This is turned on by default, and can be turned off on a share-
-by-share basis by setting the parameter :</P
-><P
-><B
-CLASS="COMMAND"
->oplocks = False</B
-></P
-><P
->We recommend that you leave oplocks on however, as current benchmark
-tests with NetBench seem to give approximately a 30% improvement in
-speed with them on. This is on average however, and the actual 
-improvement seen can be orders of magnitude greater, depending on
-what the client redirector is doing.</P
-><P
->Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
-option has been left in the code for backwards compatibility reasons
-but it's use is now deprecated. A short summary of what the old
-code did follows.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN19"
->Level2 Oplocks</A
-></H2
-><P
->With Samba 2.0.5 a new capability - level2 (read only) oplocks is
-supported (although the option is off by default - see the smb.conf
-man page for details). Turning on level2 oplocks (on a share-by-share basis)
-by setting the parameter :</P
-><P
-><B
-CLASS="COMMAND"
->level2 oplocks = true</B
-></P
-><P
->should speed concurrent access to files that are not commonly written
-to, such as application serving shares (ie. shares that contain common
-.EXE files - such as a Microsoft Office share) as it allows clients to
-read-ahread cache copies of these files.</P
-></DIV
-><DIV
-CLASS="SECT2"
-><HR><H2
-CLASS="SECT2"
-><A
-NAME="AEN25"
->Old 'fake oplocks' option - deprecated</A
-></H2
-><P
->Samba can also fake oplocks, by granting a oplock whenever a client 
-asks for one. This is controlled using the smb.conf option "fake 
-oplocks". If you set "fake oplocks = yes" then you are telling the 
-client that it may agressively cache the file data for all opens.</P
-><P
->Enabling 'fake oplocks' on all read-only shares or shares that you know
-will only be accessed from one client at a time you will see a big
-performance improvement on many operations. If you enable this option
-on shares where multiple clients may be accessing the files read-write
-at the same time you can get data corruption.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN29"
->Socket options</A
-></H1
-><P
->There are a number of socket options that can greatly affect the
-performance of a TCP based server like Samba.</P
-><P
->The socket options that Samba uses are settable both on the command
-line with the -O option, or in the smb.conf file.</P
-><P
->The "socket options" section of the smb.conf manual page describes how
-to set these and gives recommendations.</P
-><P
->Getting the socket options right can make a big difference to your
-performance, but getting them wrong can degrade it by just as
-much. The correct settings are very dependent on your local network.</P
-><P
->The socket option TCP_NODELAY is the one that seems to make the
-biggest single difference for most networks. Many people report that
-adding "socket options = TCP_NODELAY" doubles the read performance of
-a Samba drive. The best explanation I have seen for this is that the
-Microsoft TCP/IP stack is slow in sending tcp ACKs.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN36"
->Read size</A
-></H1
-><P
->The option "read size" affects the overlap of disk reads/writes with
-network reads/writes. If the amount of data being transferred in
-several of the SMB commands (currently SMBwrite, SMBwriteX and
-SMBreadbraw) is larger than this value then the server begins writing
-the data before it has received the whole packet from the network, or
-in the case of SMBreadbraw, it begins writing to the network before
-all the data has been read from disk.</P
-><P
->This overlapping works best when the speeds of disk and network access
-are similar, having very little effect when the speed of one is much
-greater than the other.</P
-><P
->The default value is 16384, but very little experimentation has been
-done yet to determine the optimal value, and it is likely that the best
-value will vary greatly between systems anyway. A value over 65536 is
-pointless and will cause you to allocate memory unnecessarily.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN41"
->Max xmit</A
-></H1
-><P
->At startup the client and server negotiate a "maximum transmit" size,
-which limits the size of nearly all SMB commands. You can set the
-maximum size that Samba will negotiate using the "max xmit = " option
-in smb.conf. Note that this is the maximum size of SMB request that 
-Samba will accept, but not the maximum size that the *client* will accept.
-The client maximum receive size is sent to Samba by the client and Samba
-honours this limit.</P
-><P
->It defaults to 65536 bytes (the maximum), but it is possible that some
-clients may perform better with a smaller transmit unit. Trying values
-of less than 2048 is likely to cause severe problems.</P
-><P
->In most cases the default is the best option.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN46"
->Locking</A
-></H1
-><P
->By default Samba does not implement strict locking on each read/write
-call (although it did in previous versions). If you enable strict
-locking (using "strict locking = yes") then you may find that you
-suffer a severe performance hit on some systems.</P
-><P
->The performance hit will probably be greater on NFS mounted
-filesystems, but could be quite high even on local disks.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN50"
->Share modes</A
-></H1
-><P
->Some people find that opening files is very slow. This is often
-because of the "share modes" code needed to fully implement the dos
-share modes stuff. You can disable this code using "share modes =
-no". This will gain you a lot in opening and closing files but will
-mean that (in some cases) the system won't force a second user of a
-file to open the file read-only if the first has it open
-read-write. For many applications that do their own locking this
-doesn't matter, but for some it may. Most Windows applications
-depend heavily on "share modes" working correctly and it is
-recommended that the Samba share mode support be left at the
-default of "on".</P
-><P
->The share mode code in Samba has been re-written in the 1.9.17
-release following tests with the Ziff-Davis NetBench PC Benchmarking
-tool. It is now believed that Samba 1.9.17 implements share modes
-similarly to Windows NT.</P
-><P
->NOTE: In the most recent versions of Samba there is an option to use
-shared memory via mmap() to implement the share modes. This makes
-things much faster. See the Makefile for how to enable this.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN55"
->Log level</A
-></H1
-><P
->If you set the log level (also known as "debug level") higher than 2
-then you may suffer a large drop in performance. This is because the
-server flushes the log file after each operation, which can be very
-expensive. </P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN58"
->Wide lines</A
-></H1
-><P
->The "wide links" option is now enabled by default, but if you disable
-it (for better security) then you may suffer a performance hit in
-resolving filenames. The performance loss is lessened if you have
-"getwd cache = yes", which is now the default.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN61"
->Read raw</A
-></H1
-><P
->The "read raw" operation is designed to be an optimised, low-latency
-file read operation. A server may choose to not support it,
-however. and Samba makes support for "read raw" optional, with it
-being enabled by default.</P
-><P
->In some cases clients don't handle "read raw" very well and actually
-get lower performance using it than they get using the conventional
-read operations. </P
-><P
->So you might like to try "read raw = no" and see what happens on your
-network. It might lower, raise or not affect your performance. Only
-testing can really tell.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN66"
->Write raw</A
-></H1
-><P
->The "write raw" operation is designed to be an optimised, low-latency
-file write operation. A server may choose to not support it,
-however. and Samba makes support for "write raw" optional, with it
-being enabled by default.</P
-><P
->Some machines may find "write raw" slower than normal write, in which
-case you may wish to change this option.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN70"
->Read prediction</A
-></H1
-><P
->Samba can do read prediction on some of the SMB commands. Read
-prediction means that Samba reads some extra data on the last file it
-read while waiting for the next SMB command to arrive. It can then
-respond more quickly when the next read request arrives.</P
-><P
->This is disabled by default. You can enable it by using "read
-prediction = yes".</P
-><P
->Note that read prediction is only used on files that were opened read
-only.</P
-><P
->Read prediction should particularly help for those silly clients (such
-as "Write" under NT) which do lots of very small reads on a file.</P
-><P
->Samba will not read ahead more data than the amount specified in the
-"read size" option. It always reads ahead on 1k block boundaries.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN77"
->Memory mapping</A
-></H1
-><P
->Samba supports reading files via memory mapping them. One some
-machines this can give a large boost to performance, on others it
-makes not difference at all, and on some it may reduce performance.</P
-><P
->To enable you you have to recompile Samba with the -DUSE_MMAP option
-on the FLAGS line of the Makefile.</P
-><P
->Note that memory mapping is only used on files opened read only, and
-is not used by the "read raw" operation. Thus you may find memory
-mapping is more effective if you disable "read raw" using "read raw =
-no".</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN82"
->Slow Clients</A
-></H1
-><P
->One person has reported that setting the protocol to COREPLUS rather
-than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).</P
-><P
->I suspect that his PC's (386sx16 based) were asking for more data than
-they could chew. I suspect a similar speed could be had by setting
-"read raw = no" and "max xmit = 2048", instead of changing the
-protocol. Lowering the "read size" might also help.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN86"
->Slow Logins</A
-></H1
-><P
->Slow logins are almost always due to the password checking time. Using
-the lowest practical "password level" will improve things a lot. You
-could also enable the "UFC crypt" option in the Makefile.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN89"
->Client tuning</A
-></H1
-><P
->Often a speed problem can be traced to the client. The client (for
-example Windows for Workgroups) can often be tuned for better TCP
-performance.</P
-><P
->See your client docs for details. In particular, I have heard rumours
-that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
-large impact on performance.</P
-><P
->Also note that some people have found that setting DefaultRcvWindow in
-the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
-big improvement. I don't know why.</P
-><P
->My own experience wth DefaultRcvWindow is that I get much better
-performance with a large value (16384 or larger). Other people have
-reported that anything over 3072 slows things down enourmously. One
-person even reported a speed drop of a factor of 30 when he went from
-3072 to 8192. I don't know why.</P
-><P
->It probably depends a lot on your hardware, and the type of unix box
-you have at the other end of the link.</P
-><P
->Paul Cochrane has done some testing on client side tuning and come 
-to the following conclusions:</P
-><P
->Install the W2setup.exe file from www.microsoft.com. This is an 
-update for the winsock stack and utilities which improve performance.</P
-><P
->Configure the win95 TCPIP registry settings to give better 
-perfomance. I use a program called MTUSPEED.exe which I got off the 
-net. There are various other utilities of this type freely available. 
-The setting which give the best performance for me are:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->MaxMTU                  Remove</P
-></LI
-><LI
-><P
->RWIN                    Remove</P
-></LI
-><LI
-><P
->MTUAutoDiscover         Disable</P
-></LI
-><LI
-><P
->MTUBlackHoleDetect      Disable</P
-></LI
-><LI
-><P
->Time To Live            Enabled</P
-></LI
-><LI
-><P
->Time To Live - HOPS     32</P
-></LI
-><LI
-><P
->NDI Cache Size          0</P
-></LI
-></OL
-><P
->I tried virtually all of the items mentioned in the document and 
-the only one which made a difference to me was the socket options. It 
-turned out I was better off without any!!!!!</P
-><P
->In terms of overall speed of transfer, between various win95 clients 
-and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
-drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.</P
-><P
->FIXME
-The figures are:          Put              Get 
-P166 client 3Com card:    420-440kB/s      500-520kB/s
-P100 client 3Com card:    390-410kB/s      490-510kB/s
-DX4-75 client NE2000:     370-380kB/s      330-350kB/s</P
-><P
->I based these test on transfer two files a 4.5MB text file and a 15MB 
-textfile. The results arn't bad considering the hardware Samba is 
-running on. It's a crap machine!!!!</P
-><P
->The updates mentioned in 1 and 2 brought up the transfer rates from 
-just over 100kB/s in some clients.</P
-><P
->A new client is a P333 connected via a 100MB/s card and hub. The 
-transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
-on get.</P
-><P
->Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
-upwards). I suppose there is more going on in the samba protocol, but 
-if it could get up to the rate of FTP the perfomance would be quite 
-staggering.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN121"
->My Results</A
-></H1
-><P
->Some people want to see real numbers in a document like this, so here
-they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
-tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
-Elite-16 ISA bus ethernet card. The only WfWg tuning I've done is to
-set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
-server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
-Elite-16 card. You can see my server config in the examples/tridge/
-subdirectory of the distribution.</P
-><P
->I get 490k/s on reading a 8Mb file with copy.
-I get 441k/s writing the same file to the samba server.</P
-><P
->Of course, there's a lot more to benchmarks than 2 raw throughput
-figures, but it gives you a ballpark figure.</P
-><P
->I've also tested Win95 and WinNT, and found WinNT gave me the best
-speed as a samba client. The fastest client of all (for me) is
-smbclient running on another linux box. Maybe I'll add those results
-here someday ...</P
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html
index 9946e7e64e1..e3c1934adaa 100644
--- a/docs/htmldocs/UNIX_INSTALL.html
+++ b/docs/htmldocs/UNIX_INSTALL.html
@@ -792,6 +792,21 @@ NAME="AEN191"
 		the unix server then take a look at the "username map" option. 
 		See the smb.conf man page for details.</P
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN194"
+>Other Character Sets</A
+></H2
+><P
+>If you have problems using filenames with accented 
+		characters in them (like the German, French or Scandinavian 
+		character sets) then I recommend you look at the "valid chars" 
+		option in smb.conf and also take a look at the validchars 
+		package in the examples directory.</P
+></DIV
 ></DIV
 ></DIV
 ></BODY
diff --git a/docs/htmldocs/cups.html b/docs/htmldocs/cups.html
new file mode 100644
index 00000000000..c4191e25524
--- /dev/null
+++ b/docs/htmldocs/cups.html
@@ -0,0 +1,612 @@
+<HTML
+><HEAD
+><TITLE
+>Printing with CUPS in Samba 2.2.x</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="CUPS"
+>Printing with CUPS in Samba 2.2.x</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Printing with CUPS in Samba 2.2.x</A
+></H1
+><P
+><A
+HREF="http://www.cups.org/"
+TARGET="_top"
+>CUPS</A
+> is a newcomer in
+the UNIX printing scene, which has convinced many people upon first trial
+already. However, it has quite a few new features, which make it different
+from other, more traditional printing systems.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN7"
+>Configuring <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> for CUPS</A
+></H1
+><P
+>Printing with CUPS in the most basic <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+setup in Samba 2.2.x only needs two settings: <B
+CLASS="COMMAND"
+>printing = cups</B
+> and
+<B
+CLASS="COMMAND"
+>printcap = cups</B
+>. While CUPS itself doesn't need a printcap
+anymore, the <TT
+CLASS="FILENAME"
+>cupsd.conf</TT
+> configuration file knows two directives
+(example: <B
+CLASS="COMMAND"
+>Printcap /etc/printcap</B
+> and <B
+CLASS="COMMAND"
+>PrintcapFormat
+BSD</B
+>), which control if such a file should be created for the
+convenience of third party applications. Make sure it is set! For details see
+<B
+CLASS="COMMAND"
+>man cupsd.conf</B
+> and other CUPS-related documentation.</P
+><P
+>If SAMBA is compiled against libcups, then <B
+CLASS="COMMAND"
+>printcap =
+cups</B
+> uses the CUPS API to list printers, submit jobs, etc. Otherwise it
+maps to the System V commands with an additional <TT
+CLASS="PARAMETER"
+><I
+>-oraw</I
+></TT
+>
+option for printing. On a Linux system, you can use the <B
+CLASS="COMMAND"
+>ldd</B
+> command to
+find out details (ldd may not be present on other OS platforms, or its
+function may be embodied by a different command):</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>transmeta:/home/kurt # ldd `which smbd`
+        libssl.so.0.9.6 =&#62; /usr/lib/libssl.so.0.9.6 (0x4002d000)
+        libcrypto.so.0.9.6 =&#62; /usr/lib/libcrypto.so.0.9.6 (0x4005a000)
+        libcups.so.2 =&#62; /usr/lib/libcups.so.2 (0x40123000)
+        libdl.so.2 =&#62; /lib/libdl.so.2 (0x401e8000)
+        libnsl.so.1 =&#62; /lib/libnsl.so.1 (0x401ec000)
+        libpam.so.0 =&#62; /lib/libpam.so.0 (0x40202000)
+        libc.so.6 =&#62; /lib/libc.so.6 (0x4020b000)
+        /lib/ld-linux.so.2 =&gt; /lib/ld-linux.so.2 (0x40000000)</PRE
+></P
+><P
+>The line "libcups.so.2 =&gt; /usr/lib/libcups.so.2
+(0x40123000)" shows there is CUPS support compiled into this version of
+Samba. If this is the case, and <B
+CLASS="COMMAND"
+>printing = cups</B
+> is set, then any
+otherwise manually set print command in smb.conf is ignored.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN26"
+>Using CUPS as a mere spooling print server -- "raw"
+printing with vendor drivers download</A
+></H1
+><P
+>You can setup Samba and your Windows clients to use the
+CUPS print subsystem just as you would with any of the more traditional print
+subsystems: that means the use of vendor provided, native Windows printer
+drivers for each target printer. If you setup the [print$] share to
+download these drivers to the clients, their GDI system (Graphical Device
+Interface) will output the Wndows EMF (Enhanced MetaFile) and
+convert it -- with the help of the printer driver -- locally into the format
+the printer is expecting. Samba and the CUPS print subsystem will have to
+treat these files as raw print files  -- they are already in the
+shape to be digestable for the printer. This is the same traditional setup
+for Unix print servers handling Windows client jobs. It does not take much
+CPU power to handle this kind of task efficiently.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN29"
+>CUPS as a network PostScript RIP -- CUPS drivers working on server, Adobe
+PostScript driver with CUPS-PPDs downloaded to clients</A
+></H1
+><P
+>CUPS is perfectly able to use PPD files (PostScript
+Printer Descriptions). PPDs can control all print device options. They
+are usually provided by the manufacturer -- if you own a PostSript printer,
+that is. PPD files are always a component of PostScript printer drivers on MS
+Windows or Apple Mac OS systems. They are ASCII files containing
+user-selectable print options, mapped to appropriate PostScript, PCL or PJL
+commands for the target printer. Printer driver GUI dialogs translate these
+options "on-the-fly" into buttons and drop-down lists for the user to
+select.</P
+><P
+>CUPS can load, without any conversions, the PPD file from
+any Windows (NT is recommended) PostScript driver and handle the options.
+There is a web browser interface to the print options (select
+http://localhost:631/printers/ and click on one "Configure Printer" button
+to see it), a commandline interface (see <B
+CLASS="COMMAND"
+>man lpoptions</B
+> or
+try if you have <B
+CLASS="COMMAND"
+>lphelp</B
+> on your system) plus some different GUI frontends on Linux
+UNIX, which can present PPD options to the users. PPD options are normally
+meant to become evaluated by the PostScript RIP on the real PostScript
+printer.</P
+><P
+>CUPS doesn't stop at "real" PostScript printers in its
+usage of PPDs. The CUPS developers have extended the PPD concept, to also
+describe available device and driver options for non-PostScript printers
+through  CUPS-PPDs.</P
+><P
+>This is logical, as CUPS includes a fully featured
+PostScript interpreter (RIP). This RIP is based on Ghostscript. It can
+process all received PostScript (and additionally many other file formats)
+from clients. All CUPS-PPDs geared to non-PostScript printers contain an
+additional line, starting with the keyword <TT
+CLASS="PARAMETER"
+><I
+>*cupsFilter</I
+></TT
+>.
+This line
+tells the CUPS print system which printer-specific filter to use for the
+interpretation of the accompanying PostScript. Thus CUPS lets all its
+printers appear as PostScript devices to its clients, because it can act as a
+PostScript RIP for those printers, processing the received PostScript code
+into a proper raster print format.</P
+><P
+>CUPS-PPDs can also be used on Windows-Clients, on top of a
+PostScript driver (recommended is the Adobe one).</P
+><P
+>This feature enables CUPS to do a few tricks no other
+spooler can do:</P
+><P
+></P
+><UL
+><LI
+><P
+>act as a networked PostScript RIP (Raster Image Processor), handling
+    printfiles from all client platforms in a uniform way;</P
+></LI
+><LI
+><P
+>act as a central accounting and billing server, as all files are passed
+    through the <B
+CLASS="COMMAND"
+>pstops</B
+> Filter and are therefor logged in
+    the CUPS <TT
+CLASS="FILENAME"
+>page&lowbar;log</TT
+>. - <I
+CLASS="EMPHASIS"
+>NOTE: </I
+>this
+    can not happen with "raw" print jobs, which always remain unfiltered
+    per definition;</P
+></LI
+><LI
+><P
+>enable clients to consolidate on a single PostScript driver, even for
+    many different target printers.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN50"
+>Windows Terminal Servers (WTS) as CUPS clients</A
+></H1
+><P
+>This setup may be of special interest to people
+experiencing major problems in WTS environments. WTS need often a multitude
+of non-PostScript drivers installed to run their clients' variety of
+different printer models. This often imposes the price of much increased
+instability. In many cases, in an attempt to overcome this problem, site
+administrators have resorted to restrict the allowed drivers installed on
+their WTS to one generic PCL- and one PostScript driver. This however
+restricts the clients in the amount of printer options available for them --
+often they can't get out more then simplex prints from one standard paper
+tray, while their devices could do much better, if driven by a different
+driver!</P
+><P
+>Using an Adobe PostScript driver, enabled with a CUPS-PPD,
+seems to be a very elegant way to overcome all these shortcomings. The
+PostScript driver is not known to cause major stability problems on WTS (even
+if used with many different PPDs). The clients will be able to (again) chose
+paper trays, duplex printing and other settings. However, there is a certain
+price for this too: a  CUPS server acting as a PostScript RIP for its clients
+requires more CPU and RAM than just to act as  a "raw spooling" device. Plus,
+this setup is not yet widely tested, although the first feedbacks look very
+promising...</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN54"
+>Setting up CUPS for driver download</A
+></H1
+><P
+>The <B
+CLASS="COMMAND"
+>cupsadsmb</B
+> utility (shipped with all current
+CUPS versions) makes the sharing of any (or all) installed CUPS printers very
+easy. Prior to using it, you need the following settings in smb.conf:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+         load printers = yes
+         printing = cups
+         printcap name = cups
+
+[printers]
+         comment = All Printers
+         path = /var/spool/samba
+         browseable = no
+         public = yes
+         guest ok = yes
+         writable = no
+         printable = yes
+         printer admin = root
+
+[print$]
+         comment = Printer Drivers
+         path = /etc/samba/drivers
+         browseable = yes
+         guest ok = no
+         read only = yes
+         write list = root</PRE
+></P
+><P
+>For licensing reasons the necessary files of the Adobe
+Postscript driver can not be distributed with either Samba or CUPS. You need
+to download them yourself from the Adobe website. Once extracted, create a
+<TT
+CLASS="FILENAME"
+>drivers</TT
+> directory in the CUPS data directory (usually
+<TT
+CLASS="FILENAME"
+>/usr/share/cups/</TT
+>). Copy the Adobe files using
+UPPERCASE filenames, to this directory as follows:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>        ADFONTS.MFM
+        ADOBEPS4.DRV
+        ADOBEPS4.HLP
+        ADOBEPS5.DLL
+        ADOBEPSU.DLL
+        ADOBEPSU.HLP
+        DEFPRTR2.PPD
+        ICONLIB.DLL</PRE
+></P
+><P
+>Users of the ESP Print Pro software are able to install
+their "Samba Drivers" package for this purpose with no problem.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN66"
+>Sources of CUPS drivers / PPDs</A
+></H1
+><P
+>On the internet you can find now many thousand CUPS-PPD
+files (with their companion filters), in many national languages,
+supporting more than 1.000 non-PostScript models.</P
+><P
+></P
+><UL
+><LI
+><P
+><A
+HREF="http://wwwl.easysw.com/printpro/"
+TARGET="_top"
+>ESP PrintPro
+    (http://wwwl.easysw.com/printpro/)</A
+>
+    (commercial, non-Free) is packaged with more than 3.000 PPDs, ready for
+    successful usage "out of the box" on Linux, IBM-AIX, HP-UX, Sun-Solaris,
+    SGI-IRIX, Compaq Tru64, Digital Unix and some more commercial Unices (it
+    is written by the CUPS developers themselves and its sales help finance
+    the further development of CUPS, as they feed their creators)</P
+></LI
+><LI
+><P
+>the <A
+HREF="http://gimp-print.sourceforge.net/"
+TARGET="_top"
+>Gimp-Print-Project
+    (http://gimp-print.sourceforge.net/)</A
+>
+    (GPL, Free Software) provides around 120 PPDs (supporting nearly 300
+    printers, many driven to photo quality output), to be used alongside the
+    Gimp-Print CUPS filters;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www.turboprint.com/"
+TARGET="_top"
+>TurboPrint
+    (http://www.turboprint.com/)</A
+>
+    (Shareware, non-Freee) supports roughly the same amount of printers in
+    excellent quality;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www-124.ibm.com/developerworks/oss/linux/projects/omni/"
+TARGET="_top"
+>OMNI
+    (http://www-124.ibm.com/developerworks/oss/linux/projects/omni/)</A
+>
+    (LPGL, Free) is a package made by IBM, now containing support for more
+    than 400 printers, stemming from the inheritance of IBM OS/2 KnowHow
+    ported over to Linux (CUPS support is in a Beta-stage at present);</P
+></LI
+><LI
+><P
+><A
+HREF="http://hpinkjet.sourceforge.net/"
+TARGET="_top"
+>HPIJS
+    (http://hpinkjet.sourceforge.net/)</A
+>
+    (BSD-style licnes, Free) supports around 120 of HP's own printers and is
+    also providing excellent print quality now;</P
+></LI
+><LI
+><P
+><A
+HREF="http://www.linuxprinting.org/"
+TARGET="_top"
+>Foomatic/cupsomatic (http://www.linuxprinting.org/)</A
+> 
+    (LPGL, Free) from Linuxprinting.org are providing PPDs for practically every
+    Ghostscript filter known to the world, now usable with CUPS.</P
+></LI
+></UL
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE: </I
+>the cupsomatic trick from Linuxprinting.org is
+working different from the other drivers. While the other drivers take the
+generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as
+their input, cupsomatic "kidnaps" the PostScript inside CUPS, before
+RIP-ping, deviates it to an external Ghostscript installation (which now
+becomes the RIP) and gives it back to a CUPS backend once Ghostscript is
+finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster
+PostScript RIP function again inside a system-wide Ghostscript 
+installation rather than in "their own" pstoraster filter. (This 
+CUPS-enabling Ghostscript version may be installed either as a 
+patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package).
+However, this will not change the cupsomatic approach of guiding the printjob
+along a different path through the filtering system than the standard CUPS
+way...</P
+><P
+>Once you installed a printer inside CUPS with one of the
+recommended methods (the lpadmin command, the web browser interface or one of
+the available GUI wizards), you can use <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> to share the
+printer via Samba. <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> prepares the driver files for
+comfortable client download and installation upon their first contact with
+this printer share.</P
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN93"
+><B
+CLASS="COMMAND"
+>cupsaddsmb</B
+></A
+></H2
+><P
+>The <B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> command copies the needed files
+for convenient Windows client installations from the previously prepared CUPS
+data directory to your [print$] share. Additionally, the PPD
+associated with this printer is copied from <TT
+CLASS="FILENAME"
+>/etc/cups/ppd/</TT
+> to
+[print$].</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> <B
+CLASS="COMMAND"
+>cupsaddsmb -U root infotec_IS2027</B
+>
+Password for root required to access localhost via SAMBA: <TT
+CLASS="USERINPUT"
+><B
+>[type in password 'secret']</B
+></TT
+></PRE
+></P
+><P
+>To share all printers and drivers, use the <TT
+CLASS="PARAMETER"
+><I
+>-a</I
+></TT
+>
+parameter instead of a printer name.</P
+><P
+>Probably you want to see what's going on. Use the
+<TT
+CLASS="PARAMETER"
+><I
+>-v</I
+></TT
+> parameter to get a more verbose output:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+><TT
+CLASS="PROMPT"
+>root# </TT
+> cupsaddsmb -v -U root infotec_IS2027
+    Password for root required to access localhost via SAMBA:
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir W32X86;put /var/spool/cups/tmp/3cd1cc66376c0 W32X86/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADOBEPS5.DLL W32X86/ADOBEPS5.DLL;put /usr/share/cups/drivers/ADOBEPSU.DLL W32X86/ADOBEPSU.DLL;put /usr/share/cups/drivers/ADOBEPSU.HLP W32X86/ADOBEPSU.HLP'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \W32X86/infotec_IS2027.PPD (17394.6 kb/s) (average 17395.2 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS5.DLL as \W32X86/ADOBEPS5.DLL (10877.4 kb/s) (average 11343.0 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.DLL as \W32X86/ADOBEPSU.DLL (5095.2 kb/s) (average 9260.4 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPSU.HLP as \W32X86/ADOBEPSU.HLP (8828.7 kb/s) (average 9247.1 kb/s)
+
+    Running command: smbclient //localhost/print\$ -N -U'root%secret' -c 'mkdir WIN40;put /var/spool/cups/tmp/3cd1cc66376c0 WIN40/infotec_IS2027.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/DEFPRTR2.PPD WIN40/DEFPRTR2.PPD;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;'
+    added interface ip=10.160.16.45 bcast=10.160.31.255 nmask=255.255.240.0
+    added interface ip=192.168.182.1 bcast=192.168.182.255 nmask=255.255.255.0
+    added interface ip=172.16.200.1 bcast=172.16.200.255 nmask=255.255.255.0
+    Domain=[TUX-NET] OS=[Unix] Server=[Samba 2.2.3a.200204262025cvs]
+    NT_STATUS_OBJECT_NAME_COLLISION making remote directory \WIN40
+    putting file /var/spool/cups/tmp/3cd1cc66376c0 as \WIN40/infotec_IS2027.PPD (26091.5 kb/s) (average 26092.8 kb/s)
+    putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (11241.6 kb/s) (average 11812.9 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (16640.6 kb/s) (average 14679.3 kb/s)
+    putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (11285.6 kb/s) (average 14281.5 kb/s)
+    putting file /usr/share/cups/drivers/DEFPRTR2.PPD as \WIN40/DEFPRTR2.PPD (823.5 kb/s) (average 12944.0 kb/s)
+    putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (19226.2 kb/s) (average 13169.7 kb/s)
+    putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 13266.7 kb/s)
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"'
+    cmd = adddriver "Windows NT x86" "infotec_IS2027:ADOBEPS5.DLL:infotec_IS2027.PPD:ADOBEPSU.DLL:ADOBEPSU.HLP:NULL:RAW:NULL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"'
+    cmd = adddriver "Windows 4.0" "infotec_IS2027:ADOBEPS4.DRV:infotec_IS2027.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADFONTS.MFM,DEFPRTR2.PPD,ICONLIB.DLL"
+    Printer Driver infotec_IS2027 successfully installed.
+
+    Running command: rpcclient localhost -N -U'root%secret' -c 'setdriver infotec_IS2027 infotec_IS2027'
+    cmd = setdriver infotec_IS2027 infotec_IS2027
+    Succesfully set infotec_IS2027 to driver infotec_IS2027.
+
+    <TT
+CLASS="PROMPT"
+>root# </TT
+></PRE
+></P
+><P
+>If you look closely, you'll discover your root password
+was transfered unencrypted over the wire, so beware! Also, if you look
+further her, you'll discover error messages like
+<TT
+CLASS="CONSTANT"
+>NT_STATUS_OBJECT_NAME_COLLISION</TT
+> in between. They occur, because
+the directories <TT
+CLASS="FILENAME"
+>WIN40</TT
+> and <TT
+CLASS="FILENAME"
+>W32X86</TT
+> already
+existed in the [print$] driver download share (from a previous driver
+installation). They are harmless here.</P
+><P
+>Now your printer is prepared for the clients to use. From
+a client, browse to the CUPS/Samba server, open the "Printers"
+share, right-click on this printer and select "Install..." or
+"Connect..." (depending on the Windows version you use). Now their
+should be a new printer in your client's local "Printers" folder,
+named (in my case) "infotec_IS2027 on kdebitshop"</P
+><P
+><I
+CLASS="EMPHASIS"
+>NOTE: </I
+>
+<B
+CLASS="COMMAND"
+>cupsaddsmb</B
+> will only reliably work i
+with CUPS version 1.1.15 or higher
+and Samba from 2.2.4. If it doesn't work, or if the automatic printer
+driver download to the clients doesn't succeed, you can still manually
+install the CUPS printer PPD on top of the Adobe PostScript driver on
+clients and then point the client's printer queue to the Samba printer
+share for connection, should you desire to use the CUPS networked
+PostScript RIP functions.</P
+></DIV
+></DIV
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
diff --git a/docs/htmldocs/net.8.html b/docs/htmldocs/net.8.html
deleted file mode 100644
index 77cb2b2b380..00000000000
--- a/docs/htmldocs/net.8.html
+++ /dev/null
@@ -1,106 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->net</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="NET"
->net</A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN5"
-></A
-><H2
->Name</H2
->net&nbsp;--&nbsp;Tool for administration of Samba and remote
-	CIFS servers.</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->net</B
->  {&#60;ads|rap|rpc&#62;}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN12"
-></A
-><H2
->DESCRIPTION</H2
-><P
->This tool is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->	Samba</A
-> suite.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN16"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN19"
-></A
-><H2
->COMMANDS</H2
-><P
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN22"
-></A
-><H2
->VERSION</H2
-><P
->This man page is incomplete for version 3.0 of the Samba 
-	suite.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN25"
-></A
-><H2
->AUTHOR</H2
-><P
->The original Samba software and related utilities 
-	were created by Andrew Tridgell. Samba is now developed
-	by the Samba Team as an Open Source project similar 
-	to the way the Linux kernel is developed.</P
-><P
->The original Samba man pages were written by Karl Auer.
-	The current set of manpages and documentation is maintained
-	by the Samba Team in the same fashion as the Samba source code.</P
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html
index 76fd5de6ba2..828ebb13a42 100644
--- a/docs/htmldocs/nmbd.8.html
+++ b/docs/htmldocs/nmbd.8.html
@@ -601,6 +601,23 @@ CLASS="REFSECT1"
 NAME="AEN194"
 ></A
 ><H2
+>TROUBLESHOOTING</H2
+><P
+>        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN197"
+></A
+><H2
 >VERSION</H2
 ><P
 >This man page is correct for version 2.2 of 
@@ -609,7 +626,7 @@ NAME="AEN194"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN197"
+NAME="AEN200"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -674,7 +691,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN214"
+NAME="AEN217"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html
index c87d7d35db9..22cc35526cc 100644
--- a/docs/htmldocs/nmblookup.1.html
+++ b/docs/htmldocs/nmblookup.1.html
@@ -37,12 +37,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >nmblookup</B
->  [-M] [-R] [-S] [-r] [-A] [-h] [-B &#60;broadcast address&#62;] [-U &#60;unicast address&#62;] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-i &#60;NetBIOS scope&#62;] [-T] {name}</P
+>  [-f] [-M] [-R] [-S] [-r] [-A] [-h] [-B &#60;broadcast address&#62;] [-U &#60;unicast address&#62;] [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] [-i &#60;NetBIOS scope&#62;] [-T] {name}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN24"
+NAME="AEN25"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -65,7 +65,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN30"
+NAME="AEN31"
 ></A
 ><H2
 >OPTIONS</H2
@@ -75,6 +75,15 @@ NAME="AEN30"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
+>-f</DT
+><DD
+><P
+>Causes nmblookup to print out the flags
+		in the NMB packet headers. These flags will print out as 
+		strings like Authoritative, Recursion_Desired, Recursion_available, etc.
+		</P
+></DD
+><DT
 >-M</DT
 ><DD
 ><P
@@ -293,7 +302,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN110"
+NAME="AEN115"
 ></A
 ><H2
 >EXAMPLES</H2
@@ -330,7 +339,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN122"
+NAME="AEN127"
 ></A
 ><H2
 >VERSION</H2
@@ -341,7 +350,7 @@ NAME="AEN122"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN125"
+NAME="AEN130"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -368,7 +377,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN132"
+NAME="AEN137"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/pdbedit.8.html b/docs/htmldocs/pdbedit.8.html
index b1a1dea6795..9609664af05 100644
--- a/docs/htmldocs/pdbedit.8.html
+++ b/docs/htmldocs/pdbedit.8.html
@@ -36,12 +36,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >pdbedit</B
->  [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-D debuglevel]</P
+>  [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i file]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN26"
+NAME="AEN24"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -67,7 +67,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN33"
+NAME="AEN31"
 ></A
 ><H2
 >OPTIONS</H2
@@ -337,40 +337,29 @@ CLASS="COMMAND"
 ></P
 ></DD
 ><DT
->-i passdb-backend</DT
+>-i file</DT
 ><DD
 ><P
->Use a different passdb backend to retrieve users than the one specified in smb.conf.</P
+>This command is used to import a smbpasswd
+		file into the database.</P
 ><P
->This option will ease migration from one passdb backend to another.
-		</P
+>This option will ease migration from the plain smbpasswd
+		file database to more powerful backend databases like tdb and
+		ldap.</P
 ><P
 >Example: <B
 CLASS="COMMAND"
->pdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb</B
+>pdbedit -i /etc/smbpasswd.old</B
 >
 		</P
 ></DD
-><DT
->-e passdb-backend</DT
-><DD
-><P
->Export all currently available users to the specified password database backend.</P
-><P
->This option will ease migration from one passdb backend to another and will ease backupping</P
-><P
->Example: <B
-CLASS="COMMAND"
->pdbedit -e smbpasswd:/root/samba-users.backup</B
-></P
-></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN133"
+NAME="AEN124"
 ></A
 ><H2
 >NOTES</H2
@@ -380,7 +369,7 @@ NAME="AEN133"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN136"
+NAME="AEN127"
 ></A
 ><H2
 >VERSION</H2
@@ -391,7 +380,7 @@ NAME="AEN136"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN139"
+NAME="AEN130"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -411,7 +400,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN144"
+NAME="AEN135"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html
index 5a6e6586da5..38a7e280668 100644
--- a/docs/htmldocs/printer_driver2.html
+++ b/docs/htmldocs/printer_driver2.html
@@ -165,7 +165,7 @@ CLASS="PARAMETER"
 >printer driver
 file</I
 ></TT
-> parameter, are being deprecated and should not 
+> parameter, are being deprecated and should not
 be used in new installations.  For more information on this change, 
 you should refer to the <A
 HREF="#MIGRATION"
@@ -391,33 +391,36 @@ properties will be displayed.  Do you want to install the
 driver now?</I
 ></P
 ><P
->Click "No" in the error dialog and you will be presented with
-the printer properties window.  The way assign a driver to a 
+>Click <I
+CLASS="EMPHASIS"
+>No</I
+> in the error dialog and you will be presented with
+the printer properties window.  The way assign a driver to a
 printer is to either</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->Use the "New Driver..." button to install 
+>Use the "New Driver..." button to install
 	a new printer driver, or</P
 ></LI
 ><LI
 ><P
->Select a driver from the popup list of 
+>Select a driver from the popup list of
 	installed drivers.  Initially this list will be empty.</P
 ></LI
 ></UL
 ><P
->If you wish to install printer drivers for client 
-operating systems other than "Windows NT x86", you will need 
+>If you wish to install printer drivers for client
+operating systems other than "Windows NT x86", you will need
 to use the "Sharing" tab of the printer properties dialog.</P
 ><P
->Assuming you have connected with a root account, you 
-will also be able modify other printer properties such as 
+>Assuming you have connected with a root account, you
+will also be able modify other printer properties such as
 ACLs and device settings using this dialog box.</P
 ><P
->A few closing comments for this section, it is possible 
+>A few closing comments for this section, it is possible
 on a Windows NT print server to have printers
 listed in the Printers folder which are not shared.  Samba does
 not make this distinction.  By definition, the only printers of
@@ -428,7 +431,7 @@ CLASS="FILENAME"
 >.</P
 ><P
 >Another interesting side note is that Windows NT clients do
-not use the SMB printer share, but rather can print directly 
+not use the SMB printer share, but rather can print directly
 to any printer on another Windows NT host using MS-RPC.  This
 of course assumes that the printing client has the necessary
 privileges on the remote host serving the printer.  The default
@@ -440,45 +443,88 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN88"
+NAME="AEN89"
+>DeviceModes and New Printers</A
+></H2
+><P
+>In order for a printer to be truly usbla eby a Windows NT/2k/XP client,
+it must posses:</P
+><P
+></P
+><UL
+><LI
+><P
+>a valid Device Mode generated by the driver for the printer, and</P
+></LI
+><LI
+><P
+>a complete set of PrinterDriverData generated by the driver.</P
+></LI
+></UL
+><P
+>If either one of these is incomplete, the clients can produce less than optimal 
+output at best or in the worst cases, unreadable garbage or nothing at all.  
+Fortunately, most driver generate the printer driver that is needed.
+However, the client must be tickled to generate a valid Device Mode and set it on the
+server.  The easist means of doing so is to simply set the page orientation on 
+the server's printer using the native Windows NT/2k printer properties page from 
+a Window clients.  Make sure to apply changes between swapping the page orientation
+to cause the change to actually take place.  Be aware that this can only be done
+by a "printer admin" (the reason should be obvious I hope).</P
+><P
+>Samba also includes a service level parameter name <A
+HREF="smb.conf.5.html#DEFAULTDEVMODE"
+TARGET="_top"
+>default
+devmode</A
+> for generating a default device mode for a printer.  Some driver
+will function fine with this default set of properties.  Others may crash the client's
+spooler service.  Use this parameter with caution. It is always better to have the client
+generate a valid device mode for the printer and store it on the server for you.</P
+></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN100"
 >Support a large number of printers</A
 ></H2
 ><P
 >One issue that has arisen during the development
 phase of Samba 2.2 is the need to support driver downloads for
-100's of printers.  Using the Windows NT APW is somewhat 
-awkward to say the least.  If more than one printer is using the 
+100's of printers.  Using the Windows NT APW is somewhat
+awkward to say the list.  If more than one printer are using the
 same driver, the <A
 HREF="rpcclient.1.html"
 TARGET="_top"
 ><B
 CLASS="COMMAND"
 >rpcclient's
-setdriver command</B
+setdriver</B
 ></A
-> can be used to set the driver
-associated with an installed driver.  The following is an example
+> command can be used to set the driver
+associated with an installed driver.  The following is example
 of how this could be accomplished:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
-> 
-<TT
+><TT
 CLASS="PROMPT"
 >$ </TT
 >rpcclient pogo -U root%secret -c "enumdrivers"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
- 
+
 [Windows NT x86]
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4000 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 2100 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4Si/4SiMX PS]
-				  
+
 <TT
 CLASS="PROMPT"
 >$ </TT
@@ -488,7 +534,7 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
      name:[\\POGO\hp-print]
      description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
      comment:[]
-				  
+
 <TT
 CLASS="PROMPT"
 >$ </TT
@@ -506,7 +552,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN99"
+NAME="AEN111"
 >Adding New Printers via the Windows NT APW</A
 ></H2
 ><P
@@ -514,7 +560,7 @@ NAME="AEN99"
 CLASS="FILENAME"
 >smb.conf</TT
 >
-in the "Printers..." folder.  Also in this folder is the Windows NT 
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
 Add Printer Wizard icon.  The APW will be show only if</P
 ><P
 ></P
@@ -539,7 +585,7 @@ TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->show 
+>show
 	add printer wizard = yes</I
 ></TT
 ></A
@@ -548,39 +594,39 @@ CLASS="PARAMETER"
 ></LI
 ></UL
 ><P
->In order to be able to use the APW to successfully add a printer to a Samba 
+>In order to be able to use the APW to successfully add a printer to a Samba
 server, the <A
 HREF="smb.conf.5.html#ADDPRINTERCOMMAND"
 TARGET="_top"
 ><TT
 CLASS="PARAMETER"
 ><I
->add 
+>add
 printer command</I
 ></TT
 ></A
 > must have a defined value.  The program
-hook must successfully add the printer to the system (i.e. 
+hook must successfully add the printer to the system (i.e.
 <TT
 CLASS="FILENAME"
 >/etc/printcap</TT
-> or appropriate files) and 
+> or appropriate files) and
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
 > if necessary.</P
 ><P
->When using the APW from a client, if the named printer share does 
+>When using the APW from a client, if the named printer share does
 not exist, <B
 CLASS="COMMAND"
 >smbd</B
 > will execute the <TT
 CLASS="PARAMETER"
 ><I
->add printer 
+>add printer
 command</I
 ></TT
-> and reparse the <TT
+> and reparse to the <TT
 CLASS="FILENAME"
 >smb.conf</TT
 >
@@ -594,7 +640,7 @@ CLASS="PARAMETER"
 > is executed under the context
 of the connected user, not necessarily a root account.</P
 ><P
->There is a complementary <A
+>There is a complementing <A
 HREF="smb.conf.5.html#DELETEPRINTERCOMMAND"
 TARGET="_top"
 ><TT
@@ -612,14 +658,14 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN124"
+NAME="AEN136"
 >Samba and Printer Ports</A
 ></H2
 ><P
 >Windows NT/2000 print servers associate a port with each printer.  These normally
 take the form of LPT1:, COM1:, FILE:, etc...  Samba must also support the
 concept of ports associated with a printer.  By default, only one printer port,
-named "Samba Printer Port", exists on a system.  Samba does not really need a port in
+named "Samba Printer Port", exists on a system.  Samba does not really a port in
 order to print, rather it is a requirement of Windows clients.  </P
 ><P
 >Note that Samba does not support the concept of "Printer Pooling" internally 
@@ -649,7 +695,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN132"
+NAME="AEN144"
 >The Imprints Toolset</A
 ></H1
 ><P
@@ -662,12 +708,19 @@ TARGET="_top"
 > as well as the documentation 
 	included with the imprints source distribution.  This section will 
 	only provide a brief introduction to the features of Imprints.</P
+><P
+>As of June 16, 2002 (quite a bit earlier actually), the Imprints
+	project is in need of a new maintainer.  The most important skill
+	is decent perl coding and an interest in MS-RPC based printing using Samba.
+	If you wich to volunteer, please coordinate your efforts on the samba-technical
+	mailing list.
+	</P
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN136"
+NAME="AEN149"
 >What is Imprints?</A
 ></H2
 ><P
@@ -699,7 +752,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN146"
+NAME="AEN159"
 >Creating Printer Driver Packages</A
 ></H2
 ><P
@@ -715,7 +768,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN149"
+NAME="AEN162"
 >The Imprints server</A
 ></H2
 ><P
@@ -736,7 +789,7 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN153"
+NAME="AEN166"
 >The Installation Client</A
 ></H2
 ><P
@@ -830,7 +883,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN175"
+NAME="AEN188"
 ><A
 NAME="MIGRATION"
 ></A
@@ -963,6 +1016,17 @@ CLASS="PARAMETER"
 ></TR
 ></TABLE
 ></DIV
+><DIV
+CLASS="SECT2"
+><HR><H2
+CLASS="SECT2"
+><A
+NAME="AEN221"
+>Parameters in <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> for Backwards Compatibility</A
+></H2
 ><P
 >The have been two new parameters add in Samba 2.2.2 to for 
 better support of Samba 2.0.x backwards capability (<TT
@@ -978,10 +1042,11 @@ CLASS="PARAMETER"
 >use client driver</I
 ></TT
 >). Both of 
-these options are described in the smb.conf(5) man page and are 
-disabled by default.</P
+these options are described in the smb.coinf(5) man page and are 
+disabled by default.  Use them with caution.</P
+></DIV
 ></DIV
 ></DIV
 ></BODY
 ></HTML
->
+>
\ No newline at end of file
diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html
index 9ffca61437b..d18966fa238 100644
--- a/docs/htmldocs/rpcclient.1.html
+++ b/docs/htmldocs/rpcclient.1.html
@@ -37,12 +37,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >rpcclient</B
->  [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] [-I destinationIP] {server}</P
+>  [-A authfile] [-c &#60;command string&#62;] [-d debuglevel] [-h] [-l logfile] [-N] [-s &#60;smb config file&#62;] [-U username[%password]] [-W workgroup] [-N] {server}</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN23"
+NAME="AEN22"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -65,7 +65,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN29"
+NAME="AEN28"
 ></A
 ><H2
 >OPTIONS</H2
@@ -96,7 +96,7 @@ CLASS="FILENAME"
 >.</P
 ></DD
 ><DT
->-A|--authfile=filename</DT
+>-A filename</DT
 ><DD
 ><P
 >This option allows 
@@ -125,14 +125,14 @@ CLASS="PROGRAMLISTING"
 		access from unwanted users. </P
 ></DD
 ><DT
->-c|--command='command string'</DT
+>-c 'command string'</DT
 ><DD
 ><P
 >execute semicolon separated commands (listed 
 		below)) </P
 ></DD
 ><DT
->-d|--debug=debuglevel</DT
+>-d debuglevel</DT
 ><DD
 ><P
 >set the debuglevel. Debug level 0 is the lowest 
@@ -144,43 +144,14 @@ CLASS="FILENAME"
 		</P
 ></DD
 ><DT
->-h|--help</DT
+>-h</DT
 ><DD
 ><P
 >Print a summary of command line options.
 		</P
 ></DD
 ><DT
->-I IP-address</DT
-><DD
-><P
-><TT
-CLASS="REPLACEABLE"
-><I
->IP address</I
-></TT
-> is the address of the server to connect to. 
-		It should be specified in standard "a.b.c.d" notation. </P
-><P
->Normally the client would attempt to locate a named 
-		SMB/CIFS server by looking it up via the NetBIOS name resolution 
-		mechanism described above in the <TT
-CLASS="PARAMETER"
-><I
->name resolve order</I
-></TT
-> 
-		parameter above. Using this parameter will force the client
-		to assume that the server is on the machine with the specified IP 
-		address and the NetBIOS name component of the resource being 
-		connected to will be ignored. </P
-><P
->There is no default for this parameter. If not supplied, 
-		it will be determined automatically by the client as described 
-		above. </P
-></DD
-><DT
->-l|--logfile=logbasename</DT
+>-l logbasename</DT
 ><DD
 ><P
 >File name for log/debug files. The extension 
@@ -192,7 +163,7 @@ CLASS="CONSTANT"
 		</P
 ></DD
 ><DT
->-N|--nopass</DT
+>-N</DT
 ><DD
 ><P
 >instruct <B
@@ -211,7 +182,7 @@ CLASS="PARAMETER"
 > option.</P
 ></DD
 ><DT
->-s|--conf=smb.conf</DT
+>-s smb.conf</DT
 ><DD
 ><P
 >Specifies the location of the all important 
@@ -221,7 +192,7 @@ CLASS="FILENAME"
 > file. </P
 ></DD
 ><DT
->-U|--user=username[%password]</DT
+>-U username[%password]</DT
 ><DD
 ><P
 >Sets the SMB username or username and password. </P
@@ -267,7 +238,7 @@ CLASS="COMMAND"
 		it in directly. </P
 ></DD
 ><DT
->-W|--workgroup=domain</DT
+>-W domain</DT
 ><DD
 ><P
 >Set the SMB domain of the username.   This 
@@ -282,7 +253,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN101"
+NAME="AEN92"
 ></A
 ><H2
 >COMMANDS</H2
@@ -676,7 +647,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN221"
+NAME="AEN212"
 ></A
 ><H2
 >BUGS</H2
@@ -717,18 +688,18 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN231"
+NAME="AEN222"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 3.0 of the Samba 
+>This man page is correct for version 2.2 of the Samba 
 	suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN234"
+NAME="AEN225"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/security_level.html b/docs/htmldocs/security_level.html
deleted file mode 100644
index e26e1ea78bb..00000000000
--- a/docs/htmldocs/security_level.html
+++ /dev/null
@@ -1,169 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->Security levels</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="ARTICLE"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><DIV
-CLASS="ARTICLE"
-><DIV
-CLASS="TITLEPAGE"
-><H1
-CLASS="TITLE"
-><A
-NAME="SECURITY_LEVELS"
->Security levels</A
-></H1
-><HR></DIV
-><DIV
-CLASS="SECT1"
-><H1
-CLASS="SECT1"
-><A
-NAME="AEN3"
->Introduction</A
-></H1
-><P
->Samba supports the following options to the global smb.conf parameter</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->[global]
-<A
-HREF="smb.conf.5.html#SECURITY"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->security</I
-></TT
-></A
-> = [share|user(default)|domain|ads]</PRE
-></P
-><P
->Please refer to the smb.conf man page for usage information and to the document
-<A
-HREF="DOMAIN_MEMBER.html"
-TARGET="_top"
->DOMAIN_MEMBER.html</A
-> for further background details
-on domain mode security.  The Windows 2000 Kerberos domain security model
-(security = ads) is described in the <A
-HREF="ADS-HOWTO.html"
-TARGET="_top"
->ADS-HOWTO.html</A
->.</P
-><P
->Of the above, "security = server" means that Samba reports to clients that
-it is running in "user mode" but actually passes off all authentication
-requests to another "user mode" server. This requires an additional
-parameter "password server =" that points to the real authentication server.
-That real authentication server can be another Samba server or can be a
-Windows NT server, the later natively capable of encrypted password support.</P
-></DIV
-><DIV
-CLASS="SECT1"
-><HR><H1
-CLASS="SECT1"
-><A
-NAME="AEN14"
->More complete description of security levels</A
-></H1
-><P
->A SMB server tells the client at startup what "security level" it is
-running. There are two options "share level" and "user level". Which
-of these two the client receives affects the way the client then tries
-to authenticate itself. It does not directly affect (to any great
-extent) the way the Samba server does security. I know this is
-strange, but it fits in with the client/server approach of SMB. In SMB
-everything is initiated and controlled by the client, and the server
-can only tell the client what is available and whether an action is
-allowed. </P
-><P
->I'll describe user level security first, as its simpler. In user level
-security the client will send a "session setup" command directly after
-the protocol negotiation. This contains a username and password. The
-server can either accept or reject that username/password
-combination. Note that at this stage the server has no idea what
-share the client will eventually try to connect to, so it can't base
-the "accept/reject" on anything other than:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->the username/password</P
-></LI
-><LI
-><P
->the machine that the client is coming from</P
-></LI
-></OL
-><P
->If the server accepts the username/password then the client expects to
-be able to mount any share (using a "tree connection") without
-specifying a password. It expects that all access rights will be as
-the username/password specified in the "session setup". </P
-><P
->It is also possible for a client to send multiple "session setup"
-requests. When the server responds it gives the client a "uid" to use
-as an authentication tag for that username/password. The client can
-maintain multiple authentication contexts in this way (WinDD is an
-example of an application that does this)</P
-><P
->Ok, now for share level security. In share level security the client
-authenticates itself separately for each share. It will send a
-password along with each "tree connection" (share mount). It does not
-explicitly send a username with this operation. The client is
-expecting a password to be associated with each share, independent of
-the user. This means that samba has to work out what username the
-client probably wants to use. It is never explicitly sent the
-username. Some commercial SMB servers such as NT actually associate
-passwords directly with shares in share level security, but samba
-always uses the unix authentication scheme where it is a
-username/password that is authenticated, not a "share/password".</P
-><P
->Many clients send a "session setup" even if the server is in share
-level security. They normally send a valid username but no
-password. Samba records this username in a list of "possible
-usernames". When the client then does a "tree connection" it also adds
-to this list the name of the share they try to connect to (useful for
-home directories) and any users listed in the "user =" smb.conf
-line. The password is then checked in turn against these "possible
-usernames". If a match is found then the client is authenticated as
-that user.</P
-><P
->Finally "server level" security. In server level security the samba
-server reports to the client that it is in user level security. The
-client then does a "session setup" as described earlier. The samba
-server takes the username/password that the client sends and attempts
-to login to the "password server" by sending exactly the same
-username/password that it got from the client. If that server is in
-user level security and accepts the password then samba accepts the
-clients connection. This allows the samba server to use another SMB
-server as the "password server". </P
-><P
->You should also note that at the very start of all this, where the
-server tells the client what security level it is in, it also tells
-the client if it supports encryption. If it does then it supplies the
-client with a random "cryptkey". The client will then send all
-passwords in encrypted form. You have to compile samba with encryption
-enabled to support this feature, and you have to maintain a separate
-smbpasswd file with SMB style encrypted passwords. It is
-cryptographically impossible to translate from unix style encryption
-to SMB style encryption, although there are some fairly simple management
-schemes by which the two could be kept in sync.</P
-></DIV
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html
index 5d1cc21da71..8567b9988bd 100644
--- a/docs/htmldocs/smb.conf.5.html
+++ b/docs/htmldocs/smb.conf.5.html
@@ -1,12 +1,10 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >smb.conf</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -16,7 +14,9 @@ VLINK="#840084"
 ALINK="#0000FF"
 ><H1
 ><A
-NAME="SMB.CONF">smb.conf</H1
+NAME="SMB.CONF"
+>smb.conf</A
+></H1
 ><DIV
 CLASS="REFNAMEDIV"
 ><A
@@ -123,12 +123,8 @@ NAME="AEN28"
 ><P
 >There are three special sections, [global],
 	[homes] and [printers], which are
-	described under <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->special sections</I
-></SPAN
+	described under <EM
+>special sections</EM
 >. The
 	following notes apply to ordinary section descriptions.</P
 ><P
@@ -142,20 +138,12 @@ CLASS="EMPHASIS"
 	printable services (used by the client to access print services 
 	on the host running the server).</P
 ><P
->Sections may be designated <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->guest</I
-></SPAN
+>Sections may be designated <EM
+>guest</EM
 > services,
 	in which case no password is required to access them. A specified 
-	UNIX <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->guest account</I
-></SPAN
+	UNIX <EM
+>guest account</EM
 > is used to define access
 	privileges in this case.</P
 ><P
@@ -177,6 +165,12 @@ CLASS="FILENAME"
 >/home/bar</TT
 >. 
 	The share is accessed via the share name "foo":</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >	<TT
@@ -187,19 +181,24 @@ CLASS="COMPUTEROUTPUT"
 	</TT
 >
 	</PRE
+></TD
+></TR
+></TABLE
 ><P
 >The following sample section defines a printable share. 
 	The share is readonly, but printable. That is, the only write 
 	access permitted is via calls to open, write to and close a 
-	spool file. The <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->guest ok</I
-></SPAN
+	spool file. The <EM
+>guest ok</EM
 > parameter means 
 	access will be permitted as the default guest user (specified 
 	elsewhere):</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >	<TT
@@ -212,6 +211,9 @@ CLASS="COMPUTEROUTPUT"
 	</TT
 >
 	</PRE
+></TD
+></TR
+></TABLE
 ></DIV
 ><DIV
 CLASS="REFSECT1"
@@ -269,12 +271,8 @@ NAME="AEN53"
 ></LI
 ></UL
 ><P
->If you decide to use a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->path =</I
-></SPAN
+>If you decide to use a <EM
+>path =</EM
 > line 
 		in your [homes] section then you may find it useful 
 		to use the %S macro. For example :</P
@@ -303,6 +301,12 @@ CLASS="USERINPUT"
 		a normal service section can specify, though some make more sense 
 		than others. The following is a typical and suitable [homes]
 		section:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >		<TT
@@ -312,41 +316,28 @@ CLASS="COMPUTEROUTPUT"
 		</TT
 >
 		</PRE
+></TD
+></TR
+></TABLE
 ><P
 >An important point is that if guest access is specified 
 		in the [homes] section, all home directories will be 
-		visible to all clients <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->without a password</I
-></SPAN
+		visible to all clients <EM
+>without a password</EM
 >. 
 		In the very unlikely event that this is actually desirable, it 
-		would be wise to also specify <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+		would be wise to also specify <EM
 >read only
-		access</I
-></SPAN
+		access</EM
 >.</P
 ><P
->Note that the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->browseable</I
-></SPAN
+>Note that the <EM
+>browseable</EM
 > flag for 
 		auto home directories will be inherited from the global browseable 
 		flag, not the [homes] browseable flag. This is useful as 
-		it means setting <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->browseable = no</I
-></SPAN
+		it means setting <EM
+>browseable = no</EM
 > in
 		the [homes] section will hide the [homes] share but make
 		any auto home directories visible.</P
@@ -406,6 +397,12 @@ NAME="AEN79"
 		world-writeable spool directory with the sticky bit set on 
 		it. A typical [printers] entry would look like 
 		this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 ><TT
@@ -416,12 +413,21 @@ CLASS="COMPUTEROUTPUT"
  			printable = yes 
 		</TT
 ></PRE
+></TD
+></TR
+></TABLE
 ><P
 >All aliases given for a printer in the printcap file 
 		are legitimate printer names as far as the server is concerned. 
 		If your printing subsystem doesn't work like that, you will have 
 		to set up a pseudo-printcap. This is a file consisting of one or 
 		more lines like this:</P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
 ><PRE
 CLASS="SCREEN"
 >		<TT
@@ -430,6 +436,9 @@ CLASS="COMPUTEROUTPUT"
 		</TT
 >
 		</PRE
+></TD
+></TR
+></TABLE
 ><P
 >Each alias should be an acceptable printer name for 
 		your printing subsystem. In the [global] section, specify 
@@ -461,44 +470,24 @@ NAME="AEN102"
 >parameters define the specific attributes of sections.</P
 ><P
 >Some parameters are specific to the [global] section
-	(e.g., <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->security</I
-></SPAN
+	(e.g., <EM
+>security</EM
 >).  Some parameters are usable 
-	in all sections (e.g., <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->create mode</I
-></SPAN
+	in all sections (e.g., <EM
+>create mode</EM
 >). All others 
 	are permissible only in normal sections. For the purposes of the 
 	following descriptions the [homes] and [printers]
-	sections will be considered normal.  The letter <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->G</I
-></SPAN
+	sections will be considered normal.  The letter <EM
+>G</EM
 > 
 	in parentheses indicates that a parameter is specific to the
-	[global] section. The letter <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->S</I
-></SPAN
+	[global] section. The letter <EM
+>S</EM
 >
 	indicates that a parameter can be specified in a service specific
-	section. Note that all <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->S</I
-></SPAN
+	section. Note that all <EM
+>S</EM
 > parameters can also be specified in 
 	the [global] section - in which case they will define
 	the default behavior for all services.</P
@@ -602,7 +591,7 @@ CLASS="VARIABLELIST"
 		to change your config based on what the client calls you. Your 
 		server can have a "dual personality".</P
 ><P
->Note that this parameter is not available when Samba listens
+>Note that this paramater is not available when Samba listens
                 on port 445, as clients no longer send this information </P
 ></DD
 ><DT
@@ -618,12 +607,8 @@ CLASS="VARIABLELIST"
 ><P
 >the name of your NIS home directory server.  
 		This is obtained from your NIS auto.map entry.  If you have 
-		not compiled Samba with the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->--with-automount</I
-></SPAN
+		not compiled Samba with the <EM
+>--with-automount</EM
 > 
 		option then this value will be the same as %L.</P
 ></DD
@@ -727,18 +712,31 @@ NAME="AEN203"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
+>mangling method</DT
+><DD
+><P
+> controls the algorithm used for the generating
+		the mangled names. Can take two different values, "hash" and
+		"hash2". "hash" is  the default and is the algorithm that has been
+		used in Samba for many years. "hash2" is a newer and considered
+		a better algorithm (generates less collisions) in the names.
+		However, many Win32 applications store the
+		mangled names and so changing to the new algorithm must not be done
+		lightly as these applications may break unless reinstalled.
+		New installations of Samba may set the default to hash2.
+		Default <EM
+>hash</EM
+>.</P
+></DD
+><DT
 >mangle case = yes/no</DT
 ><DD
 ><P
 > controls if names that have characters that 
 		aren't of the "default" case are mangled. For example, 
 		if this is yes then a name like "Mail" would be mangled. 
-		Default <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no</I
-></SPAN
+		Default <EM
+>no</EM
 >.</P
 ></DD
 ><DT
@@ -747,12 +745,8 @@ CLASS="EMPHASIS"
 ><P
 >controls whether filenames are case sensitive. If 
 		they aren't then Samba must do a filename search and match on passed 
-		names. Default <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no</I
-></SPAN
+		names. Default <EM
+>no</EM
 >.</P
 ></DD
 ><DT
@@ -760,12 +754,8 @@ CLASS="EMPHASIS"
 ><DD
 ><P
 >controls what the default case is for new 
-		filenames. Default <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->lower</I
-></SPAN
+		filenames. Default <EM
+>lower</EM
 >.</P
 ></DD
 ><DT
@@ -774,12 +764,8 @@ CLASS="EMPHASIS"
 ><P
 >controls if new files are created with the 
 		case that the client passes, or if they are forced to be the 
-		"default" case. Default <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->yes</I
-></SPAN
+		"default" case. Default <EM
+>yes</EM
 >.
 		</P
 ></DD
@@ -792,12 +778,8 @@ CLASS="EMPHASIS"
 		upper case, or if they are forced to be the "default" 
 		case. This option can be use with "preserve case = yes" 
 		to permit long filenames to retain their case, while short names 
-		are lowercased. Default <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->yes</I
-></SPAN
+		are lowercased. Default <EM
+>yes</EM
 >.</P
 ></DD
 ></DL
@@ -809,7 +791,7 @@ CLASS="EMPHASIS"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN236"
+NAME="AEN241"
 ></A
 ><H2
 >NOTE ABOUT USERNAME/PASSWORD VALIDATION</H2
@@ -887,7 +869,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN255"
+NAME="AEN260"
 ></A
 ><H2
 >COMPLETE LIST OF GLOBAL PARAMETERS</H2
@@ -900,11 +882,11 @@ NAME="AEN255"
 ><LI
 ><P
 ><A
-HREF="index.html#ABORTSHUTDOWNSCRIPT"
+HREF="#ADDPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->abort shutdown script</I
+>add printer command</I
 ></TT
 ></A
 ></P
@@ -912,23 +894,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ADDGROUPSCRIPT"
+HREF="#ADDSHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->add group script</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="index.html#ADDPRINTERCOMMAND"
-><TT
-CLASS="PARAMETER"
-><I
->addprinter command</I
+>add share command</I
 ></TT
 ></A
 ></P
@@ -936,11 +906,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ADDSHARECOMMAND"
+HREF="#ADDUSERSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
->add share command</I
+>add user script</I
 ></TT
 ></A
 ></P
@@ -948,11 +918,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ADDUSERSCRIPT"
+HREF="#ALLOWTRUSTEDDOMAINS"
 ><TT
 CLASS="PARAMETER"
 ><I
->add user script</I
+>allow trusted domains</I
 ></TT
 ></A
 ></P
@@ -960,11 +930,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ADDUSERTOGROUPSCRIPT"
+HREF="#ANNOUNCEAS"
 ><TT
 CLASS="PARAMETER"
 ><I
->add user to group script</I
+>announce as</I
 ></TT
 ></A
 ></P
@@ -972,11 +942,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ADDMACHINESCRIPT"
+HREF="#ANNOUNCEVERSION"
 ><TT
 CLASS="PARAMETER"
 ><I
->add machine script</I
+>announce version</I
 ></TT
 ></A
 ></P
@@ -984,11 +954,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETEGROUPSCRIPT"
+HREF="#AUTOSERVICES"
 ><TT
 CLASS="PARAMETER"
 ><I
->delete group script</I
+>auto services</I
 ></TT
 ></A
 ></P
@@ -996,11 +966,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ADSSERVER"
+HREF="#BINDINTERFACESONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
->ads server</I
+>bind interfaces only</I
 ></TT
 ></A
 ></P
@@ -1008,11 +978,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ALGORITHMICRIDBASE"
+HREF="#BROWSELIST"
 ><TT
 CLASS="PARAMETER"
 ><I
->algorithmic rid base</I
+>browse list</I
 ></TT
 ></A
 ></P
@@ -1020,11 +990,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ALLOWTRUSTEDDOMAINS"
+HREF="#CHANGENOTIFYTIMEOUT"
 ><TT
 CLASS="PARAMETER"
 ><I
->allow trusted domains</I
+>change notify timeout</I
 ></TT
 ></A
 ></P
@@ -1032,11 +1002,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ANNOUNCEAS"
+HREF="#CHANGESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->announce as</I
+>change share command</I
 ></TT
 ></A
 ></P
@@ -1044,11 +1014,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ANNOUNCEVERSION"
+HREF="#CHARACTERSET"
 ><TT
 CLASS="PARAMETER"
 ><I
->announce version</I
+>character set</I
 ></TT
 ></A
 ></P
@@ -1056,11 +1026,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#AUTHMETHODS"
+HREF="#CLIENTCODEPAGE"
 ><TT
 CLASS="PARAMETER"
 ><I
->auth methods</I
+>client code page</I
 ></TT
 ></A
 ></P
@@ -1068,11 +1038,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#AUTOSERVICES"
+HREF="#CODEPAGEDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
->auto services</I
+>code page directory</I
 ></TT
 ></A
 ></P
@@ -1080,11 +1050,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#BINDINTERFACESONLY"
+HREF="#CODINGSYSTEM"
 ><TT
 CLASS="PARAMETER"
 ><I
->bind interfaces only</I
+>coding system</I
 ></TT
 ></A
 ></P
@@ -1092,11 +1062,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#BROWSELIST"
+HREF="#CONFIGFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
->browse list</I
+>config file</I
 ></TT
 ></A
 ></P
@@ -1104,11 +1074,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CHANGENOTIFYTIMEOUT"
+HREF="#DEADTIME"
 ><TT
 CLASS="PARAMETER"
 ><I
->change notify timeout</I
+>deadtime</I
 ></TT
 ></A
 ></P
@@ -1116,11 +1086,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CHANGESHARECOMMAND"
+HREF="#DEBUGHIRESTIMESTAMP"
 ><TT
 CLASS="PARAMETER"
 ><I
->change share command</I
+>debug hires timestamp</I
 ></TT
 ></A
 ></P
@@ -1128,11 +1098,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CONFIGFILE"
+HREF="#DEBUGPID"
 ><TT
 CLASS="PARAMETER"
 ><I
->config file</I
+>debug pid</I
 ></TT
 ></A
 ></P
@@ -1140,11 +1110,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEADTIME"
+HREF="#DEBUGTIMESTAMP"
 ><TT
 CLASS="PARAMETER"
 ><I
->deadtime</I
+>debug timestamp</I
 ></TT
 ></A
 ></P
@@ -1152,11 +1122,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEBUGHIRESTIMESTAMP"
+HREF="#DEBUGUID"
 ><TT
 CLASS="PARAMETER"
 ><I
->debug hires timestamp</I
+>debug uid</I
 ></TT
 ></A
 ></P
@@ -1164,11 +1134,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEBUGPID"
+HREF="#DEBUGLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
->debug pid</I
+>debuglevel</I
 ></TT
 ></A
 ></P
@@ -1176,11 +1146,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEBUGTIMESTAMP"
+HREF="#DEFAULT"
 ><TT
 CLASS="PARAMETER"
 ><I
->debug timestamp</I
+>default</I
 ></TT
 ></A
 ></P
@@ -1188,11 +1158,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEBUGUID"
+HREF="#DEFAULTSERVICE"
 ><TT
 CLASS="PARAMETER"
 ><I
->debug uid</I
+>default service</I
 ></TT
 ></A
 ></P
@@ -1200,11 +1170,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEBUGLEVEL"
+HREF="#DELETEPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->debuglevel</I
+>delete printer command</I
 ></TT
 ></A
 ></P
@@ -1212,11 +1182,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEFAULT"
+HREF="#DELETESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->default</I
+>delete share command</I
 ></TT
 ></A
 ></P
@@ -1224,11 +1194,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEFAULTSERVICE"
+HREF="#DELETEUSERSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
->default service</I
+>delete user script</I
 ></TT
 ></A
 ></P
@@ -1236,11 +1206,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETEPRINTERCOMMAND"
+HREF="#DFREECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->deleteprinter command</I
+>dfree command</I
 ></TT
 ></A
 ></P
@@ -1248,11 +1218,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETESHARECOMMAND"
+HREF="#DISABLESPOOLSS"
 ><TT
 CLASS="PARAMETER"
 ><I
->delete share command</I
+>disable spoolss</I
 ></TT
 ></A
 ></P
@@ -1260,11 +1230,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETEUSERSCRIPT"
+HREF="#DNSPROXY"
 ><TT
 CLASS="PARAMETER"
 ><I
->delete user script</I
+>dns proxy</I
 ></TT
 ></A
 ></P
@@ -1272,11 +1242,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETEUSERFROMGROUPSCRIPT"
+HREF="#DOMAINADMINGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
->delete user from group script</I
+>domain admin group</I
 ></TT
 ></A
 ></P
@@ -1284,11 +1254,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DFREECOMMAND"
+HREF="#DOMAINGUESTGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
->dfree command</I
+>domain guest group</I
 ></TT
 ></A
 ></P
@@ -1296,11 +1266,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DISABLENETBIOS"
+HREF="#DOMAINLOGONS"
 ><TT
 CLASS="PARAMETER"
 ><I
->disable netbios</I
+>domain logons</I
 ></TT
 ></A
 ></P
@@ -1308,11 +1278,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DISABLESPOOLSS"
+HREF="#DOMAINMASTER"
 ><TT
 CLASS="PARAMETER"
 ><I
->disable spoolss</I
+>domain master</I
 ></TT
 ></A
 ></P
@@ -1320,11 +1290,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DISPLAYCHARSET"
+HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
->display charset</I
+>encrypt passwords</I
 ></TT
 ></A
 ></P
@@ -1332,11 +1302,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DNSPROXY"
+HREF="#ENHANCEDBROWSING"
 ><TT
 CLASS="PARAMETER"
 ><I
->dns proxy</I
+>enhanced browsing</I
 ></TT
 ></A
 ></P
@@ -1344,11 +1314,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOMAINADMINGROUP"
+HREF="#ENUMPORTSCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain admin group</I
+>enumports command</I
 ></TT
 ></A
 ></P
@@ -1356,11 +1326,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOMAINGUESTGROUP"
+HREF="#GETWDCACHE"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain guest group</I
+>getwd cache</I
 ></TT
 ></A
 ></P
@@ -1368,11 +1338,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOMAINLOGONS"
+HREF="#HIDELOCALUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain logons</I
+>hide local users</I
 ></TT
 ></A
 ></P
@@ -1380,11 +1350,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOMAINMASTER"
+HREF="#HIDEUNREADABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
->domain master</I
+>hide unreadable</I
 ></TT
 ></A
 ></P
@@ -1392,11 +1362,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOSCHARSET"
+HREF="#HOMEDIRMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
->dos charset</I
+>homedir map</I
 ></TT
 ></A
 ></P
@@ -1404,11 +1374,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#HOSTMSDFS"
 ><TT
 CLASS="PARAMETER"
 ><I
->encrypt passwords</I
+>host msdfs</I
 ></TT
 ></A
 ></P
@@ -1416,11 +1386,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ENHANCEDBROWSING"
+HREF="#HOSTSEQUIV"
 ><TT
 CLASS="PARAMETER"
 ><I
->enhanced browsing</I
+>hosts equiv</I
 ></TT
 ></A
 ></P
@@ -1428,11 +1398,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ENUMPORTSCOMMAND"
+HREF="#INTERFACES"
 ><TT
 CLASS="PARAMETER"
 ><I
->enumports command</I
+>interfaces</I
 ></TT
 ></A
 ></P
@@ -1440,11 +1410,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#GETWDCACHE"
+HREF="#KEEPALIVE"
 ><TT
 CLASS="PARAMETER"
 ><I
->getwd cache</I
+>keepalive</I
 ></TT
 ></A
 ></P
@@ -1452,11 +1422,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HIDELOCALUSERS"
+HREF="#KERNELOPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
->hide local users</I
+>kernel oplocks</I
 ></TT
 ></A
 ></P
@@ -1464,11 +1434,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HIDEUNREADABLE"
+HREF="#LANMANAUTH"
 ><TT
 CLASS="PARAMETER"
 ><I
->hide unreadable</I
+>lanman auth</I
 ></TT
 ></A
 ></P
@@ -1476,11 +1446,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HIDEUNWRITEABLEFILES"
+HREF="#LARGEREADWRITE"
 ><TT
 CLASS="PARAMETER"
 ><I
->hide unwriteable files</I
+>large readwrite</I
 ></TT
 ></A
 ></P
@@ -1488,11 +1458,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HOMEDIRMAP"
+HREF="#LDAPADMINDN"
 ><TT
 CLASS="PARAMETER"
 ><I
->homedir map</I
+>ldap admin dn</I
 ></TT
 ></A
 ></P
@@ -1500,11 +1470,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HOSTMSDFS"
+HREF="#LDAPFILTER"
 ><TT
 CLASS="PARAMETER"
 ><I
->host msdfs</I
+>ldap filter</I
 ></TT
 ></A
 ></P
@@ -1512,11 +1482,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HOSTNAMELOOKUPS"
+HREF="#LDAPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
->hostname lookups</I
+>ldap port</I
 ></TT
 ></A
 ></P
@@ -1524,11 +1494,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HOSTSEQUIV"
+HREF="#LDAPSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
->hosts equiv</I
+>ldap server</I
 ></TT
 ></A
 ></P
@@ -1536,11 +1506,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#INTERFACES"
+HREF="#LDAPSSL"
 ><TT
 CLASS="PARAMETER"
 ><I
->interfaces</I
+>ldap ssl</I
 ></TT
 ></A
 ></P
@@ -1548,11 +1518,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#KEEPALIVE"
+HREF="#LDAPSUFFIX"
 ><TT
 CLASS="PARAMETER"
 ><I
->keepalive</I
+>ldap suffix</I
 ></TT
 ></A
 ></P
@@ -1560,11 +1530,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#KERNELOPLOCKS"
+HREF="#LMANNOUNCE"
 ><TT
 CLASS="PARAMETER"
 ><I
->kernel oplocks</I
+>lm announce</I
 ></TT
 ></A
 ></P
@@ -1572,11 +1542,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LANMANAUTH"
+HREF="#LMINTERVAL"
 ><TT
 CLASS="PARAMETER"
 ><I
->lanman auth</I
+>lm interval</I
 ></TT
 ></A
 ></P
@@ -1584,11 +1554,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LARGEREADWRITE"
+HREF="#LOADPRINTERS"
 ><TT
 CLASS="PARAMETER"
 ><I
->large readwrite</I
+>load printers</I
 ></TT
 ></A
 ></P
@@ -1596,11 +1566,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LDAPADMINDN"
+HREF="#LOCALMASTER"
 ><TT
 CLASS="PARAMETER"
 ><I
->ldap admin dn</I
+>local master</I
 ></TT
 ></A
 ></P
@@ -1608,11 +1578,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LDAPFILTER"
+HREF="#LOCKDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
->ldap filter</I
+>lock dir</I
 ></TT
 ></A
 ></P
@@ -1620,11 +1590,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LDAPSSL"
+HREF="#LOCKDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
->ldap ssl</I
+>lock directory</I
 ></TT
 ></A
 ></P
@@ -1632,11 +1602,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LDAPSUFFIX"
+HREF="#LOCKSPINCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
->ldap suffix</I
+>lock spin count</I
 ></TT
 ></A
 ></P
@@ -1644,11 +1614,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LDAPUSERSUFFIX"
+HREF="#LOCKSPINTIME"
 ><TT
 CLASS="PARAMETER"
 ><I
->ldap suffix</I
+>lock spin time</I
 ></TT
 ></A
 ></P
@@ -1656,11 +1626,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LDAPMACHINESUFFIX"
+HREF="#PIDDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
->ldap suffix</I
+>pid directory</I
 ></TT
 ></A
 ></P
@@ -1668,11 +1638,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LMANNOUNCE"
+HREF="#LOGFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
->lm announce</I
+>log file</I
 ></TT
 ></A
 ></P
@@ -1680,11 +1650,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LMINTERVAL"
+HREF="#LOGLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
->lm interval</I
+>log level</I
 ></TT
 ></A
 ></P
@@ -1692,11 +1662,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOADPRINTERS"
+HREF="#LOGONDRIVE"
 ><TT
 CLASS="PARAMETER"
 ><I
->load printers</I
+>logon drive</I
 ></TT
 ></A
 ></P
@@ -1704,11 +1674,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOCALMASTER"
+HREF="#LOGONHOME"
 ><TT
 CLASS="PARAMETER"
 ><I
->local master</I
+>logon home</I
 ></TT
 ></A
 ></P
@@ -1716,11 +1686,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOCKDIR"
+HREF="#LOGONPATH"
 ><TT
 CLASS="PARAMETER"
 ><I
->lock dir</I
+>logon path</I
 ></TT
 ></A
 ></P
@@ -1728,11 +1698,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOCKDIRECTORY"
+HREF="#LOGONSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
->lock directory</I
+>logon script</I
 ></TT
 ></A
 ></P
@@ -1740,11 +1710,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOCKSPINCOUNT"
+HREF="#LPQCACHETIME"
 ><TT
 CLASS="PARAMETER"
 ><I
->lock spin count</I
+>lpq cache time</I
 ></TT
 ></A
 ></P
@@ -1752,11 +1722,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOCKSPINTIME"
+HREF="#MACHINEPASSWORDTIMEOUT"
 ><TT
 CLASS="PARAMETER"
 ><I
->lock spin time</I
+>machine password timeout</I
 ></TT
 ></A
 ></P
@@ -1764,11 +1734,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PIDDIRECTORY"
+HREF="#MANGLEDSTACK"
 ><TT
 CLASS="PARAMETER"
 ><I
->pid directory</I
+>mangled stack</I
 ></TT
 ></A
 ></P
@@ -1776,11 +1746,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOGFILE"
+HREF="#MANGLINGMETHOD"
 ><TT
 CLASS="PARAMETER"
 ><I
->log file</I
+>mangling method</I
 ></TT
 ></A
 ></P
@@ -1788,11 +1758,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOGLEVEL"
+HREF="#MAPTOGUEST"
 ><TT
 CLASS="PARAMETER"
 ><I
->log level</I
+>map to guest</I
 ></TT
 ></A
 ></P
@@ -1800,11 +1770,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOGONDRIVE"
+HREF="#MAXDISKSIZE"
 ><TT
 CLASS="PARAMETER"
 ><I
->logon drive</I
+>max disk size</I
 ></TT
 ></A
 ></P
@@ -1812,11 +1782,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOGONHOME"
+HREF="#MAXLOGSIZE"
 ><TT
 CLASS="PARAMETER"
 ><I
->logon home</I
+>max log size</I
 ></TT
 ></A
 ></P
@@ -1824,11 +1794,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOGONPATH"
+HREF="#MAXMUX"
 ><TT
 CLASS="PARAMETER"
 ><I
->logon path</I
+>max mux</I
 ></TT
 ></A
 ></P
@@ -1836,11 +1806,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOGONSCRIPT"
+HREF="#MAXOPENFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
->logon script</I
+>max open files</I
 ></TT
 ></A
 ></P
@@ -1848,11 +1818,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LPQCACHETIME"
+HREF="#MAXPROTOCOL"
 ><TT
 CLASS="PARAMETER"
 ><I
->lpq cache time</I
+>max protocol</I
 ></TT
 ></A
 ></P
@@ -1860,11 +1830,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MACHINEPASSWORDTIMEOUT"
+HREF="#MAXSMBDPROCESSES"
 ><TT
 CLASS="PARAMETER"
 ><I
->machine password timeout</I
+>max smbd processes</I
 ></TT
 ></A
 ></P
@@ -1872,11 +1842,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MANGLEDSTACK"
+HREF="#MAXTTL"
 ><TT
 CLASS="PARAMETER"
 ><I
->mangled stack</I
+>max ttl</I
 ></TT
 ></A
 ></P
@@ -1884,11 +1854,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAPTOGUEST"
+HREF="#MAXWINSTTL"
 ><TT
 CLASS="PARAMETER"
 ><I
->map to guest</I
+>max wins ttl</I
 ></TT
 ></A
 ></P
@@ -1896,11 +1866,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXDISKSIZE"
+HREF="#MAXXMIT"
 ><TT
 CLASS="PARAMETER"
 ><I
->max disk size</I
+>max xmit</I
 ></TT
 ></A
 ></P
@@ -1908,11 +1878,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXLOGSIZE"
+HREF="#MESSAGECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->max log size</I
+>message command</I
 ></TT
 ></A
 ></P
@@ -1920,11 +1890,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXMUX"
+HREF="#MINPASSWDLENGTH"
 ><TT
 CLASS="PARAMETER"
 ><I
->max mux</I
+>min passwd length</I
 ></TT
 ></A
 ></P
@@ -1932,11 +1902,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXOPENFILES"
+HREF="#MINPASSWORDLENGTH"
 ><TT
 CLASS="PARAMETER"
 ><I
->max open files</I
+>min password length</I
 ></TT
 ></A
 ></P
@@ -1944,11 +1914,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXPROTOCOL"
+HREF="#MINPROTOCOL"
 ><TT
 CLASS="PARAMETER"
 ><I
->max protocol</I
+>min protocol</I
 ></TT
 ></A
 ></P
@@ -1956,11 +1926,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXSMBDPROCESSES"
+HREF="#MINWINSTTL"
 ><TT
 CLASS="PARAMETER"
 ><I
->max smbd processes</I
+>min wins ttl</I
 ></TT
 ></A
 ></P
@@ -1968,11 +1938,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXTTL"
+HREF="#NAMERESOLVEORDER"
 ><TT
 CLASS="PARAMETER"
 ><I
->max ttl</I
+>name resolve order</I
 ></TT
 ></A
 ></P
@@ -1980,11 +1950,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXWINSTTL"
+HREF="#NETBIOSALIASES"
 ><TT
 CLASS="PARAMETER"
 ><I
->max wins ttl</I
+>netbios aliases</I
 ></TT
 ></A
 ></P
@@ -1992,11 +1962,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXXMIT"
+HREF="#NETBIOSNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
->max xmit</I
+>netbios name</I
 ></TT
 ></A
 ></P
@@ -2004,11 +1974,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MESSAGECOMMAND"
+HREF="#NETBIOSSCOPE"
 ><TT
 CLASS="PARAMETER"
 ><I
->message command</I
+>netbios scope</I
 ></TT
 ></A
 ></P
@@ -2016,11 +1986,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MINPASSWDLENGTH"
+HREF="#NISHOMEDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
->min passwd length</I
+>nis homedir</I
 ></TT
 ></A
 ></P
@@ -2028,11 +1998,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MINPASSWORDLENGTH"
+HREF="#NTPIPESUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
->min password length</I
+>nt pipe support</I
 ></TT
 ></A
 ></P
@@ -2040,11 +2010,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MINPROTOCOL"
+HREF="#NTSMBSUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
->min protocol</I
+>nt smb support</I
 ></TT
 ></A
 ></P
@@ -2052,11 +2022,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MINWINSTTL"
+HREF="#NTSTATUSSUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
->min wins ttl</I
+>nt status support</I
 ></TT
 ></A
 ></P
@@ -2064,11 +2034,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NAMECACHETIMEOUT"
+HREF="#NULLPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
->name cache timeout</I
+>null passwords</I
 ></TT
 ></A
 ></P
@@ -2076,11 +2046,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NAMERESOLVEORDER"
+HREF="#OBEYPAMRESTRICTIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
->name resolve order</I
+>obey pam restrictions</I
 ></TT
 ></A
 ></P
@@ -2088,11 +2058,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NETBIOSALIASES"
+HREF="#OPLOCKBREAKWAITTIME"
 ><TT
 CLASS="PARAMETER"
 ><I
->netbios aliases</I
+>oplock break wait time</I
 ></TT
 ></A
 ></P
@@ -2100,11 +2070,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NETBIOSNAME"
+HREF="#OSLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
->netbios name</I
+>os level</I
 ></TT
 ></A
 ></P
@@ -2112,11 +2082,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NETBIOSSCOPE"
+HREF="#OS2DRIVERMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
->netbios scope</I
+>os2 driver map</I
 ></TT
 ></A
 ></P
@@ -2124,11 +2094,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NISHOMEDIR"
+HREF="#PAMPASSWORDCHANGE"
 ><TT
 CLASS="PARAMETER"
 ><I
->nis homedir</I
+>pam password change</I
 ></TT
 ></A
 ></P
@@ -2136,11 +2106,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NTLMAUTH"
+HREF="#PANICACTION"
 ><TT
 CLASS="PARAMETER"
 ><I
->ntlm auth</I
+>panic action</I
 ></TT
 ></A
 ></P
@@ -2148,11 +2118,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NONUNIXACCOUNTRANGE"
+HREF="#PASSWDCHAT"
 ><TT
 CLASS="PARAMETER"
 ><I
->non unix account range</I
+>passwd chat</I
 ></TT
 ></A
 ></P
@@ -2160,11 +2130,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NTPIPESUPPORT"
+HREF="#PASSWDCHATDEBUG"
 ><TT
 CLASS="PARAMETER"
 ><I
->nt pipe support</I
+>passwd chat debug</I
 ></TT
 ></A
 ></P
@@ -2172,11 +2142,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NTSTATUSSUPPORT"
+HREF="#PASSWDPROGRAM"
 ><TT
 CLASS="PARAMETER"
 ><I
->nt status support</I
+>passwd program</I
 ></TT
 ></A
 ></P
@@ -2184,11 +2154,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NULLPASSWORDS"
+HREF="#PASSWORDLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
->null passwords</I
+>password level</I
 ></TT
 ></A
 ></P
@@ -2196,11 +2166,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#OBEYPAMRESTRICTIONS"
+HREF="#PASSWORDSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
->obey pam restrictions</I
+>password server</I
 ></TT
 ></A
 ></P
@@ -2208,11 +2178,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#OPLOCKBREAKWAITTIME"
+HREF="#PREFEREDMASTER"
 ><TT
 CLASS="PARAMETER"
 ><I
->oplock break wait time</I
+>prefered master</I
 ></TT
 ></A
 ></P
@@ -2220,11 +2190,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#OSLEVEL"
+HREF="#PREFERREDMASTER"
 ><TT
 CLASS="PARAMETER"
 ><I
->os level</I
+>preferred master</I
 ></TT
 ></A
 ></P
@@ -2232,11 +2202,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#OS2DRIVERMAP"
+HREF="#PRELOAD"
 ><TT
 CLASS="PARAMETER"
 ><I
->os2 driver map</I
+>preload</I
 ></TT
 ></A
 ></P
@@ -2244,11 +2214,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PAMPASSWORDCHANGE"
+HREF="#PRINTCAP"
 ><TT
 CLASS="PARAMETER"
 ><I
->pam password change</I
+>printcap</I
 ></TT
 ></A
 ></P
@@ -2256,11 +2226,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PANICACTION"
+HREF="#PRINTCAPNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
->panic action</I
+>printcap name</I
 ></TT
 ></A
 ></P
@@ -2268,11 +2238,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PARANOIDSERVERSECURITY"
+HREF="#PRINTERDRIVERFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
->paranoid server security</I
+>printer driver file</I
 ></TT
 ></A
 ></P
@@ -2280,11 +2250,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PASSDBBACKEND"
+HREF="#PROTOCOL"
 ><TT
 CLASS="PARAMETER"
 ><I
->passdb backend</I
+>protocol</I
 ></TT
 ></A
 ></P
@@ -2292,11 +2262,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PASSWDCHAT"
+HREF="#READBMPX"
 ><TT
 CLASS="PARAMETER"
 ><I
->passwd chat</I
+>read bmpx</I
 ></TT
 ></A
 ></P
@@ -2304,11 +2274,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PASSWDCHATDEBUG"
+HREF="#READRAW"
 ><TT
 CLASS="PARAMETER"
 ><I
->passwd chat debug</I
+>read raw</I
 ></TT
 ></A
 ></P
@@ -2316,11 +2286,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#READSIZE"
 ><TT
 CLASS="PARAMETER"
 ><I
->passwd program</I
+>read size</I
 ></TT
 ></A
 ></P
@@ -2328,11 +2298,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PASSWORDLEVEL"
+HREF="#REMOTEANNOUNCE"
 ><TT
 CLASS="PARAMETER"
 ><I
->password level</I
+>remote announce</I
 ></TT
 ></A
 ></P
@@ -2340,11 +2310,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PASSWORDSERVER"
+HREF="#REMOTEBROWSESYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
->password server</I
+>remote browse sync</I
 ></TT
 ></A
 ></P
@@ -2352,11 +2322,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PREFEREDMASTER"
+HREF="#RESTRICTANONYMOUS"
 ><TT
 CLASS="PARAMETER"
 ><I
->prefered master</I
+>restrict anonymous</I
 ></TT
 ></A
 ></P
@@ -2364,11 +2334,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PREFERREDMASTER"
+HREF="#ROOT"
 ><TT
 CLASS="PARAMETER"
 ><I
->preferred master</I
+>root</I
 ></TT
 ></A
 ></P
@@ -2376,11 +2346,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRELOAD"
+HREF="#ROOTDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
->preload</I
+>root dir</I
 ></TT
 ></A
 ></P
@@ -2388,11 +2358,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTCAP"
+HREF="#ROOTDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
->printcap</I
+>root directory</I
 ></TT
 ></A
 ></P
@@ -2400,11 +2370,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTCAPNAME"
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
->printcap name</I
+>security</I
 ></TT
 ></A
 ></P
@@ -2412,11 +2382,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTERDRIVERFILE"
+HREF="#SERVERSTRING"
 ><TT
 CLASS="PARAMETER"
 ><I
->printer driver file</I
+>server string</I
 ></TT
 ></A
 ></P
@@ -2424,11 +2394,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRIVATEDIR"
+HREF="#SHOWADDPRINTERWIZARD"
 ><TT
 CLASS="PARAMETER"
 ><I
->private dir</I
+>show add printer wizard</I
 ></TT
 ></A
 ></P
@@ -2436,11 +2406,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PROTOCOL"
+HREF="#SMBPASSWDFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
->protocol</I
+>smb passwd file</I
 ></TT
 ></A
 ></P
@@ -2448,11 +2418,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#READBMPX"
+HREF="#SOCKETADDRESS"
 ><TT
 CLASS="PARAMETER"
 ><I
->read bmpx</I
+>socket address</I
 ></TT
 ></A
 ></P
@@ -2460,11 +2430,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#READRAW"
+HREF="#SOCKETOPTIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
->read raw</I
+>socket options</I
 ></TT
 ></A
 ></P
@@ -2472,11 +2442,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#READSIZE"
+HREF="#SOURCEENVIRONMENT"
 ><TT
 CLASS="PARAMETER"
 ><I
->read size</I
+>source environment</I
 ></TT
 ></A
 ></P
@@ -2484,11 +2454,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#REALM"
+HREF="#SSL"
 ><TT
 CLASS="PARAMETER"
 ><I
->realm</I
+>ssl</I
 ></TT
 ></A
 ></P
@@ -2496,11 +2466,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#REMOTEANNOUNCE"
+HREF="#SSLCACERTDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
->remote announce</I
+>ssl CA certDir</I
 ></TT
 ></A
 ></P
@@ -2508,11 +2478,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#REMOTEBROWSESYNC"
+HREF="#SSLCACERTFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
->remote browse sync</I
+>ssl CA certFile</I
 ></TT
 ></A
 ></P
@@ -2520,11 +2490,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#RESTRICTANONYMOUS"
+HREF="#SSLCIPHERS"
 ><TT
 CLASS="PARAMETER"
 ><I
->restrict anonymous</I
+>ssl ciphers</I
 ></TT
 ></A
 ></P
@@ -2532,11 +2502,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ROOT"
+HREF="#SSLCLIENTCERT"
 ><TT
 CLASS="PARAMETER"
 ><I
->root</I
+>ssl client cert</I
 ></TT
 ></A
 ></P
@@ -2544,11 +2514,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ROOTDIR"
+HREF="#SSLCLIENTKEY"
 ><TT
 CLASS="PARAMETER"
 ><I
->root dir</I
+>ssl client key</I
 ></TT
 ></A
 ></P
@@ -2556,11 +2526,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ROOTDIRECTORY"
+HREF="#SSLCOMPATIBILITY"
 ><TT
 CLASS="PARAMETER"
 ><I
->root directory</I
+>ssl compatibility</I
 ></TT
 ></A
 ></P
@@ -2568,11 +2538,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SECURITY"
+HREF="#SSLEGDSOCKET"
 ><TT
 CLASS="PARAMETER"
 ><I
->security</I
+>ssl egd socket</I
 ></TT
 ></A
 ></P
@@ -2580,11 +2550,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SERVERSTRING"
+HREF="#SSLENTROPYBYTES"
 ><TT
 CLASS="PARAMETER"
 ><I
->server string</I
+>ssl entropy bytes</I
 ></TT
 ></A
 ></P
@@ -2592,11 +2562,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SHOWADDPRINTERWIZARD"
+HREF="#SSLENTROPYFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
->show add printer wizard</I
+>ssl entropy file</I
 ></TT
 ></A
 ></P
@@ -2604,11 +2574,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SHUTDOWNSCRIPT"
+HREF="#SSLHOSTS"
 ><TT
 CLASS="PARAMETER"
 ><I
->shutdown script</I
+>ssl hosts</I
 ></TT
 ></A
 ></P
@@ -2616,11 +2586,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SMBPASSWDFILE"
+HREF="#SSLHOSTSRESIGN"
 ><TT
 CLASS="PARAMETER"
 ><I
->smb passwd file</I
+>ssl hosts resign</I
 ></TT
 ></A
 ></P
@@ -2628,11 +2598,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SMBPORTS"
+HREF="#SSLREQUIRECLIENTCERT"
 ><TT
 CLASS="PARAMETER"
 ><I
->smb ports</I
+>ssl require clientcert</I
 ></TT
 ></A
 ></P
@@ -2640,11 +2610,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SOCKETADDRESS"
+HREF="#SSLREQUIRESERVERCERT"
 ><TT
 CLASS="PARAMETER"
 ><I
->socket address</I
+>ssl require servercert</I
 ></TT
 ></A
 ></P
@@ -2652,11 +2622,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SOCKETOPTIONS"
+HREF="#SSLSERVERCERT"
 ><TT
 CLASS="PARAMETER"
 ><I
->socket options</I
+>ssl server cert</I
 ></TT
 ></A
 ></P
@@ -2664,11 +2634,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SOURCEENVIRONMENT"
+HREF="#SSLSERVERKEY"
 ><TT
 CLASS="PARAMETER"
 ><I
->source environment</I
+>ssl server key</I
 ></TT
 ></A
 ></P
@@ -2676,11 +2646,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SPNEGO"
+HREF="#SSLVERSION"
 ><TT
 CLASS="PARAMETER"
 ><I
->use spnego</I
+>ssl version</I
 ></TT
 ></A
 ></P
@@ -2688,7 +2658,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STATCACHE"
+HREF="#STATCACHE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2700,7 +2670,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STATCACHESIZE"
+HREF="#STATCACHESIZE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2712,7 +2682,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STRIPDOT"
+HREF="#STRIPDOT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2724,7 +2694,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SYSLOG"
+HREF="#SYSLOG"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2736,7 +2706,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SYSLOGONLY"
+HREF="#SYSLOGONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2748,7 +2718,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#TEMPLATEHOMEDIR"
+HREF="#TEMPLATEHOMEDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2760,7 +2730,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#TEMPLATESHELL"
+HREF="#TEMPLATESHELL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2772,7 +2742,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#TIMEOFFSET"
+HREF="#TIMEOFFSET"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2784,7 +2754,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#TIMESERVER"
+HREF="#TIMESERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2796,7 +2766,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#TIMESTAMPLOGS"
+HREF="#TIMESTAMPLOGS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2808,7 +2778,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#TOTALPRINTJOBS"
+HREF="#TOTALPRINTJOBS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2820,31 +2790,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#UNICODE"
-><TT
-CLASS="PARAMETER"
-><I
->unicode</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="index.html#UNIXCHARSET"
-><TT
-CLASS="PARAMETER"
-><I
->unix charset</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="index.html#UNIXEXTENSIONS"
+HREF="#UNIXEXTENSIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2856,7 +2802,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#UNIXPASSWORDSYNC"
+HREF="#UNIXPASSWORDSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2868,7 +2814,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#UPDATEENCRYPTED"
+HREF="#UPDATEENCRYPTED"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2880,7 +2826,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USEMMAP"
+HREF="#USEMMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2892,7 +2838,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USERHOSTS"
+HREF="#USERHOSTS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2904,7 +2850,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USERNAMELEVEL"
+HREF="#USERNAMELEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2916,7 +2862,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USERNAMEMAP"
+HREF="#USERNAMEMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2928,7 +2874,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#UTMP"
+HREF="#UTMP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2940,7 +2886,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#UTMPDIRECTORY"
+HREF="#UTMPDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2952,11 +2898,11 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WTMPDIRECTORY"
+HREF="#VALIDCHARS"
 ><TT
 CLASS="PARAMETER"
 ><I
->wtmp directory</I
+>valid chars</I
 ></TT
 ></A
 ></P
@@ -2964,7 +2910,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDCACHETIME"
+HREF="#WINBINDCACHETIME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2976,7 +2922,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDENUMUSERS"
+HREF="#WINBINDENUMUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -2988,7 +2934,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDENUMGROUPS"
+HREF="#WINBINDENUMGROUPS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3000,7 +2946,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDGID"
+HREF="#WINBINDGID"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3012,7 +2958,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDSEPARATOR"
+HREF="#WINBINDSEPARATOR"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3024,7 +2970,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDUID"
+HREF="#WINBINDUID"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3036,7 +2982,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINBINDUSEDEFAULTDOMAIN"
+HREF="#WINBINDUSEDEFAULTDOMAIN"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3048,7 +2994,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINSHOOK"
+HREF="#WINSHOOK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3060,19 +3006,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINSPARTNERS"
-><TT
-CLASS="PARAMETER"
-><I
->wins partners</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="index.html#WINSPROXY"
+HREF="#WINSPROXY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3084,7 +3018,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINSSERVER"
+HREF="#WINSSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3096,7 +3030,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WINSSUPPORT"
+HREF="#WINSSUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3108,7 +3042,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WORKGROUP"
+HREF="#WORKGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3120,7 +3054,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WRITERAW"
+HREF="#WRITERAW"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3134,7 +3068,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN1003"
+NAME="AEN992"
 ></A
 ><H2
 >COMPLETE LIST OF SERVICE PARAMETERS</H2
@@ -3147,7 +3081,7 @@ NAME="AEN1003"
 ><LI
 ><P
 ><A
-HREF="index.html#ADMINUSERS"
+HREF="#ADMINUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3159,7 +3093,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ALLOWHOSTS"
+HREF="#ALLOWHOSTS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3171,7 +3105,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#AVAILABLE"
+HREF="#AVAILABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3183,7 +3117,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#BLOCKINGLOCKS"
+HREF="#BLOCKINGLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3195,7 +3129,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#BLOCKSIZE"
+HREF="#BLOCKSIZE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3207,7 +3141,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#BROWSABLE"
+HREF="#BROWSABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3219,7 +3153,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#BROWSEABLE"
+HREF="#BROWSEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3231,7 +3165,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CASESENSITIVE"
+HREF="#CASESENSITIVE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3243,7 +3177,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CASESIGNAMES"
+HREF="#CASESIGNAMES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3255,7 +3189,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#COMMENT"
+HREF="#COMMENT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3267,7 +3201,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#COPY"
+HREF="#COPY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3279,7 +3213,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3291,7 +3225,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CREATEMODE"
+HREF="#CREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3303,7 +3237,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#CSCPOLICY"
+HREF="#CSCPOLICY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3315,7 +3249,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEFAULTCASE"
+HREF="#DEFAULTCASE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3327,7 +3261,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DEFAULTDEVMODE"
+HREF="#DEFAULTDEVMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3339,7 +3273,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETEREADONLY"
+HREF="#DELETEREADONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3351,7 +3285,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DELETEVETOFILES"
+HREF="#DELETEVETOFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3363,7 +3297,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DENYHOSTS"
+HREF="#DENYHOSTS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3375,7 +3309,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DIRECTORY"
+HREF="#DIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3387,7 +3321,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DIRECTORYMASK"
+HREF="#DIRECTORYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3399,7 +3333,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DIRECTORYMODE"
+HREF="#DIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3411,7 +3345,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DIRECTORYSECURITYMASK"
+HREF="#DIRECTORYSECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3423,7 +3357,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DONTDESCEND"
+HREF="#DONTDESCEND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3435,7 +3369,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOSFILEMODE"
+HREF="#DOSFILEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3447,7 +3381,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOSFILETIMERESOLUTION"
+HREF="#DOSFILETIMERESOLUTION"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3459,7 +3393,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#DOSFILETIMES"
+HREF="#DOSFILETIMES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3471,7 +3405,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#EXEC"
+HREF="#EXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3483,7 +3417,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FAKEDIRECTORYCREATETIMES"
+HREF="#FAKEDIRECTORYCREATETIMES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3495,7 +3429,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FAKEOPLOCKS"
+HREF="#FAKEOPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3507,7 +3441,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FOLLOWSYMLINKS"
+HREF="#FOLLOWSYMLINKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3519,7 +3453,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FORCECREATEMODE"
+HREF="#FORCECREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3531,7 +3465,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FORCEDIRECTORYMODE"
+HREF="#FORCEDIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3543,7 +3477,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FORCEDIRECTORYSECURITYMODE"
+HREF="#FORCEDIRECTORYSECURITYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3555,7 +3489,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FORCEGROUP"
+HREF="#FORCEGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3567,7 +3501,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FORCESECURITYMODE"
+HREF="#FORCESECURITYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3579,7 +3513,19 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FORCEUSER"
+HREF="#FORCEUNKNOWNACLUSER"
+><TT
+CLASS="PARAMETER"
+><I
+>force unknown acl user</I
+></TT
+></A
+></P
+></LI
+><LI
+><P
+><A
+HREF="#FORCEUSER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3591,7 +3537,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#FSTYPE"
+HREF="#FSTYPE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3603,7 +3549,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#GROUP"
+HREF="#GROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3615,7 +3561,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3627,7 +3573,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#GUESTOK"
+HREF="#GUESTOK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3639,7 +3585,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#GUESTONLY"
+HREF="#GUESTONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3651,7 +3597,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HIDEDOTFILES"
+HREF="#HIDEDOTFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3663,7 +3609,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HIDEFILES"
+HREF="#HIDEFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3675,7 +3621,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HOSTSALLOW"
+HREF="#HOSTSALLOW"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3687,7 +3633,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#HOSTSDENY"
+HREF="#HOSTSDENY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3699,7 +3645,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#INCLUDE"
+HREF="#INCLUDE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3711,7 +3657,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#INHERITACLS"
+HREF="#INHERITACLS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3723,7 +3669,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#INHERITPERMISSIONS"
+HREF="#INHERITPERMISSIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3735,7 +3681,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#INVALIDUSERS"
+HREF="#INVALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3747,7 +3693,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LEVEL2OPLOCKS"
+HREF="#LEVEL2OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3759,7 +3705,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LOCKING"
+HREF="#LOCKING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3771,7 +3717,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LPPAUSECOMMAND"
+HREF="#LPPAUSECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3783,7 +3729,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LPQCOMMAND"
+HREF="#LPQCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3795,7 +3741,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LPRESUMECOMMAND"
+HREF="#LPRESUMECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3807,7 +3753,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#LPRMCOMMAND"
+HREF="#LPRMCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3819,7 +3765,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAGICOUTPUT"
+HREF="#MAGICOUTPUT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3831,7 +3777,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAGICSCRIPT"
+HREF="#MAGICSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3843,7 +3789,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MANGLECASE"
+HREF="#MANGLECASE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3855,7 +3801,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MANGLEDMAP"
+HREF="#MANGLEDMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3867,7 +3813,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MANGLEDNAMES"
+HREF="#MANGLEDNAMES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3879,7 +3825,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MANGLINGCHAR"
+HREF="#MANGLINGCHAR"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3891,19 +3837,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MANGLINGMETHOD"
-><TT
-CLASS="PARAMETER"
-><I
->mangling method</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="index.html#MAPARCHIVE"
+HREF="#MAPARCHIVE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3915,7 +3849,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAPHIDDEN"
+HREF="#MAPHIDDEN"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3927,7 +3861,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAPSYSTEM"
+HREF="#MAPSYSTEM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3939,7 +3873,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXCONNECTIONS"
+HREF="#MAXCONNECTIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3951,7 +3885,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MAXPRINTJOBS"
+HREF="#MAXPRINTJOBS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3963,7 +3897,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MINPRINTSPACE"
+HREF="#MINPRINTSPACE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3975,7 +3909,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#MSDFSROOT"
+HREF="#MSDFSROOT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3987,7 +3921,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#NTACLSUPPORT"
+HREF="#NTACLSUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -3999,7 +3933,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ONLYGUEST"
+HREF="#ONLYGUEST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4011,7 +3945,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ONLYUSER"
+HREF="#ONLYUSER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4023,7 +3957,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#OPLOCKCONTENTIONLIMIT"
+HREF="#OPLOCKCONTENTIONLIMIT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4035,7 +3969,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4047,7 +3981,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PATH"
+HREF="#PATH"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4059,7 +3993,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#POSIXLOCKING"
+HREF="#POSIXLOCKING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4071,7 +4005,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#POSTEXEC"
+HREF="#POSTEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4083,7 +4017,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#POSTSCRIPT"
+HREF="#POSTSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4095,7 +4029,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PREEXEC"
+HREF="#PREEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4107,7 +4041,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PREEXECCLOSE"
+HREF="#PREEXECCLOSE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4119,7 +4053,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRESERVECASE"
+HREF="#PRESERVECASE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4131,7 +4065,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTCOMMAND"
+HREF="#PRINTCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4143,7 +4077,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTOK"
+HREF="#PRINTOK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4155,7 +4089,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTABLE"
+HREF="#PRINTABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4167,7 +4101,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTER"
+HREF="#PRINTER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4179,7 +4113,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTERADMIN"
+HREF="#PRINTERADMIN"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4191,7 +4125,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTERDRIVER"
+HREF="#PRINTERDRIVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4203,7 +4137,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTERDRIVERLOCATION"
+HREF="#PRINTERDRIVERLOCATION"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4215,7 +4149,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTERNAME"
+HREF="#PRINTERNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4227,7 +4161,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4239,7 +4173,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#PUBLIC"
+HREF="#PUBLIC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4251,7 +4185,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#QUEUEPAUSECOMMAND"
+HREF="#QUEUEPAUSECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4263,7 +4197,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#QUEUERESUMECOMMAND"
+HREF="#QUEUERESUMECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4275,7 +4209,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#READLIST"
+HREF="#READLIST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4287,7 +4221,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#READONLY"
+HREF="#READONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4299,7 +4233,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ROOTPOSTEXEC"
+HREF="#ROOTPOSTEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4311,7 +4245,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ROOTPREEXEC"
+HREF="#ROOTPREEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4323,7 +4257,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#ROOTPREEXECCLOSE"
+HREF="#ROOTPREEXECCLOSE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4335,7 +4269,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SECURITYMASK"
+HREF="#SECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4347,7 +4281,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SETDIRECTORY"
+HREF="#SETDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4359,7 +4293,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SHAREMODES"
+HREF="#SHAREMODES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4371,7 +4305,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SHORTPRESERVECASE"
+HREF="#SHORTPRESERVECASE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4383,7 +4317,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STATUS"
+HREF="#STATUS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4395,7 +4329,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STRICTALLOCATE"
+HREF="#STRICTALLOCATE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4407,7 +4341,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STRICTLOCKING"
+HREF="#STRICTLOCKING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4419,7 +4353,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#STRICTSYNC"
+HREF="#STRICTSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4431,7 +4365,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#SYNCALWAYS"
+HREF="#SYNCALWAYS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4443,7 +4377,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USECLIENTDRIVER"
+HREF="#USECLIENTDRIVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4455,7 +4389,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USER"
+HREF="#USER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4467,7 +4401,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USERNAME"
+HREF="#USERNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4479,7 +4413,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#USERS"
+HREF="#USERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4491,7 +4425,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#VALIDUSERS"
+HREF="#VALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4503,7 +4437,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#VETOFILES"
+HREF="#VETOFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4515,7 +4449,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#VETOOPLOCKFILES"
+HREF="#VETOOPLOCKFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4527,19 +4461,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#VFSPATH"
-><TT
-CLASS="PARAMETER"
-><I
->vfs path</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><A
-HREF="index.html#VFSOBJECT"
+HREF="#VFSOBJECT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4551,7 +4473,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#VFSOPTIONS"
+HREF="#VFSOPTIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4563,7 +4485,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#VOLUME"
+HREF="#VOLUME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4575,7 +4497,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WIDELINKS"
+HREF="#WIDELINKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4587,7 +4509,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WRITABLE"
+HREF="#WRITABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4599,7 +4521,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WRITECACHESIZE"
+HREF="#WRITECACHESIZE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4611,7 +4533,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WRITELIST"
+HREF="#WRITELIST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4623,7 +4545,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WRITEOK"
+HREF="#WRITEOK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4635,7 +4557,7 @@ CLASS="PARAMETER"
 ><LI
 ><P
 ><A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4649,7 +4571,7 @@ CLASS="PARAMETER"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN1507"
+NAME="AEN1492"
 ></A
 ><H2
 >EXPLANATION OF EACH PARAMETER</H2
@@ -4660,57 +4582,9 @@ CLASS="VARIABLELIST"
 ><DL
 ><DT
 ><A
-NAME="ABORTSHUTDOWNSCRIPT"
-></A
->abort shutdown script (G)</DT
-><DD
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->This parameter only exists in the HEAD cvs branch</I
-></SPAN
->
-		This a full path name to a script called by
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
->  that
-		should stop a shutdown procedure issued by the <A
-HREF="index.html#SHUTDOWNSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->shutdown script</I
-></TT
-></A
->.</P
-><P
->This command will be run as user.</P
-><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->None</I
-></SPAN
->.</P
-><P
->Example: <B
-CLASS="COMMAND"
->abort shutdown script = /sbin/shutdown -c</B
-></P
-></DD
-><DT
-><A
 NAME="ADDPRINTERCOMMAND"
 ></A
->addprinter command (G)</DT
+>add printer command (G)</DT
 ><DD
 ><P
 >With the introduction of MS-RPC based printing
@@ -4747,7 +4621,7 @@ CLASS="COMMAND"
 >The <TT
 CLASS="PARAMETER"
 ><I
->addprinter command</I
+>add printer command</I
 ></TT
 > is
 		automatically invoked with the following parameter (in 
@@ -4821,7 +4695,7 @@ CLASS="PARAMETER"
 >Once the <TT
 CLASS="PARAMETER"
 ><I
->addprinter command</I
+>add printer command</I
 ></TT
 > has 
 		been executed, <B
@@ -4838,15 +4712,15 @@ CLASS="COMMAND"
 > will return an ACCESS_DENIED error to the client.</P
 ><P
 >See also <A
-HREF="index.html#DELETEPRINTERCOMMAND"
+HREF="#DELETEPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->		deleteprinter command</I
+>		delete printer command</I
 ></TT
 ></A
 >, <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4855,7 +4729,7 @@ CLASS="PARAMETER"
 ></A
 >,
 		<A
-HREF="index.html#SHOWADDPRINTERWIZARD"
+HREF="#SHOWADDPRINTERWIZARD"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4865,12 +4739,8 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -4977,11 +4847,11 @@ CLASS="PARAMETER"
 ><P
 >		This parameter is only used for add file shares.  To add printer shares, 
 		see the <A
-HREF="index.html#ADDPRINTERCOMMAND"
+HREF="#ADDPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->addprinter 
+>add printer 
 		command</I
 ></TT
 ></A
@@ -4989,7 +4859,7 @@ CLASS="PARAMETER"
 		</P
 ><P
 >		See also <A
-HREF="index.html#CHANGESHARECOMMAND"
+HREF="#CHANGESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -4998,7 +4868,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DELETESHARECOMMAND"
+HREF="#DELETESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -5009,12 +4879,8 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -5024,71 +4890,14 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="ADDMACHINESCRIPT"
-></A
->add machine script (G)</DT
-><DD
-><P
->This is the full pathname to a script that will 
-		be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
->  when a machine is added
-                to it's domain using the administrator username and password method. </P
-><P
->This option is only required when using sam back-ends tied to the
-                Unix uid method of RID calculation such as smbpasswd.  This option is only
-                available in Samba 3.0.</P
-><P
->Default: <B
-CLASS="COMMAND"
->add machine script = &lt;empty string&gt;
-		</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-                </B
-></P
-></DD
-><DT
-><A
-NAME="ADSSERVER"
-></A
->ads server (G)</DT
-><DD
-><P
->If this option is specified, samba does 
-		not try to figure out what ads server to use itself, but 
-		uses the specified ads server. Either one DNS name or IP 
-		address can be used.</P
-><P
->Default: <B
-CLASS="COMMAND"
->ads server = </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->ads server = 192.168.1.2</B
-></P
-></DD
-><DT
-><A
 NAME="ADDUSERSCRIPT"
 ></A
 >add user script (G)</DT
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
+		be run <EM
+>AS ROOT</EM
 > by <A
 HREF="smbd.8.html"
 TARGET="_top"
@@ -5105,12 +4914,8 @@ HREF="smbd.8.html"
 TARGET="_top"
 >smbd</A
 > to create the required UNIX users 
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->ON DEMAND</I
-></SPAN
+		<EM
+>ON DEMAND</EM
 > when a user accesses the Samba server.</P
 ><P
 >In order to use this option, <A
@@ -5118,12 +4923,8 @@ HREF="smbd.8.html"
 TARGET="_top"
 >smbd</A
 > 
-		must <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
+		must <EM
+>NOT</EM
 > be set to <TT
 CLASS="PARAMETER"
 ><I
@@ -5172,12 +4973,8 @@ CLASS="PARAMETER"
 CLASS="COMMAND"
 >smbd</B
 > will
-		call the specified script <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
+		call the specified script <EM
+>AS ROOT</EM
 >, expanding 
 		any <TT
 CLASS="PARAMETER"
@@ -5195,7 +4992,7 @@ CLASS="COMMAND"
 		match existing Windows NT accounts.</P
 ><P
 >See also <A
-HREF="index.html#SECURITY"
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -5203,7 +5000,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#PASSWORDSERVER"
+HREF="#PASSWORDSERVER"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -5212,7 +5009,7 @@ CLASS="PARAMETER"
 ></A
 >, 
 		<A
-HREF="index.html#DELETEUSERSCRIPT"
+HREF="#DELETEUSERSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -5224,7 +5021,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->add user script = &lt;empty string&gt;
+>add user script = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -5236,32 +5033,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="ADDGROUPSCRIPT"
-></A
->add group script (G)</DT
-><DD
-><P
->This is the full pathname to a script that will 
-		be run <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> when a new group is requested. It will expand any <TT
-CLASS="PARAMETER"
-><I
->%g</I
-></TT
-> to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
-		</P
-></DD
-><DT
-><A
 NAME="ADMINUSERS"
 ></A
 >admin users (S)</DT
@@ -5275,12 +5046,8 @@ NAME="ADMINUSERS"
 		this list will be able to do anything they like on the share, 
 		irrespective of file permissions.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no admin users</I
-></SPAN
+>Default: <EM
+>no admin users</EM
 ></P
 ><P
 >Example: <B
@@ -5290,58 +5057,13 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="ADDUSERTOGROUPSCRIPT"
-></A
->add user to group script (G)</DT
-><DD
-><P
->Full path to the script that will be called when 
-		a user is added to a group using the Windows NT domain administration 
-		tools. It will be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> 
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
->. Any <TT
-CLASS="PARAMETER"
-><I
->%g</I
-></TT
-> will be 
-		replaced with the group name and any <TT
-CLASS="PARAMETER"
-><I
->%u</I
-></TT
-> will 
-		be replaced with the user name.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->add user to group script = </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->add user to group script = /usr/sbin/adduser %u %g</B
-></P
-></DD
-><DT
-><A
 NAME="ALLOWHOSTS"
 ></A
 >allow hosts (S)</DT
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#HOSTSALLOW"
+HREF="#HOSTSALLOW"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -5352,45 +5074,13 @@ CLASS="PARAMETER"
 ></DD
 ><DT
 ><A
-NAME="ALGORITHMICRIDBASE"
-></A
->algorithmic rid base (G)</DT
-><DD
-><P
->This determines how Samba will use its
-                algorithmic mapping from uids/gid to the RIDs needed to construct
-                NT Security Identifiers.</P
-><P
->Setting this option to a larger value could be useful to sites
-                transitioning from WinNT and Win2k, as existing user and 
-                group rids would otherwise clash with sytem users etc. 
-                </P
-><P
->All UIDs and GIDs must be able to be resolved into SIDs for  
-                the correct operation of ACLs on the server.  As such the algorithmic
-                mapping can't be 'turned off', but pushing it 'out of the way' should
-                resolve the issues.  Users and groups can then be assigned 'low' RIDs
-                in arbitary-rid supporting backends. </P
-><P
->Default: <B
-CLASS="COMMAND"
->algorithmic rid base = 1000</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->algorithmic rid base = 100000</B
-></P
-></DD
-><DT
-><A
 NAME="ALLOWTRUSTEDDOMAINS"
 ></A
 >allow trusted domains (G)</DT
 ><DD
 ><P
 >This option only takes effect when the <A
-HREF="index.html#SECURITY"
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -5473,7 +5163,7 @@ NAME="ANNOUNCEVERSION"
 ><P
 >This specifies the major and minor version numbers 
 		that nmbd will use when announcing itself as a server. The default 
-		is 4.2.  Do not change this parameter unless you have a specific 
+		is 4.5.  Do not change this parameter unless you have a specific 
 		need to set a Samba server to be a downlevel server.</P
 ><P
 >Default: <B
@@ -5494,7 +5184,7 @@ NAME="AUTOSERVICES"
 ><DD
 ><P
 >This is a synonym for the <A
-HREF="index.html#PRELOAD"
+HREF="#PRELOAD"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -5505,43 +5195,6 @@ CLASS="PARAMETER"
 ></DD
 ><DT
 ><A
-NAME="AUTHMETHODS"
-></A
->auth methods (G)</DT
-><DD
-><P
->This option allows the administrator to chose what
-                authentication methods <B
-CLASS="COMMAND"
->smbd</B
-> will use when authenticating
-                a user.  This option defaults to sensible values based on <A
-HREF="index.html#SECURITY"
-><TT
-CLASS="PARAMETER"
-><I
->		security</I
-></TT
-></A
->.
-
-                Each entry in the list attempts to authenticate the user in turn, until
-                the user authenticates.  In practice only one method will ever actually 
-                be able to complete the authentication.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->auth methods = &lt;empty string&gt;</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->auth methods = guest sam ntdomain</B
-></P
-></DD
-><DT
-><A
 NAME="AVAILABLE"
 ></A
 >available (S)</DT
@@ -5553,12 +5206,8 @@ CLASS="PARAMETER"
 ><I
 >available = no</I
 ></TT
->, then <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->ALL</I
-></SPAN
+>, then <EM
+>ALL</EM
 > 
 		attempts to connect to the service will fail. Such failures are 
 		logged.</P
@@ -5594,7 +5243,7 @@ CLASS="COMMAND"
 >nmbd</B
 > to bind 
 		to ports 137 and 138 on the interfaces listed in the <A
-HREF="index.html#INTERFACES"
+HREF="#INTERFACES"
 >interfaces</A
 > parameter. <B
 CLASS="COMMAND"
@@ -5648,7 +5297,7 @@ TARGET="_top"
 >smbd(8)</A
 >
 		to bind only to the interface list given in the <A
-HREF="index.html#INTERFACES"
+HREF="#INTERFACES"
 >		interfaces</A
 > parameter. This restricts the networks that 
 		<B
@@ -5665,12 +5314,8 @@ CLASS="PARAMETER"
 >bind interfaces only</I
 ></TT
 > is set then 
-		unless the network address <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->127.0.0.1</I
-></SPAN
+		unless the network address <EM
+>127.0.0.1</EM
 > is added 
 		to the <TT
 CLASS="PARAMETER"
@@ -5699,12 +5344,8 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >smbpasswd</B
 >
-		by default connects to the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->localhost - 127.0.0.1</I
-></SPAN
+		by default connects to the <EM
+>localhost - 127.0.0.1</EM
 > 
 		address as an SMB client to issue the password change request. If 
 		<TT
@@ -5713,12 +5354,8 @@ CLASS="PARAMETER"
 >bind interfaces only</I
 ></TT
 > is set then unless the 
-		network address <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->127.0.0.1</I
-></SPAN
+		network address <EM
+>127.0.0.1</EM
 > is added to the
 		<TT
 CLASS="PARAMETER"
@@ -5767,19 +5404,11 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >nmbd</B
 > at the address 
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->127.0.0.1</I
-></SPAN
+		<EM
+>127.0.0.1</EM
 > to determine if they are running.  
-		Not adding <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->127.0.0.1</I
-></SPAN
+		Not adding <EM
+>127.0.0.1</EM
 >  will cause <B
 CLASS="COMMAND"
 >		smbd</B
@@ -5806,6 +5435,41 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="BLOCKSIZE"
+></A
+>block size (S)</DT
+><DD
+><P
+>This parameter controls the behavior of <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> when reporting disk free sizes.
+		By default, this reports a disk block size of 1024 bytes.</P
+><P
+>Changing this parameter may have some effect on the
+		efficiency of client writes, this is not yet confirmed. This
+		parameter was added to allow advanced administrators to change
+		it (usually to a higher value) and test the effect it has on
+		client write performance without re-compiling the code. As this
+		is an experimental option it may be removed in a future release.
+		</P
+><P
+>Changing this option does not change the disk free reporting
+		size, just the block size unit reported to the client.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>block size = 1024</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>block size = 65536</B
+></P
+></DD
+><DT
+><A
 NAME="BLOCKINGLOCKS"
 ></A
 >blocking locks (S)</DT
@@ -5839,50 +5503,13 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="BLOCKSIZE"
-></A
->block size (S)</DT
-><DD
-><P
->This parameter controls the behavior of 
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> when reporting disk free 
-		sizes. By default, this reports a disk block size of 1024 bytes.
-		</P
-><P
->Changing this parameter may have some effect on the
-		efficiency of client writes, this is not yet confirmed. This
-		parameter was added to allow advanced administrators to change
-		it (usually to a higher value) and test the effect it has on
-		client write performance without re-compiling the code. As this
-		is an experimental option it may be removed in a future release.
-		</P
-><P
->Changing this option does not change the disk free reporting
-		size, just the block size unit reported to the client.</P
-><P
->Default: <B
-CLASS="COMMAND"
->block size = 1024</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->block size = 65536</B
-></P
-></DD
-><DT
-><A
 NAME="BROWSABLE"
 ></A
 >browsable (S)</DT
 ><DD
 ><P
 >See the <A
-HREF="index.html#BROWSEABLE"
+HREF="#BROWSEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -5944,7 +5571,7 @@ NAME="CASESENSITIVE"
 ><DD
 ><P
 >See the discussion in the section <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >NAME MANGLING</A
 >.</P
 ><P
@@ -5961,7 +5588,7 @@ NAME="CASESIGNAMES"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#CASESENSITIVE"
+HREF="#CASESENSITIVE"
 >case 
 		sensitive</A
 >.</P
@@ -6105,7 +5732,7 @@ CLASS="PARAMETER"
 		</P
 ><P
 >		See also <A
-HREF="index.html#ADDSHARECOMMAND"
+HREF="#ADDSHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6114,7 +5741,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DELETESHARECOMMAND"
+HREF="#DELETESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6125,12 +5752,8 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -6140,6 +5763,504 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="CHARACTERSET"
+></A
+>character set (G)</DT
+><DD
+><P
+>This allows <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd</A
+> to map incoming filenames 
+		from a DOS Code page (see the <A
+HREF="#CLIENTCODEPAGE"
+>client 
+		code page</A
+> parameter) to several built in UNIX character sets. 
+		The built in code page translations are:</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-1</TT
+> : Western European 
+			UNIX character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+>
+			<EM
+>MUST</EM
+> be set to code page 850 if the 
+			<TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+> parameter is set to
+			<TT
+CLASS="CONSTANT"
+>ISO8859-1</TT
+> in order for the conversion to the 
+			UNIX character set to be done correctly.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-2</TT
+> : Eastern European 
+			UNIX character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page
+			</I
+></TT
+> <EM
+>MUST</EM
+> be set to code page 852 if 
+			the <TT
+CLASS="PARAMETER"
+><I
+> character set</I
+></TT
+> parameter is set 
+			to <TT
+CLASS="CONSTANT"
+>ISO8859-2</TT
+> in order for the conversion 
+			to the UNIX character set to be done correctly. </P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-5</TT
+> : Russian Cyrillic 
+			UNIX character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page
+			</I
+></TT
+> <EM
+>MUST</EM
+> be set to code page 
+			866 if the <TT
+CLASS="PARAMETER"
+><I
+>character set </I
+></TT
+> parameter is 
+			set to <TT
+CLASS="CONSTANT"
+>ISO8859-5</TT
+> in order for the conversion 
+			to the UNIX character set to be done correctly. </P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>ISO8859-7</TT
+> : Greek UNIX 
+			character set. The parameter <TT
+CLASS="PARAMETER"
+><I
+>client code page
+			</I
+></TT
+> <EM
+>MUST</EM
+> be set to code page 
+			737 if the <TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+> parameter is 
+			set to <TT
+CLASS="CONSTANT"
+>ISO8859-7</TT
+> in order for the conversion 
+			to the UNIX character set to be done correctly.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>KOI8-R</TT
+> : Alternate mapping 
+			for Russian Cyrillic UNIX character set. The parameter 
+			<TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> <EM
+>MUST</EM
+> 
+			be set to code page 866 if the <TT
+CLASS="PARAMETER"
+><I
+>character set</I
+></TT
+> 
+			parameter is set to <TT
+CLASS="CONSTANT"
+>KOI8-R</TT
+> in order for the 
+			conversion to the UNIX character set to be done correctly.</P
+></LI
+></UL
+><P
+><EM
+>BUG</EM
+>. These MSDOS code page to UNIX character 
+		set mappings should be dynamic, like the loading of MS DOS code pages, 
+		not static.</P
+><P
+>Normally this parameter is not set, meaning no filename 
+		translation is done.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>character set = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>character set = ISO8859-1</B
+></P
+></DD
+><DT
+><A
+NAME="CLIENTCODEPAGE"
+></A
+>client code page (G)</DT
+><DD
+><P
+>This parameter specifies the DOS code page 
+		that the clients accessing Samba are using. To determine what code 
+		page a Windows or DOS client is using, open a DOS command prompt 
+		and type the command <B
+CLASS="COMMAND"
+>chcp</B
+>. This will output 
+		the code page. The default for USA MS-DOS, Windows 95, and
+		Windows NT releases is code page 437. The default for western 
+		European releases of the above operating systems is code page 850.</P
+><P
+>This parameter tells <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> 
+		which of the <TT
+CLASS="FILENAME"
+>codepage.<TT
+CLASS="REPLACEABLE"
+><I
+>XXX</I
+></TT
+>
+		</TT
+> files to dynamically load on startup. These files,
+		described more fully in the manual page <A
+HREF="make_smbcodepage.1.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>make_smbcodepage(1)</B
+></A
+>, tell <B
+CLASS="COMMAND"
+>		smbd</B
+> how to map lower to upper case characters to provide 
+		the case insensitivity of filenames that Windows clients expect.</P
+><P
+>Samba currently ships with the following code page files :</P
+><P
+></P
+><UL
+><LI
+><P
+>Code Page 437 - MS-DOS Latin US</P
+></LI
+><LI
+><P
+>Code Page 737 - Windows '95 Greek</P
+></LI
+><LI
+><P
+>Code Page 850 - MS-DOS Latin 1</P
+></LI
+><LI
+><P
+>Code Page 852 - MS-DOS Latin 2</P
+></LI
+><LI
+><P
+>Code Page 861 - MS-DOS Icelandic</P
+></LI
+><LI
+><P
+>Code Page 866 - MS-DOS Cyrillic</P
+></LI
+><LI
+><P
+>Code Page 932 - MS-DOS Japanese SJIS</P
+></LI
+><LI
+><P
+>Code Page 936 - MS-DOS Simplified Chinese</P
+></LI
+><LI
+><P
+>Code Page 949 - MS-DOS Korean Hangul</P
+></LI
+><LI
+><P
+>Code Page 950 - MS-DOS Traditional Chinese</P
+></LI
+></UL
+><P
+>Thus this parameter may have any of the values 437, 737, 850, 852,
+		861, 932, 936, 949, or 950.  If you don't find the codepage you need,
+		read the comments in one of the other codepage files and the
+		<B
+CLASS="COMMAND"
+>make_smbcodepage(1)</B
+> man page and write one. Please 
+		remember to donate it back to the Samba user community.</P
+><P
+>This parameter co-operates with the <TT
+CLASS="PARAMETER"
+><I
+>valid
+		chars</I
+></TT
+> parameter in determining what characters are
+		valid in filenames and how capitalization is done. If you set both
+		this parameter and the <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> parameter
+		the <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> parameter 
+		<EM
+>MUST</EM
+> be set before the <TT
+CLASS="PARAMETER"
+><I
+>valid 
+		chars</I
+></TT
+> parameter in the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+>
+		file. The <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> string will then 
+		augment the character settings in the <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> 
+		parameter.</P
+><P
+>If not set, <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> defaults 
+		to 850.</P
+><P
+>See also : <A
+HREF="#VALIDCHARS"
+><TT
+CLASS="PARAMETER"
+><I
+>valid 
+		chars</I
+></TT
+></A
+>, <A
+HREF="#CODEPAGEDIRECTORY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>code page directory</I
+></TT
+></A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>client code page = 850</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>client code page = 936</B
+></P
+></DD
+><DT
+><A
+NAME="CODEPAGEDIRECTORY"
+></A
+>code page directory (G)</DT
+><DD
+><P
+>Define the location of the various client code page
+		files.</P
+><P
+>See also <A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
+><I
+>client
+		code page</I
+></TT
+></A
+></P
+><P
+>Default: <B
+CLASS="COMMAND"
+>code page directory = ${prefix}/lib/codepages
+		</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>code page directory = /usr/share/samba/codepages
+		</B
+></P
+></DD
+><DT
+><A
+NAME="CODINGSYSTEM"
+></A
+>coding system (G)</DT
+><DD
+><P
+>This parameter is used to determine how incoming 
+		Shift-JIS Japanese characters are mapped from the incoming <A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+>
+		</A
+> used by the client, into file names in the UNIX filesystem. 
+		Only useful if <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> is set to 
+		932 (Japanese Shift-JIS).  The options are :</P
+><P
+></P
+><UL
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>SJIS</TT
+>  - Shift-JIS. Does no 
+			conversion of the incoming filename.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>JIS8, J8BB, J8BH, J8@B, 
+			J8@J, J8@H </TT
+> - Convert from incoming Shift-JIS to eight 
+			bit JIS code with different shift-in, shift out codes.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>JIS7, J7BB, J7BH, J7@B, J7@J, 
+			J7@H </TT
+> - Convert from incoming Shift-JIS to seven bit 
+			JIS code with different shift-in, shift out codes.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>JUNET, JUBB, JUBH, JU@B, JU@J, JU@H </TT
+> 
+			- Convert from incoming Shift-JIS to JUNET code with different shift-in, 
+			shift out codes.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>EUC</TT
+> - Convert an incoming 
+			Shift-JIS character to EUC code.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>HEX</TT
+> - Convert an incoming 
+			Shift-JIS character to a 3 byte hex representation, i.e. 
+			<TT
+CLASS="CONSTANT"
+>:AB</TT
+>.</P
+></LI
+><LI
+><P
+><TT
+CLASS="CONSTANT"
+>CAP</TT
+> - Convert an incoming 
+			Shift-JIS character to the 3 byte hex representation used by 
+			the Columbia AppleTalk Program (CAP), i.e. <TT
+CLASS="CONSTANT"
+>:AB</TT
+>.  
+			This is used for compatibility between Samba and CAP.</P
+></LI
+></UL
+><P
+>Default: <B
+CLASS="COMMAND"
+>coding system = &#60;empty value&#62;</B
+>
+		</P
+></DD
+><DT
+><A
 NAME="COMMENT"
 ></A
 >comment (S)</DT
@@ -6155,7 +6276,7 @@ CLASS="COMMAND"
 ><P
 >If you want to set the string that is displayed next to the 
 		machine name then see the <A
-HREF="index.html#SERVERSTRING"
+HREF="#SERVERSTRING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6164,12 +6285,8 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->No comment string</I
-></SPAN
+>Default: <EM
+>No comment string</EM
 ></P
 ><P
 >Example: <B
@@ -6226,12 +6343,8 @@ NAME="COPY"
 		copied must occur earlier in the configuration file than the 
 		service doing the copying.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no value</I
-></SPAN
+>Default: <EM
+>no value</EM
 ></P
 ><P
 >Example: <B
@@ -6248,7 +6361,7 @@ NAME="CREATEMASK"
 ><P
 >A synonym for this parameter is 
 		<A
-HREF="index.html#CREATEMODE"
+HREF="#CREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6262,12 +6375,8 @@ CLASS="PARAMETER"
 		calculated according to the mapping from DOS modes to UNIX 
 		permissions, and the resulting UNIX mode is then bit-wise 'AND'ed 
 		with this parameter. This parameter may be thought of as a bit-wise 
-		MASK for the UNIX modes of a file. Any bit <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		MASK for the UNIX modes of a file. Any bit <EM
+>not</EM
 > 
 		set here will be removed from the modes set on a file when it is 
 		created.</P
@@ -6277,7 +6386,7 @@ CLASS="EMPHASIS"
 ><P
 >Following this Samba will bit-wise 'OR' the UNIX mode created 
 		from this parameter with the value of the <A
-HREF="index.html#FORCECREATEMODE"
+HREF="#FORCECREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6289,7 +6398,7 @@ CLASS="PARAMETER"
 ><P
 >This parameter does not affect directory modes. See the 
 		parameter <A
-HREF="index.html#DIRECTORYMODE"
+HREF="#DIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6300,7 +6409,7 @@ CLASS="PARAMETER"
 > for details.</P
 ><P
 >See also the <A
-HREF="index.html#FORCECREATEMODE"
+HREF="#FORCECREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6310,7 +6419,7 @@ CLASS="PARAMETER"
 ></A
 > parameter for forcing particular mode 
 		bits to be set on created files. See also the <A
-HREF="index.html#DIRECTORYMODE"
+HREF="#DIRECTORYMODE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -6319,7 +6428,7 @@ CLASS="PARAMETER"
 ></A
 > parameter for masking 
 		mode bits on created directories.  See also the <A
-HREF="index.html#INHERITPERMISSIONS"
+HREF="#INHERITPERMISSIONS"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -6331,7 +6440,7 @@ CLASS="PARAMETER"
 >Note that this parameter does not apply to permissions
 		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
 		a mask on access control lists also, they need to set the <A
-HREF="index.html#SECURITYMASK"
+HREF="#SECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6358,7 +6467,7 @@ NAME="CREATEMODE"
 ><DD
 ><P
 >This is a synonym for <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6374,13 +6483,9 @@ NAME="CSCPOLICY"
 >csc policy (S)</DT
 ><DD
 ><P
->This stands for <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>This stands for <EM
 >client-side caching 
-		policy</I
-></SPAN
+		policy</EM
 >, and specifies how clients capable of offline
 		caching will cache the files in the share. The valid values
 		are: manual, documents, programs, disable.</P
@@ -6453,7 +6558,7 @@ NAME="DEBUGHIRESTIMESTAMP"
 		message header when turned on.</P
 ><P
 >Note that the parameter <A
-HREF="index.html#DEBUGTIMESTAMP"
+HREF="#DEBUGTIMESTAMP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6485,7 +6590,7 @@ TARGET="_top"
 		to the timestamp message headers in the logfile when turned on.</P
 ><P
 >Note that the parameter <A
-HREF="index.html#DEBUGTIMESTAMP"
+HREF="#DEBUGTIMESTAMP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6509,7 +6614,7 @@ NAME="DEBUGTIMESTAMP"
 ><P
 >Samba 2.2 debug log messages are timestamped 
 		by default. If you are running at a high <A
-HREF="index.html#DEBUGLEVEL"
+HREF="#DEBUGLEVEL"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -6538,7 +6643,7 @@ NAME="DEBUGUID"
 		in the log file if turned on.</P
 ><P
 >Note that the parameter <A
-HREF="index.html#DEBUGTIMESTAMP"
+HREF="#DEBUGTIMESTAMP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6561,7 +6666,7 @@ NAME="DEBUGLEVEL"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#LOGLEVEL"
+HREF="#LOGLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6578,7 +6683,7 @@ NAME="DEFAULT"
 ><DD
 ><P
 >A synonym for <A
-HREF="index.html#DEFAULTSERVICE"
+HREF="#DEFAULTSERVICE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6595,10 +6700,10 @@ NAME="DEFAULTCASE"
 ><DD
 ><P
 >See the section on <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >		NAME MANGLING</A
 >. Also note the <A
-HREF="index.html#SHORTPRESERVECASE"
+HREF="#SHORTPRESERVECASE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -6620,7 +6725,7 @@ NAME="DEFAULTDEVMODE"
 ><DD
 ><P
 >This parameter is only applicable to <A
-HREF="index.html#PRINTOK"
+HREF="#PRINTOK"
 >printable</A
 > services.  When smbd is serving
 		Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
@@ -6672,12 +6777,8 @@ NAME="DEFAULTSERVICE"
 ><P
 >This parameter specifies the name of a service
 		which will be connected to if the service actually requested cannot
-		be found. Note that the square brackets are <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
+		be found. Note that the square brackets are <EM
+>NOT</EM
 >
 		given in the parameter value (see example below).</P
 ><P
@@ -6686,7 +6787,7 @@ CLASS="EMPHASIS"
 		service results in an error.</P
 ><P
 >Typically the default service would be a <A
-HREF="index.html#GUESTOK"
+HREF="#GUESTOK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -6694,7 +6795,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#READONLY"
+HREF="#READONLY"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -6719,6 +6820,12 @@ CLASS="PARAMETER"
 ><P
 >Example:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >[global]
@@ -6727,39 +6834,16 @@ CLASS="PROGRAMLISTING"
 [pub]
 	path = /%S
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ></DD
 ><DT
 ><A
-NAME="DELETEGROUPSCRIPT"
-></A
->delete group script (G)</DT
-><DD
-><P
->This is the full pathname to a script that will 
-		be run <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
-> by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> when a group is requested to be deleted. It will expand any <TT
-CLASS="PARAMETER"
-><I
->%g</I
-></TT
-> to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
-		</P
-></DD
-><DT
-><A
 NAME="DELETEPRINTERCOMMAND"
 ></A
->deleteprinter command (G)</DT
+>delete printer command (G)</DT
 ><DD
 ><P
 >With the introduction of MS-RPC based printer
@@ -6784,7 +6868,7 @@ CLASS="FILENAME"
 >The <TT
 CLASS="PARAMETER"
 ><I
->deleteprinter command</I
+>delete printer command</I
 ></TT
 > is 
 		automatically called with only one parameter: <TT
@@ -6797,7 +6881,7 @@ CLASS="PARAMETER"
 >Once the <TT
 CLASS="PARAMETER"
 ><I
->deleteprinter command</I
+>delete printer command</I
 ></TT
 > has 
 		been executed, <B
@@ -6814,15 +6898,15 @@ CLASS="COMMAND"
 > will return an ACCESS_DENIED error to the client.</P
 ><P
 >See also <A
-HREF="index.html#ADDPRINTERCOMMAND"
+HREF="#ADDPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->		addprinter command</I
+>		add printer command</I
 ></TT
 ></A
 >, <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6831,7 +6915,7 @@ CLASS="PARAMETER"
 ></A
 >,
 		<A
-HREF="index.html#SHOWADDPRINTERWIZARD"
+HREF="#SHOWADDPRINTERWIZARD"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6841,12 +6925,8 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -6950,11 +7030,11 @@ CLASS="PARAMETER"
 ><P
 >		This parameter is only used to remove file shares.  To delete printer shares, 
 		see the <A
-HREF="index.html#DELETEPRINTERCOMMAND"
+HREF="#DELETEPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
->deleteprinter 
+>delete printer 
 		command</I
 ></TT
 ></A
@@ -6962,7 +7042,7 @@ CLASS="PARAMETER"
 		</P
 ><P
 >		See also <A
-HREF="index.html#ADDSHARECOMMAND"
+HREF="#ADDSHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6971,7 +7051,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#CHANGESHARECOMMAND"
+HREF="#CHANGESHARECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -6982,12 +7062,8 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -7003,83 +7079,142 @@ NAME="DELETEUSERSCRIPT"
 ><DD
 ><P
 >This is the full pathname to a script that will 
-		be run by <A
+		be run <EM
+>AS ROOT</EM
+> by <A
 HREF="smbd.8.html"
 TARGET="_top"
-><B
+>		<B
 CLASS="COMMAND"
 >smbd(8)</B
 ></A
->
-                when managing user's with remote RPC (NT) tools.
-		</P
+> under special circumstances 
+		described below.</P
 ><P
->This script is called when a remote client removes a user
-                from the server, normally using 'User Manager for Domains' or
-                <B
+>Normally, a Samba server requires that UNIX users are 
+		created for all users accessing files on this server. For sites 
+		that use Windows NT account databases as their primary user database 
+		creating these users and keeping the user list in sync with the 
+		Windows NT PDC is an onerous task. This option allows <B
 CLASS="COMMAND"
->rpcclient</B
->.
-		</P
-><P
->This script should delete the given UNIX username. 
-		</P
+>		smbd</B
+> to delete the required UNIX users <EM
+>ON 
+		DEMAND</EM
+> when a user accesses the Samba server and the 
+		Windows NT user no longer exists.</P
 ><P
->Default: <B
+>In order to use this option, <B
 CLASS="COMMAND"
->delete user script = &lt;empty string&gt;
-		</B
-></P
+>smbd</B
+> must be 
+		set to <TT
+CLASS="PARAMETER"
+><I
+>security = domain</I
+></TT
+> or <TT
+CLASS="PARAMETER"
+><I
+>security =
+		user</I
+></TT
+> and <TT
+CLASS="PARAMETER"
+><I
+>delete user script</I
+></TT
+> 
+		must be set to a full pathname for a script 
+		that will delete a UNIX user given one argument of <TT
+CLASS="PARAMETER"
+><I
+>%u</I
+></TT
+>, 
+		which expands into the UNIX user name to delete.</P
 ><P
->Example: <B
+>When the Windows user attempts to access the Samba server, 
+		at <EM
+>login</EM
+> (session setup in the SMB protocol) 
+		time, <B
 CLASS="COMMAND"
->delete user script = /usr/local/samba/bin/del_user 
-		%u</B
-></P
-></DD
-><DT
-><A
-NAME="DELETEUSERFROMGROUPSCRIPT"
-></A
->delete user from group script (G)</DT
-><DD
-><P
->Full path to the script that will be called when 
-		a user is removed from a group using the Windows NT domain administration 
-		tools. It will be run by <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd(8)</A
-> 
-		<SPAN
-CLASS="emphasis"
+>smbd</B
+> contacts the <A
+HREF="#PASSWORDSERVER"
+>		<TT
+CLASS="PARAMETER"
 ><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
->. Any <TT
+>password server</I
+></TT
+></A
+> and attempts to authenticate 
+		the given user with the given password. If the authentication fails 
+		with the specific Domain error code meaning that the user no longer 
+		exists then <B
+CLASS="COMMAND"
+>smbd</B
+> attempts to find a UNIX user in 
+		the UNIX password database that matches the Windows user account. If 
+		this lookup succeeds, and <TT
 CLASS="PARAMETER"
 ><I
->%g</I
+>delete user script</I
 ></TT
-> will be 
-		replaced with the group name and any <TT
+> is 
+		set then <B
+CLASS="COMMAND"
+>smbd</B
+> will all the specified script 
+		<EM
+>AS ROOT</EM
+>, expanding any <TT
 CLASS="PARAMETER"
 ><I
 >%u</I
 ></TT
-> will 
-		be replaced with the user name.
-		</P
+> 
+		argument to be the user name to delete.</P
+><P
+>This script should delete the given UNIX username. In this way, 
+		UNIX users are dynamically deleted to match existing Windows NT 
+		accounts.</P
+><P
+>See also <A
+HREF="#SECURITYEQUALSDOMAIN"
+>security = domain</A
+>,
+		<A
+HREF="#PASSWORDSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>password server</I
+></TT
+>
+		</A
+>, <A
+HREF="#ADDUSERSCRIPT"
+><TT
+CLASS="PARAMETER"
+><I
+>add user script</I
+></TT
+>
+		</A
+>.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
->delete user from group script = </B
+>delete user script = &#60;empty string&#62;
+		</B
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->delete user from group script = /usr/sbin/deluser %u %g</B
+>delete user script = /usr/local/samba/bin/del_user 
+		%u</B
 ></P
 ></DD
 ><DT
@@ -7092,7 +7227,7 @@ NAME="DELETEVETOFILES"
 >This option is used when Samba is attempting to 
 		delete a directory that contains one or more vetoed directories 
 		(see the <A
-HREF="index.html#VETOFILES"
+HREF="#VETOFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7128,7 +7263,7 @@ CLASS="COMMAND"
 		is deleted (so long as the user has permissions to do so).</P
 ><P
 >See also the <A
-HREF="index.html#VETOFILES"
+HREF="#VETOFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7151,7 +7286,7 @@ NAME="DENYHOSTS"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#HOSTSDENY"
+HREF="#HOSTSDENY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7196,23 +7331,15 @@ CLASS="FILENAME"
 		third return value can give the block size in bytes. The default 
 		blocksize is 1024 bytes.</P
 ><P
->Note: Your script should <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
+>Note: Your script should <EM
+>NOT</EM
 > be setuid or 
 		setgid and should be owned by (and writeable only by) root!</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >By default internal routines for 
 		determining the disk capacity and remaining space will be used.
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >Example: <B
@@ -7223,22 +7350,40 @@ CLASS="COMMAND"
 ><P
 >Where the script dfree (which must be made executable) could be:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
 		#!/bin/sh
 		df $1 | tail -1 | awk '{print $2" "$4}'
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >or perhaps (on Sys V based systems):</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 > 
 		#!/bin/sh
 		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Note that you may have to replace the command names 
@@ -7252,7 +7397,7 @@ NAME="DIRECTORY"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#PATH"
+HREF="#PATH"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7277,12 +7422,8 @@ NAME="DIRECTORYMASK"
 		calculated according to the mapping from DOS modes to UNIX permissions, 
 		and the resulting UNIX mode is then bit-wise 'AND'ed with this 
 		parameter. This parameter may be thought of as a bit-wise MASK for 
-		the UNIX modes of a directory. Any bit <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		the UNIX modes of a directory. Any bit <EM
+>not</EM
 > set 
 		here will be removed from the modes set on a directory when it is 
 		created.</P
@@ -7293,7 +7434,7 @@ CLASS="EMPHASIS"
 ><P
 >Following this Samba will bit-wise 'OR' the UNIX mode 
 		created from this parameter with the value of the <A
-HREF="index.html#FORCEDIRECTORYMODE"
+HREF="#FORCEDIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7307,7 +7448,7 @@ CLASS="PARAMETER"
 >Note that this parameter does not apply to permissions
 		set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
 		a mask on access control lists also, they need to set the <A
-HREF="index.html#DIRECTORYSECURITYMASK"
+HREF="#DIRECTORYSECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7317,7 +7458,7 @@ CLASS="PARAMETER"
 >.</P
 ><P
 >See the <A
-HREF="index.html#FORCEDIRECTORYMODE"
+HREF="#FORCEDIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7329,7 +7470,7 @@ CLASS="PARAMETER"
 		bits to always be set on created directories.</P
 ><P
 >See also the <A
-HREF="index.html#CREATEMODE"
+HREF="#CREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7339,7 +7480,7 @@ CLASS="PARAMETER"
 ></A
 > parameter for masking mode bits on created files, 
 		and the <A
-HREF="index.html#DIRECTORYSECURITYMASK"
+HREF="#DIRECTORYSECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7350,7 +7491,7 @@ CLASS="PARAMETER"
 > parameter.</P
 ><P
 >Also refer to the <A
-HREF="index.html#INHERITPERMISSIONS"
+HREF="#INHERITPERMISSIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7377,7 +7518,7 @@ NAME="DIRECTORYMODE"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#DIRECTORYMASK"
+HREF="#DIRECTORYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7408,12 +7549,8 @@ NAME="DIRECTORYSECURITYMASK"
 		meaning a user is allowed to modify all the user/group/world
 		permissions on a directory.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
@@ -7424,7 +7561,7 @@ CLASS="CONSTANT"
 >.</P
 ><P
 >See also the <A
-HREF="index.html#FORCEDIRECTORYSECURITYMODE"
+HREF="#FORCEDIRECTORYSECURITYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7432,7 +7569,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#SECURITYMASK"
+HREF="#SECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7441,7 +7578,7 @@ CLASS="PARAMETER"
 ></A
 >, 
 		<A
-HREF="index.html#FORCESECURITYMODE"
+HREF="#FORCESECURITYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7463,37 +7600,12 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="DISABLENETBIOS"
-></A
->disable netbios (G)</DT
-><DD
-><P
->Enabling this parameter will disable netbios support
-		in Samba. Netbios is the only available form of browsing in 
-		all windows versions except for 2000 and XP. </P
-><P
->Note that clients that only support netbios won't be able to 
-		see your samba server when netbios support is disabled.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->disable netbios = no</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->disable netbios = yes</B
-></P
-></DD
-><DT
-><A
 NAME="DISABLESPOOLSS"
 ></A
 >disable spoolss (G)</DT
 ><DD
 ><P
->Enabling this parameter will disable Samba's support
+>Enabling this parameter will disables Samba's support
 		for the SPOOLSS set of MS-RPC's and will yield identical behavior
 		as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
 		Lanman style printing commands. Windows 9x/ME will be uneffected by
@@ -7502,17 +7614,13 @@ NAME="DISABLESPOOLSS"
 		Wizard or by using the NT printer properties dialog window.  It will
 		also disable the capability of Windows NT/2000 clients to download
 		print drivers from the Samba host upon demand.
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Be very careful about enabling this parameter.</I
-></SPAN
+		<EM
+>Be very careful about enabling this parameter.</EM
 >
 		</P
 ><P
 >See also <A
-HREF="index.html#USECLIENTDRIVER"
+HREF="#USECLIENTDRIVER"
 >use client driver</A
 >
 		</P
@@ -7524,31 +7632,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="DISPLAYCHARSET"
-></A
->display charset (G)</DT
-><DD
-><P
->Specifies the charset that samba will use 
-		to print messages to stdout and stderr and SWAT will use. 
-		Should generally be the same as the <B
-CLASS="COMMAND"
->unix charset</B
->.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->display charset = ASCII</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->display charset = UTF8</B
-></P
-></DD
-><DT
-><A
 NAME="DNSPROXY"
 ></A
 >dns proxy (G)</DT
@@ -7576,7 +7659,7 @@ CLASS="COMMAND"
 		action.</P
 ><P
 >See also the parameter <A
-HREF="index.html#WINSSUPPORT"
+HREF="#WINSSUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7610,7 +7693,7 @@ CLASS="FILENAME"
 		</P
 ><P
 >See also <A
-HREF="index.html#DOMAINGUESTGROUP"
+HREF="#DOMAINGUESTGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7619,7 +7702,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DOMAINLOGONS"
+HREF="#DOMAINLOGONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7630,12 +7713,8 @@ CLASS="PARAMETER"
 >
 		</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no domain administrators</I
-></SPAN
+>Default: <EM
+>no domain administrators</EM
 ></P
 ><P
 >Example: <B
@@ -7663,7 +7742,7 @@ CLASS="FILENAME"
 		</P
 ><P
 >See also <A
-HREF="index.html#DOMAINADMINGROUP"
+HREF="#DOMAINADMINGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7672,7 +7751,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DOMAINLOGONS"
+HREF="#DOMAINLOGONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -7683,12 +7762,8 @@ CLASS="PARAMETER"
 >
 		</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no domain guests</I
-></SPAN
+>Default: <EM
+>no domain guests</EM
 ></P
 ><P
 >Example: <B
@@ -7708,7 +7783,7 @@ CLASS="CONSTANT"
 >true</TT
 >, the Samba server will serve 
 		Windows 95/98 Domain logons for the <A
-HREF="index.html#WORKGROUP"
+HREF="#WORKGROUP"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -7750,7 +7825,7 @@ CLASS="COMMAND"
 > to
 		claim a special domain specific NetBIOS name that identifies 
 		it as a domain master browser for its given <A
-HREF="index.html#WORKGROUP"
+HREF="#WORKGROUP"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -7810,7 +7885,7 @@ CLASS="PARAMETER"
 		strangely and may fail.</P
 ><P
 >If <A
-HREF="index.html#DOMAINLOGONS"
+HREF="#DOMAINLOGONS"
 ><B
 CLASS="COMMAND"
 >domain logons = yes</B
@@ -7867,13 +7942,9 @@ CLASS="FILENAME"
 >. 
 		Experimentation is the best policy :-)  </P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (i.e., all directories are OK 
-		to descend)</I
-></SPAN
+		to descend)</EM
 ></P
 ><P
 >Example: <B
@@ -7883,28 +7954,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="DOSCHARSET"
-></A
->dos charset (G)</DT
-><DD
-><P
->DOS SMB clients assume the server has 
-		the same charset as they do. This option specifies which 
-		charset Samba should talk to DOS clients.
-		</P
-><P
->The default depends on which charsets you have instaled. 
-		Samba tries to use charset 850 but falls back to ASCII in 
-		case it is not available. Run <A
-HREF="testparm.1.html"
-TARGET="_top"
->testparm(1)
-		</A
-> to check the default on your system.
-		</P
-></DD
-><DT
-><A
 NAME="DOSFILEMODE"
 ></A
 >dos filemode (S)</DT
@@ -8036,8 +8085,8 @@ CLASS="COMMAND"
 ></A
 > program for information on how to set up 
  		and maintain this file), or set the <A
-HREF="index.html#SECURITY"
->security = [server|domain|ads]</A
+HREF="#SECURITY"
+>security = [server|domain]</A
 > parameter which 
 		causes <B
 CLASS="COMMAND"
@@ -8047,7 +8096,7 @@ CLASS="COMMAND"
 ><P
 >Default: <B
 CLASS="COMMAND"
->encrypt passwords = yes</B
+>encrypt passwords = no</B
 ></P
 ></DD
 ><DT
@@ -8117,12 +8166,8 @@ CLASS="PARAMETER"
 		to standard output.  This listing will then be used in response
 		to the level 1 and 2 EnumPorts() RPC.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no enumports command</I
-></SPAN
+>Default: <EM
+>no enumports command</EM
 ></P
 ><P
 >Example: <B
@@ -8139,7 +8184,7 @@ NAME="EXEC"
 ><DD
 ><P
 >This is a synonym for <A
-HREF="index.html#PREEXEC"
+HREF="#PREEXEC"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -8216,7 +8261,7 @@ CLASS="COMMAND"
 		the file.</P
 ><P
 >It is generally much better to use the real <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8288,12 +8333,8 @@ NAME="FORCECREATEMODE"
 ><DD
 ><P
 >This parameter specifies a set of UNIX mode bit 
-		permissions that will <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->always</I
-></SPAN
+		permissions that will <EM
+>always</EM
 > be set on a 
 		file created by Samba. This is done by bitwise 'OR'ing these bits onto 
 		the mode bits of a file that is being created or having its 
@@ -8308,7 +8349,7 @@ CLASS="PARAMETER"
 		parameter is applied.</P
 ><P
 >See also the parameter <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8319,7 +8360,7 @@ CLASS="PARAMETER"
 > for details on masking mode bits on files.</P
 ><P
 >See also the <A
-HREF="index.html#INHERITPERMISSIONS"
+HREF="#INHERITPERMISSIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8351,12 +8392,8 @@ NAME="FORCEDIRECTORYMODE"
 ><DD
 ><P
 >This parameter specifies a set of UNIX mode bit 
-		permissions that will <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->always</I
-></SPAN
+		permissions that will <EM
+>always</EM
 > be set on a directory 
 		created by Samba. This is done by bitwise 'OR'ing these bits onto the 
 		mode bits of a directory that is being created. The default for this 
@@ -8371,7 +8408,7 @@ CLASS="PARAMETER"
 		applied.</P
 ><P
 >See also the parameter <A
-HREF="index.html#DIRECTORYMASK"
+HREF="#DIRECTORYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8382,7 +8419,7 @@ CLASS="PARAMETER"
 		on created directories.</P
 ><P
 >See also the <A
-HREF="index.html#INHERITPERMISSIONS"
+HREF="#INHERITPERMISSIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8409,7 +8446,8 @@ CLASS="COMMAND"
 ><A
 NAME="FORCEDIRECTORYSECURITYMODE"
 ></A
->force directory security mode (S)</DT
+>force directory 
+		security mode (S)</DT
 ><DD
 ><P
 >This parameter controls what UNIX permission bits 
@@ -8426,12 +8464,8 @@ NAME="FORCEDIRECTORYSECURITYMODE"
 		allows a user to modify all the user/group/world permissions on a 
 		directory without restrictions.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that users who can access the 
 		Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
@@ -8439,7 +8473,7 @@ CLASS="EMPHASIS"
 		it set as 0000.</P
 ><P
 >See also the <A
-HREF="index.html#DIRECTORYSECURITYMASK"
+HREF="#DIRECTORYSECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8447,7 +8481,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#SECURITYMASK"
+HREF="#SECURITYMASK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -8456,7 +8490,7 @@ CLASS="PARAMETER"
 ></A
 >, 
 		<A
-HREF="index.html#FORCESECURITYMODE"
+HREF="#FORCESECURITYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8508,7 +8542,7 @@ CLASS="FILENAME"
 		other users will retain their ordinary primary group.</P
 ><P
 >If the <A
-HREF="index.html#FORCEUSER"
+HREF="#FORCEUSER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8531,7 +8565,7 @@ CLASS="PARAMETER"
 >.</P
 ><P
 >See also <A
-HREF="index.html#FORCEUSER"
+HREF="#FORCEUSER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8541,12 +8575,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no forced group</I
-></SPAN
+>Default: <EM
+>no forced group</EM
 ></P
 ><P
 >Example: <B
@@ -8576,12 +8606,8 @@ NAME="FORCESECURITYMODE"
 		and allows a user to modify all the user/group/world permissions on a file,
 		with no restrictions.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that users who can access 
 		the Samba server through other means can easily bypass this restriction, 
 		so it is primarily useful for standalone "appliance" systems.  
@@ -8589,7 +8615,7 @@ CLASS="EMPHASIS"
 		this set to 0000.</P
 ><P
 >See also the <A
-HREF="index.html#FORCEDIRECTORYSECURITYMODE"
+HREF="#FORCEDIRECTORYSECURITYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8598,7 +8624,7 @@ CLASS="PARAMETER"
 ></A
 >,
 		<A
-HREF="index.html#DIRECTORYSECURITYMASK"
+HREF="#DIRECTORYSECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8607,7 +8633,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#SECURITYMASK"
+HREF="#SECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8628,6 +8654,49 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="FORCEUNKNOWNACLUSER"
+></A
+>force unknown acl user (S)</DT
+><DD
+><P
+>If this parameter is set, a Windows NT ACL that contains
+		an unknown SID (security descriptor, or representation of a user or group id)
+		as the owner or group owner of the file will be silently mapped into the
+		current UNIX uid or gid of the currently connected user.</P
+><P
+>This is designed to allow Windows NT clients to copy files and
+		folders containing ACLs that were created locally on the client machine
+		and contain users local to that machine only (no domain users) to be
+		copied to a Samba server (usually with XCOPY /O) and have the unknown
+		userid and groupid of the file owner map to the current connected user.
+		This can only be fixed correctly when winbindd allows arbitrary mapping
+		from any Windows NT SID to a UNIX uid or gid.</P
+><P
+>Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+		</P
+><P
+>See also <A
+HREF="#FORCEGROUP"
+><TT
+CLASS="PARAMETER"
+><I
+>force group
+		</I
+></TT
+></A
+></P
+><P
+>Default: <EM
+>False</EM
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>force unknown acl user = yes</B
+></P
+></DD
+><DT
+><A
 NAME="FORCEUSER"
 ></A
 >force user (S)</DT
@@ -8650,7 +8719,7 @@ NAME="FORCEUSER"
 		as the primary group of the connecting user (this was a bug).</P
 ><P
 >See also <A
-HREF="index.html#FORCEGROUP"
+HREF="#FORCEGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8660,12 +8729,8 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no forced user</I
-></SPAN
+>Default: <EM
+>no forced user</EM
 ></P
 ><P
 >Example: <B
@@ -8726,7 +8791,7 @@ NAME="GETWDCACHE"
 		caching algorithm will be used to reduce the time taken for getwd() 
 		calls. This can have a significant impact on performance, especially 
 		when the <A
-HREF="index.html#WIDELINKS"
+HREF="#WIDELINKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8752,7 +8817,7 @@ NAME="GROUP"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#FORCEGROUP"
+HREF="#FORCEGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8771,7 +8836,7 @@ NAME="GUESTACCOUNT"
 ><P
 >This is a username which will be used for access 
 		to services which are specified as <A
-HREF="index.html#GUESTOK"
+HREF="#GUESTOK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8800,17 +8865,9 @@ CLASS="COMMAND"
 >		lp(1)</B
 >.</P
 ><P
->This paramater does not accept % marcos, becouse
-	        many parts of the system require this value to be
-	        constant for correct operation</P
-><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >specified at compile time, usually 
-		"nobody"</I
-></SPAN
+		"nobody"</EM
 ></P
 ><P
 >Example: <B
@@ -8831,7 +8888,7 @@ CLASS="CONSTANT"
 > for 
 		a service, then no password is required to connect to the service. 
 		Privileges will be those of the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8841,7 +8898,7 @@ CLASS="PARAMETER"
 >.</P
 ><P
 >See the section below on <A
-HREF="index.html#SECURITY"
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8869,7 +8926,7 @@ CLASS="CONSTANT"
 > for 
 		a service, then only guest connections to the service are permitted. 
 		This parameter will have no effect if <A
-HREF="index.html#GUESTOK"
+HREF="#GUESTOK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -8879,7 +8936,7 @@ CLASS="PARAMETER"
 > is not set for the service.</P
 ><P
 >See the section below on <A
-HREF="index.html#SECURITY"
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8936,7 +8993,7 @@ NAME="HIDEFILES"
 		as they are scanned.</P
 ><P
 >See also <A
-HREF="index.html#HIDEDOTFILES"
+HREF="#HIDEDOTFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8945,7 +9002,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#VETOFILES"
+HREF="#VETOFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -8953,7 +9010,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#CASESENSITIVE"
+HREF="#CASESENSITIVE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -8962,12 +9019,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no file are hidden</I
-></SPAN
+>Default: <EM
+>no file are hidden</EM
 ></P
 ><P
 >Example: <B
@@ -9004,7 +9057,7 @@ CLASS="COMMAND"
 ><A
 NAME="HIDEUNREADABLE"
 ></A
->hide unreadable (G)</DT
+>hide unreadable (S)</DT
 ><DD
 ><P
 >This parameter prevents clients from seeing the
@@ -9017,30 +9070,13 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="HIDEUNWRITEABLEFILES"
-></A
->hide unwriteable files (G)</DT
-><DD
-><P
->This parameter prevents clients from seeing
-		the existance of files that cannot be written to. Defaults to off.
-		Note that unwriteable directories are shown as usual.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->hide unwriteable = no</B
-></P
-></DD
-><DT
-><A
 NAME="HOMEDIRMAP"
 ></A
 >homedir map (G)</DT
 ><DD
 ><P
 >If<A
-HREF="index.html#NISHOMEDIR"
+HREF="#NISHOMEDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9079,17 +9115,13 @@ CLASS="COMMAND"
 		that copes with different map formats and also Amd (another 
 		automounter) maps.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE :</I
-></SPAN
+><EM
+>NOTE :</EM
 >A working NIS client is required on 
 		the system for this option to work.</P
 ><P
 >See also <A
-HREF="index.html#NISHOMEDIR"
+HREF="#NISHOMEDIR"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9098,7 +9130,7 @@ CLASS="PARAMETER"
 >
 		</A
 >, <A
-HREF="index.html#DOMAINLOGONS"
+HREF="#DOMAINLOGONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9110,7 +9142,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->homedir map = &lt;empty string&gt;</B
+>homedir map = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -9137,7 +9169,7 @@ CLASS="CONSTANT"
 		to browse Dfs trees hosted on the server.</P
 ><P
 >See also the <A
-HREF="index.html#MSDFSROOT"
+HREF="#MSDFSROOT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9160,35 +9192,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="HOSTNAMELOOKUPS"
-></A
->hostname lookups (G)</DT
-><DD
-><P
->Specifies whether samba should use (expensive)
-		hostname lookups or use the ip addresses instead. An example place
-		where hostname lookups are currently used is when checking 
-		the <B
-CLASS="COMMAND"
->hosts deny</B
-> and <B
-CLASS="COMMAND"
->hosts allow</B
->.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->hostname lookups = yes</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->hostname lookups = no</B
-></P
-></DD
-><DT
-><A
 NAME="HOSTSALLOW"
 ></A
 >hosts allow (S)</DT
@@ -9225,7 +9228,7 @@ CLASS="FILENAME"
 ><P
 >Note that the localhost address 127.0.0.1 will always 
 		be allowed access unless specifically denied by a <A
-HREF="index.html#HOSTSDENY"
+HREF="#HOSTSDENY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9236,12 +9239,8 @@ CLASS="PARAMETER"
 ><P
 >You can also specify hosts by network/netmask pairs and 
 		by netgroup names if your system supports netgroups. The 
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->EXCEPT</I
-></SPAN
+		<EM
+>EXCEPT</EM
 > keyword can also be used to limit a 
 		wildcard list. The following examples may provide some help:</P
 ><P
@@ -9292,13 +9291,9 @@ CLASS="COMMAND"
 > for a way of testing your host access to see if it does 
 		what you expect.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (i.e., all hosts permitted access)
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >Example: <B
@@ -9320,12 +9315,8 @@ CLASS="PARAMETER"
 >hosts allow</I
 ></TT
 > 
-		- hosts listed here are <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
+		- hosts listed here are <EM
+>NOT</EM
 > permitted access to 
 		services unless the specific services have their own lists to override 
 		this one. Where the lists conflict, the <TT
@@ -9336,13 +9327,9 @@ CLASS="PARAMETER"
 > 
 		list takes precedence.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (i.e., no hosts specifically excluded)
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >Example: <B
@@ -9364,7 +9351,7 @@ NAME="HOSTSEQUIV"
 		</P
 ><P
 >This is not be confused with <A
-HREF="index.html#HOSTSALLOW"
+HREF="#HOSTSALLOW"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -9380,12 +9367,8 @@ CLASS="PARAMETER"
 > may be useful for NT clients which will 
 		not supply passwords to Samba.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE :</I
-></SPAN
+><EM
+>NOTE :</EM
 > The use of <TT
 CLASS="PARAMETER"
 ><I
@@ -9402,21 +9385,13 @@ CLASS="PARAMETER"
 ></TT
 > option be only used if you really 
 		know what you are doing, or perhaps on a home network where you trust 
-		your spouse and kids. And only if you <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->really</I
-></SPAN
+		your spouse and kids. And only if you <EM
+>really</EM
 > trust 
 		them :-).</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no host equivalences</I
-></SPAN
+>Default: <EM
+>no host equivalences</EM
 ></P
 ><P
 >Example: <B
@@ -9454,12 +9429,8 @@ CLASS="PARAMETER"
 >.
 		</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no file included</I
-></SPAN
+>Default: <EM
+>no file included</EM
 ></P
 ><P
 >Example: <B
@@ -9499,7 +9470,7 @@ NAME="INHERITPERMISSIONS"
 ><P
 >The permissions on new files and directories 
 		are normally governed by <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9507,7 +9478,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DIRECTORYMASK"
+HREF="#DIRECTORYMASK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -9515,7 +9486,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#FORCECREATEMODE"
+HREF="#FORCECREATEMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9524,7 +9495,7 @@ CLASS="PARAMETER"
 >
 		</A
 > and <A
-HREF="index.html#FORCEDIRECTORYMODE"
+HREF="#FORCEDIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9541,7 +9512,7 @@ CLASS="PARAMETER"
 >New files inherit their read/write bits from the parent 
 		directory.  Their execute bits continue to be determined by
 		<A
-HREF="index.html#MAPARCHIVE"
+HREF="#MAPARCHIVE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9550,7 +9521,7 @@ CLASS="PARAMETER"
 >
 		</A
 >, <A
-HREF="index.html#MAPHIDDEN"
+HREF="#MAPHIDDEN"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9559,7 +9530,7 @@ CLASS="PARAMETER"
 >
 		</A
 > and <A
-HREF="index.html#MAPSYSTEM"
+HREF="#MAPSYSTEM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9569,12 +9540,8 @@ CLASS="PARAMETER"
 		</A
 > as usual.</P
 ><P
->Note that the setuid bit is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->never</I
-></SPAN
+>Note that the setuid bit is <EM
+>never</EM
 > set via 
 		inheritance (the code explicitly prohibits this).</P
 ><P
@@ -9583,7 +9550,7 @@ CLASS="EMPHASIS"
 		share to be used flexibly by each user.</P
 ><P
 >See also <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9592,7 +9559,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DIRECTORYMASK"
+HREF="#DIRECTORYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9600,7 +9567,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#FORCECREATEMODE"
+HREF="#FORCECREATEMODE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -9608,7 +9575,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#FORCEDIRECTORYMODE"
+HREF="#FORCEDIRECTORYMODE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9684,7 +9651,7 @@ CLASS="COMMAND"
 		The netmasks of the latter two interfaces would be set to 255.255.255.0.</P
 ><P
 >See also <A
-HREF="index.html#BINDINTERFACESONLY"
+HREF="#BINDINTERFACESONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9694,13 +9661,9 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >all active interfaces except 127.0.0.1 
-		that are broadcast capable</I
-></SPAN
+		that are broadcast capable</EM
 ></P
 ></DD
 ><DT
@@ -9711,12 +9674,8 @@ NAME="INVALIDUSERS"
 ><DD
 ><P
 >This is a list of users that should not be allowed 
-		to login to this service. This is really a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->paranoid</I
-></SPAN
+		to login to this service. This is really a <EM
+>paranoid</EM
 > 
 		check to absolutely ensure an improper setting does not breach 
 		your security.</P
@@ -9733,7 +9692,7 @@ CLASS="EMPHASIS"
 		so the value <TT
 CLASS="PARAMETER"
 ><I
->+&amp;group</I
+>+&#38;group</I
 ></TT
 > means check the 
 		UNIX group database, followed by the NIS netgroup database, and 
@@ -9755,7 +9714,7 @@ CLASS="PARAMETER"
 		This is useful in the [homes] section.</P
 ><P
 >See also <A
-HREF="index.html#VALIDUSERS"
+HREF="#VALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9765,12 +9724,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no invalid users</I
-></SPAN
+>Default: <EM
+>no invalid users</EM
 ></P
 ><P
 >Example: <B
@@ -9799,7 +9754,7 @@ CLASS="PARAMETER"
 ><P
 >Keepalives should, in general, not be needed if the socket 
 		being used has the SO_KEEPALIVE attribute set on it (see <A
-HREF="index.html#SOCKETOPTIONS"
+HREF="#SOCKETOPTIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9827,7 +9782,7 @@ NAME="KERNELOPLOCKS"
 ><DD
 ><P
 >For UNIXes that support kernel based <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9854,12 +9809,8 @@ CLASS="COMMAND"
 >
 		</A
 > has oplocked. This allows complete data consistency between 
-		SMB/CIFS, NFS and local file access (and is a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->very</I
-></SPAN
+		SMB/CIFS, NFS and local file access (and is a <EM
+>very</EM
 > 
 		cool feature :-).</P
 ><P
@@ -9871,7 +9822,7 @@ CLASS="CONSTANT"
 		You should never need to touch this parameter.</P
 ><P
 >See also the <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9880,7 +9831,7 @@ CLASS="PARAMETER"
 >
 		</A
 > and <A
-HREF="index.html#LEVEL2OPLOCKS"
+HREF="#LEVEL2OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -9933,13 +9884,13 @@ TARGET="_top"
 		with Windows 2000. Note that due to Windows 2000 client redirector bugs
 		this requires Samba to be running on a 64-bit capable operating system such
 		as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
-		Windows 2000 clients. Defaults to on. Not as tested as some other Samba
+		Windows 2000 clients. Defaults to off. Not as tested as some other Samba
 		code paths.
 		</P
 ><P
 >Default : <B
 CLASS="COMMAND"
->large readwrite = yes</B
+>large readwrite = no</B
 ></P
 ></DD
 ><DT
@@ -9949,14 +9900,26 @@ NAME="LDAPADMINDN"
 >ldap admin dn (G)</DT
 ><DD
 ><P
-> The <TT
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		The <TT
 CLASS="PARAMETER"
 ><I
 >ldap admin dn</I
 ></TT
 > defines the Distinguished 
-		Name (DN) name used by Samba to contact the ldap server when retreiving 
-		user account information. The <TT
+		Name (DN) name used by Samba to contact the <A
+HREF="#LDAPSERVER"
+>ldap
+		server</A
+> when retreiving user account information. The <TT
 CLASS="PARAMETER"
 ><I
 >ldap
@@ -9978,12 +9941,8 @@ CLASS="COMMAND"
 		page for more information on how to accmplish this.
 		</P
 ><P
->Default : <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default : <EM
+>none</EM
 ></P
 ></DD
 ><DT
@@ -9993,7 +9952,16 @@ NAME="LDAPFILTER"
 >ldap filter (G)</DT
 ><DD
 ><P
->This parameter specifies the RFC 2254 compliant LDAP search filter.
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This parameter specifies the RFC 2254 compliant LDAP search filter.
 		The default is to match the login name with the <TT
 CLASS="CONSTANT"
 >uid</TT
@@ -10007,7 +9975,77 @@ CLASS="CONSTANT"
 ><P
 >Default : <B
 CLASS="COMMAND"
->ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</B
+>ldap filter = (&#38;(uid=%u)(objectclass=sambaAccount))</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPPORT"
+></A
+>ldap port (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This option is used to control the tcp port number used to contact
+		the <A
+HREF="#LDAPSERVER"
+><TT
+CLASS="PARAMETER"
+><I
+>ldap server</I
+></TT
+></A
+>.
+		The default is to use the stand LDAPS port 636.
+		</P
+><P
+>See Also: <A
+HREF="#LDAPSSL"
+>ldap ssl</A
+>
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap port = 636 ; if ldap ssl = on</B
+></P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap port = 389 ; if ldap ssl = off</B
+></P
+></DD
+><DT
+><A
+NAME="LDAPSERVER"
+></A
+>ldap server (G)</DT
+><DD
+><P
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This parameter should contains the FQDN of the ldap directory 
+		server which should be queried to locate user account information.
+		</P
+><P
+>Default : <B
+CLASS="COMMAND"
+>ldap server = localhost</B
 ></P
 ></DD
 ><DT
@@ -10017,16 +10055,29 @@ NAME="LDAPSSL"
 >ldap ssl (G)</DT
 ><DD
 ><P
->This option is used to define whether or not Samba should
-		use SSL when connecting to the ldap server
-		This is <SPAN
-CLASS="emphasis"
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
+		</P
+><P
+>		This option is used to define whether or not Samba should
+		use SSL when connecting to the <A
+HREF="#LDAPSERVER"
+><TT
+CLASS="PARAMETER"
 ><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
+>ldap
+		server</I
+></TT
+></A
+>.  This is <EM
+>NOT</EM
 > related to
-		Samba's previous SSL support which was enabled by specifying the 
+		Samba SSL support which is enabled by specifying the 
 		<B
 CLASS="COMMAND"
 >--with-ssl</B
@@ -10034,7 +10085,15 @@ CLASS="COMMAND"
 CLASS="FILENAME"
 >configure</TT
 > 
-		script.
+		script (see <A
+HREF="#SSL"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl</I
+></TT
+></A
+>).
 		</P
 ><P
 >		The <TT
@@ -10076,49 +10135,17 @@ NAME="LDAPSUFFIX"
 >ldap suffix (G)</DT
 ><DD
 ><P
->Default : <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
-></P
-></DD
-><DT
-><A
-NAME="LDAPUSERSUFFIX"
-></A
->ldap user suffix (G)</DT
-><DD
-><P
->It specifies where users are added to the tree.
-		</P
-><P
->Default : <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
-></P
-></DD
-><DT
-><A
-NAME="LDAPMACHINESUFFIX"
-></A
->ldap machine suffix (G)</DT
-><DD
-><P
->It specifies where machines should be 
-                added to the ldap tree.
+>This parameter is only available if Samba has been
+		configure to include the <B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option
+		at compile time. This option should be considered experimental and
+		under active development.
 		</P
 ><P
->Default : <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default : <EM
+>none</EM
 ></P
 ></DD
 ><DT
@@ -10152,7 +10179,7 @@ NAME="LEVEL2OPLOCKS"
 >For more discussions on level2 oplocks see the CIFS spec.</P
 ><P
 >Currently, if <A
-HREF="index.html#KERNELOPLOCKS"
+HREF="#KERNELOPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10166,7 +10193,7 @@ CLASS="CONSTANT"
 >yes</TT
 >). 
 		Note also, the <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10181,7 +10208,7 @@ CLASS="CONSTANT"
 		this parameter to have any effect.</P
 ><P
 >See also the <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10190,7 +10217,7 @@ CLASS="PARAMETER"
 >
 		</A
 > and <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10265,7 +10292,7 @@ CLASS="PARAMETER"
 >.</P
 ><P
 >See also <A
-HREF="index.html#LMINTERVAL"
+HREF="#LMINTERVAL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10294,7 +10321,7 @@ NAME="LMINTERVAL"
 ><P
 >If Samba is set to produce Lanman announce 
 		broadcasts needed by OS/2 clients (see the <A
-HREF="index.html#LMANNOUNCE"
+HREF="#LMANNOUNCE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -10313,7 +10340,7 @@ CLASS="PARAMETER"
 		parameter.</P
 ><P
 >See also <A
-HREF="index.html#LMANNOUNCE"
+HREF="#LMANNOUNCE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10343,7 +10370,7 @@ NAME="LOADPRINTERS"
 >A boolean variable that controls whether all 
 		printers in the printcap will be loaded for browsing by default. 
 		See the <A
-HREF="index.html#AEN79"
+HREF="#AEN79"
 >printers</A
 > section for 
 		more details.</P
@@ -10383,22 +10410,14 @@ CLASS="CONSTANT"
 CLASS="CONSTANT"
 >true</TT
 > doesn't
-		mean that Samba will <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->become</I
-></SPAN
+		mean that Samba will <EM
+>become</EM
 > the local master 
 		browser on a subnet, just that <B
 CLASS="COMMAND"
 >nmbd</B
-> will <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->		participate</I
-></SPAN
+> will <EM
+>		participate</EM
 > in elections for local master browser.</P
 ><P
 >Setting this value to <TT
@@ -10408,12 +10427,8 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >nmbd</B
 >
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->never</I
-></SPAN
+		<EM
+>never</EM
 > to become a local master browser.</P
 ><P
 >Default: <B
@@ -10429,7 +10444,7 @@ NAME="LOCKDIR"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#LOCKDIRECTORY"
+HREF="#LOCKDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10448,7 +10463,7 @@ NAME="LOCKDIRECTORY"
 >This option specifies the directory where lock 
 		files will be placed.  The lock files are used to implement the 
 		<A
-HREF="index.html#MAXCONNECTIONS"
+HREF="#MAXCONNECTIONS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10502,7 +10517,7 @@ NAME="LOCKSPINTIME"
 >The time in microseconds that smbd should 
 		pause before attempting to gain a failed lock.  See
 		<A
-HREF="index.html#LOCKSPINCOUNT"
+HREF="#LOCKSPINCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10543,19 +10558,11 @@ CLASS="COMMAND"
 >, real locking will be performed 
 		by the server.</P
 ><P
->This option <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->may</I
-></SPAN
+>This option <EM
+>may</EM
 > be useful for read-only 
-		filesystems which <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->may</I
-></SPAN
+		filesystems which <EM
+>may</EM
 > not need locking (such as 
 		CDROM drives), although setting this parameter of <TT
 CLASS="CONSTANT"
@@ -10598,14 +10605,12 @@ NAME="LOGLEVEL"
 >log level (G)</DT
 ><DD
 ><P
->The value of the parameter (a astring) allows 
+>The value of the parameter (an integer) allows 
 		the debug level (logging level) to be specified in the 
 		<TT
 CLASS="FILENAME"
 >smb.conf</TT
-> file. This parameter has been
-		extended since 2.2.x series, now it allow to specify the debug
-		level for multiple debug classes. This is to give greater 
+> file. This is to give greater 
 		flexibility in the configuration of the system.</P
 ><P
 >The default will be the log level specified on 
@@ -10613,8 +10618,7 @@ CLASS="FILENAME"
 ><P
 >Example: <B
 CLASS="COMMAND"
->log level = 3 passdb:5 auth:10 winbind:2
-		</B
+>log level = 3</B
 ></P
 ></DD
 ><DT
@@ -10626,7 +10630,7 @@ NAME="LOGONDRIVE"
 ><P
 >This parameter specifies the local path to 
 		which the home directory will be connected (see <A
-HREF="index.html#LOGONHOME"
+HREF="#LOGONHOME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -10695,7 +10699,7 @@ CLASS="COMMAND"
 		but use the whole string when dealing with profiles.</P
 ><P
 >Note that in prior versions of Samba, the <A
-HREF="index.html#LOGONPATH"
+HREF="#LOGONPATH"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -10742,7 +10746,7 @@ NAME="LOGONPATH"
 		stored.  Contrary to previous versions of these manual pages, it has 
 		nothing to do with Win 9X roaming profiles.  To find out how to 
 		handle roaming profiles for Win 9X system, see the <A
-HREF="index.html#LOGONHOME"
+HREF="#LOGONHOME"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -10780,12 +10784,8 @@ CLASS="FILENAME"
 >Thereafter, the directories and any of the contents can, 
 		if required, be made read-only.  It is not advisable that the 
 		NTuser.dat file be made read-only - rename it to NTuser.man to 
-		achieve the desired effect (a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->MAN</I
-></SPAN
+		achieve the desired effect (a <EM
+>MAN</EM
 >datory 
 		profile). </P
 ><P
@@ -10826,7 +10826,7 @@ NAME="LOGONSCRIPT"
 ><P
 >The script must be a relative path to the [netlogon] 
 		service.  If the [netlogon] service specifies a <A
-HREF="index.html#PATH"
+HREF="#PATH"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -10875,12 +10875,8 @@ CLASS="COMMAND"
 >This option is only useful if Samba is set up as a logon 
 		server.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no logon script defined</I
-></SPAN
+>Default: <EM
+>no logon script defined</EM
 ></P
 ><P
 >Example: <B
@@ -10937,7 +10933,7 @@ CLASS="PARAMETER"
 		in the lppause command as the PATH may not be available to the server.</P
 ><P
 >See also the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11031,7 +11027,7 @@ CLASS="COMMAND"
 >A value of 0 will disable caching completely.</P
 ><P
 >See also the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11115,7 +11111,7 @@ CLASS="PARAMETER"
 		print queue listing.</P
 ><P
 >See also the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11125,17 +11121,13 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <TT
 CLASS="PARAMETER"
 ><I
 >		printing</I
 ></TT
-></I
-></SPAN
+></EM
 ></P
 ><P
 >Example: <B
@@ -11157,7 +11149,7 @@ NAME="LPRESUMECOMMAND"
 >This command should be a program or script which takes 
 		a printer name and job number to resume the print job. See 
 		also the <A
-HREF="index.html#LPPAUSECOMMAND"
+HREF="#LPPAUSECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11191,7 +11183,7 @@ CLASS="PARAMETER"
 		be available to the server.</P
 ><P
 >See also the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11277,7 +11269,7 @@ CLASS="PARAMETER"
 		available to the server.</P
 ><P
 >See also the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11287,18 +11279,14 @@ CLASS="PARAMETER"
 ></A
 > parameter.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <TT
 CLASS="PARAMETER"
 ><I
 >printing
 		</I
 ></TT
-></I
-></SPAN
+></EM
 ></P
 ><P
 >Example 1: <B
@@ -11322,7 +11310,7 @@ NAME="MACHINEPASSWORDTIMEOUT"
 ><P
 >If a Samba server is a member of a Windows 
 		NT Domain (see the <A
-HREF="index.html#SECURITYEQUALSDOMAIN"
+HREF="#SECURITYEQUALSDOMAIN"
 >security = domain</A
 >) 
 		parameter) then periodically a running <A
@@ -11347,7 +11335,7 @@ CLASS="COMMAND"
 		</B
 ></A
 >, and the <A
-HREF="index.html#SECURITYEQUALSDOMAIN"
+HREF="#SECURITYEQUALSDOMAIN"
 >		security = domain</A
 >) parameter.</P
 ><P
@@ -11366,7 +11354,7 @@ NAME="MAGICOUTPUT"
 >This parameter specifies the name of a file 
 		which will contain output created by a magic script (see the 
 		<A
-HREF="index.html#MAGICSCRIPT"
+HREF="#MAGICSCRIPT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11387,7 +11375,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->magic output = &lt;magic script name&gt;.out
+>magic output = &#60;magic script name&#62;.out
 		</B
 ></P
 ><P
@@ -11414,7 +11402,7 @@ NAME="MAGICSCRIPT"
 ><P
 >If the script generates output, output will be sent to 
 		the file specified by the <A
-HREF="index.html#MAGICOUTPUT"
+HREF="#MAGICOUTPUT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11426,36 +11414,20 @@ CLASS="PARAMETER"
 >Note that some shells are unable to interpret scripts 
 		containing CR/LF instead of CR as 
 		the end-of-line marker. Magic scripts must be executable 
-		<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->as is</I
-></SPAN
+		<EM
+>as is</EM
 > on the host, which for some hosts and 
 		some shells will require filtering at the DOS end.</P
 ><P
->Magic scripts are <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->EXPERIMENTAL</I
-></SPAN
+>Magic scripts are <EM
+>EXPERIMENTAL</EM
 > and 
-		should <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOT</I
-></SPAN
+		should <EM
+>NOT</EM
 > be relied upon.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->None. Magic scripts disabled.</I
-></SPAN
+>Default: <EM
+>None. Magic scripts disabled.</EM
 ></P
 ><P
 >Example: <B
@@ -11471,7 +11443,7 @@ NAME="MANGLECASE"
 ><DD
 ><P
 >See the section on <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >		NAME MANGLING</A
 ></P
 ><P
@@ -11522,12 +11494,8 @@ CLASS="FILENAME"
 > off the ends of filenames on some CDROMs (only visible 
 		under some UNIXes). To do this use a map of (*;1 *;).</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no mangled map</I
-></SPAN
+>Default: <EM
+>no mangled map</EM
 ></P
 ><P
 >Example: <B
@@ -11547,11 +11515,11 @@ NAME="MANGLEDNAMES"
 		or whether non-DOS names should simply be ignored.</P
 ><P
 >See the section on <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >		NAME MANGLING</A
 > for details on how to control the mangling process.</P
 ><P
->If mangling is used then the mangling algorithm is as follows:</P
+>If mangling algorithm "hash" is used then the mangling algorithm is as follows:</P
 ><P
 ></P
 ><UL
@@ -11573,7 +11541,7 @@ HREF="index.html#AEN203"
 ><P
 >Note that the character to use may be specified using 
 			the <A
-HREF="index.html#MANGLINGCHAR"
+HREF="#MANGLINGCHAR"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11609,6 +11577,60 @@ CLASS="PARAMETER"
 		in a directory share the same first five alphanumeric characters. 
 		The probability of such a clash is 1/1300.</P
 ><P
+>If mangling algorithm "hash2" is used then the mangling algorithm is as follows:</P
+><P
+></P
+><UL
+><LI
+><P
+>The first alphanumeric character 
+			before the rightmost dot of the filename is preserved, forced 
+			to upper case, and appears as the first character of the mangled name.
+			</P
+></LI
+><LI
+><P
+>A base63 hash of 5 characters is generated and the
+			first 4 characters of that hash are appended to the first character.
+			</P
+></LI
+><LI
+><P
+>A tilde "~" is appended to the first part of the mangled
+			name, followed by the final character of the base36 hash of the name.
+			</P
+><P
+>Note that the character to use may be specified using 
+			the <A
+HREF="#MANGLINGCHAR"
+><TT
+CLASS="PARAMETER"
+><I
+>mangling char</I
+></TT
+>
+			</A
+> option, if you don't like '~'.</P
+></LI
+><LI
+><P
+>The first three alphanumeric characters of the final 
+			extension are preserved, forced to upper case and appear as the 
+			extension of the mangled name. The final extension is defined as that 
+			part of the original filename after the rightmost dot. If there are no 
+			dots in the filename, the mangled name will have no extension (except 
+			in the case of "hidden files" - see below).</P
+></LI
+><LI
+><P
+>Files whose UNIX name begins with a dot will be 
+			presented as DOS hidden files. The mangled name will be created as 
+			for other filenames, but with the leading dot removed and "___" as 
+			its extension regardless of actual original extension (that's three 
+			underscores).</P
+></LI
+></UL
+><P
 >The name mangling (if enabled) allows a file to be 
 		copied between UNIX directories from Windows/DOS while retaining 
 		the long UNIX filename. UNIX files can be renamed to a new extension 
@@ -11622,33 +11644,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="MANGLINGMETHOD"
-></A
->mangling method (G)</DT
-><DD
-><P
-> controls the algorithm used for the generating
-		the mangled names. Can take two different values, "hash" and
-		"hash2". "hash" is  the default and is the algorithm that has been
-		used in Samba for many years. "hash2" is a newer and considered
-		a better algorithm (generates less collisions) in the names.
-		However, many Win32 applications store the mangled names and so
-		changing to the new algorithm must not be done
-		lightly as these applications may break unless reinstalled.
-		New installations of Samba may set the default to hash2.</P
-><P
->Default: <B
-CLASS="COMMAND"
->mangling method = hash</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->mangling method = hash2</B
-></P
-></DD
-><DT
-><A
 NAME="MANGLEDSTACK"
 ></A
 >mangled stack (G)</DT
@@ -11692,14 +11687,10 @@ NAME="MANGLINGCHAR"
 ><DD
 ><P
 >This controls what character is used as 
-		the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->magic</I
-></SPAN
+		the <EM
+>magic</EM
 > character in <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >name mangling</A
 >. The default is a '~'
 		but this may interfere with some software. Use this option to set 
@@ -11717,6 +11708,33 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="MANGLINGMETHOD"
+></A
+>mangling mathod(G)</DT
+><DD
+><P
+> controls the algorithm used for the generating
+                the mangled names. Can take two different values, "hash" and
+                "hash2". "hash" is  the default and is the algorithm that has been
+                used in Samba for many years. "hash2" is a newer and considered
+                a better algorithm (generates less collisions) in the names.
+                However, many Win32 applications store the mangled names and so
+		changing to the new algorithm must not be done
+                lightly as these applications may break unless reinstalled.
+                New installations of Samba may set the default to hash2.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>mangling method = hash</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>mangling method = hash2</B
+></P
+></DD
+><DT
+><A
 NAME="MAPARCHIVE"
 ></A
 >map archive (S)</DT
@@ -11737,7 +11755,7 @@ CLASS="PARAMETER"
 >
 		parameter to be set such that owner execute bit is not masked out 
 		(i.e. it must include 100). See the parameter <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -11769,7 +11787,7 @@ CLASS="PARAMETER"
 > 
 		to be set such that the world execute bit is not masked out (i.e. 
 		it must include 001). See the parameter <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -11801,7 +11819,7 @@ CLASS="PARAMETER"
 > 
 		to be set such that the group execute bit is not masked out (i.e. 
 		it must include 010). See the parameter <A
-HREF="index.html#CREATEMASK"
+HREF="#CREATEMASK"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -11823,7 +11841,7 @@ NAME="MAPTOGUEST"
 ><DD
 ><P
 >This parameter is only useful in <A
-HREF="index.html#SECURITY"
+HREF="#SECURITY"
 >		security</A
 > modes other than <TT
 CLASS="PARAMETER"
@@ -11873,7 +11891,7 @@ CLASS="CONSTANT"
 			logins with an invalid password are rejected, unless the username 
 			does not exist, in which case it is treated as a guest login and 
 			mapped into the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -11890,7 +11908,7 @@ CLASS="CONSTANT"
 > - Means user logins 
 			with an invalid password are treated as a guest login and mapped 
 			into the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 >guest account</A
 >. Note that 
 			this can cause problems as it means that any user incorrectly typing 
@@ -11898,12 +11916,8 @@ HREF="index.html#GUESTACCOUNT"
 			will not know the reason they cannot access files they think
 			they should - there will have been no message given to them
 			that they got their password wrong. Helpdesk services will
-			<SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->hate</I
-></SPAN
+			<EM
+>hate</EM
 > you if you set the <TT
 CLASS="PARAMETER"
 ><I
@@ -11922,12 +11936,8 @@ CLASS="PARAMETER"
 ></TT
 > modes other than 
 		share. This is because in these modes the name of the resource being
-		requested is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client so the server 
 		cannot make authentication decisions at the correct time (connection 
@@ -11969,7 +11979,7 @@ CLASS="PARAMETER"
 ><P
 >Record lock files are used to implement this feature. The 
 		lock files will be stored in the directory specified by the <A
-HREF="index.html#LOCKDIRECTORY"
+HREF="#LOCKDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12121,7 +12131,7 @@ CLASS="COMMAND"
 ></A
 > will remote "Out of Space" to the client.
 		See all <A
-HREF="index.html#TOTALPRINTJOBS"
+HREF="#TOTALPRINTJOBS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12177,12 +12187,8 @@ CLASS="CONSTANT"
 ><TT
 CLASS="CONSTANT"
 >LANMAN1</TT
->: First <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->			modern</I
-></SPAN
+>: First <EM
+>			modern</EM
 > version of the protocol. Long filename
 			support.</P
 ></LI
@@ -12209,7 +12215,7 @@ CLASS="CONSTANT"
 		the appropriate protocol.</P
 ><P
 >See also <A
-HREF="index.html#MINPROTOCOL"
+HREF="#MINPROTOCOL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12305,7 +12311,7 @@ TARGET="_top"
 >nmbd(8)
 		</A
 > when acting as a WINS server (<A
-HREF="index.html#WINSSUPPORT"
+HREF="#WINSSUPPORT"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -12321,7 +12327,7 @@ CLASS="COMMAND"
 		parameter.  The default is 6 days (518400 seconds).</P
 ><P
 >See also the <A
-HREF="index.html#MINWINSTTL"
+HREF="#MINWINSTTL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12385,13 +12391,9 @@ CLASS="COMMAND"
 CLASS="COMMAND"
 >xedit</B
 >, then 
-		removes it afterwards. <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+		removes it afterwards. <EM
 >NOTE THAT IT IS VERY IMPORTANT 
-		THAT THIS COMMAND RETURN IMMEDIATELY</I
-></SPAN
+		THAT THIS COMMAND RETURN IMMEDIATELY</EM
 >. That's why I 
 		have the '&#38;' on the end. If it doesn't return immediately then 
 		your PCs may freeze when sending messages (they should recover 
@@ -12457,7 +12459,7 @@ CLASS="PARAMETER"
 ><B
 CLASS="COMMAND"
 >message command = /bin/mail -s 'message from %f on 
-		%m' root &lt; %s; rm %s</B
+		%m' root &#60; %s; rm %s</B
 ></P
 ><P
 >If you don't have a message command then the message 
@@ -12473,12 +12475,8 @@ CLASS="COMMAND"
 >message command = rm %s</B
 ></P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no message command</I
-></SPAN
+>Default: <EM
+>no message command</EM
 ></P
 ><P
 >Example: <B
@@ -12495,7 +12493,7 @@ NAME="MINPASSWDLENGTH"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#MINPASSWORDLENGTH"
+HREF="#MINPASSWORDLENGTH"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -12519,7 +12517,7 @@ CLASS="COMMAND"
 		UNIX password changing.</P
 ><P
 >See also <A
-HREF="index.html#UNIXPASSWORDSYNC"
+HREF="#UNIXPASSWORDSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12528,7 +12526,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -12536,7 +12534,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#PASSWDCHATDEBUG"
+HREF="#PASSWDCHATDEBUG"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12564,7 +12562,7 @@ NAME="MINPRINTSPACE"
 		means a user can always spool a print job.</P
 ><P
 >See also the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12594,7 +12592,7 @@ NAME="MINPROTOCOL"
 >The value of the parameter (a string) is the 
 		lowest SMB protocol dialect than Samba will support.  Please refer
 		to the <A
-HREF="index.html#MAXPROTOCOL"
+HREF="#MAXPROTOCOL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12612,7 +12610,7 @@ CLASS="FILENAME"
 ><P
 >If you are viewing this parameter as a security measure, you should
 		also refer to the <A
-HREF="index.html#LANMANAUTH"
+HREF="#LANMANAUTH"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12647,7 +12645,7 @@ TARGET="_top"
 >nmbd(8)</A
 >
 		when acting as a WINS server (<A
-HREF="index.html#WINSSUPPORT"
+HREF="#WINSSUPPORT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12698,7 +12696,7 @@ TARGET="_top"
 >.</P
 ><P
 >See also <A
-HREF="index.html#HOSTMSDFS"
+HREF="#HOSTMSDFS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12715,28 +12713,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="NAMECACHETIMEOUT"
-></A
->name cache timeout (G)</DT
-><DD
-><P
->Specifies the number of seconds it takes before 
-		entries in samba's hostname resolve cache time out. If 
-		the timeout is set to 0. the caching is disabled.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->name cache timeout = 660</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->name cache timeout = 0</B
-></P
-></DD
-><DT
-><A
 NAME="NAMERESOLVEORDER"
 ></A
 >name resolve order (G)</DT
@@ -12793,7 +12769,7 @@ CLASS="CONSTANT"
 >wins</TT
 > : Query a name with 
 			the IP address listed in the <A
-HREF="index.html#WINSSERVER"
+HREF="#WINSSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12810,7 +12786,7 @@ CLASS="CONSTANT"
 >bcast</TT
 > : Do a broadcast on 
 			each of the known local interfaces listed in the <A
-HREF="index.html#INTERFACES"
+HREF="#INTERFACES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12860,7 +12836,7 @@ TARGET="_top"
 		with these capabilities.</P
 ><P
 >See also <A
-HREF="index.html#NETBIOSNAME"
+HREF="#NETBIOSNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12870,12 +12846,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->empty string (no additional names)</I
-></SPAN
+>Default: <EM
+>empty string (no additional names)</EM
 ></P
 ><P
 >Example: <B
@@ -12898,7 +12870,7 @@ NAME="NETBIOSNAME"
 		advertised under.</P
 ><P
 >See also <A
-HREF="index.html#NETBIOSALIASES"
+HREF="#NETBIOSALIASES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -12908,12 +12880,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->machine DNS name</I
-></SPAN
+>Default: <EM
+>machine DNS name</EM
 ></P
 ><P
 >Example: <B
@@ -12957,7 +12925,7 @@ NAME="NISHOMEDIR"
 		it will be mounted on the Samba client directly from the directory 
 		server. When Samba is returning the home share to the client, it 
 		will consult the NIS map specified in <A
-HREF="index.html#HOMEDIRMAP"
+HREF="#HOMEDIRMAP"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -12978,37 +12946,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="NONUNIXACCOUNTRANGE"
-></A
->non unix account range (G)</DT
-><DD
-><P
->The non unix account range parameter specifies 
-                the range of 'user ids' that are allocated by the various 'non unix 
-                account' passdb backends.  These backends allow
-                the storage of passwords for users who don't exist in /etc/passwd.  
-                This is most often used for machine account creation. 
-                This range of ids should have no existing local or NIS users within 
-                it as strange conflicts can occur otherwise.</P
-><P
->NOTE: These userids never appear on the system and Samba will never
-                'become' these users. They are used only to ensure that the algorithmic 
-                RID mapping does not conflict with normal users.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->non unix account range = &lt;empty string&gt;
-		</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->non unix account range = 10000-20000</B
-></P
-></DD
-><DT
-><A
 NAME="NTACLSUPPORT"
 ></A
 >nt acl support (S)</DT
@@ -13056,6 +12993,40 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
+NAME="NTSMBSUPPORT"
+></A
+>nt smb support (G)</DT
+><DD
+><P
+>This boolean parameter controls whether <A
+HREF="smbd.8.html"
+TARGET="_top"
+>smbd(8)</A
+> will negotiate NT specific SMB
+		support with Windows NT/2k/XP clients. Although this is a developer
+		debugging option and should be left alone, benchmarking has discovered
+		that Windows NT clients give faster performance with this option
+		set to <TT
+CLASS="CONSTANT"
+>no</TT
+>. This is still being investigated.
+	 	If this option is set to <TT
+CLASS="CONSTANT"
+>no</TT
+> then Samba offers
+		exactly the same SMB calls that versions prior to Samba 2.0 offered.
+		This information may be of use if any users are having problems
+		with NT SMB support.</P
+><P
+>You should not need to ever disable this parameter.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>nt smb support = yes</B
+></P
+></DD
+><DT
+><A
 NAME="NTSTATUSSUPPORT"
 ></A
 >nt status support (G)</DT
@@ -13116,7 +13087,7 @@ NAME="OBEYPAMRESTRICTIONS"
 		default behavior is to use PAM for clear text authentication only
 		and to ignore any account or session management.  Note that Samba
 		always ignores PAM for authentication in the case of <A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13157,7 +13128,7 @@ CLASS="PARAMETER"
 ></TT
 > list and is only really
 		useful in <A
-HREF="index.html#SECURITYEQUALSSHARE"
+HREF="#SECURITYEQUALSSHARE"
 >shave level</A
 >
 		security.</P
@@ -13178,7 +13149,7 @@ CLASS="PARAMETER"
 		name of the user.</P
 ><P
 >See also the <A
-HREF="index.html#USER"
+HREF="#USER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13201,7 +13172,7 @@ NAME="ONLYGUEST"
 ><DD
 ><P
 >A synonym for <A
-HREF="index.html#GUESTONLY"
+HREF="#GUESTONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13225,13 +13196,9 @@ NAME="OPLOCKBREAKWAITTIME"
 		is the amount of time Samba will wait before sending an oplock break 
 		request to such (broken) clients.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+><EM
 >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
-		AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
-></SPAN
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM
 >.</P
 ><P
 >Default: <B
@@ -13246,12 +13213,8 @@ NAME="OPLOCKCONTENTIONLIMIT"
 >oplock contention limit (S)</DT
 ><DD
 ><P
->This is a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->very</I
-></SPAN
+>This is a <EM
+>very</EM
 > advanced 
 		<A
 HREF="smbd.8.html"
@@ -13274,13 +13237,9 @@ CLASS="COMMAND"
 > to behave in a similar 
 		way to Windows NT.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+><EM
 >DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ 
-		AND UNDERSTOOD THE SAMBA OPLOCK CODE</I
-></SPAN
+		AND UNDERSTOOD THE SAMBA OPLOCK CODE</EM
 >.</P
 ><P
 >Default: <B
@@ -13316,7 +13275,7 @@ CLASS="FILENAME"
 ><P
 >Oplocks may be selectively turned off on certain files with a 
 		share. See the <A
-HREF="index.html#VETOOPLOCKFILES"
+HREF="#VETOOPLOCKFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13335,7 +13294,7 @@ CLASS="PARAMETER"
 > parameter for details.</P
 ><P
 >See also the <A
-HREF="index.html#KERNELOPLOCKS"
+HREF="#KERNELOPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13344,7 +13303,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#LEVEL2OPLOCKS"
+HREF="#LEVEL2OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13360,33 +13319,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="NTLMAUTH"
-></A
->ntlm auth (G)</DT
-><DD
-><P
->This parameter determines whether or not <A
-HREF="smbd.8.html"
-TARGET="_top"
->smbd</A
-> will
-		attempt to authenticate users using the NTLM password hash.
-		If disabled, only the lanman password hashes will be used. 
-		</P
-><P
->Please note that at least this option or <B
-CLASS="COMMAND"
->lanman auth</B
-> should be enabled in order to be able to log in.
-		</P
-><P
->Default : <B
-CLASS="COMMAND"
->ntlm auth = yes</B
-></P
-></DD
-><DT
-><A
 NAME="OSLEVEL"
 ></A
 >os level (G)</DT
@@ -13406,12 +13338,8 @@ CLASS="PARAMETER"
 ></TT
 > in the local broadcast area.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note :</I
-></SPAN
+><EM
+>Note :</EM
 >By default, Samba will win 
 		a local master browsing election over all Microsoft operating 
 		systems except a Windows NT 4.0/2000 Domain Controller.  This 
@@ -13447,8 +13375,8 @@ NAME="OS2DRIVERMAP"
 		path to a file containing a mapping of Windows NT printer driver
 		names to OS/2 printer driver names.  The format is:</P
 ><P
->&lt;nt driver name&gt; = &lt;os2 driver 
-		name&gt;.&lt;device name&gt;</P
+>&#60;nt driver name&#62; = &#60;os2 driver 
+		name&#62;.&#60;device name&#62;</P
 ><P
 >For example, a valid entry using the HP LaserJet 5
 		printer driver would appear as <B
@@ -13473,7 +13401,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->os2 driver map = &lt;empty string&gt;
+>os2 driver map = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -13489,7 +13417,7 @@ NAME="PAMPASSWORDCHANGE"
   		flag for Samba.  If enabled, then PAM will be used for password
  		changes when requested by an SMB client instead of the program listed in 
                 <A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13499,7 +13427,7 @@ CLASS="PARAMETER"
 >. 
                 It should be possible to enable this without changing your 
                 <A
-HREF="index.html#PASSWDCHAT"
+HREF="#PASSWDCHAT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13537,7 +13465,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->panic action = &lt;empty string&gt;</B
+>panic action = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -13547,223 +13475,13 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="PARANOIDSERVERSECURITY"
-></A
->paranoid server security (G)</DT
-><DD
-><P
->Some version of NT 4.x allow non-guest 
-		users with a bad passowrd. When this option is enabled, samba will not 
-		use a broken NT 4.x server as password server, but instead complain
-		to the logs and exit.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->paranoid server security = yes</B
-></P
-></DD
-><DT
-><A
-NAME="PASSDBBACKEND"
-></A
->passdb backend (G)</DT
-><DD
-><P
->This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both 
-                smbpasswd and tdbsam to be used without a recompile. 
-                Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified.
-                Experimental backends must still be selected
-                (eg --with-tdbsam) at configure time.
-		</P
-><P
->This parameter is in two parts, the backend's name, and a 'location'
-                string that has meaning only to that particular backed.  These are separated
-                by a : character.</P
-><P
->Available backends can include:
-                <P
-></P
-><UL
-><LI
-><P
-><B
-CLASS="COMMAND"
->smbpasswd</B
-> - The default smbpasswd
-                        backend.  Takes a path to the smbpasswd file as an optional argument.</P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->smbpasswd_nua</B
-> - The smbpasswd
-                        backend, but with support for 'not unix accounts'.  
-                        Takes a path to the smbpasswd file as an optional argument.</P
-><P
->See also <A
-HREF="index.html#NONUNIXACCOUNTRANGE"
->                        <TT
-CLASS="PARAMETER"
-><I
->non unix account range</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->tdbsam</B
-> - The TDB based password storage
-                        backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-                        in the <A
-HREF="index.html#PRIVATEDIR"
->                        <TT
-CLASS="PARAMETER"
-><I
->private dir</I
-></TT
-></A
-> directory.</P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->tdbsam_nua</B
-> - The TDB based password storage
-                        backend, with non unix account support.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-                        in the <A
-HREF="index.html#PRIVATEDIR"
->                        <TT
-CLASS="PARAMETER"
-><I
->private dir</I
-></TT
-></A
-> directory.</P
-><P
->See also <A
-HREF="index.html#NONUNIXACCOUNTRANGE"
->                        <TT
-CLASS="PARAMETER"
-><I
->non unix account range</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->ldapsam</B
-> - The LDAP based passdb 
-                        backend.  Takes an LDAP URL as an optional argument (defaults to 
-                        <B
-CLASS="COMMAND"
->ldap://localhost</B
->)</P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->ldapsam_nua</B
-> - The LDAP based passdb 
-                        backend, with non unix account support.  Takes an LDAP URL as an optional argument (defaults to 
-                        <B
-CLASS="COMMAND"
->ldap://localhost</B
->)</P
-><P
->See also <A
-HREF="index.html#NONUNIXACCOUNTRANGE"
->                        <TT
-CLASS="PARAMETER"
-><I
->non unix account range</I
-></TT
-></A
-></P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->nisplussam</B
-> - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. </P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->plugin</B
-> - Allows Samba to load an 
-                        arbitary passdb backend from the .so specified as a compulsary argument.
-                        </P
-><P
->Any characters after the (optional) second : are passed to the plugin
-                        for its own processing</P
-></LI
-><LI
-><P
-><B
-CLASS="COMMAND"
->unixsam</B
-> - Allows samba to map all (other) available unix users</P
-><P
->This backend uses the standard unix database for retrieving users. Users included 
-                        in this pdb are NOT listed in samba user listings and users included in this pdb won't be 
-                        able to login. The use of this backend is to always be able to display the owner of a file 
-                        on the samba server - even when the user doesn't have a 'real' samba account in one of the 
-                        other passdb backends.
-			</P
-><P
->This backend should always be the last backend listed, since it contains all users in 
-                        the unix passdb and might 'override' mappings if specified earlier. It's meant to only return 
-                        accounts for users that aren't covered by the previous backends.</P
-></LI
-></UL
->
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->passdb backend = smbpasswd unixsam</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</B
-></P
-></DD
-><DT
-><A
 NAME="PASSWDCHAT"
 ></A
 >passwd chat (G)</DT
 ><DD
 ><P
->This string controls the <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->"chat"</I
-></SPAN
+>This string controls the <EM
+>"chat"</EM
 > 
 		conversation that takes places between <A
 HREF="smbd.8.html"
@@ -13777,7 +13495,7 @@ TARGET="_top"
 >		smbd(8)</A
 > uses to determine what to send to the 
 		<A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13793,7 +13511,7 @@ CLASS="PARAMETER"
 		etc).</P
 ><P
 >Note that this parameter only is only used if the <A
-HREF="index.html#UNIXPASSWORDSYNC"
+HREF="#UNIXPASSWORDSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13805,18 +13523,14 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >yes</TT
 >. This 
-		sequence is then called <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
+		sequence is then called <EM
+>AS ROOT</EM
 > when the SMB password 
 		in the smbpasswd file is being changed, without access to the old 
 		password cleartext. This means that root must be able to reset the user's password
  		without knowing the text of the previous password. In the presence of NIS/YP, 
 		this means that the <A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 >passwd program</A
 > must be 
 		executed on the NIS master.
@@ -13852,7 +13566,7 @@ CLASS="CONSTANT"
 		if the expect string is a full stop then no string is expected.</P
 ><P
 >If the <A
-HREF="index.html#PAMPASSWORDCHANGE"
+HREF="#PAMPASSWORDCHANGE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13866,7 +13580,7 @@ CLASS="PARAMETER"
   		</P
 ><P
 >See also <A
-HREF="index.html#UNIXPASSWORDSYNC"
+HREF="#UNIXPASSWORDSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13875,7 +13589,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13883,7 +13597,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > ,<A
-HREF="index.html#PASSWDCHATDEBUG"
+HREF="#PASSWDCHATDEBUG"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -13891,7 +13605,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#PAMPASSWORDCHANGE"
+HREF="#PAMPASSWORDCHANGE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -13921,12 +13635,8 @@ NAME="PASSWDCHATDEBUG"
 ><DD
 ><P
 >This boolean specifies if the passwd chat script 
-		parameter is run in <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->debug</I
-></SPAN
+		parameter is run in <EM
+>debug</EM
 > mode. In this mode the 
 		strings passed to and received from the passwd chat are printed 
 		in the <A
@@ -13935,7 +13645,7 @@ TARGET="_top"
 >smbd(8)</A
 > log with a 
 		<A
-HREF="index.html#DEBUGLEVEL"
+HREF="#DEBUGLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13962,7 +13672,7 @@ CLASS="PARAMETER"
 > and should 
  		be turned off after this has been done. This option has no effect if the 
                 <A
-HREF="index.html#PAMPASSWORDCHANGE"
+HREF="#PAMPASSWORDCHANGE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13973,7 +13683,7 @@ CLASS="PARAMETER"
                 paramter is set. This parameter is off by default.</P
 ><P
 >See also <A
-HREF="index.html#PASSWDCHAT"
+HREF="#PASSWDCHAT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13982,7 +13692,7 @@ CLASS="PARAMETER"
 >
  		</A
 >, <A
-HREF="index.html#PAMPASSWORDCHANGE"
+HREF="#PAMPASSWORDCHANGE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -13991,7 +13701,7 @@ CLASS="PARAMETER"
 >
                 </A
 >, <A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14023,24 +13733,16 @@ CLASS="PARAMETER"
 		will be replaced with the user name. The user name is checked for 
 		existence before calling the password changing program.</P
 ><P
->Also note that many passwd programs insist in <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Also note that many passwd programs insist in <EM
 >reasonable
-		</I
-></SPAN
+		</EM
 > passwords, such as a minimum length, or the inclusion 
 		of mixed case chars and digits. This can pose a problem as some clients 
 		(such as Windows for Workgroups) uppercase the password before sending 
 		it.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that if the <TT
 CLASS="PARAMETER"
 ><I
@@ -14051,12 +13753,8 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >true
 		</TT
-> then this program is called <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
+> then this program is called <EM
+>AS ROOT</EM
 > 
 		before the SMB password in the <A
 HREF="smbpasswd.5.html"
@@ -14076,19 +13774,11 @@ CLASS="PARAMETER"
 >unix password sync</I
 ></TT
 > parameter 
-		is set this parameter <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->MUST USE ABSOLUTE PATHS</I
-></SPAN
+		is set this parameter <EM
+>MUST USE ABSOLUTE PATHS</EM
 > 
-		for <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->ALL</I
-></SPAN
+		for <EM
+>ALL</EM
 > programs called, and must be examined 
 		for security implications. Note that by default <TT
 CLASS="PARAMETER"
@@ -14102,7 +13792,7 @@ CLASS="CONSTANT"
 >.</P
 ><P
 >See also <A
-HREF="index.html#UNIXPASSWORDSYNC"
+HREF="#UNIXPASSWORDSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14212,7 +13902,7 @@ CLASS="FILENAME"
 ><P
 >The name of the password server is looked up using the 
 		parameter <A
-HREF="index.html#NAMERESOLVEORDER"
+HREF="#NAMERESOLVEORDER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14227,21 +13917,13 @@ CLASS="PARAMETER"
 		the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in 
 		user level security mode.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-></SPAN
+><EM
+>NOTE:</EM
 > Using a password server 
 		means your UNIX box (running Samba) is only as secure as your 
-		password server. <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+		password server. <EM
 >DO NOT CHOOSE A PASSWORD SERVER THAT 
-		YOU DON'T COMPLETELY TRUST</I
-></SPAN
+		YOU DON'T COMPLETELY TRUST</EM
 >.</P
 ><P
 >Never point a Samba server at itself for password 
@@ -14298,7 +13980,7 @@ CLASS="PARAMETER"
 		Primary or Backup Domain controllers to authenticate against by 
 		doing a query for the name <TT
 CLASS="CONSTANT"
->WORKGROUP&lt;1C&gt;</TT
+>WORKGROUP&#60;1C&#62;</TT
 > 
 		and then contacting each server returned in the list of IP 
 		addresses from the name resolution source. </P
@@ -14358,7 +14040,7 @@ CLASS="COMMAND"
 ></UL
 ><P
 >See also the <A
-HREF="index.html#SECURITY"
+HREF="#SECURITY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14370,7 +14052,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->password server = &lt;empty string&gt;</B
+>password server = &#60;empty string&#62;</B
 >
 		</P
 ><P
@@ -14421,7 +14103,7 @@ CLASS="PARAMETER"
 		up pseudo home directories for users.</P
 ><P
 >Note that this path will be based on <A
-HREF="index.html#ROOTDIR"
+HREF="#ROOTDIR"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -14430,12 +14112,8 @@ CLASS="PARAMETER"
 ></A
 > if one was specified.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none</I
-></SPAN
+>Default: <EM
+>none</EM
 ></P
 ><P
 >Example: <B
@@ -14512,7 +14190,7 @@ CLASS="COMMAND"
 ></P
 ><P
 >See also <A
-HREF="index.html#PREEXEC"
+HREF="#PREEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14522,19 +14200,15 @@ CLASS="PARAMETER"
 		</A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none (no command executed)</I
-></SPAN
+>Default: <EM
+>none (no command executed)</EM
 >
 		</P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >postexec = echo \"%u disconnected from %S 
-		from %m (%I)\" &gt;&gt; /tmp/log</B
+		from %m (%I)\" &#62;&#62; /tmp/log</B
 ></P
 ></DD
 ><DT
@@ -14583,7 +14257,7 @@ CLASS="COMMAND"
 >Of course, this could get annoying after a while :-)</P
 ><P
 >See also <A
-HREF="index.html#PREEXECCLOSE"
+HREF="#PREEXECCLOSE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14592,7 +14266,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#POSTEXEC"
+HREF="#POSTEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14602,18 +14276,14 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->none (no command executed)</I
-></SPAN
+>Default: <EM
+>none (no command executed)</EM
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
 >preexec = echo \"%u connected to %S from %m
-		(%I)\" &gt;&gt; /tmp/log</B
+		(%I)\" &#62;&#62; /tmp/log</B
 ></P
 ></DD
 ><DT
@@ -14625,7 +14295,7 @@ NAME="PREEXECCLOSE"
 ><P
 >This boolean option controls whether a non-zero 
 		return code from <A
-HREF="index.html#PREEXEC"
+HREF="#PREEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14666,7 +14336,7 @@ CLASS="COMMAND"
 		used in conjunction with <B
 CLASS="COMMAND"
 ><A
-HREF="index.html#DOMAINMASTER"
+HREF="#DOMAINMASTER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14687,7 +14357,7 @@ CLASS="COMMAND"
 		capabilities.</P
 ><P
 >See also <A
-HREF="index.html#OSLEVEL"
+HREF="#OSLEVEL"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14710,7 +14380,7 @@ NAME="PREFEREDMASTER"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#PREFERREDMASTER"
+HREF="#PREFERREDMASTER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14733,7 +14403,7 @@ NAME="PRELOAD"
 ><P
 >Note that if you just want all printers in your 
 		printcap file loaded then the <A
-HREF="index.html#LOADPRINTERS"
+HREF="#LOADPRINTERS"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -14742,12 +14412,8 @@ CLASS="PARAMETER"
 ></A
 > option is easier.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no preloaded services</I
-></SPAN
+>Default: <EM
+>no preloaded services</EM
 ></P
 ><P
 >Example: <B
@@ -14765,7 +14431,7 @@ NAME="PRESERVECASE"
 > This controls if new filenames are created
 		with the case that the client passes, or if they are forced to 
 		be the <A
-HREF="index.html#DEFAULTCASE"
+HREF="#DEFAULTCASE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14781,7 +14447,7 @@ CLASS="COMMAND"
 ></P
 ><P
 >See the section on <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >NAME 
 		MANGLING</A
 > for a fuller discussion.</P
@@ -14823,12 +14489,8 @@ CLASS="COMMAND"
 >%z - the size of the spooled
 		print job (in bytes)</P
 ><P
->The print command <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->MUST</I
-></SPAN
+>The print command <EM
+>MUST</EM
 > contain at least 
 		one occurrence of <TT
 CLASS="PARAMETER"
@@ -14869,7 +14531,7 @@ CLASS="CONSTANT"
 >nobody</TT
 > account. If this happens then create 
 		an alternative guest account that can print and set the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -14886,14 +14548,14 @@ CLASS="PARAMETER"
 ><P
 ><B
 CLASS="COMMAND"
->print command = echo Printing %s &gt;&gt; 
+>print command = echo Printing %s &#62;&#62; 
 		/tmp/print.log; lpr -P %p %s; rm %s</B
 ></P
 ><P
 >You may have to vary this command considerably depending 
 		on how you normally print files on your system. The default for 
 		the parameter varies depending on the setting of the <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -14935,7 +14597,7 @@ CLASS="COMMAND"
 ><P
 >For printing = CUPS :   If SAMBA is compiled against
 		libcups, then <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 >printcap = cups</A
 > 
 		uses the CUPS API to
@@ -14966,7 +14628,7 @@ NAME="PRINTOK"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#PRINTABLE"
+HREF="#PRINTABLE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -14992,7 +14654,7 @@ CLASS="CONSTANT"
 >Note that a printable service will ALWAYS allow writing 
 		to the service path (user privileges permitting) via the spooling 
 		of print data. The <A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15016,7 +14678,7 @@ NAME="PRINTCAP"
 ><DD
 ><P
 >Synonym for 	<A
-HREF="index.html#PRINTCAPNAME"
+HREF="#PRINTCAPNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15037,7 +14699,7 @@ NAME="PRINTCAPNAME"
 CLASS="FILENAME"
 >		/etc/printcap</TT
 >). See the discussion of the <A
-HREF="index.html#AEN79"
+HREF="#AEN79"
 >[printers]</A
 > section above for reasons 
 		why you might want to do this.</P
@@ -15048,7 +14710,7 @@ CLASS="COMMAND"
 		</B
 >. This should be supplemented by an addtional setting 
 		<A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 >printing = cups</A
 > in the [global] 
 		section.  <B
@@ -15086,6 +14748,12 @@ CLASS="COMMAND"
 ><P
 >A minimal printcap file would look something like this:</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		print1|My Printer 1
@@ -15094,18 +14762,17 @@ CLASS="PROGRAMLISTING"
 		print4|My Printer 4
 		print5|My Printer 5
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >where the '|' separates aliases of a printer. The fact 
 		that the second alias has a space in it gives a hint to Samba 
 		that it's a comment.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE</I
-></SPAN
+><EM
+>NOTE</EM
 >: Under AIX the default printcap 
 		name is <TT
 CLASS="FILENAME"
@@ -15144,7 +14811,7 @@ NAME="PRINTERADMIN"
 ><P
 >Default: <B
 CLASS="COMMAND"
->printer admin = &lt;empty string&gt;</B
+>printer admin = &#60;empty string&#62;</B
 >
 		</P
 ><P
@@ -15160,12 +14827,8 @@ NAME="PRINTERDRIVER"
 >printer driver (S)</DT
 ><DD
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note :</I
-></SPAN
+><EM
+>Note :</EM
 >This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
@@ -15188,7 +14851,7 @@ TARGET="_top"
 		sensitive) that describes the appropriate printer driver for your 
 		system. If you don't know the exact string to use then you should 
 		first try with no <A
-HREF="index.html#PRINTERDRIVER"
+HREF="#PRINTERDRIVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15200,7 +14863,7 @@ CLASS="PARAMETER"
 		shown in a scroll box after you have chosen the printer manufacturer.</P
 ><P
 >See also <A
-HREF="index.html#PRINTERDRIVERFILE"
+HREF="#PRINTERDRIVERFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15222,12 +14885,8 @@ NAME="PRINTERDRIVERFILE"
 >printer driver file (G)</DT
 ><DD
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note :</I
-></SPAN
+><EM
+>Note :</EM
 >This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
@@ -15271,7 +14930,7 @@ CLASS="FILENAME"
 >.</P
 ><P
 >See also <A
-HREF="index.html#PRINTERDRIVERLOCATION"
+HREF="#PRINTERDRIVERLOCATION"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15280,12 +14939,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->None (set in compile).</I
-></SPAN
+>Default: <EM
+>None (set in compile).</EM
 ></P
 ><P
 >Example: <B
@@ -15301,12 +14956,8 @@ NAME="PRINTERDRIVERLOCATION"
 >printer driver location (S)</DT
 ><DD
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note :</I
-></SPAN
+><EM
+>Note :</EM
 >This is a deprecated 
 		parameter and will be removed in the next major release
 		following version 2.2.  Please see the instructions in
@@ -15341,7 +14992,7 @@ CLASS="FILENAME"
 >.</P
 ><P
 >See also <A
-HREF="index.html#PRINTERDRIVERFILE"
+HREF="#PRINTERDRIVERFILE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15375,16 +15026,12 @@ NAME="PRINTERNAME"
 		name given will be used for any printable service that does 
 		not have its own printer name specified.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >none (but may be <TT
 CLASS="CONSTANT"
 >lp</TT
 > 
-		on many systems)</I
-></SPAN
+		on many systems)</EM
 ></P
 ><P
 >Example: <B
@@ -15400,7 +15047,7 @@ NAME="PRINTER"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#PRINTERNAME"
+HREF="#PRINTERNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15493,42 +15140,19 @@ TARGET="_top"
 >This option can be set on a per printer basis</P
 ><P
 >See also the discussion in the <A
-HREF="index.html#AEN79"
+HREF="#AEN79"
 >		[printers]</A
 > section.</P
 ></DD
 ><DT
 ><A
-NAME="PRIVATEDIR"
-></A
->private dir (G)</DT
-><DD
-><P
->This parameters defines the directory
-		smbd will use for storing such files as <TT
-CLASS="FILENAME"
->smbpasswd</TT
->
-		and <TT
-CLASS="FILENAME"
->secrets.tdb</TT
->.
-		</P
-><P
->Default :<B
-CLASS="COMMAND"
->private dir = ${prefix}/private</B
-></P
-></DD
-><DT
-><A
 NAME="PROTOCOL"
 ></A
 >protocol (G)</DT
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#MAXPROTOCOL"
+HREF="#MAXPROTOCOL"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -15545,7 +15169,7 @@ NAME="PUBLIC"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#GUESTOK"
+HREF="#GUESTOK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15586,18 +15210,14 @@ CLASS="PARAMETER"
 		path in the command as the PATH may not be available to the 
 		server.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <TT
 CLASS="PARAMETER"
 ><I
 >printing
 		</I
 ></TT
-></I
-></SPAN
+></EM
 ></P
 ><P
 >Example: <B
@@ -15616,7 +15236,7 @@ NAME="QUEUERESUMECOMMAND"
 		executed on the server host in order to resume the printer queue. It 
  		is the command to undo the behavior that is caused by the 
 		previous parameter (<A
-HREF="index.html#QUEUEPAUSECOMMAND"
+HREF="#QUEUEPAUSECOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15646,20 +15266,16 @@ CLASS="PARAMETER"
 		path in the command as the PATH may not be available to the 
 		server.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >depends on the setting of <A
-HREF="index.html#PRINTING"
+HREF="#PRINTING"
 ><TT
 CLASS="PARAMETER"
 ><I
 >printing</I
 ></TT
 ></A
-></I
-></SPAN
+></EM
 >
 		</P
 ><P
@@ -15703,7 +15319,7 @@ NAME="READLIST"
 >This is a list of users that are given read-only 
 		access to a service. If the connecting user is in this list then 
 		they will not be given write access, no matter what the <A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15713,7 +15329,7 @@ CLASS="PARAMETER"
 >
 		option is set to. The list can include group names using the 
 		syntax described in the <A
-HREF="index.html#INVALIDUSERS"
+HREF="#INVALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15723,7 +15339,7 @@ CLASS="PARAMETER"
 > parameter.</P
 ><P
 >See also the <A
-HREF="index.html#WRITELIST"
+HREF="#WRITELIST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15731,7 +15347,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > parameter and the <A
-HREF="index.html#INVALIDUSERS"
+HREF="#INVALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15743,7 +15359,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->read list = &lt;empty string&gt;</B
+>read list = &#60;empty string&#62;</B
 ></P
 ><P
 >Example: <B
@@ -15759,7 +15375,7 @@ NAME="READONLY"
 ><DD
 ><P
 >Note that this is an inverted synonym for <A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15789,7 +15405,7 @@ NAME="READRAW"
 ><P
 >In general this parameter should be viewed as a system tuning 
 		tool and left severely alone. See also <A
-HREF="index.html#WRITERAW"
+HREF="#WRITERAW"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -15846,31 +15462,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="REALM"
-></A
->realm (G)</DT
-><DD
-><P
->		This option specifies the kerberos realm to use. The realm is 
-		used as the ADS equivalent of the NT4<B
-CLASS="COMMAND"
->domain</B
->. It
-		is usually set to the DNS name of the kerberos server.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->realm = </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->realm = mysambabox.mycompany.com</B
-></P
-></DD
-><DT
-><A
 NAME="REMOTEANNOUNCE"
 ></A
 >remote announce (G)</DT
@@ -15903,7 +15494,7 @@ CLASS="COMMAND"
 		to the two given IP addresses using the given workgroup names. 
 		If you leave out the workgroup name then the one given in 
 		the <A
-HREF="index.html#WORKGROUP"
+HREF="#WORKGROUP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -15928,7 +15519,7 @@ CLASS="FILENAME"
 ><P
 >Default: <B
 CLASS="COMMAND"
->remote announce = &lt;empty string&gt;
+>remote announce = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -15978,7 +15569,7 @@ CLASS="COMMAND"
 ><P
 >Default: <B
 CLASS="COMMAND"
->remote browse sync = &lt;empty string&gt;
+>remote browse sync = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -16034,7 +15625,7 @@ NAME="ROOT"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#ROOTDIRECTORY"
+HREF="#ROOTDIRECTORY"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16051,7 +15642,7 @@ NAME="ROOTDIR"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#ROOTDIRECTORY"
+HREF="#ROOTDIRECTORY"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16077,7 +15668,7 @@ CLASS="COMMAND"
 		It may also check for, and deny access to, soft links to other 
 		parts of the filesystem, or attempts to use ".." in file names 
 		to access other directories (depending on the setting of the <A
-HREF="index.html#WIDELINKS"
+HREF="#WIDELINKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16101,12 +15692,8 @@ CLASS="PARAMETER"
 >root directory</I
 ></TT
 > 
-		option, <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->including</I
-></SPAN
+		option, <EM
+>including</EM
 > some files needed for 
 		complete operation of the server. To maintain full operability 
 		of the server you will need to mirror some system files 
@@ -16152,7 +15739,7 @@ CLASS="PARAMETER"
 		(such as CDROMs) after a connection is closed.</P
 ><P
 >See also <A
-HREF="index.html#POSTEXEC"
+HREF="#POSTEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16163,7 +15750,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->root postexec = &lt;empty string&gt;
+>root postexec = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -16185,7 +15772,7 @@ CLASS="PARAMETER"
 		connection is opened.</P
 ><P
 >See also <A
-HREF="index.html#PREEXEC"
+HREF="#PREEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16193,7 +15780,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#PREEXECCLOSE"
+HREF="#PREEXECCLOSE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16204,7 +15791,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->root preexec = &lt;empty string&gt;
+>root preexec = &#60;empty string&#62;
 		</B
 ></P
 ></DD
@@ -16224,7 +15811,7 @@ CLASS="PARAMETER"
 > parameter except that the command is run as root.</P
 ><P
 >See also <A
-HREF="index.html#PREEXEC"
+HREF="#PREEXEC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16232,7 +15819,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#PREEXECCLOSE"
+HREF="#PREEXECCLOSE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16326,7 +15913,7 @@ CLASS="COMMAND"
 >security = user</B
 >, see 
 		the <A
-HREF="index.html#MAPTOGUEST"
+HREF="#MAPTOGUEST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16339,15 +15926,11 @@ CLASS="PARAMETER"
 >It is possible to use <B
 CLASS="COMMAND"
 >smbd</B
-> in a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->		hybrid mode</I
-></SPAN
+> in a <EM
+>		hybrid mode</EM
 > where it is offers both user and share 
 		level security under different <A
-HREF="index.html#NETBIOSALIASES"
+HREF="#NETBIOSALIASES"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16361,13 +15944,9 @@ CLASS="PARAMETER"
 ><A
 NAME="SECURITYEQUALSSHARE"
 ></A
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = SHARE
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >When clients connect to a share level security server they 
@@ -16385,12 +15964,8 @@ CLASS="COMMAND"
 >Note that <B
 CLASS="COMMAND"
 >smbd</B
-> <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->ALWAYS</I
-></SPAN
+> <EM
+>ALWAYS</EM
 > 
 		uses a valid UNIX user to act on behalf of the client, even in
 		<B
@@ -16414,7 +15989,7 @@ CLASS="COMMAND"
 ><LI
 ><P
 >If the <A
-HREF="index.html#GUESTONLY"
+HREF="#GUESTONLY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16424,7 +15999,7 @@ CLASS="PARAMETER"
 ></A
 > parameter is set, then all the other 
 			stages are missed and only the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 >			<TT
 CLASS="PARAMETER"
 ><I
@@ -16438,7 +16013,7 @@ CLASS="PARAMETER"
 ><P
 >Is a username is sent with the share connection 
 			request, then this username (after mapping - see <A
-HREF="index.html#USERNAMEMAP"
+HREF="#USERNAMEMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16450,13 +16025,9 @@ CLASS="PARAMETER"
 ></LI
 ><LI
 ><P
->If the client did a previous <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>If the client did a previous <EM
 >logon
-			</I
-></SPAN
+			</EM
 > request (the SessionSetup SMB call) then the 
 			username sent in this SMB will be added as a potential username.
 			</P
@@ -16474,7 +16045,7 @@ CLASS="EMPHASIS"
 ><LI
 ><P
 >Any users on the <A
-HREF="index.html#USER"
+HREF="#USER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16511,37 +16082,29 @@ CLASS="PARAMETER"
 >, then this 
 		guest user will be used, otherwise access is denied.</P
 ><P
->Note that it can be <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->very</I
-></SPAN
+>Note that it can be <EM
+>very</EM
 > confusing 
 		in share-level security as to which UNIX username will eventually
 		be used in granting access.</P
 ><P
 >See also the section <A
-HREF="index.html#AEN236"
+HREF="#AEN241"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
 ><A
 NAME="SECURITYEQUALSUSER"
 ></A
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = USER
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >This is the default security setting in Samba 2.2. 
 		With user-level security a client must first "log-on" with a 
 		valid username and password (which can be mapped using the <A
-HREF="index.html#USERNAMEMAP"
+HREF="#USERNAMEMAP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16550,7 +16113,7 @@ CLASS="PARAMETER"
 ></A
 > 
 		parameter). Encrypted passwords (see the <A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#ENCRYPTPASSWORDS"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16559,7 +16122,7 @@ CLASS="PARAMETER"
 ></A
 > parameter) can also
 		be used in this security mode. Parameters such as <A
-HREF="index.html#USER"
+HREF="#USER"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16567,7 +16130,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#GUESTONLY"
+HREF="#GUESTONLY"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16578,24 +16141,16 @@ CLASS="PARAMETER"
 		may change the UNIX user to use on this connection, but only after 
 		the user has been successfully authenticated.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that the name of the resource being 
-		requested is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
 		the server to automatically map unknown users into the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16604,7 +16159,7 @@ CLASS="PARAMETER"
 ></A
 >. 
 		See the <A
-HREF="index.html#MAPTOGUEST"
+HREF="#MAPTOGUEST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16615,20 +16170,16 @@ CLASS="PARAMETER"
 > parameter for details on doing this.</P
 ><P
 >See also the section <A
-HREF="index.html#AEN236"
+HREF="#AEN241"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
 ><A
 NAME="SECURITYEQUALSSERVER"
 ></A
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = SERVER
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >In this mode Samba will try to validate the username/password 
@@ -16653,12 +16204,8 @@ CLASS="FILENAME"
 > for details on how to set this 
 		up.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that from the client's point of 
 		view <B
 CLASS="COMMAND"
@@ -16670,24 +16217,16 @@ CLASS="COMMAND"
 		with the authentication, it does not in any way affect what the 
 		client sees.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that the name of the resource being 
-		requested is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
 		the server to automatically map unknown users into the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16696,7 +16235,7 @@ CLASS="PARAMETER"
 ></A
 >. 
 		See the <A
-HREF="index.html#MAPTOGUEST"
+HREF="#MAPTOGUEST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16707,12 +16246,12 @@ CLASS="PARAMETER"
 > parameter for details on doing this.</P
 ><P
 >See also the section <A
-HREF="index.html#AEN236"
+HREF="#AEN241"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
 >See also the <A
-HREF="index.html#PASSWORDSERVER"
+HREF="#PASSWORDSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16721,7 +16260,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > parameter and the <A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16734,13 +16273,9 @@ CLASS="PARAMETER"
 ><A
 NAME="SECURITYEQUALSDOMAIN"
 ></A
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+><EM
 >SECURITY = DOMAIN
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >This mode will only work correctly if <A
@@ -16749,7 +16284,7 @@ TARGET="_top"
 >smbpasswd(8)</A
 > has been used to add this 
 		machine into a Windows NT Domain. It expects the <A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16765,22 +16300,14 @@ CLASS="CONSTANT"
 		it to a Windows NT Primary or Backup Domain Controller, in exactly 
 		the same way that a Windows NT Server would do.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that a valid UNIX user must still 
 		exist as well as the account on the Domain Controller to allow 
 		Samba to have a valid UNIX account to map file access to.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that from the client's point 
 		of view <B
 CLASS="COMMAND"
@@ -16792,24 +16319,16 @@ CLASS="COMMAND"
 >. It only affects how the server deals with the authentication, 
 		it does not in any way affect what the client sees.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that the name of the resource being 
-		requested is <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		requested is <EM
+>not</EM
 > sent to the server until after 
 		the server has successfully authenticated the client. This is why 
 		guest shares don't work in user level security without allowing 
 		the server to automatically map unknown users into the <A
-HREF="index.html#GUESTACCOUNT"
+HREF="#GUESTACCOUNT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16818,7 +16337,7 @@ CLASS="PARAMETER"
 ></A
 >. 
 		See the <A
-HREF="index.html#MAPTOGUEST"
+HREF="#MAPTOGUEST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16828,12 +16347,8 @@ CLASS="PARAMETER"
 		</A
 > parameter for details on doing this.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->BUG:</I
-></SPAN
+><EM
+>BUG:</EM
 > There is currently a bug in the 
 		implementation of <B
 CLASS="COMMAND"
@@ -16846,12 +16361,12 @@ CLASS="COMMAND"
 		Domain Controller. This issue will be addressed in a future release.</P
 ><P
 >See also the section <A
-HREF="index.html#AEN236"
+HREF="#AEN241"
 >		NOTE ABOUT USERNAME/PASSWORD VALIDATION</A
 >.</P
 ><P
 >See also the <A
-HREF="index.html#PASSWORDSERVER"
+HREF="#PASSWORDSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16860,7 +16375,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > parameter and the <A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16902,12 +16417,8 @@ NAME="SECURITYMASK"
 		a user to modify all the user/group/world permissions on a file.
 		</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Note</I
-></SPAN
+><EM
+>Note</EM
 > that users who can access the 
 		Samba server through other means can easily bypass this 
 		restriction, so it is primarily useful for standalone 
@@ -16918,7 +16429,7 @@ CLASS="CONSTANT"
 >.</P
 ><P
 >See also the <A
-HREF="index.html#FORCEDIRECTORYSECURITYMODE"
+HREF="#FORCEDIRECTORYSECURITYMODE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -16927,7 +16438,7 @@ CLASS="PARAMETER"
 ></A
 >, 
 		<A
-HREF="index.html#DIRECTORYSECURITYMASK"
+HREF="#DIRECTORYSECURITYMASK"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -16936,7 +16447,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#FORCESECURITYMODE"
+HREF="#FORCESECURITYMODE"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -17074,12 +16585,8 @@ CLASS="CONSTANT"
 >This option gives full share compatibility and enabled 
 		by default.</P
 ><P
->You should <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NEVER</I
-></SPAN
+>You should <EM
+>NEVER</EM
 > turn this parameter 
 		off as many Windows applications will break if you do so.</P
 ><P
@@ -17099,7 +16606,7 @@ NAME="SHORTPRESERVECASE"
 		which conform to 8.3 syntax, that is all in upper case and of 
 		suitable length, are created upper case, or if they are forced 
 		to be the <A
-HREF="index.html#DEFAULTCASE"
+HREF="#DEFAULTCASE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -17108,7 +16615,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >. This  option can be use with <A
-HREF="index.html#PRESERVECASE"
+HREF="#PRESERVECASE"
 ><B
 CLASS="COMMAND"
 >preserve case = yes</B
@@ -17118,7 +16625,7 @@ CLASS="COMMAND"
 		names are lowered. </P
 ><P
 >See the section on <A
-HREF="index.html#AEN203"
+HREF="#AEN203"
 >		NAME MANGLING</A
 >.</P
 ><P
@@ -17162,17 +16669,13 @@ CLASS="PARAMETER"
 ></TT
 >
 		parameter will always cause the OpenPrinterEx() on the server
-		to fail.  Thus the APW icon will never be displayed. <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->		Note :</I
-></SPAN
+		to fail.  Thus the APW icon will never be displayed. <EM
+>		Note :</EM
 >This does not prevent the same user from having 
 		administrative privilege on an individual printer.</P
 ><P
 >See also <A
-HREF="index.html#ADDPRINTERCOMMAND"
+HREF="#ADDPRINTERCOMMAND"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -17181,7 +16684,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#DELETEPRINTERCOMMAND"
+HREF="#DELETEPRINTERCOMMAND"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -17189,7 +16692,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#PRINTERADMIN"
+HREF="#PRINTERADMIN"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -17205,122 +16708,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="SHUTDOWNSCRIPT"
-></A
->shutdown script (G)</DT
-><DD
-><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->This parameter only exists in the HEAD cvs branch</I
-></SPAN
->
-		This a full path name to a script called by
-		<A
-HREF="smbd.8.html"
-TARGET="_top"
-><B
-CLASS="COMMAND"
->smbd(8)</B
-></A
-> that
-		should start a shutdown procedure.</P
-><P
->This command will be run as the user connected to the
-		server.</P
-><P
->%m %t %r %f parameters are expanded</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%m</I
-></TT
-> will be substituted with the
-		shutdown message sent to the server.</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%t</I
-></TT
-> will be substituted with the
-		number of seconds to wait before effectively starting the
-		shutdown procedure.</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%r</I
-></TT
-> will be substituted with the
-		switch <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->-r</I
-></SPAN
->. It means reboot after shutdown
-		for NT.
-		</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->%f</I
-></TT
-> will be substituted with the
-		switch <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->-f</I
-></SPAN
->. It means force the shutdown
-		even if applications do not respond for NT.</P
-><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->None</I
-></SPAN
->.</P
-><P
->Example: <B
-CLASS="COMMAND"
->abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</B
-></P
-><P
->Shutdown script example:
-		<PRE
-CLASS="PROGRAMLISTING"
->		#!/bin/bash
-		
-		$time=0
-		let "time/60"
-		let "time++"
-
-		/sbin/shutdown $3 $4 +$time $1 &#38;
-		</PRE
->
-		Shutdown does not return so we need to launch it in background.
-		</P
-><P
->See also <A
-HREF="index.html#ABORTSHUTDOWNSCRIPT"
-><TT
-CLASS="PARAMETER"
-><I
->abort shutdown script</I
-></TT
-></A
->.</P
-></DD
-><DT
-><A
 NAME="SMBPASSWDFILE"
 ></A
 >smb passwd file (G)</DT
@@ -17344,22 +16731,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="SMBPORTS"
-></A
->smb ports (G)</DT
-><DD
-><P
->Specifies which ports the server should listen on
-		for SMB traffic.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->smb ports = 445 139</B
-></P
-></DD
-><DT
-><A
 NAME="SOCKETADDRESS"
 ></A
 >socket address (G)</DT
@@ -17464,12 +16835,8 @@ TARGET="_top"
 ></LI
 ></UL
 ><P
->Those marked with a <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->'*'</I
-></SPAN
+>Those marked with a <EM
+>'*'</EM
 > take an integer 
 		argument. The others can optionally take a 1 or 0 argument to enable 
 		or disable the option, by default they will be enabled if you 
@@ -17541,12 +16908,8 @@ CLASS="COMMAND"
 >SAMBA_NETBIOS_NAME = myhostname</B
 ></P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->No default value</I
-></SPAN
+>Default: <EM
+>No default value</EM
 ></P
 ><P
 >Examples: <B
@@ -17563,19 +16926,606 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="SPNEGO"
+NAME="SSL"
+></A
+>ssl (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable enables or disables the entire SSL mode. If 
+		it is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>, the SSL-enabled Samba behaves 
+		exactly like the non-SSL Samba. If set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, 
+		it depends on the variables <A
+HREF="#SSLHOSTS"
+><TT
+CLASS="PARAMETER"
+><I
+>		ssl hosts</I
+></TT
+></A
+> and <A
+HREF="#SSLHOSTSRESIGN"
+>		<TT
+CLASS="PARAMETER"
+><I
+>ssl hosts resign</I
+></TT
+></A
+> whether an SSL 
+		connection will be required.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl = no</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCACERTDIR"
+></A
+>ssl CA certDir (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable defines where to look up the Certification
+		Authorities. The given directory should contain one file for 
+		each CA that Samba will trust.  The file name must be the hash 
+		value over the "Distinguished Name" of the CA. How this directory 
+		is set up is explained later in this document. All files within the 
+		directory that don't fit into this naming scheme are ignored. You 
+		don't need this variable if you don't verify client certificates.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl CA certDir = /usr/local/ssl/certs
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCACERTFILE"
+></A
+>ssl CA certFile (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable is a second way to define the trusted CAs. 
+		The certificates of the trusted CAs are collected in one big 
+		file and this variable points to the file. You will probably 
+		only use one of the two ways to define your CAs. The first choice is 
+		preferable if you have many CAs or want to be flexible, the second 
+		is preferable if you only have one CA and want to keep things 
+		simple (you won't need to create the hashed file names). You 
+		don't need this variable if you don't verify client certificates.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCIPHERS"
+></A
+>ssl ciphers (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable defines the ciphers that should be offered 
+		during SSL negotiation. You should not set this variable unless 
+		you know what you are doing.</P
+></DD
+><DT
+><A
+NAME="SSLCLIENTCERT"
+></A
+>ssl client cert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>The certificate in this file is used by <A
+HREF="smbclient.1.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+> if it exists. It's needed 
+		if the server requires a client certificate.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl client cert = /usr/local/ssl/certs/smbclient.pem
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCLIENTKEY"
+></A
+>ssl client key (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This is the private key for <A
+HREF="smbclient.1.html"
+TARGET="_top"
+>		<B
+CLASS="COMMAND"
+>smbclient(1)</B
+></A
+>. It's only needed if the 
+		client should have a certificate. </P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl client key = /usr/local/ssl/private/smbclient.pem
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLCOMPATIBILITY"
+></A
+>ssl compatibility (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This variable defines whether OpenSSL should be configured 
+		for bug compatibility with other SSL implementations. This is 
+		probably not desirable because currently no clients with SSL 
+		implementations other than OpenSSL exist.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl compatibility = no</B
+></P
+></DD
+><DT
+><A
+NAME="SSLEGDSOCKET"
 ></A
->use spnego (G)</DT
+>ssl egd socket (G)</DT
 ><DD
 ><P
-> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism.  As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller.  It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
 ><P
->Default:  <SPAN
-CLASS="emphasis"
+>		This option is used to define the location of the communiation socket of 
+		an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
+		can be used instead of or together with the <A
+HREF="#SSLENTROPYFILE"
+><TT
+CLASS="PARAMETER"
 ><I
-CLASS="EMPHASIS"
->use spnego = yes</I
-></SPAN
+>ssl entropy file</I
+></TT
+></A
+> 
+		directive. 255 bytes of entropy will be retrieved from the daemon.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+></DD
+><DT
+><A
+NAME="SSLENTROPYBYTES"
+></A
+>ssl entropy bytes (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>		This parameter is used to define the number of bytes which should 
+		be read from the <A
+HREF="#SSLENTROPYFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl entropy 
+		file</I
+></TT
+></A
+> If a -1 is specified, the entire file will
+		be read.
+		</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl entropy bytes = 255</B
+></P
+></DD
+><DT
+><A
+NAME="SSLENTROPYFILE"
+></A
+>ssl entropy file (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>		This parameter is used to specify a file from which processes will 
+		read "random bytes" on startup.  In order to seed the internal pseudo 
+		random number generator, entropy must be provided. On system with a 
+		<TT
+CLASS="FILENAME"
+>/dev/urandom</TT
+> device file, the processes
+		will retrieve its entropy from the kernel. On systems without kernel
+		entropy support, a file can be supplied that will be read on startup
+		and that will be used to seed the PRNG.
+		</P
+><P
+>Default: <EM
+>none</EM
+></P
+></DD
+><DT
+><A
+NAME="SSLHOSTS"
+></A
+>ssl hosts (G)</DT
+><DD
+><P
+>See <A
+HREF="#SSLHOSTSRESIGN"
+><TT
+CLASS="PARAMETER"
+><I
+>		ssl hosts resign</I
+></TT
+></A
+>.</P
+></DD
+><DT
+><A
+NAME="SSLHOSTSRESIGN"
+></A
+>ssl hosts resign (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>These two variables define whether Samba will go 
+		into SSL mode or not. If none of them is defined, Samba will 
+		allow only SSL connections. If the <A
+HREF="#SSLHOSTS"
+>		<TT
+CLASS="PARAMETER"
+><I
+>ssl hosts</I
+></TT
+></A
+> variable lists
+		hosts (by IP-address, IP-address range, net group or name), 
+		only these hosts will be forced into SSL mode. If the <TT
+CLASS="PARAMETER"
+><I
+>		ssl hosts resign</I
+></TT
+> variable lists hosts, only these 
+		hosts will <EM
+>NOT</EM
+> be forced into SSL mode. The syntax for these two 
+		variables is the same as for the <A
+HREF="#HOSTSALLOW"
+><TT
+CLASS="PARAMETER"
+><I
+>		hosts allow</I
+></TT
+></A
+> and <A
+HREF="#HOSTSDENY"
+>		<TT
+CLASS="PARAMETER"
+><I
+>hosts deny</I
+></TT
+></A
+> pair of variables, only 
+		that the subject of the decision is different: It's not the access 
+		right but whether SSL is used or not. </P
+><P
+>The example below requires SSL connections from all hosts
+		outside the local net (which is 192.168.*.*).</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl hosts = &#60;empty string&#62;</B
+></P
+><P
+><B
+CLASS="COMMAND"
+>ssl hosts resign = &#60;empty string&#62;</B
+></P
+><P
+>Example: <B
+CLASS="COMMAND"
+>ssl hosts resign = 192.168.</B
+></P
+></DD
+><DT
+><A
+NAME="SSLREQUIRECLIENTCERT"
+></A
+>ssl require clientcert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>If this variable is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, the 
+		server will not tolerate connections from clients that don't 
+		have a valid certificate. The directory/file given in <A
+HREF="#SSLCACERTDIR"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl CA certDir</I
+></TT
+>
+		</A
+> and <A
+HREF="#SSLCACERTFILE"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl CA certFile
+		</I
+></TT
+></A
+> will be used to look up the CAs that issued 
+		the client's certificate. If the certificate can't be verified 
+		positively, the connection will be terminated.  If this variable 
+		is set to <TT
+CLASS="CONSTANT"
+>no</TT
+>, clients don't need certificates. 
+		Contrary to web applications you really <EM
+>should</EM
+> 
+		require client certificates. In the web environment the client's 
+		data is sensitive (credit card numbers) and the server must prove 
+		to be trustworthy. In a file server environment the server's data 
+		will be sensitive and the clients must prove to be trustworthy.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl require clientcert = no</B
+></P
+></DD
+><DT
+><A
+NAME="SSLREQUIRESERVERCERT"
+></A
+>ssl require servercert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>If this variable is set to <TT
+CLASS="CONSTANT"
+>yes</TT
+>, the 
+		<A
+HREF="smbclient.1.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbclient(1)</B
+>
+		</A
+> will request a certificate from the server. Same as 
+		<A
+HREF="#SSLREQUIRECLIENTCERT"
+><TT
+CLASS="PARAMETER"
+><I
+>ssl require 
+		clientcert</I
+></TT
+></A
+> for the server.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl require servercert = no</B
+>
+		</P
+></DD
+><DT
+><A
+NAME="SSLSERVERCERT"
+></A
+>ssl server cert (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This is the file containing the server's certificate. 
+		The server <EM
+>must</EM
+> have a certificate. The 
+		file may also contain the server's private key. See later for 
+		how certificates and private keys are created.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl server cert = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLSERVERKEY"
+></A
+>ssl server key (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This file contains the private key of the server. If 
+		this variable is not defined, the key is looked up in the 
+		certificate file (it may be appended to the certificate). 
+		The server <EM
+>must</EM
+> have a private key
+		and the certificate <EM
+>must</EM
+> 
+		match this private key.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl server key = &#60;empty string&#62;
+		</B
+></P
+></DD
+><DT
+><A
+NAME="SSLVERSION"
+></A
+>ssl version (G)</DT
+><DD
+><P
+>This variable is part of SSL-enabled Samba. This 
+		is only available if the SSL libraries have been compiled on your 
+		system and the configure option <B
+CLASS="COMMAND"
+>--with-ssl</B
+> was 
+		given at configure time.</P
+><P
+>This enumeration variable defines the versions of the 
+		SSL protocol that will be used. <TT
+CLASS="CONSTANT"
+>ssl2or3</TT
+> allows 
+		dynamic negotiation of SSL v2 or v3, <TT
+CLASS="CONSTANT"
+>ssl2</TT
+> results 
+		in SSL v2, <TT
+CLASS="CONSTANT"
+>ssl3</TT
+> results in SSL v3 and
+		<TT
+CLASS="CONSTANT"
+>tls1</TT
+> results in TLS v1. TLS (Transport Layer 
+		Security) is the new standard for SSL.</P
+><P
+>Default: <B
+CLASS="COMMAND"
+>ssl version = "ssl2or3"</B
 ></P
 ></DD
 ><DT
@@ -17745,7 +17695,7 @@ TARGET="_top"
 		explorer shell file copies.</P
 ><P
 >See also the <A
-HREF="index.html#SYNCALWAYS"
+HREF="#SYNCALWAYS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -17767,9 +17717,11 @@ NAME="STRIPDOT"
 >strip dot (G)</DT
 ><DD
 ><P
->This is a boolean that controls whether to 
-		strip trailing dots off UNIX filenames. This helps with some 
-		CDROMs that have filenames ending in a single dot.</P
+>This parameter is now unused in Samba (2.2.5 and above).
+		It used strip trailing dots off UNIX filenames but was not correctly implmented.
+		In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+		filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+		being returned to a client.</P
 ><P
 >Default: <B
 CLASS="COMMAND"
@@ -17812,7 +17764,7 @@ CLASS="CONSTANT"
 		any affect.</P
 ><P
 >See also the <A
-HREF="index.html#STRICTSYNC"
+HREF="#STRICTSYNC"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -17982,7 +17934,7 @@ NAME="TIMESTAMPLOGS"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#DEBUGTIMESTAMP"
+HREF="#DEBUGTIMESTAMP"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18011,7 +17963,7 @@ TARGET="_top"
 		can be used to prevent a server from exceeding its capacity and is
 		designed as a printing throttle.  See also 
 		<A
-HREF="index.html#MAXPRINTJOBS"
+HREF="#MAXPRINTJOBS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18033,39 +17985,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="UNICODE"
-></A
->unicode (G)</DT
-><DD
-><P
->Specifies whether Samba should try 
-		to use unicode on the wire by default. 
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->unicode = yes</B
-></P
-></DD
-><DT
-><A
-NAME="UNIXCHARSET"
-></A
->unix charset (G)</DT
-><DD
-><P
->Specifies the charset the unix machine 
-		Samba runs on uses. Samba needs to know this in order to be able to 
-		convert text to the charsets other SMB clients use.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->unix charset = ASCII</B
-></P
-></DD
-><DT
-><A
 NAME="UNIXEXTENSIONS"
 ></A
 >unix extensions(G)</DT
@@ -18102,19 +18021,15 @@ CLASS="PARAMETER"
 >passwd
 		program</I
 ></TT
->parameter is called <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->AS ROOT</I
-></SPAN
+>parameter is called <EM
+>AS ROOT</EM
 > - 
 		to allow the new UNIX password to be set without access to the 
 		old UNIX password (as the SMB password change code has no 
 		access to the old password cleartext, only the new).</P
 ><P
 >See also <A
-HREF="index.html#PASSWDPROGRAM"
+HREF="#PASSWDPROGRAM"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18123,7 +18038,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 >, <A
-HREF="index.html#PASSWDCHAT"
+HREF="#PASSWDCHAT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18162,7 +18077,7 @@ CLASS="CONSTANT"
 >.</P
 ><P
 >In order for this parameter to work correctly the <A
-HREF="index.html#ENCRYPTPASSWORDS"
+HREF="#ENCRYPTPASSWORDS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18225,18 +18140,14 @@ CLASS="COMMAND"
 >If this parameter is enabled for a printer, then any attempt
 		to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
 		to PRINTER_ACCESS_USE instead.  Thus allowing the OpenPrinterEx()
-		call to succeed.  <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+		call to succeed.  <EM
 >This parameter MUST not be able enabled
 		on a print share which has valid print driver installed on the Samba 
-		server.</I
-></SPAN
+		server.</EM
 ></P
 ><P
 >See also <A
-HREF="index.html#DISABLESPOOLSS"
+HREF="#DISABLESPOOLSS"
 >disable spoolss</A
 >
 		</P
@@ -18288,12 +18199,8 @@ CLASS="FILENAME"
 		will be read to find the names of hosts and users who will be allowed 
 		access without specifying a password.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE:</I
-></SPAN
+><EM
+>NOTE:</EM
 > The use of <TT
 CLASS="PARAMETER"
 ><I
@@ -18323,7 +18230,7 @@ NAME="USER"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#USERNAME"
+HREF="#USERNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18340,7 +18247,7 @@ NAME="USERS"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#USERNAME"
+HREF="#USERNAME"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18399,7 +18306,7 @@ CLASS="PARAMETER"
 ><P
 >To restrict a service to a particular set of users you 
 		can use the <A
-HREF="index.html#VALIDUSERS"
+HREF="#VALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18429,7 +18336,7 @@ CLASS="PARAMETER"
 		search.</P
 ><P
 >See the section <A
-HREF="index.html#AEN236"
+HREF="#AEN241"
 >NOTE ABOUT 
 		USERNAME/PASSWORD VALIDATION</A
 > for more information on how 
@@ -18438,7 +18345,7 @@ HREF="index.html#AEN236"
 >Default: <B
 CLASS="COMMAND"
 >The guest account if a guest service, 
-		else &lt;empty string&gt;.</B
+		else &#60;empty string&#62;.</B
 ></P
 ><P
 >Examples:<B
@@ -18575,11 +18482,20 @@ CLASS="COMMAND"
 		'!' to tell Samba to stop processing if it gets a match on 
 		that line.</P
 ><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
 ><PRE
 CLASS="PROGRAMLISTING"
 >		!sys = mary fred
 		guest = *
 		</PRE
+></TD
+></TR
+></TABLE
 ></P
 ><P
 >Note that the remapping is applied to all occurrences 
@@ -18600,7 +18516,7 @@ CLASS="CONSTANT"
 >fred</TT
 >. The only exception to this is the 
 		username passed to the <A
-HREF="index.html#PASSWORDSERVER"
+HREF="#PASSWORDSERVER"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18616,12 +18532,8 @@ CLASS="PARAMETER"
 		trouble deleting print jobs as PrintManager under WfWg will think 
 		they don't own the print job.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no username map</I
-></SPAN
+>Default: <EM
+>no username map</EM
 ></P
 ><P
 >Example: <B
@@ -18649,14 +18561,8 @@ CLASS="CONSTANT"
 		connection is made to a Samba server. Sites may use this to record the
 		user connecting to a Samba share.</P
 ><P
->Due to the requirements of the utmp record, we
-	        are required to create a unique identifier for the
-	        incoming user.  Enabling this option creates an n^2
-	        algorithm to find this number.  This may impede
-	        performance on large installations. </P
-><P
 >See also the <A
-HREF="index.html#UTMPDIRECTORY"
+HREF="#UTMPDIRECTORY"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18684,7 +18590,7 @@ CLASS="COMMAND"
 >. It specifies a directory pathname that is
 		used to store the utmp or utmpx files (depending on the UNIX system) that
 		record user connections to a Samba server. See also the <A
-HREF="index.html#UTMP"
+HREF="#UTMP"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -18699,64 +18605,139 @@ CLASS="FILENAME"
 >/var/run/utmp</TT
 > on Linux).</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no utmp directory</I
-></SPAN
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->utmp directory = /var/run/utmp</B
+>Default: <EM
+>no utmp directory</EM
 ></P
 ></DD
 ><DT
 ><A
-NAME="WTMPDIRECTORY"
+NAME="VALIDCHARS"
 ></A
->wtmp directory(G)</DT
+>valid chars (G)</DT
 ><DD
 ><P
->This parameter is only available if Samba has 
-		been configured and compiled with the option <B
-CLASS="COMMAND"
->		--with-utmp</B
->. It specifies a directory pathname that is
-		used to store the wtmp or wtmpx files (depending on the UNIX system) that
-		record user connections to a Samba server. The difference with
-		the utmp directory is the fact that user info is kept after a user 
-		has logged out.
-		
-		See also the <A
-HREF="index.html#UTMP"
->		<TT
+>The option allows you to specify additional 
+		characters that should be considered valid by the server in 
+		filenames. This is particularly useful for national character 
+		sets, such as adding u-umlaut or a-ring.</P
+><P
+>The option takes a list of characters in either integer 
+		or character form with spaces between them. If you give two 
+		characters with a colon between them then it will be taken as 
+		an lowercase:uppercase pair.</P
+><P
+>If you have an editor capable of entering the characters 
+		into the config file then it is probably easiest to use this 
+		method. Otherwise you can specify the characters in octal, 
+		decimal or hexadecimal form using the usual C notation.</P
+><P
+>For example to add the single character 'Z' to the charset 
+		(which is a pointless thing to do as it's already there) you could 
+		do one of the following</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>		valid chars = Z
+		valid chars = z:Z
+		valid chars = 0132:0172
+		</PRE
+></TD
+></TR
+></TABLE
+></P
+><P
+>The last two examples above actually add two characters, 
+		and alter the uppercase and lowercase mappings appropriately.</P
+><P
+>Note that you <EM
+>MUST</EM
+> specify this parameter 
+		after the <TT
 CLASS="PARAMETER"
 ><I
->utmp</I
+>client code page</I
 ></TT
-></A
-> parameter. By default this is 
-		not set, meaning the system will use whatever utmp file the 
-		native system is set to use (usually 
-		<TT
-CLASS="FILENAME"
->/var/run/wtmp</TT
-> on Linux).</P
+> parameter if you 
+		have both set. If <TT
+CLASS="PARAMETER"
+><I
+>client code page</I
+></TT
+> is set after 
+		the <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> parameter the <TT
+CLASS="PARAMETER"
+><I
+>valid 
+		chars</I
+></TT
+> settings will be overwritten.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
+>See also the <A
+HREF="#CLIENTCODEPAGE"
+><TT
+CLASS="PARAMETER"
 ><I
-CLASS="EMPHASIS"
->no wtmp directory</I
-></SPAN
+>client 
+		code page</I
+></TT
+></A
+> parameter.</P
+><P
+>Default: <EM
+>Samba defaults to using a reasonable set 
+		of valid characters for English systems</EM
 ></P
 ><P
 >Example: <B
 CLASS="COMMAND"
->wtmp directory = /var/log/wtmp</B
+>valid chars = 0345:0305 0366:0326 0344:0304
+		</B
 ></P
+><P
+>The above example allows filenames to have the Swedish 
+		characters in them.</P
+><P
+><EM
+>NOTE:</EM
+> It is actually quite difficult to 
+		correctly produce a <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> line for 
+		a particular system. To automate the process <A
+HREF="mailto:tino@augsburg.net"
+TARGET="_top"
+>tino@augsburg.net</A
+> has written 
+		a package called <B
+CLASS="COMMAND"
+>validchars</B
+> which will automatically 
+		produce a complete <TT
+CLASS="PARAMETER"
+><I
+>valid chars</I
+></TT
+> line for
+		a given client system. Look in the <TT
+CLASS="FILENAME"
+>examples/validchars/
+		</TT
+> subdirectory of your Samba source code distribution 
+		for this package.</P
 ></DD
 ><DT
 ><A
@@ -18793,7 +18774,7 @@ CLASS="PARAMETER"
 >. This is useful in the [homes] section.</P
 ><P
 >See also <A
-HREF="index.html#INVALIDUSERS"
+HREF="#INVALIDUSERS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18803,13 +18784,9 @@ CLASS="PARAMETER"
 ></A
 ></P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >No valid users list (anyone can login)
-		</I
-></SPAN
+		</EM
 ></P
 ><P
 >Example: <B
@@ -18831,12 +18808,8 @@ NAME="VETOFILES"
 		or directories as in DOS wildcards.</P
 ><P
 >Each entry must be a unix path, not a DOS path and 
-		must <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		must <EM
+>not</EM
 > include the  unix directory 
 		separator '/'.</P
 ><P
@@ -18852,12 +18825,8 @@ CLASS="PARAMETER"
 		is important to be aware of is Samba's behaviour when
 		trying to delete a directory. If a directory that is
 		to be deleted contains nothing but veto files this
-		deletion will <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->fail</I
-></SPAN
+		deletion will <EM
+>fail</EM
 > unless you also set
 		the <TT
 CLASS="PARAMETER"
@@ -18877,7 +18846,7 @@ CLASS="PARAMETER"
 		for a match as they are scanned.</P
 ><P
 >See also <A
-HREF="index.html#HIDEFILES"
+HREF="#HIDEFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18886,7 +18855,7 @@ CLASS="PARAMETER"
 ></TT
 ></A
 > and <A
-HREF="index.html#CASESENSITIVE"
+HREF="#CASESENSITIVE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18895,16 +18864,18 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >No files or directories are vetoed.
-		</I
-></SPAN
+		</EM
 ></P
 ><P
->Examples:<PRE
+>Examples:<TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
 CLASS="PROGRAMLISTING"
 >; Veto any files containing the word Security, 
 ; any ending in .tmp, and any directory containing the
@@ -18914,6 +18885,9 @@ veto files = /*Security*/*.tmp/*root*/
 ; Veto the Apple specific files that a NetAtalk server
 ; creates.
 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/</PRE
+></TD
+></TR
+></TABLE
 ></P
 ></DD
 ><DT
@@ -18924,7 +18898,7 @@ NAME="VETOOPLOCKFILES"
 ><DD
 ><P
 >This parameter is only valid when the <A
-HREF="index.html#OPLOCKS"
+HREF="#OPLOCKS"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18936,7 +18910,7 @@ CLASS="PARAMETER"
 		to selectively turn off the granting of oplocks on selected files that
 		match a wildcarded list, similar to the wildcarded list used in the
 		<A
-HREF="index.html#VETOFILES"
+HREF="#VETOFILES"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -18946,13 +18920,9 @@ CLASS="PARAMETER"
 > 
 		parameter.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
+>Default: <EM
 >No files are vetoed for oplock 
-		grants</I
-></SPAN
+		grants</EM
 ></P
 ><P
 >You might want to do this on files that you know will 
@@ -18974,31 +18944,6 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="VFSPATH"
-></A
->vfs path (S)</DT
-><DD
-><P
->This parameter specifies the directory
-		to look in for vfs modules. The name of every <B
-CLASS="COMMAND"
->vfs object
-		</B
-> will be prepended by this directory
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->vfs path = </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->vfs path = /usr/lib/samba/vfs</B
-></P
-></DD
-><DT
-><A
 NAME="VFSOBJECT"
 ></A
 >vfs object (S)</DT
@@ -19010,12 +18955,8 @@ NAME="VFSOBJECT"
 		with a VFS object.  The Samba VFS layer is new to Samba 2.2 and 
 		must be enabled at compile time with --with-vfs.</P
 ><P
->Default : <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no value</I
-></SPAN
+>Default : <EM
+>no value</EM
 ></P
 ></DD
 ><DT
@@ -19029,7 +18970,7 @@ NAME="VFSOPTIONS"
 		to the vfs layer at initialization time.  The Samba VFS layer 
 		is new to Samba 2.2 and must be enabled at compile time 
 		with --with-vfs.  See also <A
-HREF="index.html#VFSOBJECT"
+HREF="#VFSOBJECT"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -19038,12 +18979,8 @@ CLASS="PARAMETER"
 ></A
 >.</P
 ><P
->Default : <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->no value</I
-></SPAN
+>Default : <EM
+>no value</EM
 ></P
 ></DD
 ><DT
@@ -19057,12 +18994,8 @@ NAME="VOLUME"
 		returned for a share. Useful for CDROMs with installation programs 
 		that insist on a particular volume label.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->the name of the share</I
-></SPAN
+>Default: <EM
+>the name of the share</EM
 ></P
 ></DD
 ><DT
@@ -19146,12 +19079,8 @@ CLASS="COMMAND"
 > system call
 		will not return any data. </P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Warning:</I
-></SPAN
+><EM
+>Warning:</EM
 > Turning off user
 		enumeration may cause some programs to behave oddly.  For
 		example, the finger program relies on having access to the
@@ -19201,12 +19130,8 @@ CLASS="COMMAND"
 > system
 		call will not return any data. </P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->Warning:</I
-></SPAN
+><EM
+>Warning:</EM
 > Turning off group
 		enumeration may cause some programs to behave oddly.
 		</P
@@ -19235,7 +19160,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind gid = &lt;empty string&gt;
+>winbind gid = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -19306,7 +19231,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind uid = &lt;empty string&gt;
+>winbind uid = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -19334,7 +19259,7 @@ TARGET="_top"
 ><P
 >Default: <B
 CLASS="COMMAND"
->winbind use default domain = &lt;falseg&gt; 
+>winbind use default domain = &#60;falseg&#62; 
 		</B
 ></P
 ><P
@@ -19449,12 +19374,8 @@ TARGET="_top"
 >You should point this at your WINS server if you have a
 		multi-subnetted network.</P
 ><P
-><SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NOTE</I
-></SPAN
+><EM
+>NOTE</EM
 >. You need to set up Samba to point 
 		to a WINS server if you have multiple subnets and wish cross-subnet 
 		browsing to work correctly.</P
@@ -19465,12 +19386,8 @@ CLASS="FILENAME"
 > 
 		in the docs/ directory of your Samba source distribution.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not enabled</I
-></SPAN
+>Default: <EM
+>not enabled</EM
 ></P
 ><P
 >Example: <B
@@ -19499,12 +19416,8 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >nmbd</B
 > to be your WINS server. 
-		Note that you should <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->NEVER</I
-></SPAN
+		Note that you should <EM
+>NEVER</EM
 > set this to <TT
 CLASS="CONSTANT"
 >true</TT
@@ -19526,7 +19439,7 @@ NAME="WORKGROUP"
 >This controls what workgroup your server will 
 		appear to be in when queried by clients. Note that this parameter 
 		also controls the Domain name used with the <A
-HREF="index.html#SECURITYEQUALSDOMAIN"
+HREF="#SECURITYEQUALSDOMAIN"
 ><B
 CLASS="COMMAND"
 >security = domain</B
@@ -19534,12 +19447,8 @@ CLASS="COMMAND"
 >
 		setting.</P
 ><P
->Default: <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->set at compile time to WORKGROUP</I
-></SPAN
+>Default: <EM
+>set at compile time to WORKGROUP</EM
 ></P
 ><P
 >Example: <B
@@ -19555,7 +19464,7 @@ NAME="WRITABLE"
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -19573,12 +19482,8 @@ NAME="WRITECACHESIZE"
 ><P
 >If this integer parameter is set to non-zero value,
 		Samba will create an in-memory cache for each oplocked file 
-		(it does <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->not</I
-></SPAN
+		(it does <EM
+>not</EM
 > do this for 
 		non-oplocked files). All writes that the client does not request 
 		to be flushed directly to disk will be stored in this cache if possible. 
@@ -19618,7 +19523,7 @@ NAME="WRITELIST"
 >This is a list of users that are given read-write 
 		access to a service. If the connecting user is in this list then 
 		they will be given write access, no matter what the <A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -19633,7 +19538,7 @@ CLASS="PARAMETER"
 		write list then they will be given write access.</P
 ><P
 >See also the <A
-HREF="index.html#READLIST"
+HREF="#READLIST"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -19645,7 +19550,7 @@ CLASS="PARAMETER"
 ><P
 >Default: <B
 CLASS="COMMAND"
->write list = &lt;empty string&gt;
+>write list = &#60;empty string&#62;
 		</B
 ></P
 ><P
@@ -19657,37 +19562,13 @@ CLASS="COMMAND"
 ></DD
 ><DT
 ><A
-NAME="WINSPARTNERS"
-></A
->wins partners (G)</DT
-><DD
-><P
->A space separated list of partners' IP addresses for 
-		WINS replication. WINS partners are always defined as push/pull 
-		partners as defining only one way WINS replication is unreliable. 
-		WINS replication is currently experimental and unreliable between 
-		samba servers.
-		</P
-><P
->Default: <B
-CLASS="COMMAND"
->wins partners = </B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->wins partners = 192.168.0.1 172.16.1.2</B
-></P
-></DD
-><DT
-><A
 NAME="WRITEOK"
 ></A
 >write ok (S)</DT
 ><DD
 ><P
 >Synonym for <A
-HREF="index.html#WRITEABLE"
+HREF="#WRITEABLE"
 ><TT
 CLASS="PARAMETER"
 ><I
@@ -19720,7 +19601,7 @@ NAME="WRITEABLE"
 ><DD
 ><P
 >An inverted synonym is <A
-HREF="index.html#READONLY"
+HREF="#READONLY"
 >		<TT
 CLASS="PARAMETER"
 ><I
@@ -19740,12 +19621,8 @@ CLASS="CONSTANT"
 CLASS="COMMAND"
 >printable = yes</B
 >)
-		will <SPAN
-CLASS="emphasis"
-><I
-CLASS="EMPHASIS"
->ALWAYS</I
-></SPAN
+		will <EM
+>ALWAYS</EM
 > allow writing to the directory 
 		(user privileges permitting), but only via spooling operations.</P
 ><P
@@ -19760,7 +19637,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6109"
+NAME="AEN6208"
 ></A
 ><H2
 >WARNINGS</H2
@@ -19790,7 +19667,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6115"
+NAME="AEN6214"
 ></A
 ><H2
 >VERSION</H2
@@ -19801,7 +19678,7 @@ NAME="AEN6115"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6118"
+NAME="AEN6217"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -19880,7 +19757,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN6138"
+NAME="AEN6237"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html
index 74c2854a864..8e0f326125f 100644
--- a/docs/htmldocs/smbcontrol.1.html
+++ b/docs/htmldocs/smbcontrol.1.html
@@ -36,17 +36,17 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbcontrol</B
->  [-i]</P
+>  [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] {-i}</P
 ><P
 ><B
 CLASS="COMMAND"
 >smbcontrol</B
->  [destination] [message-type] [parameter]</P
+>  [-d &#60;debug level&#62;] [-s &#60;smb config file&#62;] {destination} {message-type} [parameter]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN17"
+NAME="AEN21"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -81,7 +81,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN26"
+NAME="AEN30"
 ></A
 ><H2
 >OPTIONS</H2
@@ -91,6 +91,24 @@ NAME="AEN26"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
+>-d &#60;debuglevel&#62;</DT
+><DD
+><P
+>debuglevel is an integer from 0 to 10.</P
+></DD
+><DT
+>-s &#60;smb.conf&#62;</DT
+><DD
+><P
+>This parameter specifies the pathname to
+		the Samba configuration file, <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>		smb.conf(5)</A
+>.  This file controls all aspects of
+		the Samba setup on the machine.</P
+></DD
+><DT
 >-i</DT
 ><DD
 ><P
@@ -170,7 +188,7 @@ CLASS="CONSTANT"
 >, 
 		or <TT
 CLASS="CONSTANT"
->printnotify</TT
+>printer-notify</TT
 >.</P
 ><P
 >The <TT
@@ -246,68 +264,15 @@ CLASS="CONSTANT"
 ><P
 >The <TT
 CLASS="CONSTANT"
->printnotify</TT
+>printer-notify</TT
 > message-type sends a 
 		message to smbd which in turn sends a printer notify message to 
-		any Windows NT clients connected to  a printer. This message-type
-		takes the following arguments:
-
-		<P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->queuepause printername</DT
-><DD
-><P
->Send a queue pause change notify
-		    message to the printer specified.</P
-></DD
-><DT
->queueresume printername</DT
-><DD
-><P
->Send a queue resume change notify
-		    message for the printer specified.</P
-></DD
-><DT
->jobpause printername unixjobid</DT
-><DD
-><P
->Send a job pause change notify
-		    message for the printer and unix jobid
-		    specified.</P
-></DD
-><DT
->jobresume printername unixjobid</DT
-><DD
-><P
->Send a job resume change notify
-		    message for the printer and unix jobid
-		    specified.</P
-></DD
-><DT
->jobdelete printername unixjobid</DT
-><DD
-><P
->Send a job delete change notify
-		    message for the printer and unix jobid
-		    specified.</P
-></DD
-></DL
-></DIV
->
-
-		Note that this message only sends notification that an
-		event has occured.  It doesn't actually cause the
-		event to happen.
-
+		any Windows NT clients connected to  a printer.  This message-type 
+		takes an argument of the printer name to  send notify messages to.   
 		This message can only be sent to <TT
 CLASS="CONSTANT"
 >smbd</TT
->. 
-		</P
+>.</P
 ></DD
 ><DT
 >parameters</DT
@@ -321,7 +286,7 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN102"
+NAME="AEN94"
 ></A
 ><H2
 >VERSION</H2
@@ -332,7 +297,7 @@ NAME="AEN102"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN105"
+NAME="AEN97"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -358,7 +323,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN112"
+NAME="AEN104"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html
index 6a4996d9387..e1ea92b986a 100644
--- a/docs/htmldocs/smbd.8.html
+++ b/docs/htmldocs/smbd.8.html
@@ -36,12 +36,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >smbd</B
->  [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-b] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
+>  [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d &#60;debug level&#62;] [-l &#60;log directory&#62;] [-p &#60;port number&#62;] [-O &#60;socket option&#62;] [-s &#60;configuration file&#62;]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN24"
+NAME="AEN23"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -84,7 +84,7 @@ CLASS="FILENAME"
 >smb.conf(5)</TT
 ></A
 > 
-	manpage should be regarded as mandatory reading before 
+	manpage should be regarded as mandatory reading before
 	proceeding with installation.</P
 ><P
 >A session is created whenever a client requests one. 
@@ -106,7 +106,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN38"
+NAME="AEN37"
 ></A
 ><H2
 >OPTIONS</H2
@@ -198,13 +198,6 @@ CLASS="COMMAND"
 >.</P
 ></DD
 ><DT
->-b</DT
-><DD
-><P
->Prints information about how 
-		Samba was built.</P
-></DD
-><DT
 >-d &#60;debug level&#62;</DT
 ><DD
 ><P
@@ -221,7 +214,7 @@ CLASS="REPLACEABLE"
 		logged to the log files about the activities of the 
 		server. At level 0, only critical errors and serious 
 		warnings will be logged. Level 1 is a reasonable level for
-		day to day running - it generates a small amount of 
+		day to day running - it generates a small amount of
 		information about operations carried out.</P
 ><P
 >Levels above 1 will generate considerable 
@@ -313,14 +306,14 @@ CLASS="REPLACEABLE"
 ><I
 >port number</I
 ></TT
-> is a positive integer 
+> is a positive integer
 		value.  The default value if this parameter is not 
 		specified is 139.</P
 ><P
 >This number is the port number that will be 
 		used when making connections to the server from client 
 		software. The standard (well-known) port number for the 
-		SMB over TCP is 139, hence the default. If you wish to 
+		SMB over TCP is 139, hence the default. If you wish to
 		run the server as an ordinary user rather than
 		as root, most systems will require you to use a port 
 		number greater than 1024 - ask your system administrator 
@@ -352,7 +345,7 @@ CLASS="FILENAME"
 >		smb.conf(5)</TT
 ></A
 > for more information.
-		The default configuration file name is determined at 
+		The default configuration file name is determined at
 		compile time.</P
 ></DD
 ></DL
@@ -361,7 +354,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN122"
+NAME="AEN117"
 ></A
 ><H2
 >FILES</H2
@@ -377,7 +370,7 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->If the server is to be run by the 
+>If the server is to be run by the
 		<B
 CLASS="COMMAND"
 >inetd</B
@@ -398,11 +391,11 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->or whatever initialization script your 
+>or whatever initialization script your
 		system uses).</P
 ><P
->If running the server as a daemon at startup, 
-		this file will need to contain an appropriate startup 
+>If running the server as a daemon at startup,
+		this file will need to contain an appropriate startup
 		sequence for the server. See the <A
 HREF="UNIX_INSTALL.html"
 TARGET="_top"
@@ -417,13 +410,13 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->If running the server via the 
+>If running the server via the
 		meta-daemon <B
 CLASS="COMMAND"
 >inetd</B
->, this file 
-		must contain a mapping of service name (e.g., netbios-ssn) 
-		to service port (e.g., 139) and protocol type (e.g., tcp). 
+>, this file
+		must contain a mapping of service name (e.g., netbios-ssn)
+		to service port (e.g., 139) and protocol type (e.g., tcp).
 		See the <A
 HREF="UNIX_INSTALL.html"
 TARGET="_top"
@@ -438,7 +431,7 @@ CLASS="FILENAME"
 ></DT
 ><DD
 ><P
->This is the default location of the 
+>This is the default location of the
 		<A
 HREF="smb.conf.5.html"
 TARGET="_top"
@@ -447,17 +440,17 @@ CLASS="FILENAME"
 >smb.conf</TT
 ></A
 >
-		server configuration file. Other common places that systems 
+		server configuration file. Other common places that systems
 		install this file are <TT
 CLASS="FILENAME"
 >/usr/samba/lib/smb.conf</TT
-> 
+>
 		and <TT
 CLASS="FILENAME"
 >/etc/smb.conf</TT
 >.</P
 ><P
->This file describes all the services the server 
+>This file describes all the services the server
 		is to make available to clients. See <A
 HREF="smb.conf.5.html"
 TARGET="_top"
@@ -473,7 +466,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN158"
+NAME="AEN153"
 ></A
 ><H2
 >LIMITATIONS</H2
@@ -481,10 +474,10 @@ NAME="AEN158"
 >On some systems <B
 CLASS="COMMAND"
 >smbd</B
-> cannot change uid back 
-	to root after a setuid() call.  Such systems are called 
-	trapdoor uid systems. If you have such a system, 
-	you will be unable to connect from a client (such as a PC) as 
+> cannot change uid back
+	to root after a setuid() call.  Such systems are called
+	trapdoor uid systems. If you have such a system,
+	you will be unable to connect from a client (such as a PC) as
 	two different users at once. Attempts to connect the
 	second user will result in access denied or 
 	similar.</P
@@ -492,7 +485,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN162"
+NAME="AEN157"
 ></A
 ><H2
 >ENVIRONMENT VARIABLES</H2
@@ -523,15 +516,15 @@ CLASS="CONSTANT"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN171"
+NAME="AEN166"
 ></A
 ><H2
 >PAM INTERACTION</H2
 ><P
->Samba uses PAM for authentication (when presented with a plaintext 
+>Samba uses PAM for authentication (when presented with a plaintext
 	password), for account checking (is this account disabled?) and for
 	session management.  The degree too which samba supports PAM is restricted
-	by the limitations of the SMB protocol and the 
+	by the limitations of the SMB protocol and the
 	<A
 HREF="smb.conf.5.html#OBEYPAMRESRICTIONS"
 TARGET="_top"
@@ -557,7 +550,7 @@ TARGET="_top"
 ><EM
 >Session Management</EM
 >:  When not using share 
-	level secuirty, users must pass PAM's session checks before access 
+	level secuirty, users must pass PAM's session checks before access
 	is granted.  Note however, that this is bypassed in share level secuirty.  
 	Note also that some older pam configuration files may need a line 
 	added for session support. 
@@ -568,41 +561,50 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN182"
+NAME="AEN177"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 2.2 of 
+>This man page is correct for version 2.2 of
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN185"
+NAME="AEN180"
 ></A
 ><H2
->DIAGNOSTICS</H2
-><P
->Most diagnostics issued by the server are logged 
-	in a specified log file. The log file name is specified 
+>TROUBLESHOOTING</H2
+><P
+>        One of the common causes of difficulty when installing Samba and SWAT
+        is the existsnece of some type of firewall or port filtering software
+        on the Samba server.  Make sure that the appropriate ports
+        outlined in this man page are available on the server and are not currently
+        being blocked by some type of security software such as iptables or
+        "port sentry".  For more troubleshooting information, refer to the additional
+        documentation included in the Samba distribution.
+        </P
+><P
+>Most diagnostics issued by the server are logged
+	in a specified log file. The log file name is specified
 	at compile time, but may be overridden on the command line.</P
 ><P
->The number and nature of diagnostics available depends 
-	on the debug level used by the server. If you have problems, set 
+>The number and nature of diagnostics available depends
+	on the debug level used by the server. If you have problems, set
 	the debug level to 3 and peruse the log files.</P
 ><P
->Most messages are reasonably self-explanatory. Unfortunately, 
-	at the time this man page was created, there are too many diagnostics 
-	available in the source code to warrant describing each and every 
-	diagnostic. At this stage your best bet is still to grep the 
-	source code and inspect the conditions that gave rise to the 
+>Most messages are reasonably self-explanatory. Unfortunately,
+	at the time this man page was created, there are too many diagnostics
+	available in the source code to warrant describing each and every
+	diagnostic. At this stage your best bet is still to grep the
+	source code and inspect the conditions that gave rise to the
 	diagnostics you are seeing.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN190"
+NAME="AEN186"
 ></A
 ><H2
 >SIGNALS</H2
@@ -610,29 +612,29 @@ NAME="AEN190"
 >Sending the <B
 CLASS="COMMAND"
 >smbd</B
-> a SIGHUP will cause it to 
+> a SIGHUP will cause it to
 	reload its <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> configuration 
+> configuration
 	file within a short period of time.</P
 ><P
 >To shut down a user's <B
 CLASS="COMMAND"
 >smbd</B
-> process it is recommended 
+> process it is recommended
 	that <B
 CLASS="COMMAND"
 >SIGKILL (-9)</B
 > <EM
 >NOT</EM
-> 
+>
 	be used, except as a last resort, as this may leave the shared
-	memory area in an inconsistent state. The safe way to terminate 
+	memory area in an inconsistent state. The safe way to terminate
 	an <B
 CLASS="COMMAND"
 >smbd</B
-> is to send it a SIGTERM (-15) signal and wait for 
+> is to send it a SIGTERM (-15) signal and wait for
 	it to die on its own.</P
 ><P
 >The debug log level of <B
@@ -648,7 +650,7 @@ CLASS="COMMAND"
 	</B
 ></A
 > program (SIGUSR[1|2] signals are no longer used in
-	Samba 2.2). This is to allow transient problems to be diagnosed, 
+	Samba 2.2). This is to allow transient problems to be diagnosed,
 	whilst still running at a normally low log level.</P
 ><P
 >Note that as the signal handlers send a debug write, 
@@ -667,7 +669,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN207"
+NAME="AEN203"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -733,7 +735,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN224"
+NAME="AEN220"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/smbgroupedit.8.html b/docs/htmldocs/smbgroupedit.8.html
deleted file mode 100644
index 4af49672caf..00000000000
--- a/docs/htmldocs/smbgroupedit.8.html
+++ /dev/null
@@ -1,402 +0,0 @@
-<HTML
-><HEAD
-><TITLE
->smbgroupedit</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="SMBGROUPEDIT"
->smbgroupedit</A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN5"
-></A
-><H2
->Name</H2
->smbgroupedit&nbsp;--&nbsp;Query/set/change UNIX - Windows NT group mapping</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->smbroupedit</B
->  [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p prividge|]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN13"
-></A
-><H2
->DESCRIPTION</H2
-><P
->This program is part of the <A
-HREF="samba.7.html"
-TARGET="_top"
->Samba</A
->
-suite.</P
-><P
->The  smbgroupedit  command  allows for mapping unix groups
-to NT Builtin, Domain, or Local groups.  Also
-allows setting privileges for that group, such as saAddUser,
-etc.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN18"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-v[l|s]</DT
-><DD
-><P
->This option will list all groups available
-		in the Windows NT domain in which samba is operating.
-		</P
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-l</DT
-><DD
-><P
->give a long listing, of the format:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->"NT Group Name"
-    SID            :
-    Unix group     :
-    Group type     :
-    Comment        :
-    Privilege      :</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->For examples,</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->Users
-    SID : S-1-5-32-545
-    Unix group: -1
-    Group type: Local group
-    Comment :
-    Privilege : No privilege</PRE
-></TD
-></TR
-></TABLE
-></P
-></DD
-><DT
->-s</DT
-><DD
-><P
->display a short listing of the format:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->NTGroupName(SID) -&#62; UnixGroupName</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->For example,</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
->Users (S-1-5-32-545) -&#62; -1</PRE
-></TD
-></TR
-></TABLE
-></P
-></DD
-></DL
-></DIV
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN44"
-></A
-><H2
->FILES</H2
-><P
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN47"
-></A
-><H2
->EXIT STATUS</H2
-><P
-><B
-CLASS="COMMAND"
->smbgroupedit</B
-> returns a status of 0 if the
-operation completed successfully, and a value of 1 in the event
-of a failure.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN51"
-></A
-><H2
->EXAMPLES</H2
-><P
->To make a subset of your samba PDC users members of
-the 'Domain Admins'  Global group:</P
-><P
-></P
-><OL
-TYPE="1"
-><LI
-><P
->create a unix group (usually in
-	<TT
-CLASS="FILENAME"
->/etc/group</TT
->), let's call it <TT
-CLASS="CONSTANT"
->domadm</TT
->.
-	</P
-></LI
-><LI
-><P
->add to this group the users that you want to be
-	domain administrators. For example if you want joe, john and mary,
-	your entry in <TT
-CLASS="FILENAME"
->/etc/group</TT
-> will look like:
-	</P
-><P
->domadm:x:502:joe,john,mary</P
-></LI
-><LI
-><P
->map this domadm group to the 'domain admins' group:
-	</P
-><P
-></P
-><OL
-TYPE="a"
-><LI
-><P
->Get the SID for the Windows NT "Domain Admins"
-		group:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
-><TT
-CLASS="PROMPT"
->root# </TT
-><B
-CLASS="COMMAND"
->smbgroupedit -vs | grep "Domain Admins"</B
->
-Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; -1</PRE
-></TD
-></TR
-></TABLE
-></P
-></LI
-><LI
-><P
->map the unix domadm group to the Windows NT
-		"Domain Admins" group, by running the command:
-		</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="90%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
-><TT
-CLASS="PROMPT"
->root# </TT
-><B
-CLASS="COMMAND"
->smbgroupedit \
--c S-1-5-21-1108995562-3116817432-1375597819-512 \
--u domadm</B
-></PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->		<EM
->warning:</EM
-> don't copy and paste this sample, the
-		Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
-		</P
-></LI
-></OL
-></LI
-></OL
-><P
->To verify that you mapping has taken effect:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
-><TT
-CLASS="PROMPT"
->root# </TT
-><B
-CLASS="COMMAND"
->smbgroupedit -vs|grep "Domain Admins"</B
->
-Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -&#62; domadm</PRE
-></TD
-></TR
-></TABLE
-></P
-><P
->To give access to a certain directory on a domain member machine (an
-NT/W2K or a samba server running winbind) to some users who are member
-of a group on your samba PDC, flag that group as a domain group:</P
-><P
-><TABLE
-BORDER="0"
-BGCOLOR="#E0E0E0"
-WIDTH="100%"
-><TR
-><TD
-><PRE
-CLASS="PROGRAMLISTING"
-><TT
-CLASS="PROMPT"
->root# </TT
-><B
-CLASS="COMMAND"
->smbgroupedit -a unixgroup -td</B
-></PRE
-></TD
-></TR
-></TABLE
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN90"
-></A
-><H2
->VERSION</H2
-><P
->This man page is correct for the 3.0alpha releases of
-the Samba suite.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN93"
-></A
-><H2
->SEE ALSO</H2
-><P
-><A
-HREF="smb.conf.5.html"
-TARGET="_top"
->smb.conf(5)</A
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN97"
-></A
-><H2
->AUTHOR</H2
-><P
->The original Samba software and related utilities
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar
-to the way the Linux kernel is developed.</P
-><P
-><B
-CLASS="COMMAND"
->smbgroupedit</B
-> was written by Jean Francois Micouleau.
-The current set of manpages and documentation is maintained
-by the Samba Team in the same fashion as the Samba source code.</P
-></DIV
-></BODY
-></HTML
->
\ No newline at end of file
diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html
index 1f862b66114..229350542e6 100644
--- a/docs/htmldocs/smbpasswd.5.html
+++ b/docs/htmldocs/smbpasswd.5.html
@@ -72,7 +72,7 @@ CLASS="FILENAME"
 >passwd(5)</TT
 > 
 	file. It is an ASCII file containing one line for each user. Each field 
-	ithin each line is separated from the next by a colon. Any entry 
+	within each line is separated from the next by a colon. Any entry 
 	beginning with '#' is ignored. The smbpasswd file contains the 
 	following information for each user: </P
 ><P
diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html
index a8b39b37e57..7c0699c535b 100644
--- a/docs/htmldocs/smbpasswd.8.html
+++ b/docs/htmldocs/smbpasswd.8.html
@@ -33,15 +33,24 @@ NAME="AEN8"
 ><H2
 >Synopsis</H2
 ><P
+>When run by root:</P
+><P
+><B
+CLASS="COMMAND"
+>smbpasswd</B
+>  [options] [username] [password]</P
+><P
+>otherwise:</P
+><P
 ><B
 CLASS="COMMAND"
 >smbpasswd</B
->  [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r &#60;remote machine&#62;] [-R &#60;name resolve order&#62;] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [-w pass] [username]</P
+>  [options] [password]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN26"
+NAME="AEN20"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -110,7 +119,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN42"
+NAME="AEN36"
 ></A
 ><H2
 >OPTIONS</H2
@@ -120,35 +129,235 @@ NAME="AEN42"
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->-a</DT
+>-L</DT
 ><DD
 ><P
->This option specifies that the username 
-		following should be added to the local smbpasswd file, with the 
-		new password typed (type &#60;Enter&#62; for the old password). This 
-		option is ignored if the username following already exists in 
-		the smbpasswd file and it is treated like a regular change 
-		password command.  Note that the default passdb backends require 
-                the user to already exist in the system password file (usually 
-                <TT
+>Run the smbpasswd command in local mode. This 
+		allows a non-root user to specify the root-only options. This 
+		is used mostly in test environments where a non-root user needs
+		to make changes to the local <TT
 CLASS="FILENAME"
->/etc/passwd</TT
->), else the request to add the 
-                user will fail.  </P
+>smbpasswd</TT
+> file.
+		The <TT
+CLASS="FILENAME"
+>smbpasswd</TT
+> file must have read/write 
+		permissions for the user running the command.</P
+></DD
+><DT
+>-h</DT
+><DD
 ><P
->This option is only available when running smbpasswd 
-		as root. </P
+>This option prints the help string for 
+		<B
+CLASS="COMMAND"
+>smbpasswd</B
+>. </P
 ></DD
 ><DT
->-x</DT
+>-c smb.conf file</DT
 ><DD
 ><P
->This option specifies that the username 
-		following should be deleted from the local smbpasswd file.
+>This option specifies that the configuration
+		file specified should be used instead of the default value
+		specified at compile time. </P
+></DD
+><DT
+>-D debuglevel</DT
+><DD
+><P
+><TT
+CLASS="REPLACEABLE"
+><I
+>debuglevel</I
+></TT
+> is an integer 
+		from 0 to 10.  The default value if this parameter is not specified 
+		is zero. </P
+><P
+>The higher this value, the more detail will be logged to the 
+		log files about the activities of smbpasswd. At level 0, only 
+		critical errors and serious warnings will be logged. </P
+><P
+>Levels above 1 will generate considerable amounts of log 
+		data, and should only be used when investigating a problem. Levels 
+		above 3 are designed for use only by developers and generate
+		HUGE amounts of log data, most of which is extremely cryptic. 
+		</P
+></DD
+><DT
+>-r remote machine name</DT
+><DD
+><P
+>This option allows a user to specify what machine 
+		they wish to change their password on. Without this parameter 
+		smbpasswd defaults to the local host. The <TT
+CLASS="REPLACEABLE"
+><I
+>remote 
+		machine name</I
+></TT
+> is the NetBIOS name of the SMB/CIFS 
+		server to contact to attempt the password change. This name is 
+		resolved into an IP address using the standard name resolution 
+		mechanism in all programs of the Samba suite. See the <TT
+CLASS="PARAMETER"
+><I
+>-R 
+		name resolve order</I
+></TT
+> parameter for details on changing 
+		this resolving mechanism. </P
+><P
+>The username whose password is changed is that of the 
+		current UNIX logged on user. See the <TT
+CLASS="PARAMETER"
+><I
+>-U username</I
+></TT
+>
+		parameter for details on changing the password for a different 
+		username. </P
+><P
+>Note that if changing a Windows NT Domain password the 
+		remote machine specified must be the Primary Domain Controller for 
+		the domain (Backup Domain Controllers only have a read-only
+		copy of the user account database and will not allow the password 
+		change).</P
+><P
+><EM
+>Note</EM
+> that Windows 95/98 do not have 
+		a real password database so it is not possible to change passwords 
+		specifying a Win95/98  machine as remote machine target. </P
+></DD
+><DT
+>-s</DT
+><DD
+><P
+>This option causes smbpasswd to be silent (i.e. 
+		not issue prompts) and to read its old and new passwords from 
+		standard  input, rather than from <TT
+CLASS="FILENAME"
+>/dev/tty</TT
+> 
+		(like the <B
+CLASS="COMMAND"
+>passwd(1)</B
+> program does). This option 
+		is to aid people writing scripts to drive smbpasswd</P
+></DD
+><DT
+>-S</DT
+><DD
+><P
+>This option causes <B
+CLASS="COMMAND"
+>smbpasswd</B
+>
+		to query a domain controller of the domain specified 
+		by the <A
+HREF="smb.conf.5.html#WORKGROUP"
+TARGET="_top"
+>workgroup</A
+>
+		parameter in <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> and store the
+		domain SID in the <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+> file
+		as its own machine SID.  This is only useful when configuring
+		a Samba PDC and Samba BDC, or when migrating from a Windows PDC
+		to a Samba PDC.  </P
+><P
+>The <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+> options can be used
+		as well to indicate a specific domain controller which should
+		be contacted.  In this case, the domain SID obtained is the 
+		one for the domain to which the remote machine belongs.
 		</P
+></DD
+><DT
+>-t</DT
+><DD
 ><P
->This option is only available when running smbpasswd as 
-		root.</P
+>This option is used to force smbpasswd to 
+		change the current password assigned to the machine trust account
+		when operating in domain security mode.  This is really meant to 
+		be used on systems that only run <A
+HREF="winbindd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>winbindd</B
+></A
+>.
+		Under server installations, <A
+HREF="smbd.8.html"
+TARGET="_top"
+><B
+CLASS="COMMAND"
+>smbd</B
+></A
+>
+		handle the password updates automatically.</P
+></DD
+><DT
+>-U username[%pass]</DT
+><DD
+><P
+>This option may only be used in conjunction 
+		with the <TT
+CLASS="PARAMETER"
+><I
+>-r</I
+></TT
+> option. When changing
+		a password on a remote machine it allows the user to specify 
+		the user name on that machine whose password will be changed. It 
+		is present to allow users who have different user names on 
+		different systems to change these passwords. The optional
+		%pass may be used to specify to old password.</P
+><P
+>In particular, this parameter specifies the username
+                used to create the machine account when invoked with -j</P
+></DD
+><DT
+><B
+CLASS="COMMAND"
+>NOTE:</B
+></DT
+><DD
+><P
+><B
+CLASS="COMMAND"
+>The following options are available only when the smbpasswd command is
+run as root or in local mode.</B
+></P
+></DD
+><DT
+>-a</DT
+><DD
+><P
+>This option specifies that the username 
+		following should be added to the local smbpasswd file, with the 
+		new password typed. This 
+		option is ignored if the username specified already exists in 
+		the smbpasswd file and it is treated like a regular change 
+		password command. Note that the user to be added must already exist 
+		in the system password file (usually <TT
+CLASS="FILENAME"
+>/etc/passwd</TT
+>)
+		else the request to add the user will fail. </P
 ></DD
 ><DT
 >-d</DT
@@ -169,15 +378,13 @@ CLASS="CONSTANT"
 ><P
 >If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 		format) there is no space in the user's password entry to write
-		this information and the command will FAIL. See <B
+		this information and so the user is disabled by writing 'X' characters 
+		into the password space in the smbpasswd file. See <B
 CLASS="COMMAND"
 >smbpasswd(5)
 		</B
 > for details on the 'old' and new password file formats.
 		</P
-><P
->This option is only available when running smbpasswd as 
-		root.</P
 ></DD
 ><DT
 >-e</DT
@@ -195,38 +402,27 @@ CLASS="CONSTANT"
 >If the smbpasswd file is in the 'old' format, then <B
 CLASS="COMMAND"
 >		smbpasswd</B
-> will FAIL to enable the account.  
-                See <B
+> will prompt for a new password for this user, 
+		otherwise the account will be enabled by removing the <TT
+CLASS="CONSTANT"
+>'D'
+		</TT
+> flag from account control space in the <TT
+CLASS="FILENAME"
+>		smbpasswd</TT
+> file. See <B
 CLASS="COMMAND"
 >smbpasswd (5)</B
 > for 
 		details on the 'old' and new password file formats. </P
-><P
->This option is only available when running smbpasswd as root. 
-		</P
 ></DD
 ><DT
->-D debuglevel</DT
+>-m</DT
 ><DD
 ><P
-><TT
-CLASS="REPLACEABLE"
-><I
->debuglevel</I
-></TT
-> is an integer 
-		from 0 to 10.  The default value if this parameter is not specified 
-		is zero. </P
-><P
->The higher this value, the more detail will be logged to the 
-		log files about the activities of smbpasswd. At level 0, only 
-		critical errors and serious warnings will be logged. </P
-><P
->Levels above 1 will generate considerable amounts of log 
-		data, and should only be used when investigating a problem. Levels 
-		above 3 are designed for use only by developers and generate
-		HUGE amounts of log data, most of which is extremely cryptic. 
-		</P
+>This option tells smbpasswd that the account 
+		being changed is a MACHINE account. Currently this is used 
+		when Samba is being used as an NT Primary Domain Controller.</P
 ></DD
 ><DT
 >-n</DT
@@ -250,55 +446,127 @@ CLASS="FILENAME"
 CLASS="COMMAND"
 >null passwords = yes</B
 ></P
-><P
->This option is only available when running smbpasswd as 
-		root.</P
 ></DD
 ><DT
->-r remote machine name</DT
+>-w password</DT
 ><DD
 ><P
->This option allows a user to specify what machine 
-		they wish to change their password on. Without this parameter 
-		smbpasswd defaults to the local host. The <TT
-CLASS="REPLACEABLE"
+>This parameter is only available is Samba
+		has been configured to use the experimental
+		<B
+CLASS="COMMAND"
+>--with-ldapsam</B
+> option. The <TT
+CLASS="PARAMETER"
 ><I
->remote 
-		machine name</I
+>-w</I
 ></TT
-> is the NetBIOS name of the SMB/CIFS 
-		server to contact to attempt the password change. This name is 
-		resolved into an IP address using the standard name resolution 
-		mechanism in all programs of the Samba suite. See the <TT
+> 
+		switch is used to specify the password to be used with the 
+		<A
+HREF="smb.conf.5.html#LDAPADMINDN"
+TARGET="_top"
+><TT
 CLASS="PARAMETER"
 ><I
->-R 
-		name resolve order</I
+>ldap admin 
+		dn</I
 ></TT
-> parameter for details on changing 
-		this resolving mechanism. </P
+></A
+>.  Note that the password is stored in
+		the <TT
+CLASS="FILENAME"
+>private/secrets.tdb</TT
+> and is keyed off 
+		of the admin's DN.  This means that if the value of <TT
+CLASS="PARAMETER"
+><I
+>ldap
+		admin dn</I
+></TT
+> ever changes, the password will need to be 
+		manually updated as well.
+		</P
+></DD
+><DT
+>-x</DT
+><DD
 ><P
->The username whose password is changed is that of the 
-		current UNIX logged on user. See the <TT
+>This option specifies that the username 
+		following should be deleted from the local smbpasswd file.
+		</P
+></DD
+><DT
+>-j DOMAIN</DT
+><DD
+><P
+>This option is used to add a Samba server 
+		into a Windows NT Domain, as a Domain member capable of authenticating 
+		user accounts to any Domain Controller in the same way as a Windows 
+		NT Server. See the <B
+CLASS="COMMAND"
+>security = domain</B
+> option in 
+		the <TT
+CLASS="FILENAME"
+>smb.conf(5)</TT
+> man page. </P
+><P
+>This command can work both with and without the -U parameter. </P
+><P
+>When invoked with -U, that username (and optional password) are
+                used to contact the PDC (which must be specified with -r) to both
+                create a machine account, and to set a password on it.</P
+><P
+>Alternately, if -U is omitted, Samba will contact its PDC
+                and attempt to change the password on a pre-existing account. </P
+><P
+>In order to be used in this way, the Administrator for 
+		the Windows NT Domain must have used the program "Server Manager 
+		for Domains" to add the primary NetBIOS name of  the Samba server 
+		as a member of the Domain. </P
+><P
+>After this has been done, to join the Domain invoke <B
+CLASS="COMMAND"
+>		smbpasswd</B
+> with this parameter. smbpasswd will then 
+		look up the Primary Domain Controller for the Domain (found in 
+		the <TT
+CLASS="FILENAME"
+>smb.conf</TT
+> file in the parameter 
+		<TT
 CLASS="PARAMETER"
 ><I
->-U username</I
+>password server</I
 ></TT
->
-		parameter for details on changing the password for a different 
-		username. </P
+> and change the machine account 
+		password used to create the secure Domain communication.  </P
 ><P
->Note that if changing a Windows NT Domain password the 
-		remote machine specified must be the Primary Domain Controller for 
-		the domain (Backup Domain Controllers only have a read-only
-		copy of the user account database and will not allow the password 
-		change).</P
+>Either way, this password is then stored by smbpasswd in a TDB, 
+                writeable only by root, called <TT
+CLASS="FILENAME"
+>secrets.tdb</TT
+> </P
 ><P
-><EM
->Note</EM
-> that Windows 95/98 do not have 
-		a real password database so it is not possible to change passwords 
-		specifying a Win95/98  machine as remote machine target. </P
+>Once this operation has been performed the <TT
+CLASS="FILENAME"
+>		smb.conf</TT
+> file may be updated to set the <B
+CLASS="COMMAND"
+>		security = domain</B
+> option and all future logins
+		to the Samba server will be authenticated to the Windows NT 
+		PDC. </P
+><P
+>Note that even though the authentication is being 
+		done to the PDC all users accessing the Samba server must still 
+		have a valid UNIX account on that machine.  
+                The <B
+CLASS="COMMAND"
+>winbindd(8)</B
+> daemon can be used
+                to create UNIX accounts for NT users.</P
 ></DD
 ><DT
 >-R name resolve order</DT
@@ -319,13 +587,13 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >lmhosts</TT
 > : Lookup an IP 
-            address in the Samba lmhosts file. If the line in lmhosts has 
-            no name type attached to the NetBIOS name (see the <A
+			address in the Samba lmhosts file. If the line in lmhosts has 
+			no name type attached to the NetBIOS name (see the <A
 HREF="lmhosts.5.html"
 TARGET="_top"
 >lmhosts(5)</A
 > for details) then
-            any name type matches for lookup.</P
+			any name type matches for lookup.</P
 ></LI
 ><LI
 ><P
@@ -333,19 +601,19 @@ TARGET="_top"
 CLASS="CONSTANT"
 >host</TT
 > : Do a standard host 
-            name to IP address resolution, using the system <TT
+			name to IP address resolution, using the system <TT
 CLASS="FILENAME"
 >/etc/hosts
-            </TT
+			</TT
 >, NIS, or DNS lookups. This method of name resolution 
-            is operating system depended for instance on IRIX or Solaris this 
-            may be controlled by the <TT
+			is operating system dependent. For instance, on IRIX or Solaris this 
+			may be controlled by the <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
 > 
-            file).  Note that this method is only used if the NetBIOS name 
-            type being queried is the 0x20 (server) name type, otherwise 
-            it is ignored.</P
+			file).  Note that this method is only used if the NetBIOS name 
+			type being queried is the 0x20 (server) name type, otherwise 
+			it is ignored.</P
 ></LI
 ><LI
 ><P
@@ -353,14 +621,14 @@ CLASS="FILENAME"
 CLASS="CONSTANT"
 >wins</TT
 > : Query a name with 
-            the IP address listed in the <TT
+			the IP address listed in the <TT
 CLASS="PARAMETER"
 ><I
 >wins server</I
 ></TT
 > 
-				parameter.  If no WINS server has been specified this method 
-				will be ignored.</P
+			parameter.  If no WINS server has been specified this method 
+			will be ignored.</P
 ></LI
 ><LI
 ><P
@@ -368,15 +636,15 @@ CLASS="PARAMETER"
 CLASS="CONSTANT"
 >bcast</TT
 > : Do a broadcast on 
-            each of the known local interfaces listed in the
-            <TT
+			each of the known local interfaces listed in the
+			<TT
 CLASS="PARAMETER"
 ><I
 >interfaces</I
 ></TT
 > parameter. This is the least 
-				reliable of the name resolution methods as it depends on the 
-				target host being on a locally connected subnet.</P
+			reliable of the name resolution methods as it depends on the 
+			target host being on a locally connected subnet.</P
 ></LI
 ></UL
 ><P
@@ -392,100 +660,6 @@ CLASS="FILENAME"
 		be attempted in this order. </P
 ></DD
 ><DT
->-m</DT
-><DD
-><P
->This option tells smbpasswd that the account 
-		being changed is a MACHINE account. Currently this is used 
-		when Samba is being used as an NT Primary Domain Controller.</P
-><P
->This option is only available when running smbpasswd as root. 	
-		</P
-></DD
-><DT
->-U username</DT
-><DD
-><P
->This option may only be used in conjunction 
-		with the <TT
-CLASS="PARAMETER"
-><I
->-r</I
-></TT
-> option. When changing
-		a password on a remote machine it allows the user to specify 
-		the user name on that machine whose password will be changed. It 
-		is present to allow users who have different user names on 
-		different systems to change these passwords. </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->This option prints the help string for <B
-CLASS="COMMAND"
->		smbpasswd</B
->, selecting the correct one for running as root 
-		or as an ordinary user. </P
-></DD
-><DT
->-s</DT
-><DD
-><P
->This option causes smbpasswd to be silent (i.e. 
-		not issue prompts) and to read its old and new passwords from 
-		standard  input, rather than from <TT
-CLASS="FILENAME"
->/dev/tty</TT
-> 
-		(like the <B
-CLASS="COMMAND"
->passwd(1)</B
-> program does). This option 
-		is to aid people writing scripts to drive smbpasswd</P
-></DD
-><DT
->-w password</DT
-><DD
-><P
->This parameter is only available is Samba
-		has been configured to use the experiemental
-		<B
-CLASS="COMMAND"
->--with-ldapsam</B
-> option. The <TT
-CLASS="PARAMETER"
-><I
->-w</I
-></TT
-> 
-		switch is used to specify the password to be used with the 
-		<A
-HREF="smb.conf.5.html#LDAPADMINDN"
-TARGET="_top"
-><TT
-CLASS="PARAMETER"
-><I
->ldap admin 
-		dn</I
-></TT
-></A
->.  Note that the password is stored in
-		the <TT
-CLASS="FILENAME"
->private/secrets.tdb</TT
-> and is keyed off 
-		of the admin's DN.  This means that if the value of <TT
-CLASS="PARAMETER"
-><I
->ldap
-		admin dn</I
-></TT
-> ever changes, the password will beed to be 
-		manually updated as well.
-		</P
-></DD
-><DT
 >username</DT
 ><DD
 ><P
@@ -497,13 +671,21 @@ CLASS="PARAMETER"
 		to modify attributes directly in the local smbpasswd file. 
 		</P
 ></DD
+><DT
+>password</DT
+><DD
+><P
+>This specifies the new password. If this parameter
+		is specified you will not be prompted for the new password.
+		</P
+></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN163"
+NAME="AEN213"
 ></A
 ><H2
 >NOTES</H2
@@ -546,18 +728,18 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN173"
+NAME="AEN223"
 ></A
 ><H2
 >VERSION</H2
 ><P
->This man page is correct for version 3.0 of 
+>This man page is correct for version 2.2 of 
 	the Samba suite.</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN176"
+NAME="AEN226"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -580,7 +762,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN182"
+NAME="AEN232"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html
index 386fe5bc7af..374a1423463 100644
--- a/docs/htmldocs/swat.8.html
+++ b/docs/htmldocs/swat.8.html
@@ -252,6 +252,64 @@ CLASS="REFSECT2"
 NAME="AEN78"
 ></A
 ><H3
+>Xinetd Installation</H3
+><P
+>Newer Linux systems ship with a more secure implementation
+		of the inetd meta-daemon.  The <B
+CLASS="COMMAND"
+>xinetd</B
+> daemon
+		can read configuration inf9ormation from a single file (i.e.
+		<TT
+CLASS="FILENAME"
+>/etc/xinetd.conf</TT
+>) or from a collection
+		of service control files in the <TT
+CLASS="FILENAME"
+>xinetd.d/</TT
+> directory.
+		These directions assume the latter configuration.
+		</P
+><P
+>		The following file should be created as <TT
+CLASS="FILENAME"
+>/etc/xientd.d/swat</TT
+>.
+		It is then be neccessary cause the meta-daemon to reload its configuration files.
+		Refer to the xinetd man page for details on how to accomplish this.
+		</P
+><P
+><TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="100%"
+><TR
+><TD
+><PRE
+CLASS="PROGRAMLISTING"
+>## /etc/xinetd.d/swat
+service swat
+{
+        port    = 901
+        socket_type     = stream
+        wait    = no
+        only_from = localhost
+        user    = root
+        server  = /usr/local/samba/bin/swat
+        log_on_failure  += USERID
+        disable =  No
+}</PRE
+></TD
+></TR
+></TABLE
+></P
+></DIV
+><DIV
+CLASS="REFSECT2"
+><A
+NAME="AEN88"
+></A
+><H3
 >Launching</H3
 ><P
 >To launch SWAT just run your favorite web browser and 
@@ -266,7 +324,24 @@ NAME="AEN78"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN82"
+NAME="AEN92"
+></A
+><H2
+>TROUBLESHOOTING</H2
+><P
+>	One of the common causes of difficulty when installing Samba and SWAT
+	is the existsnece of some type of firewall or port filtering software 
+	on the Samba server.  Make sure that the appropriate ports
+	outlined in this man page are available on the server and are not currently 
+	being blocked by some type of security software such as iptables or 
+	"port sentry".  For more troubleshooting information, refer to the additional 
+	documentation included in the Samba distribution.
+	</P
+></DIV
+><DIV
+CLASS="REFSECT1"
+><A
+NAME="AEN95"
 ></A
 ><H2
 >FILES</H2
@@ -288,6 +363,19 @@ CLASS="FILENAME"
 ><DT
 ><TT
 CLASS="FILENAME"
+>/etc/xinetd.d/swat</TT
+></DT
+><DD
+><P
+>This file must contain suitable startup 
+		information for the <B
+CLASS="COMMAND"
+>xinetd</B
+> meta-daemon.</P
+></DD
+><DT
+><TT
+CLASS="FILENAME"
 >/etc/services</TT
 ></DT
 ><DD
@@ -324,7 +412,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN103"
+NAME="AEN122"
 ></A
 ><H2
 >WARNINGS</H2
@@ -356,7 +444,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN111"
+NAME="AEN130"
 ></A
 ><H2
 >VERSION</H2
@@ -367,7 +455,7 @@ NAME="AEN111"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN114"
+NAME="AEN133"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -388,13 +476,16 @@ CLASS="COMMAND"
 HREF="smb.conf.5.html"
 TARGET="_top"
 >smb.conf(5)</A
+>, <B
+CLASS="COMMAND"
+>xinetd(8)</B
 >
 	</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN121"
+NAME="AEN141"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html
index bae907c687a..3ed7e6d8238 100644
--- a/docs/htmldocs/testparm.1.html
+++ b/docs/htmldocs/testparm.1.html
@@ -37,12 +37,12 @@ NAME="AEN8"
 ><B
 CLASS="COMMAND"
 >testparm</B
->  [-s] [-h] [-L &#60;servername&#62;] {config filename} [hostname  hostIP]</P
+>  [-s] [-h] [-x] [-L &#60;servername&#62;] {config filename} [hostname  hostIP]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN16"
+NAME="AEN17"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -95,7 +95,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN31"
+NAME="AEN32"
 ></A
 ><H2
 >OPTIONS</H2
@@ -122,6 +122,12 @@ CLASS="COMMAND"
 >Print usage message </P
 ></DD
 ><DT
+>-x</DT
+><DD
+><P
+>Print only parameters that have non-default values</P
+></DD
+><DT
 >-L servername</DT
 ><DD
 ><P
@@ -192,7 +198,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN66"
+NAME="AEN71"
 ></A
 ><H2
 >FILES</H2
@@ -221,7 +227,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN75"
+NAME="AEN80"
 ></A
 ><H2
 >DIAGNOSTICS</H2
@@ -235,7 +241,7 @@ NAME="AEN75"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN78"
+NAME="AEN83"
 ></A
 ><H2
 >VERSION</H2
@@ -246,7 +252,7 @@ NAME="AEN78"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN81"
+NAME="AEN86"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -272,7 +278,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN88"
+NAME="AEN93"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html
index 7d45b174ddb..bb18545c5b8 100644
--- a/docs/htmldocs/winbind.html
+++ b/docs/htmldocs/winbind.html
@@ -161,7 +161,7 @@ NAME="AEN27"
 		workstations into a NT based organization.</P
 ><P
 >Another interesting way in which we expect Winbind to 
-		be used is as a central part of UNIX based appliances. Appliances 
+		be used is as a central part of UNIX based appliances. Appliances
 		that provide file and print services to Microsoft based networks 
 		will be able to use Winbind to provide seamless integration of 
 		the appliance into the domain.</P
@@ -405,37 +405,29 @@ HREF="mailto:jtrostel@snapserver.com"
 TARGET="_top"
 >jtrostel@snapserver.com</A
 >
-for providing the HOWTO for this section.</P
-><P
->This HOWTO describes how to get winbind services up and running 
+for providing the original Linux version of this HOWTO which 
+describes how to get winbind services up and running 
 to control access and authenticate users on your Linux box using 
-the winbind services which come with SAMBA 2.2.2.</P
-><P
->There is also some Solaris specific information in 
-<TT
-CLASS="FILENAME"
->docs/textdocs/Solaris-Winbind-HOWTO.txt</TT
->.
-Future revisions of this document will incorporate that
-information.</P
+the winbind services which are included with the SAMBA 2.2.2 and later
+releases.</P
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN78"
+NAME="AEN75"
 >Introduction</A
 ></H2
 ><P
 >This HOWTO describes the procedures used to get winbind up and 
-running on my RedHat 7.1 system.  Winbind is capable of providing access 
-and authentication control for Windows Domain users through an NT 
-or Win2K PDC for 'regular' services, such as telnet a nd ftp, as
-well for SAMBA services.</P
+running on a RedHat 7.1 system.  Winbind is capable of providing access
+and authentication control for Windows Domain users through an NT
+or Win2K PDC for 'regular' services, such as telnet and ftp, as
+well providing dynamic uid/gid allocation for Samba.</P
 ><P
->This HOWTO has been written from a 'RedHat-centric' perspective, so if 
-you are using another distribution, you may have to modify the instructions 
-somewhat to fit the way your distribution works.</P
+>This HOWTO has been written from a 'RedHat-centric' perspective, so if
+you are using another distribution (or operating system), you may have
+to modify the instructions somewhat to fit the way your distribution works.</P
 ><P
 ></P
 ><UL
@@ -447,9 +439,9 @@ CLASS="EMPHASIS"
 >
 	</P
 ><P
->This allows the SAMBA administrator to rely on the 
-	authentication mechanisms on the NT/Win2K PDC for the authentication 
-	of domain members.  NT/Win2K users no longer need to have separate 
+>This allows the SAMBA administrator to rely on the
+	authentication mechanisms on the NT/Win2K PDC for the authentication
+	of domain members.  NT/Win2K users no longer need to have separate
 	accounts on the SAMBA server.
 	</P
 ></LI
@@ -461,12 +453,10 @@ CLASS="EMPHASIS"
 >
 	</P
 ><P
->	This HOWTO is designed for system administrators.  If you are 
-	implementing SAMBA on a file server and wish to (fairly easily) 
+>	This HOWTO is designed for system administrators.  If you are
+	implementing SAMBA on a file server and wish to (fairly easily)
 	integrate existing NT/Win2K users from your PDC onto the
-	SAMBA server, this HOWTO is for you.  That said, I am no NT or PAM 
-	expert, so you may find a better or easier way to accomplish 
-	these tasks.
+	SAMBA server, this HOWTO is for you.
 	</P
 ></LI
 ></UL
@@ -476,119 +466,130 @@ CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN91"
+NAME="AEN88"
 >Requirements</A
 ></H2
 ><P
->If you have a samba configuration file that you are currently 
+>If you have a samba configuration file that you are currently
 using... <I
 CLASS="EMPHASIS"
 >BACK IT UP!</I
->  If your system already uses PAM, 
+>  If your system already uses PAM,
 <I
 CLASS="EMPHASIS"
 >back up the <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
-> directory 
-contents!</I
-> If you haven't already made a boot disk, 
+> (or <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+>)
+directory contents!</I
+> If you haven't already made a boot disk,
 <I
 CLASS="EMPHASIS"
 >MAKE ONE NOW!</I
 ></P
 ><P
->Messing with the pam configuration files can make it nearly impossible 
-to log in to yourmachine. That's why you want to be able to boot back 
-into your machine in single user mode and restore your 
+>Messing with the pam configuration files can make it nearly impossible
+to log in to your machine. That's why you want to be able to boot back
+into your machine in single user mode and restore your
 <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
-> back to the original state they were in if 
-you get frustrated with the way things are going.  ;-)</P
+> (or <TT
+CLASS="FILENAME"
+>pam.conmf</TT
+>) back to
+the original state they were in if
+you get frustrated with the way things are going.</P
 ><P
->The latest version of SAMBA (version 2.2.2 as of this writing), now 
-includes a functioning winbindd daemon.  Please refer to the 
+>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2.  Please refer to the
 <A
 HREF="http://samba.org/"
 TARGET="_top"
 >main SAMBA web page</A
-> or, 
-better yet, your closest SAMBA mirror site for instructions on 
-downloading the source code.</P
+> or,
+better yet, your closest SAMBA mirror site for instructions on
+downloading the source code.  it is generally advised to obtain the lates
+Samba release as bugs are constantly being fixed.</P
 ><P
->To allow Domain users the ability to access SAMBA shares and 
-files, as well as potentially other services provided by your 
+>To allow Domain users the ability to access SAMBA shares and
+files, as well as potentially other services provided by your
 SAMBA machine, PAM (pluggable authentication modules) must
-be setup properly on your machine.  In order to compile the 
-winbind modules, you should have at least the pam libraries resident 
-on your system.  For recent RedHat systems (7.1, for instance), that 
-means <TT
+be setup properly on your machine.  In order to compile the
+winbind modules, you must have at the PAM libraries and header files resident
+on your system.  For recent RedHat systems (7.x, for instance), that
+means installing both <TT
 CLASS="FILENAME"
->pam-0.74-22</TT
->.  For best results, it is helpful to also
-install the development packages in <TT
+>pam</TT
+> and <TT
 CLASS="FILENAME"
->pam-devel-0.74-22</TT
->.</P
+>pam-devel</TT
+> RPM.
+The former is installed by default on all Linux systems of which the author is aware.</P
 ></DIV
 ><DIV
 CLASS="SECT2"
 ><HR><H2
 CLASS="SECT2"
 ><A
-NAME="AEN105"
+NAME="AEN104"
 >Testing Things Out</A
 ></H2
 ><P
->Before starting, it is probably best to kill off all the SAMBA 
-related daemons running on your server.  Kill off all <B
+>Before starting, kill off all the SAMBA related daemons running on your server.  Kill off
+all <B
 CLASS="COMMAND"
 >smbd</B
->, 
-<B
+>, <B
 CLASS="COMMAND"
 >nmbd</B
 >, and <B
 CLASS="COMMAND"
 >winbindd</B
-> processes that may 
-be running.  To use PAM, you will want to make sure that you have the 
-standard PAM package (for RedHat) which supplies the <TT
+> processes that may
+be running (<B
+CLASS="COMMAND"
+>winbindd</B
+> will only be running if you have ao previous Winbind
+installation...but why would you be reading tis if that were the case?).  To use PAM, you will
+want to make sure that you have the standard PAM package (for RedHat) which supplies the <TT
 CLASS="FILENAME"
 >/etc/pam.d</TT
-> 
-directory structure, including the pam modules are used by pam-aware 
+>
+directory structure, including the pam modules are used by pam-aware
 services, several pam libraries, and the <TT
 CLASS="FILENAME"
 >/usr/doc</TT
-> 
+>
 and <TT
 CLASS="FILENAME"
 >/usr/man</TT
-> entries for pam.  Winbind built better 
-in SAMBA if the pam-devel package was also installed.  This package includes 
-the header files needed to compile pam-aware applications. For instance, 
-my RedHat system has both <TT
-CLASS="FILENAME"
->pam-0.74-22</TT
-> and
-<TT
+> entries for pam.  Samba will require
+the pam-devel package if you plan to build the <TT
 CLASS="FILENAME"
->pam-devel-0.74-22</TT
-> RPMs installed.</P
+>pam_winbind.so</TT
+> library or
+include the <B
+CLASS="COMMAND"
+>--with-pam</B
+> option to the configure script.
+This package includes the header files needed to compile pam-aware applications.</P
+><P
+>[I have no idea which Solaris packages are quired for PAM libraries and
+development files.  If you know, please mail me the information and I will include
+it in the next revision of this HOWTO.  --jerry@samba.org]</P
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN116"
->Configure and compile SAMBA</A
+NAME="AEN117"
+>Configure and Compile SAMBA</A
 ></H3
 ><P
->The configuration and compilation of SAMBA is pretty straightforward.
-The first three steps may not be necessary depending upon
-whether or not you have previously built the Samba binaries.</P
+>The configuration and compilation of SAMBA is straightforward.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
@@ -597,27 +598,6 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->autoconf</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->make clean</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->rm config.cache</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
 >./configure --with-winbind</B
 >
 <TT
@@ -641,136 +621,106 @@ CLASS="FILENAME"
 >/usr/local/samba</TT
 >.
 See the main SAMBA documentation if you want to install SAMBA somewhere else.
-It will also build the winbindd executable and libraries. </P
+It will also build the winbindd executable and NSS library.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN135"
+NAME="AEN130"
 >Configure <TT
 CLASS="FILENAME"
 >nsswitch.conf</TT
-> and the 
+> and the
 winbind libraries</A
 ></H3
 ><P
 >The libraries needed to run the <B
 CLASS="COMMAND"
 >winbindd</B
-> daemon 
-through nsswitch need to be copied to their proper locations, so</P
+> daemon
+through nsswitch need to be copied to their proper locations.</P
 ><P
 ><TT
 CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->cp ../samba/source/nsswitch/libnss_winbind.so /lib</B
-></P
-><P
->I also found it necessary to make the following symbolic link:</P
-><P
-><TT
+>cp nsswitch/libnss_winbind.so /lib</B
+>
+<TT
 CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
+>chmod 755 /lib/libnss_winbind.so</B
 ></P
 ><P
->And, in the case of Sun solaris:</P
+>It necessary to make the following symbolic link:</P
 ><P
 ><TT
 CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1</B
->
-<TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1</B
->
+>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B
+></P
+><P
+>The <TT
+CLASS="FILENAME"
+>.2</TT
+> extension is due to the version of glibc used on your Linux host.
+for most modern systems, the file extension is correct.  However, some other operating systems,
+Solaris 7/8 being the most common, the destination filename should be replaced with
 <TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2</B
+CLASS="FILENAME"
+>/lib/nss_winbind.so.1</TT
 ></P
 ><P
->Now, as root you need to edit <TT
+>Now, as root edit <TT
 CLASS="FILENAME"
 >/etc/nsswitch.conf</TT
-> to 
+> to
 allow user and group entries to be visible from the <B
 CLASS="COMMAND"
 >winbindd</B
-> 
-daemon.  My <TT
-CLASS="FILENAME"
->/etc/nsswitch.conf</TT
-> file look like 
-this after editing:</P
+>
+daemon.  After editing, the file look appear:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
 >	passwd:     files winbind
-	shadow:     files 
+	shadow:     files
 	group:      files winbind</PRE
 ></P
-><P
->	
-The libraries needed by the winbind daemon will be automatically 
-entered into the <B
-CLASS="COMMAND"
->ldconfig</B
-> cache the next time 
-your system reboots, but it 
-is faster (and you don't need to reboot) if you do it manually:</P
-><P
-><TT
-CLASS="PROMPT"
->root#</TT
-> <B
-CLASS="COMMAND"
->/sbin/ldconfig -v | grep winbind</B
-></P
-><P
->This makes <TT
-CLASS="FILENAME"
->libnss_winbind</TT
-> available to winbindd 
-and echos back a check to you.</P
 ></DIV
 ><DIV
 CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN168"
->Configure smb.conf</A
+NAME="AEN152"
+>Configure <TT
+CLASS="FILENAME"
+>smb.conf</TT
+></A
 ></H3
 ><P
->Several parameters are needed in the smb.conf file to control 
+>Several parameters are needed in the smb.conf file to control
 the behavior of <B
 CLASS="COMMAND"
 >winbindd</B
->. Configure 
+>. Configure
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> These are described in more detail in 
+> These are described in more detail in
 the <A
 HREF="winbindd.8.html"
 TARGET="_top"
 >winbindd(8)</A
-> man page.  My 
+> man page.  My
 <TT
 CLASS="FILENAME"
 >smb.conf</TT
@@ -800,6 +750,8 @@ TARGET="_top"
 >winbind gid</A
 > = 10000-20000
      # allow enumeration of winbind users and groups
+     # might need to disable these next two for performance
+     # reasons on the winbindd host
      <A
 HREF="winbindd.8.html#WINBINDENUMUSERS"
 TARGET="_top"
@@ -810,7 +762,7 @@ HREF="winbindd.8.html#WINBINDENUMGROUP"
 TARGET="_top"
 >winbind enum groups</A
 > = yes
-     # give winbind users a real shell (only needed if they have telnet access)
+     # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)
      <A
 HREF="winbindd.8.html#TEMPLATEHOMEDIR"
 TARGET="_top"
@@ -828,23 +780,23 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN184"
+NAME="AEN169"
 >Join the SAMBA server to the PDC domain</A
 ></H3
 ><P
->Enter the following command to make the SAMBA server join the 
+>Enter the following command to make the SAMBA server join the
 PDC domain, where <TT
 CLASS="REPLACEABLE"
 ><I
 >DOMAIN</I
 ></TT
-> is the name of 
+> is the name of
 your Windows domain and <TT
 CLASS="REPLACEABLE"
 ><I
 >Administrator</I
 ></TT
-> is 
+> is
 a domain user who has administrative privileges in the domain.</P
 ><P
 ><TT
@@ -852,10 +804,10 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/net rpc join -s PDC -U Administrator</B
+>/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B
 ></P
 ><P
->The proper response to the command should be: "Joined the domain 
+>The proper response to the command should be: "Joined the domain
 <TT
 CLASS="REPLACEABLE"
 ><I
@@ -866,7 +818,7 @@ CLASS="REPLACEABLE"
 ><I
 >DOMAIN</I
 ></TT
-> 
+>
 is your DOMAIN name.</P
 ></DIV
 ><DIV
@@ -874,14 +826,14 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN195"
+NAME="AEN180"
 >Start up the winbindd daemon and test it!</A
 ></H3
 ><P
->Eventually, you will want to modify your smb startup script to 
-automatically invoke the winbindd daemon when the other parts of 
+>Eventually, you will want to modify your smb startup script to
+automatically invoke the winbindd daemon when the other parts of
 SAMBA start, but it is possible to test out just the winbind
-portion first.  To start up winbind services, enter the following 
+portion first.  To start up winbind services, enter the following
 command as root:</P
 ><P
 ><TT
@@ -889,10 +841,17 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/winbindd</B
+>export PATH=$PATH:/usr/local/samba/bin</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>winbindd</B
 ></P
 ><P
->I'm always paranoid and like to make sure the daemon 
+>I'm always paranoid and like to make sure the daemon
 is really running...</P
 ><P
 ><TT
@@ -907,7 +866,13 @@ CLASS="COMMAND"
 ><P
 >3025 ?        00:00:00 winbindd</P
 ><P
->Now... for the real test, try to get some information about the 
+>Note that a sample RedHat init script for starting winbindd is included in
+the SAMBA sourse distribution as <TT
+CLASS="FILENAME"
+>packaging/RedHat/winbind.init</TT
+>.</P
+><P
+>Now... for the real test, try to get some information about the
 users on your PDC</P
 ><P
 ><TT
@@ -915,11 +880,10 @@ CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->/usr/local/samba/bin/wbinfo -u</B
+>wbinfo -u</B
 ></P
 ><P
->	
-This should echo back a list of users on your Windows users on 
+>This should echo back a list of users on your Windows users on
 your PDC.  For example, I get the following response:</P
 ><P
 ><PRE
@@ -940,7 +904,7 @@ separator</I
 ></TT
 > is '+'.</P
 ><P
->You can do the same sort of thing to get group information from 
+>You can do the same sort of thing to get group information from
 the PDC:</P
 ><P
 ><PRE
@@ -963,7 +927,7 @@ CEO+Enterprise Admins
 CEO+Group Policy Creator Owners</PRE
 ></P
 ><P
->The function 'getent' can now be used to get unified 
+>The function 'getent' can now be used to get unified
 lists of both local and PDC users and groups.
 Try the following command:</P
 ><P
@@ -978,9 +942,13 @@ CLASS="COMMAND"
 >You should get a list that looks like your <TT
 CLASS="FILENAME"
 >/etc/passwd</TT
-> 
-list followed by the domain users with their new uids, gids, home 
-directories and default shells.</P
+>
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are <TT
+CLASS="FILENAME"
+>rwxr-xr-x</TT
+>.</P
 ><P
 >The same thing can be done for groups with the command</P
 ><P
@@ -997,219 +965,32 @@ CLASS="SECT3"
 ><HR><H3
 CLASS="SECT3"
 ><A
-NAME="AEN231"
->Fix the init.d startup scripts</A
+NAME="AEN221"
+>Configure Winbind and PAM</A
 ></H3
-><DIV
-CLASS="SECT4"
-><H4
-CLASS="SECT4"
-><A
-NAME="AEN233"
->Linux</A
-></H4
 ><P
->The <B
+>At this point we are assured that <B
 CLASS="COMMAND"
 >winbindd</B
-> daemon needs to start up after the 
-<B
-CLASS="COMMAND"
->smbd</B
 > and <B
 CLASS="COMMAND"
->nmbd</B
-> daemons are running.  
-To accomplish this task, you need to modify the startup scripts of your system. They are located at <TT
-CLASS="FILENAME"
->/etc/init.d/smb</TT
-> in RedHat and 
-<TT
-CLASS="FILENAME"
->/etc/init.d/samba</TT
-> in Debian.
-script to add commands to invoke this daemon in the proper sequence.  My 
-startup script starts up <B
-CLASS="COMMAND"
 >smbd</B
->, 
-<B
-CLASS="COMMAND"
->nmbd</B
->, and <B
-CLASS="COMMAND"
->winbindd</B
-> from the 
-<TT
-CLASS="FILENAME"
->/usr/local/samba/bin</TT
-> directory directly.  The 'start' 
-function in the script looks like this:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->start() {
-        KIND="SMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/winbindd
-        RETVAL3=$?
-        echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; touch /var/lock/subsys/smb || \
-           RETVAL=1
-        return $RETVAL
-}</PRE
-></P
-><P
->The 'stop' function has a corresponding entry to shut down the 
-services and look s like this:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->stop() {
-        KIND="SMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc smbd
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc nmbd
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Shutting down $KIND services: "
-        killproc winbindd
-        RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] &#38;&#38; rm -f /var/lock/subsys/smb
-        echo ""
-        return $RETVAL
-}</PRE
-></P
-></DIV
-><DIV
-CLASS="SECT4"
-><HR><H4
-CLASS="SECT4"
-><A
-NAME="AEN250"
->Solaris</A
-></H4
-><P
->On solaris, you need to modify the 
+>
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
 <TT
 CLASS="FILENAME"
->/etc/init.d/samba.server</TT
-> startup script. It usually 
-only starts smbd and nmbd but should now start winbindd too. If you 
-have samba installed in <TT
+>/etc/pam.d</TT
+> (or <TT
 CLASS="FILENAME"
->/usr/local/samba/bin</TT
->, 
-the file could contains something like this:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->##
-## samba.server
-##
-
-if [ ! -d /usr/bin ]
-then                    # /usr not mounted
-        exit
-fi
-
-killproc() {            # kill the named process(es)
-        pid=`/usr/bin/ps -e |
-             /usr/bin/grep -w $1 |
-             /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
-        [ "$pid" != "" ] &#38;&#38; kill $pid
-}
- 
-# Start/stop processes required for samba server
-
-case "$1" in
-
-'start')
-#
-# Edit these lines to suit your installation (paths, workgroup, host)
-#
-echo Starting SMBD
-   /usr/local/samba/bin/smbd -D -s \
-	/usr/local/samba/smb.conf
-
-echo Starting NMBD
-   /usr/local/samba/bin/nmbd -D -l \
-	/usr/local/samba/var/log -s /usr/local/samba/smb.conf
-
-echo Starting Winbind Daemon
-   /usr/local/samba/bin/winbindd
-   ;;
-
-'stop')
-   killproc nmbd
-   killproc smbd
-   killproc winbindd
-   ;;
-
-*)
-   echo "Usage: /etc/init.d/samba.server { start | stop }"
-   ;;
-esac</PRE
-></P
-></DIV
-><DIV
-CLASS="SECT4"
-><HR><H4
-CLASS="SECT4"
-><A
-NAME="AEN257"
->Restarting</A
-></H4
+>/etc/pam.conf</TT
+>) file[s]? If not, do it now.)</P
 ><P
->If you restart the <B
-CLASS="COMMAND"
->smbd</B
->, <B
-CLASS="COMMAND"
->nmbd</B
->, 
-and <B
+>You will need a PAM module to use <B
 CLASS="COMMAND"
 >winbindd</B
-> daemons at this point, you
-should be able to connect to the samba server as a domain member just as
-if you were a local user.</P
-></DIV
-></DIV
-><DIV
-CLASS="SECT3"
-><HR><H3
-CLASS="SECT3"
-><A
-NAME="AEN263"
->Configure Winbind and PAM</A
-></H3
-><P
->If you have made it this far, you know that winbindd and samba are working
-together.  If you want to use winbind to provide authentication for other 
-services, keep reading.  The pam configuration files need to be altered in
-this step.  (Did you remember to make backups of your original 
-<TT
-CLASS="FILENAME"
->/etc/pam.d</TT
-> files? If not, do it now.)</P
-><P
->You will need a pam module to use winbindd with these other services.  This 
+> with these other services.  This
 module will be compiled in the <TT
 CLASS="FILENAME"
 >../source/nsswitch</TT
@@ -1232,64 +1013,47 @@ CLASS="FILENAME"
 CLASS="FILENAME"
 >pam_winbind.so</TT
 > file should be copied to the location of
-your other pam security modules.  On my RedHat system, this was the
+your other pam security modules.  On Linux and Solaris systems, this is the
 <TT
 CLASS="FILENAME"
 >/lib/security</TT
-> directory. On Solaris, the pam security 
-modules reside in <TT
-CLASS="FILENAME"
->/usr/lib/security</TT
->.</P
+> directory.</P
 ><P
 ><TT
 CLASS="PROMPT"
 >root#</TT
 > <B
 CLASS="COMMAND"
->cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B
-></P
-><DIV
-CLASS="SECT4"
-><HR><H4
-CLASS="SECT4"
-><A
-NAME="AEN280"
->Linux/FreeBSD-specific PAM configuration</A
-></H4
-><P
->The <TT
-CLASS="FILENAME"
->/etc/pam.d/samba</TT
-> file does not need to be changed. I 
-just left this fileas it was:</P
-><P
-><PRE
-CLASS="PROGRAMLISTING"
->auth    required        /lib/security/pam_stack.so service=system-auth
-account required        /lib/security/pam_stack.so service=system-auth</PRE
+>cp nsswitch/pam_winbind.so /lib/security</B
+>
+<TT
+CLASS="PROMPT"
+>root#</TT
+> <B
+CLASS="COMMAND"
+>chmod 755 /lib/security/pam_winbind.so</B
 ></P
 ><P
->The other services that I modified to allow the use of winbind 
-as an authentication service were the normal login on the console (or a terminal 
-session), telnet logins, and ftp service.  In order to enable these 
-services, you may first need to change the entries in 
+>Other services, such as the normal login on the console (or a terminal
+session), telnet logins, and ftp service, can be modified to allow the use of winbind
+as an authentication service.  In order to enable these
+services, you may first need to change the entries in
 <TT
 CLASS="FILENAME"
 >/etc/xinetd.d</TT
 > (or <TT
 CLASS="FILENAME"
 >/etc/inetd.conf</TT
->).  
-RedHat 7.1 uses the new xinetd.d structure, in this case you need 
+>).
+RedHat 7.1 uses the new xinetd.d structure, in this case you need
 to change the lines in <TT
 CLASS="FILENAME"
 >/etc/xinetd.d/telnet</TT
-> 
+>
 and <TT
 CLASS="FILENAME"
 >/etc/xinetd.d/wu-ftp</TT
-> from </P
+> from</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
@@ -1303,15 +1067,14 @@ CLASS="PROGRAMLISTING"
 >enable = yes</PRE
 ></P
 ><P
->	
-For ftp services to work properly, you will also need to either 
-have individual directories for the domain users already present on 
+>For ftp services to work properly, you will also need to either
+have individual directories for the domain users already present on
 the server, or change the home directory template to a general
-directory for all domain users.  These can be easily set using 
+directory for all domain users.  These can be easily set using
 the <TT
 CLASS="FILENAME"
 >smb.conf</TT
-> global entry 
+> global entry
 <B
 CLASS="COMMAND"
 >template homedir</B
@@ -1320,12 +1083,12 @@ CLASS="COMMAND"
 >The <TT
 CLASS="FILENAME"
 >/etc/pam.d/ftp</TT
-> file can be changed 
+> file can be changed
 to allow winbind ftp access in a manner similar to the
 samba file.  My <TT
 CLASS="FILENAME"
 >/etc/pam.d/ftp</TT
-> file was 
+> file was
 changed to look like this:</P
 ><P
 ><PRE
@@ -1342,7 +1105,7 @@ session    required     /lib/security/pam_stack.so service=system-auth</PRE
 >The <TT
 CLASS="FILENAME"
 >/etc/pam.d/login</TT
-> file can be changed nearly the 
+> file can be changed nearly the
 same way.  It now looks like this:</P
 ><P
 ><PRE
@@ -1362,12 +1125,12 @@ session    optional     /lib/security/pam_console.so</PRE
 >In this case, I added the <B
 CLASS="COMMAND"
 >auth sufficient /lib/security/pam_winbind.so</B
-> 
+>
 lines as before, but also added the <B
 CLASS="COMMAND"
 >required pam_securetty.so</B
-> 
-above it, to disallow root logins over the network.  I also added a 
+>
+above it, to disallow root logins over the network.  I also added a
 <B
 CLASS="COMMAND"
 >sufficient /lib/security/pam_unix.so use_first_pass</B
@@ -1375,93 +1138,23 @@ CLASS="COMMAND"
 line after the <B
 CLASS="COMMAND"
 >winbind.so</B
-> line to get rid of annoying 
+> line to get rid of annoying
 double prompts for passwords.</P
-></DIV
-><DIV
-CLASS="SECT4"
-><HR><H4
-CLASS="SECT4"
-><A
-NAME="AEN313"
->Solaris-specific configuration</A
-></H4
 ><P
->The /etc/pam.conf needs to be changed. I changed this file so that my Domain
-users can logon both locally as well as telnet.The following are the changes
-that I made.You can customize the pam.conf file as per your requirements,but
-be sure of those changes because in the worst case it will leave your system
-nearly impossible to boot.</P
+>Note that a Solaris <TT
+CLASS="FILENAME"
+>/etc/pam.conf</TT
+> confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->#
-#ident	"@(#)pam.conf	1.14	99/09/16 SMI"
-#
-# Copyright (c) 1996-1999, Sun Microsystems, Inc.
-# All Rights Reserved.
-#
-# PAM configuration
-#
-# Authentication management
-#
-login   auth required   /usr/lib/security/pam_winbind.so
-login	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass 
-login	auth required 	/usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass 
-#
-rlogin  auth sufficient /usr/lib/security/pam_winbind.so
-rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
-rlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-dtlogin auth sufficient /usr/lib/security/pam_winbind.so
-dtlogin	auth required 	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-rsh	auth required	/usr/lib/security/$ISA/pam_rhosts_auth.so.1
-other   auth sufficient /usr/lib/security/pam_winbind.so
-other	auth required	/usr/lib/security/$ISA/pam_unix.so.1 try_first_pass
-#
-# Account management
-#
-login   account sufficient      /usr/lib/security/pam_winbind.so
-login	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-login	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-dtlogin account sufficient      /usr/lib/security/pam_winbind.so
-dtlogin	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-dtlogin	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-other   account sufficient      /usr/lib/security/pam_winbind.so
-other	account requisite	/usr/lib/security/$ISA/pam_roles.so.1 
-other	account required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-# Session management
-#
-other	session required	/usr/lib/security/$ISA/pam_unix.so.1 
-#
-# Password management
-#
-#other   password sufficient     /usr/lib/security/pam_winbind.so
-other	password required	/usr/lib/security/$ISA/pam_unix.so.1 
-dtsession auth required	/usr/lib/security/$ISA/pam_unix.so.1
-#
-# Support for Kerberos V5 authentication (uncomment to use Kerberos)
-#
-#rlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#login	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#other	auth optional	/usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
-#dtlogin	account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	account optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	session optional /usr/lib/security/$ISA/pam_krb5.so.1
-#other	password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass</PRE
+>## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass</PRE
 ></P
-><P
->I also added a try_first_pass line after the winbind.so line to get rid of
-annoying double prompts for passwords.</P
-><P
->Now restart your Samba &#38; try connecting through your application that you
-configured in the pam.conf.</P
-></DIV
 ></DIV
 ></DIV
 ></DIV
@@ -1470,38 +1163,28 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN320"
+NAME="AEN274"
 >Limitations</A
 ></H1
 ><P
->Winbind has a number of limitations in its current 
-	released version that we hope to overcome in future 
+>Winbind has a number of limitations in its current
+	released version that we hope to overcome in future
 	releases:</P
 ><P
 ></P
 ><UL
 ><LI
 ><P
->Winbind is currently only available for 
-		the Linux operating system, although ports to other operating 
-		systems are certainly possible. For such ports to be feasible, 
-		we require the C library of the target operating system to 
-		support the Name Service Switch and Pluggable Authentication
-		Modules systems. This is becoming more common as NSS and 
-		PAM gain	support among UNIX vendors.</P
-></LI
-><LI
-><P
->The mappings of Windows NT RIDs to UNIX ids 
-		is not made algorithmically and depends on the order in which 
-		unmapped users or groups are seen by winbind. It may be difficult 
-		to recover the mappings of rid to UNIX id mapping if the file 
+>The mappings of Windows NT RIDs to UNIX ids
+		is not made algorithmically and depends on the order in which
+		unmapped users or groups are seen by winbind. It may be difficult
+		to recover the mappings of rid to UNIX id mapping if the file
 		containing this information is corrupted or destroyed.</P
 ></LI
 ><LI
 ><P
->Currently the winbind PAM module does not take 
-		into account possible workstation and logon time restrictions 
+>Currently the winbind PAM module does not take
+		into account possible workstation and logon time restrictions
 		that may be been set for Windows NT users.</P
 ></LI
 ></UL
@@ -1511,7 +1194,7 @@ CLASS="SECT1"
 ><HR><H1
 CLASS="SECT1"
 ><A
-NAME="AEN330"
+NAME="AEN282"
 >Conclusion</A
 ></H1
 ><P
diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html
index 1ecb08cdb4a..5d76dae2fdc 100644
--- a/docs/htmldocs/winbindd.8.html
+++ b/docs/htmldocs/winbindd.8.html
@@ -529,37 +529,13 @@ CLASS="COMMAND"
 >
 		</P
 ></DD
-><DT
->winbind use default domain</DT
-><DD
-><P
->This parameter specifies whether the <B
-CLASS="COMMAND"
->winbindd</B
->
-		daemon should operate on users without domain component in their username.  
-                Users without a domain component are treated as is part of the winbindd server's 
-                own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
-                function in a way much closer to the way they would in a native unix system.</P
-><P
->Default: <B
-CLASS="COMMAND"
->winbind use default domain = &#60;falseg&#62; 
-		</B
-></P
-><P
->Example: <B
-CLASS="COMMAND"
->winbind use default domain = true</B
-></P
-></DD
 ></DL
 ></DIV
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN167"
+NAME="AEN158"
 ></A
 ><H2
 >EXAMPLE SETUP</H2
@@ -737,7 +713,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN206"
+NAME="AEN197"
 ></A
 ><H2
 >NOTES</H2
@@ -795,7 +771,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN222"
+NAME="AEN213"
 ></A
 ><H2
 >SIGNALS</H2
@@ -846,7 +822,7 @@ CLASS="COMMAND"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN239"
+NAME="AEN230"
 ></A
 ><H2
 >FILES</H2
@@ -922,7 +898,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN268"
+NAME="AEN259"
 ></A
 ><H2
 >VERSION</H2
@@ -933,7 +909,7 @@ NAME="AEN268"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN271"
+NAME="AEN262"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -961,7 +937,7 @@ TARGET="_top"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN278"
+NAME="AEN269"
 ></A
 ><H2
 >AUTHOR</H2
diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1
index c10076fd5c5..72cc193c3de 100644
--- a/docs/manpages/findsmb.1
+++ b/docs/manpages/findsmb.1
@@ -1,28 +1,27 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "FINDSMB" "1" "20 augustus 2002" "" ""
+.TH "FINDSMB" "1" "28 August 2002" "" ""
 .SH NAME
 findsmb \- list info about machines that respond to SMB  name queries on a subnet
 .SH SYNOPSIS
-
-\fBfindsmb\fR [ \fBsubnet broadcast address\fR ]
-
+.sp
+\fBfindsmb\fR [ \fBsubnet broadcast address\fR ] 
 .SH "DESCRIPTION"
 .PP
-This perl script is part of the  Samba <URL:samba.7.html> suite.
+This perl script is part of the  Samba suite.
 .PP
 \fBfindsmb\fR is a perl script that
 prints out several pieces of information about machines 
-on a subnet that respond to SMB  name query requests.
-It uses \fB nmblookup(1)\fR <URL:nmblookup.1.html> and  \fBsmbclient(1)\fR <URL:smbclient.1.html> to obtain this information.
+on a subnet that respond to SMB name query requests.
+It uses \fB nmblookup(1)\fR to obtain this information.
 .SH "OPTIONS"
 .TP
 \fBsubnet broadcast address\fR
 Without this option, \fBfindsmb
-\fR will probe the subnet of the machine where 
+\fRwill probe the subnet of the machine where 
 \fBfindsmb\fR is run. This value is passed 
 to \fBnmblookup\fR as part of the 
 -B option
@@ -41,16 +40,16 @@ Machines that are running Windows, Windows 95 or Windows 98 will
 not show any information about the operating system or server 
 version.
 .PP
-The command must be run on a system without \fBnmbd\fR <URL:nmbd.8.html> running. 
+The command must be run on a system without \fBnmbd\fR running. 
 If \fBnmbd\fR is running on the system, you will 
-only  get the IP address and the DNS name of the machine. To 
-get proper responses  from Windows 95 and Windows 98 machines, 
+only get the IP address and the DNS name of the machine. To 
+get proper responses from Windows 95 and Windows 98 machines, 
 the command must be run as root. 
 .PP
 For example running \fBfindsmb\fR on a machine 
 without \fBnmbd\fR running would yield output similar
 to the following
-
+.sp
 .nf
 IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
 --------------------------------------------------------------------- 
@@ -65,6 +64,7 @@ IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION
 192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
 192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
 	
+.sp
 .fi
 .SH "VERSION"
 .PP
@@ -72,9 +72,9 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR <URL:nmbd.8.html>, 
+\fBnmbd(8)\fR 
 \fBsmbclient(1)
-\fR <URL:smbclient.1.html>, and  \fBnmblookup(1)\fR <URL:nmblookup.1.html>
+\fR and  \fBnmblookup(1)\fR
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -86,5 +86,5 @@ The original Samba man pages were written by Karl Auer.
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
+release by Jeremy Allison. The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5
index ed3a81251b6..93b56b00db7 100644
--- a/docs/manpages/lmhosts.5
+++ b/docs/manpages/lmhosts.5
@@ -3,15 +3,15 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "LMHOSTS" "5" "28 January 2002" "" ""
+.TH "LMHOSTS" "5" "28 August 2002" "" ""
 .SH NAME
 lmhosts \- The Samba NetBIOS hosts file
 .SH SYNOPSIS
 .PP
-\fIlmhosts\fR is the  SambaNetBIOS name to IP address mapping file.
+\fIlmhosts\fR is the  Samba NetBIOS name to IP address mapping file.
 .SH "DESCRIPTION"
 .PP
-This file is part of the  Sambasuite.
+This file is part of the  Samba suite.
 .PP
 \fIlmhosts\fR is the \fBSamba
 \fRNetBIOS name to IP address mapping file. It 
@@ -67,7 +67,7 @@ be resolved.
 .PP
 The default location of the \fIlmhosts\fR file 
 is in the same directory as the  
-smb.conf(5)>file.
+smb.conf(5)> file.
 .PP
 .SH "VERSION"
 .PP
@@ -76,7 +76,7 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fBsmbclient(1)
-\fR
+\fR and \fB smbpasswd(8)\fR
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1
index 915f0fc44bb..04c43673fad 100644
--- a/docs/manpages/make_smbcodepage.1
+++ b/docs/manpages/make_smbcodepage.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "MAKE_SMBCODEPAGE" "1" "28 January 2002" "" ""
+.TH "MAKE_SMBCODEPAGE" "1" "28 August 2002" "" ""
 .SH NAME
 make_smbcodepage \- construct a codepage file for Samba
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ make_smbcodepage \- construct a codepage file for Samba
 \fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBmake_smbcodepage\fR compiles or de-compiles 
 codepage files for use with the internationalization features 
@@ -123,7 +123,7 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR, 
+\fBsmbd(8)\fR 
 smb.conf(5)
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1
index a49d66d7a73..9795531c41b 100644
--- a/docs/manpages/make_unicodemap.1
+++ b/docs/manpages/make_unicodemap.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "MAKE_UNICODEMAP" "1" "28 January 2002" "" ""
+.TH "MAKE_UNICODEMAP" "1" "28 August 2002" "" ""
 .SH NAME
 make_unicodemap \- construct a unicode map file for Samba
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ make_unicodemap \- construct a unicode map file for Samba
 \fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the Samba
+This tool is part of the Samba 
 suite.
 .PP
 \fBmake_unicodemap\fR compiles text unicode map 
@@ -82,7 +82,7 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR, 
+\fBsmbd(8)\fR 
 smb.conf(5)
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/net.8 b/docs/manpages/net.8
deleted file mode 100644
index e063e3c2296..00000000000
--- a/docs/manpages/net.8
+++ /dev/null
@@ -1,32 +0,0 @@
-.\" This manpage has been automatically generated by docbook2man-spec
-.\" from a DocBook document.  docbook2man-spec can be found at:
-.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
-.\" Please send any bug reports, improvements, comments, patches, 
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "NET" "8" "28 January 2002" "" ""
-.SH NAME
-net \- Tool for administration of Samba and remote CIFS servers.
-.SH SYNOPSIS
-.sp
-\fBnet\fR \fB<ads|rap|rpc>\fR
-.SH "DESCRIPTION"
-.PP
-This tool is part of the  Sambasuite.
-.SH "OPTIONS"
-.PP
-.SH "COMMANDS"
-.PP
-.SH "VERSION"
-.PP
-This man page is incomplete for version 3.0 of the Samba 
-suite.
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities 
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar 
-to the way the Linux kernel is developed.
-.PP
-The original Samba man pages were written by Karl Auer.
-The current set of manpages and documentation is maintained
-by the Samba Team in the same fashion as the Samba source code.
diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8
index 875de31f42d..46b29f1f959 100644
--- a/docs/manpages/nmbd.8
+++ b/docs/manpages/nmbd.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "NMBD" "8" "08 May 2002" "" ""
+.TH "NMBD" "8" "28 August 2002" "" ""
 .SH NAME
 nmbd \- NetBIOS name server to provide NetBIOS  over IP naming services to clients
 .SH SYNOPSIS
@@ -33,7 +33,7 @@ but this can be overridden with the \fB-n\fR
 option (see OPTIONS below). Thus \fBnmbd\fR will 
 reply to broadcast queries for its own name(s). Additional
 names for \fBnmbd\fR to respond on can be set 
-via parameters in the \fI smb.conf(5)\fRconfiguration file.
+via parameters in the \fI smb.conf(5)\fR configuration file.
 .PP
 \fBnmbd\fR can also be used as a WINS 
 (Windows Internet Name Server) server. What this basically means 
@@ -82,7 +82,7 @@ for \fBnmbd\fR.
 NetBIOS lmhosts file. The lmhosts 
 file is a list of NetBIOS names to IP addresses that 
 is loaded by the nmbd server and used via the name 
-resolution mechanism  name resolve order
+resolution mechanism  name resolve order described in  \fIsmb.conf(5)\fR
 to resolve any NetBIOS name queries needed by the server. Note 
 that the contents of this file are \fBNOT\fR 
 used by \fBnmbd\fR to answer any name queries. 
@@ -93,7 +93,7 @@ The default path to this file is compiled into
 Samba as part of the build process. Common defaults 
 are \fI/usr/local/samba/lib/lmhosts\fR,
 \fI/usr/samba/lib/lmhosts\fR or
-\fI/etc/lmhosts\fR. See the  \fIlmhosts(5)\fRman page for details on the 
+\fI/etc/lmhosts\fR. See the  \fIlmhosts(5)\fR man page for details on the 
 contents of this file.
 .TP
 \fB-V\fR
@@ -119,8 +119,8 @@ and generate HUGE amounts of log data, most of which is extremely
 cryptic.
 
 Note that specifying this parameter here will override 
-the log level
-parameter in the \fI smb.conf\fRfile.
+the log level 
+parameter in the \fI smb.conf\fR file.
 .TP
 \fB-l <log directory>\fR
 The -l parameter specifies a directory 
@@ -135,8 +135,8 @@ will log to the default debug log location defined at compile time.
 \fB-n <primary NetBIOS name>\fR
 This option allows you to override
 the NetBIOS name that Samba uses for itself. This is identical 
-to setting the  NetBIOS nameparameter in the  
-\fIsmb.conf\fRfile. However, a command
+to setting the  NetBIOS name parameter in the  
+\fIsmb.conf\fR file. However, a command
 line setting will take precedence over settings in 
 \fIsmb.conf\fR.
 .TP
@@ -153,14 +153,14 @@ is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but
 this may be changed when Samba is autoconfigured.
 
 The file specified contains the configuration details
-required by the server. See  \fIsmb.conf(5)\fRfor more information.
+required by the server. See  \fIsmb.conf(5)\fR for more information.
 .SH "FILES"
 .TP
 \fB\fI/etc/inetd.conf\fB\fR
 If the server is to be run by the
 \fBinetd\fR meta-daemon, this file
 must contain suitable startup information for the
-meta-daemon. See the UNIX_INSTALL.htmldocument
+meta-daemon. See the UNIX_INSTALL.html document
 for details.
 .TP
 \fB\fI/etc/rc\fB\fR
@@ -169,7 +169,7 @@ system uses).
 
 If running the server as a daemon at startup,
 this file will need to contain an appropriate startup
-sequence for the server. See the UNIX_INSTALL.htmldocument
+sequence for the server. See the UNIX_INSTALL.html document
 for details.
 .TP
 \fB\fI/etc/services\fB\fR
@@ -219,19 +219,28 @@ the \fIlog.nmb\fR file.
 .PP
 The debug log level of nmbd may be raised or lowered using
 \fBsmbcontrol(1)\fR
-(SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
+ (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is
 to allow transient problems to be diagnosed, whilst still running
 at a normally low log level.
+.SH "TROUBLESHOOTING"
+.PP
+One of the common causes of difficulty when installing Samba and SWAT
+is the existsnece of some type of firewall or port filtering software
+on the Samba server. Make sure that the appropriate ports
+outlined in this man page are available on the server and are not currently
+being blocked by some type of security software such as iptables or
+"port sentry". For more troubleshooting information, refer to the additional
+documentation included in the Samba distribution.
 .SH "VERSION"
 .PP
 This man page is correct for version 2.2 of 
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBinetd(8)\fR, \fBsmbd(8)\fR, 
+\fBinetd(8)\fR, \fBsmbd(8)\fR 
 \fIsmb.conf(5)\fR
-, \fBsmbclient(1)
-\fR, and the Internet RFC's
+ \fBsmbclient(1)
+\fR and the Internet RFC's
 \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
 In addition the CIFS (formerly SMB) specification is available 
 as a link from the Web page  
diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1
index ed6bd38ebab..f91dc2c4ba1 100644
--- a/docs/manpages/nmblookup.1
+++ b/docs/manpages/nmblookup.1
@@ -3,15 +3,15 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "NMBLOOKUP" "1" "28 January 2002" "" ""
+.TH "NMBLOOKUP" "1" "28 August 2002" "" ""
 .SH NAME
 nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS  names
 .SH SYNOPSIS
 .sp
-\fBnmblookup\fR [ \fB-M\fR ]  [ \fB-R\fR ]  [ \fB-S\fR ]  [ \fB-r\fR ]  [ \fB-A\fR ]  [ \fB-h\fR ]  [ \fB-B <broadcast address>\fR ]  [ \fB-U <unicast address>\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-i <NetBIOS scope>\fR ]  [ \fB-T\fR ]  \fBname\fR
+\fBnmblookup\fR [ \fB-f\fR ]  [ \fB-M\fR ]  [ \fB-R\fR ]  [ \fB-S\fR ]  [ \fB-r\fR ]  [ \fB-A\fR ]  [ \fB-h\fR ]  [ \fB-B <broadcast address>\fR ]  [ \fB-U <unicast address>\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-i <NetBIOS scope>\fR ]  [ \fB-T\fR ]  \fBname\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBnmblookup\fR is used to query NetBIOS names 
 and map them to IP addresses in a network using NetBIOS over TCP/IP 
@@ -20,6 +20,11 @@ particular IP broadcast area or to a particular machine. All queries
 are done over UDP.
 .SH "OPTIONS"
 .TP
+\fB-f\fR
+Causes nmblookup to print out the flags
+in the NMB packet headers. These flags will print out as 
+strings like Authoritative, Recursion_Desired, Recursion_available, etc.
+.TP
 \fB-M\fR
 Searches for a master browser by looking 
 up the NetBIOS name \fIname\fR with a 
@@ -45,7 +50,7 @@ datagrams. The reason for this option is a bug in Windows 95
 where it ignores the source port of the requesting packet 
 and only replies to UDP port 137. Unfortunately, on most UNIX 
 systems root privilege is needed to bind to this port, and 
-in addition, if the nmbd(8)
+in addition, if the nmbd(8) 
 daemon is running on this machine it also binds to this port.
 .TP
 \fB-A\fR
@@ -60,7 +65,7 @@ Send the query to the given broadcast address. Without
 this option the default behavior of nmblookup is to send the 
 query to the broadcast address of the network interfaces as 
 either auto-detected or defined in the \fIinterfaces\fR
-parameter of the \fIsmb.conf (5)\fR file.
+ parameter of the \fIsmb.conf (5)\fR file.
 .TP
 \fB-U <unicast address>\fR
 Do a unicast query to the specified address or 
@@ -84,11 +89,11 @@ Levels above 3 are designed for use only by developers and
 generate HUGE amounts of data, most of which is extremely cryptic.
 
 Note that specifying this parameter here will override 
-the \fI log level\fRparameter in the \fI smb.conf(5)\fR file.
+the \fI log level\fR parameter in the \fI smb.conf(5)\fR file.
 .TP
 \fB-s <smb.conf>\fR
 This parameter specifies the pathname to 
-the Samba configuration file,  smb.conf(5). This file controls all aspects of
+the Samba configuration file,  smb.conf(5) This file controls all aspects of
 the Samba setup on the machine.
 .TP
 \fB-i <scope>\fR
@@ -137,8 +142,8 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR, 
-samba(7)
+\fBnmbd(8)\fR 
+samba(7) and smb.conf(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8
index 523751712da..8e59ba336cd 100644
--- a/docs/manpages/pdbedit.8
+++ b/docs/manpages/pdbedit.8
@@ -1,18 +1,17 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "PDBEDIT" "8" "20 August 2002" "" ""
+.TH "PDBEDIT" "8" "28 August 2002" "" ""
 .SH NAME
 pdbedit \- manage the SAM database
 .SH SYNOPSIS
-
-\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i passdb-backend\fR ] [ \fB-e passdb-backend\fR ] [ \fB-b passdb-backend\fR ] [ \fB-D debuglevel\fR ]
-
+.sp
+\fBpdbedit\fR [ \fB-l\fR ]  [ \fB-v\fR ]  [ \fB-w\fR ]  [ \fB-u username\fR ]  [ \fB-f fullname\fR ]  [ \fB-h homedir\fR ]  [ \fB-d drive\fR ]  [ \fB-s script\fR ]  [ \fB-p profile\fR ]  [ \fB-a\fR ]  [ \fB-m\fR ]  [ \fB-x\fR ]  [ \fB-i file\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 The pdbedit program is used to manage the users accounts
 stored in the sam database and can be run only by root.
@@ -35,11 +34,12 @@ the ':' character.
 
 Example: \fBpdbedit -l\fR
 
-
+.sp
 .nf
 		sorce:500:Simo Sorce
 		samba:45:Test User
 		
+.sp
 .fi
 .TP
 \fB-v\fR
@@ -49,7 +49,7 @@ out the account fields in a descriptive format.
 
 Example: \fBpdbedit -l -v\fR
 
-
+.sp
 .nf
 		---------------
 		username:       sorce
@@ -70,21 +70,23 @@ Example: \fBpdbedit -l -v\fR
 		Logon Script:   
 		Profile Path:   \\\\BERSERKER\\profile
 		
+.sp
 .fi
 .TP
 \fB-w\fR
 This option sets the "smbpasswd" listing format.
 It will make pdbedit list the users in the database printing
 out the account fields in a format compatible with the
-\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fRfor details)
+\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details)
 
 Example: \fBpdbedit -l -w\fR
 
-
+.sp
 .nf
 		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
 		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
 		
+.sp
 .fi
 .TP
 \fB-u username\fR
@@ -136,10 +138,11 @@ the -u switch. When adding a new user pdbedit will also
 ask for the password to be used
 
 Example: \fBpdbedit -a -u sorce\fR
-
+.sp
 .nf
 new password:
 		retype new password
+.sp
 .fi
 .TP
 \fB-m\fR
@@ -157,25 +160,15 @@ from the database. It need the username be specified with the
 
 Example: \fBpdbedit -x -u bob\fR
 .TP
-\fB-i passdb-backend\fR
-Use a different passdb backend to retrieve users than the one specified in smb.conf. Can be used to import data into your 
-local user database.
+\fB-i file\fR
+This command is used to import a smbpasswd
+file into the database.
 
-This option will ease migration from one passdb backend to another.
-
-Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old\fR
-.TP
-\fB-e passdb-backend\fR
-Export all currently available users to the specified password database backend.
-
-This option will ease migration from one passdb backend to another and will ease backupping
-
-Example: \fBpdbedit -e smbpasswd:/root/samba-users.backup\fR
-.TP
-\fB-b passdb-backend\fR
-Use a different default passdb backend. 
+This option will ease migration from the plain smbpasswd
+file database to more powerful backend databases like tdb and
+ldap.
 
-Example: \fBpdbedit -b xml:/root/pdb-backup.xml -l\fR
+Example: \fBpdbedit -i /etc/smbpasswd.old\fR
 .SH "NOTES"
 .PP
 This command may be used only by root.
@@ -185,7 +178,7 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-smbpasswd(8), 
+smbpasswd(8) 
 samba(7)
 .SH "AUTHOR"
 .PP
@@ -197,6 +190,6 @@ to the way the Linux kernel is developed.
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1
index ea112a35ade..efc90487d8c 100644
--- a/docs/manpages/rpcclient.1
+++ b/docs/manpages/rpcclient.1
@@ -3,15 +3,15 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "RPCCLIENT" "1" "15 August 2002" "" ""
+.TH "RPCCLIENT" "1" "28 August 2002" "" ""
 .SH NAME
 rpcclient \- tool for executing client side  MS-RPC functions
 .SH SYNOPSIS
 .sp
-\fBrpcclient\fR [ \fB-A authfile\fR ]  [ \fB-c <command string>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-h\fR ]  [ \fB-l logfile\fR ]  [ \fB-N\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-U username[%password]\fR ]  [ \fB-W workgroup\fR ]  [ \fB-N\fR ]  [ \fB-I destinationIP\fR ]  \fBserver\fR
+\fBrpcclient\fR [ \fB-A authfile\fR ]  [ \fB-c <command string>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-h\fR ]  [ \fB-l logfile\fR ]  [ \fB-N\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-U username[%password]\fR ]  [ \fB-W workgroup\fR ]  [ \fB-N\fR ]  \fBserver\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBrpcclient\fR is a utility initially developed
 to test MS-RPC functionality in Samba itself. It has undergone 
@@ -23,10 +23,10 @@ their UNIX workstation.
 \fBserver\fR
 NetBIOS name of Server to which to connect. 
 The server can be any SMB/CIFS server. The name is 
-resolved using the  \fIname resolve order\fRline from 
+resolved using the  \fIname resolve order\fR line from 
 \fIsmb.conf(5)\fR.
 .TP
-\fB-A|--authfile=filename\fR
+\fB-A filename\fR
 This option allows 
 you to specify a file from which to read the username and 
 password used in the connection. The format of the file is 
@@ -43,49 +43,33 @@ password used in the connection. The format of the file is
 Make certain that the permissions on the file restrict 
 access from unwanted users. 
 .TP
-\fB-c|--command='command string'\fR
+\fB-c 'command string'\fR
 execute semicolon separated commands (listed 
 below)) 
 .TP
-\fB-d|--debug=debuglevel\fR
+\fB-d debuglevel\fR
 set the debuglevel. Debug level 0 is the lowest 
 and 100 being the highest. This should be set to 100 if you are
 planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR). 
 .TP
-\fB-h|--help\fR
+\fB-h\fR
 Print a summary of command line options.
 .TP
-\fB-I IP-address\fR
-\fIIP address\fR is the address of the server to connect to. 
-It should be specified in standard "a.b.c.d" notation. 
-
-Normally the client would attempt to locate a named 
-SMB/CIFS server by looking it up via the NetBIOS name resolution 
-mechanism described above in the \fIname resolve order\fR 
-parameter above. Using this parameter will force the client
-to assume that the server is on the machine with the specified IP 
-address and the NetBIOS name component of the resource being 
-connected to will be ignored. 
-
-There is no default for this parameter. If not supplied, 
-it will be determined automatically by the client as described 
-above. 
-.TP
-\fB-l|--logfile=logbasename\fR
+\fB-l logbasename\fR
 File name for log/debug files. The extension 
 \&'.client' will be appended. The log file is never removed 
 by the client.
 .TP
-\fB-N|--nopass\fR
+\fB-N\fR
 instruct \fBrpcclient\fR not to ask 
 for a password. By default, \fBrpcclient\fR will prompt 
 for a password. See also the \fI-U\fR option.
 .TP
-\fB-s|--conf=smb.conf\fR
+\fB-s smb.conf\fR
 Specifies the location of the all important 
 \fIsmb.conf\fR file. 
 .TP
-\fB-U|--user=username[%password]\fR
+\fB-U username[%password]\fR
 Sets the SMB username or username and password. 
 
 If %password is not specified, the user will be prompted. The 
@@ -108,7 +92,7 @@ via the \fBps\fR command. To be safe always allow
 \fBrpcclient\fR to prompt for a password and type 
 it in directly. 
 .TP
-\fB-W|--workgroup=domain\fR
+\fB-W domain\fR
 Set the SMB domain of the username. This 
 overrides the default domain which is the domain defined in 
 smb.conf. If the domain specified is the same as the server's NetBIOS name, 
@@ -330,7 +314,7 @@ or reported to Microsoft are fixed in Service Packs, which may
 result in incompatibilities." 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of the Samba 
+This man page is correct for version 2.2 of the Samba 
 suite.
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7
index 82e74096278..e0401f35ef5 100644
--- a/docs/manpages/samba.7
+++ b/docs/manpages/samba.7
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SAMBA" "7" "28 January 2002" "" ""
+.TH "SAMBA" "7" "28 August 2002" "" ""
 .SH NAME
 SAMBA \- A Windows SMB/CIFS fileserver for UNIX
 .SH SYNOPSIS
@@ -125,7 +125,7 @@ Samba. The project would have been unmanageable without it.
 .PP
 In addition, several commercial organizations now help 
 fund the Samba Team with money and equipment. For details see 
-the Samba Web pages at  http://samba.org/samba/samba-thanks.html.
+the Samba Web pages at  http://samba.org/samba/samba-thanks.html
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5
index 89671344817..8760ccc56e2 100644
--- a/docs/manpages/smb.conf.5
+++ b/docs/manpages/smb.conf.5
@@ -1,9 +1,9 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMB.CONF" "5" "07 September 2002" "" ""
+.TH "SMB.CONF" "5" "28 August 2002" "" ""
 .SH NAME
 smb.conf \- The configuration file for the Samba suite
 .SH "SYNOPSIS"
@@ -23,8 +23,7 @@ until the next section begins. Sections contain parameters of the
 form
 .PP
 \fIname\fR = \fIvalue
-\fR
-.PP
+\fR.PP
 The file is line-based - that is, each newline-terminated 
 line represents either a comment, a section name or a parameter.
 .PP
@@ -91,13 +90,14 @@ access than the host system grants.
 The following sample section defines a file space share. 
 The user has write access to the path \fI/home/bar\fR. 
 The share is accessed via the share name "foo":
-
+.sp
 .nf
 	 	[foo]
  		path = /home/bar
  		writeable = true
 	
 	
+.sp
 .fi
 .PP
 The following sample section defines a printable share. 
@@ -106,7 +106,7 @@ access permitted is via calls to open, write to and close a
 spool file. The \fBguest ok\fR parameter means 
 access will be permitted as the default guest user (specified 
 elsewhere):
-
+.sp
 .nf
 	 	[aprinter]
  		path = /usr/spool/public
@@ -115,15 +115,16 @@ elsewhere):
  		guest ok = true
 	
 	
+.sp
 .fi
 .SH "SPECIAL SECTIONS"
-.SS "THE [GLOBAL] SECTION"
+.SS "THE  GLOBAL  SECTION"
 .PP
 parameters in this section apply to the server 
 as a whole, or are defaults for sections which do not 
 specifically define certain items. See the notes
 under PARAMETERS for more information.
-.SS "THE [HOMES] SECTION"
+.SS "THE  HOMES  SECTION"
 .PP
 If a section called homes is included in the 
 configuration file, services connecting clients to their 
@@ -151,31 +152,38 @@ If you decide to use a \fBpath =\fR line
 in your [homes] section then you may find it useful 
 to use the %S macro. For example :
 .PP
+.PP
 \fBpath = /data/pchome/%S\fR
 .PP
+.PP
 would be useful if you have different home directories 
 for your PCs than for UNIX access.
 .PP
+.PP
 This is a fast and simple way to give a large number 
 of clients access to their home directories with a minimum 
 of fuss.
 .PP
+.PP
 A similar process occurs if the requested section 
 name is "homes", except that the share name is not 
 changed to that of the requesting user. This method of using
 the [homes] section works well if different users share 
 a client PC.
 .PP
+.PP
 The [homes] section can specify all the parameters 
 a normal service section can specify, though some make more sense 
 than others. The following is a typical and suitable [homes]
 section:
-
+.PP
+.sp
 .nf
 			 	[homes]
  			writeable = yes
 		
 		
+.sp
 .fi
 .PP
 An important point is that if guest access is specified 
@@ -185,13 +193,15 @@ In the very unlikely event that this is actually desirable, it
 would be wise to also specify \fBread only
 access\fR.
 .PP
+.PP
 Note that the \fBbrowseable\fR flag for 
 auto home directories will be inherited from the global browseable 
 flag, not the [homes] browseable flag. This is useful as 
 it means setting \fBbrowseable = no\fR in
 the [homes] section will hide the [homes] share but make
 any auto home directories visible.
-.SS "THE [PRINTERS] SECTION"
+.PP
+.SS "THE  PRINTERS  SECTION"
 .PP
 This section works like [homes], 
 but for printers.
@@ -229,17 +239,20 @@ Note that the [printers] service MUST be
 printable - if you specify otherwise, the server will refuse 
 to load the configuration file.
 .PP
+.PP
 Typically the path specified would be that of a 
 world-writeable spool directory with the sticky bit set on 
 it. A typical [printers] entry would look like 
 this:
-
+.PP
+.sp
 .nf
 	 	[printers]
  			path = /usr/spool/public
  			guest ok = yes
  			printable = yes 
 		
+.sp
 .fi
 .PP
 All aliases given for a printer in the printcap file 
@@ -247,40 +260,45 @@ are legitimate printer names as far as the server is concerned.
 If your printing subsystem doesn't work like that, you will have 
 to set up a pseudo-printcap. This is a file consisting of one or 
 more lines like this:
-
+.PP
+.sp
 .nf
 			        alias|alias|alias|alias...    
 		
 		
+.sp
 .fi
 .PP
 Each alias should be an acceptable printer name for 
 your printing subsystem. In the [global] section, specify 
-the new file as your printcap.  The server will then only recognize 
+the new file as your printcap. The server will then only recognize 
 names found in your pseudo-printcap, which of course can contain 
 whatever aliases you like. The same technique could be used 
 simply to limit access to a subset of your local printers.
 .PP
+.PP
 An alias, by the way, is defined as any component of the 
 first entry of a printcap record. Records are separated by newlines,
 components (if there are more than one) are separated by vertical 
 bar symbols ('|').
 .PP
+.PP
 NOTE: On SYSV systems which use lpstat to determine what 
 printers are defined on the system you may be able to use
 "printcap name = lpstat" to automatically obtain a list 
 of printers. See the "printcap name" option 
 for more details.
+.PP
 .SH "PARAMETERS"
 .PP
 parameters define the specific attributes of sections.
 .PP
 Some parameters are specific to the [global] section
-(e.g., \fBsecurity\fR).  Some parameters are usable 
+(e.g., \fBsecurity\fR). Some parameters are usable 
 in all sections (e.g., \fBcreate mode\fR). All others 
 are permissible only in normal sections. For the purposes of the 
 following descriptions the [homes] and [printers]
-sections will be considered normal.  The letter \fBG\fR 
+sections will be considered normal. The letter \fBG\fR 
 in parentheses indicates that a parameter is specific to the
 [global] section. The letter \fBS\fR
 indicates that a parameter can be specified in a service specific
@@ -343,15 +361,15 @@ the NetBIOS name of the server. This allows you
 to change your config based on what the client calls you. Your 
 server can have a "dual personality".
 
-Note that this parameter is not available when Samba listens
+Note that this paramater is not available when Samba listens
 on port 445, as clients no longer send this information 
 .TP
 \fB%M\fR
 the Internet name of the client machine.
 .TP
 \fB%N\fR
-the name of your NIS home directory server.  
-This is obtained from your NIS auto.map entry.  If you have 
+the name of your NIS home directory server. 
+This is obtained from your NIS auto.map entry. If you have 
 not compiled Samba with the \fB--with-automount\fR 
 option then this value will be the same as %L.
 .TP
@@ -390,6 +408,7 @@ The value of the environment variable
 .PP
 There are some quite creative things that can be done 
 with these substitutions and other smb.conf options.
+.PP
 .SH "NAME MANGLING"
 .PP
 Samba supports "name mangling" so that DOS and 
@@ -405,6 +424,18 @@ All of these options can be set separately for each service
 .PP
 The options are: 
 .TP
+\fBmangling method\fR
+controls the algorithm used for the generating
+the mangled names. Can take two different values, "hash" and
+"hash2". "hash" is the default and is the algorithm that has been
+used in Samba for many years. "hash2" is a newer and considered
+a better algorithm (generates less collisions) in the names.
+However, many Win32 applications store the
+mangled names and so changing to the new algorithm must not be done
+lightly as these applications may break unless reinstalled.
+New installations of Samba may set the default to hash2.
+Default \fBhash\fR.
+.TP
 \fBmangle case = yes/no\fR
 controls if names that have characters that 
 aren't of the "default" case are mangled. For example, 
@@ -435,43 +466,39 @@ are lowercased. Default \fByes\fR.
 .PP
 By default, Samba 2.2 has the same semantics as a Windows 
 NT server, in that it is case insensitive but case preserving.
+.PP
 .SH "NOTE ABOUT USERNAME/PASSWORD VALIDATION"
 .PP
 There are a number of ways in which a user can connect 
 to a service. The server uses the following steps in determining 
 if it will allow a connection to a specified service. If all the 
-steps fail, then the connection request is rejected.  However, if one of the 
+steps fail, then the connection request is rejected. However, if one of the 
 steps succeeds, then the following steps are not checked.
 .PP
 If the service is marked "guest only = yes" and the
 server is running with share-level security ("security = share")
 then steps 1 to 5 are skipped.
-.TP 3
-1. 
+.IP 1. 
 If the client has passed a username/password 
 pair and that username/password pair is validated by the UNIX 
 system's password programs then the connection is made as that 
 username. Note that this includes the 
 \\\\server\\service%\fIusername\fR method of passing 
 a username.
-.TP 3
-2. 
+.IP 2. 
 If the client has previously registered a username 
 with the system and now supplies a correct password for that 
 username then the connection is allowed.
-.TP 3
-3. 
+.IP 3. 
 The client's NetBIOS name and any previously 
 used user names are checked against the supplied password, if 
 they match then the connection is allowed as the corresponding 
 user.
-.TP 3
-4. 
+.IP 4. 
 If the client has previously validated a
 username/password pair with the server and the client has passed 
 the validation token then that username is used. 
-.TP 3
-5. 
+.IP 5. 
 If a "user = " field is given in the
 \fIsmb.conf\fR file for the service and the client 
 has supplied a password, and that password matches (according to 
@@ -481,8 +508,7 @@ the username in the "user =" line. If one
 of the username in the "user =" list begins with a
 \&'@' then that name expands to a list of names in 
 the group of the same name.
-.TP 3
-6. 
+.IP 6. 
 If the service is a guest service then a 
 connection is made as the username given in the "guest 
 account =" for the service, irrespective of the 
@@ -490,16 +516,10 @@ supplied password.
 .SH "COMPLETE LIST OF GLOBAL PARAMETERS"
 .PP
 Here is a list of all global parameters. See the section of 
-each parameter for details.  Note that some are synonyms.
-.TP 0.2i
-\(bu
-\fIabort shutdown script\fR
-.TP 0.2i
-\(bu
-\fIadd group script\fR
+each parameter for details. Note that some are synonyms.
 .TP 0.2i
 \(bu
-\fIaddprinter command\fR
+\fIadd printer command\fR
 .TP 0.2i
 \(bu
 \fIadd share command\fR
@@ -508,21 +528,6 @@ each parameter for details.  Note that some are synonyms.
 \fIadd user script\fR
 .TP 0.2i
 \(bu
-\fIadd user to group script\fR
-.TP 0.2i
-\(bu
-\fIadd machine script\fR
-.TP 0.2i
-\(bu
-\fIdelete group script\fR
-.TP 0.2i
-\(bu
-\fIads server\fR
-.TP 0.2i
-\(bu
-\fIalgorithmic rid base\fR
-.TP 0.2i
-\(bu
 \fIallow trusted domains\fR
 .TP 0.2i
 \(bu
@@ -532,9 +537,6 @@ each parameter for details.  Note that some are synonyms.
 \fIannounce version\fR
 .TP 0.2i
 \(bu
-\fIauth methods\fR
-.TP 0.2i
-\(bu
 \fIauto services\fR
 .TP 0.2i
 \(bu
@@ -550,6 +552,18 @@ each parameter for details.  Note that some are synonyms.
 \fIchange share command\fR
 .TP 0.2i
 \(bu
+\fIcharacter set\fR
+.TP 0.2i
+\(bu
+\fIclient code page\fR
+.TP 0.2i
+\(bu
+\fIcode page directory\fR
+.TP 0.2i
+\(bu
+\fIcoding system\fR
+.TP 0.2i
+\(bu
 \fIconfig file\fR
 .TP 0.2i
 \(bu
@@ -577,7 +591,7 @@ each parameter for details.  Note that some are synonyms.
 \fIdefault service\fR
 .TP 0.2i
 \(bu
-\fIdeleteprinter command\fR
+\fIdelete printer command\fR
 .TP 0.2i
 \(bu
 \fIdelete share command\fR
@@ -586,21 +600,12 @@ each parameter for details.  Note that some are synonyms.
 \fIdelete user script\fR
 .TP 0.2i
 \(bu
-\fIdelete user from group script\fR
-.TP 0.2i
-\(bu
 \fIdfree command\fR
 .TP 0.2i
 \(bu
-\fIdisable netbios\fR
-.TP 0.2i
-\(bu
 \fIdisable spoolss\fR
 .TP 0.2i
 \(bu
-\fIdisplay charset\fR
-.TP 0.2i
-\(bu
 \fIdns proxy\fR
 .TP 0.2i
 \(bu
@@ -616,9 +621,6 @@ each parameter for details.  Note that some are synonyms.
 \fIdomain master\fR
 .TP 0.2i
 \(bu
-\fIdos charset\fR
-.TP 0.2i
-\(bu
 \fIencrypt passwords\fR
 .TP 0.2i
 \(bu
@@ -637,18 +639,12 @@ each parameter for details.  Note that some are synonyms.
 \fIhide unreadable\fR
 .TP 0.2i
 \(bu
-\fIhide unwriteable files\fR
-.TP 0.2i
-\(bu
 \fIhomedir map\fR
 .TP 0.2i
 \(bu
 \fIhost msdfs\fR
 .TP 0.2i
 \(bu
-\fIhostname lookups\fR
-.TP 0.2i
-\(bu
 \fIhosts equiv\fR
 .TP 0.2i
 \(bu
@@ -673,13 +669,13 @@ each parameter for details.  Note that some are synonyms.
 \fIldap filter\fR
 .TP 0.2i
 \(bu
-\fIldap ssl\fR
+\fIldap port\fR
 .TP 0.2i
 \(bu
-\fIldap suffix\fR
+\fIldap server\fR
 .TP 0.2i
 \(bu
-\fIldap suffix\fR
+\fIldap ssl\fR
 .TP 0.2i
 \(bu
 \fIldap suffix\fR
@@ -739,6 +735,9 @@ each parameter for details.  Note that some are synonyms.
 \fImangled stack\fR
 .TP 0.2i
 \(bu
+\fImangling method\fR
+.TP 0.2i
+\(bu
 \fImap to guest\fR
 .TP 0.2i
 \(bu
@@ -784,9 +783,6 @@ each parameter for details.  Note that some are synonyms.
 \fImin wins ttl\fR
 .TP 0.2i
 \(bu
-\fIname cache timeout\fR
-.TP 0.2i
-\(bu
 \fIname resolve order\fR
 .TP 0.2i
 \(bu
@@ -802,13 +798,10 @@ each parameter for details.  Note that some are synonyms.
 \fInis homedir\fR
 .TP 0.2i
 \(bu
-\fIntlm auth\fR
-.TP 0.2i
-\(bu
-\fInon unix account range\fR
+\fInt pipe support\fR
 .TP 0.2i
 \(bu
-\fInt pipe support\fR
+\fInt smb support\fR
 .TP 0.2i
 \(bu
 \fInt status support\fR
@@ -835,12 +828,6 @@ each parameter for details.  Note that some are synonyms.
 \fIpanic action\fR
 .TP 0.2i
 \(bu
-\fIparanoid server security\fR
-.TP 0.2i
-\(bu
-\fIpassdb backend\fR
-.TP 0.2i
-\(bu
 \fIpasswd chat\fR
 .TP 0.2i
 \(bu
@@ -874,9 +861,6 @@ each parameter for details.  Note that some are synonyms.
 \fIprinter driver file\fR
 .TP 0.2i
 \(bu
-\fIprivate dir\fR
-.TP 0.2i
-\(bu
 \fIprotocol\fR
 .TP 0.2i
 \(bu
@@ -889,9 +873,6 @@ each parameter for details.  Note that some are synonyms.
 \fIread size\fR
 .TP 0.2i
 \(bu
-\fIrealm\fR
-.TP 0.2i
-\(bu
 \fIremote announce\fR
 .TP 0.2i
 \(bu
@@ -919,15 +900,9 @@ each parameter for details.  Note that some are synonyms.
 \fIshow add printer wizard\fR
 .TP 0.2i
 \(bu
-\fIshutdown script\fR
-.TP 0.2i
-\(bu
 \fIsmb passwd file\fR
 .TP 0.2i
 \(bu
-\fIsmb ports\fR
-.TP 0.2i
-\(bu
 \fIsocket address\fR
 .TP 0.2i
 \(bu
@@ -937,7 +912,55 @@ each parameter for details.  Note that some are synonyms.
 \fIsource environment\fR
 .TP 0.2i
 \(bu
-\fIuse spnego\fR
+\fIssl\fR
+.TP 0.2i
+\(bu
+\fIssl CA certDir\fR
+.TP 0.2i
+\(bu
+\fIssl CA certFile\fR
+.TP 0.2i
+\(bu
+\fIssl ciphers\fR
+.TP 0.2i
+\(bu
+\fIssl client cert\fR
+.TP 0.2i
+\(bu
+\fIssl client key\fR
+.TP 0.2i
+\(bu
+\fIssl compatibility\fR
+.TP 0.2i
+\(bu
+\fIssl egd socket\fR
+.TP 0.2i
+\(bu
+\fIssl entropy bytes\fR
+.TP 0.2i
+\(bu
+\fIssl entropy file\fR
+.TP 0.2i
+\(bu
+\fIssl hosts\fR
+.TP 0.2i
+\(bu
+\fIssl hosts resign\fR
+.TP 0.2i
+\(bu
+\fIssl require clientcert\fR
+.TP 0.2i
+\(bu
+\fIssl require servercert\fR
+.TP 0.2i
+\(bu
+\fIssl server cert\fR
+.TP 0.2i
+\(bu
+\fIssl server key\fR
+.TP 0.2i
+\(bu
+\fIssl version\fR
 .TP 0.2i
 \(bu
 \fIstat cache\fR
@@ -973,12 +996,6 @@ each parameter for details.  Note that some are synonyms.
 \fItotal print jobs\fR
 .TP 0.2i
 \(bu
-\fIunicode\fR
-.TP 0.2i
-\(bu
-\fIunix charset\fR
-.TP 0.2i
-\(bu
 \fIunix extensions\fR
 .TP 0.2i
 \(bu
@@ -1006,7 +1023,7 @@ each parameter for details.  Note that some are synonyms.
 \fIutmp directory\fR
 .TP 0.2i
 \(bu
-\fIwtmp directory\fR
+\fIvalid chars\fR
 .TP 0.2i
 \(bu
 \fIwinbind cache time\fR
@@ -1033,9 +1050,6 @@ each parameter for details.  Note that some are synonyms.
 \fIwins hook\fR
 .TP 0.2i
 \(bu
-\fIwins partners\fR
-.TP 0.2i
-\(bu
 \fIwins proxy\fR
 .TP 0.2i
 \(bu
@@ -1163,6 +1177,9 @@ each parameter for details. Note that some are synonyms.
 \fIforce security mode\fR
 .TP 0.2i
 \(bu
+\fIforce unknown acl user\fR
+.TP 0.2i
+\(bu
 \fIforce user\fR
 .TP 0.2i
 \(bu
@@ -1241,9 +1258,6 @@ each parameter for details. Note that some are synonyms.
 \fImangling char\fR
 .TP 0.2i
 \(bu
-\fImangling method\fR
-.TP 0.2i
-\(bu
 \fImap archive\fR
 .TP 0.2i
 \(bu
@@ -1400,9 +1414,6 @@ each parameter for details. Note that some are synonyms.
 \fIveto oplock files\fR
 .TP 0.2i
 \(bu
-\fIvfs path\fR
-.TP 0.2i
-\(bu
 \fIvfs object\fR
 .TP 0.2i
 \(bu
@@ -1430,36 +1441,24 @@ each parameter for details. Note that some are synonyms.
 \fIwriteable\fR
 .SH "EXPLANATION OF EACH PARAMETER"
 .TP
-\fBabort shutdown script (G)\fR
-\fBThis parameter only exists in the HEAD cvs branch\fR
-This a full path name to a script called by
-\fBsmbd(8)\fR that
-should stop a shutdown procedure issued by the \fIshutdown script\fR.
-
-This command will be run as user.
-
-Default: \fBNone\fR.
-
-Example: \fBabort shutdown script = /sbin/shutdown -c\fR
-.TP
-\fBaddprinter command (G)\fR
+\fBadd printer command (G)\fR
 With the introduction of MS-RPC based printing
 support for Windows NT/2000 clients in Samba 2.2, The MS Add
 Printer Wizard (APW) icon is now also available in the 
-"Printers..." folder displayed a share listing.  The APW
+"Printers..." folder displayed a share listing. The APW
 allows for printers to be add remotely to a Samba or Windows 
 NT/2000 print server.
 
 For a Samba host this means that the printer must be 
-physically added to the underlying printing system.  The \fIadd 
+physically added to the underlying printing system. The \fIadd 
 printer command\fR defines a script to be run which 
 will perform the necessary operations for adding the printer
 to the print system and to add the appropriate service definition 
-to the  \fIsmb.conf\fR file in order that it can be 
+to the \fIsmb.conf\fR file in order that it can be 
 shared by \fBsmbd(8)\fR
 
 
-The \fIaddprinter command\fR is
+The \fIadd printer command\fR is
 automatically invoked with the following parameter (in 
 order:
 .RS
@@ -1482,33 +1481,37 @@ order:
 \(bu
 \fIWindows 9x driver location\fR
 .RE
-
+.PP
 All parameters are filled in from the PRINTER_INFO_2 structure sent 
-by the Windows NT/2000 client with one exception.  The "Windows 9x
+by the Windows NT/2000 client with one exception. The "Windows 9x
 driver location" parameter is included for backwards compatibility
-only.  The remaining fields in the structure are generated from answers
+only. The remaining fields in the structure are generated from answers
 to the APW questions.
-
-Once the \fIaddprinter command\fR has 
-been executed, \fBsmbd\fR will reparse the \fI  smb.conf\fR to determine if the share defined by the APW
-exists.  If the sharename is still invalid, then \fBsmbd
-\fR will return an ACCESS_DENIED error to the client.
-
-See also \fI  deleteprinter command\fR, \fIprinting\fR,
+.PP
+.PP
+Once the \fIadd printer command\fR has 
+been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to determine if the share defined by the APW
+exists. If the sharename is still invalid, then \fBsmbd
+\fRwill return an ACCESS_DENIED error to the client.
+.PP
+.PP
+See also \fI delete printer command\fR, \fIprinting\fR,
 \fIshow add
 printer wizard\fR
-
+.PP
+.PP
 Default: \fBnone\fR
-
+.PP
+.PP
 Example: \fBaddprinter command = /usr/bin/addprinter
-\fR
+\fR.PP
 .TP
 \fBadd share command (G)\fR
 Samba 2.2.0 introduced the ability to dynamically 
-add and delete shares via the Windows NT 4.0 Server Manager.  The 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
 \fIadd share command\fR is used to define an 
 external program or script which will add a new service definition 
-to \fIsmb.conf\fR.  In order to successfully 
+to \fIsmb.conf\fR. In order to successfully 
 execute the \fIadd share command\fR, \fBsmbd\fR
 requires that the administrator be connected using a root account (i.e. 
 uid == 0).
@@ -1533,43 +1536,22 @@ directory on disk.
 \fIcomment\fR - comment string to associate 
 with the new share.
 .RE
-
-This parameter is only used for add file shares.  To add printer shares, 
-see the \fIaddprinter 
+.PP
+This parameter is only used for add file shares. To add printer shares, 
+see the \fIadd printer 
 command\fR.
-
+.PP
+.PP
 See also \fIchange share 
 command\fR, \fIdelete share
 command\fR.
-
+.PP
+.PP
 Default: \fBnone\fR
-
+.PP
+.PP
 Example: \fBadd share command = /usr/local/bin/addshare\fR
-.TP
-\fBadd machine script (G)\fR
-This is the full pathname to a script that will 
-be run by smbd(8) when a machine is added
-to it's domain using the administrator username and password method. 
-
-This option is only required when using sam back-ends tied to the
-Unix uid method of RID calculation such as smbpasswd.  This option is only
-available in Samba 3.0.
-
-Default: \fBadd machine script = <empty string>
-\fR
-
-Example: \fBadd machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
-\fR
-.TP
-\fBads server (G)\fR
-If this option is specified, samba does 
-not try to figure out what ads server to use itself, but 
-uses the specified ads server. Either one DNS name or IP 
-address can be used.
-
-Default: \fBads server = \fR
-
-Example: \fBads server = 192.168.1.2\fR
+.PP
 .TP
 \fBadd user script (G)\fR
 This is the full pathname to a script that will 
@@ -1591,39 +1573,29 @@ user given one argument of \fI%u\fR, which expands into
 the UNIX user name to create.
 
 When the Windows user attempts to access the Samba server, 
-at login (session setup in the SMB protocol) time,   smbd contacts the \fIpassword server\fR and 
+at login (session setup in the SMB protocol) time,  smbd contacts the \fIpassword server\fR and 
 attempts to authenticate the given user with the given password. If the 
 authentication succeeds then \fBsmbd\fR 
 attempts to find a UNIX user in the UNIX password database to map the 
 Windows user into. If this lookup fails, and \fIadd user script
-\fR is set then \fBsmbd\fR will
+\fRis set then \fBsmbd\fR will
 call the specified script \fBAS ROOT\fR, expanding 
 any \fI%u\fR argument to be the user name to create.
 
 If this script successfully creates the user then \fBsmbd
-\fR will continue on as though the UNIX user
+\fRwill continue on as though the UNIX user
 already existed. In this way, UNIX users are dynamically created to
 match existing Windows NT accounts.
 
-See also \fI  security\fR,   \fIpassword server\fR, 
+See also \fI security\fR,  \fIpassword server\fR, 
 \fIdelete user 
 script\fR.
 
 Default: \fBadd user script = <empty string>
 \fR
-
 Example: \fBadd user script = /usr/local/samba/bin/add_user 
 %u\fR
 .TP
-\fBadd group script (G)\fR
-This is the full pathname to a script that will be run \fBAS ROOT\fR
-by smbd(8) when a new group is requested. It will expand any \fI%g\fR
-to the group name passed.  This script is only useful for
-installations using the Windows NT domain administration tools. The
-script is free to create a group with an arbitrary name to circumvent
-unix group name restrictions. In that case the script must print the
-numeric gid of the created group on stdout.
-.TP
 \fBadmin users (S)\fR
 This is a list of users who will be granted 
 administrative privileges on the share. This means that they 
@@ -1637,43 +1609,12 @@ Default: \fBno admin users\fR
 
 Example: \fBadmin users = jason\fR
 .TP
-\fBadd user to group script (G)\fR
-Full path to the script that will be called when 
-a user is added to a group using the Windows NT domain administration 
-tools. It will be run by smbd(8) 
-\fBAS ROOT\fR. Any \fI%g\fR will be 
-replaced with the group name and any \fI%u\fR will 
-be replaced with the user name.
-
-Default: \fBadd user to group script = \fR
-
-Example: \fBadd user to group script = /usr/sbin/adduser %u %g\fR
-.TP
 \fBallow hosts (S)\fR
-Synonym for   \fIhosts allow\fR.
-.TP
-\fBalgorithmic rid base (G)\fR
-This determines how Samba will use its
-algorithmic mapping from uids/gid to the RIDs needed to construct
-NT Security Identifiers.
-
-Setting this option to a larger value could be useful to sites
-transitioning from WinNT and Win2k, as existing user and 
-group rids would otherwise clash with sytem users etc. 
-
-All UIDs and GIDs must be able to be resolved into SIDs for  
-the correct operation of ACLs on the server.  As such the algorithmic
-mapping can't be 'turned off', but pushing it 'out of the way' should
-resolve the issues.  Users and groups can then be assigned 'low' RIDs
-in arbitary-rid supporting backends. 
-
-Default: \fBalgorithmic rid base = 1000\fR
-
-Example: \fBalgorithmic rid base = 100000\fR
+Synonym for  \fIhosts allow\fR.
 .TP
 \fBallow trusted domains (G)\fR
 This option only takes effect when the \fIsecurity\fR option is set to 
-server or domain.  
+server or domain. 
 If it is set to no, then attempts to connect to a resource from 
 a domain or workgroup other than the one which smbd is running 
 in will fail, even if that domain is trusted by the remote server 
@@ -1681,11 +1622,11 @@ doing the authentication.
 
 This is useful if you only want your Samba server to 
 serve resources to users in the domain it is a member of. As 
-an example, suppose that there are two domains DOMA and DOMB.  DOMB 
-is trusted by DOMA, which contains the Samba server.  Under normal 
+an example, suppose that there are two domains DOMA and DOMB. DOMB 
+is trusted by DOMA, which contains the Samba server. Under normal 
 circumstances, a user with an account in DOMB can then access the 
 resources of a UNIX account with the same account name on the 
-Samba server even if they do not have an account in DOMA.  This 
+Samba server even if they do not have an account in DOMA. This 
 can make implementing a security boundary difficult.
 
 Default: \fBallow trusted domains = yes\fR
@@ -1710,7 +1651,7 @@ Example: \fBannounce as = Win95\fR
 \fBannounce version (G)\fR
 This specifies the major and minor version numbers 
 that nmbd will use when announcing itself as a server. The default 
-is 4.2.  Do not change this parameter unless you have a specific 
+is 4.5. Do not change this parameter unless you have a specific 
 need to set a Samba server to be a downlevel server.
 
 Default: \fBannounce version = 4.5\fR
@@ -1718,19 +1659,7 @@ Default: \fBannounce version = 4.5\fR
 Example: \fBannounce version = 2.0\fR
 .TP
 \fBauto services (G)\fR
-This is a synonym for the   \fIpreload\fR.
-.TP
-\fBauth methods (G)\fR
-This option allows the administrator to chose what
-authentication methods \fBsmbd\fR will use when authenticating
-a user.  This option defaults to sensible values based on \fI  security\fR.
-Each entry in the list attempts to authenticate the user in turn, until
-the user authenticates.  In practice only one method will ever actually 
-be able to complete the authentication.
-
-Default: \fBauth methods = <empty string>\fR
-
-Example: \fBauth methods = guest sam ntdomain\fR
+This is a synonym for the  \fIpreload\fR.
 .TP
 \fBavailable (S)\fR
 This parameter lets you "turn off" a service. If 
@@ -1749,7 +1678,7 @@ different ways.
 
 For name service it causes \fBnmbd\fR to bind 
 to ports 137 and 138 on the interfaces listed in the interfaces parameter. \fBnmbd
-\fR also binds to the "all addresses" interface (0.0.0.0) 
+\fRalso binds to the "all addresses" interface (0.0.0.0) 
 on ports 137 and 138 for the purposes of reading broadcast messages. 
 If this option is not set then \fBnmbd\fR will service 
 name requests on all of these sockets. If \fIbind interfaces
@@ -1760,14 +1689,14 @@ interfaces in the \fIinterfaces\fR parameter list.
 As unicast packets are received on the other sockets it allows 
 \fBnmbd\fR to refuse to serve names to machines that 
 send packets that arrive through any interfaces not listed in the
-\fIinterfaces\fR list.  IP Source address spoofing
+\fIinterfaces\fR list. IP Source address spoofing
 does defeat this simple check, however so it must not be used
 seriously as a security feature for \fBnmbd\fR.
 
 For file service it causes smbd(8)
-to bind only to the interface list given in the   interfaces parameter. This restricts the networks that 
+to bind only to the interface list given in the  interfaces parameter. This restricts the networks that 
 \fBsmbd\fR will serve to packets coming in those 
-interfaces.  Note that you should not use this parameter for machines 
+interfaces. Note that you should not use this parameter for machines 
 that are serving PPP or other intermittent or non-broadcast network 
 interfaces as it will not cope with non-permanent interfaces.
 
@@ -1782,21 +1711,39 @@ by default connects to the \fBlocalhost - 127.0.0.1\fR
 address as an SMB client to issue the password change request. If 
 \fIbind interfaces only\fR is set then unless the 
 network address \fB127.0.0.1\fR is added to the
-\fIinterfaces\fR parameter list then \fB  smbpasswd\fR will fail to connect in it's default mode. 
+\fIinterfaces\fR parameter list then \fB smbpasswd\fR will fail to connect in it's default mode. 
 \fBsmbpasswd\fR can be forced to use the primary IP interface 
-of the local host by using its   \fI-r remote machine\fR
+of the local host by using its  \fI-r remote machine\fR
  parameter, with \fIremote machine\fR set 
 to the IP name of the primary interface of the local host.
 
 The \fBswat\fR status page tries to connect with
 \fBsmbd\fR and \fBnmbd\fR at the address 
-\fB127.0.0.1\fR to determine if they are running.  
-Not adding \fB127.0.0.1\fR  will cause \fB  smbd\fR and \fBnmbd\fR to always show
-"not running" even if they really are.  This can prevent \fB  swat\fR from starting/stopping/restarting \fBsmbd\fR
+\fB127.0.0.1\fR to determine if they are running. 
+Not adding \fB127.0.0.1\fR will cause \fB smbd\fR and \fBnmbd\fR to always show
+"not running" even if they really are. This can prevent \fB swat\fR from starting/stopping/restarting \fBsmbd\fR
 and \fBnmbd\fR.
 
 Default: \fBbind interfaces only = no\fR
 .TP
+\fBblock size (S)\fR
+This parameter controls the behavior of smbd(8) when reporting disk free sizes.
+By default, this reports a disk block size of 1024 bytes.
+
+Changing this parameter may have some effect on the
+efficiency of client writes, this is not yet confirmed. This
+parameter was added to allow advanced administrators to change
+it (usually to a higher value) and test the effect it has on
+client write performance without re-compiling the code. As this
+is an experimental option it may be removed in a future release.
+
+Changing this option does not change the disk free reporting
+size, just the block size unit reported to the client.
+
+Default: \fBblock size = 1024\fR
+
+Example: \fBblock size = 65536\fR
+.TP
 \fBblocking locks (S)\fR
 This parameter controls the behavior of smbd(8) when given a request by a client 
 to obtain a byte range lock on a region of an open file, and the 
@@ -1814,30 +1761,11 @@ cannot be obtained.
 
 Default: \fBblocking locks = yes\fR
 .TP
-\fBblock size (S)\fR
-This parameter controls the behavior of 
-smbd(8) when reporting disk free 
-sizes. By default, this reports a disk block size of 1024 bytes.
-
-Changing this parameter may have some effect on the
-efficiency of client writes, this is not yet confirmed. This
-parameter was added to allow advanced administrators to change
-it (usually to a higher value) and test the effect it has on
-client write performance without re-compiling the code. As this
-is an experimental option it may be removed in a future release.
-
-Changing this option does not change the disk free reporting
-size, just the block size unit reported to the client.
-
-Default: \fBblock size = 1024\fR
-
-Example: \fBblock size = 65536\fR
-.TP
 \fBbrowsable (S)\fR
-See the \fI  browseable\fR.
+See the \fI browseable\fR.
 .TP
 \fBbrowse list (G)\fR
-This controls whether   \fBsmbd(8)\fR will serve a browse list to 
+This controls whether  \fBsmbd(8)\fR will serve a browse list to 
 a client doing a \fBNetServerEnum\fR call. Normally 
 set to true. You should never need to change 
 this.
@@ -1863,7 +1791,7 @@ sensitive.
 This SMB allows a client to tell a server to 
 "watch" a particular directory for any changes and only reply to
 the SMB request when a change has occurred. Such constant scanning of
-a directory is expensive under UNIX, hence an   \fBsmbd(8)\fR daemon only performs such a scan 
+a directory is expensive under UNIX, hence an  \fBsmbd(8)\fR daemon only performs such a scan 
 on each requested directory once every \fIchange notify 
 timeout\fR seconds.
 
@@ -1875,10 +1803,10 @@ Would change the scan time to every 5 minutes.
 .TP
 \fBchange share command (G)\fR
 Samba 2.2.0 introduced the ability to dynamically 
-add and delete shares via the Windows NT 4.0 Server Manager.  The 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
 \fIchange share command\fR is used to define an 
 external program or script which will modify an existing service definition 
-in \fIsmb.conf\fR.  In order to successfully 
+in \fIsmb.conf\fR. In order to successfully 
 execute the \fIchange share command\fR, \fBsmbd\fR
 requires that the administrator be connected using a root account (i.e. 
 uid == 0).
@@ -1903,17 +1831,223 @@ directory on disk.
 \fIcomment\fR - comment string to associate 
 with the new share.
 .RE
-
-This parameter is only used modify existing file shares definitions.  To modify 
+.PP
+This parameter is only used modify existing file shares definitions. To modify 
 printer shares, use the "Printers..." folder as seen when browsing the Samba host.
-
+.PP
+.PP
 See also \fIadd share
 command\fR, \fIdelete 
 share command\fR.
-
+.PP
+.PP
 Default: \fBnone\fR
-
+.PP
+.PP
 Example: \fBchange share command = /usr/local/bin/addshare\fR
+.PP
+.TP
+\fBcharacter set (G)\fR
+This allows smbd to map incoming filenames 
+from a DOS Code page (see the client 
+code page parameter) to several built in UNIX character sets. 
+The built in code page translations are:
+.RS
+.TP 0.2i
+\(bu
+ISO8859-1 : Western European 
+UNIX character set. The parameter \fIclient code page\fR
+\fBMUST\fR be set to code page 850 if the 
+\fIcharacter set\fR parameter is set to
+ISO8859-1 in order for the conversion to the 
+UNIX character set to be done correctly.
+.TP 0.2i
+\(bu
+ISO8859-2 : Eastern European 
+UNIX character set. The parameter \fIclient code page
+\fR\fBMUST\fR be set to code page 852 if 
+the \fI character set\fR parameter is set 
+to ISO8859-2 in order for the conversion 
+to the UNIX character set to be done correctly. 
+.TP 0.2i
+\(bu
+ISO8859-5 : Russian Cyrillic 
+UNIX character set. The parameter \fIclient code page
+\fR\fBMUST\fR be set to code page 
+866 if the \fIcharacter set \fR parameter is 
+set to ISO8859-5 in order for the conversion 
+to the UNIX character set to be done correctly. 
+.TP 0.2i
+\(bu
+ISO8859-7 : Greek UNIX 
+character set. The parameter \fIclient code page
+\fR\fBMUST\fR be set to code page 
+737 if the \fIcharacter set\fR parameter is 
+set to ISO8859-7 in order for the conversion 
+to the UNIX character set to be done correctly.
+.TP 0.2i
+\(bu
+KOI8-R : Alternate mapping 
+for Russian Cyrillic UNIX character set. The parameter 
+\fIclient code page\fR \fBMUST\fR 
+be set to code page 866 if the \fIcharacter set\fR 
+parameter is set to KOI8-R in order for the 
+conversion to the UNIX character set to be done correctly.
+.RE
+.PP
+\fBBUG\fR. These MSDOS code page to UNIX character 
+set mappings should be dynamic, like the loading of MS DOS code pages, 
+not static.
+.PP
+.PP
+Normally this parameter is not set, meaning no filename 
+translation is done.
+.PP
+.PP
+Default: \fBcharacter set = <empty string>\fR
+.PP
+.PP
+Example: \fBcharacter set = ISO8859-1\fR
+.PP
+.TP
+\fBclient code page (G)\fR
+This parameter specifies the DOS code page 
+that the clients accessing Samba are using. To determine what code 
+page a Windows or DOS client is using, open a DOS command prompt 
+and type the command \fBchcp\fR. This will output 
+the code page. The default for USA MS-DOS, Windows 95, and
+Windows NT releases is code page 437. The default for western 
+European releases of the above operating systems is code page 850.
+
+This parameter tells smbd(8) 
+which of the \fIcodepage.XXX
+\fRfiles to dynamically load on startup. These files,
+described more fully in the manual page  \fBmake_smbcodepage(1)\fR tell \fB smbd\fR how to map lower to upper case characters to provide 
+the case insensitivity of filenames that Windows clients expect.
+
+Samba currently ships with the following code page files :
+.RS
+.TP 0.2i
+\(bu
+Code Page 437 - MS-DOS Latin US
+.TP 0.2i
+\(bu
+Code Page 737 - Windows '95 Greek
+.TP 0.2i
+\(bu
+Code Page 850 - MS-DOS Latin 1
+.TP 0.2i
+\(bu
+Code Page 852 - MS-DOS Latin 2
+.TP 0.2i
+\(bu
+Code Page 861 - MS-DOS Icelandic
+.TP 0.2i
+\(bu
+Code Page 866 - MS-DOS Cyrillic
+.TP 0.2i
+\(bu
+Code Page 932 - MS-DOS Japanese SJIS
+.TP 0.2i
+\(bu
+Code Page 936 - MS-DOS Simplified Chinese
+.TP 0.2i
+\(bu
+Code Page 949 - MS-DOS Korean Hangul
+.TP 0.2i
+\(bu
+Code Page 950 - MS-DOS Traditional Chinese
+.RE
+.PP
+Thus this parameter may have any of the values 437, 737, 850, 852,
+861, 932, 936, 949, or 950. If you don't find the codepage you need,
+read the comments in one of the other codepage files and the
+\fBmake_smbcodepage(1)\fR man page and write one. Please 
+remember to donate it back to the Samba user community.
+.PP
+.PP
+This parameter co-operates with the \fIvalid
+chars\fR parameter in determining what characters are
+valid in filenames and how capitalization is done. If you set both
+this parameter and the \fIvalid chars\fR parameter
+the \fIclient code page\fR parameter 
+\fBMUST\fR be set before the \fIvalid 
+chars\fR parameter in the \fIsmb.conf\fR
+file. The \fIvalid chars\fR string will then 
+augment the character settings in the \fIclient code page\fR 
+parameter.
+.PP
+.PP
+If not set, \fIclient code page\fR defaults 
+to 850.
+.PP
+.PP
+See also : \fIvalid 
+chars\fR,  \fIcode page directory\fR
+.PP
+.PP
+Default: \fBclient code page = 850\fR
+.PP
+.PP
+Example: \fBclient code page = 936\fR
+.PP
+.TP
+\fBcode page directory (G)\fR
+Define the location of the various client code page
+files.
+
+See also \fIclient
+code page\fR
+
+Default: \fBcode page directory = ${prefix}/lib/codepages
+\fR
+Example: \fBcode page directory = /usr/share/samba/codepages
+\fR.TP
+\fBcoding system (G)\fR
+This parameter is used to determine how incoming 
+Shift-JIS Japanese characters are mapped from the incoming \fIclient code page\fR
+used by the client, into file names in the UNIX filesystem. 
+Only useful if \fIclient code page\fR is set to 
+932 (Japanese Shift-JIS). The options are :
+.RS
+.TP 0.2i
+\(bu
+SJIS - Shift-JIS. Does no 
+conversion of the incoming filename.
+.TP 0.2i
+\(bu
+JIS8, J8BB, J8BH, J8@B, 
+J8@J, J8@H  - Convert from incoming Shift-JIS to eight 
+bit JIS code with different shift-in, shift out codes.
+.TP 0.2i
+\(bu
+JIS7, J7BB, J7BH, J7@B, J7@J, 
+J7@H  - Convert from incoming Shift-JIS to seven bit 
+JIS code with different shift-in, shift out codes.
+.TP 0.2i
+\(bu
+JUNET, JUBB, JUBH, JU@B, JU@J, JU@H  
+- Convert from incoming Shift-JIS to JUNET code with different shift-in, 
+shift out codes.
+.TP 0.2i
+\(bu
+EUC - Convert an incoming 
+Shift-JIS character to EUC code.
+.TP 0.2i
+\(bu
+HEX - Convert an incoming 
+Shift-JIS character to a 3 byte hex representation, i.e. 
+:AB.
+.TP 0.2i
+\(bu
+CAP - Convert an incoming 
+Shift-JIS character to the 3 byte hex representation used by 
+the Columbia AppleTalk Program (CAP), i.e. :AB. 
+This is used for compatibility between Samba and CAP.
+.RE
+.PP
+Default: \fBcoding system = <empty value>\fR
+.PP
 .TP
 \fBcomment (S)\fR
 This is a text field that is seen next to a share 
@@ -1922,7 +2056,7 @@ neighborhood or via \fBnet view\fR to list what shares
 are available.
 
 If you want to set the string that is displayed next to the 
-machine name then see the \fI  server string\fR parameter.
+machine name then see the \fI server string\fR parameter.
 
 Default: \fBNo comment string\fR
 
@@ -1946,8 +2080,7 @@ If the config file doesn't exist then it won't be loaded
 clients).
 
 Example: \fBconfig file = /usr/local/samba/lib/smb.conf.%m
-\fR
-.TP
+\fR.TP
 \fBcopy (S)\fR
 This parameter allows you to "clone" service 
 entries. The specified service is simply duplicated under the 
@@ -1985,12 +2118,12 @@ parameter which is set to 000 by default.
 
 This parameter does not affect directory modes. See the 
 parameter \fIdirectory mode
-\fR for details.
+\fRfor details.
 
 See also the \fIforce 
 create mode\fR parameter for forcing particular mode 
-bits to be set on created files. See also the   \fIdirectory mode\fR parameter for masking 
-mode bits on created directories.  See also the   \fIinherit permissions\fR parameter.
+bits to be set on created files. See also the  \fIdirectory mode\fR parameter for masking 
+mode bits on created directories. See also the  \fIinherit permissions\fR parameter.
 
 Note that this parameter does not apply to permissions
 set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
@@ -2001,7 +2134,7 @@ Default: \fBcreate mask = 0744\fR
 Example: \fBcreate mask = 0775\fR
 .TP
 \fBcreate mode (S)\fR
-This is a synonym for \fI  create mask\fR.
+This is a synonym for \fI create mask\fR.
 .TP
 \fBcsc policy (S)\fR
 This stands for \fBclient-side caching 
@@ -2014,7 +2147,7 @@ servers.
 
 For example, shares containing roaming profiles can have
 offline caching disabled using \fBcsc policy = disable
-\fR.
+\fR\&.
 
 Default: \fBcsc policy = manual\fR
 
@@ -2049,7 +2182,7 @@ are needed with a resolution of higher that seconds, this
 boolean parameter adds microsecond resolution to the timestamp 
 message header when turned on.
 
-Note that the parameter \fI  debug timestamp\fR must be on for this to have an 
+Note that the parameter \fI debug timestamp\fR must be on for this to have an 
 effect.
 
 Default: \fBdebug hires timestamp = no\fR
@@ -2060,14 +2193,14 @@ forked smbdprocess there may be hard to follow which process
 outputs which message. This boolean parameter is adds the process-id 
 to the timestamp message headers in the logfile when turned on.
 
-Note that the parameter \fI  debug timestamp\fR must be on for this to have an 
+Note that the parameter \fI debug timestamp\fR must be on for this to have an 
 effect.
 
 Default: \fBdebug pid = no\fR
 .TP
 \fBdebug timestamp (G)\fR
 Samba 2.2 debug log messages are timestamped 
-by default. If you are running at a high   \fIdebug level\fR these timestamps
+by default. If you are running at a high  \fIdebug level\fR these timestamps
 can be distracting. This boolean parameter allows timestamping 
 to be turned off.
 
@@ -2079,42 +2212,42 @@ run as the connected user, this boolean parameter inserts the
 current euid, egid, uid and gid to the timestamp message headers 
 in the log file if turned on.
 
-Note that the parameter \fI  debug timestamp\fR must be on for this to have an 
+Note that the parameter \fI debug timestamp\fR must be on for this to have an 
 effect.
 
 Default: \fBdebug uid = no\fR
 .TP
 \fBdebuglevel (G)\fR
-Synonym for \fI  log level\fR.
+Synonym for \fI log level\fR.
 .TP
 \fBdefault (G)\fR
-A synonym for \fI  default service\fR.
+A synonym for \fI default service\fR.
 .TP
 \fBdefault case (S)\fR
-See the section on   NAME MANGLING. Also note the   \fIshort preserve case\fR parameter.
+See the section on  NAME MANGLING. Also note the  \fIshort preserve case\fR parameter.
 
 Default: \fBdefault case = lower\fR
 .TP
 \fBdefault devmode (S)\fR
-This parameter is only applicable to printable services.  When smbd is serving
+This parameter is only applicable to printable services. When smbd is serving
 Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
 server has a Device Mode which defines things such as paper size and
-orientation and duplex settings.  The device mode can only correctly be
+orientation and duplex settings. The device mode can only correctly be
 generated by the printer driver itself (which can only be executed on a
-Win32 platform).  Because smbd is unable to execute the driver code
+Win32 platform). Because smbd is unable to execute the driver code
 to generate the device mode, the default behavior is to set this field
 to NULL.
 
 Most problems with serving printer drivers to Windows NT/2k/XP clients
-can be traced to a problem with the generated device mode.  Certain drivers
+can be traced to a problem with the generated device mode. Certain drivers
 will do things such as crashing the client's Explorer.exe with a NULL devmode.
 However, other printer drivers can cause the client's spooler service
 (spoolsv.exe) to die if the devmode was not created by the driver itself
 (i.e. smbd generates a default devmode).
 
 This parameter should be used with care and tested with the printer
-driver in question.  It is better to leave the device mode to NULL
-and let the Windows client set the correct values.  Because drivers do not
+driver in question. It is better to leave the device mode to NULL
+and let the Windows client set the correct values. Because drivers do not
 do this all the time, setting \fBdefault devmode = yes\fR
 will instruct smbd to generate a default one.
 
@@ -2133,7 +2266,7 @@ There is no default value for this parameter. If this
 parameter is not given, attempting to connect to a nonexistent 
 service results in an error.
 
-Typically the default service would be a   \fIguest ok\fR,   \fIread-only\fR service.
+Typically the default service would be a  \fIguest ok\fR,  \fIread-only\fR service.
 
 Also note that the apparent service name will be changed 
 to equal that of the requested service, this is very useful as it 
@@ -2146,7 +2279,7 @@ interesting things.
 
 Example:
 
-
+.sp
 .nf
 [global]
 	default service = pub
@@ -2154,42 +2287,38 @@ Example:
 [pub]
 	path = /%S
 		
+.sp
 .fi
 .TP
-\fBdelete group script (G)\fR
-This is the full pathname to a script that will 
-be run \fBAS ROOT\fR by smbd(8) when a group is requested to be deleted. It will expand any \fI%g\fR to the group name passed.  This script is only useful for installations using the Windows NT domain administration tools.
-.TP
-\fBdeleteprinter command (G)\fR
+\fBdelete printer command (G)\fR
 With the introduction of MS-RPC based printer
 support for Windows NT/2000 clients in Samba 2.2, it is now 
 possible to delete printer at run time by issuing the 
 DeletePrinter() RPC call.
 
 For a Samba host this means that the printer must be 
-physically deleted from underlying printing system.  The \fI  deleteprinter command\fR defines a script to be run which 
+physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which 
 will perform the necessary operations for removing the printer
 from the print system and from \fIsmb.conf\fR.
 
-The \fIdeleteprinter command\fR is 
-automatically called with only one parameter: \fI  "printer name"\fR.
+The \fIdelete printer command\fR is 
+automatically called with only one parameter: \fI "printer name"\fR.
 
-Once the \fIdeleteprinter command\fR has 
-been executed, \fBsmbd\fR will reparse the \fI  smb.conf\fR to associated printer no longer exists.  
+Once the \fIdelete printer command\fR has 
+been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. 
 If the sharename is still valid, then \fBsmbd
-\fR will return an ACCESS_DENIED error to the client.
+\fRwill return an ACCESS_DENIED error to the client.
 
-See also \fI  addprinter command\fR, \fIprinting\fR,
+See also \fI add printer command\fR, \fIprinting\fR,
 \fIshow add
 printer wizard\fR
 
 Default: \fBnone\fR
 
 Example: \fBdeleteprinter command = /usr/bin/removeprinter
-\fR
-.TP
+\fR.TP
 \fBdelete readonly (S)\fR
-This parameter allows readonly files to be deleted.  
+This parameter allows readonly files to be deleted. 
 This is not normal DOS semantics, but is allowed by UNIX.
 
 This option may be useful for running applications such 
@@ -2200,10 +2329,10 @@ Default: \fBdelete readonly = no\fR
 .TP
 \fBdelete share command (G)\fR
 Samba 2.2.0 introduced the ability to dynamically 
-add and delete shares via the Windows NT 4.0 Server Manager.  The 
+add and delete shares via the Windows NT 4.0 Server Manager. The 
 \fIdelete share command\fR is used to define an 
 external program or script which will remove an existing service 
-definition from \fIsmb.conf\fR.  In order to successfully 
+definition from \fIsmb.conf\fR. In order to successfully 
 execute the \fIdelete share command\fR, \fBsmbd\fR
 requires that the administrator be connected using a root account (i.e. 
 uid == 0).
@@ -2220,53 +2349,74 @@ of the global \fIsmb.conf\fR file.
 \fIshareName\fR - the name of 
 the existing service.
 .RE
-
-This parameter is only used to remove file shares.  To delete printer shares, 
-see the \fIdeleteprinter 
+.PP
+This parameter is only used to remove file shares. To delete printer shares, 
+see the \fIdelete printer 
 command\fR.
-
+.PP
+.PP
 See also \fIadd share
 command\fR, \fIchange 
 share command\fR.
-
+.PP
+.PP
 Default: \fBnone\fR
-
+.PP
+.PP
 Example: \fBdelete share command = /usr/local/bin/delshare\fR
+.PP
 .TP
 \fBdelete user script (G)\fR
 This is the full pathname to a script that will 
-be run by \fBsmbd(8)\fR
-when managing user's with remote RPC (NT) tools.
+be run \fBAS ROOT\fR by  \fBsmbd(8)\fR under special circumstances 
+described below.
 
-This script is called when a remote client removes a user
-from the server, normally using 'User Manager for Domains' or
-\fBrpcclient\fR.
+Normally, a Samba server requires that UNIX users are 
+created for all users accessing files on this server. For sites 
+that use Windows NT account databases as their primary user database 
+creating these users and keeping the user list in sync with the 
+Windows NT PDC is an onerous task. This option allows \fB smbd\fR to delete the required UNIX users \fBON 
+DEMAND\fR when a user accesses the Samba server and the 
+Windows NT user no longer exists.
 
-This script should delete the given UNIX username. 
+In order to use this option, \fBsmbd\fR must be 
+set to \fIsecurity = domain\fR or \fIsecurity =
+user\fR and \fIdelete user script\fR 
+must be set to a full pathname for a script 
+that will delete a UNIX user given one argument of \fI%u\fR, 
+which expands into the UNIX user name to delete.
+
+When the Windows user attempts to access the Samba server, 
+at \fBlogin\fR (session setup in the SMB protocol) 
+time, \fBsmbd\fR contacts the  \fIpassword server\fR and attempts to authenticate 
+the given user with the given password. If the authentication fails 
+with the specific Domain error code meaning that the user no longer 
+exists then \fBsmbd\fR attempts to find a UNIX user in 
+the UNIX password database that matches the Windows user account. If 
+this lookup succeeds, and \fIdelete user script\fR is 
+set then \fBsmbd\fR will all the specified script 
+\fBAS ROOT\fR, expanding any \fI%u\fR 
+argument to be the user name to delete.
+
+This script should delete the given UNIX username. In this way, 
+UNIX users are dynamically deleted to match existing Windows NT 
+accounts.
+
+See also security = domain,
+\fIpassword server\fR
+, \fIadd user script\fR
+\&.
 
 Default: \fBdelete user script = <empty string>
 \fR
-
 Example: \fBdelete user script = /usr/local/samba/bin/del_user 
 %u\fR
 .TP
-\fBdelete user from group script (G)\fR
-Full path to the script that will be called when 
-a user is removed from a group using the Windows NT domain administration 
-tools. It will be run by smbd(8) 
-\fBAS ROOT\fR. Any \fI%g\fR will be 
-replaced with the group name and any \fI%u\fR will 
-be replaced with the user name.
-
-Default: \fBdelete user from group script = \fR
-
-Example: \fBdelete user from group script = /usr/sbin/deluser %u %g\fR
-.TP
 \fBdelete veto files (S)\fR
 This option is used when Samba is attempting to 
 delete a directory that contains one or more vetoed directories 
 (see the \fIveto files\fR
-option).  If this option is set to false (the default) then if a vetoed 
+option). If this option is set to false (the default) then if a vetoed 
 directory contains any non-vetoed files or directories then the 
 directory delete will fail. This is usually what you want.
 
@@ -2278,7 +2428,7 @@ directories you might normally veto DOS/Windows users from seeing
 (e.g. \fI.AppleDouble\fR)
 
 Setting \fBdelete veto files = yes\fR allows these 
-directories to be  transparently deleted when the parent directory 
+directories to be transparently deleted when the parent directory 
 is deleted (so long as the user has permissions to do so).
 
 See also the \fIveto 
@@ -2317,28 +2467,28 @@ setgid and should be owned by (and writeable only by) root!
 Default: \fBBy default internal routines for 
 determining the disk capacity and remaining space will be used.
 \fR
-
 Example: \fBdfree command = /usr/local/samba/bin/dfree
 \fR
-
 Where the script dfree (which must be made executable) could be:
 
-
+.sp
 .nf
  
 		#!/bin/sh
 		df $1 | tail -1 | awk '{print $2" "$4}'
 		
+.sp
 .fi
 
 or perhaps (on Sys V based systems):
 
-
+.sp
 .nf
  
 		#!/bin/sh
 		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
 		
+.sp
 .fi
 
 Note that you may have to replace the command names 
@@ -2346,7 +2496,7 @@ with full path names on some systems.
 .TP
 \fBdirectory (S)\fR
 Synonym for \fIpath
-\fR.
+\fR\&.
 .TP
 \fBdirectory mask (S)\fR
 This parameter is the octal modes which are 
@@ -2367,7 +2517,7 @@ user who owns the directory to modify it.
 
 Following this Samba will bit-wise 'OR' the UNIX mode 
 created from this parameter with the value of the \fIforce directory mode
-\fR parameter. This parameter is set to 000 by 
+\fRparameter. This parameter is set to 000 by 
 default (i.e. no extra mode bits are added).
 
 Note that this parameter does not apply to permissions
@@ -2379,18 +2529,18 @@ directory mode\fR parameter to cause particular mode
 bits to always be set on created directories.
 
 See also the \fIcreate mode
-\fR parameter for masking mode bits on created files, 
+\fRparameter for masking mode bits on created files, 
 and the \fIdirectory 
 security mask\fR parameter.
 
-Also refer to the \fI  inherit permissions\fR parameter.
+Also refer to the \fI inherit permissions\fR parameter.
 
 Default: \fBdirectory mask = 0755\fR
 
 Example: \fBdirectory mask = 0775\fR
 .TP
 \fBdirectory mode (S)\fR
-Synonym for \fI  directory mask\fR
+Synonym for \fI directory mask\fR
 .TP
 \fBdirectory security mask (S)\fR
 This parameter controls what UNIX permission bits 
@@ -2410,38 +2560,26 @@ permissions on a directory.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this restriction, 
-so it is primarily useful for standalone "appliance" systems.  
+so it is primarily useful for standalone "appliance" systems. 
 Administrators of most normal systems will probably want to leave
 it as the default of 0777.
 
-See also the \fI  force directory security mode\fR, \fIsecurity mask\fR, 
+See also the \fI force directory security mode\fR, \fIsecurity mask\fR, 
 \fIforce security mode
-\fR parameters.
+\fRparameters.
 
 Default: \fBdirectory security mask = 0777\fR
 
 Example: \fBdirectory security mask = 0700\fR
 .TP
-\fBdisable netbios (G)\fR
-Enabling this parameter will disable netbios support
-in Samba. Netbios is the only available form of browsing in 
-all windows versions except for 2000 and XP. 
-
-Note that clients that only support netbios won't be able to 
-see your samba server when netbios support is disabled.
-
-Default: \fBdisable netbios = no\fR
-
-Example: \fBdisable netbios = yes\fR
-.TP
 \fBdisable spoolss (G)\fR
-Enabling this parameter will disable Samba's support
+Enabling this parameter will disables Samba's support
 for the SPOOLSS set of MS-RPC's and will yield identical behavior
-as Samba 2.0.x.  Windows NT/2000 clients will downgrade to using
+as Samba 2.0.x. Windows NT/2000 clients will downgrade to using
 Lanman style printing commands. Windows 9x/ME will be uneffected by
 the parameter. However, this will also disable the ability to upload
 printer drivers to a Samba server via the Windows NT Add Printer
-Wizard or by using the NT printer properties dialog window.  It will
+Wizard or by using the NT printer properties dialog window. It will
 also disable the capability of Windows NT/2000 clients to download
 print drivers from the Samba host upon demand.
 \fBBe very careful about enabling this parameter.\fR
@@ -2450,15 +2588,6 @@ See also use client driver
 
 Default : \fBdisable spoolss = no\fR
 .TP
-\fBdisplay charset (G)\fR
-Specifies the charset that samba will use 
-to print messages to stdout and stderr and SWAT will use. 
-Should generally be the same as the \fBunix charset\fR.
-
-Default: \fBdisplay charset = ASCII\fR
-
-Example: \fBdisplay charset = UTF8\fR
-.TP
 \fBdns proxy (G)\fR
 Specifies that nmbd(8) 
 when acting as a WINS server and finding that a NetBIOS name has not 
@@ -2474,16 +2603,16 @@ characters, so the DNS name (or DNS alias) can likewise only be
 DNS name lookup requests, as doing a name lookup is a blocking 
 action.
 
-See also the parameter \fI  wins support\fR.
+See also the parameter \fI wins support\fR.
 
 Default: \fBdns proxy = yes\fR
 .TP
 \fBdomain admin group (G)\fR
 This parameter is intended as a temporary solution
 to enable users to be a member of the "Domain Admins" group when 
-a Samba host is acting as a PDC.  A complete solution will be provided
+a Samba host is acting as a PDC. A complete solution will be provided
 by a system for mapping Windows NT/2000 groups onto UNIX groups.
-Please note that this parameter has a somewhat confusing name.  It 
+Please note that this parameter has a somewhat confusing name. It 
 accepts a list of usernames and of group names in standard 
 \fIsmb.conf\fR notation.
 
@@ -2498,9 +2627,9 @@ Example: \fBdomain admin group = root @wheel\fR
 \fBdomain guest group (G)\fR
 This parameter is intended as a temporary solution
 to enable users to be a member of the "Domain Guests" group when 
-a Samba host is acting as a PDC.  A complete solution will be provided
+a Samba host is acting as a PDC. A complete solution will be provided
 by a system for mapping Windows NT/2000 groups onto UNIX groups.
-Please note that this parameter has a somewhat confusing name.  It 
+Please note that this parameter has a somewhat confusing name. It 
 accepts a list of usernames and of group names in standard 
 \fIsmb.conf\fR notation.
 
@@ -2514,24 +2643,24 @@ Example: \fBdomain guest group = nobody @guest\fR
 .TP
 \fBdomain logons (G)\fR
 If set to true, the Samba server will serve 
-Windows 95/98 Domain logons for the   \fIworkgroup\fR it is in. Samba 2.2 also 
+Windows 95/98 Domain logons for the  \fIworkgroup\fR it is in. Samba 2.2 also 
 has limited capability to act as a domain controller for Windows 
-NT 4 Domains.  For more details on setting up this feature see 
+NT 4 Domains. For more details on setting up this feature see 
 the Samba-PDC-HOWTO included in the \fIhtmldocs/\fR
 directory shipped with the source code.
 
 Default: \fBdomain logons = no\fR
 .TP
 \fBdomain master (G)\fR
-Tell \fB  nmbd(8)\fR to enable WAN-wide browse list
+Tell \fB nmbd(8)\fR to enable WAN-wide browse list
 collation. Setting this option causes \fBnmbd\fR to
 claim a special domain specific NetBIOS name that identifies 
-it as a domain master browser for its given   \fIworkgroup\fR. Local master browsers 
+it as a domain master browser for its given  \fIworkgroup\fR. Local master browsers 
 in the same \fIworkgroup\fR on broadcast-isolated 
 subnets will give this \fBnmbd\fR their local browse lists, 
 and then ask \fBsmbd(8)\fR 
 for a complete copy of the browse list for the whole wide area 
-network.  Browser clients will then contact their local master browser, 
+network. Browser clients will then contact their local master browser, 
 and will receive the domain-wide browse list, instead of just the list 
 for their broadcast-isolated subnet.
 
@@ -2547,7 +2676,7 @@ strangely and may fail.
 
 If \fBdomain logons = yes\fR
 , then the default behavior is to enable the \fIdomain 
-master\fR parameter.  If \fIdomain logons\fR is 
+master\fR parameter. If \fIdomain logons\fR is 
 not enabled (the default setting), then neither will \fIdomain 
 master\fR be enabled by default.
 
@@ -2561,31 +2690,21 @@ parameter allows you to specify a comma-delimited list of directories
 that the server should always show as empty.
 
 Note that Samba can be very fussy about the exact format 
-of the "dont descend" entries. For example you may need \fI  ./proc\fR instead of just \fI/proc\fR. 
-Experimentation is the best policy :-)  
+of the "dont descend" entries. For example you may need \fI ./proc\fR instead of just \fI/proc\fR. 
+Experimentation is the best policy :-) 
 
 Default: \fBnone (i.e., all directories are OK 
 to descend)\fR
 
 Example: \fBdont descend = /proc,/dev\fR
 .TP
-\fBdos charset (G)\fR
-DOS SMB clients assume the server has 
-the same charset as they do. This option specifies which 
-charset Samba should talk to DOS clients.
-
-The default depends on which charsets you have instaled. 
-Samba tries to use charset 850 but falls back to ASCII in 
-case it is not available. Run testparm(1)
- to check the default on your system.
-.TP
 \fBdos filemode (S)\fR
 The default behavior in Samba is to provide 
 UNIX-like behavior where only the owner of a file/directory is 
-able to change the permissions on it.  However, this behavior
-is often confusing to  DOS/Windows users.  Enabling this parameter 
+able to change the permissions on it. However, this behavior
+is often confusing to DOS/Windows users. Enabling this parameter 
 allows a user who has write access to the file (by whatever 
-means) to modify the permissions on it.  Note that a user
+means) to modify the permissions on it. Note that a user
 belonging to the group owning the file will not be allowed to
 change permissions if the group is only granted read access.
 Ownership of the file/directory is not changed, only the permissions 
@@ -2620,7 +2739,7 @@ file they can change the timestamp on it. Under POSIX semantics,
 only the owner of the file or root may change the timestamp. By 
 default, Samba runs with POSIX semantics and refuses to change the 
 timestamp on a file if the user \fBsmbd\fR is acting 
-on behalf of is not the file owner. Setting this option to   true allows DOS semantics and smbd will change the file 
+on behalf of is not the file owner. Setting this option to  true allows DOS semantics and smbd will change the file 
 timestamp as DOS requires.
 
 Default: \fBdos filetimes = no\fR
@@ -2637,16 +2756,16 @@ In order for encrypted passwords to work correctly
 \fBsmbd(8)\fR must either 
 have access to a local \fIsmbpasswd(5)
 \fR program for information on how to set up 
-and maintain this file), or set the security = [server|domain|ads] parameter which 
+and maintain this file), or set the security = [server|domain] parameter which 
 causes \fBsmbd\fR to authenticate against another 
 server.
 
-Default: \fBencrypt passwords = yes\fR
+Default: \fBencrypt passwords = no\fR
 .TP
 \fBenhanced browsing (G)\fR
 This option enables a couple of enhancements to 
 cross-subnet browse propagation that have been added in Samba 
-but which are not standard in Microsoft implementations.  
+but which are not standard in Microsoft implementations. 
 
 The first enhancement to browse propagation consists of a regular
 wildcard query to a Samba WINS server for all Domain Master Browsers,
@@ -2666,27 +2785,26 @@ Default: \fBenhanced browsing = yes\fR
 .TP
 \fBenumports command (G)\fR
 The concept of a "port" is fairly foreign
-to UNIX hosts.  Under Windows NT/2000 print servers, a port
+to UNIX hosts. Under Windows NT/2000 print servers, a port
 is associated with a port monitor and generally takes the form of
 a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
-(i.e. LPD Port Monitor, etc...).  By default, Samba has only one
-port defined--"Samba Printer Port".  Under 
-Windows NT/2000, all printers must have a valid port name.  
+(i.e. LPD Port Monitor, etc...). By default, Samba has only one
+port defined--"Samba Printer Port". Under 
+Windows NT/2000, all printers must have a valid port name. 
 If you wish to have a list of ports displayed (\fBsmbd
-\fR does not use a port name for anything) other than 
+\fRdoes not use a port name for anything) other than 
 the default "Samba Printer Port", you 
 can define \fIenumports command\fR to point to
 a program which should generate a list of ports, one per line,
-to standard output.  This listing will then be used in response
+to standard output. This listing will then be used in response
 to the level 1 and 2 EnumPorts() RPC.
 
 Default: \fBno enumports command\fR
 
 Example: \fBenumports command = /usr/bin/listports
-\fR
-.TP
+\fR.TP
 \fBexec (S)\fR
-This is a synonym for   \fIpreexec\fR.
+This is a synonym for  \fIpreexec\fR.
 .TP
 \fBfake directory create times (S)\fR
 NTFS and Windows VFAT file systems keep a create 
@@ -2707,11 +2825,11 @@ timestamp than the object files it contains.
 
 However, Unix time semantics mean that the create time 
 reported by Samba will be updated whenever a file is created or 
-or deleted in the directory.  NMAKE finds all object files in 
-the object directory.  The timestamp of the last one built is then 
-compared to the timestamp of the object directory.  If the 
+or deleted in the directory. NMAKE finds all object files in 
+the object directory. The timestamp of the last one built is then 
+compared to the timestamp of the object directory. If the 
 directory's timestamp if newer, then all object files
-will be rebuilt.  Enabling this option 
+will be rebuilt. Enabling this option 
 ensures directories always predate their contents and an NMAKE build 
 will proceed as expected.
 
@@ -2748,9 +2866,9 @@ to stop \fBsmbd(8)\fR
 from following symbolic links in a particular share. Setting this 
 parameter to no prevents any file or directory 
 that is a symbolic link from being followed (the user will get an 
-error).  This option is very useful to stop users from adding a 
+error). This option is very useful to stop users from adding a 
 symbolic link to \fI/etc/passwd\fR in their home 
-directory for instance.  However it will slow filename lookups 
+directory for instance. However it will slow filename lookups 
 down slightly.
 
 This option is enabled (i.e. \fBsmbd\fR will 
@@ -2792,10 +2910,10 @@ bits to a created directory. This operation is done after the mode
 mask in the parameter \fIdirectory mask\fR is 
 applied.
 
-See also the parameter \fI  directory mask\fR for details on masking mode bits 
+See also the parameter \fI directory mask\fR for details on masking mode bits 
 on created directories.
 
-See also the \fI  inherit permissions\fR parameter.
+See also the \fI inherit permissions\fR parameter.
 
 Default: \fBforce directory mode = 000\fR
 
@@ -2805,7 +2923,7 @@ would force all created directories to have read and execute
 permissions set for 'group' and 'other' as well as the
 read/write/execute bits set for the 'user'.
 .TP
-\fBforce directory security mode (S)\fR
+\fBforce directory\fR
 This parameter controls what UNIX permission bits 
 can be modified when a Windows NT client is manipulating the UNIX 
 permission on a directory using the native NT security dialog box.
@@ -2822,13 +2940,13 @@ directory without restrictions.
 
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this restriction, 
-so it is primarily useful for standalone "appliance" systems.  
+so it is primarily useful for standalone "appliance" systems. 
 Administrators of most normal systems will probably want to leave
 it set as 0000.
 
-See also the \fI  directory security mask\fR,   \fIsecurity mask\fR, 
+See also the \fI directory security mask\fR,  \fIsecurity mask\fR, 
 \fIforce security mode
-\fR parameters.
+\fRparameters.
 
 Default: \fBforce directory security mode = 0\fR
 
@@ -2857,7 +2975,7 @@ primary group assigned to sys when accessing this Samba share. All
 other users will retain their ordinary primary group.
 
 If the \fIforce user
-\fR parameter is also set the group specified in 
+\fRparameter is also set the group specified in 
 \fIforce group\fR will override the primary group
 set in \fIforce user\fR.
 
@@ -2886,18 +3004,40 @@ with no restrictions.
 
 \fBNote\fR that users who can access 
 the Samba server through other means can easily bypass this restriction, 
-so it is primarily useful for standalone "appliance" systems.  
+so it is primarily useful for standalone "appliance" systems. 
 Administrators of most normal systems will probably want to leave
 this set to 0000.
 
-See also the \fI  force directory security mode\fR,
+See also the \fI force directory security mode\fR,
 \fIdirectory security
-mask\fR, \fI  security mask\fR parameters.
+mask\fR, \fI security mask\fR parameters.
 
 Default: \fBforce security mode = 0\fR
 
 Example: \fBforce security mode = 700\fR
 .TP
+\fBforce unknown acl user (S)\fR
+If this parameter is set, a Windows NT ACL that contains
+an unknown SID (security descriptor, or representation of a user or group id)
+as the owner or group owner of the file will be silently mapped into the
+current UNIX uid or gid of the currently connected user.
+
+This is designed to allow Windows NT clients to copy files and
+folders containing ACLs that were created locally on the client machine
+and contain users local to that machine only (no domain users) to be
+copied to a Samba server (usually with XCOPY /O) and have the unknown
+userid and groupid of the file owner map to the current connected user.
+This can only be fixed correctly when winbindd allows arbitrary mapping
+from any Windows NT SID to a UNIX uid or gid.
+
+Try using this parameter when XCOPY /O gives an ACCESS_DENIED error.
+
+See also \fIforce group
+\fR
+Default: \fBFalse\fR
+
+Example: \fBforce unknown acl user = yes\fR
+.TP
 \fBforce user (S)\fR
 This specifies a UNIX user name that will be 
 assigned as the default user for all users connecting to this service. 
@@ -2908,7 +3048,7 @@ This user name only gets used once a connection is established.
 Thus clients still need to connect as a valid user and supply a 
 valid password. Once connected, all file operations will be performed 
 as the "forced user", no matter what username the client connected 
-as.  This can be very useful.
+as. This can be very useful.
 
 In Samba 2.0.5 and above this parameter also causes the 
 primary group of the forced user to be used as the primary group 
@@ -2917,7 +3057,6 @@ as the primary group of the connecting user (this was a bug).
 
 See also \fIforce group
 \fR
-
 Default: \fBno forced user\fR
 
 Example: \fBforce user = auser\fR
@@ -2951,7 +3090,7 @@ group\fR.
 .TP
 \fBguest account (S)\fR
 This is a username which will be used for access 
-to services which are specified as \fI  guest ok\fR (see below). Whatever privileges this 
+to services which are specified as \fI guest ok\fR (see below). Whatever privileges this 
 user has will be available to any client connecting to the guest service. 
 Typically this user will exist in the password file, but will not
 have a valid login. The user account "ftp" is often a good choice 
@@ -2962,11 +3101,7 @@ One some systems the default guest account "nobody" may not
 be able to print. Use another account in this case. You should test 
 this by trying to log in as your guest user (perhaps by using the 
 \fBsu -\fR command) and trying to print using the 
-system print command such as \fBlpr(1)\fR or \fB  lp(1)\fR.
-
-This paramater does not accept % marcos, becouse
-many parts of the system require this value to be
-constant for correct operation
+system print command such as \fBlpr(1)\fR or \fB lp(1)\fR.
 
 Default: \fBspecified at compile time, usually 
 "nobody"\fR
@@ -2976,18 +3111,18 @@ Example: \fBguest account = ftp\fR
 \fBguest ok (S)\fR
 If this parameter is yes for 
 a service, then no password is required to connect to the service. 
-Privileges will be those of the \fI  guest account\fR.
+Privileges will be those of the \fI guest account\fR.
 
-See the section below on \fI  security\fR for more information about this option.
+See the section below on \fI security\fR for more information about this option.
 
 Default: \fBguest ok = no\fR
 .TP
 \fBguest only (S)\fR
 If this parameter is yes for 
 a service, then only guest connections to the service are permitted. 
-This parameter will have no effect if   \fIguest ok\fR is not set for the service.
+This parameter will have no effect if  \fIguest ok\fR is not set for the service.
 
-See the section below on \fI  security\fR for more information about this option.
+See the section below on \fI security\fR for more information about this option.
 
 Default: \fBguest only = no\fR
 .TP
@@ -2999,11 +3134,11 @@ Default: \fBhide dot files = yes\fR
 .TP
 \fBhide files(S)\fR
 This is a list of files or directories that are not 
-visible but are accessible.  The DOS 'hidden' attribute is applied 
+visible but are accessible. The DOS 'hidden' attribute is applied 
 to any files or directories that match.
 
 Each entry in the list must be separated by a '/', 
-which allows spaces to be included in the entry.  '*'
+which allows spaces to be included in the entry. '*'
 and '?' can be used to specify multiple files or directories 
 as in DOS wildcards.
 
@@ -3018,7 +3153,7 @@ as it will be forced to check all files and directories for a match
 as they are scanned.
 
 See also \fIhide 
-dot files\fR, \fI  veto files\fR and   \fIcase sensitive\fR.
+dot files\fR, \fI veto files\fR and  \fIcase sensitive\fR.
 
 Default: \fBno file are hidden\fR
 
@@ -3036,31 +3171,24 @@ users (root, wheel, floppy, etc) from remote clients.
 
 Default: \fBhide local users = no\fR
 .TP
-\fBhide unreadable (G)\fR
+\fBhide unreadable (S)\fR
 This parameter prevents clients from seeing the
 existance of files that cannot be read. Defaults to off.
 
 Default: \fBhide unreadable = no\fR
 .TP
-\fBhide unwriteable files (G)\fR
-This parameter prevents clients from seeing
-the existance of files that cannot be written to. Defaults to off.
-Note that unwriteable directories are shown as usual.
-
-Default: \fBhide unwriteable = no\fR
-.TP
 \fBhomedir map (G)\fR
 If\fInis homedir
-\fR is true, and \fBsmbd(8)\fR is also acting 
+\fRis true, and \fBsmbd(8)\fR is also acting 
 as a Win95/98 \fIlogon server\fR then this parameter 
 specifies the NIS (or YP) map from which the server for the user's 
-home directory should be extracted.  At present, only the Sun 
+home directory should be extracted. At present, only the Sun 
 auto.home map format is understood. The form of the map is:
 
 \fBusername server:/some/file/system\fR
 
 and the program will extract the servername from before 
-the first ':'.  There should probably be a better parsing system 
+the first ':'. There should probably be a better parsing system 
 that copes with different map formats and also Amd (another 
 automounter) maps.
 
@@ -3077,26 +3205,16 @@ Example: \fBhomedir map = amd.homedir\fR
 .TP
 \fBhost msdfs (G)\fR
 This boolean parameter is only available 
-if Samba has been configured and compiled with the \fB  --with-msdfs\fR option. If set to yes, 
-Samba will act as a Dfs server, and  allow Dfs-aware clients 
+if Samba has been configured and compiled with the \fB --with-msdfs\fR option. If set to yes, 
+Samba will act as a Dfs server, and allow Dfs-aware clients 
 to browse Dfs trees hosted on the server.
 
-See also the \fI  msdfs root\fR share  level  parameter.  For
-more  information  on  setting  up a Dfs tree on Samba,
+See also the \fI msdfs root\fR share level parameter. For
+more information on setting up a Dfs tree on Samba,
 refer to msdfs_setup.html
 
 Default: \fBhost msdfs = no\fR
 .TP
-\fBhostname lookups (G)\fR
-Specifies whether samba should use (expensive)
-hostname lookups or use the ip addresses instead. An example place
-where hostname lookups are currently used is when checking 
-the \fBhosts deny\fR and \fBhosts allow\fR.
-
-Default: \fBhostname lookups = yes\fR
-
-Example: \fBhostname lookups = no\fR
-.TP
 \fBhosts allow (S)\fR
 A synonym for this parameter is \fIallow 
 hosts\fR.
@@ -3111,7 +3229,7 @@ service has a different setting.
 You can specify the hosts by name or IP number. For 
 example, you could restrict access to only the hosts on a 
 Class C subnet with something like \fBallow hosts = 150.203.5.
-\fR. The full syntax of the list is described in the man 
+\fR\&. The full syntax of the list is described in the man 
 page \fIhosts_access(5)\fR. Note that this man
 page may not be present on your system, so a brief description will
 be given here also.
@@ -3151,10 +3269,8 @@ what you expect.
 
 Default: \fBnone (i.e., all hosts permitted access)
 \fR
-
 Example: \fBallow hosts = 150.203.5. myhost.mynet.edu.au
-\fR
-.TP
+\fR.TP
 \fBhosts deny (S)\fR
 The opposite of \fIhosts allow\fR 
 - hosts listed here are \fBNOT\fR permitted access to 
@@ -3164,21 +3280,19 @@ list takes precedence.
 
 Default: \fBnone (i.e., no hosts specifically excluded)
 \fR
-
 Example: \fBhosts deny = 150.203.4. badhost.mynet.edu.au
-\fR
-.TP
+\fR.TP
 \fBhosts equiv (G)\fR
 If this global parameter is a non-null string, 
 it specifies the name of a file to read for the names of hosts 
 and users who will be allowed access without specifying a password.
 
-This is not be confused with   \fIhosts allow\fR which is about hosts 
-access to services and is more useful for guest services. \fI  hosts equiv\fR may be useful for NT clients which will 
+This is not be confused with  \fIhosts allow\fR which is about hosts 
+access to services and is more useful for guest services. \fI hosts equiv\fR may be useful for NT clients which will 
 not supply passwords to Samba.
 
 \fBNOTE :\fR The use of \fIhosts equiv
-\fR can be a major security hole. This is because you are 
+\fRcan be a major security hole. This is because you are 
 trusting the PC to supply the correct username. It is very easy to 
 get a PC to supply a false username. I recommend that the 
 \fIhosts equiv\fR option be only used if you really 
@@ -3192,7 +3306,7 @@ Example: \fBhosts equiv = /etc/hosts.equiv\fR
 .TP
 \fBinclude (G)\fR
 This allows you to include one config file 
-inside another.  The file is included literally, as though typed 
+inside another. The file is included literally, as though typed 
 in place.
 
 It takes the standard substitutions, except \fI%u
@@ -3201,14 +3315,13 @@ It takes the standard substitutions, except \fI%u
 Default: \fBno file included\fR
 
 Example: \fBinclude = /usr/local/samba/lib/admin_smb.conf
-\fR
-.TP
+\fR.TP
 \fBinherit acls (S)\fR
 This parameter can be used to ensure
 that if default acls exist on parent directories,
 they are always honored when creating a subdirectory.
 The default behavior is to use the mode specified
-when creating the directory.  Enabling this option
+when creating the directory. Enabling this option
 sets the mode to 0777, thus guaranteeing that 
 default directory acls are propagated.
 
@@ -3216,7 +3329,7 @@ Default: \fBinherit acls = no\fR
 .TP
 \fBinherit permissions (S)\fR
 The permissions on new files and directories 
-are normally governed by \fI  create mask\fR,   \fIdirectory mask\fR, \fIforce create mode\fR
+are normally governed by \fI create mask\fR,  \fIdirectory mask\fR, \fIforce create mode\fR
 and \fIforce 
 directory mode\fR but the boolean inherit 
 permissions parameter overrides this.
@@ -3225,7 +3338,7 @@ New directories inherit the mode of the parent directory,
 including bits such as setgid.
 
 New files inherit their read/write bits from the parent 
-directory.  Their execute bits continue to be determined by
+directory. Their execute bits continue to be determined by
 \fImap archive\fR
 , \fImap hidden\fR
 and \fImap system\fR
@@ -3239,7 +3352,7 @@ many users, perhaps several thousand, to allow a single [homes]
 share to be used flexibly by each user.
 
 See also \fIcreate mask
-\fR, \fI  directory mask\fR,   \fIforce create mode\fR and \fIforce directory mode\fR
+\fR, \fI directory mask\fR,  \fIforce create mode\fR and \fIforce directory mode\fR
 \&.
 
 Default: \fBinherit permissions = no\fR
@@ -3271,29 +3384,35 @@ an IP/mask pair.
 \(bu
 a broadcast/mask pair.
 .RE
-
+.PP
 The "mask" parameters can either be a bit length (such 
 as 24 for a C class network) or a full netmask in dotted 
 decimal form.
-
+.PP
+.PP
 The "IP" parameters above can either be a full dotted 
 decimal IP address or a hostname which will be looked up via 
 the OS's normal hostname resolution mechanisms.
-
+.PP
+.PP
 For example, the following line:
-
+.PP
+.PP
 \fBinterfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
-\fR
-
+\fR.PP
+.PP
 would configure three network interfaces corresponding 
 to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. 
 The netmasks of the latter two interfaces would be set to 255.255.255.0.
-
+.PP
+.PP
 See also \fIbind 
 interfaces only\fR.
-
+.PP
+.PP
 Default: \fBall active interfaces except 127.0.0.1 
 that are broadcast capable\fR
+.PP
 .TP
 \fBinvalid users (S)\fR
 This is a list of users that should not be allowed 
@@ -3320,13 +3439,12 @@ The current servicename is substituted for \fI%S\fR.
 This is useful in the [homes] section.
 
 See also \fIvalid users
-\fR.
+\fR\&.
 
 Default: \fBno invalid users\fR
 
 Example: \fBinvalid users = root fred admin @wheel
-\fR
-.TP
+\fR.TP
 \fBkeepalive (G)\fR
 The value of the parameter (an integer) represents 
 the number of seconds between \fIkeepalive\fR 
@@ -3348,7 +3466,7 @@ For UNIXes that support kernel based \fIoplocks\fR
 allows the use of them to be turned on or off.
 
 Kernel oplocks support allows Samba \fIoplocks
-\fR to be broken whenever a local UNIX process or NFS operation 
+\fRto be broken whenever a local UNIX process or NFS operation 
 accesses a file that \fBsmbd(8)\fR
  has oplocked. This allows complete data consistency between 
 SMB/CIFS, NFS and local file access (and is a \fBvery\fR 
@@ -3360,7 +3478,7 @@ You should never need to touch this parameter.
 
 See also the \fIoplocks\fR
 and \fIlevel2 oplocks
-\fR parameters.
+\fRparameters.
 
 Default: \fBkernel oplocks = yes\fR
 .TP
@@ -3379,37 +3497,79 @@ supports the new 64k streaming read and write varient SMB requests introduced
 with Windows 2000. Note that due to Windows 2000 client redirector bugs
 this requires Samba to be running on a 64-bit capable operating system such
 as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with
-Windows 2000 clients. Defaults to on. Not as tested as some other Samba
+Windows 2000 clients. Defaults to off. Not as tested as some other Samba
 code paths.
 
-Default : \fBlarge readwrite = yes\fR
+Default : \fBlarge readwrite = no\fR
 .TP
 \fBldap admin dn (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
 The \fIldap admin dn\fR defines the Distinguished 
-Name (DN) name used by Samba to contact the ldap server when retreiving 
-user account information. The \fIldap
+Name (DN) name used by Samba to contact the ldap
+server when retreiving user account information. The \fIldap
 admin dn\fR is used in conjunction with the admin dn password
-stored in the \fIprivate/secrets.tdb\fR file.  See the
+stored in the \fIprivate/secrets.tdb\fR file. See the
 \fBsmbpasswd(8)\fR man
 page for more information on how to accmplish this.
 
 Default : \fBnone\fR
 .TP
 \fBldap filter (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
 This parameter specifies the RFC 2254 compliant LDAP search filter.
 The default is to match the login name with the uid 
-attribute for all entries matching the sambaAccount  
-objectclass.  Note that this filter should only return one entry.
+attribute for all entries matching the sambaAccount 
+objectclass. Note that this filter should only return one entry.
 
 Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR
 .TP
+\fBldap port (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+This option is used to control the tcp port number used to contact
+the \fIldap server\fR.
+The default is to use the stand LDAPS port 636.
+
+See Also: ldap ssl
+
+Default : \fBldap port = 636 ; if ldap ssl = on\fR
+
+Default : \fBldap port = 389 ; if ldap ssl = off\fR
+.TP
+\fBldap server (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
+This parameter should contains the FQDN of the ldap directory 
+server which should be queried to locate user account information.
+
+Default : \fBldap server = localhost\fR
+.TP
 \fBldap ssl (G)\fR
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
+
 This option is used to define whether or not Samba should
-use SSL when connecting to the ldap server
-This is \fBNOT\fR related to
-Samba's previous SSL support which was enabled by specifying the 
+use SSL when connecting to the \fIldap
+server\fR. This is \fBNOT\fR related to
+Samba SSL support which is enabled by specifying the 
 \fB--with-ssl\fR option to the \fIconfigure\fR 
-script.
+script (see \fIssl\fR).
 
 The \fIldap ssl\fR can be set to one of three values:
 (a) on - Always use SSL when contacting the 
@@ -3421,16 +3581,10 @@ Never use SSL when querying the directory, or (c) start_tls
 Default : \fBldap ssl = on\fR
 .TP
 \fBldap suffix (G)\fR
-Default : \fBnone\fR
-.TP
-\fBldap user suffix (G)\fR
-It specifies where users are added to the tree.
-
-Default : \fBnone\fR
-.TP
-\fBldap machine suffix (G)\fR
-It specifies where machines should be 
-added to the ldap tree.
+This parameter is only available if Samba has been
+configure to include the \fB--with-ldapsam\fR option
+at compile time. This option should be considered experimental and
+under active development.
 
 Default : \fBnone\fR
 .TP
@@ -3472,11 +3626,11 @@ parameters.
 Default: \fBlevel2 oplocks = yes\fR
 .TP
 \fBlm announce (G)\fR
-This parameter determines if   \fBnmbd(8)\fR will produce Lanman announce 
+This parameter determines if  \fBnmbd(8)\fR will produce Lanman announce 
 broadcasts that are needed by OS/2 clients in order for them to see 
 the Samba server in their browse list. This parameter can have three 
 values, true, false, or
-auto. The default is auto.  
+auto. The default is auto. 
 If set to false Samba will never produce these 
 broadcasts. If set to true Samba will produce 
 Lanman announce broadcasts at a frequency set by the parameter 
@@ -3487,7 +3641,7 @@ then start sending them at a frequency set by the parameter
 \fIlm interval\fR.
 
 See also \fIlm interval
-\fR.
+\fR\&.
 
 Default: \fBlm announce = auto\fR
 
@@ -3495,9 +3649,9 @@ Example: \fBlm announce = yes\fR
 .TP
 \fBlm interval (G)\fR
 If Samba is set to produce Lanman announce 
-broadcasts needed by OS/2 clients (see the   \fIlm announce\fR parameter) then this 
+broadcasts needed by OS/2 clients (see the  \fIlm announce\fR parameter) then this 
 parameter defines the frequency in seconds with which they will be 
-made.  If this is set to zero then no Lanman announcements will be 
+made. If this is set to zero then no Lanman announcements will be 
 made despite the setting of the \fIlm announce\fR 
 parameter.
 
@@ -3517,12 +3671,12 @@ more details.
 Default: \fBload printers = yes\fR
 .TP
 \fBlocal master (G)\fR
-This option allows \fB  nmbd(8)\fR to try and become a local master browser 
-on a subnet. If set to false then \fB  nmbd\fR will not attempt to become a local master browser 
+This option allows \fB nmbd(8)\fR to try and become a local master browser 
+on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser 
 on a subnet and will also lose in all browsing elections. By
 default this value is set to true. Setting this value to true doesn't
 mean that Samba will \fBbecome\fR the local master 
-browser on a subnet, just that \fBnmbd\fR will \fB  participate\fR in elections for local master browser.
+browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser.
 
 Setting this value to false will cause \fBnmbd\fR
 \fBnever\fR to become a local master browser.
@@ -3530,11 +3684,11 @@ Setting this value to false will cause \fBnmbd\fR
 Default: \fBlocal master = yes\fR
 .TP
 \fBlock dir (G)\fR
-Synonym for \fI  lock directory\fR.
+Synonym for \fI lock directory\fR.
 .TP
 \fBlock directory (G)\fR
 This option specifies the directory where lock 
-files will be placed.  The lock files are used to implement the 
+files will be placed. The lock files are used to implement the 
 \fImax connections\fR
 option.
 
@@ -3545,10 +3699,10 @@ Example: \fBlock directory = /var/run/samba/locks\fR
 \fBlock spin count (G)\fR
 This parameter controls the number of times
 that smbd should attempt to gain a byte range lock on the 
-behalf of a client request.  Experiments have shown that
+behalf of a client request. Experiments have shown that
 Windows 2k servers do not reply with a failure if the lock
 could not be immediately granted, but try a few more times
-in case the lock could later be aquired.  This behavior
+in case the lock could later be aquired. This behavior
 is used to support PC database formats such as MS Access
 and FoxPro.
 
@@ -3556,7 +3710,7 @@ Default: \fBlock spin count = 2\fR
 .TP
 \fBlock spin time (G)\fR
 The time in microseconds that smbd should 
-pause before attempting to gain a failed lock.  See
+pause before attempting to gain a failed lock. See
 \fIlock spin 
 count\fR for more details.
 
@@ -3593,21 +3747,17 @@ This option takes the standard substitutions, allowing
 you to have separate log files for each user or machine.
 
 Example: \fBlog file = /usr/local/samba/var/log.%m
-\fR
-.TP
+\fR.TP
 \fBlog level (G)\fR
-The value of the parameter (a astring) allows 
+The value of the parameter (an integer) allows 
 the debug level (logging level) to be specified in the 
-\fIsmb.conf\fR file. This parameter has been
-extended since 2.2.x series, now it allow to specify the debug
-level for multiple debug classes. This is to give greater 
+\fIsmb.conf\fR file. This is to give greater 
 flexibility in the configuration of the system.
 
 The default will be the log level specified on 
 the command line or level zero if none was specified.
 
-Example: \fBlog level = 3 passdb:5 auth:10 winbind:2
-\fR
+Example: \fBlog level = 3\fR
 .TP
 \fBlogon drive (G)\fR
 This parameter specifies the local path to 
@@ -3623,7 +3773,7 @@ Example: \fBlogon drive = h:\fR
 .TP
 \fBlogon home (G)\fR
 This parameter specifies the home directory 
-location when a Win95/98 or NT Workstation logs into a Samba PDC.  
+location when a Win95/98 or NT Workstation logs into a Samba PDC. 
 It allows you to do 
 
 C:\\> \fBNET USE H: /HOME\fR
@@ -3635,19 +3785,19 @@ you to have separate logon scripts for each user or machine.
 
 This parameter can be used with Win9X workstations to ensure 
 that roaming profiles are stored in a subdirectory of the user's 
-home directory.  This is done in the following way:
+home directory. This is done in the following way:
 
 \fBlogon home = \\\\%N\\%U\\profile\fR
 
 This tells Samba to return the above string, with 
 substitutions made when a client requests the info, generally 
-in a NetUserGetInfo request.  Win9X clients truncate the info to
+in a NetUserGetInfo request. Win9X clients truncate the info to
 \\\\server\\share when a user does \fBnet use /home\fR
 but use the whole string when dealing with profiles.
 
-Note that in prior versions of Samba, the   \fIlogon path\fR was returned rather than 
-\fIlogon home\fR.  This broke \fBnet use 
-/home\fR but allowed profiles outside the home directory.  
+Note that in prior versions of Samba, the  \fIlogon path\fR was returned rather than 
+\fIlogon home\fR. This broke \fBnet use 
+/home\fR but allowed profiles outside the home directory. 
 The current implementation is correct, and can be used for 
 profiles if you use the above trick.
 
@@ -3661,12 +3811,12 @@ Example: \fBlogon home = "\\\\remote_smb_server\\%U"\fR
 \fBlogon path (G)\fR
 This parameter specifies the home directory 
 where roaming profiles (NTuser.dat etc files for Windows NT) are 
-stored.  Contrary to previous versions of these manual pages, it has 
-nothing to do with Win 9X roaming profiles.  To find out how to 
-handle roaming profiles for Win 9X system, see the   \fIlogon home\fR parameter.
+stored. Contrary to previous versions of these manual pages, it has 
+nothing to do with Win 9X roaming profiles. To find out how to 
+handle roaming profiles for Win 9X system, see the  \fIlogon home\fR parameter.
 
 This option takes the standard substitutions, allowing you 
-to have separate logon scripts for each user or machine.  It also 
+to have separate logon scripts for each user or machine. It also 
 specifies the directory from which the "Application Data", 
 (\fIdesktop\fR, \fIstart menu\fR,
 \fInetwork neighborhood\fR, \fIprograms\fR 
@@ -3675,18 +3825,18 @@ your Windows NT client.
 
 The share and the path must be readable by the user for 
 the preferences and directories to be loaded onto the Windows NT
-client.  The share must be writeable when the user logs in for the first
+client. The share must be writeable when the user logs in for the first
 time, in order that the Windows NT client can create the NTuser.dat
 and other directories.
 
 Thereafter, the directories and any of the contents can, 
-if required, be made read-only.  It is not advisable that the 
+if required, be made read-only. It is not advisable that the 
 NTuser.dat file be made read-only - rename it to NTuser.man to 
 achieve the desired effect (a \fBMAN\fRdatory 
 profile). 
 
 Windows clients can sometimes maintain a connection to 
-the [homes] share, even though there is no user logged in.  
+the [homes] share, even though there is no user logged in. 
 Therefore, it is vital that the logon path does not include a 
 reference to the homes share (i.e. setting this parameter to
 \\%N\\%U\\profile_path will cause problems).
@@ -3704,22 +3854,22 @@ Example: \fBlogon path = \\\\PROFILESERVER\\PROFILE\\%U\fR
 \fBlogon script (G)\fR
 This parameter specifies the batch file (.bat) or 
 NT command file (.cmd) to be downloaded and run on a machine when 
-a user successfully logs in.  The file must contain the DOS 
+a user successfully logs in. The file must contain the DOS 
 style CR/LF line endings. Using a DOS-style editor to create the 
 file is recommended.
 
 The script must be a relative path to the [netlogon] 
-service.  If the [netlogon] service specifies a   \fIpath\fR of \fI/usr/local/samba/netlogon
+service. If the [netlogon] service specifies a  \fIpath\fR of \fI/usr/local/samba/netlogon
 \fR, and \fBlogon script = STARTUP.BAT\fR, then 
 the file that will be downloaded is:
 
 \fI/usr/local/samba/netlogon/STARTUP.BAT\fR
 
-The contents of the batch file are entirely your choice.  A 
+The contents of the batch file are entirely your choice. A 
 suggested command would be to add \fBNET TIME \\\\SERVER /SET 
 /YES\fR, to force every machine to synchronize clocks with 
-the same time server.  Another use would be to add \fBNET USE 
-U: \\\\SERVER\\UTILS\fR for commonly used utilities, or \fB  NET USE Q: \\\\SERVER\\ISO9001_QA\fR for example.
+the same time server. Another use would be to add \fBNET USE 
+U: \\\\SERVER\\UTILS\fR for commonly used utilities, or \fB NET USE Q: \\\\SERVER\\ISO9001_QA\fR for example.
 
 Note that it is particularly important not to allow write 
 access to the [netlogon] share, or to grant users write permission 
@@ -3749,18 +3899,18 @@ having a too low priority won't be sent to the printer.
 
 If a \fI%p\fR is given then the printer name 
 is put in its place. A \fI%j\fR is replaced with 
-the job number (an integer).  On HPUX (see \fIprinting=hpux
+the job number (an integer). On HPUX (see \fIprinting=hpux
 \fR), if the \fI-p%p\fR option is added 
 to the lpq command, the job will show up with the correct status, i.e. 
 if the job priority is lower than the set fence priority it will 
-have the PAUSED status, whereas if  the priority is equal or higher it 
+have the PAUSED status, whereas if the priority is equal or higher it 
 will have the SPOOLED or PRINTING status.
 
 Note that it is good practice to include the absolute path 
 in the lppause command as the PATH may not be available to the server.
 
 See also the \fIprinting
-\fR parameter.
+\fRparameter.
 
 Default: Currently no default value is given to 
 this string, unless the value of the \fIprinting\fR 
@@ -3773,13 +3923,13 @@ is SOFTQ, then the default is:
 
 \fBqstat -s -j%j -h\fR
 
-Example for HPUX: \fBlppause command = /usr/bin/lpalt  
+Example for HPUX: \fBlppause command = /usr/bin/lpalt 
 %p-%j -p0\fR
 .TP
 \fBlpq cache time (G)\fR
 This controls how long lpq info will be cached 
 for to prevent the \fBlpq\fR command being called too 
-often. A separate cache is kept for each variation of the \fB  lpq\fR command used by the system, so if you use different 
+often. A separate cache is kept for each variation of the \fB lpq\fR command used by the system, so if you use different 
 \fBlpq\fR commands for different users then they won't
 share cache information.
 
@@ -3794,7 +3944,7 @@ be advisable if your \fBlpq\fR command is very slow.
 A value of 0 will disable caching completely.
 
 See also the \fIprinting
-\fR parameter.
+\fRparameter.
 
 Default: \fBlpq cache time = 10\fR
 
@@ -3826,15 +3976,15 @@ command.
 
 Note that it is good practice to include the absolute path 
 in the \fIlpq command\fR as the \fB$PATH
-\fR may not be available to the server.  When compiled with
+\fRmay not be available to the server. When compiled with
 the CUPS libraries, no \fIlpq command\fR is
 needed because smbd will make a library call to obtain the 
 print queue listing.
 
 See also the \fIprinting
-\fR parameter.
+\fRparameter.
 
-Default: \fBdepends on the setting of \fI  printing\fB\fR
+Default: \fBdepends on the setting of \fI printing\fB\fR
 
 Example: \fBlpq command = /usr/bin/lpq -P%p\fR
 .TP
@@ -3846,7 +3996,7 @@ printing or spooling a specific print job.
 This command should be a program or script which takes 
 a printer name and job number to resume the print job. See 
 also the \fIlppause command
-\fR parameter.
+\fRparameter.
 
 If a \fI%p\fR is given then the printer name 
 is put in its place. A \fI%j\fR is replaced with 
@@ -3857,7 +4007,7 @@ in the \fIlpresume command\fR as the PATH may not
 be available to the server.
 
 See also the \fIprinting
-\fR parameter.
+\fRparameter.
 
 Default: Currently no default value is given 
 to this string, unless the value of the \fIprinting\fR 
@@ -3889,28 +4039,25 @@ path in the \fIlprm command\fR as the PATH may not be
 available to the server.
 
 See also the \fIprinting
-\fR parameter.
+\fRparameter.
 
 Default: \fBdepends on the setting of \fIprinting
 \fB\fR
-
 Example 1: \fBlprm command = /usr/bin/lprm -P%p %j
 \fR
-
 Example 2: \fBlprm command = /usr/bin/cancel %p-%j
-\fR
-.TP
+\fR.TP
 \fBmachine password timeout (G)\fR
 If a Samba server is a member of a Windows 
 NT Domain (see the security = domain) 
-parameter) then periodically a running   smbd(8) process will try and change the MACHINE ACCOUNT 
+parameter) then periodically a running  smbd(8) process will try and change the MACHINE ACCOUNT 
 PASSWORD stored in the TDB called \fIprivate/secrets.tdb
-\fR.  This parameter specifies how often this password 
+\fR\&. This parameter specifies how often this password 
 will be changed, in seconds. The default is one week (expressed in 
 seconds), the same as a Windows NT Domain member server.
 
 See also \fBsmbpasswd(8)
-\fR and the   security = domain) parameter.
+\fR and the  security = domain) parameter.
 
 Default: \fBmachine password timeout = 604800\fR
 .TP
@@ -3921,12 +4068,11 @@ which will contain output created by a magic script (see the
 parameter below).
 
 Warning: If two clients use the same \fImagic script
-\fR in the same directory the output file content
+\fRin the same directory the output file content
 is undefined.
 
 Default: \fBmagic output = <magic script name>.out
 \fR
-
 Example: \fBmagic output = myfile.txt\fR
 .TP
 \fBmagic script (S)\fR
@@ -3940,7 +4086,7 @@ completion assuming that the user has the appropriate level
 of privilege and the file permissions allow the deletion.
 
 If the script generates output, output will be sent to 
-the file specified by the \fI  magic output\fR parameter (see above).
+the file specified by the \fI magic output\fR parameter (see above).
 
 Note that some shells are unable to interpret scripts 
 containing CR/LF instead of CR as 
@@ -3956,14 +4102,14 @@ Default: \fBNone. Magic scripts disabled.\fR
 Example: \fBmagic script = user.csh\fR
 .TP
 \fBmangle case (S)\fR
-See the section on   NAME MANGLING
+See the section on  NAME MANGLING
 
 Default: \fBmangle case = no\fR
 .TP
 \fBmangled map (S)\fR
 This is for those who want to directly map UNIX 
-file names which cannot be represented on Windows/DOS.  The mangling 
-of names is not always what is needed.  In particular you may have 
+file names which cannot be represented on Windows/DOS. The mangling 
+of names is not always what is needed. In particular you may have 
 documents with file extensions that differ between DOS and UNIX. 
 For example, under UNIX it is common to use \fI.html\fR 
 for HTML files, whereas under Windows/DOS \fI.htm\fR 
@@ -3975,7 +4121,7 @@ you would use:
 \fBmangled map = (*.html *.htm)\fR
 
 One very useful case is to remove the annoying \fI;1
-\fR off the ends of filenames on some CDROMs (only visible 
+\fRoff the ends of filenames on some CDROMs (only visible 
 under some UNIXes). To do this use a map of (*;1 *;).
 
 Default: \fBno mangled map\fR
@@ -3987,9 +4133,9 @@ This controls whether non-DOS names under UNIX
 should be mapped to DOS-compatible names ("mangled") and made visible, 
 or whether non-DOS names should simply be ignored.
 
-See the section on   NAME MANGLING for details on how to control the mangling process.
+See the section on  NAME MANGLING for details on how to control the mangling process.
 
-If mangling is used then the mangling algorithm is as follows:
+If mangling algorithm "hash" is used then the mangling algorithm is as follows:
 .RS
 .TP 0.2i
 \(bu
@@ -4025,40 +4171,66 @@ for other filenames, but with the leading dot removed and "___" as
 its extension regardless of actual original extension (that's three 
 underscores).
 .RE
-
+.PP
 The two-digit hash value consists of upper case 
 alphanumeric characters.
-
+.PP
+.PP
 This algorithm can cause name collisions only if files 
 in a directory share the same first five alphanumeric characters. 
 The probability of such a clash is 1/1300.
+.PP
+.PP
+If mangling algorithm "hash2" is used then the mangling algorithm is as follows:
+.PP
+.RS
+.TP 0.2i
+\(bu
+The first alphanumeric character 
+before the rightmost dot of the filename is preserved, forced 
+to upper case, and appears as the first character of the mangled name.
+.TP 0.2i
+\(bu
+A base63 hash of 5 characters is generated and the
+first 4 characters of that hash are appended to the first character.
+.TP 0.2i
+\(bu
+A tilde "~" is appended to the first part of the mangled
+name, followed by the final character of the base36 hash of the name.
 
+Note that the character to use may be specified using 
+the \fImangling char\fR
+option, if you don't like '~'.
+.TP 0.2i
+\(bu
+The first three alphanumeric characters of the final 
+extension are preserved, forced to upper case and appear as the 
+extension of the mangled name. The final extension is defined as that 
+part of the original filename after the rightmost dot. If there are no 
+dots in the filename, the mangled name will have no extension (except 
+in the case of "hidden files" - see below).
+.TP 0.2i
+\(bu
+Files whose UNIX name begins with a dot will be 
+presented as DOS hidden files. The mangled name will be created as 
+for other filenames, but with the leading dot removed and "___" as 
+its extension regardless of actual original extension (that's three 
+underscores).
+.RE
+.PP
 The name mangling (if enabled) allows a file to be 
 copied between UNIX directories from Windows/DOS while retaining 
 the long UNIX filename. UNIX files can be renamed to a new extension 
 from Windows/DOS and will retain the same basename. Mangled names 
 do not change between sessions.
-
+.PP
+.PP
 Default: \fBmangled names = yes\fR
-.TP
-\fBmangling method (G)\fR
-controls the algorithm used for the generating
-the mangled names. Can take two different values, "hash" and
-"hash2". "hash" is  the default and is the algorithm that has been
-used in Samba for many years. "hash2" is a newer and considered
-a better algorithm (generates less collisions) in the names.
-However, many Win32 applications store the mangled names and so
-changing to the new algorithm must not be done
-lightly as these applications may break unless reinstalled.
-New installations of Samba may set the default to hash2.
-
-Default: \fBmangling method = hash\fR
-
-Example: \fBmangling method = hash2\fR
+.PP
 .TP
 \fBmangled stack (G)\fR
 This parameter controls the number of mangled names 
-that should be cached in the Samba server   smbd(8)
+that should be cached in the Samba server  smbd(8)
 
 This stack is a list of recently mangled base names 
 (extensions are only maintained if they are longer than 3 characters 
@@ -4086,17 +4258,32 @@ Default: \fBmangling char = ~\fR
 
 Example: \fBmangling char = ^\fR
 .TP
+\fBmangling mathod(G)\fR
+controls the algorithm used for the generating
+the mangled names. Can take two different values, "hash" and
+"hash2". "hash" is the default and is the algorithm that has been
+used in Samba for many years. "hash2" is a newer and considered
+a better algorithm (generates less collisions) in the names.
+However, many Win32 applications store the mangled names and so
+changing to the new algorithm must not be done
+lightly as these applications may break unless reinstalled.
+New installations of Samba may set the default to hash2.
+
+Default: \fBmangling method = hash\fR
+
+Example: \fBmangling method = hash2\fR
+.TP
 \fBmap archive (S)\fR
 This controls whether the DOS archive attribute 
-should be mapped to the UNIX owner execute bit.  The DOS archive bit 
-is set when a file has been modified since its last backup.  One 
+should be mapped to the UNIX owner execute bit. The DOS archive bit 
+is set when a file has been modified since its last backup. One 
 motivation for this option it to keep Samba/your PC from making 
-any file it touches from becoming executable under UNIX.  This can 
+any file it touches from becoming executable under UNIX. This can 
 be quite annoying for shared source code, documents, etc...
 
 Note that this requires the \fIcreate mask\fR
 parameter to be set such that owner execute bit is not masked out 
-(i.e. it must include 100). See the parameter   \fIcreate mask\fR for details.
+(i.e. it must include 100). See the parameter  \fIcreate mask\fR for details.
 
 Default: \fBmap archive = yes\fR
 .TP
@@ -4106,7 +4293,7 @@ should be mapped to the UNIX world execute bit.
 
 Note that this requires the \fIcreate mask\fR 
 to be set such that the world execute bit is not masked out (i.e. 
-it must include 001). See the parameter   \fIcreate mask\fR for details.
+it must include 001). See the parameter  \fIcreate mask\fR for details.
 
 Default: \fBmap hidden = no\fR
 .TP
@@ -4116,12 +4303,12 @@ should be mapped to the UNIX group execute bit.
 
 Note that this requires the \fIcreate mask\fR 
 to be set such that the group execute bit is not masked out (i.e. 
-it must include 010). See the parameter   \fIcreate mask\fR for details.
+it must include 010). See the parameter  \fIcreate mask\fR for details.
 
 Default: \fBmap system = no\fR
 .TP
 \fBmap to guest (G)\fR
-This parameter is only useful in   security modes other than \fIsecurity = share\fR 
+This parameter is only useful in  security modes other than \fIsecurity = share\fR 
 - i.e. user, server, 
 and domain.
 
@@ -4141,7 +4328,7 @@ default.
 Bad User - Means user
 logins with an invalid password are rejected, unless the username 
 does not exist, in which case it is treated as a guest login and 
-mapped into the \fI   guest account\fR.
+mapped into the \fI guest account\fR.
 .TP 0.2i
 \(bu
 Bad Password - Means user logins 
@@ -4155,7 +4342,7 @@ that they got their password wrong. Helpdesk services will
 \fBhate\fR you if you set the \fImap to 
 guest\fR parameter this way :-).
 .RE
-
+.PP
 Note that this parameter is needed to set up "Guest" 
 share services when using \fIsecurity\fR modes other than 
 share. This is because in these modes the name of the resource being
@@ -4163,18 +4350,22 @@ requested is \fBnot\fR sent to the server until after
 the server has successfully authenticated the client so the server 
 cannot make authentication decisions at the correct time (connection 
 to the share) for "Guest" shares.
-
+.PP
+.PP
 For people familiar with the older Samba releases, this 
-parameter maps to the old compile-time setting of the   GUEST_SESSSETUP value in local.h.
-
+parameter maps to the old compile-time setting of the  GUEST_SESSSETUP value in local.h.
+.PP
+.PP
 Default: \fBmap to guest = Never\fR
-
+.PP
+.PP
 Example: \fBmap to guest = Bad User\fR
+.PP
 .TP
 \fBmax connections (S)\fR
 This option allows the number of simultaneous 
 connections to a service to be limited. If \fImax connections
-\fR is greater than 0 then connections will be refused if 
+\fRis greater than 0 then connections will be refused if 
 this number of connections to the service are already open. A value 
 of zero mean an unlimited number of connections may be made.
 
@@ -4244,7 +4435,7 @@ Default: \fBmax open files = 10000\fR
 \fBmax print jobs (S)\fR
 This parameter limits the maximum number of 
 jobs allowable in a Samba printer queue at any given moment.
-If this number is exceeded, \fB  smbd(8)\fR will remote "Out of Space" to the client.
+If this number is exceeded, \fB smbd(8)\fR will remote "Out of Space" to the client.
 See all \fItotal
 print jobs\fR.
 
@@ -4268,7 +4459,7 @@ COREPLUS: Slight improvements on
 CORE for efficiency.
 .TP 0.2i
 \(bu
-LANMAN1: First \fB   modern\fR version of the protocol. Long filename
+LANMAN1: First \fB modern\fR version of the protocol. Long filename
 support.
 .TP 0.2i
 \(bu
@@ -4278,17 +4469,21 @@ LANMAN2: Updates to Lanman1 protocol.
 NT1: Current up to date version of 
 the protocol. Used by Windows NT. Known as CIFS.
 .RE
-
+.PP
 Normally this option should not be set as the automatic 
 negotiation phase in the SMB protocol takes care of choosing 
 the appropriate protocol.
-
+.PP
+.PP
 See also \fImin
 protocol\fR
-
+.PP
+.PP
 Default: \fBmax protocol = NT1\fR
-
+.PP
+.PP
 Example: \fBmax protocol = LANMAN1\fR
+.PP
 .TP
 \fBmax smbd processes (G)\fR
 This parameter limits the maximum number of 
@@ -4296,11 +4491,11 @@ This parameter limits the maximum number of
 processes concurrently running on a system and is intended
 as a stopgap to prevent degrading service to clients in the event
 that the server has insufficient resources to handle more than this
-number of connections.  Remember that under normal operating
+number of connections. Remember that under normal operating
 conditions, each user will have an smbd associated with him or her
 to handle connections to all shares from a given host.
 
-Default: \fBmax smbd processes = 0\fR   ## no limit
+Default: \fBmax smbd processes = 0\fR ## no limit
 
 Example: \fBmax smbd processes = 1000\fR
 .TP
@@ -4315,10 +4510,10 @@ Default: \fBmax ttl = 259200\fR
 .TP
 \fBmax wins ttl (G)\fR
 This option tells nmbd(8)
- when acting as a WINS server (  \fIwins support = yes\fR) what the maximum
+ when acting as a WINS server ( \fIwins support = yes\fR) what the maximum
 \&'time to live' of NetBIOS names that \fBnmbd\fR 
 will grant will be (in seconds). You should never need to change this
-parameter.  The default is 6 days (518400 seconds).
+parameter. The default is 6 days (518400 seconds).
 
 See also the \fImin 
 wins ttl\fR parameter.
@@ -4355,7 +4550,7 @@ your PCs may freeze when sending messages (they should recover
 after 30 seconds, hopefully).
 
 All messages are delivered as the global guest user. 
-The command takes the standard substitutions, although \fI  %u\fR won't work (\fI%U\fR may be better 
+The command takes the standard substitutions, although \fI %u\fR won't work (\fI%U\fR may be better 
 in this case).
 
 Apart from the standard substitutions, some additional 
@@ -4374,32 +4569,40 @@ the message was sent to (probably the server name).
 \fI%f\fR = who the message 
 is from.
 .RE
-
+.PP
 You could make this command send mail, or whatever else 
 takes your fancy. Please let us know of any really interesting 
 ideas you have.
-
+.PP
+.PP
 Here's a way of sending the messages as mail to root:
-
+.PP
+.PP
 \fBmessage command = /bin/mail -s 'message from %f on 
 %m' root < %s; rm %s\fR
-
+.PP
+.PP
 If you don't have a message command then the message 
 won't be delivered and Samba will tell the sender there was 
 an error. Unfortunately WfWg totally ignores the error code 
 and carries on regardless, saying that the message was delivered.
-
+.PP
+.PP
 If you want to silently delete it then try:
-
+.PP
+.PP
 \fBmessage command = rm %s\fR
-
+.PP
+.PP
 Default: \fBno message command\fR
-
+.PP
+.PP
 Example: \fBmessage command = csh -c 'xedit %s;
 rm %s' &\fR
+.PP
 .TP
 \fBmin passwd length (G)\fR
-Synonym for   \fImin password length\fR.
+Synonym for  \fImin password length\fR.
 .TP
 \fBmin password length (G)\fR
 This option sets the minimum length in characters 
@@ -4407,7 +4610,7 @@ of a plaintext password that \fBsmbd\fR will accept when performing
 UNIX password changing.
 
 See also \fIunix 
-password sync\fR,   \fIpasswd program\fR and \fIpasswd chat debug\fR
+password sync\fR,  \fIpasswd program\fR and \fIpasswd chat debug\fR
 \&.
 
 Default: \fBmin password length = 5\fR
@@ -4419,7 +4622,7 @@ a print job. It is specified in kilobytes. The default is 0, which
 means a user can always spool a print job.
 
 See also the \fIprinting
-\fR parameter.
+\fRparameter.
 
 Default: \fBmin print space = 0\fR
 
@@ -4427,57 +4630,47 @@ Example: \fBmin print space = 2000\fR
 .TP
 \fBmin protocol (G)\fR
 The value of the parameter (a string) is the 
-lowest SMB protocol dialect than Samba will support.  Please refer
+lowest SMB protocol dialect than Samba will support. Please refer
 to the \fImax protocol\fR
 parameter for a list of valid protocol names and a brief description
-of each.  You may also wish to refer to the C source code in
+of each. You may also wish to refer to the C source code in
 \fIsource/smbd/negprot.c\fR for a listing of known protocol
 dialects supported by clients.
 
 If you are viewing this parameter as a security measure, you should
 also refer to the \fIlanman 
-auth\fR parameter.  Otherwise, you should never need 
+auth\fR parameter. Otherwise, you should never need 
 to change this parameter.
 
 Default : \fBmin protocol = CORE\fR
 
-Example : \fBmin protocol = NT1\fR  # disable DOS 
+Example : \fBmin protocol = NT1\fR # disable DOS 
 clients
 .TP
 \fBmin wins ttl (G)\fR
 This option tells nmbd(8)
-when acting as a WINS server (\fI  wins support = yes\fR) what the minimum 'time to live' 
+when acting as a WINS server (\fI wins support = yes\fR) what the minimum 'time to live' 
 of NetBIOS names that \fBnmbd\fR will grant will be (in 
-seconds). You should never need to change this parameter.  The default 
+seconds). You should never need to change this parameter. The default 
 is 6 hours (21600 seconds).
 
 Default: \fBmin wins ttl = 21600\fR
 .TP
 \fBmsdfs root (S)\fR
 This boolean parameter is only available if 
-Samba is configured  and  compiled with the \fB  --with-msdfs\fR option.  If set to yes, 
-Samba treats the share as a Dfs root and  allows clients to browse 
+Samba is configured and compiled with the \fB --with-msdfs\fR option. If set to yes, 
+Samba treats the share as a Dfs root and allows clients to browse 
 the distributed file system tree rooted at the share directory. 
-Dfs links are specified  in  the share directory by symbolic 
+Dfs links are specified in the share directory by symbolic 
 links of the form \fImsdfs:serverA\\shareA,serverB\\shareB
-\fR and so on.  For more information on setting up a Dfs tree 
-on Samba,  refer to msdfs_setup.html
+\fRand so on. For more information on setting up a Dfs tree 
+on Samba, refer to msdfs_setup.html
 
 
 See also \fIhost msdfs
 \fR
-
 Default: \fBmsdfs root = no\fR
 .TP
-\fBname cache timeout (G)\fR
-Specifies the number of seconds it takes before 
-entries in samba's hostname resolve cache time out. If 
-the timeout is set to 0. the caching is disabled.
-
-Default: \fBname cache timeout = 660\fR
-
-Example: \fBname cache timeout = 0\fR
-.TP
 \fBname resolve order (G)\fR
 This option is used by the programs in the Samba 
 suite to determine what naming services to use and in what order 
@@ -4500,13 +4693,13 @@ name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
 is operating system depended for instance on IRIX or Solaris this 
 may be controlled by the \fI/etc/nsswitch.conf\fR 
-file.  Note that this method is only used if the NetBIOS name 
+file. Note that this method is only used if the NetBIOS name 
 type being queried is the 0x20 (server) name type, otherwise 
 it is ignored.
 .TP 0.2i
 \(bu
 wins : Query a name with 
-the IP address listed in the \fI   wins server\fR parameter.  If no WINS server has
+the IP address listed in the \fI wins server\fR parameter. If no WINS server has
 been specified this method will be ignored.
 .TP 0.2i
 \(bu
@@ -4516,16 +4709,17 @@ parameter. This is the least reliable of the name resolution
 methods as it depends on the target host being on a locally 
 connected subnet.
 .RE
-
+.PP
 Default: \fBname resolve order = lmhosts host wins bcast
-\fR
-
+\fR.PP
+.PP
 Example: \fBname resolve order = lmhosts bcast host
-\fR
-
+\fR.PP
+.PP
 This will cause the local lmhosts file to be examined 
 first, followed by a broadcast attempt, followed by a normal 
 system hostname lookup.
+.PP
 .TP
 \fBnetbios aliases (G)\fR
 This is a list of NetBIOS names that nmbd(8) will advertise as additional 
@@ -4581,7 +4775,7 @@ being on a different server to the logon server and as
 long as a Samba daemon is running on the home directory server, 
 it will be mounted on the Samba client directly from the directory 
 server. When Samba is returning the home share to the client, it 
-will consult the NIS map specified in   \fIhomedir map\fR and return the server 
+will consult the NIS map specified in  \fIhomedir map\fR and return the server 
 listed there.
 
 Note that for this option to work there must be a working 
@@ -4590,24 +4784,6 @@ be a logon server.
 
 Default: \fBnis homedir = no\fR
 .TP
-\fBnon unix account range (G)\fR
-The non unix account range parameter specifies 
-the range of 'user ids' that are allocated by the various 'non unix 
-account' passdb backends.  These backends allow
-the storage of passwords for users who don't exist in /etc/passwd.  
-This is most often used for machine account creation. 
-This range of ids should have no existing local or NIS users within 
-it as strange conflicts can occur otherwise.
-
-NOTE: These userids never appear on the system and Samba will never
-\&'become' these users. They are used only to ensure that the algorithmic 
-RID mapping does not conflict with normal users.
-
-Default: \fBnon unix account range = <empty string>
-\fR
-
-Example: \fBnon unix account range = 10000-20000\fR
-.TP
 \fBnt acl support (S)\fR
 This boolean parameter controls whether 
 smbd(8) will attempt to map 
@@ -4626,6 +4802,21 @@ alone.
 
 Default: \fBnt pipe support = yes\fR
 .TP
+\fBnt smb support (G)\fR
+This boolean parameter controls whether smbd(8) will negotiate NT specific SMB
+support with Windows NT/2k/XP clients. Although this is a developer
+debugging option and should be left alone, benchmarking has discovered
+that Windows NT clients give faster performance with this option
+set to no. This is still being investigated.
+If this option is set to no then Samba offers
+exactly the same SMB calls that versions prior to Samba 2.0 offered.
+This information may be of use if any users are having problems
+with NT SMB support.
+
+You should not need to ever disable this parameter.
+
+Default: \fBnt smb support = yes\fR
+.TP
 \fBnt status support (G)\fR
 This boolean parameter controls whether smbd(8) will negotiate NT specific status
 support with Windows NT/2k/XP clients. This is a developer
@@ -4649,11 +4840,11 @@ Default: \fBnull passwords = no\fR
 \fBobey pam restrictions (G)\fR
 When Samba 2.2 is configured to enable PAM support
 (i.e. --with-pam), this parameter will control whether or not Samba
-should obey PAM's account and session management directives.  The 
+should obey PAM's account and session management directives. The 
 default behavior is to use PAM for clear text authentication only
-and to ignore any account or session management.  Note that Samba
+and to ignore any account or session management. Note that Samba
 always ignores PAM for authentication in the case of \fIencrypt passwords = yes\fR
-\&.  The reason is that PAM modules cannot support the challenge/response
+\&. The reason is that PAM modules cannot support the challenge/response
 authentication mechanism needed in the presence of SMB password encryption.
 
 Default: \fBobey pam restrictions = no\fR
@@ -4662,7 +4853,7 @@ Default: \fBobey pam restrictions = no\fR
 This is a boolean option that controls whether 
 connections with usernames not in the \fIuser\fR 
 list will be allowed. By default this option is disabled so that a 
-client can supply a username to be used by the server.  Enabling
+client can supply a username to be used by the server. Enabling
 this parameter will force the server to only user the login 
 names from the \fIuser\fR list and is only really
 useful in shave level
@@ -4681,7 +4872,7 @@ parameter.
 Default: \fBonly user = no\fR
 .TP
 \fBonly guest (S)\fR
-A synonym for \fI  guest only\fR.
+A synonym for \fI guest only\fR.
 .TP
 \fBoplock break wait time (G)\fR
 This is a tuning parameter added due to bugs in 
@@ -4721,43 +4912,34 @@ share. The oplock code can dramatically (approx. 30% or more) improve
 the speed of access to files on Samba servers. It allows the clients 
 to aggressively cache files locally and you may want to disable this 
 option for unreliable network environments (it is turned on by 
-default in Windows NT Servers).  For more information see the file 
+default in Windows NT Servers). For more information see the file 
 \fISpeed.txt\fR in the Samba \fIdocs/\fR 
 directory.
 
 Oplocks may be selectively turned off on certain files with a 
-share. See the \fI  veto oplock files\fR parameter. On some systems 
+share. See the \fI veto oplock files\fR parameter. On some systems 
 oplocks are recognized by the underlying operating system. This 
 allows data synchronization between all access to oplocked files, 
 whether it be via Samba or NFS or a local UNIX process. See the 
 \fIkernel oplocks\fR parameter for details.
 
 See also the \fIkernel 
-oplocks\fR and \fI  level2 oplocks\fR parameters.
+oplocks\fR and \fI level2 oplocks\fR parameters.
 
 Default: \fBoplocks = yes\fR
 .TP
-\fBntlm auth (G)\fR
-This parameter determines whether or not smbd will
-attempt to authenticate users using the NTLM password hash.
-If disabled, only the lanman password hashes will be used. 
-
-Please note that at least this option or \fBlanman auth\fR should be enabled in order to be able to log in.
-
-Default : \fBntlm auth = yes\fR
-.TP
 \fBos level (G)\fR
 This integer value controls what level Samba 
 advertises itself as for browse elections. The value of this 
 parameter determines whether nmbd(8) 
-has a chance of becoming a local master browser for the \fI  WORKGROUP\fR in the local broadcast area.
+has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area.
 
 \fBNote :\fRBy default, Samba will win 
 a local master browsing election over all Microsoft operating 
-systems except a Windows NT 4.0/2000 Domain Controller.  This 
+systems except a Windows NT 4.0/2000 Domain Controller. This 
 means that a misconfigured Samba host can effectively isolate 
-a subnet for browsing purposes.  See \fIBROWSING.txt
-\fR in the Samba \fIdocs/\fR directory 
+a subnet for browsing purposes. See \fIBROWSING.txt
+\fRin the Samba \fIdocs/\fR directory 
 for details.
 
 Default: \fBos level = 20\fR
@@ -4767,7 +4949,7 @@ Example: \fBos level = 65 \fR
 \fBos2 driver map (G)\fR
 The parameter is used to define the absolute
 path to a file containing a mapping of Windows NT printer driver
-names to OS/2 printer driver names.  The format is:
+names to OS/2 printer driver names. The format is:
 
 <nt driver name> = <os2 driver 
 name>.<device name>
@@ -4778,17 +4960,16 @@ LaserJet 5L\fR.
 
 The need for the file is due to the printer driver namespace 
 problem described in the Samba 
-Printing HOWTO  For more details on OS/2 clients, please 
+Printing HOWTO For more details on OS/2 clients, please 
 refer to the OS2-Client-HOWTO
  containing in the Samba documentation.
 
 Default: \fBos2 driver map = <empty string>
-\fR
-.TP
+\fR.TP
 \fBpam password change (G)\fR
 With the addition of better PAM support in Samba 2.2, 
 this parameter, it is possible to use PAM's password change control 
-flag for Samba.  If enabled, then PAM will be used for password
+flag for Samba. If enabled, then PAM will be used for password
 changes when requested by an SMB client instead of the program listed in 
 \fIpasswd program\fR. 
 It should be possible to enable this without changing your 
@@ -4799,7 +4980,7 @@ Default: \fBpam password change = no\fR
 .TP
 \fBpanic action (G)\fR
 This is a Samba developer option that allows a 
-system command to be called when either   smbd(8) 
+system command to be called when either  smbd(8) 
 crashes. This is usually used to draw attention to the fact that 
 a problem occurred.
 
@@ -4807,100 +4988,11 @@ Default: \fBpanic action = <empty string>\fR
 
 Example: \fBpanic action = "/bin/sleep 90000"\fR
 .TP
-\fBparanoid server security (G)\fR
-Some version of NT 4.x allow non-guest 
-users with a bad passowrd. When this option is enabled, samba will not 
-use a broken NT 4.x server as password server, but instead complain
-to the logs and exit.
-
-Default: \fBparanoid server security = yes\fR
-.TP
-\fBpassdb backend (G)\fR
-This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both 
-smbpasswd and tdbsam to be used without a recompile. 
-Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified.
-Experimental backends must still be selected
-(eg --with-tdbsam) at configure time.
-
-This parameter is in two parts, the backend's name, and a 'location'
-string that has meaning only to that particular backed.  These are separated
-by a : character.
-
-Available backends can include:
-.RS
-.TP 0.2i
-\(bu
-\fBsmbpasswd\fR - The default smbpasswd
-backend.  Takes a path to the smbpasswd file as an optional argument.
-.TP 0.2i
-\(bu
-\fBsmbpasswd_nua\fR - The smbpasswd
-backend, but with support for 'not unix accounts'.  
-Takes a path to the smbpasswd file as an optional argument.
-
-See also                         \fInon unix account range\fR
-.TP 0.2i
-\(bu
-\fBtdbsam\fR - The TDB based password storage
-backend.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-in the                         \fIprivate dir\fR directory.
-.TP 0.2i
-\(bu
-\fBtdbsam_nua\fR - The TDB based password storage
-backend, with non unix account support.  Takes a path to the TDB as an optional argument (defaults to passdb.tdb 
-in the                         \fIprivate dir\fR directory.
-
-See also                         \fInon unix account range\fR
-.TP 0.2i
-\(bu
-\fBldapsam\fR - The LDAP based passdb 
-backend.  Takes an LDAP URL as an optional argument (defaults to 
-\fBldap://localhost\fR)
-.TP 0.2i
-\(bu
-\fBldapsam_nua\fR - The LDAP based passdb 
-backend, with non unix account support.  Takes an LDAP URL as an optional argument (defaults to 
-\fBldap://localhost\fR)
-
-See also                         \fInon unix account range\fR
-.TP 0.2i
-\(bu
-\fBnisplussam\fR - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. 
-.TP 0.2i
-\(bu
-\fBplugin\fR - Allows Samba to load an 
-arbitary passdb backend from the .so specified as a compulsary argument.
-
-Any characters after the (optional) second : are passed to the plugin
-for its own processing
-.TP 0.2i
-\(bu
-\fBunixsam\fR - Allows samba to map all (other) available unix users
-
-This backend uses the standard unix database for retrieving users. Users included 
-in this pdb are NOT listed in samba user listings and users included in this pdb won't be 
-able to login. The use of this backend is to always be able to display the owner of a file 
-on the samba server - even when the user doesn't have a 'real' samba account in one of the 
-other passdb backends.
-
-This backend should always be the last backend listed, since it contains all users in 
-the unix passdb and might 'override' mappings if specified earlier. It's meant to only return 
-accounts for users that aren't covered by the previous backends.
-.RE
-
-Default: \fBpassdb backend = smbpasswd unixsam\fR
-
-Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam\fR
-
-Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam\fR
-
-Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR
-.TP
 \fBpasswd chat (G)\fR
 This string controls the \fB"chat"\fR 
 conversation that takes places between smbd and the local password changing
 program to change the user's password. The string describes a 
-sequence of response-receive pairs that   smbd(8) uses to determine what to send to the 
+sequence of response-receive pairs that  smbd(8) uses to determine what to send to the 
 \fIpasswd program\fR
 and what to expect back. If the expected output is not 
 received then the password is not changed.
@@ -4919,15 +5011,15 @@ this means that the passwd program must be
 executed on the NIS master.
 
 The string can contain the macro \fI%n\fR which is substituted 
-for the new password.  The chat sequence can also contain the standard 
-macros \\n, \\r,   \\t and \\s to give line-feed, 
-carriage-return, tab and space.  The chat sequence string can also contain 
+for the new password. The chat sequence can also contain the standard 
+macros \\n, \\r,  \\t and \\s to give line-feed, 
+carriage-return, tab and space. The chat sequence string can also contain 
 a '*' which matches any sequence of characters.
 Double quotes can be used to collect strings with spaces 
 in them into a single string.
 
 If the send string in any part of the chat sequence 
-is a full stop ".",  then no string is sent. Similarly, 
+is a full stop ".", then no string is sent. Similarly, 
 if the expect string is a full stop then no string is expected.
 
 If the \fIpam
@@ -4936,7 +5028,7 @@ may be matched in any order, and success is determined by the PAM result,
 not any particular output. The \\n macro is ignored for PAM conversions.
 
 See also \fIunix password 
-sync\fR, \fI  passwd program\fR ,  \fIpasswd chat debug\fR and   \fIpam password change\fR.
+sync\fR, \fI passwd program\fR , \fIpasswd chat debug\fR and  \fIpam password change\fR.
 
 Default: \fBpasswd chat = *new*password* %n\\n 
 *new*password* %n\\n *changed*\fR
@@ -4968,12 +5060,12 @@ Default: \fBpasswd chat debug = no\fR
 .TP
 \fBpasswd program (G)\fR
 The name of a program that can be used to set 
-UNIX user passwords.  Any occurrences of \fI%u\fR 
+UNIX user passwords. Any occurrences of \fI%u\fR 
 will be replaced with the user name. The user name is checked for 
 existence before calling the password changing program.
 
 Also note that many passwd programs insist in \fBreasonable
-\fR passwords, such as a minimum length, or the inclusion 
+\fRpasswords, such as a minimum length, or the inclusion 
 of mixed case chars and digits. This can pose a problem as some clients 
 (such as Windows for Workgroups) uppercase the password before sending 
 it.
@@ -5001,18 +5093,18 @@ Example: \fBpasswd program = /sbin/npasswd %u\fR
 .TP
 \fBpassword level (G)\fR
 Some client/server combinations have difficulty 
-with mixed-case passwords.  One offending client is Windows for 
+with mixed-case passwords. One offending client is Windows for 
 Workgroups, which for some reason forces passwords to upper 
 case when using the LANMAN1 protocol, but leaves them alone when 
-using COREPLUS!  Another problem child is the Windows 95/98
-family of operating systems.  These clients upper case clear
+using COREPLUS! Another problem child is the Windows 95/98
+family of operating systems. These clients upper case clear
 text passwords even when NT LM 0.12 selected by the protocol
 negotiation request/response.
 
 This parameter defines the maximum number of characters 
 that may be upper case in passwords.
 
-For example, say the password given was "FRED". If \fI  password level\fR is set to 1, the following combinations 
+For example, say the password given was "FRED". If \fI password level\fR is set to 1, the following combinations 
 would be tried if "FRED" failed:
 
 "Fred", "fred", "fRed", "frEd","freD"
@@ -5040,13 +5132,13 @@ Example: \fBpassword level = 4\fR
 \fBpassword server (G)\fR
 By specifying the name of another SMB server (such 
 as a WinNT box) with this option, and using \fBsecurity = domain
-\fR or \fBsecurity = server\fR you can get Samba 
+\fRor \fBsecurity = server\fR you can get Samba 
 to do all its username/password validation via a remote server.
 
 This option sets the name of the password server to use. 
 It must be a NetBIOS name, so if the machine's NetBIOS name is 
 different from its Internet name then you may have to add its NetBIOS 
-name to the lmhosts  file which is stored in the same directory 
+name to the lmhosts file which is stored in the same directory 
 as the \fIsmb.conf\fR file.
 
 The name of the password server is looked up using the 
@@ -5078,9 +5170,9 @@ domain, then the list of machines in this
 option must be a list of Primary or Backup Domain controllers for the
 Domain or the character '*', as the Samba server is effectively
 in that domain, and will use cryptographically authenticated RPC calls
-to authenticate the user logging on. The advantage of using \fB  security = domain\fR is that if you list several hosts in the 
+to authenticate the user logging on. The advantage of using \fB security = domain\fR is that if you list several hosts in the 
 \fIpassword server\fR option then \fBsmbd
-\fR will try each in turn till it finds one that responds. This 
+\fRwill try each in turn till it finds one that responds. This 
 is useful in case your primary server goes down.
 
 If the \fIpassword server\fR option is set 
@@ -5101,26 +5193,29 @@ You may list several password servers in
 the \fIpassword server\fR parameter, however if an 
 \fBsmbd\fR makes a connection to a password server, 
 and then the password server fails, no more users will be able 
-to be authenticated from this \fBsmbd\fR.  This is a 
+to be authenticated from this \fBsmbd\fR. This is a 
 restriction of the SMB/CIFS protocol when in \fBsecurity = server
-\fR mode and cannot be fixed in Samba.
+\fRmode and cannot be fixed in Samba.
 .TP 0.2i
 \(bu
 If you are using a Windows NT server as your 
 password server then you will have to ensure that your users 
-are able to login from the Samba server, as when in \fB   security = server\fR  mode the network logon will appear to 
+are able to login from the Samba server, as when in \fB security = server\fR mode the network logon will appear to 
 come from there rather than from the users workstation.
 .RE
-
+.PP
 See also the \fIsecurity
-\fR parameter.
-
+\fRparameter.
+.PP
+.PP
 Default: \fBpassword server = <empty string>\fR
-
+.PP
+.PP
 Example: \fBpassword server = NT-PDC, NT-BDC1, NT-BDC2
-\fR
-
+\fR.PP
+.PP
 Example: \fBpassword server = *\fR
+.PP
 .TP
 \fBpath (S)\fR
 This parameter specifies a directory to which 
@@ -5141,7 +5236,7 @@ will be replaced by the NetBIOS name of the machine they are
 connecting from. These replacements are very useful for setting 
 up pseudo home directories for users.
 
-Note that this path will be based on   \fIroot dir\fR if one was specified.
+Note that this path will be based on  \fIroot dir\fR if one was specified.
 
 Default: \fBnone\fR
 
@@ -5149,7 +5244,7 @@ Example: \fBpath = /home/fred\fR
 .TP
 \fBpid directory (G)\fR
 This option specifies the directory where pid 
-files will be placed.  
+files will be placed. 
 
 Default: \fBpid directory = ${prefix}/var/locks\fR
 
@@ -5159,9 +5254,9 @@ Example: \fBpid directory = /var/run/\fR
 The \fBsmbd(8)\fR
 daemon maintains an database of file locks obtained by SMB clients.
 The default behavior is to map this internal database to POSIX
-locks.  This means that file locks obtained by SMB clients are 
+locks. This means that file locks obtained by SMB clients are 
 consistent with those seen by POSIX compliant applications accessing 
-the files via a non-SMB method (e.g. NFS or local file access).  
+the files via a non-SMB method (e.g. NFS or local file access). 
 You should never need to disable this parameter.
 
 Default: \fBposix locking = yes\fR
@@ -5210,8 +5305,8 @@ is an example:
 Of course, this could get annoying after a while :-)
 
 See also \fIpreexec close
-\fR and \fIpostexec
-\fR.
+\fRand \fIpostexec
+\fR\&.
 
 Default: \fBnone (no command executed)\fR
 
@@ -5221,7 +5316,7 @@ Example: \fBpreexec = echo \\"%u connected to %S from %m
 \fBpreexec close (S)\fR
 This boolean option controls whether a non-zero 
 return code from \fIpreexec
-\fR should close the service being connected to.
+\fRshould close the service being connected to.
 
 Default: \fBpreexec close = no\fR
 .TP
@@ -5231,13 +5326,13 @@ for its workgroup.
 
 If this is set to true, on startup, \fBnmbd\fR 
 will force an election, and it will have a slight advantage in 
-winning the election.  It is recommended that this parameter is 
-used in conjunction with \fB\fI  domain master\fB = yes\fR, so that \fB  nmbd\fR can guarantee becoming a domain master.
+winning the election. It is recommended that this parameter is 
+used in conjunction with \fB\fI domain master\fB = yes\fR, so that \fB nmbd\fR can guarantee becoming a domain master.
 
 Use this option with caution, because if there are several 
 hosts (whether Samba servers, Windows 95 or NT) that are preferred 
 master browsers on the same subnet, they will each periodically 
-and continuously attempt to become the local master browser.  
+and continuously attempt to become the local master browser. 
 This will result in unnecessary broadcast traffic and reduced browsing
 capabilities.
 
@@ -5247,7 +5342,7 @@ See also \fIos level\fR
 Default: \fBpreferred master = auto\fR
 .TP
 \fBprefered master (G)\fR
-Synonym for \fI  preferred master\fR for people who cannot spell :-).
+Synonym for \fI preferred master\fR for people who cannot spell :-).
 .TP
 \fBpreload\fR
 This is a list of services that you want to be 
@@ -5256,7 +5351,7 @@ for homes and printers services that would otherwise not be
 visible.
 
 Note that if you just want all printers in your 
-printcap file loaded then the   \fIload printers\fR option is easier.
+printcap file loaded then the  \fIload printers\fR option is easier.
 
 Default: \fBno preloaded services\fR
 
@@ -5266,7 +5361,7 @@ Example: \fBpreload = fred lp colorlp\fR
 This controls if new filenames are created
 with the case that the client passes, or if they are forced to 
 be the \fIdefault case
-\fR.
+\fR\&.
 
 Default: \fBpreserve case = yes\fR
 
@@ -5303,9 +5398,9 @@ print job (in bytes)
 
 The print command \fBMUST\fR contain at least 
 one occurrence of \fI%s\fR or \fI%f
-\fR - the \fI%p\fR is optional. At the time 
+\fR- the \fI%p\fR is optional. At the time 
 a job is submitted, if no printer name is supplied the \fI%p
-\fR will be silently removed from the printer command.
+\fRwill be silently removed from the printer command.
 
 If specified in the [global] section, the print command given 
 will be used for any printable service that does not have its own 
@@ -5330,7 +5425,7 @@ will log a print job, print the file, then remove it. Note that
 
 You may have to vary this command considerably depending 
 on how you normally print files on your system. The default for 
-the parameter varies depending on the setting of the   \fIprinting\fR parameter.
+the parameter varies depending on the setting of the  \fIprinting\fR parameter.
 
 Default: For \fBprinting = BSD, AIX, QNX, LPRNG 
 or PLP :\fR
@@ -5345,12 +5440,12 @@ For \fBprinting = SOFTQ :\fR
 
 \fBprint command = lp -d%p -s %s; rm %s\fR
 
-For printing = CUPS :   If SAMBA is compiled against
+For printing = CUPS : If SAMBA is compiled against
 libcups, then printcap = cups 
 uses the CUPS API to
-submit jobs, etc.  Otherwise it maps to the System V
+submit jobs, etc. Otherwise it maps to the System V
 commands with the -oraw option for printing, i.e. it
-uses \fBlp -c -d%p -oraw; rm %s\fR.   
+uses \fBlp -c -d%p -oraw; rm %s\fR. 
 With \fBprinting = cups\fR,
 and if SAMBA is compiled against libcups, any manually 
 set print command will be ignored.
@@ -5359,7 +5454,7 @@ Example: \fBprint command = /usr/local/samba/bin/myprintscript
 %p %s\fR
 .TP
 \fBprint ok (S)\fR
-Synonym for   \fIprintable\fR.
+Synonym for  \fIprintable\fR.
 .TP
 \fBprintable (S)\fR
 If this parameter is yes, then 
@@ -5369,37 +5464,37 @@ specified for the service.
 Note that a printable service will ALWAYS allow writing 
 to the service path (user privileges permitting) via the spooling 
 of print data. The \fIwriteable
-\fR parameter controls only non-printing access to 
+\fRparameter controls only non-printing access to 
 the resource.
 
 Default: \fBprintable = no\fR
 .TP
 \fBprintcap (G)\fR
-Synonym for  \fI  printcap name\fR.
+Synonym for \fI printcap name\fR.
 .TP
 \fBprintcap name (G)\fR
 This parameter may be used to override the 
-compiled-in default printcap name used by the server (usually \fI  /etc/printcap\fR). See the discussion of the [printers] section above for reasons 
+compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR). See the discussion of the [printers] section above for reasons 
 why you might want to do this.
 
 To use the CUPS printing interface set \fBprintcap name = cups
-\fR. This should be supplemented by an addtional setting 
+\fR\&. This should be supplemented by an addtional setting 
 printing = cups in the [global] 
-section.  \fBprintcap name = cups\fR will use the  
+section. \fBprintcap name = cups\fR will use the 
 "dummy" printcap created by CUPS, as specified in your CUPS
 configuration file.
 
 On System V systems that use \fBlpstat\fR to 
 list available printers you can use \fBprintcap name = lpstat
-\fR to automatically obtain lists of available printers. This 
+\fRto automatically obtain lists of available printers. This 
 is the default for systems that define SYSV at configure time in 
-Samba (this includes most System V based systems). If \fI  printcap name\fR is set to \fBlpstat\fR on 
+Samba (this includes most System V based systems). If \fI printcap name\fR is set to \fBlpstat\fR on 
 these systems then Samba will launch \fBlpstat -v\fR and 
 attempt to parse the output to obtain a printer list.
 
 A minimal printcap file would look something like this:
 
-
+.sp
 .nf
 		print1|My Printer 1
 		print2|My Printer 2
@@ -5407,6 +5502,7 @@ A minimal printcap file would look something like this:
 		print4|My Printer 4
 		print5|My Printer 5
 		
+.sp
 .fi
 
 where the '|' separates aliases of a printer. The fact 
@@ -5435,7 +5531,7 @@ Example: \fBprinter admin = admin, @staff\fR
 \fBprinter driver (S)\fR
 \fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
-following version 2.2.  Please see the instructions in
+following version 2.2. Please see the instructions in
 the Samba 2.2. Printing
 HOWTO for more information
 on the new method of loading printer drivers onto a Samba server.
@@ -5449,7 +5545,7 @@ system.
 You need to set this parameter to the exact string (case 
 sensitive) that describes the appropriate printer driver for your 
 system. If you don't know the exact string to use then you should 
-first try with no \fI  printer driver\fR option set and the client will 
+first try with no \fI printer driver\fR option set and the client will 
 give you a list of printer drivers. The appropriate strings are 
 shown in a scroll box after you have chosen the printer manufacturer.
 
@@ -5461,7 +5557,7 @@ Example: \fBprinter driver = HP LaserJet 4L\fR
 \fBprinter driver file (G)\fR
 \fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
-following version 2.2.  Please see the instructions in
+following version 2.2. Please see the instructions in
 the Samba 2.2. Printing
 HOWTO for more information
 on the new method of loading printer drivers onto a Samba server.
@@ -5474,12 +5570,12 @@ to be found. If this is not set, the default is :
 /lib/printers.def\fR
 
 This file is created from Windows 95 \fImsprint.inf
-\fR files found on the Windows 95 client system. For more 
+\fRfiles found on the Windows 95 client system. For more 
 details on setting up serving of printer drivers to Windows 95 
 clients, see the outdated documentation file in the \fIdocs/\fR 
 directory, \fIPRINTER_DRIVER.txt\fR.
 
-See also \fI  printer driver location\fR.
+See also \fI printer driver location\fR.
 
 Default: \fBNone (set in compile).\fR
 
@@ -5489,7 +5585,7 @@ Example: \fBprinter driver file =
 \fBprinter driver location (S)\fR
 \fBNote :\fRThis is a deprecated 
 parameter and will be removed in the next major release
-following version 2.2.  Please see the instructions in
+following version 2.2. Please see the instructions in
 the Samba 2.2. Printing
 HOWTO for more information
 on the new method of loading printer drivers onto a Samba server.
@@ -5504,15 +5600,14 @@ to serve printer drivers to Windows 95 machines, this should be set to
 Where MACHINE is the NetBIOS name of your Samba server, 
 and PRINTER$ is a share you set up for serving printer driver 
 files. For more details on setting this up see the outdated documentation 
-file in the \fIdocs/\fR directory, \fI  PRINTER_DRIVER.txt\fR.
+file in the \fIdocs/\fR directory, \fI PRINTER_DRIVER.txt\fR.
 
-See also \fI  printer driver file\fR.
+See also \fI printer driver file\fR.
 
 Default: \fBnone\fR
 
 Example: \fBprinter driver location = \\\\MACHINE\\PRINTER$
-\fR
-.TP
+\fR.TP
 \fBprinter name (S)\fR
 This parameter specifies the name of the printer 
 to which print jobs spooled through a printable service will be sent.
@@ -5527,7 +5622,7 @@ on many systems)\fR
 Example: \fBprinter name = laserwriter\fR
 .TP
 \fBprinter (S)\fR
-Synonym for \fI  printer name\fR.
+Synonym for \fI printer name\fR.
 .TP
 \fBprinting (S)\fR
 This parameters controls how printer status 
@@ -5550,17 +5645,10 @@ commands when using the various options use the testparm(1) program.
 
 This option can be set on a per printer basis
 
-See also the discussion in the   [printers] section.
-.TP
-\fBprivate dir (G)\fR
-This parameters defines the directory
-smbd will use for storing such files as \fIsmbpasswd\fR
-and \fIsecrets.tdb\fR.
-
-Default :\fBprivate dir = ${prefix}/private\fR
+See also the discussion in the  [printers] section.
 .TP
 \fBprotocol (G)\fR
-Synonym for   \fImax protocol\fR.
+Synonym for  \fImax protocol\fR.
 .TP
 \fBpublic (S)\fR
 Synonym for \fIguest 
@@ -5587,14 +5675,13 @@ server.
 
 Default: \fBdepends on the setting of \fIprinting
 \fB\fR
-
 Example: \fBqueuepause command = disable %p\fR
 .TP
 \fBqueueresume command (S)\fR
 This parameter specifies the command to be 
 executed on the server host in order to resume the printer queue. It 
 is the command to undo the behavior that is caused by the 
-previous parameter (\fI  queuepause command\fR).
+previous parameter (\fI queuepause command\fR).
 
 This command should be a program or script which takes 
 a printer name as its only parameter and resumes the printer queue, 
@@ -5615,8 +5702,7 @@ server.
 Default: \fBdepends on the setting of \fIprinting\fB\fR
 
 Example: \fBqueuepause command = enable %p
-\fR
-.TP
+\fR.TP
 \fBread bmpx (G)\fR
 This boolean parameter controls whether smbd(8) will support the "Read 
 Block Multiplex" SMB. This is now rarely used and defaults to 
@@ -5630,9 +5716,9 @@ This is a list of users that are given read-only
 access to a service. If the connecting user is in this list then 
 they will not be given write access, no matter what the \fIwriteable\fR
 option is set to. The list can include group names using the 
-syntax described in the \fI  invalid users\fR parameter.
+syntax described in the \fI invalid users\fR parameter.
 
-See also the \fI  write list\fR parameter and the \fIinvalid users\fR
+See also the \fI write list\fR parameter and the \fIinvalid users\fR
 parameter.
 
 Default: \fBread list = <empty string>\fR
@@ -5655,7 +5741,7 @@ block size incorrectly or are incapable of supporting larger block
 sizes, and for these clients you may need to disable raw reads.
 
 In general this parameter should be viewed as a system tuning 
-tool and left severely alone. See also   \fIwrite raw\fR.
+tool and left severely alone. See also  \fIwrite raw\fR.
 
 Default: \fBread raw = yes\fR
 .TP
@@ -5683,15 +5769,6 @@ Default: \fBread size = 16384\fR
 
 Example: \fBread size = 8192\fR
 .TP
-\fBrealm (G)\fR
-This option specifies the kerberos realm to use. The realm is 
-used as the ADS equivalent of the NT4\fBdomain\fR. It
-is usually set to the DNS name of the kerberos server.
-
-Default: \fBrealm = \fR
-
-Example: \fBrealm = mysambabox.mycompany.com\fR
-.TP
 \fBremote announce (G)\fR
 This option allows you to setup nmbd(8) to periodically announce itself 
 to arbitrary IP addresses with an arbitrary workgroup name.
@@ -5720,8 +5797,7 @@ See the documentation file \fIBROWSING.txt\fR
 in the \fIdocs/\fR directory.
 
 Default: \fBremote announce = <empty string>
-\fR
-.TP
+\fR.TP
 \fBremote browse sync (G)\fR
 This option allows you to setup nmbd(8) to periodically request 
 synchronization of browse lists with the master browser of a Samba 
@@ -5738,7 +5814,6 @@ For example:
 
 \fBremote browse sync = 192.168.2.255 192.168.4.255
 \fR
-
 the above line would cause \fBnmbd\fR to request 
 the master browser on the specified subnets or addresses to 
 synchronize their browse lists with the local server.
@@ -5751,39 +5826,38 @@ that the remote machine is available, is listening, nor that it
 is in fact the browse master on its segment.
 
 Default: \fBremote browse sync = <empty string>
-\fR
-.TP
+\fR.TP
 \fBrestrict anonymous (G)\fR
-This is a boolean parameter.  If it is true, then 
+This is a boolean parameter. If it is true, then 
 anonymous access to the server will be restricted, namely in the 
 case where the server is expecting the client to send a username, 
-but it doesn't.  Setting it to true will force these anonymous 
+but it doesn't. Setting it to true will force these anonymous 
 connections to be denied, and the client will be required to always 
 supply a username and password when connecting. Use of this parameter 
 is only recommended for homogeneous NT client environments.
 
 This parameter makes the use of macro expansions that rely
-on the username (%U, %G, etc) consistent.  NT 4.0 
+on the username (%U, %G, etc) consistent. NT 4.0 
 likes to use anonymous connections when refreshing the share list, 
 and this is a way to work around that.
 
 When restrict anonymous is true, all anonymous connections 
-are denied no matter what they are for.  This can effect the ability 
+are denied no matter what they are for. This can effect the ability 
 of a machine to access the Samba Primary Domain Controller to revalidate 
 its machine account after someone else has logged on the client 
-interactively.  The NT client will display a message saying that 
-the machine's account in  the domain doesn't exist or the password is 
-bad.  The best way to deal  with this is to reboot NT client machines 
-between interactive logons,  using "Shutdown and Restart", rather 
+interactively. The NT client will display a message saying that 
+the machine's account in the domain doesn't exist or the password is 
+bad. The best way to deal with this is to reboot NT client machines 
+between interactive logons, using "Shutdown and Restart", rather 
 than "Close all programs and logon as a different user".
 
 Default: \fBrestrict anonymous = no\fR
 .TP
 \fBroot (G)\fR
-Synonym for   \fIroot directory"\fR.
+Synonym for  \fIroot directory"\fR.
 .TP
 \fBroot dir (G)\fR
-Synonym for   \fIroot directory"\fR.
+Synonym for  \fIroot directory"\fR.
 .TP
 \fBroot directory (G)\fR
 The server will \fBchroot()\fR (i.e. 
@@ -5818,33 +5892,31 @@ parameter except that the command is run as root. This
 is useful for unmounting filesystems 
 (such as CDROMs) after a connection is closed.
 
-See also \fI  postexec\fR.
+See also \fI postexec\fR.
 
 Default: \fBroot postexec = <empty string>
-\fR
-.TP
+\fR.TP
 \fBroot preexec (S)\fR
 This is the same as the \fIpreexec\fR
 parameter except that the command is run as root. This 
 is useful for mounting filesystems (such as CDROMs) when a 
 connection is opened.
 
-See also \fI  preexec\fR and   \fIpreexec close\fR.
+See also \fI preexec\fR and  \fIpreexec close\fR.
 
 Default: \fBroot preexec = <empty string>
-\fR
-.TP
+\fR.TP
 \fBroot preexec close (S)\fR
 This is the same as the \fIpreexec close
-\fR parameter except that the command is run as root.
+\fRparameter except that the command is run as root.
 
-See also \fI  preexec\fR and   \fIpreexec close\fR.
+See also \fI preexec\fR and  \fIpreexec close\fR.
 
 Default: \fBroot preexec close = no\fR
 .TP
 \fBsecurity (G)\fR
 This option affects how clients respond to 
-Samba and is one of the most important settings in the \fI  smb.conf\fR file.
+Samba and is one of the most important settings in the \fI smb.conf\fR file.
 
 The option sets the "security mode bit" in replies to 
 protocol negotiations with smbd(8)
@@ -5858,7 +5930,7 @@ Windows NT.
 
 The alternatives are \fBsecurity = share\fR,
 \fBsecurity = server\fR or \fBsecurity = domain
-\fR.
+\fR\&.
 
 In versions of Samba prior to 2.0.0, the default was 
 \fBsecurity = share\fR mainly because that was
@@ -5884,20 +5956,19 @@ to setup guest shares with \fBsecurity = user\fR, see
 the \fImap to guest\fR
 parameter for details.
 
-It is possible to use \fBsmbd\fR in a \fB  hybrid mode\fR where it is offers both user and share 
-level security under different   \fINetBIOS aliases\fR. 
+It is possible to use \fBsmbd\fR in a \fB hybrid mode\fR where it is offers both user and share 
+level security under different  \fINetBIOS aliases\fR. 
 
 The different settings will now be explained.
 
 \fBSECURITY = SHARE
 \fR
-
 When clients connect to a share level security server they 
 need not log onto the server with a valid username and password before 
 attempting to connect to a shared resource (although modern clients 
 such as Windows 95/98 and Windows NT will send a logon request with 
 a username but no password when talking to a \fBsecurity = share
-\fR server). Instead, the clients send authentication information 
+\fRserver). Instead, the clients send authentication information 
 (passwords) on a per-share basis, at the time they attempt to connect 
 to that share.
 
@@ -5917,7 +5988,7 @@ client password is constructed using the following methods :
 \(bu
 If the \fIguest 
 only\fR parameter is set, then all the other 
-stages are missed and only the    \fIguest account\fR username is checked.
+stages are missed and only the  \fIguest account\fR username is checked.
 .TP 0.2i
 \(bu
 Is a username is sent with the share connection 
@@ -5926,7 +5997,7 @@ is added as a potential username.
 .TP 0.2i
 \(bu
 If the client did a previous \fBlogon
-\fR request (the SessionSetup SMB call) then the 
+\fRrequest (the SessionSetup SMB call) then the 
 username sent in this SMB will be added as a potential username.
 .TP 0.2i
 \(bu
@@ -5938,36 +6009,41 @@ The NetBIOS name of the client is added to
 the list as a potential username.
 .TP 0.2i
 \(bu
-Any users on the \fI   user\fR list are added as potential usernames.
+Any users on the \fI user\fR list are added as potential usernames.
 .RE
-
+.PP
 If the \fIguest only\fR parameter is 
 not set, then this list is then tried with the supplied password. 
 The first user for whom the password matches will be used as the 
 UNIX user.
-
+.PP
+.PP
 If the \fIguest only\fR parameter is 
 set, or no username can be determined then if the share is marked 
 as available to the \fIguest account\fR, then this 
 guest user will be used, otherwise access is denied.
-
+.PP
+.PP
 Note that it can be \fBvery\fR confusing 
 in share-level security as to which UNIX username will eventually
 be used in granting access.
-
-See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
-
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
 \fBSECURITY = USER
-\fR
-
+\fR.PP
+.PP
 This is the default security setting in Samba 2.2. 
 With user-level security a client must first "log-on" with a 
 valid username and password (which can be mapped using the \fIusername map\fR 
-parameter). Encrypted passwords (see the   \fIencrypted passwords\fR parameter) can also
-be used in this security mode. Parameters such as   \fIuser\fR and   \fIguest only\fR if set are then applied and 
+parameter). Encrypted passwords (see the  \fIencrypted passwords\fR parameter) can also
+be used in this security mode. Parameters such as  \fIuser\fR and  \fIguest only\fR if set are then applied and 
 may change the UNIX user to use on this connection, but only after 
 the user has been successfully authenticated.
-
+.PP
+.PP
 \fBNote\fR that the name of the resource being 
 requested is \fBnot\fR sent to the server until after 
 the server has successfully authenticated the client. This is why 
@@ -5975,12 +6051,14 @@ guest shares don't work in user level security without allowing
 the server to automatically map unknown users into the \fIguest account\fR. 
 See the \fImap to guest\fR
 parameter for details on doing this.
-
-See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
-
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
 \fBSECURITY = SERVER
-\fR
-
+\fR.PP
+.PP
 In this mode Samba will try to validate the username/password 
 by passing it to another SMB server, such as an NT box. If this 
 fails it will revert to \fBsecurity = user\fR, but note 
@@ -5990,12 +6068,14 @@ revert back to checking the UNIX password file, it must have a valid
 documentation file in the \fIdocs/\fR directory 
 \fIENCRYPTION.txt\fR for details on how to set this 
 up.
-
+.PP
+.PP
 \fBNote\fR that from the client's point of 
-view \fBsecurity = server\fR is the same as \fB  security = user\fR.  It only affects how the server deals 
+view \fBsecurity = server\fR is the same as \fB security = user\fR. It only affects how the server deals 
 with the authentication, it does not in any way affect what the 
 client sees.
-
+.PP
+.PP
 \fBNote\fR that the name of the resource being 
 requested is \fBnot\fR sent to the server until after 
 the server has successfully authenticated the client. This is why 
@@ -6003,32 +6083,38 @@ guest shares don't work in user level security without allowing
 the server to automatically map unknown users into the \fIguest account\fR. 
 See the \fImap to guest\fR
 parameter for details on doing this.
-
-See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
-
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
 See also the \fIpassword 
 server\fR parameter and the \fIencrypted passwords\fR
 parameter.
-
+.PP
+.PP
 \fBSECURITY = DOMAIN
-\fR
-
+\fR.PP
+.PP
 This mode will only work correctly if smbpasswd(8) has been used to add this 
 machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR
 parameter to be set to true. In this 
 mode Samba will try to validate the username/password by passing
 it to a Windows NT Primary or Backup Domain Controller, in exactly 
 the same way that a Windows NT Server would do.
-
+.PP
+.PP
 \fBNote\fR that a valid UNIX user must still 
 exist as well as the account on the Domain Controller to allow 
 Samba to have a valid UNIX account to map file access to.
-
+.PP
+.PP
 \fBNote\fR that from the client's point 
 of view \fBsecurity = domain\fR is the same as \fBsecurity = user
-\fR. It only affects how the server deals with the authentication, 
+\fR\&. It only affects how the server deals with the authentication, 
 it does not in any way affect what the client sees.
-
+.PP
+.PP
 \fBNote\fR that the name of the resource being 
 requested is \fBnot\fR sent to the server until after 
 the server has successfully authenticated the client. This is why 
@@ -6036,7 +6122,8 @@ guest shares don't work in user level security without allowing
 the server to automatically map unknown users into the \fIguest account\fR. 
 See the \fImap to guest\fR
 parameter for details on doing this.
-
+.PP
+.PP
 \fBBUG:\fR There is currently a bug in the 
 implementation of \fBsecurity = domain\fR with respect 
 to multi-byte character set usernames. The communication with a 
@@ -6044,16 +6131,21 @@ Domain Controller must be done in UNICODE and Samba currently
 does not widen multi-byte user names to UNICODE correctly, thus 
 a multi-byte username will not be recognized correctly at the 
 Domain Controller. This issue will be addressed in a future release.
-
-See also the section   NOTE ABOUT USERNAME/PASSWORD VALIDATION.
-
+.PP
+.PP
+See also the section  NOTE ABOUT USERNAME/PASSWORD VALIDATION.
+.PP
+.PP
 See also the \fIpassword 
 server\fR parameter and the \fIencrypted passwords\fR
 parameter.
-
+.PP
+.PP
 Default: \fBsecurity = USER\fR
-
+.PP
+.PP
 Example: \fBsecurity = DOMAIN\fR
+.PP
 .TP
 \fBsecurity mask (S)\fR
 This parameter controls what UNIX permission 
@@ -6073,12 +6165,12 @@ a user to modify all the user/group/world permissions on a file.
 \fBNote\fR that users who can access the 
 Samba server through other means can easily bypass this 
 restriction, so it is primarily useful for standalone 
-"appliance" systems.  Administrators of most normal systems will 
+"appliance" systems. Administrators of most normal systems will 
 probably want to leave it set to 0777.
 
-See also the   \fIforce directory security mode\fR, 
+See also the  \fIforce directory security mode\fR, 
 \fIdirectory 
-security mask\fR,   \fIforce security mode\fR parameters.
+security mask\fR,  \fIforce security mode\fR parameters.
 
 Default: \fBsecurity mask = 0777\fR
 
@@ -6143,104 +6235,50 @@ This boolean parameter controls if new files
 which conform to 8.3 syntax, that is all in upper case and of 
 suitable length, are created upper case, or if they are forced 
 to be the \fIdefault case
-\fR. This  option can be use with \fBpreserve case = yes\fR
+\fR\&. This option can be use with \fBpreserve case = yes\fR
 to permit long filenames to retain their case, while short 
 names are lowered. 
 
-See the section on   NAME MANGLING.
+See the section on  NAME MANGLING.
 
 Default: \fBshort preserve case = yes\fR
 .TP
 \fBshow add printer wizard (G)\fR
 With the introduction of MS-RPC based printing support
 for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will 
-appear on Samba hosts in the share listing.  Normally this folder will 
-contain an icon for the MS Add Printer Wizard (APW).  However, it is 
+appear on Samba hosts in the share listing. Normally this folder will 
+contain an icon for the MS Add Printer Wizard (APW). However, it is 
 possible to disable this feature regardless of the level of privilege 
 of the connected user.
 
 Under normal circumstances, the Windows NT/2000 client will 
 open a handle on the printer server with OpenPrinterEx() asking for
-Administrator privileges.  If the user does not have administrative
+Administrator privileges. If the user does not have administrative
 access on the print server (i.e is not root or a member of the 
 \fIprinter admin\fR group), the OpenPrinterEx() 
 call fails and the client makes another open call with a request for 
-a lower privilege level.  This should succeed, however the APW 
+a lower privilege level. This should succeed, however the APW 
 icon will not be displayed.
 
 Disabling the \fIshow add printer wizard\fR
 parameter will always cause the OpenPrinterEx() on the server
-to fail.  Thus the APW icon will never be displayed. \fB  Note :\fRThis does not prevent the same user from having 
+to fail. Thus the APW icon will never be displayed. \fB Note :\fRThis does not prevent the same user from having 
 administrative privilege on an individual printer.
 
 See also \fIaddprinter
-command\fR,   \fIdeleteprinter command\fR, \fIprinter admin\fR
+command\fR,  \fIdeleteprinter command\fR, \fIprinter admin\fR
 
 Default :\fBshow add printer wizard = yes\fR
 .TP
-\fBshutdown script (G)\fR
-\fBThis parameter only exists in the HEAD cvs branch\fR
-This a full path name to a script called by
-\fBsmbd(8)\fR that
-should start a shutdown procedure.
-
-This command will be run as the user connected to the
-server.
-
-%m %t %r %f parameters are expanded
-
-\fI%m\fR will be substituted with the
-shutdown message sent to the server.
-
-\fI%t\fR will be substituted with the
-number of seconds to wait before effectively starting the
-shutdown procedure.
-
-\fI%r\fR will be substituted with the
-switch \fB-r\fR. It means reboot after shutdown
-for NT.
-
-\fI%f\fR will be substituted with the
-switch \fB-f\fR. It means force the shutdown
-even if applications do not respond for NT.
-
-Default: \fBNone\fR.
-
-Example: \fBabort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f\fR
-
-Shutdown script example:
-
-.nf
-		#!/bin/bash
-		
-		$time=0
-		let "time/60"
-		let "time++"
-
-		/sbin/shutdown $3 $4 +$time $1 &
-		
-.fi
-Shutdown does not return so we need to launch it in background.
-
-See also \fIabort shutdown script\fR.
-.TP
 \fBsmb passwd file (G)\fR
 This option sets the path to the encrypted 
-smbpasswd file.  By default the path to the smbpasswd file 
+smbpasswd file. By default the path to the smbpasswd file 
 is compiled into Samba.
 
 Default: \fBsmb passwd file = ${prefix}/private/smbpasswd
 \fR
-
 Example: \fBsmb passwd file = /etc/samba/smbpasswd
-\fR
-.TP
-\fBsmb ports (G)\fR
-Specifies which ports the server should listen on
-for SMB traffic.
-
-Default: \fBsmb ports = 445 139\fR
-.TP
+\fR.TP
 \fBsocket address (G)\fR
 This option allows you to control what 
 address Samba will listen for connections on. This is used to 
@@ -6270,9 +6308,9 @@ will help).
 
 You may find that on some systems Samba will say 
 "Unknown socket option" when you supply an option. This means you 
-either incorrectly  typed it or you need to add an include file 
-to includes.h for your OS.  If the latter is the case please 
-send the patch to   samba@samba.org <URL:mailto:samba@samba.org>.
+either incorrectly typed it or you need to add an include file 
+to includes.h for your OS. If the latter is the case please 
+send the patch to  samba@samba.org <URL:mailto:samba@samba.org>.
 
 Any of the supported socket options may be combined 
 in any way you like, as long as your OS allows it.
@@ -6311,34 +6349,44 @@ SO_SNDLOWAT *
 \(bu
 SO_RCVLOWAT *
 .RE
-
+.PP
 Those marked with a \fB'*'\fR take an integer 
 argument. The others can optionally take a 1 or 0 argument to enable 
 or disable the option, by default they will be enabled if you 
 don't specify 1 or 0.
-
+.PP
+.PP
 To specify an argument use the syntax SOME_OPTION = VALUE 
 for example \fBSO_SNDBUF = 8192\fR. Note that you must 
 not have any spaces before or after the = sign.
-
+.PP
+.PP
 If you are on a local network then a sensible option 
 might be
-
+.PP
+.PP
 \fBsocket options = IPTOS_LOWDELAY\fR
-
+.PP
+.PP
 If you have a local network then you could try:
-
+.PP
+.PP
 \fBsocket options = IPTOS_LOWDELAY TCP_NODELAY\fR
-
+.PP
+.PP
 If you are on a wide area network then perhaps try 
 setting IPTOS_THROUGHPUT. 
-
+.PP
+.PP
 Note that several of the options may cause your Samba 
 server to fail completely. Use these options with caution!
-
+.PP
+.PP
 Default: \fBsocket options = TCP_NODELAY\fR
-
+.PP
+.PP
 Example: \fBsocket options = IPTOS_LOWDELAY\fR
+.PP
 .TP
 \fBsource environment (G)\fR
 This parameter causes Samba to set environment 
@@ -6350,7 +6398,7 @@ will set the environment variables from the output of the pipe.
 
 The contents of the file or the output of the pipe should 
 be formatted as the output of the standard Unix \fBenv(1)
-\fR command. This is of the form :
+\fRcommand. This is of the form :
 
 Example environment entry:
 
@@ -6360,14 +6408,249 @@ Default: \fBNo default value\fR
 
 Examples: \fBsource environment = |/etc/smb.conf.sh
 \fR
-
 Example: \fBsource environment = 
 /usr/local/smb_env_vars\fR
 .TP
-\fBuse spnego (G)\fR
-This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism.  As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller.  It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.
+\fBssl (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable enables or disables the entire SSL mode. If 
+it is set to no, the SSL-enabled Samba behaves 
+exactly like the non-SSL Samba. If set to yes, 
+it depends on the variables \fI ssl hosts\fR and  \fIssl hosts resign\fR whether an SSL 
+connection will be required.
+
+Default: \fBssl = no\fR
+.TP
+\fBssl CA certDir (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable defines where to look up the Certification
+Authorities. The given directory should contain one file for 
+each CA that Samba will trust. The file name must be the hash 
+value over the "Distinguished Name" of the CA. How this directory 
+is set up is explained later in this document. All files within the 
+directory that don't fit into this naming scheme are ignored. You 
+don't need this variable if you don't verify client certificates.
+
+Default: \fBssl CA certDir = /usr/local/ssl/certs
+\fR.TP
+\fBssl CA certFile (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable is a second way to define the trusted CAs. 
+The certificates of the trusted CAs are collected in one big 
+file and this variable points to the file. You will probably 
+only use one of the two ways to define your CAs. The first choice is 
+preferable if you have many CAs or want to be flexible, the second 
+is preferable if you only have one CA and want to keep things 
+simple (you won't need to create the hashed file names). You 
+don't need this variable if you don't verify client certificates.
+
+Default: \fBssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem
+\fR.TP
+\fBssl ciphers (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable defines the ciphers that should be offered 
+during SSL negotiation. You should not set this variable unless 
+you know what you are doing.
+.TP
+\fBssl client cert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+The certificate in this file is used by  \fBsmbclient(1)\fR if it exists. It's needed 
+if the server requires a client certificate.
+
+Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem
+\fR.TP
+\fBssl client key (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This is the private key for  \fBsmbclient(1)\fR It's only needed if the 
+client should have a certificate. 
+
+Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem
+\fR.TP
+\fBssl compatibility (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This variable defines whether OpenSSL should be configured 
+for bug compatibility with other SSL implementations. This is 
+probably not desirable because currently no clients with SSL 
+implementations other than OpenSSL exist.
+
+Default: \fBssl compatibility = no\fR
+.TP
+\fBssl egd socket (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This option is used to define the location of the communiation socket of 
+an EGD or PRNGD daemon, from which entropy can be retrieved. This option 
+can be used instead of or together with the \fIssl entropy file\fR 
+directive. 255 bytes of entropy will be retrieved from the daemon.
 
-Default:  \fBuse spnego = yes\fR
+Default: \fBnone\fR
+.TP
+\fBssl entropy bytes (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This parameter is used to define the number of bytes which should 
+be read from the \fIssl entropy 
+file\fR If a -1 is specified, the entire file will
+be read.
+
+Default: \fBssl entropy bytes = 255\fR
+.TP
+\fBssl entropy file (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This parameter is used to specify a file from which processes will 
+read "random bytes" on startup. In order to seed the internal pseudo 
+random number generator, entropy must be provided. On system with a 
+\fI/dev/urandom\fR device file, the processes
+will retrieve its entropy from the kernel. On systems without kernel
+entropy support, a file can be supplied that will be read on startup
+and that will be used to seed the PRNG.
+
+Default: \fBnone\fR
+.TP
+\fBssl hosts (G)\fR
+See \fI ssl hosts resign\fR.
+.TP
+\fBssl hosts resign (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+These two variables define whether Samba will go 
+into SSL mode or not. If none of them is defined, Samba will 
+allow only SSL connections. If the  \fIssl hosts\fR variable lists
+hosts (by IP-address, IP-address range, net group or name), 
+only these hosts will be forced into SSL mode. If the \fI ssl hosts resign\fR variable lists hosts, only these 
+hosts will \fBNOT\fR be forced into SSL mode. The syntax for these two 
+variables is the same as for the \fI hosts allow\fR and  \fIhosts deny\fR pair of variables, only 
+that the subject of the decision is different: It's not the access 
+right but whether SSL is used or not. 
+
+The example below requires SSL connections from all hosts
+outside the local net (which is 192.168.*.*).
+
+Default: \fBssl hosts = <empty string>\fR
+
+\fBssl hosts resign = <empty string>\fR
+
+Example: \fBssl hosts resign = 192.168.\fR
+.TP
+\fBssl require clientcert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+If this variable is set to yes, the 
+server will not tolerate connections from clients that don't 
+have a valid certificate. The directory/file given in \fIssl CA certDir\fR
+and \fIssl CA certFile
+\fRwill be used to look up the CAs that issued 
+the client's certificate. If the certificate can't be verified 
+positively, the connection will be terminated. If this variable 
+is set to no, clients don't need certificates. 
+Contrary to web applications you really \fBshould\fR 
+require client certificates. In the web environment the client's 
+data is sensitive (credit card numbers) and the server must prove 
+to be trustworthy. In a file server environment the server's data 
+will be sensitive and the clients must prove to be trustworthy.
+
+Default: \fBssl require clientcert = no\fR
+.TP
+\fBssl require servercert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+If this variable is set to yes, the 
+\fBsmbclient(1)\fR
+ will request a certificate from the server. Same as 
+\fIssl require 
+clientcert\fR for the server.
+
+Default: \fBssl require servercert = no\fR
+.TP
+\fBssl server cert (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This is the file containing the server's certificate. 
+The server \fBmust\fR have a certificate. The 
+file may also contain the server's private key. See later for 
+how certificates and private keys are created.
+
+Default: \fBssl server cert = <empty string>
+\fR.TP
+\fBssl server key (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This file contains the private key of the server. If 
+this variable is not defined, the key is looked up in the 
+certificate file (it may be appended to the certificate). 
+The server \fBmust\fR have a private key
+and the certificate \fBmust\fR 
+match this private key.
+
+Default: \fBssl server key = <empty string>
+\fR.TP
+\fBssl version (G)\fR
+This variable is part of SSL-enabled Samba. This 
+is only available if the SSL libraries have been compiled on your 
+system and the configure option \fB--with-ssl\fR was 
+given at configure time.
+
+This enumeration variable defines the versions of the 
+SSL protocol that will be used. ssl2or3 allows 
+dynamic negotiation of SSL v2 or v3, ssl2 results 
+in SSL v2, ssl3 results in SSL v3 and
+tls1 results in TLS v1. TLS (Transport Layer 
+Security) is the new standard for SSL.
+
+Default: \fBssl version = "ssl2or3"\fR
 .TP
 \fBstat cache (G)\fR
 This parameter determines if smbd(8) will use a cache in order to 
@@ -6378,7 +6661,7 @@ Default: \fBstat cache = yes\fR
 .TP
 \fBstat cache size (G)\fR
 This parameter determines the number of 
-entries in the \fIstat cache\fR.  You should 
+entries in the \fIstat cache\fR. You should 
 never need to change this parameter.
 
 Default: \fBstat cache size = 50\fR
@@ -6449,9 +6732,11 @@ always>\fR parameter.
 Default: \fBstrict sync = no\fR
 .TP
 \fBstrip dot (G)\fR
-This is a boolean that controls whether to 
-strip trailing dots off UNIX filenames. This helps with some 
-CDROMs that have filenames ending in a single dot.
+This parameter is now unused in Samba (2.2.5 and above).
+It used strip trailing dots off UNIX filenames but was not correctly implmented.
+In Samba 2.2.5 and above UNIX filenames ending in a dot are invalid Windows long
+filenames (as they are in Windows NT and above) and are mangled to 8.3 before
+being returned to a client.
 
 Default: \fBstrip dot = no\fR
 .TP
@@ -6462,7 +6747,7 @@ the write call returns. If this is false then the server will be
 guided by the client's request in each write call (clients can 
 set a bit indicating that a particular write should be synchronous). 
 If this is true then every write will be followed by a \fBfsync()
-\fR call to ensure the data is written to disk. Note that 
+\fRcall to ensure the data is written to disk. Note that 
 the \fIstrict sync\fR parameter must be set to
 yes in order for this parameter to have 
 any affect.
@@ -6478,10 +6763,10 @@ are logged onto the system syslog logging levels. Samba debug
 level zero maps onto syslog LOG_ERR, debug 
 level one maps onto LOG_WARNING, debug level 
 two maps onto LOG_NOTICE, debug level three 
-maps onto LOG_INFO. All higher levels are mapped to   LOG_DEBUG.
+maps onto LOG_INFO. All higher levels are mapped to  LOG_DEBUG.
 
 This parameter sets the threshold for sending messages 
-to syslog.  Only messages with debug level less than this value 
+to syslog. Only messages with debug level less than this value 
 will be sent to syslog.
 
 Default: \fBsyslog = 1\fR
@@ -6496,10 +6781,10 @@ Default: \fBsyslog only = no\fR
 \fBtemplate homedir (G)\fR
 When filling out the user information for a Windows NT 
 user, the winbindd(8) daemon 
-uses this parameter to fill in the home directory for that user.  
+uses this parameter to fill in the home directory for that user. 
 If the string \fI%D\fR is present it is substituted 
-with the user's Windows NT domain name.  If the string \fI%U
-\fR is present it is substituted with the user's Windows 
+with the user's Windows NT domain name. If the string \fI%U
+\fRis present it is substituted with the user's Windows 
 NT user name.
 
 Default: \fBtemplate homedir = /home/%D/%U\fR
@@ -6522,43 +6807,30 @@ Default: \fBtime offset = 0\fR
 Example: \fBtime offset = 60\fR
 .TP
 \fBtime server (G)\fR
-This parameter determines if     
+This parameter determines if  
 nmbd(8) advertises itself as a time server to Windows 
 clients.
 
 Default: \fBtime server = no\fR
 .TP
 \fBtimestamp logs (G)\fR
-Synonym for \fI  debug timestamp\fR.
+Synonym for \fI debug timestamp\fR.
 .TP
 \fBtotal print jobs (G)\fR
 This parameter accepts an integer value which defines
 a limit on the maximum number of print jobs that will be accepted 
-system wide at any given time.  If a print job is submitted
+system wide at any given time. If a print job is submitted
 by a client which will exceed this number, then smbd will return an 
-error indicating that no space is available on the server.  The 
-default value of 0 means that no such limit exists.  This parameter
+error indicating that no space is available on the server. The 
+default value of 0 means that no such limit exists. This parameter
 can be used to prevent a server from exceeding its capacity and is
-designed as a printing throttle.  See also 
+designed as a printing throttle. See also 
 \fImax print jobs\fR.
 
 Default: \fBtotal print jobs = 0\fR
 
 Example: \fBtotal print jobs = 5000\fR
 .TP
-\fBunicode (G)\fR
-Specifies whether Samba should try 
-to use unicode on the wire by default. 
-
-Default: \fBunicode = yes\fR
-.TP
-\fBunix charset (G)\fR
-Specifies the charset the unix machine 
-Samba runs on uses. Samba needs to know this in order to be able to 
-convert text to the charsets other SMB clients use.
-
-Default: \fBunix charset = ASCII\fR
-.TP
 \fBunix extensions(G)\fR
 This boolean parameter controls whether Samba 
 implments the CIFS UNIX extensions, as defined by HP. 
@@ -6580,7 +6852,7 @@ old UNIX password (as the SMB password change code has no
 access to the old password cleartext, only the new).
 
 See also \fIpasswd 
-program\fR, \fI  passwd chat\fR.
+program\fR, \fI passwd chat\fR.
 
 Default: \fBunix password sync = no\fR
 .TP
@@ -6612,29 +6884,29 @@ Default: \fBupdate encrypted = no\fR
 .TP
 \fBuse client driver (S)\fR
 This parameter applies only to Windows NT/2000
-clients.  It has no affect on Windows 95/98/ME clients.  When 
+clients. It has no affect on Windows 95/98/ME clients. When 
 serving a printer to Windows NT/2000 clients without first installing
 a valid printer driver on the Samba host, the client will be required
-to install a local printer driver.  From this point on, the client
+to install a local printer driver. From this point on, the client
 will treat the print as a local printer and not a network printer 
-connection.  This is much the same behavior that will occur
-when \fBdisable spoolss = yes\fR.  
+connection. This is much the same behavior that will occur
+when \fBdisable spoolss = yes\fR. 
 
 The differentiating 
 factor is that under normal circumstances, the NT/2000 client will 
-attempt to open the network printer using MS-RPC.  The problem is that
+attempt to open the network printer using MS-RPC. The problem is that
 because the client considers the printer to be local, it will attempt
 to issue the OpenPrinterEx() call requesting access rights associated 
 with the logged on user. If the user possesses local administator rights
 but not root privilegde on the Samba host (often the case), the OpenPrinterEx()
-call will fail.  The result is that the client will now display an "Access
+call will fail. The result is that the client will now display an "Access
 Denied; Unable to connect" message in the printer queue window (even though
-jobs may successfully be printed).  
+jobs may successfully be printed). 
 
 If this parameter is enabled for a printer, then any attempt
 to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
-to PRINTER_ACCESS_USE instead.  Thus allowing the OpenPrinterEx()
-call to succeed.  \fBThis parameter MUST not be able enabled
+to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx()
+call to succeed. \fBThis parameter MUST not be able enabled
 on a print share which has valid print driver installed on the Samba 
 server.\fR
 
@@ -6660,18 +6932,18 @@ will be read to find the names of hosts and users who will be allowed
 access without specifying a password.
 
 \fBNOTE:\fR The use of \fIuse rhosts
-\fR can be a major security hole. This is because you are 
+\fRcan be a major security hole. This is because you are 
 trusting the PC to supply the correct username. It is very easy to 
-get a PC to supply a false username. I recommend that the \fI  use rhosts\fR option be only used if you really know what 
+get a PC to supply a false username. I recommend that the \fI use rhosts\fR option be only used if you really know what 
 you are doing.
 
 Default: \fBuse rhosts = no\fR
 .TP
 \fBuser (S)\fR
-Synonym for \fI  username\fR.
+Synonym for \fI username\fR.
 .TP
 \fBusers (S)\fR
-Synonym for \fI  username\fR.
+Synonym for \fI username\fR.
 .TP
 \fBusername (S)\fR
 Multiple users may be specified in a comma-delimited 
@@ -6702,7 +6974,7 @@ so they cannot do anything that user cannot do.
 
 To restrict a service to a particular set of users you 
 can use the \fIvalid users
-\fR parameter.
+\fRparameter.
 
 If any of the usernames begin with a '@' then the name 
 will be looked up first in the NIS netgroups list (if Samba 
@@ -6784,7 +7056,7 @@ Using '!' is most useful when you have a wildcard mapping line
 later in the file.
 
 For example to map from the name admin 
-or administrator to the UNIX name   root you would use:
+or administrator to the UNIX name  root you would use:
 
 \fBroot = admin administrator\fR
 
@@ -6798,7 +7070,7 @@ map file.
 
 If your system supports the NIS NETGROUP option then 
 the netgroup database is checked before the \fI/etc/group
-\fR database for matching groups.
+\fRdatabase for matching groups.
 
 You can map Windows usernames that have spaces in them
 by using double quotes around the name. For example:
@@ -6813,19 +7085,20 @@ unix user sys, and map the rest to guest. Note the use of the
 \&'!' to tell Samba to stop processing if it gets a match on 
 that line.
 
-
+.sp
 .nf
 		!sys = mary fred
 		guest = *
 		
+.sp
 .fi
 
 Note that the remapping is applied to all occurrences 
-of usernames. Thus if you connect to \\\\server\\fred and   fred is remapped to mary then you 
+of usernames. Thus if you connect to \\\\server\\fred and  fred is remapped to mary then you 
 will actually be connecting to \\\\server\\mary and will need to 
 supply a password suitable for mary not 
 fred. The only exception to this is the 
-username passed to the \fI  password server\fR (if you have one). The password 
+username passed to the \fI password server\fR (if you have one). The password 
 server will receive whatever username the client supplies without 
 modification.
 
@@ -6837,57 +7110,90 @@ they don't own the print job.
 Default: \fBno username map\fR
 
 Example: \fBusername map = /usr/local/samba/lib/users.map
-\fR
-.TP
+\fR.TP
 \fButmp (G)\fR
 This boolean parameter is only available if 
-Samba has been configured and compiled  with the option \fB  --with-utmp\fR. If set to true then Samba will attempt
+Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to true then Samba will attempt
 to add utmp or utmpx records (depending on the UNIX system) whenever a
 connection is made to a Samba server. Sites may use this to record the
 user connecting to a Samba share.
 
-Due to the requirements of the utmp record, we
-are required to create a unique identifier for the
-incoming user.  Enabling this option creates an n^2
-algorithm to find this number.  This may impede
-performance on large installations. 
-
-See also the \fI  utmp directory\fR parameter.
+See also the \fI utmp directory\fR parameter.
 
 Default: \fButmp = no\fR
 .TP
 \fButmp directory(G)\fR
 This parameter is only available if Samba has 
-been configured and compiled with the option \fB  --with-utmp\fR. It specifies a directory pathname that is
+been configured and compiled with the option \fB --with-utmp\fR. It specifies a directory pathname that is
 used to store the utmp or utmpx files (depending on the UNIX system) that
-record user connections to a Samba server. See also the   \fIutmp\fR parameter. By default this is 
+record user connections to a Samba server. See also the  \fIutmp\fR parameter. By default this is 
 not set, meaning the system will use whatever utmp file the 
 native system is set to use (usually 
 \fI/var/run/utmp\fR on Linux).
 
 Default: \fBno utmp directory\fR
-
-Example: \fButmp directory = /var/run/utmp\fR
 .TP
-\fBwtmp directory(G)\fR
-This parameter is only available if Samba has 
-been configured and compiled with the option \fB  --with-utmp\fR. It specifies a directory pathname that is
-used to store the wtmp or wtmpx files (depending on the UNIX system) that
-record user connections to a Samba server. The difference with
-the utmp directory is the fact that user info is kept after a user 
-has logged out.
-See also the   \fIutmp\fR parameter. By default this is 
-not set, meaning the system will use whatever utmp file the 
-native system is set to use (usually 
-\fI/var/run/wtmp\fR on Linux).
+\fBvalid chars (G)\fR
+The option allows you to specify additional 
+characters that should be considered valid by the server in 
+filenames. This is particularly useful for national character 
+sets, such as adding u-umlaut or a-ring.
+
+The option takes a list of characters in either integer 
+or character form with spaces between them. If you give two 
+characters with a colon between them then it will be taken as 
+an lowercase:uppercase pair.
+
+If you have an editor capable of entering the characters 
+into the config file then it is probably easiest to use this 
+method. Otherwise you can specify the characters in octal, 
+decimal or hexadecimal form using the usual C notation.
+
+For example to add the single character 'Z' to the charset 
+(which is a pointless thing to do as it's already there) you could 
+do one of the following
+
+.sp
+.nf
+		valid chars = Z
+		valid chars = z:Z
+		valid chars = 0132:0172
+		
+.sp
+.fi
+
+The last two examples above actually add two characters, 
+and alter the uppercase and lowercase mappings appropriately.
+
+Note that you \fBMUST\fR specify this parameter 
+after the \fIclient code page\fR parameter if you 
+have both set. If \fIclient code page\fR is set after 
+the \fIvalid chars\fR parameter the \fIvalid 
+chars\fR settings will be overwritten.
 
-Default: \fBno wtmp directory\fR
+See also the \fIclient 
+code page\fR parameter.
 
-Example: \fBwtmp directory = /var/log/wtmp\fR
+Default: \fBSamba defaults to using a reasonable set 
+of valid characters for English systems\fR
+
+Example: \fBvalid chars = 0345:0305 0366:0326 0344:0304
+\fR
+The above example allows filenames to have the Swedish 
+characters in them.
+
+\fBNOTE:\fR It is actually quite difficult to 
+correctly produce a \fIvalid chars\fR line for 
+a particular system. To automate the process tino@augsburg.net <URL:mailto:tino@augsburg.net> has written 
+a package called \fBvalidchars\fR which will automatically 
+produce a complete \fIvalid chars\fR line for
+a given client system. Look in the \fIexamples/validchars/
+\fRsubdirectory of your Samba source code distribution 
+for this package.
 .TP
 \fBvalid users (S)\fR
 This is a list of users that should be allowed 
-to login to this service. Names starting with '@', '+' and  '&'
+to login to this service. Names starting with '@', '+' and '&'
 are interpreted using the same rules as described in the 
 \fIinvalid users\fR parameter.
 
@@ -6896,25 +7202,23 @@ If a username is in both this list and the \fIinvalid
 users\fR list then access is denied for that user.
 
 The current servicename is substituted for \fI%S
-\fR. This is useful in the [homes] section.
+\fR\&. This is useful in the [homes] section.
 
 See also \fIinvalid users
 \fR
-
 Default: \fBNo valid users list (anyone can login)
 \fR
-
 Example: \fBvalid users = greg, @pcusers\fR
 .TP
 \fBveto files(S)\fR
 This is a list of files and directories that 
-are neither visible nor accessible.  Each entry in the list must 
+are neither visible nor accessible. Each entry in the list must 
 be separated by a '/', which allows spaces to be included 
 in the entry. '*' and '?' can be used to specify multiple files 
 or directories as in DOS wildcards.
 
 Each entry must be a unix path, not a DOS path and 
-must \fBnot\fR include the  unix directory 
+must \fBnot\fR include the unix directory 
 separator '/'.
 
 Note that the \fIcase sensitive\fR option 
@@ -6933,13 +7237,12 @@ of Samba, as it will be forced to check all files and directories
 for a match as they are scanned.
 
 See also \fIhide files
-\fR and \fI  case sensitive\fR.
+\fRand \fI case sensitive\fR.
 
 Default: \fBNo files or directories are vetoed.
 \fR
-
 Examples:
-
+.sp
 .nf
 ; Veto any files containing the word Security, 
 ; any ending in .tmp, and any directory containing the
@@ -6949,6 +7252,7 @@ veto files = /*Security*/*.tmp/*root*/
 ; Veto the Apple specific files that a NetAtalk server
 ; creates.
 veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/
+.sp
 .fi
 .TP
 \fBveto oplock files (S)\fR
@@ -6971,31 +7275,21 @@ the line (either in the [global] section or in the section for
 the particular NetBench share :
 
 Example: \fBveto oplock files = /*.SEM/
-\fR
-.TP
-\fBvfs path (S)\fR
-This parameter specifies the directory
-to look in for vfs modules. The name of every \fBvfs object
-\fR will be prepended by this directory
-
-Default: \fBvfs path = \fR
-
-Example: \fBvfs path = /usr/lib/samba/vfs\fR
-.TP
+\fR.TP
 \fBvfs object (S)\fR
 This parameter specifies a shared object file that 
-is used for Samba VFS I/O operations.  By default, normal 
+is used for Samba VFS I/O operations. By default, normal 
 disk I/O operations are used but these can be overloaded 
-with a VFS object.  The Samba VFS layer is new to Samba 2.2 and 
+with a VFS object. The Samba VFS layer is new to Samba 2.2 and 
 must be enabled at compile time with --with-vfs.
 
 Default : \fBno value\fR
 .TP
 \fBvfs options (S)\fR
 This parameter allows parameters to be passed 
-to the vfs layer at initialization time.  The Samba VFS layer 
+to the vfs layer at initialization time. The Samba VFS layer 
 is new to Samba 2.2 and must be enabled at compile time 
-with --with-vfs.  See also \fI  vfs object\fR.
+with --with-vfs. See also \fI vfs object\fR.
 
 Default : \fBno value\fR
 .TP
@@ -7015,7 +7309,7 @@ to areas that are outside the directory tree being exported.
 
 Note that setting this parameter can have a negative 
 effect on your server performance due to the extra system calls 
-that Samba has to  do in order to perform the link checks.
+that Samba has to do in order to perform the link checks.
 
 Default: \fBwide links = yes\fR
 .TP
@@ -7031,15 +7325,15 @@ Default: \fBwinbind cache type = 15\fR
 On large installations using
 winbindd(8) it may be
 necessary to suppress the enumeration of users through the
-\fB setpwent()\fR,
+\fBsetpwent()\fR,
 \fBgetpwent()\fR and
-\fBendpwent()\fR group of system calls.  If
+\fBendpwent()\fR group of system calls. If
 the \fIwinbind enum users\fR parameter is
 false, calls to the \fBgetpwent\fR system call
 will not return any data. 
 
 \fBWarning:\fR Turning off user
-enumeration may cause some programs to behave oddly.  For
+enumeration may cause some programs to behave oddly. For
 example, the finger program relies on having access to the
 full user list when searching for matching
 usernames. 
@@ -7050,9 +7344,9 @@ Default: \fBwinbind enum users = yes \fR
 On large installations using
 winbindd(8) it may be
 necessary to suppress the enumeration of groups through the
-\fB setgrent()\fR,
+\fBsetgrent()\fR,
 \fBgetgrent()\fR and
-\fBendgrent()\fR group of system calls.  If
+\fBendgrent()\fR group of system calls. If
 the \fIwinbind enum groups\fR parameter is
 false, calls to the \fBgetgrent()\fR system
 call will not return any data. 
@@ -7064,19 +7358,18 @@ Default: \fBwinbind enum groups = yes \fR
 .TP
 \fBwinbind gid (G)\fR
 The winbind gid parameter specifies the range of group 
-ids that are allocated by the   winbindd(8) daemon.  This range of group ids should have no 
+ids that are allocated by the  winbindd(8) daemon. This range of group ids should have no 
 existing local or NIS groups within it as strange conflicts can 
 occur otherwise.
 
 Default: \fBwinbind gid = <empty string>
 \fR
-
 Example: \fBwinbind gid = 10000-20000\fR
 .TP
 \fBwinbind separator (G)\fR
 This parameter allows an admin to define the character 
 used when listing a username of the form of \fIDOMAIN
-\fR\\\fIuser\fR.  This parameter 
+\fR\\\fIuser\fR. This parameter 
 is only applicable when using the \fIpam_winbind.so\fR
 and \fInss_winbind.so\fR modules for UNIX services.
 
@@ -7090,27 +7383,25 @@ Example: \fBwinbind separator = +\fR
 .TP
 \fBwinbind uid (G)\fR
 The winbind gid parameter specifies the range of group 
-ids that are allocated by the   winbindd(8) daemon.  This range of ids should have no 
+ids that are allocated by the  winbindd(8) daemon. This range of ids should have no 
 existing local or NIS users within it as strange conflicts can 
 occur otherwise.
 
 Default: \fBwinbind uid = <empty string>
 \fR
-
 Example: \fBwinbind uid = 10000-20000\fR
 .TP
 \fBwinbind use default domain\fR
 .TP
 \fBwinbind use default domain\fR
-This parameter specifies whether the   winbindd(8)
-daemon should operate on users without domain component in their username.  
+This parameter specifies whether the  winbindd(8)
+daemon should operate on users without domain component in their username. 
 Users without a domain component are treated as is part of the winbindd server's 
-own domain.  While this does not benifit Windows users, it makes SSH, FTP and e-mail 
+own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail 
 function in a way much closer to the way they would in a native unix system.
 
 Default: \fBwinbind use default domain = <falseg> 
 \fR
-
 Example: \fBwinbind use default domain = true\fR
 .TP
 \fBwins hook (G)\fR
@@ -7124,8 +7415,7 @@ The wins hook parameter specifies the name of a script
 or executable that will be called as follows:
 
 \fBwins_hook operation name nametype ttl IP_list
-\fR
-.RS
+\fR.RS
 .TP 0.2i
 \(bu
 The first argument is the operation and is one 
@@ -7138,7 +7428,7 @@ as an add.
 \(bu
 The second argument is the NetBIOS name. If the 
 name is not a legal name then the wins hook is not called. 
-Legal names contain only  letters, digits, hyphens, underscores 
+Legal names contain only letters, digits, hyphens, underscores 
 and periods.
 .TP 0.2i
 \(bu
@@ -7154,21 +7444,22 @@ The fifth and subsequent arguments are the IP
 addresses currently registered for that name. If this list is 
 empty then the name should be deleted.
 .RE
-
+.PP
 An example script that calls the BIND dynamic DNS update 
 program \fBnsupdate\fR is provided in the examples 
 directory of the Samba source code. 
+.PP
 .TP
 \fBwins proxy (G)\fR
 This is a boolean that controls if nmbd(8) will respond to broadcast name 
-queries on behalf of  other hosts. You may need to set this 
+queries on behalf of other hosts. You may need to set this 
 to yes for some older clients.
 
 Default: \fBwins proxy = no\fR
 .TP
 \fBwins server (G)\fR
 This specifies the IP address (or DNS name: IP 
-address for preference) of the WINS server that   nmbd(8) should register with. If you have a WINS server on 
+address for preference) of the WINS server that  nmbd(8) should register with. If you have a WINS server on 
 your network then you should set this to the WINS server's IP.
 
 You should point this at your WINS server if you have a
@@ -7186,7 +7477,7 @@ Default: \fBnot enabled\fR
 Example: \fBwins server = 192.9.200.1\fR
 .TP
 \fBwins support (G)\fR
-This boolean controls if the    
+This boolean controls if the  
 nmbd(8) process in Samba will act as a WINS server. You should 
 not set this to true unless you have a multi-subnetted network and 
 you wish a particular \fBnmbd\fR to be your WINS server. 
@@ -7206,7 +7497,7 @@ Default: \fBset at compile time to WORKGROUP\fR
 Example: \fBworkgroup = MYGROUP\fR
 .TP
 \fBwritable (S)\fR
-Synonym for \fI  writeable\fR for people who can't spell :-).
+Synonym for \fI writeable\fR for people who can't spell :-).
 .TP
 \fBwrite cache size (S)\fR
 If this integer parameter is set to non-zero value,
@@ -7245,27 +7536,14 @@ Note that if a user is in both the read list and the
 write list then they will be given write access.
 
 See also the \fIread list
-\fR option.
+\fRoption.
 
 Default: \fBwrite list = <empty string>
 \fR
-
 Example: \fBwrite list = admin, root, @staff
-\fR
-.TP
-\fBwins partners (G)\fR
-A space separated list of partners' IP addresses for 
-WINS replication. WINS partners are always defined as push/pull 
-partners as defining only one way WINS replication is unreliable. 
-WINS replication is currently experimental and unreliable between 
-samba servers.
-
-Default: \fBwins partners = \fR
-
-Example: \fBwins partners = 192.168.0.1 172.16.1.2\fR
-.TP
+\fR.TP
 \fBwrite ok (S)\fR
-Synonym for \fI  writeable\fR.
+Synonym for \fI writeable\fR.
 .TP
 \fBwrite raw (G)\fR
 This parameter controls whether or not the server 
@@ -7275,7 +7553,7 @@ You should never need to change this parameter.
 Default: \fBwrite raw = yes\fR
 .TP
 \fBwriteable (S)\fR
-An inverted synonym is   \fIread only\fR.
+An inverted synonym is  \fIread only\fR.
 
 If this parameter is no, then users 
 of a service may not create or modify files in the service's 
@@ -7296,7 +7574,7 @@ problem - but be aware of the possibility.
 On a similar note, many clients - especially DOS clients - 
 limit service names to eight characters. smbd(8)
  has no such limitation, but attempts to connect from such 
-clients will fail if they truncate the service names.  For this reason 
+clients will fail if they truncate the service names. For this reason 
 you should probably keep your service names down to eight characters 
 in length.
 .PP
@@ -7331,5 +7609,5 @@ The original Samba man pages were written by Karl Auer.
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
+release by Jeremy Allison. The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1
index 449a2a24b83..ea7eb57737e 100644
--- a/docs/manpages/smbcacls.1
+++ b/docs/manpages/smbcacls.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCACLS" "1" "28 January 2002" "" ""
+.TH "SMBCACLS" "1" "28 August 2002" "" ""
 .SH NAME
 smbcacls \- Set or get ACLs on an NT file or directory names
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ smbcacls \- Set or get ACLs on an NT file or directory names
 \fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ]  [ \fB-A acls\fR ]  [ \fB-M acls\fR ]  [ \fB-D acls\fR ]  [ \fB-S acls\fR ]  [ \fB-C name\fR ]  [ \fB-G name\fR ]  [ \fB-n\fR ]  [ \fB-h\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 The \fBsmbcacls\fR program manipulates NT Access Control Lists 
 (ACLs) on SMB file shares. 
diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1
index 765c9e52734..8ad27aad69f 100644
--- a/docs/manpages/smbclient.1
+++ b/docs/manpages/smbclient.1
@@ -1,22 +1,21 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCLIENT" "1" "20 augustus 2002" "" ""
+.TH "SMBCLIENT" "1" "28 August 2002" "" ""
 .SH NAME
 smbclient \- ftp-like client to access SMB/CIFS resources  on servers
 .SH SYNOPSIS
-
-\fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ] [ \fB-b <buffer size>\fR ] [ \fB-d debuglevel\fR ] [ \fB-D Directory\fR ] [ \fB-U username\fR ] [ \fB-W workgroup\fR ] [ \fB-M <netbios name>\fR ] [ \fB-m maxprotocol\fR ] [ \fB-A authfile\fR ] [ \fB-N\fR ] [ \fB-l logfile\fR ] [ \fB-L <netbios name>\fR ] [ \fB-I destinationIP\fR ] [ \fB-E <terminal code>\fR ] [ \fB-c <command string>\fR ] [ \fB-i scope\fR ] [ \fB-O <socket options>\fR ] [ \fB-p port\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-T<c|x>IXFqgbNan\fR ]
-
+.sp
+\fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ]  [ \fB-b <buffer size>\fR ]  [ \fB-d debuglevel\fR ]  [ \fB-D Directory\fR ]  [ \fB-U username\fR ]  [ \fB-W workgroup\fR ]  [ \fB-M <netbios name>\fR ]  [ \fB-m maxprotocol\fR ]  [ \fB-A authfile\fR ]  [ \fB-N\fR ]  [ \fB-l logfile\fR ]  [ \fB-L <netbios name>\fR ]  [ \fB-I destinationIP\fR ]  [ \fB-E <terminal code>\fR ]  [ \fB-c <command string>\fR ]  [ \fB-i scope\fR ]  [ \fB-O <socket options>\fR ]  [ \fB-p port\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-s <smb config file>\fR ]  [ \fB-T<c|x>IXFqgbNan\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Samba <URL:samba.7.html> suite.
+This tool is part of the  Samba suite.
 .PP
 \fBsmbclient\fR is a client that can 
 \&'talk' to an SMB/CIFS server. It offers an interface
-similar to that of the ftp program (see \fBftp(1)\fR).  
+similar to that of the ftp program (see \fBftp(1)\fR). 
 Operations include things like getting files from the server 
 to the local machine, putting files from the local machine to 
 the server, retrieving directory information from the server 
@@ -27,15 +26,14 @@ and so on.
 servicename is the name of the service 
 you want to use on the server. A service name takes the form
 \fI//server/service\fR where \fIserver
-\fR is the NetBIOS name of the SMB/CIFS server 
+\fRis the NetBIOS name of the SMB/CIFS server 
 offering the desired service and \fIservice\fR 
-is the name of the service offered.  Thus to connect to 
+is the name of the service offered. Thus to connect to 
 the service "printer" on the SMB/CIFS server "smbserver",
 you would use the servicename \fI//smbserver/printer
 \fR
-
 Note that the server name required is NOT necessarily 
-the IP (DNS) host name of the server !  The name required is 
+the IP (DNS) host name of the server ! The name required is 
 a NetBIOS server name, which may or may not be the
 same as the IP hostname of the machine running the server.
 
@@ -61,7 +59,7 @@ required, simply press ENTER to provide a null password.)
 
 Note: Some servers (including OS/2 and Windows for 
 Workgroups) insist on an uppercase password. Lowercase 
-or mixed case passwords may be rejected by these servers.   
+or mixed case passwords may be rejected by these servers. 
 
 Be cautious about including passwords in scripts.
 .TP
@@ -71,7 +69,7 @@ Specifies the location of the all important
 .TP
 \fB-O socket options\fR
 TCP socket options to set on the client 
-socket. See the socket options parameter in the \fI  smb.conf (5)\fR manpage for the list of valid 
+socket. See the socket options parameter in the \fI smb.conf (5)\fR manpage for the list of valid 
 options. 
 .TP
 \fB-R <name resolve order>\fR
@@ -87,7 +85,7 @@ cause names to be resolved as follows :
 \(bu
 lmhosts : Lookup an IP 
 address in the Samba lmhosts file. If the line in lmhosts has 
-no name type attached to the NetBIOS name (see the lmhosts(5) <URL:lmhosts.5.html> for details) then
+no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
 any name type matches for lookup.
 .TP 0.2i
 \(bu
@@ -96,14 +94,14 @@ name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
 is operating system dependent, for instance on IRIX or Solaris this 
 may be controlled by the \fI/etc/nsswitch.conf\fR 
-file).  Note that this method is only used if the NetBIOS name 
+file). Note that this method is only used if the NetBIOS name 
 type being queried is the 0x20 (server) name type, otherwise 
 it is ignored.
 .TP 0.2i
 \(bu
 wins : Query a name with 
 the IP address listed in the \fIwins server\fR
-parameter.  If no WINS server has
+parameter. If no WINS server has
 been specified this method will be ignored.
 .TP 0.2i
 \(bu
@@ -114,15 +112,17 @@ parameter. This is the least reliable of the name resolution
 methods as it depends on the target host being on a locally 
 connected subnet.
 .RE
-
+.PP
 If this parameter is not set then the name resolve order 
-defined in the \fIsmb.conf\fR file parameter  
+defined in the \fIsmb.conf\fR file parameter 
 (name resolve order) will be used. 
-
+.PP
+.PP
 The default order is lmhosts, host, wins, bcast and without 
 this parameter or any entry in the \fIname resolve order
-\fR parameter of the \fIsmb.conf\fR file the name resolution
+\fRparameter of the \fIsmb.conf\fR file the name resolution
 methods will be attempted in this order. 
+.PP
 .TP
 \fB-M NetBIOS name\fR
 This options allows you to send messages, using 
@@ -139,7 +139,7 @@ The message is also automatically truncated if the message
 is over 1600 bytes, as this is the limit of the protocol. 
 
 One useful trick is to cat the message through
-\fBsmbclient\fR. For example: \fB  cat mymessage.txt | smbclient -M FRED \fR will 
+\fBsmbclient\fR. For example: \fB cat mymessage.txt | smbclient -M FRED \fR will 
 send the message in the file \fImymessage.txt\fR 
 to the machine FRED. 
 
@@ -147,7 +147,7 @@ You may also find the \fI-U\fR and
 \fI-I\fR options useful, as they allow you to 
 control the FROM and TO parts of the message. 
 
-See the message command parameter in the \fI  smb.conf(5)\fR for a description of how to handle incoming 
+See the message command parameter in the \fI smb.conf(5)\fR for a description of how to handle incoming 
 WinPopup messages in Samba. 
 
 \fBNote\fR: Copy WinPopup into the startup group 
@@ -197,7 +197,7 @@ data, and should only be used when investigating a problem.
 Levels above 3 are designed for use only by developers and 
 generate HUGE amounts of log data, most of which is extremely 
 cryptic. If \fIdebuglevel\fR is set to the letter 'A', then \fBall
-\fR  debug messages will be printed. This setting
+\fRdebug messages will be printed. This setting
 is for developers only (and people who \fBreally\fR want 
 to know how the code works internally). 
 
@@ -222,7 +222,7 @@ The base name is used to generate actual log file names.
 For example, if the name specified was "log", the debug file 
 would be \fIlog.client\fR.
 
-The log file generated is never removed by the client.   
+The log file generated is never removed by the client. 
 .TP
 \fB-h\fR
 Print the usage message for the client. 
@@ -267,11 +267,11 @@ a \fBPASSWD\fR environment variable from which
 to read the password. 
 
 A third option is to use a credentials file which 
-contains the plaintext of the domain name, username and password.  This 
+contains the plaintext of the domain name, username and password. This 
 option is mainly provided for scripts where the admin doesn't 
 wish to pass the credentials on the command line or via environment 
 variables. If this method is used, make certain that the permissions 
-on the file restrict access from unwanted users.  See the 
+on the file restrict access from unwanted users. See the 
 \fI-A\fR for more details. 
 
 Be cautious about including passwords in scripts or in 
@@ -284,14 +284,15 @@ it in directly.
 \fB-A filename\fR
 This option allows 
 you to specify a file from which to read the username, domain name, and 
-password used in the connection.  The format of the file is 
-
+password used in the connection. The format of the file is 
 
+.sp
 .nf
 username = <value> 
 password = <value>
 domain = <value>
 		
+.sp
 .fi
 
 If the domain parameter is missing the current workgroup name
@@ -301,8 +302,8 @@ access from unwanted users.
 \fB-L\fR
 This option allows you to look at what services 
 are available on a server. You use it as \fBsmbclient -L 
-host\fR and a list should appear.  The \fI-I
-\fR option may be useful if your NetBIOS names don't 
+host\fR and a list should appear. The \fI-I
+\fRoption may be useful if your NetBIOS names don't 
 match your TCP/IP DNS host names or if you are trying to reach a 
 host on another network. 
 .TP
@@ -310,7 +311,7 @@ host on another network.
 This option tells \fBsmbclient\fR how to interpret 
 filenames coming from the remote server. Usually Asian language 
 multibyte UNIX implementations use different character sets than 
-SMB/CIFS servers (\fBEUC\fR instead of \fB  SJIS\fR for example). Setting this parameter will let 
+SMB/CIFS servers (\fBEUC\fR instead of \fB SJIS\fR for example). Setting this parameter will let 
 \fBsmbclient\fR convert between the UNIX filenames and 
 the SMB filenames correctly. This option has not been seriously tested 
 and may have some problems. 
@@ -333,7 +334,7 @@ servers.
 .TP
 \fB-T tar options\fR
 smbclient may be used to create \fBtar(1)
-\fR compatible backups of all the files on an SMB/CIFS
+\fRcompatible backups of all the files on an SMB/CIFS
 share. The secondary tar flags that can be given to this option 
 are : 
 .RS
@@ -360,18 +361,18 @@ their creation dates restored properly.
 \fII\fR - Include files and directories. 
 Is the default behavior when filenames are specified above. Causes 
 tar files to be included in an extract or create (and therefore 
-everything else to be excluded). See example below.  Filename globbing 
-works  in one of two ways.  See r below. 
+everything else to be excluded). See example below. Filename globbing 
+works in one of two ways. See r below. 
 .TP 0.2i
 \(bu
 \fIX\fR - Exclude files and directories. 
 Causes tar files to be excluded from an extract or create. See 
-example below.  Filename globbing works in one of two ways now. 
+example below. Filename globbing works in one of two ways now. 
 See \fIr\fR below. 
 .TP 0.2i
 \(bu
 \fIb\fR - Blocksize. Must be followed 
-by a valid (greater than zero) blocksize.  Causes tar file to be 
+by a valid (greater than zero) blocksize. Causes tar file to be 
 written out in blocksize*TBLOCK (usually 512 byte) blocks. 
 .TP 0.2i
 \(bu
@@ -381,14 +382,14 @@ files that have the archive bit set. Useful only with the
 .TP 0.2i
 \(bu
 \fIq\fR - Quiet. Keeps tar from printing 
-diagnostics as it works.  This is the same as tarmode quiet. 
+diagnostics as it works. This is the same as tarmode quiet. 
 .TP 0.2i
 \(bu
 \fIr\fR - Regular expression include
-or exclude.  Uses regular  expression matching for 
-excluding or excluding files if  compiled with HAVE_REGEX_H. 
-However this mode can be very slow. If  not compiled with 
-HAVE_REGEX_H, does a limited wildcard match on '*' and  '?'. 
+or exclude. Uses regular expression matching for 
+excluding or excluding files if compiled with HAVE_REGEX_H. 
+However this mode can be very slow. If not compiled with 
+HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. 
 .TP 0.2i
 \(bu
 \fIN\fR - Newer than. Must be followed 
@@ -402,50 +403,63 @@ specified are backed up to the tar file. Useful only with the
 archive bit to be reset when a file is backed up. Useful with the 
 \fIg\fR and \fIc\fR flags. 
 .RE
-
+.PP
 \fBTar Long File Names\fR
-
+.PP
+.PP
 \fBsmbclient\fR's tar option now supports long 
 file names both on backup and restore. However, the full path 
-name of the file must be less than 1024 bytes.  Also, when
+name of the file must be less than 1024 bytes. Also, when
 a tar archive is created, \fBsmbclient\fR's tar option places all 
 files in the archive with relative names, not absolute names. 
-
+.PP
+.PP
 \fBTar Filenames\fR
-
+.PP
+.PP
 All file names can be given as DOS path names (with '\\' 
 as the component separator) or as UNIX path names (with '/' as 
 the component separator). 
-
+.PP
+.PP
 \fBExamples\fR
-
+.PP
+.PP
 Restore from tar file \fIbackup.tar\fR into myshare on mypc 
 (no password on share). 
-
+.PP
+.PP
 \fBsmbclient //mypc/yshare "" -N -Tx backup.tar
-\fR
-
+\fR.PP
+.PP
 Restore everything except \fIusers/docs\fR
-
+.PP
+.PP
 \fBsmbclient //mypc/myshare "" -N -TXx backup.tar 
 users/docs\fR
-
-Create a tar file of the files beneath \fI  users/docs\fR. 
-
+.PP
+.PP
+Create a tar file of the files beneath \fI users/docs\fR. 
+.PP
+.PP
 \fBsmbclient //mypc/myshare "" -N -Tc
 backup.tar users/docs \fR
-
+.PP
+.PP
 Create the same tar file as above, but now use 
 a DOS path name. 
-
+.PP
+.PP
 \fBsmbclient //mypc/myshare "" -N -tc backup.tar 
 users\\edocs \fR
-
+.PP
+.PP
 Create a tar file of all the files and directories in 
 the share. 
-
+.PP
+.PP
 \fBsmbclient //mypc/myshare "" -N -Tc backup.tar *
-\fR
+\fR.PP
 .TP
 \fB-D initial directory\fR
 Change to initial directory before starting. Probably 
@@ -453,7 +467,7 @@ only of any use with the tar -T option.
 .TP
 \fB-c command string\fR
 command string is a semicolon-separated list of 
-commands to be executed instead of prompting from stdin. \fI  -N\fR is implied by \fI-c\fR.
+commands to be executed instead of prompting from stdin. \fI -N\fR is implied by \fI-c\fR.
 
 This is particularly useful in scripts and for printing stdin 
 to the server, e.g. \fB-c 'print -'\fR. 
@@ -472,14 +486,14 @@ The prompt indicates that the client is ready and waiting to
 carry out a user command. Each command is a single word, optionally 
 followed by parameters specific to that command. Command and parameters 
 are space-delimited unless these notes specifically
-state otherwise. All commands are case-insensitive.  Parameters to 
+state otherwise. All commands are case-insensitive. Parameters to 
 commands may or may not be case sensitive, depending on the command. 
 .PP
 You can specify file names which have spaces in them by quoting 
 the name with double quotes, for example "a long file name". 
 .PP
 Parameters shown in square brackets (e.g., "[parameter]") are 
-optional.  If not given, the command will use suitable defaults. Parameters 
+optional. If not given, the command will use suitable defaults. Parameters 
 shown in angle brackets (e.g., "<parameter>") are required.
 .PP
 Note that all commands operating on the server are actually 
@@ -490,12 +504,12 @@ The commands available are given here in alphabetical order.
 .TP
 \fB? [command]\fR
 If \fIcommand\fR is specified, the ? command will display 
-a brief informative message about the specified command.  If no 
+a brief informative message about the specified command. If no 
 command is specified, a list of available commands will
 be displayed. 
 .TP
 \fB! [shell command]\fR
-If \fIshell command\fR is specified, the !  
+If \fIshell command\fR is specified, the ! 
 command will execute a shell locally and run the specified shell 
 command. If no command is specified, a local shell will be run. 
 .TP
@@ -545,7 +559,7 @@ from the program.
 \fBget <remote file name> [local file name]\fR
 Copy the file called \fIremote file name\fR from 
 the server to the machine running the client. If specified, name 
-the local copy \fIlocal file name\fR.  Note that all transfers in 
+the local copy \fIlocal file name\fR. Note that all transfers in 
 \fBsmbclient\fR are binary. See also the 
 lowercase command. 
 .TP
@@ -703,7 +717,7 @@ outside the currently connected share. This is enforced by the Samba server.
 .TP
 \fBtar <c|x>[IXbgNa]\fR
 Performs a tar operation - see the \fI-T
-\fR command line option above. Behavior may be affected 
+\fRcommand line option above. Behavior may be affected 
 by the tarmode command (see below). Using g (incremental) and N 
 (newer) will affect tarmode settings. Note that using the "-" option 
 with tar x may not work - use the command line option instead. 
@@ -736,18 +750,18 @@ supports the LANMAN2 protocol or above.
 .SH "ENVIRONMENT VARIABLES"
 .PP
 The variable \fBUSER\fR may contain the 
-username of the person  using the client. This information is 
-used only if the protocol  level is high enough to support 
+username of the person using the client. This information is 
+used only if the protocol level is high enough to support 
 session-level passwords.
 .PP
 The variable \fBPASSWD\fR may contain 
-the password of the person using the client.  This information is 
+the password of the person using the client. This information is 
 used only if the protocol level is high enough to support 
 session-level passwords. 
 .PP
 The variable \fBLIBSMB_PROG\fR may contain 
 the path, executed with system(), which the client should connect 
-to instead of connecting to a server.  This functionality is primarily
+to instead of connecting to a server. This functionality is primarily
 intended as a development aid, and works best when using a LMHOSTS 
 file
 .SH "INSTALLATION"
@@ -767,7 +781,7 @@ and writeable only by the user.
 .PP
 To test the client, you will need to know the name of a 
 running SMB/CIFS server. It is possible to run \fBsmbd(8)
-\fR as an ordinary user - running that server as a daemon 
+\fRas an ordinary user - running that server as a daemon 
 on a user-accessible port (typically any port number over 1024)
 would provide a suitable test server. 
 .SH "DIAGNOSTICS"
@@ -794,5 +808,5 @@ The original Samba man pages were written by Karl Auer.
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
+release by Jeremy Allison. The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1
index d1479bff258..13af47fa016 100644
--- a/docs/manpages/smbcontrol.1
+++ b/docs/manpages/smbcontrol.1
@@ -3,25 +3,33 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBCONTROL" "1" "15 August 2002" "" ""
+.TH "SMBCONTROL" "1" "28 August 2002" "" ""
 .SH NAME
 smbcontrol \- send messages to smbd, nmbd or winbindd processes
 .SH SYNOPSIS
 .sp
-\fBsmbcontrol\fR [ \fB-i\fR ] 
+\fBsmbcontrol\fR [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  \fB-i\fR
 .sp
-\fBsmbcontrol\fR [ \fBdestination\fR ]  [ \fBmessage-type\fR ]  [ \fBparameter\fR ] 
+\fBsmbcontrol\fR [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ]  \fBdestination\fR \fBmessage-type\fR [ \fBparameter\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBsmbcontrol\fR is a very small program, which 
-sends messages to an smbd(8), 
+sends messages to an smbd(8) 
 an nmbd(8)
-or a winbindd(8)
+or a winbindd(8) 
 daemon running on the system.
 .SH "OPTIONS"
 .TP
+\fB-d <debuglevel>\fR
+debuglevel is an integer from 0 to 10.
+.TP
+\fB-s <smb.conf>\fR
+This parameter specifies the pathname to
+the Samba configuration file,  smb.conf(5) This file controls all aspects of
+the Samba setup on the machine.
+.TP
 \fB-i\fR
 Run interactively. Individual commands 
 of the form destination message-type parameters can be entered 
@@ -47,7 +55,7 @@ One of: close-share,
 debug, 
 force-election, ping
 , profile,  debuglevel, profilelevel, 
-or printnotify.
+or printer-notify.
 
 The close-share message-type sends a 
 message to smbd which will then close the client connections to
@@ -90,40 +98,11 @@ a "request profile level" message. The current profile level
 setting is returned by a "profilelevel" message. This can be sent 
 to any smbd or nmbd destinations.
 
-The printnotify message-type sends a 
+The printer-notify message-type sends a 
 message to smbd which in turn sends a printer notify message to 
-any Windows NT clients connected to a printer. This message-type
-takes the following arguments:
-.RS
-.TP
-\fBqueuepause printername\fR
-Send a queue pause change notify
-message to the printer specified.
-.TP
-\fBqueueresume printername\fR
-Send a queue resume change notify
-message for the printer specified.
-.TP
-\fBjobpause printername unixjobid\fR
-Send a job pause change notify
-message for the printer and unix jobid
-specified.
-.TP
-\fBjobresume printername unixjobid\fR
-Send a job resume change notify
-message for the printer and unix jobid
-specified.
-.TP
-\fBjobdelete printername unixjobid\fR
-Send a job delete change notify
-message for the printer and unix jobid
-specified.
-.RE
-.PP
-Note that this message only sends notification that an
-event has occured. It doesn't actually cause the
-event to happen.
-This message can only be sent to smbd. 
+any Windows NT clients connected to a printer. This message-type 
+takes an argument of the printer name to send notify messages to. 
+This message can only be sent to smbd.
 .TP
 \fBparameters\fR
 any parameters required for the message-type
@@ -133,8 +112,8 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBnmbd(8)\fR, 
-and \fBsmbd(8)\fR.
+\fBnmbd(8)\fR 
+and \fBsmbd(8)\fR
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8
index 83483c88350..b6fd01e1886 100644
--- a/docs/manpages/smbd.8
+++ b/docs/manpages/smbd.8
@@ -3,12 +3,12 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBD" "8" "08 May 2002" "" ""
+.TH "SMBD" "8" "28 August 2002" "" ""
 .SH NAME
 smbd \- server to provide SMB/CIFS services to clients
 .SH SYNOPSIS
 .sp
-\fBsmbd\fR [ \fB-D\fR ]  [ \fB-a\fR ]  [ \fB-i\fR ]  [ \fB-o\fR ]  [ \fB-P\fR ]  [ \fB-h\fR ]  [ \fB-V\fR ]  [ \fB-b\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-l <log directory>\fR ]  [ \fB-p <port number>\fR ]  [ \fB-O <socket option>\fR ]  [ \fB-s <configuration file>\fR ] 
+\fBsmbd\fR [ \fB-D\fR ]  [ \fB-a\fR ]  [ \fB-i\fR ]  [ \fB-o\fR ]  [ \fB-P\fR ]  [ \fB-h\fR ]  [ \fB-V\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-l <log directory>\fR ]  [ \fB-p <port number>\fR ]  [ \fB-O <socket option>\fR ]  [ \fB-s <configuration file>\fR ] 
 .SH "DESCRIPTION"
 .PP
 This program is part of the Samba suite.
@@ -26,13 +26,13 @@ An extensive description of the services that the
 server can provide is given in the man page for the 
 configuration file controlling the attributes of those 
 services (see \fIsmb.conf(5)
-\fR. This man page will not describe the 
+\fR This man page will not describe the 
 services, but will concentrate on the administrative aspects 
 of running the server.
 .PP
 Please note that there are significant security 
-implications to running this server, and the \fIsmb.conf(5)\fR
-manpage should be regarded as mandatory reading before 
+implications to running this server, and the \fIsmb.conf(5)\fR 
+manpage should be regarded as mandatory reading before
 proceeding with installation.
 .PP
 A session is created whenever a client requests one. 
@@ -90,10 +90,6 @@ for \fBsmbd\fR.
 Prints the version number for 
 \fBsmbd\fR.
 .TP
-\fB-b\fR
-Prints information about how 
-Samba was built.
-.TP
 \fB-d <debug level>\fR
 \fIdebuglevel\fR is an integer 
 from 0 to 10. The default value if this parameter is 
@@ -103,7 +99,7 @@ The higher this value, the more detail will be
 logged to the log files about the activities of the 
 server. At level 0, only critical errors and serious 
 warnings will be logged. Level 1 is a reasonable level for
-day to day running - it generates a small amount of 
+day to day running - it generates a small amount of
 information about operations carried out.
 
 Levels above 1 will generate considerable 
@@ -114,7 +110,7 @@ data, most of which is extremely cryptic.
 
 Note that specifying this parameter here will 
 override the log
-levelfile.
+level file.
 .TP
 \fB-l <log directory>\fR
 If specified,
@@ -124,7 +120,7 @@ file will be created for informational and debug
 messages from the running server. The log 
 file generated is never removed by the server although 
 its size may be controlled by the max log size
-option in the \fI smb.conf(5)\fRfile. \fBBeware:\fR
+option in the \fI smb.conf(5)\fR file. \fBBeware:\fR
 If the directory specified does not exist, \fBsmbd\fR
 will log to the default debug log location defined at compile time.
 
@@ -132,19 +128,19 @@ The default log directory is specified at
 compile time.
 .TP
 \fB-O <socket options>\fR
-See the socket options
+See the socket options 
 parameter in the \fIsmb.conf(5)
-\fRfile for details.
+\fR file for details.
 .TP
 \fB-p <port number>\fR
-\fIport number\fR is a positive integer 
+\fIport number\fR is a positive integer
 value. The default value if this parameter is not 
 specified is 139.
 
 This number is the port number that will be 
 used when making connections to the server from client 
 software. The standard (well-known) port number for the 
-SMB over TCP is 139, hence the default. If you wish to 
+SMB over TCP is 139, hence the default. If you wish to
 run the server as an ordinary user rather than
 as root, most systems will require you to use a port 
 number greater than 1024 - ask your system administrator 
@@ -165,50 +161,50 @@ configuration details required by the server. The
 information in this file includes server-specific
 information such as what printcap file to use, as well 
 as descriptions of all the services that the server is 
-to provide. See \fI smb.conf(5)\fRfor more information.
-The default configuration file name is determined at 
+to provide. See \fI smb.conf(5)\fR for more information.
+The default configuration file name is determined at
 compile time.
 .SH "FILES"
 .TP
 \fB\fI/etc/inetd.conf\fB\fR
-If the server is to be run by the 
+If the server is to be run by the
 \fBinetd\fR meta-daemon, this file 
 must contain suitable startup information for the 
 meta-daemon. See the UNIX_INSTALL.html
 document for details.
 .TP
 \fB\fI/etc/rc\fB\fR
-or whatever initialization script your 
+or whatever initialization script your
 system uses).
 
-If running the server as a daemon at startup, 
-this file will need to contain an appropriate startup 
+If running the server as a daemon at startup,
+this file will need to contain an appropriate startup
 sequence for the server. See the UNIX_INSTALL.html
 document for details.
 .TP
 \fB\fI/etc/services\fB\fR
-If running the server via the 
-meta-daemon \fBinetd\fR, this file 
-must contain a mapping of service name (e.g., netbios-ssn) 
-to service port (e.g., 139) and protocol type (e.g., tcp). 
+If running the server via the
+meta-daemon \fBinetd\fR, this file
+must contain a mapping of service name (e.g., netbios-ssn)
+to service port (e.g., 139) and protocol type (e.g., tcp).
 See the UNIX_INSTALL.html
 document for details.
 .TP
 \fB\fI/usr/local/samba/lib/smb.conf\fB\fR
-This is the default location of the 
+This is the default location of the
 \fIsmb.conf\fR
-server configuration file. Other common places that systems 
-install this file are \fI/usr/samba/lib/smb.conf\fR 
+server configuration file. Other common places that systems
+install this file are \fI/usr/samba/lib/smb.conf\fR
 and \fI/etc/smb.conf\fR.
 
-This file describes all the services the server 
-is to make available to clients. See  \fIsmb.conf(5)\fRfor more information.
+This file describes all the services the server
+is to make available to clients. See  \fIsmb.conf(5)\fR for more information.
 .SH "LIMITATIONS"
 .PP
-On some systems \fBsmbd\fR cannot change uid back 
-to root after a setuid() call. Such systems are called 
-trapdoor uid systems. If you have such a system, 
-you will be unable to connect from a client (such as a PC) as 
+On some systems \fBsmbd\fR cannot change uid back
+to root after a setuid() call. Such systems are called
+trapdoor uid systems. If you have such a system,
+you will be unable to connect from a client (such as a PC) as
 two different users at once. Attempts to connect the
 second user will result in access denied or 
 similar.
@@ -222,10 +218,10 @@ not defined) as the name of the printer to use. This
 is not specific to the server, however.
 .SH "PAM INTERACTION"
 .PP
-Samba uses PAM for authentication (when presented with a plaintext 
+Samba uses PAM for authentication (when presented with a plaintext
 password), for account checking (is this account disabled?) and for
 session management. The degree too which samba supports PAM is restricted
-by the limitations of the SMB protocol and the 
+by the limitations of the SMB protocol and the
 obey pam restricions
 smb.conf paramater. When this is set, the following restrictions apply:
 .TP 0.2i
@@ -237,47 +233,55 @@ login at this time. This also applies to encrypted logins.
 .TP 0.2i
 \(bu
 \fBSession Management\fR: When not using share 
-level secuirty, users must pass PAM's session checks before access 
+level secuirty, users must pass PAM's session checks before access
 is granted. Note however, that this is bypassed in share level secuirty. 
 Note also that some older pam configuration files may need a line 
 added for session support. 
 .SH "VERSION"
 .PP
-This man page is correct for version 2.2 of 
+This man page is correct for version 2.2 of
 the Samba suite.
-.SH "DIAGNOSTICS"
+.SH "TROUBLESHOOTING"
+.PP
+One of the common causes of difficulty when installing Samba and SWAT
+is the existsnece of some type of firewall or port filtering software
+on the Samba server. Make sure that the appropriate ports
+outlined in this man page are available on the server and are not currently
+being blocked by some type of security software such as iptables or
+"port sentry". For more troubleshooting information, refer to the additional
+documentation included in the Samba distribution.
 .PP
-Most diagnostics issued by the server are logged 
-in a specified log file. The log file name is specified 
+Most diagnostics issued by the server are logged
+in a specified log file. The log file name is specified
 at compile time, but may be overridden on the command line.
 .PP
-The number and nature of diagnostics available depends 
-on the debug level used by the server. If you have problems, set 
+The number and nature of diagnostics available depends
+on the debug level used by the server. If you have problems, set
 the debug level to 3 and peruse the log files.
 .PP
-Most messages are reasonably self-explanatory. Unfortunately, 
-at the time this man page was created, there are too many diagnostics 
-available in the source code to warrant describing each and every 
-diagnostic. At this stage your best bet is still to grep the 
-source code and inspect the conditions that gave rise to the 
+Most messages are reasonably self-explanatory. Unfortunately,
+at the time this man page was created, there are too many diagnostics
+available in the source code to warrant describing each and every
+diagnostic. At this stage your best bet is still to grep the
+source code and inspect the conditions that gave rise to the
 diagnostics you are seeing.
 .SH "SIGNALS"
 .PP
-Sending the \fBsmbd\fR a SIGHUP will cause it to 
-reload its \fIsmb.conf\fR configuration 
+Sending the \fBsmbd\fR a SIGHUP will cause it to
+reload its \fIsmb.conf\fR configuration
 file within a short period of time.
 .PP
-To shut down a user's \fBsmbd\fR process it is recommended 
-that \fBSIGKILL (-9)\fR \fBNOT\fR 
+To shut down a user's \fBsmbd\fR process it is recommended
+that \fBSIGKILL (-9)\fR \fBNOT\fR
 be used, except as a last resort, as this may leave the shared
-memory area in an inconsistent state. The safe way to terminate 
-an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for 
+memory area in an inconsistent state. The safe way to terminate
+an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for
 it to die on its own.
 .PP
 The debug log level of \fBsmbd\fR may be raised
 or lowered using \fBsmbcontrol(1)
-\fRprogram (SIGUSR[1|2] signals are no longer used in
-Samba 2.2). This is to allow transient problems to be diagnosed, 
+\fR program (SIGUSR[1|2] signals are no longer used in
+Samba 2.2). This is to allow transient problems to be diagnosed,
 whilst still running at a normally low log level.
 .PP
 Note that as the signal handlers send a debug write, 
@@ -289,10 +293,10 @@ them after, however this would affect performance.
 .SH "SEE ALSO"
 .PP
 hosts_access(5), \fBinetd(8)\fR, 
-\fBnmbd(8)\fR, 
+\fBnmbd(8)\fR 
 \fIsmb.conf(5)\fR
-, \fBsmbclient(1)
-\fR, and the Internet RFC's
+ \fBsmbclient(1)
+\fR and the Internet RFC's
 \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. 
 In addition the CIFS (formerly SMB) specification is available 
 as a link from the Web page  
diff --git a/docs/manpages/smbgroupedit.8 b/docs/manpages/smbgroupedit.8
deleted file mode 100644
index 9f01fcaaeae..00000000000
--- a/docs/manpages/smbgroupedit.8
+++ /dev/null
@@ -1,159 +0,0 @@
-.\" This manpage has been automatically generated by docbook2man-spec
-.\" from a DocBook document.  docbook2man-spec can be found at:
-.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
-.\" Please send any bug reports, improvements, comments, patches, 
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBGROUPEDIT" "8" "28 January 2002" "" ""
-.SH NAME
-smbgroupedit \- Query/set/change UNIX - Windows NT group mapping
-.SH SYNOPSIS
-.sp
-\fBsmbroupedit\fR [ \fB-v [l|s]\fR ]  [ \fB-a UNIX-groupname [-d NT-groupname|-p prividge|\fR ] 
-.SH "DESCRIPTION"
-.PP
-This program is part of the Samba
-suite.
-.PP
-The smbgroupedit command allows for mapping unix groups
-to NT Builtin, Domain, or Local groups. Also
-allows setting privileges for that group, such as saAddUser,
-etc.
-.SH "OPTIONS"
-.TP
-\fB-v[l|s]\fR
-This option will list all groups available
-in the Windows NT domain in which samba is operating.
-.RS
-.TP
-\fB-l\fR
-give a long listing, of the format:
-
-.sp
-.nf
-"NT Group Name"
-    SID            :
-    Unix group     :
-    Group type     :
-    Comment        :
-    Privilege      :
-.sp
-.fi
-
-For examples,
-
-.sp
-.nf
-Users
-    SID : S-1-5-32-545
-    Unix group: -1
-    Group type: Local group
-    Comment :
-    Privilege : No privilege
-.sp
-.fi
-.TP
-\fB-s\fR
-display a short listing of the format:
-
-.sp
-.nf
-NTGroupName(SID) -> UnixGroupName
-.sp
-.fi
-
-For example,
-
-.sp
-.nf
-Users (S-1-5-32-545) -> -1
-.sp
-.fi
-.RE
-.SH "FILES"
-.PP
-.SH "EXIT STATUS"
-.PP
-\fBsmbgroupedit\fR returns a status of 0 if the
-operation completed successfully, and a value of 1 in the event
-of a failure.
-.SH "EXAMPLES"
-.PP
-To make a subset of your samba PDC users members of
-the 'Domain Admins' Global group:
-.IP 1. 
-create a unix group (usually in
-\fI/etc/group\fR), let's call it domadm.
-.IP 2. 
-add to this group the users that you want to be
-domain administrators. For example if you want joe, john and mary,
-your entry in \fI/etc/group\fR will look like:
-
-domadm:x:502:joe,john,mary
-.IP 3. 
-map this domadm group to the 'domain admins' group:
-.RS
-.IP 1. 
-Get the SID for the Windows NT "Domain Admins"
-group:
-
-.sp
-.nf
-root# \fBsmbgroupedit -vs | grep "Domain Admins"\fR
-Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1
-.sp
-.fi
-.IP 2. 
-map the unix domadm group to the Windows NT
-"Domain Admins" group, by running the command:
-
-.sp
-.nf
-root# \fBsmbgroupedit \\
--c S-1-5-21-1108995562-3116817432-1375597819-512 \\
--u domadm\fR
-.sp
-.fi
-
-\fBwarning:\fR don't copy and paste this sample, the
-Domain Admins SID (the S-1-5-21-...-512) is different for every PDC.
-.RE
-.PP
-To verify that you mapping has taken effect:
-.PP
-.PP
-.sp
-.nf
-root# \fBsmbgroupedit -vs|grep "Domain Admins"\fR
-Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm
-.sp
-.fi
-.PP
-.PP
-To give access to a certain directory on a domain member machine (an
-NT/W2K or a samba server running winbind) to some users who are member
-of a group on your samba PDC, flag that group as a domain group:
-.PP
-.PP
-.sp
-.nf
-root# \fBsmbgroupedit -a unixgroup -td\fR
-.sp
-.fi
-.PP
-.SH "VERSION"
-.PP
-This man page is correct for the 3.0alpha releases of
-the Samba suite.
-.SH "SEE ALSO"
-.PP
-smb.conf(5)
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar
-to the way the Linux kernel is developed.
-.PP
-\fBsmbgroupedit\fR was written by Jean Francois Micouleau.
-The current set of manpages and documentation is maintained
-by the Samba Team in the same fashion as the Samba source code.
diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8
index 885ab82f998..e3d90cfa1a0 100644
--- a/docs/manpages/smbmnt.8
+++ b/docs/manpages/smbmnt.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBMNT" "8" "28 January 2002" "" ""
+.TH "SMBMNT" "8" "28 August 2002" "" ""
 .SH NAME
 smbmnt \- helper utility for mounting SMB filesystems
 .SH SYNOPSIS
@@ -21,7 +21,7 @@ by the user, and that the user has write permission on.
 .PP
 The \fBsmbmnt\fR program is normally invoked 
 by \fBsmbmount(8)\fR
-. It should not be invoked directly by users. 
+ It should not be invoked directly by users. 
 .PP
 smbmount searches the normal PATH for smbmnt. You must ensure
 that the smbmnt version in your path matches the smbmount used.
diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8
index 0d4a7fc8708..a53606321f7 100644
--- a/docs/manpages/smbmount.8
+++ b/docs/manpages/smbmount.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBMOUNT" "8" "08 May 2002" "" ""
+.TH "SMBMOUNT" "8" "28 August 2002" "" ""
 .SH NAME
 smbmount \- mount an smbfs filesystem
 .SH SYNOPSIS
@@ -115,7 +115,7 @@ sets the workgroup on the destination
 .TP
 \fBsockopt=<arg>\fR
 sets the TCP socket options. See the \fIsmb.conf
-\fR\fIsocket options\fR option.
+\fR \fIsocket options\fR option.
 .TP
 \fBscope=<arg>\fR
 sets the NetBIOS scope 
@@ -198,7 +198,7 @@ source tree may contain additional options and information.
 FreeBSD also has a smbfs, but it is not related to smbmount
 .PP
 For Solaris, HP-UX and others you may want to look at
-\fBsmbsh(1)\fRor at other
+\fBsmbsh(1)\fR or at other
 solutions, such as sharity or perhaps replacing the SMB server with
 a NFS server.
 .SH "AUTHOR"
diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5
index 39281eb34e9..6d92f0f42f2 100644
--- a/docs/manpages/smbpasswd.5
+++ b/docs/manpages/smbpasswd.5
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBPASSWD" "5" "28 January 2002" "" ""
+.TH "SMBPASSWD" "5" "28 August 2002" "" ""
 .SH NAME
 smbpasswd \- The Samba encrypted password file
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ smbpasswd \- The Samba encrypted password file
 \fIsmbpasswd\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 smbpasswd is the Samba encrypted password file. It contains 
 the username, Unix user id and the SMB hashed passwords of the 
@@ -23,7 +23,7 @@ Samba and has had several different formats in the past.
 The format of the smbpasswd file used by Samba 2.2 
 is very similar to the familiar Unix \fIpasswd(5)\fR 
 file. It is an ASCII file containing one line for each user. Each field 
-ithin each line is separated from the next by a colon. Any entry 
+within each line is separated from the next by a colon. Any entry 
 beginning with '#' is ignored. The smbpasswd file contains the 
 following information for each user: 
 .TP
@@ -109,7 +109,7 @@ in the smbpasswd file.
 account has no password (the passwords in the fields LANMAN 
 Password Hash and NT Password Hash are ignored). Note that this 
 will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5)
-\fRconfig file. 
+\fR config file. 
 .TP 0.2i
 \(bu
 \fBD\fR - This means the account 
@@ -141,8 +141,8 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbpasswd(8)\fR, 
-samba(7), and
+\fBsmbpasswd(8)\fR 
+samba(7) and
 the Internet RFC1321 for details on the MD4 algorithm.
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8
index 1a841e53cea..a1341ed4d34 100644
--- a/docs/manpages/smbpasswd.8
+++ b/docs/manpages/smbpasswd.8
@@ -3,15 +3,21 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBPASSWD" "8" "28 January 2002" "" ""
+.TH "SMBPASSWD" "8" "28 August 2002" "" ""
 .SH NAME
 smbpasswd \- change a user's SMB password
 .SH SYNOPSIS
+.PP
+When run by root:
+.sp
+\fBsmbpasswd\fR [ \fBoptions\fR ]  [ \fBusername\fR ]  [ \fBpassword\fR ] 
+.PP
+otherwise:
 .sp
-\fBsmbpasswd\fR [ \fB-a\fR ]  [ \fB-x\fR ]  [ \fB-d\fR ]  [ \fB-e\fR ]  [ \fB-D debuglevel\fR ]  [ \fB-n\fR ]  [ \fB-r <remote machine>\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-m\fR ]  [ \fB-j DOMAIN\fR ]  [ \fB-U username[%password]\fR ]  [ \fB-h\fR ]  [ \fB-s\fR ]  [ \fB-w pass\fR ]  [ \fBusername\fR ] 
+\fBsmbpasswd\fR [ \fBoptions\fR ]  [ \fBpassword\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 The smbpasswd program has several different 
 functions, depending on whether it is run by the \fBroot\fR 
@@ -50,26 +56,118 @@ directly, thus enabling changes to be made even if smbd is not
 running. 
 .SH "OPTIONS"
 .TP
+\fB-L\fR
+Run the smbpasswd command in local mode. This 
+allows a non-root user to specify the root-only options. This 
+is used mostly in test environments where a non-root user needs
+to make changes to the local \fIsmbpasswd\fR file.
+The \fIsmbpasswd\fR file must have read/write 
+permissions for the user running the command.
+.TP
+\fB-h\fR
+This option prints the help string for 
+\fBsmbpasswd\fR. 
+.TP
+\fB-c smb.conf file\fR
+This option specifies that the configuration
+file specified should be used instead of the default value
+specified at compile time. 
+.TP
+\fB-D debuglevel\fR
+\fIdebuglevel\fR is an integer 
+from 0 to 10. The default value if this parameter is not specified 
+is zero. 
+
+The higher this value, the more detail will be logged to the 
+log files about the activities of smbpasswd. At level 0, only 
+critical errors and serious warnings will be logged. 
+
+Levels above 1 will generate considerable amounts of log 
+data, and should only be used when investigating a problem. Levels 
+above 3 are designed for use only by developers and generate
+HUGE amounts of log data, most of which is extremely cryptic. 
+.TP
+\fB-r remote machine name\fR
+This option allows a user to specify what machine 
+they wish to change their password on. Without this parameter 
+smbpasswd defaults to the local host. The \fIremote 
+machine name\fR is the NetBIOS name of the SMB/CIFS 
+server to contact to attempt the password change. This name is 
+resolved into an IP address using the standard name resolution 
+mechanism in all programs of the Samba suite. See the \fI-R 
+name resolve order\fR parameter for details on changing 
+this resolving mechanism. 
+
+The username whose password is changed is that of the 
+current UNIX logged on user. See the \fI-U username\fR
+parameter for details on changing the password for a different 
+username. 
+
+Note that if changing a Windows NT Domain password the 
+remote machine specified must be the Primary Domain Controller for 
+the domain (Backup Domain Controllers only have a read-only
+copy of the user account database and will not allow the password 
+change).
+
+\fBNote\fR that Windows 95/98 do not have 
+a real password database so it is not possible to change passwords 
+specifying a Win95/98 machine as remote machine target. 
+.TP
+\fB-s\fR
+This option causes smbpasswd to be silent (i.e. 
+not issue prompts) and to read its old and new passwords from 
+standard input, rather than from \fI/dev/tty\fR 
+(like the \fBpasswd(1)\fR program does). This option 
+is to aid people writing scripts to drive smbpasswd
+.TP
+\fB-S\fR
+This option causes \fBsmbpasswd\fR
+to query a domain controller of the domain specified 
+by the workgroup
+parameter in \fIsmb.conf\fR and store the
+domain SID in the \fIsecrets.tdb\fR file
+as its own machine SID. This is only useful when configuring
+a Samba PDC and Samba BDC, or when migrating from a Windows PDC
+to a Samba PDC. 
+
+The \fI-r\fR options can be used
+as well to indicate a specific domain controller which should
+be contacted. In this case, the domain SID obtained is the 
+one for the domain to which the remote machine belongs.
+.TP
+\fB-t\fR
+This option is used to force smbpasswd to 
+change the current password assigned to the machine trust account
+when operating in domain security mode. This is really meant to 
+be used on systems that only run \fBwinbindd\fR
+Under server installations, \fBsmbd\fR
+handle the password updates automatically.
+.TP
+\fB-U username[%pass]\fR
+This option may only be used in conjunction 
+with the \fI-r\fR option. When changing
+a password on a remote machine it allows the user to specify 
+the user name on that machine whose password will be changed. It 
+is present to allow users who have different user names on 
+different systems to change these passwords. The optional
+%pass may be used to specify to old password.
+
+In particular, this parameter specifies the username
+used to create the machine account when invoked with -j
+.TP
+\fBNOTE:\fR
+\fBThe following options are available only when the smbpasswd command is
+run as root or in local mode.\fR
+.TP
 \fB-a\fR
 This option specifies that the username 
 following should be added to the local smbpasswd file, with the 
-new password typed (type <Enter> for the old password). This 
-option is ignored if the username following already exists in 
+new password typed. This 
+option is ignored if the username specified already exists in 
 the smbpasswd file and it is treated like a regular change 
-password command. Note that the default passdb backends require 
-the user to already exist in the system password file (usually 
-\fI/etc/passwd\fR), else the request to add the 
-user will fail. 
-
-This option is only available when running smbpasswd 
-as root. 
-.TP
-\fB-x\fR
-This option specifies that the username 
-following should be deleted from the local smbpasswd file.
-
-This option is only available when running smbpasswd as 
-root.
+password command. Note that the user to be added must already exist 
+in the system password file (usually \fI/etc/passwd\fR)
+else the request to add the user will fail. 
 .TP
 \fB-d\fR
 This option specifies that the username following 
@@ -81,11 +179,9 @@ will fail.
 
 If the smbpasswd file is in the 'old' format (pre-Samba 2.0 
 format) there is no space in the user's password entry to write
-this information and the command will FAIL. See \fBsmbpasswd(5)
+this information and so the user is disabled by writing 'X' characters 
+into the password space in the smbpasswd file. See \fBsmbpasswd(5)
 \fRfor details on the 'old' and new password file formats.
-
-This option is only available when running smbpasswd as 
-root.
 .TP
 \fB-e\fR
 This option specifies that the username following 
@@ -94,25 +190,15 @@ if the account was previously disabled. If the account was not
 disabled this option has no effect. Once the account is enabled then 
 the user will be able to authenticate via SMB once again. 
 
-If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account. 
-See \fBsmbpasswd (5)\fR for 
+If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will prompt for a new password for this user, 
+otherwise the account will be enabled by removing the 'D'
+flag from account control space in the \fI smbpasswd\fR file. See \fBsmbpasswd (5)\fR for 
 details on the 'old' and new password file formats. 
-
-This option is only available when running smbpasswd as root. 
 .TP
-\fB-D debuglevel\fR
-\fIdebuglevel\fR is an integer 
-from 0 to 10. The default value if this parameter is not specified 
-is zero. 
-
-The higher this value, the more detail will be logged to the 
-log files about the activities of smbpasswd. At level 0, only 
-critical errors and serious warnings will be logged. 
-
-Levels above 1 will generate considerable amounts of log 
-data, and should only be used when investigating a problem. Levels 
-above 3 are designed for use only by developers and generate
-HUGE amounts of log data, most of which is extremely cryptic. 
+\fB-m\fR
+This option tells smbpasswd that the account 
+being changed is a MACHINE account. Currently this is used 
+when Samba is being used as an NT Primary Domain Controller.
 .TP
 \fB-n\fR
 This option specifies that the username following 
@@ -127,35 +213,62 @@ file the administrator must set the following parameter in the [global]
 section of the \fIsmb.conf\fR file : 
 
 \fBnull passwords = yes\fR
-
-This option is only available when running smbpasswd as 
-root.
 .TP
-\fB-r remote machine name\fR
-This option allows a user to specify what machine 
-they wish to change their password on. Without this parameter 
-smbpasswd defaults to the local host. The \fIremote 
-machine name\fR is the NetBIOS name of the SMB/CIFS 
-server to contact to attempt the password change. This name is 
-resolved into an IP address using the standard name resolution 
-mechanism in all programs of the Samba suite. See the \fI-R 
-name resolve order\fR parameter for details on changing 
-this resolving mechanism. 
+\fB-w password\fR
+This parameter is only available is Samba
+has been configured to use the experimental
+\fB--with-ldapsam\fR option. The \fI-w\fR 
+switch is used to specify the password to be used with the 
+\fIldap admin 
+dn\fR Note that the password is stored in
+the \fIprivate/secrets.tdb\fR and is keyed off 
+of the admin's DN. This means that if the value of \fIldap
+admin dn\fR ever changes, the password will need to be 
+manually updated as well.
+.TP
+\fB-x\fR
+This option specifies that the username 
+following should be deleted from the local smbpasswd file.
+.TP
+\fB-j DOMAIN\fR
+This option is used to add a Samba server 
+into a Windows NT Domain, as a Domain member capable of authenticating 
+user accounts to any Domain Controller in the same way as a Windows 
+NT Server. See the \fBsecurity = domain\fR option in 
+the \fIsmb.conf(5)\fR man page. 
 
-The username whose password is changed is that of the 
-current UNIX logged on user. See the \fI-U username\fR
-parameter for details on changing the password for a different 
-username. 
+This command can work both with and without the -U parameter. 
 
-Note that if changing a Windows NT Domain password the 
-remote machine specified must be the Primary Domain Controller for 
-the domain (Backup Domain Controllers only have a read-only
-copy of the user account database and will not allow the password 
-change).
+When invoked with -U, that username (and optional password) are
+used to contact the PDC (which must be specified with -r) to both
+create a machine account, and to set a password on it.
 
-\fBNote\fR that Windows 95/98 do not have 
-a real password database so it is not possible to change passwords 
-specifying a Win95/98 machine as remote machine target. 
+Alternately, if -U is omitted, Samba will contact its PDC
+and attempt to change the password on a pre-existing account. 
+
+In order to be used in this way, the Administrator for 
+the Windows NT Domain must have used the program "Server Manager 
+for Domains" to add the primary NetBIOS name of the Samba server 
+as a member of the Domain. 
+
+After this has been done, to join the Domain invoke \fB smbpasswd\fR with this parameter. smbpasswd will then 
+look up the Primary Domain Controller for the Domain (found in 
+the \fIsmb.conf\fR file in the parameter 
+\fIpassword server\fR and change the machine account 
+password used to create the secure Domain communication. 
+
+Either way, this password is then stored by smbpasswd in a TDB, 
+writeable only by root, called \fIsecrets.tdb\fR 
+
+Once this operation has been performed the \fI smb.conf\fR file may be updated to set the \fB security = domain\fR option and all future logins
+to the Samba server will be authenticated to the Windows NT 
+PDC. 
+
+Note that even though the authentication is being 
+done to the PDC all users accessing the Samba server must still 
+have a valid UNIX account on that machine. 
+The \fBwinbindd(8)\fR daemon can be used
+to create UNIX accounts for NT users.
 .TP
 \fB-R name resolve order\fR
 This option allows the user of smbpasswd to determine 
@@ -169,14 +282,14 @@ names to be resolved as follows :
 \(bu
 lmhosts : Lookup an IP 
 address in the Samba lmhosts file. If the line in lmhosts has 
-no name type attached to the NetBIOS name (see the lmhosts(5)for details) then
+no name type attached to the NetBIOS name (see the lmhosts(5) for details) then
 any name type matches for lookup.
 .TP 0.2i
 \(bu
 host : Do a standard host 
 name to IP address resolution, using the system \fI/etc/hosts
 \fR, NIS, or DNS lookups. This method of name resolution 
-is operating system depended for instance on IRIX or Solaris this 
+is operating system dependent. For instance, on IRIX or Solaris this 
 may be controlled by the \fI/etc/nsswitch.conf\fR 
 file). Note that this method is only used if the NetBIOS name 
 type being queried is the 0x20 (server) name type, otherwise 
@@ -202,49 +315,15 @@ and without this parameter or any entry in the
 be attempted in this order. 
 .PP
 .TP
-\fB-m\fR
-This option tells smbpasswd that the account 
-being changed is a MACHINE account. Currently this is used 
-when Samba is being used as an NT Primary Domain Controller.
-
-This option is only available when running smbpasswd as root. 
-.TP
-\fB-U username\fR
-This option may only be used in conjunction 
-with the \fI-r\fR option. When changing
-a password on a remote machine it allows the user to specify 
-the user name on that machine whose password will be changed. It 
-is present to allow users who have different user names on 
-different systems to change these passwords. 
-.TP
-\fB-h\fR
-This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root 
-or as an ordinary user. 
-.TP
-\fB-s\fR
-This option causes smbpasswd to be silent (i.e. 
-not issue prompts) and to read its old and new passwords from 
-standard input, rather than from \fI/dev/tty\fR 
-(like the \fBpasswd(1)\fR program does). This option 
-is to aid people writing scripts to drive smbpasswd
-.TP
-\fB-w password\fR
-This parameter is only available is Samba
-has been configured to use the experiemental
-\fB--with-ldapsam\fR option. The \fI-w\fR 
-switch is used to specify the password to be used with the 
-\fIldap admin 
-dn\fR. Note that the password is stored in
-the \fIprivate/secrets.tdb\fR and is keyed off 
-of the admin's DN. This means that if the value of \fIldap
-admin dn\fR ever changes, the password will beed to be 
-manually updated as well.
-.TP
 \fBusername\fR
 This specifies the username for all of the 
 \fBroot only\fR options to operate on. Only root 
 can specify this parameter as only root has the permission needed 
 to modify attributes directly in the local smbpasswd file. 
+.TP
+\fBpassword\fR
+This specifies the new password. If this parameter
+is specified you will not be prompted for the new password.
 .SH "NOTES"
 .PP
 Since \fBsmbpasswd\fR works in client-server 
@@ -261,11 +340,11 @@ has been set up to use encrypted passwords. See the file
 on how to do this. 
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 2.2 of 
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fIsmbpasswd(5)\fR, 
+\fIsmbpasswd(5)\fR 
 samba(7)
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1
index 774607c3a29..a3e5fa205e7 100644
--- a/docs/manpages/smbsh.1
+++ b/docs/manpages/smbsh.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSH" "1" "08 May 2002" "" ""
+.TH "SMBSH" "1" "28 August 2002" "" ""
 .SH NAME
 smbsh \- Allows access to Windows NT filesystem  using UNIX commands
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ smbsh \- Allows access to Windows NT filesystem  using UNIX commands
 \fBsmbsh\fR [ \fB-W workgroup\fR ]  [ \fB-U username\fR ]  [ \fB-P prefix\fR ]  [ \fB-R <name resolve order>\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-l logfile\fR ]  [ \fB-L libdir\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBsmbsh\fR allows you to access an NT filesystem 
 using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a 
@@ -155,7 +155,7 @@ of UNIX have a \fBfile\fR command that will
 describe how a program was linked.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR, 
+\fBsmbd(8)\fR 
 smb.conf(5)
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8
index 779ba4921f1..6c979f3ec82 100644
--- a/docs/manpages/smbspool.8
+++ b/docs/manpages/smbspool.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSPOOL" "8" "28 January 2002" "" ""
+.TH "SMBSPOOL" "8" "28 August 2002" "" ""
 .SH NAME
 smbspool \- send print file to an SMB printer
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ smbspool \- send print file to an SMB printer
 \fBsmbspool\fR [ \fBjob\fR ]  [ \fBuser\fR ]  [ \fBtitle\fR ]  [ \fBcopies\fR ]  [ \fBoptions\fR ]  [ \fBfilename\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 smbspool is a very small print spooling program that 
 sends a print file to an SMB printer. The command-line arguments 
@@ -82,8 +82,8 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR, 
-and samba(7).
+\fBsmbd(8)\fR 
+and samba(7)
 .SH "AUTHOR"
 .PP
 \fBsmbspool\fR was written by Michael Sweet 
diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1
index 1f5d4f75712..c0badbb348b 100644
--- a/docs/manpages/smbstatus.1
+++ b/docs/manpages/smbstatus.1
@@ -1,67 +1,60 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBSTATUS" "1" "28 March 2002" "" ""
+.TH "SMBSTATUS" "1" "28 August 2002" "" ""
 .SH NAME
 smbstatus \- report on current Samba connections
 .SH SYNOPSIS
-
-\fBsmbstatus\fR [ \fB-P\fR]  [ \fB-b\fR]  [ \fB-d <debug level>\fR]  [ \fB-v\fR]  [ \fB-L\fR]  [ \fB-B\fR]  [ \fB-p\fR]  [ \fB-S\fR]  [ \fB-s <configuration file>\fR]  [ \fB-u <username>\fR] 
-
+.sp
+\fBsmbstatus\fR [ \fB-P\fR ]  [ \fB-b\fR ]  [ \fB-d\fR ]  [ \fB-L\fR ]  [ \fB-p\fR ]  [ \fB-S\fR ]  [ \fB-s <configuration file>\fR ]  [ \fB-u <username>\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBsmbstatus\fR is a very simple program to 
 list the current Samba connections.
 .SH "OPTIONS"
 .TP
-\fB-P|--profile\fR
+\fB-P\fR
 If samba has been compiled with the 
 profiling option, print only the contents of the profiling 
 shared memory area.
 .TP
-\fB-b|--brief\fR
+\fB-b\fR
 gives brief output.
 .TP
-\fB-d|--debug=<debuglevel>\fR
-sets debugging to specified level
-.TP
-\fB-v|--verbose\fR
+\fB-d\fR
 gives verbose output.
 .TP
-\fB-L|--locks\fR
+\fB-L\fR
 causes smbstatus to only list locks.
 .TP
-\fB-B|--byterange\fR
-causes smbstatus to include byte range locks.
-.TP
-\fB-p|--processes\fR
-print a list of   \fBsmbd(8)\fRprocesses and exit. 
+\fB-p\fR
+print a list of  \fBsmbd(8)\fR processes and exit. 
 Useful for scripting.
 .TP
-\fB-S|--shares\fR
+\fB-S\fR
 causes smbstatus to only list shares.
 .TP
-\fB-s|--conf=<configuration file>\fR
+\fB-s <configuration file>\fR
 The default configuration file name is
 determined at compile time. The file specified contains the
 configuration details required by the server. See \fIsmb.conf(5)\fR
-for more information.
+ for more information.
 .TP
-\fB-u|--user=<username>\fR
+\fB-u <username>\fR
 selects information relevant to 
 \fIusername\fR only.
 .SH "VERSION"
 .PP
-This man page is correct for version 3.0 of 
+This man page is correct for version 2.2 of 
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fRand
-smb.conf(5).
+\fBsmbd(8)\fR and
+smb.conf(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
@@ -73,5 +66,5 @@ The original Samba man pages were written by Karl Auer.
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
 ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
+release by Jeremy Allison. The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1
index b9bbf3df15e..833b0d358cd 100644
--- a/docs/manpages/smbtar.1
+++ b/docs/manpages/smbtar.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBTAR" "1" "28 January 2002" "" ""
+.TH "SMBTAR" "1" "28 August 2002" "" ""
 .SH NAME
 smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape drives
 .SH SYNOPSIS
@@ -11,10 +11,10 @@ smbtar \- shell script for backing up SMB/CIFS shares  directly to UNIX tape dri
 \fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ]  [ \fB-x services\fR ]  [ \fB-X\fR ]  [ \fB-d directory\fR ]  [ \fB-u user\fR ]  [ \fB-t tape\fR ]  [ \fB-t tape\fR ]  [ \fB-b blocksize\fR ]  [ \fB-N filename\fR ]  [ \fB-i\fR ]  [ \fB-r\fR ]  [ \fB-l loglevel\fR ]  [ \fB-v\fR ]  \fBfilenames\fR
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBsmbtar\fR is a very small shell script on top 
-of \fBsmbclient(1)\fR
+of \fBsmbclient(1)\fR 
 which dumps SMB shares directly to tape. 
 .SH "OPTIONS"
 .TP
@@ -92,16 +92,16 @@ with GNU tar and may not work well with other versions.
 .PP
 See the \fBDIAGNOSTICS\fR section for the 
 \fBsmbclient(1)\fR 
-command.
+ command.
 .SH "VERSION"
 .PP
 This man page is correct for version 2.2 of 
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fBsmbd(8)\fR, 
-\fBsmbclient(1)\fR, 
-smb.conf(5),
+\fBsmbd(8)\fR 
+\fBsmbclient(1)\fR 
+smb.conf(5)
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8
index bf64061e3a5..32ef9c2f27f 100644
--- a/docs/manpages/smbumount.8
+++ b/docs/manpages/smbumount.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SMBUMOUNT" "8" "28 January 2002" "" ""
+.TH "SMBUMOUNT" "8" "28 August 2002" "" ""
 .SH NAME
 smbumount \- smbfs umount for normal users
 .SH SYNOPSIS
diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8
index e42d9638062..e328ee0ba9a 100644
--- a/docs/manpages/swat.8
+++ b/docs/manpages/swat.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "SWAT" "8" "28 January 2002" "" ""
+.TH "SWAT" "8" "28 August 2002" "" ""
 .SH NAME
 swat \- Samba Web Administration Tool
 .SH SYNOPSIS
@@ -11,10 +11,10 @@ swat \- Samba Web Administration Tool
 \fBswat\fR [ \fB-s <smb config file>\fR ]  [ \fB-a\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBswat\fR allows a Samba administrator to 
-configure the complex \fI smb.conf(5)\fRfile via a Web browser. In addition, 
+configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, 
 a \fBswat\fR configuration page has help links 
 to all the configurable options in the \fIsmb.conf\fR file allowing an 
 administrator to easily look up the effects of any change. 
@@ -84,6 +84,35 @@ One you have edited \fI/etc/services\fR
 and \fI/etc/inetd.conf\fR you need to send a 
 HUP signal to inetd. To do this use \fBkill -1 PID
 \fRwhere PID is the process ID of the inetd daemon. 
+.SS "XINETD INSTALLATION"
+.PP
+Newer Linux systems ship with a more secure implementation
+of the inetd meta-daemon. The \fBxinetd\fR daemon
+can read configuration inf9ormation from a single file (i.e.
+\fI/etc/xinetd.conf\fR) or from a collection
+of service control files in the \fIxinetd.d/\fR directory.
+These directions assume the latter configuration.
+.PP
+The following file should be created as \fI/etc/xientd.d/swat\fR.
+It is then be neccessary cause the meta-daemon to reload its configuration files.
+Refer to the xinetd man page for details on how to accomplish this.
+.PP
+.sp
+.nf
+## /etc/xinetd.d/swat
+service swat
+{
+        port    = 901
+        socket_type     = stream
+        wait    = no
+        only_from = localhost
+        user    = root
+        server  = /usr/local/samba/bin/swat
+        log_on_failure  += USERID
+        disable =  No
+}
+.sp
+.fi
 .SS "LAUNCHING"
 .PP
 To launch SWAT just run your favorite web browser and 
@@ -93,12 +122,25 @@ Note that you can attach to SWAT from any IP connected
 machine but connecting from a remote machine leaves your 
 connection open to password sniffing as passwords will be sent 
 in the clear over the wire. 
+.SH "TROUBLESHOOTING"
+.PP
+One of the common causes of difficulty when installing Samba and SWAT
+is the existsnece of some type of firewall or port filtering software 
+on the Samba server. Make sure that the appropriate ports
+outlined in this man page are available on the server and are not currently 
+being blocked by some type of security software such as iptables or 
+"port sentry". For more troubleshooting information, refer to the additional 
+documentation included in the Samba distribution.
 .SH "FILES"
 .TP
 \fB\fI/etc/inetd.conf\fB\fR
 This file must contain suitable startup 
 information for the meta-daemon.
 .TP
+\fB\fI/etc/xinetd.d/swat\fB\fR
+This file must contain suitable startup 
+information for the \fBxinetd\fR meta-daemon.
+.TP
 \fB\fI/etc/services\fB\fR
 This file must contain a mapping of service name 
 (e.g., swat) to service port (e.g., 901) and protocol type 
@@ -123,8 +165,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fBinetd(5)\fR,
-\fBsmbd(8)\fR, 
-smb.conf(5)
+\fBsmbd(8)\fR 
+smb.conf(5) \fBxinetd(8)\fR
 .SH "AUTHOR"
 .PP
 The original Samba software and related utilities 
diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1
index d463db78b15..dbc36175dd8 100644
--- a/docs/manpages/testparm.1
+++ b/docs/manpages/testparm.1
@@ -1,24 +1,23 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
+.\" This manpage has been automatically generated by docbook2man-spec
+.\" from a DocBook document.  docbook2man-spec can be found at:
+.\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "TESTPARM" "1" "21 August 2002" "" ""
+.TH "TESTPARM" "1" "28 August 2002" "" ""
 .SH NAME
 testparm \- check an smb.conf configuration file for  internal correctness
 .SH SYNOPSIS
-
-\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-v\fR ] [ \fB-L <servername>\fR ] \fBconfig filename\fR [ \fBhostname  hostIP\fR ]
-
+.sp
+\fBtestparm\fR [ \fB-s\fR ]  [ \fB-h\fR ]  [ \fB-x\fR ]  [ \fB-L <servername>\fR ]  \fBconfig filename\fR [ \fBhostname hostIP\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBtestparm\fR is a very simple test program 
 to check an \fBsmbd\fR configuration file for 
 internal correctness. If this program reports no problems, you 
 can use the configuration file with confidence that \fBsmbd
-\fR will successfully load the configuration file.
+\fRwill successfully load the configuration file.
 .PP
 Note that this is \fBNOT\fR a guarantee that 
 the services specified in the configuration file will be 
@@ -42,21 +41,18 @@ names and before dumping the service definitions.
 \fB-h\fR
 Print usage message 
 .TP
+\fB-x\fR
+Print only parameters that have non-default values
+.TP
 \fB-L servername\fR
 Sets the value of the %L macro to \fIservername\fR.
 This is useful for testing include files specified with the 
 %L macro. 
 .TP
-\fB-v\fR
-If this option is specified, testparm 
-will also output all options that were not used in 
-\fIsmb.conf\fR and are thus set to
-their defaults.
-.TP
 \fBconfigfilename\fR
 This is the name of the configuration file 
 to check. If this parameter is not present then the 
-default \fIsmb.conf\fR file will be checked.  
+default \fIsmb.conf\fR file will be checked. 
 .TP
 \fBhostname\fR
 If this parameter and the following are 
@@ -64,13 +60,13 @@ specified, then \fBtestparm\fR will examine the \fIhosts
 allow\fR and \fIhosts deny\fR 
 parameters in the \fIsmb.conf\fR file to 
 determine if the hostname with this IP address would be
-allowed access to the \fBsmbd\fR server.  If 
+allowed access to the \fBsmbd\fR server. If 
 this parameter is supplied, the hostIP parameter must also
 be supplied.
 .TP
 \fBhostIP\fR
 This is the IP address of the host specified 
-in the previous parameter.  This address must be supplied 
+in the previous parameter. This address must be supplied 
 if the hostname parameter is supplied. 
 .SH "FILES"
 .TP
@@ -90,7 +86,7 @@ This man page is correct for version 2.2 of
 the Samba suite.
 .SH "SEE ALSO"
 .PP
-\fIsmb.conf(5)\fR, 
+\fIsmb.conf(5)\fR 
 \fBsmbd(8)\fR
 .SH "AUTHOR"
 .PP
@@ -102,6 +98,6 @@ to the way the Linux kernel is developed.
 The original Samba man pages were written by Karl Auer. 
 The man page sources were converted to YODL format (another 
 excellent piece of Open Source software, available at
-ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 
-release by Jeremy Allison.  The conversion to DocBook for 
+ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 
+release by Jeremy Allison. The conversion to DocBook for 
 Samba 2.2 was done by Gerald Carter
diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1
index bc1a27b198f..1337e090d55 100644
--- a/docs/manpages/testprns.1
+++ b/docs/manpages/testprns.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "TESTPRNS" "1" "28 January 2002" "" ""
+.TH "TESTPRNS" "1" "28 August 2002" "" ""
 .SH NAME
 testprns \- check printer name for validity with smbd
 .SH SYNOPSIS
@@ -11,11 +11,11 @@ testprns \- check printer name for validity with smbd
 \fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 \fBtestprns\fR is a very simple test program 
 to determine whether a given printer name is valid for use in 
-a service to be provided by \fB smbd(8)\fR. 
+a service to be provided by \fB smbd(8)\fR 
 .PP
 "Valid" in this context means "can be found in the 
 printcap specified". This program is very stupid - so stupid in 
@@ -73,7 +73,7 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fIprintcap(5)\fR, 
-\fBsmbd(8)\fR, 
+\fBsmbd(8)\fR 
 \fBsmbclient(1)\fR
 .SH "AUTHOR"
 .PP
diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1
deleted file mode 100644
index 78e6e6c35ae..00000000000
--- a/docs/manpages/vfstest.1
+++ /dev/null
@@ -1,178 +0,0 @@
-.\" This manpage has been automatically generated by docbook2man 
-.\" from a DocBook document.  This tool can be found at:
-.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
-.\" Please send any bug reports, improvements, comments, patches, 
-.\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "VFSTEST" "1" "20 August 2002" "" ""
-.SH NAME
-vfstest \- tool for testing samba VFS modules
-.SH SYNOPSIS
-
-\fBvfstest\fR [ \fB-d debuglevel\fR ] [ \fB-c command\fR ] [ \fB-l logfile\fR ] [ \fB-h\fR ]
-
-.SH "DESCRIPTION"
-.PP
-This tool is part of the  Sambasuite.
-.PP
-\fBvfstest\fR is a small command line 
-utility that has the ability to test dso samba VFS modules. It gives the
-user the ability to call the various VFS functions manually and 
-supports cascaded VFS modules.
-.SH "OPTIONS"
-.TP
-\fB-c|--command=command\fR
-Execute the specified (colon-seperated) commands. 
-See below for the commands that are available.
-.TP
-\fB-d|--debug=debuglevel\fR
-set the debuglevel. Debug level 0 is the lowest 
-and 100 being the highest. This should be set to 100 if you are
-planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR). 
-.TP
-\fB-h|--help\fR
-Print a summary of command line options.
-.TP
-\fB-l|--logfile=logbasename\fR
-File name for log/debug files. The extension 
-\&'.client' will be appended. The log file is never removed  
-by the client.
-.SH "COMMANDS"
-.PP
-\fBVFS COMMANDS\fR
-.TP 0.2i
-\(bu
-\fBload <module.so>\fR - Load specified VFS module 
-.TP 0.2i
-\(bu
-\fBpopulate <char> <size>\fR - Populate a data buffer with the specified data
-.TP 0.2i
-\(bu
-\fBshowdata [<offset> <len>]\fR - Show data currently in data buffer
-.TP 0.2i
-\(bu
-\fBconnect\fR - VFS connect()
-.TP 0.2i
-\(bu
-\fBdisconnect\fR - VFS disconnect()
-.TP 0.2i
-\(bu
-\fBdisk_free\fR - VFS disk_free()
-.TP 0.2i
-\(bu
-\fBopendir\fR - VFS opendir()
-.TP 0.2i
-\(bu
-\fBreaddir\fR - VFS readdir()
-.TP 0.2i
-\(bu
-\fBmkdir\fR - VFS mkdir()
-.TP 0.2i
-\(bu
-\fBrmdir\fR - VFS rmdir()
-.TP 0.2i
-\(bu
-\fBclosedir\fR - VFS closedir()
-.TP 0.2i
-\(bu
-\fBopen\fR - VFS open()
-.TP 0.2i
-\(bu
-\fBclose\fR - VFS close()
-.TP 0.2i
-\(bu
-\fBread\fR - VFS read()
-.TP 0.2i
-\(bu
-\fBwrite\fR - VFS write()
-.TP 0.2i
-\(bu
-\fBlseek\fR - VFS lseek()
-.TP 0.2i
-\(bu
-\fBrename\fR - VFS rename()
-.TP 0.2i
-\(bu
-\fBfsync\fR - VFS fsync()
-.TP 0.2i
-\(bu
-\fBstat\fR - VFS stat()
-.TP 0.2i
-\(bu
-\fBfstat\fR - VFS fstat()
-.TP 0.2i
-\(bu
-\fBlstat\fR - VFS lstat()
-.TP 0.2i
-\(bu
-\fBunlink\fR - VFS unlink()
-.TP 0.2i
-\(bu
-\fBchmod\fR - VFS chmod()
-.TP 0.2i
-\(bu
-\fBfchmod\fR - VFS fchmod()
-.TP 0.2i
-\(bu
-\fBchown\fR - VFS chown()
-.TP 0.2i
-\(bu
-\fBfchown\fR - VFS fchown()
-.TP 0.2i
-\(bu
-\fBchdir\fR - VFS chdir()
-.TP 0.2i
-\(bu
-\fBgetwd\fR - VFS getwd()
-.TP 0.2i
-\(bu
-\fButime\fR - VFS utime()
-.TP 0.2i
-\(bu
-\fBftruncate\fR - VFS ftruncate()
-.TP 0.2i
-\(bu
-\fBlock\fR - VFS lock()
-.TP 0.2i
-\(bu
-\fBsymlink\fR - VFS symlink()
-.TP 0.2i
-\(bu
-\fBreadlink\fR - VFS readlink()
-.TP 0.2i
-\(bu
-\fBlink\fR - VFS link()
-.TP 0.2i
-\(bu
-\fBmknod\fR - VFS mknod()
-.TP 0.2i
-\(bu
-\fBrealpath\fR - VFS realpath()
-.PP
-\fBGENERAL COMMANDS\fR
-.TP 0.2i
-\(bu
-\fBconf <smb.conf>\fR - Load a different configuration file
-.TP 0.2i
-\(bu
-\fBhelp [<command>]\fR - Get list of commands or info about specified command
-.TP 0.2i
-\(bu
-\fBdebuglevel <level>\fR - Set debug level
-.TP 0.2i
-\(bu
-\fBfreemem\fR - Free memory currently in use
-.TP 0.2i
-\(bu
-\fBexit\fR - Exit vfstest
-.SH "VERSION"
-.PP
-This man page is correct for version 3.0 of the Samba 
-suite.
-.SH "AUTHOR"
-.PP
-The original Samba software and related utilities 
-were created by Andrew Tridgell. Samba is now developed
-by the Samba Team as an Open Source project similar 
-to the way the Linux kernel is developed.
-.PP
-The vfstest man page was written by Jelmer Vernooij.
diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1
index 57aaf98b626..9c1e44ea9dd 100644
--- a/docs/manpages/wbinfo.1
+++ b/docs/manpages/wbinfo.1
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WBINFO" "1" "08 May 2002" "" ""
+.TH "WBINFO" "1" "28 August 2002" "" ""
 .SH NAME
 wbinfo \- Query information from winbind daemon
 .SH SYNOPSIS
@@ -11,10 +11,10 @@ wbinfo \- Query information from winbind daemon
 \fBwbinfo\fR [ \fB-u\fR ]  [ \fB-g\fR ]  [ \fB-h name\fR ]  [ \fB-i ip\fR ]  [ \fB-n name\fR ]  [ \fB-s sid\fR ]  [ \fB-U uid\fR ]  [ \fB-G gid\fR ]  [ \fB-S sid\fR ]  [ \fB-Y sid\fR ]  [ \fB-t\fR ]  [ \fB-m\fR ]  [ \fB-r user\fR ]  [ \fB-a user%password\fR ]  [ \fB-A user%password\fR ] 
 .SH "DESCRIPTION"
 .PP
-This tool is part of the  Sambasuite.
+This tool is part of the  Samba suite.
 .PP
 The \fBwbinfo\fR program queries and returns information 
-created and used by the \fB winbindd(8)\fRdaemon. 
+created and used by the \fB winbindd(8)\fR daemon. 
 .PP
 The \fBwinbindd(8)\fR daemon must be configured 
 and running for the \fBwbinfo\fR program to be able 
diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8
index ca0c87bd08c..a71a25febba 100644
--- a/docs/manpages/winbindd.8
+++ b/docs/manpages/winbindd.8
@@ -3,7 +3,7 @@
 .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> 
 .\" Please send any bug reports, improvements, comments, patches, 
 .\" etc. to Steve Cheng <steve@ggi-project.org>.
-.TH "WINBINDD" "8" "08 May 2002" "" ""
+.TH "WINBINDD" "8" "28 August 2002" "" ""
 .SH NAME
 winbindd \- Name Service Switch daemon for resolving names  from NT servers
 .SH SYNOPSIS
@@ -11,7 +11,7 @@ winbindd \- Name Service Switch daemon for resolving names  from NT servers
 \fBwinbindd\fR [ \fB-i\fR ]  [ \fB-d <debug level>\fR ]  [ \fB-s <smb config file>\fR ] 
 .SH "DESCRIPTION"
 .PP
-This program is part of the  Sambasuite.
+This program is part of the  Samba suite.
 .PP
 \fBwinbindd\fR is a daemon that provides 
 a service for the Name Service Switch capability that is present 
@@ -217,17 +217,6 @@ a Windows NT user, the \fBwinbindd\fR daemon
 uses this parameter to fill in the shell for that user. 
 
 Default: \fBtemplate shell = /bin/false \fR
-.TP
-\fBwinbind use default domain\fR
-This parameter specifies whether the \fBwinbindd\fR
-daemon should operate on users without domain component in their username. 
-Users without a domain component are treated as is part of the winbindd server's 
-own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail 
-function in a way much closer to the way they would in a native unix system.
-
-Default: \fBwinbind use default domain = <falseg> 
-\fR
-Example: \fBwinbind use default domain = true\fR
 .SH "EXAMPLE SETUP"
 .PP
 To setup winbindd for user and group lookups plus 
@@ -387,8 +376,8 @@ the Samba suite.
 .SH "SEE ALSO"
 .PP
 \fInsswitch.conf(5)\fR,
-samba(7),
-wbinfo(1),
+samba(7)
+wbinfo(1)
 smb.conf(5)
 .SH "AUTHOR"
 .PP
diff --git a/docs/textdocs/ADS-HOWTO.txt b/docs/textdocs/ADS-HOWTO.txt
deleted file mode 100644
index 7a066c69ecf..00000000000
--- a/docs/textdocs/ADS-HOWTO.txt
+++ /dev/null
@@ -1,142 +0,0 @@
-Samba 3.0 prealpha guide to Kerberos authentication
----------------------------------------------------
-
-Andrew Tridgell
-tridge@samba.org
-
-This is a VERY ROUGH guide to setting up the current (November 2001)
-pre-alpha version of Samba 3.0 with kerberos authentication against a
-Windows2000 KDC. The procedures listed here are likely to change as
-the code develops.
-
-Pieces you need before you begin:
-
-- a Windows 2000 server 
-- the latest CVS source code for Samba. See http://cvs.samba.org/ for how to
-  fetch this.
-- the MIT kerberos development libraries (either install from the
-  above sources or use a package). Under debian you need "libkrb5-dev"
-  and "krb5-user". The heimdal libraries will not work.
-- the OpenLDAP development libraries. 
-
-On RedHat this means you should have at least: 
-
-krb5-workstation (for kinit)
-krb5-libs (for linking with)
-krb5-devel (because you are compiling from source)
-
-in addition to the standard development environment.
-
-Note that these are not standard on a RedHat install, and you may need 
-to get them off CD2.
-
-Also check that you have the latest copy of this HOWTO. It is
-available from http://samba.org/ftp/tridge/kerberos/HOWTO
-
-Step 1: Compile Samba
-  
-  If your kerberos libraries are in a non-standard location then
-  remember to add the configure option --with-krb5=DIR. 
-
-  After you run configure make sure that include/config.h contains 
-  lines like this:
-
-  #define HAVE_KRB5 1
-  #define HAVE_LDAP 1
-
-  If it doesn't then configure did not find your krb5 libraries or
-  your ldap libraries. Look in config.log to figure out why and fix
-  it.
-
-  Then compile and install Samba as usual. You must use at least the
-  following 3 options in smb.conf:
-
-  realm = YOUR.KERBEROS.REALM
-  ads server = your.kerberos.server
-  security = ADS
-  encrypt passwords = yes
-
-  Strictly speaking, you can omit the realm name and you can use an IP
-  address for the ads server. In that case Samba will auto-detect these.
-
-  You do *not* need a smbpasswd file, although it won't do any harm
-  and if you have one then Samba will be able to fall back to normal
-  password security for older clients. I expect that the above
-  required options will change soon when we get better active
-  directory integration.
-
-
-Step 2: Setup your /etc/krb5.conf
-
-  The minimal configuration for krb5.conf is:
-
-    [realms]
-    YOUR.KERBEROS.REALM = {
-	kdc = your.kerberos.server
-    }
-
-
-  Test your config by doing a "kinit USERNAME@REALM" and making sure that
-  your password is accepted by the Win2000 KDC. 
-
-  NOTE: The realm must be uppercase. 
-
-  You also must ensure that you can do a reverse DNS lookup on the IP
-  address of your KDC. Also, the name that this reverse lookup maps to
-  must either be the netbios name of the KDC (ie. the hostname with no
-  domain attached) or it can alternatively be the netbios name
-  followed by the realm. 
-
-  The easiest way to ensure you get this right is to add a /etc/hosts
-  entry mapping the IP address of your KDC to its netbios name. If you
-  don't get this right then you will get a "local error" when you try
-  to join the realm.
-
-* If all you want is kerberos support in smbclient then you can skip
-* straight to step 5 now. Step 3 is only needed if you want kerberos
-* support in smbd.
-
-
-Step 3: Create the computer account
-
-  Do a "kinit" as a user that has authority to change arbitrary
-  passwords on the KDC ("Administrator" is a good choice). Then as a
-  user that has write permission on the Samba private directory
-  (usually root) run:
-
-     net ads join
-
-  Possible errors:
-    - "bash: kinit: command not found":
-       - kinit is in the krb5-workstation RPM on RedHat systems, and is
-         in /usr/kerberos/bin, so it won't be in the path until 
-         you log in again (or open a new terminal)
-    - "ADS support not compiled in"
-       - Samba must be reconfigured (remove config.cache) and
-         recompiled (make clean all install) after the kerberos libs
-         and headers are installed.
-    
-
-Step 4: Test your server setup
-
-  On a Windows 2000 client try "net use * \\server\share". You should
-  be logged in with kerberos without needing to know a password. If
-  this fails then run "klist tickets". Did you get a ticket for the
-  server? Does it have an encoding type of DES-CBC-MD5 ? 
-
-Step 5: Testing with smbclient
-
-  On your Samba server try to login to a Win2000 server or your Samba
-  server using smbclient and kerberos. Use smbclient as usual, but
-  specify the -k option to choose kerberos authentication.
-
-
---------
-
-NOTES: 
- - must change administrator password at least once after DC install,
- to create the right encoding types
-
- - w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in
-   their defaults DNS setup. Maybe fixed in service packs?
-
diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt
index 6a61a99d7e0..55125b7bad5 100644
--- a/docs/textdocs/Application_Serving.txt
+++ b/docs/textdocs/Application_Serving.txt
@@ -1,3 +1,6 @@
+!==
+!== Application_Serving.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Contributed:	January 7, 1997
 Updated:	March 24, 1998
 Contributor:	John H Terpstra <samba@samba.org>
diff --git a/docs/textdocs/BROWSING-Config.txt b/docs/textdocs/BROWSING-Config.txt
index ba0f399f48d..26f55dc4c38 100644
--- a/docs/textdocs/BROWSING-Config.txt
+++ b/docs/textdocs/BROWSING-Config.txt
@@ -1,3 +1,6 @@
+!==
+!== BROWSING-Config.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Date:		July 5, 1998
 Contributor:	John H Terpstra <jht@samba.org>
 
diff --git a/docs/docbook/projdoc/Browsing.sgml b/docs/textdocs/BROWSING.txt
index a463ea786b4..af57e4d5c39 100644
--- a/docs/docbook/projdoc/Browsing.sgml
+++ b/docs/textdocs/BROWSING.txt
@@ -1,21 +1,16 @@
-<chapter id="improved-browsing">
-<chapterinfo>
-	<author>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-		</affiliation>
-	</author>
+!==
+!== BROWSING.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Author/s:	Many (Thanks to Luke, Jeremy, Andrew, etc.)
+Updated:	July 5, 1998
+Status:		Current - For VERY Advanced Users ONLY
 
+Summary: This describes how to configure Samba for improved browsing.
+=====================================================================
 
-	<pubdate> (5 July 1998) </pubdate>
-</chapterinfo>
+OVERVIEW:
+=========
 
-<title>Improved browsing in samba</title>
-
-<sect1>
-<title>Overview of browsing</title>
-
-<para>
 SMB networking provides a mechanism by which clients can access a list
 of machines in a network, a so-called "browse list".  This list
 contains machines that are ready to offer file and/or print services
@@ -24,49 +19,36 @@ machines which aren't currently able to do server tasks.  The browse
 list is heavily used by all SMB clients.  Configuration of SMB
 browsing has been problematic for some Samba users, hence this
 document.
-</para>
 
-<para>
 Browsing will NOT work if name resolution from NetBIOS names to IP
 addresses does not function correctly. Use of a WINS server is highly
 recommended to aid the resolution of NetBIOS (SMB) names to IP addresses.
 WINS allows remote segment clients to obtain NetBIOS name_type information
 that can NOT be provided by any other means of name resolution.
-</para>
 
-</sect1>
+=====================================================================
 
-<sect1>
-<title>Browsing support in samba</title>
-
-<para>
+BROWSING
+========
 Samba now fully supports browsing.  The browsing is supported by nmbd
 and is also controlled by options in the smb.conf file (see smb.conf(5)).
-</para>
 
-<para>
 Samba can act as a local browse master for a workgroup and the ability
 for samba to support domain logons and scripts is now available.  See
 DOMAIN.txt for more information on domain logons.
-</para>
 
-<para>
 Samba can also act as a domain master browser for a workgroup.  This
 means that it will collate lists from local browse masters into a
 wide area network server list.  In order for browse clients to
 resolve the names they may find in this list, it is recommended that
 both samba and your clients use a WINS server.
-</para>
 
-<para>
 Note that you should NOT set Samba to be the domain master for a
 workgroup that has the same name as an NT Domain: on each wide area
 network, you must only ever have one domain master browser per workgroup,
 regardless of whether it is NT, Samba or any other type of domain master
 that is providing this service.
-</para>
 
-<para>
 [Note that nmbd can be configured as a WINS server, but it is not
 necessary to specifically use samba as your WINS server.  NTAS can
 be configured as your WINS server.  In a mixed NT server and
@@ -74,72 +56,51 @@ samba environment on a Wide Area Network, it is recommended that
 you use the NT server's WINS server capabilities.  In a samba-only
 environment, it is recommended that you use one and only one nmbd
 as your WINS server].
-</para>
 
-<para>
 To get browsing to work you need to run nmbd as usual, but will need
 to use the "workgroup" option in smb.conf to control what workgroup
 Samba becomes a part of.
-</para>
 
-<para>
 Samba also has a useful option for a Samba server to offer itself for
 browsing on another subnet.  It is recommended that this option is only
 used for 'unusual' purposes: announcements over the internet, for
 example.  See "remote announce" in the smb.conf man page.  
-</para>
-</sect1>
-
-<sect1>
-<title>Problem resolution</title>
 
-<para>
 If something doesn't work then hopefully the log.nmb file will help
 you track down the problem.  Try a debug level of 2 or 3 for finding
 problems. Also note that the current browse list usually gets stored
 in text form in a file called browse.dat.
-</para>
 
-<para>
 Note that if it doesn't work for you, then you should still be able to
 type the server name as \\SERVER in filemanager then hit enter and
 filemanager should display the list of available shares.
-</para>
 
-<para>
 Some people find browsing fails because they don't have the global
 "guest account" set to a valid account.  Remember that the IPC$
 connection that lists the shares is done as guest, and thus you must
 have a valid guest account.
-</para>
 
-<para>
 Also, a lot of people are getting bitten by the problem of too many
 parameters on the command line of nmbd in inetd.conf.  This trick is to
 not use spaces between the option and the parameter (eg: -d2 instead
 of -d 2), and to not use the -B and -N options.  New versions of nmbd
 are now far more likely to correctly find your broadcast and network
 address, so in most cases these aren't needed.
-</para>
 
-<para>
 The other big problem people have is that their broadcast address,
 netmask or IP address is wrong (specified with the "interfaces" option
 in smb.conf)
-</para>
-</sect1>
 
-<sect1>
-<title>Browsing across subnets</title>
-<para>
+
+BROWSING ACROSS SUBNETS
+=======================
+
 With the release of Samba 1.9.17(alpha1 and above) Samba has been
 updated to enable it to support the replication of browse lists
 across subnet boundaries.  New code and options have been added to
 achieve this.  This section describes how to set this feature up
 in different settings.
-</para>
 
-<para>
 To see browse lists that span TCP/IP subnets (ie.  networks separated
 by routers that don't pass broadcast traffic) you must set up at least
 one WINS server.  The WINS server acts as a DNS for NetBIOS names, allowing
@@ -150,33 +111,24 @@ that by default, all NetBIOS name to IP address translation is done
 by broadcasts from the querying machine.  This means that machines
 on one subnet will not be able to resolve the names of machines on
 another subnet without using a WINS server.
-</para>
 
-<para>
 Remember, for browsing across subnets to work correctly, all machines,
 be they Windows 95, Windows NT, or Samba servers must have the IP address
 of a WINS server given to them by a DHCP server, or by manual configuration 
 (for Win95 and WinNT, this is in the TCP/IP Properties, under Network 
 settings) for Samba this is in the smb.conf file.
-</para>
 
-<sect2>
-<title>How does cross subnet browsing work ?</title>
+How does cross subnet browsing work ?
+=====================================
 
-<para>
 Cross subnet browsing is a complicated dance, containing multiple
 moving parts.  It has taken Microsoft several years to get the code
 that achieves this correct, and Samba lags behind in some areas.
 However, with the 1.9.17 release, Samba is capable of cross subnet
 browsing when configured correctly.
-</para>
 
-<para>
 Consider a network set up as follows :
-</para>
 
-<para>
-<programlisting>
                                    (DMB)
              N1_A      N1_B        N1_C       N1_D        N1_E
               |          |           |          |           |
@@ -191,11 +143,8 @@ Consider a network set up as follows :
   |     |     |      |               |        |         |           |
  N2_A  N2_B  N2_C   N2_D           N3_A     N3_B      N3_C        N3_D 
                     (WINS)
-</programlisting>
-</para>
-	
-<para>
-Consisting of 3 subnets (1, 2, 3) connected by two routers
+
+Consisting of 3 subnets (1, 2, 3) conneted by two routers
 (R1, R2) - these do not pass broadcasts.  Subnet 1 has 5 machines
 on it, subnet 2 has 4 machines, subnet 3 has 4 machines.  Assume
 for the moment that all these machines are configured to be in the
@@ -204,9 +153,7 @@ is configured as Domain Master Browser (ie.  it will collate the
 browse lists for the workgroup).  Machine N2_D is configured as
 WINS server and all the other machines are configured to register
 their NetBIOS names with it.
-</para>
 
-<para>
 As all these machines are booted up, elections for master browsers
 will take place on each of the three subnets.  Assume that machine
 N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on
@@ -214,9 +161,7 @@ subnet 3 - these machines are known as local master browsers for
 their particular subnet.  N1_C has an advantage in winning as the
 local master browser on subnet 1 as it is set up as Domain Master
 Browser.
-</para>
 
-<para>
 On each of the three networks, machines that are configured to 
 offer sharing services will broadcast that they are offering
 these services.  The local master browser on each subnet will
@@ -225,9 +170,7 @@ the machine is offering a service.  This list of records is
 the basis of the browse list.  For this case, assume that
 all the machines are configured to offer services so all machines
 will be on the browse list.
-</para>
 
-<para>
 For each network, the local master browser on that network is
 considered 'authoritative' for all the names it receives via
 local broadcast.  This is because a machine seen by the local
@@ -237,16 +180,11 @@ and 'verifiable' resource.  Machines on other networks that
 the local master browsers learn about when collating their
 browse lists have not been directly seen - these records are
 called 'non-authoritative'.
-</para>
 
-<para>
 At this point the browse lists look as follows (these are 
 the machines you would see in your network neighborhood if
 you looked in it on a particular network right now).
-</para>
 
-<para>
-<programlisting>
 Subnet           Browse Master   List
 ------           -------------   ----
 Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
@@ -254,24 +192,17 @@ Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E
 Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
 
 Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
-</programlisting>
-</para>
 
-<para>
 Note that at this point all the subnets are separate, no
 machine is seen across any of the subnets.
-</para>
 
-<para>
 Now examine subnet 2.  As soon as N2_B has become the local
 master browser it looks for a Domain master browser to synchronize
 its browse list with.  It does this by querying the WINS server
 (N2_D) for the IP address associated with the NetBIOS name 
-WORKGROUP&gt;1B&lt;.  This name was registerd by the Domain master
+WORKGROUP<1B>.  This name was registerd by the Domain master
 browser (N1_C) with the WINS server as soon as it was booted.
-</para>
 
-<para>
 Once N2_B knows the address of the Domain master browser it
 tells it that is the local master browser for subnet 2 by
 sending a MasterAnnouncement packet as a UDP port 138 packet.
@@ -281,10 +212,7 @@ names it knows about.  Once the domain master browser receives
 the MasterAnnouncement packet it schedules a synchronization
 request to the sender of that packet.  After both synchronizations
 are done the browse lists look like :
-</para>
 
-<para>
-<programlisting>
 Subnet           Browse Master   List
 ------           -------------   ----
 Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
@@ -296,26 +224,18 @@ Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
 Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
 
 Servers with a (*) after them are non-authoritative names.
-</programlisting>
-</para>
 
-<para>
 At this point users looking in their network neighborhood on
 subnets 1 or 2 will see all the servers on both, users on
 subnet 3 will still only see the servers on their own subnet.
-</para>
 
-<para>
 The same sequence of events that occured for N2_B now occurs
 for the local master browser on subnet 3 (N3_D).  When it
 synchronizes browse lists with the domain master browser (N1_A)
 it gets both the server entries on subnet 1, and those on
 subnet 2.  After N3_D has synchronized with N1_C and vica-versa
 the browse lists look like.
-</para>
 
-<para>
-<programlisting>
 Subnet           Browse Master   List
 ------           -------------   ----
 Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
@@ -330,24 +250,16 @@ Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
                                  N2_A(*), N2_B(*), N2_C(*), N2_D(*)
 
 Servers with a (*) after them are non-authoritative names.
-</programlisting>
-</para>
 
-<para>
 At this point users looking in their network neighborhood on
 subnets 1 or 3 will see all the servers on all sunbets, users on
 subnet 2 will still only see the servers on subnets 1 and 2, but not 3.
-</para>
 
-<para>
 Finally, the local master browser for subnet 2 (N2_B) will sync again
 with the domain master browser (N1_C) and will recieve the missing
 server entries.  Finally - and as a steady state (if no machines
 are removed or shut off) the browse lists will look like :
-</para>
 
-<para>
-<programlisting>
 Subnet           Browse Master   List
 ------           -------------   ----
 Subnet1          N1_C            N1_A, N1_B, N1_C, N1_D, N1_E, 
@@ -361,82 +273,48 @@ Subnet2          N2_B            N2_A, N2_B, N2_C, N2_D
 Subnet3          N3_D            N3_A, N3_B, N3_C, N3_D
                                  N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*),
                                  N2_A(*), N2_B(*), N2_C(*), N2_D(*)
-	
+
 Servers with a (*) after them are non-authoritative names.
-</programlisting>
-</para>
 
-<para>
 Synchronizations between the domain master browser and local
 master browsers will continue to occur, but this should be a
 steady state situation.
-</para>
 
-<para>
 If either router R1 or R2 fails the following will occur:
-</para>
-
-<orderedlist>
-<listitem>
-	<para>
-	Names of computers on each side of the inaccessible network fragments
-	will be maintained for as long as 36 minutes, in the network neighbourhood
-	lists.
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	Attempts to connect to these inaccessible computers will fail, but the
-	names will not be removed from the network neighbourhood lists.
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	If one of the fragments is cut off from the WINS server, it will only
-	be able to access servers on its local subnet, by using subnet-isolated
-	broadcast NetBIOS name resolution.  The effects are similar to that of
-	losing access to a DNS server.
-	</para>
-</listitem>
-</orderedlist>
-</sect2>
-</sect1>
-
-<sect1>
-<title>Setting up a WINS server</title>
-
-<para>
+
+1) Names of computers on each side of the inaccessible network fragments
+will be maintained for as long as 36 minutes, in the network neighbourhood
+lists.
+
+2) Attempts to connect to these inaccessible computers will fail, but the
+names will not be removed from the network neighbourhood lists.
+
+3) If one of the fragments is cut off from the WINS server, it will only
+be able to access servers on its local subnet, by using subnet-isolated
+broadcast NetBIOS name resolution.  The effects are similar to that of
+losing access to a DNS server.
+
+Setting up a WINS server
+========================
+
 Either a Samba machine or a Windows NT Server machine may be set up
 as a WINS server.  To set a Samba machine to be a WINS server you must
 add the following option to the smb.conf file on the selected machine :
 in the [globals] section add the line 
-</para>
 
-<para>
-<command>		wins support = yes</command>
-</para>
+        wins support = yes
 
-<para>
 Versions of Samba previous to 1.9.17 had this parameter default to
 yes.  If you have any older versions of Samba on your network it is
 strongly suggested you upgrade to 1.9.17 or above, or at the very
 least set the parameter to 'no' on all these machines.
-</para>
 
-<para>
-Machines with "<command>wins support = yes</command>" will keep a list of 
-all NetBIOS names registered with them, acting as a DNS for NetBIOS names.
-</para>
+Machines with "wins support = yes" will keep a list of all NetBIOS
+names registered with them, acting as a DNS for NetBIOS names.
 
-<para>
 You should set up only ONE wins server.  Do NOT set the
-"<command>wins support = yes</command>" option on more than one Samba 
-server.
-</para>
+"wins support = yes" option on more than one Samba server.
 
-<para>
 To set up a Windows NT Server as a WINS server you need to set up
 the WINS service - see your NT documentation for details.  Note that
 Windows NT WINS Servers can replicate to each other, allowing more
@@ -447,9 +325,7 @@ a Samba->Samba WINS replication protocol may be defined, in which
 case more than one Samba machine could be set up as a WINS server
 but currently only one Samba server should have the "wins support = yes"
 parameter set.
-</para>
 
-<para>
 After the WINS server has been configured you must ensure that all
 machines participating on the network are configured with the address
 of this WINS server.  If your WINS server is a Samba machine, fill in
@@ -458,39 +334,26 @@ the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs
 in Windows 95 or Windows NT.  To tell a Samba server the IP address
 of the WINS server add the following line to the [global] section of
 all smb.conf files :
-</para>
 
-<para>
-<command>		wins server = &gt;name or IP address&lt;</command>
-</para>
+        wins server = <name or IP address>
 
-<para>
-where &gt;name or IP address&lt; is either the DNS name of the WINS server
+where <name or IP address> is either the DNS name of the WINS server
 machine or its IP address.
-</para>
 
-<para>
 Note that this line MUST NOT BE SET in the smb.conf file of the Samba
 server acting as the WINS server itself.  If you set both the
-"<command>wins support = yes</command>" option and the 
-"<command>wins server = &gt;name&lt;</command>" option then
+"wins support = yes" option and the "wins server = <name>" option then
 nmbd will fail to start.
-</para>
 
-<para>
 There are two possible scenarios for setting up cross subnet browsing.
 The first details setting up cross subnet browsing on a network containing
 Windows 95, Samba and Windows NT machines that are not configured as
 part of a Windows NT Domain.  The second details setting up cross subnet
 browsing on networks that contain NT Domains.
-</para>
-
-</sect1>
 
-<sect1>
-<title>Setting up Browsing in a WORKGROUP</title>
+Setting up Browsing in a WORKGROUP
+==================================
 
-<para>
 To set up cross subnet browsing on a network containing machines
 in up to be in a WORKGROUP, not an NT Domain you need to set up one
 Samba server to be the Domain Master Browser (note that this is *NOT*
@@ -502,40 +365,26 @@ one machine configured as a domain master browser each subnet would
 be an isolated workgroup, unable to see any machines on any other
 subnet.  It is the presense of a domain master browser that makes
 cross subnet browsing possible for a workgroup.
-</para>
 
-<para>
 In an WORKGROUP environment the domain master browser must be a
 Samba server, and there must only be one domain master browser per
 workgroup name.  To set up a Samba server as a domain master browser,
 set the following option in the [global] section of the smb.conf file :
-</para>
 
-<para>
-<command>		domain master = yes</command>
-</para>
+        domain master = yes
 
-<para>
 The domain master browser should also preferrably be the local master
 browser for its own subnet.  In order to achieve this set the following
 options in the [global] section of the smb.conf file :
-</para>
 
-<para>
-<programlisting>
         domain master = yes
         local master = yes
         preferred master = yes
         os level = 65
-</programlisting>
-</para>
 
-<para>
 The domain master browser may be the same machine as the WINS
 server, if you require.
-</para>
 
-<para>
 Next, you should ensure that each of the subnets contains a
 machine that can act as a local master browser for the
 workgroup.  Any NT machine should be able to do this, as will
@@ -543,131 +392,89 @@ Windows 95 machines (although these tend to get rebooted more
 often, so it's not such a good idea to use these).  To make a 
 Samba server a local master browser set the following
 options in the [global] section of the smb.conf file :
-</para>
 
-<para>
-<programlisting>
         domain master = no
         local master = yes
         preferred master = yes
         os level = 65
-</programlisting>
-</para>
 
-<para>
 Do not do this for more than one Samba server on each subnet,
 or they will war with each other over which is to be the local
 master browser.
-</para>
 
-<para>
 The "local master" parameter allows Samba to act as a local master
 browser.  The "preferred master" causes nmbd to force a browser
 election on startup and the "os level" parameter sets Samba high
 enough so that it should win any browser elections.
-</para>
 
-<para>
 If you have an NT machine on the subnet that you wish to
 be the local master browser then you can disable Samba from
 becoming a local master browser by setting the following
 options in the [global] section of the smb.conf file :
-</para>
 
-<para>
-<programlisting>
         domain master = no
         local master = no
         preferred master = no
         os level = 0
-</programlisting>
-</para>
-
-</sect1>
 
-<sect1>
-<title>Setting up Browsing in a DOMAIN</title>
+Setting up Browsing in a DOMAIN
+===============================
 
-<para>
 If you are adding Samba servers to a Windows NT Domain then
 you must not set up a Samba server as a domain master browser.
 By default, a Windows NT Primary Domain Controller for a Domain
 name is also the Domain master browser for that name, and many
 things will break if a Samba server registers the Domain master
-browser NetBIOS name (DOMAIN&gt;1B&lt;) with WINS instead of the PDC.
-</para>
+browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC.
 
-<para>
 For subnets other than the one containing the Windows NT PDC
 you may set up Samba servers as local master browsers as
 described.  To make a Samba server a local master browser set 
 the following options in the [global] section of the smb.conf 
 file :
-</para>
 
-<para>
-<programlisting>
         domain master = no
         local master = yes
         preferred master = yes
         os level = 65
-</programlisting>
-</para>
 
-<para>
 If you wish to have a Samba server fight the election with machines
 on the same subnet you may set the "os level" parameter to lower
 levels.  By doing this you can tune the order of machines that
 will become local master browsers if they are running.  For
 more details on this see the section "FORCING SAMBA TO BE THE MASTER"
 below.
-</para>
 
-<para>
 If you have Windows NT machines that are members of the domain
 on all subnets, and you are sure they will always be running then
 you can disable Samba from taking part in browser elections and
 ever becoming a local master browser by setting following options 
 in the [global] section of the smb.conf file :
-</para>
-
-<para>
-<command>
+ 
         domain master = no
         local master = no
         preferred master = no
         os level = 0
-</command>
-</para>
-
-</sect1>
 
-<sect1>
-<title>Forcing samba to be the master</title>
+FORCING SAMBA TO BE THE MASTER
+==============================
 
-<para>
 Who becomes the "master browser" is determined by an election process
 using broadcasts.  Each election packet contains a number of parameters
 which determine what precedence (bias) a host should have in the
 election.  By default Samba uses a very low precedence and thus loses
 elections to just about anyone else.
-</para>
 
-<para>
 If you want Samba to win elections then just set the "os level" global
 option in smb.conf to a higher number.  It defaults to 0.  Using 34
 would make it win all elections over every other system (except other
 samba systems!)
-</para>
 
-<para>
 A "os level" of 2 would make it beat WfWg and Win95, but not NTAS.  A
 NTAS domain controller uses level 32.
-</para>
 
-<para>The maximum os level is 255</para>
+The maximum os level is 255
 
-<para>
 If you want samba to force an election on startup, then set the
 "preferred master" global option in smb.conf to "yes".  Samba will
 then have a slight advantage over other potential master browsers
@@ -676,17 +483,13 @@ care, as if you have two hosts (whether they are windows 95 or NT or
 samba) on the same local subnet both set with "preferred master" to
 "yes", then periodically and continually they will force an election
 in order to become the local master browser.
-</para>
 
-<para>
 If you want samba to be a "domain master browser", then it is
 recommended that you also set "preferred master" to "yes", because
 samba will not become a domain master browser for the whole of your
 LAN or WAN if it is not also a local master browser on its own
 broadcast isolated subnet.
-</para>
 
-<para>
 It is possible to configure two samba servers to attempt to become
 the domain master browser for a domain.  The first server that comes
 up will be the domain master browser.  All other samba servers will
@@ -694,107 +497,66 @@ attempt to become the domain master browser every 5 minutes.  They
 will find that another samba server is already the domain master
 browser and will fail.  This provides automatic redundancy, should
 the current domain master browser fail.
-</para>
+ 
 
-</sect1>
+MAKING SAMBA THE DOMAIN MASTER
+==============================
 
-<sect1>
-<title>Making samba the domain master</title>
-
-<para>
 The domain master is responsible for collating the browse lists of
 multiple subnets so that browsing can occur between subnets.  You can
 make samba act as the domain master by setting "domain master = yes"
 in smb.conf.  By default it will not be a domain master.
-</para>
 
-<para>
 Note that you should NOT set Samba to be the domain master for a
 workgroup that has the same name as an NT Domain.
-</para>
 
-<para>
 When samba is the domain master and the master browser it will listen
 for master announcements (made roughly every twelve minutes) from local
 master browsers on other subnets and then contact them to synchronise
 browse lists.
-</para>
 
-<para>
 If you want samba to be the domain master then I suggest you also set
 the "os level" high enough to make sure it wins elections, and set
 "preferred master" to "yes", to get samba to force an election on
 startup.
-</para>
 
-<para>
 Note that all your servers (including samba) and clients should be
 using a WINS server to resolve NetBIOS names.  If your clients are only
 using broadcasting to resolve NetBIOS names, then two things will occur:
-</para>
-
-<orderedlist>
-<listitem>
-	<para>
-	your local master browsers will be unable to find a domain master
-	browser, as it will only be looking on the local subnet.
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	if a client happens to get hold of a domain-wide browse list, and
-	a user attempts to access a host in that list, it will be unable to
-	resolve the NetBIOS name of that host.
-	</para>
-</listitem>
-</orderedlist>
-
-<para>
+
+a) your local master browsers will be unable to find a domain master
+   browser, as it will only be looking on the local subnet.
+
+b) if a client happens to get hold of a domain-wide browse list, and
+   a user attempts to access a host in that list, it will be unable to
+   resolve the NetBIOS name of that host.
+
 If, however, both samba and your clients are using a WINS server, then:
-</para>
-
-<orderedlist>
-<listitem>
-	<para>
-	your local master browsers will contact the WINS server and, as long as
-	samba has registered that it is a domain master browser with the WINS
-	server, your local master browser will receive samba's ip address
-	as its domain master browser.
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	when a client receives a domain-wide browse list, and a user attempts
-	to access a host in that list, it will contact the WINS server to
-	resolve the NetBIOS name of that host.  as long as that host has
-	registered its NetBIOS name with the same WINS server, the user will
-	be able to see that host.  
-	</para>
-</listitem>
-</orderedlist>
-
-</sect1>
-
-<sect1>
-<title>Note about broadcast addresses</title>
-
-<para>
+
+a) your local master browsers will contact the WINS server and, as long as
+   samba has registered that it is a domain master browser with the WINS
+   server, your local master browser will receive samba's ip address
+   as its domain master browser.
+
+b) when a client receives a domain-wide browse list, and a user attempts
+   to access a host in that list, it will contact the WINS server to
+   resolve the NetBIOS name of that host.  as long as that host has
+   registered its NetBIOS name with the same WINS server, the user will
+   be able to see that host.  
+
+NOTE ABOUT BROADCAST ADDRESSES
+==============================
+
 If your network uses a "0" based broadcast address (for example if it
 ends in a 0) then you will strike problems.  Windows for Workgroups
 does not seem to support a 0's broadcast and you will probably find
 that browsing and name lookups won't work.
-</para>
-</sect1>
 
-<sect1>
-<title>Multiple interfaces</title>
 
-<para>
+MULTIPLE INTERFACES
+===================
+
 Samba now supports machines with multiple network interfaces.  If you
 have multiple interfaces then you will need to use the "interfaces"
 option in smb.conf to configure them.  See smb.conf(5) for details.
-</para>
-</sect1>
-</chapter>
+
diff --git a/docs/docbook/projdoc/Bugs.sgml b/docs/textdocs/BUGS.txt
index 5a24458e080..8dd6b0200f4 100644
--- a/docs/docbook/projdoc/Bugs.sgml
+++ b/docs/textdocs/BUGS.txt
@@ -1,180 +1,123 @@
-<chapter id="bugreport">
+!==
+!== BUGS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Samba Team
+Updated:	June 27, 1997
 
-<chapterinfo>
-	<author>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-		</affiliation>
-	</author>
-	<pubdate> 27 June 1997 </pubdate>
-</chapterinfo>
+Subject: This file describes how to report Samba bugs. 
+============================================================================
 
-<title>Reporting Bugs</title>
+>> The email address for bug reports is samba@samba.org <<
 
-<sect1>
-<title>Introduction</title>
-
-<para>
-The email address for bug reports is samba@samba.org
-</para>
-
-<para>
 Please take the time to read this file before you submit a bug
 report. Also, please see if it has changed between releases, as we
 may be changing the bug reporting mechanism at some time.
-</para>
 
-<para>
 Please also do as much as you can yourself to help track down the
 bug. Samba is maintained by a dedicated group of people who volunteer
 their time, skills and efforts. We receive far more mail about it than
 we can possibly answer, so you have a much higher chance of an answer
 and a fix if you send us a "developer friendly" bug report that lets
 us fix it fast. 
-</para>
 
-<para>
 Do not assume that if you post the bug to the comp.protocols.smb
 newsgroup or the mailing list that we will read it. If you suspect that your 
 problem is not a bug but a configuration problem then it is better to send 
 it to the Samba mailing list, as there are (at last count) 5000 other users on
 that list that may be able to help you.
-</para>
 
-<para>
 You may also like to look though the recent mailing list archives,
 which are conveniently accessible on the Samba web pages
 at http://samba.org/samba/ 
-</para>
 
-</sect1>
 
-<sect1>
-<title>General info</title>
+GENERAL INFO
+------------
 
-<para>
 Before submitting a bug report check your config for silly
 errors. Look in your log files for obvious messages that tell you that
 you've misconfigured something and run testparm to test your config
 file for correct syntax.
-</para>
 
-<para>
-Have you run through the <ulink url="Diagnosis.html">diagnosis</ulink>? 
-This is very important.
-</para>
+Have you run through DIAGNOSIS.txt? This is very important.
 
-<para>
 If you include part of a log file with your bug report then be sure to
 annotate it with exactly what you were doing on the client at the
 time, and exactly what the results were.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Debug levels</title>
+DEBUG LEVELS
+------------
 
-<para>
 If the bug has anything to do with Samba behaving incorrectly as a
 server (like refusing to open a file) then the log files will probably
 be very useful. Depending on the problem a log level of between 3 and
 10 showing the problem may be appropriate. A higher level givesmore
 detail, but may use too much disk space.
-</para>
 
-<para>
-To set the debug level use <command>log level =</command> in your 
-<filename>smb.conf</filename>. You may also find it useful to set the log 
-level higher for just one machine and keep separate logs for each machine. 
-To do this use:
-</para>
+To set the debug level use "log level =" in your smb.conf. You may
+also find it useful to set the log level higher for just one machine
+and keep separate logs for each machine. To do this use:
 
-<para><programlisting>
 log level = 10
 log file = /usr/local/samba/lib/log.%m
 include = /usr/local/samba/lib/smb.conf.%m
-</programlisting></para>
 
-<para>
-then create a file 
-<filename>/usr/local/samba/lib/smb.conf.machine</filename> where
+then create a file "/usr/local/samba/lib/smb.conf.machine" where
 "machine" is the name of the client you wish to debug. In that file
-put any smb.conf commands you want, for example 
-<command>log level=</command> may be useful. This also allows you to 
-experiment with different security systems, protocol levels etc on just 
-one machine.
-</para>
-
-<para>
-The <filename>smb.conf</filename> entry <command>log level =</command> 
-is synonymous with the entry <command>debuglevel =</command> that has been 
-used in older versions of Samba and is being retained for backwards 
-compatibility of smb.conf files.
-</para>
-
-<para>
-As the <command>log level =</command> value is increased you will record 
-a significantly increasing level of debugging information. For most 
-debugging operations you may not need a setting higher than 3. Nearly 
-all bugs can be tracked at a setting of 10, but be prepared for a VERY 
-large volume of log data.
-</para>
-
-</sect1>
-
-<sect1>
-<title>Internal errors</title>
-
-<para>
+put any smb.conf commands you want, for example "log level=" may be
+useful. This also allows you to experiment with different security
+systems, protocol levels etc on just one machine.
+
+The smb.conf entry "log level =" is synonymous with the entry
+"debuglevel =" that has been used in older versions of Samba and
+is being retained for backwards compatibility of smb.conf files.
+
+As the "log level =" value is increased you will record a significantly
+increasing level of debugging information. For most debugging operations
+you may not need a setting higher than 3. Nearly all bugs can be tracked
+at a setting of 10, but be prepared for a VERY large volume of log data.
+
+
+INTERNAL ERRORs
+---------------
+
 If you get a "INTERNAL ERROR" message in your log files it means that
 Samba got an unexpected signal while running. It is probably a
 segmentation fault and almost certainly means a bug in Samba (unless
 you have faulty hardware or system software)
-</para>
 
-<para>
 If the message came from smbd then it will probably be accompanied by
 a message which details the last SMB message received by smbd. This
 info is often very useful in tracking down the problem so please
 include it in your bug report.
-</para>
 
-<para>
 You should also detail how to reproduce the problem, if
 possible. Please make this reasonably detailed.
-</para>
 
-<para>
 You may also find that a core file appeared in a "corefiles"
 subdirectory of the directory where you keep your samba log
 files. This file is the most useful tool for tracking down the bug. To
 use it you do this:
-</para>
 
-<para><command>gdb smbd core</command></para>
+gdb smbd core
 
-<para>
 adding appropriate paths to smbd and core so gdb can find them. If you
 don't have gdb then try "dbx". Then within the debugger use the
 command "where" to give a stack trace of where the problem
 occurred. Include this in your mail.
-</para>
 
-<para>
 If you known any assembly language then do a "disass" of the routine
 where the problem occurred (if its in a library routine then
 disassemble the routine that called it) and try to work out exactly
 where the problem is by looking at the surrounding code. Even if you
 don't know assembly then incuding this info in the bug report can be
 useful. 
-</para>
-</sect1>
 
-<sect1>
-<title>Attaching to a running process</title>
 
-<para>
+ATTACHING TO A RUNNING PROCESS
+------------------------------
+
 Unfortunately some unixes (in particular some recent linux kernels)
 refuse to dump a core file if the task has changed uid (which smbd
 does often). To debug with this sort of system you could try to attach
@@ -182,21 +125,14 @@ to the running process using "gdb smbd PID" where you get PID from
 smbstatus. Then use "c" to continue and try to cause the core dump
 using the client. The debugger should catch the fault and tell you
 where it occurred.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Patches</title>
+PATCHES
+-------
 
-<para>
 The best sort of bug report is one that includes a fix! If you send us
-patches please use <command>diff -u</command> format if your version of 
-diff supports it, otherwise use <command>diff -c4</command>. Make sure 
-your do the diff against a clean version of the source and let me know 
-exactly what version you used. 
-</para>
-
-</sect1>
-</chapter>
+patches please use "diff -u" format if your version of diff supports
+it, otherwise use "diff -c4". Make sure your do the diff against a
+clean version of the source and let me know exactly what version you
+used. 
 
diff --git a/docs/textdocs/DHCP-Server-Configuration.txt b/docs/textdocs/DHCP-Server-Configuration.txt
index 499706955fb..82b54c2f5df 100644
--- a/docs/textdocs/DHCP-Server-Configuration.txt
+++ b/docs/textdocs/DHCP-Server-Configuration.txt
@@ -1,3 +1,6 @@
+!==
+!== DHCP-Server-Configuration.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Subject:	DHCP Server Configuration for SMB Clients
 Date:		March 1, 1998
 Updated:        May 15, 2001
diff --git a/docs/docbook/projdoc/Diagnosis.sgml b/docs/textdocs/DIAGNOSIS.txt
index 20b2ccee086..5ca1743a23a 100644
--- a/docs/docbook/projdoc/Diagnosis.sgml
+++ b/docs/textdocs/DIAGNOSIS.txt
@@ -1,164 +1,111 @@
-<chapter id="diagnosis">
-<chapterinfo>
-	<author>
-		<firstname>Andrew</firstname><surname>Tridgell</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address><email>tridge@samba.org</email></address>
-		</affiliation>
-	</author>
-	<pubdate> 1 November 1999</pubdate>
-</chapterinfo>
-
-<title>Diagnosing your samba server</title>
-
-<sect1>
-<title>Introduction</title>
-
-<para>
+!==
+!== DIAGNOSIS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell
+Updated:	November 1, 1999
+
+Subject:	DIAGNOSING YOUR SAMBA SERVER
+===========================================================================
+
 This file contains a list of tests you can perform to validate your
 Samba server. It also tells you what the likely cause of the problem
 is if it fails any one of these steps. If it passes all these tests
 then it is probably working fine.
-</para>
 
-<para>
 You should do ALL the tests, in the order shown. I have tried to
 carefully choose them so later tests only use capabilities verified in
 the earlier tests.
-</para>
 
-<para>
 If you send me an email saying "it doesn't work" and you have not
 followed this test procedure then you should not be surprised if I
 ignore your email.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Assumptions</title>
+ASSUMPTIONS
+-----------
 
-<para>
 In all of the tests I assume you have a Samba server called BIGSERVER
 and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the
 PC is running windows for workgroups with a recent copy of the
 microsoft tcp/ip stack. Alternatively, your PC may be running Windows
 95 or Windows NT (Workstation or Server).
-</para>
 
-<para>
 The procedure is similar for other types of clients.
-</para>
 
-<para>
 I also assume you know the name of an available share in your
 smb.conf. I will assume this share is called "tmp". You can add a
 "tmp" share like by adding the following to smb.conf:
-</para>
-
-<para><programlisting>
 
 [tmp]
  comment = temporary files 
  path = /tmp
  read only = yes
 
-</programlisting>
-</para>
 
-<para>
 THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME
 COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS
-</para>
 
-<para>
 Please pay attention to the error messages you receive. If any error message
 reports that your server is being unfriendly you should first check that you
 IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf
 file points to name servers that really do exist.
-</para>
 
-<para>
 Also, if you do not have DNS server access for name resolution please check
 that the settings for your smb.conf file results in "dns proxy = no". The
 best way to check this is with "testparm smb.conf"
-</para>
 
-</sect1>
 
-<sect1>
-<title>Tests</title>
+TEST 1:
+-------
 
-<sect2>
-<title>Test 1</title>
-<para>
 In the directory in which you store your smb.conf file, run the command
 "testparm smb.conf". If it reports any errors then your smb.conf
 configuration file is faulty.
-</para>
 
-<para>
-Note:	Your smb.conf file may be located in: <filename>/etc</filename>
-	Or in:   <filename>/usr/local/samba/lib</filename>
-</para>
-</sect2>
+Note:	Your smb.conf file may be located in: /etc
+	Or in:   /usr/local/samba/lib
 
-<sect2>
-<title>Test 2</title>
 
-<para>
-Run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
+TEST 2:
+-------
+
+run the command "ping BIGSERVER" from the PC and "ping ACLIENT" from
 the unix box. If you don't get a valid response then your TCP/IP
 software is not correctly installed. 
-</para>
 
-<para>
 Note that you will need to start a "dos prompt" window on the PC to
 run ping.
-</para>
 
-<para>
 If you get a message saying "host not found" or similar then your DNS
 software or /etc/hosts file is not correctly setup. It is possible to
 run samba without DNS entries for the server and client, but I assume
 you do have correct entries for the remainder of these tests. 
-</para>
 
-<para>
 Another reason why ping might fail is if your host is running firewall 
 software. You will need to relax the rules to let in the workstation
 in question, perhaps by allowing access from another subnet (on Linux
 this is done via the ipfwadm program.)
-</para>
-</sect2>
 
-<sect2>
-<title>Test 3</title>
 
-<para>
+TEST 3:
+-------
+
 Run the command "smbclient -L BIGSERVER" on the unix box. You
 should get a list of available shares back. 
-</para>
 
-<para>
 If you get a error message containing the string "Bad password" then
 you probably have either an incorrect "hosts allow", "hosts deny" or
 "valid users" line in your smb.conf, or your guest account is not
 valid. Check what your guest account is using "testparm" and
 temporarily remove any "hosts allow", "hosts deny", "valid users" or
 "invalid users" lines.
-</para>
 
-<para>
 If you get a "connection refused" response then the smbd server may
 not be running. If you installed it in inetd.conf then you probably edited
 that file incorrectly. If you installed it as a daemon then check that
 it is running, and check that the netbios-ssn port is in a LISTEN
 state using "netstat -a".
-</para>
 
-<para>
 If you get a "session request failed" then the server refused the
 connection. If it says "Your server software is being unfriendly" then
 its probably because you have invalid command line parameters to smbd,
@@ -166,312 +113,192 @@ or a similar fatal problem with the initial startup of smbd. Also
 check your config file (smb.conf) for syntax errors with "testparm"
 and that the various directories where samba keeps its log and lock
 files exist.
-</para>
 
-<para>
 There are a number of reasons for which smbd may refuse or decline
 a session request. The most common of these involve one or more of
 the following smb.conf file entries:
-</para>
-
-<para><programlisting>
 	hosts deny = ALL
 	hosts allow = xxx.xxx.xxx.xxx/yy
 	bind interfaces only = Yes
-</programlisting></para>
 
-<para>
 In the above, no allowance has been made for any session requests that
 will automatically translate to the loopback adaptor address 127.0.0.1.
 To solve this problem change these lines to:
-</para>
-
-<para><programlisting>
 	hosts deny = ALL
 	hosts allow = xxx.xxx.xxx.xxx/yy 127.
-</programlisting></para>
-
-<para>
 Do NOT use the "bind interfaces only" parameter where you may wish to
 use the samba password change facility, or where smbclient may need to
 access local service for name resolution or for local resource
 connections. (Note: the "bind interfaces only" parameter deficiency
 where it will not allow connections to the loopback address will be
 fixed soon).
-</para>
 
-<para>
 Another common cause of these two errors is having something already running 
 on port 139, such as Samba (ie: smbd is running from inetd already) or
 something like Digital's Pathworks. Check your inetd.conf file before trying
 to start smbd as a daemon, it can avoid a lot of frustration!
-</para>
 
-<para>
 And yet another possible cause for failure of TEST 3 is when the subnet mask
 and / or broadcast address settings are incorrect. Please check that the
 network interface IP Address / Broadcast Address / Subnet Mask settings are
 correct and that Samba has correctly noted these in the log.nmb file.
-</para>
-
-</sect2>
 
-<sect2>
-<title>Test 4</title>
+TEST 4:
+-------
 
-<para>
 Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the
 IP address of your Samba server back.
-</para>
 
-<para>
 If you don't then nmbd is incorrectly installed. Check your inetd.conf
 if you run it from there, or that the daemon is running and listening
 to udp port 137.
-</para>
 
-<para>
 One common problem is that many inetd implementations can't take many
 parameters on the command line. If this is the case then create a
 one-line script that contains the right parameters and run that from
 inetd.
-</para>
 
-</sect2>
 
-<sect2>
-<title>Test 5</title>
+TEST 5:
+-------
 
-<para>run the command <command>nmblookup -B ACLIENT '*'</command></para>
+run the command "nmblookup -B ACLIENT '*'"
 
-<para>
 You should get the PCs IP address back. If you don't then the client
 software on the PC isn't installed correctly, or isn't started, or you
 got the name of the PC wrong. 
-</para>
 
-<para>
 If ACLIENT doesn't resolve via DNS then use the IP address of the
 client in the above test.
-</para>
 
-</sect2>
 
-<sect2>
-<title>Test 6</title>
+TEST 6:
+-------
 
-<para>
-Run the command <command>nmblookup -d 2 '*'</command>
-</para>
+Run the command "nmblookup -d 2 '*'"
 
-<para>
 This time we are trying the same as the previous test but are trying
 it via a broadcast to the default broadcast address. A number of
 Netbios/TCPIP hosts on the network should respond, although Samba may
 not catch all of the responses in the short time it listens. You
 should see "got a positive name query response" messages from several
-hosts.
-</para>
+hosts. 
 
-<para>
 If this doesn't give a similar result to the previous test then
 nmblookup isn't correctly getting your broadcast address through its
 automatic mechanism. In this case you should experiment use the
 "interfaces" option in smb.conf to manually configure your IP
 address, broadcast and netmask. 
-</para>
 
-<para>
 If your PC and server aren't on the same subnet then you will need to
 use the -B option to set the broadcast address to the that of the PCs
 subnet.
-</para>
 
-<para>
 This test will probably fail if your subnet mask and broadcast address are
 not correct. (Refer to TEST 3 notes above).
-</para>
 
-</sect2>
+TEST 7:
+-------
 
-<sect2>
-<title>Test 7</title>
-
-<para>
-Run the command <command>smbclient //BIGSERVER/TMP</command>. You should 
-then be prompted for a password. You should use the password of the account
+Run the command "smbclient //BIGSERVER/TMP". You should then be
+prompted for a password. You should use the password of the account
 you are logged into the unix box with. If you want to test with
-another account then add the -U &gt;accountname&lt; option to the end of
-the command line.  eg: 
-<command>smbclient //bigserver/tmp -Ujohndoe</command>
-</para>
+another account then add the -U <accountname> option to the end of
+the command line.  eg: smbclient //bigserver/tmp -Ujohndoe
 
-<para>
 Note: It is possible to specify the password along with the username
 as follows:
-<command>smbclient //bigserver/tmp -Ujohndoe%secret</command>
-</para>
+	smbclient //bigserver/tmp -Ujohndoe%secret
 
-<para>
 Once you enter the password you should get the "smb>" prompt. If you
 don't then look at the error message. If it says "invalid network
 name" then the service "tmp" is not correctly setup in your smb.conf.
-</para>
 
-<para>
 If it says "bad password" then the likely causes are:
-</para>
-
-<orderedlist>
-<listitem>
-	<para>
-	you have shadow passords (or some other password system) but didn't
-	compile in support for them in smbd
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	your "valid users" configuration is incorrect
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	you have a mixed case password and you haven't enabled the "password
-	level" option at a high enough level
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	the "path =" line in smb.conf is incorrect. Check it with testparm
-	</para>
-</listitem>
-
-<listitem>
-	<para>
-	you enabled password encryption but didn't create the SMB encrypted
-	password file
-	</para>
-</listitem>
-</orderedlist>
-
-<para>
-Once connected you should be able to use the commands 
-<command>dir</command> <command>get</command> <command>put</command> etc. 
-Type <command>help &gt;command&lt;</command> for instructions. You should
+
+- you have shadow passords (or some other password system) but didn't
+compile in support for them in smbd
+- your "valid users" configuration is incorrect
+- you have a mixed case password and you haven't enabled the "password
+level" option at a high enough level
+- the "path =" line in smb.conf is incorrect. Check it with testparm
+- you enabled password encryption but didn't create the SMB encrypted
+password file
+
+Once connected you should be able to use the commands "dir" "get"
+"put" etc. Type "help <command>" for instructions. You should
 especially check that the amount of free disk space shown is correct
-when you type <command>dir</command>.
-</para>
+when you type "dir".
 
-</sect2>
 
-<sect2>
-<title>Test 8</title>
+TEST 8:
+-------
 
-<para>
-On the PC type the command <command>net view \\BIGSERVER</command>. You will 
-need to do this from within a "dos prompt" window. You should get back a 
-list of available shares on the server.
-</para>
+On the PC type the command "net view \\BIGSERVER". You will need to do
+this from within a "dos prompt" window. You should get back a list of
+available shares on the server.
 
-<para>
 If you get a "network name not found" or similar error then netbios
 name resolution is not working. This is usually caused by a problem in
 nmbd. To overcome it you could do one of the following (you only need
 to choose one of them):
-</para>
-
-<orderedlist>
-<listitem><para>
-	fixup the nmbd installation
-</para></listitem>
-
-<listitem><para>
-	add the IP address of BIGSERVER to the "wins server" box in the
-	advanced tcp/ip setup on the PC.
-</para></listitem>
 
-<listitem><para>
-	enable windows name resolution via DNS in the advanced section of
-	the tcp/ip setup
-</para></listitem>
+- fixup the nmbd installation
+- add the IP address of BIGSERVER to the "wins server" box in the
+advanced tcp/ip setup on the PC.
+- enable windows name resolution via DNS in the advanced section of
+the tcp/ip setup
+- add BIGSERVER to your lmhosts file on the PC.
 
-<listitem><para>
-	add BIGSERVER to your lmhosts file on the PC.
-</para></listitem>
-</orderedlist>
-
-<para>
 If you get a "invalid network name" or "bad password error" then the
 same fixes apply as they did for the "smbclient -L" test above. In
 particular, make sure your "hosts allow" line is correct (see the man
 pages)
-</para>
 
-<para>
 Also, do not overlook that fact that when the workstation requests the
 connection to the samba server it will attempt to connect using the 
 name with which you logged onto your Windows machine. You need to make
 sure that an account exists on your Samba server with that exact same
 name and password.
-</para>
 
-<para>
 If you get "specified computer is not receiving requests" or similar
 it probably means that the host is not contactable via tcp services.
 Check to see if the host is running tcp wrappers, and if so add an entry in
 the hosts.allow file for your client (or subnet, etc.)
-</para>
 
-</sect2>
 
-<sect2>
-<title>Test 9</title>
+TEST 9:
+--------
 
-<para>
-Run the command <command>net use x: \\BIGSERVER\TMP</command>. You should 
-be prompted for a password then you should get a "command completed 
-successfully" message. If not then your PC software is incorrectly 
-installed or your smb.conf is incorrect. make sure your "hosts allow" 
-and other config lines in smb.conf are correct.
-</para>
+Run the command "net use x: \\BIGSERVER\TMP". You should be prompted
+for a password then you should get a "command completed successfully"
+message. If not then your PC software is incorrectly installed or your
+smb.conf is incorrect. make sure your "hosts allow" and other config
+lines in smb.conf are correct.
 
-<para>
 It's also possible that the server can't work out what user name to
 connect you as. To see if this is the problem add the line "user =
 USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the
 username corresponding to the password you typed. If you find this
 fixes things you may need the username mapping option.
-</para>
-
-</sect2>
 
-<sect2>
-<title>Test 10</title>
+TEST 10:
+--------
 
-<para>
-Run the command <command>nmblookup -M TESTGROUP</command> where 
-TESTGROUP is the name of the workgroup that your Samba server and 
-Windows PCs belong to. You should get back the IP address of the 
-master browser for that workgroup.
-</para>
+Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name
+of the workgroup that your Samba server and Windows PCs belong to. You
+should get back the IP address of the master browser for that
+workgroup.
 
-<para>
 If you don't then the election process has failed. Wait a minute to
 see if it is just being slow then try again. If it still fails after
 that then look at the browsing options you have set in smb.conf. Make
-sure you have <command>preferred master = yes</command> to ensure that 
-an election is held at startup.
-</para>
+sure you have "preferred master = yes" to ensure that an election is
+held at startup.
 
-</sect2>
+TEST 11:
+--------
 
-<sect2>
-<title>Test 11</title>
-
-<para>
 From file manager try to browse the server. Your samba server should
 appear in the browse list of your local workgroup (or the one you
 specified in smb.conf). You should be able to double click on the name
@@ -479,31 +306,19 @@ of the server and get a list of shares. If you get a "invalid
 password" error when you do then you are probably running WinNT and it
 is refusing to browse a server that has no encrypted password
 capability and is in user level security mode. In this case either set
-<command>security = server</command> AND 
-<command>password server = Windows_NT_Machine</command> in your
+"security = server" AND "password server = Windows_NT_Machine" in your
 smb.conf file, or enable encrypted passwords AFTER compiling in support
 for encrypted passwords (refer to the Makefile).
-</para>
 
-</sect2>
-</sect1>
 
-<sect1>
-<title>Still having troubles?</title>
+Still having troubles?
+----------------------
 
-<para>
-Try the mailing list or newsgroup, or use the ethereal utility to
+Try the mailing list or newsgroup, or use the tcpdump-smb utility to
 sniff the problem. The official samba mailing list can be reached at
-<ulink url="mailto:samba@samba.org">samba@samba.org</ulink>. To find 
-out more about samba and how to subscribe to the mailing list check 
-out the samba web page at 
-<ulink url="http://samba.org/samba">http://samba.org/samba</ulink>
-</para>
+samba@samba.org. To find out more about samba and how to
+subscribe to the mailing list check out the samba web page at
+              http://samba.org/samba
 
-<para>
 Also look at the other docs in the Samba package!
-</para>
-
-</sect1>
 
-</chapter>
diff --git a/docs/textdocs/DNIX.txt b/docs/textdocs/DNIX.txt
new file mode 100644
index 00000000000..fed77b939b4
--- /dev/null
+++ b/docs/textdocs/DNIX.txt
@@ -0,0 +1,72 @@
+!==
+!== DNIX.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+DNIX has a problem with seteuid() and setegid(). These routines are
+needed for Samba to work correctly, but they were left out of the DNIX
+C library for some reason.
+
+For this reason Samba by default defines the macro NO_EID in the DNIX
+section of includes.h. This works around the problem in a limited way,
+but it is far from ideal, some things still won't work right.
+
+To fix the problem properly you need to assemble the following two
+functions and then either add them to your C library or link them into
+Samba.
+
+put this in the file setegid.s:
+
+        .globl  _setegid
+_setegid:
+        moveq   #47,d0
+        movl    #100,a0
+        moveq   #1,d1
+        movl    4(sp),a1
+        trap    #9
+        bccs    1$
+        jmp     cerror
+1$:
+        clrl    d0
+        rts
+
+
+put this in the file seteuid.s:
+
+        .globl  _seteuid
+_seteuid:
+        moveq   #47,d0
+        movl    #100,a0
+        moveq   #0,d1
+        movl    4(sp),a1
+        trap    #9
+        bccs    1$
+        jmp     cerror
+1$:
+        clrl    d0
+        rts
+
+after creating the above files you then assemble them using
+
+as seteuid.s
+as setegid.s
+
+that should produce the files seteuid.o and setegid.o
+
+then you need to add these to the LIBSM line in the DNIX section of
+the Samba Makefile. Your LIBSM line will then look something like this:
+
+LIBSM = setegid.o seteuid.o -ln
+
+You should then remove the line:
+
+#define NO_EID
+
+from the DNIX section of includes.h
+
+Then recompile and try it out!
+
+Note that this file was derived from an email from Peter Olsson
+<pol@leissner.se>. I don't have DNIX myself, so you're probably better
+off contacting Peter if you have problems.
+
+Andrew
+
diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt
index 0703d75cc35..eb4e5f58a1a 100644
--- a/docs/textdocs/Faxing.txt
+++ b/docs/textdocs/Faxing.txt
@@ -1,3 +1,6 @@
+!==
+!== Faxing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Contributor:    Gerhard Zuber <zuber@berlin.snafu.de>
 Date:			August 5th 1997.
 Status:			Current
diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt
index bc5c6dae853..afa5f8f4542 100644
--- a/docs/textdocs/GOTCHAS.txt
+++ b/docs/textdocs/GOTCHAS.txt
@@ -1,3 +1,6 @@
+!==
+!== GOTCHAS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 This file lists Gotchas to watch out for:
 =========================================================================
 Item Number:	1.0
diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt
index 877640108ce..5b0854b36e5 100644
--- a/docs/textdocs/HINTS.txt
+++ b/docs/textdocs/HINTS.txt
@@ -1,3 +1,6 @@
+!==
+!== HINTS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Contributor:	Many
 Updated:	Not for a long time!
 
@@ -49,9 +52,6 @@ windows. Just drag your file onto the icon and it converts the file.
 Get it from
 ftp://samba.org/pub/samba/contributed/fixcrlf.zip
 
-The utilities unix2dos and dos2unix(in the mtools package) should do 
-the job under unix.
-
 ---------------------- 
 HINT: Use the "username map" option
 
diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar
new file mode 100644
index 00000000000..413f54d3c65
--- /dev/null
+++ b/docs/textdocs/INSTALL.sambatar
@@ -0,0 +1,33 @@
+Contributor:	Ricky Poulten <poultenr@logica.co.uk>
+Date:		Unknown
+Status:		Current
+
+Subject:	Using smbtar
+=============================================================================
+
+Please see the readme and the man page for general info.
+
+1) Follow the samba installation instructions.
+
+2) If all goes well, test it out by creating a share on your PC (called
+backup for example) then doing something like,
+
+  ./smbtar -s mypc -t /dev/rmt/0ubn -x backup
+
+substituting whatever your tape drive is for the -t option, or set your
+tape environmental variable.
+
+If all does not go well, feel free to mail the author (poultenr@logica.co.uk)
+about bug reports / help / money / pizza / etc.
+
+3) Read the man page and the NOTES file for more information
+
+4) Work smbtar into your usual nightly backup scheme (presuming you
+have one :-}).
+
+
+NOTE:
+
+If you have problems with smbtar then it's probably best to contact the
+author Ricky Poulten (poultenr@logica.co.uk).
+
diff --git a/docs/textdocs/Imprints.txt b/docs/textdocs/Imprints.txt
new file mode 100644
index 00000000000..025381166b1
--- /dev/null
+++ b/docs/textdocs/Imprints.txt
@@ -0,0 +1,50 @@
+!==
+!== Imprints.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+==================================================================
+
+
+Imprints (Installation Manager of Printer driver 
+Retreival and Installation for Samba) is a project to 
+implement a UNIX equivalent of the Windows NT APW.    
+It has been taken on in part by the Samba Team, VA Linux 
+Systems and Hewlett-Packard.   The Imprints toolset seeks 
+to provide central repository for users and administrators 
+to locate, download, and install all variations Window 
+95/98/NT printer drivers on Samba print servers.  
+
+The server portion of Imprints is composed of a database 
+server which contains information and locations of various 
+printer driver packages.  This server can be queried over 
+standard HTTP get requests and should therefore be available 
+to most administrators behind firewalls.  The server's 
+database consists of records containing data  about each 
+known printer driver package.  For example, each driver 
+record contains a URL from which the Imprints installation 
+client can download the package as well as a public key which 
+can be used to verify the package's integrity.
+
+Once downloaded, the installation client will attempt to 
+install the printer driver on the defined remote server 
+using the username and password provided by the administrator.  
+If the username/password pair can be authenticated by the 
+remote server (and has the appropriate authorization), then 
+the printer driver(s) is (are) installed and the new Printer 
+is created. 
+
+From Samba's point of view, the process of creating a new 
+printer via the Imprints installation client is identical to 
+that of using the Windows NT APW.  In fact, Imprints utilizes 
+Samba's rpcclient and smbclient tools to issue the same MS-RPC 
+and file copy operations as an NT client.  This means that 
+Imprints can also be used to install printers on remote Windows 
+NT print servers.
+
+For more information on Imprints, visit the project homepage 
+at 
+
+        http://imprints.sourceforge.net/.
+
+
+
+
diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt
new file mode 100644
index 00000000000..c6b35811643
--- /dev/null
+++ b/docs/textdocs/Macintosh_Clients.txt
@@ -0,0 +1,26 @@
+!==
+!== Macintosh_Clients.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+> Are there any Macintosh clients for Samba?
+
+Yes. Thursby now have a CIFS Client / Server called DAVE - see
+http://www.thursby.com/
+
+They test it against Windows 95, Windows NT and samba for
+compatibility issues.  At the time of writing, DAVE was at version
+1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from
+the Thursby web site (the speed of finder copies has been greatly
+enhanced, and there are bug-fixes included).
+
+Alternatives - There are two free implementations of AppleTalk for
+several kinds of UNIX machnes, and several more commercial ones.
+These products allow you to run file services and print services
+natively to Macintosh users, with no additional support required on
+the Macintosh.  The two free omplementations are Netatalk,
+http://www.umich.edu/~rsug/netatalk/, and CAP,
+http://www.cs.mu.oz.au/appletalk/atalk.html.  What Samba offers MS
+Windows users, these packages offer to Macs.  For more info on these
+packages, Samba, and Linux (and other UNIX-based systems) see
+http://www.eats.com/linux_mac_win.html
+
+
diff --git a/docs/docbook/devdoc/NetBIOS.sgml b/docs/textdocs/NetBIOS.txt
index ec9d3af563a..866ec82a727 100644
--- a/docs/docbook/devdoc/NetBIOS.sgml
+++ b/docs/textdocs/NetBIOS.txt
@@ -1,102 +1,83 @@
-<chapter id="netbios">
-<chapterinfo>
-	<author>
-		<firstname>Luke</firstname><surname>Leighton</surname>
-	</author>
-	<pubdate>12 June 1997</pubdate>
-</chapterinfo>
+!==
+!== NetBIOS.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:    lkcl - samba@samba.org
+                Copyright 1997  Luke Kenneth Casson Leighton 
+Date:           March 1997
+Status:         Current
+Updated:        12jun97
+
+Subject:	Definition of NetBIOS Protocol and Name Resolution Modes
+=============================================================================
+
+=======
+NETBIOS
+=======
 
-<title>Definition of NetBIOS Protocol and Name Resolution Modes</title>
-
-<sect1>
-<title>NETBIOS</title>
-
-<para>
 NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX.
 Samba only uses NetBIOS over TCP/IP.  For details on the TCP/IP NetBIOS 
 Session Service NetBIOS Datagram Service, and NetBIOS Names, see
 rfc1001.txt and rfc1002.txt.
-</para>
 
-<para> 
 NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS
 datagrams to be sent out over the 'wire' embedded within LLC frames.
 NetBEUI is not required when using NetBIOS over TCP/IP protocols and it
 is preferable NOT to install NetBEUI if it can be avoided.
-</para>
 
-<para> 
 IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is
 preferable NOT to install the IPX/SPX transport unless you are using Novell
 servers.  At the very least, it is recommended that you do not install
 'NetBIOS over IPX/SPX'.
-</para>
 
-<para>
 [When installing Windows 95, you will find that NetBEUI and IPX/SPX are
 installed as the default protocols.  This is because they are the simplest
 to manage: no Windows 95 user-configuration is required].
-</para>
 
-<para> 
+
 NetBIOS applications (such as samba) offer their services (for example,
 SMB file and print sharing) on a NetBIOS name.  They must claim this name
 on the network before doing so.  The NetBIOS session service will then
 accept connections on the application's behalf (on the NetBIOS name
 claimed by the application).  A NetBIOS session between the application
 and the client can then commence.
-</para>
 
-<para> 
 NetBIOS names consist of 15 characters plus a 'type' character.  This is
 similar, in concept, to an IP address and a TCP port number, respectively.
 A NetBIOS-aware application on a host will offer different services under
 different NetBIOS name types, just as a host will offer different TCP/IP
 services on different port numbers.
-</para>
 
-<para> 
 NetBIOS names must be claimed on a network, and must be defended.  The use
 of NetBIOS names is most suitable on a single subnet; a Local Area Network
 or a Wide Area Network.
-</para>
 
-<para> 
 NetBIOS names are either UNIQUE or GROUP.  Only one application can claim a
 UNIQUE NetBIOS name on a network.
-</para>
 
-<para>
 There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point.
-</para>
 
-</sect1>
 
-<sect1>
-<title>BROADCAST NetBIOS</title>
+=================
+BROADCAST NetBIOS
+=================
 
-<para> 
 Clients can claim names, and therefore offer services on successfully claimed
 names, on their broadcast-isolated subnet.  One way to get NetBIOS services
 (such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
 SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make
 your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
-</para>
 
-<para> 
 This, however, is not recommended.  If you have a large LAN or WAN, you will
 find that some of your hosts spend 95 percent of their time dealing with
 broadcast traffic.  [If you have IPX/SPX on your LAN or WAN, you will find
 that this is already happening: a packet analyzer will show, roughly
 every twelve minutes, great swathes of broadcast traffic!].
-</para>
 
-</sect1>
 
-<sect1>
-<title>NBNS NetBIOS</title>
+============
+NBNS NetBIOS
+============
 
-<para>
 rfc1001.txt describes, amongst other things, the implementation and use
 of, a 'NetBIOS Name Service'.  NT/AS offers 'Windows Internet Name Service'
 which is fully rfc1001/2 compliant, but has had to take specific action
@@ -104,16 +85,17 @@ with certain NetBIOS names in order to make it useful.  (for example, it
 deals with the registration of <1c> <1d> <1e> names all in different ways.
 I recommend the reading of the Microsoft WINS Server Help files for full
 details).
-</para>
 
-<para> 
+Samba also offers WINS server capabilities.  Samba does not interact
+with NT/AS (WINS replication), so if you have a mixed NT server and
+Samba server environment, it is recommended that you use the NT server's
+WINS capabilities, instead of samba's WINS server capabilities.
+
 The use of a WINS server cuts down on broadcast network traffic for
 NetBIOS name resolution.  It has the effect of pulling all the broadcast
 isolated subnets together into a single NetBIOS scope, across your LAN
 or WAN, while avoiding the use of TCP/IP broadcast packets.
-</para>
 
-<para>
 When you have a WINS server on your LAN, WINS clients will be able to
 contact the WINS server to resolve NetBIOS names.  Note that only those
 WINS clients that have registered with the same WINS server will be
@@ -122,16 +104,17 @@ database (usually for security reasons you might want to consider putting
 your domain controllers or other important servers as static entries,
 but you should not rely on this as your sole means of security), but for
 the most part, NetBIOS names are registered dynamically.
-</para>
 
-<para>
+[It is important to mention that samba's browsing capabilities (as a WINS
+client) must have access to a WINS server.  if you are using samba also
+as a WINS server, then it will have a direct short-cut into the WINS
+database.
+
 This provides some confusion for lots of people, and is worth mentioning
 here:  a Browse Server is NOT a WINS Server, even if these services are
 implemented in the same application.  A Browse Server _needs_ a WINS server
 because a Browse Server is a WINS client, which is _not_ the same thing].
-</para>
 
-<para>
 Clients can claim names, and therefore offer services on successfully claimed
 names, on their broadcast-isolated subnet.  One way to get NetBIOS services
 (such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and
@@ -140,15 +123,33 @@ your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139.
 You will find, however, if you do this on a large LAN or a WAN, that your
 network is completely swamped by NetBIOS and browsing packets, which is why
 WINS was developed to minimise the necessity of broadcast traffic.
-</para>
 
-<para> 
 WINS Clients therefore claim names from the WINS server.  If the WINS
 server allows them to register a name, the client's NetBIOS session service
 can then offer services on this name.  Other WINS clients will then
 contact the WINS server to resolve a NetBIOS name.
-</para>
 
-</sect1>
 
-</chapter>
+=======================
+Samba WINS Capabilities
+=======================
+
+To configure samba as a WINS server, you must add "wins support = yes" to
+the [global] section of your smb.conf file.  This will enable WINS server
+capabilities in nmbd.
+
+To configure samba as a WINS client, you must add "wins server = x.x.x.x"
+to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP
+address of your WINS server.  The browsing capabilities in nmbd will then
+register (and resolve) WAN-wide NetBIOS names with this WINS server.
+
+Note that if samba has "wins support = yes", then the browsing capabilities
+will _not_ use the "wins server" option to resolve NetBIOS names: it will
+go directly to the internal WINS database for NetBIOS name resolution.  It
+is therefore invalid to have both "wins support = yes" and
+"wins server = x.x.x.x".  Note, in particular, that if you configure the
+"wins server" parameter to be the ip address of your samba server itself
+(as might one intuitively think), that you will run into difficulties.
+Do not use both parameters!
+
+
diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt
index 1b9cf4213e3..69fec36f08b 100644
--- a/docs/textdocs/PROFILES.txt
+++ b/docs/textdocs/PROFILES.txt
@@ -1,3 +1,6 @@
+!==
+!== PROFILES.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Contributors:	Bruce Cook <BC3-AU@bigfoot.com>
 		Copyright (C) 1998 Bruce Cook
 
diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt
new file mode 100644
index 00000000000..1f5407eec81
--- /dev/null
+++ b/docs/textdocs/Passwords.txt
@@ -0,0 +1,49 @@
+!==
+!== Passwords.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Unknown
+Date:		Updated April 19th 1999.
+Status:		Current
+
+Subject:	NOTE ABOUT PASSWORDS
+=============================================================================
+
+Unix systems use a wide variety of methods for checking the validity
+of a password. This is primarily controlled with the Makefile defines
+mentioned in the Makefile.
+
+Also note that some clients (notably WfWg) uppercase the password
+before sending it. The server tries the password as it receives it and
+also after lowercasing it.
+
+The Samba server can also be configured to try different
+upper/lowercase combinations. This is controlled by the [global]
+parameter "password level". A level of N means to try all combinations
+up to N uppercase characters in the password. A high value can chew a
+fair bit of CPU time and can lower the security of your system. Do not
+use this options unless you really need it - the time taken for
+password checking can become so high that clients time out. 
+
+If you do use the "password level" option then you might like to use
+-DUFC_CRYPT in your Makefile. On some machine this makes password
+checking _much_ faster. This is also useful if you use the @group
+syntax in the user= option.
+
+If your site uses AFS (the Andrew File System), you can use the AFS section
+in the Makefile.  This will first attempt to authenticate a username and
+password to AFS.  If that succeeds, then the associated AFS rights will be
+granted.  Otherwise, the password checking routine falls back to whatever
+Unix password checking method you are using.  Note that the AFS code is
+only written and tested for AFS 3.3 and later.
+
+
+SECURITY = SERVER or DOMAIN
+===========================
+
+Samba can use a remote server to do its username/password
+validation. This allows you to have one central machine (for example a
+NT box) control the passwords for the Unix box.
+
+See the section on "security =" in smb.conf(5) for details.
+
+
diff --git a/docs/docbook/projdoc/Printing.sgml b/docs/textdocs/Printing.txt
index ce9f40e88bf..bdd4cbd59c2 100644
--- a/docs/docbook/projdoc/Printing.sgml
+++ b/docs/textdocs/Printing.txt
@@ -1,80 +1,56 @@
-<chapter id="printingdebug">
-<chapterinfo>
-	<author>
-		<firstname>Patrick</firstname><surname>Powell</surname>
-		<affiliation>
-			<address><email>papowell@lprng.org</email></address>
-		</affiliation>
-	</author>
-	<pubdate>11 August 2000</pubdate>
-</chapterinfo>
-
-<title>Debugging Printing Problems</title>
-
-<sect1>
-<title>Introduction</title>
-
-<para>
+!==
+!== Printing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Unknown <samba@samba.org>
+Revised by:	Patrick Powell <papowell@lprng.org>
+Date:		August 11, 2000
+Status:		Current
+
+Subject:	Dubugging Printing Problems
+=============================================================================
+
 This is a short description of how to debug printing problems with
 Samba. This describes how to debug problems with printing from a SMB
 client to a Samba server, not the other way around. For the reverse
 see the examples/printing directory.
-</para>
 
-<para>
+Please send enhancements to this file to samba@samba.org
+
 Ok, so you want to print to a Samba server from your PC. The first
 thing you need to understand is that Samba does not actually do any
 printing itself, it just acts as a middleman between your PC client
 and your Unix printing subsystem. Samba receives the file from the PC
 then passes the file to a external "print command". What print command
 you use is up to you.
-</para>
 
-<para>
 The whole things is controlled using options in smb.conf. The most
 relevant options (which you should look up in the smb.conf man page)
 are:
-</para>
-
-<para><programlisting>
       [global]
         print command     - send a file to a spooler
         lpq command       - get spool queue status
         lprm command      - remove a job
       [printers]
         path = /var/spool/lpd/samba
-</programlisting></para>
 
-<para>
 The following are nice to know about:
-</para>
 
-<para><programlisting>
         queuepause command   - stop a printer or print queue
         queueresume command  - start a printer or print queue
-</programlisting></para>
 
-<para>
 Example:
-</para>
-
-<para><programlisting>
         print command = /usr/bin/lpr -r -P%p %s
         lpq command   = /usr/bin/lpq    -P%p %s
         lprm command  = /usr/bin/lprm   -P%p %j
         queuepause command = /usr/sbin/lpc -P%p stop
-        queuepause command = /usr/sbin/lpc -P%p start
-</programlisting></para>
+        queueresume command = /usr/sbin/lpc -P%p start
 
-<para>
 Samba should set reasonable defaults for these depending on your
 system type, but it isn't clairvoyant. It is not uncommon that you
 have to tweak these for local conditions.  The commands should
 always have fully specified pathnames,  as the smdb may not have
 the correct PATH values.
-</para>
 
-<para>
 When you send a job to Samba to be printed,  it will make a temporary
 copy of it in the directory specified in the [printers] section.
 and it should be periodically cleaned out.  The lpr -r option
@@ -83,29 +59,20 @@ printing fails then you might find leftover files in this directory,
 and it should be periodically cleaned out.  Samba used the lpq
 command to determine the "job number" assigned to your print job
 by the spooler.
-</para>
 
-<para>
-The %&gt;letter&lt; are "macros" that get dynamically replaced with appropriate
+The %<letter> are "macros" that get dynamically replaced with appropriate
 values when they are used. The %s gets replaced with the name of the spool
 file that Samba creates and the %p gets replaced with the name of the
 printer. The %j gets replaced with the "job number" which comes from
 the lpq output.
-</para>
-
-</sect1>
 
-<sect1>
-<title>Debugging printer problems</title>
+DEBUGGING PRINTER PROBLEMS
 
-<para>
 One way to debug printing problems is to start by replacing these
 command with shell scripts that record the arguments and the contents
 of the print file. A simple example of this kind of things might
 be:
-</para>
 
-<para><programlisting>
 	print command = /tmp/saveprint %p %s
 
     #!/bin/saveprint
@@ -114,15 +81,10 @@ be:
     # we run the command and save the error messages
     # replace the command with the one appropriate for your system
     /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print
-</programlisting></para>
 
-<para>
 Then you print a file and try removing it.  You may find that the
 print queue needs to be stopped in order to see the queue status
 and remove the job:
-</para>
-
-<para><programlisting>
 
 h4: {42} % echo hi >/tmp/hi
 h4: {43} % smbclient //localhost/lw4
@@ -139,9 +101,7 @@ smb: \> cancel 1049
 Job 1049 cancelled
 smb: \> queue
 smb: \> exit
-</programlisting></para>
 
-<para>
 The 'code 0' indicates that the job was removed.  The comment
 by the  smbclient is a bit misleading on this.
 You can observe the command output and then and look at the
@@ -149,250 +109,150 @@ You can observe the command output and then and look at the
 find out if the problem is with your printing system.  Often people
 have problems with their /etc/printcap file or permissions on
 various print queues.
-</para>
-</sect1>
 
-<sect1>
-<title>What printers do I have?</title>
+WHAT PRINTERS DO I HAVE
 
-<para>
 You can use the 'testprns' program to check to see if the printer
 name you are using is recognized by Samba.  For example,  you can
 use:
-</para>
 
-<para><programlisting>
     testprns printer /etc/printcap
-</programlisting></para>
 
-<para>
 Samba can get its printcap information from a file or from a program.
 You can try the following to see the format of the extracted
 information:
-</para>
 
-<para><programlisting>
     testprns -a printer /etc/printcap
 
     testprns -a printer '|/bin/cat printcap'
-</programlisting></para>
-
-</sect1>
 
-<sect1>
-<title>Setting up printcap and print servers</title>
+SETTING UP PRINTCAP AND PRINT SERVERS
 
-<para>
 You may need to set up some printcaps for your Samba system to use.
 It is strongly recommended that you use the facilities provided by
 the print spooler to set up queues and printcap information.
-</para>
 
-<para>
 Samba requires either a printcap or program to deliver printcap
 information.  This printcap information has the format:
-</para>
 
-<para><programlisting>
   name|alias1|alias2...:option=value:...
-</programlisting></para>
 
-<para>
 For almost all printing systems, the printer 'name' must be composed
 only of alphanumeric or underscore '_' characters.  Some systems also
 allow hyphens ('-') as well.  An alias is an alternative name for the
 printer,  and an alias with a space in it is used as a 'comment'
 about the printer.  The printcap format optionally uses a \ at the end of lines
 to extend the printcap to multiple lines.
-</para>
 
-<para>
+
 Here are some examples of printcap files:
-</para>
 
-<para>
-<orderedlist>
-<listitem><para>
 pr              just printer name
-</para></listitem>
-<listitem><para>
 pr|alias        printer name and alias
-</para></listitem>
-<listitem><para>
 pr|My Printer   printer name, alias used as comment
-</para></listitem>
-<listitem><para>
 pr:sh:\        Same as pr:sh:cm= testing
   :cm= \ 
   testing
-</para></listitem>
-<listitem><para>
 pr:sh           Same as pr:sh:cm= testing
   :cm= testing
-</para></listitem>
-</orderedlist>
-</para>
 
-<para>
 Samba reads the printcap information when first started.  If you make
 changes in the printcap information, then you must do the following:
-</para>
-
-<orderedlist>
 
-<listitem><para>
-make sure that the print spooler is aware of these changes.
-The LPRng system uses the 'lpc reread' command to do this.
-</para></listitem>
+a)  make sure that the print spooler is aware of these changes.
+    The LPRng system uses the 'lpc reread' command to do this.
 
-<listitem><para>
-make sure that the spool queues, etc., exist and have the
-correct permissions.  The LPRng system uses the 'checkpc -f'
-command to do this.
-</para></listitem>
+b)  make sure that the spool queues, etc., exist and have the
+    correct permissions.  The LPRng system uses the 'checkpc -f'
+    command to do this.
 
-<listitem><para>
-You now should send a SIGHUP signal to the smbd server to have
-it reread the printcap information.
-</para></listitem>
-</orderedlist>
+c)  You now should send a SIGHUP signal to the smbd server to have
+    it reread the printcap information.
 
-</sect1>
+JOB SENT, NO OUTPUT
 
-<sect1>
-<title>Job sent, no output</title>
-
-<para>
 This is the most frustrating part of printing.  You may have sent the
 job,  verified that the job was forwarded,  set up a wrapper around
 the command to send the file,  but there was no output from the printer.
-</para>
 
-<para>
 First,  check to make sure that the job REALLY is getting to the
 right print queue.  If you are using a BSD or LPRng print spooler,
 you can temporarily stop the printing of jobs.  Jobs can still be
 submitted, but they will not be printed.  Use:
-</para>
 
-<para><programlisting>
   lpc -Pprinter stop
-</programlisting></para>
 
-<para>
 Now submit a print job and then use 'lpq -Pprinter' to see if the
 job is in the print queue.  If it is not in the print queue then
 you will have to find out why it is not being accepted for printing.
-</para>
 
-<para>
 Next, you may want to check to see what the format of the job really
 was.  With the assistance of the system administrator you can view
 the submitted jobs files.  You may be surprised to find that these
 are not in what you would expect to call a printable format.
 You can use the UNIX 'file' utitily to determine what the job
 format actually is:
-</para>
 
-<para><programlisting>
     cd /var/spool/lpd/printer   # spool directory of print jobs
     ls                          # find job files
     file dfA001myhost
-</programlisting></para>
 
-<para>
 You should make sure that your printer supports this format OR that
 your system administrator has installed a 'print filter' that will
 convert the file to a format appropriate for your printer.
-</para>
-
-</sect1>
 
-<sect1>
-<title>Job sent, strange output</title>
+JOB SENT, STRANGE OUTPUT
 
-<para>
 Once you have the job printing, you can then start worrying about
 making it print nicely.
-</para>
 
-<para>
 The most common problem is extra pages of output: banner pages
 OR blank pages at the end.
-</para>
 
-<para>
 If you are getting banner pages,  check and make sure that the
 printcap option or printer option is configured for no banners.
 If you have a printcap,  this is the :sh (suppress header or banner
 page) option.  You should have the following in your printer.
-</para>
 
-<para><programlisting>
    printer: ... :sh
-</programlisting></para>
 
-<para>
 If you have this option and are still getting banner pages,  there
 is a strong chance that your printer is generating them for you
 automatically.  You should make sure that banner printing is disabled
 for the printer.  This usually requires using the printer setup software
 or procedures supplied by the printer manufacturer.
-</para>
 
-<para>
 If you get an extra page of output,  this could be due to problems
 with your job format,  or if you are generating PostScript jobs,
 incorrect setting on your printer driver on the MicroSoft client.
 For example, under Win95 there is a option:
-</para>
 
-<para><programlisting>
   Printers|Printer Name|(Right Click)Properties|Postscript|Advanced|
-</programlisting></para>
 
-<para>
 that allows you to choose if a Ctrl-D is appended to all jobs.
 This is a very bad thing to do, as most spooling systems will
 automatically add a ^D to the end of the job if it is detected as
 PostScript.  The multiple ^D may cause an additional page of output.
-</para>
 
-</sect1>
+RAW POSTSCRIPT PRINTED
 
-<sect1>
-<title>Raw PostScript printed</title>
-
-<para>
 This is a problem that is usually caused by either the print spooling
 system putting information at the start of the print job that makes
 the printer think the job is a text file, or your printer simply
 does not support PostScript.  You may need to enable 'Automatic
 Format Detection' on your printer.
-</para>
-
-</sect1>
 
-<sect1>
-<title>Advanced Printing</title>
+ADVANCED PRINTING
 
-<para>
 Note that you can do some pretty magic things by using your
 imagination with the "print command" option and some shell scripts.
 Doing print accounting is easy by passing the %U option to a print
 command shell script. You could even make the print command detect
 the type of output and its size and send it to an appropriate
 printer.
-</para>
-
-</sect1>
 
-<sect1>
-<title>Real debugging</title>
+DEBUGGING
 
-<para>
 If the above debug tips don't help, then maybe you need to bring in
 the bug guns, system tracing. See Tracing.txt in this directory.
-</para>
-</sect1>
-</chapter>
+-----------------------------------------------------------------------------
diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar
new file mode 100644
index 00000000000..af7250c2a49
--- /dev/null
+++ b/docs/textdocs/README.sambatar
@@ -0,0 +1,23 @@
+Contributor/s:	Martin.Kraemer <Martin.Kraemer@mch.sni.de>
+                and Ricky Poulten (ricky@logcam.co.uk)
+Date:		Unknown - circa 1994
+Status:		Obsoleted - smbtar has been a stable part of Samba
+		since samba-1.9.13
+
+Subject:	Sambatar (now smbtar)
+=============================================================================
+
+This is version 1.4 of my small extension to samba that allows PC shares
+to be backed up directly to a UNIX tape. It only has been tested under
+Solaris 2.3, Linux 1.1.59 and DG/UX 5.4r3.10 with version 1.9.13 of samba.
+
+See the file INSTALL for installation instructions, and
+the man page and NOTES file for some basic usage. Please let me know if you
+have any problems getting it to work under your flavour of Unix.
+
+This is only (yet another) intermediate version of sambatar.
+This version also comes with an extra gift, zen.bas, written in
+microsoft qbasic by a colleague. It is (apparently) based on a 70s
+British sci-fi series known as Blake's 7. If you have any questions
+about this program, or any suggestions (e.g. what about servillan.bas
+?), feel free to mail the author (of zen.bas) greenm@lilhd.logica.com.
diff --git a/docs/textdocs/Recent-FAQs.txt b/docs/textdocs/Recent-FAQs.txt
index feed1278277..6e614abed1a 100644
--- a/docs/textdocs/Recent-FAQs.txt
+++ b/docs/textdocs/Recent-FAQs.txt
@@ -1,3 +1,6 @@
+!==
+!== Recent-FAQs.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Contributor:	Samba-bugs@samba.org
 Date:		July 5, 1998
 Status:		Current
diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt
index fb55f9f9bf0..aea9fd77db7 100644
--- a/docs/textdocs/RoutedNetworks.txt
+++ b/docs/textdocs/RoutedNetworks.txt
@@ -1,3 +1,6 @@
+!==
+!== RoutedNetworks.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 #NOFNR Flag in LMHosts to Communicate Across Routers

 

   Last reviewed: May 5, 1997 

diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt
new file mode 100644
index 00000000000..9d10d6b233e
--- /dev/null
+++ b/docs/textdocs/SCO.txt
@@ -0,0 +1,22 @@
+!==
+!== SCO.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Geza Makay <makayg@math.u-szeged.hu>
+Date:		Unknown
+Status:		Obsolete - Dates to SCO Unix v3.2.4 approx.
+
+Subject:	TCP/IP Bug in SCO Unix
+============================================================================
+
+There is an annoying TCPIP bug in SCO Unix. This causes corruption when
+transferring files with Samba.
+
+Geza Makay (makayg@math.u-szeged.hu) sends this information:
+
+The patch you need is UOD385 Connection Drivers SLS. It is available from
+SCO (ftp.sco.com, directory SLS, files uod385a.Z and uod385a.ltr.Z).
+
+You do not need anything else but the above patch. It installs in seconds,
+and corrected the Excel problem. We also had some other minor problems (not
+only with Samba) that disappeared by installing this patch.
+
diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes
new file mode 100644
index 00000000000..679d776f56c
--- /dev/null
+++ b/docs/textdocs/SMBTAR.notes
@@ -0,0 +1,46 @@
+Contributor:	Unknown
+Date:		1994
+Status:		Mostly Current - refer man page
+
+Subject:	Smbtar
+============================================================================
+
+Intro
+-----
+
+sambatar is just a small extension to the smbclient program distributed with
+samba. A basic front end shell script, smbtar, is provided as an interface
+to the smbclient extensions.
+
+Extensions
+----------
+
+This release adds the following extensions to smbclient,
+
+tar [c|x] filename
+  creates or restores from a tar file. The tar file may be a tape
+or a unix tar file. tar's behaviour is modified with the newer and tarmode
+commands.
+
+tarmode [full|inc|reset|noreset]
+  With no arguments, tarmode prints the current tar mode (by default full,
+noreset). In full mode, every file is backed up during a tar command.
+In incremental, only files with the dos archive bit set are backed up.
+The archive bit is reset if in reset mode, or left untouched if in noreset.
+In reset mode, the share has to be writable, which makes sambatar even
+less secure. An alternative might be to use tarmode inc noreset which
+would implement an "expanding incremental" backup (which some may prefer
+anyway).
+
+setmode <setmode string> filename
+  This is a "freebie" - nothing really to do with sambatar. This 
+is a crude attrib like command (only the other way around). Setmode string
+is a combination of +-rhsa. So for example -rh would reset the read only
+bit on filename.
+
+newer filename
+  This is in fact part of the 1.9.13 samba distribution, but comes
+into its own with sambatar. This causes tar (or get, mget, etc) to
+only copy files newer than the specified file name. Could be used
+against the previous nights (or whatever) log file to implement incremental
+backups.
diff --git a/docs/textdocs/Samba-OpenSSL.txt b/docs/textdocs/Samba-OpenSSL.txt
new file mode 100644
index 00000000000..44a5fee96e2
--- /dev/null
+++ b/docs/textdocs/Samba-OpenSSL.txt
@@ -0,0 +1,408 @@
+!==
+!== SSLeay.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor: Christian Starkjohann <cs@obdev.at>
+Date:        May 29, 1998
+Status:      
+
+Comment: Updated by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+Date:	 July 16, 2001
+
+Subject:     Compiling and using samba with SSL support
+============================================================================
+
+What is SSL and SSLeay/OpenSSL?
+===============================
+SSL (Secure Socket Layer) is a protocol for encrypted and authenticated data
+transport. It is used by secure web servers for shopping malls, telebanking
+and things like that.
+
+SSLeay is a free implementation of the SSL protocol. The successor of it is
+OpenSSL, available from
+
+    http://www.openssl.org/
+
+The current version while these lines are written is 0.9.6b. In some countries
+encryption is plagued by legal problems, even though things have relaxed a
+lot in the last years.
+
+To compile samba with SSL support, you must first compile and install OpenSSL.
+At least version 0.9.5 of OpenSSL is required. Version 0.9.6b is the latest
+version and is strongly recommended.
+OpenSSL consists of a library (which can be linked to other applications like
+samba) and several utility programs needed for key generation, certification
+etc. OpenSSL installs to /usr/local/ssl/ by default.
+
+
+Compiling samba with OpenSSL
+============================
+1. Get and install OpenSSL. The rest of this documentation assumes that you
+   have installed it at the default location, which is /usr/local/ssl/.
+2. Call "configure" with the "--with-ssl" flag. If OpenSSL is not installed in
+   the default directory, you can use the "--with-sslinc" and "--with-ssllib"
+   flags to specify the location.
+3. Compile and install as usual.
+
+
+Configuring SSL in samba
+========================
+Before you configure SSL, you should know the basics of cryptography and how
+SSL relates to all of this. A basic introduction can be found further down in
+this document. The following variables in the "[global]" section of the
+configuration file are used to configure SSL:
+
+ssl                     = yes
+   This variable enables or disables the entire SSL mode. If it is set to
+   "no", the SSL enabled samba behaves exactly like the non-SSL samba. If set
+   to "yes", it depends on the variables "ssl hosts" and "ssl hosts resign"
+   whether an SSL connection will be required.
+ssl hosts               = 
+ssl hosts resign        = 192.168.
+   These two variables define whether samba will go into SSL mode or not. If
+   none of them is defined, samba will allow only SSL connections. If the
+   "ssl hosts" variable lists hosts (by IP-address, IP-address range, net
+   group or name), only these hosts will be forced into SSL mode. If the
+   "ssl hosts resign" variable lists hosts, only these hosts will NOT be
+   forced into SSL mode. The syntax for these two variables is the same as
+   for the "hosts allow" and "hosts deny" pair of variables, only that the
+   subject of the decision is different: It's not the access right but
+   whether SSL is used or not. See the man page of smb.conf (section about
+   "allow hosts") for details. The above example requires SSL connections
+   from all hosts outside the local net (which is 192.168.*.*).
+ssl CA certDir          = /usr/local/ssl/certs
+   This variable defines where to look up the Certification Autorities. The
+   given directory should contain one file for each CA that samba will trust.
+   The file name must be the hash value over the "Distinguished Name" of the
+   CA. How this directory is set up is explained later in this document. All
+   files within the directory that don't fit into this naming scheme are
+   ignored. You don't need this variable if you don't verify client
+   certificates.
+ssl CA certFile         = /usr/local/ssl/certs/trustedCAs.pem
+   This variable is a second way to define the trusted CAs. The certificates
+   of the trusted CAs are collected in one big file and this variable points
+   to the file. You will probably only use one of the two ways to define your
+   CAs. The first choice is preferable if you have many CAs or want to be
+   flexible, the second is perferable if you only have one CA and want to
+   keep things simple (you won't need to create the hashed file names). You
+   don't need this variable if you don't verify client certificates.
+ssl server cert         = /usr/local/ssl/certs/samba.pem
+   This is the file containing the server's certificate. The server _must_
+   have a certificate. The file may also contain the server's private key.
+   See later for how certificates and private keys are created.
+ssl server key          = /usr/local/ssl/private/samba.pem
+   This file contains the private key of the server. If this variable is not
+   defined, the key is looked up in the certificate file (it may be appended
+   to the certificate). The server _must_ have a private key and the
+   certificate _must_ match this private key.
+ssl client cert         = /usr/local/ssl/certs/smbclient.pem
+   The certificate in this file is used by smbclient if it exists. It's needed
+   if the server requires a client certificate.
+ssl client key          = /usr/local/ssl/private/smbclient.pem
+   This is the private key for smbclient. It's only needed if the client
+   should have a certificate.
+ssl require clientcert  = yes
+   If this variable is set to "yes", the server will not tolerate connections
+   from clients that don't have a valid certificate. The directory/file
+   given in "ssl CA certDir" and "ssl CA certFile" will be used to look up
+   the CAs that issued the client's certificate. If the certificate can't be
+   verified positively, the connection will be terminated.
+   If this variable is set to "no", clients don't need certificates. Contrary
+   to web applications you really _should_ require client certificates. In
+   the web environment the client's data is sensitive (credit card numbers)
+   and the server must prove to be trustworthy. In a file server environment
+   the server's data will be sensitive and the clients must prove to be
+   trustworthy.
+ssl require servercert  = yes
+   If this variable is set to "yes", the smbclient will request a certificate
+   from the server. Same as "ssl require clientcert" for the server.
+ssl ciphers             = ???
+   This variable defines the ciphers that should be offered during SSL
+   negotiation. You should not set this variable unless you know what you do.
+ssl version             = ssl2or3
+   This enumeration variable defines the versions of the SSL protocol that
+   will be used. "ssl2or3" allows dynamic negotiation of SSL v2 or v3, "ssl2"
+   results SSL v2, "ssl3" results in SSL v3 and "tls1" results in TLS v1. TLS
+   (Transport Layer Security) is the (proposed?) new standard for SSL. The
+   default value is "ssl2or3".
+ssl compatibility       = no
+   This variable defines whether SSLeay should be configured for bug
+   compatibility with other SSL implementations. This is probably not
+   desirable because currently no clients with SSL implementations other than
+   SSLeay exist.
+ssl entropy file        =
+   Specifies a file from which processes will read "random bytes" on startup.
+   In order to seed the internal pseudo random number generator, entropy
+   must be provided. On system with a /dev/urandom device file, the processes
+   will retrieve its entropy from the kernel. On systems without kernel
+   entropy support, a file can be supplied that will be read on startup
+   and that will be used to seed the PRNG.
+ssl entropy bytes	= 256
+   Number of bytes that will be read from entropy file. If -1 is given, the
+   complete file will be read.
+ssl egd socket		=
+   Location of the communiation socket of an EGD or PRNGD daemon, from which
+   entropy can be retrieved. This option can be used instead of or together
+   with the "ssl entropy file" directive. 255bytes of entropy will be
+   retrieved from the daemon.
+
+
+Running samba with OpenSSL
+==========================
+Samba is started as usual. The daemon will ask for the private key's pass
+phrase before it goes to background if the private key has been encrypted.
+If you start smbd from inetd, this won't work. Therefore you must not encrypt
+your private key if you run smbd from inetd.
+
+Windows clients will try to connect to the SSL enabled samba daemon and they
+will fail. This can fill your log with failed SSL negotiation messages. To
+avoid this, you can either not run nmbd (if all clients use DNS to look up
+the server), which will leave the Windows machine unaware of the server, or
+list all (local) Windows machines in the "ssl hosts resign" variable.
+
+
+About certificates
+==================
+Secure samba servers will not be set up for public use as it is the case with
+secure web servers. Most installations will probably use it for distributed
+offices that use parts of the internet for their intranet, for access to a
+web server that's physically hosted by the provider or simply for teleworking.
+All these applications work with a known group of users that can easily agree
+on a certification authority. The CA can be operated by the company and the
+policy for issuing certificates can be determined by the company. If samba is
+configured to verify client certificates, it (currently) only verifies
+whether a valid certificate exists. It does not verify any of the data within
+the certificate (although it prints some of the data to the log file).
+
+
+Which clients are available that support SSL?
+=============================================
+Currently there are only smbclient which is part of the samba package and
+Sharity. Shariy versions newer than 0.14 in the beta branch and 1.01 in the
+main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client
+implementation for Unix. It is a commercial product, but it is available in
+source code and the demo-mode allows access to the first three layers of the
+mounted directory hierarchy. Licenses for universities and students are free.
+Sharity is available at
+
+    http://www.obdev.at/Products/Sharity.html
+
+
+
+###########################################################################
+Basics about Cryptography and SSL(eay)
+###########################################################################
+
+There are many good introductions to cryptography. I assume that the reader
+is familiar with the words "encryption", "digital signature" and RSA. If you
+don't know these terms, please read the cryptography FAQ part 6 and 7, which
+is posted to the usenet newsgroup sci.crypt. It is also available from
+
+    ftp://rtfm.mit.edu/pub/usenet/news.answers/cryptography-faq
+and
+    http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq
+
+I'll concentrate on the questions specific to SSL and samba here.
+
+
+What is a certificate?
+======================
+A certificate is issued by an issuer, usually a "Certification Authority"
+(CA), who confirms something by issuing the certificate. The subject of this
+confirmation depends on the CA's policy. CAs for secure web servers (used for
+shopping malls etc.) usually only attest that the given public key belongs the
+the given domain name. Company-wide CAs might attest that you are an employee
+of the company, that you have permissions to use a server or whatever.
+
+
+What is an X.509 certificate technically?
+=========================================
+Technically, the certificate is a block of data signed by the certificate
+issuer (the CA). The relevant fields are:
+   - unique identifier (name) of the certificate issuer
+   - time range during that the certificate is valid
+   - unique identifier (name) of the certified subject
+   - public key of the certified subject
+   - the issuer's signature over all of the above
+If this certificate should be verified, the verifier must have a table of the
+names and public keys of trusted CAs. For simplicity, these tables are lists
+of certificates issued by the respective CAs for themselves (self-signed
+certificates).
+
+
+What are the implications of this certificate structure?
+========================================================
+  - Because the certificate contains the subject's public key, the
+    certificate and the private key together are all that's needed to encrypt
+    and decrypt.
+  - To verify certificates, you need the certificates of all CAs you trust.
+  - The simplest form of a dummy-certificate is one that's signed by the
+    subject itself.
+  - A CA is needed. The client can't simply issue local certificates for
+    servers it trusts because the server determines which certificate it
+    presents.
+
+
+
+###########################################################################
+Setting up files and directories for OpenSSL
+###########################################################################
+
+The first thing you should do is to change your PATH environment variable to
+include the bin directory of OpenSSL. E.g.:
+
+    PATH=$PATH:/usr/local/ssl/bin   
+
+If your system's kernel supports a /dev/urandom device, all OpenSSL operations
+will automatically retrieve its entropy from it. If your system does not
+support /dev/urandom, you may install an EGD/PRNGD daemon for entropy
+supply or can generate seed from reading files (that should contain information
+unpredictable/unknown to attackers). Use the "-rand" option to the openssl
+commands to specify the entropy source (if /dev/urandom is not available).
+
+OpenSSL additionally keeps random seed in the $HOME/.rnd file. You can
+initialize this file using:
+    
+    openssl rand -rand /tmp/rfile.txt > $HOME/.rnd
+    rm -f /tmp/rfile.txt	# nobody must know!!
+
+or
+
+    openssl rand -rand /path/to/egd-socket > $HOME/.rnd
+
+How to create a keypair
+=======================
+This is done with 'genrsa' for RSA keys and 'gendsa' for DSA keys. For an RSA
+key with 1024 bits which is written to the file "key.pem" type:
+
+    openssl genrsa -des3 -rand /path/to/source 1024 > key.pem
+
+You will be asked for a pass phrase to protect this key. If you don't want to
+protect your private key with a pass phrase, just omit the parameter "-des3".
+If you want a different key size, replace the parameter "1024". You really
+should use a pass phrase.
+
+If you want to remove the pass phrase from a key use:
+
+    openssl rsa -in key.pem -out newkey.pem
+
+And to add or change a pass phrase:
+
+    openssl rsa -des3 -in key.pem -out newkey.pem
+
+
+How to create a dummy certificate
+=================================
+If you still have your keypair in the file "key.pem", the command
+
+    openssl req -new -x509 -key key.pem -out cert.pem
+
+will write a self-signed dummy certificate to the file "cert.pem". This can
+be used for testing or if only encryption and no certification is needed.
+Please bear in mind that encryption without authentication (certification)
+can never be secure. It's open to (at least) "man-in-the-middle" attacks.
+
+
+How to create a certificate signing request
+===========================================
+You must not simply send your keypair to the CA for signing because it
+contains the private key which _must_ be kept secret. A signing request
+consists of your public key and some additional information you want to have
+bound to that key by the certificate. If you operate a secure web server,
+this additional information will (among other things) contain the URL of
+your server in the field "Common Name". The certificate signing request is
+created from the keypair with the following command (assuming that the key
+pair is still in "key.pem"):
+
+    openssl req -new -key key.pem -out csr.pem
+
+This command will ask you for the information which must be included in the
+certificate and will write the signing request to the file "csr.pem". This
+signing request is all the CA needs for signing, at least technically. Most
+CAs will demand bureaucratic material and money, too.
+
+
+How to set up a Certification Authority (CA)
+============================================
+Being a certification authority requires a database that holds the CA's
+keypair, the CA's certificate, a list of all signed certificates and other
+information. This database is kept in a directory hierarchy below a
+configurable starting point. The starting point must be configured in the
+ssleay.conf file. This file is at /usr/local/ssl/lib/ssleay.conf if you have
+not changed the default installation path.
+
+The first thing you should do is to edit this file according to your needs.
+Let's  assume that you want to hold the CA's database at the directory
+"/usr/local/ssl/CA". Change the variable "dir" in section "CA_default" to
+this path. You may also want to edit the default settings for some variables,
+but the values given should be OK. This path is also contained in the shell
+script CA.sh, which should be at "/usr/local/ssl/bin/CA.sh". Change the path
+in the shell script:
+
+    CATOP=/usr/local/ssl/CA
+    CAKEY=./cakey.pem           # relative to $CATOP/
+    CACERT=./cacert.pem         # relative to $CATOP/private/
+
+Then create the directory "/usr/local/ssl/CA" and make it writable for the
+user that operates the CA. You should also initialize SSLeay as CA user (set
+up the random number generator). Now you should call the shell script CA.sh
+to set up the initial database:
+
+    CA.sh -newca
+
+This command will ask you whether you want to use an existing certificate or
+create one. Just press enter to create a new key pair and certificate. You
+will be asked the usual questions for certificates: the country, state, city,
+"Common Name", etc. Enter the appropriate values for the CA. When CA.sh
+finishes, it has set up a bunch of directories and files. A CA must publish
+it's certificate, which is in the file "/usr/local/ssl/CA/cacert.pem".
+
+
+How to sign a certificate request
+=================================
+After setting up the CA stuff, you can start signing certificate requests.
+Make sure that the SSLeay utilities know where the configuration file is.
+The default is compiled in, if you don't use the default location, add the
+parameter "-config <cfg-file>". Make also sure that the configuration file
+contains the correct path to the CA database. If all this is set up properly,
+you can sign the request in the file "csr.pem" with the command:
+
+    openssl ca -policy policy_anything -days 365 -infiles csr.pem >cert.pem
+
+The resulting certificate (and additional information) will be in "cert.pem".
+If you want the certificate to be valid for a period different from 365 days,
+simply change the "-days" parameter.
+
+
+How to install a new CA certificate
+===================================
+Whereever a certificate must be checked, the CA's certificate must be
+available. Let's take the common case where the client verifies the server's
+certificate. The case where the server verfies the client's certificate works
+the same way. The client receives the server's certificate, which contains
+the "Distinguished Name" of the CA. To verify whether the signature in this
+certificate is OK, it must look up the public key of that CA. Therefore each
+client must hold a database of CAs, indexed by CA name. This database is best
+kept in a directory where each file contains the certificate of one CA and is
+named after the hashvalue (checksum) of the CA's name. This section describes
+how such a database is managed technically. Whether or not to install (and
+thereby trust) a CA is a totally different matter.
+
+The client must know the directory of the CA database. This can be configured.
+There may also be a configuration option to set up a CA database file which
+contains all CA certs in one file. Let's assume that the CA database is kept
+in the directory "/usr/local/ssl/certs". The following example assumes that
+the CA's certificate is in the file "cacert.pem" and the CA is known as
+"myCA". To install the certificate, do the following:
+
+    cp cacert.pem /usr/local/ssl/cers/myCA.pem
+    cd /usr/local/ssl/certs
+    ln -s myCA.pem `openssl x509 -noout -hash < myCA.pem`.0
+
+The last command creates a link from the hashed name to the real file.
+
+From now on all certificates signed by the myCA authority will be accepted by
+clients that use the directory "/usr/local/ssl/certs/" as their CA certificate
+database.
+
+
+
diff --git a/docs/docbook/projdoc/Speed.sgml b/docs/textdocs/Speed.txt
index 17adf104291..325376ac250 100644
--- a/docs/docbook/projdoc/Speed.sgml
+++ b/docs/textdocs/Speed.txt
@@ -1,182 +1,120 @@
-<chapter id="speed">
-
-<chapterinfo>
-	<author>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address><email>samba@samba.org</email></address>
-		</affiliation>
-	</author>
-	<author>
-		<firstname>Paul</firstname><surname>Cochrane</surname>
-		<affiliation>
-			<orgname>Dundee Limb Fitting Centre</orgname>
-			<address><email>paulc@dth.scot.nhs.uk</email></address>
-		</affiliation>
-	</author>
-</chapterinfo>
-
-<title>Samba performance issues</title>
-
-<sect1>
-<title>Comparisons</title>
-
-<para>
+!==
+!== Speed.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+
+Subject:	Samba performance issues
+============================================================================
+
+This file tries to outline the ways to improve the speed of a Samba server.
+
+COMPARISONS
+-----------
+
 The Samba server uses TCP to talk to the client. Thus if you are
 trying to see if it performs well you should really compare it to
 programs that use the same protocol. The most readily available
 programs for file transfer that use TCP are ftp or another TCP based
 SMB server.
-</para>
 
-<para>
 If you want to test against something like a NT or WfWg server then
 you will have to disable all but TCP on either the client or
 server. Otherwise you may well be using a totally different protocol
 (such as Netbeui) and comparisons may not be valid.
-</para>
 
-<para>
 Generally you should find that Samba performs similarly to ftp at raw
 transfer speed. It should perform quite a bit faster than NFS,
 although this very much depends on your system.
-</para>
 
-<para>
 Several people have done comparisons between Samba and Novell, NFS or
 WinNT. In some cases Samba performed the best, in others the worst. I
 suspect the biggest factor is not Samba vs some other system but the
 hardware and drivers used on the various systems. Given similar
 hardware Samba should certainly be competitive in speed with other
 systems.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Oplocks</title>
+OPLOCKS
+-------
 
-<sect2>
-<title>Overview</title>
-
-<para>
 Oplocks are the way that SMB clients get permission from a server to
 locally cache file operations. If a server grants an oplock
 (opportunistic lock) then the client is free to assume that it is the
 only one accessing the file and it will agressively cache file
 data. With some oplock types the client may even cache file open/close
 operations. This can give enormous performance benefits.
-</para>
 
-<para>
 With the release of Samba 1.9.18 we now correctly support opportunistic 
 locks. This is turned on by default, and can be turned off on a share-
 by-share basis by setting the parameter :
-</para>
 
-<para>
-<command>oplocks = False</command>
-</para>
+oplocks = False
 
-<para>
 We recommend that you leave oplocks on however, as current benchmark
 tests with NetBench seem to give approximately a 30% improvement in
 speed with them on. This is on average however, and the actual 
 improvement seen can be orders of magnitude greater, depending on
 what the client redirector is doing.
-</para>
 
-<para>
 Previous to Samba 1.9.18 there was a 'fake oplocks' option. This
 option has been left in the code for backwards compatibility reasons
 but it's use is now deprecated. A short summary of what the old
 code did follows.
-</para>
-
-</sect2>
 
-<sect2>
-<title>Level2 Oplocks</title>
+LEVEL2 OPLOCKS
+--------------
 
-<para>
 With Samba 2.0.5 a new capability - level2 (read only) oplocks is
 supported (although the option is off by default - see the smb.conf
 man page for details). Turning on level2 oplocks (on a share-by-share basis)
 by setting the parameter :
-</para>
 
-<para>
-<command>level2 oplocks = true</command>
-</para>
+level2 oplocks = true 
 
-<para>
 should speed concurrent access to files that are not commonly written
 to, such as application serving shares (ie. shares that contain common
 .EXE files - such as a Microsoft Office share) as it allows clients to
 read-ahread cache copies of these files.
-</para>
 
-</sect2>
+Old 'fake oplocks' option - deprecated.
+---------------------------------------
 
-<sect2>
-<title>Old 'fake oplocks' option - deprecated</title>
-
-<para>
 Samba can also fake oplocks, by granting a oplock whenever a client 
 asks for one. This is controlled using the smb.conf option "fake 
 oplocks". If you set "fake oplocks = yes" then you are telling the 
 client that it may agressively cache the file data for all opens.
-</para>
 
-<para>
 Enabling 'fake oplocks' on all read-only shares or shares that you know
 will only be accessed from one client at a time you will see a big
 performance improvement on many operations. If you enable this option
 on shares where multiple clients may be accessing the files read-write
 at the same time you can get data corruption.
-</para>
-
-</sect2>
-</sect1>
 
-<sect1>
-<title>Socket options</title>
+SOCKET OPTIONS
+--------------
 
-<para>
 There are a number of socket options that can greatly affect the
 performance of a TCP based server like Samba.
-</para>
 
-<para>
 The socket options that Samba uses are settable both on the command
 line with the -O option, or in the smb.conf file.
-</para>
 
-<para>
 The "socket options" section of the smb.conf manual page describes how
 to set these and gives recommendations.
-</para>
 
-<para>
 Getting the socket options right can make a big difference to your
 performance, but getting them wrong can degrade it by just as
 much. The correct settings are very dependent on your local network.
-</para>
 
-<para>
 The socket option TCP_NODELAY is the one that seems to make the
 biggest single difference for most networks. Many people report that
 adding "socket options = TCP_NODELAY" doubles the read performance of
 a Samba drive. The best explanation I have seen for this is that the
 Microsoft TCP/IP stack is slow in sending tcp ACKs.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Read size</title>
+READ SIZE
+---------
 
-<para>
 The option "read size" affects the overlap of disk reads/writes with
 network reads/writes. If the amount of data being transferred in
 several of the SMB commands (currently SMBwrite, SMBwriteX and
@@ -184,27 +122,20 @@ SMBreadbraw) is larger than this value then the server begins writing
 the data before it has received the whole packet from the network, or
 in the case of SMBreadbraw, it begins writing to the network before
 all the data has been read from disk.
-</para>
 
-<para>
 This overlapping works best when the speeds of disk and network access
 are similar, having very little effect when the speed of one is much
 greater than the other.
-</para>
 
-<para>
 The default value is 16384, but very little experimentation has been
 done yet to determine the optimal value, and it is likely that the best
 value will vary greatly between systems anyway. A value over 65536 is
 pointless and will cause you to allocate memory unnecessarily.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Max xmit</title>
+MAX XMIT
+--------
 
-<para>
 At startup the client and server negotiate a "maximum transmit" size,
 which limits the size of nearly all SMB commands. You can set the
 maximum size that Samba will negotiate using the "max xmit = " option
@@ -212,41 +143,29 @@ in smb.conf. Note that this is the maximum size of SMB request that
 Samba will accept, but not the maximum size that the *client* will accept.
 The client maximum receive size is sent to Samba by the client and Samba
 honours this limit.
-</para>
 
-<para>
 It defaults to 65536 bytes (the maximum), but it is possible that some
 clients may perform better with a smaller transmit unit. Trying values
 of less than 2048 is likely to cause severe problems.
-</para>
 
-<para>
 In most cases the default is the best option.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Locking</title>
+LOCKING
+-------
 
-<para>
 By default Samba does not implement strict locking on each read/write
 call (although it did in previous versions). If you enable strict
 locking (using "strict locking = yes") then you may find that you
 suffer a severe performance hit on some systems.
-</para>
 
-<para>
 The performance hit will probably be greater on NFS mounted
 filesystems, but could be quite high even on local disks.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Share modes</title>
+SHARE MODES
+-----------
 
-<para>
 Some people find that opening files is very slow. This is often
 because of the "share modes" code needed to fully implement the dos
 share modes stuff. You can disable this code using "share modes =
@@ -258,295 +177,147 @@ doesn't matter, but for some it may. Most Windows applications
 depend heavily on "share modes" working correctly and it is
 recommended that the Samba share mode support be left at the
 default of "on".
-</para>
 
-<para>
 The share mode code in Samba has been re-written in the 1.9.17
 release following tests with the Ziff-Davis NetBench PC Benchmarking
 tool. It is now believed that Samba 1.9.17 implements share modes
 similarly to Windows NT.
-</para>
 
-<para>
 NOTE: In the most recent versions of Samba there is an option to use
 shared memory via mmap() to implement the share modes. This makes
 things much faster. See the Makefile for how to enable this.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Log level</title>
+LOG LEVEL
+---------
 
-<para>
 If you set the log level (also known as "debug level") higher than 2
 then you may suffer a large drop in performance. This is because the
 server flushes the log file after each operation, which can be very
 expensive. 
-</para>
-</sect1>
 
-<sect1>
-<title>Wide lines</title>
 
-<para>
+WIDE LINKS
+----------
+
 The "wide links" option is now enabled by default, but if you disable
 it (for better security) then you may suffer a performance hit in
 resolving filenames. The performance loss is lessened if you have
 "getwd cache = yes", which is now the default.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Read raw</title>
+READ RAW
+--------
 
-<para>
 The "read raw" operation is designed to be an optimised, low-latency
 file read operation. A server may choose to not support it,
 however. and Samba makes support for "read raw" optional, with it
 being enabled by default.
-</para>
 
-<para>
 In some cases clients don't handle "read raw" very well and actually
 get lower performance using it than they get using the conventional
 read operations. 
-</para>
 
-<para>
 So you might like to try "read raw = no" and see what happens on your
 network. It might lower, raise or not affect your performance. Only
 testing can really tell.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Write raw</title>
+WRITE RAW
+---------
 
-<para>
 The "write raw" operation is designed to be an optimised, low-latency
 file write operation. A server may choose to not support it,
 however. and Samba makes support for "write raw" optional, with it
 being enabled by default.
-</para>
 
-<para>
 Some machines may find "write raw" slower than normal write, in which
 case you may wish to change this option.
-</para>
-
-</sect1>
 
-<sect1>
-<title>Read prediction</title>
+READ PREDICTION
+---------------
 
-<para>
 Samba can do read prediction on some of the SMB commands. Read
 prediction means that Samba reads some extra data on the last file it
 read while waiting for the next SMB command to arrive. It can then
 respond more quickly when the next read request arrives.
-</para>
 
-<para>
 This is disabled by default. You can enable it by using "read
 prediction = yes".
-</para>
 
-<para>
 Note that read prediction is only used on files that were opened read
 only.
-</para>
 
-<para>
 Read prediction should particularly help for those silly clients (such
 as "Write" under NT) which do lots of very small reads on a file.
-</para>
 
-<para>
 Samba will not read ahead more data than the amount specified in the
 "read size" option. It always reads ahead on 1k block boundaries.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Memory mapping</title>
+MEMORY MAPPING
+--------------
 
-<para>
 Samba supports reading files via memory mapping them. One some
 machines this can give a large boost to performance, on others it
 makes not difference at all, and on some it may reduce performance.
-</para>
 
-<para>
 To enable you you have to recompile Samba with the -DUSE_MMAP option
 on the FLAGS line of the Makefile.
-</para>
 
-<para>
 Note that memory mapping is only used on files opened read only, and
 is not used by the "read raw" operation. Thus you may find memory
 mapping is more effective if you disable "read raw" using "read raw =
 no".
-</para>
 
-</sect1>
 
-<sect1>
-<title>Slow Clients</title>
+SLOW CLIENTS
+------------
 
-<para>
 One person has reported that setting the protocol to COREPLUS rather
 than LANMAN2 gave a dramatic speed improvement (from 10k/s to 150k/s).
-</para>
 
-<para>
 I suspect that his PC's (386sx16 based) were asking for more data than
 they could chew. I suspect a similar speed could be had by setting
 "read raw = no" and "max xmit = 2048", instead of changing the
 protocol. Lowering the "read size" might also help.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Slow Logins</title>
+SLOW LOGINS
+-----------
 
-<para>
 Slow logins are almost always due to the password checking time. Using
 the lowest practical "password level" will improve things a lot. You
 could also enable the "UFC crypt" option in the Makefile.
-</para>
 
-</sect1>
+CLIENT TUNING
+-------------
 
-<sect1>
-<title>Client tuning</title>
-
-<para>
 Often a speed problem can be traced to the client. The client (for
 example Windows for Workgroups) can often be tuned for better TCP
 performance.
-</para>
 
-<para>
 See your client docs for details. In particular, I have heard rumours
 that the WfWg options TCPWINDOWSIZE and TCPSEGMENTSIZE can have a
 large impact on performance.
-</para>
 
-<para>
 Also note that some people have found that setting DefaultRcvWindow in
 the [MSTCP] section of the SYSTEM.INI file under WfWg to 3072 gives a
 big improvement. I don't know why.
-</para>
 
-<para>
 My own experience wth DefaultRcvWindow is that I get much better
 performance with a large value (16384 or larger). Other people have
 reported that anything over 3072 slows things down enourmously. One
 person even reported a speed drop of a factor of 30 when he went from
 3072 to 8192. I don't know why.
-</para>
 
-<para>
 It probably depends a lot on your hardware, and the type of unix box
 you have at the other end of the link.
-</para>
-
-<para>
-Paul Cochrane has done some testing on client side tuning and come 
-to the following conclusions:
-</para>
-
-<para>
-Install the W2setup.exe file from www.microsoft.com. This is an 
-update for the winsock stack and utilities which improve performance.
-</para>
-
-<para>
-Configure the win95 TCPIP registry settings to give better 
-perfomance. I use a program called MTUSPEED.exe which I got off the 
-net. There are various other utilities of this type freely available. 
-The setting which give the best performance for me are:
-</para>
-
-<orderedlist>
-<listitem><para>
-MaxMTU                  Remove
-</para></listitem>
-<listitem><para>
-RWIN                    Remove
-</para></listitem>
-<listitem><para>
-MTUAutoDiscover         Disable
-</para></listitem>
-<listitem><para>
-MTUBlackHoleDetect      Disable
-</para></listitem>
-<listitem><para>
-Time To Live            Enabled
-</para></listitem>
-<listitem><para>
-Time To Live - HOPS     32
-</para></listitem>
-<listitem><para>
-NDI Cache Size          0
-</para></listitem>
-</orderedlist>
-
-<para>
-I tried virtually all of the items mentioned in the document and 
-the only one which made a difference to me was the socket options. It 
-turned out I was better off without any!!!!!
-</para>
-
-<para>
-In terms of overall speed of transfer, between various win95 clients 
-and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
-drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.
-</para>
-
-<para>
-FIXME
-The figures are:          Put              Get 
-P166 client 3Com card:    420-440kB/s      500-520kB/s
-P100 client 3Com card:    390-410kB/s      490-510kB/s
-DX4-75 client NE2000:     370-380kB/s      330-350kB/s
-</para>
-
-<para>
-I based these test on transfer two files a 4.5MB text file and a 15MB 
-textfile. The results arn't bad considering the hardware Samba is 
-running on. It's a crap machine!!!!
-</para>
-
-<para>
-The updates mentioned in 1 and 2 brought up the transfer rates from 
-just over 100kB/s in some clients.
-</para>
-
-<para>
-A new client is a P333 connected via a 100MB/s card and hub. The 
-transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
-on get.
-</para>
-
-<para>
-Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
-upwards). I suppose there is more going on in the samba protocol, but 
-if it could get up to the rate of FTP the perfomance would be quite 
-staggering.
-</para>
-
-</sect1>
-
-<sect1>
-<title>My Results</title>
-
-<para>
+
+
+MY RESULTS
+----------
+
 Some people want to see real numbers in a document like this, so here
 they are. I have a 486sx33 client running WfWg 3.11 with the 3.11b
 tcp/ip stack. It has a slow IDE drive and 20Mb of ram. It has a SMC
@@ -555,24 +326,16 @@ set DefaultRcvWindow in the [MSTCP] section of system.ini to 16384. My
 server is a 486dx3-66 running Linux. It also has 20Mb of ram and a SMC
 Elite-16 card. You can see my server config in the examples/tridge/
 subdirectory of the distribution.
-</para>
 
-<para>
 I get 490k/s on reading a 8Mb file with copy.
 I get 441k/s writing the same file to the samba server.
-</para>
 
-<para>
 Of course, there's a lot more to benchmarks than 2 raw throughput
 figures, but it gives you a ballpark figure.
-</para>
 
-<para>
 I've also tested Win95 and WinNT, and found WinNT gave me the best
 speed as a samba client. The fastest client of all (for me) is
 smbclient running on another linux box. Maybe I'll add those results
 here someday ...
-</para>
 
-</sect1>
-</chapter>
+
diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt
new file mode 100644
index 00000000000..cbdce761de5
--- /dev/null
+++ b/docs/textdocs/Speed2.txt
@@ -0,0 +1,60 @@
+!==
+!== Speed2.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Paul Cochrane <paulc@dth.scot.nhs.uk>
+Organization: 	Dundee Limb Fitting Centre
+Date:		Fri, 10 Apr 1998
+Subject: 	Samba SPEED.TXT comment
+=============================================================================
+
+This might be relevant to Client Tuning. I have been trying various methods
+of getting win95 to talk to Samba quicker. The results I have come up with
+are:
+
+1. Install the W2setup.exe file from www.microsoft.com. This is an 
+update for the winsock stack and utilities which improve performance.
+
+2. Configure the win95 TCPIP registry settings to give better 
+perfomance. I use a program called MTUSPEED.exe which I got off the 
+net. There are various other utilities of this type freely available. 
+The setting which give the best performance for me are:
+
+(a) MaxMTU                  Remove
+(b) RWIN                    Remove
+(c) MTUAutoDiscover         Disable
+(d) MTUBlackHoleDetect      Disable
+(e) Time To Live            Enabled
+(f) Time To Live - HOPS     32
+(g) NDI Cache Size          0
+
+3. I tried virtually all of the items mentioned in the document and 
+the only one which made a difference to me was the socket options. It 
+turned out I was better off without any!!!!! 
+
+In terms of overall speed of transfer, between various win95 clients 
+and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE 
+drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT.
+
+The figures are:          Put              Get 
+P166 client 3Com card:    420-440kB/s      500-520kB/s
+P100 client 3Com card:    390-410kB/s      490-510kB/s
+DX4-75 client NE2000:     370-380kB/s      330-350kB/s
+
+I based these test on transfer two files a 4.5MB text file and a 15MB 
+textfile. The results arn't bad considering the hardware Samba is 
+running on. It's a crap machine!!!!
+
+The updates mentioned in 1 and 2 brought up the transfer rates from 
+just over 100kB/s in some clients.
+
+A new client is a P333 connected via a 100MB/s card and hub. The 
+transfer rates from this were good: 450-500kB/s on put and 600+kB/s 
+on get.
+
+Looking at standard FTP throughput, Samba is a bit slower (100kB/s 
+upwards). I suppose there is more going on in the samba protocol, but 
+if it could get up to the rate of FTP the perfomance would be quite 
+staggering.
+
+Paul Cochrane
+
diff --git a/docs/docbook/devdoc/Tracing.sgml b/docs/textdocs/Tracing.txt
index 3a0e4ba1a97..96d863d0742 100644
--- a/docs/docbook/devdoc/Tracing.sgml
+++ b/docs/textdocs/Tracing.txt
@@ -1,129 +1,96 @@
-<chapter id="tracing">
-<chapterinfo>
-	<author>
-		<firstname>Andrew</firstname><surname>Tridgell</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-		</affiliation>
-	</author>
-</chapterinfo>
-
-<title>Tracing samba system calls</title>
-
-<para>
+!==
+!== Tracing.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell <samba@samba.org>
+Date:		Old
+Status:		Questionable
+
+Subject:	How to trace samba system calls for debugging purposes
+=============================================================================
+
 This file describes how to do a system call trace on Samba to work out
 what its doing wrong. This is not for the faint of heart, but if you
 are reading this then you are probably desperate.
-</para>
 
-<para>
 Actually its not as bad as the the above makes it sound, just don't
 expect the output to be very pretty :-)
-</para>
 
-<para>
 Ok, down to business. One of the big advantages of unix systems is
 that they nearly all come with a system trace utility that allows you
 to monitor all system calls that a program is making. This is
 extremely using for debugging and also helps when trying to work out
 why something is slower than you expect. You can use system tracing
 without any special compilation options. 
-</para>
 
-<para>
 The system trace utility is called different things on different
 systems. On Linux systems its called strace. Under SunOS 4 its called
 trace. Under SVR4 style systems (including solaris) its called
 truss. Under many BSD systems its called ktrace. 
-</para>
 
-<para>
 The first thing you should do is read the man page for your native
 system call tracer. In the discussion below I'll assume its called
 strace as strace is the only portable system tracer (its available for
 free for many unix types) and its also got some of the nicest
 features.
-</para>
 
-<para>
-Next, try using strace on some simple commands. For example, <command>strace
-ls</command> or <command>strace echo hello</command>.
-</para>
+Next, try using strace on some simple commands. For example, "strace
+ls" or "strace echo hello".
 
-<para> 
 You'll notice that it produces a LOT of output. It is showing you the
 arguments to every system call that the program makes and the
 result. Very little happens in a program without a system call so you
 get lots of output. You'll also find that it produces a lot of
 "preamble" stuff showing the loading of shared libraries etc. Ignore
 this (unless its going wrong!)
-</para>
 
-<para>
-For example, the only line that really matters in the <command>strace echo
-hello</command> output is:
-</para>
+For example, the only line that really matters in the "strace echo
+hello" output is:
 
-<para><programlisting>
 write(1, "hello\n", 6)                  = 6
-</programlisting></para>
 
-<para>all the rest is just setting up to run the program.</para>
+all the rest is just setting up to run the program.
 
-<para>
-Ok, now you're familiar with strace. To use it on Samba you need to
+Ok, now you're famialiar with strace. To use it on Samba you need to
 strace the running smbd daemon. The way I tend ot use it is to first
 login from my Windows PC to the Samba server, then use smbstatus to
 find which process ID that client is attached to, then as root I do
-<command>strace -p PID</command> to attach to that process. I normally redirect the
+"strace -p PID" to attach to that process. I normally redirect the
 stderr output from this command to a file for later perusal. For
 example, if I'm using a csh style shell:
-</para>
 
-<para><command>strace -f -p 3872 >& strace.out</command></para>
+  strace -f -p 3872 >& strace.out
 
-<para>or with a sh style shell:</para>
+or with a sh style shell:
 
-<para><command>strace -f -p 3872 > strace.out 2>&1</command></para>
+  strace -f -p 3872 > strace.out 2>&1
 
-<para>
 Note the "-f" option. This is only available on some systems, and
 allows you to trace not just the current process, but any children it
 forks. This is great for finding printing problems caused by the
 "print command" being wrong.
-</para>
 
-<para>
 Once you are attached you then can do whatever it is on the client
 that is causing problems and you will capture all the system calls
 that smbd makes. 
-</para>
 
-<para>
-So how do you interpret the results? Generally I search through the
+So how do you interpret the results? Generally I search thorugh the
 output for strings that I know will appear when the problem
 happens. For example, if I am having touble with permissions on a file
 I would search for that files name in the strace output and look at
 the surrounding lines. Another trick is to match up file descriptor
 numbers and "follow" what happens to an open file until it is closed.
-</para>
 
-<para>
 Beyond this you will have to use your initiative. To give you an idea
-of what you are looking for here is a piece of strace output that
-shows that <filename>/dev/null</filename> is not world writeable, which
-causes printing to fail with Samba:
-</para>
+of wehat you are looking for here is a piece of strace output that
+shows that /dev/null is not world writeable, which causes printing to
+fail with Samba:
 
-<para><programlisting>
 [pid 28268] open("/dev/null", O_RDWR)   = -1 EACCES (Permission denied)
 [pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied)
-</programlisting></para>
 
-<para>
-The process is trying to first open <filename>/dev/null</filename> read-write 
-then read-only. Both fail. This means <filename>/dev/null</filename> has 
-incorrect permissions.
-</para>
+the process is trying to first open /dev/null read-write then
+read-only. Both fail. This means /dev/null has incorrect permissions.
+
+Have fun!
 
-</chapter>
+(please send updates/fixes to this file to samba@samba.org)
diff --git a/docs/docbook/devdoc/unix-smb.sgml b/docs/textdocs/UNIX-SMB.txt
index be796988572..5c6d5b8c813 100644
--- a/docs/docbook/devdoc/unix-smb.sgml
+++ b/docs/textdocs/UNIX-SMB.txt
@@ -1,54 +1,40 @@
-<chapter id="unix-smb">
-<chapterinfo>
-	<author>
-		<firstname>Andrew</firstname><surname>Tridgell</surname>
-	</author>
-	<pubdate>April 1995</pubdate>
-</chapterinfo>
-
-<title>NetBIOS in a Unix World</title>
-
-<sect1>
-<title>Introduction</title>
-<para>
+!==
+!== UNIX-SMB.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell <samba@samba.org>
+Date:		April 1995
+
+Subject:	Discussion of NetBIOS in a Unix World
+============================================================================
+
 This is a short document that describes some of the issues that
 confront a SMB implementation on unix, and how Samba copes with
 them. They may help people who are looking at unix<->PC
 interoperability.
-</para>
 
-<para>
 It was written to help out a person who was writing a paper on unix to
 PC connectivity.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Usernames</title>
-<para>
+Usernames
+=========
+
 The SMB protocol has only a loose username concept. Early SMB
 protocols (such as CORE and COREPLUS) have no username concept at
 all. Even in later protocols clients often attempt operations
 (particularly printer operations) without first validating a username
 on the server.
-</para>
 
-<para>
 Unix security is based around username/password pairs. A unix box
 should not allow clients to do any substantive operation without some
 sort of validation. 
-</para>
 
-<para>
 The problem mostly manifests itself when the unix server is in "share
 level" security mode. This is the default mode as the alternative
 "user level" security mode usually forces a client to connect to the
 server as the same user for each connected share, which is
 inconvenient in many sites.
-</para>
 
-<para>
 In "share level" security the client normally gives a username in the
 "session setup" protocol, but does not supply an accompanying
 password. The client then connects to resources using the "tree
@@ -58,35 +44,25 @@ contexts, unaware that they need to go together to give access to the
 server. The username is normally the one the user typed in when they
 "logged onto" the PC (this assumes Windows for Workgroups). The
 password is the one they chose when connecting to the disk or printer.
-</para>
 
-<para>
 The user often chooses a totally different username for their login as
 for the drive connection. Often they also want to access different
 drives as different usernames. The unix server needs some way of
 divining the correct username to combine with each password.
-</para>
 
-<para>
 Samba tries to avoid this problem using several methods. These succeed
 in the vast majority of cases. The methods include username maps, the
 service%user syntax, the saving of session setup usernames for later
 validation and the derivation of the username from the service name
 (either directly or via the user= option).
-</para>
-
-</sect1>
 
-<sect1>
-<title>File Ownership</title>
+File Ownership
+==============
 
-<para>
 The commonly used SMB protocols have no way of saying "you can't do
 that because you don't own the file". They have, in fact, no concept
 of file ownership at all.
-</para>
 
-<para>
 This brings up all sorts of interesting problems. For example, when
 you copy a file to a unix drive, and the file is world writeable but
 owned by another user the file will transfer correctly but will
@@ -96,40 +72,28 @@ world writeable. For security reasons Samba does all file operations
 as the validated user, not root, so the utime() fails. This can stuff
 up shared development diectories as programs like "make" will not get
 file time comparisons right.
-</para>
 
-<para>
 There are several possible solutions to this problem, including
 username mapping, and forcing a specific username for particular
 shares.
-</para>
 
-</sect1>
+Passwords
+=========
 
-<sect1>
-<title>Passwords</title>
-
-<para>
 Many SMB clients uppercase passwords before sending them. I have no
 idea why they do this. Interestingly WfWg uppercases the password only
 if the server is running a protocol greater than COREPLUS, so
 obviously it isn't just the data entry routines that are to blame.
-</para>
 
-<para>
 Unix passwords are case sensitive. So if users use mixed case
 passwords they are in trouble.
-</para>
 
-<para>
 Samba can try to cope with this by either using the "password level"
 option which causes Samba to try the offered password with up to the
 specified number of case changes, or by using the "password server"
 option which allows Samba to do its validation via another machine
 (typically a WinNT server).
-</para>
 
-<para>
 Samba supports the password encryption method used by SMB
 clients. Note that the use of password encryption in Microsoft
 networking leads to password hashes that are "plain text equivalent".
@@ -137,103 +101,77 @@ This means that it is *VERY* important to ensure that the Samba
 smbpasswd file containing these password hashes is only readable
 by the root user. See the documentation ENCRYPTION.txt for more
 details.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Locking</title>
-<para>
+Locking
+=======
+
 The locking calls available under a DOS/Windows environment are much
 richer than those available in unix. This means a unix server (like
 Samba) choosing to use the standard fcntl() based unix locking calls
 to implement SMB locking has to improvise a bit.
-</para>
 
-<para>
 One major problem is that dos locks can be in a 32 bit (unsigned)
 range. Unix locking calls are 32 bits, but are signed, giving only a 31
 bit range. Unfortunately OLE2 clients use the top bit to select a
 locking range used for OLE semaphores.
-</para>
 
-<para>
 To work around this problem Samba compresses the 32 bit range into 31
 bits by appropriate bit shifting. This seems to work but is not
 ideal. In a future version a separate SMB lockd may be added to cope
 with the problem.
-</para>
 
-<para>
 It also doesn't help that many unix lockd daemons are very buggy and
 crash at the slightest provocation. They normally go mostly unused in
 a unix environment because few unix programs use byte range
 locking. The stress of huge numbers of lock requests from dos/windows
 clients can kill the daemon on some systems.
-</para>
 
-<para>
 The second major problem is the "opportunistic locking" requested by
 some clients. If a client requests opportunistic locking then it is
 asking the server to notify it if anyone else tries to do something on
 the same file, at which time the client will say if it is willing to
 give up its lock. Unix has no simple way of implementing
 opportunistic locking, and currently Samba has no support for it.
-</para>
 
-</sect1>
+Deny Modes
+==========
 
-<sect1>
-<title>Deny Modes</title>
-
-<para>
 When a SMB client opens a file it asks for a particular "deny mode" to
 be placed on the file. These modes (DENY_NONE, DENY_READ, DENY_WRITE,
 DENY_ALL, DENY_FCB and DENY_DOS) specify what actions should be
 allowed by anyone else who tries to use the file at the same time. If
 DENY_READ is placed on the file, for example, then any attempt to open
 the file for reading should fail.
-</para>
 
-<para>
 Unix has no equivalent notion. To implement this Samba uses either lock
 files based on the files inode and placed in a separate lock
 directory or a shared memory implementation. The lock file method 
 is clumsy and consumes processing and file resources,
 the shared memory implementation is vastly prefered and is turned on
 by default for those systems that support it.
-</para>
 
-</sect1>
+Trapdoor UIDs
+=============
 
-<sect1>
-<title>Trapdoor UIDs</title>
-<para>
 A SMB session can run with several uids on the one socket. This
 happens when a user connects to two shares with different
 usernames. To cope with this the unix server needs to switch uids
 within the one process. On some unixes (such as SCO) this is not
 possible. This means that on those unixes the client is restricted to
 a single uid.
-</para>
 
-<para>
 Note that you can also get the "trapdoor uid" message for other
 reasons. Please see the FAQ for details.
-</para>
 
-</sect1>
+Port numbers
+============
 
-<sect1>
-<title>Port numbers</title>
-<para>
 There is a convention that clients on sockets use high "unprivilaged"
 port numbers (>1000) and connect to servers on low "privilaged" port
 numbers. This is enforced in Unix as non-root users can't open a
 socket for listening on port numbers less than 1000.
-</para>
 
-<para>
 Most PC based SMB clients (such as WfWg and WinNT) don't follow this
 convention completely. The main culprit is the netbios nameserving on
 udp port 137. Name query requests come from a source port of 137. This
@@ -241,9 +179,7 @@ is a problem when you combine it with the common firewalling technique
 of not allowing incoming packets on low port numbers. This means that
 these clients can't query a netbios nameserver on the other side of a
 low port based firewall.
-</para>
 
-<para>
 The problem is more severe with netbios node status queries. I've
 found that WfWg, Win95 and WinNT3.5 all respond to netbios node status
 queries on port 137 no matter what the source port was in the
@@ -253,20 +189,16 @@ to any of these OSes unless they are running as root. The answer comes
 back, but it goes to port 137 which the unix user can't listen
 on. Interestingly WinNT3.1 got this right - it sends node status
 responses back to the source port in the request.
-</para>
 
-</sect1>
 
-<sect1>
-<title>Protocol Complexity</title>
-<para>
+Protocol Complexity
+===================
+
 There are many "protocol levels" in the SMB protocol. It seems that
 each time new functionality was added to a Microsoft operating system,
 they added the equivalent functions in a new protocol level of the SMB
 protocol to "externalise" the new capabilities.
-</para>
 
-<para>
 This means the protocol is very "rich", offering many ways of doing
 each file operation. This means SMB servers need to be complex and
 large. It also means it is very difficult to make them bug free. It is
@@ -274,9 +206,7 @@ not just Samba that suffers from this problem, other servers such as
 WinNT don't support every variation of every call and it has almost
 certainly been a headache for MS developers to support the myriad of
 SMB calls that are available.
-</para>
 
-<para>
 There are about 65 "top level" operations in the SMB protocol (things
 like SMBread and SMBwrite). Some of these include hundreds of
 sub-functions (SMBtrans has at least 120 sub-functions, like
@@ -286,17 +216,13 @@ that can change the way they work. Many take dozens of possible
 returned. Samba supports all but 2 of the "top level" functions. It
 supports only 8 (so far) of the SMBtrans sub-functions. Even NT
 doesn't support them all.
-</para>
 
-<para>
 Samba currently supports up to the "NT LM 0.12" protocol, which is the
 one preferred by Win95 and WinNT3.5. Luckily this protocol level has a
 "capabilities" field which specifies which super-duper new-fangled
 options the server suports. This helps to make the implementation of
 this protocol level much easier.
-</para>
 
-<para>
 There is also a problem with the SMB specications. SMB is a X/Open
 spec, but the X/Open book is far from ideal, and fails to cover many
 important issues, leaving much to the imagination. Microsoft recently
@@ -305,7 +231,4 @@ published new specifications. These are far superior to the old
 X/Open documents but there are still undocumented calls and features. 
 This specification is actively being worked on by a CIFS developers 
 mailing list hosted by Microsft.
-</para>
-</sect1>
-</chapter>
 
diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt
index 38705f018ac..84f8fad27fd 100644
--- a/docs/textdocs/UNIX_SECURITY.txt
+++ b/docs/textdocs/UNIX_SECURITY.txt
@@ -1,3 +1,6 @@
+!==
+!== UNIX_SECURITY.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
 Contributor:	John H Terpstra <jht@samba.org>
 Date:		July 5, 1998
 Status:		Current
@@ -32,7 +35,7 @@ directory and do an ls, the UNIX security solution is to
 change the UNIX file permissions on the users home directories
 such that the cd and ls would be denied.
 
-Samba tries very hard not to second guess the UNIX administrators
+Samba tries very had not to second guess the UNIX administrators
 security policies, and trusts the UNIX admin to set
 the policies and permissions he or she desires.
 
diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt
new file mode 100644
index 00000000000..911fddf427a
--- /dev/null
+++ b/docs/textdocs/Win95.txt
@@ -0,0 +1,77 @@
+!==
+!== Win95.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Copyright (C) 1997 - Samba-Team
+Contributed Date:	August 20, 1997
+Last Update:		August 20, 1997
+
+Subject:	Windows 95 and Samba Interoperability
+===============================================================================
+
+Password Handling:
+------------------
+Microsoft periodically release updates to all their operating systems. Some of
+these are welcomed while others cause us to change the way we do things. Few
+people like change, particularly if the change is unexpected. The best advice
+always is to read the documentation provided BEFORE applying an update.
+
+One of the recent Win95 updates (VRDRUPD.EXE) disables plain text (also called
+clear text) password authentication. The effects of this updates are desirable
+where MS Windows NT is providing the password authentication service. This
+update is most undesirable where Samba must provide the authentication service
+unless Samba has been specifically configured to use encrypted passwords _AND_
+has been linked with the libdes library.
+
+If the above conditions have not been complied with, and you are using Samba,
+then Windows 95 clients will NOT be able to authenticate to a Samba server.
+
+To re-enable plain text password capabilities AFTER applying this update
+you must create a new value in the Windows 95 registry.
+
+Either foillow the following procedure or just double click on the
+file Win95_PlainPassword.reg for an easier way to do this.
+
+Procedure:
+1)	Launch the Registry Editor as follows:
+	Click on:	/Start/Run
+	Type "regedit" and press enter.
+
+2)	Double click on:	HKEY_LOCAL_MACHINE
+
+3)	Locate the following Key:
+	/HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP
+
+4)	From the menu bar select Edit/New/DWORD Value
+
+5)	Rename the entry from "New Value #1" to:
+		EnablePlainTextPassword
+
+6)	Press Enter, then double click on the new entry.
+	A dialog box will pop up and enable you to set a value.
+	You must set this value to 1.
+
+-------------------------------------------------------------------------------
+
+Windows 95 Updates:
+-------------------
+When using Windows 95 OEM SR2 the following updates are recommended where Samba
+is being used. Please NOTE that the above change will affect you once these
+updates  have been installed.
+
+There are more updates than the ones mentioned here. You are referred to the
+Microsoft Web site for all currently available updates to your specific version
+of Windows 95.
+
+Kernel Update:	KRNLUPD.EXE
+Ping Fix:	PINGUPD.EXE
+RPC Update:	RPCRTUPD.EXE
+TCP/IP Update:	VIPUPD.EXE
+Redirector Update:	VRDRUPD.EXE
+
+Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This
+fix may stop your machine from hanging for an extended period when exiting
+OutLook and you may also notice a significant speedup when accessing network
+neighborhood services.
+
+-------------------------------------------------------------------------------
+The above password information was provided by: Jochen Huppertz <jhu@nrh.de>
diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt
new file mode 100644
index 00000000000..c7d41a4114a
--- /dev/null
+++ b/docs/textdocs/WinNT.txt
@@ -0,0 +1,107 @@
+!==
+!== WinNT.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributors:	Various
+		Password Section - Copyright (C) 1997 - John H Terpstra
+		Printing Section - Copyright (C) 1997 - Matthew Harrell
+		Priting Info     - Copyright (C) 1997 - Frank Varnavas
+Updated:	October 16, 1997
+Status:		Current
+
+Subject:	Samba and Windows NT Password Handling
+=============================================================================
+
+There are some particular issues with Samba and Windows NT.
+
+Passwords:
+==========
+One of the most annoying problems with WinNT is that NT refuses to
+connect to a server that is in user level security mode and that
+doesn't support password encryption unless it first prompts the user
+for a password.
+
+This means even if you have the same password on the NT box and the
+Samba server you will get prompted for a password. Entering the
+correct password will get you connected only if Windows NT can
+communicate with Samba using a compatible mode of password security.
+
+All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate
+plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed
+this default behaviour so it now will only handle encrypted passwords.
+The following registry entry change will re-enable clear text password
+handling:
+
+Run regedt32.exe and locate the hive key entry:
+HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\
+
+Add the following value:
+	EnablePlainTextPassword:REG_DWORD=1
+
+Alternatively, use the NT4_PlainPassword.reg file in this directory (either
+by double clicking on it, or running regedt32.exe and selecting "Import 
+Registry File" from the "Registry" Menu).
+
+The other major ramification of this feature of NT is that it can't
+browse a user level non-encrypted server unless it already has a
+connection open. This is because there is no spot for a password
+prompt in the browser window. It works fine if you already have a
+drive mounted (for example, one auto mounted on startup).
+=====================================================================
+
+Printing:
+=========
+When you mount a printer using the print manager in NT you may find
+the following info from Matthew Harrell <harrell@leech.nrl.navy.mil>
+useful:
+
+------------
+        I noticed in your change-log you noted that some people were
+still unable to use print manager under NT.  If this is the same problem
+that I encountered, it's caused by the length of time it takes NT to
+determine if the printer is ready.
+
+The problem occurs when you double-click on a printer to connect it to
+the NT machine.  Because it's unable to determine if the printer is ready
+in the short span of time it has, it assumes it isn't and gives some
+strange error about not having enough resources (I forget what the error
+is).  A solution to this that seems to work fine for us is to click
+once on the printer, look at the bottom of the window and wait until
+it says it's ready, then click on "OK".
+
+By the way, this problem probably occurs in our group because the
+Samba server doesn't actually have the printers - it queues them to
+remote printers either on other machines or using their own network
+cards.  Because of this "middle layer", it takes an extra amount of
+time for the NT machine to get verification that the printer queue
+actually exists.
+
+I hope this helped in some way...
+
+=====================================================================
+Printing Info:
+--------------
+
+From: Frank Varnavas <varnavas@ny.ubs.com>
+Subject: RE: Samba as a print server
+
+When an NT client attempts to connect  to a printer  on a non-NT print
+server the attempt is failed with an error, something like:
+
+   "You have insufficient access to your computer to perform the
+    operation because a driver needs to be installed"
+
+This is  because  domain users  must  have 'Power User'  status on the
+desktop to connect to printers on a non-NT print server.
+
+This  error  occurs regardless of  whether  the driver  in question is
+already installed or not.  What it really means is  that the server is
+a non-NT  server  and the client does  not  have permission to  create
+printers  locally.   Apparently when a   connection to a  non-NT print
+server is made the printer is defined  locally.  Such an action can be
+performed   by  either a   local    administrator  or  a Power   User.
+Unfortunately there is no way to limit the powers of a Power User, nor
+is there any way to grant the Printer Creation right to another group.
+
+This permission policy is documented in PSS database WINNT, ID Q101874
+
+Frank Varnavas (varnavas@ny.ubs.com)
diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt
new file mode 100644
index 00000000000..91d032b1695
--- /dev/null
+++ b/docs/textdocs/cifsntdomain.txt
@@ -0,0 +1,1501 @@
+!==
+!== cifsntdomain.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+NT Domain Authentication
+------------------------
+
+Authors:	- Luke Kenneth Casson Leighton (lkcl@switchboard.net)
+--------	- Paul Ashton                  (paul@argo.demon.co.uk)
+		- Duncan Stansfield            (duncans@sco.com)
+
+		  Copyright (C) 1997 Luke Kenneth Casson Leighton
+		  Copyright (C) 1997 Paul Ashton
+		  Copyright (C) 1997 Duncan Stansfield
+
+Version:	0.024 (01Nov97)
+--------
+
+Distribution:	Unlimited and encouraged, for the purposes of implementation
+-------------	and comments.  Feedback welcomed by the authors.
+
+Liability:	Absolutely none accepted implicitly or explicitly, direct
+----------	or consequentially, for use, abuse, misuse, lack of use,
+		misunderstandings, mistakes, omissions, mis-information for
+		anything in or not in, related to or not related to, or
+		pertaining to this document, or anything else that a lawyer
+		can think of or not think of.
+
+Warning:	Please bear in mind that an incorrect implementation of this
+--------	protocol can cause NT workstation to fail irrevocably, for
+		which the authors accept no liability (see above).  Please
+		contact your vendor if you have any problems.
+
+Sources:	- Packet Traces from Netmonitor (Service Pack 1 and above)
+--------	- Paul Ashton and Luke Leighton's other "NT Domain" doc.
+		- CIFS documentation - cifs6.txt
+		- CIFS documentation - cifsrap2.txt
+
+Original:	http://mailhost.cb1.com/~lkcl/cifsntdomain.txt.
+---------	(Controlled copy maintained by lkcl@switchboard.net)
+
+Credits:	- Paul Ashton: loads of work with Net Monitor; 
+--------	  understanding the NT authentication system;
+		  reference implementation of the NT domain support on which
+		  this document is originally based.
+		- Duncan Stansfield: low-level analysis of MSRPC Pipes.
+		- Linus Nordberg: producing c-code from Paul's crypto spec.
+		- Windows Sourcer development team
+
+
+Contents:
+---------
+
+   1) Introduction
+
+   2) Structures and notes
+
+      2.1) Notes
+      2.3) Enumerations
+      2.3) Structures
+
+   3) Transact Named Pipe Header/Tail
+
+      3.1) MSRPC Pipes
+      3.2) Header
+      3.3) Tail
+
+   4) NTLSA Transact Named Pipe
+
+      4.1) LSA Open Policy
+      4.2) LSA Query Info Policy
+      4.3) LSA Enumerate Trusted Domains
+      4.4) LSA Open Secret
+      4.5) LSA Close
+      4.6) LSA Lookup SIDS
+      4.7) LSA Lookup Names
+
+   5) NETLOGON rpc Transact Named Pipe
+
+      5.1) LSA Request Challenge
+      5.2) LSA Authenticate 2
+      5.3) LSA Server Password Set
+      5.4) LSA SAM Logon
+      5.5) LSA SAM Logoff
+
+   6) \\MAILSLOT\NET\NTLOGON
+
+      6.1) Query for PDC
+      6.2) SAM Logon
+
+   7) SRVSVC Transact Named Pipe
+
+      7.1) Net Share Enum
+      7.2) Net Server Get Info
+
+
+Appendix:
+---------
+
+   A1) Cryptographic side of NT Domain Authentication
+   
+       A1.1) Definitions
+       A1.2) Protocol
+       A1.3) Comments
+
+   A2) SIDs and RIDs
+
+       A2.1) Well-known SIDs
+
+             A2.1.1) Universal well-known SIDs
+             A2.1.2) NT well-known SIDs
+
+       A2.2) Well-known RIDS
+      
+             A2.2.1) Well-known RID users
+             A2.2.2) Well-known RID groups
+             A2.2.3) Well-known RID aliases
+
+
+
+1) Introduction
+---------------
+
+
+This document contains information to provide an NT workstation with login
+services, without the need for an NT server.
+
+It should be possible to select a domain instead of a workgroup (in the NT
+workstation's TCP/IP settings) and after the obligatory reboot, type in a
+username, password, select a domain and successfully log in.  I would
+appreciate any feedback on your experiences with this process, and any
+comments, corrections and additions to this document.
+
+
+The packets described here can be easily derived from (and are probably
+better understood using) Netmon.exe.  You will need to use the version
+of Netmon that matches your system, in order to correctly decode the
+NETLOGON, lsarpc and srvsvc Transact pipes.  This document is derived from
+NT Service Pack 1 and its corresponding version of Netmon.  It is intended
+that an annotated packet trace be produced, which will likely be more
+instructive than this document.
+
+Also needed, to fully implement NT Domain Login Services, is the 
+document describing the cryptographic part of the NT authentication.
+This document is available from comp.protocols.smb; from the ntsecurity.net
+digest and from the samba digest, amongst other sources.
+
+A copy is available from:
+
+http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708&L=ntbugtraq&O=A&P=2935
+http://mailhost.cb1.com/~lkcl/crypt.html
+
+
+A c-code implementation, provided by Linus Nordberg <linus@incolumitas.se>
+of this protocol is available from:
+
+http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html
+http://mailhost.cb1.com/~lkcl/crypt.txt
+
+
+Also used to provide debugging information is the Check Build version of
+NT workstation, and enabling full debugging in NETLOGON.  This is
+achieved by setting the following REG_SZ registry key to 0x1ffffff:
+
+HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
+
+- Incorrect direct editing of the registry can cause your machine to fail.
+  Then again, so can incorrect implementation of this protocol.
+  See "Liability:" above.
+
+
+Bear in mind that each packet over-the-wire will have its origin in an
+API call.  Therefore, there are likely to be structures, enumerations
+and defines that are usefully documented elsewhere.
+
+
+This document is by no means complete or authoritative.  Missing sections
+include, but are not limited to:
+
+- the meaning (and use by NT) of SIDs and RIDs.
+
+- mappings of RIDs to usernames (and vice-versa).
+
+- what a User ID is and what a Group ID is.
+
+- the exact meaning/definition of various magic constants or enumerations.
+
+- the reply error code and use of that error code when a workstation
+  becomes a member of a domain (to be described later).  Failure to
+  return this error code will make the workstation report that it is
+  already a member of the domain.
+
+- the cryptographic side of the NetrServerPasswordSet command, which would
+  allow the workstation to change its password.  This password is used to
+  generate the long-term session key.  [It is possible to reject this
+  command, and keep the default workstation password].
+   
+
+2) Notes and Structures
+-----------------------
+
+
+2.1) Notes
+----------
+
+- In the SMB Transact pipes, some "Structures", described here, appear to be
+  4-byte aligned with the SMB header, at their start.  Exactly which
+  "Structures" need aligning is not precisely known or documented.
+
+- In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be
+  2-byte aligned with the start of the mailslot, at their start.
+
+- Domain SID is of the format S-revision-version-auth1-auth2...authN.
+  e.g S-1-5-123-456-789-123-456.  the 5 could be a sub-revision.
+
+- any undocumented buffer pointers must be non-zero if the string buffer it
+  refers to contains characters.  exactly what value they should be is unknown.
+  0x0000 0002 seems to do the trick to indicate that the buffer exists.  a
+  NULL buffer pointer indicates that the string buffer is of zero length.
+  If the buffer pointer is NULL, then it is suspected that the structure it
+  refers to is NOT put into (or taken out of) the SMB data stream.  This is
+  empirically derived from, for example, the LSA SAM Logon response packet,
+  where if the buffer pointer is NULL, the user information is not inserted
+  into the data stream.  Exactly what happens with an array of buffer pointers
+  is not known, although an educated guess can be made.
+
+- an array of structures (a container) appears to have a count and a pointer.
+  if the count is zero, the pointer is also zero.  no further data is put
+  into or taken out of the SMB data stream.  if the count is non-zero, then
+  the pointer is also non-zero.  immediately following the pointer is the
+  count again, followed by an array of container sub-structures.  the count
+  appears a third time after the last sub-structure.
+
+  
+2.2) Enumerations
+-----------------
+
+- MSRPC Header type.  command number in the msrpc packet header
+
+    MSRPC_Request:   0x00
+    MSRPC_Response:  0x02
+    MSRPC_Bind:      0x0B
+    MSRPC_BindAck:   0x0C
+
+- MSRPC Packet info.  the meaning of these flags is undocumented
+
+    FirstFrag:     0x01 
+    LastFrag:      0x02 
+    NotaFrag:      0x04  
+    RecRespond:    0x08  
+    NoMultiplex:   0x10  
+    NotForIdemp:   0x20  
+    NotforBcast:   0x40  
+    NoUuid:        0x80 
+
+
+2.3) Structures
+---------------
+
+- sizeof VOID* is 32 bits.
+
+- sizeof char is 8 bits.
+
+- UTIME is 32 bits, indicating time in seconds since 01jan1970.  documented
+  in cifs6.txt (section 3.5 page, page 30).
+
+- NTTIME is 64 bits.  documented in cifs6.txt (section 3.5 page, page 30).
+
+- DOM_SID (domain SID structure) :
+
+        UINT32             num of sub-authorities in domain SID
+        UINT8              SID revision number
+        UINT8              num of sub-authorities in domain SID
+        UINT8[6]           6 bytes for domain SID - Identifier Authority.
+        UINT16[n_subauths] domain SID sub-authorities
+
+  Note: the domain SID is documented elsewhere.
+
+- STR (string) :
+
+        char[]             null-terminated string of ascii characters.
+
+- UNIHDR (unicode string header) :
+
+        UINT16             length of unicode string
+        UINT16             max length of unicode string
+        UINT32             4 - undocumented.
+   
+- UNIHDR2 (unicode string header plus buffer pointer) :
+
+        UNIHDR             unicode string header
+        VOID*              undocumented buffer pointer
+
+- UNISTR (unicode string) :
+
+        UINT16[]           null-terminated string of unicode characters.
+
+- NAME (length-indicated unicode string) :
+
+        UINT32             length of unicode string
+        UINT16[]           null-terminated string of unicode characters.
+
+- UNISTR2 (aligned unicode string) :
+
+        UINT8[]            padding to get unicode string 4-byte aligned
+                           with the start of the SMB header.
+        UINT32             max length of unicode string
+        UINT32             0 - undocumented
+        UINT32             length of unicode string
+        UINT16[]           string of uncode characters.
+
+- OBJ_ATTR (object attributes) :
+
+        UINT32             0x18 - length (in bytes) including the length field.
+        VOID*              0 - root directory (pointer)
+        VOID*              0 - object name (pointer)
+        UINT32             0 - attributes (undocumented)
+        VOID*              0 - security descriptior (pointer)
+        UINT32             0 - security quality of service
+        
+- POL_HND (LSA policy handle) :
+
+    char[20]           policy handle
+
+- DOM_SID2 (domain SID structure, SIDS stored in unicode) :
+
+        UINT32             5 - SID type
+        UINT32             0 - undocumented
+        UNIHDR2            domain SID unicode string header
+        UNISTR             domain SID unicode string
+
+  Note:	there is a conflict between the unicode string header and the
+	unicode string itself as to which to use to indicate string
+	length.  this will need to be resolved.
+
+  Note:	the SID type indicates, for example, an alias; a well-known group etc.
+	this is documented somewhere.
+
+- DOM_RID (domain RID structure) :
+
+        UINT32             5 - well-known SID.  1 - user SID (see ShowACLs)
+        UINT32             5 - undocumented
+        UINT32             domain RID 
+        UINT32             0 - domain index out of above reference domains
+        
+
+- LOG_INFO (server, account, client structure) :
+
+  Note:	logon server name starts with two '\' characters and is upper case.
+
+  Note:	account name is the logon client name from the LSA Request Challenge,
+	with a $ on the end of it, in upper case.
+
+        VOID*       undocumented buffer pointer
+        UNISTR2     logon server unicode string
+        UNISTR2     account name unicode string
+        UINT16      sec_chan - security channel type
+        UNISTR2     logon client machine unicode string
+
+- CLNT_SRV (server, client names structure) :
+
+  Note:	logon server name starts with two '\' characters and is upper case.
+
+        VOID*       undocumented buffer pointer
+        UNISTR2     logon server unicode string
+        VOID*       undocumented buffer pointer
+        UNISTR2     logon client machine unicode string
+
+- CREDS (credentials + time stamp)
+
+        char[8]     credentials
+        UTIME       time stamp
+    
+- CLNT_INFO2 (server, client structure, client credentials) :
+
+  Note: whenever this structure appears in a request, you must take a copy
+	of the client-calculated credentials received, because they will be
+	used in subsequent credential checks.  the presumed intention is to
+	maintain an authenticated request/response trail.
+        
+        CLNT_SRV     client and server names
+        UINT8[]      ???? padding, for 4-byte alignment with SMB header.
+        VOID*        pointer to client credentials.
+        CREDS        client-calculated credentials + client time
+
+- CLNT_INFO (server, account, client structure, client credentials) :
+
+  Note: whenever this structure appears in a request, you must take a copy
+	of the client-calculated credentials received, because they will be
+	used in subsequent credential checks.  the presumed intention is to
+	maintain an authenticated request/response trail.
+        
+        LOG_INFO    logon account info
+        CREDS       client-calculated credentials + client time
+
+- ID_INFO_1 (id info structure, auth level 1) :
+
+    VOID*         ptr_id_info_1
+    UNIHDR        domain name unicode header
+    UINT32        param control
+    UINT64        logon ID
+    UNIHDR        user name unicode header
+    UNIHDR        workgroup name unicode header
+    char[16]      arc4 LM OWF Password
+    char[16]      arc4 NT OWF Password
+    UNISTR2       domain name unicode string
+    UNISTR2       user name unicode string
+    UNISTR2       workstation name unicode string
+
+- SAM_INFO (sam logon/logoff id info structure) :
+
+  Note: presumably, the return credentials is supposedly for the server to
+        verify that the credential chain hasn't been compromised.
+
+        CLNT_INFO2  client identification/authentication info
+        VOID*       pointer to return credentials.
+        CRED        return credentials - ignored.
+        UINT16      logon level
+        UINT16      switch value
+
+        switch (switch_value)
+        case 1:
+        {
+            ID_INFO_1     id_info_1;
+        }
+
+- GID (group id info) :
+
+        UINT32      group id
+        UINT32      user attributes (only used by NT 3.1 and 3.51)
+
+- DOM_REF (domain reference info) :
+
+        VOID*                    undocumented buffer pointer.
+        UINT32                   num referenced domains?
+        VOID*                    undocumented domain name buffer pointer.
+        UINT32                   32 - max number of entries
+        UINT32                   4 - num referenced domains?
+
+        UNIHDR2                  domain name unicode string header
+        UNIHDR2[num_ref_doms-1]  referenced domain unicode string headers
+
+        UNISTR                   domain name unicode string
+        DOM_SID[num_ref_doms]    referenced domain SIDs
+
+- DOM_INFO (domain info, levels 3 and 5 are the same)) :
+
+        UINT8[]     ??? padding to get 4-byte alignment with start of SMB header
+        UINT16      domain name string length * 2
+        UINT16      domain name string length * 2
+        VOID*       undocumented domain name string buffer pointer
+        VOID*       undocumented domain SID string buffer pointer
+        UNISTR2     domain name (unicode string)
+        DOM_SID     domain SID
+
+- USER_INFO (user logon info) :
+
+    Note: it would be nice to know what the 16 byte user session key is for.
+
+        NTTIME            logon time
+        NTTIME            logoff time
+        NTTIME            kickoff time
+        NTTIME            password last set time
+        NTTIME            password can change time
+        NTTIME            password must change time
+
+        UNIHDR            username unicode string header
+        UNIHDR            user's full name unicode string header
+        UNIHDR            logon script unicode string header
+        UNIHDR            profile path unicode string header
+        UNIHDR            home directory unicode string header
+        UNIHDR            home directory drive unicode string header
+
+        UINT16            logon count
+        UINT16            bad password count
+
+        UINT32            User ID
+        UINT32            Group ID
+        UINT32            num groups
+        VOID*             undocumented buffer pointer to groups.
+
+        UINT32            user flags
+        char[16]          user session key
+
+        UNIHDR            logon server unicode string header
+        UNIHDR            logon domain unicode string header
+        VOID*             undocumented logon domain id pointer
+        char[40]          40 undocumented padding bytes.  future expansion?
+
+        UINT32            0 - num_other_sids?
+        VOID*             NULL - undocumented pointer to other domain SIDs.
+        
+        UNISTR2           username unicode string
+        UNISTR2           user's full name unicode string
+        UNISTR2           logon script unicode string
+        UNISTR2           profile path unicode string
+        UNISTR2           home directory unicode string
+        UNISTR2           home directory drive unicode string
+
+        UINT32            num groups
+        GID[num_groups]   group info
+
+        UNISTR2           logon server unicode string
+        UNISTR2           logon domain unicode string
+
+        DOM_SID           domain SID
+        DOM_SID[num_sids] other domain SIDs?
+
+- SH_INFO_1_PTR (pointers to level 1 share info strings):
+
+Note:	see cifsrap2.txt section5, page 10.
+
+	0 for shi1_type indicates a  Disk.
+	1 for shi1_type indicates a  Print Queue.
+	2 for shi1_type indicates a  Device.
+	3 for shi1_type indicates an IPC pipe.
+	0x8000 0000 (top bit set in shi1_type) indicates a hidden share.
+
+        VOID*        shi1_netname - pointer to net name
+        UINT32       shi1_type    - type of share.  0 - undocumented.
+        VOID*        shi1_remark  - pointer to comment.
+
+- SH_INFO_1_STR (level 1 share info strings) :
+
+        UNISTR2      shi1_netname - unicode string of net name
+        UNISTR2      shi1_remark  - unicode string of comment.
+
+- SHARE_INFO_1_CTR :
+
+    share container with 0 entries:
+
+        UINT32        0 - EntriesRead
+        UINT32        0 - Buffer
+
+    share container with > 0 entries:
+
+        UINT32                      EntriesRead
+        UINT32                      non-zero - Buffer
+        UINT32                      EntriesRead
+
+        SH_INFO_1_PTR[EntriesRead]  share entry pointers
+        SH_INFO_1_STR[EntriesRead]  share entry strings
+
+        UINT8[]                     padding to get unicode string 4-byte
+                                    aligned with start of the SMB header.
+        UINT32                      EntriesRead
+    	UINT32                      0 - padding
+
+- SERVER_INFO_101 :
+
+Note:	see cifs6.txt section 6.4 - the fields described therein will be
+	of assistance here.  for example, the type listed below is the
+	same as fServerType, which is described in 6.4.1.
+
+	SV_TYPE_WORKSTATION        0x00000001  All workstations
+	SV_TYPE_SERVER             0x00000002  All servers
+	SV_TYPE_SQLSERVER          0x00000004  Any server running with SQL
+	                                       server
+	SV_TYPE_DOMAIN_CTRL        0x00000008  Primary domain controller
+	SV_TYPE_DOMAIN_BAKCTRL     0x00000010  Backup domain controller
+	SV_TYPE_TIME_SOURCE        0x00000020  Server running the timesource
+					       service
+	SV_TYPE_AFP                0x00000040  Apple File Protocol servers
+	SV_TYPE_NOVELL             0x00000080  Novell servers
+	SV_TYPE_DOMAIN_MEMBER      0x00000100  Domain Member
+	SV_TYPE_PRINTQ_SERVER      0x00000200  Server sharing print queue
+	SV_TYPE_DIALIN_SERVER      0x00000400  Server running dialin service.
+	SV_TYPE_XENIX_SERVER       0x00000800  Xenix server
+	SV_TYPE_NT                 0x00001000  NT server
+	SV_TYPE_WFW                0x00002000  Server running Windows for
+
+	SV_TYPE_SERVER_NT          0x00008000  Windows NT non DC server
+	SV_TYPE_POTENTIAL_BROWSER  0x00010000  Server that can run the browser
+	                                       service
+	SV_TYPE_BACKUP_BROWSER     0x00020000  Backup browser server
+	SV_TYPE_MASTER_BROWSER     0x00040000  Master browser server
+	SV_TYPE_DOMAIN_MASTER      0x00080000  Domain Master Browser server
+	SV_TYPE_LOCAL_LIST_ONLY    0x40000000  Enumerate only entries marked
+	                                       "local"
+	SV_TYPE_DOMAIN_ENUM        0x80000000  Enumerate Domains. The pszServer
+	                                       and pszDomain parameters must be
+	                                       NULL.
+
+        UINT32        500 - platform_id
+        VOID*         pointer to name
+        UINT32        5 - major version
+        UINT32        4 - minor version
+        UINT32        type (SV_TYPE_... bit field)
+        VOID*         pointer to comment
+
+        UNISTR2       sv101_name - unicode string of server name
+        UNISTR2       sv_101_comment  - unicode string of server comment.
+
+        UINT8[]       padding to get unicode string 4-byte
+                      aligned with start of the SMB header.
+
+
+
+3) MSRPC over Transact Named Pipe
+---------------------------------
+
+For details on the SMB Transact Named Pipe, see cifs6.txt
+
+
+3.1) MSRPC Pipes
+----------------
+
+The MSRPC is conducted over an SMB Transact Pipe with a name of "\PIPE\".
+You must first obtain a 16 bit file handle, by sending a SMBopenX with the
+pipe name "\PIPE\srvsvc" for example.  You can then perform an SMB Trans,
+and must carry out an SMBclose on the file handle once you are finished.
+
+Trans Requests must be sent with two setup UINT16s, no UINT16 params (none
+known about), and UINT8 data parameters sufficient to contain the MSRPC
+header, and MSRPC data.  The first UINT16 setup parameter must be either
+0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle
+state.  The second UINT16 parameter must be the file handle for the pipe,
+obtained above.
+
+The Data section for an API Command of 0x0026 (RPC pipe) in the Trans
+Request is the RPC Header, followed by the RPC Data.  The Data section for
+an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes.  The
+only value seen for these two bytes is 0x00 0x43.
+
+
+MSRPC Responses are sent as response data inside standard SMB Trans
+responses, with the MSRPC Header, MSRPC Data and MSRPC tail.
+
+
+It is suspected that the Trans Requests will need to be at least 2-byte
+aligned (probably 4-byte).  This is standard practice for SMBs.  It is also
+independent of the observed 4-byte alignments with the start of the MSRPC
+header, including the 4-byte alignment between the MSRPC header and the
+MSRPC data.
+
+
+First, an SMBtconX connection is made to the IPC$ share.  The connection
+must be made using encrypted passwords, not clear-text.  Then, an SMBopenX
+is made on the pipe.  Then, a Set Named Pipe Handle State must be sent,
+after which the pipe is ready to accept API commands.  Lastly, and SMBclose
+is sent.
+
+
+To be resolved:
+
+    lkcl/01nov97 there appear to be two additional bytes after the null-
+    terminated \PIPE\ name for the RPC pipe.  Values seen so far are
+    listed below:
+
+        initial SMBopenX request:         RPC API command 0x26 params:
+
+        "\\PIPE\\lsarpc"                  0x65 0x63; 0x72 0x70; 0x44 0x65;
+        "\\PIPE\\srvsvc"                  0x73 0x76; 0x4E 0x00; 0x5C 0x43;
+
+
+3.2) Header
+-----------
+
+[section to be rewritten, following receipt of work by Duncan Stansfield]
+
+
+Interesting note: if you set packed data representation to 0x0100 0000
+then all 4-byte and 2-byte word ordering is turned around!
+
+The start of each of the NTLSA and NETLOGON named pipes begins with:
+
+00  UINT8         5 - RPC major version
+01  UINT8         0 - RPC minor version
+02  UINT8         2 - RPC response packet
+03  UINT8         3 - (FirstFrag bit-wise or with LastFrag)
+04  UINT32        0x1000 0000 - packed data representation
+08  UINT16        fragment length - data size (bytes) inc header and tail.
+0A  UINT16        0 - authentication length 
+0C  UINT32        call identifier.  matches 12th UINT32 of incoming RPC data.
+10  UINT32        allocation hint - data size (bytes) minus header and tail.
+14  UINT16        0 - presentation context identifier
+16  UINT8         0 - cancel count
+17  UINT8         in replies: 0 - reserved; in requests: opnum - see #defines.
+18  ......        start of data (goes on for allocation_hint bytes)
+
+
+RPC_Packet for request, response, bind and bind acknowledgement.
+{
+  
+  UINT8 versionmaj        # reply same as request (0x05)
+  UINT8 versionmin        # reply same as request (0x00)
+  UINT8 type              # one of the MSRPC_Type enums
+  UINT8 flags             # reply same as request (0x00 for Bind, 0x03 for Request)
+  UINT32 representation   # reply same as request (0x00000010)
+  UINT16 fraglength       # the length of the data section of the SMB trans packet
+  UINT16 authlength       
+  UINT32 callid           # call identifier. (e.g. 0x00149594)
+
+  * stub USE TvPacket     # the remainder of the packet depending on the "type"
+}
+
+
+# the interfaces are numbered. as yet I haven't seen more than one interface
+# used on the same pipe name
+# srvsvc
+#   abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003)
+#   transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002)
+RPC_Iface RW
+{
+  UINT8 byte[16]    # 16 bytes of number
+  UINT32 version    # the interface number
+}
+
+
+# the remainder of the packet after the header if "type" was Bind
+# in the response header, "type" should be BindAck
+RPC_ReqBind RW
+{
+  UINT16 maxtsize       # maximum transmission fragment size (0x1630)
+  UINT16 maxrsize       # max receive fragment size (0x1630)
+  UINT32 assocgid       # associated group id (0x0)
+  UINT32 numelements    # the number of elements (0x1)
+  UINT16 contextid      # presentation context identifier (0x0)
+  UINT8 numsyntaxes     # the number of syntaxes (has always been 1?)(0x1)
+  UINT8[]               # 4-byte alignment padding, against SMB header
+
+  * abstractint USE RPC_Iface # num and vers. of interface client is using
+  * transferint USE RPC_Iface # num and vers. of interface to use for replies
+}
+
+
+RPC_Address RW
+{
+  UINT16 length        # length of the string including null terminator
+  * port USE string    # the string above in single byte, null terminated form
+}
+
+
+# the response to place after the header in the reply packet
+RPC_ResBind RW
+{
+  UINT16 maxtsize                   # same as request
+  UINT16 maxrsize                   # same as request
+  UINT32 assocgid                   # zero
+
+  * secondaddr USE RPC_Address     # the address string, as described earlier
+
+  UINT8[]                           # 4-byte alignment padding, against SMB header
+
+  UINT8 numresults                  # the number of results (0x01)
+
+  UINT8[]                           # 4-byte alignment padding, against SMB header
+  UINT16 result                     # result (0x00 = accept)
+  UINT16 reason                     # reason (0x00 = no reason specified)
+
+  * transfersyntax USE RPC_Iface   # the transfer syntax from the request
+}
+
+
+# the remainder of the packet after the header for every other other
+# request
+RPC_ReqNorm RW
+{
+  UINT32 allochint         # the size of the stub data in bytes
+  UINT16 prescontext       # presentation context identifier (0x0)
+  UINT16 opnum             # operation number (0x15)
+
+  * stub USE TvPacket      # a packet dependent on the pipe name
+                           # (probably the interface) and the op number)
+}
+
+
+# response to a request
+RPC_ResNorm RW
+{
+  UINT32 allochint         # size of the stub data in bytes
+  UINT16 prescontext       # presentation context identifier (same as request)
+  UINT8 cancelcount        # cancel count? (0x0)
+  UINT8 reserved           # 0 - one byte padding
+
+  * stub USE TvPacket      # the remainder of the reply
+}
+
+
+3.3) Tail
+---------
+
+The end of each of the NTLSA and NETLOGON named pipes ends with:
+
+    ......        end of data
+    UINT32        return code
+
+
+
+3.4 RPC Bind / Bind Ack
+-----------------------
+
+RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc)
+with a "transfer syntax" (see RPC_Iface structure).  The purpose for doing
+this is unknown.
+
+Note:	The RPC_ResBind SMB Transact request is sent with two uint16 setup
+	parameters.  The first is 0x0026; the second is the file handle
+	returned by the SMBopenX Transact response.
+
+Note:	The RPC_ResBind members maxtsize, maxrsize and assocgid are the
+	same in the response as the same members in the RPC_ReqBind.  The
+	RPC_ResBind member transfersyntax is the same in the response as
+	the
+
+Note:	The RPC_ResBind response member secondaddr contains the name
+	of what is presumed to be the service behind the RPC pipe.  The
+	mapping identified so far is:
+
+		initial SMBopenX request:          RPC_ResBind response:
+
+		"\\PIPE\\srvsvc"                   "\\PIPE\\ntsvcs"
+		"\\PIPE\\samr"                     "\\PIPE\\lsass"
+		"\\PIPE\\lsarpc"                   "\\PIPE\\lsass"
+		"\\PIPE\\wkssvc"                   "\\PIPE\\wksvcs"
+		"\\PIPE\\NETLOGON"                 "\\PIPE\\NETLOGON"
+
+Note:	The RPC_Packet fraglength member in both the Bind Request and Bind
+	Acknowledgment must contain the length of the entire RPC data,
+	including the RPC_Packet header.  
+
+Request:
+
+    RPC_Packet
+    RPC_ReqBind
+
+Response:
+
+    RPC_Packet
+    RPC_ResBind
+
+
+
+4) NTLSA Transact Named Pipe
+----------------------------
+        
+The sequence of actions taken on this pipe are:
+
+- Establish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.
+- Open an RPC Pipe with the name "\\PIPE\\lsarpc".  Store the file handle.
+- Using the file handle, send a Set Named Pipe Handle state to 0x4300.
+- Send an LSA Open Policy request.  Store the Policy Handle.
+- Using the Policy Handle, send LSA Query Info Policy requests, etc.
+- Using the Policy Handle, send an LSA Close.
+- Close the IPC$ share.
+
+
+Defines for this pipe, identifying the query are:
+
+- LSA Open Policy:               0x2c
+- LSA Query Info Policy:         0x07
+- LSA Enumerate Trusted Domains: 0x0d
+- LSA Open Secret:               0xff
+- LSA Lookup SIDs:               0xfe
+- LSA Lookup Names:              0xfd
+- LSA Close:                     0x00
+
+
+4.1) LSA Open Policy
+--------------------
+
+Note:	The policy handle can be anything you like.
+
+Request:
+
+	VOID*     buffer pointer
+    UNISTR2   server name - unicode string starting with two '\'s
+    OBJ_ATTR  object attributes
+    UINT32    1 - desired access
+
+Response:
+
+    POL_HND   LSA policy handle
+
+    return    0 - indicates success
+
+
+4.2) LSA Query Info Policy
+--------------------------
+
+Note:	The info class in response must be the same as that in the request.
+
+Request:
+
+    POL_HND   LSA policy handle
+    UINT16    info class (also a policy handle?)
+
+Response:
+
+    VOID*     undocumented buffer pointer
+    UINT16    info class (same as info class in request).
+    
+    switch (info class)
+    case 3:
+    case 5:
+    {
+        DOM_INFO domain info, levels 3 and 5 (are the same).
+    }
+
+    return    0 - indicates success
+
+
+4.3) LSA Enumerate Trusted Domains
+----------------------------------
+
+Request:
+
+    no extra data
+
+Response:
+
+    UINT32     0 - enumeration context
+    UINT32     0 - entries read
+    UINT32     0 - trust information
+
+    return     0x8000 001a - "no trusted domains" success code
+
+
+4.4) LSA Open Secret
+--------------------
+
+Request:
+
+    no extra data
+
+Response:
+
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+    UINT32    0 - undocumented
+
+    return    0x0C00 0034 - "no such secret" success code
+
+
+4.5) LSA Close
+--------------
+
+Request:
+
+    POL_HND   policy handle to be closed
+
+Response:
+
+    POL_HND   0s - closed policy handle (all zeros)
+
+    return    0 - indicates success
+
+
+4.6) LSA Lookup SIDS
+--------------------
+
+Note:	num_entries in response must be same as num_entries in request.
+
+Request:
+
+    POL_HND            LSA policy handle
+    UINT32             num_entries
+    VOID*              undocumented domain SID buffer pointer
+    VOID*              undocumented domain name buffer pointer
+    VOID*[num_entries] undocumented domain SID pointers to be looked up.
+    DOM_SID[num_entries] domain SIDs to be looked up.
+    char[16]           completely undocumented 16 bytes.
+
+Response:
+
+    DOM_REF               domain reference response
+
+    UINT32                num_entries (listed above)
+    VOID*                 undocumented buffer pointer
+
+    UINT32                num_entries (listed above)
+    DOM_SID2[num_entries] domain SIDs (from Request, listed above).
+
+    UINT32                num_entries (listed above)
+
+    return                0 - indicates success
+
+
+4.7) LSA Lookup Names
+---------------------
+
+Note:	num_entries in response must be same as num_entries in request.
+
+Request:
+
+    POL_HND            LSA policy handle
+    UINT32             num_entries
+    UINT32             num_entries
+    VOID*              undocumented domain SID buffer pointer
+    VOID*              undocumented domain name buffer pointer
+    NAME[num_entries]  names to be looked up.
+    char[]             undocumented bytes - falsely translated SID structure?
+
+Response:
+
+    DOM_REF               domain reference response
+
+    UINT32                num_entries (listed above)
+    VOID*                 undocumented buffer pointer
+
+    UINT32                num_entries (listed above)
+    DOM_RID[num_entries]  domain SIDs (from Request, listed above).
+
+    UINT32                num_entries (listed above)
+
+    return                0 - indicates success
+
+
+
+5) NETLOGON rpc Transact Named Pipe
+-----------------------------------
+
+The sequence of actions taken on this pipe are:
+
+- Establish a connection to the IPC$ share (SMBtconX).  use encrypted passwords.
+- Open an RPC Pipe with the name "\\PIPE\\NETLOGON".  Store the file handle.
+- Using the file handle, send a Set Named Pipe Handle state to 0x4300.
+- Create Client Challenge. Send LSA Request Challenge.  Store Server Challenge.
+- Calculate Session Key.  Send an LSA Auth 2 Challenge.  Store Auth2 Challenge.
+- Calc/Verify Client Creds.  Send LSA Srv PW Set.  Calc/Verify Server Creds.
+- Calc/Verify Client Creds.  Send LSA SAM Logon .  Calc/Verify Server Creds.
+- Calc/Verify Client Creds.  Send LSA SAM Logoff.  Calc/Verify Server Creds.
+- Close the IPC$ share.
+
+
+Defines for this pipe, identifying the query are:
+
+- LSA Request Challenge:         0x04
+- LSA Server Password Set:       0x06
+- LSA SAM Logon:                 0x02
+- LSA SAM Logoff:                0x03
+- LSA Auth 2:                    0x0f
+- LSA Logon Control:             0x0e
+
+
+5.1) LSA Request Challenge
+--------------------------
+
+Note:	logon server name starts with two '\' characters and is upper case.
+
+Note:	logon client is the machine, not the user.
+
+Note:	the initial LanManager password hash, against which the challenge
+	is issued, is the machine name itself (lower case).  there will be
+	calls issued (LSA Server Password Set) which will change this, later.
+	refusing these calls allows you to always deal with the same password
+	(i.e the LM# of the machine name in lower case).
+
+Request:
+
+    VOID*       undocumented buffer pointer
+    UNISTR2     logon server unicode string
+    UNISTR2     logon client unicode string
+    char[8]     client challenge
+
+Response:
+
+    char[8]     server challenge
+
+    return    0 - indicates success
+
+
+
+5.2) LSA Authenticate 2
+-----------------------
+
+Note:	in between request and response, calculate the client credentials,
+	and check them against the client-calculated credentials (this
+	process uses the previously received client credentials).
+
+Note:	neg_flags in the response is the same as that in the request.
+
+Note:	you must take a copy of the client-calculated credentials received
+	here, because they will be used in subsequent authentication packets.
+
+Request:
+
+    LOG_INFO    client identification info
+
+    char[8]     client-calculated credentials
+    UINT8[]     padding to 4-byte align with start of SMB header.
+    UINT32      neg_flags - negotiated flags (usual value is 0x0000 01ff)
+
+Response:
+
+    char[8]     server credentials.
+    UINT32      neg_flags - same as neg_flags in request.
+
+    return    0 - indicates success.  failure value unknown.
+
+
+5.3) LSA Server Password Set
+----------------------------
+
+Note:	the new password is suspected to be a DES encryption using the old
+	password to generate the key.
+
+Note:	in between request and response, calculate the client credentials,
+	and check them against the client-calculated credentials (this
+	process uses the previously received client credentials).
+
+Note:	the server credentials are constructed from the client-calculated
+	credentials and the client time + 1 second.
+
+Note:	you must take a copy of the client-calculated credentials received
+	here, because they will be used in subsequent authentication packets.
+
+Request:
+
+    CLNT_INFO   client identification/authentication info
+    char[]      new password - undocumented.
+    
+Response:
+
+    CREDS       server credentials.  server time stamp appears to be ignored.
+
+    return    0 - indicates success; 0xC000 006a indicates failure
+
+
+5.4) LSA SAM Logon
+------------------
+
+Note:	valid_user is True iff the username and password hash are valid for
+	the requested domain.
+
+Request:
+
+    SAM_INFO    sam_id structure
+
+Response:
+
+    VOID*       undocumented buffer pointer
+    CREDS       server credentials.  server time stamp appears to be ignored.
+    
+    if (valid_user)
+    {
+		UINT16      3 - switch value indicating USER_INFO structure.
+        VOID*     non-zero - pointer to USER_INFO structure
+        USER_INFO user logon information
+
+        UINT32    1 - Authoritative response; 0 - Non-Auth?
+
+        return    0 - indicates success
+    }
+    else
+    {
+		UINT16    0 - switch value.  value to indicate no user presumed.
+        VOID*     0x0000 0000 - indicates no USER_INFO structure.
+
+        UINT32    1 - Authoritative response; 0 - Non-Auth?
+
+        return    0xC000 0064 - NT_STATUS_NO_SUCH_USER.
+    }
+
+
+5.5) LSA SAM Logoff
+--------------------
+
+Note:	presumably, the SAM_INFO structure is validated, and a (currently
+	undocumented) error code returned if the Logoff is invalid.
+
+Request:
+
+    SAM_INFO    sam_id structure
+
+Response:
+
+    VOID*       undocumented buffer pointer
+    CREDS       server credentials.  server time stamp appears to be ignored.
+
+    return      0 - indicates success.  undocumented failure indication.
+
+
+6) \\MAILSLOT\NET\NTLOGON
+-------------------------
+
+Note:	mailslots will contain a response mailslot, to which the response
+	should be sent.  the target NetBIOS name is REQUEST_NAME<20>, where
+	REQUEST_NAME is the name of the machine that sent the request.
+
+
+6.1) Query for PDC
+------------------
+
+Note:	NTversion, LMNTtoken, LM20token in response are the same as those
+	given in the request.
+
+Request:
+
+    UINT16         0x0007 - Query for PDC
+    STR            machine name
+    STR            response mailslot
+    UINT8[]        padding to 2-byte align with start of mailslot.
+    UNISTR         machine name
+    UINT32         NTversion
+    UINT16         LMNTtoken
+    UINT16         LM20token
+
+Response:
+
+    UINT16         0x000A - Respose to Query for PDC
+    STR            machine name (in uppercase)
+    UINT8[]        padding to 2-byte align with start of mailslot.
+    UNISTR         machine name
+    UNISTR         domain name
+    UINT32         NTversion (same as received in request)
+    UINT16         LMNTtoken (same as received in request)
+    UINT16         LM20token (same as received in request)
+
+
+6.2) SAM Logon
+--------------
+
+Note:	machine name in response is preceded by two '\' characters.
+
+Note:	NTversion, LMNTtoken, LM20token in response are the same as those
+	given in the request.
+
+Note:	user name in the response is presumably the same as that in the request.
+
+Request:
+
+    UINT16         0x0012 - SAM Logon
+    UINT16         request count
+    UNISTR         machine name
+    UNISTR         user name
+    STR            response mailslot
+    UINT32         alloweable account
+    UINT32         domain SID size
+    char[sid_size] domain SID, of sid_size bytes.
+    UINT8[]        ???? padding to 4? 2? -byte align with start of mailslot.
+    UINT32         NTversion
+    UINT16         LMNTtoken
+    UINT16         LM20token
+    
+Response:
+
+    UINT16         0x0013 - Response to SAM Logon
+    UNISTR         machine name
+    UNISTR         user name - workstation trust account
+    UNISTR         domain name 
+    UINT32         NTversion
+    UINT16         LMNTtoken
+    UINT16         LM20token
+
+
+
+7) SRVSVC Transact Named Pipe
+-----------------------------
+
+
+Defines for this pipe, identifying the query are:
+
+- Net Share Enum :              0x0f
+- Net Server Get Info :         0x15
+
+
+7.1) Net Share Enum
+------------------
+
+Note:	share level and switch value in the response are presumably the 
+	same as those in the request.
+
+Note:	cifsrap2.txt (section 5) may be of limited assistance here.
+
+Request:
+
+    VOID*             pointer (to server name?)
+	UNISTR2           server name
+
+    UINT8[]           padding to get unicode string 4-byte aligned
+                      with the start of the SMB header.
+
+    UINT32            share level
+    UINT32            switch value
+
+    VOID*             pointer to SHARE_INFO_1_CTR
+    SHARE_INFO_1_CTR  share info with 0 entries
+
+    UINT32            preferred maximum length (0xffff ffff)
+
+Response:
+
+    UINT32            share level
+    UINT32            switch value
+
+    VOID*             pointer to SHARE_INFO_1_CTR
+    SHARE_INFO_1_CTR  share info (only added if share info ptr is non-zero)
+
+    return            0 - indicates success
+
+
+7.2) Net Server Get Info
+------------------
+
+Note:	level is the same value as in the request.
+
+Request:
+
+	UNISTR2           server name
+    UINT32            switch level
+
+Response:
+
+    UINT32            switch level
+    VOID*             pointer to SERVER_INFO_101
+
+    SERVER_INFO_101   server info (only added if server info ptr is non-zero)
+
+    return            0 - indicates success
+
+
+
+Appendix
+--------
+
+A1) Cryptographic side of NT Domain Authentication
+--------------------------------------------------
+
+
+A1.1) Definitions
+-----------------
+
+Add(A1,A2): Intel byte ordered addition of corresponding 4 byte words
+in arrays A1 and A2
+
+E(K,D): DES ECB encryption of 8 byte data D using 7 byte key K
+
+lmowf(): Lan man hash
+
+ntowf(): NT hash
+
+PW: md4(machine_password) == md4(lsadump $machine.acc) ==
+pwdump(machine$) (initially) == md4(lmowf(unicode(machine)))
+
+ARC4(K,Lk,D,Ld): ARC4 encryption of data D of length Ld with key K of
+length Lk
+
+v[m..n(,l)]: subset of v from bytes m to n, optionally padded with
+zeroes to length l
+
+Cred(K,D): E(K[7..7,7],E(K[0..6],D)) computes a credential
+
+Time(): 4 byte current time
+
+Cc,Cs: 8 byte client and server challenges Rc,Rs: 8 byte client and
+server credentials
+
+
+A1.2) Protocol
+--------------
+
+C->S ReqChal,Cc S->C Cs
+
+C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs)))
+
+C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs),
+assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs))
+
+On joining the domain the client will optionally attempt to change its
+password and the domain controller may refuse to update it depending
+on registry settings. This will also occur weekly afterwards.
+
+C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc,
+arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S:
+assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1)
+S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs'
+
+User: U with password P wishes to login to the domain (incidental data
+such as workstation and domain omitted)
+
+C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U,
+arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S:
+assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S:
+Ts = Time()
+
+S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C:
+assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1)
+
+
+A1.3) Comments
+--------------
+
+On first joining the domain the session key could be computed by
+anyone listening in on the network as the machine password has a well
+known value. Until the machine is rebooted it will use this session
+key to encrypt NT and LM one way functions of passwords which are
+password equivalents. Any user who logs in before the machine has been
+rebooted a second time will have their password equivalent exposed. Of
+course the new machine password is exposed at this time anyway.
+
+None of the returned user info such as logon script, profile path and
+SIDs *appear* to be protected by anything other than the TCP checksum.
+
+The server time stamps appear to be ignored.
+
+The client sends a ReturnAuthenticator in the SamLogon request which I
+can't find a use for.  However its time is used as the timestamp
+returned by the server.
+
+The password OWFs should NOT be sent over the network reversibly
+encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server
+computing the same function using the owf values in the SAM.
+
+
+A2) SIDs and RIDs
+-----------------
+
+SIDs and RIDs are well documented elsewhere.
+
+A SID is an NT Security ID (see DOM_SID structure).  They are of the form:
+
+	S-revision-NN-SubAuth1-SubAuth2-SubAuth3... 
+	S-revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3...
+
+currently, the SID revision is 1.
+The Sub-Authorities are known as Relative IDs (RIDs).
+
+
+A2.1) Well-known SIDs
+---------------------
+
+
+A2.1.1) Universal well-known SIDs
+---------------------------------
+
+	Null SID                     S-1-0-0
+	World                        S-1-1-0
+	Local                        S-1-2-0
+	Creator Owner ID             S-1-3-0
+	Creator Group ID             S-1-3-1
+	Creator Owner Server ID      S-1-3-2
+	Creator Group Server ID      S-1-3-3
+	
+	(Non-unique IDs)             S-1-4
+
+
+A2.1.2) NT well-known SIDs
+--------------------------
+
+	NT Authority          S-1-5
+	Dialup                S-1-5-1
+
+	Network               S-1-5-2
+	Batch                 S-1-5-3
+	Interactive           S-1-5-4
+	Service               S-1-5-6
+	AnonymousLogon        S-1-5-7       (aka null logon session)
+	Proxy                 S-1-5-8
+	ServerLogon           S-1-5-8       (aka domain controller account)
+	
+	(Logon IDs)           S-1-5-5-X-Y
+	
+	(NT non-unique IDs)   S-1-5-0x15-...
+	
+	(Built-in domain)     s-1-5-0x20
+	
+
+
+A2.2) Well-known RIDS
+---------------------
+
+A RID is a sub-authority value, as part of either a SID, or in the case
+of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1
+structure, in the LSA SAM Logon response.
+
+
+A2.2.1) Well-known RID users
+----------------------------
+
+	DOMAIN_USER_RID_ADMIN          0x0000 01F4
+	DOMAIN_USER_RID_GUEST          0x0000 01F5
+
+
+
+A2.2.2) Well-known RID groups
+----------------------------
+
+	DOMAIN_GROUP_RID_ADMINS        0x0000 0200
+	DOMAIN_GROUP_RID_USERS         0x0000 0201
+	DOMAIN_GROUP_RID_GUESTS        0x0000 0202
+
+
+
+A2.2.3) Well-known RID aliases
+------------------------------
+
+	DOMAIN_ALIAS_RID_ADMINS        0x0000 0220
+	DOMAIN_ALIAS_RID_USERS         0x0000 0221
+	DOMAIN_ALIAS_RID_GUESTS        0x0000 0222
+	DOMAIN_ALIAS_RID_POWER_USERS   0x0000 0223
+
+	DOMAIN_ALIAS_RID_ACCOUNT_OPS   0x0000 0224
+	DOMAIN_ALIAS_RID_SYSTEM_OPS    0x0000 0225
+	DOMAIN_ALIAS_RID_PRINT_OPS     0x0000 0226
+	DOMAIN_ALIAS_RID_BACKUP_OPS    0x0000 0227
+
+	DOMAIN_ALIAS_RID_REPLICATOR    0x0000 0228
+
+
diff --git a/docs/textdocs/outdated/NTDOMAIN.txt b/docs/textdocs/outdated/NTDOMAIN.txt
new file mode 100644
index 00000000000..20510519462
--- /dev/null
+++ b/docs/textdocs/outdated/NTDOMAIN.txt
@@ -0,0 +1,51 @@
+!==
+!== NTDOMAIN.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Luke Kenneth Casson Leighton (samba@samba.org)
+		Copyright (C) 1997 Luke Kenneth Casson Leighton
+Created:	October 20, 1997
+Updated:	February 25, 1999 (Jerry Carter)
+
+Subject:	NT Domain Logons
+===========================================================================
+
+As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations,
+without the need, use or intervention of NT Server.  This document describes
+how to set this up.  Over the continued development of the 1.9.18alpha
+series, this process (and therefore this document) should become simpler.
+
+One useful thing to do is to get this version of Samba up and running
+with Win95 profiles, as you would for the current stable version of
+Samba (currently at 1.9.17p4), and is fully documented.  You will need
+to set up encrypted passwords.  Even if you don't have any Win95 machines,
+using your Samba Server to store the profile for one of your NT Workstation
+users is a good test that you have 1.9.18alpha1 correctly configured *prior*
+to attempting NT Domain Logons.
+
+The support is still experimental, so should be used at your own risk.
+
+NT is not as robust as you might have been led to believe: during the
+development of the Domain Logon Support, one person reported having to
+reinstall NT from scratch: their workstation had become totally unuseable.
+
+[further reports on ntsec@iss.net by independent administrators showing
+ similar symptoms lead us to believe that the SAM database file may be
+ corruptible.  this _is_ recoverable (or, at least the machine is accessible),
+ by deleting the SAM file, under which circumstances all user account details
+ are lost, but at least the Administrator can log in with a blank password.
+ this is *not* possible except if the NT system is installed in a FAT
+ partition.]
+
+This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest.
+
+==========================================================================
+Please note that Samba 2.0 does not **officially** support domain logons
+for Windows NT clients.  Of course, domain logon support for Windows 9x
+clients is complete and official.  These are two different issues.
+
+Samba's capability to act as a Primary Domain Controller for Windows NT
+domains is not advertised as it is not completed yet.  For more information 
+regarding how to obtain the latest development (HEAD branch) source code
+and what features are available, please refer to the NT Domain FAQ on-line
+at the Samba web site under the documentation page.
+
diff --git a/docs/textdocs/outdated/PRINTER_DRIVER.txt b/docs/textdocs/outdated/PRINTER_DRIVER.txt
index 5bf82e0cfe4..c8bfd7c7a4d 100644
--- a/docs/textdocs/outdated/PRINTER_DRIVER.txt
+++ b/docs/textdocs/outdated/PRINTER_DRIVER.txt
@@ -1,5 +1,5 @@
 !==
-!== PRINTER_DRIVER.txt for Samba release 2.0.4 18 May 1999
+!== PRINTER_DRIVER.txt for Samba release 2.2.0-alpha3 24 Mar 2001
 !==
 ==========================================================================
 	Supporting the famous PRINTER$ share
diff --git a/docs/textdocs/outdated/PROJECTS b/docs/textdocs/outdated/PROJECTS
new file mode 100644
index 00000000000..b962b503f2e
--- /dev/null
+++ b/docs/textdocs/outdated/PROJECTS
@@ -0,0 +1,88 @@
+                 Samba Projects Directory
+                 ========================
+
+
+>>>>> NOTE: THIS FILE IS NOW VERY OUT OF DATE <<<<<
+
+
+This is a list of who's working on what in Samba. It's not guaranteed
+to be uptodate or accurate but I hope it will help us getting
+coordinated.
+
+If you are working on something to do with Samba and you aren't here
+then please let me know! Also, if you are listed below and you have
+any corrections or updates then please let me know.
+
+Email contact:
+samba@samba.org
+
+========================================================================
+Documentation and FAQ
+
+Docs and FAQ files for the Samba suite of software.
+
+Contact samba@samba.org with the diffs. These are urgently 
+required. 
+
+The FAQ is being added to on an ad hoc basis, see the web pages for info.
+
+Mark Preston was working on a set of formatted docs for Samba. Is this
+still happening? Contact mpreston@sghms.ac.uk
+
+Status last updated 2nd October 1996
+========================================================================
+
+========================================================================
+Netbeui support
+
+This aimed to produce patches so that Samba can be used with clients
+that do not have TCP/IP. It will try to remain as portable as possible.
+Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and
+although a lot of people have expressed interest nobody has come forward
+to do it. The Novell port (see Samba web pages) includes NetBEUI 
+functionality in a proprietrary library which should still be helpful as 
+we have the interfaces. Alan Cox (a.cox@li.org) has the information 
+required to write the state machine if someone is going to do the work.
+
+Status last updated 2nd October 1996
+========================================================================
+
+========================================================================
+Smbfs
+
+A mountable smb filesystem for Linux using the userfs userspace filesystem
+
+Contact lendecke@namu01.gwdg.de (Volker Lendecke)
+
+This works really well, and is measurably more efficient than commercial
+client software. It is now part of the Linux kernel. Long filename support
+is in use.
+
+Status last updated June 1997
+========================================================================
+
+========================================================================
+Admin Tool
+
+Aims to produce a nice smb.conf editor and other useful tools for
+administering a Samba system.
+
+Contact: Steve Brown (steve@unicorn.dungeon.com)
+
+In the design phase.
+
+Status last updated 4th September 1994
+========================================================================
+
+
+========================================================================
+Lanman Client.
+
+Contact: john@amanda.xs4all.nl (John Stewart)
+
+Aims to produce a reliable LANMAN Client implementation for LINUX,
+and possibly other variations of UNIX. Project ably started by
+Tor Lillqvist; tml@hemuli.tte.vtt.fi
+
+Status last updated 17th January 1995
+========================================================================
diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/textdocs/security_level.txt
index efe2b6eaf3d..dad4bd78314 100644
--- a/docs/docbook/projdoc/security_level.sgml
+++ b/docs/textdocs/security_level.txt
@@ -1,50 +1,31 @@
-<chapter id="securitylevels">
-<chapterinfo>
-	<author>
-		<firstname>Andrew</firstname><surname>Tridgell</surname>
-		<affiliation>
-			<orgname>Samba Team</orgname>
-			<address><email>samba@samba.org</email></address>
-		</affiliation>
-	</author>
-</chapterinfo>
+!==
+!== security_level.txt for Samba release 2.2.0-alpha3 24 Mar 2001
+!==
+Contributor:	Andrew Tridgell
+Updated:	June 27, 1997
+Status:		Current
 
-<title>Security levels</title>
+Subject:	Description of SMB security levels.
+===========================================================================
 
-<sect1>
-<title>Introduction</title>
-
-<para>
 Samba supports the following options to the global smb.conf parameter
-</para>
-
-<para><programlisting>
-[global]
-<ulink url="smb.conf.5.html#SECURITY"><parameter>security</parameter></ulink> = [share|user(default)|domain|ads]
-</programlisting></para>
+"security =":
+	share, user, server
 
-<para>
-Please refer to the smb.conf man page for usage information and to the document
-<ulink url="DOMAIN_MEMBER.html">DOMAIN_MEMBER.html</ulink> for further background details
-on domain mode security.  The Windows 2000 Kerberos domain security model
-(security = ads) is described in the <ulink url="ADS-HOWTO.html">ADS-HOWTO.html</ulink>.
-</para>
+Note: Samba-2.0.0 now adds the "domain" security mode. Please refer to
+the smb.conf man page for usage information and to the document
+docs/textdocs/DOMAIN_MEMBER.txt for further background details.
 
-<para>
 Of the above, "security = server" means that Samba reports to clients that
 it is running in "user mode" but actually passes off all authentication
 requests to another "user mode" server. This requires an additional
 parameter "password server =" that points to the real authentication server.
 That real authentication server can be another Samba server or can be a
 Windows NT server, the later natively capable of encrypted password support.
-</para>
 
-</sect1>
+Below is a more complete description of security levels.
+===========================================================================
 
-<sect1>
-<title>More complete description of security levels</title>
-
-<para>
 A SMB server tells the client at startup what "security level" it is
 running. There are two options "share level" and "user level". Which
 of these two the client receives affects the way the client then tries
@@ -54,9 +35,7 @@ strange, but it fits in with the client/server approach of SMB. In SMB
 everything is initiated and controlled by the client, and the server
 can only tell the client what is available and whether an action is
 allowed. 
-</para>
 
-<para>
 I'll describe user level security first, as its simpler. In user level
 security the client will send a "session setup" command directly after
 the protocol negotiation. This contains a username and password. The
@@ -64,29 +43,22 @@ server can either accept or reject that username/password
 combination. Note that at this stage the server has no idea what
 share the client will eventually try to connect to, so it can't base
 the "accept/reject" on anything other than:
-</para>
 
-<orderedlist>
-<listitem><para>the username/password</para></listitem>
-<listitem><para>the machine that the client is coming from</para></listitem>
-</orderedlist>
+- the username/password
+- the machine that the client is coming from
 
-<para>
 If the server accepts the username/password then the client expects to
 be able to mount any share (using a "tree connection") without
 specifying a password. It expects that all access rights will be as
 the username/password specified in the "session setup". 
-</para>
 
-<para>
 It is also possible for a client to send multiple "session setup"
 requests. When the server responds it gives the client a "uid" to use
 as an authentication tag for that username/password. The client can
 maintain multiple authentication contexts in this way (WinDD is an
 example of an application that does this)
-</para>
 
-<para>
+
 Ok, now for share level security. In share level security the client
 authenticates itself separately for each share. It will send a
 password along with each "tree connection" (share mount). It does not
@@ -98,9 +70,7 @@ username. Some commercial SMB servers such as NT actually associate
 passwords directly with shares in share level security, but samba
 always uses the unix authentication scheme where it is a
 username/password that is authenticated, not a "share/password".
-</para>
 
-<para>
 Many clients send a "session setup" even if the server is in share
 level security. They normally send a valid username but no
 password. Samba records this username in a list of "possible
@@ -110,9 +80,7 @@ home directories) and any users listed in the "user =" smb.conf
 line. The password is then checked in turn against these "possible
 usernames". If a match is found then the client is authenticated as
 that user.
-</para>
 
-<para>
 Finally "server level" security. In server level security the samba
 server reports to the client that it is in user level security. The
 client then does a "session setup" as described earlier. The samba
@@ -122,9 +90,7 @@ username/password that it got from the client. If that server is in
 user level security and accepts the password then samba accepts the
 clients connection. This allows the samba server to use another SMB
 server as the "password server". 
-</para>
 
-<para>
 You should also note that at the very start of all this, where the
 server tells the client what security level it is in, it also tells
 the client if it supports encryption. If it does then it supplies the
@@ -135,6 +101,3 @@ smbpasswd file with SMB style encrypted passwords. It is
 cryptographically impossible to translate from unix style encryption
 to SMB style encryption, although there are some fairly simple management
 schemes by which the two could be kept in sync.
-</para>
-</sect1>
-</chapter>
diff --git a/docs/yodldocs/README-NOW b/docs/yodldocs/README-NOW
new file mode 100644
index 00000000000..592d38c1351
--- /dev/null
+++ b/docs/yodldocs/README-NOW
@@ -0,0 +1,14 @@
+!==
+!== Notice of change of documentation format
+!==
+
+Samba is no longer using yodl as the source markup
+language for our documentation.  As of release 2.2.0,
+we are using DocBook V4.1 exclusively (assuming you are not
+counting the ASCII files yet to be converted).
+
+Please see ../docbook/docbook.txt for more information
+on this.
+
+jerry carter
+SAMBA Team